diff --git a/.gitignore b/.gitignore index 0718aef..b2be92b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1 @@ -secrets result diff --git a/configuration.nix b/configuration.nix index fdddc1d..78dff30 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,19 +1,16 @@ { config, pkgs, ... }: +let + ghKeys = builtins.fetchurl { + sha256 = "sha256:189ah8yyqgjvlsi2hydk94jrra97jj7hpxr805bzkif05jp2ivai"; + url = "https://github.com/illustris.keys"; + }; +in { nixpkgs.overlays = [ ]; - # Use nixpkgs from niv - #nixpkgs.pkgs = let - # sources = import ./nix/sources.nix; - #in import sources.nixpkgs { - # config = config.nixpkgs.config // { - # allowUnfree = true; - # }; - #}; - imports = [ ./hardware-configuration.nix ./desktop-configuration.nix @@ -56,9 +53,9 @@ illustris = { isNormalUser = true; extraGroups = [ "wheel" "docker" "tty" "adb" "libvirtd" ]; - openssh.authorizedKeys.keyFiles = [ ./secrets/ssh_pubkeys ]; + openssh.authorizedKeys.keyFiles = [ ghKeys ]; }; - root.openssh.authorizedKeys.keyFiles = [ ./secrets/ssh_pubkeys ]; + root.openssh.authorizedKeys.keyFiles = [ ghKeys ]; }; environment = { @@ -123,7 +120,7 @@ (writeScriptBin "vpnpass" (builtins.readFile ./scripts/vpnpass)) ]; etc = { - nixpkgs.source = let sources = import ./nix/sources.nix; in sources.nixpkgs; + nixpkgs.source = pkgs.path; }; }; @@ -154,8 +151,8 @@ ''; shellAliases = { genpass = "cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 2"; - nt = "sudo nix-shell /etc/nixos/shell.nix --run \"nixos-rebuild test\""; - ns = "sudo nix-shell /etc/nixos/shell.nix --run \"nixos-rebuild switch\""; + nt = "sudo nixos-rebuild test --flake /etc/nixos#"; + ns = "sudo nixos-rebuild switch --flake /etc/nixos#"; grep = "grep --color"; }; promptInit = '' diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..ceba6ce --- /dev/null +++ b/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1658648081, + "narHash": "sha256-RL5nr4Xhp0zQeEGG/I3t3FmqaI9QrBg5PH31NF+7A/A=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "e494a908e8895b9cba18e21d5fc83362f64b3f6a", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..a2bab43 --- /dev/null +++ b/flake.nix @@ -0,0 +1,14 @@ +{ + description = "A very basic flake"; + + inputs.nixpkgs = { url = "github:nixos/nixpkgs/nixos-unstable"; }; + + outputs = { self, nixpkgs }: { + nixosConfigurations = { + desktop = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ ./configuration.nix ]; + }; + }; + }; +} diff --git a/nix/sources.json b/nix/sources.json deleted file mode 100644 index b24232c..0000000 --- a/nix/sources.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "niv": { - "branch": "master", - "description": "Easy dependency management for Nix projects", - "homepage": "https://github.com/nmattia/niv", - "owner": "nmattia", - "repo": "niv", - "rev": "82e5cd1ad3c387863f0545d7591512e76ab0fc41", - "sha256": "090l219mzc0gi33i3psgph6s2pwsc8qy4lyrqjdj4qzkvmaj65a7", - "type": "tarball", - "url": "https://github.com/nmattia/niv/archive/82e5cd1ad3c387863f0545d7591512e76ab0fc41.tar.gz", - "url_template": "https://github.com///archive/.tar.gz" - }, - "nixpkgs": { - "branch": "nixos-unstable", - "description": "Nix Packages collection", - "homepage": "", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e494a908e8895b9cba18e21d5fc83362f64b3f6a", - "sha256": "1w03pdgk9xbx7hwiib2hixlalnfwxn6zr1j1g384r9z1hnpnggj4", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/e494a908e8895b9cba18e21d5fc83362f64b3f6a.tar.gz", - "url_template": "https://github.com///archive/.tar.gz" - } -} diff --git a/nix/sources.nix b/nix/sources.nix deleted file mode 100644 index 9a01c8a..0000000 --- a/nix/sources.nix +++ /dev/null @@ -1,194 +0,0 @@ -# This file has been generated by Niv. - -let - - # - # The fetchers. fetch_ fetches specs of type . - # - - fetch_file = pkgs: name: spec: - let - name' = sanitizeName name + "-src"; - in - if spec.builtin or true then - builtins_fetchurl { inherit (spec) url sha256; name = name'; } - else - pkgs.fetchurl { inherit (spec) url sha256; name = name'; }; - - fetch_tarball = pkgs: name: spec: - let - name' = sanitizeName name + "-src"; - in - if spec.builtin or true then - builtins_fetchTarball { name = name'; inherit (spec) url sha256; } - else - pkgs.fetchzip { name = name'; inherit (spec) url sha256; }; - - fetch_git = name: spec: - let - ref = - if spec ? ref then spec.ref else - if spec ? branch then "refs/heads/${spec.branch}" else - if spec ? tag then "refs/tags/${spec.tag}" else - abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!"; - submodules = if spec ? submodules then spec.submodules else false; - submoduleArg = - let - nixSupportsSubmodules = builtins.compareVersions builtins.nixVersion "2.4" >= 0; - emptyArgWithWarning = - if submodules == true - then - builtins.trace - ( - "The niv input \"${name}\" uses submodules " - + "but your nix's (${builtins.nixVersion}) builtins.fetchGit " - + "does not support them" - ) - {} - else {}; - in - if nixSupportsSubmodules - then { inherit submodules; } - else emptyArgWithWarning; - in - builtins.fetchGit - ({ url = spec.repo; inherit (spec) rev; inherit ref; } // submoduleArg); - - fetch_local = spec: spec.path; - - fetch_builtin-tarball = name: throw - ''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`. - $ niv modify ${name} -a type=tarball -a builtin=true''; - - fetch_builtin-url = name: throw - ''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`. - $ niv modify ${name} -a type=file -a builtin=true''; - - # - # Various helpers - # - - # https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695 - sanitizeName = name: - ( - concatMapStrings (s: if builtins.isList s then "-" else s) - ( - builtins.split "[^[:alnum:]+._?=-]+" - ((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name) - ) - ); - - # The set of packages used when specs are fetched using non-builtins. - mkPkgs = sources: system: - let - sourcesNixpkgs = - import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; }; - hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath; - hasThisAsNixpkgsPath = == ./.; - in - if builtins.hasAttr "nixpkgs" sources - then sourcesNixpkgs - else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then - import {} - else - abort - '' - Please specify either (through -I or NIX_PATH=nixpkgs=...) or - add a package called "nixpkgs" to your sources.json. - ''; - - # The actual fetching function. - fetch = pkgs: name: spec: - - if ! builtins.hasAttr "type" spec then - abort "ERROR: niv spec ${name} does not have a 'type' attribute" - else if spec.type == "file" then fetch_file pkgs name spec - else if spec.type == "tarball" then fetch_tarball pkgs name spec - else if spec.type == "git" then fetch_git name spec - else if spec.type == "local" then fetch_local spec - else if spec.type == "builtin-tarball" then fetch_builtin-tarball name - else if spec.type == "builtin-url" then fetch_builtin-url name - else - abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}"; - - # If the environment variable NIV_OVERRIDE_${name} is set, then use - # the path directly as opposed to the fetched source. - replace = name: drv: - let - saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name; - ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}"; - in - if ersatz == "" then drv else - # this turns the string into an actual Nix path (for both absolute and - # relative paths) - if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}"; - - # Ports of functions for older nix versions - - # a Nix version of mapAttrs if the built-in doesn't exist - mapAttrs = builtins.mapAttrs or ( - f: set: with builtins; - listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)) - ); - - # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295 - range = first: last: if first > last then [] else builtins.genList (n: first + n) (last - first + 1); - - # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257 - stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1)); - - # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269 - stringAsChars = f: s: concatStrings (map f (stringToCharacters s)); - concatMapStrings = f: list: concatStrings (map f list); - concatStrings = builtins.concatStringsSep ""; - - # https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331 - optionalAttrs = cond: as: if cond then as else {}; - - # fetchTarball version that is compatible between all the versions of Nix - builtins_fetchTarball = { url, name ? null, sha256 }@attrs: - let - inherit (builtins) lessThan nixVersion fetchTarball; - in - if lessThan nixVersion "1.12" then - fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; })) - else - fetchTarball attrs; - - # fetchurl version that is compatible between all the versions of Nix - builtins_fetchurl = { url, name ? null, sha256 }@attrs: - let - inherit (builtins) lessThan nixVersion fetchurl; - in - if lessThan nixVersion "1.12" then - fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; })) - else - fetchurl attrs; - - # Create the final "sources" from the config - mkSources = config: - mapAttrs ( - name: spec: - if builtins.hasAttr "outPath" spec - then abort - "The values in sources.json should not have an 'outPath' attribute" - else - spec // { outPath = replace name (fetch config.pkgs name spec); } - ) config.sources; - - # The "config" used by the fetchers - mkConfig = - { sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null - , sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile) - , system ? builtins.currentSystem - , pkgs ? mkPkgs sources system - }: rec { - # The sources, i.e. the attribute set of spec name to spec - inherit sources; - - # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers - inherit pkgs; - }; - -in -mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); } diff --git a/overlays/suckless/dwm-overlay.nix b/overlays/suckless/dwm-overlay.nix index 8b05cdd..2674144 100644 --- a/overlays/suckless/dwm-overlay.nix +++ b/overlays/suckless/dwm-overlay.nix @@ -1,5 +1,10 @@ (self: super: { dwm = super.dwm.overrideAttrs (oldAttrs: { - src = /home/illustris/src/dwm; + src = self.pkgs.fetchFromGitHub { + owner = "illustris"; + repo = "dwm"; + rev = "7df55abebad6a70236a6d6fc62fd475476fd77f6"; + hash = "sha256-Cfdv+r271etL5nYkd4U2nRE/zCW7PaHkDC11eeGqLy4="; + }; }); }) diff --git a/overlays/suckless/st-overlay.nix b/overlays/suckless/st-overlay.nix index d3a48e3..6c3beeb 100644 --- a/overlays/suckless/st-overlay.nix +++ b/overlays/suckless/st-overlay.nix @@ -1,5 +1,10 @@ (self: super: { st = super.st.overrideAttrs (oldAttrs: { - src = /home/illustris/src/st; + src = self.pkgs.fetchFromGitHub { + owner = "illustris"; + repo = "st"; + rev = "e81a0418d6333127e7b8b7c3690ea18fc3278f73"; + hash = "sha256-hyvR0AeyuHoT0ijLFYDpcVAGGUrw1rk2CBAeUwuZ8IA="; + }; }); }) diff --git a/shell.nix b/shell.nix deleted file mode 100644 index eb14ad5..0000000 --- a/shell.nix +++ /dev/null @@ -1,13 +0,0 @@ -let - sources = import ./nix/sources.nix; - pkgs = import sources.nixpkgs {}; -in -pkgs.mkShell { - buildInputs = with pkgs; [ - niv - ]; - shellHook = '' - export nixpkgs=${pkgs.path} - export NIX_PATH=nixpkgs=${pkgs.path}:nixos-config=/etc/nixos/configuration.nix - ''; -}