diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-07-21 07:31:45 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-07-21 08:13:11 -0700 |
| commit | 23f8df7396d35744069a4bda0d1d38a55ff64b79 (patch) | |
| tree | 772b5e72355e9ee5b3ae31aef37fe1d4508e8f30 | |
| parent | add docker helpers and clean up some dependencies (diff) | |
| download | infra-23f8df7396d35744069a4bda0d1d38a55ff64b79.tar.gz | |
refactoring to use flake-parts and automatic imports of hosts
This is the first step in a large refactoring to use flake-parts, and to
automatically imports hosts based on paths.
50 files changed, 915 insertions, 789 deletions
@@ -123,6 +123,26 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ @@ -262,6 +282,7 @@ "darwin": "darwin_2", "disko": "disko", "emacs-overlay": "emacs-overlay", + "flake-parts": "flake-parts", "home-manager": "home-manager_2", "nixpkgs": "nixpkgs", "nixpkgsUnstable": "nixpkgsUnstable", @@ -40,199 +40,29 @@ url = "github:nix-community/emacs-overlay"; inputs.nixpkgs.follows = "nixpkgs"; }; + + flake-parts = { + url = "github:hercules-ci/flake-parts"; + inputs.nixpkgs-lib.follows = "nixpkgs"; + }; }; - # Output config, or config for NixOS system outputs = - { - self, - nixpkgs, - nixpkgsUnstable, - darwin, - treefmt-nix, - pre-commit-hooks, - emacs-overlay, - agenix, - ... - }@inputs: - let - supportedSystems = [ + inputs@{ flake-parts, ... }: + flake-parts.lib.mkFlake { inherit inputs; } { + systems = [ "aarch64-darwin" "x86_64-linux" ]; - # Function to generate attributes for each system - forAllSystems = nixpkgs.lib.genAttrs supportedSystems; - - # Function to get pkgs for a specific system - getPkgs = - system: - import nixpkgs { - inherit system; - config.allowUnfree = true; - overlays = overlays; - }; - - getPkgsUnstable = - system: - import nixpkgsUnstable { - inherit system; - }; - - # Define overlays here - overlays = [ - emacs-overlay.overlay - (final: _prev: { - # Load all packages from the pkgs directory - customPackages = builtins.mapAttrs ( - name: _: - final.callPackage (./pkgs + "/${name}") { - pkgsUnstable = getPkgsUnstable final.system; - } - ) (builtins.readDir ./pkgs); - }) + imports = [ + ./nix/flake/apps.nix + ./nix/flake/checks.nix + ./nix/flake/devshells.nix + ./nix/flake/formatter.nix + ./nix/flake/hosts.nix + ./nix/flake/overlays.nix + ./nix/flake/packages.nix ]; - - mkSystem = import ./nix/lib/mkSystem.nix { - inherit - self - nixpkgs - inputs - overlays - ; - }; - - mkFcunyNet = - system: - let - pkgs = getPkgs system; - in - import ./src/fcuny.net { inherit pkgs; }; - - # Create a treefmt-nix evaluation for a system - mkTreefmtEval = - system: - let - pkgs = getPkgs system; - in - treefmt-nix.lib.evalModule pkgs { - projectRootFile = "flake.nix"; - programs = { - nixfmt.enable = true; - deadnix.enable = true; - }; - }; - - # Create pre-commit hooks for a system and source - mkPreCommitHooks = - system: src: - let - treefmtEval = mkTreefmtEval system; - in - inputs.pre-commit-hooks.lib.${system}.run { - inherit src; - hooks = { - check-merge-conflicts.enable = true; - deadnix.enable = true; - detect-private-keys.enable = true; - end-of-file-fixer.enable = true; - mixed-line-endings.enable = true; - shellcheck = { - enable = true; - excludes = [ "\\.envrc$" ]; - }; - flake-checker.enable = true; - treefmt = { - enable = true; - entry = "${treefmtEval.config.build.wrapper}/bin/treefmt --ci"; - }; - trim-trailing-whitespace.enable = true; - }; - }; - in - { - nixosModules = import ./nix/modules; - - packages = forAllSystems ( - system: - let - fcunyNet = mkFcunyNet system; - in - { - "fcuny_net" = fcunyNet.site; - } - ); - - apps = forAllSystems ( - system: - let - fcunyNet = mkFcunyNet system; - in - { - "fcuny_net-serve" = { - type = "app"; - program = "${fcunyNet.serve}/bin/serve-fcuny-net"; - }; - } - ); - - # nix fmt - formatter = forAllSystems ( - system: - let - treefmtEval = mkTreefmtEval system; - in - treefmtEval.config.build.wrapper - ); - - # nix flake check - checks = forAllSystems (system: { - pre-commit-check = mkPreCommitHooks system ./.; - }); - - # my VM running on the synology NAS - nixosConfigurations.vm-synology = mkSystem "vm-synology" { - system = "x86_64-linux"; - user = "fcuny"; - }; - - # my personal MacBook Air - darwinConfigurations.mba-m2 = mkSystem "mba-m2" { - system = "aarch64-darwin"; - user = "fcuny"; - darwin = true; - }; - - # work laptop - darwinConfigurations.HQ-KWNY2VH41P = mkSystem "hq-kwny2vh41p" { - system = "aarch64-darwin"; - user = "fcuny"; - darwin = true; - }; - - # Dev shells for each system - devShells = forAllSystems ( - system: - let - pkgs = getPkgs system; - pre-commit-check = mkPreCommitHooks system ./.; - scripts = import ./nix/scripts { - inherit pkgs system inputs; - }; - in - { - default = pkgs.mkShellNoCC { - inherit (pre-commit-check) shellHook; # This is the key line - packages = - with pkgs; - [ - nixos-rebuild - git - inputs.agenix.packages."${system}".default - ] - ++ scripts.all; - }; - } - ); }; } diff --git a/nix/flake/apps.nix b/nix/flake/apps.nix new file mode 100644 index 0000000..ef764eb --- /dev/null +++ b/nix/flake/apps.nix @@ -0,0 +1,16 @@ +{ ... }: +{ + perSystem = + { pkgs, ... }: + let + mkFcunyNet = import ../../src/fcuny.net { inherit pkgs; }; + in + { + apps = { + "fcuny_net-serve" = { + type = "app"; + program = "${mkFcunyNet.serve}/bin/serve-fcuny-net"; + }; + }; + }; +} diff --git a/nix/flake/checks.nix b/nix/flake/checks.nix new file mode 100644 index 0000000..87d4a7f --- /dev/null +++ b/nix/flake/checks.nix @@ -0,0 +1,42 @@ +{ inputs, ... }: +{ + perSystem = + { system, pkgs, ... }: + let + treefmtEval = inputs.treefmt-nix.lib.evalModule pkgs { + projectRootFile = "flake.nix"; + programs = { + nixfmt.enable = true; + deadnix.enable = true; + }; + }; + + mkPreCommitHooks = + src: + inputs.pre-commit-hooks.lib.${system}.run { + inherit src; + hooks = { + check-merge-conflicts.enable = true; + deadnix.enable = true; + detect-private-keys.enable = true; + end-of-file-fixer.enable = true; + mixed-line-endings.enable = true; + shellcheck = { + enable = true; + excludes = [ "\\.envrc$" ]; + }; + flake-checker.enable = true; + treefmt = { + enable = true; + entry = "${treefmtEval.config.build.wrapper}/bin/treefmt --ci"; + }; + trim-trailing-whitespace.enable = true; + }; + }; + in + { + checks = { + pre-commit-check = mkPreCommitHooks ./.; + }; + }; +} diff --git a/nix/flake/devshells.nix b/nix/flake/devshells.nix new file mode 100644 index 0000000..339a8f4 --- /dev/null +++ b/nix/flake/devshells.nix @@ -0,0 +1,57 @@ +{ inputs, ... }: +{ + perSystem = + { system, pkgs, ... }: + let + treefmtEval = inputs.treefmt-nix.lib.evalModule pkgs { + projectRootFile = "flake.nix"; + programs = { + nixfmt.enable = true; + deadnix.enable = true; + }; + }; + + mkPreCommitHooks = + src: + inputs.pre-commit-hooks.lib.${system}.run { + inherit src; + hooks = { + check-merge-conflicts.enable = true; + deadnix.enable = true; + detect-private-keys.enable = true; + end-of-file-fixer.enable = true; + mixed-line-endings.enable = true; + shellcheck = { + enable = true; + excludes = [ "\\.envrc$" ]; + }; + flake-checker.enable = true; + treefmt = { + enable = true; + entry = "${treefmtEval.config.build.wrapper}/bin/treefmt --ci"; + }; + trim-trailing-whitespace.enable = true; + }; + }; + + pre-commit-check = mkPreCommitHooks ./.; + scripts = import ../../nix/scripts { + inherit pkgs system inputs; + }; + in + { + devShells = { + default = pkgs.mkShellNoCC { + inherit (pre-commit-check) shellHook; + packages = + with pkgs; + [ + nixos-rebuild + git + inputs.agenix.packages."${system}".default + ] + ++ scripts.all; + }; + }; + }; +} diff --git a/nix/flake/formatter.nix b/nix/flake/formatter.nix new file mode 100644 index 0000000..44c0190 --- /dev/null +++ b/nix/flake/formatter.nix @@ -0,0 +1,17 @@ +{ inputs, ... }: +{ + perSystem = + { pkgs, ... }: + let + treefmtEval = inputs.treefmt-nix.lib.evalModule pkgs { + projectRootFile = "flake.nix"; + programs = { + nixfmt.enable = true; + deadnix.enable = true; + }; + }; + in + { + formatter = treefmtEval.config.build.wrapper; + }; +} diff --git a/nix/flake/hosts.nix b/nix/flake/hosts.nix new file mode 100644 index 0000000..3ce8c6b --- /dev/null +++ b/nix/flake/hosts.nix @@ -0,0 +1,184 @@ +{ + inputs, + self, + withSystem, + ... +}: +let + inherit (inputs.nixpkgs.lib // builtins) + filterAttrs + foldl' + makeOverridable + mapAttrs' + mapAttrsToList + mkForce + mkIf + nixosSystem + readDir + replaceStrings + substring + ; + + inherit (inputs.darwin.lib) darwinSystem; + + nixSettings = { + nix.registry.nixpkgs = { + flake = inputs.nixpkgs; + }; + }; + + mapSystems = + dir: mapAttrsToList (name: _: name) (filterAttrs (_: type: type == "directory") (readDir dir)); + + mapHosts = foldl' ( + hosts: system: + hosts + // (mapAttrs' ( + filename: _: + let + name = replaceStrings [ ".nix" ] [ "" ] filename; + in + { + inherit name; + value = { + inherit system; + hostconf = ../machines/nixos + "/${system}/${filename}"; + }; + } + ) (builtins.readDir ../machines/nixos/${system})) + ) { }; + + mapMacs = foldl' ( + hosts: system: + hosts + // (mapAttrs' ( + filename: _: + let + name = replaceStrings [ ".nix" ] [ "" ] filename; + in + { + inherit name; + value = { + inherit system; + hostconf = ../machines/darwin + "/${system}/${filename}"; + }; + } + ) (builtins.readDir ../machines/darwin/${system})) + ) { }; + + defaultModules = [ + nixSettings + inputs.agenix.nixosModules.age + inputs.disko.nixosModules.disko + inputs.home-manager.nixosModules.home-manager + ../modules/default.nix + ]; + + darwinDefaultModules = [ + nixSettings + inputs.agenix.darwinModules.age + inputs.home-manager.darwinModules.home-manager + ../modules/default-darwin.nix + ]; + + darwinConfigurations = mapAttrs' ( + name: conf: + let + inherit (conf) system hostconf; + adminUser = { + name = "fcuny"; + userinfo = { + email = "franck@fcuny.net"; + fullName = "Franck Cuny"; + }; + }; + in + { + inherit name; + value = withSystem system ( + { pkgs, ... }: + makeOverridable darwinSystem { + inherit system; + specialArgs = { + hostName = name; + inherit adminUser; + inherit self; + inherit inputs; + }; + modules = + [ + { inherit adminUser; } + { + nixpkgs.pkgs = pkgs; + nixpkgs.hostPlatform = system; + system.stateVersion = 5; + environment.systemPackages = [ + pkgs.git + ]; + } + ] + ++ darwinDefaultModules + ++ [ + hostconf + ]; + } + ); + } + ) (mapMacs (mapSystems ../machines/darwin)); + + nixosConfigurations = mapAttrs' ( + name: conf: + let + inherit (conf) system hostconf; + adminUser = { + name = "fcuny"; + userinfo = { + email = "franck@fcuny.net"; + fullName = "Franck Cuny"; + }; + }; + in + { + inherit name; + value = withSystem system ( + { pkgs, ... }: + makeOverridable nixosSystem { + inherit system; + specialArgs = { + hostName = name; + inherit adminUser; + inherit self; + hostConfigurations = mapAttrs' (name: conf: { + inherit name; + value = conf.config; + }) nixosConfigurations; + inherit inputs; + }; + modules = + [ + { + inherit adminUser; + } + { + system.configurationRevision = mkIf (self ? rev) self.rev; + system.nixos.versionSuffix = mkForce "git.${substring 0 11 inputs.nixpkgs.rev}"; + nixpkgs.pkgs = pkgs; + environment.systemPackages = [ + pkgs.git + ]; + } + ] + ++ defaultModules + ++ [ + hostconf + ]; + } + ); + } + ) (mapHosts (mapSystems ../machines/nixos)); +in +{ + flake = { + inherit nixosConfigurations darwinConfigurations; + }; +} diff --git a/nix/flake/overlays.nix b/nix/flake/overlays.nix new file mode 100644 index 0000000..83eadd0 --- /dev/null +++ b/nix/flake/overlays.nix @@ -0,0 +1,21 @@ +{ inputs, self, ... }: +{ + + flake.overlays.default = _final: prev: { + llmPython = prev.callPackage "${self}/pkgs/llmPython/" { }; + }; + + perSystem = + { system, ... }: + { + _module.args.pkgs = import inputs.nixpkgs { + inherit system; + config.allowUnfree = true; + overlays = [ + inputs.agenix.overlays.default + inputs.emacs-overlay.overlay + self.overlays.default + ]; + }; + }; +} diff --git a/nix/flake/packages.nix b/nix/flake/packages.nix new file mode 100644 index 0000000..a166803 --- /dev/null +++ b/nix/flake/packages.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + perSystem = + { pkgs, ... }: + let + mkFcunyNet = import ../../src/fcuny.net { inherit pkgs; }; + in + { + packages = { + "fcuny_net" = mkFcunyNet.site; + }; + }; +} diff --git a/nix/lib/machine-utils.nix b/nix/lib/machine-utils.nix deleted file mode 100644 index 6501257..0000000 --- a/nix/lib/machine-utils.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ lib, ... }: - -let - # Simple function to check if a machine is of a specific type - isMachineType = - machineType: systemName: - let - workMachines = [ "hq-kwny2vh41p" ]; - personalMachines = [ "mba-m2" ]; - in - if machineType == "work" then - lib.elem systemName workMachines - else if machineType == "personal" then - lib.elem systemName personalMachines - else - false; -in -{ - inherit isMachineType; -} diff --git a/nix/lib/mkSystem.nix b/nix/lib/mkSystem.nix deleted file mode 100644 index 41f4f3c..0000000 --- a/nix/lib/mkSystem.nix +++ /dev/null @@ -1,81 +0,0 @@ -# This function creates a NixOS system based on our VM setup for a -# particular architecture. -{ - self, - nixpkgs, - inputs, - overlays, -}: - -systemName: -{ - system, - user, - darwin ? false, -}: - -let - # The config files for this system. - machineConfig = ../machines/${systemName}; - userOSConfig = ../users/${user}/${if darwin then "darwin" else "nixos"}.nix; - userHMConfig = ../users/${user}/home-manager.nix; - - # NixOS vs nix-darwin functions - systemFunc = if darwin then inputs.darwin.lib.darwinSystem else nixpkgs.lib.nixosSystem; - home-manager = - if darwin then inputs.home-manager.darwinModules else inputs.home-manager.nixosModules; -in -systemFunc rec { - inherit system; - - modules = - [ - # Allow unfree packages. - { nixpkgs.config.allowUnfree = true; } - - # Add overlays - { nixpkgs.overlays = overlays; } - - machineConfig - userOSConfig - home-manager.home-manager - - inputs.agenix.nixosModules.default - ] - ++ nixpkgs.lib.optional (!darwin) [ - (import ../modules/fcuny-net.nix) - inputs.disko.nixosModules.disko - ] - ++ [ - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.sharedModules = [ - inputs.agenix.homeManagerModules.default - ]; - home-manager.users.${user} = import userHMConfig { - inherit - self - inputs - darwin - systemName - ; - }; - home-manager.extraSpecialArgs = { - inherit self inputs; - configPath = "${self}/configs/users/${user}"; - }; - } - - # We expose some extra arguments so that our modules can parameterize - # better based on these values. - { - config._module.args = { - currentSystem = system; - currentSystemName = systemName; - currentSystemUser = user; - inputs = inputs; - }; - } - ]; -} diff --git a/nix/machines/common/network.nix b/nix/machines/common/network.nix deleted file mode 100644 index fb31099..0000000 --- a/nix/machines/common/network.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: -{ - networking.firewall.allowPing = true; - - # Default to systemd-networkd usage. - networking.useNetworkd = lib.mkDefault true; - systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP; - - # Use systemd-resolved for DoT support. - services.resolved = { - enable = true; - dnssec = "false"; - extraConfig = '' - DNSOverTLS=yes - ''; - }; - - # Used by systemd-resolved, not directly by resolv.conf. - networking.nameservers = [ - "8.8.8.8#dns.google" - "1.0.0.1#cloudflare-dns.com" - ]; - - networking.firewall.logRefusedConnections = false; - - boot.kernel.sysctl = { - "net.ipv4.tcp_fastopen" = 3; - "net.ipv4.tcp_tw_reuse" = 1; - }; - - environment.systemPackages = with pkgs; [ - mtr - tcpdump - traceroute - ]; -} diff --git a/nix/machines/darwin-shared.nix b/nix/machines/darwin-shared.nix deleted file mode 100644 index 978b43a..0000000 --- a/nix/machines/darwin-shared.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ pkgs, ... }: -{ - nix = { - extraOptions = '' - tarball-ttl = 900 - ''; - gc = { - automatic = true; - interval = { - Weekday = 0; - Hour = 0; - Minute = 0; - }; - options = "--delete-older-than 30d"; - }; - package = pkgs.nixVersions.stable; - settings = { - substituters = [ - "https://cache.nixos.org" - "https://nix-community.cachix.org" - ]; - trusted-public-keys = [ - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - trusted-users = [ - "@admin" - "fcuny" - ]; - experimental-features = [ - "nix-command" - "flakes" - ]; - }; - }; - - system.primaryUser = "fcuny"; - - system.defaults = { - dock = { - autohide = true; - dashboard-in-overlay = false; - launchanim = false; # Don't animate opening applications. - mru-spaces = false; # don’t rearrange spaces based on the most recent use - orientation = "left"; - show-recents = false; - showhidden = false; - tilesize = 60; # Default is 64. - wvous-br-corner = 1; # Disable Notes hot corner. - }; - finder.AppleShowAllExtensions = true; - - CustomUserPreferences = { - "com.apple.desktopservices" = { - # Avoid creating .DS_Store files on network or USB volumes - DSDontWriteNetworkStores = true; - DSDontWriteUSBStores = true; - }; - }; - - # Requires the directory to already exist. - # See system.activationScripts.postUserActivation - screencapture.location = "~/Documents/screenshots"; - SoftwareUpdate.AutomaticallyInstallMacOSUpdates = true; - }; - - # TODO: - The `system.activationScripts.postUserActivation` option has - # been removed, as all activation now takes place as `root`. Please - # restructure your custom activation scripts appropriately, - # potentially using `sudo` if you need to run commands as a user. - # system.activationScripts.postUserActivation.text = '' - # mkdir -p ~/Documents/screenshots - # ''; - - fonts.packages = with pkgs; [ - source-code-pro - ]; - - system.keyboard = { - enableKeyMapping = true; - remapCapsLockToControl = true; - }; - - # Touch ID for sudo auth - security.pam.services.sudo_local.touchIdAuth = true; - - environment.shells = [ pkgs.fish ]; - - programs.fish.enable = true; - programs.fish.shellInit = '' - # Nix - if test -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' - source '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' - end - # End Nix - ''; - - ## this sets the PATH for GUI apps - ## needs a restart - launchd.user.agents = { - user-paths = { - command = "/bin/launchctl config user path '/opt/homebrew/bin:/Users/fcuny/.nix-profile/bin:/etc/profiles/per-user/fcuny/bin:/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin'"; - serviceConfig.RunAtLoad = true; - }; - }; - - programs.ssh.knownHosts = { - "github.com".publicKey = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; - }; -} diff --git a/nix/machines/darwin/aarch64-darwin/hq-kwny2vh41p.nix b/nix/machines/darwin/aarch64-darwin/hq-kwny2vh41p.nix new file mode 100644 index 0000000..c44ccaf --- /dev/null +++ b/nix/machines/darwin/aarch64-darwin/hq-kwny2vh41p.nix @@ -0,0 +1,96 @@ +{ + adminUser, + pkgs, + self, + ... +}: +{ + + imports = [ + "${self}/nix/profiles/home-manager.nix" + "${self}/nix/profiles/darwin.nix" + ]; + + nix = { + extraOptions = '' + tarball-ttl = 900 + ''; + gc = { + automatic = true; + interval = { + Weekday = 0; + Hour = 0; + Minute = 0; + }; + options = "--delete-older-than 30d"; + }; + package = pkgs.nixVersions.stable; + settings = { + substituters = [ + "https://cache.nixos.org" + "https://nix-community.cachix.org" + ]; + trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + trusted-users = [ + "@admin" + "fcuny" + ]; + experimental-features = [ + "nix-command" + "flakes" + ]; + }; + }; + + system.primaryUser = adminUser.name; + + # https://github.com/nix-darwin/nix-darwin/issues/1339 + ids.gids.nixbld = 30000; + + networking.hostName = "mba-m2"; + + fonts.packages = with pkgs; [ + source-code-pro + ]; + + # The user should already exist, but we need to set this up so Nix knows + # what our home directory is (https://github.com/LnL7/nix-darwin/issues/423). + users = { + users.${adminUser.name} = { + home = "/Users/${adminUser.name}"; + shell = pkgs.fish; + }; + }; + + environment.shells = [ pkgs.fish ]; + + programs.fish.enable = true; + programs.fish.shellInit = '' + # Nix + if test -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' + source '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' + end + # End Nix + ''; + + programs.ssh.knownHosts = { + "github.com".publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; + }; + + home-manager.users.${adminUser.name} = { + home.stateVersion = "23.05"; + home.username = "${adminUser.name}"; + home.homeDirectory = "/Users/${adminUser.name}"; + home.packages = with pkgs; [ grpcurl ]; + imports = [ + ../../../users/profiles/mac.nix + ../../../users/profiles/work.nix + ]; + inherit (adminUser) userinfo; + programs.git.userEmail = "fcuny@roblox.com"; + }; +} diff --git a/nix/machines/darwin/aarch64-darwin/mba-m2.nix b/nix/machines/darwin/aarch64-darwin/mba-m2.nix new file mode 100644 index 0000000..59fd21b --- /dev/null +++ b/nix/machines/darwin/aarch64-darwin/mba-m2.nix @@ -0,0 +1,98 @@ +{ + adminUser, + pkgs, + self, + ... +}: +{ + imports = [ + "${self}/nix/profiles/home-manager.nix" + "${self}/nix/profiles/darwin.nix" + ]; + + nix = { + extraOptions = '' + tarball-ttl = 900 + ''; + gc = { + automatic = true; + interval = { + Weekday = 0; + Hour = 0; + Minute = 0; + }; + options = "--delete-older-than 30d"; + }; + package = pkgs.nixVersions.stable; + settings = { + substituters = [ + "https://cache.nixos.org" + "https://nix-community.cachix.org" + ]; + trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + trusted-users = [ + "@admin" + "fcuny" + ]; + experimental-features = [ + "nix-command" + "flakes" + ]; + }; + }; + + system.primaryUser = adminUser.name; + + # https://github.com/nix-darwin/nix-darwin/issues/1339 + ids.gids.nixbld = 30000; + + networking.hostName = "mba-m2"; + + fonts.packages = with pkgs; [ + source-code-pro + ]; + + # The user should already exist, but we need to set this up so Nix knows + # what our home directory is (https://github.com/LnL7/nix-darwin/issues/423). + users = { + users.${adminUser.name} = { + home = "/Users/${adminUser.name}"; + shell = pkgs.fish; + }; + }; + + environment.shells = [ pkgs.fish ]; + + programs.fish.enable = true; + programs.fish.shellInit = '' + # Nix + if test -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' + source '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' + end + # End Nix + ''; + + programs.ssh.knownHosts = { + "github.com".publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; + }; + + home-manager.users.${adminUser.name} = { + home.stateVersion = "23.05"; + home.username = "${adminUser.name}"; + home.homeDirectory = "/Users/${adminUser.name}"; + home.packages = with pkgs; [ + element-desktop + vlc-bin + zoom-us + ]; + imports = [ + ../../../users/profiles/mac.nix + ../../../users/profiles/media.nix + ]; + inherit (adminUser) userinfo; + }; +} diff --git a/nix/machines/hq-kwny2vh41p/default.nix b/nix/machines/hq-kwny2vh41p/default.nix deleted file mode 100644 index 1ae15f2..0000000 --- a/nix/machines/hq-kwny2vh41p/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: -{ - imports = [ ../darwin-shared.nix ]; - - system.stateVersion = 5; -} diff --git a/nix/machines/mba-m2/default.nix b/nix/machines/mba-m2/default.nix deleted file mode 100644 index 565360c..0000000 --- a/nix/machines/mba-m2/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: -{ - imports = [ ../darwin-shared.nix ]; - - # https://github.com/nix-darwin/nix-darwin/issues/1339 - ids.gids.nixbld = 30000; - - system.stateVersion = 5; - - networking.hostName = "mba-m2"; -} diff --git a/nix/machines/vm-synology/default.nix b/nix/machines/nixos/x86_64-linux/vm-synology.nix index ec508d8..02030fc 100644 --- a/nix/machines/vm-synology/default.nix +++ b/nix/machines/nixos/x86_64-linux/vm-synology.nix @@ -1,36 +1,35 @@ -{ pkgs, ... }: +{ self, pkgs, ... }: { age = { secrets = { restic_gcs_credentials = { - file = ../../../secrets/restic_gcs_credentials.age; + file = "${self}/secrets/restic_gcs_credentials.age"; }; restic_password = { - file = ../../../secrets/restic_password.age; + file = "${self}/secrets/restic_password.age"; }; cloudflared-tunnel = { - file = ../../../secrets/cloudflared_cragmont.age; + file = "${self}/secrets/cloudflared_cragmont.age"; }; cloudflared-cert = { - file = ../../../secrets/cloudflared_cert.age; + file = "${self}/secrets/cloudflared_cert.age"; }; }; }; imports = [ - ./backups.nix - ./git.nix - ./hardware.nix - ./ingress.nix - ./nginx.nix - ../common/network.nix + "${self}/nix/profiles/git-server.nix" + "${self}/nix/profiles/hardware/synology.nix" + "${self}/nix/profiles/disk/vm.nix" + "${self}/nix/profiles/server.nix" + # ./backups.nix + # ./ingress.nix + # ./nginx.nix ]; # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "vm-synology"; - boot.kernelPackages = pkgs.linuxPackages_latest; nix = { package = pkgs.nixVersions.latest; @@ -46,31 +45,9 @@ }; }; - time.timeZone = "America/Los_Angeles"; - - # Don't require password for sudo - security.sudo.wheelNeedsPassword = false; - - # Virtualization settings - virtualisation.docker.enable = true; - - # Select internationalisation properties. - i18n = { - defaultLocale = "en_US.UTF-8"; - }; - # Define a user account. Don't forget to set a password with ‘passwd’. users.mutableUsers = false; - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - curl - git - vim - jq - ]; - # Enable the OpenSSH daemon. services.openssh.enable = true; services.openssh.settings.PasswordAuthentication = true; @@ -80,8 +57,6 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" ]; - networking.firewall.enable = false; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/nix/machines/vm-synology/backups.nix b/nix/machines/vm-synology/backups.nix deleted file mode 100644 index cf3c65b..0000000 --- a/nix/machines/vm-synology/backups.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ - config, - pkgs, - ... -}: -let - environmentFile = toString ( - pkgs.writeText "restic-gcs-env" '' - GOOGLE_PROJECT_ID=fcuny-infra - GOOGLE_APPLICATION_CREDENTIALS=${config.age.secrets.restic_gcs_credentials.path} - '' - ); -in -{ - services.restic.backups.local = { - passwordFile = config.age.secrets.restic_password.path; - repository = "/srv/data/backups/"; - initialize = true; - paths = [ "/var/lib/gitolite" ]; - exclude = [ - "/var/lib/gitolite/.bash_history" - "/var/lib/gitolite/.ssh" - "/var/lib/gitolite/.viminfo" - ]; - extraBackupArgs = [ - "--exclude-caches" - "--compression=max" - ]; - timerConfig = { - OnCalendar = "daily"; - }; - pruneOpts = [ - "--keep-daily 7" - "--keep-weekly 4" - "--keep-monthly 3" - ]; - }; - - services.restic.backups.gcs = { - passwordFile = config.age.secrets.restic_password.path; - environmentFile = environmentFile; - repository = "gs:fcuny-infra-backups:/vm-synology/"; - initialize = true; - paths = [ "/var/lib/gitolite" ]; - exclude = [ - "/var/lib/gitolite/.bash_history" - "/var/lib/gitolite/.ssh" - "/var/lib/gitolite/.viminfo" - ]; - extraBackupArgs = [ - "--exclude-caches" - "--compression=max" - ]; - timerConfig = { - OnCalendar = "daily"; - }; - pruneOpts = [ - "--keep-daily 7" - "--keep-weekly 4" - "--keep-monthly 3" - ]; - }; - - environment = { - sessionVariables = { - RESTIC_REPOSITORY = "/srv/data/backups"; - RESTIC_PASSWORD_FILE = config.age.secrets.restic_password.path; - }; - systemPackages = with pkgs; [ - restic - ]; - }; -} diff --git a/nix/machines/vm-synology/ingress.nix b/nix/machines/vm-synology/ingress.nix deleted file mode 100644 index b6ae596..0000000 --- a/nix/machines/vm-synology/ingress.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, ... }: -{ - services.cloudflared = { - enable = true; - certificateFile = config.age.secrets.cloudflared-cert.path; - tunnels = { - "cragmont" = { - credentialsFile = config.age.secrets.cloudflared-tunnel.path; - default = "http_status:404"; - ingress = { - "git.fcuny.net".service = "ssh://127.0.0.1:22"; - }; - }; - }; - }; -} diff --git a/nix/machines/vm-synology/nginx.nix b/nix/machines/vm-synology/nginx.nix deleted file mode 100644 index 2c3b7fb..0000000 --- a/nix/machines/vm-synology/nginx.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - ... -}: -{ - services.fcuny-net = { - enable = true; - domain = "fcuny.net"; - enableSSL = false; # Enable if you want HTTPS - }; -} diff --git a/nix/modules/default-darwin.nix b/nix/modules/default-darwin.nix new file mode 100644 index 0000000..b42a079 --- /dev/null +++ b/nix/modules/default-darwin.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + imports = [ + ./home.nix + ./host-config.nix + ]; +} diff --git a/nix/modules/default.nix b/nix/modules/default.nix index 3314156..b42a079 100644 --- a/nix/modules/default.nix +++ b/nix/modules/default.nix @@ -1,4 +1,7 @@ +{ ... }: { - fcuny-net = import ./fcuny-net.nix; - # Add other modules here as you create them + imports = [ + ./home.nix + ./host-config.nix + ]; } diff --git a/nix/modules/home.nix b/nix/modules/home.nix new file mode 100644 index 0000000..6b6b518 --- /dev/null +++ b/nix/modules/home.nix @@ -0,0 +1,38 @@ +{ + userProfiles, + lib, + ... +}: +let + inherit (lib) mkOption; + inherit (lib.types) + submodule + listOf + attrsOf + str + ; +in +{ + options = { + home = mkOption { + type = attrsOf ( + submodule ( + { name, ... }: + { + options = { + name = mkOption { + type = str; + default = name; + }; + profiles = mkOption { + type = listOf str; + apply = map (v: userProfiles.${v}); + }; + }; + } + ) + ); + default = { }; + }; + }; +} diff --git a/nix/modules/host-config.nix b/nix/modules/host-config.nix new file mode 100644 index 0000000..b10d85f --- /dev/null +++ b/nix/modules/host-config.nix @@ -0,0 +1,15 @@ +{ lib, ... }: +let + inherit (lib) mkOption; + inherit (lib.types) + attrs + ; +in +{ + options = { + adminUser = mkOption { + type = attrs; + default = { }; + }; + }; +} diff --git a/nix/profiles/darwin.nix b/nix/profiles/darwin.nix new file mode 100644 index 0000000..e355b72 --- /dev/null +++ b/nix/profiles/darwin.nix @@ -0,0 +1,46 @@ +{ ... }: +{ + system.defaults = { + dock = { + autohide = true; + dashboard-in-overlay = false; + launchanim = false; # Don't animate opening applications. + mru-spaces = false; # don’t rearrange spaces based on the most recent use + orientation = "left"; + show-recents = false; + showhidden = false; + tilesize = 60; # Default is 64. + wvous-br-corner = 1; # Disable Notes hot corner. + }; + finder.AppleShowAllExtensions = true; + + CustomUserPreferences = { + "com.apple.desktopservices" = { + # Avoid creating .DS_Store files on network or USB volumes + DSDontWriteNetworkStores = true; + DSDontWriteUSBStores = true; + }; + }; + + # Requires the directory to already exist. + # See system.activationScripts.postUserActivation + screencapture.location = "~/Documents/screenshots"; + SoftwareUpdate.AutomaticallyInstallMacOSUpdates = true; + }; + + system.keyboard = { + enableKeyMapping = true; + remapCapsLockToControl = true; + }; + + # TODO: - The `system.activationScripts.postUserActivation` option has + # been removed, as all activation now takes place as `root`. Please + # restructure your custom activation scripts appropriately, + # potentially using `sudo` if you need to run commands as a user. + # system.activationScripts.postUserActivation.text = '' + # mkdir -p ~/Documents/screenshots + # ''; + + # Touch ID for sudo auth + security.pam.services.sudo_local.touchIdAuth = true; +} diff --git a/nix/machines/vm-synology/disk.nix b/nix/profiles/disk/vm.nix index 1641339..1641339 100644 --- a/nix/machines/vm-synology/disk.nix +++ b/nix/profiles/disk/vm.nix diff --git a/nix/machines/vm-synology/git.nix b/nix/profiles/git-server.nix index 27eebc7..27eebc7 100644 --- a/nix/machines/vm-synology/git.nix +++ b/nix/profiles/git-server.nix diff --git a/nix/machines/vm-synology/hardware.nix b/nix/profiles/hardware/synology.nix index c894a80..ad1fd3f 100644 --- a/nix/machines/vm-synology/hardware.nix +++ b/nix/profiles/hardware/synology.nix @@ -1,10 +1,8 @@ { lib, modulesPath, ... }: - { imports = [ (modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/installer/scan/not-detected.nix") - ./disk.nix ]; boot.initrd.availableKernelModules = [ @@ -21,12 +19,5 @@ swapDevices = [ ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens3.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } diff --git a/nix/profiles/home-manager.nix b/nix/profiles/home-manager.nix new file mode 100644 index 0000000..50ed0c4 --- /dev/null +++ b/nix/profiles/home-manager.nix @@ -0,0 +1,36 @@ +{ + self, + hostName, + inputs, + config, + adminUser, + ... +}: +{ + home-manager.extraSpecialArgs = + { + inherit + self + hostName + inputs + adminUser + ; + } + // { + mainConfig = config; + configPath = "${self}/config/users/fcuny}"; + }; + + home-manager.sharedModules = [ + inputs.agenix.homeManagerModules.default + "${self}/nix/users/modules/userinfo.nix" + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.emacs-overlay.overlay + self.overlays.default + ]; + nixpkgs.config.allowUnfree = true; + } + ]; +} diff --git a/nix/profiles/server.nix b/nix/profiles/server.nix new file mode 100644 index 0000000..30f186b --- /dev/null +++ b/nix/profiles/server.nix @@ -0,0 +1,80 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + time.timeZone = "America/Los_Angeles"; + + # Don't require password for sudo + security.sudo.wheelNeedsPassword = false; + + # Virtualization settings + virtualisation.docker.enable = true; + + # Select internationalisation properties. + i18n = { + defaultLocale = "en_US.UTF-8"; + }; + + boot.loader.systemd-boot.enable = true; + boot.kernelPackages = pkgs.linuxPackages_latest; + + environment.systemPackages = with pkgs; [ + curl + fd + fish + git + htop + jq + mtr + pciutils + powertop + ripgrep + tcpdump + traceroute + vim + ]; + + boot.kernel.sysctl = { + "net.ipv4.tcp_fastopen" = 3; + "net.ipv4.tcp_tw_reuse" = 1; + }; + + networking = { + firewall = { + enable = false; + allowPing = true; + logRefusedConnections = false; + }; + useNetworkd = lib.mkDefault true; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + + # Default to systemd-networkd usage. + systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP; + + # Use systemd-resolved for DoT support. + services.resolved = { + enable = true; + dnssec = "false"; + extraConfig = '' + DNSOverTLS=yes + ''; + }; + + # Used by systemd-resolved, not directly by resolv.conf. + networking.nameservers = [ + "8.8.8.8#dns.google" + "1.0.0.1#cloudflare-dns.com" + ]; + + ## disable that slow "building man-cache" step + documentation.man.generateCaches = lib.mkForce false; +} diff --git a/nix/users/fcuny/darwin.nix b/nix/users/fcuny/darwin.nix deleted file mode 100644 index fc412c9..0000000 --- a/nix/users/fcuny/darwin.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ pkgs, ... }: -{ - # The user should already exist, but we need to set this up so Nix knows - # what our home directory is (https://github.com/LnL7/nix-darwin/issues/423). - users.users.fcuny = { - home = "/Users/fcuny"; - shell = pkgs.fish; - }; -} diff --git a/nix/users/fcuny/dev.nix b/nix/users/fcuny/dev.nix deleted file mode 100644 index 7fb8f93..0000000 --- a/nix/users/fcuny/dev.nix +++ /dev/null @@ -1,130 +0,0 @@ -{ - config, - pkgs, - ... -}: -{ - home.packages = with pkgs; [ - aider-chat - basedpyright - customPackages.llmPython.llm # llm and claude support - delve - dive # explore layers in docker images - docker - docker-credential-helpers - go-tools # collection of tools, https://github.com/dominikh/go-tools - golangci-lint - gopls - nil # nix lsp - nix-direnv # integration with direnv - nixfmt-rfc-style # new formatter - python3 - ruff - # ruff-lsp - rustup - uv - wireshark - ]; - - # https://wezterm.org/config/lua/general.html - programs.wezterm = { - enable = true; - extraConfig = '' - local config = {} - if wezterm.config_builder then - config = wezterm.config_builder() - end - - config.color_scheme = 'Catppuccin Macchiato' - - config.scrollback_lines = 10000 - - config.font = wezterm.font("Source Code Pro") - config.font_size = 14.0 - config.line_height = 1.0 - - config.window_frame = { - font = wezterm.font({ family = 'Source Code Pro', weight = 'Bold' }), - font_size = 11.0, - } - - config.bold_brightens_ansi_colors = true - config.window_decorations = 'RESIZE|INTEGRATED_BUTTONS' - config.window_padding = { left = '0.5cell', right = '0.5cell', top = '0.5cell', bottom = '0.5cell' } - config.window_background_opacity = 0.97 - config.macos_window_background_blur = 30 - config.default_cursor_style = 'BlinkingBar' - - local act = wezterm.action - config.keys = { - -- Override CMD+t to always start new tabs in the home directory. - { key = 't', mods = 'SUPER', action = act.SpawnCommandInNewTab { cwd = wezterm.home_dir } }, - } - - config.audible_bell = "Disabled" - config.visual_bell = { - fade_in_duration_ms = 75, - fade_out_duration_ms = 75, - target = 'CursorColor', - }; - - config.term = "xterm-256color" - - config.front_end = "WebGpu" - - -- in order to access menu bar when in fullscreen - config.native_macos_fullscreen_mode = true - - -- select the pane with the mouse - config.pane_focus_follows_mouse = true - - -- Set initial size - config.initial_cols = 120 - config.initial_rows = 36 - - -- Since we're managing the binary with nix, no need for this - config.check_for_updates = false - - wezterm.on('update-status', function(window) - -- Grab the utf8 character for the "powerline" left facing - -- solid arrow. - local SOLID_LEFT_ARROW = utf8.char(0xe0b2) - - -- Grab the current window's configuration, and from it the - -- palette (this is the combination of your chosen colour scheme - -- including any overrides). - local color_scheme = window:effective_config().resolved_palette - local bg = color_scheme.background - local fg = color_scheme.foreground - - window:set_right_status(wezterm.format({ - -- First, we draw the arrow... - { Background = { Color = 'none' } }, - { Foreground = { Color = bg } }, - { Text = SOLID_LEFT_ARROW }, - -- Then we draw our text - { Background = { Color = bg } }, - { Foreground = { Color = fg } }, - { Text = ' ' .. wezterm.hostname() .. ' ' }, - })) - end) - - return config - ''; - }; - - programs.go = { - enable = true; - goPath = ".local/share/pkg.go"; - goBin = ".local/bin.go"; - goPrivate = [ - "github.rbx.com/*" - "github.com/fcuny/*" - ]; - }; - - home.sessionPath = [ - config.home.sessionVariables.GOBIN - "${config.home.homeDirectory}/.local/bin" - ]; -} diff --git a/nix/users/fcuny/home-manager.nix b/nix/users/fcuny/home-manager.nix deleted file mode 100644 index 987a6a2..0000000 --- a/nix/users/fcuny/home-manager.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ darwin, systemName, ... }: - -{ lib, ... }: -let - machineUtils = import ../../lib/machine-utils.nix { inherit lib; }; -in -{ - home.stateVersion = "23.05"; - - xdg.enable = true; - - imports = - [ - ./shell.nix - ./ssh.nix - ./git.nix - ] - ++ lib.optionals darwin [ - ./emacs.nix - ./1password.nix - ./dev.nix - ./media.nix - ./secrets.nix - ./llm.nix - ] - ++ lib.optionals (machineUtils.isMachineType "work" systemName) [ ./work.nix ] - ++ lib.optionals (machineUtils.isMachineType "personal" systemName) [ ./personal.nix ]; -} diff --git a/nix/users/fcuny/personal.nix b/nix/users/fcuny/personal.nix deleted file mode 100644 index b57dbf8..0000000 --- a/nix/users/fcuny/personal.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: -{ - home.packages = with pkgs; [ - element-desktop - vlc-bin - zoom-us - ]; -} diff --git a/nix/users/modules/userinfo.nix b/nix/users/modules/userinfo.nix new file mode 100644 index 0000000..46afc73 --- /dev/null +++ b/nix/users/modules/userinfo.nix @@ -0,0 +1,15 @@ +{ lib, ... }: +{ + options = with lib; { + userinfo = { + fullName = mkOption { + type = types.str; + example = "Someone Someonesson"; + }; + email = mkOption { + type = types.str; + example = "some@email.com"; + }; + }; + }; +} diff --git a/nix/users/fcuny/1password.nix b/nix/users/profiles/1password.nix index 63892c7..63892c7 100644 --- a/nix/users/fcuny/1password.nix +++ b/nix/users/profiles/1password.nix diff --git a/nix/users/profiles/dev.nix b/nix/users/profiles/dev.nix new file mode 100644 index 0000000..c996aeb --- /dev/null +++ b/nix/users/profiles/dev.nix @@ -0,0 +1,47 @@ +{ + config, + pkgs, + ... +}: +{ + home.packages = with pkgs; [ + aider-chat + basedpyright + llmPython.llm # llm and claude support + delve + dive # explore layers in docker images + docker + go-tools # collection of tools, https://github.com/dominikh/go-tools + golangci-lint + gopls + nil # nix lsp + nix-direnv # integration with direnv + nixfmt-rfc-style # new formatter + python3 + ruff + # ruff-lsp + rustup + uv + wireshark + ]; + + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; + + programs.go = { + enable = true; + goPath = ".local/share/pkg.go"; + goBin = ".local/bin.go"; + goPrivate = [ + "github.rbx.com/*" + "github.com/fcuny/*" + ]; + }; + + home.sessionPath = [ + config.home.sessionVariables.GOBIN + "${config.home.homeDirectory}/.local/bin" + ]; +} diff --git a/nix/users/fcuny/emacs.nix b/nix/users/profiles/emacs.nix index fcf1b8f..fcf1b8f 100644 --- a/nix/users/fcuny/emacs.nix +++ b/nix/users/profiles/emacs.nix diff --git a/nix/users/fcuny/git.nix b/nix/users/profiles/git.nix index ad96bfb..de066e2 100644 --- a/nix/users/fcuny/git.nix +++ b/nix/users/profiles/git.nix @@ -1,4 +1,12 @@ -{ lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: +let + inherit (config) userinfo; +in { home.packages = with pkgs; [ gitAndTools.pre-commit @@ -27,8 +35,8 @@ options.features = "decorations side-by-side line-numbers"; }; - userName = "Franck Cuny"; - userEmail = "franck@fcuny.net"; + userName = lib.mkDefault userinfo.fullName; + userEmail = lib.mkDefault userinfo.email; aliases = { amend = "commit --amend"; @@ -68,7 +76,7 @@ ignores = [ ".DS_Store" - ".aider.chat.history.md" + ".aider.*" ".direnv" ".envrc" ]; diff --git a/nix/users/fcuny/k8s.nix b/nix/users/profiles/k8s.nix index ec59228..ec59228 100644 --- a/nix/users/fcuny/k8s.nix +++ b/nix/users/profiles/k8s.nix diff --git a/nix/users/fcuny/llm.nix b/nix/users/profiles/llm.nix index 2793373..2793373 100644 --- a/nix/users/fcuny/llm.nix +++ b/nix/users/profiles/llm.nix diff --git a/nix/users/profiles/mac.nix b/nix/users/profiles/mac.nix new file mode 100644 index 0000000..f27bcf3 --- /dev/null +++ b/nix/users/profiles/mac.nix @@ -0,0 +1,15 @@ +{ ... }: +{ + imports = [ + ./1password.nix + ./dev.nix + ./emacs.nix + ./git.nix + ./llm.nix + ./secrets.nix + ./shell.nix + ./ssh.nix + ]; + + xdg.enable = true; +} diff --git a/nix/users/fcuny/media.nix b/nix/users/profiles/media.nix index f0919a3..f0919a3 100644 --- a/nix/users/fcuny/media.nix +++ b/nix/users/profiles/media.nix diff --git a/nix/users/fcuny/nixos.nix b/nix/users/profiles/nixos.nix index a6c302f..a6c302f 100644 --- a/nix/users/fcuny/nixos.nix +++ b/nix/users/profiles/nixos.nix diff --git a/nix/users/fcuny/secrets.nix b/nix/users/profiles/secrets.nix index 65131df..65131df 100644 --- a/nix/users/fcuny/secrets.nix +++ b/nix/users/profiles/secrets.nix diff --git a/nix/users/fcuny/shell.nix b/nix/users/profiles/shell.nix index 269c617..269c617 100644 --- a/nix/users/fcuny/shell.nix +++ b/nix/users/profiles/shell.nix diff --git a/nix/users/fcuny/ssh.nix b/nix/users/profiles/ssh.nix index 322a8bc..322a8bc 100644 --- a/nix/users/fcuny/ssh.nix +++ b/nix/users/profiles/ssh.nix diff --git a/nix/users/fcuny/work.nix b/nix/users/profiles/work.nix index f502b6a..f502b6a 100644 --- a/nix/users/fcuny/work.nix +++ b/nix/users/profiles/work.nix diff --git a/pkgs/llmPython/default.nix b/pkgs/llmPython/default.nix index 0f53218..b62bcb4 100644 --- a/pkgs/llmPython/default.nix +++ b/pkgs/llmPython/default.nix @@ -1,24 +1,23 @@ { pkgs, - pkgsUnstable, lib, ... }: let # Define all packages in a recursive attribute set pythonPackages = rec { - llm = pkgsUnstable.python3.pkgs.buildPythonPackage rec { + llm = pkgs.python3.pkgs.buildPythonPackage rec { pname = "llm"; version = "0.24.2"; format = "setuptools"; - src = pkgsUnstable.fetchurl { + src = pkgs.fetchurl { url = "https://files.pythonhosted.org/packages/source/l/llm/llm-0.24.2.tar.gz"; sha256 = "sha256-4U8nIhg4hM4JaSIBtUzdlhlCSS8Nk8p0mmLQKzuL9Do="; }; # Dependencies - propagatedBuildInputs = with pkgsUnstable.python3.pkgs; [ + propagatedBuildInputs = with pkgs.python3.pkgs; [ pyyaml click click-default-group @@ -48,7 +47,7 @@ let }; # Note, these are available in nixpkgs unstable, but are still behind the latest versions - llm-anthropic = pkgsUnstable.python3.pkgs.buildPythonPackage rec { + llm-anthropic = pkgs.python3.pkgs.buildPythonPackage rec { pname = "llm-anthropic"; version = "0.15.1"; format = "pyproject"; @@ -58,12 +57,12 @@ let sha256 = "sha256-C8xNs4oS51YxAn1iJkk8j4sJ5dO0pVOwIiP4mv/MnQk="; }; - nativeBuildInputs = with pkgsUnstable.python3.pkgs; [ + nativeBuildInputs = with pkgs.python3.pkgs; [ setuptools wheel ]; # Dependencies - propagatedBuildInputs = with pkgsUnstable.python3.pkgs; [ + propagatedBuildInputs = with pkgs.python3.pkgs; [ anthropic llm # Use the llm we defined above ]; |