re-flake
This commit is contained in:
parent
9c7828fae6
commit
247489518d
17 changed files with 592 additions and 548 deletions
75
aa_mod.patch
Normal file
75
aa_mod.patch
Normal file
|
@ -0,0 +1,75 @@
|
|||
diff --git a/nixos/modules/security/apparmor.nix b/nixos/modules/security/apparmor.nix
|
||||
index a4b3807e4e0f..c7c879c39d12 100644
|
||||
--- a/nixos/modules/security/apparmor.nix
|
||||
+++ b/nixos/modules/security/apparmor.nix
|
||||
@@ -3,15 +3,11 @@
|
||||
with lib;
|
||||
|
||||
let
|
||||
- inherit (builtins) attrNames head map match readFile;
|
||||
+ inherit (builtins) attrNames map match;
|
||||
inherit (lib) types;
|
||||
inherit (config.environment) etc;
|
||||
cfg = config.security.apparmor;
|
||||
- mkDisableOption = name: mkEnableOption name // {
|
||||
- default = true;
|
||||
- example = false;
|
||||
- };
|
||||
- enabledPolicies = filterAttrs (n: p: p.enable) cfg.policies;
|
||||
+ enabledPolicies = filterAttrs (n: p: p.state != "disable") cfg.policies;
|
||||
in
|
||||
|
||||
{
|
||||
@@ -47,13 +43,30 @@ in
|
||||
'';
|
||||
type = types.attrsOf (types.submodule ({ name, config, ... }: {
|
||||
options = {
|
||||
- enable = mkDisableOption "loading of the profile into the kernel";
|
||||
- enforce = mkDisableOption "enforcing of the policy or only complain in the logs";
|
||||
+ state = mkOption {
|
||||
+ description =
|
||||
+ "The state of the profile as applied to the system by nix";
|
||||
+ type = types.enum [ "disable" "complain" "enforce" ];
|
||||
+ # should enforce really be the default?
|
||||
+ # the docs state that this should only be used once one is REALLY sure nothing's gonna break
|
||||
+ default = "enforce";
|
||||
+ };
|
||||
+
|
||||
profile = mkOption {
|
||||
- description = "The policy of the profile.";
|
||||
+ description = "The policy of the profile. Incompatible with path.";
|
||||
type = types.lines;
|
||||
- apply = pkgs.writeText name;
|
||||
};
|
||||
+
|
||||
+ path = mkOption {
|
||||
+ type = types.nullOr types.path;
|
||||
+ default = null;
|
||||
+ description = "A path of a profile to include. Incompatible with profile.";
|
||||
+ apply = p: let
|
||||
+ inherit (config) profile;
|
||||
+ in assert (assertMsg ((p != null && profile == "") || (p == null && profile != ""))
|
||||
+ "`security.apparmor.policies.\"${name}\"` must define exactly one of either path or profile.");
|
||||
+ (if (p != null) then p else (pkgs.writeText name profile));
|
||||
+ };
|
||||
};
|
||||
}));
|
||||
default = {};
|
||||
@@ -108,7 +121,7 @@ in
|
||||
environment.etc."apparmor.d".source = pkgs.linkFarm "apparmor.d" (
|
||||
# It's important to put only enabledPolicies here and not all cfg.policies
|
||||
# because aa-remove-unknown reads profiles from all /etc/apparmor.d/*
|
||||
- mapAttrsToList (name: p: { inherit name; path = p.profile; }) enabledPolicies ++
|
||||
+ mapAttrsToList (name: p: { inherit name; path = p.path; }) enabledPolicies ++
|
||||
mapAttrsToList (name: path: { inherit name path; }) cfg.includes
|
||||
);
|
||||
environment.etc."apparmor/parser.conf".text = ''
|
||||
@@ -187,7 +200,7 @@ in
|
||||
xargs --verbose --no-run-if-empty --delimiter='\n' \
|
||||
kill
|
||||
'';
|
||||
- commonOpts = p: "--verbose --show-cache ${optionalString (!p.enforce) "--complain "}${p.profile}";
|
||||
+ commonOpts = p: "--verbose --show-cache ${optionalString (p.state == "complain") "--complain "}${p.path}";
|
||||
in {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = "yes";
|
|
@ -12,7 +12,7 @@ in
|
|||
fonts = {
|
||||
packages = with pkgs; [
|
||||
noto-fonts
|
||||
noto-fonts-cjk
|
||||
noto-fonts-cjk-sans
|
||||
font-awesome
|
||||
# noto-fonts-emoji
|
||||
noto-fonts-monochrome-emoji
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
...
|
||||
}:
|
||||
let
|
||||
inherit (lib) mkIf mapAttrs assertMsg pathIsRegularFile;
|
||||
inherit (lib) mkIf mapAttrs assertMsg pathIsRegularFile mkForce;
|
||||
|
||||
cfg = config.security.apparmor_d;
|
||||
apparmor-d = pkgs.callPackage ./apparmor-d-package.nix {};
|
||||
|
@ -23,15 +23,18 @@ let
|
|||
|
||||
config = mkIf (cfg.enable) {
|
||||
security.apparmor.packages = [ apparmor-d ];
|
||||
security.apparmor.policies = mapAttrs (name: value: {
|
||||
enable = value != "disable";
|
||||
enforce = value == "enforce";
|
||||
security.apparmor.policies = mapAttrs (name: state: {
|
||||
inherit state;
|
||||
profile = let
|
||||
file = "${apparmor-d}/etc/apparmor.d/${name}";
|
||||
in
|
||||
assert assertMsg (pathIsRegularFile file) "profile ${name} not found in apparmor.d path (${file})";
|
||||
''include "${file}"'';
|
||||
}) cfg.profiles;
|
||||
|
||||
specialisation.no-apparmor.configuration = {
|
||||
security.apparmor.enable = mkForce false;
|
||||
};
|
||||
|
||||
environment.systemPackages = [ apparmor-d ];
|
||||
};
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ buildGoModule, fetchFromGitHub, git, lib }:
|
||||
{ buildGoModule, fetchFromGitHub, git, lib, unstableGitUpdater }:
|
||||
buildGoModule {
|
||||
pname = "apparmor-d";
|
||||
version = "unstable-2024-10-12";
|
||||
|
@ -13,7 +13,6 @@ buildGoModule {
|
|||
vendorHash = "sha256-YkOcpzn5AKFMDWUYbKY8DzGMiIMSyaDfexFmXv5HNQI=";
|
||||
|
||||
doCheck = false;
|
||||
#dontBuild = true;
|
||||
|
||||
nativeBuildInputs = [ git ];
|
||||
|
||||
|
@ -26,10 +25,12 @@ buildGoModule {
|
|||
"cmd/aa-log"
|
||||
];
|
||||
|
||||
passthru.updateScript = unstableGitUpdater { };
|
||||
|
||||
postInstall = ''
|
||||
mkdir -p $out/etc
|
||||
|
||||
DISTRIBUTION=opensuse $out/bin/prebuild --abi 4 # fixme: replace with nixos support once available
|
||||
DISTRIBUTION=arch $out/bin/prebuild --abi 4 # fixme: replace with nixos support once available
|
||||
|
||||
mv .build/apparmor.d $out/etc
|
||||
rm $out/bin/prebuild
|
||||
|
|
|
@ -32,6 +32,7 @@ in
|
|||
child-open-any = "enforce";
|
||||
child-open = "enforce";
|
||||
firefox-glxtest = "enforce";
|
||||
firefox-vaapitest = "enforce";
|
||||
gamemoded = "disable";
|
||||
pkexec = "complain";
|
||||
xdg-mime = "complain";
|
||||
|
@ -59,7 +60,7 @@ in
|
|||
|
||||
|
||||
"local/speech-dispatcher" = ''
|
||||
${pkgs.speechd}/libexec/speech-dispatcher-modules/* rix,
|
||||
@{nix_store}/libexec/speech-dispatcher-modules/* ix,
|
||||
@{PROC}/@{pid}/stat r,
|
||||
@{bin}/mbrola rix,
|
||||
'';
|
||||
|
@ -74,6 +75,10 @@ in
|
|||
owner /run/user/*/gnupg/S.keyboxd wr,
|
||||
'';
|
||||
|
||||
"local/xdg-mime" = ''
|
||||
/dev/tty* rw,
|
||||
'';
|
||||
|
||||
"abstractions/app/udevadm.d/udevadm_is_exec" = ''
|
||||
@{bin}/udevadm mrix,
|
||||
'';
|
||||
|
@ -100,8 +105,8 @@ in
|
|||
include <abstractions/app/bus>
|
||||
@{bin}/grep ix,
|
||||
/@{PROC}/version r,
|
||||
# @{bin}/gdbus Cx -> bus,
|
||||
@{bin}/gdbus Ux,
|
||||
@{bin}/gdbus Cx -> bus,
|
||||
# @{bin}/gdbus Ux,
|
||||
'';
|
||||
|
||||
"local/vesktop" = ''
|
||||
|
@ -125,8 +130,9 @@ in
|
|||
|
||||
security.apparmor.policies = {
|
||||
passff = {
|
||||
enable = true;
|
||||
enforce = true;
|
||||
state = "enforce";
|
||||
# enable = true;
|
||||
# enforce = true;
|
||||
profile = ''
|
||||
abi <abi/4.0>,
|
||||
include <tunables/global>
|
||||
|
@ -139,8 +145,9 @@ in
|
|||
};
|
||||
|
||||
swaymux = {
|
||||
enable = true;
|
||||
enforce = true;
|
||||
state = "enforce";
|
||||
# enable = true;
|
||||
# enforce = true;
|
||||
profile = ''
|
||||
abi <abi/4.0>,
|
||||
include <tunables/global>
|
||||
|
@ -153,9 +160,46 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
# speech-dispatcher-test = {
|
||||
# enable = true;
|
||||
# enforce = true;
|
||||
# profile = ''#
|
||||
#
|
||||
#abi <abi/4.0>,
|
||||
#
|
||||
#include <tunables/global>
|
||||
#
|
||||
#@{exec_path} = @{bin}/speech-dispatcher
|
||||
#profile speech-dispatcher ${getExe' pkgs.speechd "speech-dispatcher"} flags=(complain) {
|
||||
# include <abstractions/base>
|
||||
# include <abstractions/audio-client>
|
||||
# include <abstractions/bus-session>
|
||||
# include <abstractions/consoles>
|
||||
# include <abstractions/nameservice-strict>
|
||||
|
||||
# network inet stream,
|
||||
# network inet6 stream,
|
||||
|
||||
# @{exec_path} mr,
|
||||
|
||||
# @{sh_path} ix,
|
||||
# @{lib}/speech-dispatcher/** r,
|
||||
# @{lib}/speech-dispatcher/speech-dispatcher-modules/* ix,
|
||||
|
||||
# /etc/machine-id r,
|
||||
# /etc/speech-dispatcher/{,**} r,
|
||||
|
||||
# owner @{run}/user/@{uid}/speech-dispatcher/ rw,
|
||||
# owner @{run}/user/@{uid}/speech-dispatcher/** rwk,
|
||||
|
||||
# include if exists <local/speech-dispatcher>
|
||||
#} '';
|
||||
# };
|
||||
|
||||
osu-lazer = {
|
||||
enable = true;
|
||||
enforce = true;
|
||||
state = "enforce";
|
||||
# enable = true;
|
||||
# enforce = true;
|
||||
profile = ''
|
||||
abi <abi/4.0>,
|
||||
include <tunables/global>
|
||||
|
@ -203,6 +247,7 @@ in
|
|||
@{bin}/gawk ix,
|
||||
|
||||
@{bin}/xdg-mime Px,
|
||||
/usr/bin/xdg-mime Px,
|
||||
${getExe' pkgs.gamemode "gamemoderun"} ix,
|
||||
|
||||
owner @{HOME}/@{XDG_DATA_DIR}/osu/** rwkm,
|
||||
|
|
|
@ -54,7 +54,7 @@ in
|
|||
p7zip
|
||||
|
||||
fbcat
|
||||
gomuks
|
||||
# gomuks
|
||||
|
||||
imagemagick
|
||||
nmap
|
||||
|
|
|
@ -14,7 +14,14 @@ let
|
|||
attrNames
|
||||
;
|
||||
plugins = {
|
||||
ranger_udisk_menu = inputs.ranger_udisk_menu;
|
||||
ranger_udisk_menu = pkgs.fetchFromGitea {
|
||||
domain = "git.grimmauld.de";
|
||||
owner = "grimmauld";
|
||||
repo = "ranger_udisk_menu";
|
||||
rev = "981756147834bb485ebcfa0e41ad60d05ccc4351";
|
||||
hash = "sha256-5nFpEO/54MO6Esvkcqcyw2TI37ham70LkHtOXrYXfbY=";
|
||||
};
|
||||
# inputs.ranger_udisk_menu;
|
||||
};
|
||||
in
|
||||
{
|
||||
|
|
|
@ -46,7 +46,7 @@ in
|
|||
gnupg
|
||||
libsecret
|
||||
vulnix
|
||||
agenix
|
||||
# agenix
|
||||
|
||||
yubikey-manager
|
||||
yubico-pam
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
imports = [
|
||||
./overlays
|
||||
./common
|
||||
./fake_flake.nix
|
||||
# ./fake_flake.nix
|
||||
./users.nix
|
||||
];
|
||||
|
||||
|
@ -15,6 +15,9 @@
|
|||
|
||||
services.logrotate.checkConfig = false; # fixme: actually needed?
|
||||
|
||||
nix.package = pkgs.lix;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
grimmShared = {
|
||||
enable = true;
|
||||
locale = true;
|
||||
|
|
148
fake_flake.nix
148
fake_flake.nix
|
@ -1,148 +0,0 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
system,
|
||||
...
|
||||
}:
|
||||
let
|
||||
nivSources = import ./nix/sources.nix;
|
||||
asGithubRef = src: "github:${src.owner}/${src.repo}/${src.rev}";
|
||||
|
||||
build_target =
|
||||
let
|
||||
env_host = builtins.getEnv "NIXOS_TARGET_HOST";
|
||||
in
|
||||
if env_host != "" then
|
||||
env_host
|
||||
else
|
||||
builtins.replaceStrings [ "\n" ] [ "" ] (lib.toLower (builtins.readFile /proc/sys/kernel/hostname));
|
||||
|
||||
host_modules = {
|
||||
grimmauld-nixos = [ ./specific/grimm-nixos-laptop/configuration.nix ];
|
||||
grimm-nixos-ssd = [ ./specific/grimm-nixos-ssd/configuration.nix ];
|
||||
|
||||
grimmauld-nixos-server = [
|
||||
./specific/grimmauld-nixos-server/configuration.nix
|
||||
./modules
|
||||
];
|
||||
};
|
||||
|
||||
nixpkgs_patches = [
|
||||
#{
|
||||
# # xonsh update
|
||||
# url = "https://patch-diff.githubusercontent.com/raw/NixOS/nixpkgs/pull/305316.patch";
|
||||
# hash = "sha256-W3jh6qRA/7V1fImLm3vRmaT6h6gL5rlNBUuIidZHaZc=";
|
||||
#}
|
||||
];
|
||||
|
||||
in
|
||||
# enable ccache for lix if ccache is enabled
|
||||
# enable_lix_ccache = true;
|
||||
{
|
||||
imports = [
|
||||
"${nivSources.agenix}/modules/age.nix"
|
||||
"${nivSources.nixos-mailserver}/default.nix"
|
||||
"${nivSources.nixos-matrix-modules}/module.nix"
|
||||
|
||||
(builtins.getFlake (asGithubRef nivSources.aagl-gtk-on-nix)).nixosModules.default
|
||||
|
||||
# fixme: ideally we'd not rely on the flake syntax to load the module
|
||||
(builtins.getFlake (asGithubRef nivSources.chaotic)).nixosModules.default
|
||||
# (builtins.getFlake (asGithubRef nivSources.nixos-matrix-modules)).nixosModules.default
|
||||
# (builtins.getFlake "git+${nivSources.nixos-mailserver.repo}").nixosModules.default
|
||||
] ++ lib.optionals (builtins.hasAttr build_target host_modules) host_modules.${build_target};
|
||||
|
||||
system.nixos = {
|
||||
distroId = "lixos";
|
||||
distroName = "LixOS";
|
||||
};
|
||||
|
||||
environment.sessionVariables =
|
||||
let
|
||||
inherit (config.system.nixos) distroName version codeName;
|
||||
in
|
||||
{
|
||||
distro = "${distroName} ${version} (${codeName}) ${system}";
|
||||
};
|
||||
|
||||
documentation.doc.enable = false;
|
||||
|
||||
# nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
|
||||
# programs.ccache.enable = true;
|
||||
|
||||
environment.systemPackages =
|
||||
let
|
||||
inherit (lib)
|
||||
getExe
|
||||
attrNames
|
||||
optionalString
|
||||
elem
|
||||
concatLines
|
||||
;
|
||||
inherit (pkgs) writeShellScriptBin nix-output-monitor;
|
||||
in
|
||||
[
|
||||
(writeShellScriptBin "nixos-build-all" (
|
||||
concatLines (
|
||||
map (
|
||||
n:
|
||||
"NIXOS_TARGET_HOST=${n} nixos-rebuild build --show-trace --upgrade"
|
||||
+ optionalString (elem nix-output-monitor config.environment.systemPackages) " |& ${getExe nix-output-monitor}"
|
||||
) (attrNames host_modules)
|
||||
)
|
||||
))
|
||||
];
|
||||
|
||||
nixpkgs =
|
||||
let
|
||||
src = nivSources.nixpkgs;
|
||||
unpatched = import src { inherit config system; };
|
||||
inherit (unpatched) applyPatches fetchpatch;
|
||||
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
permittedInsecurePackages = [
|
||||
"olm-3.2.16"
|
||||
"jitsi-meet-1.0.8043"
|
||||
];
|
||||
};
|
||||
in
|
||||
{
|
||||
hostPlatform = system;
|
||||
pkgs =
|
||||
if (nixpkgs_patches != [ ]) then
|
||||
(import (applyPatches {
|
||||
name = "nixpkgs-patched";
|
||||
inherit src;
|
||||
patches = map fetchpatch nixpkgs_patches;
|
||||
}) { inherit config; })
|
||||
else
|
||||
unpatched;
|
||||
|
||||
overlays = [
|
||||
# (import "${nivSources.lix-module}/overlay.nix" { lix = nivSources.lix-pkg; })
|
||||
(final: prev: { agenix = final.callPackage "${nivSources.agenix}/pkgs/agenix.nix" { }; })
|
||||
];
|
||||
};
|
||||
|
||||
_module.args = {
|
||||
system = "x86_64-linux";
|
||||
inputs = nivSources;
|
||||
};
|
||||
|
||||
nix.package = pkgs.lix;
|
||||
|
||||
nix.settings.extra-substituters = [
|
||||
# "https://cache.lix.systems"
|
||||
"https://nyx.chaotic.cx/"
|
||||
"https://ezkea.cachix.org"
|
||||
];
|
||||
|
||||
nix.settings.trusted-public-keys = [
|
||||
# "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
|
||||
"nyx.chaotic.cx-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
|
||||
"chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
|
||||
"ezkea.cachix.org-1:ioBmUbJTZIKsHmWWXPe1FSFbeVe+afhfgqgTSNd34eI="
|
||||
];
|
||||
}
|
345
flake.lock
Normal file
345
flake.lock
Normal file
|
@ -0,0 +1,345 @@
|
|||
{
|
||||
"nodes": {
|
||||
"aagl-gtk-on-nix": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1728524457,
|
||||
"narHash": "sha256-R+GJ3H1PvRUHLm45muY1KEezhfgIl8l7HJ36DySZMu0=",
|
||||
"owner": "ezKEa",
|
||||
"repo": "aagl-gtk-on-nix",
|
||||
"rev": "5611dd61df02e0bc5d62bb3f5388821d8854faff",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ezKEa",
|
||||
"repo": "aagl-gtk-on-nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"agenix": {
|
||||
"inputs": {
|
||||
"darwin": "darwin",
|
||||
"home-manager": "home-manager",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1723293904,
|
||||
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"blobs": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1604995301,
|
||||
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"repo": "blobs",
|
||||
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"repo": "blobs",
|
||||
"type": "gitlab"
|
||||
}
|
||||
},
|
||||
"chaotic": {
|
||||
"inputs": {
|
||||
"flake-schemas": "flake-schemas",
|
||||
"home-manager": "home-manager_2",
|
||||
"jovian": "jovian",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1729599319,
|
||||
"narHash": "sha256-e/4JPcIRte5zkwqmGFrFo3763e0iHURX6N0apz4jbI0=",
|
||||
"owner": "chaotic-cx",
|
||||
"repo": "nyx",
|
||||
"rev": "1b86b304c8eb1437d9337a760e7f930826fc4d6d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "chaotic-cx",
|
||||
"ref": "nyxpkgs-unstable",
|
||||
"repo": "nyx",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"darwin": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1700795494,
|
||||
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
|
||||
"owner": "lnl7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "lnl7",
|
||||
"ref": "master",
|
||||
"repo": "nix-darwin",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_2": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-schemas": {
|
||||
"locked": {
|
||||
"lastModified": 1721999734,
|
||||
"narHash": "sha256-G5CxYeJVm4lcEtaO87LKzOsVnWeTcHGKbKxNamNWgOw=",
|
||||
"rev": "0a5c42297d870156d9c57d8f99e476b738dcd982",
|
||||
"revCount": 75,
|
||||
"type": "tarball",
|
||||
"url": "https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.1.5/0190ef2f-61e0-794b-ba14-e82f225e55e6/source.tar.gz"
|
||||
},
|
||||
"original": {
|
||||
"type": "tarball",
|
||||
"url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%3D0.1.5.tar.gz"
|
||||
}
|
||||
},
|
||||
"home-manager": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1703113217,
|
||||
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager_2": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"chaotic",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1729414726,
|
||||
"narHash": "sha256-Dtmm1OU8Ymiy9hVWn/a2B8DhRYo9Eoyx9veERdOBR4o=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "fe56302339bb28e3471632379d733547caec8103",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"jovian": {
|
||||
"inputs": {
|
||||
"nix-github-actions": "nix-github-actions",
|
||||
"nixpkgs": [
|
||||
"chaotic",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1729177642,
|
||||
"narHash": "sha256-DdKal+ZhB9QD/tnEwFg4cZ4j4YnrkvSljBxnyG+3eE0=",
|
||||
"owner": "Jovian-Experiments",
|
||||
"repo": "Jovian-NixOS",
|
||||
"rev": "bb69165ff372ddbd3228a03513922acd783040e8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Jovian-Experiments",
|
||||
"repo": "Jovian-NixOS",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-github-actions": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"chaotic",
|
||||
"jovian",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1690328911,
|
||||
"narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=",
|
||||
"owner": "zhaofengli",
|
||||
"repo": "nix-github-actions",
|
||||
"rev": "96df4a39c52f53cb7098b923224d8ce941b64747",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "zhaofengli",
|
||||
"ref": "matrix-name",
|
||||
"repo": "nix-github-actions",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-mailserver": {
|
||||
"inputs": {
|
||||
"blobs": "blobs",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-24_05": "nixpkgs-24_05"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1722877200,
|
||||
"narHash": "sha256-qgKDNJXs+od+1UbRy62uk7dYal3h98I4WojfIqMoGcg=",
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"repo": "nixos-mailserver",
|
||||
"rev": "af7d3bf5daeba3fc28089b015c0dd43f06b176f2",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"ref": "master",
|
||||
"repo": "nixos-mailserver",
|
||||
"type": "gitlab"
|
||||
}
|
||||
},
|
||||
"nixos-matrix-modules": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1727410897,
|
||||
"narHash": "sha256-tWsyxvf421ieWUJYgjV7m1eTdr2ZkO3vId7vmtvfFpQ=",
|
||||
"owner": "dali99",
|
||||
"repo": "nixos-matrix-modules",
|
||||
"rev": "ff787d410cba17882cd7b6e2e22cc88d4064193c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "dali99",
|
||||
"repo": "nixos-matrix-modules",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1729413321,
|
||||
"narHash": "sha256-I4tuhRpZFa6Fu6dcH9Dlo5LlH17peT79vx1y1SpeKt0=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "1997e4aa514312c1af7e2bda7fad1644e778ff26",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-24_05": {
|
||||
"locked": {
|
||||
"lastModified": 1717144377,
|
||||
"narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "805a384895c696f802a9bf5bf4720f37385df547",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-24.05",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"aagl-gtk-on-nix": "aagl-gtk-on-nix",
|
||||
"agenix": "agenix",
|
||||
"chaotic": "chaotic",
|
||||
"nixos-mailserver": "nixos-mailserver",
|
||||
"nixos-matrix-modules": "nixos-matrix-modules",
|
||||
"nixpkgs": "nixpkgs"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
"version": 7
|
||||
}
|
90
flake.nix
Normal file
90
flake.nix
Normal file
|
@ -0,0 +1,90 @@
|
|||
{
|
||||
description = "grimmauld-nixos";
|
||||
|
||||
inputs = {
|
||||
nixpkgs = {
|
||||
url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
# url = "git+file:///home/grimmauld/coding/nixpkgs";
|
||||
};
|
||||
chaotic = {
|
||||
url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
agenix = {
|
||||
url = "github:ryantm/agenix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
nixos-mailserver = {
|
||||
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
nixos-matrix-modules = {
|
||||
url = "github:dali99/nixos-matrix-modules";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
# ranger_udisk_menu.url = "git+https://git.grimmauld.de/Grimmauld/ranger_udisk_menu";
|
||||
# glibc-eac.url = "github:Frogging-Family/glibc-eac";
|
||||
aagl-gtk-on-nix = {
|
||||
url = "github:ezKEa/aagl-gtk-on-nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = inputs @ { self, agenix, nixpkgs, chaotic, aagl-gtk-on-nix, nixos-mailserver, nixos-matrix-modules, ... }:
|
||||
let
|
||||
patches = [
|
||||
./aa_mod.patch
|
||||
];
|
||||
|
||||
customNixosSystem = system: definitions:
|
||||
let
|
||||
unpatched = nixpkgs.legacyPackages.${system};
|
||||
patched = unpatched.applyPatches {
|
||||
name = "nixpkgs-patched";
|
||||
src = inputs.nixpkgs;
|
||||
patches = map (p: if (builtins.isPath p) then p else (unpatched.fetchpatch p)) patches;
|
||||
};
|
||||
nixosSystem = import (patched + "/nixos/lib/eval-config.nix");
|
||||
in
|
||||
nixosSystem ({
|
||||
inherit system;
|
||||
specialArgs = { inherit inputs system; };
|
||||
} // definitions);
|
||||
in
|
||||
{
|
||||
nixosConfigurations = {
|
||||
grimmauld-nixos = customNixosSystem "x86_64-linux" {
|
||||
modules = [
|
||||
agenix.nixosModules.default
|
||||
chaotic.nixosModules.default
|
||||
aagl-gtk-on-nix.nixosModules.default
|
||||
./configuration.nix
|
||||
|
||||
./specific/grimm-nixos-laptop/configuration.nix
|
||||
];
|
||||
};
|
||||
grimm-nixos-ssd = customNixosSystem "x86_64-linux" {
|
||||
modules = [
|
||||
agenix.nixosModules.default
|
||||
chaotic.nixosModules.default
|
||||
aagl-gtk-on-nix.nixosModules.default
|
||||
./configuration.nix
|
||||
|
||||
./specific/grimm-nixos-ssd/configuration.nix
|
||||
];
|
||||
};
|
||||
grimmauld-nixos-server = customNixosSystem "x86_64-linux" {
|
||||
modules = [
|
||||
agenix.nixosModules.default
|
||||
nixos-matrix-modules.nixosModules.default
|
||||
nixos-mailserver.nixosModules.default
|
||||
|
||||
./configuration.nix
|
||||
|
||||
./specific/grimmauld-nixos-server/configuration.nix
|
||||
./modules
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
110
nix/sources.json
110
nix/sources.json
|
@ -1,110 +0,0 @@
|
|||
{
|
||||
"aagl-gtk-on-nix": {
|
||||
"branch": "main",
|
||||
"description": "Run an-anime-game-launcher GTK version on Nix/NixOS!",
|
||||
"homepage": null,
|
||||
"owner": "ezKEa",
|
||||
"repo": "aagl-gtk-on-nix",
|
||||
"rev": "5611dd61df02e0bc5d62bb3f5388821d8854faff",
|
||||
"sha256": "1v9jk4j0zylx3ixwk5q8z22v6ir86pk9lfbf5q3ibgaggpf8kqa7",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/ezKEa/aagl-gtk-on-nix/archive/5611dd61df02e0bc5d62bb3f5388821d8854faff.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"agenix": {
|
||||
"branch": "main",
|
||||
"description": "age-encrypted secrets for NixOS and Home manager",
|
||||
"homepage": "https://matrix.to/#/#agenix:nixos.org",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
|
||||
"sha256": "1x8nd8hvsq6mvzig122vprwigsr3z2skanig65haqswn7z7amsvg",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/ryantm/agenix/archive/f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"authentik-nix": {
|
||||
"branch": "main",
|
||||
"description": "Nix flake with package, NixOS module and basic VM test for authentik. Trying to provide an alternative deployment mode to the officially supported docker-compose approach. Not affiliated with or officially supported by the authentik project [maintainer=@willibutz]",
|
||||
"homepage": "",
|
||||
"owner": "nix-community",
|
||||
"repo": "authentik-nix",
|
||||
"rev": "31128721a9f879777870adb88ebc6166112ff172",
|
||||
"sha256": "19ba00nl39lmdi58y70l9l0llviqjsv1ligh2ihzsrzb795z0dw7",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/nix-community/authentik-nix/archive/31128721a9f879777870adb88ebc6166112ff172.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"chaotic": {
|
||||
"branch": "main",
|
||||
"description": "Nix flake for \"too much bleeding-edge\" and unreleased packages (e.g., mesa_git, linux_cachyos, firefox_nightly, sway_git, gamescope_git). And experimental modules (e.g., HDR, duckdns).",
|
||||
"homepage": "https://nyx.chaotic.cx",
|
||||
"owner": "chaotic-cx",
|
||||
"repo": "nyx",
|
||||
"rev": "0fff4bd8bce411eddb86756a66e89cecda16e0a4",
|
||||
"sha256": "1iynss5f8dcrhxgy334df70pvaj7a0661whiwajy0s2lfgpw0kjs",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/chaotic-cx/nyx/archive/0fff4bd8bce411eddb86756a66e89cecda16e0a4.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"glibc-eac": {
|
||||
"branch": "main",
|
||||
"description": "Arch glibc with the commit breaking eos-eac reverted - https://github.com/archlinux/svntogit-packages/tree/4da6c3e804e21c39908aa8a3cb597f19e6d764ef/trunk",
|
||||
"homepage": "",
|
||||
"owner": "Frogging-Family",
|
||||
"repo": "glibc-eac",
|
||||
"rev": "de5df722493768cb02e23ce0703429636458befb",
|
||||
"sha256": "1yx3hal1kwj28ij688inaww169rj74iv3l3bwa74r3y4msdfnl80",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/Frogging-Family/glibc-eac/archive/de5df722493768cb02e23ce0703429636458befb.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"lix-module": {
|
||||
"branch": "main",
|
||||
"repo": "https://git.lix.systems/lix-project/nixos-module.git",
|
||||
"rev": "fd186f535a4ac7ae35d98c1dd5d79f0a81b7976d",
|
||||
"type": "git"
|
||||
},
|
||||
"lix-pkg": {
|
||||
"branch": "main",
|
||||
"repo": "https://git.lix.systems/lix-project/lix.git",
|
||||
"rev": "f6077314fa6aff862758095bb55fe844e9162a1d",
|
||||
"type": "git"
|
||||
},
|
||||
"nixos-mailserver": {
|
||||
"branch": "master",
|
||||
"repo": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git",
|
||||
"rev": "af7d3bf5daeba3fc28089b015c0dd43f06b176f2",
|
||||
"type": "git"
|
||||
},
|
||||
"nixos-matrix-modules": {
|
||||
"branch": "master",
|
||||
"description": "NixOS modules for matrix related services",
|
||||
"homepage": null,
|
||||
"owner": "dali99",
|
||||
"repo": "nixos-matrix-modules",
|
||||
"rev": "ff787d410cba17882cd7b6e2e22cc88d4064193c",
|
||||
"sha256": "150nvzdrmvyy47pyv44rpmv96mwvgcsq4n22b6g5inzqyz334sxm",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/dali99/nixos-matrix-modules/archive/ff787d410cba17882cd7b6e2e22cc88d4064193c.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"nixpkgs": {
|
||||
"branch": "nixos-unstable",
|
||||
"description": "Nix Packages collection",
|
||||
"homepage": null,
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c",
|
||||
"sha256": "1wn29537l343lb0id0byk0699fj0k07m1n2d7jx2n0ssax55vhwy",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"ranger_udisk_menu": {
|
||||
"branch": "master",
|
||||
"repo": "https://git.grimmauld.de/Grimmauld/ranger_udisk_menu.git",
|
||||
"rev": "981756147834bb485ebcfa0e41ad60d05ccc4351",
|
||||
"type": "git"
|
||||
}
|
||||
}
|
249
nix/sources.nix
249
nix/sources.nix
|
@ -1,249 +0,0 @@
|
|||
# This file has been generated by Niv.
|
||||
|
||||
let
|
||||
|
||||
#
|
||||
# The fetchers. fetch_<type> fetches specs of type <type>.
|
||||
#
|
||||
|
||||
fetch_file =
|
||||
pkgs: name: spec:
|
||||
let
|
||||
name' = sanitizeName name + "-src";
|
||||
in
|
||||
if spec.builtin or true then
|
||||
builtins_fetchurl {
|
||||
inherit (spec) url sha256;
|
||||
name = name';
|
||||
}
|
||||
else
|
||||
pkgs.fetchurl {
|
||||
inherit (spec) url sha256;
|
||||
name = name';
|
||||
};
|
||||
|
||||
fetch_tarball =
|
||||
pkgs: name: spec:
|
||||
let
|
||||
name' = sanitizeName name + "-src";
|
||||
in
|
||||
if spec.builtin or true then
|
||||
builtins_fetchTarball {
|
||||
name = name';
|
||||
inherit (spec) url sha256;
|
||||
}
|
||||
else
|
||||
pkgs.fetchzip {
|
||||
name = name';
|
||||
inherit (spec) url sha256;
|
||||
};
|
||||
|
||||
fetch_git =
|
||||
name: spec:
|
||||
let
|
||||
ref =
|
||||
spec.ref or (
|
||||
if spec ? branch then
|
||||
"refs/heads/${spec.branch}"
|
||||
else if spec ? tag then
|
||||
"refs/tags/${spec.tag}"
|
||||
else
|
||||
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!"
|
||||
);
|
||||
submodules = spec.submodules or false;
|
||||
submoduleArg =
|
||||
let
|
||||
nixSupportsSubmodules = builtins.compareVersions builtins.nixVersion "2.4" >= 0;
|
||||
emptyArgWithWarning =
|
||||
if submodules then
|
||||
builtins.trace (
|
||||
"The niv input \"${name}\" uses submodules "
|
||||
+ "but your nix's (${builtins.nixVersion}) builtins.fetchGit "
|
||||
+ "does not support them"
|
||||
) { }
|
||||
else
|
||||
{ };
|
||||
in
|
||||
if nixSupportsSubmodules then { inherit submodules; } else emptyArgWithWarning;
|
||||
in
|
||||
builtins.fetchGit (
|
||||
{
|
||||
url = spec.repo;
|
||||
inherit (spec) rev;
|
||||
inherit ref;
|
||||
}
|
||||
// submoduleArg
|
||||
);
|
||||
|
||||
fetch_local = spec: spec.path;
|
||||
|
||||
fetch_builtin-tarball =
|
||||
name:
|
||||
throw ''
|
||||
[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`.
|
||||
$ niv modify ${name} -a type=tarball -a builtin=true'';
|
||||
|
||||
fetch_builtin-url =
|
||||
name:
|
||||
throw ''
|
||||
[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`.
|
||||
$ niv modify ${name} -a type=file -a builtin=true'';
|
||||
|
||||
#
|
||||
# Various helpers
|
||||
#
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695
|
||||
sanitizeName =
|
||||
name:
|
||||
(concatMapStrings (s: if builtins.isList s then "-" else s) (
|
||||
builtins.split "[^[:alnum:]+._?=-]+" ((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)
|
||||
));
|
||||
|
||||
# The set of packages used when specs are fetched using non-builtins.
|
||||
mkPkgs =
|
||||
sources: system:
|
||||
let
|
||||
sourcesNixpkgs = import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) {
|
||||
inherit system;
|
||||
};
|
||||
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
|
||||
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
|
||||
in
|
||||
if builtins.hasAttr "nixpkgs" sources then
|
||||
sourcesNixpkgs
|
||||
else if hasNixpkgsPath && !hasThisAsNixpkgsPath then
|
||||
import <nixpkgs> { }
|
||||
else
|
||||
abort ''
|
||||
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
|
||||
add a package called "nixpkgs" to your sources.json.
|
||||
'';
|
||||
|
||||
# The actual fetching function.
|
||||
fetch =
|
||||
pkgs: name: spec:
|
||||
|
||||
if !builtins.hasAttr "type" spec then
|
||||
abort "ERROR: niv spec ${name} does not have a 'type' attribute"
|
||||
else if spec.type == "file" then
|
||||
fetch_file pkgs name spec
|
||||
else if spec.type == "tarball" then
|
||||
fetch_tarball pkgs name spec
|
||||
else if spec.type == "git" then
|
||||
fetch_git name spec
|
||||
else if spec.type == "local" then
|
||||
fetch_local spec
|
||||
else if spec.type == "builtin-tarball" then
|
||||
fetch_builtin-tarball name
|
||||
else if spec.type == "builtin-url" then
|
||||
fetch_builtin-url name
|
||||
else
|
||||
abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
|
||||
|
||||
# If the environment variable NIV_OVERRIDE_${name} is set, then use
|
||||
# the path directly as opposed to the fetched source.
|
||||
replace =
|
||||
name: drv:
|
||||
let
|
||||
saneName = stringAsChars (c: if (builtins.match "[a-zA-Z0-9]" c) == null then "_" else c) name;
|
||||
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
|
||||
in
|
||||
if ersatz == "" then
|
||||
drv
|
||||
else
|
||||
# this turns the string into an actual Nix path (for both absolute and
|
||||
# relative paths)
|
||||
if builtins.substring 0 1 ersatz == "/" then
|
||||
/. + ersatz
|
||||
else
|
||||
/. + builtins.getEnv "PWD" + "/${ersatz}";
|
||||
|
||||
# Ports of functions for older nix versions
|
||||
|
||||
# a Nix version of mapAttrs if the built-in doesn't exist
|
||||
mapAttrs =
|
||||
builtins.mapAttrs or (
|
||||
f: set:
|
||||
with builtins;
|
||||
listToAttrs (
|
||||
map (attr: {
|
||||
name = attr;
|
||||
value = f attr set.${attr};
|
||||
}) (attrNames set)
|
||||
)
|
||||
);
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
|
||||
range =
|
||||
first: last: if first > last then [ ] else builtins.genList (n: first + n) (last - first + 1);
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
|
||||
stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
|
||||
stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
|
||||
concatMapStrings = f: list: concatStrings (map f list);
|
||||
concatStrings = builtins.concatStringsSep "";
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331
|
||||
optionalAttrs = cond: as: if cond then as else { };
|
||||
|
||||
# fetchTarball version that is compatible between all the versions of Nix
|
||||
builtins_fetchTarball =
|
||||
{
|
||||
url,
|
||||
name ? null,
|
||||
sha256,
|
||||
}@attrs:
|
||||
let
|
||||
inherit (builtins) lessThan nixVersion fetchTarball;
|
||||
in
|
||||
if lessThan nixVersion "1.12" then
|
||||
fetchTarball ({ inherit url; } // (optionalAttrs (name != null) { inherit name; }))
|
||||
else
|
||||
fetchTarball attrs;
|
||||
|
||||
# fetchurl version that is compatible between all the versions of Nix
|
||||
builtins_fetchurl =
|
||||
{
|
||||
url,
|
||||
name ? null,
|
||||
sha256,
|
||||
}@attrs:
|
||||
let
|
||||
inherit (builtins) lessThan nixVersion fetchurl;
|
||||
in
|
||||
if lessThan nixVersion "1.12" then
|
||||
fetchurl ({ inherit url; } // (optionalAttrs (name != null) { inherit name; }))
|
||||
else
|
||||
fetchurl attrs;
|
||||
|
||||
# Create the final "sources" from the config
|
||||
mkSources =
|
||||
config:
|
||||
mapAttrs (
|
||||
name: spec:
|
||||
if builtins.hasAttr "outPath" spec then
|
||||
abort "The values in sources.json should not have an 'outPath' attribute"
|
||||
else
|
||||
spec // { outPath = replace name (fetch config.pkgs name spec); }
|
||||
) config.sources;
|
||||
|
||||
# The "config" used by the fetchers
|
||||
mkConfig =
|
||||
{
|
||||
sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null,
|
||||
sources ? if sourcesFile == null then { } else builtins.fromJSON (builtins.readFile sourcesFile),
|
||||
system ? builtins.currentSystem,
|
||||
pkgs ? mkPkgs sources system,
|
||||
}:
|
||||
rec {
|
||||
# The sources, i.e. the attribute set of spec name to spec
|
||||
inherit sources;
|
||||
|
||||
# The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
|
||||
inherit pkgs;
|
||||
};
|
||||
in
|
||||
mkSources (mkConfig { }) // { __functor = _: settings: mkSources (mkConfig settings); }
|
|
@ -35,7 +35,6 @@
|
|||
./searchclip.nix
|
||||
./confwhich.nix
|
||||
./rfindup.nix
|
||||
./glibc-eac.nix
|
||||
./factorio.nix
|
||||
./ranger.nix
|
||||
./ncspot.nix
|
||||
|
|
|
@ -1,17 +0,0 @@
|
|||
{ prev, inputs, ... }:
|
||||
let
|
||||
glibc_patches = [ "rogue_company_reverts.patch" ];
|
||||
in
|
||||
{
|
||||
glibc-eac = prev.glibc.overrideAttrs (old: {
|
||||
patches =
|
||||
(
|
||||
let
|
||||
oldPatches = old.patches or [ ];
|
||||
in
|
||||
if oldPatches == null then [ ] else oldPatches
|
||||
)
|
||||
++ (map (p: "${inputs.glibc-eac}/${p}") glibc_patches);
|
||||
doCheck = false;
|
||||
});
|
||||
}
|
|
@ -40,8 +40,8 @@
|
|||
[
|
||||
vesktop
|
||||
obs-studio
|
||||
element-desktop
|
||||
ghidra
|
||||
# element-desktop
|
||||
# ghidra
|
||||
rmview
|
||||
]
|
||||
);
|
||||
|
|
Loading…
Reference in a new issue