re-flake
This commit is contained in:
parent
9c7828fae6
commit
247489518d
17 changed files with 592 additions and 548 deletions
75
aa_mod.patch
Normal file
75
aa_mod.patch
Normal file
|
@ -0,0 +1,75 @@
|
||||||
|
diff --git a/nixos/modules/security/apparmor.nix b/nixos/modules/security/apparmor.nix
|
||||||
|
index a4b3807e4e0f..c7c879c39d12 100644
|
||||||
|
--- a/nixos/modules/security/apparmor.nix
|
||||||
|
+++ b/nixos/modules/security/apparmor.nix
|
||||||
|
@@ -3,15 +3,11 @@
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
- inherit (builtins) attrNames head map match readFile;
|
||||||
|
+ inherit (builtins) attrNames map match;
|
||||||
|
inherit (lib) types;
|
||||||
|
inherit (config.environment) etc;
|
||||||
|
cfg = config.security.apparmor;
|
||||||
|
- mkDisableOption = name: mkEnableOption name // {
|
||||||
|
- default = true;
|
||||||
|
- example = false;
|
||||||
|
- };
|
||||||
|
- enabledPolicies = filterAttrs (n: p: p.enable) cfg.policies;
|
||||||
|
+ enabledPolicies = filterAttrs (n: p: p.state != "disable") cfg.policies;
|
||||||
|
in
|
||||||
|
|
||||||
|
{
|
||||||
|
@@ -47,13 +43,30 @@ in
|
||||||
|
'';
|
||||||
|
type = types.attrsOf (types.submodule ({ name, config, ... }: {
|
||||||
|
options = {
|
||||||
|
- enable = mkDisableOption "loading of the profile into the kernel";
|
||||||
|
- enforce = mkDisableOption "enforcing of the policy or only complain in the logs";
|
||||||
|
+ state = mkOption {
|
||||||
|
+ description =
|
||||||
|
+ "The state of the profile as applied to the system by nix";
|
||||||
|
+ type = types.enum [ "disable" "complain" "enforce" ];
|
||||||
|
+ # should enforce really be the default?
|
||||||
|
+ # the docs state that this should only be used once one is REALLY sure nothing's gonna break
|
||||||
|
+ default = "enforce";
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
profile = mkOption {
|
||||||
|
- description = "The policy of the profile.";
|
||||||
|
+ description = "The policy of the profile. Incompatible with path.";
|
||||||
|
type = types.lines;
|
||||||
|
- apply = pkgs.writeText name;
|
||||||
|
};
|
||||||
|
+
|
||||||
|
+ path = mkOption {
|
||||||
|
+ type = types.nullOr types.path;
|
||||||
|
+ default = null;
|
||||||
|
+ description = "A path of a profile to include. Incompatible with profile.";
|
||||||
|
+ apply = p: let
|
||||||
|
+ inherit (config) profile;
|
||||||
|
+ in assert (assertMsg ((p != null && profile == "") || (p == null && profile != ""))
|
||||||
|
+ "`security.apparmor.policies.\"${name}\"` must define exactly one of either path or profile.");
|
||||||
|
+ (if (p != null) then p else (pkgs.writeText name profile));
|
||||||
|
+ };
|
||||||
|
};
|
||||||
|
}));
|
||||||
|
default = {};
|
||||||
|
@@ -108,7 +121,7 @@ in
|
||||||
|
environment.etc."apparmor.d".source = pkgs.linkFarm "apparmor.d" (
|
||||||
|
# It's important to put only enabledPolicies here and not all cfg.policies
|
||||||
|
# because aa-remove-unknown reads profiles from all /etc/apparmor.d/*
|
||||||
|
- mapAttrsToList (name: p: { inherit name; path = p.profile; }) enabledPolicies ++
|
||||||
|
+ mapAttrsToList (name: p: { inherit name; path = p.path; }) enabledPolicies ++
|
||||||
|
mapAttrsToList (name: path: { inherit name path; }) cfg.includes
|
||||||
|
);
|
||||||
|
environment.etc."apparmor/parser.conf".text = ''
|
||||||
|
@@ -187,7 +200,7 @@ in
|
||||||
|
xargs --verbose --no-run-if-empty --delimiter='\n' \
|
||||||
|
kill
|
||||||
|
'';
|
||||||
|
- commonOpts = p: "--verbose --show-cache ${optionalString (!p.enforce) "--complain "}${p.profile}";
|
||||||
|
+ commonOpts = p: "--verbose --show-cache ${optionalString (p.state == "complain") "--complain "}${p.path}";
|
||||||
|
in {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = "yes";
|
|
@ -12,7 +12,7 @@ in
|
||||||
fonts = {
|
fonts = {
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
noto-fonts
|
noto-fonts
|
||||||
noto-fonts-cjk
|
noto-fonts-cjk-sans
|
||||||
font-awesome
|
font-awesome
|
||||||
# noto-fonts-emoji
|
# noto-fonts-emoji
|
||||||
noto-fonts-monochrome-emoji
|
noto-fonts-monochrome-emoji
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
inherit (lib) mkIf mapAttrs assertMsg pathIsRegularFile;
|
inherit (lib) mkIf mapAttrs assertMsg pathIsRegularFile mkForce;
|
||||||
|
|
||||||
cfg = config.security.apparmor_d;
|
cfg = config.security.apparmor_d;
|
||||||
apparmor-d = pkgs.callPackage ./apparmor-d-package.nix {};
|
apparmor-d = pkgs.callPackage ./apparmor-d-package.nix {};
|
||||||
|
@ -23,9 +23,8 @@ let
|
||||||
|
|
||||||
config = mkIf (cfg.enable) {
|
config = mkIf (cfg.enable) {
|
||||||
security.apparmor.packages = [ apparmor-d ];
|
security.apparmor.packages = [ apparmor-d ];
|
||||||
security.apparmor.policies = mapAttrs (name: value: {
|
security.apparmor.policies = mapAttrs (name: state: {
|
||||||
enable = value != "disable";
|
inherit state;
|
||||||
enforce = value == "enforce";
|
|
||||||
profile = let
|
profile = let
|
||||||
file = "${apparmor-d}/etc/apparmor.d/${name}";
|
file = "${apparmor-d}/etc/apparmor.d/${name}";
|
||||||
in
|
in
|
||||||
|
@ -33,6 +32,10 @@ let
|
||||||
''include "${file}"'';
|
''include "${file}"'';
|
||||||
}) cfg.profiles;
|
}) cfg.profiles;
|
||||||
|
|
||||||
|
specialisation.no-apparmor.configuration = {
|
||||||
|
security.apparmor.enable = mkForce false;
|
||||||
|
};
|
||||||
|
|
||||||
environment.systemPackages = [ apparmor-d ];
|
environment.systemPackages = [ apparmor-d ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ buildGoModule, fetchFromGitHub, git, lib }:
|
{ buildGoModule, fetchFromGitHub, git, lib, unstableGitUpdater }:
|
||||||
buildGoModule {
|
buildGoModule {
|
||||||
pname = "apparmor-d";
|
pname = "apparmor-d";
|
||||||
version = "unstable-2024-10-12";
|
version = "unstable-2024-10-12";
|
||||||
|
@ -13,7 +13,6 @@ buildGoModule {
|
||||||
vendorHash = "sha256-YkOcpzn5AKFMDWUYbKY8DzGMiIMSyaDfexFmXv5HNQI=";
|
vendorHash = "sha256-YkOcpzn5AKFMDWUYbKY8DzGMiIMSyaDfexFmXv5HNQI=";
|
||||||
|
|
||||||
doCheck = false;
|
doCheck = false;
|
||||||
#dontBuild = true;
|
|
||||||
|
|
||||||
nativeBuildInputs = [ git ];
|
nativeBuildInputs = [ git ];
|
||||||
|
|
||||||
|
@ -26,10 +25,12 @@ buildGoModule {
|
||||||
"cmd/aa-log"
|
"cmd/aa-log"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
passthru.updateScript = unstableGitUpdater { };
|
||||||
|
|
||||||
postInstall = ''
|
postInstall = ''
|
||||||
mkdir -p $out/etc
|
mkdir -p $out/etc
|
||||||
|
|
||||||
DISTRIBUTION=opensuse $out/bin/prebuild --abi 4 # fixme: replace with nixos support once available
|
DISTRIBUTION=arch $out/bin/prebuild --abi 4 # fixme: replace with nixos support once available
|
||||||
|
|
||||||
mv .build/apparmor.d $out/etc
|
mv .build/apparmor.d $out/etc
|
||||||
rm $out/bin/prebuild
|
rm $out/bin/prebuild
|
||||||
|
|
|
@ -32,6 +32,7 @@ in
|
||||||
child-open-any = "enforce";
|
child-open-any = "enforce";
|
||||||
child-open = "enforce";
|
child-open = "enforce";
|
||||||
firefox-glxtest = "enforce";
|
firefox-glxtest = "enforce";
|
||||||
|
firefox-vaapitest = "enforce";
|
||||||
gamemoded = "disable";
|
gamemoded = "disable";
|
||||||
pkexec = "complain";
|
pkexec = "complain";
|
||||||
xdg-mime = "complain";
|
xdg-mime = "complain";
|
||||||
|
@ -59,7 +60,7 @@ in
|
||||||
|
|
||||||
|
|
||||||
"local/speech-dispatcher" = ''
|
"local/speech-dispatcher" = ''
|
||||||
${pkgs.speechd}/libexec/speech-dispatcher-modules/* rix,
|
@{nix_store}/libexec/speech-dispatcher-modules/* ix,
|
||||||
@{PROC}/@{pid}/stat r,
|
@{PROC}/@{pid}/stat r,
|
||||||
@{bin}/mbrola rix,
|
@{bin}/mbrola rix,
|
||||||
'';
|
'';
|
||||||
|
@ -74,6 +75,10 @@ in
|
||||||
owner /run/user/*/gnupg/S.keyboxd wr,
|
owner /run/user/*/gnupg/S.keyboxd wr,
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
"local/xdg-mime" = ''
|
||||||
|
/dev/tty* rw,
|
||||||
|
'';
|
||||||
|
|
||||||
"abstractions/app/udevadm.d/udevadm_is_exec" = ''
|
"abstractions/app/udevadm.d/udevadm_is_exec" = ''
|
||||||
@{bin}/udevadm mrix,
|
@{bin}/udevadm mrix,
|
||||||
'';
|
'';
|
||||||
|
@ -100,8 +105,8 @@ in
|
||||||
include <abstractions/app/bus>
|
include <abstractions/app/bus>
|
||||||
@{bin}/grep ix,
|
@{bin}/grep ix,
|
||||||
/@{PROC}/version r,
|
/@{PROC}/version r,
|
||||||
# @{bin}/gdbus Cx -> bus,
|
@{bin}/gdbus Cx -> bus,
|
||||||
@{bin}/gdbus Ux,
|
# @{bin}/gdbus Ux,
|
||||||
'';
|
'';
|
||||||
|
|
||||||
"local/vesktop" = ''
|
"local/vesktop" = ''
|
||||||
|
@ -125,8 +130,9 @@ in
|
||||||
|
|
||||||
security.apparmor.policies = {
|
security.apparmor.policies = {
|
||||||
passff = {
|
passff = {
|
||||||
enable = true;
|
state = "enforce";
|
||||||
enforce = true;
|
# enable = true;
|
||||||
|
# enforce = true;
|
||||||
profile = ''
|
profile = ''
|
||||||
abi <abi/4.0>,
|
abi <abi/4.0>,
|
||||||
include <tunables/global>
|
include <tunables/global>
|
||||||
|
@ -139,8 +145,9 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
swaymux = {
|
swaymux = {
|
||||||
enable = true;
|
state = "enforce";
|
||||||
enforce = true;
|
# enable = true;
|
||||||
|
# enforce = true;
|
||||||
profile = ''
|
profile = ''
|
||||||
abi <abi/4.0>,
|
abi <abi/4.0>,
|
||||||
include <tunables/global>
|
include <tunables/global>
|
||||||
|
@ -153,9 +160,46 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# speech-dispatcher-test = {
|
||||||
|
# enable = true;
|
||||||
|
# enforce = true;
|
||||||
|
# profile = ''#
|
||||||
|
#
|
||||||
|
#abi <abi/4.0>,
|
||||||
|
#
|
||||||
|
#include <tunables/global>
|
||||||
|
#
|
||||||
|
#@{exec_path} = @{bin}/speech-dispatcher
|
||||||
|
#profile speech-dispatcher ${getExe' pkgs.speechd "speech-dispatcher"} flags=(complain) {
|
||||||
|
# include <abstractions/base>
|
||||||
|
# include <abstractions/audio-client>
|
||||||
|
# include <abstractions/bus-session>
|
||||||
|
# include <abstractions/consoles>
|
||||||
|
# include <abstractions/nameservice-strict>
|
||||||
|
|
||||||
|
# network inet stream,
|
||||||
|
# network inet6 stream,
|
||||||
|
|
||||||
|
# @{exec_path} mr,
|
||||||
|
|
||||||
|
# @{sh_path} ix,
|
||||||
|
# @{lib}/speech-dispatcher/** r,
|
||||||
|
# @{lib}/speech-dispatcher/speech-dispatcher-modules/* ix,
|
||||||
|
|
||||||
|
# /etc/machine-id r,
|
||||||
|
# /etc/speech-dispatcher/{,**} r,
|
||||||
|
|
||||||
|
# owner @{run}/user/@{uid}/speech-dispatcher/ rw,
|
||||||
|
# owner @{run}/user/@{uid}/speech-dispatcher/** rwk,
|
||||||
|
|
||||||
|
# include if exists <local/speech-dispatcher>
|
||||||
|
#} '';
|
||||||
|
# };
|
||||||
|
|
||||||
osu-lazer = {
|
osu-lazer = {
|
||||||
enable = true;
|
state = "enforce";
|
||||||
enforce = true;
|
# enable = true;
|
||||||
|
# enforce = true;
|
||||||
profile = ''
|
profile = ''
|
||||||
abi <abi/4.0>,
|
abi <abi/4.0>,
|
||||||
include <tunables/global>
|
include <tunables/global>
|
||||||
|
@ -203,6 +247,7 @@ in
|
||||||
@{bin}/gawk ix,
|
@{bin}/gawk ix,
|
||||||
|
|
||||||
@{bin}/xdg-mime Px,
|
@{bin}/xdg-mime Px,
|
||||||
|
/usr/bin/xdg-mime Px,
|
||||||
${getExe' pkgs.gamemode "gamemoderun"} ix,
|
${getExe' pkgs.gamemode "gamemoderun"} ix,
|
||||||
|
|
||||||
owner @{HOME}/@{XDG_DATA_DIR}/osu/** rwkm,
|
owner @{HOME}/@{XDG_DATA_DIR}/osu/** rwkm,
|
||||||
|
|
|
@ -54,7 +54,7 @@ in
|
||||||
p7zip
|
p7zip
|
||||||
|
|
||||||
fbcat
|
fbcat
|
||||||
gomuks
|
# gomuks
|
||||||
|
|
||||||
imagemagick
|
imagemagick
|
||||||
nmap
|
nmap
|
||||||
|
|
|
@ -14,7 +14,14 @@ let
|
||||||
attrNames
|
attrNames
|
||||||
;
|
;
|
||||||
plugins = {
|
plugins = {
|
||||||
ranger_udisk_menu = inputs.ranger_udisk_menu;
|
ranger_udisk_menu = pkgs.fetchFromGitea {
|
||||||
|
domain = "git.grimmauld.de";
|
||||||
|
owner = "grimmauld";
|
||||||
|
repo = "ranger_udisk_menu";
|
||||||
|
rev = "981756147834bb485ebcfa0e41ad60d05ccc4351";
|
||||||
|
hash = "sha256-5nFpEO/54MO6Esvkcqcyw2TI37ham70LkHtOXrYXfbY=";
|
||||||
|
};
|
||||||
|
# inputs.ranger_udisk_menu;
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
|
|
@ -46,7 +46,7 @@ in
|
||||||
gnupg
|
gnupg
|
||||||
libsecret
|
libsecret
|
||||||
vulnix
|
vulnix
|
||||||
agenix
|
# agenix
|
||||||
|
|
||||||
yubikey-manager
|
yubikey-manager
|
||||||
yubico-pam
|
yubico-pam
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
imports = [
|
imports = [
|
||||||
./overlays
|
./overlays
|
||||||
./common
|
./common
|
||||||
./fake_flake.nix
|
# ./fake_flake.nix
|
||||||
./users.nix
|
./users.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -15,6 +15,9 @@
|
||||||
|
|
||||||
services.logrotate.checkConfig = false; # fixme: actually needed?
|
services.logrotate.checkConfig = false; # fixme: actually needed?
|
||||||
|
|
||||||
|
nix.package = pkgs.lix;
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
grimmShared = {
|
grimmShared = {
|
||||||
enable = true;
|
enable = true;
|
||||||
locale = true;
|
locale = true;
|
||||||
|
|
148
fake_flake.nix
148
fake_flake.nix
|
@ -1,148 +0,0 @@
|
||||||
{
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
config,
|
|
||||||
system,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
let
|
|
||||||
nivSources = import ./nix/sources.nix;
|
|
||||||
asGithubRef = src: "github:${src.owner}/${src.repo}/${src.rev}";
|
|
||||||
|
|
||||||
build_target =
|
|
||||||
let
|
|
||||||
env_host = builtins.getEnv "NIXOS_TARGET_HOST";
|
|
||||||
in
|
|
||||||
if env_host != "" then
|
|
||||||
env_host
|
|
||||||
else
|
|
||||||
builtins.replaceStrings [ "\n" ] [ "" ] (lib.toLower (builtins.readFile /proc/sys/kernel/hostname));
|
|
||||||
|
|
||||||
host_modules = {
|
|
||||||
grimmauld-nixos = [ ./specific/grimm-nixos-laptop/configuration.nix ];
|
|
||||||
grimm-nixos-ssd = [ ./specific/grimm-nixos-ssd/configuration.nix ];
|
|
||||||
|
|
||||||
grimmauld-nixos-server = [
|
|
||||||
./specific/grimmauld-nixos-server/configuration.nix
|
|
||||||
./modules
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
nixpkgs_patches = [
|
|
||||||
#{
|
|
||||||
# # xonsh update
|
|
||||||
# url = "https://patch-diff.githubusercontent.com/raw/NixOS/nixpkgs/pull/305316.patch";
|
|
||||||
# hash = "sha256-W3jh6qRA/7V1fImLm3vRmaT6h6gL5rlNBUuIidZHaZc=";
|
|
||||||
#}
|
|
||||||
];
|
|
||||||
|
|
||||||
in
|
|
||||||
# enable ccache for lix if ccache is enabled
|
|
||||||
# enable_lix_ccache = true;
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
"${nivSources.agenix}/modules/age.nix"
|
|
||||||
"${nivSources.nixos-mailserver}/default.nix"
|
|
||||||
"${nivSources.nixos-matrix-modules}/module.nix"
|
|
||||||
|
|
||||||
(builtins.getFlake (asGithubRef nivSources.aagl-gtk-on-nix)).nixosModules.default
|
|
||||||
|
|
||||||
# fixme: ideally we'd not rely on the flake syntax to load the module
|
|
||||||
(builtins.getFlake (asGithubRef nivSources.chaotic)).nixosModules.default
|
|
||||||
# (builtins.getFlake (asGithubRef nivSources.nixos-matrix-modules)).nixosModules.default
|
|
||||||
# (builtins.getFlake "git+${nivSources.nixos-mailserver.repo}").nixosModules.default
|
|
||||||
] ++ lib.optionals (builtins.hasAttr build_target host_modules) host_modules.${build_target};
|
|
||||||
|
|
||||||
system.nixos = {
|
|
||||||
distroId = "lixos";
|
|
||||||
distroName = "LixOS";
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.sessionVariables =
|
|
||||||
let
|
|
||||||
inherit (config.system.nixos) distroName version codeName;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
distro = "${distroName} ${version} (${codeName}) ${system}";
|
|
||||||
};
|
|
||||||
|
|
||||||
documentation.doc.enable = false;
|
|
||||||
|
|
||||||
# nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
|
|
||||||
# programs.ccache.enable = true;
|
|
||||||
|
|
||||||
environment.systemPackages =
|
|
||||||
let
|
|
||||||
inherit (lib)
|
|
||||||
getExe
|
|
||||||
attrNames
|
|
||||||
optionalString
|
|
||||||
elem
|
|
||||||
concatLines
|
|
||||||
;
|
|
||||||
inherit (pkgs) writeShellScriptBin nix-output-monitor;
|
|
||||||
in
|
|
||||||
[
|
|
||||||
(writeShellScriptBin "nixos-build-all" (
|
|
||||||
concatLines (
|
|
||||||
map (
|
|
||||||
n:
|
|
||||||
"NIXOS_TARGET_HOST=${n} nixos-rebuild build --show-trace --upgrade"
|
|
||||||
+ optionalString (elem nix-output-monitor config.environment.systemPackages) " |& ${getExe nix-output-monitor}"
|
|
||||||
) (attrNames host_modules)
|
|
||||||
)
|
|
||||||
))
|
|
||||||
];
|
|
||||||
|
|
||||||
nixpkgs =
|
|
||||||
let
|
|
||||||
src = nivSources.nixpkgs;
|
|
||||||
unpatched = import src { inherit config system; };
|
|
||||||
inherit (unpatched) applyPatches fetchpatch;
|
|
||||||
|
|
||||||
config = {
|
|
||||||
allowUnfree = true;
|
|
||||||
permittedInsecurePackages = [
|
|
||||||
"olm-3.2.16"
|
|
||||||
"jitsi-meet-1.0.8043"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
in
|
|
||||||
{
|
|
||||||
hostPlatform = system;
|
|
||||||
pkgs =
|
|
||||||
if (nixpkgs_patches != [ ]) then
|
|
||||||
(import (applyPatches {
|
|
||||||
name = "nixpkgs-patched";
|
|
||||||
inherit src;
|
|
||||||
patches = map fetchpatch nixpkgs_patches;
|
|
||||||
}) { inherit config; })
|
|
||||||
else
|
|
||||||
unpatched;
|
|
||||||
|
|
||||||
overlays = [
|
|
||||||
# (import "${nivSources.lix-module}/overlay.nix" { lix = nivSources.lix-pkg; })
|
|
||||||
(final: prev: { agenix = final.callPackage "${nivSources.agenix}/pkgs/agenix.nix" { }; })
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
_module.args = {
|
|
||||||
system = "x86_64-linux";
|
|
||||||
inputs = nivSources;
|
|
||||||
};
|
|
||||||
|
|
||||||
nix.package = pkgs.lix;
|
|
||||||
|
|
||||||
nix.settings.extra-substituters = [
|
|
||||||
# "https://cache.lix.systems"
|
|
||||||
"https://nyx.chaotic.cx/"
|
|
||||||
"https://ezkea.cachix.org"
|
|
||||||
];
|
|
||||||
|
|
||||||
nix.settings.trusted-public-keys = [
|
|
||||||
# "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
|
|
||||||
"nyx.chaotic.cx-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
|
|
||||||
"chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
|
|
||||||
"ezkea.cachix.org-1:ioBmUbJTZIKsHmWWXPe1FSFbeVe+afhfgqgTSNd34eI="
|
|
||||||
];
|
|
||||||
}
|
|
345
flake.lock
Normal file
345
flake.lock
Normal file
|
@ -0,0 +1,345 @@
|
||||||
|
{
|
||||||
|
"nodes": {
|
||||||
|
"aagl-gtk-on-nix": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-compat": "flake-compat",
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1728524457,
|
||||||
|
"narHash": "sha256-R+GJ3H1PvRUHLm45muY1KEezhfgIl8l7HJ36DySZMu0=",
|
||||||
|
"owner": "ezKEa",
|
||||||
|
"repo": "aagl-gtk-on-nix",
|
||||||
|
"rev": "5611dd61df02e0bc5d62bb3f5388821d8854faff",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "ezKEa",
|
||||||
|
"repo": "aagl-gtk-on-nix",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"agenix": {
|
||||||
|
"inputs": {
|
||||||
|
"darwin": "darwin",
|
||||||
|
"home-manager": "home-manager",
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"systems": "systems"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1723293904,
|
||||||
|
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
|
||||||
|
"owner": "ryantm",
|
||||||
|
"repo": "agenix",
|
||||||
|
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "ryantm",
|
||||||
|
"repo": "agenix",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"blobs": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1604995301,
|
||||||
|
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
|
||||||
|
"owner": "simple-nixos-mailserver",
|
||||||
|
"repo": "blobs",
|
||||||
|
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
|
||||||
|
"type": "gitlab"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "simple-nixos-mailserver",
|
||||||
|
"repo": "blobs",
|
||||||
|
"type": "gitlab"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"chaotic": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-schemas": "flake-schemas",
|
||||||
|
"home-manager": "home-manager_2",
|
||||||
|
"jovian": "jovian",
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1729599319,
|
||||||
|
"narHash": "sha256-e/4JPcIRte5zkwqmGFrFo3763e0iHURX6N0apz4jbI0=",
|
||||||
|
"owner": "chaotic-cx",
|
||||||
|
"repo": "nyx",
|
||||||
|
"rev": "1b86b304c8eb1437d9337a760e7f930826fc4d6d",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "chaotic-cx",
|
||||||
|
"ref": "nyxpkgs-unstable",
|
||||||
|
"repo": "nyx",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"darwin": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"agenix",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1700795494,
|
||||||
|
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
|
||||||
|
"owner": "lnl7",
|
||||||
|
"repo": "nix-darwin",
|
||||||
|
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "lnl7",
|
||||||
|
"ref": "master",
|
||||||
|
"repo": "nix-darwin",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-compat": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1696426674,
|
||||||
|
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-compat_2": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1696426674,
|
||||||
|
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-schemas": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1721999734,
|
||||||
|
"narHash": "sha256-G5CxYeJVm4lcEtaO87LKzOsVnWeTcHGKbKxNamNWgOw=",
|
||||||
|
"rev": "0a5c42297d870156d9c57d8f99e476b738dcd982",
|
||||||
|
"revCount": 75,
|
||||||
|
"type": "tarball",
|
||||||
|
"url": "https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.1.5/0190ef2f-61e0-794b-ba14-e82f225e55e6/source.tar.gz"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"type": "tarball",
|
||||||
|
"url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%3D0.1.5.tar.gz"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"home-manager": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"agenix",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1703113217,
|
||||||
|
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "home-manager",
|
||||||
|
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "home-manager",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"home-manager_2": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"chaotic",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1729414726,
|
||||||
|
"narHash": "sha256-Dtmm1OU8Ymiy9hVWn/a2B8DhRYo9Eoyx9veERdOBR4o=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "home-manager",
|
||||||
|
"rev": "fe56302339bb28e3471632379d733547caec8103",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "home-manager",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"jovian": {
|
||||||
|
"inputs": {
|
||||||
|
"nix-github-actions": "nix-github-actions",
|
||||||
|
"nixpkgs": [
|
||||||
|
"chaotic",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1729177642,
|
||||||
|
"narHash": "sha256-DdKal+ZhB9QD/tnEwFg4cZ4j4YnrkvSljBxnyG+3eE0=",
|
||||||
|
"owner": "Jovian-Experiments",
|
||||||
|
"repo": "Jovian-NixOS",
|
||||||
|
"rev": "bb69165ff372ddbd3228a03513922acd783040e8",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "Jovian-Experiments",
|
||||||
|
"repo": "Jovian-NixOS",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nix-github-actions": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"chaotic",
|
||||||
|
"jovian",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1690328911,
|
||||||
|
"narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=",
|
||||||
|
"owner": "zhaofengli",
|
||||||
|
"repo": "nix-github-actions",
|
||||||
|
"rev": "96df4a39c52f53cb7098b923224d8ce941b64747",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "zhaofengli",
|
||||||
|
"ref": "matrix-name",
|
||||||
|
"repo": "nix-github-actions",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixos-mailserver": {
|
||||||
|
"inputs": {
|
||||||
|
"blobs": "blobs",
|
||||||
|
"flake-compat": "flake-compat_2",
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"nixpkgs-24_05": "nixpkgs-24_05"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1722877200,
|
||||||
|
"narHash": "sha256-qgKDNJXs+od+1UbRy62uk7dYal3h98I4WojfIqMoGcg=",
|
||||||
|
"owner": "simple-nixos-mailserver",
|
||||||
|
"repo": "nixos-mailserver",
|
||||||
|
"rev": "af7d3bf5daeba3fc28089b015c0dd43f06b176f2",
|
||||||
|
"type": "gitlab"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "simple-nixos-mailserver",
|
||||||
|
"ref": "master",
|
||||||
|
"repo": "nixos-mailserver",
|
||||||
|
"type": "gitlab"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixos-matrix-modules": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1727410897,
|
||||||
|
"narHash": "sha256-tWsyxvf421ieWUJYgjV7m1eTdr2ZkO3vId7vmtvfFpQ=",
|
||||||
|
"owner": "dali99",
|
||||||
|
"repo": "nixos-matrix-modules",
|
||||||
|
"rev": "ff787d410cba17882cd7b6e2e22cc88d4064193c",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "dali99",
|
||||||
|
"repo": "nixos-matrix-modules",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1729413321,
|
||||||
|
"narHash": "sha256-I4tuhRpZFa6Fu6dcH9Dlo5LlH17peT79vx1y1SpeKt0=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "1997e4aa514312c1af7e2bda7fad1644e778ff26",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs-24_05": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1717144377,
|
||||||
|
"narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "805a384895c696f802a9bf5bf4720f37385df547",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"id": "nixpkgs",
|
||||||
|
"ref": "nixos-24.05",
|
||||||
|
"type": "indirect"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": {
|
||||||
|
"inputs": {
|
||||||
|
"aagl-gtk-on-nix": "aagl-gtk-on-nix",
|
||||||
|
"agenix": "agenix",
|
||||||
|
"chaotic": "chaotic",
|
||||||
|
"nixos-mailserver": "nixos-mailserver",
|
||||||
|
"nixos-matrix-modules": "nixos-matrix-modules",
|
||||||
|
"nixpkgs": "nixpkgs"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"systems": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681028828,
|
||||||
|
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": "root",
|
||||||
|
"version": 7
|
||||||
|
}
|
90
flake.nix
Normal file
90
flake.nix
Normal file
|
@ -0,0 +1,90 @@
|
||||||
|
{
|
||||||
|
description = "grimmauld-nixos";
|
||||||
|
|
||||||
|
inputs = {
|
||||||
|
nixpkgs = {
|
||||||
|
url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||||
|
# url = "git+file:///home/grimmauld/coding/nixpkgs";
|
||||||
|
};
|
||||||
|
chaotic = {
|
||||||
|
url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
agenix = {
|
||||||
|
url = "github:ryantm/agenix";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
nixos-mailserver = {
|
||||||
|
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
nixos-matrix-modules = {
|
||||||
|
url = "github:dali99/nixos-matrix-modules";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
# ranger_udisk_menu.url = "git+https://git.grimmauld.de/Grimmauld/ranger_udisk_menu";
|
||||||
|
# glibc-eac.url = "github:Frogging-Family/glibc-eac";
|
||||||
|
aagl-gtk-on-nix = {
|
||||||
|
url = "github:ezKEa/aagl-gtk-on-nix";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
outputs = inputs @ { self, agenix, nixpkgs, chaotic, aagl-gtk-on-nix, nixos-mailserver, nixos-matrix-modules, ... }:
|
||||||
|
let
|
||||||
|
patches = [
|
||||||
|
./aa_mod.patch
|
||||||
|
];
|
||||||
|
|
||||||
|
customNixosSystem = system: definitions:
|
||||||
|
let
|
||||||
|
unpatched = nixpkgs.legacyPackages.${system};
|
||||||
|
patched = unpatched.applyPatches {
|
||||||
|
name = "nixpkgs-patched";
|
||||||
|
src = inputs.nixpkgs;
|
||||||
|
patches = map (p: if (builtins.isPath p) then p else (unpatched.fetchpatch p)) patches;
|
||||||
|
};
|
||||||
|
nixosSystem = import (patched + "/nixos/lib/eval-config.nix");
|
||||||
|
in
|
||||||
|
nixosSystem ({
|
||||||
|
inherit system;
|
||||||
|
specialArgs = { inherit inputs system; };
|
||||||
|
} // definitions);
|
||||||
|
in
|
||||||
|
{
|
||||||
|
nixosConfigurations = {
|
||||||
|
grimmauld-nixos = customNixosSystem "x86_64-linux" {
|
||||||
|
modules = [
|
||||||
|
agenix.nixosModules.default
|
||||||
|
chaotic.nixosModules.default
|
||||||
|
aagl-gtk-on-nix.nixosModules.default
|
||||||
|
./configuration.nix
|
||||||
|
|
||||||
|
./specific/grimm-nixos-laptop/configuration.nix
|
||||||
|
];
|
||||||
|
};
|
||||||
|
grimm-nixos-ssd = customNixosSystem "x86_64-linux" {
|
||||||
|
modules = [
|
||||||
|
agenix.nixosModules.default
|
||||||
|
chaotic.nixosModules.default
|
||||||
|
aagl-gtk-on-nix.nixosModules.default
|
||||||
|
./configuration.nix
|
||||||
|
|
||||||
|
./specific/grimm-nixos-ssd/configuration.nix
|
||||||
|
];
|
||||||
|
};
|
||||||
|
grimmauld-nixos-server = customNixosSystem "x86_64-linux" {
|
||||||
|
modules = [
|
||||||
|
agenix.nixosModules.default
|
||||||
|
nixos-matrix-modules.nixosModules.default
|
||||||
|
nixos-mailserver.nixosModules.default
|
||||||
|
|
||||||
|
./configuration.nix
|
||||||
|
|
||||||
|
./specific/grimmauld-nixos-server/configuration.nix
|
||||||
|
./modules
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
110
nix/sources.json
110
nix/sources.json
|
@ -1,110 +0,0 @@
|
||||||
{
|
|
||||||
"aagl-gtk-on-nix": {
|
|
||||||
"branch": "main",
|
|
||||||
"description": "Run an-anime-game-launcher GTK version on Nix/NixOS!",
|
|
||||||
"homepage": null,
|
|
||||||
"owner": "ezKEa",
|
|
||||||
"repo": "aagl-gtk-on-nix",
|
|
||||||
"rev": "5611dd61df02e0bc5d62bb3f5388821d8854faff",
|
|
||||||
"sha256": "1v9jk4j0zylx3ixwk5q8z22v6ir86pk9lfbf5q3ibgaggpf8kqa7",
|
|
||||||
"type": "tarball",
|
|
||||||
"url": "https://github.com/ezKEa/aagl-gtk-on-nix/archive/5611dd61df02e0bc5d62bb3f5388821d8854faff.tar.gz",
|
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
|
||||||
},
|
|
||||||
"agenix": {
|
|
||||||
"branch": "main",
|
|
||||||
"description": "age-encrypted secrets for NixOS and Home manager",
|
|
||||||
"homepage": "https://matrix.to/#/#agenix:nixos.org",
|
|
||||||
"owner": "ryantm",
|
|
||||||
"repo": "agenix",
|
|
||||||
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
|
|
||||||
"sha256": "1x8nd8hvsq6mvzig122vprwigsr3z2skanig65haqswn7z7amsvg",
|
|
||||||
"type": "tarball",
|
|
||||||
"url": "https://github.com/ryantm/agenix/archive/f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41.tar.gz",
|
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
|
||||||
},
|
|
||||||
"authentik-nix": {
|
|
||||||
"branch": "main",
|
|
||||||
"description": "Nix flake with package, NixOS module and basic VM test for authentik. Trying to provide an alternative deployment mode to the officially supported docker-compose approach. Not affiliated with or officially supported by the authentik project [maintainer=@willibutz]",
|
|
||||||
"homepage": "",
|
|
||||||
"owner": "nix-community",
|
|
||||||
"repo": "authentik-nix",
|
|
||||||
"rev": "31128721a9f879777870adb88ebc6166112ff172",
|
|
||||||
"sha256": "19ba00nl39lmdi58y70l9l0llviqjsv1ligh2ihzsrzb795z0dw7",
|
|
||||||
"type": "tarball",
|
|
||||||
"url": "https://github.com/nix-community/authentik-nix/archive/31128721a9f879777870adb88ebc6166112ff172.tar.gz",
|
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
|
||||||
},
|
|
||||||
"chaotic": {
|
|
||||||
"branch": "main",
|
|
||||||
"description": "Nix flake for \"too much bleeding-edge\" and unreleased packages (e.g., mesa_git, linux_cachyos, firefox_nightly, sway_git, gamescope_git). And experimental modules (e.g., HDR, duckdns).",
|
|
||||||
"homepage": "https://nyx.chaotic.cx",
|
|
||||||
"owner": "chaotic-cx",
|
|
||||||
"repo": "nyx",
|
|
||||||
"rev": "0fff4bd8bce411eddb86756a66e89cecda16e0a4",
|
|
||||||
"sha256": "1iynss5f8dcrhxgy334df70pvaj7a0661whiwajy0s2lfgpw0kjs",
|
|
||||||
"type": "tarball",
|
|
||||||
"url": "https://github.com/chaotic-cx/nyx/archive/0fff4bd8bce411eddb86756a66e89cecda16e0a4.tar.gz",
|
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
|
||||||
},
|
|
||||||
"glibc-eac": {
|
|
||||||
"branch": "main",
|
|
||||||
"description": "Arch glibc with the commit breaking eos-eac reverted - https://github.com/archlinux/svntogit-packages/tree/4da6c3e804e21c39908aa8a3cb597f19e6d764ef/trunk",
|
|
||||||
"homepage": "",
|
|
||||||
"owner": "Frogging-Family",
|
|
||||||
"repo": "glibc-eac",
|
|
||||||
"rev": "de5df722493768cb02e23ce0703429636458befb",
|
|
||||||
"sha256": "1yx3hal1kwj28ij688inaww169rj74iv3l3bwa74r3y4msdfnl80",
|
|
||||||
"type": "tarball",
|
|
||||||
"url": "https://github.com/Frogging-Family/glibc-eac/archive/de5df722493768cb02e23ce0703429636458befb.tar.gz",
|
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
|
||||||
},
|
|
||||||
"lix-module": {
|
|
||||||
"branch": "main",
|
|
||||||
"repo": "https://git.lix.systems/lix-project/nixos-module.git",
|
|
||||||
"rev": "fd186f535a4ac7ae35d98c1dd5d79f0a81b7976d",
|
|
||||||
"type": "git"
|
|
||||||
},
|
|
||||||
"lix-pkg": {
|
|
||||||
"branch": "main",
|
|
||||||
"repo": "https://git.lix.systems/lix-project/lix.git",
|
|
||||||
"rev": "f6077314fa6aff862758095bb55fe844e9162a1d",
|
|
||||||
"type": "git"
|
|
||||||
},
|
|
||||||
"nixos-mailserver": {
|
|
||||||
"branch": "master",
|
|
||||||
"repo": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git",
|
|
||||||
"rev": "af7d3bf5daeba3fc28089b015c0dd43f06b176f2",
|
|
||||||
"type": "git"
|
|
||||||
},
|
|
||||||
"nixos-matrix-modules": {
|
|
||||||
"branch": "master",
|
|
||||||
"description": "NixOS modules for matrix related services",
|
|
||||||
"homepage": null,
|
|
||||||
"owner": "dali99",
|
|
||||||
"repo": "nixos-matrix-modules",
|
|
||||||
"rev": "ff787d410cba17882cd7b6e2e22cc88d4064193c",
|
|
||||||
"sha256": "150nvzdrmvyy47pyv44rpmv96mwvgcsq4n22b6g5inzqyz334sxm",
|
|
||||||
"type": "tarball",
|
|
||||||
"url": "https://github.com/dali99/nixos-matrix-modules/archive/ff787d410cba17882cd7b6e2e22cc88d4064193c.tar.gz",
|
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
|
||||||
},
|
|
||||||
"nixpkgs": {
|
|
||||||
"branch": "nixos-unstable",
|
|
||||||
"description": "Nix Packages collection",
|
|
||||||
"homepage": null,
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c",
|
|
||||||
"sha256": "1wn29537l343lb0id0byk0699fj0k07m1n2d7jx2n0ssax55vhwy",
|
|
||||||
"type": "tarball",
|
|
||||||
"url": "https://github.com/NixOS/nixpkgs/archive/a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c.tar.gz",
|
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
|
||||||
},
|
|
||||||
"ranger_udisk_menu": {
|
|
||||||
"branch": "master",
|
|
||||||
"repo": "https://git.grimmauld.de/Grimmauld/ranger_udisk_menu.git",
|
|
||||||
"rev": "981756147834bb485ebcfa0e41ad60d05ccc4351",
|
|
||||||
"type": "git"
|
|
||||||
}
|
|
||||||
}
|
|
249
nix/sources.nix
249
nix/sources.nix
|
@ -1,249 +0,0 @@
|
||||||
# This file has been generated by Niv.
|
|
||||||
|
|
||||||
let
|
|
||||||
|
|
||||||
#
|
|
||||||
# The fetchers. fetch_<type> fetches specs of type <type>.
|
|
||||||
#
|
|
||||||
|
|
||||||
fetch_file =
|
|
||||||
pkgs: name: spec:
|
|
||||||
let
|
|
||||||
name' = sanitizeName name + "-src";
|
|
||||||
in
|
|
||||||
if spec.builtin or true then
|
|
||||||
builtins_fetchurl {
|
|
||||||
inherit (spec) url sha256;
|
|
||||||
name = name';
|
|
||||||
}
|
|
||||||
else
|
|
||||||
pkgs.fetchurl {
|
|
||||||
inherit (spec) url sha256;
|
|
||||||
name = name';
|
|
||||||
};
|
|
||||||
|
|
||||||
fetch_tarball =
|
|
||||||
pkgs: name: spec:
|
|
||||||
let
|
|
||||||
name' = sanitizeName name + "-src";
|
|
||||||
in
|
|
||||||
if spec.builtin or true then
|
|
||||||
builtins_fetchTarball {
|
|
||||||
name = name';
|
|
||||||
inherit (spec) url sha256;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
pkgs.fetchzip {
|
|
||||||
name = name';
|
|
||||||
inherit (spec) url sha256;
|
|
||||||
};
|
|
||||||
|
|
||||||
fetch_git =
|
|
||||||
name: spec:
|
|
||||||
let
|
|
||||||
ref =
|
|
||||||
spec.ref or (
|
|
||||||
if spec ? branch then
|
|
||||||
"refs/heads/${spec.branch}"
|
|
||||||
else if spec ? tag then
|
|
||||||
"refs/tags/${spec.tag}"
|
|
||||||
else
|
|
||||||
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!"
|
|
||||||
);
|
|
||||||
submodules = spec.submodules or false;
|
|
||||||
submoduleArg =
|
|
||||||
let
|
|
||||||
nixSupportsSubmodules = builtins.compareVersions builtins.nixVersion "2.4" >= 0;
|
|
||||||
emptyArgWithWarning =
|
|
||||||
if submodules then
|
|
||||||
builtins.trace (
|
|
||||||
"The niv input \"${name}\" uses submodules "
|
|
||||||
+ "but your nix's (${builtins.nixVersion}) builtins.fetchGit "
|
|
||||||
+ "does not support them"
|
|
||||||
) { }
|
|
||||||
else
|
|
||||||
{ };
|
|
||||||
in
|
|
||||||
if nixSupportsSubmodules then { inherit submodules; } else emptyArgWithWarning;
|
|
||||||
in
|
|
||||||
builtins.fetchGit (
|
|
||||||
{
|
|
||||||
url = spec.repo;
|
|
||||||
inherit (spec) rev;
|
|
||||||
inherit ref;
|
|
||||||
}
|
|
||||||
// submoduleArg
|
|
||||||
);
|
|
||||||
|
|
||||||
fetch_local = spec: spec.path;
|
|
||||||
|
|
||||||
fetch_builtin-tarball =
|
|
||||||
name:
|
|
||||||
throw ''
|
|
||||||
[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`.
|
|
||||||
$ niv modify ${name} -a type=tarball -a builtin=true'';
|
|
||||||
|
|
||||||
fetch_builtin-url =
|
|
||||||
name:
|
|
||||||
throw ''
|
|
||||||
[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`.
|
|
||||||
$ niv modify ${name} -a type=file -a builtin=true'';
|
|
||||||
|
|
||||||
#
|
|
||||||
# Various helpers
|
|
||||||
#
|
|
||||||
|
|
||||||
# https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695
|
|
||||||
sanitizeName =
|
|
||||||
name:
|
|
||||||
(concatMapStrings (s: if builtins.isList s then "-" else s) (
|
|
||||||
builtins.split "[^[:alnum:]+._?=-]+" ((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)
|
|
||||||
));
|
|
||||||
|
|
||||||
# The set of packages used when specs are fetched using non-builtins.
|
|
||||||
mkPkgs =
|
|
||||||
sources: system:
|
|
||||||
let
|
|
||||||
sourcesNixpkgs = import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) {
|
|
||||||
inherit system;
|
|
||||||
};
|
|
||||||
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
|
|
||||||
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
|
|
||||||
in
|
|
||||||
if builtins.hasAttr "nixpkgs" sources then
|
|
||||||
sourcesNixpkgs
|
|
||||||
else if hasNixpkgsPath && !hasThisAsNixpkgsPath then
|
|
||||||
import <nixpkgs> { }
|
|
||||||
else
|
|
||||||
abort ''
|
|
||||||
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
|
|
||||||
add a package called "nixpkgs" to your sources.json.
|
|
||||||
'';
|
|
||||||
|
|
||||||
# The actual fetching function.
|
|
||||||
fetch =
|
|
||||||
pkgs: name: spec:
|
|
||||||
|
|
||||||
if !builtins.hasAttr "type" spec then
|
|
||||||
abort "ERROR: niv spec ${name} does not have a 'type' attribute"
|
|
||||||
else if spec.type == "file" then
|
|
||||||
fetch_file pkgs name spec
|
|
||||||
else if spec.type == "tarball" then
|
|
||||||
fetch_tarball pkgs name spec
|
|
||||||
else if spec.type == "git" then
|
|
||||||
fetch_git name spec
|
|
||||||
else if spec.type == "local" then
|
|
||||||
fetch_local spec
|
|
||||||
else if spec.type == "builtin-tarball" then
|
|
||||||
fetch_builtin-tarball name
|
|
||||||
else if spec.type == "builtin-url" then
|
|
||||||
fetch_builtin-url name
|
|
||||||
else
|
|
||||||
abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
|
|
||||||
|
|
||||||
# If the environment variable NIV_OVERRIDE_${name} is set, then use
|
|
||||||
# the path directly as opposed to the fetched source.
|
|
||||||
replace =
|
|
||||||
name: drv:
|
|
||||||
let
|
|
||||||
saneName = stringAsChars (c: if (builtins.match "[a-zA-Z0-9]" c) == null then "_" else c) name;
|
|
||||||
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
|
|
||||||
in
|
|
||||||
if ersatz == "" then
|
|
||||||
drv
|
|
||||||
else
|
|
||||||
# this turns the string into an actual Nix path (for both absolute and
|
|
||||||
# relative paths)
|
|
||||||
if builtins.substring 0 1 ersatz == "/" then
|
|
||||||
/. + ersatz
|
|
||||||
else
|
|
||||||
/. + builtins.getEnv "PWD" + "/${ersatz}";
|
|
||||||
|
|
||||||
# Ports of functions for older nix versions
|
|
||||||
|
|
||||||
# a Nix version of mapAttrs if the built-in doesn't exist
|
|
||||||
mapAttrs =
|
|
||||||
builtins.mapAttrs or (
|
|
||||||
f: set:
|
|
||||||
with builtins;
|
|
||||||
listToAttrs (
|
|
||||||
map (attr: {
|
|
||||||
name = attr;
|
|
||||||
value = f attr set.${attr};
|
|
||||||
}) (attrNames set)
|
|
||||||
)
|
|
||||||
);
|
|
||||||
|
|
||||||
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
|
|
||||||
range =
|
|
||||||
first: last: if first > last then [ ] else builtins.genList (n: first + n) (last - first + 1);
|
|
||||||
|
|
||||||
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
|
|
||||||
stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
|
|
||||||
|
|
||||||
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
|
|
||||||
stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
|
|
||||||
concatMapStrings = f: list: concatStrings (map f list);
|
|
||||||
concatStrings = builtins.concatStringsSep "";
|
|
||||||
|
|
||||||
# https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331
|
|
||||||
optionalAttrs = cond: as: if cond then as else { };
|
|
||||||
|
|
||||||
# fetchTarball version that is compatible between all the versions of Nix
|
|
||||||
builtins_fetchTarball =
|
|
||||||
{
|
|
||||||
url,
|
|
||||||
name ? null,
|
|
||||||
sha256,
|
|
||||||
}@attrs:
|
|
||||||
let
|
|
||||||
inherit (builtins) lessThan nixVersion fetchTarball;
|
|
||||||
in
|
|
||||||
if lessThan nixVersion "1.12" then
|
|
||||||
fetchTarball ({ inherit url; } // (optionalAttrs (name != null) { inherit name; }))
|
|
||||||
else
|
|
||||||
fetchTarball attrs;
|
|
||||||
|
|
||||||
# fetchurl version that is compatible between all the versions of Nix
|
|
||||||
builtins_fetchurl =
|
|
||||||
{
|
|
||||||
url,
|
|
||||||
name ? null,
|
|
||||||
sha256,
|
|
||||||
}@attrs:
|
|
||||||
let
|
|
||||||
inherit (builtins) lessThan nixVersion fetchurl;
|
|
||||||
in
|
|
||||||
if lessThan nixVersion "1.12" then
|
|
||||||
fetchurl ({ inherit url; } // (optionalAttrs (name != null) { inherit name; }))
|
|
||||||
else
|
|
||||||
fetchurl attrs;
|
|
||||||
|
|
||||||
# Create the final "sources" from the config
|
|
||||||
mkSources =
|
|
||||||
config:
|
|
||||||
mapAttrs (
|
|
||||||
name: spec:
|
|
||||||
if builtins.hasAttr "outPath" spec then
|
|
||||||
abort "The values in sources.json should not have an 'outPath' attribute"
|
|
||||||
else
|
|
||||||
spec // { outPath = replace name (fetch config.pkgs name spec); }
|
|
||||||
) config.sources;
|
|
||||||
|
|
||||||
# The "config" used by the fetchers
|
|
||||||
mkConfig =
|
|
||||||
{
|
|
||||||
sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null,
|
|
||||||
sources ? if sourcesFile == null then { } else builtins.fromJSON (builtins.readFile sourcesFile),
|
|
||||||
system ? builtins.currentSystem,
|
|
||||||
pkgs ? mkPkgs sources system,
|
|
||||||
}:
|
|
||||||
rec {
|
|
||||||
# The sources, i.e. the attribute set of spec name to spec
|
|
||||||
inherit sources;
|
|
||||||
|
|
||||||
# The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
|
|
||||||
inherit pkgs;
|
|
||||||
};
|
|
||||||
in
|
|
||||||
mkSources (mkConfig { }) // { __functor = _: settings: mkSources (mkConfig settings); }
|
|
|
@ -35,7 +35,6 @@
|
||||||
./searchclip.nix
|
./searchclip.nix
|
||||||
./confwhich.nix
|
./confwhich.nix
|
||||||
./rfindup.nix
|
./rfindup.nix
|
||||||
./glibc-eac.nix
|
|
||||||
./factorio.nix
|
./factorio.nix
|
||||||
./ranger.nix
|
./ranger.nix
|
||||||
./ncspot.nix
|
./ncspot.nix
|
||||||
|
|
|
@ -1,17 +0,0 @@
|
||||||
{ prev, inputs, ... }:
|
|
||||||
let
|
|
||||||
glibc_patches = [ "rogue_company_reverts.patch" ];
|
|
||||||
in
|
|
||||||
{
|
|
||||||
glibc-eac = prev.glibc.overrideAttrs (old: {
|
|
||||||
patches =
|
|
||||||
(
|
|
||||||
let
|
|
||||||
oldPatches = old.patches or [ ];
|
|
||||||
in
|
|
||||||
if oldPatches == null then [ ] else oldPatches
|
|
||||||
)
|
|
||||||
++ (map (p: "${inputs.glibc-eac}/${p}") glibc_patches);
|
|
||||||
doCheck = false;
|
|
||||||
});
|
|
||||||
}
|
|
|
@ -40,8 +40,8 @@
|
||||||
[
|
[
|
||||||
vesktop
|
vesktop
|
||||||
obs-studio
|
obs-studio
|
||||||
element-desktop
|
# element-desktop
|
||||||
ghidra
|
# ghidra
|
||||||
rmview
|
rmview
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
|
|
Loading…
Reference in a new issue