diff --git a/common/firefox.nix b/common/firefox.nix index dcf0a0f..1df454a 100644 --- a/common/firefox.nix +++ b/common/firefox.nix @@ -1,4 +1,4 @@ -{ inputs, pkgs, config, lib, ... }: +{ pkgs, config, lib, ... }: let cfg = config.grimmShared; in diff --git a/common/sound/default.nix b/common/sound/default.nix index f187894..665c120 100644 --- a/common/sound/default.nix +++ b/common/sound/default.nix @@ -1,4 +1,4 @@ -{ grimm-shared-inputs, pkgs, config, lib, ... }: +{ pkgs, config, lib, ... }: let cfg = config.grimmShared; in diff --git a/common/sound/pipewireLowLatency.nix b/common/sound/pipewireLowLatency.nix index 23a3ce7..4285b96 100644 --- a/common/sound/pipewireLowLatency.nix +++ b/common/sound/pipewireLowLatency.nix @@ -1,10 +1,10 @@ # source: https://github.com/fufexan/nix-gaming/raw/master/modules/pipewireLowLatency.nix -{ - config, - pkgs, - lib, - ... -}: let +{ config +, pkgs +, lib +, ... +}: +let inherit (lib.modules) mkIf; inherit (lib.options) mkOption mkEnableOption; inherit (lib.types) int; @@ -12,10 +12,11 @@ cfg = config.services.pipewire.lowLatency; qr = "${toString cfg.quantum}/${toString cfg.rate}"; -in { +in +{ # low-latency PipeWire configuration # extends the nixpkgs module - meta.maintainers = with lib.maintainers; [fufexan]; + meta.maintainers = with lib.maintainers; [ fufexan ]; options = { services.pipewire.lowLatency = { @@ -54,7 +55,7 @@ in { modules = [ { name = "libpipewire-module-rtkit"; - flags = ["ifexists" "nofail"]; + flags = [ "ifexists" "nofail" ]; args = { nice.level = -15; rt = { @@ -67,7 +68,7 @@ in { { name = "libpipewire-module-protocol-pulse"; args = { - server.address = ["unix:native"]; + server.address = [ "unix:native" ]; pulse.min = { req = qr; quantum = qr; @@ -89,30 +90,33 @@ in { # and write extra config to ship low latency rules for alsa wireplumber = { enable = true; - configPackages = let - # generate "matches" section of the rules - matches = toLua { - multiline = false; # looks better while inline - indent = false; - } [[["node.name" "matches" "alsa_output.*"]]]; # nested lists are to produce `{{{ }}}` in the output - - # generate "apply_properties" section of the rules - apply_properties = toLua {} { - "audio.format" = "S32LE"; - "audio.rate" = cfg.rate * 2; - "api.alsa.period-size" = 2; - }; - in [ - (pkgs.writeTextDir "share/lowlatency.lua.d/99-alsa-lowlatency.lua" '' - -- Generated by nix-gaming - alsa_monitor.rules = { + configPackages = + let + # generate "matches" section of the rules + matches = toLua { - matches = ${matches}; - apply_properties = ${apply_properties}; + multiline = false; # looks better while inline + indent = false; + } [ [ [ "node.name" "matches" "alsa_output.*" ] ] ]; # nested lists are to produce `{{{ }}}` in the output + + # generate "apply_properties" section of the rules + apply_properties = toLua { } { + "audio.format" = "S32LE"; + "audio.rate" = cfg.rate * 2; + "api.alsa.period-size" = 2; + }; + in + [ + (pkgs.writeTextDir "share/lowlatency.lua.d/99-alsa-lowlatency.lua" '' + -- Generated by nix-gaming + alsa_monitor.rules = { + { + matches = ${matches}; + apply_properties = ${apply_properties}; + } } - } - '') - ]; + '') + ]; }; }; }; diff --git a/common/tooling/nix.nix b/common/tooling/nix.nix index 03edfb9..5cbd388 100644 --- a/common/tooling/nix.nix +++ b/common/tooling/nix.nix @@ -16,6 +16,7 @@ in nixpkgs-hammering nix-output-monitor nix-search-cli + niv ]; environment.sessionVariables = { @@ -36,7 +37,7 @@ in dates = "weekly"; options = "--delete-older-than 30d"; }; - nix.package = pkgs.nixVersions.latest; + # nix.package = pkgs.nixVersions.latest; nix.optimise.automatic = true; nixpkgs.hostPlatform = system; diff --git a/common/tooling/security.nix b/common/tooling/security.nix index 4613165..493d953 100644 --- a/common/tooling/security.nix +++ b/common/tooling/security.nix @@ -1,4 +1,4 @@ -{ pkgs, config, lib, inputs, system, ... }: +{ pkgs, config, lib, ... }: let cfg = config.grimmShared; in @@ -22,7 +22,7 @@ in libsecret vulnix doas-sudo-shim # muscle memory - inputs.agenix.packages.${system}.default + agenix ] ++ lib.optionals (tooling.enable && tooling.pass) [ pass (writeShellScriptBin "passw" "pass $@") diff --git a/configuration.nix b/configuration.nix index 6602aa5..8081c5c 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,7 +1,14 @@ -{ system, config, pkgs, ... }: +{ config, pkgs, ... }: { imports = [ + ./overlays + ./common + ./fake_flake.nix + ./specific/grimm-nixos-laptop/configuration.nix + ./modules/users.nix + ./modules/system-packages.nix + ./modules/kvm.nix ./sway ]; diff --git a/fake_flake.nix b/fake_flake.nix new file mode 100644 index 0000000..4ea0a4f --- /dev/null +++ b/fake_flake.nix @@ -0,0 +1,29 @@ +{ pkgs, lib, ... }: +let + nivSources = import ./nix/sources.nix; + asGithubRef = src: "github:${src.owner}/${src.repo}/${src.rev}"; +in +{ + imports = [ + "${nivSources.agenix}/modules/age.nix" + (import "${nivSources.lix-module}/module.nix" { lix = nivSources.lix-pkg; }) + (builtins.getFlake (asGithubRef nivSources.chaotic)).nixosModules.default # fixme: ideally we'd not rely on the flake syntax to load the module + ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + + nixpkgs.overlays = lib.singleton (final: prev: { + agenix = final.callPackage "${nivSources.agenix}/pkgs/agenix.nix" { }; + }); + + nix.settings.extra-substituters = [ + "https://cache.lix.systems" + "https://nyx.chaotic.cx/" + ]; + + nix.settings.trusted-public-keys = [ + "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + "nyx.chaotic.cx-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" + "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" + ]; +} diff --git a/flake.lock b/flake.lock index 6f57ed2..1773035 100644 --- a/flake.lock +++ b/flake.lock @@ -1,28 +1,5 @@ { "nodes": { - "agenix": { - "inputs": { - "darwin": "darwin", - "home-manager": "home-manager", - "nixpkgs": [ - "nixpkgs" - ], - "systems": "systems" - }, - "locked": { - "lastModified": 1714136352, - "narHash": "sha256-BtWQ2Th/jamO1SlD+2ASSW5Jaf7JhA/JLpQHk0Goqpg=", - "owner": "ryantm", - "repo": "agenix", - "rev": "24a7ea390564ccd5b39b7884f597cfc8d7f6f44e", - "type": "github" - }, - "original": { - "owner": "ryantm", - "repo": "agenix", - "type": "github" - } - }, "attic": { "inputs": { "crane": [ @@ -66,7 +43,7 @@ "flake-compat": "flake-compat", "flake-schemas": "flake-schemas", "flake-utils": "flake-utils", - "home-manager": "home-manager_2", + "home-manager": "home-manager", "jovian": "jovian", "jujutsu": "jujutsu", "niri": "niri", @@ -74,7 +51,7 @@ "nixpkgs": [ "nixpkgs" ], - "systems": "systems_2", + "systems": "systems", "yafas": "yafas" }, "locked": { @@ -190,28 +167,6 @@ "url": "https://flakehub.com/f/ipetkov/crane/%3D0.16.1.tar.gz" } }, - "darwin": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1700795494, - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", - "owner": "lnl7", - "repo": "nix-darwin", - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", - "type": "github" - }, - "original": { - "owner": "lnl7", - "ref": "master", - "repo": "nix-darwin", - "type": "github" - } - }, "fenix": { "inputs": { "nixpkgs": [ @@ -283,27 +238,6 @@ } }, "home-manager": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703113217, - "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { "inputs": { "nixpkgs": [ "chaotic", @@ -479,22 +413,6 @@ "type": "github" } }, - "nixpkgs-stable_2": { - "locked": { - "lastModified": 1714782413, - "narHash": "sha256-tbg0MEuKaPcUrnmGCu4xiY5F+7LW2+ECPKVAJd2HLwM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "651b4702e27a388f0f18e1b970534162dec09aff", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, "rocksdb": { "flake": false, "locked": { @@ -514,10 +432,8 @@ }, "root": { "inputs": { - "agenix": "agenix", "chaotic": "chaotic", - "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable_2" + "nixpkgs": "nixpkgs" } }, "rust-analyzer-src": { @@ -565,21 +481,6 @@ } }, "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_2": { "locked": { "lastModified": 1689347949, "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", diff --git a/flake.nix b/flake.nix index 11aa6bc..bd8183e 100644 --- a/flake.nix +++ b/flake.nix @@ -10,13 +10,9 @@ url = "github:chaotic-cx/nyx/nyxpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs"; }; - agenix = { - url = "github:ryantm/agenix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; }; - outputs = inputs @ { self, agenix, nixpkgs, chaotic, ... }: + outputs = inputs @ { self, nixpkgs, chaotic, ... }: let patches = [ { @@ -45,15 +41,8 @@ nixosConfigurations = { grimmauld-nixos = customNixosSystem "x86_64-linux" { modules = [ - agenix.nixosModules.default - chaotic.nixosModules.default - ./overlays - ./common - ./specific/grimm-nixos-laptop/configuration.nix + # chaotic.nixosModules.default ./configuration.nix - ./modules/users.nix - ./modules/system-packages.nix - ./modules/kvm.nix ]; }; }; diff --git a/nix/sources.json b/nix/sources.json new file mode 100644 index 0000000..caf2470 --- /dev/null +++ b/nix/sources.json @@ -0,0 +1,50 @@ +{ + "agenix": { + "branch": "main", + "description": "age-encrypted secrets for NixOS and Home manager", + "homepage": "https://matrix.to/#/#agenix:nixos.org", + "owner": "ryantm", + "repo": "agenix", + "rev": "24a7ea390564ccd5b39b7884f597cfc8d7f6f44e", + "sha256": "165am10r61wl5v4hz169zrlljvj929hgnhr9sn7ak3bz73cr1m86", + "type": "tarball", + "url": "https://github.com/ryantm/agenix/archive/24a7ea390564ccd5b39b7884f597cfc8d7f6f44e.tar.gz", + "url_template": "https://github.com///archive/.tar.gz" + }, + "chaotic": { + "branch": "main", + "description": "Nix flake for \"too much bleeding-edge\" and unreleased packages (e.g., mesa_git, linux_cachyos, firefox_nightly, sway_git, gamescope_git). And experimental modules (e.g., HDR, duckdns).", + "homepage": "https://nyx.chaotic.cx", + "owner": "chaotic-cx", + "repo": "nyx", + "rev": "b2e432016233fe80948ea8e0eabf0b176ad847f0", + "sha256": "1bdpxc0p18zw50pzfmhijcd0w2865a7i2lbgn146bs7bwyvrpnak", + "type": "tarball", + "url": "https://github.com/chaotic-cx/nyx/archive/b2e432016233fe80948ea8e0eabf0b176ad847f0.tar.gz", + "url_template": "https://github.com///archive/.tar.gz" + }, + "lix-module": { + "branch": "main", + "repo": "https://git.lix.systems/lix-project/nixos-module.git", + "rev": "aaf759cd93d1946336247808e7551df714cfd332", + "type": "git" + }, + "lix-pkg": { + "branch": "main", + "repo": "https://git.lix.systems/lix-project/lix.git", + "rev": "005b2b61e671e11d0427507883f8ae66e15d939d", + "type": "git" + }, + "nixpkgs": { + "branch": "nixos-unstable", + "description": "Nix Packages collection", + "homepage": null, + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "25865a40d14b3f9cf19f19b924e2ab4069b09588", + "sha256": "03954l2g8kczg2skf1c7xfz60a3v6jri7l2h4r9g3157n2v5jm2j", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/25865a40d14b3f9cf19f19b924e2ab4069b09588.tar.gz", + "url_template": "https://github.com///archive/.tar.gz" + } +} diff --git a/nix/sources.nix b/nix/sources.nix new file mode 100644 index 0000000..fe3dadf --- /dev/null +++ b/nix/sources.nix @@ -0,0 +1,198 @@ +# This file has been generated by Niv. + +let + + # + # The fetchers. fetch_ fetches specs of type . + # + + fetch_file = pkgs: name: spec: + let + name' = sanitizeName name + "-src"; + in + if spec.builtin or true then + builtins_fetchurl { inherit (spec) url sha256; name = name'; } + else + pkgs.fetchurl { inherit (spec) url sha256; name = name'; }; + + fetch_tarball = pkgs: name: spec: + let + name' = sanitizeName name + "-src"; + in + if spec.builtin or true then + builtins_fetchTarball { name = name'; inherit (spec) url sha256; } + else + pkgs.fetchzip { name = name'; inherit (spec) url sha256; }; + + fetch_git = name: spec: + let + ref = + spec.ref or ( + if spec ? branch then "refs/heads/${spec.branch}" else + if spec ? tag then "refs/tags/${spec.tag}" else + abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!" + ); + submodules = spec.submodules or false; + submoduleArg = + let + nixSupportsSubmodules = builtins.compareVersions builtins.nixVersion "2.4" >= 0; + emptyArgWithWarning = + if submodules + then + builtins.trace + ( + "The niv input \"${name}\" uses submodules " + + "but your nix's (${builtins.nixVersion}) builtins.fetchGit " + + "does not support them" + ) + { } + else { }; + in + if nixSupportsSubmodules + then { inherit submodules; } + else emptyArgWithWarning; + in + builtins.fetchGit + ({ url = spec.repo; inherit (spec) rev; inherit ref; } // submoduleArg); + + fetch_local = spec: spec.path; + + fetch_builtin-tarball = name: throw + ''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`. + $ niv modify ${name} -a type=tarball -a builtin=true''; + + fetch_builtin-url = name: throw + ''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`. + $ niv modify ${name} -a type=file -a builtin=true''; + + # + # Various helpers + # + + # https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695 + sanitizeName = name: + ( + concatMapStrings (s: if builtins.isList s then "-" else s) + ( + builtins.split "[^[:alnum:]+._?=-]+" + ((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name) + ) + ); + + # The set of packages used when specs are fetched using non-builtins. + mkPkgs = sources: system: + let + sourcesNixpkgs = + import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; }; + hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath; + hasThisAsNixpkgsPath = == ./.; + in + if builtins.hasAttr "nixpkgs" sources + then sourcesNixpkgs + else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then + import { } + else + abort + '' + Please specify either (through -I or NIX_PATH=nixpkgs=...) or + add a package called "nixpkgs" to your sources.json. + ''; + + # The actual fetching function. + fetch = pkgs: name: spec: + + if ! builtins.hasAttr "type" spec then + abort "ERROR: niv spec ${name} does not have a 'type' attribute" + else if spec.type == "file" then fetch_file pkgs name spec + else if spec.type == "tarball" then fetch_tarball pkgs name spec + else if spec.type == "git" then fetch_git name spec + else if spec.type == "local" then fetch_local spec + else if spec.type == "builtin-tarball" then fetch_builtin-tarball name + else if spec.type == "builtin-url" then fetch_builtin-url name + else + abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}"; + + # If the environment variable NIV_OVERRIDE_${name} is set, then use + # the path directly as opposed to the fetched source. + replace = name: drv: + let + saneName = stringAsChars (c: if (builtins.match "[a-zA-Z0-9]" c) == null then "_" else c) name; + ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}"; + in + if ersatz == "" then drv else + # this turns the string into an actual Nix path (for both absolute and + # relative paths) + if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}"; + + # Ports of functions for older nix versions + + # a Nix version of mapAttrs if the built-in doesn't exist + mapAttrs = builtins.mapAttrs or ( + f: set: with builtins; + listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)) + ); + + # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295 + range = first: last: if first > last then [ ] else builtins.genList (n: first + n) (last - first + 1); + + # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257 + stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1)); + + # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269 + stringAsChars = f: s: concatStrings (map f (stringToCharacters s)); + concatMapStrings = f: list: concatStrings (map f list); + concatStrings = builtins.concatStringsSep ""; + + # https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331 + optionalAttrs = cond: as: if cond then as else { }; + + # fetchTarball version that is compatible between all the versions of Nix + builtins_fetchTarball = { url, name ? null, sha256 }@attrs: + let + inherit (builtins) lessThan nixVersion fetchTarball; + in + if lessThan nixVersion "1.12" then + fetchTarball ({ inherit url; } // (optionalAttrs (name != null) { inherit name; })) + else + fetchTarball attrs; + + # fetchurl version that is compatible between all the versions of Nix + builtins_fetchurl = { url, name ? null, sha256 }@attrs: + let + inherit (builtins) lessThan nixVersion fetchurl; + in + if lessThan nixVersion "1.12" then + fetchurl ({ inherit url; } // (optionalAttrs (name != null) { inherit name; })) + else + fetchurl attrs; + + # Create the final "sources" from the config + mkSources = config: + mapAttrs + ( + name: spec: + if builtins.hasAttr "outPath" spec + then + abort + "The values in sources.json should not have an 'outPath' attribute" + else + spec // { outPath = replace name (fetch config.pkgs name spec); } + ) + config.sources; + + # The "config" used by the fetchers + mkConfig = + { sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null + , sources ? if sourcesFile == null then { } else builtins.fromJSON (builtins.readFile sourcesFile) + , system ? builtins.currentSystem + , pkgs ? mkPkgs sources system + }: rec { + # The sources, i.e. the attribute set of spec name to spec + inherit sources; + + # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers + inherit pkgs; + }; + +in +mkSources (mkConfig { }) // { __functor = _: settings: mkSources (mkConfig settings); } diff --git a/sway/default.nix b/sway/default.nix index 2daeeb3..4fcb64a 100644 --- a/sway/default.nix +++ b/sway/default.nix @@ -1,4 +1,4 @@ -{ inputs, system, pkgs, config, lib, ... }: +{ system, pkgs, config, lib, ... }: let searchclip = let inherit (lib) getExe; in with pkgs; writeShellScriptBin "searchclip" '' xdg-open https://www.google.com/search?q=$(wl-paste -p | ${getExe urlencode})