de-flake: part 2

2024-05-07 12:19:14 +02:00 · 2024-05-07 12:19:14 +02:00 · d1e1113d8c
commit d1e1113d8c
parent 6960ecd6c3
12 changed files with 333 additions and 154 deletions
--- a/common/firefox.nix
+++ b/common/firefox.nix
@ -1,4 +1,4 @@
-{ inputs, pkgs, config, lib, ... }:
+{ pkgs, config, lib, ... }:
 let
  cfg = config.grimmShared;
 in
--- a/common/sound/default.nix
+++ b/common/sound/default.nix
@ -1,4 +1,4 @@
-{ grimm-shared-inputs, pkgs, config, lib, ... }:
+{ pkgs, config, lib, ... }:
 let
  cfg = config.grimmShared;
 in
--- a/common/sound/pipewireLowLatency.nix
+++ b/common/sound/pipewireLowLatency.nix
@ -1,10 +1,10 @@
 # source: https://github.com/fufexan/nix-gaming/raw/master/modules/pipewireLowLatency.nix
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: let
+{ config
+, pkgs
+, lib
+, ...
+}:
+let
  inherit (lib.modules) mkIf;
  inherit (lib.options) mkOption mkEnableOption;
  inherit (lib.types) int;
@ -12,10 +12,11 @@

  cfg = config.services.pipewire.lowLatency;
  qr = "${toString cfg.quantum}/${toString cfg.rate}";
-in {
+in
+{
  # low-latency PipeWire configuration
  # extends the nixpkgs module
-  meta.maintainers = with lib.maintainers; [fufexan];
+  meta.maintainers = with lib.maintainers; [ fufexan ];

  options = {
    services.pipewire.lowLatency = {
@ -54,7 +55,7 @@ in {
            modules = [
              {
                name = "libpipewire-module-rtkit";
-                flags = ["ifexists" "nofail"];
+                flags = [ "ifexists" "nofail" ];
                args = {
                  nice.level = -15;
                  rt = {
@ -67,7 +68,7 @@ in {
              {
                name = "libpipewire-module-protocol-pulse";
                args = {
-                  server.address = ["unix:native"];
+                  server.address = [ "unix:native" ];
                  pulse.min = {
                    req = qr;
                    quantum = qr;
@ -89,30 +90,33 @@ in {
      # and write extra config to ship low latency rules for alsa
      wireplumber = {
        enable = true;
-        configPackages = let
-          # generate "matches" section of the rules
-          matches = toLua {
-            multiline = false; # looks better while inline
-            indent = false;
-          } [[["node.name" "matches" "alsa_output.*"]]]; # nested lists are to produce `{{{ }}}` in the output
-
-          # generate "apply_properties" section of the rules
-          apply_properties = toLua {} {
-            "audio.format" = "S32LE";
-            "audio.rate" = cfg.rate * 2;
-            "api.alsa.period-size" = 2;
-          };
-        in [
-          (pkgs.writeTextDir "share/lowlatency.lua.d/99-alsa-lowlatency.lua" ''
-            -- Generated by nix-gaming
-            alsa_monitor.rules = {
+        configPackages =
+          let
+            # generate "matches" section of the rules
+            matches = toLua
              {
-                matches = ${matches};
-                apply_properties = ${apply_properties};
+                multiline = false; # looks better while inline
+                indent = false;
+              } [ [ [ "node.name" "matches" "alsa_output.*" ] ] ]; # nested lists are to produce `{{{ }}}` in the output
+
+            # generate "apply_properties" section of the rules
+            apply_properties = toLua { } {
+              "audio.format" = "S32LE";
+              "audio.rate" = cfg.rate * 2;
+              "api.alsa.period-size" = 2;
+            };
+          in
+          [
+            (pkgs.writeTextDir "share/lowlatency.lua.d/99-alsa-lowlatency.lua" ''
+              -- Generated by nix-gaming
+              alsa_monitor.rules = {
+                {
+                  matches = ${matches};
+                  apply_properties = ${apply_properties};
+                }
              }
-            }
-          '')
-        ];
+            '')
+          ];
      };
    };
  };
--- a/common/tooling/nix.nix
+++ b/common/tooling/nix.nix
@ -16,6 +16,7 @@ in
    nixpkgs-hammering
    nix-output-monitor
    nix-search-cli
+    niv
  ];

  environment.sessionVariables = {
@ -36,7 +37,7 @@ in
    dates = "weekly";
    options = "--delete-older-than 30d";
  };
-  nix.package = pkgs.nixVersions.latest;
+  # nix.package = pkgs.nixVersions.latest;
  nix.optimise.automatic = true;
  nixpkgs.hostPlatform = system;

--- a/common/tooling/security.nix
+++ b/common/tooling/security.nix
@ -1,4 +1,4 @@
-{ pkgs, config, lib, inputs, system, ... }:
+{ pkgs, config, lib, ... }:
 let
  cfg = config.grimmShared;
 in
@ -22,7 +22,7 @@ in
      libsecret
      vulnix
      doas-sudo-shim # muscle memory
-      inputs.agenix.packages.${system}.default
+      agenix
    ] ++ lib.optionals (tooling.enable && tooling.pass) [
      pass
      (writeShellScriptBin "passw" "pass $@")
--- a/configuration.nix
+++ b/configuration.nix
@ -1,7 +1,14 @@
-{ system, config, pkgs, ... }:
+{ config, pkgs, ... }:
 {
  imports =
    [
+      ./overlays
+      ./common
+      ./fake_flake.nix
+      ./specific/grimm-nixos-laptop/configuration.nix
+      ./modules/users.nix
+      ./modules/system-packages.nix
+      ./modules/kvm.nix
      ./sway
    ];

--- a/fake_flake.nix
+++ b/fake_flake.nix
@ -0,0 +1,29 @@
+{ pkgs, lib, ... }:
+let
+  nivSources = import ./nix/sources.nix;
+  asGithubRef = src: "github:${src.owner}/${src.repo}/${src.rev}";
+in
+{
+  imports = [
+    "${nivSources.agenix}/modules/age.nix"
+    (import "${nivSources.lix-module}/module.nix" { lix = nivSources.lix-pkg; })
+    (builtins.getFlake (asGithubRef nivSources.chaotic)).nixosModules.default # fixme: ideally we'd not rely on the flake syntax to load the module
+  ];
+
+  nixpkgs.hostPlatform = "x86_64-linux";
+
+  nixpkgs.overlays = lib.singleton (final: prev: {
+    agenix = final.callPackage "${nivSources.agenix}/pkgs/agenix.nix" { };  
+  });
+
+  nix.settings.extra-substituters = [
+    "https://cache.lix.systems"
+    "https://nyx.chaotic.cx/"
+  ];
+
+  nix.settings.trusted-public-keys = [
+    "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
+    "nyx.chaotic.cx-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
+    "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
+  ];
+}
--- a/flake.lock
+++ b/flake.lock
@ -1,28 +1,5 @@
 {
  "nodes": {
-    "agenix": {
-      "inputs": {
-        "darwin": "darwin",
-        "home-manager": "home-manager",
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1714136352,
-        "narHash": "sha256-BtWQ2Th/jamO1SlD+2ASSW5Jaf7JhA/JLpQHk0Goqpg=",
-        "owner": "ryantm",
-        "repo": "agenix",
-        "rev": "24a7ea390564ccd5b39b7884f597cfc8d7f6f44e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "ryantm",
-        "repo": "agenix",
-        "type": "github"
-      }
-    },
    "attic": {
      "inputs": {
        "crane": [
@ -66,7 +43,7 @@
        "flake-compat": "flake-compat",
        "flake-schemas": "flake-schemas",
        "flake-utils": "flake-utils",
-        "home-manager": "home-manager_2",
+        "home-manager": "home-manager",
        "jovian": "jovian",
        "jujutsu": "jujutsu",
        "niri": "niri",
@ -74,7 +51,7 @@
        "nixpkgs": [
          "nixpkgs"
        ],
-        "systems": "systems_2",
+        "systems": "systems",
        "yafas": "yafas"
      },
      "locked": {
@ -190,28 +167,6 @@
        "url": "https://flakehub.com/f/ipetkov/crane/%3D0.16.1.tar.gz"
      }
    },
-    "darwin": {
-      "inputs": {
-        "nixpkgs": [
-          "agenix",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1700795494,
-        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
-        "owner": "lnl7",
-        "repo": "nix-darwin",
-        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
-        "type": "github"
-      },
-      "original": {
-        "owner": "lnl7",
-        "ref": "master",
-        "repo": "nix-darwin",
-        "type": "github"
-      }
-    },
    "fenix": {
      "inputs": {
        "nixpkgs": [
@ -283,27 +238,6 @@
      }
    },
    "home-manager": {
-      "inputs": {
-        "nixpkgs": [
-          "agenix",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1703113217,
-        "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
-        "owner": "nix-community",
-        "repo": "home-manager",
-        "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "home-manager",
-        "type": "github"
-      }
-    },
-    "home-manager_2": {
      "inputs": {
        "nixpkgs": [
          "chaotic",
@ -479,22 +413,6 @@
        "type": "github"
      }
    },
-    "nixpkgs-stable_2": {
-      "locked": {
-        "lastModified": 1714782413,
-        "narHash": "sha256-tbg0MEuKaPcUrnmGCu4xiY5F+7LW2+ECPKVAJd2HLwM=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "651b4702e27a388f0f18e1b970534162dec09aff",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-23.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
    "rocksdb": {
      "flake": false,
      "locked": {
@ -514,10 +432,8 @@
    },
    "root": {
      "inputs": {
-        "agenix": "agenix",
        "chaotic": "chaotic",
-        "nixpkgs": "nixpkgs",
-        "nixpkgs-stable": "nixpkgs-stable_2"
+        "nixpkgs": "nixpkgs"
      }
    },
    "rust-analyzer-src": {
@ -565,21 +481,6 @@
      }
    },
    "systems": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
-    "systems_2": {
      "locked": {
        "lastModified": 1689347949,
        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
--- a/flake.nix
+++ b/flake.nix
@ -10,13 +10,9 @@
      url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    agenix = {
-      url = "github:ryantm/agenix";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
  };

-  outputs = inputs @ { self, agenix, nixpkgs, chaotic, ... }:
+  outputs = inputs @ { self, nixpkgs, chaotic, ... }:
    let
      patches = [
        {
@ -45,15 +41,8 @@
      nixosConfigurations = {
        grimmauld-nixos = customNixosSystem "x86_64-linux" {
          modules = [
-            agenix.nixosModules.default
-            chaotic.nixosModules.default
-            ./overlays
-            ./common
-            ./specific/grimm-nixos-laptop/configuration.nix
+            # chaotic.nixosModules.default
            ./configuration.nix
-            ./modules/users.nix
-            ./modules/system-packages.nix
-            ./modules/kvm.nix
          ];
        };
      };
--- a/nix/sources.json
+++ b/nix/sources.json
@ -0,0 +1,50 @@
+{
+    "agenix": {
+        "branch": "main",
+        "description": "age-encrypted secrets for NixOS and Home manager",
+        "homepage": "https://matrix.to/#/#agenix:nixos.org",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "24a7ea390564ccd5b39b7884f597cfc8d7f6f44e",
+        "sha256": "165am10r61wl5v4hz169zrlljvj929hgnhr9sn7ak3bz73cr1m86",
+        "type": "tarball",
+        "url": "https://github.com/ryantm/agenix/archive/24a7ea390564ccd5b39b7884f597cfc8d7f6f44e.tar.gz",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    },
+    "chaotic": {
+        "branch": "main",
+        "description": "Nix flake for \"too much bleeding-edge\" and unreleased packages (e.g., mesa_git, linux_cachyos, firefox_nightly, sway_git, gamescope_git). And experimental modules (e.g., HDR, duckdns).",
+        "homepage": "https://nyx.chaotic.cx",
+        "owner": "chaotic-cx",
+        "repo": "nyx",
+        "rev": "b2e432016233fe80948ea8e0eabf0b176ad847f0",
+        "sha256": "1bdpxc0p18zw50pzfmhijcd0w2865a7i2lbgn146bs7bwyvrpnak",
+        "type": "tarball",
+        "url": "https://github.com/chaotic-cx/nyx/archive/b2e432016233fe80948ea8e0eabf0b176ad847f0.tar.gz",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    },
+    "lix-module": {
+        "branch": "main",
+        "repo": "https://git.lix.systems/lix-project/nixos-module.git",
+        "rev": "aaf759cd93d1946336247808e7551df714cfd332",
+        "type": "git"
+    },
+    "lix-pkg": {
+        "branch": "main",
+        "repo": "https://git.lix.systems/lix-project/lix.git",
+        "rev": "005b2b61e671e11d0427507883f8ae66e15d939d",
+        "type": "git"
+    },
+    "nixpkgs": {
+        "branch": "nixos-unstable",
+        "description": "Nix Packages collection",
+        "homepage": null,
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "25865a40d14b3f9cf19f19b924e2ab4069b09588",
+        "sha256": "03954l2g8kczg2skf1c7xfz60a3v6jri7l2h4r9g3157n2v5jm2j",
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/25865a40d14b3f9cf19f19b924e2ab4069b09588.tar.gz",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    }
+}
--- a/nix/sources.nix
+++ b/nix/sources.nix
@ -0,0 +1,198 @@
+# This file has been generated by Niv.
+
+let
+
+  #
+  # The fetchers. fetch_<type> fetches specs of type <type>.
+  #
+
+  fetch_file = pkgs: name: spec:
+    let
+      name' = sanitizeName name + "-src";
+    in
+    if spec.builtin or true then
+      builtins_fetchurl { inherit (spec) url sha256; name = name'; }
+    else
+      pkgs.fetchurl { inherit (spec) url sha256; name = name'; };
+
+  fetch_tarball = pkgs: name: spec:
+    let
+      name' = sanitizeName name + "-src";
+    in
+    if spec.builtin or true then
+      builtins_fetchTarball { name = name'; inherit (spec) url sha256; }
+    else
+      pkgs.fetchzip { name = name'; inherit (spec) url sha256; };
+
+  fetch_git = name: spec:
+    let
+      ref =
+        spec.ref or (
+          if spec ? branch then "refs/heads/${spec.branch}" else
+          if spec ? tag then "refs/tags/${spec.tag}" else
+          abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!"
+        );
+      submodules = spec.submodules or false;
+      submoduleArg =
+        let
+          nixSupportsSubmodules = builtins.compareVersions builtins.nixVersion "2.4" >= 0;
+          emptyArgWithWarning =
+            if submodules
+            then
+              builtins.trace
+                (
+                  "The niv input \"${name}\" uses submodules "
+                  + "but your nix's (${builtins.nixVersion}) builtins.fetchGit "
+                  + "does not support them"
+                )
+                { }
+            else { };
+        in
+        if nixSupportsSubmodules
+        then { inherit submodules; }
+        else emptyArgWithWarning;
+    in
+    builtins.fetchGit
+      ({ url = spec.repo; inherit (spec) rev; inherit ref; } // submoduleArg);
+
+  fetch_local = spec: spec.path;
+
+  fetch_builtin-tarball = name: throw
+    ''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`.
+        $ niv modify ${name} -a type=tarball -a builtin=true'';
+
+  fetch_builtin-url = name: throw
+    ''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`.
+        $ niv modify ${name} -a type=file -a builtin=true'';
+
+  #
+  # Various helpers
+  #
+
+  # https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695
+  sanitizeName = name:
+    (
+      concatMapStrings (s: if builtins.isList s then "-" else s)
+        (
+          builtins.split "[^[:alnum:]+._?=-]+"
+            ((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)
+        )
+    );
+
+  # The set of packages used when specs are fetched using non-builtins.
+  mkPkgs = sources: system:
+    let
+      sourcesNixpkgs =
+        import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; };
+      hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
+      hasThisAsNixpkgsPath = <nixpkgs> == ./.;
+    in
+    if builtins.hasAttr "nixpkgs" sources
+    then sourcesNixpkgs
+    else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then
+      import <nixpkgs> { }
+    else
+      abort
+        ''
+          Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
+          add a package called "nixpkgs" to your sources.json.
+        '';
+
+  # The actual fetching function.
+  fetch = pkgs: name: spec:
+
+    if ! builtins.hasAttr "type" spec then
+      abort "ERROR: niv spec ${name} does not have a 'type' attribute"
+    else if spec.type == "file" then fetch_file pkgs name spec
+    else if spec.type == "tarball" then fetch_tarball pkgs name spec
+    else if spec.type == "git" then fetch_git name spec
+    else if spec.type == "local" then fetch_local spec
+    else if spec.type == "builtin-tarball" then fetch_builtin-tarball name
+    else if spec.type == "builtin-url" then fetch_builtin-url name
+    else
+      abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
+
+  # If the environment variable NIV_OVERRIDE_${name} is set, then use
+  # the path directly as opposed to the fetched source.
+  replace = name: drv:
+    let
+      saneName = stringAsChars (c: if (builtins.match "[a-zA-Z0-9]" c) == null then "_" else c) name;
+      ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
+    in
+    if ersatz == "" then drv else
+      # this turns the string into an actual Nix path (for both absolute and
+      # relative paths)
+    if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}";
+
+  # Ports of functions for older nix versions
+
+  # a Nix version of mapAttrs if the built-in doesn't exist
+  mapAttrs = builtins.mapAttrs or (
+    f: set: with builtins;
+    listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set))
+  );
+
+  # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
+  range = first: last: if first > last then [ ] else builtins.genList (n: first + n) (last - first + 1);
+
+  # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
+  stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
+
+  # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
+  stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
+  concatMapStrings = f: list: concatStrings (map f list);
+  concatStrings = builtins.concatStringsSep "";
+
+  # https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331
+  optionalAttrs = cond: as: if cond then as else { };
+
+  # fetchTarball version that is compatible between all the versions of Nix
+  builtins_fetchTarball = { url, name ? null, sha256 }@attrs:
+    let
+      inherit (builtins) lessThan nixVersion fetchTarball;
+    in
+    if lessThan nixVersion "1.12" then
+      fetchTarball ({ inherit url; } // (optionalAttrs (name != null) { inherit name; }))
+    else
+      fetchTarball attrs;
+
+  # fetchurl version that is compatible between all the versions of Nix
+  builtins_fetchurl = { url, name ? null, sha256 }@attrs:
+    let
+      inherit (builtins) lessThan nixVersion fetchurl;
+    in
+    if lessThan nixVersion "1.12" then
+      fetchurl ({ inherit url; } // (optionalAttrs (name != null) { inherit name; }))
+    else
+      fetchurl attrs;
+
+  # Create the final "sources" from the config
+  mkSources = config:
+    mapAttrs
+      (
+        name: spec:
+          if builtins.hasAttr "outPath" spec
+          then
+            abort
+              "The values in sources.json should not have an 'outPath' attribute"
+          else
+            spec // { outPath = replace name (fetch config.pkgs name spec); }
+      )
+      config.sources;
+
+  # The "config" used by the fetchers
+  mkConfig =
+    { sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null
+    , sources ? if sourcesFile == null then { } else builtins.fromJSON (builtins.readFile sourcesFile)
+    , system ? builtins.currentSystem
+    , pkgs ? mkPkgs sources system
+    }: rec {
+      # The sources, i.e. the attribute set of spec name to spec
+      inherit sources;
+
+      # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
+      inherit pkgs;
+    };
+
+in
+mkSources (mkConfig { }) // { __functor = _: settings: mkSources (mkConfig settings); }
--- a/sway/default.nix
+++ b/sway/default.nix
@ -1,4 +1,4 @@
-{ inputs, system, pkgs, config, lib, ... }:
+{ system, pkgs, config, lib, ... }:
 let
  searchclip = let inherit (lib) getExe; in with pkgs; writeShellScriptBin "searchclip" ''
    xdg-open https://www.google.com/search?q=$(wl-paste -p | ${getExe urlencode})