Merge branch 'dev/moby'
This commit is contained in:
commit
d698c7ca70
48
flake.lock
48
flake.lock
|
@ -31,21 +31,37 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nix-serve": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": "nixpkgs"
|
||||||
"nixpkgs-unpatched"
|
|
||||||
]
|
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1,
|
"lastModified": 1675958846,
|
||||||
"narHash": "sha256-AJlQHunLsnhZ8LdYirwIcqD1iojYJEQAdxGfJn9siPs=",
|
"narHash": "sha256-/nf09eM2vey9GrAXoqagccJrBo/fGyVKP7oNSxPqwdo=",
|
||||||
"path": "/nix/store/9f4x4836z7srhi6sxbjd5131601yjnwn-source/nixpatches",
|
"owner": "edolstra",
|
||||||
"type": "path"
|
"repo": "nix-serve",
|
||||||
|
"rev": "7089565e260267c9c234a81292c841958737cef6",
|
||||||
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"path": "/nix/store/9f4x4836z7srhi6sxbjd5131601yjnwn-source/nixpatches",
|
"owner": "edolstra",
|
||||||
"type": "path"
|
"repo": "nix-serve",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1606086654,
|
||||||
|
"narHash": "sha256-VFl+3eGIMqNp7cyOMJ6TjM/+UcsLKtodKoYexrlTJMI=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "19db3e5ea2777daa874563b5986288151f502e27",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"id": "nixpkgs",
|
||||||
|
"ref": "nixos-20.09",
|
||||||
|
"type": "indirect"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
|
@ -66,11 +82,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-unpatched": {
|
"nixpkgs-unpatched": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1677342105,
|
"lastModified": 1676569297,
|
||||||
"narHash": "sha256-kv1fpkfCJGb0M+LZaCHFUuIS9kRIwyVgupHu86Y28nc=",
|
"narHash": "sha256-2n4C4H3/U+3YbDrQB6xIw7AaLdFISCCFwOkcETAigqU=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "b1f87ca164a9684404c8829b851c3586c4d9f089",
|
"rev": "ac1f5b72a9e95873d1de0233fddcb56f99884b37",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -83,7 +99,7 @@
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"mobile-nixos": "mobile-nixos",
|
"mobile-nixos": "mobile-nixos",
|
||||||
"nixpkgs": "nixpkgs",
|
"nix-serve": "nix-serve",
|
||||||
"nixpkgs-unpatched": "nixpkgs-unpatched",
|
"nixpkgs-unpatched": "nixpkgs-unpatched",
|
||||||
"sops-nix": "sops-nix",
|
"sops-nix": "sops-nix",
|
||||||
"uninsane-dot-org": "uninsane-dot-org"
|
"uninsane-dot-org": "uninsane-dot-org"
|
||||||
|
@ -92,7 +108,7 @@
|
||||||
"sops-nix": {
|
"sops-nix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs-unpatched"
|
||||||
],
|
],
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
|
@ -114,7 +130,7 @@
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-utils": "flake-utils",
|
"flake-utils": "flake-utils",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs-unpatched"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
|
|
123
flake.nix
123
flake.nix
|
@ -23,10 +23,12 @@
|
||||||
|
|
||||||
# <https://github.com/nixos/nixpkgs/tree/nixos-unstable>
|
# <https://github.com/nixos/nixpkgs/tree/nixos-unstable>
|
||||||
nixpkgs-unpatched.url = "github:nixos/nixpkgs?ref=nixos-unstable";
|
nixpkgs-unpatched.url = "github:nixos/nixpkgs?ref=nixos-unstable";
|
||||||
nixpkgs = {
|
|
||||||
url = "./nixpatches";
|
# nixpkgs = {
|
||||||
inputs.nixpkgs.follows = "nixpkgs-unpatched";
|
# url = "./nixpatches";
|
||||||
};
|
# inputs.nixpkgs.follows = "nixpkgs-unpatched";
|
||||||
|
# };
|
||||||
|
|
||||||
mobile-nixos = {
|
mobile-nixos = {
|
||||||
# <https://github.com/nixos/mobile-nixos>
|
# <https://github.com/nixos/mobile-nixos>
|
||||||
url = "github:nixos/mobile-nixos";
|
url = "github:nixos/mobile-nixos";
|
||||||
|
@ -35,24 +37,43 @@
|
||||||
sops-nix = {
|
sops-nix = {
|
||||||
# <https://github.com/Mic92/sops-nix>
|
# <https://github.com/Mic92/sops-nix>
|
||||||
url = "github:Mic92/sops-nix";
|
url = "github:Mic92/sops-nix";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
# inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs-unpatched";
|
||||||
};
|
};
|
||||||
uninsane-dot-org = {
|
uninsane-dot-org = {
|
||||||
url = "git+https://git.uninsane.org/colin/uninsane";
|
url = "git+https://git.uninsane.org/colin/uninsane";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
# inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs-unpatched";
|
||||||
|
};
|
||||||
|
nix-serve = {
|
||||||
|
# <https://github.com/edolstra/nix-serve>
|
||||||
|
url = "github:edolstra/nix-serve";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = {
|
outputs = {
|
||||||
self,
|
self,
|
||||||
nixpkgs,
|
|
||||||
nixpkgs-unpatched,
|
nixpkgs-unpatched,
|
||||||
mobile-nixos,
|
mobile-nixos,
|
||||||
sops-nix,
|
sops-nix,
|
||||||
uninsane-dot-org,
|
uninsane-dot-org,
|
||||||
|
nix-serve,
|
||||||
...
|
...
|
||||||
}@inputs:
|
}@inputs:
|
||||||
let
|
let
|
||||||
|
inherit (builtins) attrNames listToAttrs map mapAttrs;
|
||||||
|
mapAttrs' = f: set:
|
||||||
|
listToAttrs (map (attr: f attr set.${attr}) (attrNames set));
|
||||||
|
# mapAttrs but without the `name` argument
|
||||||
|
mapAttrValues = f: mapAttrs (_: f);
|
||||||
|
# rather than apply our nixpkgs patches as a flake input, do that here instead.
|
||||||
|
# this (temporarily?) resolves the bad UX wherein a subflake residing in the same git
|
||||||
|
# repo as the main flake causes the main flake to have an unstable hash.
|
||||||
|
nixpkgs = (import ./nixpatches/flake.nix).outputs {
|
||||||
|
self = nixpkgs;
|
||||||
|
nixpkgs = nixpkgs-unpatched;
|
||||||
|
};
|
||||||
|
|
||||||
nixpkgsCompiledBy = local: nixpkgs.legacyPackages."${local}";
|
nixpkgsCompiledBy = local: nixpkgs.legacyPackages."${local}";
|
||||||
|
|
||||||
evalHost = { name, local, target }:
|
evalHost = { name, local, target }:
|
||||||
|
@ -65,9 +86,6 @@
|
||||||
nixosSystem = import ((nixpkgsCompiledBy target).path + "/nixos/lib/eval-config.nix");
|
nixosSystem = import ((nixpkgsCompiledBy target).path + "/nixos/lib/eval-config.nix");
|
||||||
in
|
in
|
||||||
(nixosSystem {
|
(nixosSystem {
|
||||||
# we use pkgs built for and *by* the target, i.e. emulation, by default.
|
|
||||||
# cross compilation only happens on explicit access to `pkgs.cross`
|
|
||||||
system = target;
|
|
||||||
modules = [
|
modules = [
|
||||||
(import ./hosts/instantiate.nix { localSystem = local; hostName = name; })
|
(import ./hosts/instantiate.nix { localSystem = local; hostName = name; })
|
||||||
self.nixosModules.default
|
self.nixosModules.default
|
||||||
|
@ -78,22 +96,45 @@
|
||||||
self.overlays.passthru
|
self.overlays.passthru
|
||||||
self.overlays.pins
|
self.overlays.pins
|
||||||
];
|
];
|
||||||
|
nixpkgs.hostPlatform = target;
|
||||||
|
# nixpkgs.buildPlatform = local; # set by instantiate.nix instead
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
});
|
});
|
||||||
in {
|
in {
|
||||||
nixosConfigurations = {
|
nixosConfigurations =
|
||||||
servo = evalHost { name = "servo"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
let
|
||||||
desko = evalHost { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
hosts = {
|
||||||
lappy = evalHost { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
servo = { name = "servo"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
||||||
moby = evalHost { name = "moby"; local = "aarch64-linux"; target = "aarch64-linux"; };
|
desko = { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
||||||
# special cross-compiled variant, to speed up deploys from an x86 box to the arm target
|
lappy = { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
||||||
# note that these *do* produce different store paths, because the closure for the tools used to cross compile
|
moby = { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; };
|
||||||
# v.s. emulate differ.
|
rescue = { name = "rescue"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
||||||
# so deploying foo-cross and then foo incurs some rebuilding.
|
};
|
||||||
moby-cross = evalHost { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; };
|
# cross-compiled builds: instead of emulating the host, build using a cross-compiler.
|
||||||
rescue = evalHost { name = "rescue"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
# - these are faster to *build* than the emulated variants (useful when tweaking packages),
|
||||||
};
|
# - but fewer of their packages can be found in upstream caches.
|
||||||
|
cross = mapAttrValues evalHost hosts;
|
||||||
|
emulated = mapAttrValues
|
||||||
|
({name, local, target}: evalHost {
|
||||||
|
inherit name target;
|
||||||
|
local = null;
|
||||||
|
})
|
||||||
|
hosts;
|
||||||
|
prefixAttrs = prefix: attrs: mapAttrs'
|
||||||
|
(name: value: {
|
||||||
|
name = prefix + name;
|
||||||
|
inherit value;
|
||||||
|
})
|
||||||
|
attrs;
|
||||||
|
in
|
||||||
|
(prefixAttrs "cross-" cross) //
|
||||||
|
(prefixAttrs "emulated-" emulated) // {
|
||||||
|
# prefer native builds for these machines:
|
||||||
|
inherit (emulated) servo desko lappy rescue;
|
||||||
|
# prefer cross-compiled builds for these machines:
|
||||||
|
inherit (cross) moby;
|
||||||
|
};
|
||||||
|
|
||||||
# unofficial output
|
# unofficial output
|
||||||
# this produces a EFI-bootable .img file (GPT with a /boot partition and a system (/ or /nix) partition).
|
# this produces a EFI-bootable .img file (GPT with a /boot partition and a system (/ or /nix) partition).
|
||||||
|
@ -109,9 +150,10 @@
|
||||||
# - if fs wasn't resized automatically, then `sudo btrfs filesystem resize max /`
|
# - if fs wasn't resized automatically, then `sudo btrfs filesystem resize max /`
|
||||||
# - checkout this flake into /etc/nixos AND UPDATE THE FS UUIDS.
|
# - checkout this flake into /etc/nixos AND UPDATE THE FS UUIDS.
|
||||||
# - `nixos-rebuild --flake './#<host>' switch`
|
# - `nixos-rebuild --flake './#<host>' switch`
|
||||||
imgs = builtins.mapAttrs (_: host-dfn: host-dfn.config.system.build.img) self.nixosConfigurations;
|
imgs = mapAttrValues (host: host.config.system.build.img) self.nixosConfigurations;
|
||||||
|
|
||||||
host-pkgs = builtins.mapAttrs (_: host-dfn: host-dfn.config.system.build.pkgs) self.nixosConfigurations;
|
# unofficial output
|
||||||
|
host-pkgs = mapAttrValues (host: host.config.system.build.pkgs) self.nixosConfigurations;
|
||||||
|
|
||||||
overlays = rec {
|
overlays = rec {
|
||||||
default = pkgs;
|
default = pkgs;
|
||||||
|
@ -127,9 +169,20 @@
|
||||||
) else (next: prev: {});
|
) else (next: prev: {});
|
||||||
mobile = (import "${mobile-nixos}/overlay/overlay.nix");
|
mobile = (import "${mobile-nixos}/overlay/overlay.nix");
|
||||||
uninsane = uninsane-dot-org.overlay;
|
uninsane = uninsane-dot-org.overlay;
|
||||||
|
# nix-serve' = nix-serve.overlay;
|
||||||
|
nix-serve' = next: prev: {
|
||||||
|
# XXX(2023/03/02): upstream isn't compatible with modern `nix`. probably the perl bindings.
|
||||||
|
# - we use the package built against `nixpkgs` specified in its flake rather than use its overlay,
|
||||||
|
# to get around this.
|
||||||
|
inherit (nix-serve.packages."${next.system}") nix-serve;
|
||||||
|
};
|
||||||
in
|
in
|
||||||
next: prev:
|
next: prev:
|
||||||
(stable next prev) // (mobile next prev) // (uninsane next prev);
|
(stable next prev)
|
||||||
|
// (mobile next prev)
|
||||||
|
// (uninsane next prev)
|
||||||
|
// (nix-serve' next prev)
|
||||||
|
;
|
||||||
};
|
};
|
||||||
|
|
||||||
nixosModules = rec {
|
nixosModules = rec {
|
||||||
|
@ -154,13 +207,18 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
# extract only our own packages from the full set
|
# extract only our own packages from the full set
|
||||||
packages = builtins.mapAttrs
|
packages = mapAttrValues
|
||||||
(_: full: full.sane // { inherit (full) sane uninsane-dot-org; })
|
(full: full.sane // { inherit (full) sane uninsane-dot-org; })
|
||||||
self.legacyPackages;
|
self.legacyPackages;
|
||||||
|
|
||||||
apps."x86_64-linux" =
|
apps."x86_64-linux" =
|
||||||
let
|
let
|
||||||
pkgs = self.legacyPackages."x86_64-linux";
|
pkgs = self.legacyPackages."x86_64-linux";
|
||||||
|
deployScript = action: pkgs.writeShellScript "deploy-moby" ''
|
||||||
|
nixos-rebuild --flake '.#cross-moby' build
|
||||||
|
sudo nix sign-paths -r -k /run/secrets/nix_serve_privkey $(readlink ./result)
|
||||||
|
nixos-rebuild --flake '.#cross-moby' ${action} --target-host colin@moby --use-remote-sudo
|
||||||
|
'';
|
||||||
in {
|
in {
|
||||||
update-feeds = {
|
update-feeds = {
|
||||||
type = "app";
|
type = "app";
|
||||||
|
@ -172,6 +230,17 @@
|
||||||
type = "app";
|
type = "app";
|
||||||
program = "${pkgs.feeds.passthru.initFeedScript}";
|
program = "${pkgs.feeds.passthru.initFeedScript}";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
deploy-moby-test = {
|
||||||
|
# `nix run '.#deploy-moby-test'`
|
||||||
|
type = "app";
|
||||||
|
program = ''${deployScript "test"}'';
|
||||||
|
};
|
||||||
|
deploy-moby-switch = {
|
||||||
|
# `nix run '.#deploy-moby-switch'`
|
||||||
|
type = "app";
|
||||||
|
program = ''${deployScript "switch"}'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
templates = {
|
templates = {
|
||||||
|
|
|
@ -15,6 +15,8 @@
|
||||||
sane.gui.sway.enable = true;
|
sane.gui.sway.enable = true;
|
||||||
sane.programs.iphoneUtils.enableFor.user.colin = true;
|
sane.programs.iphoneUtils.enableFor.user.colin = true;
|
||||||
|
|
||||||
|
sane.programs.guiApps.suggestedPrograms = [ "desktopGuiApps" ];
|
||||||
|
|
||||||
boot.loader.efi.canTouchEfiVariables = false;
|
boot.loader.efi.canTouchEfiVariables = false;
|
||||||
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
|
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
|
||||||
|
|
||||||
|
@ -48,7 +50,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.steam = {
|
programs.steam = {
|
||||||
enable = true;
|
# enable = true;
|
||||||
# not sure if needed: stole this whole snippet from the wiki
|
# not sure if needed: stole this whole snippet from the wiki
|
||||||
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
|
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
|
||||||
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
|
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
|
||||||
|
|
|
@ -15,6 +15,8 @@
|
||||||
boot.loader.efi.canTouchEfiVariables = false;
|
boot.loader.efi.canTouchEfiVariables = false;
|
||||||
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
|
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
|
||||||
|
|
||||||
|
sane.programs.guiApps.suggestedPrograms = [ "desktopGuiApps" ];
|
||||||
|
|
||||||
sops.secrets.colin-passwd = {
|
sops.secrets.colin-passwd = {
|
||||||
sopsFile = ../../../secrets/lappy.yaml;
|
sopsFile = ../../../secrets/lappy.yaml;
|
||||||
neededForUsers = true;
|
neededForUsers = true;
|
||||||
|
|
|
@ -10,13 +10,6 @@
|
||||||
sane.services.wg-home.enable = true;
|
sane.services.wg-home.enable = true;
|
||||||
sane.services.wg-home.ip = config.sane.hosts.by-name."moby".wg-home.ip;
|
sane.services.wg-home.ip = config.sane.hosts.by-name."moby".wg-home.ip;
|
||||||
|
|
||||||
# cross-compiled documentation is *slow*.
|
|
||||||
# no obvious way to natively compile docs (2022/09/29).
|
|
||||||
# entrypoint is nixos/modules/misc/documentation.nix
|
|
||||||
# doc building happens in nixos/doc/manual/default.nix
|
|
||||||
# TODO: we could *maybe* inject pkgs.buildPackages.xyz = cross.buildPackages.xyz?
|
|
||||||
documentation.nixos.enable = false;
|
|
||||||
|
|
||||||
# XXX colin: phosh doesn't work well with passwordless login,
|
# XXX colin: phosh doesn't work well with passwordless login,
|
||||||
# so set this more reliable default password should anything go wrong
|
# so set this more reliable default password should anything go wrong
|
||||||
users.users.colin.initialPassword = "147147";
|
users.users.colin.initialPassword = "147147";
|
||||||
|
@ -44,6 +37,9 @@
|
||||||
sane.nixcache.enable = true;
|
sane.nixcache.enable = true;
|
||||||
sane.persist.enable = true;
|
sane.persist.enable = true;
|
||||||
sane.gui.phosh.enable = true;
|
sane.gui.phosh.enable = true;
|
||||||
|
# sane.programs.consoleUtils.enableFor.user.colin = false;
|
||||||
|
# sane.programs.guiApps.enableFor.user.colin = false;
|
||||||
|
sane.programs.sequoia.enableFor.user.colin = false;
|
||||||
|
|
||||||
boot.loader.efi.canTouchEfiVariables = false;
|
boot.loader.efi.canTouchEfiVariables = false;
|
||||||
# /boot space is at a premium. default was 20.
|
# /boot space is at a premium. default was 20.
|
||||||
|
|
|
@ -114,7 +114,7 @@ in
|
||||||
# - phone rotation sensor is off by 90 degrees
|
# - phone rotation sensor is off by 90 degrees
|
||||||
# - ambient light sensor causes screen brightness to be shakey
|
# - ambient light sensor causes screen brightness to be shakey
|
||||||
# - phosh greeter may not appear after wake from sleep
|
# - phosh greeter may not appear after wake from sleep
|
||||||
boot.kernelPackages = pkgs.cross.linuxPackagesFor pkgs.cross.linux-megous;
|
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux-megous;
|
||||||
|
|
||||||
boot.kernelPatches = [
|
boot.kernelPatches = [
|
||||||
(patchDefconfig (kernelConfig //
|
(patchDefconfig (kernelConfig //
|
||||||
|
|
|
@ -1,22 +0,0 @@
|
||||||
{ config, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
mkCrossFrom = localSystem: pkgs: import pkgs.path {
|
|
||||||
inherit localSystem;
|
|
||||||
crossSystem = pkgs.stdenv.hostPlatform.system;
|
|
||||||
inherit (config.nixpkgs) config overlays;
|
|
||||||
};
|
|
||||||
in
|
|
||||||
{
|
|
||||||
# the configuration of which specific package set `pkgs.cross` refers to happens elsewhere;
|
|
||||||
# here we just define them all.
|
|
||||||
nixpkgs.overlays = [
|
|
||||||
(next: prev: {
|
|
||||||
# non-emulated packages build *from* local *for* target.
|
|
||||||
# for large packages like the linux kernel which are expensive to build under emulation,
|
|
||||||
# the config can explicitly pull such packages from `pkgs.cross` to do more efficient cross-compilation.
|
|
||||||
crossFrom."x86_64-linux" = mkCrossFrom "x86_64-linux" next;
|
|
||||||
crossFrom."aarch64-linux" = mkCrossFrom "aarch64-linux" next;
|
|
||||||
})
|
|
||||||
];
|
|
||||||
}
|
|
1215
hosts/common/cross/default.nix
Normal file
1215
hosts/common/cross/default.nix
Normal file
File diff suppressed because it is too large
Load Diff
22
hosts/common/cross/kitty-no-docs.patch
Normal file
22
hosts/common/cross/kitty-no-docs.patch
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
diff --git a/setup.py b/setup.py
|
||||||
|
index 2b9d240e..770bc5e7 100755
|
||||||
|
--- a/setup.py
|
||||||
|
+++ b/setup.py
|
||||||
|
@@ -1092,11 +1092,12 @@ def c(base_path: str, **kw: object) -> None:
|
||||||
|
|
||||||
|
|
||||||
|
def create_linux_bundle_gunk(ddir: str, libdir_name: str) -> None:
|
||||||
|
- if not os.path.exists('docs/_build/html'):
|
||||||
|
- make = 'gmake' if is_freebsd else 'make'
|
||||||
|
- run_tool([make, 'docs'])
|
||||||
|
- copy_man_pages(ddir)
|
||||||
|
- copy_html_docs(ddir)
|
||||||
|
+ if not os.getenv('KITTY_NO_DOCS'):
|
||||||
|
+ if not os.path.exists('docs/_build/html'):
|
||||||
|
+ make = 'gmake' if is_freebsd else 'make'
|
||||||
|
+ run_tool([make, 'docs'])
|
||||||
|
+ copy_man_pages(ddir)
|
||||||
|
+ copy_html_docs(ddir)
|
||||||
|
for (icdir, ext) in {'256x256': 'png', 'scalable': 'svg'}.items():
|
||||||
|
icdir = os.path.join(ddir, 'share', 'icons', 'hicolor', icdir, 'apps')
|
||||||
|
safe_makedirs(icdir)
|
|
@ -1,7 +1,7 @@
|
||||||
{ lib, pkgs, ... }:
|
{ lib, pkgs, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./cross.nix
|
./cross
|
||||||
./feeds.nix
|
./feeds.nix
|
||||||
./fs.nix
|
./fs.nix
|
||||||
./hardware.nix
|
./hardware.nix
|
||||||
|
@ -42,16 +42,29 @@
|
||||||
|
|
||||||
fonts = {
|
fonts = {
|
||||||
enableDefaultFonts = true;
|
enableDefaultFonts = true;
|
||||||
fonts = with pkgs; [ font-awesome twitter-color-emoji hack-font ];
|
fonts = with pkgs; [ font-awesome noto-fonts-emoji hack-font ];
|
||||||
fontconfig.enable = true;
|
fontconfig.enable = true;
|
||||||
fontconfig.defaultFonts = {
|
fontconfig.defaultFonts = {
|
||||||
emoji = [ "Font Awesome 6 Free" "Twitter Color Emoji" ];
|
emoji = [ "Font Awesome 6 Free" "Noto Color Emoji" ];
|
||||||
monospace = [ "Hack" ];
|
monospace = [ "Hack" ];
|
||||||
serif = [ "DejaVu Serif" ];
|
serif = [ "DejaVu Serif" ];
|
||||||
sansSerif = [ "DejaVu Sans" ];
|
sansSerif = [ "DejaVu Sans" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# XXX: twitter-color-emoji doesn't cross-compile; but not-fonts-emoji does
|
||||||
|
# fonts = {
|
||||||
|
# enableDefaultFonts = true;
|
||||||
|
# fonts = with pkgs; [ font-awesome twitter-color-emoji hack-font ];
|
||||||
|
# fontconfig.enable = true;
|
||||||
|
# fontconfig.defaultFonts = {
|
||||||
|
# emoji = [ "Font Awesome 6 Free" "Twitter Color Emoji" ];
|
||||||
|
# monospace = [ "Hack" ];
|
||||||
|
# serif = [ "DejaVu Serif" ];
|
||||||
|
# sansSerif = [ "DejaVu Sans" ];
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
|
||||||
# disable non-required packages like nano, perl, rsync, strace
|
# disable non-required packages like nano, perl, rsync, strace
|
||||||
environment.defaultPackages = [];
|
environment.defaultPackages = [];
|
||||||
|
|
||||||
|
|
|
@ -13,6 +13,7 @@
|
||||||
./mpv.nix
|
./mpv.nix
|
||||||
./neovim.nix
|
./neovim.nix
|
||||||
./newsflash.nix
|
./newsflash.nix
|
||||||
|
./offlineimap.nix
|
||||||
./ripgrep.nix
|
./ripgrep.nix
|
||||||
./splatmoji.nix
|
./splatmoji.nix
|
||||||
./ssh.nix
|
./ssh.nix
|
||||||
|
|
17
hosts/common/home/offlineimap.nix
Normal file
17
hosts/common/home/offlineimap.nix
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
# mail archiving/synchronization tool.
|
||||||
|
#
|
||||||
|
# manually download all emails for an account with
|
||||||
|
# - `offlineimap -a <accountname>`
|
||||||
|
#
|
||||||
|
# view account names inside the secrets file, listed below.
|
||||||
|
{ config, sane-lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
sops.secrets."offlineimaprc" = {
|
||||||
|
owner = config.users.users.colin.name;
|
||||||
|
sopsFile = ../../../secrets/universal/offlineimaprc.bin;
|
||||||
|
format = "binary";
|
||||||
|
};
|
||||||
|
sane.user.fs.".config/offlineimap/config" = sane-lib.fs.wantedSymlinkTo config.sops.secrets.offlineimaprc.path;
|
||||||
|
}
|
||||||
|
|
|
@ -1,4 +1,6 @@
|
||||||
# TODO: migrate to nixpkgs `config.ids.uids`
|
# TODO: migrate to nixpkgs `config.ids.uids`
|
||||||
|
# - note that nixpkgs' `config.ids.uids` is strictly a database: it doesn't set anything by default
|
||||||
|
# whereas our impl sets the gid/uid of the user/group specified if they exist.
|
||||||
{ ... }:
|
{ ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
@ -35,7 +37,7 @@
|
||||||
# found on all hosts
|
# found on all hosts
|
||||||
sane.ids.sshd.uid = 2001; # 997
|
sane.ids.sshd.uid = 2001; # 997
|
||||||
sane.ids.sshd.gid = 2001; # 997
|
sane.ids.sshd.gid = 2001; # 997
|
||||||
# sane.ids.polkituser.gid = 2002; # 998 # 2023/02/26: upstream now specifies this as config.ids.uids.polkituser = 28
|
sane.ids.polkituser.gid = 2002; # 998
|
||||||
# sane.ids.systemd-coredump.gid = 2003; # 996 # 2023/02/12: upstream now specifies this as 151
|
# sane.ids.systemd-coredump.gid = 2003; # 996 # 2023/02/12: upstream now specifies this as 151
|
||||||
sane.ids.nscd.uid = 2004;
|
sane.ids.nscd.uid = 2004;
|
||||||
sane.ids.nscd.gid = 2004;
|
sane.ids.nscd.gid = 2004;
|
||||||
|
|
|
@ -4,11 +4,23 @@ let
|
||||||
inherit (builtins) attrNames concatLists;
|
inherit (builtins) attrNames concatLists;
|
||||||
inherit (lib) mapAttrs mapAttrsToList mkDefault mkMerge optional;
|
inherit (lib) mapAttrs mapAttrsToList mkDefault mkMerge optional;
|
||||||
|
|
||||||
|
flattenedPkgs = pkgs // (with pkgs; {
|
||||||
|
# XXX can't `inherit` a nested attr, so we move them to the toplevel
|
||||||
|
"cacert.unbundled" = pkgs.cacert.unbundled;
|
||||||
|
"gnome.cheese" = gnome.cheese;
|
||||||
|
"gnome.dconf-editor" = gnome.dconf-editor;
|
||||||
|
"gnome.file-roller" = gnome.file-roller;
|
||||||
|
"gnome.gnome-disk-utility" = gnome.gnome-disk-utility;
|
||||||
|
"gnome.gnome-maps" = gnome.gnome-maps;
|
||||||
|
"gnome.nautilus" = gnome.nautilus;
|
||||||
|
"gnome.gnome-system-monitor" = gnome.gnome-system-monitor;
|
||||||
|
"gnome.gnome-terminal" = gnome.gnome-terminal;
|
||||||
|
"gnome.gnome-weather" = gnome.gnome-weather;
|
||||||
|
"libsForQt5.plasmatube" = libsForQt5.plasmatube;
|
||||||
|
});
|
||||||
|
|
||||||
sysadminPkgs = {
|
sysadminPkgs = {
|
||||||
inherit (pkgs // {
|
inherit (flattenedPkgs)
|
||||||
# XXX can't `inherit` a nested attr, so we move them to the toplevel
|
|
||||||
"cacert.unbundled" = pkgs.cacert.unbundled;
|
|
||||||
})
|
|
||||||
btrfs-progs
|
btrfs-progs
|
||||||
"cacert.unbundled" # some services require unbundled /etc/ssl/certs
|
"cacert.unbundled" # some services require unbundled /etc/ssl/certs
|
||||||
cryptsetup
|
cryptsetup
|
||||||
|
@ -70,11 +82,14 @@ let
|
||||||
tuiPkgs = {
|
tuiPkgs = {
|
||||||
inherit (pkgs)
|
inherit (pkgs)
|
||||||
aerc # email client
|
aerc # email client
|
||||||
|
offlineimap # email mailox sync
|
||||||
visidata # TUI spreadsheet viewer/editor
|
visidata # TUI spreadsheet viewer/editor
|
||||||
w3m
|
w3m
|
||||||
;
|
;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# TODO: split these into smaller groups.
|
||||||
|
# - transcoders (ffmpeg, imagemagick) only wanted on desko/lappy ("powerutils"?)
|
||||||
consolePkgs = {
|
consolePkgs = {
|
||||||
inherit (pkgs)
|
inherit (pkgs)
|
||||||
cdrtools
|
cdrtools
|
||||||
|
@ -116,40 +131,22 @@ let
|
||||||
# tageditor # music tagging
|
# tageditor # music tagging
|
||||||
unar
|
unar
|
||||||
wireguard-tools
|
wireguard-tools
|
||||||
|
xdg-utils # for xdg-open
|
||||||
# youtube-dl
|
# youtube-dl
|
||||||
yt-dlp
|
yt-dlp
|
||||||
;
|
;
|
||||||
};
|
};
|
||||||
|
|
||||||
guiPkgs = {
|
guiPkgs = {
|
||||||
inherit (pkgs // (with pkgs; {
|
inherit (flattenedPkgs)
|
||||||
# XXX can't `inherit` a nested attr, so we move them to the toplevel
|
|
||||||
# TODO: could use some "flatten attrs" helper instead
|
|
||||||
"gnome.cheese" = gnome.cheese;
|
|
||||||
"gnome.dconf-editor" = gnome.dconf-editor;
|
|
||||||
"gnome.file-roller" = gnome.file-roller;
|
|
||||||
"gnome.gnome-disk-utility" = gnome.gnome-disk-utility;
|
|
||||||
"gnome.gnome-maps" = gnome.gnome-maps;
|
|
||||||
"gnome.nautilus" = gnome.nautilus;
|
|
||||||
"gnome.gnome-system-monitor" = gnome.gnome-system-monitor;
|
|
||||||
"gnome.gnome-terminal" = gnome.gnome-terminal;
|
|
||||||
"gnome.gnome-weather" = gnome.gnome-weather;
|
|
||||||
"libsForQt5.plasmatube" = libsForQt5.plasmatube;
|
|
||||||
}))
|
|
||||||
audacity
|
|
||||||
celluloid # mpv frontend
|
celluloid # mpv frontend
|
||||||
chromium
|
|
||||||
clinfo
|
clinfo
|
||||||
dino
|
|
||||||
electrum
|
|
||||||
element-desktop
|
|
||||||
emote
|
emote
|
||||||
evince # works on phosh
|
evince # works on phosh
|
||||||
|
|
||||||
# { pkg = fluffychat-moby; dir = [ ".local/share/chat.fluffy.fluffychat" ]; } # TODO: ship normal fluffychat on non-moby?
|
# { pkg = fluffychat-moby; dir = [ ".local/share/chat.fluffy.fluffychat" ]; } # TODO: ship normal fluffychat on non-moby?
|
||||||
|
|
||||||
foliate # e-book reader
|
# foliate # e-book reader
|
||||||
font-manager
|
|
||||||
|
|
||||||
# XXX by default fractal stores its state in ~/.local/share/<UUID>.
|
# XXX by default fractal stores its state in ~/.local/share/<UUID>.
|
||||||
# after logging in, manually change ~/.local/share/keyrings/... to point it to some predictable subdir.
|
# after logging in, manually change ~/.local/share/keyrings/... to point it to some predictable subdir.
|
||||||
|
@ -157,14 +154,11 @@ let
|
||||||
# { pkg = fractal-latest; private = [ ".local/share/fractal" ]; }
|
# { pkg = fractal-latest; private = [ ".local/share/fractal" ]; }
|
||||||
# { pkg = fractal-next; private = [ ".local/share/fractal" ]; }
|
# { pkg = fractal-next; private = [ ".local/share/fractal" ]; }
|
||||||
|
|
||||||
gajim # XMPP client
|
# "gnome.cheese"
|
||||||
gimp # broken on phosh
|
|
||||||
"gnome.cheese"
|
|
||||||
"gnome.dconf-editor"
|
"gnome.dconf-editor"
|
||||||
gnome-feeds # RSS reader (with claimed mobile support)
|
gnome-feeds # RSS reader (with claimed mobile support)
|
||||||
"gnome.file-roller"
|
"gnome.file-roller"
|
||||||
"gnome.gnome-disk-utility"
|
# "gnome.gnome-maps" # works on phosh
|
||||||
"gnome.gnome-maps" # works on phosh
|
|
||||||
"gnome.nautilus"
|
"gnome.nautilus"
|
||||||
# gnome-podcasts
|
# gnome-podcasts
|
||||||
"gnome.gnome-system-monitor"
|
"gnome.gnome-system-monitor"
|
||||||
|
@ -172,21 +166,15 @@ let
|
||||||
"gnome.gnome-weather"
|
"gnome.gnome-weather"
|
||||||
gpodder-configured
|
gpodder-configured
|
||||||
gthumb
|
gthumb
|
||||||
inkscape
|
# lollypop
|
||||||
kdenlive
|
|
||||||
kid3 # audio tagging
|
|
||||||
krita
|
|
||||||
libreoffice-fresh # XXX colin: maybe don't want this on mobile
|
|
||||||
lollypop
|
|
||||||
mpv
|
mpv
|
||||||
networkmanagerapplet
|
networkmanagerapplet
|
||||||
newsflash
|
# newsflash
|
||||||
nheko
|
nheko
|
||||||
obsidian
|
|
||||||
pavucontrol
|
pavucontrol
|
||||||
# picard # music tagging
|
# picard # music tagging
|
||||||
playerctl
|
playerctl
|
||||||
"libsForQt5.plasmatube" # Youtube player
|
# "libsForQt5.plasmatube" # Youtube player
|
||||||
soundconverter
|
soundconverter
|
||||||
# sublime music persists any downloaded albums here.
|
# sublime music persists any downloaded albums here.
|
||||||
# it doesn't obey a conventional ~/Music/{Artist}/{Album}/{Track} notation, so no symlinking
|
# it doesn't obey a conventional ~/Music/{Artist}/{Album}/{Track} notation, so no symlinking
|
||||||
|
@ -194,15 +182,33 @@ let
|
||||||
# possible to pass config as a CLI arg (sublime-music -c config.json)
|
# possible to pass config as a CLI arg (sublime-music -c config.json)
|
||||||
# { pkg = sublime-music; dir = [ ".local/share/sublime-music" ]; }
|
# { pkg = sublime-music; dir = [ ".local/share/sublime-music" ]; }
|
||||||
sublime-music-mobile
|
sublime-music-mobile
|
||||||
tdesktop # broken on phosh
|
# tdesktop # broken on phosh
|
||||||
tokodon
|
# tokodon
|
||||||
vlc
|
vlc
|
||||||
# pleroma client (Electron). input is broken on phosh. TODO(2023/02/02): fix electron19 input (insecure)
|
# pleroma client (Electron). input is broken on phosh. TODO(2023/02/02): fix electron19 input (insecure)
|
||||||
# whalebird
|
# whalebird
|
||||||
xdg-utils # for xdg-open
|
|
||||||
xterm # broken on phosh
|
xterm # broken on phosh
|
||||||
;
|
;
|
||||||
};
|
};
|
||||||
|
desktopGuiPkgs = {
|
||||||
|
inherit (flattenedPkgs)
|
||||||
|
audacity
|
||||||
|
chromium
|
||||||
|
dino
|
||||||
|
electrum
|
||||||
|
element-desktop
|
||||||
|
font-manager
|
||||||
|
gajim # XMPP client
|
||||||
|
gimp # broken on phosh
|
||||||
|
"gnome.gnome-disk-utility"
|
||||||
|
inkscape
|
||||||
|
kdenlive
|
||||||
|
kid3 # audio tagging
|
||||||
|
krita
|
||||||
|
libreoffice-fresh # XXX colin: maybe don't want this on mobile
|
||||||
|
obsidian
|
||||||
|
;
|
||||||
|
};
|
||||||
x86GuiPkgs = {
|
x86GuiPkgs = {
|
||||||
inherit (pkgs)
|
inherit (pkgs)
|
||||||
discord
|
discord
|
||||||
|
@ -235,6 +241,7 @@ in
|
||||||
config = {
|
config = {
|
||||||
sane.programs = mkMerge [
|
sane.programs = mkMerge [
|
||||||
(declarePkgs consolePkgs)
|
(declarePkgs consolePkgs)
|
||||||
|
(declarePkgs desktopGuiPkgs)
|
||||||
(declarePkgs guiPkgs)
|
(declarePkgs guiPkgs)
|
||||||
(declarePkgs iphonePkgs)
|
(declarePkgs iphonePkgs)
|
||||||
(declarePkgs sysadminPkgs)
|
(declarePkgs sysadminPkgs)
|
||||||
|
@ -247,6 +254,10 @@ in
|
||||||
package = null;
|
package = null;
|
||||||
suggestedPrograms = attrNames consolePkgs;
|
suggestedPrograms = attrNames consolePkgs;
|
||||||
};
|
};
|
||||||
|
desktopGuiApps = {
|
||||||
|
package = null;
|
||||||
|
suggestedPrograms = attrNames desktopGuiPkgs;
|
||||||
|
};
|
||||||
guiApps = {
|
guiApps = {
|
||||||
package = null;
|
package = null;
|
||||||
suggestedPrograms = (attrNames guiPkgs)
|
suggestedPrograms = (attrNames guiPkgs)
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
{ hostName, localSystem }:
|
{ hostName, localSystem }:
|
||||||
|
|
||||||
# module args
|
# module args
|
||||||
{ config, ... }:
|
{ config, lib, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
@ -14,14 +14,16 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.hostName = hostName;
|
networking.hostName = hostName;
|
||||||
|
nixpkgs.buildPlatform = lib.mkIf (localSystem != null) localSystem;
|
||||||
|
sane.cross.enablePatches = localSystem != null;
|
||||||
|
|
||||||
nixpkgs.overlays = [
|
# nixpkgs.overlays = [
|
||||||
(next: prev: {
|
# (next: prev: {
|
||||||
# for local != target we by default just emulate the target while building.
|
# # for local != target we by default just emulate the target while building.
|
||||||
# provide a `pkgs.cross.<pkg>` alias that consumers can use instead of `pkgs.<foo>`
|
# # provide a `pkgs.cross.<pkg>` alias that consumers can use instead of `pkgs.<foo>`
|
||||||
# to explicitly opt into non-emulated cross compilation for any specific package.
|
# # to explicitly opt into non-emulated cross compilation for any specific package.
|
||||||
# this is most beneficial for large packages with few pre-requisites -- like Linux.
|
# # this is most beneficial for large packages with few pre-requisites -- like Linux.
|
||||||
cross = prev.crossFrom."${localSystem}";
|
# cross = prev.crossFrom."${localSystem}";
|
||||||
})
|
# })
|
||||||
];
|
# ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -29,7 +29,7 @@ in
|
||||||
# TODO: see about removing gnome-bluetooth if the in-built gnome-settings bluetooth manager can work
|
# TODO: see about removing gnome-bluetooth if the in-built gnome-settings bluetooth manager can work
|
||||||
"gnome.gnome-bluetooth"
|
"gnome.gnome-bluetooth"
|
||||||
"phosh-mobile-settings"
|
"phosh-mobile-settings"
|
||||||
"plasma5Packages.konsole" # more reliable terminal
|
# "plasma5Packages.konsole" # more reliable terminal
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -49,6 +49,12 @@ in
|
||||||
(mkIf cfg.enable {
|
(mkIf cfg.enable {
|
||||||
sane.programs.phoshApps.enableFor.user.colin = true;
|
sane.programs.phoshApps.enableFor.user.colin = true;
|
||||||
|
|
||||||
|
# TODO(2023/02/28): remove this qt.style = "gtk2" override.
|
||||||
|
# gnome by default tells qt to stylize its apps similar to gnome.
|
||||||
|
# but the package needed for that doesn't cross-compile, hence i disable that here.
|
||||||
|
qt.platformTheme = "gtk2";
|
||||||
|
qt.style = "gtk2";
|
||||||
|
|
||||||
# docs: https://github.com/NixOS/nixpkgs/blob/nixos-22.05/nixos/modules/services/x11/desktop-managers/phosh.nix
|
# docs: https://github.com/NixOS/nixpkgs/blob/nixos-22.05/nixos/modules/services/x11/desktop-managers/phosh.nix
|
||||||
services.xserver.desktopManager.phosh = {
|
services.xserver.desktopManager.phosh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -63,6 +69,26 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# phosh enables `services.gnome.{core-os-services, core-shell}`
|
||||||
|
# and this in turn enables some default apps we don't really care about.
|
||||||
|
# see <nixos/modules/services/x11/desktop-managers/gnome.nix>
|
||||||
|
environment.gnome.excludePackages = with pkgs; [
|
||||||
|
# gnome.gnome-menus # unused outside gnome classic, but probably harmless
|
||||||
|
gnome-tour
|
||||||
|
];
|
||||||
|
services.dleyna-renderer.enable = false;
|
||||||
|
services.dleyna-server.enable = false;
|
||||||
|
services.gnome.gnome-browser-connector.enable = false;
|
||||||
|
services.gnome.gnome-initial-setup.enable = false;
|
||||||
|
services.gnome.gnome-online-accounts.enable = false;
|
||||||
|
services.gnome.gnome-remote-desktop.enable = false;
|
||||||
|
services.gnome.gnome-user-share.enable = false;
|
||||||
|
services.gnome.rygel.enable = false;
|
||||||
|
|
||||||
|
# gnome doesn't use mkDefault for these -- unclear why not
|
||||||
|
services.gnome.evolution-data-server.enable = mkForce false;
|
||||||
|
services.gnome.gnome-online-miners.enable = mkForce false;
|
||||||
|
|
||||||
# XXX: phosh enables networkmanager by default; can probably disable these lines
|
# XXX: phosh enables networkmanager by default; can probably disable these lines
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
networking.networkmanager.enable = true;
|
networking.networkmanager.enable = true;
|
||||||
|
@ -85,6 +111,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.dconf.packages = [
|
programs.dconf.packages = [
|
||||||
|
# org.kde.konsole.desktop
|
||||||
(pkgs.writeTextFile {
|
(pkgs.writeTextFile {
|
||||||
name = "dconf-phosh-settings";
|
name = "dconf-phosh-settings";
|
||||||
destination = "/etc/dconf/db/site.d/00_phosh_settings";
|
destination = "/etc/dconf/db/site.d/00_phosh_settings";
|
||||||
|
@ -97,7 +124,7 @@ in
|
||||||
sleep-inactive-battery-timeout=5400
|
sleep-inactive-battery-timeout=5400
|
||||||
|
|
||||||
[sm/puri/phosh]
|
[sm/puri/phosh]
|
||||||
favorites=['gpodder.desktop', 'nheko.desktop', 'sublime-music.desktop', 'firefox.desktop', 'org.kde.konsole.desktop']
|
favorites=['gpodder.desktop', 'nheko.desktop', 'sublime-music.desktop', 'firefox.desktop', 'org.gnome.Terminal.desktop']
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
|
|
22
nixpatches/2023-01-30-mesa-cma-leak.patch
Normal file
22
nixpatches/2023-01-30-mesa-cma-leak.patch
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix
|
||||||
|
index 56fa74e5c0c..3573bb0af49 100644
|
||||||
|
--- a/pkgs/development/libraries/mesa/default.nix
|
||||||
|
+++ b/pkgs/development/libraries/mesa/default.nix
|
||||||
|
@@ -88,7 +88,7 @@
|
||||||
|
let
|
||||||
|
# Release calendar: https://www.mesa3d.org/release-calendar.html
|
||||||
|
# Release frequency: https://www.mesa3d.org/releasing.html#schedule
|
||||||
|
- version = "22.3.4";
|
||||||
|
+ version = "22.3.2";
|
||||||
|
branch = lib.versions.major version;
|
||||||
|
|
||||||
|
withLibdrm = lib.meta.availableOn stdenv.hostPlatform libdrm;
|
||||||
|
@@ -120,7 +120,7 @@ self = stdenv.mkDerivation {
|
||||||
|
"ftp://ftp.freedesktop.org/pub/mesa/${version}/mesa-${version}.tar.xz"
|
||||||
|
"ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz"
|
||||||
|
];
|
||||||
|
- sha256 = "37a1ddaf03f41919ee3c89c97cff41e87de96e00e9d3247959cc8279d8294593";
|
||||||
|
+ sha256 = "c15df758a8795f53e57f2a228eb4593c22b16dffd9b38f83901f76cd9533140b";
|
||||||
|
};
|
||||||
|
|
||||||
|
# TODO:
|
|
@ -2,16 +2,15 @@
|
||||||
"nodes": {
|
"nodes": {
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1673163619,
|
"lastModified": 1675123384,
|
||||||
"narHash": "sha256-B33PFBL64ZgTWgMnhFL3jgheAN/DjHPsZ1Ih3z0VE5I=",
|
"narHash": "sha256-RpU+kboEWlIYwbRMGIPBIcztH63CvmqWN1B8GpJogd4=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "8c54d842d9544361aac5f5b212ba04e4089e8efe",
|
"rev": "e0fa1ece2f3929726c9b98c539ad14b63ae8e4fd",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"id": "nixpkgs",
|
"id": "nixpkgs",
|
||||||
"ref": "nixos-22.11",
|
|
||||||
"type": "indirect"
|
"type": "indirect"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
|
@ -21,8 +21,20 @@
|
||||||
# hash = "sha256-PnPzvJymafa+zjkauQW0LzFsJC7S+7D9JRszTE3in+w=";
|
# hash = "sha256-PnPzvJymafa+zjkauQW0LzFsJC7S+7D9JRszTE3in+w=";
|
||||||
# })
|
# })
|
||||||
|
|
||||||
|
# (fetchpatch {
|
||||||
|
# # stdenv: fix cc for pseudo-crosscompilation
|
||||||
|
# # closed because it breaks pkgsStatic (as of 2023/02/12)
|
||||||
|
# url = "https://github.com/NixOS/nixpkgs/pull/196497.diff";
|
||||||
|
# hash = "sha256-eTwEbVULYjmOW7zUFcTUqvBZqUFjHTKFhvmU2m3XQeo=";
|
||||||
|
# })
|
||||||
|
|
||||||
./2022-12-19-i2p-aarch64.patch
|
./2022-12-19-i2p-aarch64.patch
|
||||||
|
|
||||||
|
# fix for CMA memory leak in mesa: <https://gitlab.freedesktop.org/mesa/mesa/-/issues/8198>
|
||||||
|
# only necessary on aarch64.
|
||||||
|
# it's a revert of nixpkgs commit dcf630c172df2a9ecaa47c77f868211e61ae8e52
|
||||||
|
./2023-01-30-mesa-cma-leak.patch
|
||||||
|
|
||||||
# # kaiteki: init at 2022-09-03
|
# # kaiteki: init at 2022-09-03
|
||||||
# vendorHash changes too frequently (might not be reproducible).
|
# vendorHash changes too frequently (might not be reproducible).
|
||||||
# using local package defn until stabilized
|
# using local package defn until stabilized
|
||||||
|
|
187
overlays/disable-flakey-tests.nix
Normal file
187
overlays/disable-flakey-tests.nix
Normal file
|
@ -0,0 +1,187 @@
|
||||||
|
# disable tests for packages which flake.
|
||||||
|
# tests will fail for a variety of reasons:
|
||||||
|
# - they were coded with timeouts that aren't reliable under heavy load.
|
||||||
|
# - they assume a particular architecture (e.g. x86) whereas i compile on multiple archs.
|
||||||
|
# - they assume too much about their environment and fail under qemu.
|
||||||
|
#
|
||||||
|
(next: prev: {
|
||||||
|
ell = prev.ell.overrideAttrs (_upstream: {
|
||||||
|
# 2023/02/11
|
||||||
|
# fixes "TEST FAILED in get_random_return_callback at unit/test-dbus-message-fds.c:278: !l_dbus_message_get_error(message, ((void *)0), ((void *)0))"
|
||||||
|
# unclear *why* this test fails.
|
||||||
|
doCheck = false;
|
||||||
|
});
|
||||||
|
fish = prev.fish.overrideAttrs (_upstream: {
|
||||||
|
# 2023/02/28
|
||||||
|
# The following tests FAILED:
|
||||||
|
# 177 - sigint.fish (Failed)
|
||||||
|
# 241 - torn_escapes.py (Failed)
|
||||||
|
doCheck = false;
|
||||||
|
});
|
||||||
|
gjs = prev.gjs.overrideAttrs (_upstream: {
|
||||||
|
# 2023/01/30: one test times out. probably flakey test that only got built because i patched mesa.
|
||||||
|
doCheck = false;
|
||||||
|
});
|
||||||
|
gssdp = prev.gssdp.overrideAttrs (_upstream: {
|
||||||
|
# 2023/02/11
|
||||||
|
# fixes "ERROR:../tests/test-regression.c:429:test_ggo_7: assertion failed (error == NULL): Failed to set multicast interfaceProtocol not available (gssdp-error, 1)"
|
||||||
|
doCheck = false;
|
||||||
|
});
|
||||||
|
gupnp = prev.gupnp.overrideAttrs (_upstream: {
|
||||||
|
# 2023/02/22
|
||||||
|
# fixes "Bail out! ERROR:../tests/test-bugs.c:205:test_bgo_696762: assertion failed (error == NULL): Failed to set multicast interfaceProtocol not available (gssdp-erro>"
|
||||||
|
doCheck = false;
|
||||||
|
});
|
||||||
|
json-glib = prev.json-glib.overrideAttrs (_upstream: {
|
||||||
|
# 2023/02/11
|
||||||
|
# fixes: "15/15 json-glib:docs / doc-check TIMEOUT 30.52s killed by signal 15 SIGTERM"
|
||||||
|
doCheck = false;
|
||||||
|
});
|
||||||
|
lapack-reference = prev.lapack-reference.overrideAttrs (_upstream: {
|
||||||
|
# 2023/02/11: test timeouts
|
||||||
|
# > The following tests FAILED:
|
||||||
|
# > 93 - LAPACK-xlintstz_ztest_in (Timeout)
|
||||||
|
# > 98 - LAPACK-xeigtstz_svd_in (Timeout)
|
||||||
|
# > 99 - LAPACK-xeigtstz_zec_in (Timeout)
|
||||||
|
doCheck = false;
|
||||||
|
});
|
||||||
|
libadwaita = prev.libadwaita.overrideAttrs (_upstream: {
|
||||||
|
# 2023/01/30: one test times out. probably flakey test that only got built because i patched mesa.
|
||||||
|
doCheck = false;
|
||||||
|
});
|
||||||
|
libsecret = prev.libsecret.overrideAttrs (_upstream: {
|
||||||
|
# 2023/01/30: one test times out. probably flakey test that only got built because i patched mesa.
|
||||||
|
doCheck = false;
|
||||||
|
});
|
||||||
|
libuv = prev.libuv.overrideAttrs (_upstream: {
|
||||||
|
# 2023/02/11
|
||||||
|
# 2 tests fail:
|
||||||
|
# - not ok 261 - tcp_bind6_error_addrinuse
|
||||||
|
# - not ok 267 - tcp_bind_error_addrinuse_listen
|
||||||
|
doCheck = false;
|
||||||
|
});
|
||||||
|
|
||||||
|
llvmPackages_12 =
|
||||||
|
let
|
||||||
|
tools = prev.llvmPackages_12.tools.extend (self: super: {
|
||||||
|
libllvm = super.libllvm.overrideAttrs (upstream: {
|
||||||
|
# 2023/02/21: fix: "FAIL: LLVM-Unit :: ExecutionEngine/MCJIT/./MCJITTests/MCJITTest.return_global (2857 of 42084)"
|
||||||
|
# - nix log /nix/store/6vydavlxh1gvs0vmrkcx9qp67g3h7kcz-llvm-12.0.1.drv
|
||||||
|
# - wanted by sequoia, rav1e, rustc-1.66.1 (is this right?)
|
||||||
|
doCheck = false;
|
||||||
|
# upstream sets this with `rec`; TODO: have upstream refer to the final overrideAttrs version of the derivation instead of using rec.
|
||||||
|
cmakeFlags = next.lib.remove "-DLLVM_BUILD_TESTS=ON" upstream.cmakeFlags;
|
||||||
|
});
|
||||||
|
});
|
||||||
|
in
|
||||||
|
# see <nixpkgs:pkgs/development/compilers/llvm/12/default.nix>
|
||||||
|
# - we copy their strategy / attrset mutilation
|
||||||
|
prev.llvmPackages_12 // { inherit tools; } // tools;
|
||||||
|
|
||||||
|
llvmPackages_14 =
|
||||||
|
let
|
||||||
|
tools = prev.llvmPackages_14.tools.extend (self: super: {
|
||||||
|
libllvm = super.libllvm.overrideAttrs (upstream: {
|
||||||
|
# 2023/02/21: fix: "FAIL: LLVM-Unit :: ExecutionEngine/MCJIT/./MCJITTests/MCJITMultipleModuleTest.two_module_global_variables_case (43769 of 46988)"
|
||||||
|
# - nix log /nix/store/ib2yw6sajnhlmibxkrn7lj7chllbr85h-llvm-14.0.6.drv
|
||||||
|
# - wanted by clang-11-12-LLVMgold-path, compiler-rt-libc-12.0.1, clang-wrapper-12.0.1 (is this right?)
|
||||||
|
doCheck = false;
|
||||||
|
# upstream sets this with `rec`; TODO: have upstream refer to the final overrideAttrs version of the derivation instead of using rec.
|
||||||
|
cmakeFlags = next.lib.remove "-DLLVM_BUILD_TESTS=ON" upstream.cmakeFlags;
|
||||||
|
});
|
||||||
|
});
|
||||||
|
in
|
||||||
|
# see <nixpkgs:pkgs/development/compilers/llvm/14/default.nix>
|
||||||
|
# - we copy their strategy / attrset mutilation
|
||||||
|
prev.llvmPackages_14 // { inherit tools; } // tools;
|
||||||
|
|
||||||
|
llvmPackages_15 =
|
||||||
|
let
|
||||||
|
tools = prev.llvmPackages_15.tools.extend (self: super: {
|
||||||
|
libllvm = super.libllvm.override {
|
||||||
|
# 2023/02/21: fix: "FAIL: LLVM-Unit :: ExecutionEngine/MCJIT/./MCJITTests/..."
|
||||||
|
# llvm15 passes doCheck as a call arg, so we don't need to set cmakeFlags explicitly as in previous versions
|
||||||
|
doCheck = false;
|
||||||
|
};
|
||||||
|
});
|
||||||
|
in
|
||||||
|
prev.llvmPackages_15 // { inherit tools; } // tools;
|
||||||
|
|
||||||
|
modemmanager = prev.modemmanager.overrideAttrs (_upstream: {
|
||||||
|
# 2023/02/25
|
||||||
|
# "ERROR:test-modem-helpers.c:257:test_cmgl_response: assertion failed: (list != NULL)"
|
||||||
|
doCheck = false;
|
||||||
|
doInstallCheck = false; # tests are run during install check??
|
||||||
|
});
|
||||||
|
|
||||||
|
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
|
||||||
|
(py-next: py-prev: {
|
||||||
|
ipython = py-prev.ipython.overridePythonAttrs (upstream: {
|
||||||
|
# > FAILED IPython/core/tests/test_debugger.py::test_xmode_skip - pexpect.exceptions.TIMEOUT: Timeout exceeded.
|
||||||
|
# > FAILED IPython/core/tests/test_debugger.py::test_decorator_skip - pexpect.exceptions.TIMEOUT: Timeout exceeded.
|
||||||
|
# > FAILED IPython/core/tests/test_debugger.py::test_decorator_skip_disabled - pexpect.exceptions.TIMEOUT: Timeout exceeded.
|
||||||
|
# > FAILED IPython/core/tests/test_debugger.py::test_decorator_skip_with_breakpoint - pexpect.exceptions.TIMEOUT: Timeout exceeded.
|
||||||
|
# > FAILED IPython/core/tests/test_debugger.py::test_where_erase_value - pexpect.exceptions.TIMEOUT: Timeout exceeded.
|
||||||
|
# > FAILED IPython/terminal/tests/test_debug_magic.py::test_debug_magic_passes_through_generators - pexpect.exceptions.TIMEOUT: Timeout exceeded.
|
||||||
|
# > FAILED IPython/terminal/tests/test_embed.py::test_nest_embed - pexpect.exceptions.TIMEOUT: Timeout exceeded.
|
||||||
|
disabledTestPaths = upstream.disabledTestPaths or [] ++ [
|
||||||
|
"IPython/core/tests/test_debugger.py"
|
||||||
|
"IPython/terminal/tests/test_debug_magic.py"
|
||||||
|
"IPython/terminal/tests/test_embed.py"
|
||||||
|
];
|
||||||
|
});
|
||||||
|
pytest-xdist = py-prev.pytest-xdist.overridePythonAttrs (upstream: {
|
||||||
|
# 2023/02/19
|
||||||
|
# 4 tests fail:
|
||||||
|
# - FAILED: testing/test_remote.py::TestWorkInteractor::* - execnet.gateway_base.TimeoutError: no item after 10.0 seconds
|
||||||
|
# doCheck = false;
|
||||||
|
disabledTestPaths = upstream.disabledTestPaths or [] ++ [
|
||||||
|
"testing/test_remote.py"
|
||||||
|
];
|
||||||
|
# disabledTests = upstream.disabledTests or [] ++ [
|
||||||
|
# "test_basic_collect_and_runtests"
|
||||||
|
# "test_remote_collect_fail"
|
||||||
|
# "test_remote_collect_skip"
|
||||||
|
# "test_runtests_all"
|
||||||
|
# ];
|
||||||
|
});
|
||||||
|
twisted = py-prev.twisted.overridePythonAttrs (upstream: {
|
||||||
|
# 2023/02/25
|
||||||
|
# ```
|
||||||
|
# [ERROR]
|
||||||
|
# Traceback (most recent call last):
|
||||||
|
# File "/nix/store/dcnsxrn8rsfk1dghah7md5glbbnfysq3-python3.10-twisted-22.10.0/lib/python3.10/site-packages/twisted/test/test_udp.py", line 645, in test_interface
|
||||||
|
# self.assertEqual(self.client.transport.getOutgoingInterface(), "0.0.0.0")
|
||||||
|
# File "/nix/store/dcnsxrn8rsfk1dghah7md5glbbnfysq3-python3.10-twisted-22.10.0/lib/python3.10/site-packages/twisted/internet/udp.py", line 449, in getOutgoingInterface
|
||||||
|
# i = self.socket.getsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_IF)
|
||||||
|
# builtins.OSError: [Errno 92] Protocol not available
|
||||||
|
#
|
||||||
|
# twisted.test.test_udp.MulticastTests.test_interface
|
||||||
|
# ```
|
||||||
|
postPatch = upstream.postPatch + ''
|
||||||
|
echo 'MulticastTests.test_interface.skip = "Protocol not available"'>> src/twisted/test/test_udp.py
|
||||||
|
'';
|
||||||
|
});
|
||||||
|
})
|
||||||
|
];
|
||||||
|
strp = prev.srtp.overrideAttrs (_upstream: {
|
||||||
|
# 2023/02/11
|
||||||
|
# roc_driver test times out after 30s
|
||||||
|
doCheck = false;
|
||||||
|
});
|
||||||
|
tracker = prev.tracker.overrideAttrs (_upstream: {
|
||||||
|
# 2023/02/22
|
||||||
|
# "27/37 tracker:core / service TIMEOUT 60.37s killed by signal 15 SIGTERM"
|
||||||
|
doCheck = false;
|
||||||
|
});
|
||||||
|
udisks2 = prev.udisks2.overrideAttrs (_upstream: {
|
||||||
|
# 2023/02/25
|
||||||
|
# "udisks-test:ERROR:test.c:61:on_completed_expect_failure: assertion failed (message == expected_message): ("Command-line `./udisks-test-helper 4' was signaled with signal SIGSEGV (11):\nstdout: `OK, deliberately causing a segfault\n'\nstderr: `qemu: uncaught target signal 11 (Segmentation fault) - core dumped\n'" == "Command-line `./udisks-test-helper 4' was signaled with signal SIGSEGV (11): OK, deliberately causing a segfault\n")"
|
||||||
|
doCheck = false;
|
||||||
|
});
|
||||||
|
upower = prev.upower.overrideAttrs (_upstream: {
|
||||||
|
# 2023/02/25
|
||||||
|
# "Tests.test_battery_state_guessing TIMEOUT 60.80s killed by signal 15 SIGTERM"
|
||||||
|
doCheck = false;
|
||||||
|
});
|
||||||
|
})
|
|
@ -4,6 +4,12 @@
|
||||||
# - if it's broken by that upstream builder, then pin it: somebody will come along and fix the package.
|
# - if it's broken by that upstream builder, then pin it: somebody will come along and fix the package.
|
||||||
# - otherwise, search github issues/PRs for knowledge of it before pinning.
|
# - otherwise, search github issues/PRs for knowledge of it before pinning.
|
||||||
# - if nobody's said anything about it yet, probably want to root cause it or hold off on updating.
|
# - if nobody's said anything about it yet, probably want to root cause it or hold off on updating.
|
||||||
|
#
|
||||||
|
# note that these pins apply to *all* platforms:
|
||||||
|
# - natively compiled packages
|
||||||
|
# - cross compiled packages
|
||||||
|
# - qemu-emulated packages
|
||||||
|
|
||||||
(next: prev: {
|
(next: prev: {
|
||||||
# XXX: when invoked outside our flake (e.g. via NIX_PATH) there is no `next.stable`,
|
# XXX: when invoked outside our flake (e.g. via NIX_PATH) there is no `next.stable`,
|
||||||
# so just forward the unstable packages.
|
# so just forward the unstable packages.
|
||||||
|
|
|
@ -1,19 +1,35 @@
|
||||||
{ makeWrapper
|
{ stdenv
|
||||||
|
, gnome-feeds
|
||||||
, gpodder
|
, gpodder
|
||||||
, linkFarm
|
, makeWrapper
|
||||||
|
, python3
|
||||||
, symlinkJoin
|
, symlinkJoin
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
remove-extra = linkFarm "gpodder-remove-extra" [
|
pyEnv = python3.withPackages (_ps: [ gnome-feeds.listparser ]);
|
||||||
{ name = "bin/gpodder-remove-extra"; path = ./remove_extra.py; }
|
remove-extra = stdenv.mkDerivation {
|
||||||
];
|
pname = "gpodder-remove-extra";
|
||||||
|
version = "0.1.0";
|
||||||
|
|
||||||
|
src = ./.;
|
||||||
|
|
||||||
|
patchPhase = ''
|
||||||
|
substituteInPlace ./remove_extra.py \
|
||||||
|
--replace "#!/usr/bin/env nix-shell" "#!${pyEnv.interpreter}"
|
||||||
|
'';
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out/bin
|
||||||
|
mv remove_extra.py $out/bin/gpodder-remove-extra
|
||||||
|
'';
|
||||||
|
};
|
||||||
in
|
in
|
||||||
# we use a symlinkJoin so that we can inherit the .desktop and icon files from the original gPodder
|
# we use a symlinkJoin so that we can inherit the .desktop and icon files from the original gPodder
|
||||||
(symlinkJoin {
|
(symlinkJoin {
|
||||||
name = "gpodder-configured";
|
name = "gpodder-configured";
|
||||||
paths = [ gpodder remove-extra ];
|
paths = [ gpodder remove-extra ];
|
||||||
buildInputs = [ makeWrapper ];
|
nativeBuildInputs = [ makeWrapper ];
|
||||||
|
|
||||||
# gpodder keeps all its feeds in a sqlite3 database.
|
# gpodder keeps all its feeds in a sqlite3 database.
|
||||||
# we can configure the feeds externally by wrapping gpodder and just instructing it to import
|
# we can configure the feeds externally by wrapping gpodder and just instructing it to import
|
||||||
|
@ -29,4 +45,8 @@ in
|
||||||
unlink $out/share/applications/gpodder.desktop
|
unlink $out/share/applications/gpodder.desktop
|
||||||
sed "s:Exec=.*:Exec=$out/bin/gpodder-configured:" $orig_desktop > $out/share/applications/gpodder.desktop
|
sed "s:Exec=.*:Exec=$out/bin/gpodder-configured:" $orig_desktop > $out/share/applications/gpodder.desktop
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
passthru = {
|
||||||
|
remove-extra = remove-extra;
|
||||||
|
};
|
||||||
})
|
})
|
||||||
|
|
13
readme.md
13
readme.md
|
@ -32,6 +32,13 @@ this can then be `dd`'d onto a disk and directly booted from a EFI system.
|
||||||
there's some post-processing to do before running a rebuild on the deployed system (deploying ssh keys, optionally changing fs UUIDs, etc).
|
there's some post-processing to do before running a rebuild on the deployed system (deploying ssh keys, optionally changing fs UUIDs, etc).
|
||||||
refer to flake.nix for more details.
|
refer to flake.nix for more details.
|
||||||
|
|
||||||
|
## remote deployment
|
||||||
|
|
||||||
|
some of my systems support cross compilation (i.e. building from x86-64 for an aarch64 host without using emulation).
|
||||||
|
- `nixos-rebuild --flake '.#cross-moby' build`
|
||||||
|
- `sudo nix sign-paths -r -k /run/secrets/nix_serve_privkey $(readlink ./result)`
|
||||||
|
- `nixos-rebuild --flake '.#cross-moby' switch --target-host colin@moby --use-remote-sudo`
|
||||||
|
|
||||||
## building packages
|
## building packages
|
||||||
|
|
||||||
build anything with
|
build anything with
|
||||||
|
@ -45,11 +52,15 @@ on the other hand the `packages` output contains only my own packages.
|
||||||
|
|
||||||
in addition, my packages are placed into both the global scope and a `sane` scope.
|
in addition, my packages are placed into both the global scope and a `sane` scope.
|
||||||
so use the scoped path when you want to be explicit.
|
so use the scoped path when you want to be explicit.
|
||||||
|
|
||||||
```
|
```
|
||||||
nix build sane.linux-megous
|
nix build sane.linux-megous
|
||||||
```
|
```
|
||||||
|
|
||||||
|
to build a package precisely how a specific host would see it (in case the host's config customizes it):
|
||||||
|
```
|
||||||
|
nix build '.#host-pkgs.moby-cross.xdg-utils'
|
||||||
|
```
|
||||||
|
|
||||||
## using this repo in your own config
|
## using this repo in your own config
|
||||||
|
|
||||||
this should be a pretty "standard" flake. just reference it, and import either
|
this should be a pretty "standard" flake. just reference it, and import either
|
||||||
|
|
48
secrets/universal/offlineimaprc.bin
Normal file
48
secrets/universal/offlineimaprc.bin
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
{
|
||||||
|
"data": "ENC[AES256_GCM,data:YQ3g+zqZoOv6+cjsxahFLlzzJsyNmIzOf0UW/V5Q8WJ5BlfJem/u9SJd9HbYfAZuTGkSzRVTvC3woivV0WOCf+EZ1SPSOLwCFtNKh0kgIsSbZRHJqfMQPzZkd93tAARXj7Gtgi2yGGvIhW9MTDvUDDW1umho46fP61f9JRPflAXRu9JwEDpwVIIkAqk4Jdq3G3wnrkjK7fNQkpULAYqDJzH7IeUUNFbt1/tsI8uj1bzpYzjLkZ9r8grgSO7mpt2h4vPdGrd+XVRT0WG/MLZnukN9rXDfHkrqFtn4XBkp+biQj4RFflNr9/FyZUEqb5wvB5pMMatRdv+PUdgtuSQubfKPHdYXic0Bi+Lgm3gA8FlYnel6dP5I8DXgo4Jupyhw/KMTySn3nhHrhFieSmTItZZ1KKtaQxFGNdnYVcCJCUkwKNM6M5nX+LryxD9MkAn+L2o11QYW6q9HhxO+hXi0IWfq9aRRtU/mw2Og7nA9oesoJqmid7zXVsErsRhnFlEHt7Z6qCbnhcC9lyT/KhK4E0+sJpeukyDVmNAb31040zIKEOQMFyMHw1nRFHxth4Kw2AGIRA/UiB1JxR/QW+1tZSB8MPS6GtklXE6GAlphAnssrkIc+5L+bWJTOwSYsw6T6SYCMO5I/0OEgZTys6/dYVLSl6GVmYb5Ck8GEzOx7W1fnFQt7KepZUTGstMQ0CsI1zktmXzJel1C+MBga7IC6+P8mB42GZv1mBRiEGs8fjo3HqaoF3omC/7FUrc6UlQnExMEXqgm7jbENL5mfk04zS1YzbMHR6JZapVSD8ykHMkGSYbpqhzgcam0c6aQLD7mGcMZ4L+2FZtgnSPmmfjKxlZJIQE66NWq586N7e+7SWSi9rqEstXGhAahM1RWIog4EW3npOUmNBbz152QaYZeNNTYE+L/9n+oVeWT0evlHxiCpATxgo+DoR6z66U5QYN5EFXcsR/I1s2UUc8xTwwjgEfXkM/IEZUkEHH/kZNJPdmqtpA=,iv:HYjtUSGs1JgxE8HzZ+xYUZoPYanOC6HAVlIdJR8O77o=,tag:teJOFIMtHLs9yzDQIPV0oA==,type:str]",
|
||||||
|
"sops": {
|
||||||
|
"kms": null,
|
||||||
|
"gcp_kms": null,
|
||||||
|
"azure_kv": null,
|
||||||
|
"hc_vault": null,
|
||||||
|
"age": [
|
||||||
|
{
|
||||||
|
"recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4Wmx4QUZSZVFYM1NjRGxO\nRzhmSGV1RTViTjljM0kyaitsV05Jc1dQcXpNCjdFR1FWTFY0L1NkclVJQ2t2bk1P\nNk1WeDA4TE9Zcjc2MkNTeDltQk5TSW8KLS0tIGIvcmNVdDN6eldMamxrWUJ0ekZF\nWlcyN0haZFpmQVcyWS9vOFBHVmFiamMKwROo4FD5Y6TiSDK8byxAq4T9Rtvy1Dr+\nExZFzLeJxXBukLJgzxV8UpBNbcGejetyOZiH+GPwdwO4QKlMGiCsog==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEYzhiZjFVWEZidGJpRkpl\nOSszdUNiWDlIMVVTaGFVdi9oZjFoYVhwOFM0CjFNR0ZadExxZDBnOEU1eEJXaHda\nK0NyWmhHZzdSOHFHbEYrQnhwMTcxdVUKLS0tIGd0WjFOczRCSkpkZFpOSDdlTFhG\nQUFQMlRDa1YwM0F0N2U2ZFdxa3YrMFEKXNdULEzPEh3Wk+PxgRt0fypVNAaa682u\nMZBfQbNnAOVU5xlM66+YGWXY/ENWwr3nEauNKq7pWLZqQOCA9RnvvQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1TFcvWll5RGZDeU5RYnpS\nb1hHcG4vbzBxL3RiRjl2eUhGbHFjSTJYZ0hBCkhyQUtacktuR0ZZNkM3cEdyMTd1\nVnpMZlNPL1NzcUZzWnd0VC9veW1jL0UKLS0tIHdQalI4N3ZRVFdsMEtCUllBREZG\nUmdQYVVqUGZ0QXJKODFvblgvYnRnZTgKKMmEswejP1HdEtg9hK10pRlt89Iz2iF8\npcZTBFjMnahLvxI4M8HCF7ESxI46jebyna43ZzELQQLPGLuZG0n3Bg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1zsrsvd7j6l62fjxpfd2qnhqlk8wk4p8r0dtxpe4sdgnh2474095qdu7xj9",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBScXJpV2NkMFhJaDNGVHRZ\nVlRCZVkzSWFyTFRCUktYNFNYekwrNkpITUMwCkZlZm14Q2dZVGlFd2VZZWpmSFU4\nelhNVmE1b015YWYzcGRRa2VMS1ErMDQKLS0tIHFxaEJ4M3cxSHlNV2ppaFUzcTlk\nZWVuN085TnRES0ZGZko3Ym9vOXRhSEEKU8YZFKtDzokS1OXlqA3vBe2C5N7Em+Oq\nDh5N+2qrvqKUzT/YVg9j/YIPswrn2WMJ2xgMgT5VVK+2kn38fk4n4A==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1vnw7lnfpdpjn62l3u5nyv5xt2c965k96p98kc43mcnyzpetrts9q54mc9v",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZWWFFZGVPTEVlc1hvQ3Qy\nUTNrc1Y0ek9ONlQ0RzlkbTNWangrdnFVZ0hNCkovNCtkaG9JUlpnRFJBMFE0Nmkz\nNXByUjlLRUd6RUV1OU53UjBEZnNjTUUKLS0tIDd4S3VrVDkvanlzZStkYllQT3NN\nYWxyYW1pVmt3djIyWVhtdEZCVlducmMKI94q+UTXpUGa/up0lVbWqmBYcPpuoLZD\neW2KbX2MTzotJVXlJyckYvaylEyyN1pKO37OViPnzik2cJYCyD8QSQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1w7mectcjku6x3sd8plm8wkn2qfrhv9n6zhzlf329e2r2uycgke8qkf9dyn",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhN2ZkbzB1K0g4V0NPQ21x\nckQ3MFVwZzBwNDMzVk9mb0YvVmJxYm5hTTB3CkgzWTR1dUkrdkFKeDBjNWpCcnl2\nY2lCU0dPcUh1VXdWbExST29nRFFQcHMKLS0tIEFucEpGc2s4VGhGYWlQQW9Kd1pt\nTGY5YURVa1NYUit1UHpPVm4zTHNTVVUKTyKPabMpXBkiV9MSfoJr41DfJjzW6FVP\nHWVfUwoVeKEYVJEPYIcso4kywroBWJ5tBpeOdsbth9en3TOHHlBXCQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvN2dvUDRXUWc2eVVoQ2xK\ndXc2anJZVjhobjJrODVlbXNuZjNhZ2lpNERnCkN6V0Y2QmlGNHVJM3JoQ3hwbHJo\nTncrVVN3R0wvQVAzb293WFpCV29BNUEKLS0tIFdhV3RSbkZQVVBxVWpuYzk4bzZt\nekhxSEFFMHRBZWZaOWxUVnFUbkluUFUK53HBDttykEO7lB/86d/ey4I4AZsLrvLm\n7J/rItqQeNJ1qYp/J3HSilbDZmQBI8jM95SP75tUPsmWndK1i9gHlA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age18vq5ktwgeaysucvw9t67drqmg5zd5c5k3le34yqxckkfj7wqdqgsd4ejmt",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHNXB2dkJoMzlJRlJxbGRS\nNTl2YmRUb3YxdEcwRnhuT1RHMTJMNm1MQUZjCkMrNGEzV05sdWc1OUROU2V2UVlJ\nSGl1bGxNSzBZalRZd0YyMElEbGlXZWsKLS0tIFRVQmpqRGNmTW9YaTN2Y0JtNHp6\nbkw0dTlmNVFwQkl6Q1ZIcUNxTGp2TzAKaZawNzF3mYl/m0X/IbfWL8WhLllF6fkT\nl5BQg3uMLC4pTnRcZHmBLrzRHhoOy9qLLkiimkQaseUhI+hAUt9bAQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"lastmodified": "2023-03-03T08:41:07Z",
|
||||||
|
"mac": "ENC[AES256_GCM,data:cxu1p3O0CLiIrqD7HrFUiDPrbF7N3puR3C6VKLfmWa0liHIrkwylOHhyP2WYL1GnbXrMdSZEZ9W487yqsFMiVLyVYmvrg6/TB0I936+PdPgb3miBlb1aE+g23FHQNbpTthbdLJow2tbw1n152ZwtjHPZ+swQhoexeZrpNJipBZ4=,iv:/uua9R2uXvJISgETRBaAREFW3+DsAi+dN4DoMMYHKi8=,tag:wUITr1eIhndhK6EVEyOmog==,type:str]",
|
||||||
|
"pgp": null,
|
||||||
|
"unencrypted_suffix": "_unencrypted",
|
||||||
|
"version": "3.7.3"
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user