Compare commits

...

62 Commits

Author SHA1 Message Date
3fc0233d42 programs: split the guiApps category into slightly smaller bits 2023-02-10 00:47:10 +00:00
9a44b96f57 moby: ship some of the base apps 2023-02-10 00:46:27 +00:00
690307e198 cross packages: cross compile more stuff 2023-02-10 00:46:04 +00:00
3da6e1fb41 gpodder: fix makeWrapper to be a nativeBuildInput 2023-02-10 00:45:44 +00:00
67c561cf8e phosh-mobile-settings: cross compile 2023-02-09 19:40:16 +00:00
f387a21dee cross packages: cross compile more gnome packages 2023-02-09 07:58:32 +00:00
172a1ed5a6 working moby cross compilation 2023-02-09 06:13:23 +00:00
60e30c643d cross packages: get more things to build and further reduce the emulated closure 2023-02-09 01:05:25 +00:00
cba200efb4 cross packages: get more things to build and further reduce the emulated closure 2023-02-08 22:30:27 +00:00
77ecde7289 cross packages: reduce the emulated package set 2023-02-07 09:46:13 +00:00
8390e3d280 phosh: disable gvfs service 2023-02-07 09:44:58 +00:00
2631d6f590 phosh: enable fewer gnome services/packages 2023-02-07 03:24:46 +00:00
fe16b72081 programs: re-enable cdrtools, fwupd; disable duplicity/backblaze 2023-02-07 03:24:10 +00:00
a3fb2f06a5 tune emulated package set (e.g. only emulate one of gvfs' deps; not the WHOLE thing 2023-02-07 03:23:18 +00:00
e8ac4fee7a WIP: moby: partially working cross compilation for phosh w/o apps (webkitgtk build OOMs) 2023-02-06 22:42:11 +00:00
fcf6f9f6f3 moby: get working cross compilation for the base image (i.e. no GUI) 2023-02-06 22:41:51 +00:00
398c07ea9f WIP: moby-cross: is cross-by-default instead of opt-in 2023-02-05 19:35:54 +00:00
39edaabcc7 gjs, libadwaita, libsecret: skip flakey check phase 2023-02-05 19:35:54 +00:00
3a14a44483 mesa: downgrade from 22.3.4 -> 22.3.2 to address a memory leak 2023-02-05 19:35:54 +00:00
bcfd8e1725 nit: remove trailing space 2023-02-05 19:35:34 +00:00
e0a6f8ea4a flake: add host-pkgs.<host>.<pkg> output
this builds packages precisely as they are defined by the given host.
significant for testing whether a cross-compiled host builds things
correctly, for example.
2023-02-05 19:34:32 +00:00
80f3d0472b handbrake patch: fix hash (updated upstream) 2023-02-05 07:18:20 +00:00
b6685c9e6c refactor: move konsole from moby/default.nix -> gui/phosh.nix 2023-02-04 10:00:10 +00:00
0c2d8af448 remove sane.gui.enable option 2023-02-04 00:50:47 +00:00
7ce0c34f43 sway: specify dependent packages more idiomatically, and fix bug where phosh wasn't actually shipping its dependents 2023-02-04 00:43:00 +00:00
f2e8be3bd1 phosh: specify dependent packages more idiomatically 2023-02-03 22:55:39 +00:00
9b2e7b02cc Merge branch 'staging/nixpkgs-2023-02-01' 2023-02-03 22:14:47 +00:00
1b3e0b95be persist: remove rust/cargo 2023-02-03 18:18:10 +00:00
f78968c73a persist /var/lib/systemd/coredump 2023-02-03 18:17:22 +00:00
d5d755a4b2 flake update: nixpkgs 2023-01-25 -> 2023-02-01; sops-nix
```
• Updated input 'nixpkgs':
    'path:/nix/store/760ff23zl95q4jza8mkg47vs9ff20hq3-source/nixpatches?lastModified=1&narHash=sha256-arp7Uy7ct5ryTcmSY032eN7hr33i7D2XvjTRLliCFDc=' (1970-01-01)
  → 'path:/nix/store/pr622dac2xv2fzxvkfdfzl3sba1m7xkm-source/nixpatches?lastModified=1&narHash=sha256-arp7Uy7ct5ryTcmSY032eN7hr33i7D2XvjTRLliCFDc=' (1970-01-01)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/9b97ad7b4330aacda9b2343396eb3df8a853b4fc' (2023-01-25)
  → 'github:nixos/nixpkgs/4d7c2644dbac9cf8282c0afe68fca8f0f3e7b2db' (2023-02-01)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/b6ab3c61e2ca5e07d1f4eb1b67304e2670ea230c' (2023-01-24)
  → 'github:Mic92/sops-nix/a81ce6c961480b3b93498507074000c589bd9d60' (2023-02-01)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/918b760070bb8f48cb511300fcd7e02e13058a2e' (2023-01-22)
  → 'github:NixOS/nixpkgs/a3a1400571e3b9ccc270c2e8d36194cf05aab6ce' (2023-02-01)
```
2023-02-03 09:46:26 +00:00
e08281c380 fix: typo in config option name 2023-02-03 09:09:37 +00:00
afb006f6ec programs: port last users & remove the old packages.nix 2023-02-03 05:26:57 +00:00
a76cf03232 remove unused "enableDevPkgs" option 2023-02-03 05:18:38 +00:00
9c24f24306 programs: port GUI apps to new config system 2023-02-03 05:08:52 +00:00
736999eea6 programs: port console packages to new config system 2023-02-03 04:24:17 +00:00
979ed38506 programs: make system be some type of meta-program/package 2023-02-03 04:03:22 +00:00
46285852d0 modules: add a sane.programs interface which i can use going forward in place of sane.packages 2023-02-03 03:38:23 +00:00
0e756d5064 packages: add sox sound converter 2023-02-02 10:23:01 +00:00
a52ead5aec nit: document what "foliate" application is 2023-02-02 00:21:07 +00:00
c0377ff1a0 dovecot: define Drafts and Trash folders 2023-01-31 08:22:20 +00:00
062ef20d05 dovecot: auto-create the "Sent" message box 2023-01-31 06:57:35 +00:00
a0861edc5f packages: enable kitty on servo to fix login error 2023-01-31 06:43:02 +00:00
eae075acb5 flake: remove unused nixpkgs-stable argument. we can re-add it when needed 2023-01-31 04:09:49 +00:00
ef2ba01141 pins: remove dead nheko code 2023-01-31 04:05:18 +00:00
2756e15bab flake update: nixpkgs-stable 2023-01-29 -> 2023-01-30
```
• Updated input 'nixpkgs-stable':
    'github:nixos/nixpkgs/22c4a7a4796a91c297a7e59078a84ec29515f86e' (2023-01-29)
  → 'github:nixos/nixpkgs/f413457e0dd7a42adefdbcea4391dd9751509025' (2023-01-30)
• Updated input 'uninsane-dot-org':
    'git+https://git.uninsane.org/colin/uninsane?ref=refs%2fheads%2fmaster&rev=80c6ec95bd430e29d231cf745f19279bb76fb382' (2022-10-27)
  → 'git+https://git.uninsane.org/colin/uninsane?ref=refs%2fheads%2fmaster&rev=b099c24091cc192abf3997b94342d4b31cc5757b' (2023-01-31)
```
2023-01-31 03:56:39 +00:00
940aac3a22 refactor: move persist settings into persist.nix 2023-01-31 03:44:48 +00:00
5f24e029af persist stores: make private/crypt support backing stores that aren't /nix/persist 2023-01-31 03:38:41 +00:00
98b542332b persist: crypt store: make paths overridable 2023-01-31 03:36:15 +00:00
70b62e9f76 persist stores: define the path for private at the host level 2023-01-31 03:29:53 +00:00
7c81df00df move nixcache.nix from modules -> hosts/modules 2023-01-30 11:25:46 +00:00
f288f34d1e nixpkgs-stable: 2023-01-28 -> 2023-01-29
```
• Updated input 'nixpkgs-stable':
    'github:nixos/nixpkgs/ce20e9ebe1903ea2ba1ab006ec63093020c761cb' (2023-01-28)
  → 'github:nixos/nixpkgs/22c4a7a4796a91c297a7e59078a84ec29515f86e' (2023-01-29)
```
2023-01-30 11:13:37 +00:00
854977c3aa move duplicity out of modules -> hosts 2023-01-30 11:11:42 +00:00
3653776399 cleanup: modules/users.nix: allow explicitly setting home, if needed 2023-01-30 11:06:47 +00:00
e4bff9b5ef refactor: persist: remove dead code 2023-01-30 10:51:41 +00:00
ec22c128e0 remove reference to /home/colin from modules/persist 2023-01-30 10:48:32 +00:00
77cc560052 use sane.user.persist instead of sane.persist.home 2023-01-30 10:35:03 +00:00
c1f3fc502d sane.users.<user>.persist: forward to sane.persist.home 2023-01-30 10:34:36 +00:00
4d3248d315 lib: mkTypedMerge: fix to work with recursive attrsets 2023-01-30 10:33:59 +00:00
45a1c07210 refactor: make use of sane.user.fs 2023-01-30 09:27:19 +00:00
a1a711190f refactor: make use of sane.user 2023-01-30 09:13:43 +00:00
ee9a2b320d add a sane.user option which is shorthand for the default user 2023-01-30 08:53:40 +00:00
870afec07e add which is shorthand to define a fs entry inside that user's home 2023-01-30 08:32:55 +00:00
57 changed files with 1888 additions and 1063 deletions

51
flake.lock generated
View File

@@ -39,38 +39,22 @@
},
"locked": {
"lastModified": 1,
"narHash": "sha256-arp7Uy7ct5ryTcmSY032eN7hr33i7D2XvjTRLliCFDc=",
"path": "/nix/store/rk489311m97gs49qid05c1xra05h64sm-source/nixpatches",
"narHash": "sha256-rkVbviFmYYmbbVfvFRtOM95IjETbNu3I517Hrxp8EF4=",
"path": "/nix/store/8azr0ivnzf0y1sh2r7alxaxab3w49ggx-source/nixpatches",
"type": "path"
},
"original": {
"path": "/nix/store/rk489311m97gs49qid05c1xra05h64sm-source/nixpatches",
"path": "/nix/store/8azr0ivnzf0y1sh2r7alxaxab3w49ggx-source/nixpatches",
"type": "path"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1674868155,
"narHash": "sha256-eFNm2h6fNbgD7ZpO4MHikCB5pSnCJ7DTmwPisjetmwc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ce20e9ebe1903ea2ba1ab006ec63093020c761cb",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1674352297,
"narHash": "sha256-OkAnJPrauEcUCrst4/3DKoQfUn2gXKuU6CFvhtMrLgg=",
"lastModified": 1675265860,
"narHash": "sha256-PZNqc4ZnTRT34NsHJYbXn+Yhghh56l8HEXn39SMpGNc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "918b760070bb8f48cb511300fcd7e02e13058a2e",
"rev": "a3a1400571e3b9ccc270c2e8d36194cf05aab6ce",
"type": "github"
},
"original": {
@@ -82,11 +66,11 @@
},
"nixpkgs-unpatched": {
"locked": {
"lastModified": 1674641431,
"narHash": "sha256-qfo19qVZBP4qn5M5gXc/h1MDgAtPA5VxJm9s8RUAkVk=",
"lastModified": 1675273418,
"narHash": "sha256-tpYc4TEGvDzh9uRf44QemyQ4TpVuUbxb07b2P99XDbM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9b97ad7b4330aacda9b2343396eb3df8a853b4fc",
"rev": "4d7c2644dbac9cf8282c0afe68fca8f0f3e7b2db",
"type": "github"
},
"original": {
@@ -100,7 +84,6 @@
"inputs": {
"mobile-nixos": "mobile-nixos",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unpatched": "nixpkgs-unpatched",
"sops-nix": "sops-nix",
"uninsane-dot-org": "uninsane-dot-org"
@@ -111,14 +94,14 @@
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_2"
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1674546403,
"narHash": "sha256-vkyNv0xzXuEnu9v52TUtRugNmQWIti8c2RhYnbLG71w=",
"lastModified": 1675288837,
"narHash": "sha256-76s8TLENa4PzWDeuIpEF78gqeUrXi6rEJJaKEAaJsXw=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "b6ab3c61e2ca5e07d1f4eb1b67304e2670ea230c",
"rev": "a81ce6c961480b3b93498507074000c589bd9d60",
"type": "github"
},
"original": {
@@ -135,11 +118,11 @@
]
},
"locked": {
"lastModified": 1666870107,
"narHash": "sha256-b9eXZxSwhzdJI5uQgfrMhu4SY2POrPkinUg7F5gQVYo=",
"lastModified": 1675131883,
"narHash": "sha256-yBgJDG72YqIr1bltasqHD1E/kHc9uRFgDjxDmy6kI8M=",
"ref": "refs/heads/master",
"rev": "80c6ec95bd430e29d231cf745f19279bb76fb382",
"revCount": 164,
"rev": "b099c24091cc192abf3997b94342d4b31cc5757b",
"revCount": 170,
"type": "git",
"url": "https://git.uninsane.org/colin/uninsane"
},

View File

@@ -19,7 +19,7 @@
# but `inputs` is required to be a strict attrset: not an expression.
inputs = {
# <https://github.com/nixos/nixpkgs/tree/nixos-22.11>
nixpkgs-stable.url = "github:nixos/nixpkgs?ref=nixos-22.11";
# nixpkgs-stable.url = "github:nixos/nixpkgs?ref=nixos-22.11";
# <https://github.com/nixos/nixpkgs/tree/nixos-unstable>
nixpkgs-unpatched.url = "github:nixos/nixpkgs?ref=nixos-unstable";
@@ -46,12 +46,12 @@
outputs = {
self,
nixpkgs,
nixpkgs-stable,
nixpkgs-unpatched,
mobile-nixos,
sops-nix,
uninsane-dot-org
}:
uninsane-dot-org,
...
}@inputs:
let
nixpkgsCompiledBy = local: nixpkgs.legacyPackages."${local}";
@@ -78,6 +78,9 @@
self.overlays.passthru
self.overlays.pins
];
# nixpkgs.crossSystem = target;
nixpkgs.hostPlatform = target;
nixpkgs.buildPlatform = local;
}
];
});
@@ -111,15 +114,20 @@
# - `nixos-rebuild --flake './#<host>' switch`
imgs = builtins.mapAttrs (_: host-dfn: host-dfn.config.system.build.img) self.nixosConfigurations;
host-pkgs = builtins.mapAttrs (_: host-dfn: host-dfn.config.system.build.pkgs) self.nixosConfigurations;
overlays = rec {
default = pkgs;
pkgs = import ./overlays/pkgs.nix;
pins = import ./overlays/pins.nix; # TODO: move to `nixpatches/` input
passthru =
let
stable = next: prev: {
stable = nixpkgs-stable.legacyPackages."${prev.stdenv.hostPlatform.system}";
};
stable =
if inputs ? "nixpkgs-stable" then (
next: prev: {
stable = inputs.nixpkgs-stable.legacyPackages."${prev.stdenv.hostPlatform.system}";
}
) else (next: prev: {});
mobile = (import "${mobile-nixos}/overlay/overlay.nix");
uninsane = uninsane-dot-org.overlay;
in

View File

@@ -4,8 +4,6 @@
./fs.nix
];
# sane.packages.enableDevPkgs = true;
sane.roles.client = true;
sane.services.wg-home.enable = true;
sane.services.wg-home.ip = config.sane.hosts.by-name."desko".wg-home.ip;
@@ -16,6 +14,8 @@
sane.gui.sway.enable = true;
sane.programs.guiApps.suggestedPrograms = [ "desktopGuiApps" ];
boot.loader.efi.canTouchEfiVariables = false;
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
@@ -54,7 +54,7 @@
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
};
sane.persist.home.plaintext = [
sane.user.persist.plaintext = [
".steam"
".local/share/Steam"
];

View File

@@ -8,15 +8,15 @@
sane.services.wg-home.enable = true;
sane.services.wg-home.ip = config.sane.hosts.by-name."lappy".wg-home.ip;
# sane.packages.enableDevPkgs = true;
# sane.users.guest.enable = true;
# sane.guest.enable = true;
sane.gui.sway.enable = true;
sane.persist.enable = true;
sane.nixcache.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
sane.programs.guiApps.suggestedPrograms = [ "desktopGuiApps" ];
sops.secrets.colin-passwd = {
sopsFile = ../../../secrets/lappy.yaml;
neededForUsers = true;

View File

@@ -10,6 +10,14 @@
sane.services.wg-home.enable = true;
sane.services.wg-home.ip = config.sane.hosts.by-name."moby".wg-home.ip;
# TODO: re-enable once base is cross-compiled
sane.programs.guiApps.enableSuggested = false;
# compile a subset of the larger mobile package set, until we're ready for it.
sane.programs.gpodder-configured.enableFor.user.colin = true;
sane.programs.nheko.enableFor.user.colin = true;
sane.programs.sublime-music-mobile.enableFor.user.colin = true;
sane.programs.vlc.enableFor.user.colin = true;
# cross-compiled documentation is *slow*.
# no obvious way to natively compile docs (2022/09/29).
# entrypoint is nixos/modules/misc/documentation.nix
@@ -37,15 +45,10 @@
# addons.sideberry.enable = false;
};
sane.persist.home.plaintext = [
sane.user.persist.plaintext = [
".config/pulse" # persist pulseaudio volume
];
# sane.packages.enableGuiPkgs = false; # XXX faster builds/imaging for debugging
sane.packages.extraUserPkgs = [
pkgs.plasma5Packages.konsole # terminal
];
sane.nixcache.enable = true;
sane.persist.enable = true;
sane.gui.phosh.enable = true;

View File

@@ -8,12 +8,13 @@
./services
];
sane.packages.extraUserPkgs = with pkgs; [
sane.programs = {
# for administering services
freshrss
matrix-synapse
signaldctl
];
freshrss.enableFor.user.colin = true;
matrix-synapse.enableFor.user.colin = true;
signaldctl.enableFor.user.colin = true;
};
sane.persist.enable = true;
sane.services.dyn-dns.enable = true;
sane.services.wg-home.enable = true;

View File

@@ -1,3 +1,6 @@
# DOCS:
# - dovecot config: <https://doc.dovecot.org/configuration_manual/>
{ config, lib, ... }:
let
@@ -143,6 +146,25 @@ in
# inspired by https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/
services.dovecot2.enable = true;
services.dovecot2.mailboxes = {
# special-purpose mailboxes: "All" "Archive" "Drafts" "Flagged" "Junk" "Sent" "Trash"
# RFC6154 describes these special mailboxes: https://www.ietf.org/rfc/rfc6154.html
# how these boxes are treated is 100% up to the client and server to decide.
# client behavior:
# iOS
# - Drafts: ?
# - Sent: works
# - Trash: works
# aerc
# - Drafts: works
# - Sent: works
# - Trash: no; deleted messages are actually deleted
# use `:move trash` instead
# Sent mailbox: all sent messages are copied to it. unclear if this happens server-side or client-side.
Drafts = { specialUse = "Drafts"; auto = "create"; };
Sent = { specialUse = "Sent"; auto = "create"; };
Trash = { specialUse = "Trash"; auto = "create"; };
};
services.dovecot2.sslServerCert = "/var/lib/acme/imap.uninsane.org/fullchain.pem";
services.dovecot2.sslServerKey = "/var/lib/acme/imap.uninsane.org/key.pem";
services.dovecot2.enablePAM = false;

View File

@@ -1,22 +1,534 @@
{ config, ... }:
# cross compiling
# - for edge-casey things (e.g. `mesonEmulatorHook`, `depsBuildBuild`), see in nixpkgs:
# `git show da9a9a440415b236f22f57ba67a24ab3fb53f595`
#
# build a particular package as evaluated here with:
# - toplevel: `nix build '.#host-pkgs.moby-cross.xdg-utils'`
# - scoped: `nix build '.#host-pkgs.moby-cross.gnome.mutter'`
# - python: `nix build '.#host-pkgs.moby-cross.python310Packages.pandas'`
# - perl: `nix build '.#host-pkgs.moby-cross.perl536Packages.ModuleBuild'`
# - qt: `nix build '.#host-pkgs.moby-cross.libsForQt5.qtbase'`
# most of these can be built in a nixpkgs source root like:
# - `nix build '.#pkgsCross.aarch64-multiplatform.xdg-utils'`
#
# tracking issues, PRs:
# - libuv tests fail: <https://github.com/NixOS/nixpkgs/issues/190807>
# - last checked: 2023-02-07
# - opened: 2022-09-11
# - perl Module Build broken: <https://github.com/NixOS/nixpkgs/issues/66741>
# - last checked: 2023-02-07
# - opened: 2019-08
# - perl536Packages.Testutf8 fails to cross: <https://github.com/NixOS/nixpkgs/issues/198548>
# - last checked: 2023-02-07
# - opened: 2022-10
# - python310Packages.psycopg2: <https://github.com/NixOS/nixpkgs/issues/210265>
# - last checked: 2023-02-06
# - i have a potential fix:
# """
# i was able to just add `postgresql` to the `buildInputs` (so that it's in both `buildInputs` and `nativeBuildInputs`):
# it fixed the build for `pkgsCross.aarch64-multiplatform.python310Packages.psycopg2` but not for `armv7l-hf-multiplatform` that this issue description calls out.
#
# also i haven't deployed it yet to make sure this doesn't cause anything funky at runtime though.
# """
{ config, lib, pkgs, ... }:
let
mkCrossFrom = localSystem: pkgs: import pkgs.path {
inherit localSystem;
crossSystem = pkgs.stdenv.hostPlatform.system;
inherit (config.nixpkgs) config overlays;
};
# these are the overlays which we *also* pass through to the cross and emulated package sets.
# TODO: refactor to not specify same overlay in multiple places (here and flake.nix).
overlays = [
(import ./../../overlays/pkgs.nix)
(import ./../../overlays/pins.nix)
];
mkCrossFrom = localSystem: pkgs:
import pkgs.path {
inherit localSystem; # localSystem is equivalent to buildPlatform
crossSystem = pkgs.stdenv.hostPlatform.system;
inherit (config.nixpkgs) config;
inherit overlays;
};
mkEmulated = pkgs:
import pkgs.path {
localSystem = pkgs.stdenv.hostPlatform.system;
inherit (config.nixpkgs) config;
inherit overlays;
};
in
{
# the configuration of which specific package set `pkgs.cross` refers to happens elsewhere;
# here we just define them all.
nixpkgs.overlays = [
(next: prev: {
# non-emulated packages build *from* local *for* target.
# for large packages like the linux kernel which are expensive to build under emulation,
# the config can explicitly pull such packages from `pkgs.cross` to do more efficient cross-compilation.
crossFrom."x86_64-linux" = mkCrossFrom "x86_64-linux" next;
crossFrom."aarch64-linux" = mkCrossFrom "aarch64-linux" next;
})
];
# options = {
# perlPackageOverrides = lib.mkOption {
# };
# };
config = {
# the configuration of which specific package set `pkgs.cross` refers to happens elsewhere;
# here we just define them all.
nixpkgs.overlays = [
(next: prev: {
# non-emulated packages build *from* local *for* target.
# for large packages like the linux kernel which are expensive to build under emulation,
# the config can explicitly pull such packages from `pkgs.cross` to do more efficient cross-compilation.
crossFrom."x86_64-linux" = mkCrossFrom "x86_64-linux" prev;
crossFrom."aarch64-linux" = mkCrossFrom "aarch64-linux" prev;
emulated = mkEmulated prev;
})
(next: prev:
let
emulated = prev.emulated;
in {
# packages which don't cross compile
inherit (emulated)
# adwaita-qt # psqlodbc
apacheHttpd_2_4 # `configure: error: Size of "void *" is less than size of "long"`
appstream # meson.build:139:0: ERROR: Program 'gperf' not found or not executable
cantarell-fonts # python3.10-skia-pathops
colord # (meson) ERROR: An exe_wrapper is needed but was not found. Please define one in cross file and check the command and/or add it to PATH.
dante # "configure: error: error: getaddrinfo() error value count too low"
# duplicity # python3.10-s3transfer
emacs # "configure: error: cannot run test program while cross compiling"
flatpak # No package 'libxml-2.0' found
fwupd-efi # efi/meson.build:162:0: ERROR: Program or command 'gcc' not found or not executable
fwupd # "Run-time dependency libgcab-1.0 found: NO (tried pkgconfig and cmake)"
gcr_4 # meson ERROR: Program 'gpg2 gpg' not found or not executable
gmime3 # "checking preferred charset formats for system iconv... cannot run test program while cross compiling"
# gnome-keyring
# gnome-remote-desktop
# gnome-tour
gnustep # gnustep.base: "configure: error: Your compiler does not appear to implement the -fconstant-string-class option needed for support of strings."
gocryptfs # gocryptfs-2.3-go-modules
# grpc
gst_all_1 # (gst_all_1.gst-editing-services) `Run-time dependency gst-validate-1.0 found: NO (tried pkgconfig and cmake)`
# gupnp_1_6 # subprojects/gi-docgen/meson.build:10:0: ERROR: python3 not found
gvfs # meson.build:312:2: ERROR: Assert failed: http required but libxml-2.0 not found
# flatpak
hdf5 # configure: error: cannot run test program while cross compiling
# http2
ibus # configure.ac:152: error: possibly undefined macro: AM_PATH_GLIB_2_0
kitty # "FileNotFoundError: [Errno 2] No such file or directory: 'pkg-config'"
iio-sensor-proxy # "./autogen.sh: line 26: gtkdocize: not found"
libgccjit # "../../gcc-9.5.0/gcc/jit/jit-result.c:52:3: error: 'dlclose' was not declared in this scope"
libgweather # "Run-time dependency vapigen found: NO (tried pkgconfig)"
libjcat # data/tests/meson.build:10:0: ERROR: Program 'gnutls-certtool certtool' not found or not executable
libsForQt5 # qtbase # make: g++: No such file or directory
mod_dnssd # "configure: error: *** Sorry, could not find apxs ***"
networkmanager-iodine # configure.ac:58: error: possibly undefined macro: AM_GLIB_GNU_GETTEXT
notmuch # "Error: The dependencies of notmuch could not be satisfied" (xapian, gmime, glib, talloc)
obex_data_server # "/nix/store/0wk6nr1mryvylf5g5frckjam7g7p9gpi-bash-5.2-p15/bin/bash: line 2: --prefix=ods_manager: command not found"
openfortivpn # "checking for /proc/net/route... configure: error: cannot check for file existence when cross compiling"
ostree # "configure: error: Need GPGME_PTHREAD version 1.1.8 or later"
perlInterpreters # perl5.36.0-Module-Build perl5.36.0-Test-utf8 (see tracking issues ^)
phoc # Program wayland-scanner found: NO
phosh # libadwaita-1 not found
phosh-mobile-settings # meson.build:26:0: ERROR: Dependency "phosh-plugins" not found, tried pkgconfig
psqlodbc # "configure: error: odbc_config not found (required for unixODBC build)"
# qgnomeplatform
# qtbase
qt6 # error in psqlodbc, not fixed by emulating only psqlodbc above for some reason
rapidfuzz-cpp # error: could not find git for clone of catch2-populate
re2 # FAILED: CMakeFiles/test.util
rmlint # "Checking whether the C compiler works... no"
sequoia # "/nix/store/q8hg17w47f9xr014g36rdc2gi8fv02qc-clang-aarch64-unknown-linux-gnu-12.0.1-lib/lib/libclang.so.12: cannot open shared object file: No such file or directory"', /build/sequoia-0.27.0-vendor.tar.gz/bindgen/src/lib.rs:1975:31"
# splatmoji
squeekboard # meson.build:1:0: ERROR: 'rust' compiler binary not defined in cross or native file
tracker-miners # "meson.build:183:0: ERROR: Can not run test applications in this cross environment."
twitter-color-emoji # /nix/store/0wk6nr1mryvylf5g5frckjam7g7p9gpi-bash-5.2-p15/bin/bash: line 1: pkg-config: command not found
# unar has multiple failures:
# - "configure: error: Your compiler does not appear to implement the -fconstant-string-class option needed for support of strings. Please check for a more recent version or consider using --enable-nxconstantstring"
# - "/nix/store/0wk6nr1mryvylf5g5frckjam7g7p9gpi-bash-5.2-p15/bin/bash: line 1: ar: command not found"
unar
visidata # python3.10-psycopg2 python3.10-pandas python3.10-h5py
# vpnc # "/nix/store/0wk6nr1mryvylf5g5frckjam7g7p9gpi-bash-5.2-p15/bin/bash: line 1: perl: command not found"
webp-pixbuf-loader # install phase: "Builder called die: Cannot wrap '/nix/store/kpp8qhzdjqgvw73llka5gpnsj0l4jlg8-gdk-pixbuf-aarch64-unknown-linux-gnu-2.42.10/bin/gdk-pixbuf-thumbnailer' because it is not an executable file"
# webkitgtk_4_1 # requires nativeBuildInputs = perl.pkgs.FileCopyRecursive => perl5.36.0-Test-utf8
# xdg-desktop-portal-gnome # data/meson.build:33:5: ERROR: Program 'msgfmt' not found or not executable
# xdg-utils # perl5.36.0-File-BaseDir / perl5.36.0-Module-Build
;
# apacheHttpdPackagesFor = apacheHttpd: self:
# let
# prevHttpdPkgs = lib.fix (emulated.apacheHttpdPackagesFor apacheHttpd);
# in
# (prev.apacheHttpdPackagesFor apacheHttpd self) // {
# # inherit (prevHttpdPkgs) mod_dnssd;
# mod_dnssd = prevHttpdPkgs.mod_dnssd.override {
# inherit (self) apacheHttpd;
# };
# };
# appstream = prev.appstream.override {
# # doesn't fix: "ld: error adding symbols: file in wrong format"
# inherit (emulated) stdenv;
# };
# appstream = prev.appstream.overrideAttrs (orig: {
# # fixes "Program 'gperf' not found or not executable"
# # does not fix "ERROR: An exe_wrapper is needed but was not found. Please define one in cross file and check the command and/or add it to PATH."
# nativeBuildInputs = orig.nativeBuildInputs ++ [ next.gperf ];
# });
blueman = prev.blueman.overrideAttrs (orig: {
# configure: error: ifconfig or ip not found, install net-tools or iproute2
nativeBuildInputs = orig.nativeBuildInputs ++ [ next.iproute2 ];
});
brltty = prev.brltty.override {
# configure: error: no acceptable C compiler found in $PATH
inherit (emulated) stdenv;
};
cdrtools = prev.cdrtools.override {
# "configure: error: installation or configuration problem: C compiler cc not found."
inherit (emulated) stdenv;
};
# colord = prev.colord.override {
# # doesn't fix: "ld: error adding symbols: file in wrong format"
# inherit (emulated) stdenv;
# };
# evince = prev.evince.override {
# # doesn't fix: "ld: error adding symbols: file in wrong format"
# inherit (emulated) stdenv;
# };
# flatpak = prev.flatpak.override {
# # doesn't fix: "ld: error adding symbols: file in wrong format"
# inherit (emulated) stdenv;
# };
fuzzel = prev.fuzzel.override {
# meson.build:100:0: ERROR: Dependency lookup for wayland-scanner with method 'pkgconfig' failed: Pkg-config binary for machine 0 not found. Giving up.
inherit (emulated) stdenv;
};
# fwupd-efi = prev.fwupd-efi.override {
# # efi/meson.build:33:2: ERROR: Problem encountered: gnu-efi support requested, but headers were not found
# inherit (emulated) stdenv;
# };
# fwupd = prev.fwupd.overrideAttrs (orig: {
# # solves (meson) "Run-time dependency libgcab-1.0 found: NO (tried pkgconfig and cmake)", and others.
# # some of these are kinda sus. maybe upstream fwupd buildscript is iffy
# buildInputs = orig.buildInputs ++ [ next.gcab next.gi-docgen next.gnutls next.pkg-config ];
# });
gmime = prev.gmime.overrideAttrs (orig: {
# "checking preferred charset formats for system iconv... cannot run test program while cross compiling"
configureFlags = orig.configureFlags ++ [ "ac_cv_have_iconv_detect_h=no" ];
});
# gmime3 = prev.gmime3.overrideAttrs (orig: {
# # "checking preferred charset formats for system iconv... cannot run test program while cross compiling"
# # unsolved: "ImportError: /nix/store/c190src4bjkfp7bdgc5sadnmvgzv7kxb-gobject-introspection-aarch64-unknown-linux-gnu-1.74.0/lib/gobject-introspection/giscanner/_giscanner.cpython-310-x86_64-linux-gnu.so: cannot open shared object file: No such file or directory"
# configureFlags = orig.configureFlags ++ [ "ac_cv_have_iconv_detect_h=no" ];
# });
gupnp_1_6 = prev.gupnp_1_6.overrideAttrs (orig: {
# "subprojects/gi-docgen/meson.build:10:0: ERROR: python3 not found"
# this patch is copied from the default gupnp.
# TODO: upstream
outputs = [ "out" "dev" ]
++ lib.optionals (prev.stdenv.buildPlatform == prev.stdenv.hostPlatform) [ "devdoc" ];
mesonFlags = [
"-Dgtk_doc=${lib.boolToString (prev.stdenv.buildPlatform == prev.stdenv.hostPlatform)}"
"-Dintrospection=${lib.boolToString (prev.stdenv.buildPlatform == prev.stdenv.hostPlatform)}"
];
});
gnome = prev.gnome.overrideScope' (self: super: {
inherit (emulated.gnome)
evolution-data-server # "The 'perl' not found, not installing csv2vcard"
gnome-keyring # configure.ac:374: error: possibly undefined macro: AM_PATH_LIBGCRYPT
gnome-shell # "meson.build:128:0: ERROR: Program 'gjs' not found or not executable"
gnome-settings-daemon # subprojects/gvc/meson.build:30:0: ERROR: Program 'glib-mkenums mkenums' not found or not executable
mutter # meson.build:237:2: ERROR: Dependency "gbm" not found, tried pkgconfig (it's provided by mesa)
;
evince = super.evince.overrideAttrs (orig: {
# fixes (meson) "Run-time dependency gi-docgen found: NO (tried pkgconfig and cmake)"
# inspired by gupnp
outputs = [ "out" "dev" ]
++ lib.optionals (prev.stdenv.buildPlatform == prev.stdenv.hostPlatform) [ "devdoc" ];
mesonFlags = orig.mesonFlags ++ [
"-Dgtk_doc=${lib.boolToString (prev.stdenv.buildPlatform == prev.stdenv.hostPlatform)}"
];
});
# evolution-data-server = super.evolution-data-server.override {
# inherit (next) stdenv;
# };
# evolution-data-server = super.evolution-data-server.overrideAttrs (orig: {
# # fixes "The 'perl' not found, not installing csv2vcard"
# # doesn't fix "CMake Error: try_run() invoked in cross-compiling mode, please set the following cache variables appropriately"
# nativeBuildInputs = orig.nativeBuildInputs ++ [ next.perl ];
# });
gnome-color-manager = super.gnome-color-manager.overrideAttrs (orig: {
# fixes: "src/meson.build:3:0: ERROR: Program 'glib-compile-resources' not found or not executable"
nativeBuildInputs = orig.nativeBuildInputs ++ [ next.glib ];
});
gnome-control-center = super.gnome-control-center.overrideAttrs (orig: {
# fixes "subprojects/gvc/meson.build:30:0: ERROR: Program 'glib-mkenums mkenums' not found or not executable"
nativeBuildInputs = orig.nativeBuildInputs ++ [ next.glib ];
});
# gnome-control-center = super.gnome-control-center.override {
# inherit (next) stdenv;
# };
gnome-remote-desktop = super.gnome-remote-desktop.overrideAttrs (orig: {
# TODO: remove gnome-remote-desktop (wanted by gnome-control-center)
# fixes: "Program gdbus-codegen found: NO"
nativeBuildInputs = orig.nativeBuildInputs ++ [ next.glib ];
});
# gnome-shell = super.gnome-shell.overrideAttrs (orig: {
# # fixes "meson.build:128:0: ERROR: Program 'gjs' not found or not executable"
# # does not fix "_giscanner.cpython-310-x86_64-linux-gnu.so: cannot open shared object file: No such file or directory" (python import failure)
# nativeBuildInputs = orig.nativeBuildInputs ++ [ next.gjs next.gobject-introspection ];
# # try to reduce gobject-introspection/shew dependencies
# mesonFlags = [
# "-Dextensions_app=false"
# "-Dextensions_tool=false"
# "-Dman=false"
# ];
# # fixes "gvc| Build-time dependency gobject-introspection-1.0 found: NO"
# # inspired by gupnp_1_6
# # outputs = [ "out" "dev" ]
# # ++ lib.optionals (prev.stdenv.buildPlatform == prev.stdenv.hostPlatform) [ "devdoc" ];
# # mesonFlags = [
# # "-Dgtk_doc=${lib.boolToString (prev.stdenv.buildPlatform == prev.stdenv.hostPlatform)}"
# # ];
# });
# gnome-shell = super.gnome-shell.override {
# inherit (next) stdenv;
# };
# gnome-settings-daemon = super.gnome-settings-daemon.overrideAttrs (orig: {
# # fixes "subprojects/gvc/meson.build:30:0: ERROR: Program 'glib-mkenums mkenums' not found or not executable"
# # new error: "plugins/power/meson.build:22:0: ERROR: Dependency lookup for glib-2.0 with method 'pkgconfig' failed: Pkg-config binary for machine 0 not found. Giving up."
# nativeBuildInputs = orig.nativeBuildInputs ++ [ next.glib ];
# });
gnome-session = super.gnome-session.overrideAttrs (orig: {
# fixes: "gdbus-codegen not found or executable"
nativeBuildInputs = orig.nativeBuildInputs ++ [ next.glib ];
});
gnome-user-share = super.gnome-user-share.overrideAttrs (orig: {
# fixes: meson.build:111:6: ERROR: Program 'glib-compile-schemas' not found or not executable
nativeBuildInputs = orig.nativeBuildInputs ++ [ next.glib ];
});
# mutter = super.mutter.override {
# # DOES NOT FIX: "meson.build:237:2: ERROR: Dependency "gbm" not found, tried pkgconfig (it's provided by mesa)"
# inherit (next) stdenv;
# };
});
# gst_all_1.gst-editing-services = emulated.gst_all_1.gst-editing-services;
# gst_all_1 = prev.gst_all_1.overrideScope' (self: super: {
# inherit (emulated.gst_all_1)
# gst-editing-services
# ;
# });
# gvfs = prev.gvfs.overrideAttrs (orig: {
# # meson.build:312:2: ERROR: Assert failed: http required but libxml-2.0 not found
# # nativeBuildInputs = orig.nativeBuildInputs ++ [ prev.libxml2 prev.mesonEmulatorHook ];
# # TODO: gvfs 1.50.2 -> 1.50.3 upgrade is upstreamed, and fixed cross compilation
# version = "1.50.3";
# src = next.fetchurl {
# url = "mirror://gnome/sources/gvfs/1.50/gvfs-1.50.3.tar.xz";
# sha256 = "aJcRnpe7FgKdJ3jhpaVKamWSYx+LLzoqHepO8rAYA/0=";
# };
# patches = [
# # Hardcode the ssh path again.
# # https://gitlab.gnome.org/GNOME/gvfs/-/issues/465
# (next.fetchpatch2 {
# url = "https://gitlab.gnome.org/GNOME/gvfs/-/commit/8327383e262e1e7f32750a8a2d3dd708195b0f53.patch";
# hash = "sha256-ReD7qkezGeiJHyo9jTqEQNBjECqGhV9nSD+dYYGZWJ8=";
# revert = true;
# })
# ];
# });
# ibus = prev.ibus.override {
# # "_giscanner.cpython-310-x86_64-linux-gnu.so: cannot open shared object file: No such file or directory"
# inherit (emulated) stdenv;
# };
libHX = prev.libHX.overrideAttrs (orig: {
# "Can't exec "libtoolize": No such file or directory at /nix/store/r4fvx9hazsm0rdm7s393zd5v665dsh1c-autoconf-2.71/share/autoconf/Autom4te/FileUtils.pm line 294."
nativeBuildInputs = orig.nativeBuildInputs ++ [ next.libtool ];
});
librest = prev.librest.overrideAttrs (orig: {
# fixes "You must have gtk-doc >= 1.13 installed to build documentation"
# by removing the "--enable-gtk-doc" flag
configureFlags = [ "--with-ca-certificates=/etc/ssl/certs/ca-certificates.crt" ];
});
librest_1_0 = prev.librest_1_0.overrideAttrs (orig: {
# fixes (meson) "Run-time dependency gi-docgen found: NO (tried pkgconfig and cmake)"
# inspired by gupnp
outputs = [ "out" "dev" ]
++ lib.optionals (prev.stdenv.buildPlatform == prev.stdenv.hostPlatform) [ "devdoc" ];
mesonFlags = orig.mesonFlags ++ [
"-Dgtk_doc=${lib.boolToString (prev.stdenv.buildPlatform == prev.stdenv.hostPlatform)}"
];
});
# libsForQt5 = prev.libsForQt5.overrideScope' (self: super: {
# inherit (emulated.libsForQt5)
# qtbase
# ;
# });
libuv = prev.libuv.overrideAttrs (orig: {
# 2 tests fail:
# - not ok 261 - tcp_bind6_error_addrinuse
# - not ok 267 - tcp_bind_error_addrinuse_listen
doCheck = false;
});
ncftp = prev.ncftp.override {
# fixes: "ar: No such file or directory"
inherit (emulated) stdenv;
};
networkmanager-fortisslvpn = prev.networkmanager-fortisslvpn.overrideAttrs (orig: {
# fixes "gdbus-codegen: command not found"
nativeBuildInputs = orig.nativeBuildInputs ++ [ prev.glib ];
});
# networkmanager-iodine = prev.networkmanager-iodine.overrideAttrs (orig: {
# # fails to fix "configure.ac:58: error: possibly undefined macro: AM_GLIB_GNU_GETTEXT"
# nativeBuildInputs = orig.nativeBuildInputs ++ [ prev.gettext ];
# });
networkmanager-l2tp = prev.networkmanager-l2tp.overrideAttrs (orig: {
# fixes "gdbus-codegen: command not found"
# fixes "gtk4-builder-tool: command not found"
nativeBuildInputs = orig.nativeBuildInputs ++ [ prev.glib prev.gtk4 ];
});
networkmanager-openconnect = prev.networkmanager-openconnect.overrideAttrs (orig: {
# fixes "properties/gresource.xml: Permission denied"
# - by providing glib-compile-resources
nativeBuildInputs = orig.nativeBuildInputs ++ [ prev.glib ];
});
networkmanager-openvpn = prev.networkmanager-openvpn.overrideAttrs (orig: {
# fixes "properties/gresource.xml: Permission denied"
# - by providing glib-compile-resources
nativeBuildInputs = orig.nativeBuildInputs ++ [ prev.glib ];
});
networkmanager-sstp = prev.networkmanager-sstp.overrideAttrs (orig: {
# fixes "gdbus-codegen: command not found"
nativeBuildInputs = orig.nativeBuildInputs ++ [ prev.glib ];
});
networkmanager-vpnc = prev.networkmanager-vpnc.overrideAttrs (orig: {
# fixes "properties/gresource.xml: Permission denied"
# - by providing glib-compile-resources
nativeBuildInputs = orig.nativeBuildInputs ++ [ prev.glib ];
});
nheko = prev.nheko.overrideAttrs (orig: {
# fixes "fatal error: lmdb++.h: No such file or directory
buildInputs = orig.buildInputs ++ [ next.lmdbxx ];
});
pam_mount = prev.pam_mount.overrideAttrs (orig: {
# fixes: "perl: command not found"
nativeBuildInputs = orig.nativeBuildInputs ++ [ next.perl ];
});
# perlPackageOverrides = _perl: {
# inherit (pkgs.emulated.perl.pkgs)
# Testutf8
# ;
# };
pipewire = prev.pipewire.overrideAttrs (orig: {
# fix `spa/plugins/bluez5/meson.build:41:0: ERROR: Program 'gdbus-codegen' not found or not executable`
nativeBuildInputs = orig.nativeBuildInputs ++ [ prev.glib ];
});
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
(py-next: py-prev: {
defcon = py-prev.defcon.overridePythonAttrs (orig: {
# TODO: diagnose and upstream
nativeBuildInputs = orig.nativeBuildInputs ++ orig.nativeCheckInputs;
});
executing = py-prev.executing.overridePythonAttrs (orig: {
# TODO: confirm & upstream
# test has an assertion that < 1s of CPU time elapsed => flakey
disabledTestPaths = orig.disabledTestPaths or [] ++ [
# "tests/test_main.py::TestStuff::test_many_source_for_filename_calls"
"tests/test_main.py"
];
});
# h5py = py-prev.h5py.overridePythonAttrs (orig: {
# # XXX: can't upstream until its dependency, hdf5, is fixed. that looks TRICKY.
# # - the `setup_configure.py` in h5py tries to dlopen (and call into) the hdf5 lib to query the version and detect features like MPI
# # - it could be patched with ~10 LoC in the HDF5LibWrapper class.
# #
# # expose numpy and hdf5 as available at build time
# nativeBuildInputs = orig.nativeBuildInputs ++ orig.propagatedBuildInputs ++ orig.buildInputs;
# buildInputs = [];
# # HDF5_DIR = "${hdf5}";
# });
mutatormath = py-prev.mutatormath.overridePythonAttrs (orig: {
# TODO: diagnose and upstream
nativeBuildInputs = orig.nativeBuildInputs or [] ++ orig.nativeCheckInputs;
});
pandas = py-prev.pandas.overridePythonAttrs (orig: {
# TODO: upstream
# XXX: we only actually need numpy when building in ~/nixpkgs repo: not sure why we need all the propagatedBuildInputs here.
# nativeBuildInputs = orig.nativeBuildInputs ++ [ py-next.numpy ];
nativeBuildInputs = orig.nativeBuildInputs ++ orig.propagatedBuildInputs;
});
psycopg2 = py-prev.psycopg2.overridePythonAttrs (orig: {
# TODO: upstream (see tracking issue)
#
# psycopg2 *links* against libpg, so we need the host postgres available at build time!
# present-day nixpkgs only includes it in nativeBuildInputs
buildInputs = orig.buildInputs ++ [ next.postgresql ];
});
s3transfer = py-prev.s3transfer.overridePythonAttrs (orig: {
# tests explicitly expect host CPU == build CPU
# Bail out! ERROR:../plugins/core.c:221:qemu_plugin_vcpu_init_hook: assertion failed: (success)
# Bail out! ERROR:../accel/tcg/cpu-exec.c:954:cpu_exec: assertion failed: (cpu == current_cpu)
disabledTestPaths = orig.disabledTestPaths ++ [
# "tests/functional/test_processpool.py::TestProcessPoolDownloader::test_cleans_up_tempfile_on_failure"
"tests/functional/test_processpool.py"
# "tests/unit/test_compat.py::TestBaseManager::test_can_provide_signal_handler_initializers_to_start"
"tests/unit/test_compat.py"
];
});
# skia-pathops
# it tries to call `cc` during the build, but can't find it.
})
];
# squeekboard = prev.squeekboard.overrideAttrs (orig: {
# # fixes: "meson.build:1:0: ERROR: 'rust' compiler binary not defined in cross or native file"
# # new error: "meson.build:1:0: ERROR: Rust compiler rustc --target aarch64-unknown-linux-gnu -C linker=aarch64-unknown-linux-gnu-gcc can not compile programs."
# mesonFlags =
# let
# # ERROR: 'rust' compiler binary not defined in cross or native file
# crossFile = next.writeText "cross-file.conf" ''
# [binaries]
# rust = [ 'rustc', '--target', '${next.rust.toRustTargetSpec next.stdenv.hostPlatform}' ]
# '';
# in
# orig.mesonFlags or [] ++ lib.optionals (next.stdenv.hostPlatform != next.stdenv.buildPlatform) [ "--cross-file=${crossFile}" ];
# });
strp = prev.srtp.overrideAttrs (orig: {
# roc_driver test times out after 30s
doCheck = false;
});
sysprof = prev.sysprof.overrideAttrs (orig: {
# fixes: "src/meson.build:12:2: ERROR: Program 'gdbus-codegen' not found or not executable"
nativeBuildInputs = orig.nativeBuildInputs ++ [ next.glib ];
});
tpm2-abrmd = prev.tpm2-abrmd.overrideAttrs (orig: {
# fixes "configure: error: *** gdbus-codegen is required to build tpm2-abrmd; No package 'gio-unix-2.0' found"
nativeBuildInputs = orig.nativeBuildInputs ++ [ next.glib ];
});
# unar = (prev.unar.override {
# # fixes "ar: command not found"
# # new error: "gcc: error: unrecognized command line option '-fobjc-runtime=gnustep-2.0'"
# inherit (emulated) stdenv;
# });
vpnc = prev.vpnc.overrideAttrs (orig: {
# fixes "perl: command not found"
nativeBuildInputs = orig.nativeBuildInputs ++ [ next.perl ];
});
xdg-desktop-portal-gtk = prev.xdg-desktop-portal-gtk.overrideAttrs (orig: {
# fixes "No package 'xdg-desktop-portal' found"
buildInputs = orig.buildInputs ++ [ next.xdg-desktop-portal ];
});
xdg-desktop-portal-gnome = prev.xdg-desktop-portal-gnome.overrideAttrs (orig: {
# fixes: "data/meson.build:33:5: ERROR: Program 'msgfmt' not found or not executable"
# fixes: "src/meson.build:25:0: ERROR: Program 'gdbus-codegen' not found or not executable"
nativeBuildInputs = orig.nativeBuildInputs ++ [ next.gettext next.glib ];
});
})
];
};
}

View File

@@ -10,6 +10,8 @@
./ids.nix
./machine-id.nix
./net.nix
./persist.nix
./programs.nix
./secrets.nix
./ssh.nix
./users.nix
@@ -17,17 +19,8 @@
];
sane.nixcache.enable-trusted-keys = true;
sane.packages.enableConsolePkgs = true;
sane.packages.enableSystemPkgs = true;
sane.persist.sys.plaintext = [
"/var/log"
"/var/backup" # for e.g. postgres dumps
# TODO: move elsewhere
"/var/lib/alsa" # preserve output levels, default devices
"/var/lib/colord" # preserve color calibrations (?)
"/var/lib/machines" # maybe not needed, but would be painful to add a VM and forget.
];
sane.programs.sysadminUtils.enableFor.system = true;
sane.programs.consoleUtils.enableFor.user.colin = true;
# some services which use private directories error if the parent (/var/lib/private) isn't 700.
sane.fs."/var/lib/private".dir.acl.mode = "0700";

View File

@@ -7,5 +7,5 @@
sopsFile = ../../../secrets/universal/aerc_accounts.conf;
format = "binary";
};
sane.fs."/home/colin/.config/aerc/accounts.conf" = sane-lib.fs.wantedSymlinkTo config.sops.secrets.aerc_accounts.path;
sane.user.fs.".config/aerc/accounts.conf" = sane-lib.fs.wantedSymlinkTo config.sops.secrets.aerc_accounts.path;
}

View File

@@ -125,11 +125,11 @@ in
# `wget ...xpi`; `unar ...xpi`; `cat */manifest.json | jq '.browser_specific_settings.gecko.id'`
# browserpass-ce.package = addon "browserpass-ce" "browserpass@maximbaz.com" "sha256-sXgUBbRvMnRpeIW1MTkmTcoqtW/8RDXAkxAq1evFkpc=";
browserpass-extension.package = localAddon pkgs.browserpass-extension;
bypass-paywalls-clean.package = addon "bypass-paywalls-clean" "{d133e097-46d9-4ecc-9903-fa6a722a6e0e}" "sha256-JOj5P7c2JTTReHCRZXm4BscaGr3i+9Y4Ey/y621x8PI=";
bypass-paywalls-clean.package = addon "bypass-paywalls-clean" "{d133e097-46d9-4ecc-9903-fa6a722a6e0e}" "sha256-oUwdqdAwV3DezaTtOMx7A/s4lzIws+t2f08mwk+325k=";
ether-metamask.package = addon "ether-metamask" "webextension@metamask.io" "sha256-G+MwJDOcsaxYSUXjahHJmkWnjLeQ0Wven8DU/lGeMzA=";
i2p-in-private-browsing.package = addon "i2p-in-private-browsing" "i2ppb@eyedeekay.github.io" "sha256-dJcJ3jxeAeAkRvhODeIVrCflvX+S4E0wT/PyYzQBQWs=";
sidebery.package = addon "sidebery" "{3c078156-979c-498b-8990-85f7987dd929}" "sha256-YONfK/rIjlsrTgRHIt3km07Q7KnpIW89Z9r92ZSCc6w=";
sponsorblock.package = addon "sponsorblock" "sponsorBlocker@ajay.app" "sha256-d2K3ufvurWnYVzqLbyR//MgejybkY9exitAf9RdLNRo=";
sponsorblock.package = addon "sponsorblock" "sponsorBlocker@ajay.app" "sha256-hRsvLaAsVm3dALsTrJqHTNgRFAQcU7XSaGhr5G6+mFs=";
ublacklist.package = addon "ublacklist" "@ublacklist" "sha256-RqY5iHzbL2qizth7aguyOKWPyINXmrwOlf/OsfqAS48=";
ublock-origin.package = addon "ublock-origin" "uBlock0@raymondhill.net" "sha256-a/ivUmY1P6teq9x0dt4CbgHt+3kBsEMMXlOfZ5Hx7cg=";
@@ -146,6 +146,11 @@ in
};
config = {
sane.programs.web-browser = {
inherit package;
# TODO: define the persistence & fs config here
};
sane.programs.guiApps.suggestedPrograms = [ "web-browser" ];
# uBlock filter list configuration.
# specifically, enable the GDPR cookie prompt blocker.
@@ -155,7 +160,7 @@ in
# the specific attribute path is found via scraping ublock code here:
# - <https://github.com/gorhill/uBlock/blob/master/src/js/storage.js>
# - <https://github.com/gorhill/uBlock/blob/master/assets/assets.json>
sane.fs."/home/colin/${cfg.browser.dotDir}/managed-storage/uBlock0@raymondhill.net.json" = sane-lib.fs.wantedText ''
sane.user.fs."${cfg.browser.dotDir}/managed-storage/uBlock0@raymondhill.net.json" = sane-lib.fs.wantedText ''
{
"name": "uBlock0@raymondhill.net",
"description": "ignored",
@@ -165,26 +170,24 @@ in
}
}
'';
sane.fs."/home/colin/${cfg.browser.dotDir}/${cfg.browser.libName}.overrides.cfg" = sane-lib.fs.wantedText ''
sane.user.fs."${cfg.browser.dotDir}/${cfg.browser.libName}.overrides.cfg" = sane-lib.fs.wantedText ''
// if we can't query the revocation status of a SSL cert because the issuer is offline,
// treat it as unrevoked.
// see: <https://librewolf.net/docs/faq/#im-getting-sec_error_ocsp_server_error-what-can-i-do>
defaultPref("security.OCSP.require", false);
'';
sane.packages.extraGuiPkgs = [ package ];
# flush the cache to disk to avoid it taking up too much tmp
sane.persist.home.byPath."${cfg.browser.cacheDir}" = lib.mkIf (cfg.persistCache != null) {
sane.user.persist.byPath."${cfg.browser.cacheDir}" = lib.mkIf (cfg.persistCache != null) {
store = cfg.persistCache;
};
sane.persist.home.byPath."${cfg.browser.dotDir}/default" = lib.mkIf (cfg.persistData != null) {
sane.user.persist.byPath."${cfg.browser.dotDir}/default" = lib.mkIf (cfg.persistData != null) {
store = cfg.persistData;
};
sane.fs."/home/colin/${cfg.browser.dotDir}/default" = sane-lib.fs.wantedDir;
sane.user.fs."${cfg.browser.dotDir}/default" = sane-lib.fs.wantedDir;
# instruct Firefox to put the profile in a predictable directory (so we can do things like persist just it).
# XXX: the directory *must* exist, even if empty; Firefox will not create the directory itself.
sane.fs."/home/colin/${cfg.browser.dotDir}/profiles.ini" = sane-lib.fs.wantedText ''
sane.user.fs."${cfg.browser.dotDir}/profiles.ini" = sane-lib.fs.wantedText ''
[Profile0]
Name=default
IsRelative=1

View File

@@ -6,7 +6,7 @@ let
all-feeds = config.sane.feeds;
wanted-feeds = feeds.filterByFormat ["text" "image"] all-feeds;
in {
sane.fs."/home/colin/.config/org.gabmus.gfeeds.json" = sane-lib.fs.wantedText (
sane.user.fs.".config/org.gabmus.gfeeds.json" = sane-lib.fs.wantedText (
builtins.toJSON {
# feed format is a map from URL to a dict,
# with dict["tags"] a list of string tags.

View File

@@ -4,7 +4,7 @@ let
mkCfg = lib.generators.toINI { };
in
{
sane.fs."/home/colin/.config/git/config" = sane-lib.fs.wantedText (mkCfg {
sane.user.fs.".config/git/config" = sane-lib.fs.wantedText (mkCfg {
user.name = "Colin";
user.email = "colin@uninsane.org";
alias.co = "checkout";

View File

@@ -6,7 +6,7 @@ let
all-feeds = config.sane.feeds;
wanted-feeds = feeds.filterByFormat ["podcast"] all-feeds;
in {
sane.fs."/home/colin/.config/gpodderFeeds.opml" = sane-lib.fs.wantedText (
sane.user.fs.".config/gpodderFeeds.opml" = sane-lib.fs.wantedText (
feeds.feedsToOpml wanted-feeds
);
}

View File

@@ -1,10 +1,11 @@
{ config, sane-lib, ... }:
{
sane.persist.home.private = [ ".local/share/keyrings" ];
sane.user.persist.private = [ ".local/share/keyrings" ];
sane.fs."/home/colin/private/.local/share/keyrings/default" = {
sane.user.fs."private/.local/share/keyrings/default" = {
generated.script.script = builtins.readFile ../../../scripts/init-keyring;
# TODO: is this `wantedBy` needed? can we inherit it?
wantedBy = [ config.sane.fs."/home/colin/private".unit ];
};
}

View File

@@ -1,7 +1,7 @@
{ pkgs, sane-lib, ... }:
{
sane.fs."/home/colin/.config/kitty/kitty.conf" = sane-lib.fs.wantedText ''
sane.user.fs.".config/kitty/kitty.conf" = sane-lib.fs.wantedText ''
# docs: https://sw.kovidgoyal.net/kitty/conf/
# disable terminal bell (when e.g. you backspace too many times)
enable_audio_bell no

View File

@@ -2,7 +2,7 @@
{
# libreoffice: disable first-run stuff
sane.fs."/home/colin/.config/libreoffice/4/user/registrymodifications.xcu" = sane-lib.fs.wantedText ''
sane.user.fs.".config/libreoffice/4/user/registrymodifications.xcu" = sane-lib.fs.wantedText ''
<?xml version="1.0" encoding="UTF-8"?>
<oor:items xmlns:oor="http://openoffice.org/2001/registry" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<item oor:path="/org.openoffice.Office.Common/Misc"><prop oor:name="FirstRun" oor:op="fuse"><value>false</value></prop></item>

View File

@@ -2,7 +2,7 @@
{
# format is <key>=%<length>%<value>
sane.fs."/home/colin/.config/mpv/mpv.conf" = sane-lib.fs.wantedText ''
sane.user.fs.".config/mpv/mpv.conf" = sane-lib.fs.wantedText ''
save-position-on-quit=%3%yes
keep-open=%3%yes
'';

View File

@@ -72,7 +72,7 @@ let
in
{
# private because there could be sensitive things in the swap
sane.persist.home.private = [ ".cache/vim-swap" ];
sane.user.persist.private = [ ".cache/vim-swap" ];
programs.neovim = {
# neovim: https://github.com/neovim/neovim

View File

@@ -6,7 +6,7 @@ let
all-feeds = config.sane.feeds;
wanted-feeds = feeds.filterByFormat ["text" "image"] all-feeds;
in {
sane.fs."/home/colin/.config/newsflashFeeds.opml" = sane-lib.fs.wantedText (
sane.user.fs.".config/newsflashFeeds.opml" = sane-lib.fs.wantedText (
feeds.feedsToOpml wanted-feeds
);
}

View File

@@ -4,9 +4,9 @@
{ pkgs, sane-lib, ... }:
{
sane.persist.home.plaintext = [ ".local/state/splatmoji" ];
sane.fs."/home/colin/.config/splatmoji/splatmoji.config" = sane-lib.fs.wantedText ''
history_file=/home/colin/.local/state/splatmoji/history
sane.user.persist.plaintext = [ ".local/state/splatmoji" ];
sane.user.fs.".config/splatmoji/splatmoji.config" = sane-lib.fs.wantedText ''
history_file=~/.local/state/splatmoji/history
history_length=5
# TODO: wayland equiv
paste_command=xdotool key ctrl+v

View File

@@ -12,9 +12,9 @@ let
in
{
# ssh key is stored in private storage
sane.persist.home.private = [ ".ssh/id_ed25519" ];
sane.fs."/home/colin/.ssh/id_ed25519.pub" = sane-lib.fs.wantedText user-pubkey;
sane.fs."/home/colin/.ssh/known_hosts" = sane-lib.fs.wantedText known-hosts-text;
sane.user.persist.private = [ ".ssh/id_ed25519" ];
sane.user.fs.".ssh/id_ed25519.pub" = sane-lib.fs.wantedText user-pubkey;
sane.user.fs.".ssh/known_hosts" = sane-lib.fs.wantedText known-hosts-text;
users.users.colin.openssh.authorizedKeys.keys =
let

View File

@@ -7,5 +7,5 @@
sopsFile = ../../../secrets/universal/sublime_music_config.json.bin;
format = "binary";
};
sane.fs."/home/colin/.config/sublime-music/config.json" = sane-lib.fs.wantedSymlinkTo config.sops.secrets.sublime_music_config.path;
sane.user.fs.".config/sublime-music/config.json" = sane-lib.fs.wantedSymlinkTo config.sops.secrets.sublime_music_config.path;
}

View File

@@ -9,7 +9,7 @@ let
);
in
{
sane.fs."/home/colin/.config/vlc/vlcrc" = sane-lib.fs.wantedText ''
sane.user.fs.".config/vlc/vlcrc" = sane-lib.fs.wantedText ''
[podcast]
podcast-urls=${podcast-urls}
[core]

View File

@@ -3,7 +3,7 @@
{
# XDG defines things like ~/Desktop, ~/Downloads, etc.
# these clutter the home, so i mostly don't use them.
sane.fs."/home/colin/.config/user-dirs.dirs" = sane-lib.fs.wantedText ''
sane.user.fs.".config/user-dirs.dirs" = sane-lib.fs.wantedText ''
XDG_DESKTOP_DIR="$HOME/.xdg/Desktop"
XDG_DOCUMENTS_DIR="$HOME/dev"
XDG_DOWNLOAD_DIR="$HOME/tmp"
@@ -16,5 +16,5 @@
# prevent `xdg-user-dirs-update` from overriding/updating our config
# see <https://manpages.ubuntu.com/manpages/bionic/man5/user-dirs.conf.5.html>
sane.fs."/home/colin/.config/user-dirs.conf" = sane-lib.fs.wantedText "enabled=False";
sane.user.fs.".config/user-dirs.conf" = sane-lib.fs.wantedText "enabled=False";
}

View File

@@ -26,7 +26,7 @@ let
'';
in
{
sane.persist.home.plaintext = [
sane.user.persist.plaintext = [
# we don't need to full zsh dir -- just the history file --
# but zsh will sometimes backup the history file and we get fewer errors if we do proper mounts instead of symlinks.
# TODO: should be private?
@@ -36,7 +36,7 @@ in
];
# zsh/prezto complains if zshrc doesn't exist; but it does allow an "empty" file.
sane.fs."/home/colin/.config/zsh/.zshrc" = sane-lib.fs.wantedText "# ";
sane.user.fs.".config/zsh/.zshrc" = sane-lib.fs.wantedText "# ";
# enable zsh completions
environment.pathsToLink = [ "/share/zsh" ];
@@ -107,7 +107,7 @@ in
# prezto = oh-my-zsh fork; controls prompt, auto-completion, etc.
# see: https://github.com/sorin-ionescu/prezto
# i believe this file is auto-sourced by the prezto init.zsh script.
sane.fs."/home/colin/.config/zsh/.zpreztorc" = sane-lib.fs.wantedText ''
sane.user.fs.".config/zsh/.zpreztorc" = sane-lib.fs.wantedText ''
zstyle ':prezto:*:*' color 'yes'
# modules (they ship with prezto):

18
hosts/common/persist.nix Normal file
View File

@@ -0,0 +1,18 @@
{ ... }:
{
sane.persist.stores.private.origin = "/home/colin/private";
# store /home/colin/a/b in /home/private/a/b instead of /home/private/home/colin/a/b
sane.persist.stores.private.prefix = "/home/colin";
sane.persist.sys.plaintext = [
"/var/log"
"/var/backup" # for e.g. postgres dumps
# TODO: move elsewhere
"/var/lib/alsa" # preserve output levels, default devices
"/var/lib/colord" # preserve color calibrations (?)
"/var/lib/machines" # maybe not needed, but would be painful to add a VM and forget.
"/var/lib/systemd/backlight" # backlight brightness
"/var/lib/systemd/coredump"
];
}

340
hosts/common/programs.nix Normal file
View File

@@ -0,0 +1,340 @@
{ lib, pkgs, ... }:
let
inherit (builtins) attrNames concatLists;
inherit (lib) mapAttrs mapAttrsToList mkDefault mkMerge optional;
flattenedPkgs = pkgs // (with pkgs; {
# XXX can't `inherit` a nested attr, so we move them to the toplevel
"cacert.unbundled" = pkgs.cacert.unbundled;
"gnome.cheese" = gnome.cheese;
"gnome.dconf-editor" = gnome.dconf-editor;
"gnome.file-roller" = gnome.file-roller;
"gnome.gnome-disk-utility" = gnome.gnome-disk-utility;
"gnome.gnome-maps" = gnome.gnome-maps;
"gnome.nautilus" = gnome.nautilus;
"gnome.gnome-system-monitor" = gnome.gnome-system-monitor;
"gnome.gnome-terminal" = gnome.gnome-terminal;
"gnome.gnome-weather" = gnome.gnome-weather;
"libsForQt5.plasmatube" = libsForQt5.plasmatube;
});
sysadminPkgs = {
inherit (flattenedPkgs)
btrfs-progs
"cacert.unbundled" # some services require unbundled /etc/ssl/certs
cryptsetup
dig
efibootmgr
fatresize
fd
file
gawk
git
gptfdisk
hdparm
htop
iftop
inetutils # for telnet
iotop
iptables
jq
killall
lsof
nano
netcat
nethogs
nmap
openssl
parted
pciutils
powertop
pstree
ripgrep
screen
smartmontools
socat
strace
tcpdump
tree
usbutils
wget
;
};
# TODO: split these into smaller groups.
# - iphone utils (libimobiledevice, ifuse) only wanted on desko, maybe lappy
# - transcoders (ffmpeg, imagemagick) only wanted on desko/lappy
consolePkgs = {
inherit (pkgs)
aerc # email client
# backblaze-b2 # TODO: put into the same package set as duplicity
cdrtools
dmidecode
# duplicity # TODO: enable as part of some smaller package set
efivar
flashrom
fwupd
ghostscript # TODO: imagemagick wrapper should add gs to PATH
gnupg
gocryptfs
gopass
gopass-jsonapi
ifuse
imagemagick
ipfs
kitty # TODO: move to GUI, but `ssh servo` from kitty sets `TERM=xterm-kitty` in the remove and breaks things
libimobiledevice
libsecret # for managing user keyrings
lm_sensors # for sensors-detect
lshw
ffmpeg
memtester
networkmanager
nixpkgs-review
# nixos-generators
# nettools
nmon
oathToolkit # for oathtool
# ponymix
pulsemixer
python3
rsync
# python3Packages.eyeD3 # music tagging
sane-scripts
sequoia
snapper
sops
sox
speedtest-cli
sqlite # to debug sqlite3 databases
ssh-to-age
sudo
# tageditor # music tagging
unar
visidata
w3m
wireguard-tools
xdg-utils # for xdg-open
# youtube-dl
yt-dlp
;
};
guiPkgs = {
inherit (flattenedPkgs)
celluloid # mpv frontend
clinfo
emote
evince # works on phosh
# { pkg = fluffychat-moby; dir = [ ".local/share/chat.fluffy.fluffychat" ]; } # TODO: ship normal fluffychat on non-moby?
# foliate # e-book reader
# XXX by default fractal stores its state in ~/.local/share/<UUID>.
# after logging in, manually change ~/.local/share/keyrings/... to point it to some predictable subdir.
# then reboot (so that libsecret daemon re-loads the keyring...?)
# { pkg = fractal-latest; private = [ ".local/share/fractal" ]; }
# { pkg = fractal-next; private = [ ".local/share/fractal" ]; }
# "gnome.cheese"
"gnome.dconf-editor"
gnome-feeds # RSS reader (with claimed mobile support)
"gnome.file-roller"
# "gnome.gnome-maps" # works on phosh
"gnome.nautilus"
# gnome-podcasts
"gnome.gnome-system-monitor"
"gnome.gnome-terminal" # works on phosh
"gnome.gnome-weather"
gpodder-configured
gthumb
# lollypop
mpv
networkmanagerapplet
# newsflash
nheko
pavucontrol
# picard # music tagging
playerctl
# "libsForQt5.plasmatube" # Youtube player
soundconverter
# sublime music persists any downloaded albums here.
# it doesn't obey a conventional ~/Music/{Artist}/{Album}/{Track} notation, so no symlinking
# config (e.g. server connection details) is persisted in ~/.config/sublime-music/config.json
# possible to pass config as a CLI arg (sublime-music -c config.json)
# { pkg = sublime-music; dir = [ ".local/share/sublime-music" ]; }
sublime-music-mobile
# tdesktop # broken on phosh
# tokodon
vlc
# pleroma client (Electron). input is broken on phosh. TODO(2023/02/02): fix electron19 input (insecure)
# whalebird
xterm # broken on phosh
;
};
desktopGuiPkgs = {
inherit (flattenedPkgs)
audacity
chromium
dino
electrum
element-desktop
font-manager
gajim # XMPP client
gimp # broken on phosh
"gnome.gnome-disk-utility"
inkscape
kdenlive
kid3 # audio tagging
krita
libreoffice-fresh # XXX colin: maybe don't want this on mobile
obsidian
;
};
x86GuiPkgs = {
inherit (pkgs)
discord
# kaiteki # Pleroma client
# gnome.zenity # for kaiteki (it will use qarma, kdialog, or zenity)
# gpt2tc # XXX: unreliable mirror
# TODO(unpin): handbrake is broken on aarch64-linux 2023/01/29
handbrake
logseq
losslesscut-bin
makemkv
monero-gui
signal-desktop
spotify
tor-browser-bundle-bin
zecwallet-lite
;
};
# define -- but don't enable -- the packages in some attrset.
# use `mkDefault` for the package here so we can customize some of them further down this file
declarePkgs = pkgsAsAttrs: mapAttrs (_n: p: {
package = mkDefault p;
}) pkgsAsAttrs;
in
{
config = {
sane.programs = mkMerge [
(declarePkgs sysadminPkgs)
(declarePkgs consolePkgs)
(declarePkgs guiPkgs)
(declarePkgs desktopGuiPkgs)
(declarePkgs x86GuiPkgs)
{
# link the various package sets into their own meta packages
sysadminUtils = {
package = null;
suggestedPrograms = attrNames sysadminPkgs;
};
consoleUtils = {
package = null;
suggestedPrograms = attrNames consolePkgs;
};
guiApps = {
package = null;
suggestedPrograms = (attrNames guiPkgs)
++ optional (pkgs.system == "x86_64-linux") "x86GuiApps";
};
desktopGuiApps = {
package = null;
suggestedPrograms = attrNames desktopGuiPkgs;
};
x86GuiApps = {
package = null;
suggestedPrograms = attrNames x86GuiPkgs;
};
}
{
# nontrivial package definitions
imagemagick.package = pkgs.imagemagick.override {
ghostscriptSupport = true;
};
dino.private = [ ".local/share/dino" ];
# creds, but also 200 MB of node modules, etc
discord = {
package = pkgs.discord.override {
# XXX 2022-07-31: fix to allow links to open in default web-browser:
# https://github.com/NixOS/nixpkgs/issues/78961
nss = pkgs.nss_latest;
};
private = [ ".config/discord" ];
};
# creds/session keys, etc
element-desktop.private = [ ".config/Element" ];
# `emote` will show a first-run dialog based on what's in this directory.
# mostly, it just keeps a LRU of previously-used emotes to optimize display order.
# TODO: package [smile](https://github.com/mijorus/smile) for probably a better mobile experience.
emote.dir = [ ".local/share/Emote" ];
# XXX: we preserve the whole thing because if we only preserve gPodder/Downloads
# then startup is SLOW during feed import, and we might end up with zombie eps in the dl dir.
gpodder-configured.dir = [ "gPodder" ];
# actual monero blockchain (not wallet/etc; safe to delete, just slow to regenerate)
# XXX: is it really safe to persist this? it doesn't have info that could de-anonymize if captured?
monero-gui.dir = [ ".bitmonero" ];
mpv.dir = [ ".config/mpv/watch_later" ];
# not strictly necessary, but allows caching articles; offline use, etc.
newsflash.dir = [ ".local/share/news-flash" ];
nheko.private = [
".config/nheko" # config file (including client token)
".cache/nheko" # media cache
".local/share/nheko" # per-account state database
];
# settings (electron app)
obsidian.dir = [ ".config/obsidian" ];
# creds, media
signal-desktop.private = [ ".config/Signal" ];
# creds, widevine .so download. TODO: could easily manage these statically.
spotify.dir = [ ".config/spotify" ];
# sublime music persists any downloaded albums here.
# it doesn't obey a conventional ~/Music/{Artist}/{Album}/{Track} notation, so no symlinking
# config (e.g. server connection details) is persisted in ~/.config/sublime-music/config.json
# possible to pass config as a CLI arg (sublime-music -c config.json)
# { pkg = sublime-music; dir = [ ".local/share/sublime-music" ]; }
sublime-music-mobile.dir = [ ".local/share/sublime-music" ];
tdesktop.private = [ ".local/share/TelegramDesktop" ];
tokodon.private = [ ".cache/KDE/tokodon" ];
# hardenedMalloc solves a crash at startup
# TODO 2023/02/02: is this safe to remove yet?
tor-browser-bundle-bin.package = pkgs.tor-browser-bundle-bin.override {
useHardenedMalloc = false;
};
# vlc remembers play position in ~/.config/vlc/vlc-qt-interface.conf
vlc.dir = [ ".config/vlc" ];
whalebird.private = [ ".config/Whalebird" ];
# zcash coins. safe to delete, just slow to regenerate (10-60 minutes)
zecwallet-lite.private = [ ".zcash" ];
}
];
# XXX: this might not be necessary. try removing this and cacert.unbundled (servo)?
environment.etc."ssl/certs".source = "${pkgs.cacert.unbundled}/etc/ssl/certs/*";
};
}

View File

@@ -3,12 +3,12 @@
# installer docs: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/installation-device.nix
with lib;
let
cfg = config.sane.users;
cfg = config.sane.guest;
fs = sane-lib.fs;
in
{
options = {
sane.users.guest.enable = mkOption {
sane.guest.enable = mkOption {
default = false;
type = types.bool;
};
@@ -49,8 +49,6 @@ in
shell = pkgs.zsh;
packages = builtins.map (p: p.pkg) config.sane.packages.enabledUserPkgs;
# mount encrypted stuff at login
# some other nix pam users:
# - <https://github.com/g00pix/nixconf/blob/32c04f6fa843fed97639dd3f09e157668d3eea1f/profiles/sshfs.nix>
@@ -68,6 +66,7 @@ in
security.pam.mount.enable = true;
sane.users.colin.default = true;
# ensure ~ perms are known to sane.fs module.
# TODO: this is generic enough to be lifted up into sane.fs itself.
sane.fs."/home/colin".dir.acl = {
@@ -76,7 +75,7 @@ in
mode = config.users.users.colin.homeMode;
};
sane.persist.home.plaintext = [
sane.user.persist.plaintext = [
"archive"
"dev"
# TODO: records should be private
@@ -90,25 +89,26 @@ in
".cache/nix"
".cache/nix-index"
".cargo"
".rustup"
# ".cargo"
# ".rustup"
];
# convenience
sane.fs."/home/colin/knowledge" = fs.wantedSymlinkTo "/home/colin/private/knowledge";
sane.fs."/home/colin/nixos" = fs.wantedSymlinkTo "/home/colin/dev/nixos";
sane.fs."/home/colin/Videos/servo" = fs.wantedSymlinkTo "/mnt/servo-media/Videos";
sane.fs."/home/colin/Videos/servo-incomplete" = fs.wantedSymlinkTo "/mnt/servo-media/incomplete";
sane.fs."/home/colin/Music/servo" = fs.wantedSymlinkTo "/mnt/servo-media/Music";
sane.user.fs."knowledge" = fs.wantedSymlinkTo "private/knowledge";
sane.user.fs."nixos" = fs.wantedSymlinkTo "dev/nixos";
sane.user.fs."Videos/servo" = fs.wantedSymlinkTo "/mnt/servo-media/Videos";
sane.user.fs."Videos/servo-incomplete" = fs.wantedSymlinkTo "/mnt/servo-media/incomplete";
sane.user.fs."Music/servo" = fs.wantedSymlinkTo "/mnt/servo-media/Music";
# used by password managers, e.g. unix `pass`
sane.fs."/home/colin/.password-store" = fs.wantedSymlinkTo "/home/colin/knowledge/secrets/accounts";
sane.user.fs.".password-store" = fs.wantedSymlinkTo "knowledge/secrets/accounts";
sane.persist.sys.plaintext = mkIf cfg.guest.enable [
sane.persist.sys.plaintext = mkIf cfg.enable [
# intentionally allow other users to write to the guest folder
{ directory = "/home/guest"; user = "guest"; group = "users"; mode = "0775"; }
];
users.users.guest = mkIf cfg.guest.enable {
users.users.guest = mkIf cfg.enable {
isNormalUser = true;
home = "/home/guest";
subUidRanges = [

View File

@@ -21,7 +21,7 @@
# provide a `pkgs.cross.<pkg>` alias that consumers can use instead of `pkgs.<foo>`
# to explicitly opt into non-emulated cross compilation for any specific package.
# this is most beneficial for large packages with few pre-requisites -- like Linux.
cross = next.crossFrom."${localSystem}";
cross = prev.crossFrom."${localSystem}";
})
];
}

View File

@@ -7,7 +7,9 @@
./hardware
./hostnames.nix
./hosts.nix
./nixcache.nix
./roles
./services
./wg-home.nix
];
}

View File

@@ -12,24 +12,4 @@ in
./plasma-mobile.nix
./sway.nix
];
options = {
sane.gui.enable = mkOption {
default = false;
type = types.bool;
description = ''
enables config used by any GUI, like display management or select packages.
the user should prefer to interact with specific GUIs like `sane.gui.sway`
and let those modules auto-set this flag when necessary.
'';
};
};
config = mkIf cfg.enable {
sane.packages.enableGuiPkgs = mkDefault true;
# preserve backlight brightness across power cycles
# see `man systemd-backlight`
sane.persist.sys.plaintext = [ "/var/lib/systemd/backlight" ];
};
}

View File

@@ -13,7 +13,7 @@ in
};
config = mkIf cfg.enable {
sane.gui.enable = true;
sane.programs.guiApps.enableFor.user.colin = true;
# start gnome/gdm on boot
services.xserver.enable = true;

View File

@@ -20,9 +20,34 @@ in
};
};
config = mkIf cfg.enable (mkMerge [
config = mkMerge [
{
sane.gui.enable = true;
sane.programs.phoshApps = {
package = null;
suggestedPrograms = [
"guiApps"
# TODO: see about removing gnome-bluetooth if the in-built gnome-settings bluetooth manager can work
"gnome.gnome-bluetooth"
"phosh-mobile-settings"
"plasma5Packages.konsole" # more reliable terminal
];
};
}
{
sane.programs = {
inherit (pkgs // {
"gnome.gnome-bluetooth" = pkgs.gnome.gnome-bluetooth;
"plasma5Packages.konsole" = pkgs.plasma5Packages.konsole;
})
phosh-mobile-settings
"plasma5Packages.konsole"
# "gnome.gnome-bluetooth"
;
};
}
(mkIf cfg.enable {
sane.programs.phoshApps.enableFor.user.colin = true;
# docs: https://github.com/NixOS/nixpkgs/blob/nixos-22.05/nixos/modules/services/x11/desktop-managers/phosh.nix
services.xserver.desktopManager.phosh = {
@@ -38,6 +63,28 @@ in
};
};
# phosh enables `services.gnome.{core-os-services, core-shell}`
# and this in turn enables some default apps we don't really care about.
# see <nixos/modules/services/x11/desktop-managers/gnome.nix>
environment.gnome.excludePackages = with pkgs; [
# gnome.gnome-menus # unused outside gnome classic, but probably harmless
gnome-tour
];
services.dleyna-renderer.enable = false;
services.dleyna-server.enable = false;
services.gnome.gnome-browser-connector.enable = false;
services.gnome.gnome-initial-setup.enable = false;
services.gnome.gnome-online-accounts.enable = false;
services.gnome.gnome-remote-desktop.enable = false;
services.gnome.gnome-user-share.enable = false;
services.gnome.rygel.enable = false;
# gnome doesn't use mkDefault for these -- unclear why not
services.gnome.evolution-data-server.enable = mkForce false;
services.gnome.gnome-online-miners.enable = mkForce false;
# TODO: re-enable this once we can cross-compile gvfs
services.gvfs.enable = mkForce false;
# XXX: phosh enables networkmanager by default; can probably disable these lines
networking.useDHCP = false;
networking.networkmanager.enable = true;
@@ -76,15 +123,9 @@ in
'';
})
];
})
sane.packages.extraUserPkgs = with pkgs; [
phosh-mobile-settings
# TODO: see about removing this if the in-built gnome-settings bluetooth manager can work
gnome.gnome-bluetooth
];
}
(mkIf cfg.useGreeter {
(mkIf (cfg.enable && cfg.useGreeter) {
services.xserver.enable = true;
# NB: setting defaultSession has the critical side-effect that it lets org.freedesktop.AccountsService
# know that our user exists. this ensures lightdm succeeds when calling /org/freedesktop/AccountsServices ListCachedUsers
@@ -110,5 +151,5 @@ in
systemd.services.phosh.wantedBy = lib.mkForce []; # disable auto-start
})
]);
];
}

View File

@@ -13,7 +13,8 @@ in
};
config = mkIf cfg.enable {
sane.gui.enable = true;
sane.programs.guiApps.enableFor.user.colin = true;
# start plasma-mobile on boot
services.xserver.enable = true;
services.xserver.desktopManager.plasma5.mobile.enable = true;

View File

@@ -13,7 +13,7 @@ in
};
config = mkIf cfg.enable {
sane.gui.enable = true;
sane.programs.guiApps.enableFor.user.colin = true;
# start plasma on boot
services.xserver.enable = true;

View File

@@ -120,523 +120,543 @@ in
type = types.bool;
};
};
config = mkIf cfg.enable {
sane.gui.enable = true;
# swap in these lines to use SDDM instead of `services.greetd`.
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.enable = true;
services.greetd = {
# greetd source/docs:
# - <https://git.sr.ht/~kennylevinsen/greetd>
enable = true;
settings = {
default_session = if cfg.useGreeter then greeter-session else greeterless-session;
config = mkMerge [
{
sane.programs.swayApps = {
package = null;
suggestedPrograms = [
"guiApps"
"swaylock"
"swayidle"
"wl-clipboard"
"mako" # notification daemon
# # "pavucontrol"
"gnome.gnome-bluetooth"
"gnome.gnome-control-center"
];
};
};
# we need the greeter's command to be on our PATH
users.users.colin.packages = [ sway-launcher ];
}
{
sane.programs = {
inherit (pkgs // {
"gnome.gnome-bluetooth" = pkgs.gnome.gnome-bluetooth;
"gnome.gnome-control-center" = pkgs.gnome.gnome-control-center;
})
swaylock
swayidle
wl-clipboard
mako
"gnome.gnome-bluetooth"
"gnome.gnome-control-center"
;
};
}
# some programs (e.g. fractal) **require** a "Secret Service Provider"
services.gnome.gnome-keyring.enable = true;
(mkIf cfg.enable {
sane.programs.swayApps.enableFor.user.colin = true;
# unlike other DEs, sway configures no audio stack
# administer with pw-cli, pw-mon, pw-top commands
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true; # ??
pulse.enable = true;
};
# swap in these lines to use SDDM instead of `services.greetd`.
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.enable = true;
services.greetd = {
# greetd source/docs:
# - <https://git.sr.ht/~kennylevinsen/greetd>
enable = true;
settings = {
default_session = if cfg.useGreeter then greeter-session else greeterless-session;
};
};
# we need the greeter's command to be on our PATH
users.users.colin.packages = [ sway-launcher ];
networking.useDHCP = false;
networking.networkmanager.enable = true;
networking.wireless.enable = lib.mkForce false;
# some programs (e.g. fractal) **require** a "Secret Service Provider"
services.gnome.gnome-keyring.enable = true;
hardware.bluetooth.enable = true;
services.blueman.enable = true;
# gsd provides Rfkill, which is required for the bluetooth pane in gnome-control-center to work
services.gnome.gnome-settings-daemon.enable = true;
# start the components of gsd we need at login
systemd.user.targets."org.gnome.SettingsDaemon.Rfkill".wantedBy = [ "graphical-session.target" ];
# go ahead and `systemctl --user cat gnome-session-initialized.target`. i dare you.
# the only way i can figure out how to get Rfkill to actually load is to just disable all the shit it depends on.
# it doesn't actually seem to need ANY of them in the first place T_T
systemd.user.targets."gnome-session-initialized".enable = false;
# bluez can't connect to audio devices unless pipewire is running.
# a system service can't depend on a user service, so just launch it at graphical-session
systemd.user.services."pipewire".wantedBy = [ "graphical-session.target" ];
# unlike other DEs, sway configures no audio stack
# administer with pw-cli, pw-mon, pw-top commands
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true; # ??
pulse.enable = true;
};
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
sane.fs."/home/colin/.config/sway/config" =
let
fuzzel = "${pkgs.fuzzel}/bin/fuzzel";
sed = "${pkgs.gnused}/bin/sed";
wtype = "${pkgs.wtype}/bin/wtype";
kitty = "${pkgs.kitty}/bin/kitty";
launcher-cmd = fuzzel;
terminal-cmd = kitty;
lock-cmd = "${pkgs.swaylock}/bin/swaylock --indicator-idle-visible --indicator-radius 100 --indicator-thickness 30";
vol-up-cmd = "${pkgs.pulsemixer}/bin/pulsemixer --change-volume +5";
vol-down-cmd = "${pkgs.pulsemixer}/bin/pulsemixer --change-volume -5";
mute-cmd = "${pkgs.pulsemixer}/bin/pulsemixer --toggle-mute";
brightness-up-cmd = "${pkgs.brightnessctl}/bin/brightnessctl set +2%";
brightness-down-cmd = "${pkgs.brightnessctl}/bin/brightnessctl set 2%-";
screenshot-cmd = "${pkgs.sway-contrib.grimshot}/bin/grimshot copy area";
# "bookmarking"/snippets inspired by Luke Smith:
# - <https://www.youtube.com/watch?v=d_11QaTlf1I>
snip-file = ./snippets.txt;
# TODO: querying sops here breaks encapsulation
list-snips = "cat ${snip-file} ${config.sops.secrets.snippets.path}";
strip-comments = "${sed} 's/ #.*$//'";
snip-cmd = "${wtype} $(${list-snips} | ${fuzzel} -d -i -w 60 | ${strip-comments})";
# TODO: next splatmoji release should allow `-s none` to disable skin tones
emoji-cmd = "${pkgs.splatmoji}/bin/splatmoji -s medium-light type";
in sane-lib.fs.wantedText ''
### default font
font pango:monospace 8
networking.useDHCP = false;
networking.networkmanager.enable = true;
networking.wireless.enable = lib.mkForce false;
### pixel boundary between windows
default_border pixel 3
default_floating_border pixel 2
hide_edge_borders smart
hardware.bluetooth.enable = true;
services.blueman.enable = true;
# gsd provides Rfkill, which is required for the bluetooth pane in gnome-control-center to work
services.gnome.gnome-settings-daemon.enable = true;
# start the components of gsd we need at login
systemd.user.targets."org.gnome.SettingsDaemon.Rfkill".wantedBy = [ "graphical-session.target" ];
# go ahead and `systemctl --user cat gnome-session-initialized.target`. i dare you.
# the only way i can figure out how to get Rfkill to actually load is to just disable all the shit it depends on.
# it doesn't actually seem to need ANY of them in the first place T_T
systemd.user.targets."gnome-session-initialized".enable = false;
# bluez can't connect to audio devices unless pipewire is running.
# a system service can't depend on a user service, so just launch it at graphical-session
systemd.user.services."pipewire".wantedBy = [ "graphical-session.target" ];
### defaults
focus_wrapping no
focus_follows_mouse yes
focus_on_window_activation smart
mouse_warping output
workspace_layout default
workspace_auto_back_and_forth no
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
sane.user.fs.".config/sway/config" =
let
fuzzel = "${pkgs.fuzzel}/bin/fuzzel";
sed = "${pkgs.gnused}/bin/sed";
wtype = "${pkgs.wtype}/bin/wtype";
kitty = "${pkgs.kitty}/bin/kitty";
launcher-cmd = fuzzel;
terminal-cmd = kitty;
lock-cmd = "${pkgs.swaylock}/bin/swaylock --indicator-idle-visible --indicator-radius 100 --indicator-thickness 30";
vol-up-cmd = "${pkgs.pulsemixer}/bin/pulsemixer --change-volume +5";
vol-down-cmd = "${pkgs.pulsemixer}/bin/pulsemixer --change-volume -5";
mute-cmd = "${pkgs.pulsemixer}/bin/pulsemixer --toggle-mute";
brightness-up-cmd = "${pkgs.brightnessctl}/bin/brightnessctl set +2%";
brightness-down-cmd = "${pkgs.brightnessctl}/bin/brightnessctl set 2%-";
screenshot-cmd = "${pkgs.sway-contrib.grimshot}/bin/grimshot copy area";
# "bookmarking"/snippets inspired by Luke Smith:
# - <https://www.youtube.com/watch?v=d_11QaTlf1I>
snip-file = ./snippets.txt;
# TODO: querying sops here breaks encapsulation
list-snips = "cat ${snip-file} ${config.sops.secrets.snippets.path}";
strip-comments = "${sed} 's/ #.*$//'";
snip-cmd = "${wtype} $(${list-snips} | ${fuzzel} -d -i -w 60 | ${strip-comments})";
# TODO: next splatmoji release should allow `-s none` to disable skin tones
emoji-cmd = "${pkgs.splatmoji}/bin/splatmoji -s medium-light type";
in sane-lib.fs.wantedText ''
### default font
font pango:monospace 8
### default colors (#border #background #text #indicator #childBorder)
client.focused #4c7899 #285577 #ffffff #2e9ef4 #285577
client.focused_inactive #333333 #5f676a #ffffff #484e50 #5f676a
client.unfocused #333333 #222222 #888888 #292d2e #222222
client.urgent #2f343a #900000 #ffffff #900000 #900000
client.placeholder #000000 #0c0c0c #ffffff #000000 #0c0c0c
client.background #ffffff
### pixel boundary between windows
default_border pixel 3
default_floating_border pixel 2
hide_edge_borders smart
### key bindings
floating_modifier Mod1
## media keys
bindsym XF86AudioRaiseVolume exec ${vol-up-cmd}
bindsym XF86AudioLowerVolume exec ${vol-down-cmd}
bindsym Mod1+Page_Up exec ${vol-up-cmd}
bindsym Mod1+Page_Down exec ${vol-down-cmd}
bindsym XF86AudioMute exec ${mute-cmd}
bindsym XF86MonBrightnessUp exec ${brightness-up-cmd}
bindsym XF86MonBrightnessDown exec ${brightness-down-cmd}
## special functions
bindsym Mod1+Print exec ${screenshot-cmd}
bindsym Mod1+l exec ${lock-cmd}
bindsym Mod1+s exec ${snip-cmd}
bindsym Mod1+slash exec ${emoji-cmd}
bindsym Mod1+d exec ${launcher-cmd}
bindsym Mod1+Return exec ${terminal-cmd}
bindsym Mod1+Shift+q kill
bindsym Mod1+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'
bindsym Mod1+Shift+c reload
## layout
bindsym Mod1+b splith
bindsym Mod1+v splitv
bindsym Mod1+f fullscreen toggle
bindsym Mod1+a focus parent
bindsym Mod1+w layout tabbed
bindsym Mod1+e layout toggle split
bindsym Mod1+Shift+space floating toggle
bindsym Mod1+space focus mode_toggle
bindsym Mod1+r mode resize
## movement
bindsym Mod1+Up focus up
bindsym Mod1+Down focus down
bindsym Mod1+Left focus left
bindsym Mod1+Right focus right
bindsym Mod1+Shift+Up move up
bindsym Mod1+Shift+Down move down
bindsym Mod1+Shift+Left move left
bindsym Mod1+Shift+Right move right
## workspaces
bindsym Mod1+1 workspace number 1
bindsym Mod1+2 workspace number 2
bindsym Mod1+3 workspace number 3
bindsym Mod1+4 workspace number 4
bindsym Mod1+5 workspace number 5
bindsym Mod1+6 workspace number 6
bindsym Mod1+7 workspace number 7
bindsym Mod1+8 workspace number 8
bindsym Mod1+9 workspace number 9
bindsym Mod1+Shift+1 move container to workspace number 1
bindsym Mod1+Shift+2 move container to workspace number 2
bindsym Mod1+Shift+3 move container to workspace number 3
bindsym Mod1+Shift+4 move container to workspace number 4
bindsym Mod1+Shift+5 move container to workspace number 5
bindsym Mod1+Shift+6 move container to workspace number 6
bindsym Mod1+Shift+7 move container to workspace number 7
bindsym Mod1+Shift+8 move container to workspace number 8
bindsym Mod1+Shift+9 move container to workspace number 9
## "scratchpad" = ??
bindsym Mod1+Shift+minus move scratchpad
bindsym Mod1+minus scratchpad show
### defaults
focus_wrapping no
focus_follows_mouse yes
focus_on_window_activation smart
mouse_warping output
workspace_layout default
workspace_auto_back_and_forth no
### defaults
mode "resize" {
bindsym Down resize grow height 10 px
bindsym Escape mode default
bindsym Left resize shrink width 10 px
bindsym Return mode default
bindsym Right resize grow width 10 px
bindsym Up resize shrink height 10 px
bindsym h resize shrink width 10 px
bindsym j resize grow height 10 px
bindsym k resize shrink height 10 px
bindsym l resize grow width 10 px
### default colors (#border #background #text #indicator #childBorder)
client.focused #4c7899 #285577 #ffffff #2e9ef4 #285577
client.focused_inactive #333333 #5f676a #ffffff #484e50 #5f676a
client.unfocused #333333 #222222 #888888 #292d2e #222222
client.urgent #2f343a #900000 #ffffff #900000 #900000
client.placeholder #000000 #0c0c0c #ffffff #000000 #0c0c0c
client.background #ffffff
### key bindings
floating_modifier Mod1
## media keys
bindsym XF86AudioRaiseVolume exec ${vol-up-cmd}
bindsym XF86AudioLowerVolume exec ${vol-down-cmd}
bindsym Mod1+Page_Up exec ${vol-up-cmd}
bindsym Mod1+Page_Down exec ${vol-down-cmd}
bindsym XF86AudioMute exec ${mute-cmd}
bindsym XF86MonBrightnessUp exec ${brightness-up-cmd}
bindsym XF86MonBrightnessDown exec ${brightness-down-cmd}
## special functions
bindsym Mod1+Print exec ${screenshot-cmd}
bindsym Mod1+l exec ${lock-cmd}
bindsym Mod1+s exec ${snip-cmd}
bindsym Mod1+slash exec ${emoji-cmd}
bindsym Mod1+d exec ${launcher-cmd}
bindsym Mod1+Return exec ${terminal-cmd}
bindsym Mod1+Shift+q kill
bindsym Mod1+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'
bindsym Mod1+Shift+c reload
## layout
bindsym Mod1+b splith
bindsym Mod1+v splitv
bindsym Mod1+f fullscreen toggle
bindsym Mod1+a focus parent
bindsym Mod1+w layout tabbed
bindsym Mod1+e layout toggle split
bindsym Mod1+Shift+space floating toggle
bindsym Mod1+space focus mode_toggle
bindsym Mod1+r mode resize
## movement
bindsym Mod1+Up focus up
bindsym Mod1+Down focus down
bindsym Mod1+Left focus left
bindsym Mod1+Right focus right
bindsym Mod1+Shift+Up move up
bindsym Mod1+Shift+Down move down
bindsym Mod1+Shift+Left move left
bindsym Mod1+Shift+Right move right
## workspaces
bindsym Mod1+1 workspace number 1
bindsym Mod1+2 workspace number 2
bindsym Mod1+3 workspace number 3
bindsym Mod1+4 workspace number 4
bindsym Mod1+5 workspace number 5
bindsym Mod1+6 workspace number 6
bindsym Mod1+7 workspace number 7
bindsym Mod1+8 workspace number 8
bindsym Mod1+9 workspace number 9
bindsym Mod1+Shift+1 move container to workspace number 1
bindsym Mod1+Shift+2 move container to workspace number 2
bindsym Mod1+Shift+3 move container to workspace number 3
bindsym Mod1+Shift+4 move container to workspace number 4
bindsym Mod1+Shift+5 move container to workspace number 5
bindsym Mod1+Shift+6 move container to workspace number 6
bindsym Mod1+Shift+7 move container to workspace number 7
bindsym Mod1+Shift+8 move container to workspace number 8
bindsym Mod1+Shift+9 move container to workspace number 9
## "scratchpad" = ??
bindsym Mod1+Shift+minus move scratchpad
bindsym Mod1+minus scratchpad show
### defaults
mode "resize" {
bindsym Down resize grow height 10 px
bindsym Escape mode default
bindsym Left resize shrink width 10 px
bindsym Return mode default
bindsym Right resize grow width 10 px
bindsym Up resize shrink height 10 px
bindsym h resize shrink width 10 px
bindsym j resize grow height 10 px
bindsym k resize shrink height 10 px
bindsym l resize grow width 10 px
}
### lightly modified bars
bar {
# TODO: fonts was:
# config.fonts.fontconfig.defaultFonts; (monospace ++ emoji)
font pango:Hack, Font Awesome 6 Free, Twitter Color Emoji 24.000000
mode dock
hidden_state hide
position top
status_command ${pkgs.i3status}/bin/i3status
swaybar_command ${pkgs.waybar}/bin/waybar
workspace_buttons yes
strip_workspace_numbers no
tray_output primary
colors {
background #000000
statusline #ffffff
separator #666666
# #border #background #text
focused_workspace #4c7899 #285577 #ffffff
active_workspace #333333 #5f676a #ffffff
inactive_workspace #333333 #222222 #888888
urgent_workspace #2f343a #900000 #ffffff
binding_mode #2f343a #900000 #ffffff
}
}
### displays
## DESKTOP
output "Samsung Electric Company S22C300 0x00007F35" {
pos 0,0
res 1920x1080
}
output "Goldstar Company Ltd LG ULTRAWIDE 0x00004E94" {
pos 1920,0
res 3440x1440
}
## LAPTOP
# sh/en TV
output "Pioneer Electronic Corporation VSX-524 0x00000101" {
pos 0,0
res 1920x1080
}
# internal display
output "Unknown 0x0637 0x00000000" {
pos 1920,0
res 1920x1080
}
'';
sane.user.fs.".config/waybar/config" = sane-lib.fs.wantedSymlinkTo waybar-config-text;
# style docs: https://github.com/Alexays/Waybar/wiki/Styling
sane.user.fs.".config/waybar/style.css" = sane-lib.fs.wantedText ''
* {
font-family: monospace;
}
### lightly modified bars
bar {
# TODO: fonts was:
# config.fonts.fontconfig.defaultFonts; (monospace ++ emoji)
font pango:Hack, Font Awesome 6 Free, Twitter Color Emoji 24.000000
mode dock
hidden_state hide
position top
status_command ${pkgs.i3status}/bin/i3status
swaybar_command ${pkgs.waybar}/bin/waybar
workspace_buttons yes
strip_workspace_numbers no
tray_output primary
colors {
background #000000
statusline #ffffff
separator #666666
# #border #background #text
focused_workspace #4c7899 #285577 #ffffff
active_workspace #333333 #5f676a #ffffff
inactive_workspace #333333 #222222 #888888
urgent_workspace #2f343a #900000 #ffffff
binding_mode #2f343a #900000 #ffffff
}
/* defaults below: https://github.com/Alexays/Waybar/blob/master/resources/style.css */
window#waybar {
background-color: rgba(43, 48, 59, 0.5);
border-bottom: 3px solid rgba(100, 114, 125, 0.5);
color: #ffffff;
transition-property: background-color;
transition-duration: .5s;
}
### displays
## DESKTOP
output "Samsung Electric Company S22C300 0x00007F35" {
pos 0,0
res 1920x1080
}
output "Goldstar Company Ltd LG ULTRAWIDE 0x00004E94" {
pos 1920,0
res 3440x1440
window#waybar.hidden {
opacity: 0.2;
}
## LAPTOP
# sh/en TV
output "Pioneer Electronic Corporation VSX-524 0x00000101" {
pos 0,0
res 1920x1080
/*
window#waybar.empty {
background-color: transparent;
}
# internal display
output "Unknown 0x0637 0x00000000" {
pos 1920,0
res 1920x1080
window#waybar.solo {
background-color: #FFFFFF;
}
'';
*/
sane.fs."/home/colin/.config/waybar/config" = sane-lib.fs.wantedSymlinkTo waybar-config-text;
window#waybar.termite {
background-color: #3F3F3F;
}
# style docs: https://github.com/Alexays/Waybar/wiki/Styling
sane.fs."/home/colin/.config/waybar/style.css" = sane-lib.fs.wantedText ''
* {
font-family: monospace;
}
window#waybar.chromium {
background-color: #000000;
border: none;
}
/* defaults below: https://github.com/Alexays/Waybar/blob/master/resources/style.css */
window#waybar {
background-color: rgba(43, 48, 59, 0.5);
border-bottom: 3px solid rgba(100, 114, 125, 0.5);
color: #ffffff;
transition-property: background-color;
transition-duration: .5s;
}
#workspaces button {
padding: 0 5px;
background-color: transparent;
color: #ffffff;
/* Use box-shadow instead of border so the text isn't offset */
box-shadow: inset 0 -3px transparent;
/* Avoid rounded borders under each workspace name */
border: none;
border-radius: 0;
}
window#waybar.hidden {
opacity: 0.2;
}
/* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
#workspaces button:hover {
background: rgba(0, 0, 0, 0.2);
box-shadow: inset 0 -3px #ffffff;
}
/*
window#waybar.empty {
background-color: transparent;
}
window#waybar.solo {
background-color: #FFFFFF;
}
*/
#workspaces button.focused {
background-color: #64727D;
box-shadow: inset 0 -3px #ffffff;
}
window#waybar.termite {
background-color: #3F3F3F;
}
#workspaces button.urgent {
background-color: #eb4d4b;
}
window#waybar.chromium {
background-color: #000000;
border: none;
}
#mode {
background-color: #64727D;
border-bottom: 3px solid #ffffff;
}
#workspaces button {
padding: 0 5px;
background-color: transparent;
color: #ffffff;
/* Use box-shadow instead of border so the text isn't offset */
box-shadow: inset 0 -3px transparent;
/* Avoid rounded borders under each workspace name */
border: none;
border-radius: 0;
}
#clock,
#battery,
#cpu,
#memory,
#disk,
#temperature,
#backlight,
#network,
#pulseaudio,
#custom-media,
#tray,
#mode,
#idle_inhibitor,
#mpd {
padding: 0 10px;
color: #ffffff;
}
/* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
#workspaces button:hover {
background: rgba(0, 0, 0, 0.2);
box-shadow: inset 0 -3px #ffffff;
}
#window,
#workspaces {
margin: 0 4px;
}
#workspaces button.focused {
background-color: #64727D;
box-shadow: inset 0 -3px #ffffff;
}
/* If workspaces is the leftmost module, omit left margin */
.modules-left > widget:first-child > #workspaces {
margin-left: 0;
}
#workspaces button.urgent {
background-color: #eb4d4b;
}
/* If workspaces is the rightmost module, omit right margin */
.modules-right > widget:last-child > #workspaces {
margin-right: 0;
}
#mode {
background-color: #64727D;
border-bottom: 3px solid #ffffff;
}
#clock {
background-color: #64727D;
}
#clock,
#battery,
#cpu,
#memory,
#disk,
#temperature,
#backlight,
#network,
#pulseaudio,
#custom-media,
#tray,
#mode,
#idle_inhibitor,
#mpd {
padding: 0 10px;
color: #ffffff;
}
#window,
#workspaces {
margin: 0 4px;
}
/* If workspaces is the leftmost module, omit left margin */
.modules-left > widget:first-child > #workspaces {
margin-left: 0;
}
/* If workspaces is the rightmost module, omit right margin */
.modules-right > widget:last-child > #workspaces {
margin-right: 0;
}
#clock {
background-color: #64727D;
}
#battery {
background-color: #ffffff;
color: #000000;
}
#battery.charging, #battery.plugged {
color: #ffffff;
background-color: #26A65B;
}
@keyframes blink {
to {
#battery {
background-color: #ffffff;
color: #000000;
}
}
#battery.critical:not(.charging) {
background-color: #f53c3c;
color: #ffffff;
animation-name: blink;
animation-duration: 0.5s;
animation-timing-function: linear;
animation-iteration-count: infinite;
animation-direction: alternate;
}
#battery.charging, #battery.plugged {
color: #ffffff;
background-color: #26A65B;
}
label:focus {
background-color: #000000;
}
@keyframes blink {
to {
background-color: #ffffff;
color: #000000;
}
}
#cpu {
background-color: #2ecc71;
color: #000000;
}
#battery.critical:not(.charging) {
background-color: #f53c3c;
color: #ffffff;
animation-name: blink;
animation-duration: 0.5s;
animation-timing-function: linear;
animation-iteration-count: infinite;
animation-direction: alternate;
}
#memory {
background-color: #9b59b6;
}
label:focus {
background-color: #000000;
}
#disk {
background-color: #964B00;
}
#cpu {
background-color: #2ecc71;
color: #000000;
}
#backlight {
background-color: #90b1b1;
}
#memory {
background-color: #9b59b6;
}
#network {
background-color: #2980b9;
}
#disk {
background-color: #964B00;
}
#network.disconnected {
background-color: #f53c3c;
}
#backlight {
background-color: #90b1b1;
}
#pulseaudio {
background-color: #f1c40f;
color: #000000;
}
#network {
background-color: #2980b9;
}
#pulseaudio.muted {
background-color: #90b1b1;
color: #2a5c45;
}
#network.disconnected {
background-color: #f53c3c;
}
#custom-media {
background-color: #66cc99;
color: #2a5c45;
min-width: 100px;
}
#pulseaudio {
background-color: #f1c40f;
color: #000000;
}
#custom-media.custom-spotify {
background-color: #66cc99;
}
#pulseaudio.muted {
background-color: #90b1b1;
color: #2a5c45;
}
#custom-media.custom-vlc {
background-color: #ffa000;
}
#custom-media {
background-color: #66cc99;
color: #2a5c45;
min-width: 100px;
}
#temperature {
background-color: #f0932b;
}
#custom-media.custom-spotify {
background-color: #66cc99;
}
#temperature.critical {
background-color: #eb4d4b;
}
#custom-media.custom-vlc {
background-color: #ffa000;
}
#tray {
background-color: #2980b9;
}
#temperature {
background-color: #f0932b;
}
#tray > .passive {
-gtk-icon-effect: dim;
}
#temperature.critical {
background-color: #eb4d4b;
}
#tray > .needs-attention {
-gtk-icon-effect: highlight;
background-color: #eb4d4b;
}
#tray {
background-color: #2980b9;
}
#idle_inhibitor {
background-color: #2d3436;
}
#tray > .passive {
-gtk-icon-effect: dim;
}
#idle_inhibitor.activated {
background-color: #ecf0f1;
color: #2d3436;
}
#tray > .needs-attention {
-gtk-icon-effect: highlight;
background-color: #eb4d4b;
}
#mpd {
background-color: #66cc99;
color: #2a5c45;
}
#idle_inhibitor {
background-color: #2d3436;
}
#mpd.disconnected {
background-color: #f53c3c;
}
#idle_inhibitor.activated {
background-color: #ecf0f1;
color: #2d3436;
}
#mpd.stopped {
background-color: #90b1b1;
}
#mpd {
background-color: #66cc99;
color: #2a5c45;
}
#mpd.paused {
background-color: #51a37a;
}
#mpd.disconnected {
background-color: #f53c3c;
}
#language {
background: #00b093;
color: #740864;
padding: 0 5px;
margin: 0 5px;
min-width: 16px;
}
#mpd.stopped {
background-color: #90b1b1;
}
#keyboard-state {
background: #97e1ad;
color: #000000;
padding: 0 0px;
margin: 0 5px;
min-width: 16px;
}
#mpd.paused {
background-color: #51a37a;
}
#keyboard-state > label {
padding: 0 5px;
}
#language {
background: #00b093;
color: #740864;
padding: 0 5px;
margin: 0 5px;
min-width: 16px;
}
#keyboard-state > label.locked {
background: rgba(0, 0, 0, 0.2);
}
'';
# style = ''
# * {
# border: none;
# border-radius: 0;
# font-family: Source Code Pro;
# }
# window#waybar {
# background: #16191C;
# color: #AAB2BF;
# }
# #workspaces button {
# padding: 0 5px;
# }
# .custom-spotify {
# padding: 0 10px;
# margin: 0 4px;
# background-color: #1DB954;
# color: black;
# }
# '';
#keyboard-state {
background: #97e1ad;
color: #000000;
padding: 0 0px;
margin: 0 5px;
min-width: 16px;
}
sane.packages.extraUserPkgs = with pkgs; [
swaylock
swayidle # (unused)
wl-clipboard
mako # notification daemon
xdg-utils # for xdg-open
# user stuff
# pavucontrol
sway-contrib.grimshot
gnome.gnome-bluetooth
gnome.gnome-control-center
];
};
#keyboard-state > label {
padding: 0 5px;
}
#keyboard-state > label.locked {
background: rgba(0, 0, 0, 0.2);
}
'';
# style = ''
# * {
# border: none;
# border-radius: 0;
# font-family: Source Code Pro;
# }
# window#waybar {
# background: #16191C;
# color: #AAB2BF;
# }
# #workspaces button {
# padding: 0 5px;
# }
# .custom-spotify {
# padding: 0 10px;
# margin: 0 4px;
# background-color: #1DB954;
# color: black;
# }
# '';
})
];
}

View File

@@ -0,0 +1,6 @@
{ ... }:
{
imports = [
./duplicity.nix
];
}

View File

@@ -5,13 +5,13 @@
./feeds.nix
./fs
./ids.nix
./packages.nix
./programs.nix
./image.nix
./nixcache.nix
./persist
./services
./sops.nix
./ssh.nix
./users.nix
];
_module.args = {

View File

@@ -20,9 +20,13 @@ sane-lib = rec {
isPrefixOfList = p: l: (lib.sublist 0 (lib.length p) l) == p;
# merges N attrsets
# Type: flattenAttrsList :: [AttrSet] -> AttrSet
# Type: joinAttrsets :: [AttrSet] -> AttrSet
joinAttrsets = l: lib.foldl' lib.attrsets.unionOfDisjoint {} l;
# merges N attrsets, recursively
# Type: joinAttrsetsRecursive :: [AttrSet] -> AttrSet
joinAttrsetsRecursive = l: lib.foldl' (lib.attrsets.recursiveUpdateUntil (path: lhs: rhs: false)) {} l;
# evaluate a `{ name, value }` pair in the same way that `listToAttrs` does.
# Type: nameValueToAttrs :: { name :: String, value :: Any } -> Any
nameValueToAttrs = { name, value }: {

View File

@@ -17,7 +17,7 @@ rec {
merged = builtins.map (p: lib.setAttrByPath p (mergeAtPath p discharged)) pathsToMerge;
in
assert builtins.all (assertNoExtraPaths pathsToMerge) discharged;
sane-lib.joinAttrsets merged;
sane-lib.joinAttrsetsRecursive merged;
# `take` is as in mkTypedMerge. this function queries which items `take` is interested in.
# for example:

View File

@@ -1,330 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
with pkgs;
let
cfg = config.sane.packages;
imagemagick = pkgs.imagemagick.override {
ghostscriptSupport = true;
};
consolePkgs = [
backblaze-b2
cdrtools
dmidecode
duplicity
efivar
flashrom
fwupd
ghostscript # TODO: imagemagick wrapper should add gs to PATH
gnupg
gocryptfs
gopass
gopass-jsonapi
ifuse
imagemagick
ipfs
libimobiledevice
libsecret # for managing user keyrings
lm_sensors # for sensors-detect
lshw
ffmpeg
memtester
networkmanager
nixpkgs-review
# nixos-generators
# nettools
nmon
oathToolkit # for oathtool
# ponymix
pulsemixer
python3
rsync
# python3Packages.eyeD3 # music tagging
sane-scripts
sequoia
snapper
sops
speedtest-cli
sqlite # to debug sqlite3 databases
ssh-to-age
sudo
# tageditor # music tagging
unar
visidata
w3m
wireguard-tools
# youtube-dl
yt-dlp
];
guiPkgs = [
# GUI only
aerc # email client
audacity
celluloid # mpv frontend
chromium
clinfo
{ pkg = dino; private = [ ".local/share/dino" ]; }
electrum
# creds/session keys, etc
{ pkg = element-desktop; private = [ ".config/Element" ]; }
# `emote` will show a first-run dialog based on what's in this directory.
# mostly, it just keeps a LRU of previously-used emotes to optimize display order.
# TODO: package [smile](https://github.com/mijorus/smile) for probably a better mobile experience.
{ pkg = emote; dir = [ ".local/share/Emote" ]; }
evince # works on phosh
# { pkg = fluffychat-moby; dir = [ ".local/share/chat.fluffy.fluffychat" ]; } # TODO: ship normal fluffychat on non-moby?
foliate
font-manager
# XXX by default fractal stores its state in ~/.local/share/<UUID>.
# after logging in, manually change ~/.local/share/keyrings/... to point it to some predictable subdir.
# then reboot (so that libsecret daemon re-loads the keyring...?)
# { pkg = fractal-latest; private = [ ".local/share/fractal" ]; }
# { pkg = fractal-next; private = [ ".local/share/fractal" ]; }
gajim # XMPP client
gimp # broken on phosh
gnome.cheese
gnome.dconf-editor
gnome-feeds # RSS reader (with claimed mobile support)
gnome.file-roller
gnome.gnome-disk-utility
gnome.gnome-maps # works on phosh
gnome.nautilus
# gnome-podcasts
gnome.gnome-system-monitor
gnome.gnome-terminal # works on phosh
gnome.gnome-weather
# XXX: we preserve the whole thing because if we only preserve gPodder/Downloads
# then startup is SLOW during feed import, and we might end up with zombie eps in the dl dir.
{ pkg = gpodder-configured; dir = [ "gPodder" ]; }
gthumb
inkscape
kdenlive
kid3 # audio tagging
kitty
krita
libreoffice-fresh # XXX colin: maybe don't want this on mobile
lollypop
{ pkg = mpv; dir = [ ".config/mpv/watch_later" ]; }
networkmanagerapplet
# not strictly necessary, but allows caching articles; offline use, etc.
{ pkg = newsflash; dir = [ ".local/share/news-flash" ]; }
{ pkg = nheko; private = [
".config/nheko" # config file (including client token)
".cache/nheko" # media cache
".local/share/nheko" # per-account state database
]; }
# settings (electron app)
{ pkg = obsidian; dir = [ ".config/obsidian" ]; }
pavucontrol
# picard # music tagging
playerctl
libsForQt5.plasmatube # Youtube player
soundconverter
# sublime music persists any downloaded albums here.
# it doesn't obey a conventional ~/Music/{Artist}/{Album}/{Track} notation, so no symlinking
# config (e.g. server connection details) is persisted in ~/.config/sublime-music/config.json
# possible to pass config as a CLI arg (sublime-music -c config.json)
# { pkg = sublime-music; dir = [ ".local/share/sublime-music" ]; }
{ pkg = sublime-music-mobile; dir = [ ".local/share/sublime-music" ]; }
{ pkg = tdesktop; private = [ ".local/share/TelegramDesktop" ]; } # broken on phosh
{ pkg = tokodon; private = [ ".cache/KDE/tokodon" ]; }
# vlc remembers play position in ~/.config/vlc/vlc-qt-interface.conf
{ pkg = vlc; dir = [ ".config/vlc" ]; }
# pleroma client (Electron). input is broken on phosh.
{ pkg = whalebird; private = [ ".config/Whalebird" ]; }
xdg-utils # for xdg-open
xterm # broken on phosh
]
++ (if pkgs.system == "x86_64-linux" then
[
# x86_64 only
# creds, but also 200 MB of node modules, etc
(let discord = (pkgs.discord.override {
# XXX 2022-07-31: fix to allow links to open in default web-browser:
# https://github.com/NixOS/nixpkgs/issues/78961
nss = pkgs.nss_latest;
}); in { pkg = discord; private = [ ".config/discord" ]; })
# kaiteki # Pleroma client
# gnome.zenity # for kaiteki (it will use qarma, kdialog, or zenity)
# gpt2tc # XXX: unreliable mirror
# TODO(unpin): handbrake is broken on aarch64-linux 2023/01/29
handbrake
logseq
losslesscut-bin
makemkv
# actual monero blockchain (not wallet/etc; safe to delete, just slow to regenerate)
{ pkg = monero-gui; dir = [ ".bitmonero" ]; }
# creds, media
{ pkg = signal-desktop; private = [ ".config/Signal" ]; }
# creds, widevine .so download. TODO: could easily manage these statically.
{ pkg = spotify; dir = [ ".config/spotify" ]; }
# hardenedMalloc solves a crash at startup
(tor-browser-bundle-bin.override { useHardenedMalloc = false; })
# zcash coins. safe to delete, just slow to regenerate (10-60 minutes)
{ pkg = zecwallet-lite; private = [ ".zcash" ]; }
] else []);
# general-purpose utilities that we want any user to be able to access
# (specifically: root, in case of rescue)
systemPkgs = [
btrfs-progs
cacert.unbundled # some services require unbundled /etc/ssl/certs
cryptsetup
dig
efibootmgr
fatresize
fd
file
gawk
git
gptfdisk
hdparm
htop
iftop
inetutils # for telnet
iotop
iptables
jq
killall
lsof
nano
netcat
nethogs
nmap
openssl
parted
pciutils
powertop
pstree
ripgrep
screen
smartmontools
socat
strace
tcpdump
tree
usbutils
wget
];
# useful devtools:
devPkgs = [
bison
dtc
flex
gcc
gdb
# gcc-arm-embedded
# gcc_multi
gnumake
mercurial
mix2nix
rustup
swig
];
pkgSpec = types.submodule {
options = {
pkg = mkOption {
type = types.package;
};
dir = mkOption {
type = types.listOf types.str;
default = [];
description = "list of home-relative paths to persist for this package";
};
private = mkOption {
type = types.listOf types.str;
default = [];
description = "list of home-relative paths to persist (in encrypted format) for this package";
};
};
};
toPkgSpec = types.coercedTo types.package (p: { pkg = p; }) pkgSpec;
in
{
options = {
# packages to deploy to the user's home
sane.packages.extraUserPkgs = mkOption {
default = [ ];
type = types.listOf toPkgSpec;
};
sane.packages.extraGuiPkgs = mkOption {
default = [ ];
type = types.listOf toPkgSpec;
description = "packages to only ship if gui's enabled";
};
sane.packages.enableConsolePkgs = mkOption {
default = false;
type = types.bool;
};
sane.packages.enableGuiPkgs = mkOption {
default = false;
type = types.bool;
};
sane.packages.enableDevPkgs = mkOption {
description = ''
enable packages that are useful for building other software by hand.
you should prefer to keep this disabled except when prototyping, e.g. packaging new software.
'';
default = false;
type = types.bool;
};
sane.packages.enableSystemPkgs = mkOption {
default = false;
type = types.bool;
description = "enable system-wide packages";
};
sane.packages.enabledUserPkgs = mkOption {
default = cfg.extraUserPkgs
++ (if cfg.enableConsolePkgs then consolePkgs else [])
++ (if cfg.enableGuiPkgs then guiPkgs ++ cfg.extraGuiPkgs else [])
++ (if cfg.enableDevPkgs then devPkgs else [])
;
type = types.listOf toPkgSpec;
description = "generated from other config options";
};
};
config = {
environment.systemPackages = mkIf cfg.enableSystemPkgs systemPkgs;
sane.persist.home.plaintext = concatLists (map (p: p.dir) cfg.enabledUserPkgs);
sane.persist.home.private = concatLists (map (p: p.private) cfg.enabledUserPkgs);
# XXX: this might not be necessary. try removing this and cacert.unbundled?
environment.etc."ssl/certs".source = mkIf cfg.enableSystemPkgs "${pkgs.cacert.unbundled}/etc/ssl/certs/*";
};
}

View File

@@ -1,18 +0,0 @@
{ config, lib, sane-lib, ... }:
let
path = sane-lib.path;
cfg = config.sane.persist;
withPrefix = relativeTo: entries: lib.mapAttrs' (fspath: value: {
name = path.concat [ relativeTo fspath ];
inherit value;
}) entries;
in
{
# merge the `byPath` mappings from both `home` and `sys` into one namespace
sane.persist.byPath = lib.mkMerge [
(withPrefix "/home/colin" cfg.home.byPath)
(withPrefix "/" cfg.sys.byPath)
];
}

View File

@@ -179,23 +179,11 @@ in
type = types.bool;
description = "define / fs root to be a tmpfs. make sure to mount some other device to /nix";
};
sane.persist.home = mkOption {
description = "directories to persist to disk, relative to a user's home ~";
default = {};
type = dirsSubModule;
};
sane.persist.sys = mkOption {
description = "directories to persist to disk, relative to the fs root /";
default = {};
type = dirsSubModule;
};
sane.persist.byPath = mkOption {
type = types.attrsOf (convertInlineAcl entryAtPath);
description = ''
map of <path> => <path config> for all paths to be persisted.
this is computed from the other options, but users can also set it explicitly (useful for overriding)
'';
};
sane.persist.stores = mkOption {
type = types.attrsOf storeType;
default = {};
@@ -206,7 +194,6 @@ in
};
imports = [
./computed.nix
./root-on-tmpfs.nix
./stores
];
@@ -247,7 +234,7 @@ in
);
}
];
configs = lib.mapAttrsToList cfgFor cfg.byPath;
configs = lib.mapAttrsToList cfgFor cfg.sys.byPath;
take = f: { sane.fs = f.sane.fs; };
in mkIf cfg.enable (
take (sane-lib.mkTypedMerge take configs)

View File

@@ -1,14 +1,10 @@
{ config, lib, pkgs, utils, ... }:
{ config, lib, pkgs, sane-lib, utils, ... }:
let
store = rec {
device = "/mnt/persist/crypt/clearedonboot";
underlying = {
path = "/nix/persist/crypt/clearedonboot";
# TODO: consider moving this to /tmp, but that requires tmp be mounted first?
key = "/mnt/persist/crypt/clearedonboot.key";
};
};
persist-base = config.sane.persist.stores."plaintext".origin;
device = config.sane.persist.stores."cryptClearOnBoot".origin;
key = "${device}.key";
underlying = sane-lib.path.concat [ persist-base "crypt/clearedonboot" ];
in
lib.mkIf config.sane.persist.enable
{
@@ -17,35 +13,35 @@ lib.mkIf config.sane.persist.enable
stored to disk, but encrypted to an in-memory key and cleared on every boot
so that it's unreadable after power-off
'';
origin = store.device;
origin = lib.mkDefault "/mnt/persist/crypt/clearedonboot";
};
fileSystems."${store.device}" = {
device = store.underlying.path;
fileSystems."${device}" = {
device = underlying;
fsType = "fuse.gocryptfs";
options = [
"nodev"
"nosuid"
"allow_other"
"passfile=${store.underlying.key}"
"passfile=${key}"
"defaults"
];
noCheck = true;
};
# let sane.fs know about our fileSystem and automatically add the appropriate dependencies
sane.fs."${store.device}".mount = {
sane.fs."${device}".mount = {
# technically the dependency on the keyfile is extraneous because that *happens* to
# be needed to init the store.
depends = let
cryptfile = config.sane.fs."${store.underlying.path}/gocryptfs.conf";
keyfile = config.sane.fs."${store.underlying.key}";
cryptfile = config.sane.fs."${underlying}/gocryptfs.conf";
keyfile = config.sane.fs."${key}";
in [ keyfile.unit cryptfile.unit ];
};
# let sane.fs know how to initialize the gocryptfs store,
# and that it MUST do so
sane.fs."${store.underlying.path}/gocryptfs.conf".generated = {
sane.fs."${underlying}/gocryptfs.conf".generated = {
script.script = ''
backing="$1"
passfile="$2"
@@ -54,17 +50,17 @@ lib.mkIf config.sane.persist.enable
rm -rf "''${backing:?}"/*
${pkgs.gocryptfs}/bin/gocryptfs -quiet -passfile "$passfile" -init "$backing"
'';
script.scriptArgs = [ store.underlying.path store.underlying.key ];
script.scriptArgs = [ underlying key ];
# we need the key in order to initialize the store
depends = [ config.sane.fs."${store.underlying.key}".unit ];
depends = [ config.sane.fs."${key}".unit ];
};
# let sane.fs know how to generate the key for gocryptfs
sane.fs."${store.underlying.key}".generated = {
sane.fs."${key}".generated = {
script.script = ''
dd if=/dev/random bs=128 count=1 | base64 --wrap=0 > "$1"
'';
script.scriptArgs = [ store.underlying.key ];
script.scriptArgs = [ key ];
# no need for anyone else to be able to read the key
acl.mode = "0400";
};

View File

@@ -3,7 +3,7 @@
let
cfg = config.sane.persist;
in lib.mkIf cfg.enable {
sane.persist.stores."plaintext" = {
sane.persist.stores."plaintext" = lib.mkDefault {
origin = "/nix/persist";
};
# TODO: needed?

View File

@@ -1,21 +1,23 @@
{ config, lib, pkgs, utils, ... }:
{ config, lib, pkgs, sane-lib, utils, ... }:
let
persist-base = config.sane.persist.stores."plaintext".origin;
private-dir = config.sane.persist.stores."private".origin;
private-backing-dir = sane-lib.path.concat [ persist-base private-dir ];
in
lib.mkIf config.sane.persist.enable
{
sane.persist.stores."private" = {
storeDescription = ''
encrypted to the user's password and auto-unlocked at login
encrypted store which persists across boots.
typical use case is for the user to encrypt this store using their login password so that it
can be auto-unlocked at login.
'';
origin = "/home/colin/private";
# files stored under here *must* have the /home/colin prefix.
# internally, this prefix is removed so that e.g.
# /home/colin/foo/bar when stored in `private` is visible at
# /home/colin/private/foo/bar
prefix = "/home/colin";
origin = lib.mkDefault "/mnt/private";
defaultOrdering = let
private-unit = config.sane.fs."/home/colin/private".unit;
private-unit = config.sane.fs."${private-dir}".unit;
in {
# auto create only after ~/private is mounted
# auto create only after the store is mounted
wantedBy = [ private-unit ];
# we can't create things in private before local-fs.target
wantedBeforeBy = [ ];
@@ -23,13 +25,13 @@ lib.mkIf config.sane.persist.enable
defaultMethod = "symlink";
};
fileSystems."/home/colin/private" = {
device = "/nix/persist/home/colin/private";
fileSystems."${private-dir}" = {
device = private-backing-dir;
fsType = "fuse.gocryptfs";
options = [
"noauto" # don't try to mount, until the user logs in!
"nofail"
"allow_other" # root ends up being the user that mounts this, so need to make it visible to `colin`.
"allow_other" # root ends up being the user that mounts this, so need to make it visible to other users.
"nodev"
"nosuid"
"quiet"
@@ -39,9 +41,9 @@ lib.mkIf config.sane.persist.enable
};
# let sane.fs know about the mount
sane.fs."/home/colin/private".mount = {};
sane.fs."${private-dir}".mount = {};
# it also needs to know that the underlying device is an ordinary folder
sane.fs."/nix/persist/home/colin/private".dir = {};
sane.fs."${private-backing-dir}".dir = {};
# TODO: could add this *specifically* to the .mount file for the encrypted fs?
system.fsPackages = [ pkgs.gocryptfs ]; # fuse needs to find gocryptfs

133
modules/programs.nix Normal file
View File

@@ -0,0 +1,133 @@
{ config, lib, pkgs, sane-lib, ... }:
let
inherit (builtins) any elem map;
inherit (lib)
filterAttrs
hasAttrByPath
getAttrFromPath
mapAttrs
mapAttrsToList
mkDefault
mkIf
mkMerge
mkOption
optional
optionalAttrs
splitString
types
;
inherit (sane-lib) joinAttrsets;
cfg = config.sane.programs;
pkgSpec = types.submodule ({ name, ... }: {
options = {
package = mkOption {
type = types.nullOr types.package;
description = ''
package, or `null` if the program is some sort of meta set (in which case it much EXPLICITLY be set null).
'';
default =
let
pkgPath = splitString "." name;
in
# package can be inferred by the attr name, allowing shorthand like
# `sane.programs.nano.enable = true;`
# this indexing will throw if the package doesn't exist and the user forgets to specify
# a valid source explicitly.
getAttrFromPath pkgPath pkgs;
};
enableFor.system = mkOption {
type = types.bool;
default = any (en: en) (
mapAttrsToList
(otherName: otherPkg:
otherName != name && elem name otherPkg.suggestedPrograms && otherPkg.enableSuggested && otherPkg.enableFor.system
)
cfg
);
description = ''
place this program on the system PATH
'';
};
enableFor.user = mkOption {
type = types.attrsOf types.bool;
default = joinAttrsets (mapAttrsToList (otherName: otherPkg:
optionalAttrs
(otherName != name && elem name otherPkg.suggestedPrograms && otherPkg.enableSuggested)
(filterAttrs (user: en: en) otherPkg.enableFor.user)
) cfg);
description = ''
place this program on the PATH for some specified user(s).
'';
};
suggestedPrograms = mkOption {
type = types.listOf types.str;
default = [];
description = ''
list of other programs a user may want to enable alongside this one.
for example, the gnome desktop environment would suggest things like its settings app.
'';
};
enableSuggested = mkOption {
type = types.bool;
default = true;
};
dir = mkOption {
type = types.listOf types.str;
default = [];
description = "list of home-relative paths to persist for this package";
};
private = mkOption {
type = types.listOf types.str;
default = [];
description = "list of home-relative paths to persist (in encrypted format) for this package";
};
};
});
toPkgSpec = types.coercedTo types.package (p: { package = p; }) pkgSpec;
configs = mapAttrsToList (name: p: {
assertions = map (sug: {
assertion = cfg ? "${sug}";
message = ''program "${sug}" referenced by "${name}", but not defined'';
}) p.suggestedPrograms;
# conditionally add to system PATH
environment.systemPackages = optional
(p.package != null && p.enableFor.system)
p.package;
# conditionally add to user(s) PATH
users.users = mapAttrs (user: en: {
packages = optional (p.package != null && en) p.package;
}) p.enableFor.user;
# conditionally persist relevant user dirs
sane.users = mapAttrs (user: en: optionalAttrs en {
persist.plaintext = p.dir;
persist.private = p.private;
}) p.enableFor.user;
}) cfg;
in
{
options = {
sane.programs = mkOption {
type = types.attrsOf toPkgSpec;
default = {};
};
};
config =
let
take = f: {
assertions = f.assertions;
environment.systemPackages = f.environment.systemPackages;
users.users = f.users.users;
sane.users = f.sane.users;
};
in mkMerge [
(take (sane-lib.mkTypedMerge take configs))
{
# expose the pkgs -- as available to the system -- as a build target.
system.build.pkgs = pkgs;
}
];
}

View File

@@ -1,7 +1,6 @@
{ ... }:
{
imports = [
./duplicity.nix
./dyn-dns.nix
./kiwix-serve.nix
./mautrix-signal.nix

110
modules/users.nix Normal file
View File

@@ -0,0 +1,110 @@
{ config, lib, options, sane-lib, ... }:
let
inherit (builtins) attrValues;
inherit (lib) count mapAttrs' mapAttrsToList mkIf mkMerge mkOption types;
sane-user-cfg = config.sane.user;
cfg = config.sane.users;
path-lib = sane-lib.path;
userOptions = {
options = {
fs = mkOption {
type = types.attrs;
default = {};
description = ''
entries to pass onto `sane.fs` after prepending the user's home-dir to the path.
e.g. `sane.users.colin.fs."/.config/aerc" = X`
=> `sane.fs."/home/colin/.config/aerc" = X;
'';
};
persist = mkOption {
type = options.sane.persist.sys.type;
default = {};
description = ''
entries to pass onto `sane.persist.sys` after prepending the user's home-dir to the path.
'';
};
};
};
userModule = types.submodule ({ name, config, ... }: {
options = userOptions.options // {
default = mkOption {
type = types.bool;
default = false;
description = ''
only one default user may exist.
this option determines what the `sane.user` shorthand evaluates to.
'';
};
home = mkOption {
type = types.str;
# XXX: we'd prefer to set this to `config.users.users.home`, but that causes infinite recursion...
# TODO: maybe assert that this matches the actual home?
default = "/home/${name}";
};
};
# if we're the default user, inherit whatever settings were routed to the default user
config = mkIf config.default sane-user-cfg;
});
processUser = user: defn:
let
prefixWithHome = mapAttrs' (path: value: {
name = path-lib.concat [ defn.home path ];
inherit value;
});
in
{
sane.fs = prefixWithHome defn.fs;
# `byPath` is the actual output here, computed from the other keys.
sane.persist.sys.byPath = prefixWithHome defn.persist.byPath;
};
in
{
options = {
sane.users = mkOption {
type = types.attrsOf userModule;
default = {};
description = ''
options to apply to the given user.
the user is expected to be created externally.
configs applied at this level are simply transformed and then merged
into the toplevel `sane` options. it's merely a shorthand.
'';
};
sane.user = mkOption {
type = types.nullOr (types.submodule userOptions);
default = null;
description = ''
options to pass down to the default user
'';
};
};
config =
let
configs = mapAttrsToList processUser cfg;
num-default-users = count (u: u.default) (attrValues cfg);
take = f: {
sane.fs = f.sane.fs;
sane.persist.sys.byPath = f.sane.persist.sys.byPath;
};
in mkMerge [
(take (sane-lib.mkTypedMerge take configs))
{
assertions = [
{
assertion = sane-user-cfg == null || num-default-users != 0;
message = "cannot set `sane.user` without first setting `sane.users.<user>.default = true` for some user";
}
{
assertion = num-default-users <= 1;
message = "cannot set more than one default user";
}
];
}
];
}

View File

@@ -0,0 +1,22 @@
diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix
index 56fa74e5c0c..3573bb0af49 100644
--- a/pkgs/development/libraries/mesa/default.nix
+++ b/pkgs/development/libraries/mesa/default.nix
@@ -88,7 +88,7 @@
let
# Release calendar: https://www.mesa3d.org/release-calendar.html
# Release frequency: https://www.mesa3d.org/releasing.html#schedule
- version = "22.3.4";
+ version = "22.3.2";
branch = lib.versions.major version;
withLibdrm = lib.meta.availableOn stdenv.hostPlatform libdrm;
@@ -120,7 +120,7 @@ self = stdenv.mkDerivation {
"ftp://ftp.freedesktop.org/pub/mesa/${version}/mesa-${version}.tar.xz"
"ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz"
];
- sha256 = "37a1ddaf03f41919ee3c89c97cff41e87de96e00e9d3247959cc8279d8294593";
+ sha256 = "c15df758a8795f53e57f2a228eb4593c22b16dffd9b38f83901f76cd9533140b";
};
# TODO:

7
nixpatches/flake.lock generated
View File

@@ -2,16 +2,15 @@
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1673163619,
"narHash": "sha256-B33PFBL64ZgTWgMnhFL3jgheAN/DjHPsZ1Ih3z0VE5I=",
"lastModified": 1675123384,
"narHash": "sha256-RpU+kboEWlIYwbRMGIPBIcztH63CvmqWN1B8GpJogd4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8c54d842d9544361aac5f5b212ba04e4089e8efe",
"rev": "e0fa1ece2f3929726c9b98c539ad14b63ae8e4fd",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-22.11",
"type": "indirect"
}
},

View File

@@ -13,19 +13,12 @@
hash = "sha256-IvsIcd2wPdz4b/7FMrDrcVlIZjFecCQ9uiL0Umprbx0=";
})
# fix libreoffice build by: Revert "mdds: 2.0.3 -> 2.1.0"
# merged 2023/01/25
(fetchpatch {
url = "https://github.com/NixOS/nixpkgs/pull/212583.diff";
hash = "sha256-nkXgwQUtxYkJT2OzG6Jc72snizW5wHvR1nmh2KDnaPc=";
})
# fix handbrake build by: handbrake: 1.5.1 -> 1.6.1
# PR opened 2023/01/23
(fetchpatch {
# see alternate fix: <https://github.com/NixOS/nixpkgs/pull/211834>
url = "https://github.com/NixOS/nixpkgs/pull/212306.diff";
hash = "sha256-iQX2NaZaCzZVRlCM0pgXt0gecNwhXGeh3kXEiY38ZIM=";
hash = "sha256-PnPzvJymafa+zjkauQW0LzFsJC7S+7D9JRszTE3in+w=";
})
./2022-12-19-i2p-aarch64.patch
@@ -34,6 +27,11 @@
# allows to actually run signald
./2023-01-25-signald-update.patch
# fix for CMA memory leak in mesa: <https://gitlab.freedesktop.org/mesa/mesa/-/issues/8198>
# only necessary on aarch64.
# it's a revert of nixpkgs commit dcf630c172df2a9ecaa47c77f868211e61ae8e52
./2023-01-30-mesa-cma-leak.patch
# # kaiteki: init at 2022-09-03
# vendorHash changes too frequently (might not be reproducible).
# using local package defn until stabilized

View File

@@ -8,27 +8,16 @@
# XXX: when invoked outside our flake (e.g. via NIX_PATH) there is no `next.stable`,
# so just forward the unstable packages.
inherit (next.stable or prev)
# broken on 2023/01/14 via mtxclient dep, aarch64-only:
# fixed on 2023/01/24?
# error: builder for '/nix/store/gwidl0c9ksxjgx0dgwnjssix4ikq73v5-mtxclient-0.9.0.drv' failed with exit code 2;
# last 10 log lines:
# > make[2]: *** [CMakeFiles/matrix_client.dir/build.make:370: CMakeFiles/matrix_client.dir/lib/structs/events/encrypted.cpp.o] Error 1
# > In file included from /build/source/include/mtxclient/crypto/client.hpp:17,
# > from /build/source/lib/crypto/utils.cpp:17:
# > /build/source/include/mtx/identifiers.hpp:12:10: fatal error: compare: No such file or directory
# > 12 | #include <compare>
# > | ^~~~~~~~~
# > compilation terminated.
# > make[2]: *** [CMakeFiles/matrix_client.dir/build.make:132: CMakeFiles/matrix_client.dir/lib/crypto/utils.cpp.o] Error 1
# > make[1]: *** [CMakeFiles/Makefile2:83: CMakeFiles/matrix_client.dir/all] Error 2
# > make: *** [Makefile:136: all] Error 2
# For full logs, run 'nix log /nix/store/gwidl0c9ksxjgx0dgwnjssix4ikq73v5-mtxclient-0.9.0.drv'.
# error: 1 dependencies of derivation '/nix/store/4i2d1qdh4x6n23h1jbcbhm8q9q2hch9a-nheko-0.11.0.drv' failed to build
# error: 1 dependencies of derivation '/nix/store/k4f7k7cvjp8rb7clhlfq3yxgs6lbfmk7-home-manager-path.drv' failed to build
# error: 1 dependencies of derivation '/nix/store/67d9k554188lh4ddl4ar6j74mpc3r4sv-home-manager-generation.drv' failed to build
# error: 1 dependencies of derivation '/nix/store/5qjxzhsw1jvh2d7jypbcam9409ivb472-user-environment.drv' failed to build
# error: 1 dependencies of derivation '/nix/store/hrb3qpdbisqh0lzlyz1g9g4164khmqwn-etc.drv' failed to build
# error: 1 dependencies of derivation '/nix/store/ny21xyicbgim5wy7ksg2hibd9gn7i01b-nixos-system-moby-23.05pre-git.drv' failed to build
# nheko
;
# 2023/01/30: one test times out. probably flakey test that only got built because i patched mesa.
gjs = prev.gjs.overrideAttrs (_upstream: {
doCheck = false;
});
libadwaita = prev.libadwaita.overrideAttrs (_upstream: {
doCheck = false;
});
libsecret = prev.libsecret.overrideAttrs (_upstream: {
doCheck = false;
});
})

View File

@@ -13,7 +13,7 @@ in
(symlinkJoin {
name = "gpodder-configured";
paths = [ gpodder remove-extra ];
buildInputs = [ makeWrapper ];
nativeBuildInputs = [ makeWrapper ];
# gpodder keeps all its feeds in a sqlite3 database.
# we can configure the feeds externally by wrapping gpodder and just instructing it to import