feeds: import econlib

i hope it's a *little* cleaner this way, but tbh i'm not really sure.

flake.lock

@@ -53,18 +53,20 @@
       }
     },
     "nixpkgs": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs-unpatched"
+        ]
+      },
       "locked": {
-        "lastModified": 1672953546,
-        "narHash": "sha256-oz757DnJ1ITvwyTovuwG3l9cX6j9j6/DH9eH+cXFJmc=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "a518c77148585023ff56022f09c4b2c418a51ef5",
-        "type": "github"
+        "lastModified": 1,
+        "narHash": "sha256-5eJxyBRYQCoRt92ZFUOdT237Z0VscuNRd0pktDYWJYE=",
+        "path": "nixpatches",
+        "type": "path"
       },
       "original": {
-        "id": "nixpkgs",
-        "ref": "nixos-unstable",
-        "type": "indirect"
+        "path": "nixpatches",
+        "type": "path"
       }
     },
     "nixpkgs-stable": {
@@ -98,14 +100,30 @@
         "type": "github"
       }
     },
+    "nixpkgs-unpatched": {
+      "locked": {
+        "lastModified": 1673226411,
+        "narHash": "sha256-b6cGb5Ln7Zy80YO66+cbTyGdjZKtkoqB/iIIhDX9gRA=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "aa1d74709f5dac623adb4d48fdfb27cc2c92a4d4",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-unstable",
+        "type": "indirect"
+      }
+    },
     "root": {
       "inputs": {
         "home-manager": "home-manager",
         "mobile-nixos": "mobile-nixos",
         "nixpkgs": "nixpkgs",
         "nixpkgs-stable": "nixpkgs-stable",
+        "nixpkgs-unpatched": "nixpkgs-unpatched",
         "sops-nix": "sops-nix",
-        "uninsane": "uninsane"
+        "uninsane-dot-org": "uninsane-dot-org"
       }
     },
     "sops-nix": {
@@ -129,7 +147,7 @@
         "type": "github"
       }
     },
-    "uninsane": {
+    "uninsane-dot-org": {
       "inputs": {
         "flake-utils": "flake-utils",
         "nixpkgs": [

flake.nix

@@ -5,7 +5,11 @@
 {
   inputs = {
     nixpkgs-stable.url = "nixpkgs/nixos-22.11";
-    nixpkgs.url = "nixpkgs/nixos-unstable";
+    nixpkgs-unpatched.url = "nixpkgs/nixos-unstable";
+    nixpkgs = {
+      url = "path:nixpatches";
+      inputs.nixpkgs.follows = "nixpkgs-unpatched";
+    };
     mobile-nixos = {
       url = "github:nixos/mobile-nixos";
       flake = false;
@@ -18,7 +22,7 @@
       url = "github:Mic92/sops-nix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    uninsane = {
+    uninsane-dot-org = {
       url = "git+https://git.uninsane.org/colin/uninsane";
       inputs.nixpkgs.follows = "nixpkgs";
     };
@@ -28,59 +32,53 @@
     self,
     nixpkgs,
     nixpkgs-stable,
+    nixpkgs-unpatched,
     mobile-nixos,
     home-manager,
     sops-nix,
-    uninsane
-  }: let
-    patchedPkgs = system: nixpkgs.legacyPackages.${system}.applyPatches {
-      name = "nixpkgs-patched-uninsane";
-      src = nixpkgs;
-      patches = import ./nixpatches/list.nix {
-        inherit (nixpkgs.legacyPackages.${system}) fetchpatch;
-        inherit (nixpkgs.lib) fakeHash;
-      };
-    };
-    # return something which behaves like `pkgs`, for the provided system
-    # `local` = architecture of builder. `target` = architecture of the system beying deployed to
-    nixpkgsFor = local: target: import (patchedPkgs target) { crossSystem = target; localSystem = local; };
-    # evaluate ONLY our overlay, for the provided system
-    customPackagesFor = local: target: import ./pkgs/overlay.nix (nixpkgsFor local target) (nixpkgsFor local target);
-    decl-host = { name, local, target }:
+    uninsane-dot-org
+  }:
     let
-      nixosSystem = import ((patchedPkgs target) + "/nixos/lib/eval-config.nix");
-    in (nixosSystem {
-      # by default the local system is the same as the target, employing emulation when they differ
-      system = target;
-      modules = [
-        ./modules
-        (import ./hosts/instantiate.nix name)
-        home-manager.nixosModule
-        sops-nix.nixosModules.sops
-        {
-          nixpkgs.overlays = [
-            (import "${mobile-nixos}/overlay/overlay.nix")
-            uninsane.overlay
-            (import ./pkgs/overlay.nix)
-            (next: prev: rec {
-              # non-emulated packages build *from* local *for* target.
-              # for large packages like the linux kernel which are expensive to build under emulation,
-              # the config can explicitly pull such packages from `pkgs.cross` to do more efficient cross-compilation.
-              cross = (nixpkgsFor local target) // (customPackagesFor local target);
-              stable = import nixpkgs-stable { system = target; };
+      nixpkgsCompiledBy = local: nixpkgs.legacyPackages."${local}";
 
-              # cross-compatible packages
-              # gocryptfs = cross.gocryptfs;
+      evalHost = { name, local, target }:
+        let
+          # XXX: we'd prefer to use `nixosSystem = (nixpkgsCompiledBy local).nixos`
+          # but it doesn't propagate config to the underlying pkgs, meaning it doesn't let you use
+          # non-free packages even after setting nixpkgs.allowUnfree.
+          nixosSystem = import ((nixpkgsCompiledBy local).path + "/nixos/lib/eval-config.nix");
+        in
+          (nixosSystem {
+            # we use pkgs built for and *by* the target, i.e. emulation, by default.
+            # cross compilation only happens on explicit access to `pkgs.cross`
+            system = target;
+            modules = [
+              (import ./hosts/instantiate.nix { localSystem = local; hostName = name; })
+              self.nixosModules.default
+              self.nixosModules.passthru
+              {
+                nixpkgs.overlays = [
+                  self.overlays.default
+                  self.overlays.passthru
+                ];
+              }
+            ];
+          });
+    in {
+      nixosConfigurations = {
+        servo = evalHost { name = "servo"; local = "x86_64-linux"; target = "x86_64-linux"; };
+        desko = evalHost { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; };
+        lappy = evalHost { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; };
+        moby = evalHost { name = "moby"; local = "aarch64-linux"; target = "aarch64-linux"; };
+        # special cross-compiled variant, to speed up deploys from an x86 box to the arm target
+        # note that these *do* produce different store paths, because the closure for the tools used to cross compile
+        # v.s. emulate differ.
+        # so deploying foo-cross and then foo incurs some rebuilding.
+        moby-cross = evalHost { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; };
+        rescue = evalHost { name = "rescue"; local = "x86_64-linux"; target = "x86_64-linux"; };
+      };
 
-              # pinned packages:
-            })
-          ];
-        }
-      ];
-    });
-
-    decl-bootable-host = { name, local, target }: rec {
-      nixosConfiguration = decl-host { inherit name local target; };
+      # unofficial output
       # this produces a EFI-bootable .img file (GPT with a /boot partition and a system (/ or /nix) partition).
       # after building this:
       #   - flash it to a bootable medium (SD card, flash drive, HDD)
@@ -94,40 +92,75 @@
       #   - if fs wasn't resized automatically, then `sudo btrfs filesystem resize max /`
       #   - checkout this flake into /etc/nixos AND UPDATE THE FS UUIDS.
       #   - `nixos-rebuild --flake './#<host>' switch`
-      img = nixosConfiguration.config.system.build.img;
-    };
-    hosts.servo = decl-bootable-host { name = "servo"; local = "x86_64-linux"; target = "x86_64-linux"; };
-    hosts.desko = decl-bootable-host { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; };
-    hosts.lappy = decl-bootable-host { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; };
-    hosts.moby = decl-bootable-host { name = "moby"; local = "aarch64-linux"; target = "aarch64-linux"; };
-    # special cross-compiled variant, to speed up deploys from an x86 box to the arm target
-    # note that these *do* produce different store paths, because the closure for the tools used to cross compile
-    # v.s. emulate differ.
-    # so deploying foo-cross and then foo incurs some rebuilding.
-    hosts.moby-cross = decl-bootable-host { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; };
-    hosts.rescue = decl-bootable-host { name = "rescue"; local = "x86_64-linux"; target = "x86_64-linux"; };
-  in {
-    nixosConfigurations = builtins.mapAttrs (name: value: value.nixosConfiguration) hosts;
-    imgs = builtins.mapAttrs (name: value: value.img) hosts;
-    packages = let
-      allPkgsFor = sys: (customPackagesFor sys sys) // {
-        nixpkgs = nixpkgsFor sys sys;
-        uninsane = uninsane.packages."${sys}";
+      imgs = builtins.mapAttrs (_: host-dfn: host-dfn.config.system.build.img) self.nixosConfigurations;
+
+      overlays = rec {
+        default = pkgs;
+        pkgs = import ./pkgs/overlay.nix;
+        passthru =
+          let
+            stable = next: prev: {
+              stable = nixpkgs-stable.legacyPackages."${prev.stdenv.hostPlatform}";
+            };
+            mobile = (import "${mobile-nixos}/overlay/overlay.nix");
+            uninsane = uninsane-dot-org.overlay;
+          in
+            next: prev:
+              (stable next prev) // (mobile next prev) // (uninsane next prev);
       };
-    in {
-      x86_64-linux = allPkgsFor "x86_64-linux";
-      aarch64-linux = allPkgsFor "aarch64-linux";
-    };
-    templates = {
-      python-data = {
-        # initialize with:
-        # - `nix flake init -t '/home/colin/dev/nixos/#python-data'`
-        # then enter with:
-        # - `nix develop`
-        path = ./templates/python-data;
-        description = "python environment for data processing";
+
+      nixosModules = rec {
+        default = sane;
+        sane = import ./modules;
+        passthru = { ... }: {
+          imports = [
+            home-manager.nixosModule
+            sops-nix.nixosModules.sops
+          ];
+        };
+      };
+
+      # this includes both our native packages and all the nixpkgs packages.
+      legacyPackages =
+        let
+          allPkgsFor = sys: (nixpkgsCompiledBy sys).appendOverlays [
+            self.overlays.passthru self.overlays.pkgs
+          ];
+        in {
+          x86_64-linux = allPkgsFor "x86_64-linux";
+          aarch64-linux = allPkgsFor "aarch64-linux";
+        };
+
+      # extract only our own packages from the full set
+      packages = builtins.mapAttrs
+        (_: full: full.sane // { inherit (full) sane uninsane-dot-org; })
+        self.legacyPackages;
+
+      apps."x86_64-linux" =
+        let
+          pkgs = self.legacyPackages."x86_64-linux";
+        in {
+          update-feeds = {
+            type = "app";
+            program = "${pkgs.feeds.passthru.updateScript}";
+          };
+
+          init-feed = {
+            type = "app";
+            program = "${pkgs.feeds.passthru.initFeedScript}";
+          };
+        };
+
+      templates = {
+        python-data = {
+          # initialize with:
+          # - `nix flake init -t '/home/colin/dev/nixos/#python-data'`
+          # then enter with:
+          # - `nix develop`
+          path = ./templates/python-data;
+          description = "python environment for data processing";
+        };
       };
     };
-  };
 }
 

hosts/common/cross.nix

@@ -0,0 +1,15 @@
+{ ... }:
+
+{
+  # the configuration of which specific package set `pkgs.cross` refers to happens elsewhere;
+  # here we just define them all.
+  nixpkgs.overlays = [
+    (next: prev: {
+      # non-emulated packages build *from* local *for* target.
+      # for large packages like the linux kernel which are expensive to build under emulation,
+      # the config can explicitly pull such packages from `pkgs.cross` to do more efficient cross-compilation.
+      crossFrom."x86_64-linux" = (prev.forceSystem "x86_64-linux" null).appendOverlays next.overlays;
+      crossFrom."aarch64-linux" = (prev.forceSystem "aarch64-linux" null).appendOverlays next.overlays;
+    })
+  ];
+}

hosts/common/default.nix

@@ -2,6 +2,7 @@
 {
   imports = [
     ./bluetooth.nix
+    ./cross.nix
     ./feeds.nix
     ./fs.nix
     ./hardware

hosts/instantiate.nix

@@ -1,10 +1,23 @@
 # trampoline from flake.nix into the specific host definition, while doing a tiny bit of common setup
 
-hostName: { ... }: {
+{ hostName, localSystem }:
+{ ... }:
+
+{
   imports = [
     ./${hostName}
     ./common
   ];
 
   networking.hostName = hostName;
+
+  nixpkgs.overlays = [
+    (next: prev: {
+      # for local != target we by default just emulate the target while building.
+      # provide a `pkgs.cross.<pkg>` alias that consumers can use instead of `pkgs.<foo>`
+      # to explicitly opt into non-emulated cross compilation for any specific package.
+      # this is most beneficial for large packages with few pre-requisites -- like Linux.
+      cross = next.crossFrom."${localSystem}";
+    })
+  ];
 }

hosts/servo/services/nginx.nix

@@ -1,5 +1,5 @@
 # docs: https://nixos.wiki/wiki/Nginx
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
 let
   # make the logs for this host "public" so that they show up in e.g. metrics

modules/data/default.nix

@@ -4,6 +4,9 @@
 # don't put things like fully-specific ~/.config files in here,
 # even if they're "relatively unopinionated".
 
+moduleArgs:
+
 {
+  feeds = import ./feeds moduleArgs;
   keys = import ./keys.nix;
 }

modules/data/feeds/default.nix

@@ -0,0 +1,51 @@
+{ lib, ... }:
+
+let
+  inherit (builtins) concatLists concatStringsSep foldl' fromJSON map readDir readFile;
+  inherit (lib) hasSuffix listToAttrs mapAttrsToList removeSuffix splitString;
+
+  # given a path to a .json file relative to sources, construct the best feed object we can.
+  # the .json file could be empty, in which case we make assumptions about the feed based
+  # on its fs path.
+  # Type: feedFromSourcePath :: String -> { name = String; value = feed; }
+  feedFromSourcePath = json-path:
+    assert hasSuffix "/default.json" json-path;
+    let
+      canonical-name = removeSuffix "/default.json" json-path;
+      default-url = "https://${canonical-name}";
+      feed-details = { url = default-url; } // (tryImportJson (./sources/${json-path}));
+    in { name = canonical-name; value = mkFeed feed-details; };
+
+  # TODO: for now, feeds are just ordinary Attrs.
+  # in the future, we'd like to set them up with an update script.
+  mkFeed = { url, ... }@details: details;
+
+  # return an AttrSet representing the json at the provided path,
+  # or {} if the path is empty.
+  tryImportJson = path:
+    let
+      as-str = readFile path;
+    in
+      if as-str == "" then
+        {}
+      else
+        fromJSON as-str;
+
+  sources = enumerateFilePaths ./sources;
+
+  # like `lib.listFilesRecursive` but does not mangle paths.
+  # Type: enumerateFilePaths :: path -> [String]
+  enumerateFilePaths = base:
+    concatLists (
+      mapAttrsToList
+        (name: type:
+          if type == "directory" then
+            # enumerate this directory and then prefix each result with the directory's name
+            map (e: "${name}/${e}") (enumerateFilePaths (base + "/${name}"))
+          else
+            [ name ]
+        )
+        (readDir base)
+    );
+in
+  listToAttrs (map feedFromSourcePath sources)

modules/data/feeds/sources/econlib.org/default.json

@@ -0,0 +1,21 @@
+{
+  "bozo": 0,
+  "content_length": 27184,
+  "content_type": "application/rss+xml; charset=utf-8",
+  "description": "The Library of Economics and Liberty",
+  "favicon": null,
+  "hubs": [],
+  "is_podcast": false,
+  "is_push": false,
+  "item_count": 10,
+  "last_seen": "2023-01-11T10:46:38.526754+00:00",
+  "last_updated": "2023-01-09T11:30:25+00:00",
+  "score": -18,
+  "self_url": "http://www.econtalk.org/feed/",
+  "site_name": null,
+  "site_url": null,
+  "title": "EconTalk Podcast – Econlib",
+  "url": "http://www.econtalk.org/feed/",
+  "velocity": 0.143,
+  "version": "rss20"
+}

modules/data/feeds/sources/lesswrong.com/default.json

@@ -0,0 +1,21 @@
+{
+  "bozo": 0,
+  "content_length": 337440,
+  "content_type": "application/rss+xml; charset=utf-8",
+  "description": "A community blog devoted to refining the art of rationality",
+  "favicon": "https://res.cloudinary.com/lesswrong-2-0/image/upload/v1497915096/favicon_lncumn.ico",
+  "hubs": [],
+  "is_podcast": false,
+  "is_push": false,
+  "item_count": 10,
+  "last_seen": "2023-01-11T10:39:58.575828+00:00",
+  "last_updated": "2023-01-11T09:58:49+00:00",
+  "score": 32,
+  "self_url": "https://www.lesswrong.com/feed.xml?view=rss&karmaThreshold=2",
+  "site_name": "LessWrong",
+  "site_url": "https://www.lesswrong.com",
+  "title": "LessWrong",
+  "url": "https://www.lesswrong.com/feed.xml",
+  "velocity": 12.052,
+  "version": "rss20"
+}

modules/data/feeds/sources/lexfridman.com/default.json

@@ -0,0 +1,23 @@
+{
+  "bozo": 0,
+  "content_length": 841679,
+  "content_type": "application/rss+xml; charset=utf-8",
+  "description": "Conversations about AI, science, technology, history, philosophy and the nature of intelligence, consciousness, love, and power.",
+  "favicon": "https://lexfridman.com/wordpress/wp-content/uploads/2017/06/cropped-lex-favicon-4-1-32x32.png",
+  "hubs": [
+    "https://pubsubhubbub.appspot.com/"
+  ],
+  "is_podcast": true,
+  "is_push": true,
+  "item_count": 300,
+  "last_seen": "2023-01-08T23:41:32.928322+00:00",
+  "last_updated": "2022-12-29T17:35:50+00:00",
+  "score": 20,
+  "self_url": "https://lexfridman.com/feed/podcast/",
+  "site_name": "Lex Fridman",
+  "site_url": "https://lexfridman.com",
+  "title": "Lex Fridman Podcast",
+  "url": "https://lexfridman.com/feed/podcast/",
+  "velocity": 0.265,
+  "version": "rss20"
+}

modules/data/feeds/sources/xkcd.com/default.json

@@ -0,0 +1,21 @@
+{
+  "bozo": 0,
+  "content_length": 2302,
+  "content_type": "text/xml; charset=utf-8",
+  "description": null,
+  "favicon": "https://xkcd.com/s/919f27.ico",
+  "hubs": [],
+  "is_podcast": false,
+  "is_push": false,
+  "item_count": 4,
+  "last_seen": "2023-01-11T10:29:36.530001+00:00",
+  "last_updated": "2023-01-09T00:00:00+00:00",
+  "score": 16,
+  "self_url": null,
+  "site_name": "xkcd",
+  "site_url": "https://xkcd.com",
+  "title": "xkcd.com",
+  "url": "https://xkcd.com/atom.xml",
+  "velocity": 0.429,
+  "version": "atom10"
+}

modules/default.nix

@@ -18,6 +18,6 @@
 
   _module.args =  {
     sane-lib = import ./lib { inherit lib utils; };
-    sane-data = import ./data;
+    sane-data = import ./data { inherit lib; };
   };
 }

modules/feeds.nix

@@ -14,6 +14,7 @@ let
       };
       format = mkOption {
         type = types.enum [ "text" "image" "podcast" ];
+        default = "text";
       };
       url = mkOption {
         type = types.str;

modules/image.nix

@@ -82,7 +82,7 @@ in
   in
   lib.mkIf cfg.enable
   {
-    system.build.img-without-firmware = with pkgs; imageBuilder.diskImage.makeGPT {
+    system.build.img-without-firmware = with pkgs; pkgs.imageBuilder.diskImage.makeGPT {
       name = "nixos";
       diskID = vfatUuidFromFs bootFs;
       # leave some space for firmware

modules/lib/merge.nix

@@ -31,11 +31,11 @@ rec {
     let
       # define the current path, but nothing more.
       curLevel = lib.setAttrByPath path {};
-      # `take` will either set:
-      # - { $path = path }  => { $path = {} };
-      # - { $path.next = path.next }  => { $path = { next = ?; } }
+      # `take curLevel` will act one of two ways here:
+      # - { $path = f.$path; }  => { $path = {}; };
+      # - { $path.subAttr = f.$path.subAttr; }  => { $path = { subAttr = ?; }; }
       # so, index $path into the output of `take`,
-      # and if it has any attrs that means we're interested in those too.
+      # and if it has any attrs (like `subAttr`) that means we're interested in those too.
       nextLevel = lib.getAttrFromPath path (take curLevel);
     in
       builtins.attrNames nextLevel;
@@ -49,10 +49,7 @@ rec {
     in if subNames == [] then
       [ path ]
     else
-      let
-        terminalsPerChild = builtins.map (name: findTerminalPaths take (path ++ [name])) subNames;
-      in
-        lib.concatLists terminalsPerChild;
+      lib.concatMap (name: findTerminalPaths take (path ++ [name])) subNames;
 
   # ensures that all nodes in the attrset from the root to and including the given path
   # are ordinary attrs -- if they exist.
@@ -64,19 +61,15 @@ rec {
       items = lib.pushDownProperties i;
       # now items is a list where every element is undecorated at the toplevel.
       # e.g. each item is an ordinary attrset or primitive.
-    in
-      if path == [] then
-        items
+      # we still need to discharge the *rest* of the path though, for every item.
+      name = lib.head path;
+      downstream = lib.tail path;
+      dischargeDownstream = it: if path != [] && it ? name then
+        builtins.map (v: it // { "${name}" = v; }) (dischargeToPath downstream it."${name}")
       else
-        let
-          name = lib.head path;
-          downstream = lib.tail path;
-          dischargeItem = it: if it ? name then
-            builtins.map (v: it // { "${name}" = v; }) (dischargeToPath downstream it."${name}")
-          else
-            [ it ];
-        in
-          lib.concatMap dischargeItem items;
+        [ it ];
+    in
+      lib.concatMap dischargeDownstream items;
 
   # discharge many items but only over one path.
   # Type: dischargeItemsToPaths :: [Attrs] -> String -> [Attrs]
@@ -96,9 +89,12 @@ rec {
   # check that attrset `i` contains no terminals other than those specified in (or direct ancestors of) paths
   assertNoExtraPaths = paths: i:
     let
-      clearPath = acc: path: lib.recursiveUpdate acc (lib.setAttrByPath path null);
-      remainder = builtins.foldl' clearPath i paths;
-      expected-remainder = builtins.foldl' clearPath {} paths;
+      # since the act of discharging should have forced all the relevant data out to the leaves,
+      # we just set each expected terminal to null (initializing the parents when necessary)
+      # and that gives a standard value for any fully-consumed items that we can do equality comparisons with.
+      wipePath = acc: path: lib.recursiveUpdate acc (lib.setAttrByPath path null);
+      remainder = builtins.foldl' wipePath i paths;
+      expected-remainder = builtins.foldl' wipePath {} paths;
     in
       assert remainder == expected-remainder; true;
 }

modules/packages.nix

@@ -212,6 +212,7 @@ let
     jq
     killall
     lsof
+    nano
     netcat
     nethogs
     nmap

nixpatches/flake.lock

@@ -0,0 +1,26 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1673163619,
+        "narHash": "sha256-B33PFBL64ZgTWgMnhFL3jgheAN/DjHPsZ1Ih3z0VE5I=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "8c54d842d9544361aac5f5b212ba04e4089e8efe",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-22.11",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

nixpatches/flake.nix

@@ -0,0 +1,26 @@
+{
+  inputs = {
+    nixpkgs.url = "nixpkgs/nixos-22.11";
+  };
+  outputs = { self, nixpkgs }:
+    let
+      patchedPkgsFor = system: nixpkgs.legacyPackages.${system}.applyPatches {
+        name = "nixpkgs-patched-uninsane";
+        src = nixpkgs;
+        patches = import ./list.nix {
+          inherit (nixpkgs.legacyPackages.${system}) fetchpatch;
+          inherit (nixpkgs.lib) fakeHash;
+        };
+      };
+      patchedFlakeFor = system: import "${patchedPkgsFor system}/flake.nix";
+      patchedFlakeOutputsFor = system:
+        (patchedFlakeFor system).outputs { inherit self; };
+    in
+    {
+      legacyPackages = builtins.mapAttrs
+        (system: _:
+          (patchedFlakeOutputsFor system).legacyPackages."${system}"
+        )
+        nixpkgs.legacyPackages;
+    };
+}

pkgs/feeds/default.nix

@@ -0,0 +1,37 @@
+{ lib
+, pkgs
+}:
+
+(lib.makeScope pkgs.newScope (self:
+  let
+    # TODO: dependency-inject this.
+    sane-data = import ../../modules/data { inherit lib; };
+    template = self.callPackage ./template.nix;
+    feed-pkgs = lib.mapAttrs
+      (name: feed-details: template {
+        feedName = name;
+        jsonPath = "modules/data/feeds/sources/${name}/default.json";
+        inherit (feed-details) url;
+      })
+      sane-data.feeds;
+    update-scripts = lib.mapAttrsToList
+      (name: feed: builtins.concatStringsSep " " feed.passthru.updateScript)
+      feed-pkgs;
+  in
+    feed-pkgs // {
+      passthru.updateScript = pkgs.writeShellScript
+        "feeds-update"
+        (builtins.concatStringsSep "\n" update-scripts);
+
+      passthru.initFeedScript = pkgs.writeShellScript
+        "init-feed"
+        ''
+          #!/usr/bin/env nix-shell
+          #!nix-shell -i bash -p git
+          name="$1"
+          mkdir modules/data/feeds/sources/"$name"
+          touch modules/data/feeds/sources/"$name"/default.json
+          git add modules/data/feeds/sources/"$name"/default.json
+        '';
+    }
+))

pkgs/feeds/template.nix

@@ -0,0 +1,28 @@
+{ lib
+, stdenv
+, callPackage
+, fetchurl
+# feed-specific args
+, feedName
+, jsonPath
+, url
+}:
+
+stdenv.mkDerivation {
+  pname = feedName;
+  version = "20230112";
+  src = fetchurl {
+    inherit url;
+  };
+  passthru.updateScript = [ ./update.sh url jsonPath ];
+  # passthru.updateScript = callPackage ./update.nix {
+  #   inherit url jsonPath;
+  # };
+  meta = {
+    description = "metadata about any feeds available at ${feedName}";
+    homepage = feedName;
+    maintainers = with lib.maintainers; [ colinsane ];
+    platforms = lib.platforms.all;
+  };
+}
+

pkgs/feeds/update.nix

@@ -0,0 +1,18 @@
+{ lib
+, curl
+, jq
+, runtimeShell
+, writeScript
+# feed-specific args
+, jsonPath
+, url
+}:
+
+let
+  apiQuery = "https://feedsearch.dev/api/v1/search?url=${url}";
+in
+writeScript "update-feed" ''
+  #!${runtimeShell}
+  PATH=${lib.makeBinPath [ curl jq  ]}
+  curl -X GET '${apiQuery}' | jq '.[-1]' > '${jsonPath}'
+''

pkgs/feeds/update.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p curl jq
+
+set -xeu -o pipefail
+
+url="$1"
+jsonPath="$2"
+
+apiQuery="https://feedsearch.dev/api/v1/search?url=$url"
+curl -X GET "$apiQuery" | jq '.[-1]' > "$jsonPath"

pkgs/overlay.nix

@@ -1,55 +1,60 @@
-(next: prev: rec {
-  #### my own, non-upstreamable packages:
-  sane-scripts = prev.callPackage ./sane-scripts { };
-  tow-boot-pinephone = prev.callPackage ./tow-boot-pinephone { };
-  tow-boot-rpi4 = prev.callPackage ./tow-boot-rpi4 { };
-  bootpart-uefi-x86_64 = prev.callPackage ./bootpart-uefi-x86_64 { };
-  bootpart-tow-boot-rpi-aarch64 = prev.callPackage ./bootpart-tow-boot-rpi-aarch64 {
-    # not sure why i can't just do `next.callPackage` instead
-    inherit tow-boot-rpi4;
-  };
-  bootpart-u-boot-rpi-aarch64 = prev.callPackage ./bootpart-u-boot-rpi-aarch64 {
-    # not sure why i can't just do `next.callPackage` instead
-    inherit ubootRaspberryPi4_64bit;
-  };
-  rtl8723cs-firmware = prev.callPackage ./rtl8723cs-firmware { };
-  linux-megous = prev.callPackage ./linux-megous {
-    kernelPatches = [
-      prev.kernelPatches.bridge_stp_helper
-      prev.kernelPatches.request_key_helper
-    ];
-  };
+(next: prev:
+  let
+    sane = rec {
+      #### my own, non-upstreamable packages:
+      sane-scripts = prev.callPackage ./sane-scripts { };
+      feeds = prev.callPackage ./feeds { };
+      tow-boot-pinephone = prev.callPackage ./tow-boot-pinephone { };
+      tow-boot-rpi4 = prev.callPackage ./tow-boot-rpi4 { };
+      bootpart-uefi-x86_64 = prev.callPackage ./bootpart-uefi-x86_64 { };
+      bootpart-tow-boot-rpi-aarch64 = prev.callPackage ./bootpart-tow-boot-rpi-aarch64 {
+        # not sure why i can't just do `next.callPackage` instead
+        inherit tow-boot-rpi4;
+      };
+      bootpart-u-boot-rpi-aarch64 = prev.callPackage ./bootpart-u-boot-rpi-aarch64 {
+        # not sure why i can't just do `next.callPackage` instead
+        inherit ubootRaspberryPi4_64bit;
+      };
+      rtl8723cs-firmware = prev.callPackage ./rtl8723cs-firmware { };
+      linux-megous = prev.callPackage ./linux-megous {
+        kernelPatches = [
+          prev.kernelPatches.bridge_stp_helper
+          prev.kernelPatches.request_key_helper
+        ];
+      };
 
-  sublime-music-mobile = prev.callPackage ./sublime-music-mobile { };
+      sublime-music-mobile = prev.callPackage ./sublime-music-mobile { };
 
-  #### customized packages
-  fluffychat-moby = prev.callPackage ./fluffychat-moby { };
-  gpodder-configured = prev.callPackage ./gpodder-configured { };
-  # nixos-unstable pleroma is too far out-of-date for our db
-  pleroma = prev.callPackage ./pleroma { };
-  # jackett doesn't allow customization of the bind address: this will probably always be here.
-  jackett = prev.callPackage ./jackett { inherit (prev) jackett; };
-  # mozilla keeps nerfing itself and removing configuration options
-  firefox-unwrapped = prev.callPackage ./firefox-unwrapped { };
+      #### customized packages
+      fluffychat-moby = prev.callPackage ./fluffychat-moby { };
+      gpodder-configured = prev.callPackage ./gpodder-configured { };
+      # nixos-unstable pleroma is too far out-of-date for our db
+      pleroma = prev.callPackage ./pleroma { };
+      # jackett doesn't allow customization of the bind address: this will probably always be here.
+      jackett = prev.callPackage ./jackett { inherit (prev) jackett; };
+      # mozilla keeps nerfing itself and removing configuration options
+      firefox-unwrapped = prev.callPackage ./firefox-unwrapped { };
 
-  # patch rpi uboot with something that fixes USB HDD boot
-  ubootRaspberryPi4_64bit = prev.callPackage ./ubootRaspberryPi4_64bit { };
+      # patch rpi uboot with something that fixes USB HDD boot
+      ubootRaspberryPi4_64bit = prev.callPackage ./ubootRaspberryPi4_64bit { };
 
-  gocryptfs = prev.callPackage ./gocryptfs { inherit (prev) gocryptfs; };
+      gocryptfs = prev.callPackage ./gocryptfs { inherit (prev) gocryptfs; };
 
-  browserpass = prev.callPackage ./browserpass { inherit (prev) browserpass; inherit sane-scripts; };
+      browserpass = prev.callPackage ./browserpass { inherit (prev) browserpass; inherit sane-scripts; };
 
-  fractal-latest = prev.callPackage ./fractal-latest { };
+      fractal-latest = prev.callPackage ./fractal-latest { };
 
-  #### TEMPORARY: PACKAGES WAITING TO BE UPSTREAMED
-  kaiteki = prev.callPackage ./kaiteki { };
-  lightdm-mobile-greeter = prev.callPackage ./lightdm-mobile-greeter { };
-  browserpass-extension = prev.callPackage ./browserpass-extension { };
-  gopass-native-messaging-host = prev.callPackage ./gopass-native-messaging-host { };
-  tokodon = prev.libsForQt5.callPackage ./tokodon { };
-  signaldctl = prev.callPackage ./signaldctl { };
-  splatmoji = prev.callPackage ./splatmoji { };
-  # trust-dns = prev.callPackage ./trust-dns { };
-  # kaiteki = prev.kaiteki;
-})
+      #### TEMPORARY: PACKAGES WAITING TO BE UPSTREAMED
+      kaiteki = prev.callPackage ./kaiteki { };
+      lightdm-mobile-greeter = prev.callPackage ./lightdm-mobile-greeter { };
+      browserpass-extension = prev.callPackage ./browserpass-extension { };
+      gopass-native-messaging-host = prev.callPackage ./gopass-native-messaging-host { };
+      tokodon = prev.libsForQt5.callPackage ./tokodon { };
+      signaldctl = prev.callPackage ./signaldctl { };
+      splatmoji = prev.callPackage ./splatmoji { };
+      # trust-dns = prev.callPackage ./trust-dns { };
+      # kaiteki = prev.kaiteki;
+    };
+  in sane // { inherit sane; }
+)
 

readme.md

@@ -1,7 +1,7 @@
 to deploy:
 
 ```sh
-nixos-rebuild --flake "./#servo" {build,switch}
+nixos-rebuild --flake ".#servo" {build,switch}
 ```
 
 if the target is the same as the host, nix will grab the hostname automatically:
@@ -20,7 +20,7 @@ nix flake show
 ## secrets
 
 i use [sops](https://github.com/Mic92/sops-nix) for secrets.
-see `modules/universal/secrets.nix` for some tips.
+see `hosts/common/secrets.nix` for some tips.
 
 ## building images
 
@@ -34,31 +34,34 @@ refer to flake.nix for more details.
 
 ## building packages
 
-to build one of the custom sane packages, just name it:
-
-```sh
-nix build ./#fluffychat-moby
+build anything with
+```
+nix build .#<pkgname>
 ```
 
-to build a nixpkg:
+specifically, i pass the full package closure to the `legacyPackages` flake output. that includes both my own packages and upstream packages.
+
+on the other hand the `packages` output contains only my own packages.
+
+in addition, my packages are placed into both the global scope and a `sane` scope.
+so use the scoped path when you want to be explicit.
 
-```sh
-nix build ./#nixpkgs.curl
 ```
-
-to build a package for another platform:
-
-```sh
-nix build ./#packages.aarch64-linux.nixpkgs.ubootRaspberryPi4_64bit
+nix build sane.linux-megous
 ```
 
 ## using this repo in your own config
 
-i try to ensure everything in the `modules/` directory is hidden behind some enable flag or other.
-it should be possible to copy that whole directory into your own config, and then selectively
-populate what you want (like the impermenance paths, etc).
-more practically, a lot of things in there still assume a user named `colin`, so you'll probably
-want to patch it for your name -- or just use it as a reference.
+this should be a pretty "standard" flake. just reference it, and import either
+- `nixosModules.sane` (for the modules)
+- `overlays.pkgs` (for the packages)
+
+`nixosModules.sane` corresponds to everything in the `modules/` directory.
+it's a mix of broad and narrow scope options.
+e.g. `sane.fs` is a completely standalone thing,
+whereas `sane.web-browser` is highly personalized and doesn't *really* make sense to export.
+regardless of scope, i do try to ensure that everything in `modules/` is hidden behind some enable flag
+so that the disorganization isn't that critical.
 
 ## contact