feeds: import econlib

i hope it's a *little* cleaner this way, but tbh i'm not really sure.

flake.lock

@@ -53,18 +53,20 @@
       }
     },
     "nixpkgs": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs-unpatched"
+        ]
+      },
       "locked": {
-        "lastModified": 1672953546,
+        "lastModified": 1,
-        "narHash": "sha256-oz757DnJ1ITvwyTovuwG3l9cX6j9j6/DH9eH+cXFJmc=",
+        "narHash": "sha256-5eJxyBRYQCoRt92ZFUOdT237Z0VscuNRd0pktDYWJYE=",
-        "owner": "NixOS",
+        "path": "nixpatches",
-        "repo": "nixpkgs",
+        "type": "path"
-        "rev": "a518c77148585023ff56022f09c4b2c418a51ef5",
-        "type": "github"
       },
       "original": {
-        "id": "nixpkgs",
+        "path": "nixpatches",
-        "ref": "nixos-unstable",
+        "type": "path"
-        "type": "indirect"
       }
     },
     "nixpkgs-stable": {
@@ -98,14 +100,30 @@
         "type": "github"
       }
     },
+    "nixpkgs-unpatched": {
+      "locked": {
+        "lastModified": 1673226411,
+        "narHash": "sha256-b6cGb5Ln7Zy80YO66+cbTyGdjZKtkoqB/iIIhDX9gRA=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "aa1d74709f5dac623adb4d48fdfb27cc2c92a4d4",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-unstable",
+        "type": "indirect"
+      }
+    },
     "root": {
       "inputs": {
         "home-manager": "home-manager",
         "mobile-nixos": "mobile-nixos",
         "nixpkgs": "nixpkgs",
         "nixpkgs-stable": "nixpkgs-stable",
+        "nixpkgs-unpatched": "nixpkgs-unpatched",
         "sops-nix": "sops-nix",
-        "uninsane": "uninsane"
+        "uninsane-dot-org": "uninsane-dot-org"
       }
     },
     "sops-nix": {
@@ -129,7 +147,7 @@
         "type": "github"
       }
     },
-    "uninsane": {
+    "uninsane-dot-org": {
       "inputs": {
         "flake-utils": "flake-utils",
         "nixpkgs": [

flake.nix

@@ -5,7 +5,11 @@
 {
   inputs = {
     nixpkgs-stable.url = "nixpkgs/nixos-22.11";
-    nixpkgs.url = "nixpkgs/nixos-unstable";
+    nixpkgs-unpatched.url = "nixpkgs/nixos-unstable";
+    nixpkgs = {
+      url = "path:nixpatches";
+      inputs.nixpkgs.follows = "nixpkgs-unpatched";
+    };
     mobile-nixos = {
       url = "github:nixos/mobile-nixos";
       flake = false;
@@ -18,7 +22,7 @@
       url = "github:Mic92/sops-nix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    uninsane = {
+    uninsane-dot-org = {
       url = "git+https://git.uninsane.org/colin/uninsane";
       inputs.nixpkgs.follows = "nixpkgs";
     };
@@ -28,59 +32,53 @@
     self,
     nixpkgs,
     nixpkgs-stable,
+    nixpkgs-unpatched,
     mobile-nixos,
     home-manager,
     sops-nix,
-    uninsane
+    uninsane-dot-org
-  }: let
+  }:
-    patchedPkgs = system: nixpkgs.legacyPackages.${system}.applyPatches {
-      name = "nixpkgs-patched-uninsane";
-      src = nixpkgs;
-      patches = import ./nixpatches/list.nix {
-        inherit (nixpkgs.legacyPackages.${system}) fetchpatch;
-        inherit (nixpkgs.lib) fakeHash;
-      };
-    };
-    # return something which behaves like `pkgs`, for the provided system
-    # `local` = architecture of builder. `target` = architecture of the system beying deployed to
-    nixpkgsFor = local: target: import (patchedPkgs target) { crossSystem = target; localSystem = local; };
-    # evaluate ONLY our overlay, for the provided system
-    customPackagesFor = local: target: import ./pkgs/overlay.nix (nixpkgsFor local target) (nixpkgsFor local target);
-    decl-host = { name, local, target }:
     let
-      nixosSystem = import ((patchedPkgs target) + "/nixos/lib/eval-config.nix");
+      nixpkgsCompiledBy = local: nixpkgs.legacyPackages."${local}";
-    in (nixosSystem {
+
-      # by default the local system is the same as the target, employing emulation when they differ
+      evalHost = { name, local, target }:
+        let
+          # XXX: we'd prefer to use `nixosSystem = (nixpkgsCompiledBy local).nixos`
+          # but it doesn't propagate config to the underlying pkgs, meaning it doesn't let you use
+          # non-free packages even after setting nixpkgs.allowUnfree.
+          nixosSystem = import ((nixpkgsCompiledBy local).path + "/nixos/lib/eval-config.nix");
+        in
+          (nixosSystem {
+            # we use pkgs built for and *by* the target, i.e. emulation, by default.
+            # cross compilation only happens on explicit access to `pkgs.cross`
             system = target;
             modules = [
-        ./modules
+              (import ./hosts/instantiate.nix { localSystem = local; hostName = name; })
-        (import ./hosts/instantiate.nix name)
+              self.nixosModules.default
-        home-manager.nixosModule
+              self.nixosModules.passthru
-        sops-nix.nixosModules.sops
               {
                 nixpkgs.overlays = [
-            (import "${mobile-nixos}/overlay/overlay.nix")
+                  self.overlays.default
-            uninsane.overlay
+                  self.overlays.passthru
-            (import ./pkgs/overlay.nix)
-            (next: prev: rec {
-              # non-emulated packages build *from* local *for* target.
-              # for large packages like the linux kernel which are expensive to build under emulation,
-              # the config can explicitly pull such packages from `pkgs.cross` to do more efficient cross-compilation.
-              cross = (nixpkgsFor local target) // (customPackagesFor local target);
-              stable = import nixpkgs-stable { system = target; };
-
-              # cross-compatible packages
-              # gocryptfs = cross.gocryptfs;
-
-              # pinned packages:
-            })
                 ];
               }
             ];
           });
+    in {
+      nixosConfigurations = {
+        servo = evalHost { name = "servo"; local = "x86_64-linux"; target = "x86_64-linux"; };
+        desko = evalHost { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; };
+        lappy = evalHost { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; };
+        moby = evalHost { name = "moby"; local = "aarch64-linux"; target = "aarch64-linux"; };
+        # special cross-compiled variant, to speed up deploys from an x86 box to the arm target
+        # note that these *do* produce different store paths, because the closure for the tools used to cross compile
+        # v.s. emulate differ.
+        # so deploying foo-cross and then foo incurs some rebuilding.
+        moby-cross = evalHost { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; };
+        rescue = evalHost { name = "rescue"; local = "x86_64-linux"; target = "x86_64-linux"; };
+      };
 
-    decl-bootable-host = { name, local, target }: rec {
+      # unofficial output
-      nixosConfiguration = decl-host { inherit name local target; };
       # this produces a EFI-bootable .img file (GPT with a /boot partition and a system (/ or /nix) partition).
       # after building this:
       #   - flash it to a bootable medium (SD card, flash drive, HDD)
@@ -94,30 +92,65 @@
       #   - if fs wasn't resized automatically, then `sudo btrfs filesystem resize max /`
       #   - checkout this flake into /etc/nixos AND UPDATE THE FS UUIDS.
       #   - `nixos-rebuild --flake './#<host>' switch`
-      img = nixosConfiguration.config.system.build.img;
+      imgs = builtins.mapAttrs (_: host-dfn: host-dfn.config.system.build.img) self.nixosConfigurations;
+
+      overlays = rec {
+        default = pkgs;
+        pkgs = import ./pkgs/overlay.nix;
+        passthru =
+          let
+            stable = next: prev: {
+              stable = nixpkgs-stable.legacyPackages."${prev.stdenv.hostPlatform}";
             };
-    hosts.servo = decl-bootable-host { name = "servo"; local = "x86_64-linux"; target = "x86_64-linux"; };
+            mobile = (import "${mobile-nixos}/overlay/overlay.nix");
-    hosts.desko = decl-bootable-host { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; };
+            uninsane = uninsane-dot-org.overlay;
-    hosts.lappy = decl-bootable-host { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; };
+          in
-    hosts.moby = decl-bootable-host { name = "moby"; local = "aarch64-linux"; target = "aarch64-linux"; };
+            next: prev:
-    # special cross-compiled variant, to speed up deploys from an x86 box to the arm target
+              (stable next prev) // (mobile next prev) // (uninsane next prev);
-    # note that these *do* produce different store paths, because the closure for the tools used to cross compile
-    # v.s. emulate differ.
-    # so deploying foo-cross and then foo incurs some rebuilding.
-    hosts.moby-cross = decl-bootable-host { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; };
-    hosts.rescue = decl-bootable-host { name = "rescue"; local = "x86_64-linux"; target = "x86_64-linux"; };
-  in {
-    nixosConfigurations = builtins.mapAttrs (name: value: value.nixosConfiguration) hosts;
-    imgs = builtins.mapAttrs (name: value: value.img) hosts;
-    packages = let
-      allPkgsFor = sys: (customPackagesFor sys sys) // {
-        nixpkgs = nixpkgsFor sys sys;
-        uninsane = uninsane.packages."${sys}";
       };
+
+      nixosModules = rec {
+        default = sane;
+        sane = import ./modules;
+        passthru = { ... }: {
+          imports = [
+            home-manager.nixosModule
+            sops-nix.nixosModules.sops
+          ];
+        };
+      };
+
+      # this includes both our native packages and all the nixpkgs packages.
+      legacyPackages =
+        let
+          allPkgsFor = sys: (nixpkgsCompiledBy sys).appendOverlays [
+            self.overlays.passthru self.overlays.pkgs
+          ];
         in {
           x86_64-linux = allPkgsFor "x86_64-linux";
           aarch64-linux = allPkgsFor "aarch64-linux";
         };
+
+      # extract only our own packages from the full set
+      packages = builtins.mapAttrs
+        (_: full: full.sane // { inherit (full) sane uninsane-dot-org; })
+        self.legacyPackages;
+
+      apps."x86_64-linux" =
+        let
+          pkgs = self.legacyPackages."x86_64-linux";
+        in {
+          update-feeds = {
+            type = "app";
+            program = "${pkgs.feeds.passthru.updateScript}";
+          };
+
+          init-feed = {
+            type = "app";
+            program = "${pkgs.feeds.passthru.initFeedScript}";
+          };
+        };
+
       templates = {
         python-data = {
           # initialize with:

hosts/common/cross.nix

@@ -0,0 +1,15 @@
+{ ... }:
+
+{
+  # the configuration of which specific package set `pkgs.cross` refers to happens elsewhere;
+  # here we just define them all.
+  nixpkgs.overlays = [
+    (next: prev: {
+      # non-emulated packages build *from* local *for* target.
+      # for large packages like the linux kernel which are expensive to build under emulation,
+      # the config can explicitly pull such packages from `pkgs.cross` to do more efficient cross-compilation.
+      crossFrom."x86_64-linux" = (prev.forceSystem "x86_64-linux" null).appendOverlays next.overlays;
+      crossFrom."aarch64-linux" = (prev.forceSystem "aarch64-linux" null).appendOverlays next.overlays;
+    })
+  ];
+}

hosts/common/default.nix

@@ -2,6 +2,7 @@
 {
   imports = [
     ./bluetooth.nix
+    ./cross.nix
     ./feeds.nix
     ./fs.nix
     ./hardware

hosts/instantiate.nix

@@ -1,10 +1,23 @@
 # trampoline from flake.nix into the specific host definition, while doing a tiny bit of common setup
 
-hostName: { ... }: {
+{ hostName, localSystem }:
+{ ... }:
+
+{
   imports = [
     ./${hostName}
     ./common
   ];
 
   networking.hostName = hostName;
+
+  nixpkgs.overlays = [
+    (next: prev: {
+      # for local != target we by default just emulate the target while building.
+      # provide a `pkgs.cross.<pkg>` alias that consumers can use instead of `pkgs.<foo>`
+      # to explicitly opt into non-emulated cross compilation for any specific package.
+      # this is most beneficial for large packages with few pre-requisites -- like Linux.
+      cross = next.crossFrom."${localSystem}";
+    })
+  ];
 }

modules/data/feeds/default.nix

@@ -2,21 +2,19 @@
 
 let
   inherit (builtins) concatLists concatStringsSep foldl' fromJSON map readDir readFile;
-  inherit (lib) init mapAttrsToList removePrefix removeSuffix splitString;
+  inherit (lib) hasSuffix listToAttrs mapAttrsToList removeSuffix splitString;
-  inherit (lib.attrsets) recursiveUpdate setAttrByPath;
-  inherit (lib.filesystem) listFilesRecursive;
 
   # given a path to a .json file relative to sources, construct the best feed object we can.
   # the .json file could be empty, in which case we make assumptions about the feed based
   # on its fs path.
-  # Type: feedFromSourcePath :: String -> { path = [String]; value = feed; }
+  # Type: feedFromSourcePath :: String -> { name = String; value = feed; }
   feedFromSourcePath = json-path:
+    assert hasSuffix "/default.json" json-path;
     let
-      canonical-name = removeSuffix "/default" (lib.removeSuffix ".json" json-path);
+      canonical-name = removeSuffix "/default.json" json-path;
       default-url = "https://${canonical-name}";
-      attr-path = splitString "/" canonical-name;
       feed-details = { url = default-url; } // (tryImportJson (./sources/${json-path}));
-    in { path = attr-path; value = mkFeed feed-details; };
+    in { name = canonical-name; value = mkFeed feed-details; };
 
   # TODO: for now, feeds are just ordinary Attrs.
   # in the future, we'd like to set them up with an update script.
@@ -49,10 +47,5 @@ let
         )
         (readDir base)
     );
-
-  # like listToAttrs, except takes { path, value } pairs instead of { name, value } pairs.
-  # Type: listToAttrsByPath :: [{ path = [String]; value = Any; }] -> Attrs
-  listToAttrsByPath = items:
-    foldl' (acc: { path, value }: recursiveUpdate acc (setAttrByPath path value)) {} items;
 in
-  listToAttrsByPath (map feedFromSourcePath sources)
+  listToAttrs (map feedFromSourcePath sources)

modules/data/feeds/sources/econlib.org/default.json

@@ -0,0 +1,21 @@
+{
+  "bozo": 0,
+  "content_length": 27184,
+  "content_type": "application/rss+xml; charset=utf-8",
+  "description": "The Library of Economics and Liberty",
+  "favicon": null,
+  "hubs": [],
+  "is_podcast": false,
+  "is_push": false,
+  "item_count": 10,
+  "last_seen": "2023-01-11T10:46:38.526754+00:00",
+  "last_updated": "2023-01-09T11:30:25+00:00",
+  "score": -18,
+  "self_url": "http://www.econtalk.org/feed/",
+  "site_name": null,
+  "site_url": null,
+  "title": "EconTalk Podcast – Econlib",
+  "url": "http://www.econtalk.org/feed/",
+  "velocity": 0.143,
+  "version": "rss20"
+}

modules/data/feeds/sources/lesswrong.com/default.json

@@ -0,0 +1,21 @@
+{
+  "bozo": 0,
+  "content_length": 337440,
+  "content_type": "application/rss+xml; charset=utf-8",
+  "description": "A community blog devoted to refining the art of rationality",
+  "favicon": "https://res.cloudinary.com/lesswrong-2-0/image/upload/v1497915096/favicon_lncumn.ico",
+  "hubs": [],
+  "is_podcast": false,
+  "is_push": false,
+  "item_count": 10,
+  "last_seen": "2023-01-11T10:39:58.575828+00:00",
+  "last_updated": "2023-01-11T09:58:49+00:00",
+  "score": 32,
+  "self_url": "https://www.lesswrong.com/feed.xml?view=rss&karmaThreshold=2",
+  "site_name": "LessWrong",
+  "site_url": "https://www.lesswrong.com",
+  "title": "LessWrong",
+  "url": "https://www.lesswrong.com/feed.xml",
+  "velocity": 12.052,
+  "version": "rss20"
+}

modules/data/feeds/sources/lexfridman.com/default.json

@@ -0,0 +1,23 @@
+{
+  "bozo": 0,
+  "content_length": 841679,
+  "content_type": "application/rss+xml; charset=utf-8",
+  "description": "Conversations about AI, science, technology, history, philosophy and the nature of intelligence, consciousness, love, and power.",
+  "favicon": "https://lexfridman.com/wordpress/wp-content/uploads/2017/06/cropped-lex-favicon-4-1-32x32.png",
+  "hubs": [
+    "https://pubsubhubbub.appspot.com/"
+  ],
+  "is_podcast": true,
+  "is_push": true,
+  "item_count": 300,
+  "last_seen": "2023-01-08T23:41:32.928322+00:00",
+  "last_updated": "2022-12-29T17:35:50+00:00",
+  "score": 20,
+  "self_url": "https://lexfridman.com/feed/podcast/",
+  "site_name": "Lex Fridman",
+  "site_url": "https://lexfridman.com",
+  "title": "Lex Fridman Podcast",
+  "url": "https://lexfridman.com/feed/podcast/",
+  "velocity": 0.265,
+  "version": "rss20"
+}

modules/data/feeds/sources/xkcd.com/default.json

@@ -0,0 +1,21 @@
+{
+  "bozo": 0,
+  "content_length": 2302,
+  "content_type": "text/xml; charset=utf-8",
+  "description": null,
+  "favicon": "https://xkcd.com/s/919f27.ico",
+  "hubs": [],
+  "is_podcast": false,
+  "is_push": false,
+  "item_count": 4,
+  "last_seen": "2023-01-11T10:29:36.530001+00:00",
+  "last_updated": "2023-01-09T00:00:00+00:00",
+  "score": 16,
+  "self_url": null,
+  "site_name": "xkcd",
+  "site_url": "https://xkcd.com",
+  "title": "xkcd.com",
+  "url": "https://xkcd.com/atom.xml",
+  "velocity": 0.429,
+  "version": "atom10"
+}

modules/image.nix

@@ -82,7 +82,7 @@ in
   in
   lib.mkIf cfg.enable
   {
-    system.build.img-without-firmware = with pkgs; imageBuilder.diskImage.makeGPT {
+    system.build.img-without-firmware = with pkgs; pkgs.imageBuilder.diskImage.makeGPT {
       name = "nixos";
       diskID = vfatUuidFromFs bootFs;
       # leave some space for firmware

modules/packages.nix

@@ -212,6 +212,7 @@ let
     jq
     killall
     lsof
+    nano
     netcat
     nethogs
     nmap

nixpatches/flake.lock

@@ -0,0 +1,26 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1673163619,
+        "narHash": "sha256-B33PFBL64ZgTWgMnhFL3jgheAN/DjHPsZ1Ih3z0VE5I=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "8c54d842d9544361aac5f5b212ba04e4089e8efe",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-22.11",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

nixpatches/flake.nix

@@ -0,0 +1,26 @@
+{
+  inputs = {
+    nixpkgs.url = "nixpkgs/nixos-22.11";
+  };
+  outputs = { self, nixpkgs }:
+    let
+      patchedPkgsFor = system: nixpkgs.legacyPackages.${system}.applyPatches {
+        name = "nixpkgs-patched-uninsane";
+        src = nixpkgs;
+        patches = import ./list.nix {
+          inherit (nixpkgs.legacyPackages.${system}) fetchpatch;
+          inherit (nixpkgs.lib) fakeHash;
+        };
+      };
+      patchedFlakeFor = system: import "${patchedPkgsFor system}/flake.nix";
+      patchedFlakeOutputsFor = system:
+        (patchedFlakeFor system).outputs { inherit self; };
+    in
+    {
+      legacyPackages = builtins.mapAttrs
+        (system: _:
+          (patchedFlakeOutputsFor system).legacyPackages."${system}"
+        )
+        nixpkgs.legacyPackages;
+    };
+}

pkgs/feeds/default.nix

@@ -0,0 +1,37 @@
+{ lib
+, pkgs
+}:
+
+(lib.makeScope pkgs.newScope (self:
+  let
+    # TODO: dependency-inject this.
+    sane-data = import ../../modules/data { inherit lib; };
+    template = self.callPackage ./template.nix;
+    feed-pkgs = lib.mapAttrs
+      (name: feed-details: template {
+        feedName = name;
+        jsonPath = "modules/data/feeds/sources/${name}/default.json";
+        inherit (feed-details) url;
+      })
+      sane-data.feeds;
+    update-scripts = lib.mapAttrsToList
+      (name: feed: builtins.concatStringsSep " " feed.passthru.updateScript)
+      feed-pkgs;
+  in
+    feed-pkgs // {
+      passthru.updateScript = pkgs.writeShellScript
+        "feeds-update"
+        (builtins.concatStringsSep "\n" update-scripts);
+
+      passthru.initFeedScript = pkgs.writeShellScript
+        "init-feed"
+        ''
+          #!/usr/bin/env nix-shell
+          #!nix-shell -i bash -p git
+          name="$1"
+          mkdir modules/data/feeds/sources/"$name"
+          touch modules/data/feeds/sources/"$name"/default.json
+          git add modules/data/feeds/sources/"$name"/default.json
+        '';
+    }
+))

pkgs/feeds/template.nix

@@ -0,0 +1,28 @@
+{ lib
+, stdenv
+, callPackage
+, fetchurl
+# feed-specific args
+, feedName
+, jsonPath
+, url
+}:
+
+stdenv.mkDerivation {
+  pname = feedName;
+  version = "20230112";
+  src = fetchurl {
+    inherit url;
+  };
+  passthru.updateScript = [ ./update.sh url jsonPath ];
+  # passthru.updateScript = callPackage ./update.nix {
+  #   inherit url jsonPath;
+  # };
+  meta = {
+    description = "metadata about any feeds available at ${feedName}";
+    homepage = feedName;
+    maintainers = with lib.maintainers; [ colinsane ];
+    platforms = lib.platforms.all;
+  };
+}
+

pkgs/feeds/update.nix

@@ -0,0 +1,18 @@
+{ lib
+, curl
+, jq
+, runtimeShell
+, writeScript
+# feed-specific args
+, jsonPath
+, url
+}:
+
+let
+  apiQuery = "https://feedsearch.dev/api/v1/search?url=${url}";
+in
+writeScript "update-feed" ''
+  #!${runtimeShell}
+  PATH=${lib.makeBinPath [ curl jq  ]}
+  curl -X GET '${apiQuery}' | jq '.[-1]' > '${jsonPath}'
+''

pkgs/feeds/update.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p curl jq
+
+set -xeu -o pipefail
+
+url="$1"
+jsonPath="$2"
+
+apiQuery="https://feedsearch.dev/api/v1/search?url=$url"
+curl -X GET "$apiQuery" | jq '.[-1]' > "$jsonPath"

pkgs/overlay.nix

@@ -1,6 +1,9 @@
-(next: prev: rec {
+(next: prev:
+  let
+    sane = rec {
       #### my own, non-upstreamable packages:
       sane-scripts = prev.callPackage ./sane-scripts { };
+      feeds = prev.callPackage ./feeds { };
       tow-boot-pinephone = prev.callPackage ./tow-boot-pinephone { };
       tow-boot-rpi4 = prev.callPackage ./tow-boot-rpi4 { };
       bootpart-uefi-x86_64 = prev.callPackage ./bootpart-uefi-x86_64 { };
@@ -51,5 +54,7 @@
       splatmoji = prev.callPackage ./splatmoji { };
       # trust-dns = prev.callPackage ./trust-dns { };
       # kaiteki = prev.kaiteki;
-})
+    };
+  in sane // { inherit sane; }
+)
 

readme.md

@@ -1,7 +1,7 @@
 to deploy:
 
 ```sh
-nixos-rebuild --flake "./#servo" {build,switch}
+nixos-rebuild --flake ".#servo" {build,switch}
 ```
 
 if the target is the same as the host, nix will grab the hostname automatically:
@@ -20,7 +20,7 @@ nix flake show
 ## secrets
 
 i use [sops](https://github.com/Mic92/sops-nix) for secrets.
-see `modules/universal/secrets.nix` for some tips.
+see `hosts/common/secrets.nix` for some tips.
 
 ## building images
 
@@ -34,31 +34,34 @@ refer to flake.nix for more details.
 
 ## building packages
 
-to build one of the custom sane packages, just name it:
+build anything with
-
+```
-```sh
+nix build .#<pkgname>
-nix build ./#fluffychat-moby
 ```
 
-to build a nixpkg:
+specifically, i pass the full package closure to the `legacyPackages` flake output. that includes both my own packages and upstream packages.
+
+on the other hand the `packages` output contains only my own packages.
+
+in addition, my packages are placed into both the global scope and a `sane` scope.
+so use the scoped path when you want to be explicit.
 
-```sh
-nix build ./#nixpkgs.curl
 ```
-
+nix build sane.linux-megous
-to build a package for another platform:
-
-```sh
-nix build ./#packages.aarch64-linux.nixpkgs.ubootRaspberryPi4_64bit
 ```
 
 ## using this repo in your own config
 
-i try to ensure everything in the `modules/` directory is hidden behind some enable flag or other.
+this should be a pretty "standard" flake. just reference it, and import either
-it should be possible to copy that whole directory into your own config, and then selectively
+- `nixosModules.sane` (for the modules)
-populate what you want (like the impermenance paths, etc).
+- `overlays.pkgs` (for the packages)
-more practically, a lot of things in there still assume a user named `colin`, so you'll probably
+
-want to patch it for your name -- or just use it as a reference.
+`nixosModules.sane` corresponds to everything in the `modules/` directory.
+it's a mix of broad and narrow scope options.
+e.g. `sane.fs` is a completely standalone thing,
+whereas `sane.web-browser` is highly personalized and doesn't *really* make sense to export.
+regardless of scope, i do try to ensure that everything in `modules/` is hidden behind some enable flag
+so that the disorganization isn't that critical.
 
 ## contact