get sane.packages to work better. still needs cleanup

programs: enable persistence
modules: add a sane.programs interface which i can use going forward in place of sane.packages
2023-02-03 01:05:58 +00:00 · 2023-02-02 12:35:42 +00:00 · 2023-02-02 12:31:13 +00:00
14 changed files with 427 additions and 395 deletions
--- a/hosts/by-name/desko/default.nix
+++ b/hosts/by-name/desko/default.nix
@@ -4,6 +4,8 @@
    ./fs.nix
  ];
  # sane.packages.enableDevPkgs = true;
  sane.roles.client = true;
  sane.services.wg-home.enable = true;
  sane.services.wg-home.ip = config.sane.hosts.by-name."desko".wg-home.ip;
--- a/hosts/by-name/lappy/default.nix
+++ b/hosts/by-name/lappy/default.nix
@@ -8,6 +8,8 @@
  sane.services.wg-home.enable = true;
  sane.services.wg-home.ip = config.sane.hosts.by-name."lappy".wg-home.ip;
  # sane.packages.enableDevPkgs = true;
  # sane.guest.enable = true;
  sane.gui.sway.enable = true;
  sane.persist.enable = true;
--- a/hosts/by-name/moby/default.nix
+++ b/hosts/by-name/moby/default.nix
@@ -41,12 +41,10 @@
    ".config/pulse"  # persist pulseaudio volume
  ];
-  sane.programs."pkgs.plasma5Packages.konsole" = {
+  # sane.packages.enableGuiPkgs = false;  # XXX faster builds/imaging for debugging
-    # more reliable terminal
+  sane.packages.extraUserPkgs = [
-    # TODO: move to gui/phosh
+    pkgs.plasma5Packages.konsole  # terminal
-    package = pkgs.plasma5Packages.konsole;
+  ];
    enableFor.user.colin = true;
  };
  sane.nixcache.enable = true;
  sane.persist.enable = true;
--- a/hosts/by-name/servo/default.nix
+++ b/hosts/by-name/servo/default.nix
@@ -8,13 +8,12 @@
    ./services
  ];
-  sane.programs = {
+  sane.packages.extraUserPkgs = with pkgs; [
    # for administering services
-    freshrss.enableFor.user.colin = true;
+    freshrss
-    matrix-synapse.enableFor.user.colin = true;
+    matrix-synapse
-    signaldctl.enableFor.user.colin = true;
+    signaldctl
-  };
+  ];
  sane.persist.enable = true;
  sane.services.dyn-dns.enable = true;
  sane.services.wg-home.enable = true;
--- a/hosts/common/default.nix
+++ b/hosts/common/default.nix
@@ -19,8 +19,8 @@
  ];
  sane.nixcache.enable-trusted-keys = true;
-  sane.programs.sysadminUtils.enableFor.system = true;
+  sane.packages.enableConsolePkgs = true;
-  sane.programs.consoleUtils.enableFor.user.colin = true;
+  sane.packages.enableSystemPkgs = true;
  # some services which use private directories error if the parent (/var/lib/private) isn't 700.
  sane.fs."/var/lib/private".dir.acl.mode = "0700";
--- a/hosts/common/home/firefox.nix
+++ b/hosts/common/home/firefox.nix
@@ -146,11 +146,6 @@ in
  };
  config = {
    sane.programs.web-browser = {
      inherit package;
      # TODO: define the persistence & fs config here
    };
    sane.programs.guiApps.suggestedPrograms = [ "web-browser" ];
    # uBlock filter list configuration.
    # specifically, enable the GDPR cookie prompt blocker.
@@ -176,6 +171,8 @@ in
      // see: <https://librewolf.net/docs/faq/#im-getting-sec_error_ocsp_server_error-what-can-i-do>
      defaultPref("security.OCSP.require", false);
    '';
    sane.packages.extraGuiPkgs = [ package ];
    # flush the cache to disk to avoid it taking up too much tmp
    sane.user.persist.byPath."${cfg.browser.cacheDir}" = lib.mkIf (cfg.persistCache != null) {
      store = cfg.persistCache;
--- a/hosts/common/programs.nix
+++ b/hosts/common/programs.nix
@@ -1,329 +1,21 @@
-{ lib, pkgs, ... }:
+{ pkgs, ... }:
 let
  inherit (builtins) attrNames concatLists;
  inherit (lib) mapAttrs mapAttrsToList mkDefault mkMerge optional;
  sysadminPkgs = {
    inherit (pkgs // {
      # XXX can't `inherit` a nested attr, so we move them to the toplevel
      "cacert.unbundled" = pkgs.cacert.unbundled;
    })
      btrfs-progs
      "cacert.unbundled"  # some services require unbundled /etc/ssl/certs
      cryptsetup
      dig
      efibootmgr
      fatresize
      fd
      file
      gawk
      git
      gptfdisk
      hdparm
      htop
      iftop
      inetutils  # for telnet
      iotop
      iptables
      jq
      killall
      lsof
      nano
      netcat
      nethogs
      nmap
      openssl
      parted
      pciutils
      powertop
      pstree
      ripgrep
      screen
      smartmontools
      socat
      strace
      tcpdump
      tree
      usbutils
      wget
    ;
  };
  consolePkgs = {
    inherit (pkgs)
      backblaze-b2
      cdrtools
      dmidecode
      duplicity
      efivar
      flashrom
      fwupd
      ghostscript  # TODO: imagemagick wrapper should add gs to PATH
      gnupg
      gocryptfs
      gopass
      gopass-jsonapi
      ifuse
      imagemagick
      ipfs
      kitty  # TODO: move to GUI, but `ssh servo` from kitty sets `TERM=xterm-kitty` in the remove and breaks things
      libimobiledevice
      libsecret  # for managing user keyrings
      lm_sensors  # for sensors-detect
      lshw
      ffmpeg
      memtester
      networkmanager
      nixpkgs-review
      # nixos-generators
      # nettools
      nmon
      oathToolkit  # for oathtool
      # ponymix
      pulsemixer
      python3
      rsync
      # python3Packages.eyeD3  # music tagging
      sane-scripts
      sequoia
      snapper
      sops
      sox
      speedtest-cli
      sqlite  # to debug sqlite3 databases
      ssh-to-age
      sudo
      # tageditor  # music tagging
      unar
      visidata
      w3m
      wireguard-tools
      # youtube-dl
      yt-dlp
    ;
  };
  guiPkgs = {
    inherit (pkgs // (with pkgs; {
      # XXX can't `inherit` a nested attr, so we move them to the toplevel
      # TODO: could use some "flatten attrs" helper instead
      "gnome.cheese" = gnome.cheese;
      "gnome.dconf-editor" = gnome.dconf-editor;
      "gnome.file-roller" = gnome.file-roller;
      "gnome.gnome-disk-utility" = gnome.gnome-disk-utility;
      "gnome.gnome-maps" = gnome.gnome-maps;
      "gnome.nautilus" = gnome.nautilus;
      "gnome.gnome-system-monitor" = gnome.gnome-system-monitor;
      "gnome.gnome-terminal" = gnome.gnome-terminal;
      "gnome.gnome-weather" = gnome.gnome-weather;
      "libsForQt5.plasmatube" = libsForQt5.plasmatube;
    }))
      aerc  # email client
      audacity
      celluloid  # mpv frontend
      chromium
      clinfo
      dino
      electrum
      element-desktop
      emote
      evince  # works on phosh
      # { pkg = fluffychat-moby; dir = [ ".local/share/chat.fluffy.fluffychat" ]; }  # TODO: ship normal fluffychat on non-moby?
      foliate  # e-book reader
      font-manager
      # XXX by default fractal stores its state in ~/.local/share/<UUID>.
      # after logging in, manually change ~/.local/share/keyrings/... to point it to some predictable subdir.
      # then reboot (so that libsecret daemon re-loads the keyring...?)
      # { pkg = fractal-latest; private = [ ".local/share/fractal" ]; }
      # { pkg = fractal-next; private = [ ".local/share/fractal" ]; }
      gajim  # XMPP client
      gimp  # broken on phosh
      "gnome.cheese"
      "gnome.dconf-editor"
      gnome-feeds  # RSS reader (with claimed mobile support)
      "gnome.file-roller"
      "gnome.gnome-disk-utility"
      "gnome.gnome-maps"  # works on phosh
      "gnome.nautilus"
      # gnome-podcasts
      "gnome.gnome-system-monitor"
      "gnome.gnome-terminal"  # works on phosh
      "gnome.gnome-weather"
      gpodder-configured
      gthumb
      inkscape
      kdenlive
      kid3  # audio tagging
      krita
      libreoffice-fresh  # XXX colin: maybe don't want this on mobile
      lollypop
      mpv
      networkmanagerapplet
      newsflash
      nheko
      obsidian
      pavucontrol
      # picard  # music tagging
      playerctl
      "libsForQt5.plasmatube"  # Youtube player
      soundconverter
      # sublime music persists any downloaded albums here.
      # it doesn't obey a conventional ~/Music/{Artist}/{Album}/{Track} notation, so no symlinking
      # config (e.g. server connection details) is persisted in ~/.config/sublime-music/config.json
      #   possible to pass config as a CLI arg (sublime-music -c config.json)
      # { pkg = sublime-music; dir = [ ".local/share/sublime-music" ]; }
      sublime-music-mobile
      tdesktop  # broken on phosh
      tokodon
      vlc
      # pleroma client (Electron). input is broken on phosh.
      whalebird
      xdg-utils  # for xdg-open
      xterm  # broken on phosh
    ;
  };
  x86GuiPkgs = {
    inherit (pkgs)
      discord
      # kaiteki  # Pleroma client
      # gnome.zenity # for kaiteki (it will use qarma, kdialog, or zenity)
      # gpt2tc  # XXX: unreliable mirror
      # TODO(unpin): handbrake is broken on aarch64-linux 2023/01/29
      handbrake
      logseq
      losslesscut-bin
      makemkv
      monero-gui
      signal-desktop
      spotify
      tor-browser-bundle-bin
      zecwallet-lite
    ;
  };
  # define -- but don't enable -- the packages in some attrset.
  # use `mkDefault` for the package here so we can customize some of them further down this file
  declarePkgs = pkgsAsAttrs: mapAttrs (_n: p: {
    package = mkDefault p;
  }) pkgsAsAttrs;
 in
 {
-  config = {
+  sane.programs = {
-    sane.programs = mkMerge [
+    btrfs-progs.enableFor.system = true;
-      (declarePkgs sysadminPkgs)
+    # "cacert.unbundled".enableFor.system = true;
-      (declarePkgs consolePkgs)
+    cryptsetup.enableFor.system = true;
-      (declarePkgs guiPkgs)
+    dig = {
-      (declarePkgs x86GuiPkgs)
+      enableFor.system = true;
-      {
+      suggestedPrograms = [ "efibootmgr" ];
-        # link the various package sets into their own meta packages
+    };
-        sysadminUtils = {
+    efibootmgr = {};
-          package = null;
+    fatresize = {};
          suggestedPrograms = attrNames sysadminPkgs;
        };
        consoleUtils = {
          package = null;
          suggestedPrograms = attrNames consolePkgs;
        };
        guiApps = {
          package = null;
          suggestedPrograms = (attrNames guiPkgs)
            ++ optional (pkgs.system == "x86_64-linux") "x86GuiApps";
        };
        x86GuiApps = {
          package = null;
          suggestedPrograms = attrNames x86GuiPkgs;
        };
      }
      {
        # nontrivial package definitions
        imagemagick.package = pkgs.imagemagick.override {
          ghostscriptSupport = true;
        };
-        dino.private = [ ".local/share/dino" ];
+    backblaze-b2.enableFor.user.colin = true;
-
+    cdrtools = {
-        # creds, but also 200 MB of node modules, etc
+      enableFor.user.colin = true;
-        discord = {
+      suggestedPrograms = [ "dmidecode" ];
-          package = pkgs.discord.override {
+    };
-            # XXX 2022-07-31: fix to allow links to open in default web-browser:
+    dmidecode = {};
            #   https://github.com/NixOS/nixpkgs/issues/78961
            nss = pkgs.nss_latest;
          };
          private = [ ".config/discord" ];
        };
        # creds/session keys, etc
        element-desktop.private = [ ".config/Element" ];
        # `emote` will show a first-run dialog based on what's in this directory.
        # mostly, it just keeps a LRU of previously-used emotes to optimize display order.
        # TODO: package [smile](https://github.com/mijorus/smile) for probably a better mobile experience.
        emote.dir = [ ".local/share/Emote" ];
        # XXX: we preserve the whole thing because if we only preserve gPodder/Downloads
        #   then startup is SLOW during feed import, and we might end up with zombie eps in the dl dir.
        gpodder-configured.dir = [ "gPodder" ];
        # actual monero blockchain (not wallet/etc; safe to delete, just slow to regenerate)
        # XXX: is it really safe to persist this? it doesn't have info that could de-anonymize if captured?
        monero-gui.dir = [ ".bitmonero" ];
        mpv.dir = [ ".config/mpv/watch_later" ];
        # not strictly necessary, but allows caching articles; offline use, etc.
        newsflash.dir = [ ".local/share/news-flash" ];
        nheko.private = [
          ".config/nheko"  # config file (including client token)
          ".cache/nheko"  # media cache
          ".local/share/nheko"  # per-account state database
        ];
        # settings (electron app)
        obsidian.dir = [ ".config/obsidian" ];
        # creds, media
        signal-desktop.private = [ ".config/Signal" ];
        # creds, widevine .so download. TODO: could easily manage these statically.
        spotify.dir = [ ".config/spotify" ];
        # sublime music persists any downloaded albums here.
        # it doesn't obey a conventional ~/Music/{Artist}/{Album}/{Track} notation, so no symlinking
        # config (e.g. server connection details) is persisted in ~/.config/sublime-music/config.json
        #   possible to pass config as a CLI arg (sublime-music -c config.json)
        # { pkg = sublime-music; dir = [ ".local/share/sublime-music" ]; }
        sublime-music-mobile.dir = [ ".local/share/sublime-music" ];
        tdesktop.private = [ ".local/share/TelegramDesktop" ];
        tokodon.private = [ ".cache/KDE/tokodon" ];
        # hardenedMalloc solves a crash at startup
        # TODO 2023/02/02: is this safe to remove yet?
        tor-browser-bundle-bin.package = pkgs.tor-browser-bundle-bin.override {
          useHardenedMalloc = false;
        };
        # vlc remembers play position in ~/.config/vlc/vlc-qt-interface.conf
        vlc.dir = [ ".config/vlc" ];
        whalebird.private = [ ".config/Whalebird" ];
        # zcash coins. safe to delete, just slow to regenerate (10-60 minutes)
        zecwallet-lite.private = [ ".zcash" ];
      }
    ];
    # XXX: this might not be necessary. try removing this and cacert.unbundled (servo)?
    environment.etc."ssl/certs".source = "${pkgs.cacert.unbundled}/etc/ssl/certs/*";
  };
 }
--- a/hosts/common/users.nix
+++ b/hosts/common/users.nix
@@ -49,6 +49,8 @@ in
      shell = pkgs.zsh;
      packages = builtins.map (p: p.pkg) config.sane.packages.enabledUserPkgs;
      # mount encrypted stuff at login
      # some other nix pam users:
      # - <https://github.com/g00pix/nixconf/blob/32c04f6fa843fed97639dd3f09e157668d3eea1f/profiles/sshfs.nix>
--- a/hosts/modules/gui/default.nix
+++ b/hosts/modules/gui/default.nix
@@ -26,7 +26,7 @@ in
  };
  config = mkIf cfg.enable {
-    sane.programs.guiApps.enableFor.user.colin = mkDefault true;
+    sane.packages.enableGuiPkgs = mkDefault true;
    # preserve backlight brightness across power cycles
    # see `man systemd-backlight`
--- a/hosts/modules/gui/phosh.nix
+++ b/hosts/modules/gui/phosh.nix
@@ -77,13 +77,12 @@ in
        })
      ];
-      # TODO: refactor
+      sane.packages.extraUserPkgs = with pkgs; [
-      sane.programs = {
+        phosh-mobile-settings
        phosh-mobile-settings.enableFor.user.colin = true;
        # TODO: see about removing this if the in-built gnome-settings bluetooth manager can work
-        "gnome.gnome-bluetooth".enableFor.user.colin = true;
+        gnome.gnome-bluetooth
-      };
+      ];
    }
    (mkIf cfg.useGreeter {
      services.xserver.enable = true;
--- a/hosts/modules/gui/sway.nix
+++ b/hosts/modules/gui/sway.nix
@@ -625,19 +625,18 @@ in
    #   }
    # '';
-    # TODO: refactor
+    sane.packages.extraUserPkgs = with pkgs; [
-    sane.programs = {
+      swaylock
-      swaylock.enableFor.user.colin = true;
+      swayidle  # (unused)
-      swayidle.enableFor.user.colin = true;  # (unused)
+      wl-clipboard
-      wl-clipboard.enableFor.user.colin = true;
+      mako # notification daemon
-      mako.enableFor.user.colin = true; # notification daemon
+      xdg-utils  # for xdg-open
      xdg-utils.enableFor.user.colin = true;  # for xdg-open
      # user stuff
      # pavucontrol
-      "sway-contrib.grimshot".enableFor.user.colin = true;
+      sway-contrib.grimshot
-      "gnome.gnome-bluetooth".enableFor.user.colin = true;
+      gnome.gnome-bluetooth
-      "gnome.gnome-control-center".enableFor.user.colin = true;
+      gnome.gnome-control-center
-    };
+    ];
  };
 }
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -5,6 +5,7 @@
    ./feeds.nix
    ./fs
    ./ids.nix
    ./packages.nix
    ./programs.nix
    ./image.nix
    ./persist
--- a/modules/packages.nix
+++ b/modules/packages.nix
@@ -0,0 +1,331 @@
 { config, lib, pkgs, ... }:
 with lib;
 with pkgs;
 let
  cfg = config.sane.packages;
  imagemagick = pkgs.imagemagick.override {
    ghostscriptSupport = true;
  };
  consolePkgs = [
    backblaze-b2
    cdrtools
    dmidecode
    duplicity
    efivar
    flashrom
    fwupd
    ghostscript  # TODO: imagemagick wrapper should add gs to PATH
    gnupg
    gocryptfs
    gopass
    gopass-jsonapi
    ifuse
    imagemagick
    ipfs
    kitty  # TODO: move to GUI, but `ssh servo` from kitty sets `TERM=xterm-kitty` in the remove and breaks things
    libimobiledevice
    libsecret  # for managing user keyrings
    lm_sensors  # for sensors-detect
    lshw
    ffmpeg
    memtester
    networkmanager
    nixpkgs-review
    # nixos-generators
    # nettools
    nmon
    oathToolkit  # for oathtool
    # ponymix
    pulsemixer
    python3
    rsync
    # python3Packages.eyeD3  # music tagging
    sane-scripts
    sequoia
    snapper
    sops
    sox
    speedtest-cli
    sqlite  # to debug sqlite3 databases
    ssh-to-age
    sudo
    # tageditor  # music tagging
    unar
    visidata
    w3m
    wireguard-tools
    # youtube-dl
    yt-dlp
  ];
  guiPkgs = [
    # GUI only
    aerc  # email client
    audacity
    celluloid  # mpv frontend
    chromium
    clinfo
    { pkg = dino; private = [ ".local/share/dino" ]; }
    electrum
    # creds/session keys, etc
    { pkg = element-desktop; private = [ ".config/Element" ]; }
    # `emote` will show a first-run dialog based on what's in this directory.
    # mostly, it just keeps a LRU of previously-used emotes to optimize display order.
    # TODO: package [smile](https://github.com/mijorus/smile) for probably a better mobile experience.
    { pkg = emote; dir = [ ".local/share/Emote" ]; }
    evince  # works on phosh
    # { pkg = fluffychat-moby; dir = [ ".local/share/chat.fluffy.fluffychat" ]; }  # TODO: ship normal fluffychat on non-moby?
    foliate  # e-book reader
    font-manager
    # XXX by default fractal stores its state in ~/.local/share/<UUID>.
    # after logging in, manually change ~/.local/share/keyrings/... to point it to some predictable subdir.
    # then reboot (so that libsecret daemon re-loads the keyring...?)
    # { pkg = fractal-latest; private = [ ".local/share/fractal" ]; }
    # { pkg = fractal-next; private = [ ".local/share/fractal" ]; }
    gajim  # XMPP client
    gimp  # broken on phosh
    gnome.cheese
    gnome.dconf-editor
    gnome-feeds  # RSS reader (with claimed mobile support)
    gnome.file-roller
    gnome.gnome-disk-utility
    gnome.gnome-maps  # works on phosh
    gnome.nautilus
    # gnome-podcasts
    gnome.gnome-system-monitor
    gnome.gnome-terminal  # works on phosh
    gnome.gnome-weather
    # XXX: we preserve the whole thing because if we only preserve gPodder/Downloads
    #   then startup is SLOW during feed import, and we might end up with zombie eps in the dl dir.
    { pkg = gpodder-configured; dir = [ "gPodder" ]; }
    gthumb
    inkscape
    kdenlive
    kid3  # audio tagging
    krita
    libreoffice-fresh  # XXX colin: maybe don't want this on mobile
    lollypop
    { pkg = mpv; dir = [ ".config/mpv/watch_later" ]; }
    networkmanagerapplet
    # not strictly necessary, but allows caching articles; offline use, etc.
    { pkg = newsflash; dir = [ ".local/share/news-flash" ]; }
    { pkg = nheko; private = [
      ".config/nheko"  # config file (including client token)
      ".cache/nheko"  # media cache
      ".local/share/nheko"  # per-account state database
    ]; }
    # settings (electron app)
    { pkg = obsidian; dir = [ ".config/obsidian" ]; }
    pavucontrol
    # picard  # music tagging
    playerctl
    libsForQt5.plasmatube  # Youtube player
    soundconverter
    # sublime music persists any downloaded albums here.
    # it doesn't obey a conventional ~/Music/{Artist}/{Album}/{Track} notation, so no symlinking
    # config (e.g. server connection details) is persisted in ~/.config/sublime-music/config.json
    #   possible to pass config as a CLI arg (sublime-music -c config.json)
    # { pkg = sublime-music; dir = [ ".local/share/sublime-music" ]; }
    { pkg = sublime-music-mobile; dir = [ ".local/share/sublime-music" ]; }
    { pkg = tdesktop; private = [ ".local/share/TelegramDesktop" ]; }  # broken on phosh
    { pkg = tokodon; private = [ ".cache/KDE/tokodon" ]; }
    # vlc remembers play position in ~/.config/vlc/vlc-qt-interface.conf
    { pkg = vlc; dir = [ ".config/vlc" ]; }
    # pleroma client (Electron). input is broken on phosh.
    { pkg = whalebird; private = [ ".config/Whalebird" ]; }
    xdg-utils  # for xdg-open
    xterm  # broken on phosh
  ]
  ++ (if pkgs.system == "x86_64-linux" then
  [
    # x86_64 only
    # creds, but also 200 MB of node modules, etc
    (let discord = (pkgs.discord.override {
      # XXX 2022-07-31: fix to allow links to open in default web-browser:
      #   https://github.com/NixOS/nixpkgs/issues/78961
      nss = pkgs.nss_latest;
    }); in { pkg = discord; private = [ ".config/discord" ]; })
    # kaiteki  # Pleroma client
    # gnome.zenity # for kaiteki (it will use qarma, kdialog, or zenity)
    # gpt2tc  # XXX: unreliable mirror
    # TODO(unpin): handbrake is broken on aarch64-linux 2023/01/29
    handbrake
    logseq
    losslesscut-bin
    makemkv
    # actual monero blockchain (not wallet/etc; safe to delete, just slow to regenerate)
    { pkg = monero-gui; dir = [ ".bitmonero" ]; }
    # creds, media
    { pkg = signal-desktop; private = [ ".config/Signal" ]; }
    # creds, widevine .so download. TODO: could easily manage these statically.
    { pkg = spotify; dir = [ ".config/spotify" ]; }
    # hardenedMalloc solves a crash at startup
    (tor-browser-bundle-bin.override { useHardenedMalloc = false; })
    # zcash coins. safe to delete, just slow to regenerate (10-60 minutes)
    { pkg = zecwallet-lite; private = [ ".zcash" ]; }
  ] else []);
  # general-purpose utilities that we want any user to be able to access
  #   (specifically: root, in case of rescue)
  systemPkgs = [
    btrfs-progs
    cacert.unbundled  # some services require unbundled /etc/ssl/certs
    cryptsetup
    dig
    efibootmgr
    fatresize
    fd
    file
    gawk
    git
    gptfdisk
    hdparm
    htop
    iftop
    inetutils  # for telnet
    iotop
    iptables
    jq
    killall
    lsof
    nano
    netcat
    nethogs
    nmap
    openssl
    parted
    pciutils
    powertop
    pstree
    ripgrep
    screen
    smartmontools
    socat
    strace
    tcpdump
    tree
    usbutils
    wget
  ];
  # useful devtools:
  devPkgs = [
    bison
    dtc
    flex
    gcc
    gdb
    # gcc-arm-embedded
    # gcc_multi
    gnumake
    mercurial
    mix2nix
    rustup
    swig
  ];
  pkgSpec = types.submodule {
    options = {
      pkg = mkOption {
        type = types.package;
      };
      dir = mkOption {
        type = types.listOf types.str;
        default = [];
        description = "list of home-relative paths to persist for this package";
      };
      private = mkOption {
        type = types.listOf types.str;
        default = [];
        description = "list of home-relative paths to persist (in encrypted format) for this package";
      };
    };
  };
  toPkgSpec = types.coercedTo types.package (p: { pkg = p; }) pkgSpec;
 in
 {
  options = {
    # packages to deploy to the user's home
    sane.packages.extraUserPkgs = mkOption {
      default = [ ];
      type = types.listOf toPkgSpec;
    };
    sane.packages.extraGuiPkgs = mkOption {
      default = [ ];
      type = types.listOf toPkgSpec;
      description = "packages to only ship if gui's enabled";
    };
    sane.packages.enableConsolePkgs = mkOption {
      default = false;
      type = types.bool;
    };
    sane.packages.enableGuiPkgs = mkOption {
      default = false;
      type = types.bool;
    };
    sane.packages.enableDevPkgs = mkOption {
      description = ''
        enable packages that are useful for building other software by hand.
        you should prefer to keep this disabled except when prototyping, e.g. packaging new software.
      '';
      default = false;
      type = types.bool;
    };
    sane.packages.enableSystemPkgs = mkOption {
      default = false;
      type = types.bool;
      description = "enable system-wide packages";
    };
    sane.packages.enabledUserPkgs = mkOption {
      default = cfg.extraUserPkgs
        ++ (if cfg.enableConsolePkgs then consolePkgs else [])
        ++ (if cfg.enableGuiPkgs then guiPkgs ++ cfg.extraGuiPkgs else [])
        ++ (if cfg.enableDevPkgs then devPkgs else [])
      ;
      type = types.listOf toPkgSpec;
      description = "generated from other config options";
    };
  };
  config = {
    environment.systemPackages = mkIf cfg.enableSystemPkgs systemPkgs;
    sane.user.persist.plaintext = concatLists (map (p: p.dir) cfg.enabledUserPkgs);
    sane.user.persist.private = concatLists (map (p: p.private) cfg.enabledUserPkgs);
    # XXX: this might not be necessary. try removing this and cacert.unbundled?
    environment.etc."ssl/certs".source = mkIf cfg.enableSystemPkgs "${pkgs.cacert.unbundled}/etc/ssl/certs/*";
  };
 }
--- a/modules/programs.nix
+++ b/modules/programs.nix
@@ -1,38 +1,13 @@
 { config, lib, pkgs, sane-lib, ... }:
 let
  inherit (builtins) any elem map;
-  inherit (lib)
+  inherit (lib) filterAttrs mapAttrs mapAttrsToList mkDefault mkIf mkMerge mkOption optionalAttrs types;
    filterAttrs
    hasAttrByPath
    getAttrFromPath
    mapAttrs
    mapAttrsToList
    mkDefault
    mkIf
    mkOption
    optional
    optionalAttrs
    splitString
    types
  ;
  inherit (sane-lib) joinAttrsets;
  cfg = config.sane.programs;
  pkgSpec = types.submodule ({ name, ... }: {
    options = {
      package = mkOption {
-        type = types.nullOr types.package;
+        type = types.package;
        description = ''
          package, or `null` if the program is some sort of meta set (in which case it much EXPLICITLY be set null).
        '';
        default =
          let
            pkgPath = splitString "." name;
          in
            # package can be inferred by the attr name, allowing shorthand like
            #   `sane.programs.nano.enable = true;`
            # this indexing will throw if the package doesn't exist and the user forgets to specify
            # a valid source explicitly.
            getAttrFromPath pkgPath pkgs;
      };
      enableFor.system = mkOption {
        type = types.bool;
@@ -49,6 +24,11 @@ let
      };
      enableFor.user = mkOption {
        type = types.attrsOf types.bool;
        # default = mkMerge (mapAttrsToList (_otherName: otherPkg:
        #   optionalAttrs
        #     (otherPkg.enableSuggested && elem name otherPkg.suggestedPrograms)
        #     otherPkg.enableFor.user
        # ) cfg);
        default = joinAttrsets (mapAttrsToList (otherName: otherPkg:
           optionalAttrs
             (otherName != name && elem name otherPkg.suggestedPrograms && otherPkg.enableSuggested)
@@ -82,17 +62,30 @@ let
      };
    };
    config = {
      # package can be inferred by the attr name, allowing shorthand like
      # sane.packages.nano.enable = true;
      package = mkIf (pkgs ? "${name}") (mkDefault pkgs."${name}");
      # enableFor = mkIf (name == "btrfs-progs") (mkDefault cfg.cryptsetup.enableFor);
      # enable this package if it's in the `suggestedPrograms` of any other enabled program
      # enableFor = mkMerge (mapAttrsToList (_otherName: otherPkg:
      #   optionalAttrs
      #     (otherPkg.enableSuggested && elem name otherPkg.suggestedPrograms)
      #     (mkDefault otherPkg.enableFor)
      # ) cfg);
    };
  });
  toPkgSpec = types.coercedTo types.package (p: { package = p; }) pkgSpec;
  configs = mapAttrsToList (_name: p: {
    # conditionally add to system PATH
-    environment.systemPackages = optional
+    environment.systemPackages = mkIf p.enableFor.system [ p.package ];
      (p.package != null && p.enableFor.system)
      p.package;
    # conditionally add to user(s) PATH
-    users.users = mapAttrs (user: en: {
+    users.users = mapAttrs (user: en: optionalAttrs en {
-      packages = optional (p.package != null && en) p.package;
+      packages = [ p.package ];
    }) p.enableFor.user;
    # conditionally persist relevant user dirs
    sane.users = mapAttrs (user: en: optionalAttrs en {
@@ -116,6 +109,23 @@ in
        users.users = f.users.users;
        sane.users = f.sane.users;
      };
-    in
+    in mkMerge [
-      take (sane-lib.mkTypedMerge take configs);
+      (take (sane-lib.mkTypedMerge take configs))
      {
        # sane.programs.cryptsetup.enableFor = mkDefault cfg.btrfs-progs.enableFor;
        # sane.programs.cryptsetup.enableFor = mkMerge (mapAttrsToList (otherName: otherPkg:
        #   optionalAttrs
        #   (otherName != "cryptsetup")
        #   (mkDefault otherPkg.enableFor)
        # ) cfg);
        # sane.programs = mapAttrs (myName: _me: optionalAttrs (myName == "btrfs-progs") {
        #   enableFor = mkMerge (mapAttrsToList (otherName: otherPkg:
        #     optionalAttrs
        #     (otherName != "cryptsetup")
        #     (mkDefault otherPkg.enableFor)
        #   ) cfg);
        # }) cfg;
      }
    ];
 }
Author	SHA1	Message	Date
Colin	09cb75319f	get sane.packages to work better. still needs cleanup	2023-02-03 01:05:58 +00:00
Colin	4ed0a9127c	programs: enable persistence	2023-02-02 12:35:42 +00:00
Colin	d0dca651be	modules: add a `sane.programs` interface which i can use going forward in place of `sane.packages`	2023-02-02 12:31:13 +00:00