shelvacu/nix-stuff
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

stuff

Browse Source
This commit is contained in:
Shelvacu
2025-05-23 17:56:46 -07:00
committed by Shelvacu on fw
parent bd4d27d948
commit 91a27769ba
54 changed files with 1278 additions and 1148 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
archive.nix
View File

@@ -25,18 +25,17 @@ let
storeContents = pkgs.linkFarmFromDrvs "store-contents" pxeConfig.netboot.storeContents; storeContents = pkgs.linkFarmFromDrvs "store-contents" pxeConfig.netboot.storeContents;
}; };
extraBuilds = { inherit isoContents pxeContents; }; extraBuilds = { inherit isoContents pxeContents; };
buildListWithout = builtins.filter (v: !builtins.elem v ignoreList) (builtins.attrNames self.buildList); buildListWithout = builtins.filter (v: !builtins.elem v ignoreList) (
builtins.attrNames self.buildList
);
allBuilds = self.buildList // extraBuilds; allBuilds = self.buildList // extraBuilds;
in in
rec { rec {
archiveList = map ( archiveList = map (name: {
name:
{
inherit name; inherit name;
broken = builtins.elem name self.brokenBuilds; broken = builtins.elem name self.brokenBuilds;
impure = builtins.elem name self.impureBuilds; impure = builtins.elem name self.impureBuilds;
} }) (buildListWithout ++ builtins.attrNames extraBuilds);
) (buildListWithout ++ builtins.attrNames extraBuilds);
drvs = allBuilds; drvs = allBuilds;
buildDepsDrvs = builtins.mapAttrs (_: v: pkgs.closureInfo { rootPaths = [ v.drvPath ]; }) drvs; buildDepsDrvs = builtins.mapAttrs (_: v: pkgs.closureInfo { rootPaths = [ v.drvPath ]; }) drvs;

19
common/defaultPackages.nix
View File

@@ -10,7 +10,8 @@ let
enableFfmpegFull = enableFfmpeg && config.vacu.isGui; enableFfmpegFull = enableFfmpeg && config.vacu.isGui;
enableFfmpegHeadless = enableFfmpeg && !config.vacu.isGui; enableFfmpegHeadless = enableFfmpeg && !config.vacu.isGui;
in in
{ vacu.packages = lib.mkMerge [ {
vacu.packages = lib.mkMerge [
{ {
borgbackup.enable = config.vacu.isDev && (pkgs.system != "aarch64-linux"); # borgbackup build is borken on aarch64 borgbackup.enable = config.vacu.isDev && (pkgs.system != "aarch64-linux"); # borgbackup build is borken on aarch64
ffmpeg-vacu-full = { ffmpeg-vacu-full = {
@@ -87,8 +88,7 @@ in
wl-clipboard wl-clipboard
'' ''
) )
(lib.mkIf config.vacu.isDev (lib.mkIf config.vacu.isDev ''
''
cargo cargo
gnumake gnumake
patchelf patchelf
@@ -96,9 +96,9 @@ in
ruby ruby
rustc rustc
rust-script rust-script
shellcheck
stdenv.cc stdenv.cc
'' '')
)
(lib.mkIf (!config.vacu.isMinimal) (lib.mkIf (!config.vacu.isMinimal)
# big pkgs for non-minimal systems # big pkgs for non-minimal systems
'' ''
@@ -185,8 +185,7 @@ in
'' ''
# packages that are in [`requiredPackages`][1] in nixos, but maybe not included in nix-on-droid # packages that are in [`requiredPackages`][1] in nixos, but maybe not included in nix-on-droid
# [1]: https://github.com/NixOS/nixpkgs/blob/26d499fc9f1d567283d5d56fcf367edd815dba1d/nixos/modules/config/system-path.nix#L11 # [1]: https://github.com/NixOS/nixpkgs/blob/26d499fc9f1d567283d5d56fcf367edd815dba1d/nixos/modules/config/system-path.nix#L11
(lib.optionalAttrs (vacuModuleType == "nix-on-droid") (lib.optionalAttrs (vacuModuleType == "nix-on-droid") ''
''
acl acl
attr attr
bashInteractive bashInteractive
@@ -217,6 +216,6 @@ in
which which
xz xz
zstd zstd
'' '')
) ];
]; } }

15
common/hosts.nix
View File

@@ -1,8 +1,4 @@
{ { lib, vacuModules, ... }:
lib,
vacuModules,
...
}:
{ {
imports = [ imports = [
vacuModules.knownHosts vacuModules.knownHosts
@@ -33,7 +29,10 @@
#colin's stuff #colin's stuff
"servo" = { "servo" = {
altNames = [ "git.uninsane.org" "uninsane.org" ]; altNames = [
"git.uninsane.org"
"uninsane.org"
];
isLan = true; isLan = true;
sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfdSmFkrVT6DhpgvFeQKm3Fh9VKZ9DbLYOPOJWYQ0E8"; sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfdSmFkrVT6DhpgvFeQKm3Fh9VKZ9DbLYOPOJWYQ0E8";
}; };
@@ -135,9 +134,7 @@
sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA6lX25mCy35tf1NpcHMAdeRgvT7l0Dw0FWBH3eX4TE2"; sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA6lX25mCy35tf1NpcHMAdeRgvT7l0Dw0FWBH3eX4TE2";
}; };
legtop = { legtop = {
altNames = [ altNames = [ "lt" ];
"lt"
];
isLan = true; isLan = true;
sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKvunOGsmHg8igMGo0FpoXaegYI20wZylG8nsMFY4+JL"; sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKvunOGsmHg8igMGo0FpoXaegYI20wZylG8nsMFY4+JL";
}; };

4
common/nixos.nix
View File

@@ -6,9 +6,7 @@
... ...
}: }:
lib.optionalAttrs (vacuModuleType == "nixos") { lib.optionalAttrs (vacuModuleType == "nixos") {
imports = [ imports = [ ../nixos-modules ];
../nixos-modules
];
options.vacu.underTest = lib.mkOption { options.vacu.underTest = lib.mkOption {
default = false; default = false;
type = lib.types.bool; type = lib.types.bool;

4
common/nixvim.nix
View File

@@ -22,9 +22,7 @@ in
}; };
config = { config = {
vacu.nixvimPkg = inputs.self.packages.${pkgs.system}.${nixvim-name}; vacu.nixvimPkg = inputs.self.packages.${pkgs.system}.${nixvim-name};
vacu.shell.functions = vacu.shell.functions = lib.mkIf (!config.vacu.isMinimal) {
lib.mkIf (!config.vacu.isMinimal)
{
nvim-plain = ''${pkgs.neovim}/bin/nvim "$@"''; nvim-plain = ''${pkgs.neovim}/bin/nvim "$@"'';
nvim-nixvim = ''${config.vacu.nixvimPkg}/bin/nvim "$@"''; nvim-nixvim = ''${config.vacu.nixvimPkg}/bin/nvim "$@"'';
nvim = ''nvim-nixvim "$@"''; nvim = ''nvim-nixvim "$@"'';

51
common/shell/not-aliases.nix
View File

@@ -7,9 +7,9 @@
}: }:
let let
script = script =
name: name: content:
content: pkgs.writers.makeScriptWriter
pkgs.writers.makeScriptWriter { {
interpreter = lib.getExe pkgs.bashInteractive; interpreter = lib.getExe pkgs.bashInteractive;
check = lib.escapeShellArgs [ check = lib.escapeShellArgs [
(lib.getExe pkgs.shellcheck) (lib.getExe pkgs.shellcheck)
@@ -17,17 +17,18 @@ let
"--severity=info" "--severity=info"
pkgs.shellvaculib.file pkgs.shellvaculib.file
]; ];
} "/bin/${name}" '' }
"/bin/${name}"
''
set -euo pipefail set -euo pipefail
source ${lib.escapeShellArg pkgs.shellvaculib.file} source ${lib.escapeShellArg pkgs.shellvaculib.file}
${content} ${content}
'' '';
;
simple = simple =
name: name: args:
args:
let let
binContents = ''#!${lib.getExe pkgs.bash} binContents = ''
#!${lib.getExe pkgs.bash}
exec ${lib.escapeShellArgs args} "$@"''; exec ${lib.escapeShellArgs args} "$@"'';
funcContents = '' funcContents = ''
local aliasName=${lib.escapeShellArg name} local aliasName=${lib.escapeShellArg name}
@@ -40,9 +41,7 @@ let
_comp_command_offset 0 _comp_command_offset 0
''; '';
in in
pkgs.runCommandLocal name { pkgs.runCommandLocal name { meta.mainProgram = name; } ''
meta.mainProgram = name;
} ''
mkdir -p $out/bin mkdir -p $out/bin
echo ${lib.escapeShellArg binContents} > $out/bin/${name} echo ${lib.escapeShellArg binContents} > $out/bin/${name}
out_base="$(dirname "$out")" out_base="$(dirname "$out")"
@@ -118,11 +117,29 @@ in
nix shell "''${new_args[@]}" nix shell "''${new_args[@]}"
'') '')
(simple "sc" [ systemctl ]) (simple "sc" [ systemctl ])
(simple "scs" [systemctl "status" "--lines=20" "--full"]) (simple "scs" [
(simple "scc" [systemctl "cat"]) systemctl
(simple "scr" [systemctl "restart"]) "status"
(simple "jc" [journalctl "--pager-end"]) "--lines=20"
(simple "jcu" [journalctl "--pager-end" "-u"]) "--full"
])
(simple "scc" [
systemctl
"cat"
])
(simple "scr" [
systemctl
"restart"
])
(simple "jc" [
journalctl
"--pager-end"
])
(simple "jcu" [
journalctl
"--pager-end"
"-u"
])
(script "list-auto-roots" '' (script "list-auto-roots" ''
auto_roots="/nix/var/nix/gcroots/auto" auto_roots="/nix/var/nix/gcroots/auto"
svl_exact_args $# 0 svl_exact_args $# 0

5
common/shell/vacuhistory.nix
View File

@@ -1,7 +1,4 @@
{ { pkgs, ... }:
pkgs,
...
}:
{ {
config.vacu = { config.vacu = {
shell.idempotentShellLines = '' shell.idempotentShellLines = ''

62
common/staticNames.nix
View File

@@ -9,27 +9,32 @@ let
domainPartRegex = "[[:alnum:]]([[:alnum:]-]{0,61}[[:alnum:]])?"; domainPartRegex = "[[:alnum:]]([[:alnum:]-]{0,61}[[:alnum:]])?";
domainRegex = ''^${domainPartRegex}(\.${domainPartRegex})*$''; domainRegex = ''^${domainPartRegex}(\.${domainPartRegex})*$'';
domainType = types.strMatching domainRegex; domainType = types.strMatching domainRegex;
hostsLines = hostsLines = lib.pipe config.vacu.staticNames [
lib.pipe config.vacu.staticNames [
(lib.mapAttrsToList (k: v: [ k ] ++ v)) (lib.mapAttrsToList (k: v: [ k ] ++ v))
(lib.filter (v: (builtins.length v) > 1)) (lib.filter (v: (builtins.length v) > 1))
(map (lib.concatStringsSep " ")) (map (lib.concatStringsSep " "))
(lib.concatStringsSep "\n") (lib.concatStringsSep "\n")
]; ];
ip4Seg = ''[0-9]{1,3}''; ip4Seg = ''[0-9]{1,3}'';
ip4Regex = lib.concatStringsSep ''\.'' [ ip4Seg ip4Seg ip4Seg ip4Seg ]; ip4Regex = lib.concatStringsSep ''\.'' [
ip4Seg
ip4Seg
ip4Seg
ip4Seg
];
ip6Regex = ''[0-9a-fA-F:]+''; ip6Regex = ''[0-9a-fA-F:]+'';
ipRegex = ''(${ip4Regex})|(${ip6Regex})''; ipRegex = ''(${ip4Regex})|(${ip6Regex})'';
in in
{ {
imports = [{ imports =
vacu.assertions = map (ip: [
{ {
vacu.assertions = map (ip: {
assertion = (builtins.match ipRegex ip) != null; assertion = (builtins.match ipRegex ip) != null;
message = ''config.vacu.staticNames: attr name "${ip}" is invalid''; message = ''config.vacu.staticNames: attr name "${ip}" is invalid'';
}) (builtins.attrNames config.vacu.staticNames);
} }
) (builtins.attrNames config.vacu.staticNames); ]
}]
++ lib.optional (vacuModuleType == "nixos") { networking.hosts = config.vacu.staticNames; } ++ lib.optional (vacuModuleType == "nixos") { networking.hosts = config.vacu.staticNames; }
++ lib.optional (vacuModuleType == "nix-on-droid") { ++ lib.optional (vacuModuleType == "nix-on-droid") {
environment.etc.hosts.text = '' environment.etc.hosts.text = ''
@@ -37,8 +42,7 @@ in
::1 localhost ::1 localhost
${hostsLines} ${hostsLines}
''; '';
} };
;
options.vacu.staticNames = mkOption { options.vacu.staticNames = mkOption {
type = types.attrsOf (types.listOf domainType); type = types.attrsOf (types.listOf domainType);
@@ -46,14 +50,40 @@ in
}; };
config.vacu.staticNames = { config.vacu.staticNames = {
"205.201.63.13" = [ "prop" "prophecy" "prophecy.shelvacu-static" ]; "205.201.63.13" = [
"prop"
"prophecy"
"prophecy.shelvacu-static"
];
"10.78.79.22" = [ "prophecy.t2d.lan.shelvacu-static" ]; "10.78.79.22" = [ "prophecy.t2d.lan.shelvacu-static" ];
"178.128.79.152" = [ "liam" "liam.shelvacu-static" ]; "178.128.79.152" = [
"172.83.159.53" = [ "trip" "triple-dezert" "triple-dezert.shelvacu-static" ]; "liam"
"liam.shelvacu-static"
];
"172.83.159.53" = [
"trip"
"triple-dezert"
"triple-dezert.shelvacu-static"
];
"10.78.79.237" = [ "triple-dezert.t2d.lan.shelvacu-static" ]; "10.78.79.237" = [ "triple-dezert.t2d.lan.shelvacu-static" ];
"205.201.63.12" = [ "servo" "uninsane-servo.shelvacu-static" ]; "205.201.63.12" = [
"10.78.79.1" = [ "vnopn" "vnopn.shelvacu-static" "vnopn.t2d.lan.shelvacu-static" ]; "servo"
"10.78.79.11" = [ "mmm" "mmm.shelvacu-static" "mmm.t2d.lan.shelvacu-static" ]; "uninsane-servo.shelvacu-static"
"10.78.79.69" = [ "oeto" "oeto.shelvacu-static" "oeto.t2d.lan.shelvacu-static" ]; ];
"10.78.79.1" = [
"vnopn"
"vnopn.shelvacu-static"
"vnopn.t2d.lan.shelvacu-static"
];
"10.78.79.11" = [
"mmm"
"mmm.shelvacu-static"
"mmm.t2d.lan.shelvacu-static"
];
"10.78.79.69" = [
"oeto"
"oeto.shelvacu-static"
"oeto.t2d.lan.shelvacu-static"
];
}; };
} }

7
dns/for.miras.pet.nix
View File

@@ -13,10 +13,13 @@ in
"git".A = singleton dnsData.tripPublicV4; "git".A = singleton dnsData.tripPublicV4;
"auth".A = singleton dnsData.tripPublicV4; "auth".A = singleton dnsData.tripPublicV4;
"wisdom".A = singleton dnsData.tripPublicV4; "wisdom".A = singleton dnsData.tripPublicV4;
"chat" = { ... }: { "chat" =
{ ... }:
{
imports = [ dnsData.modules.liamMail ]; imports = [ dnsData.modules.liamMail ];
config.A = singleton dnsData.tripPublicV4; config.A = singleton dnsData.tripPublicV4;
config.subdomains."duo-1745490301302-14f65157._domainkey".TXT = singleton "v=DKIM1; k=rsa; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA/94Rh5eMPsKwGGolkleY1Rhh2Q6H22bfdGVu0lXpoHP1K7JxloWu/Ice2vVN/udztmPY+BK1x+5qubcGZKpPt1bC9amsXnyTXfKIMGD2CNd0tnaO54hmMOfv+lTA9YjF0X93tcQP3yUxJgJ9yPZcalFl/bBAqv4/lUVLYFeIVQIDAQAB"; config.subdomains."duo-1745490301302-14f65157._domainkey".TXT =
singleton "v=DKIM1; k=rsa; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA/94Rh5eMPsKwGGolkleY1Rhh2Q6H22bfdGVu0lXpoHP1K7JxloWu/Ice2vVN/udztmPY+BK1x+5qubcGZKpPt1bC9amsXnyTXfKIMGD2CNd0tnaO54hmMOfv+lTA9YjF0X93tcQP3yUxJgJ9yPZcalFl/bBAqv4/lUVLYFeIVQIDAQAB";
}; };
"gabriel-dropout".A = singleton dnsData.tripPublicV4; "gabriel-dropout".A = singleton dnsData.tripPublicV4;
"_acme-challenge".CNAME = singleton "199b8aa4-bc9f-4f43-88bf-3f613f62b663.auwwth.dis8.net."; "_acme-challenge".CNAME = singleton "199b8aa4-bc9f-4f43-88bf-3f613f62b663.auwwth.dis8.net.";

7
dns/shelvacu.com.nix
View File

@@ -1,4 +1,9 @@
{ lib, config, dns, ... }: {
lib,
config,
dns,
...
}:
let let
s = v: [ v ]; s = v: [ v ];
inherit (config.vacu) dnsData; inherit (config.vacu) dnsData;

56
flake.nix
View File

@@ -157,7 +157,10 @@
}: }:
let let
inputs = mkInputs { inherit unstable inp; }; inputs = mkInputs { inherit unstable inp; };
pkgs = mkPkgs { useUnstable = unstable; inherit system; }; pkgs = mkPkgs {
useUnstable = unstable;
inherit system;
};
in in
inputs.nixpkgs.lib.nixosSystem { inputs.nixpkgs.lib.nixosSystem {
specialArgs = { specialArgs = {
@@ -193,7 +196,10 @@
nixosConfigurations = { nixosConfigurations = {
triple-dezert = mkNixosConfig { triple-dezert = mkNixosConfig {
module = ./triple-dezert; module = ./triple-dezert;
inp = [ "most-winningest" "sops-nix" ]; inp = [
"most-winningest"
"sops-nix"
];
}; };
compute-deck = mkNixosConfig { compute-deck = mkNixosConfig {
module = ./compute-deck; module = ./compute-deck;
@@ -232,7 +238,10 @@
prophecy = mkNixosConfig { prophecy = mkNixosConfig {
module = ./prophecy; module = ./prophecy;
system = "x86_64-linux"; system = "x86_64-linux";
inp = [ "impermanence" "sops-nix" ]; inp = [
"impermanence"
"sops-nix"
];
}; };
}; };
@@ -272,9 +281,7 @@
imports = [ imports = [
commonTestModule commonTestModule
./tests/${name} ./tests/${name}
{ { node.specialArgs.inputs = self.nixosConfigurations.${name}._module.specialArgs.inputs; }
node.specialArgs.inputs = self.nixosConfigurations.${name}._module.specialArgs.inputs;
}
]; ];
}; };
checksFromConfig = plain.config.vacu.checks; checksFromConfig = plain.config.vacu.checks;
@@ -372,7 +379,14 @@
imports = [ ./nixvim ]; imports = [ ./nixvim ];
_module.args = { inherit pkgs-unstable; }; _module.args = { inherit pkgs-unstable; };
}; };
extraSpecialArgs = { inherit unstable inputs system minimal; }; extraSpecialArgs = {
inherit
unstable
inputs
system
minimal
;
};
}; };
nixpkgs-args = { nixpkgs-args = {
inherit system; inherit system;
@@ -384,11 +398,12 @@
_plain = mkPlain pkgs-unstable; _plain = mkPlain pkgs-unstable;
plain = _plain.config.vacu.withAsserts _plain; plain = _plain.config.vacu.withAsserts _plain;
treefmtEval = inputs.treefmt-nix.lib.evalModule pkgs-unstable ./treefmt.nix; treefmtEval = inputs.treefmt-nix.lib.evalModule pkgs-unstable ./treefmt.nix;
formatter = treefmtEval.config.build.wrapper;
vacuPackagePaths = import ./packages; vacuPackagePaths = import ./packages;
vacuPackages = builtins.intersectAttrs vacuPackagePaths pkgs-stable; vacuPackages = builtins.intersectAttrs vacuPackagePaths pkgs-stable;
in in
{ {
formatter = treefmtEval.config.build.wrapper; inherit formatter;
apps.sops = { apps.sops = {
type = "app"; type = "app";
program = lib.getExe self.packages.${system}.wrappedSops; program = lib.getExe self.packages.${system}.wrappedSops;
@@ -409,6 +424,7 @@
inherit pkgs lib inputs; inherit pkgs lib inputs;
inherit (plain) config; inherit (plain) config;
}; };
inherit formatter;
generated = pkgs-stable.linkFarm "generated" { generated = pkgs-stable.linkFarm "generated" {
nixpkgs = "${inputs.nixpkgs}"; nixpkgs = "${inputs.nixpkgs}";
"liam-test/hints.py" = pkgs.writeText "hints.py" ( "liam-test/hints.py" = pkgs.writeText "hints.py" (
@@ -424,12 +440,26 @@
builtins.dirOf self.checks.x86_64-linux.liam.nodes.checker.vacu.mailtest.smtp.interpreter builtins.dirOf self.checks.x86_64-linux.liam.nodes.checker.vacu.mailtest.smtp.interpreter
); );
}; };
host-pxe-installer = pkgs.callPackage ./host-pxe-installer.nix { nixosInstaller = self.nixosConfigurations.shel-installer-pxe; }; host-pxe-installer = pkgs.callPackage ./host-pxe-installer.nix {
nixosInstaller = self.nixosConfigurations.shel-installer-pxe;
};
liam-sieve-script = self.nixosConfigurations.liam.config.vacu.liam-sieve-script; liam-sieve-script = self.nixosConfigurations.liam.config.vacu.liam-sieve-script;
nixvim = mkNixvim { unstable = false; minimal = false; }; nixvim = mkNixvim {
nixvim-unstable = mkNixvim { unstable = true; minimal = false; }; unstable = false;
nixvim-minimal = mkNixvim { unstable = false; minimal = true; }; minimal = false;
nixvim-unstable-minimal = mkNixvim { unstable = true; minimal = true; }; };
nixvim-unstable = mkNixvim {
unstable = true;
minimal = false;
};
nixvim-minimal = mkNixvim {
unstable = false;
minimal = true;
};
nixvim-unstable-minimal = mkNixvim {
unstable = true;
minimal = true;
};
sopsConfig = plain.config.vacu.sopsConfigFile; sopsConfig = plain.config.vacu.sopsConfigFile;
sourceTree = plain.config.vacu.sourceTree; sourceTree = plain.config.vacu.sourceTree;
units = plain.config.vacu.units.finalPackage; units = plain.config.vacu.units.finalPackage;

7
fw/apex.nix
View File

@@ -1,5 +1,10 @@
# everything to interact with my apex flex, pcsc stuff, fido2 stuff, etc # everything to interact with my apex flex, pcsc stuff, fido2 stuff, etc
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
# to match package used in config.services.pcscd, unfortunately not exposed like usual # to match package used in config.services.pcscd, unfortunately not exposed like usual
pcsclite-pkg = if config.security.polkit.enable then pkgs.pcscliteWithPolkit else pkgs.pcsclite; pcsclite-pkg = if config.security.polkit.enable then pkgs.pcscliteWithPolkit else pkgs.pcsclite;

3
host-pxe-installer.nix
View File

@@ -15,7 +15,8 @@ in
(linkFarm "host-pixie-installer" { (linkFarm "host-pixie-installer" {
"bin/host-pixie-installer" = "${script}/bin/host-pixie-installer"; "bin/host-pixie-installer" = "${script}/bin/host-pixie-installer";
inherit (build) kernel netbootRamdisk; inherit (build) kernel netbootRamdisk;
}).overrideAttrs (old: { }).overrideAttrs
(old: {
meta = { meta = {
mainProgram = "host-pixie-installer"; mainProgram = "host-pixie-installer";
}; };

6
installer/common/default.nix
View File

@@ -1,8 +1,4 @@
{ { config, lib, ... }:
config,
lib,
...
}:
{ {
# this is an installer image, created anew every time. There's no state we need to worry about messing up # this is an installer image, created anew every time. There's no state we need to worry about messing up
system.stateVersion = config.system.nixos.version; system.stateVersion = config.system.nixos.version;

5
installer/iso.nix
View File

@@ -1,7 +1,4 @@
{ { modulesPath, ... }:
modulesPath,
...
}:
{ {
imports = [ imports = [
./common ./common

5
installer/pxe.nix
View File

@@ -1,7 +1,4 @@
{ { modulesPath, ... }:
modulesPath,
...
}:
{ {
imports = [ imports = [
./common ./common

23
liam/sieve.nix
View File

@@ -487,10 +487,10 @@ let
"X-GitLab-Project" "X-GitLab-Project"
])} ])}
${pure_flags [ "git-uninsane" "git" "not-spamish" "B" ] (envelope_is "git-uninsane@shelvacu.com")} ${pure_flags [ "git-uninsane" "git" "not-spamish" "B" ] (envelope_is "git-uninsane@shelvacu.com")}
${pure_flags [ "github" "git" "not-spamish" "B" ] ( ${pure_flags [ "github" "git" "not-spamish" "B" ] (header_matches "List-Id" "*<*.github.com>")}
header_matches "List-Id" "*<*.github.com>" ${pure_flags [ "mailing-list-by-envelope" "not-spamish" "B" ] (
envelope_matches "*-ml@shelvacu.com"
)} )}
${pure_flags [ "mailing-list-by-envelope" "not-spamish" "B" ] (envelope_matches "*-ml@shelvacu.com")}
${pure_flags [ "discourse" "not-spamish" "B" ] (exists "X-Discourse-Post-Id")} ${pure_flags [ "discourse" "not-spamish" "B" ] (exists "X-Discourse-Post-Id")}
${pure_flags [ "agora" "not-spamish" ] (envelope_is "agora@shelvacu.com")} ${pure_flags [ "agora" "not-spamish" ] (envelope_is "agora@shelvacu.com")}
@@ -530,8 +530,14 @@ let
${pure_flags [ "rsb" "B" ] (from_is "support@rapidseedbox.com")} ${pure_flags [ "rsb" "B" ] (from_is "support@rapidseedbox.com")}
${pure_flags [ "fresh-avocado-dis8" "D" ] (envelope_is "fresh.avocado@dis8.net")} ${pure_flags [ "fresh-avocado-dis8" "D" ] (envelope_is "fresh.avocado@dis8.net")}
${pure_flags [ "discord" "A" ] (envelope_matches "discord@*")} ${pure_flags [ "discord" "A" ] (envelope_matches "discord@*")}
${pure_flags ["za-sa" "D"] (from_matches ["*@*.sa.com" "*@*.za.com"])} ${pure_flags [ "za-sa" "D" ] (from_matches [
${pure_flags ["localdomain" "D"] (from_matches ["*@*.local" "*@*.localdomain"])} "*@*.sa.com"
"*@*.za.com"
])}
${pure_flags [ "localdomain" "D" ] (from_matches [
"*@*.local"
"*@*.localdomain"
])}
${pure_flags [ "helium" "D" ] (envelope_is "creepyface@dis8.net")} ${pure_flags [ "helium" "D" ] (envelope_is "creepyface@dis8.net")}
${pure_flags [ "sharkmood" "C" ] (envelope_is "sharkmood@dis8.net")} ${pure_flags [ "sharkmood" "C" ] (envelope_is "sharkmood@dis8.net")}
${pure_flags [ "im-not-district-158" "D" ] (envelope_is [ ${pure_flags [ "im-not-district-158" "D" ] (envelope_is [
@@ -548,14 +554,17 @@ let
(subject_is "Your authentication code") (subject_is "Your authentication code")
])} ])}
${pure_flags ["spamish-by-headers" "C"] [ ${pure_flags
[ "spamish-by-headers" "C" ]
[
(anyof [ (anyof [
(header_is "Precedence" "bulk") (header_is "Precedence" "bulk")
(exists "List-Unsubscribe") (exists "List-Unsubscribe")
(exists "List-Unsubscribe-Post") (exists "List-Unsubscribe-Post")
]) ])
''not hasflag "not-spamish"'' ''not hasflag "not-spamish"''
]} ]
}
if hasflag "agora" { if hasflag "agora" {
${fileinto "M.agora"} ${fileinto "M.agora"}

6
modules/default.nix
View File

@@ -1,5 +1,9 @@
let let
directoryListing = builtins.removeAttrs (builtins.readDir ./.) [ "default.nix" ]; directoryListing = builtins.removeAttrs (builtins.readDir ./.) [ "default.nix" ];
packagePaths = builtins.mapAttrs (k: v: assert v == "directory"; ./${k}/module.nix) directoryListing; packagePaths = builtins.mapAttrs (
k: v:
assert v == "directory";
./${k}/module.nix
) directoryListing;
in in
packagePaths packagePaths

23
modules/knownHosts/module.nix
View File

@@ -10,11 +10,8 @@ let
inherit (vaculib) mkOutOption; inherit (vaculib) mkOutOption;
nameishRegex = ''[a-z0-9_\.-]+''; nameishRegex = ''[a-z0-9_\.-]+'';
nameish = types.strMatching nameishRegex; nameish = types.strMatching nameishRegex;
hostModule = { hostModule =
name, { name, config, ... }:
config,
...
}:
let let
fullLanNames = lib.optional (config.isLan) "${config.primaryName}.t2d.lan"; fullLanNames = lib.optional (config.isLan) "${config.primaryName}.t2d.lan";
in in
@@ -48,9 +45,7 @@ let
type = types.listOf nameish; type = types.listOf nameish;
readOnly = true; readOnly = true;
}; };
makeStaticHostsEntry = mkOption { makeStaticHostsEntry = mkOption { type = types.bool; };
type = types.bool;
};
}; };
config = { config = {
finalNames = lib.unique ([ config.primaryName ] ++ config.altNames ++ fullLanNames); finalNames = lib.unique ([ config.primaryName ] ++ config.altNames ++ fullLanNames);
@@ -75,8 +70,12 @@ in
}; };
etcHostsText = mkOutOption etcHostsText; etcHostsText = mkOutOption etcHostsText;
}; };
config = {} config =
// lib.optionalAttrs (vacuModuleType == "nixos") { networking.extraHosts = config.vacu.etcHostsText; } { }
// lib.optionalAttrs (vacuModuleType == "nix-on-droid") { environment.etc.hosts.text = config.vacu.etcHostsText; } // lib.optionalAttrs (vacuModuleType == "nixos") {
; networking.extraHosts = config.vacu.etcHostsText;
}
// lib.optionalAttrs (vacuModuleType == "nix-on-droid") {
environment.etc.hosts.text = config.vacu.etcHostsText;
};
} }

47
modules/packageSet/module.nix
View File

@@ -42,15 +42,16 @@ let
enable = lib.mkOverride 900 true; # more important than mkDefault, less important than setting explicitly enable = lib.mkOverride 900 true; # more important than mkDefault, less important than setting explicitly
nameToPackageSet = nameToPackageSet =
name: name:
let pieces = lib.splitString "." name; in let
pieces = lib.splitString "." name;
in
{ {
name = lib.last pieces; name = lib.last pieces;
value = { value = {
inherit enable; inherit enable;
package = lib.mkDefault (lib.attrByPath pieces (throw "Could not find package pkgs.${name}") pkgs); package = lib.mkDefault (lib.attrByPath pieces (throw "Could not find package pkgs.${name}") pkgs);
}; };
} };
;
listToPackageSet = listToPackageSet =
from: from:
lib.pipe from [ lib.pipe from [
@@ -69,16 +70,9 @@ let
} }
)) ))
builtins.listToAttrs builtins.listToAttrs
] ];
; removeComments = s: builtins.head (lib.splitString "#" s);
removeComments = nonEmpty = s: (builtins.stringLength s) > 0;
s:
builtins.head (lib.splitString "#" s)
;
nonEmpty =
s:
(builtins.stringLength s) > 0
;
stringToPackageSet = stringToPackageSet =
from: from:
lib.pipe from [ lib.pipe from [
@@ -88,21 +82,16 @@ let
(builtins.filter nonEmpty) (builtins.filter nonEmpty)
(map nameToPackageSet) (map nameToPackageSet)
builtins.listToAttrs builtins.listToAttrs
] ];
; listOrStringToPackageSet =
listOrStringToPackageSet = from: from:
if builtins.isString from then if builtins.isString from then
stringToPackageSet from stringToPackageSet from
else if builtins.isList from then else if builtins.isList from then
listToPackageSet from listToPackageSet from
else else
throw "this should never happen; should be a list or string" throw "this should never happen; should be a list or string";
; listTy = types.listOf (types.either types.str types.package);
listTy =
types.listOf (
types.either types.str types.package
)
;
in in
{ {
options = { options = {
@@ -116,10 +105,14 @@ in
}; };
}; };
config = { config =
{
vacu.finalPackageList = enabledPkgs; vacu.finalPackageList = enabledPkgs;
} }
// lib.optionalAttrs (vacuModuleType == "nixos") { environment.systemPackages = config.vacu.finalPackageList; } // lib.optionalAttrs (vacuModuleType == "nixos") {
// lib.optionalAttrs (vacuModuleType == "nix-on-droid") { environment.packages = config.vacu.finalPackageList; } environment.systemPackages = config.vacu.finalPackageList;
; }
// lib.optionalAttrs (vacuModuleType == "nix-on-droid") {
environment.packages = config.vacu.finalPackageList;
};
} }

43
modules/ssh/module.nix
View File

@@ -8,12 +8,11 @@
... ...
}: }:
let let
inherit (lib) inherit (lib) mkOption types;
mkOption
types
;
inherit (vaculib) mkOutOption; inherit (vaculib) mkOutOption;
knownHostsAddonModule = { config, ... }: { knownHostsAddonModule =
{ config, ... }:
{
options = { options = {
sshKeys = mkOption { sshKeys = mkOption {
type = types.coercedTo types.str lib.singleton (types.listOf types.str); type = types.coercedTo types.str lib.singleton (types.listOf types.str);
@@ -27,16 +26,16 @@ let
type = types.port; type = types.port;
default = 22; default = 22;
}; };
sshHostname = mkOption { sshHostname = mkOption { type = types.str; };
type = types.str;
};
sshAliases = mkOption { sshAliases = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ ]; default = [ ];
}; };
}; };
config = { config = {
sshHostname = lib.mkDefault (if (config.primaryIp != null) then config.primaryIp else config.primaryName); sshHostname = lib.mkDefault (
if (config.primaryIp != null) then config.primaryIp else config.primaryName
);
altNames = [ config.sshHostname ]; altNames = [ config.sshHostname ];
sshAliases = [ config.primaryName ]; sshAliases = [ config.primaryName ];
}; };
@@ -44,19 +43,17 @@ let
knownHostsParts = lib.concatMap ( knownHostsParts = lib.concatMap (
hostMod: hostMod:
let let
knownNames = map (name: if hostMod.sshPort == 22 then name else "[${name}]:${toString hostMod.sshPort}") (hostMod.finalNames ++ hostMod.finalIps); knownNames = map (
name: if hostMod.sshPort == 22 then name else "[${name}]:${toString hostMod.sshPort}"
) (hostMod.finalNames ++ hostMod.finalIps);
in in
map ( map (sshKey: lib.concatStringsSep "," knownNames + " " + sshKey) hostMod.sshKeys
sshKey:
lib.concatStringsSep "," knownNames
+ " "
+ sshKey
) hostMod.sshKeys
) (builtins.attrValues config.vacu.hosts); ) (builtins.attrValues config.vacu.hosts);
knownHostsText = lib.concatStringsSep "\n" knownHostsParts; knownHostsText = lib.concatStringsSep "\n" knownHostsParts;
hostConfigParts = builtins.concatMap ( hostConfigParts = builtins.concatMap (
hostMod: hostMod:
map (name: map (
name:
"Host ${name}\n" "Host ${name}\n"
+ lib.optionalString (hostMod.sshUsername != null) " User ${hostMod.sshUsername}\n" + lib.optionalString (hostMod.sshUsername != null) " User ${hostMod.sshUsername}\n"
+ lib.optionalString (hostMod.sshHostname != name) " HostName ${hostMod.sshHostname}\n" + lib.optionalString (hostMod.sshHostname != name) " HostName ${hostMod.sshHostname}\n"
@@ -76,7 +73,8 @@ in
}; };
vacu.ssh.config = mkOption { type = types.lines; }; vacu.ssh.config = mkOption { type = types.lines; };
}; };
config = { config =
{
vacu.ssh.config = lib.mkMerge [ vacu.ssh.config = lib.mkMerge [
(lib.mkBefore hostConfigText) (lib.mkBefore hostConfigText)
(lib.mkAfter '' (lib.mkAfter ''
@@ -86,7 +84,10 @@ in
'') '')
]; ];
} }
// lib.optionalAttrs (vacuModuleType == "nixos") { environment.etc."ssh/ssh_config".text = lib.mkForce config.vacu.ssh.config; } // lib.optionalAttrs (vacuModuleType == "nixos") {
// lib.optionalAttrs (vacuModuleType == "nix-on-droid") { environment.etc."ssh/ssh_config".text = config.vacu.ssh.config; } environment.etc."ssh/ssh_config".text = lib.mkForce config.vacu.ssh.config;
; }
// lib.optionalAttrs (vacuModuleType == "nix-on-droid") {
environment.etc."ssh/ssh_config".text = config.vacu.ssh.config;
};
} }

4
modules/systemKind/module.nix
View File

@@ -23,6 +23,8 @@ in
vacu.isContainer = mkOutOption (systemKind == "container"); vacu.isContainer = mkOutOption (systemKind == "container");
vacu.isMinimal = mkOutOption (systemKind == "minimal" || systemKind == "container"); vacu.isMinimal = mkOutOption (systemKind == "minimal" || systemKind == "container");
vacu.isGui = mkOutOption (systemKind == "desktop" || systemKind == "laptop"); vacu.isGui = mkOutOption (systemKind == "desktop" || systemKind == "laptop");
vacu.isDev = mkOutOption (systemKind == "desktop" || systemKind == "laptop" || systemKind == "server"); vacu.isDev = mkOutOption (
systemKind == "desktop" || systemKind == "laptop" || systemKind == "server"
);
}; };
} }

6
nixos-modules/default.nix
View File

@@ -1,5 +1 @@
{ { imports = [ ./genieacs.nix ]; }
imports = [
./genieacs.nix
];
}

75
nixos-modules/genieacs.nix
View File

@@ -5,12 +5,18 @@
... ...
}: }:
let let
inherit (lib) mkEnableOption mkOption types flip; inherit (lib)
mkEnableOption
mkOption
types
flip
;
cfg = config.services.genieacs; cfg = config.services.genieacs;
enableAny = cfg.cwmp.enable || cfg.nbi.enable || cfg.fs.enable || cfg.ui.enable; enableAny = cfg.cwmp.enable || cfg.nbi.enable || cfg.fs.enable || cfg.ui.enable;
extensionsPkg = pkgs.linkFarmFromDrvs "genieacs-extensions" cfg.extensions; extensionsPkg = pkgs.linkFarmFromDrvs "genieacs-extensions" cfg.extensions;
envVarsType = types.attrsOf (types.nullOr (types.either types.str types.int)); envVarsType = types.attrsOf (types.nullOr (types.either types.str types.int));
commonOptsModule = { serviceShortName, config, ... }: commonOptsModule =
{ serviceShortName, config, ... }:
let let
environmentVarsUnprefixed = { environmentVarsUnprefixed = {
WORKER_PROCESSES = config.workerProcesses; WORKER_PROCESSES = config.workerProcesses;
@@ -22,7 +28,9 @@ let
LOG_FILE = config.eventLogFile; LOG_FILE = config.eventLogFile;
}; };
serviceNameCaps = lib.toUpper serviceShortName; serviceNameCaps = lib.toUpper serviceShortName;
environmentVars = lib.concatMapAttrs (key: val: { "GENIEACS_${serviceNameCaps}_${key}" = val; }) environmentVarsUnprefixed; environmentVars = lib.concatMapAttrs (key: val: {
"GENIEACS_${serviceNameCaps}_${key}" = val;
}) environmentVarsUnprefixed;
in in
{ {
options = { options = {
@@ -98,7 +106,12 @@ let
fs = envAll // cfg.fs.asEnvironmentVars // { GENIEACS_FS_URL_PREFIX = cfg.urlPrefix; }; fs = envAll // cfg.fs.asEnvironmentVars // { GENIEACS_FS_URL_PREFIX = cfg.urlPrefix; };
ui = envAll // cfg.ui.asEnvironmentVars; ui = envAll // cfg.ui.asEnvironmentVars;
}; };
serviceNames = [ "cwmp" "nbi" "fs" "ui" ]; serviceNames = [
"cwmp"
"nbi"
"fs"
"ui"
];
services = map (name: { services = map (name: {
inherit name; inherit name;
config = cfg.${name}; config = cfg.${name};
@@ -152,17 +165,26 @@ in
description = "File to dump CPE debug log. No debug log is dumped if set to `null`. This sets `GENIEACS_DEBUG_FILE`"; description = "File to dump CPE debug log. No debug log is dumped if set to `null`. This sets `GENIEACS_DEBUG_FILE`";
}; };
debugFormat = mkOption { debugFormat = mkOption {
type = types.enum [ "yaml" "json" ]; type = types.enum [
"yaml"
"json"
];
default = "yaml"; default = "yaml";
description = "Debug log format. This sets `GENIEACS_DEBUG_FORMAT`"; description = "Debug log format. This sets `GENIEACS_DEBUG_FORMAT`";
}; };
eventLogFormat = mkOption { eventLogFormat = mkOption {
type = types.enum [ "simple" "json" ]; type = types.enum [
"simple"
"json"
];
default = "simple"; default = "simple";
description = "The format used for the log entries in {option}`eventLogFile`. This sets `GENIEACS_LOG_FORMAT`"; description = "The format used for the log entries in {option}`eventLogFile`. This sets `GENIEACS_LOG_FORMAT`";
}; };
accessLogFormat = mkOption { accessLogFormat = mkOption {
type = types.enum [ "simple" "json" ]; type = types.enum [
"simple"
"json"
];
default = "simple"; default = "simple";
description = "The format used for the log entries in {option}`accessLogFile`. This sets `GENIEACS_ACCESS_LOG_FORMAT`"; description = "The format used for the log entries in {option}`accessLogFile`. This sets `GENIEACS_ACCESS_LOG_FORMAT`";
}; };
@@ -187,25 +209,31 @@ in
default = true; default = true;
}; };
cwmp = mkServiceOption "cwmp"; cwmp = mkServiceOption "cwmp";
nbi = mkServiceOption "nbi"; nbi = mkServiceOption "nbi";
fs = mkServiceOption "fs"; fs = mkServiceOption "fs";
ui = mkServiceOption "ui"; ui = mkServiceOption "ui";
}; };
config = lib.mkMerge ([ config = lib.mkMerge (
[
{ {
assertions = [ assertions =
[
{ {
assertion = assertion =
let let
allPorts = builtins.concatMap ({ config, ... }: lib.optional config.enable config.port) services; allPorts = builtins.concatMap ({ config, ... }: lib.optional config.enable config.port) services;
in in
lib.allUnique allPorts; lib.allUnique allPorts;
message = "services.genieacs: All enabled genieacs services must listen on unique ports. Current ports assignments: " + (lib.concatMapStringsSep " " ({name, config, ...}: lib.optionalString config.enable "${name}=${config.port}") services); message =
"services.genieacs: All enabled genieacs services must listen on unique ports. Current ports assignments: "
+ (lib.concatMapStringsSep " " (
{ name, config, ... }: lib.optionalString config.enable "${name}=${config.port}"
) services);
} }
] ++ flip lib.map services ( ]
++ flip lib.map services (
{ name, config, ... }: { name, config, ... }:
{ {
assertion = (config.sslCert == null) == (config.sslKey == null); assertion = (config.sslCert == null) == (config.sslKey == null);
@@ -247,8 +275,13 @@ in
serviceConfig.BindPaths = [ (builtins.dirOf cfg.jwtSecret.path) ]; serviceConfig.BindPaths = [ (builtins.dirOf cfg.jwtSecret.path) ];
}; };
}) })
] ++ flip map services ( ]
{name, config, env}: ++ flip map services (
{
name,
config,
env,
}:
lib.mkIf config.enable { lib.mkIf config.enable {
# for those of you ripgrepping, this is what makes genieacs-cwmp.service, genieacs-nbi.service, genieacs-fs.service, and genieacs-ui.service # for those of you ripgrepping, this is what makes genieacs-cwmp.service, genieacs-nbi.service, genieacs-fs.service, and genieacs-ui.service
systemd.services."genieacs-${name}" = { systemd.services."genieacs-${name}" = {
@@ -270,10 +303,10 @@ in
"-/etc/hosts" "-/etc/hosts"
"-/etc/localtime" "-/etc/localtime"
]; ];
BindPaths = [] BindPaths =
[ ]
++ lib.optional (config.accessLogFile != null) (builtins.dirOf config.accessLogFile) ++ lib.optional (config.accessLogFile != null) (builtins.dirOf config.accessLogFile)
++ lib.optional (config.eventLogFile != null) (builtins.dirOf config.eventLogFile) ++ lib.optional (config.eventLogFile != null) (builtins.dirOf config.eventLogFile);
;
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
@@ -295,7 +328,10 @@ in
ProtectKernelModules = true; ProtectKernelModules = true;
ProtectKernelTunables = true; ProtectKernelTunables = true;
ProtectProc = "invisible"; ProtectProc = "invisible";
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
];
RestrictNamespaces = true; RestrictNamespaces = true;
RestrictRealtime = true; RestrictRealtime = true;
RestrictSUIDSGID = true; RestrictSUIDSGID = true;
@@ -307,5 +343,6 @@ in
}; };
}; };
} }
)); )
);
} }

7
nixvim/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, minimal, ... }: {
config,
lib,
minimal,
...
}:
{ {
imports = [ ./lean.nix ]; imports = [ ./lean.nix ];
opts = { opts = {

3
overlays/newPackages.nix
View File

@@ -1,5 +1,4 @@
let let
newPackagePaths = import ../packages; newPackagePaths = import ../packages;
in in
self: _super: self: _super: builtins.mapAttrs (_: path: self.callPackage path { }) newPackagePaths
builtins.mapAttrs (_: path: self.callPackage path { }) newPackagePaths

6
packages/default.nix
View File

@@ -1,5 +1,9 @@
let let
directoryListing = builtins.removeAttrs (builtins.readDir ./.) [ "default.nix" ]; directoryListing = builtins.removeAttrs (builtins.readDir ./.) [ "default.nix" ];
packagePaths = builtins.mapAttrs (k: v: assert v == "directory"; ./${k}/package.nix) directoryListing; packagePaths = builtins.mapAttrs (
k: v:
assert v == "directory";
./${k}/package.nix
) directoryListing;
in in
packagePaths packagePaths

6
packages/leanLatest/package.nix
View File

@@ -1,4 +1,8 @@
{ lean4, fetchFromGitHub, cadical }: {
lean4,
fetchFromGitHub,
cadical,
}:
lean4 lean4
# lean4.overrideAttrs ( # lean4.overrideAttrs (
# final: prev: { # final: prev: {

9
packages/shellvaculib/package.nix
View File

@@ -1,13 +1,8 @@
{ { runCommandLocal, writeText }:
runCommandLocal,
writeText,
}:
let let
filePkg = writeText "shellvaculib.bash" (builtins.readFile ./shellvaculib.bash); filePkg = writeText "shellvaculib.bash" (builtins.readFile ./shellvaculib.bash);
in in
runCommandLocal "shellvaculib" { runCommandLocal "shellvaculib" { passthru.file = filePkg; } ''
passthru.file = filePkg;
} ''
mkdir -p $out/share mkdir -p $out/share
mkdir -p $out/bin mkdir -p $out/bin
ln -s ${filePkg} $out/share/shellvaculib.bash ln -s ${filePkg} $out/share/shellvaculib.bash

5
packages/vacu-history/package.nix
View File

@@ -1,7 +1,4 @@
{ { rustPlatform, sqlite }:
rustPlatform,
sqlite,
}:
rustPlatform.buildRustPackage { rustPlatform.buildRustPackage {
pname = "vacu-history"; pname = "vacu-history";
version = "1.0.0"; version = "1.0.0";

10
prophecy/btrfs.nix
View File

@@ -1,7 +1,4 @@
{ { pkgs, ... }:
pkgs,
...
}:
let let
btrfs-progs = pkgs.btrfs-progs; btrfs-progs = pkgs.btrfs-progs;
btrfs = "${btrfs-progs}/bin/btrfs"; btrfs = "${btrfs-progs}/bin/btrfs";
@@ -18,7 +15,10 @@ in
boot.initrd.systemd.services."vacu-impermanence-setup" = { boot.initrd.systemd.services."vacu-impermanence-setup" = {
enable = true; enable = true;
wantedBy = [ "initrd-root-device.target" ]; wantedBy = [ "initrd-root-device.target" ];
before = [ "sysroot.mount" "create-needed-for-boot-dirs.service" ]; before = [
"sysroot.mount"
"create-needed-for-boot-dirs.service"
];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
script = '' script = ''
set -euo pipefail set -euo pipefail

19
prophecy/default.nix
View File

@@ -1,6 +1,4 @@
{ { ... }:
...
}:
{ {
imports = [ imports = [
./impermanence.nix ./impermanence.nix
@@ -10,16 +8,23 @@
./networking.nix ./networking.nix
./doof.nix ./doof.nix
./sops.nix ./sops.nix
({ config, lib, pkgs, ... }: { (
{
config,
lib,
pkgs,
...
}:
{
options.vacu.initramContents = lib.mkOption { options.vacu.initramContents = lib.mkOption {
default = default = pkgs.runCommand "initram-contents" { } ''
pkgs.runCommand "initram-contents" {} ''
mkdir -p $out mkdir -p $out
cd $out cd $out
${pkgs.zstd}/bin/zstdcat ${config.system.build.initialRamdisk}/initrd | ${pkgs.cpio}/bin/cpio -idmv ${pkgs.zstd}/bin/zstdcat ${config.system.build.initialRamdisk}/initrd | ${pkgs.cpio}/bin/cpio -idmv
''; '';
}; };
}) }
)
]; ];
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.memtest86.enable = true; boot.loader.systemd-boot.memtest86.enable = true;

16
prophecy/doof.nix
View File

@@ -1,8 +1,4 @@
{ { lib, config, ... }:
lib,
config,
...
}:
let let
inherit (lib) mkOption types; inherit (lib) mkOption types;
cfg = config.vacu.network; cfg = config.vacu.network;
@@ -10,9 +6,7 @@ let
tunnelName = "doofTun"; tunnelName = "doofTun";
in in
{ {
options.vacu.network.doofPubKey = mkOption { options.vacu.network.doofPubKey = mkOption { type = types.str; };
type = types.str;
};
config = { config = {
vacu.network.ips = { vacu.network.ips = {
doofStatic4 = "205.201.63.13"; doofStatic4 = "205.201.63.13";
@@ -38,7 +32,10 @@ in
wireguardPeers = lib.singleton { wireguardPeers = lib.singleton {
PublicKey = cfg.doofPubKey; PublicKey = cfg.doofPubKey;
Endpoint = "tun-sea.doof.net:53263"; Endpoint = "tun-sea.doof.net:53263";
AllowedIPs = [ "0.0.0.0/0" "::/0" ]; AllowedIPs = [
"0.0.0.0/0"
"::/0"
];
PersistentKeepalive = 5; PersistentKeepalive = 5;
}; };
}; };
@@ -75,4 +72,3 @@ in
}; };
}; };
} }

5
prophecy/genieacs.nix
View File

@@ -1,7 +1,4 @@
{ { config, ... }:
config,
...
}:
{ {
services.mongodb = { services.mongodb = {
enable = true; enable = true;

27
prophecy/hardware.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
wdc_sn530 = "/dev/disk/by-id/nvme-WDC_PC_SN530_SDBPNPZ-1T00-1006_214628801678"; wdc_sn530 = "/dev/disk/by-id/nvme-WDC_PC_SN530_SDBPNPZ-1T00-1006_214628801678";
seagate_ironwolf = "/dev/disk/by-id/nvme-Seagate_IronWolf510_ZP960NM30001-2S9302_7PK0052S"; seagate_ironwolf = "/dev/disk/by-id/nvme-Seagate_IronWolf510_ZP960NM30001-2S9302_7PK0052S";
@@ -10,7 +15,14 @@ let
md_dev = "/dev/disk/by-id/md-name-prophecy-root-crypt"; md_dev = "/dev/disk/by-id/md-name-prophecy-root-crypt";
in in
{ {
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ "raid1" ]; boot.initrd.kernelModules = [ "raid1" ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
@@ -37,13 +49,19 @@ in
fileSystems."/boot" = { fileSystems."/boot" = {
device = "${wdc_sn530}-part1"; device = "${wdc_sn530}-part1";
fsType = "vfat"; fsType = "vfat";
options = [ "umask=0077" "nofail" ]; options = [
"umask=0077"
"nofail"
];
}; };
fileSystems."/boot-alt" = { fileSystems."/boot-alt" = {
device = "${seagate_ironwolf}-part1"; device = "${seagate_ironwolf}-part1";
fsType = "vfat"; fsType = "vfat";
options = [ "umask=0077" "nofail" ]; options = [
"umask=0077"
"nofail"
];
}; };
swapDevices = [ ]; swapDevices = [ ];
@@ -58,4 +76,3 @@ in
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

8
prophecy/impermanence.nix
View File

@@ -1,8 +1,6 @@
{ inputs, ... }: { inputs, ... }:
{ {
imports = [ imports = [ inputs.impermanence.nixosModules.impermanence ];
inputs.impermanence.nixosModules.impermanence
];
environment.persistence."/persistent" = { environment.persistence."/persistent" = {
enable = true; enable = true;
hideMounts = true; hideMounts = true;
@@ -21,8 +19,6 @@
}; };
environment.persistence."/persistent-cache" = { environment.persistence."/persistent-cache" = {
enable = true; enable = true;
directories = [ directories = [ "/var/cache" ];
"/var/cache"
];
}; };
} }

15
prophecy/networking.nix
View File

@@ -28,7 +28,11 @@ in
config = { config = {
vacu.network.ips = { vacu.network.ips = {
t2dLANStatic = "10.78.79.22"; t2dLANStatic = "10.78.79.22";
t2dSubnets = [ "10.78.76.0/22" "205.201.63.12/32" "172.83.159.53/32" ]; t2dSubnets = [
"10.78.76.0/22"
"205.201.63.12/32"
"172.83.159.53/32"
];
t2dRouter = "10.78.79.1"; t2dRouter = "10.78.79.1";
}; };
networking.useNetworkd = true; networking.useNetworkd = true;
@@ -49,10 +53,10 @@ in
systemd.network.networks.${cfg.lan_bridge_network} = { systemd.network.networks.${cfg.lan_bridge_network} = {
name = bridge; name = bridge;
DHCP = "no"; DHCP = "no";
address = [ address = [ "${cfg.ips.t2dLANStatic}/22" ];
"${cfg.ips.t2dLANStatic}/22" routes =
]; [ lan_route ]
routes = [lan_route] ++ (lib.concatMap (subnet: [ ++ (lib.concatMap (subnet: [
{ {
Scope = "link"; Scope = "link";
Destination = subnet; Destination = subnet;
@@ -79,4 +83,3 @@ in
}; };
}; };
} }

23
scripts/archive/archive.py
View File

@@ -6,6 +6,7 @@ from typing import Any
from dataclasses import dataclass from dataclasses import dataclass
from collections.abc import Callable from collections.abc import Callable
@dataclass @dataclass
class ProcessResult[T]: class ProcessResult[T]:
stdout: T stdout: T
@@ -18,34 +19,35 @@ class ProcessResult[T]:
new_stdout: U = f(self.stdout) new_stdout: U = f(self.stdout)
return ProcessResult(stdout=new_stdout, returncode=self.returncode) return ProcessResult(stdout=new_stdout, returncode=self.returncode)
def run(*cmd: str) -> ProcessResult[str]: def run(*cmd: str) -> ProcessResult[str]:
print(f"running {cmd!r}") print(f"running {cmd!r}")
proc = subprocess.Popen( proc = subprocess.Popen(
cmd, cmd, stdout=subprocess.PIPE, stderr=None, stdin=subprocess.DEVNULL, text=True
stdout=subprocess.PIPE,
stderr=None,
stdin=subprocess.DEVNULL,
text=True
) )
(stdout_data, _) = proc.communicate() (stdout_data, _) = proc.communicate()
print(f"finished, exit code {proc.returncode}") print(f"finished, exit code {proc.returncode}")
return ProcessResult(stdout=stdout_data, returncode=proc.returncode) return ProcessResult(stdout=stdout_data, returncode=proc.returncode)
def must_succeed(*cmd: str) -> str: def must_succeed(*cmd: str) -> str:
res = run(*cmd) res = run(*cmd)
assert res.success() assert res.success()
return res.stdout return res.stdout
def parse_maybe_json(maybe_json: str) -> Any: def parse_maybe_json(maybe_json: str) -> Any:
if maybe_json.strip() == "": if maybe_json.strip() == "":
return None return None
else: else:
return json.loads(maybe_json) return json.loads(maybe_json)
def run_json(*cmd: str) -> ProcessResult[Any]: def run_json(*cmd: str) -> ProcessResult[Any]:
res = run(*cmd) res = run(*cmd)
return res.map(parse_maybe_json) return res.map(parse_maybe_json)
def do_build(installable: str, impure: bool) -> bool: def do_build(installable: str, impure: bool) -> bool:
eval_command = ["nix", "derivation", "show", installable] eval_command = ["nix", "derivation", "show", installable]
if impure: if impure:
@@ -56,7 +58,15 @@ def do_build(installable: str, impure: bool) -> bool:
drv_paths = list(res.stdout.keys()) drv_paths = list(res.stdout.keys())
for drv_path in drv_paths: for drv_path in drv_paths:
print(f"{installable=} {drv_path=}") print(f"{installable=} {drv_path=}")
res = run_json("nix", "build", "-j1", "--keep-going", "--no-link", "--json", drv_path + "^*") res = run_json(
"nix",
"build",
"-j1",
"--keep-going",
"--no-link",
"--json",
drv_path + "^*",
)
if not res.success(): if not res.success():
return False return False
builds = res.stdout builds = res.stdout
@@ -68,6 +78,7 @@ def do_build(installable: str, impure: bool) -> bool:
return False return False
return True return True
res = run_json("nix", "eval", ".#.", "--json", "--apply", "f: f.archival.archiveList") res = run_json("nix", "eval", ".#.", "--json", "--apply", "f: f.archival.archiveList")
assert res.success() assert res.success()
build_list = res.stdout build_list = res.stdout

5
scripts/archive/default.nix
View File

@@ -1,4 +1 @@
{ { writers }: writers.writePython3Bin "vacu-flake-archive" { } (builtins.readFile ./archive.py)
writers,
}:
writers.writePython3Bin "vacu-flake-archive" { } (builtins.readFile ./archive.py)

6
tests/liam/default.nix
View File

@@ -264,10 +264,12 @@ in
}; };
}; };
environment.systemPackages = [ environment.systemPackages = [
(lib.hiPrio (pkgs.writeScriptBin "borg" '' (lib.hiPrio (
pkgs.writeScriptBin "borg" ''
echo "bad: called plain bin/borg" >&2 echo "bad: called plain bin/borg" >&2
exit 1 exit 1
'')) ''
))
(pkgs.writeScriptBin "borg14" '' (pkgs.writeScriptBin "borg14" ''
exec ${lib.getExe pkgs.borgbackup} "$@" exec ${lib.getExe pkgs.borgbackup} "$@"
'') '')

8
tests/liam/testScript/main.py
View File

@@ -286,9 +286,7 @@ d = Defaults(
username="shelvacu", username="shelvacu",
) )
# test refilter # test refilter
d.make_tester().smtp_accepted().imap_move_to("MagicRefilter").imap_found_in( d.make_tester().smtp_accepted().imap_move_to("MagicRefilter").imap_found_in("B")
"B"
)
# refilter doesnt activate on other folders # refilter doesnt activate on other folders
d.make_tester().smtp_accepted().imap_move_to("testFolder").imap_found_in("testFolder") d.make_tester().smtp_accepted().imap_move_to("testFolder").imap_found_in("testFolder")
d.make_tester().smtp_accepted().imap_move_to("INBOX").imap_found_in("INBOX") d.make_tester().smtp_accepted().imap_move_to("INBOX").imap_found_in("INBOX")
@@ -309,9 +307,7 @@ d.make_tester().smtp_accepted(
mailfrom="shipment-tracking@amazon.com", mailfrom="shipment-tracking@amazon.com",
rcptto="amznbsns@shelvacu.com", rcptto="amznbsns@shelvacu.com",
subject="Your Amazon.com order has shipped (#123-1234)", subject="Your Amazon.com order has shipped (#123-1234)",
).imap_expect( ).imap_expect(mailbox="C", flags=["amazon-ignore"])
mailbox="C", flags=["amazon-ignore"]
)
TesterThing().smtp_accepted( TesterThing().smtp_accepted(
rcptto="shelvacu@shelvacu.com", username="shelvacu", smtp_starttls=True rcptto="shelvacu@shelvacu.com", username="shelvacu", smtp_starttls=True

4
tliam
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -e set -euo pipefail
function fail() { function fail() {
msg="$1" msg="$1"
@@ -11,7 +11,7 @@ function fail() {
git add . git add .
declare -a flake_archive_cmd=(nix flake archive --json) declare -a flake_archive_cmd=(nix flake archive --json)
declare -a prefix declare -a prefix
if [ "$HOST" != "triple-dezert" ]; then if [[ ${HOST-x} != "triple-dezert" ]]; then
flake_archive_cmd+=(--to "ssh://trip") flake_archive_cmd+=(--to "ssh://trip")
prefix+=(ssh trip -- sudo) prefix+=(ssh trip -- sudo)
fi fi

15
treefmt.nix
View File

@@ -1,4 +1,4 @@
{ ... }: { pkgs, ... }:
let let
shellFiles = [ shellFiles = [
"*.sh" "*.sh"
@@ -15,8 +15,17 @@ in
projectRootFile = "flake.nix"; projectRootFile = "flake.nix";
programs.nixfmt.enable = true; programs.nixfmt.enable = true;
programs.nixfmt.strict = true; programs.nixfmt.strict = true;
programs.shellcheck.enable = true; programs.shellcheck = {
programs.shellcheck.includes = shellFiles; enable = true;
includes = shellFiles;
};
settings.formatter.shellcheck.options = [
"--external-sources"
"--norc"
"--source-path=${pkgs.shellvaculib}/bin"
"--enable=all"
"--exclude=SC2250"
];
programs.shfmt.enable = true; programs.shfmt.enable = true;
programs.shfmt.includes = shellFiles; programs.shfmt.includes = shellFiles;
programs.deno.enable = true; programs.deno.enable = true;

7
triple-dezert/default.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix

7
triple-dezert/proxied/services/jl-stats.nix
View File

@@ -1,4 +1,9 @@
{ config, inputs, pkgs, ... }: {
config,
inputs,
pkgs,
...
}:
let let
name = "jl-stats"; name = "jl-stats";
contain = config.containers.${name}; contain = config.containers.${name};

7
triple-dezert/proxied/services/mira/mira-chat.nix
View File

@@ -1,4 +1,9 @@
{ lib, pkgs, config, ... }: {
lib,
pkgs,
config,
...
}:
let let
domain = "chat.for.miras.pet"; domain = "chat.for.miras.pet";
port = 3169; port = 3169;

7
triple-dezert/sops.nix
View File

@@ -1,4 +1,9 @@
{ inputs, config, lib, ... }: {
inputs,
config,
lib,
...
}:
{ {
imports = [ inputs.sops-nix.nixosModules.sops ]; imports = [ inputs.sops-nix.nixosModules.sops ];

33
validate-matrix-user-id.nix
View File

@@ -1,33 +0,0 @@
{ lib }:
let
inherit (lib) length isString substring optional elemAt match;
in
userId:
assert isString userId;
let
splitOnColon = lib.splitString ":" userId;
# https://spec.matrix.org/v1.14/appendices/#user-identifiers
errors = []
# "The length of a user ID, including the @ sigil and the domain, MUST NOT exceed 255 bytes."
++ optional ((length userId) > 255) "must be 255 bytes or shorter"
++ optional ((substring 0 1 userId) != "@") "must start with an @ symbol"
++ optional ((length splitOnColon) < 2) "must have a : inbetween the username and the server"
++ optional ((length splitOnColon) > 3) "too many : symbols"
++ if (length splitOnColon) < 2 || (length splitOnColon) > 3 then [] else (
let
localpart_with_at = elemAt splitOnColon 0;
localpart = substring 1 -1 localpart_with_at;
domain = elemAt splitOnColon 1;
port = if (length splitOnColon) == 3 then elemAt splitOnColon 2 else null;
in
[]
++ optional ((length localpart) == 0) "username is missing"
++ optional ((match "[0-9a-z+/_=.-]+" localpart) == null) "username must only contain digits 0-9, lowercase letters a-z, and any of the symbols +/_=.-"
++ optional (
)
;
in
{
inherit errors;
valid = (length errors) == 0;
}