diff --git a/flake.lock b/flake.lock index 9d72b1b..21693cb 100644 --- a/flake.lock +++ b/flake.lock @@ -337,21 +337,6 @@ "type": "github" } }, - "manifest": { - "locked": { - "lastModified": 1752588656, - "narHash": "sha256-clKPzQ43eDpukeiGHzXmd1hGb2s4N+MWXAzQ5u5+pHQ=", - "owner": "rrvsh", - "repo": "manifest", - "rev": "365902fba994f30469298dee0c98a5fc0f41ec38", - "type": "github" - }, - "original": { - "owner": "rrvsh", - "repo": "manifest", - "type": "github" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -503,7 +488,6 @@ "impermanence": "impermanence", "import-tree": "import-tree", "make-shell": "make-shell", - "manifest": "manifest", "nix-darwin": "nix-darwin", "nix-index-database": "nix-index-database", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index dcb6882..5e22b8c 100644 --- a/flake.nix +++ b/flake.nix @@ -71,8 +71,6 @@ files.url = "github:mightyiam/files"; # text.nix lets us easily define markdown text to pass to files text.url = "github:rrvsh/text.nix"; - # manifest lets us define all hosts in one file - manifest.url = "github:rrvsh/manifest"; # make-shells. creates devShells and checks make-shell = { url = "github:nicknovitski/make-shell"; diff --git a/nix/configurations.nix b/nix/configurations.nix index 3cae4bd..ecc9c2f 100644 --- a/nix/configurations.nix +++ b/nix/configurations.nix @@ -10,15 +10,18 @@ let inherit (lib.lists) optional; inherit (lib.attrsets) mapAttrs; inherit (cfg.lib.modules) forAllUsers'; - inherit (config.manifest) hosts; cfg = config.flake; - globalCfg = hostName: hostConfig: { + globalCfg = name: hostConfig: { useGlobalPkgs = true; useUserPackages = true; - extraSpecialArgs = { inherit hostName hostConfig; }; + extraSpecialArgs = { + inherit hostConfig; + hostName = name; + }; sharedModules = [ cfg.modules.homeManager.default ]; users = forAllUsers' (name: _: cfg.modules.homeManager.${name}); }; + hosts = cfg.manifest.hosts or { }; mkConfigurations = class: hosts: mapAttrs ( @@ -28,7 +31,6 @@ let specialArgs = { inherit (config.flake) self; hostName = name; - hostConfig = value; }; modules = [ cfg.modules.nixos.default @@ -42,7 +44,6 @@ let specialArgs = { inherit (config.flake) self; hostName = name; - hostConfig = value; }; modules = [ cfg.modules.darwin.default diff --git a/nix/files/readme.nix b/nix/files/readme.nix index 6209325..a8eccbf 100644 --- a/nix/files/readme.nix +++ b/nix/files/readme.nix @@ -24,8 +24,8 @@ parts."Structure" = # markdown '' The system configurations are defined in [`flake.manifest`](nix/manifest.nix). - `manifest.owner` provides the attributes for the administrator user, including username and pubkey. - `manifest.hosts` provides the specifications for the system configurations that should be exposed by the flake as nixosConfigurations. + `flake.manifest.owner` provides the attributes for the administrator user, including username and pubkey. + `flake.manifest.hosts` provides the specifications for the system configurations that should be exposed by the flake as nixosConfigurations. `flake.modules.nixos.*` provide NixOS options and configurations. The attribute `flake.modules.nixos.default` provides options that will be applied to every system of that class. You can use it as seen [here](nix/modules/flake/home-manager.nix): diff --git a/nix/flake-parts/debug.nix b/nix/flake-parts/debug.nix new file mode 100644 index 0000000..38e2cb3 --- /dev/null +++ b/nix/flake-parts/debug.nix @@ -0,0 +1,3 @@ +{ + debug = true; +} diff --git a/nix/flake-parts/flake-parts.nix b/nix/flake-parts/flake-parts.nix deleted file mode 100644 index 4f0d093..0000000 --- a/nix/flake-parts/flake-parts.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ inputs, ... }: -{ - debug = true; - imports = [ - inputs.make-shell.flakeModules.default - inputs.manifest.flakeModules.default - inputs.flake-parts.flakeModules.modules - inputs.text.flakeModules.default - ]; -} diff --git a/nix/flake-parts/make-shell.nix b/nix/flake-parts/make-shell.nix new file mode 100644 index 0000000..66ca600 --- /dev/null +++ b/nix/flake-parts/make-shell.nix @@ -0,0 +1,5 @@ +{ inputs, ... }: +{ + #TODO: add to readme + imports = [ inputs.make-shell.flakeModules.default ]; +} diff --git a/nix/flake-parts/modules.nix b/nix/flake-parts/modules.nix new file mode 100644 index 0000000..1c75663 --- /dev/null +++ b/nix/flake-parts/modules.nix @@ -0,0 +1,4 @@ +{ inputs, ... }: +{ + imports = [ inputs.flake-parts.flakeModules.modules ]; +} diff --git a/nix/flake-parts/text.nix b/nix/flake-parts/text.nix new file mode 100644 index 0000000..81b2f51 --- /dev/null +++ b/nix/flake-parts/text.nix @@ -0,0 +1,4 @@ +{ inputs, ... }: +{ + imports = [ inputs.text.flakeModules.default ]; +} diff --git a/nix/homes/rafiq/_nvf/languages.nix b/nix/homes/rafiq/_nvf/languages.nix index fbeaf85..6378a42 100644 --- a/nix/homes/rafiq/_nvf/languages.nix +++ b/nix/homes/rafiq/_nvf/languages.nix @@ -27,7 +27,6 @@ }; rust.enable = true; rust.crates.enable = true; - tailwind.enable = true; ts.enable = true; ts.extensions.ts-error-translator.enable = true; typst.enable = true; diff --git a/nix/homes/rafiq/darwin.nix b/nix/homes/rafiq/darwin.nix deleted file mode 100644 index 873dbcd..0000000 --- a/nix/homes/rafiq/darwin.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, ... }: -let - inherit (lib.modules) mkIf; -in -{ - flake.modules.homeManager.rafiq = - { - pkgs, - config, - hostName, - hostConfig, - ... - }: - mkIf (pkgs.system == "aarch64-darwin" || pkgs.system == "x86_64-darwin") { - home.file."Library/Application Support/aichat/config.yaml".text = '' - model: gemini:gemini-2.0-flash - clients: - - type: gemini - ''; - }; -} diff --git a/nix/homes/rafiq/default.nix b/nix/homes/rafiq/default.nix index 86b4733..ed01690 100644 --- a/nix/homes/rafiq/default.nix +++ b/nix/homes/rafiq/default.nix @@ -45,7 +45,6 @@ in ]; }; programs = { - mise.enable = true; nvf.enable = true; nvf.settings.vim = { syntaxHighlighting = true; diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix index e1f598c..10a2725 100644 --- a/nix/homes/rafiq/desktop/darwin.nix +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -1,37 +1,12 @@ { config, ... }: let - inherit (config.manifest) admin; + cfg = config.flake; in { flake.modules.darwin.graphical.homebrew = { enable = true; - user = admin.username; + user = cfg.admin.username; onActivation.cleanup = "uninstall"; - brews = [ - "mise" - "docker" - ]; - casks = [ - "ghostty" - "slack" - "gitify" - "telegram" - "vial" - "linear-linear" - "chatgpt" - ]; - }; - flake.modules.homeManager.rafiq = { - # make sure brew is on the path for M1 - programs.zsh.initContent = '' - if [[ $(uname -m) == 'arm64' ]]; then - eval "$(/opt/homebrew/bin/brew shellenv)" - fi - ''; - programs.fish.shellInit = '' - if test (uname -m) = "arm64" - eval (/opt/homebrew/bin/brew shellenv) - end - ''; + casks = [ "ghostty" ]; }; } diff --git a/nix/homes/rafiq/desktop/nixos.nix b/nix/homes/rafiq/desktop/nixos.nix index e7d66b4..68b4716 100644 --- a/nix/homes/rafiq/desktop/nixos.nix +++ b/nix/homes/rafiq/desktop/nixos.nix @@ -1,6 +1,6 @@ { lib, config, ... }: let - inherit (config.manifest) admin; + cfg = config.flake; in { allowedUnfreePackages = [ @@ -13,7 +13,7 @@ in { config, pkgs, ... }: { fonts.packages = [ pkgs.font-awesome ]; - services.getty.autologinUser = admin.username; + services.getty.autologinUser = cfg.admin.username; # Start Hyprland at boot only if not connecting through SSH environment.loginShellInit = # sh '' diff --git a/nix/lib/modules.nix b/nix/lib/modules.nix index ba27bfd..0d5b50b 100644 --- a/nix/lib/modules.nix +++ b/nix/lib/modules.nix @@ -1,5 +1,6 @@ { lib, config, ... }: let + cfg = config.flake; inherit (builtins) foldl' attrNames; inherit (lib.attrsets) mapAttrs; in @@ -34,7 +35,7 @@ in ::: */ - userListToAttrs = f: foldl' (acc: elem: acc // (f elem)) { } (attrNames config.manifest.users); + userListToAttrs = f: foldl' (acc: elem: acc // (f elem)) { } (attrNames cfg.manifest.users); /** Return an attribute set for use with a option that needs to be used for all users. @@ -64,7 +65,7 @@ in ::: */ - forAllUsers = attrset: mapAttrs (_: _: attrset) config.manifest.users; + forAllUsers = attrset: mapAttrs (_: _: attrset) cfg.manifest.users; /** Like forAllUsers, but passes in the name and value from the manifest. @@ -95,6 +96,6 @@ in ::: */ - forAllUsers' = f: mapAttrs f config.manifest.users; + forAllUsers' = f: mapAttrs f cfg.manifest.users; }; } diff --git a/nix/manifest.nix b/nix/manifest.nix index 4f4f42f..18d9474 100644 --- a/nix/manifest.nix +++ b/nix/manifest.nix @@ -1,5 +1,5 @@ { - manifest = { + flake.manifest = { users.rafiq = { primary = true; name = "Mohammad Rafiq"; @@ -33,10 +33,10 @@ }; }; extraCfg = { + services.fwupd.enable = true; # FIXME: remove machine = { bluetooth.enable = true; usb.automount = true; - usb.qmk.enable = true; virtualisation = { podman.enable = true; podman.distrobox.enable = true; diff --git a/nix/meta.nix b/nix/meta.nix index 9b93c47..5c8f8fc 100644 --- a/nix/meta.nix +++ b/nix/meta.nix @@ -5,10 +5,54 @@ ... }: let - inherit (lib.options) mkOption; - inherit (lib.types) path lazyAttrsOf raw; + inherit (lib.options) mkOption mkEnableOption; + inherit (cfg.lib.options) mkStrOption; + inherit (lib.types) + path + lazyAttrsOf + raw + deferredModule + submodule + ; inherit (inputs.flake-parts.lib) mkSubmoduleOptions; + inherit (cfg.lib.attrsets) firstAttrNameMatching; cfg = config.flake; + monitorOpts = submodule { + options = { + id = mkStrOption ""; + resolution = mkStrOption ""; + refresh-rate = mkStrOption ""; + scale = mkStrOption ""; + }; + }; + userOpts = submodule { + options = { + username = mkStrOption ""; + primary = mkEnableOption ""; + name = mkStrOption ""; + email = mkStrOption ""; + shell = mkStrOption ""; + pubkey = mkStrOption ""; + }; + }; + hostOpts = submodule { + options = { + graphical = mkEnableOption ""; + machine = { + platform = mkStrOption ""; + gpu = mkStrOption ""; + root.drive = mkStrOption ""; + monitors = mkOption { + type = lazyAttrsOf monitorOpts; + default = { }; + }; + }; + extraCfg = mkOption { + type = deferredModule; + default = { }; + }; + }; + }; in { options.flake = mkSubmoduleOptions { @@ -24,8 +68,38 @@ in readOnly = true; }; }; + manifest = mkOption { + type = submodule { + options = { + users = mkOption { + type = lazyAttrsOf userOpts; + default = { }; + }; + hosts.nixos = mkOption { + type = lazyAttrsOf hostOpts; + default = { }; + }; + hosts.darwin = mkOption { + type = lazyAttrsOf raw; + default = { }; + }; + }; + }; + }; + # Helper Option + admin = mkOption { + type = userOpts; + default = { }; + }; }; - config.flake = { - paths.secrets = cfg.paths.root + "/secrets"; - }; + config.flake = + let + username = firstAttrNameMatching (_: v: v.primary or false) cfg.manifest.users; + in + { + paths.secrets = cfg.paths.root + "/secrets"; + admin = cfg.manifest.users.${username} // { + inherit username; + }; + }; } diff --git a/nix/modules/cli/git.nix b/nix/modules/cli/git.nix index 0571ca3..c609a1a 100644 --- a/nix/modules/cli/git.nix +++ b/nix/modules/cli/git.nix @@ -1,6 +1,6 @@ { config, ... }: let - inherit (config.manifest) users; + inherit (config.flake) manifest; in { flake.modules.homeManager.default = @@ -9,8 +9,8 @@ in home.sessionVariables.GIT_CONFIG_GLOBAL = "$HOME/.config/git/config"; programs.git = { enable = true; - userName = users.${config.home.username}.name; - userEmail = users.${config.home.username}.email; + userName = manifest.users.${config.home.username}.name; + userEmail = manifest.users.${config.home.username}.email; signing.key = "~/.ssh/id_ed25519.pub"; }; }; diff --git a/nix/modules/cli/shell.nix b/nix/modules/cli/shell.nix index ac1617d..0e081a1 100644 --- a/nix/modules/cli/shell.nix +++ b/nix/modules/cli/shell.nix @@ -1,7 +1,6 @@ { config, lib, ... }: let cfg = config.flake; - inherit (config.manifest) users; inherit (cfg.lib.modules) forAllUsers'; inherit (lib.attrsets) mapAttrs'; in @@ -13,7 +12,7 @@ in programs = mapAttrs' (name: value: { name = value.shell; value.enable = true; - }) users; + }) cfg.manifest.users; users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; }); }; darwin.default = @@ -22,14 +21,14 @@ in programs = mapAttrs' (name: value: { name = value.shell; value.enable = true; - }) users; + }) cfg.manifest.users; users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; }); environment.shells = [ pkgs.fish ]; }; homeManager.default = { config, ... }: { - programs.${users.${config.home.username}.shell}.enable = true; + programs.${cfg.manifest.users.${config.home.username}.shell}.enable = true; home.shell.enableShellIntegration = true; }; }; diff --git a/nix/modules/machine/default.nix b/nix/modules/machine/default.nix index ce8c615..8ad3f7a 100644 --- a/nix/modules/machine/default.nix +++ b/nix/modules/machine/default.nix @@ -5,12 +5,7 @@ let in { flake.modules.nixos.default = - { - config, - modulesPath, - pkgs, - ... - }: + { config, modulesPath, ... }: let cfg = config.machine; in @@ -19,7 +14,6 @@ in options.machine = { bluetooth.enable = mkEnableOption ""; usb.automount = mkEnableOption ""; - usb.qmk.enable = mkEnableOption ""; }; config = mkMerge [ (mkIf cfg.usb.automount { @@ -34,18 +28,6 @@ in } ]; }) - (mkIf cfg.usb.qmk.enable { - hardware.keyboard.qmk.enable = true; - services.udev = { - packages = with pkgs; [ - vial - qmk - qmk-udev-rules - qmk_hid - ]; - }; - - }) (mkIf cfg.bluetooth.enable { persistDirs = [ "/var/lib/bluetooth" ]; hardware.bluetooth = { diff --git a/nix/modules/machine/gpu.nix b/nix/modules/machine/gpu.nix index 8517036..00c56cd 100644 --- a/nix/modules/machine/gpu.nix +++ b/nix/modules/machine/gpu.nix @@ -1,3 +1,7 @@ +{ config, ... }: +let + cfg = config.flake; +in { allowedUnfreePackages = [ "nvidia-x11" @@ -7,11 +11,11 @@ { config, pkgs, - hostConfig, + hostName, ... }: let - inherit (hostConfig.machine) gpu; + gpu = cfg.manifest.hosts.nixos.${hostName}.machine.gpu or ""; in if gpu == "nvidia" then { diff --git a/nix/modules/machine/platform.nix b/nix/modules/machine/platform.nix index 62943b4..19b2fdf 100644 --- a/nix/modules/machine/platform.nix +++ b/nix/modules/machine/platform.nix @@ -1,8 +1,9 @@ +{ config, ... }: { flake.modules.nixos.default = - { hostConfig, ... }: + { hostName, ... }: let - inherit (hostConfig.machine) platform; + inherit (config.flake.manifest.hosts.nixos.${hostName}.machine) platform; arch = if platform == "amd" || platform == "intel" then "x86_64" else "aarch64"; in { @@ -12,9 +13,9 @@ }; flake.modules.darwin.default = - { hostConfig, ... }: + { hostName, ... }: let - inherit (hostConfig.machine) platform; + inherit (config.flake.manifest.hosts.darwin.${hostName}.machine) platform; arch = if platform == "intel" then "x86_64" else "aarch64"; in { diff --git a/nix/modules/machine/root.nix b/nix/modules/machine/root.nix index 9c7d4ea..98c1120 100644 --- a/nix/modules/machine/root.nix +++ b/nix/modules/machine/root.nix @@ -1,12 +1,17 @@ -{ lib, inputs, ... }: +{ + config, + lib, + inputs, + ... +}: let inherit (lib.modules) mkMerge mkIf mkAfter; in { flake.modules.nixos.default = - { hostConfig, ... }: + { hostName, ... }: let - inherit (hostConfig.machine) root; + inherit (config.flake.manifest.hosts.nixos.${hostName}.machine) root; in { imports = [ inputs.disko.nixosModules.disko ]; @@ -80,7 +85,7 @@ in }; } # Ephemeral by default - assumes btrfs - (mkIf root.ephemeral { + (mkIf (config.flake.manifest.hosts.nixos.${hostName}.machine.root.ephemeral or true) { boot.initrd.postDeviceCommands = mkAfter '' mkdir /btrfs_tmp mount /dev/root_vg/root /btrfs_tmp diff --git a/nix/modules/networking/ssh.nix b/nix/modules/networking/ssh.nix index 2238b7e..d721746 100644 --- a/nix/modules/networking/ssh.nix +++ b/nix/modules/networking/ssh.nix @@ -1,7 +1,6 @@ { config, lib, ... }: let cfg = config.flake; - inherit (config.manifest) admin; inherit (lib.modules) mkMerge; inherit (cfg.lib.modules) forAllUsers'; in @@ -17,7 +16,7 @@ in "/etc/ssh/ssh_host_rsa_key.pub" ]; } - { users.users.root.openssh.authorizedKeys.keys = [ admin.pubkey ]; } + { users.users.root.openssh.authorizedKeys.keys = [ cfg.admin.pubkey ]; } ]; flake.modules.homeManager.default = { persistDirs = [ ".ssh" ]; diff --git a/nix/modules/server/web-servers.nix b/nix/modules/server/web-servers.nix index 9b0cf75..1967268 100644 --- a/nix/modules/server/web-servers.nix +++ b/nix/modules/server/web-servers.nix @@ -4,7 +4,7 @@ let inherit (config.flake.lib.options) mkStrOption mkPathOption; inherit (config.flake.lib.services) mkRootDomain; inherit (config.flake.paths) secrets; - inherit (config.manifest.admin) email; + inherit (config.flake.admin) email; inherit (lib.types) listOf submodule attrs; inherit (lib.options) mkOption mkEnableOption; inherit (lib.modules) mkMerge mkIf; diff --git a/nix/modules/system/secrets.nix b/nix/modules/system/secrets.nix index e71989d..fa2913c 100644 --- a/nix/modules/system/secrets.nix +++ b/nix/modules/system/secrets.nix @@ -6,48 +6,31 @@ }: let cfg = config.flake; - inherit (cfg.paths) secrets; inherit (builtins) readFile; inherit (lib.meta) getExe; inherit (lib.strings) trim; - inherit (config.manifest.admin) username pubkey; + inherit (cfg.admin) username pubkey; + inherit (cfg.paths) secrets; in { - flake.modules = { - nixos.default = - { config, ... }: - { - imports = [ inputs.sops-nix.nixosModules.sops ]; - config = { - sops = { - age.sshKeyPaths = [ - "/persist${config.users.defaultUserHome}/${username}/.ssh/id_ed25519" - ]; - secrets."keys/gemini".sopsFile = secrets + "/keys.yaml"; - }; - environment.shellInit = # sh - '' - export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path}) - ''; + flake.modules.nixos.default = + { config, ... }: + { + imports = [ inputs.sops-nix.nixosModules.sops ]; + config = { + sops = { + age.sshKeyPaths = [ + "/persist${config.users.defaultUserHome}/${username}/.ssh/id_ed25519" + ]; + secrets."keys/gemini".sopsFile = secrets + "/keys.yaml"; }; + environment.shellInit = # sh + '' + export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path}) + ''; }; - darwin.default = - { config, ... }: - { - imports = [ inputs.sops-nix.darwinModules.sops ]; - config = { - sops = { - age.sshKeyPaths = [ "${config.users.users.${username}.home}/.ssh/id_ed25519" ]; - secrets."keys/gemini".sopsFile = secrets + "/keys.yaml"; - }; - environment.shellInit = # sh - '' - export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path}) - ''; - }; - }; - homeManager.default.persistDirs = [ ".config/sops/age" ]; - }; + }; + flake.modules.homeManager.default.persistDirs = [ ".config/sops/age" ]; perSystem = { pkgs, ... }: { diff --git a/nix/modules/system/sudo.nix b/nix/modules/system/sudo.nix index fa7724c..1c9b560 100644 --- a/nix/modules/system/sudo.nix +++ b/nix/modules/system/sudo.nix @@ -1,19 +1,11 @@ { config, ... }: let - inherit (config.manifest) admin; + cfg = config.flake; in { flake.modules.nixos.default = { security.sudo.wheelNeedsPassword = false; nix.settings.trusted-users = [ "@wheel" ]; - users.users.${admin.username}.extraGroups = [ "wheel" ]; - }; - flake.modules.darwin.default.security = { - sudo.extraConfig = "%admin ALL = (ALL) NOPASSWD: ALL"; - pam.services.sudo_local = { - enable = true; - reattach = true; - touchIdAuth = true; - }; + users.users.${cfg.admin.username}.extraGroups = [ "wheel" ]; }; } diff --git a/nix/modules/system/users.nix b/nix/modules/system/users.nix index dc80b0b..85fceb3 100644 --- a/nix/modules/system/users.nix +++ b/nix/modules/system/users.nix @@ -1,7 +1,6 @@ { config, lib, ... }: let cfg = config.flake; - inherit (config.manifest) users admin; inherit (cfg.lib.modules) userListToAttrs forAllUsers'; inherit (lib.lists) findFirstIndex; inherit (builtins) attrNames; @@ -37,12 +36,11 @@ in flake.modules.darwin.default = { config, ... }: { - system.primaryUser = admin.username; - users.knownUsers = attrNames users; + users.knownUsers = attrNames cfg.manifest.users; users.users = forAllUsers' ( name: _: { home = "/Users/${name}"; - uid = 501 + (findFirstIndex (x: x == name) null (attrNames users)); + uid = 501 + (findFirstIndex (x: x == name) null (attrNames cfg.manifest.users)); } ); home-manager.users = forAllUsers' (