From 59fb406eb98ecf48a82f4a73f78f35eb8ecf65f2 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 14:54:26 +0800 Subject: [PATCH 01/18] feat(darwin): add homebrew apps --- nix/homes/rafiq/desktop/darwin.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix index 10a2725..21a14f4 100644 --- a/nix/homes/rafiq/desktop/darwin.nix +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -7,6 +7,13 @@ in enable = true; user = cfg.admin.username; onActivation.cleanup = "uninstall"; - casks = [ "ghostty" ]; + brews = [ + "mise" + "docker" + ]; + casks = [ + "ghostty" + "slack" + ]; }; } From bebc1ed6492a57c96abde874f526231284a2f99c Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 15:09:12 +0800 Subject: [PATCH 02/18] feat(homes/rafiq): add mise --- nix/homes/rafiq/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/homes/rafiq/default.nix b/nix/homes/rafiq/default.nix index ed01690..86b4733 100644 --- a/nix/homes/rafiq/default.nix +++ b/nix/homes/rafiq/default.nix @@ -45,6 +45,7 @@ in ]; }; programs = { + mise.enable = true; nvf.enable = true; nvf.settings.vim = { syntaxHighlighting = true; From e72a8a05868f4e9d8adb5974a6216d7271380ebd Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 15:22:45 +0800 Subject: [PATCH 03/18] feat(darwin): add brew to path --- nix/homes/rafiq/desktop/darwin.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix index 21a14f4..d86ea87 100644 --- a/nix/homes/rafiq/desktop/darwin.nix +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -16,4 +16,17 @@ in "slack" ]; }; + flake.modules.homeManager.rafiq = { + # make sure brew is on the path for M1 + programs.zsh.initContent = '' + if [[ $(uname -m) == 'arm64' ]]; then + eval "$(/opt/homebrew/bin/brew shellenv)" + fi + ''; + programs.fish.shellInit = '' + if test (uname -m) = "arm64" + eval (/opt/homebrew/bin/brew shellenv) + end + ''; + }; } From 359707ffeef9c51f684aba20820abd4dd5bd54d4 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 18:34:48 +0800 Subject: [PATCH 04/18] feat(darwin): add gitify with homebrew --- nix/homes/rafiq/desktop/darwin.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix index d86ea87..19cc41d 100644 --- a/nix/homes/rafiq/desktop/darwin.nix +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -14,6 +14,7 @@ in casks = [ "ghostty" "slack" + "gitify" ]; }; flake.modules.homeManager.rafiq = { From ba4f32c4f9f7e1daff2bb3428cdc2feafd478f50 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 18:42:26 +0800 Subject: [PATCH 05/18] feat(darwin): add telegram with homebrew --- nix/homes/rafiq/desktop/darwin.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix index 19cc41d..4178396 100644 --- a/nix/homes/rafiq/desktop/darwin.nix +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -15,6 +15,7 @@ in "ghostty" "slack" "gitify" + "telegram" ]; }; flake.modules.homeManager.rafiq = { From fba46e0d0de0152bf987549380afd8c0268c26a1 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 18:57:24 +0800 Subject: [PATCH 06/18] feat(darwin): enable sudo auth with touchid --- nix/modules/system/sudo.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nix/modules/system/sudo.nix b/nix/modules/system/sudo.nix index 1c9b560..55b32ee 100644 --- a/nix/modules/system/sudo.nix +++ b/nix/modules/system/sudo.nix @@ -8,4 +8,9 @@ in nix.settings.trusted-users = [ "@wheel" ]; users.users.${cfg.admin.username}.extraGroups = [ "wheel" ]; }; + flake.modules.darwin.default.security.pam.services.sudo_local = { + enable = true; + reattach = true; + touchIdAuth = true; + }; } From f502810dae595fcef3a73bd9930cd54a9f394482 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 19:09:16 +0800 Subject: [PATCH 07/18] fix(darwin): put aichat config in right place for darwin --- nix/homes/rafiq/darwin.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 nix/homes/rafiq/darwin.nix diff --git a/nix/homes/rafiq/darwin.nix b/nix/homes/rafiq/darwin.nix new file mode 100644 index 0000000..873dbcd --- /dev/null +++ b/nix/homes/rafiq/darwin.nix @@ -0,0 +1,21 @@ +{ lib, ... }: +let + inherit (lib.modules) mkIf; +in +{ + flake.modules.homeManager.rafiq = + { + pkgs, + config, + hostName, + hostConfig, + ... + }: + mkIf (pkgs.system == "aarch64-darwin" || pkgs.system == "x86_64-darwin") { + home.file."Library/Application Support/aichat/config.yaml".text = '' + model: gemini:gemini-2.0-flash + clients: + - type: gemini + ''; + }; +} From 79b83cfc709fc693cdf5d4e6c97d916cf6e6c3ac Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 19:16:37 +0800 Subject: [PATCH 08/18] feat(secrets): Add darwin sops config and gemini key access --- nix/modules/system/secrets.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/nix/modules/system/secrets.nix b/nix/modules/system/secrets.nix index fa2913c..7b75ed1 100644 --- a/nix/modules/system/secrets.nix +++ b/nix/modules/system/secrets.nix @@ -30,6 +30,21 @@ in ''; }; }; + flake.modules.darwin.default = + { config, ... }: + { + imports = [ inputs.sops-nix.darwinModules.sops ]; + config = { + sops = { + age.sshKeyPaths = [ "${config.users.users.${username}.home}/.ssh/id_ed25519" ]; + secrets."keys/gemini".sopsFile = secrets + "/keys.yaml"; + }; + environment.shellInit = # sh + '' + export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path}) + ''; + }; + }; flake.modules.homeManager.default.persistDirs = [ ".config/sops/age" ]; perSystem = { pkgs, ... }: From 343f3d481f7fab97726e93c22cf4f0403a31d5e9 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 19:19:02 +0800 Subject: [PATCH 09/18] feat(sudo): configure sudo with nix modules --- nix/modules/system/sudo.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/nix/modules/system/sudo.nix b/nix/modules/system/sudo.nix index 55b32ee..ec974cc 100644 --- a/nix/modules/system/sudo.nix +++ b/nix/modules/system/sudo.nix @@ -8,9 +8,12 @@ in nix.settings.trusted-users = [ "@wheel" ]; users.users.${cfg.admin.username}.extraGroups = [ "wheel" ]; }; - flake.modules.darwin.default.security.pam.services.sudo_local = { - enable = true; - reattach = true; - touchIdAuth = true; + flake.modules.darwin.default.security = { + sudo.extraConfig = "%admin ALL = (ALL) NOPASSWD: ALL"; + pam.services.sudo_local = { + enable = true; + reattach = true; + touchIdAuth = true; + }; }; } From bee32b5b2b1c86628fd3d8f5f473642ebe268af3 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 20:15:17 +0800 Subject: [PATCH 10/18] feat(darwin): add admin as primary user --- nix/modules/system/users.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/modules/system/users.nix b/nix/modules/system/users.nix index 85fceb3..35b199b 100644 --- a/nix/modules/system/users.nix +++ b/nix/modules/system/users.nix @@ -36,6 +36,7 @@ in flake.modules.darwin.default = { config, ... }: { + system.primaryUser = cfg.admin.username; users.knownUsers = attrNames cfg.manifest.users; users.users = forAllUsers' ( name: _: { From 399e049775c1ef5dd73315b72b7306218c0e0e27 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 21:46:18 +0800 Subject: [PATCH 11/18] feat(darwin): add vial with homebrew --- nix/homes/rafiq/desktop/darwin.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix index 4178396..9c4565b 100644 --- a/nix/homes/rafiq/desktop/darwin.nix +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -16,6 +16,7 @@ in "slack" "gitify" "telegram" + "vial" ]; }; flake.modules.homeManager.rafiq = { From 96321d40265db970099cd88b8828c80b965497c7 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 23:11:19 +0800 Subject: [PATCH 12/18] feat(machine, secrets): add qmk and vial, export gemini key --- nix/manifest.nix | 2 +- nix/modules/machine/default.nix | 20 ++++++++++- nix/modules/system/secrets.nix | 60 +++++++++++++++++---------------- 3 files changed, 51 insertions(+), 31 deletions(-) diff --git a/nix/manifest.nix b/nix/manifest.nix index 18d9474..d781698 100644 --- a/nix/manifest.nix +++ b/nix/manifest.nix @@ -33,10 +33,10 @@ }; }; extraCfg = { - services.fwupd.enable = true; # FIXME: remove machine = { bluetooth.enable = true; usb.automount = true; + usb.qmk.enable = true; virtualisation = { podman.enable = true; podman.distrobox.enable = true; diff --git a/nix/modules/machine/default.nix b/nix/modules/machine/default.nix index 8ad3f7a..ce8c615 100644 --- a/nix/modules/machine/default.nix +++ b/nix/modules/machine/default.nix @@ -5,7 +5,12 @@ let in { flake.modules.nixos.default = - { config, modulesPath, ... }: + { + config, + modulesPath, + pkgs, + ... + }: let cfg = config.machine; in @@ -14,6 +19,7 @@ in options.machine = { bluetooth.enable = mkEnableOption ""; usb.automount = mkEnableOption ""; + usb.qmk.enable = mkEnableOption ""; }; config = mkMerge [ (mkIf cfg.usb.automount { @@ -28,6 +34,18 @@ in } ]; }) + (mkIf cfg.usb.qmk.enable { + hardware.keyboard.qmk.enable = true; + services.udev = { + packages = with pkgs; [ + vial + qmk + qmk-udev-rules + qmk_hid + ]; + }; + + }) (mkIf cfg.bluetooth.enable { persistDirs = [ "/var/lib/bluetooth" ]; hardware.bluetooth = { diff --git a/nix/modules/system/secrets.nix b/nix/modules/system/secrets.nix index 7b75ed1..7e5400d 100644 --- a/nix/modules/system/secrets.nix +++ b/nix/modules/system/secrets.nix @@ -13,39 +13,41 @@ let inherit (cfg.paths) secrets; in { - flake.modules.nixos.default = - { config, ... }: - { - imports = [ inputs.sops-nix.nixosModules.sops ]; - config = { - sops = { - age.sshKeyPaths = [ - "/persist${config.users.defaultUserHome}/${username}/.ssh/id_ed25519" - ]; - secrets."keys/gemini".sopsFile = secrets + "/keys.yaml"; + flake.modules = { + nixos.default = + { config, ... }: + { + imports = [ inputs.sops-nix.nixosModules.sops ]; + config = { + sops = { + age.sshKeyPaths = [ + "/persist${config.users.defaultUserHome}/${username}/.ssh/id_ed25519" + ]; + secrets."keys/gemini".sopsFile = secrets + "/keys.yaml"; + }; + environment.shellInit = # sh + '' + export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path}) + ''; }; - environment.shellInit = # sh - '' - export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path}) - ''; }; - }; - flake.modules.darwin.default = - { config, ... }: - { - imports = [ inputs.sops-nix.darwinModules.sops ]; - config = { - sops = { - age.sshKeyPaths = [ "${config.users.users.${username}.home}/.ssh/id_ed25519" ]; - secrets."keys/gemini".sopsFile = secrets + "/keys.yaml"; + darwin.default = + { config, ... }: + { + imports = [ inputs.sops-nix.darwinModules.sops ]; + config = { + sops = { + age.sshKeyPaths = [ "${config.users.users.${username}.home}/.ssh/id_ed25519" ]; + secrets."keys/gemini".sopsFile = secrets + "/keys.yaml"; + }; + environment.shellInit = # sh + '' + export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path}) + ''; }; - environment.shellInit = # sh - '' - export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path}) - ''; }; - }; - flake.modules.homeManager.default.persistDirs = [ ".config/sops/age" ]; + homeManager.default.persistDirs = [ ".config/sops/age" ]; + }; perSystem = { pkgs, ... }: { From 06e7b69f99120b736aef7e8fde3b58007f803283 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Tue, 15 Jul 2025 12:36:20 +0800 Subject: [PATCH 13/18] feat(darwin): add linear-linear with homebrew --- nix/homes/rafiq/desktop/darwin.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix index 9c4565b..f05b180 100644 --- a/nix/homes/rafiq/desktop/darwin.nix +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -17,6 +17,7 @@ in "gitify" "telegram" "vial" + "linear-linear" ]; }; flake.modules.homeManager.rafiq = { From d9c41f1c61c5f2b798dfc37978da2f5fd13309c5 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Tue, 15 Jul 2025 18:24:39 +0800 Subject: [PATCH 14/18] feat(darwin): add chatgpt with homebrew --- nix/homes/rafiq/desktop/darwin.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix index f05b180..322bfcc 100644 --- a/nix/homes/rafiq/desktop/darwin.nix +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -18,6 +18,7 @@ in "telegram" "vial" "linear-linear" + "chatgpt" ]; }; flake.modules.homeManager.rafiq = { From 084caa727b91b68951a7f9ae1420a3dc144b59ee Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Tue, 15 Jul 2025 21:54:00 +0800 Subject: [PATCH 15/18] feat(meta): use manifest to define system configurations --- nix/configurations.nix | 11 ++-- nix/files/readme.nix | 4 +- nix/flake-parts/manifest.nix | 77 +++++++++++++++++++++++++++ nix/homes/rafiq/desktop/darwin.nix | 4 +- nix/homes/rafiq/desktop/nixos.nix | 4 +- nix/lib/modules.nix | 7 ++- nix/manifest.nix | 2 +- nix/meta.nix | 84 ++---------------------------- nix/modules/cli/git.nix | 6 +-- nix/modules/cli/shell.nix | 7 +-- nix/modules/machine/gpu.nix | 8 +-- nix/modules/machine/platform.nix | 9 ++-- nix/modules/machine/root.nix | 13 ++--- nix/modules/networking/ssh.nix | 3 +- nix/modules/server/web-servers.nix | 2 +- nix/modules/system/secrets.nix | 4 +- nix/modules/system/sudo.nix | 4 +- nix/modules/system/users.nix | 7 +-- 18 files changed, 125 insertions(+), 131 deletions(-) create mode 100644 nix/flake-parts/manifest.nix diff --git a/nix/configurations.nix b/nix/configurations.nix index ecc9c2f..3cae4bd 100644 --- a/nix/configurations.nix +++ b/nix/configurations.nix @@ -10,18 +10,15 @@ let inherit (lib.lists) optional; inherit (lib.attrsets) mapAttrs; inherit (cfg.lib.modules) forAllUsers'; + inherit (config.manifest) hosts; cfg = config.flake; - globalCfg = name: hostConfig: { + globalCfg = hostName: hostConfig: { useGlobalPkgs = true; useUserPackages = true; - extraSpecialArgs = { - inherit hostConfig; - hostName = name; - }; + extraSpecialArgs = { inherit hostName hostConfig; }; sharedModules = [ cfg.modules.homeManager.default ]; users = forAllUsers' (name: _: cfg.modules.homeManager.${name}); }; - hosts = cfg.manifest.hosts or { }; mkConfigurations = class: hosts: mapAttrs ( @@ -31,6 +28,7 @@ let specialArgs = { inherit (config.flake) self; hostName = name; + hostConfig = value; }; modules = [ cfg.modules.nixos.default @@ -44,6 +42,7 @@ let specialArgs = { inherit (config.flake) self; hostName = name; + hostConfig = value; }; modules = [ cfg.modules.darwin.default diff --git a/nix/files/readme.nix b/nix/files/readme.nix index a8eccbf..6209325 100644 --- a/nix/files/readme.nix +++ b/nix/files/readme.nix @@ -24,8 +24,8 @@ parts."Structure" = # markdown '' The system configurations are defined in [`flake.manifest`](nix/manifest.nix). - `flake.manifest.owner` provides the attributes for the administrator user, including username and pubkey. - `flake.manifest.hosts` provides the specifications for the system configurations that should be exposed by the flake as nixosConfigurations. + `manifest.owner` provides the attributes for the administrator user, including username and pubkey. + `manifest.hosts` provides the specifications for the system configurations that should be exposed by the flake as nixosConfigurations. `flake.modules.nixos.*` provide NixOS options and configurations. The attribute `flake.modules.nixos.default` provides options that will be applied to every system of that class. You can use it as seen [here](nix/modules/flake/home-manager.nix): diff --git a/nix/flake-parts/manifest.nix b/nix/flake-parts/manifest.nix new file mode 100644 index 0000000..1d121a1 --- /dev/null +++ b/nix/flake-parts/manifest.nix @@ -0,0 +1,77 @@ +{ lib, config, ... }: +let + cfg = config.flake; + inherit (lib.options) mkOption mkEnableOption; + inherit (lib.types) + bool + str + lazyAttrsOf + deferredModule + submodule + ; + inherit (cfg.lib.options) mkStrOption; + inherit (cfg.lib.attrsets) firstAttrNameMatching; + userOpts = submodule { + options = { + primary = mkOption { type = bool; }; + username = mkOption { type = str; }; + name = mkOption { type = str; }; + email = mkOption { type = str; }; + shell = mkOption { type = str; }; + pubkey = mkOption { type = str; }; + }; + }; + monitorOpts = submodule { + options = { + id = mkStrOption ""; + resolution = mkStrOption ""; + refresh-rate = mkStrOption ""; + scale = mkStrOption ""; + }; + }; + hostOpts = submodule { + options = { + graphical = mkEnableOption ""; + machine = { + platform = mkStrOption ""; + gpu = mkStrOption ""; + root.drive = mkStrOption ""; + root.ephemeral = mkEnableOption "" // { + default = true; + }; + monitors = mkOption { + type = lazyAttrsOf monitorOpts; + default = { }; + }; + }; + extraCfg = mkOption { + type = deferredModule; + default = { }; + }; + }; + }; + username = firstAttrNameMatching (_: v: v.primary or false) config.manifest.users; +in +{ + options.manifest = { + admin = mkOption { + type = userOpts; + readOnly = true; + }; + users = mkOption { + type = lazyAttrsOf userOpts; + default = { }; + }; + hosts.nixos = mkOption { + type = lazyAttrsOf hostOpts; + default = { }; + }; + hosts.darwin = mkOption { + type = lazyAttrsOf hostOpts; + default = { }; + }; + }; + config.manifest.admin = config.manifest.users.${username} // { + inherit username; + }; +} diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix index 9c4565b..d11f684 100644 --- a/nix/homes/rafiq/desktop/darwin.nix +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -1,11 +1,11 @@ { config, ... }: let - cfg = config.flake; + inherit (config.manifest) admin; in { flake.modules.darwin.graphical.homebrew = { enable = true; - user = cfg.admin.username; + user = admin.username; onActivation.cleanup = "uninstall"; brews = [ "mise" diff --git a/nix/homes/rafiq/desktop/nixos.nix b/nix/homes/rafiq/desktop/nixos.nix index 68b4716..e7d66b4 100644 --- a/nix/homes/rafiq/desktop/nixos.nix +++ b/nix/homes/rafiq/desktop/nixos.nix @@ -1,6 +1,6 @@ { lib, config, ... }: let - cfg = config.flake; + inherit (config.manifest) admin; in { allowedUnfreePackages = [ @@ -13,7 +13,7 @@ in { config, pkgs, ... }: { fonts.packages = [ pkgs.font-awesome ]; - services.getty.autologinUser = cfg.admin.username; + services.getty.autologinUser = admin.username; # Start Hyprland at boot only if not connecting through SSH environment.loginShellInit = # sh '' diff --git a/nix/lib/modules.nix b/nix/lib/modules.nix index 0d5b50b..ba27bfd 100644 --- a/nix/lib/modules.nix +++ b/nix/lib/modules.nix @@ -1,6 +1,5 @@ { lib, config, ... }: let - cfg = config.flake; inherit (builtins) foldl' attrNames; inherit (lib.attrsets) mapAttrs; in @@ -35,7 +34,7 @@ in ::: */ - userListToAttrs = f: foldl' (acc: elem: acc // (f elem)) { } (attrNames cfg.manifest.users); + userListToAttrs = f: foldl' (acc: elem: acc // (f elem)) { } (attrNames config.manifest.users); /** Return an attribute set for use with a option that needs to be used for all users. @@ -65,7 +64,7 @@ in ::: */ - forAllUsers = attrset: mapAttrs (_: _: attrset) cfg.manifest.users; + forAllUsers = attrset: mapAttrs (_: _: attrset) config.manifest.users; /** Like forAllUsers, but passes in the name and value from the manifest. @@ -96,6 +95,6 @@ in ::: */ - forAllUsers' = f: mapAttrs f cfg.manifest.users; + forAllUsers' = f: mapAttrs f config.manifest.users; }; } diff --git a/nix/manifest.nix b/nix/manifest.nix index d781698..4f4f42f 100644 --- a/nix/manifest.nix +++ b/nix/manifest.nix @@ -1,5 +1,5 @@ { - flake.manifest = { + manifest = { users.rafiq = { primary = true; name = "Mohammad Rafiq"; diff --git a/nix/meta.nix b/nix/meta.nix index 5c8f8fc..9b93c47 100644 --- a/nix/meta.nix +++ b/nix/meta.nix @@ -5,54 +5,10 @@ ... }: let - inherit (lib.options) mkOption mkEnableOption; - inherit (cfg.lib.options) mkStrOption; - inherit (lib.types) - path - lazyAttrsOf - raw - deferredModule - submodule - ; + inherit (lib.options) mkOption; + inherit (lib.types) path lazyAttrsOf raw; inherit (inputs.flake-parts.lib) mkSubmoduleOptions; - inherit (cfg.lib.attrsets) firstAttrNameMatching; cfg = config.flake; - monitorOpts = submodule { - options = { - id = mkStrOption ""; - resolution = mkStrOption ""; - refresh-rate = mkStrOption ""; - scale = mkStrOption ""; - }; - }; - userOpts = submodule { - options = { - username = mkStrOption ""; - primary = mkEnableOption ""; - name = mkStrOption ""; - email = mkStrOption ""; - shell = mkStrOption ""; - pubkey = mkStrOption ""; - }; - }; - hostOpts = submodule { - options = { - graphical = mkEnableOption ""; - machine = { - platform = mkStrOption ""; - gpu = mkStrOption ""; - root.drive = mkStrOption ""; - monitors = mkOption { - type = lazyAttrsOf monitorOpts; - default = { }; - }; - }; - extraCfg = mkOption { - type = deferredModule; - default = { }; - }; - }; - }; in { options.flake = mkSubmoduleOptions { @@ -68,38 +24,8 @@ in readOnly = true; }; }; - manifest = mkOption { - type = submodule { - options = { - users = mkOption { - type = lazyAttrsOf userOpts; - default = { }; - }; - hosts.nixos = mkOption { - type = lazyAttrsOf hostOpts; - default = { }; - }; - hosts.darwin = mkOption { - type = lazyAttrsOf raw; - default = { }; - }; - }; - }; - }; - # Helper Option - admin = mkOption { - type = userOpts; - default = { }; - }; }; - config.flake = - let - username = firstAttrNameMatching (_: v: v.primary or false) cfg.manifest.users; - in - { - paths.secrets = cfg.paths.root + "/secrets"; - admin = cfg.manifest.users.${username} // { - inherit username; - }; - }; + config.flake = { + paths.secrets = cfg.paths.root + "/secrets"; + }; } diff --git a/nix/modules/cli/git.nix b/nix/modules/cli/git.nix index c609a1a..0571ca3 100644 --- a/nix/modules/cli/git.nix +++ b/nix/modules/cli/git.nix @@ -1,6 +1,6 @@ { config, ... }: let - inherit (config.flake) manifest; + inherit (config.manifest) users; in { flake.modules.homeManager.default = @@ -9,8 +9,8 @@ in home.sessionVariables.GIT_CONFIG_GLOBAL = "$HOME/.config/git/config"; programs.git = { enable = true; - userName = manifest.users.${config.home.username}.name; - userEmail = manifest.users.${config.home.username}.email; + userName = users.${config.home.username}.name; + userEmail = users.${config.home.username}.email; signing.key = "~/.ssh/id_ed25519.pub"; }; }; diff --git a/nix/modules/cli/shell.nix b/nix/modules/cli/shell.nix index 0e081a1..ac1617d 100644 --- a/nix/modules/cli/shell.nix +++ b/nix/modules/cli/shell.nix @@ -1,6 +1,7 @@ { config, lib, ... }: let cfg = config.flake; + inherit (config.manifest) users; inherit (cfg.lib.modules) forAllUsers'; inherit (lib.attrsets) mapAttrs'; in @@ -12,7 +13,7 @@ in programs = mapAttrs' (name: value: { name = value.shell; value.enable = true; - }) cfg.manifest.users; + }) users; users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; }); }; darwin.default = @@ -21,14 +22,14 @@ in programs = mapAttrs' (name: value: { name = value.shell; value.enable = true; - }) cfg.manifest.users; + }) users; users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; }); environment.shells = [ pkgs.fish ]; }; homeManager.default = { config, ... }: { - programs.${cfg.manifest.users.${config.home.username}.shell}.enable = true; + programs.${users.${config.home.username}.shell}.enable = true; home.shell.enableShellIntegration = true; }; }; diff --git a/nix/modules/machine/gpu.nix b/nix/modules/machine/gpu.nix index 00c56cd..8517036 100644 --- a/nix/modules/machine/gpu.nix +++ b/nix/modules/machine/gpu.nix @@ -1,7 +1,3 @@ -{ config, ... }: -let - cfg = config.flake; -in { allowedUnfreePackages = [ "nvidia-x11" @@ -11,11 +7,11 @@ in { config, pkgs, - hostName, + hostConfig, ... }: let - gpu = cfg.manifest.hosts.nixos.${hostName}.machine.gpu or ""; + inherit (hostConfig.machine) gpu; in if gpu == "nvidia" then { diff --git a/nix/modules/machine/platform.nix b/nix/modules/machine/platform.nix index 19b2fdf..62943b4 100644 --- a/nix/modules/machine/platform.nix +++ b/nix/modules/machine/platform.nix @@ -1,9 +1,8 @@ -{ config, ... }: { flake.modules.nixos.default = - { hostName, ... }: + { hostConfig, ... }: let - inherit (config.flake.manifest.hosts.nixos.${hostName}.machine) platform; + inherit (hostConfig.machine) platform; arch = if platform == "amd" || platform == "intel" then "x86_64" else "aarch64"; in { @@ -13,9 +12,9 @@ }; flake.modules.darwin.default = - { hostName, ... }: + { hostConfig, ... }: let - inherit (config.flake.manifest.hosts.darwin.${hostName}.machine) platform; + inherit (hostConfig.machine) platform; arch = if platform == "intel" then "x86_64" else "aarch64"; in { diff --git a/nix/modules/machine/root.nix b/nix/modules/machine/root.nix index 98c1120..9c7d4ea 100644 --- a/nix/modules/machine/root.nix +++ b/nix/modules/machine/root.nix @@ -1,17 +1,12 @@ -{ - config, - lib, - inputs, - ... -}: +{ lib, inputs, ... }: let inherit (lib.modules) mkMerge mkIf mkAfter; in { flake.modules.nixos.default = - { hostName, ... }: + { hostConfig, ... }: let - inherit (config.flake.manifest.hosts.nixos.${hostName}.machine) root; + inherit (hostConfig.machine) root; in { imports = [ inputs.disko.nixosModules.disko ]; @@ -85,7 +80,7 @@ in }; } # Ephemeral by default - assumes btrfs - (mkIf (config.flake.manifest.hosts.nixos.${hostName}.machine.root.ephemeral or true) { + (mkIf root.ephemeral { boot.initrd.postDeviceCommands = mkAfter '' mkdir /btrfs_tmp mount /dev/root_vg/root /btrfs_tmp diff --git a/nix/modules/networking/ssh.nix b/nix/modules/networking/ssh.nix index d721746..2238b7e 100644 --- a/nix/modules/networking/ssh.nix +++ b/nix/modules/networking/ssh.nix @@ -1,6 +1,7 @@ { config, lib, ... }: let cfg = config.flake; + inherit (config.manifest) admin; inherit (lib.modules) mkMerge; inherit (cfg.lib.modules) forAllUsers'; in @@ -16,7 +17,7 @@ in "/etc/ssh/ssh_host_rsa_key.pub" ]; } - { users.users.root.openssh.authorizedKeys.keys = [ cfg.admin.pubkey ]; } + { users.users.root.openssh.authorizedKeys.keys = [ admin.pubkey ]; } ]; flake.modules.homeManager.default = { persistDirs = [ ".ssh" ]; diff --git a/nix/modules/server/web-servers.nix b/nix/modules/server/web-servers.nix index 1967268..9b0cf75 100644 --- a/nix/modules/server/web-servers.nix +++ b/nix/modules/server/web-servers.nix @@ -4,7 +4,7 @@ let inherit (config.flake.lib.options) mkStrOption mkPathOption; inherit (config.flake.lib.services) mkRootDomain; inherit (config.flake.paths) secrets; - inherit (config.flake.admin) email; + inherit (config.manifest.admin) email; inherit (lib.types) listOf submodule attrs; inherit (lib.options) mkOption mkEnableOption; inherit (lib.modules) mkMerge mkIf; diff --git a/nix/modules/system/secrets.nix b/nix/modules/system/secrets.nix index 7e5400d..e71989d 100644 --- a/nix/modules/system/secrets.nix +++ b/nix/modules/system/secrets.nix @@ -6,11 +6,11 @@ }: let cfg = config.flake; + inherit (cfg.paths) secrets; inherit (builtins) readFile; inherit (lib.meta) getExe; inherit (lib.strings) trim; - inherit (cfg.admin) username pubkey; - inherit (cfg.paths) secrets; + inherit (config.manifest.admin) username pubkey; in { flake.modules = { diff --git a/nix/modules/system/sudo.nix b/nix/modules/system/sudo.nix index ec974cc..fa7724c 100644 --- a/nix/modules/system/sudo.nix +++ b/nix/modules/system/sudo.nix @@ -1,12 +1,12 @@ { config, ... }: let - cfg = config.flake; + inherit (config.manifest) admin; in { flake.modules.nixos.default = { security.sudo.wheelNeedsPassword = false; nix.settings.trusted-users = [ "@wheel" ]; - users.users.${cfg.admin.username}.extraGroups = [ "wheel" ]; + users.users.${admin.username}.extraGroups = [ "wheel" ]; }; flake.modules.darwin.default.security = { sudo.extraConfig = "%admin ALL = (ALL) NOPASSWD: ALL"; diff --git a/nix/modules/system/users.nix b/nix/modules/system/users.nix index 35b199b..dc80b0b 100644 --- a/nix/modules/system/users.nix +++ b/nix/modules/system/users.nix @@ -1,6 +1,7 @@ { config, lib, ... }: let cfg = config.flake; + inherit (config.manifest) users admin; inherit (cfg.lib.modules) userListToAttrs forAllUsers'; inherit (lib.lists) findFirstIndex; inherit (builtins) attrNames; @@ -36,12 +37,12 @@ in flake.modules.darwin.default = { config, ... }: { - system.primaryUser = cfg.admin.username; - users.knownUsers = attrNames cfg.manifest.users; + system.primaryUser = admin.username; + users.knownUsers = attrNames users; users.users = forAllUsers' ( name: _: { home = "/Users/${name}"; - uid = 501 + (findFirstIndex (x: x == name) null (attrNames cfg.manifest.users)); + uid = 501 + (findFirstIndex (x: x == name) null (attrNames users)); } ); home-manager.users = forAllUsers' ( From e02411d5636ac677b18d23bdb74c008ae5c4c76c Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Tue, 15 Jul 2025 22:51:00 +0800 Subject: [PATCH 16/18] feat(flake): add manifest input and module import --- flake.lock | 16 ++++++++ flake.nix | 2 + nix/flake-parts/manifest.nix | 77 +----------------------------------- 3 files changed, 20 insertions(+), 75 deletions(-) diff --git a/flake.lock b/flake.lock index 21693cb..9d72b1b 100644 --- a/flake.lock +++ b/flake.lock @@ -337,6 +337,21 @@ "type": "github" } }, + "manifest": { + "locked": { + "lastModified": 1752588656, + "narHash": "sha256-clKPzQ43eDpukeiGHzXmd1hGb2s4N+MWXAzQ5u5+pHQ=", + "owner": "rrvsh", + "repo": "manifest", + "rev": "365902fba994f30469298dee0c98a5fc0f41ec38", + "type": "github" + }, + "original": { + "owner": "rrvsh", + "repo": "manifest", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -488,6 +503,7 @@ "impermanence": "impermanence", "import-tree": "import-tree", "make-shell": "make-shell", + "manifest": "manifest", "nix-darwin": "nix-darwin", "nix-index-database": "nix-index-database", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index 5e22b8c..dcb6882 100644 --- a/flake.nix +++ b/flake.nix @@ -71,6 +71,8 @@ files.url = "github:mightyiam/files"; # text.nix lets us easily define markdown text to pass to files text.url = "github:rrvsh/text.nix"; + # manifest lets us define all hosts in one file + manifest.url = "github:rrvsh/manifest"; # make-shells. creates devShells and checks make-shell = { url = "github:nicknovitski/make-shell"; diff --git a/nix/flake-parts/manifest.nix b/nix/flake-parts/manifest.nix index 1d121a1..e61d29a 100644 --- a/nix/flake-parts/manifest.nix +++ b/nix/flake-parts/manifest.nix @@ -1,77 +1,4 @@ -{ lib, config, ... }: -let - cfg = config.flake; - inherit (lib.options) mkOption mkEnableOption; - inherit (lib.types) - bool - str - lazyAttrsOf - deferredModule - submodule - ; - inherit (cfg.lib.options) mkStrOption; - inherit (cfg.lib.attrsets) firstAttrNameMatching; - userOpts = submodule { - options = { - primary = mkOption { type = bool; }; - username = mkOption { type = str; }; - name = mkOption { type = str; }; - email = mkOption { type = str; }; - shell = mkOption { type = str; }; - pubkey = mkOption { type = str; }; - }; - }; - monitorOpts = submodule { - options = { - id = mkStrOption ""; - resolution = mkStrOption ""; - refresh-rate = mkStrOption ""; - scale = mkStrOption ""; - }; - }; - hostOpts = submodule { - options = { - graphical = mkEnableOption ""; - machine = { - platform = mkStrOption ""; - gpu = mkStrOption ""; - root.drive = mkStrOption ""; - root.ephemeral = mkEnableOption "" // { - default = true; - }; - monitors = mkOption { - type = lazyAttrsOf monitorOpts; - default = { }; - }; - }; - extraCfg = mkOption { - type = deferredModule; - default = { }; - }; - }; - }; - username = firstAttrNameMatching (_: v: v.primary or false) config.manifest.users; -in +{ inputs, ... }: { - options.manifest = { - admin = mkOption { - type = userOpts; - readOnly = true; - }; - users = mkOption { - type = lazyAttrsOf userOpts; - default = { }; - }; - hosts.nixos = mkOption { - type = lazyAttrsOf hostOpts; - default = { }; - }; - hosts.darwin = mkOption { - type = lazyAttrsOf hostOpts; - default = { }; - }; - }; - config.manifest.admin = config.manifest.users.${username} // { - inherit username; - }; + imports = [ inputs.manifest.flakeModules.default ]; } From ab627ac91948f4ca64cf78feef13e312d2d4084d Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Tue, 15 Jul 2025 22:54:06 +0800 Subject: [PATCH 17/18] refactor(flake-parts): consolidate modules into one file --- nix/flake-parts/debug.nix | 3 --- nix/flake-parts/flake-parts.nix | 10 ++++++++++ nix/flake-parts/make-shell.nix | 5 ----- nix/flake-parts/manifest.nix | 4 ---- nix/flake-parts/modules.nix | 4 ---- nix/flake-parts/text.nix | 4 ---- 6 files changed, 10 insertions(+), 20 deletions(-) delete mode 100644 nix/flake-parts/debug.nix create mode 100644 nix/flake-parts/flake-parts.nix delete mode 100644 nix/flake-parts/make-shell.nix delete mode 100644 nix/flake-parts/manifest.nix delete mode 100644 nix/flake-parts/modules.nix delete mode 100644 nix/flake-parts/text.nix diff --git a/nix/flake-parts/debug.nix b/nix/flake-parts/debug.nix deleted file mode 100644 index 38e2cb3..0000000 --- a/nix/flake-parts/debug.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - debug = true; -} diff --git a/nix/flake-parts/flake-parts.nix b/nix/flake-parts/flake-parts.nix new file mode 100644 index 0000000..4f0d093 --- /dev/null +++ b/nix/flake-parts/flake-parts.nix @@ -0,0 +1,10 @@ +{ inputs, ... }: +{ + debug = true; + imports = [ + inputs.make-shell.flakeModules.default + inputs.manifest.flakeModules.default + inputs.flake-parts.flakeModules.modules + inputs.text.flakeModules.default + ]; +} diff --git a/nix/flake-parts/make-shell.nix b/nix/flake-parts/make-shell.nix deleted file mode 100644 index 66ca600..0000000 --- a/nix/flake-parts/make-shell.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ inputs, ... }: -{ - #TODO: add to readme - imports = [ inputs.make-shell.flakeModules.default ]; -} diff --git a/nix/flake-parts/manifest.nix b/nix/flake-parts/manifest.nix deleted file mode 100644 index e61d29a..0000000 --- a/nix/flake-parts/manifest.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ inputs, ... }: -{ - imports = [ inputs.manifest.flakeModules.default ]; -} diff --git a/nix/flake-parts/modules.nix b/nix/flake-parts/modules.nix deleted file mode 100644 index 1c75663..0000000 --- a/nix/flake-parts/modules.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ inputs, ... }: -{ - imports = [ inputs.flake-parts.flakeModules.modules ]; -} diff --git a/nix/flake-parts/text.nix b/nix/flake-parts/text.nix deleted file mode 100644 index 81b2f51..0000000 --- a/nix/flake-parts/text.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ inputs, ... }: -{ - imports = [ inputs.text.flakeModules.default ]; -} From e3ad7a252807a57cafcc66720d679f2fc0a51413 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Thu, 17 Jul 2025 15:17:46 +0800 Subject: [PATCH 18/18] feat(languages): enable tailwind language support --- nix/homes/rafiq/_nvf/languages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/homes/rafiq/_nvf/languages.nix b/nix/homes/rafiq/_nvf/languages.nix index 6378a42..fbeaf85 100644 --- a/nix/homes/rafiq/_nvf/languages.nix +++ b/nix/homes/rafiq/_nvf/languages.nix @@ -27,6 +27,7 @@ }; rust.enable = true; rust.crates.enable = true; + tailwind.enable = true; ts.enable = true; ts.extensions.ts-error-translator.enable = true; typst.enable = true;