From 20d938a506b3704fd2fcf3241573fc81f59a7e92 Mon Sep 17 00:00:00 2001 From: Emile Clark-Boman Date: Thu, 13 Feb 2025 14:47:33 +1000 Subject: [PATCH] colmena override bash->fish maintain posix compliance, and began make wishlist.nix flake --- deploy-remote | 7 +- flake.lock | 175 +++++++++++++++++++++++++++++++-------- flake.nix | 7 +- flakes/wishlist.nix | 44 ++++++++++ hosts/hyrule/default.nix | 28 ++++++- 5 files changed, 220 insertions(+), 41 deletions(-) create mode 100644 flakes/wishlist.nix diff --git a/deploy-remote b/deploy-remote index 5df3777..94371d4 100755 --- a/deploy-remote +++ b/deploy-remote @@ -1,5 +1,8 @@ #!/usr/bin/env bash +set -e # terminate if any command fails + # Deploy to all Colmena hives -colmena build -colmena apply --verbose +colmena build --experimental-flake-eval +colmena apply --experimental-flake-eval +# colmena apply --on hyrule --experimental-flake-eval diff --git a/flake.lock b/flake.lock index 4f9c813..968d6bc 100755 --- a/flake.lock +++ b/flake.lock @@ -21,7 +21,7 @@ }, "ags_2": { "inputs": { - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "systems": "systems_3" }, "locked": { @@ -71,7 +71,45 @@ "type": "github" } }, + "colmena": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nix-github-actions": "nix-github-actions", + "nixpkgs": "nixpkgs_2", + "stable": "stable" + }, + "locked": { + "lastModified": 1734897875, + "narHash": "sha256-LLpiqfOGBippRax9F33kSJ/Imt8gJXb6o0JwSBiNHCk=", + "owner": "zhaofengli", + "repo": "colmena", + "rev": "a6b51f5feae9bfb145daa37fd0220595acb7871e", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "colmena", + "type": "github" + } + }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1696426674, @@ -87,7 +125,7 @@ "type": "github" } }, - "flake-compat_2": { + "flake-compat_3": { "locked": { "lastModified": 1696426674, "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", @@ -101,22 +139,6 @@ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" } }, - "flake-compat_3": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-compat_4": { "flake": false, "locked": { @@ -133,6 +155,37 @@ "type": "github" } }, + "flake-compat_5": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ @@ -157,7 +210,7 @@ }, "grub2-themes": { "inputs": { - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1730004881, @@ -230,7 +283,7 @@ "hyprlang": "hyprlang", "hyprutils": "hyprutils", "hyprwayland-scanner": "hyprwayland-scanner", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "pre-commit-hooks": "pre-commit-hooks", "systems": "systems_2", "xdph": "xdph" @@ -306,7 +359,7 @@ "hyprpanel": { "inputs": { "ags": "ags_2", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1731270736, @@ -388,10 +441,31 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "colmena", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nixcord": { "inputs": { - "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_6" + "flake-compat": "flake-compat_3", + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1730720546, @@ -440,6 +514,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1734119587, + "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1730808093, "narHash": "sha256-oOenwoxpzQsBNi7KltgnXqq6e0+CxlfNXKn3k27w6cQ=", @@ -455,7 +545,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1730785428, "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", @@ -471,7 +561,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1725634671, "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", @@ -487,7 +577,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1729880355, "narHash": "sha256-RP+OQ6koQQLX5nw0NmcDrzvGL8HDLnyXt/jHhL1jwjM=", @@ -503,7 +593,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1730768919, "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=", @@ -519,7 +609,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1730785428, "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", @@ -535,7 +625,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1730200266, "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", @@ -553,7 +643,7 @@ }, "pre-commit-hooks": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "gitignore": "gitignore", "nixpkgs": [ "hyprland", @@ -578,20 +668,21 @@ "root": { "inputs": { "ags": "ags", + "colmena": "colmena", "grub2-themes": "grub2-themes", "home-manager": "home-manager", "hyprland": "hyprland", "hyprpanel": "hyprpanel", "nix-flatpak": "nix-flatpak", "nixcord": "nixcord", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "spicetify-nix": "spicetify-nix", "swww": "swww" } }, "spicetify-nix": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "nixpkgs": [ "nixpkgs" ] @@ -610,10 +701,26 @@ "type": "github" } }, + "stable": { + "locked": { + "lastModified": 1730883749, + "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, "swww": { "inputs": { - "flake-compat": "flake-compat_4", - "nixpkgs": "nixpkgs_8", + "flake-compat": "flake-compat_5", + "nixpkgs": "nixpkgs_9", "utils": "utils" }, "locked": { diff --git a/flake.nix b/flake.nix index 2d2dc36..e0a1358 100755 --- a/flake.nix +++ b/flake.nix @@ -30,6 +30,8 @@ ags.url = "github:Aylur/ags"; hyprpanel.url = "github:Jas-SinghFSU/HyprPanel"; + + colmena.url = "github:zhaofengli/colmena"; }; outputs = { @@ -39,6 +41,7 @@ hyprland, grub2-themes, nixcord, + colmena, ... } @ inputs: let system = "x86_64-linux"; @@ -147,7 +150,9 @@ }; # remote deployment to my servers!! - colmena = { + #colmenaHive = colmena.lib.makeHive self.outputs.colmena; + #colmena = { + colmenaHive = colmena.lib.makeHive { meta = { # set nixpkgs global nixpkgs = pkgs; diff --git a/flakes/wishlist.nix b/flakes/wishlist.nix new file mode 100644 index 0000000..74813b3 --- /dev/null +++ b/flakes/wishlist.nix @@ -0,0 +1,44 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + flake-utils.url = "github:numtide/flake-utils"; + }; + + outputs = { + self, + nixpkgs, + flake-utils, + }: { + # TODO: 1. add options (ie one to set whether the server should be enabled), + # 2. create a systemd service + # 3. create a main program + # 4. celibrate + + packages = flake-utils.lib.eachDefaultSystem ( + system: let + version = "0.15.1"; + pkgs = nixpkgs.legacyPackages.${system}; + lib = pkgs.lib; + in { + wishlist = pkgs.buildGoModule { + pname = "wishlist"; + inherit version; + meta = with lib; { + homepage = "https://github.com/charmbracelet/wishlist"; + description = "Your SSH directory."; + license = licenses.mit; + maintainers = with maintainers; [caarlos0]; + }; + + src = pkgs.fetchFromGithub { + owner = "charmbracelet"; + repo = "wishlist"; + rev = "v${version}"; # TODO: is this ok? should this be a hash instead? + hash = "0c9g1s8j9znzd1mw61d0klc6sqri0wx6hljibxdwzi3cabfy3ld6"; + }; + vendorSha256 = lib.fakeSha256; + }; + } + ); + }; +} diff --git a/hosts/hyrule/default.nix b/hosts/hyrule/default.nix index ca78ca7..9fc6437 100755 --- a/hosts/hyrule/default.nix +++ b/hosts/hyrule/default.nix @@ -20,10 +20,16 @@ in { #../modules/server/fail2ban.nix ]; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; + nix.settings = { + # make wheel group trusted users allows my "ae" user + # to import packages not signed by a trusted key + # (aka super duper easier to remote deploy) + trusted-users = ["root" "@wheel"]; + experimental-features = [ + "nix-command" + "flakes" + ]; + }; time.timeZone = "Australia/Brisbane"; @@ -70,6 +76,9 @@ in { }; }; + # grant passwordless sudo to wheel group + security.sudo.wheelNeedsPassword = false; + users = { defaultUserShell = pkgs.bash; @@ -150,6 +159,17 @@ in { ]; programs = { + fish.enable = true; + + bash = { + interactiveShellInit = '' + if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] + then + shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" + exec ${pkgs.fish}/bin/fish $LOGIN_OPTION + fi + ''; + }; }; system.stateVersion = "24.11"; # DO NOT MODIFY