holy moly okay

2025-03-27 23:05:35 -07:00 · 2025-03-27 23:05:35 -07:00 · 3ef1025e55
parent df20cb13ac
commit 3ef1025e55
13 changed files with 305 additions and 54 deletions
--- a/configuration-desktop.nix
+++ b/configuration-desktop.nix
@ -39,8 +39,10 @@
    dino
    discord
    element-desktop
+    signal-desktop
    slack
    obs-studio
+    foot

    kdePackages.plasma-thunderbolt
  ];
--- a/configuration-nixbsd.nix
+++ b/configuration-nixbsd.nix
@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+let
+  nixKey = "/var/lib/nix/binary-cache-key" ;
+in {
+  init.services.nix-key-setup = {
+    description = "Generate a nix build signing key";
+    startType = "oneshot";
+    startCommand = pkgs.writeScript "nix-key-setup" ''
+      test -f ${nixKey} && test -f ${nixKey}.pub && exit 0 || true
+      mkdir -p "$(dirname "${nixKey}")"
+      ${config.nix.package}/bin/nix-store --generate-binary-cache-key ${config.networking.hostName} ${nixKey} ${nixKey}.pub
+    '';
+    after = [ "FILESYSTEMS" ];
+  };
+}
--- a/configuration-nixos.nix
+++ b/configuration-nixos.nix
@ -0,0 +1,51 @@
+{ config, lib, pkgs, ... }:
+let
+  nixKey = "/var/lib/nix/binary-cache-key";
+  # just using the filepath interacts poorly with typechecking under diverted stores
+  toStore = path: pkgs.writeText (builtins.baseNameOf path) (builtins.readFile path);
+in {
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.systemd-boot.memtest86.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.efi.efiSysMountPoint = "/boot";
+
+  systemd.services.nix-key-setup = {
+    description = "Generate a nix build signing key";
+    script = ''
+      test -f ${nixKey} && test -f ${nixKey}.pub && exit 0 || true
+      mkdir -p "$(dirname "${nixKey}")"
+      ${config.nix.package}/bin/nix-store --generate-binary-cache-key ${config.networking.hostName} ${nixKey} ${nixKey}.pub
+    '';
+    wantedBy = [ "multi-user.target" ];
+  };
+
+  console = {
+    font = "Lat2-Terminus16";
+    #keyMap = "us";
+    useXkbConfig = true; # use xkb.options in tty.
+  };
+
+  environment.systemPackages = with pkgs; [
+    # language servers
+    nil
+    rust-analyzer
+    lua-language-server
+    clang-tools
+    bash-language-server
+    pyright
+    csharp-ls
+    gopls
+    typescript-language-server
+    #ocamllsp
+  ];
+
+  security.pam.u2f = {
+    enable = true;
+    settings.authfile = toStore ./dotfiles/u2f-keys;
+    settings.cue = true;
+  };
+
+  services.fwupd.enable = true;
+  services.hardware.bolt.enable = true;
+}
--- a/configuration.nix
+++ b/configuration.nix
@ -1,40 +1,16 @@
 { config, lib, pkgs, ... }:
-let nixKey = "/var/lib/nix/binary-cache-key";
-# just using the filepath interacts poorly with typechecking under diverted stores
-toStore = path: pkgs.writeText (builtins.baseNameOf path) (builtins.readFile path);
-in {
+{
  imports = [ ./overlays/packages.nix ];
  nixpkgs.config.allowUnfree = true;

-  # Use the systemd-boot EFI boot loader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.systemd-boot.memtest86.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader.efi.efiSysMountPoint = "/boot";
-
  nix.settings.extra-experimental-features = "nix-command flakes";
  nix.settings.trusted-users = [ "audrey" ];
  nix.settings.max-jobs = 1;
  nix.settings.cores = 0;
-  nix.settings.secret-key-files = [ nixKey ];
-
-  systemd.services.nix-key-setup = {
-    description = "Generate a nix build signing key";
-    script = ''
-      test -f ${nixKey} && test -f ${nixKey}.pub && exit 0 || true
-      mkdir -p "$(dirname "${nixKey}")"
-      ${config.nix.package}/bin/nix-store --generate-binary-cache-key ${config.networking.hostName} ${nixKey} ${nixKey}.pub
-    '';
-    wantedBy = [ "multi-user.target" ];
-  };
+  nix.settings.secret-key-files = [ "/var/lib/nix/binary-cache-key" ];

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";
-  console = {
-    font = "Lat2-Terminus16";
-    #keyMap = "us";
-    useXkbConfig = true; # use xkb.options in tty.
-  };

  # Configure keymap in X11
  services.xserver.xkb.layout = "us";
@ -59,21 +35,10 @@ in {
    nixfmt-rfc-style
    file
    stdenv.cc
+    stdenv.cc.bintools  # bins but not manpages included in stdenv.cc
    patchelf
    meld

-    # language servers
-    nil
-    rust-analyzer
-    lua-language-server
-    clang-tools
-    bash-language-server
-    pyright
-    csharp-ls
-    gopls
-    typescript-language-server
-    #ocamllsp
-
    (python3.withPackages (p: with p; [
      virtualenvwrapper
      pylint
@ -118,6 +83,7 @@ in {
      enable = true;
      extraConfig = builtins.readFile ./dotfiles/tmux.conf;
    };
+    direnv.enable = true;
    htop.enable = true;
    git = {
      enable = true;
@ -156,6 +122,7 @@ in {
            rust-tools-nvim
            nvim-lint
            nvim-cmp
+            cmp-nvim-lsp
            lsp-status-nvim
            telescope-nvim
            nvim-treesitter.withAllGrammars
@ -167,21 +134,13 @@ in {
        };
      };
    };
+    virt-manager.enable = true;
  };

  environment.etc."gdb/gdbinit".source = ./dotfiles/gdb-init.gdb;
  environment.etc."venv-default.txt".source = ./dotfiles/venv-default.txt;

-  security.pam.u2f = {
-    enable = true;
-    settings.authfile = toStore ./dotfiles/u2f-keys;
-    settings.cue = true;
-  };
-
  # Enable the OpenSSH daemon.
  services.openssh.enable = true;
-
-  services.fwupd.enable = true;
-  services.hardware.bolt.enable = true;
 }

--- a/dotfiles/nvim-init.lua
+++ b/dotfiles/nvim-init.lua
@ -287,7 +287,7 @@ if clangd == nil then
 end
 pipe = io.popen('which bash-language-server')
 bashls = pipe:read()
-pipe = io.popen('which pyright')
+pipe = io.popen('which pyright-langserver')
 pyright = pipe:read()
 pipe.close()
 if rust_analyzer ~= nil then
@ -304,7 +304,7 @@ if pyright ~= nil then
  lspconfig.pyright.setup{
    on_attach = lsp_keybinds,
    capabilities = capabilities,
-    cmd = {pyright},
+    cmd = {pyright, '--stdio'},
    settings = {
      python = {
        analysis = {
--- a/flake.lock
+++ b/flake.lock
@ -1,6 +1,140 @@
 {
  "nodes": {
+    "flake-compat": {
+      "locked": {
+        "lastModified": 1733328505,
+        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+        "revCount": 69,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
+      }
+    },
+    "flake-compat_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "lix": {
+      "inputs": {
+        "flake-compat": "flake-compat_2",
+        "nix2container": "nix2container",
+        "nixpkgs": [
+          "nixbsd",
+          "nixpkgs"
+        ],
+        "nixpkgs-regression": [
+          "nixbsd",
+          "nixpkgs"
+        ],
+        "pre-commit-hooks": "pre-commit-hooks"
+      },
+      "locked": {
+        "lastModified": 1732339771,
+        "narHash": "sha256-/ViH3RRdFm9R9WN4szwdwMSbnDnRzNqgkFNR5dBh+Og=",
+        "ref": "freebsd-build",
+        "rev": "a26c6228c31cc66b31a75f24a95f420952a6cbb2",
+        "revCount": 16516,
+        "type": "git",
+        "url": "https://git.lix.systems/artemist/lix.git"
+      },
+      "original": {
+        "ref": "freebsd-build",
+        "type": "git",
+        "url": "https://git.lix.systems/artemist/lix.git"
+      }
+    },
+    "mini-tmpfiles": {
+      "inputs": {
+        "nixpkgs": [
+          "nixbsd",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1741473245,
+        "narHash": "sha256-32ekQLovnjpb1NBvt1/WCEn98khSGljX+QkS+SLSNpM=",
+        "owner": "nixos-bsd",
+        "repo": "mini-tmpfiles",
+        "rev": "1ff4fc98963421e0e6b099ccda721d5a1ca4c887",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos-bsd",
+        "repo": "mini-tmpfiles",
+        "type": "github"
+      }
+    },
+    "nix2container": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1724996935,
+        "narHash": "sha256-njRK9vvZ1JJsP8oV2OgkBrpJhgQezI03S7gzskCcHos=",
+        "owner": "nlewo",
+        "repo": "nix2container",
+        "rev": "fa6bb0a1159f55d071ba99331355955ae30b3401",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nlewo",
+        "repo": "nix2container",
+        "type": "github"
+      }
+    },
+    "nixbsd": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "lix": "lix",
+        "mini-tmpfiles": "mini-tmpfiles",
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1742164784,
+        "narHash": "sha256-WWv+t3+r6WQUqfjcYog/Gef8Kd32XdqCspx8czzoaEA=",
+        "owner": "nixos-bsd",
+        "repo": "nixbsd",
+        "rev": "83c61d5e3710eef856cd15273125009afb1d5ecb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos-bsd",
+        "ref": "main",
+        "repo": "nixbsd",
+        "type": "github"
+      }
+    },
    "nixpkgs": {
+      "locked": {
+        "lastModified": 1741684394,
+        "narHash": "sha256-6G65wM+dJUgt0RfzxbN08OnhdY+YiYFdEpExFvPU6yg=",
+        "owner": "nixos-bsd",
+        "repo": "nixpkgs",
+        "rev": "30f30c8fdf82dfcbceb0c4e1dafda15e6faaa76d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos-bsd",
+        "ref": "nixbsd-dev-new",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
      "locked": {
        "lastModified": 1739758141,
        "narHash": "sha256-uq6A2L7o1/tR6VfmYhZWoVAwb3gTy7j4Jx30MIrH0rE=",
@ -16,9 +150,26 @@
        "type": "github"
      }
    },
+    "pre-commit-hooks": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1726745158,
+        "narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=",
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "type": "github"
+      }
+    },
    "root": {
      "inputs": {
-        "nixpkgs": "nixpkgs"
+        "nixbsd": "nixbsd",
+        "nixpkgs": "nixpkgs_2"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@ -1,10 +1,32 @@
 {
-  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
-  outputs = { self, nixpkgs }: {
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
+    nixbsd.url = "github:nixos-bsd/nixbsd/main";
+  };
+  outputs = { self, nixpkgs, nixbsd, ... }: {
    nixosConfigurations = let
      sitesFiles = builtins.readDir ./sites;
      sitesNames = builtins.filter (name: builtins.pathExists ./sites/${name}/configuration.nix) (builtins.attrNames sitesFiles);
-      configurations = builtins.listToAttrs (builtins.map (name: {inherit name; value = nixpkgs.lib.nixosSystem { modules = [ ./configuration.nix ./sites/${name}/configuration.nix ]; }; }) sitesNames);
+      systemTypes = {
+        nixos = nixpkgs.lib.nixosSystem;
+        nixbsd = nixbsd.lib.nixbsdSystem;
+      };
+      systemName = name: builtins.replaceStrings ["\n"] [""] (builtins.readFile ./sites/${name}/system);
+      configurations = builtins.listToAttrs (builtins.map (name: {inherit name; value = systemTypes.${systemName name} { modules = [ ./configuration.nix ./configuration-${systemName name}.nix ./sites/${name}/configuration.nix ]; }; }) sitesNames);
      in configurations;
+
+    packages = let
+      forBuildSystem = platform: let
+        toBuildSystem = config: config.extendModules { modules = [ { nixpkgs.buildPlatform = "x86_64-linux"; } ]; };
+        toToplevel = extended: {
+          system = extended.config.system.build.toplevel;
+        };
+        toSystem = name: config: toToplevel (toBuildSystem config);
+        configurations = builtins.mapAttrs toSystem self.nixosConfigurations;
+      in configurations;
+      buildPlatforms = [ "x86_64-linux" "aarch64-linux" "x86_64-freebsd" "aarch64-freebsd" ];
+      toPackagesList = platform: { name = platform; value = forBuildSystem platform; };
+      packagesList = builtins.map toPackagesList buildPlatforms;
+    in builtins.listToAttrs packagesList;
  };
 }
--- a/sites/chrysanthemum/configuration.nix
+++ b/sites/chrysanthemum/configuration.nix
@ -0,0 +1,4 @@
+{ pkgs, lib, config, ... }:
+{
+  imports = [ ./hardware-configuration.nix ];
+}
--- a/sites/chrysanthemum/hardware-configuration.nix
+++ b/sites/chrysanthemum/hardware-configuration.nix
@ -0,0 +1,32 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  fileSystems."/" =
+    { device = "system/local/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/nix" =
+    { device = "system/local/nix";
+      fsType = "zfs";
+    };
+
+  fileSystems."/var" =
+    { device = "system/local/var";
+      fsType = "zfs";
+    };
+
+  fileSystems."/home" =
+    { device = "system/home";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/gpt/ESP";
+      fsType = "msdos";
+    };
+
+  swapDevices = [ "/dev/gpt/swap" ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-freebsd";
+}
--- a/sites/chrysanthemum/system
+++ b/sites/chrysanthemum/system
@ -0,0 +1 @@
+nixbsd
--- a/sites/daisy/configuration.nix
+++ b/sites/daisy/configuration.nix
@ -20,7 +20,7 @@
  time.timeZone = "America/Phoenix";

  # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [ 22 80 443 1337 ];
+  networking.firewall.allowedTCPPorts = [ 22 80 443 1337 8081 ];
  networking.firewall.allowedUDPPorts = [ 1337 ];

  system.stateVersion = "24.11";
@ -35,4 +35,16 @@
    '')
    pkgs.OVMF.fd
  ];
+
+  services.postgresql.enable = true;
+  services.postgresql.authentication = ''
+    local all all peer map=pgadmin-superuser
+  '';
+  services.postgresql.identMap = ''
+    pgadmin-superuser pgadmin postgres
+    pgadmin-superuser postgres postgres
+  '';
+  services.pgadmin.enable = true;
+  services.pgadmin.initialEmail = "audrey@rhelmot.io";
+  services.pgadmin.initialPasswordFile = "/var/lib/pgadmin/initial_password_file";
 }
--- a/sites/daisy/system
+++ b/sites/daisy/system
@ -0,0 +1 @@
+nixos
--- a/sites/sunflower/system
+++ b/sites/sunflower/system
@ -0,0 +1 @@
+nixos