swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 00:57:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: bootstrap script not working with nix-plugins

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-11-10 01:23:50 +01:00 committed by Leon Schwarzäugl
parent c3b8102546
commit 729defa8b1
5 changed files with 279 additions and 218 deletions
Download patch file Download diff file Expand all files Collapse all files

244
SwarselSystems.org
View file

@ -1340,110 +1340,141 @@ Lastly, in the =perSystem= attribute set, we see that it is actually passed some
}; };
}; };
devshells.default = let devshells = {
nix-version = "2_30"; deploy =
in { let
packages = [ nix-version = "2_28";
(builtins.trace "alarm: pinned nix_${nix-version}" pkgs.nixVersions."nix_${nix-version}") in {
pkgs.git packages = [
pkgs.just (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.stable25_05.nixVersions."nix_${nix-version}")
pkgs.age pkgs.git
pkgs.ssh-to-age pkgs.just
pkgs.sops pkgs.age
pkgs.nixpkgs-fmt pkgs.ssh-to-age
self.packages.${system}.swarsel-build pkgs.sops
self.packages.${system}.swarsel-deploy ];
(pkgs.symlinkJoin {
name = "home-manager";
buildInputs = [ pkgs.makeWrapper ];
paths = [ pkgs.home-manager ];
postBuild = ''
wrapProgram $out/bin/home-manager \
--append-flags '--flake .#$(hostname)'
'';
})
];
commands = [ env =
[
{
name = "NIX_CONFIG";
value = ''
plugin-files = ${pkgs.stable25_05.nix-plugins.overrideAttrs (o: {
buildInputs = [pkgs.stable25_05.nixVersions."nix_${nix-version}" pkgs.stable25_05.boost];
patches = (o.patches or []) ++ [./nix-plugins.patch];
})}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'';
}
];
};
default =
let
nix-version = "2_30";
in
{ {
package = pkgs.statix; packages = [
help = "Lint flake"; (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.nixVersions."nix_${nix-version}")
} pkgs.git
{ pkgs.just
package = pkgs.deadnix; pkgs.age
help = "Check flake for dead code"; pkgs.ssh-to-age
} pkgs.sops
{ pkgs.nixpkgs-fmt
package = pkgs.nix-tree; self.packages.${system}.swarsel-build
help = "Interactively browse dependency graphs of Nix derivations"; self.packages.${system}.swarsel-deploy
} (pkgs.symlinkJoin {
{ name = "home-manager";
package = pkgs.nvd; buildInputs = [ pkgs.makeWrapper ];
help = "Diff two nix toplevels and show which packages were upgraded"; paths = [ pkgs.home-manager ];
} postBuild = ''
{ wrapProgram $out/bin/home-manager \
package = pkgs.nix-diff; --append-flags '--flake .#$(hostname)'
help = "Explain why two Nix derivations differ"; '';
} })
{ ];
package = pkgs.nix-output-monitor;
help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)";
name = "nom \"$@\"";
}
{
name = "hm";
help = "Manage home-manager config";
command = "home-manager \"$@\"";
}
{
name = "fmt";
help = "Format flake";
command = "nixpkgs-fmt --check \"$FLAKE\"";
}
{
name = "sd";
help = "Build and deploy this nix config to nodes";
command = "swarsel-deploy \"$@\"";
}
{
name = "sl";
help = "Build and deploy a config to nodes";
command = "swarsel-deploy \${1} switch";
}
{
name = "sw";
help = "Build and switch to the host's config locally";
command = "swarsel-deploy $(hostname) switch";
}
{
name = "bld";
help = "Build a number of configurations";
command = "swarsel-build \"$@\"";
}
{
name = "c";
help = "Work with the flake git repository";
command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\"";
}
];
devshell.startup.pre-commit-install.text = "pre-commit install"; commands = [
{
package = pkgs.statix;
help = "Lint flake";
}
{
package = pkgs.deadnix;
help = "Check flake for dead code";
}
{
package = pkgs.nix-tree;
help = "Interactively browse dependency graphs of Nix derivations";
}
{
package = pkgs.nvd;
help = "Diff two nix toplevels and show which packages were upgraded";
}
{
package = pkgs.nix-diff;
help = "Explain why two Nix derivations differ";
}
{
package = pkgs.nix-output-monitor;
help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)";
name = "nom \"$@\"";
}
{
name = "hm";
help = "Manage home-manager config";
command = "home-manager \"$@\"";
}
{
name = "fmt";
help = "Format flake";
command = "nixpkgs-fmt --check \"$FLAKE\"";
}
{
name = "sd";
help = "Build and deploy this nix config to nodes";
command = "swarsel-deploy \"$@\"";
}
{
name = "sl";
help = "Build and deploy a config to nodes";
command = "swarsel-deploy \${1} switch";
}
{
name = "sw";
help = "Build and switch to the host's config locally";
command = "swarsel-deploy $(hostname) switch";
}
{
name = "bld";
help = "Build a number of configurations";
command = "swarsel-build \"$@\"";
}
{
name = "c";
help = "Work with the flake git repository";
command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\"";
}
];
env = let devshell.startup.pre-commit-install.text = "pre-commit install";
nix-plugins = pkgs.nix-plugins.override {
nixComponents = pkgs.nixVersions."nixComponents_${nix-version}"; env =
let
nix-plugins = pkgs.nix-plugins.override {
nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
};
in
[
{
name = "NIX_CONFIG";
value = ''
plugin-files = ${nix-plugins}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'';
}
];
}; };
in [
{
# Additionally configure nix-plugins with our extra builtins file.
# We need this for our repo secrets.
name = "NIX_CONFIG";
value = ''
plugin-files = ${nix-plugins}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'';
}
];
}; };
}; };
} }
@ -4801,7 +4832,7 @@ This is also exposed to home-manager configurations, in case this ever breaks, I
#+begin_src nix-ts :tangle modules/nixos/common/pii.nix #+begin_src nix-ts :tangle modules/nixos/common/pii.nix
# largely based on https://github.com/oddlama/nix-config/blob/main/modules/secrets.nix # largely based on https://github.com/oddlama/nix-config/blob/main/modules/secrets.nix
{ config, inputs, lib, minimal, ... }: { config, inputs, lib, ... }:
let let
# If the given expression is a bare set, it will be wrapped in a function, # If the given expression is a bare set, it will be wrapped in a function,
# so that the imported file can always be applied to the inputs, similar to # so that the imported file can always be applied to the inputs, similar to
@ -4867,7 +4898,7 @@ This is also exposed to home-manager configurations, in case this ever breaks, I
let let
local = config.node.secretsDir + "/pii.nix.enc"; local = config.node.secretsDir + "/pii.nix.enc";
in in
(lib.optionalAttrs (lib.pathExists local && !minimal) { inherit local; }) // lib.optionalAttrs (!minimal) { (lib.optionalAttrs (lib.pathExists local) { inherit local; }) // lib.optionalAttrs true {
common = ../../../secrets/repo/pii.nix.enc; common = ../../../secrets/repo/pii.nix.enc;
}; };
}; };
@ -17904,6 +17935,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man
fi fi
cd "$FLAKE" cd "$FLAKE"
rm install/flake.lock || true rm install/flake.lock || true
git_root=$(git rev-parse --show-toplevel) git_root=$(git rev-parse --show-toplevel)
# ------------------------ # ------------------------
@ -23872,12 +23904,9 @@ This file defines a few workflows that I often need to run when working on my co
update: update:
nix flake update nix flake update
iso: iso CONFIG="live-iso":
rm -rf result rm -rf result
nix build .#nixosConfigurations.iso.config.system.build.isoImage && ln -sf result/iso/*.iso latest.iso nix build --print-out-paths .#live-iso
iso-flake FLAKE SYSTEM="x86_64" FORMAT="iso":
nixos-generate --flake .#{{FLAKE}} -f {{FORMAT}} --system {{SYSTEM}}
iso-install DRIVE: iso iso-install DRIVE: iso
sudo dd if=$(eza --sort changed result/iso/*.iso | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync sudo dd if=$(eza --sort changed result/iso/*.iso | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync
@ -23888,6 +23917,9 @@ This file defines a few workflows that I often need to run when working on my co
sync USER HOST: sync USER HOST:
rsync -rltv --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/ rsync -rltv --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/
bootstrap DEST CONFIG ARCH="x86_64-linux":
nix develop .#deploy --command zsh -c "swarsel-bootstrap -n {{CONFIG}} -d {{DEST}} -a {{ARCH}}"
#+end_src #+end_src
** aspell.conf ** aspell.conf
:PROPERTIES: :PROPERTIES:

1
files/scripts/swarsel-bootstrap.sh
View file

@ -185,6 +185,7 @@ if [ ! -d "$FLAKE" ]; then
fi fi
cd "$FLAKE" cd "$FLAKE"
rm install/flake.lock || true rm install/flake.lock || true
git_root=$(git rev-parse --show-toplevel) git_root=$(git rev-parse --show-toplevel)
# ------------------------ # ------------------------

10
justfile
View file

@ -10,12 +10,9 @@ check-trace:
update: update:
nix flake update nix flake update
iso: iso CONFIG="live-iso":
rm -rf result rm -rf result
nix build .#nixosConfigurations.iso.config.system.build.isoImage && ln -sf result/iso/*.iso latest.iso nix build --print-out-paths .#live-iso
iso-flake FLAKE SYSTEM="x86_64" FORMAT="iso":
nixos-generate --flake .#{{FLAKE}} -f {{FORMAT}} --system {{SYSTEM}}
iso-install DRIVE: iso iso-install DRIVE: iso
sudo dd if=$(eza --sort changed result/iso/*.iso | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync sudo dd if=$(eza --sort changed result/iso/*.iso | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync
@ -25,3 +22,6 @@ dd DRIVE ISO:
sync USER HOST: sync USER HOST:
rsync -rltv --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/ rsync -rltv --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/
bootstrap DEST CONFIG ARCH="x86_64-linux":
nix develop .#deploy --command zsh -c "swarsel-bootstrap -n {{CONFIG}} -d {{DEST}} -a {{ARCH}}"

4
modules/nixos/common/pii.nix
View file

@ -1,5 +1,5 @@
# largely based on https://github.com/oddlama/nix-config/blob/main/modules/secrets.nix # largely based on https://github.com/oddlama/nix-config/blob/main/modules/secrets.nix
{ config, inputs, lib, minimal, ... }: { config, inputs, lib, ... }:
let let
# If the given expression is a bare set, it will be wrapped in a function, # If the given expression is a bare set, it will be wrapped in a function,
# so that the imported file can always be applied to the inputs, similar to # so that the imported file can always be applied to the inputs, similar to
@ -65,7 +65,7 @@ in
let let
local = config.node.secretsDir + "/pii.nix.enc"; local = config.node.secretsDir + "/pii.nix.enc";
in in
(lib.optionalAttrs (lib.pathExists local && !minimal) { inherit local; }) // lib.optionalAttrs (!minimal) { (lib.optionalAttrs (lib.pathExists local) { inherit local; }) // lib.optionalAttrs true {
common = ../../../secrets/repo/pii.nix.enc; common = ../../../secrets/repo/pii.nix.enc;
}; };
}; };

238
nix/devshell.nix
View file

@ -46,114 +46,142 @@
}; };
}; };
devshells.default = devshells = {
let deploy =
nix-version = "2_30"; let
in nix-version = "2_28";
{ in
packages = [ {
(builtins.trace "alarm: pinned nix_${nix-version}" pkgs.nixVersions."nix_${nix-version}") packages = [
pkgs.git (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.stable25_05.nixVersions."nix_${nix-version}")
pkgs.just pkgs.git
pkgs.age pkgs.just
pkgs.ssh-to-age pkgs.age
pkgs.sops pkgs.ssh-to-age
pkgs.nixpkgs-fmt pkgs.sops
self.packages.${system}.swarsel-build ];
self.packages.${system}.swarsel-deploy
(pkgs.symlinkJoin {
name = "home-manager";
buildInputs = [ pkgs.makeWrapper ];
paths = [ pkgs.home-manager ];
postBuild = ''
wrapProgram $out/bin/home-manager \
--append-flags '--flake .#$(hostname)'
'';
})
];
commands = [ env =
{ [
package = pkgs.statix; {
help = "Lint flake"; name = "NIX_CONFIG";
} value = ''
{ plugin-files = ${pkgs.stable25_05.nix-plugins.overrideAttrs (o: {
package = pkgs.deadnix; buildInputs = [pkgs.stable25_05.nixVersions."nix_${nix-version}" pkgs.stable25_05.boost];
help = "Check flake for dead code"; patches = (o.patches or []) ++ [./nix-plugins.patch];
} })}/lib/nix/plugins
{ extra-builtins-file = ${self + /nix/extra-builtins.nix}
package = pkgs.nix-tree; '';
help = "Interactively browse dependency graphs of Nix derivations"; }
} ];
{ };
package = pkgs.nvd; default =
help = "Diff two nix toplevels and show which packages were upgraded"; let
} nix-version = "2_30";
{ in
package = pkgs.nix-diff; {
help = "Explain why two Nix derivations differ"; packages = [
} (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.nixVersions."nix_${nix-version}")
{ pkgs.git
package = pkgs.nix-output-monitor; pkgs.just
help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)"; pkgs.age
name = "nom \"$@\""; pkgs.ssh-to-age
} pkgs.sops
{ pkgs.nixpkgs-fmt
name = "hm"; self.packages.${system}.swarsel-build
help = "Manage home-manager config"; self.packages.${system}.swarsel-deploy
command = "home-manager \"$@\""; (pkgs.symlinkJoin {
} name = "home-manager";
{ buildInputs = [ pkgs.makeWrapper ];
name = "fmt"; paths = [ pkgs.home-manager ];
help = "Format flake"; postBuild = ''
command = "nixpkgs-fmt --check \"$FLAKE\""; wrapProgram $out/bin/home-manager \
} --append-flags '--flake .#$(hostname)'
{
name = "sd";
help = "Build and deploy this nix config to nodes";
command = "swarsel-deploy \"$@\"";
}
{
name = "sl";
help = "Build and deploy a config to nodes";
command = "swarsel-deploy \${1} switch";
}
{
name = "sw";
help = "Build and switch to the host's config locally";
command = "swarsel-deploy $(hostname) switch";
}
{
name = "bld";
help = "Build a number of configurations";
command = "swarsel-build \"$@\"";
}
{
name = "c";
help = "Work with the flake git repository";
command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\"";
}
];
devshell.startup.pre-commit-install.text = "pre-commit install";
env =
let
nix-plugins = pkgs.nix-plugins.override {
nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
};
in
[
{
# Additionally configure nix-plugins with our extra builtins file.
# We need this for our repo secrets.
name = "NIX_CONFIG";
value = ''
plugin-files = ${nix-plugins}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
''; '';
})
];
commands = [
{
package = pkgs.statix;
help = "Lint flake";
}
{
package = pkgs.deadnix;
help = "Check flake for dead code";
}
{
package = pkgs.nix-tree;
help = "Interactively browse dependency graphs of Nix derivations";
}
{
package = pkgs.nvd;
help = "Diff two nix toplevels and show which packages were upgraded";
}
{
package = pkgs.nix-diff;
help = "Explain why two Nix derivations differ";
}
{
package = pkgs.nix-output-monitor;
help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)";
name = "nom \"$@\"";
}
{
name = "hm";
help = "Manage home-manager config";
command = "home-manager \"$@\"";
}
{
name = "fmt";
help = "Format flake";
command = "nixpkgs-fmt --check \"$FLAKE\"";
}
{
name = "sd";
help = "Build and deploy this nix config to nodes";
command = "swarsel-deploy \"$@\"";
}
{
name = "sl";
help = "Build and deploy a config to nodes";
command = "swarsel-deploy \${1} switch";
}
{
name = "sw";
help = "Build and switch to the host's config locally";
command = "swarsel-deploy $(hostname) switch";
}
{
name = "bld";
help = "Build a number of configurations";
command = "swarsel-build \"$@\"";
}
{
name = "c";
help = "Work with the flake git repository";
command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\"";
} }
]; ];
};
devshell.startup.pre-commit-install.text = "pre-commit install";
env =
let
nix-plugins = pkgs.nix-plugins.override {
nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
};
in
[
{
name = "NIX_CONFIG";
value = ''
plugin-files = ${nix-plugins}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'';
}
];
};
};
}; };
} }