diff --git a/SwarselSystems.org b/SwarselSystems.org index fa82ef3..e883e79 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -1781,6 +1781,8 @@ A short overview over each input and what it does: topologyPrivate.url = "./files/topology/public"; + den.url = "github:vic/den"; + import-tree.url = "github:vic/import-tree"; swarsel-nix.url = "github:Swarsel/swarsel-nix/main"; systems.url = "github:nix-systems/default"; nur.url = "github:nix-community/NUR"; @@ -1819,20 +1821,7 @@ A short overview over each input and what it does: outputs = inputs: inputs.flake-parts.lib.mkFlake { inherit inputs; } { - imports = [ - ./nix/globals.nix - ./nix/hosts.nix - ./nix/topology.nix - ./nix/devshell.nix - ./nix/apps.nix - ./nix/packages.nix - ./nix/overlays.nix - ./nix/lib.nix - ./nix/templates.nix - ./nix/formatter.nix - ./nix/modules.nix - ./nix/iso.nix - ]; + imports = [ (inputs.import-tree [ ./flake ]) ]; systems = [ "x86_64-linux" "aarch64-linux" @@ -1863,7 +1852,7 @@ This file is used by [[https://github.com/shlevy/nix-plugins][nix-plugins]]. nix The builtin that is added is a simple call to the =exec= function that calls a bash script. In order to keep some sanity, we are checking that we are actually calling it no an encryted nix file (even though there is no syntax check inside) and that the path given is a true nix path. Note that a string path will not be accepted, as that can have impurity implications. -#+begin_src nix-ts :tangle nix/extra-builtins.nix +#+begin_src nix-ts :tangle files/nix/extra-builtins.nix # adapted from https://github.com/oddlama/nix-config/blob/main/nix/extra-builtins.nix { exec, ... }: let @@ -1887,7 +1876,7 @@ The builtin that is added is a simple call to the =exec= function that calls a b assert assertMsg (hasSuffix ".nix.enc" nixFile) "The content of the decrypted file must be a nix expression and should therefore end in .nix.enc"; exec [ - ./sops-decrypt-and-cache.sh + ./files/scripts/sops-decrypt-and-cache.sh nixFile ]; } @@ -1900,7 +1889,7 @@ The builtin that is added is a simple call to the =exec= function that calls a b This is the file that manages the actual decryption of the files mentioned in [[#h:87c7893e-e946-4fc0-8973-1ca27d15cf0e][extra-builtins]]. We simply fetch the appropriate system age key from the ssh host key and then call =sops decrypt=. Since it would be a bother to decrypt these files on every build, I keep the result cached and only re-decrypt if it changes. Keeping it cached outside the nix store incurrs a theoretical bit of impurity. However, this is easier to manage and also nothing really relies on these files being present. -#+begin_src shell :tangle nix/sops-decrypt-and-cache.sh :shebang #!/usr/bin/env bash +#+begin_src shell :tangle files/scripts/sops-decrypt-and-cache.sh :shebang #!/usr/bin/env bash # adapted from https://github.com/oddlama/nix-config/blob/main/nix/rage-decrypt-and-cache.sh set -euo pipefail @@ -1988,7 +1977,7 @@ Concerning the =flake = _:= part: - this is a mechanism introduced by [[https://flake.parts/][flake-parts]]. A =flake= output is akin to a 'normal' output of a standard nix flake (meaning, it will not be built specifically for each system defined by =mkFlake=) - =lib= is then defined as the merged set of the =nixpkgs= and =home-manager= lib's, as well as some extra functions that I defined in the let-block (the =.extend()= method adds attributes to a set) -#+begin_src nix-ts :tangle nix/lib.nix +#+begin_src nix-ts :tangle flake/lib.nix { self, inputs, ... }: let swarselsystems = @@ -2106,7 +2095,7 @@ The =_module.args= part is needed because we need to set/override the =flake-par More information on the actual packages build can be found in [[#h:64a5cc16-6b16-4802-b421-c67ccef853e1][Packages]]. -#+begin_src nix-ts :tangle nix/packages.nix +#+begin_src nix-ts :tangle flake/packages.nix { self, inputs, ... }: { imports = [ @@ -2176,7 +2165,7 @@ Lastly, in order make this actually available to my configurations, i use the =i Similar to [[#h:6ed1a641-dba8-4e85-a62e-be93264df57a][Packages (pkgs)]], we again create a perSystem module for =globals=. We want this because we need to ingest the right =lib= with the extensions from =nixos-extra-modules= as discussed in [[#h:6ed1a641-dba8-4e85-a62e-be93264df57a][Packages (pkgs)]]. One side effect is that instead of a single =globals= output, we instead create outputs of the form =globals.=. This is not a problem as long as we pass one of these in [[#h:5c5bf78a-9a66-436f-bd85-85871d9d402b][Hosts]], but it needs to be kept in mind. In effect, because we overrode =pkgs=, we can now use the =perSystem= module argument =pkgs= which will fetch the right =pkgs=. Anther method would be using =inputs'= together with =inputs'.pkgs.lib= as per https://flake.parts/module-arguments.html?highlight=modulewith#inputs. -#+begin_src nix-ts :tangle nix/globals.nix +#+begin_src nix-ts :tangle flake/globals.nix # adapted from https://github.com/oddlama/nix-config/blob/main/nix/globals.nix { self, inputs, ... }: { @@ -2212,7 +2201,7 @@ Similar to [[#h:6ed1a641-dba8-4e85-a62e-be93264df57a][Packages (pkgs)]], we agai let sopsImportEncrypted = assert lib.assertMsg (builtins ? extraBuiltins.sopsImportEncrypted) - "The extra builtin 'sopsImportEncrypted' is not available, so repo.secrets cannot be decrypted. Did you forget to add nix-plugins and point it to `./nix/extra-builtins.nix` ?"; + "The extra builtin 'sopsImportEncrypted' is not available, so repo.secrets cannot be decrypted. Did you forget to add nix-plugins and point it to `./files/nix/extra-builtins.nix` ?"; builtins.extraBuiltins.sopsImportEncrypted; in @@ -2285,7 +2274,7 @@ The rest of the functions are used to build full NixOS systems as well as halfCo - =halfConfigurationsPerArch= returns all halfConfigurations of a certain type (android or home-manager only) - =ConfigurationsPerArch= does the same for full NixOS systems (NixOS or darwin). These can further be specialized by passing in the corresponding =minimal= arg that is used during bootstrapping. -#+begin_src nix-ts :tangle nix/hosts.nix +#+begin_src nix-ts :tangle flake/hosts.nix { self, inputs, ... }: { flake = { config, ... }: @@ -2515,7 +2504,7 @@ This defines some topology for the [[https://github.com/oddlama/nix-topology][ni Another note concerning [[https://flake.parts/][flake-parts]]: - =perSystem= is a mechanism that tells flake-parts to build the following attribute set for all systems. This replaces the need to handle myself any =system= or =pkgs= variables, this is done by flake-parts. In this case this is needed so that the topology diagram can be built locally. -#+begin_src nix-ts :tangle nix/topology.nix +#+begin_src nix-ts :tangle flake/topology.nix { self, inputs, ... }: { imports = [ @@ -2806,7 +2795,7 @@ The devshell also provides a number of useful shorthand commands, as well as a ' Aside from the =default= devShell which is the one that should usually be called interactively, I also define a =deploy= devshell: this one compiles nix-plugins against an earlier version of nix, which is needed so that the version nixos-anywhere that I am using works. However, that version is a little annoying since it had a bug in nix-plugins that is here fixed using a patch file. I guess it also serves as another fallback should problems with the current nix-plugins version arise. -#+begin_src nix-ts :tangle nix/devshell.nix +#+begin_src nix-ts :tangle flake/devshell.nix { self, inputs, ... }: { imports = [ @@ -2878,9 +2867,9 @@ Aside from the =default= devShell which is the one that should usually be called value = '' plugin-files = ${pkgs.stable25_05.nix-plugins.overrideAttrs (o: { buildInputs = [pkgs.stable25_05.nixVersions."nix_${nix-version}" pkgs.stable25_05.boost]; - patches = (o.patches or []) ++ [./nix-plugins.patch]; + patches = (o.patches or []) ++ [./files/patches/nix-plugins.patch]; })}/lib/nix/plugins - extra-builtins-file = ${self + /nix/extra-builtins.nix} + extra-builtins-file = ${self + /files/nix/extra-builtins.nix} ''; } ]; @@ -2988,7 +2977,7 @@ Aside from the =default= devShell which is the one that should usually be called name = "NIX_CONFIG"; value = '' plugin-files = ${nix-plugins}/lib/nix/plugins - extra-builtins-file = ${self + /nix/extra-builtins.nix} + extra-builtins-file = ${self + /files/nix/extra-builtins.nix} ''; } ]; @@ -3009,7 +2998,7 @@ Otherwise, I define the function =mkTemplates= here which builds a named attribu - uses [[#h:c63cd469-7724-4a05-b932-8843722a00f0][builtins.listToAttrs]] -#+begin_src nix-ts :tangle nix/templates.nix +#+begin_src nix-ts :tangle flake/templates.nix { self, ... }: { flake = _: { @@ -3047,7 +3036,7 @@ Defines a formatter that can be called using =nix fmt=. Usually all formatting in this repo is done automatically while editing in emacs. However, it is nice to have a backup formatter to rely on and treefmt is extermely nice to work with, as it allows setting formatters for all kinds of aspects of the flake. -#+begin_src nix-ts :tangle nix/formatter.nix +#+begin_src nix-ts :tangle flake/formatter.nix { inputs, ... }: { imports = [ @@ -3104,7 +3093,7 @@ This exposes all of my modular configuration as modules. Other people can use th =homeModules= on the other hand is not standardized in this way (for example, many flakes refer to =homeManagerModules= instead); in order not to unnecessarily break things, I leave it as is. -#+begin_src nix-ts :tangle nix/modules.nix +#+begin_src nix-ts :tangle flake/modules.nix { self, ... }: { flake = _: @@ -3128,7 +3117,7 @@ This defines some apps; they differ from normal packages in that they can be cal - uses [[#h:c63cd469-7724-4a05-b932-8843722a00f0][builtins.listToAttrs]] - uses [[#h:b1fe7a9a-661b-4446-aefa-98373108f8fd][The '//' operator]] to add the default output to thte set of built apps. -#+begin_src nix-ts :tangle nix/apps.nix +#+begin_src nix-ts :tangle flake/apps.nix { self, ... }: { perSystem = { system, ... }: @@ -3197,7 +3186,7 @@ On the structure of overlays: as you notice, all of the attributes within overla - The =_= argument is used like in a number of other programing languages and signals that the argument is never actually used in the function. -#+begin_src nix-ts :tangle nix/overlays.nix +#+begin_src nix-ts :tangle flake/overlays.nix { self, inputs, ... }: let inherit (self) outputs; @@ -3375,7 +3364,7 @@ In a similar way, =nix build --print-out-paths --no-link .#pnap-kexe This is an improvement to what I did earlier, where I did not use =nixos-generators= but instead manually imported the needed modules to make this configration into a bootable USB image. Now, I can just write this in the same way that I would to write any other configuration. -#+begin_src nix-ts :tangle nix/iso.nix +#+begin_src nix-ts :tangle flake/iso.nix { self, inputs, ... }: { perSystem = { pkgs, system, ... }: @@ -7962,7 +7951,7 @@ Steps to recover using live ISO: buildInputs = [config.nix.package pkgs.boost]; patches = o.patches or []; })}/lib/nix/plugins - extra-builtins-file = ${../nix/extra-builtins.nix} + extra-builtins-file = ${../files/nix/extra-builtins.nix} ''; settings.experimental-features = [ "nix-command" "flakes" ]; @@ -8198,8 +8187,8 @@ This live ISO config provides a secure environment for setting up cryptographic hostName = "policestation"; resolvconf.enable = false; dhcpcd.enable = false; - dhcpcd.allowInterfaces = []; - interfaces = {}; + dhcpcd.allowInterfaces = [ ]; + interfaces = { }; firewall.enable = true; useDHCP = false; useNetworkd = false; @@ -9248,7 +9237,7 @@ A breakdown of the flags being set: in '' plugin-files = ${nix-plugins}/lib/nix/plugins - extra-builtins-file = ${self + /nix/extra-builtins.nix} + extra-builtins-file = ${self + /files/nix/extra-builtins.nix} '' + lib.optionalString (!minimal) '' !include ${config.sops.secrets.github-api-token.path} ''; @@ -9481,7 +9470,7 @@ This system, while highly pleasant to work with during everyday use, sometimes h # Throw an error if that doesn't exist. sopsImportEncrypted = assert lib.assertMsg (builtins ? extraBuiltins.sopsImportEncrypted) - "The extra builtin 'sopsImportEncrypted' is not available, so repo.secrets cannot be decrypted. Did you forget to add nix-plugins and point it to `/nix/extra-builtins.nix` ?"; + "The extra builtin 'sopsImportEncrypted' is not available, so repo.secrets cannot be decrypted. Did you forget to add nix-plugins and point it to `/files/nix/extra-builtins.nix` ?"; builtins.extraBuiltins.sopsImportEncrypted; # This "imports" an encrypted .nix.age file by evaluating the decrypted content. @@ -20926,7 +20915,7 @@ Again, we adapt =nix= to our needs, enable the home-manager command for non-NixO in '' plugin-files = ${nix-plugins}/lib/nix/plugins - extra-builtins-file = ${self + /nix/extra-builtins.nix} + extra-builtins-file = ${self + /files/nix/extra-builtins.nix} ''; settings = { experimental-features = [ @@ -25183,6 +25172,8 @@ Normally, I want to push all nix build artifacts to my main cache automatically, Service = { ExecStart = "${lib.getExe pkgs.attic-client} watch-store ${config.swarselsystems.mainUser}:${config.swarselsystems.mainUser}"; + Restart = "on-failure"; + RestartSec = 30; }; }; }; @@ -37472,7 +37463,7 @@ dict-dir /run/current-system/sw/lib/aspell :CUSTOM_ID: h:931ff2fd-61f0-4f8f-b221-d879780f38d7 :END: -#+begin_src diff :tangle nix/nix-plugins.patch +#+begin_src diff :tangle files/patches/nix-plugins.patch :mkdirp yes diff --git a/extra-builtins.cc b/extra-builtins.cc index 3a0f90e..bb10f8b 100644 --- a/extra-builtins.cc diff --git a/nix/extra-builtins.nix b/files/nix/extra-builtins.nix similarity index 95% rename from nix/extra-builtins.nix rename to files/nix/extra-builtins.nix index 06dbf18..0b433d9 100644 --- a/nix/extra-builtins.nix +++ b/files/nix/extra-builtins.nix @@ -21,7 +21,7 @@ in assert assertMsg (hasSuffix ".nix.enc" nixFile) "The content of the decrypted file must be a nix expression and should therefore end in .nix.enc"; exec [ - ./sops-decrypt-and-cache.sh + ./files/scripts/sops-decrypt-and-cache.sh nixFile ]; } diff --git a/nix/nix-plugins.patch b/files/patches/nix-plugins.patch similarity index 100% rename from nix/nix-plugins.patch rename to files/patches/nix-plugins.patch diff --git a/nix/sops-decrypt-and-cache.sh b/files/scripts/sops-decrypt-and-cache.sh similarity index 100% rename from nix/sops-decrypt-and-cache.sh rename to files/scripts/sops-decrypt-and-cache.sh diff --git a/flake.lock b/flake.lock index b65777e..dbcaf96 100644 --- a/flake.lock +++ b/flake.lock @@ -156,6 +156,21 @@ "type": "github" } }, + "den": { + "locked": { + "lastModified": 1774890137, + "narHash": "sha256-ud23tRiZy+DONcw3a3WDIl+bYa+wY4ZrB8pHbRCLR+w=", + "owner": "vic", + "repo": "den", + "rev": "26a5d222f770069180ae147c6907d3875fa0056e", + "type": "github" + }, + "original": { + "owner": "vic", + "repo": "den", + "type": "github" + } + }, "dependencyDagOfSubmodule": { "inputs": { "nixpkgs": [ @@ -1146,6 +1161,21 @@ "type": "github" } }, + "import-tree": { + "locked": { + "lastModified": 1773693634, + "narHash": "sha256-BtZ2dtkBdSUnFPPFc+n0kcMbgaTxzFNPv2iaO326Ffg=", + "owner": "vic", + "repo": "import-tree", + "rev": "c41e7d58045f9057880b0d85e1152d6a4430dbf1", + "type": "github" + }, + "original": { + "owner": "vic", + "repo": "import-tree", + "type": "github" + } + }, "incl": { "inputs": { "nixlib": [ @@ -2946,6 +2976,7 @@ }, "root": { "inputs": { + "den": "den", "devshell": "devshell", "disko": "disko", "dns": "dns", @@ -2954,6 +2985,7 @@ "home-manager": "home-manager", "hydra": "hydra", "impermanence": "impermanence", + "import-tree": "import-tree", "lanzaboote": "lanzaboote", "microvm": "microvm", "niri-flake": "niri-flake", diff --git a/flake.nix b/flake.nix index a8c316d..79f042f 100644 --- a/flake.nix +++ b/flake.nix @@ -68,6 +68,8 @@ topologyPrivate.url = "./files/topology/public"; + den.url = "github:vic/den"; + import-tree.url = "github:vic/import-tree"; swarsel-nix.url = "github:Swarsel/swarsel-nix/main"; systems.url = "github:nix-systems/default"; nur.url = "github:nix-community/NUR"; @@ -106,20 +108,7 @@ outputs = inputs: inputs.flake-parts.lib.mkFlake { inherit inputs; } { - imports = [ - ./nix/globals.nix - ./nix/hosts.nix - ./nix/topology.nix - ./nix/devshell.nix - ./nix/apps.nix - ./nix/packages.nix - ./nix/overlays.nix - ./nix/lib.nix - ./nix/templates.nix - ./nix/formatter.nix - ./nix/modules.nix - ./nix/iso.nix - ]; + imports = [ (inputs.import-tree [ ./flake ]) ]; systems = [ "x86_64-linux" "aarch64-linux" diff --git a/nix/apps.nix b/flake/apps.nix similarity index 100% rename from nix/apps.nix rename to flake/apps.nix diff --git a/nix/devshell.nix b/flake/devshell.nix similarity index 95% rename from nix/devshell.nix rename to flake/devshell.nix index 8d8274c..29f955e 100644 --- a/nix/devshell.nix +++ b/flake/devshell.nix @@ -69,9 +69,9 @@ value = '' plugin-files = ${pkgs.stable25_05.nix-plugins.overrideAttrs (o: { buildInputs = [pkgs.stable25_05.nixVersions."nix_${nix-version}" pkgs.stable25_05.boost]; - patches = (o.patches or []) ++ [./nix-plugins.patch]; + patches = (o.patches or []) ++ [./files/patches/nix-plugins.patch]; })}/lib/nix/plugins - extra-builtins-file = ${self + /nix/extra-builtins.nix} + extra-builtins-file = ${self + /files/nix/extra-builtins.nix} ''; } ]; @@ -179,7 +179,7 @@ name = "NIX_CONFIG"; value = '' plugin-files = ${nix-plugins}/lib/nix/plugins - extra-builtins-file = ${self + /nix/extra-builtins.nix} + extra-builtins-file = ${self + /files/nix/extra-builtins.nix} ''; } ]; diff --git a/nix/formatter.nix b/flake/formatter.nix similarity index 100% rename from nix/formatter.nix rename to flake/formatter.nix diff --git a/nix/globals.nix b/flake/globals.nix similarity index 96% rename from nix/globals.nix rename to flake/globals.nix index b088464..7ae5436 100644 --- a/nix/globals.nix +++ b/flake/globals.nix @@ -33,7 +33,7 @@ let sopsImportEncrypted = assert lib.assertMsg (builtins ? extraBuiltins.sopsImportEncrypted) - "The extra builtin 'sopsImportEncrypted' is not available, so repo.secrets cannot be decrypted. Did you forget to add nix-plugins and point it to `./nix/extra-builtins.nix` ?"; + "The extra builtin 'sopsImportEncrypted' is not available, so repo.secrets cannot be decrypted. Did you forget to add nix-plugins and point it to `./files/nix/extra-builtins.nix` ?"; builtins.extraBuiltins.sopsImportEncrypted; in diff --git a/nix/hosts.nix b/flake/hosts.nix similarity index 100% rename from nix/hosts.nix rename to flake/hosts.nix diff --git a/nix/iso.nix b/flake/iso.nix similarity index 100% rename from nix/iso.nix rename to flake/iso.nix diff --git a/nix/lib.nix b/flake/lib.nix similarity index 100% rename from nix/lib.nix rename to flake/lib.nix diff --git a/nix/modules.nix b/flake/modules.nix similarity index 100% rename from nix/modules.nix rename to flake/modules.nix diff --git a/nix/overlays.nix b/flake/overlays.nix similarity index 100% rename from nix/overlays.nix rename to flake/overlays.nix diff --git a/nix/packages.nix b/flake/packages.nix similarity index 100% rename from nix/packages.nix rename to flake/packages.nix diff --git a/nix/templates.nix b/flake/templates.nix similarity index 100% rename from nix/templates.nix rename to flake/templates.nix diff --git a/nix/topology.nix b/flake/topology.nix similarity index 100% rename from nix/topology.nix rename to flake/topology.nix diff --git a/install/installer-config.nix b/install/installer-config.nix index 4f9cbd3..acb3ac8 100644 --- a/install/installer-config.nix +++ b/install/installer-config.nix @@ -49,7 +49,7 @@ in buildInputs = [config.nix.package pkgs.boost]; patches = o.patches or []; })}/lib/nix/plugins - extra-builtins-file = ${../nix/extra-builtins.nix} + extra-builtins-file = ${../files/nix/extra-builtins.nix} ''; settings.experimental-features = [ "nix-command" "flakes" ]; diff --git a/modules/home/common/attic-store-push.nix b/modules/home/common/attic-store-push.nix index e4a7798..197c625 100644 --- a/modules/home/common/attic-store-push.nix +++ b/modules/home/common/attic-store-push.nix @@ -17,6 +17,8 @@ Service = { ExecStart = "${lib.getExe pkgs.attic-client} watch-store ${config.swarselsystems.mainUser}:${config.swarselsystems.mainUser}"; + Restart = "on-failure"; + RestartSec = 30; }; }; }; diff --git a/modules/home/common/settings.nix b/modules/home/common/settings.nix index e8408a0..66b372f 100644 --- a/modules/home/common/settings.nix +++ b/modules/home/common/settings.nix @@ -24,7 +24,7 @@ in in '' plugin-files = ${nix-plugins}/lib/nix/plugins - extra-builtins-file = ${self + /nix/extra-builtins.nix} + extra-builtins-file = ${self + /files/nix/extra-builtins.nix} ''; settings = { experimental-features = [ diff --git a/modules/nixos/common/pii.nix b/modules/nixos/common/pii.nix index 49f0540..92c5808 100644 --- a/modules/nixos/common/pii.nix +++ b/modules/nixos/common/pii.nix @@ -10,7 +10,7 @@ let # Throw an error if that doesn't exist. sopsImportEncrypted = assert lib.assertMsg (builtins ? extraBuiltins.sopsImportEncrypted) - "The extra builtin 'sopsImportEncrypted' is not available, so repo.secrets cannot be decrypted. Did you forget to add nix-plugins and point it to `/nix/extra-builtins.nix` ?"; + "The extra builtin 'sopsImportEncrypted' is not available, so repo.secrets cannot be decrypted. Did you forget to add nix-plugins and point it to `/files/nix/extra-builtins.nix` ?"; builtins.extraBuiltins.sopsImportEncrypted; # This "imports" an encrypted .nix.age file by evaluating the decrypted content. diff --git a/modules/nixos/common/settings.nix b/modules/nixos/common/settings.nix index 0a120fe..171bd21 100644 --- a/modules/nixos/common/settings.nix +++ b/modules/nixos/common/settings.nix @@ -111,7 +111,7 @@ in in '' plugin-files = ${nix-plugins}/lib/nix/plugins - extra-builtins-file = ${self + /nix/extra-builtins.nix} + extra-builtins-file = ${self + /files/nix/extra-builtins.nix} '' + lib.optionalString (!minimal) '' !include ${config.sops.secrets.github-api-token.path} ''; diff --git a/nix/globals-general.nix b/nix/globals-general.nix deleted file mode 100644 index cf202bd..0000000 --- a/nix/globals-general.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ lib, ... }: -let - # Try to access the extra builtin we loaded via nix-plugins. - # Throw an error if that doesn't exist. - sopsImportEncrypted = - assert lib.assertMsg (builtins ? extraBuiltins.sopsImportEncrypted) - "The extra builtin 'sopsImportEncrypted' is not available, so repo.secrets cannot be decrypted. Did you forget to add nix-plugins and point it to `./nix/extra-builtins.nix` ?"; - builtins.extraBuiltins.sopsImportEncrypted; -in - -{ - imports = [ - (sopsImportEncrypted ../secrets/repo/globals.nix.enc) - ]; - -}