privatevoid.net/depot
1
1
Fork 0
Code Issues 23 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

init

Browse source
This commit is contained in:
Max Headroom 2021-06-05 22:59:06 +02:00
commit f9dfe15748
53 changed files with 1663 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
/wip
/result
result

2
config/zsh/components/console-256color.zsh Normal file
View file

@ -0,0 +1,2 @@
# works well enough
[[ "$TERM" == "linux" ]] && TERM=xterm-256color

4
config/zsh/components/fuzzy-tab.zsh Normal file
View file

@ -0,0 +1,4 @@
zstyle ':completion:*' matcher-list '' \
'm:{a-z\-}={A-Z\_}' \
'r:[^[:alpha:]]||[[:alpha:]]=** r:|=* m:{a-z\-}={A-Z\_}' \
'r:|?=** m:{a-z\-}={A-Z\_}'

31
config/zsh/components/highlight-theme.zsh Normal file
View file

@ -0,0 +1,31 @@
# zsh-syntax-highlighting
typeset -A ZSH_HIGHLIGHT_STYLES
ZSH_HIGHLIGHT_STYLES[precommand]='fg=33'
ZSH_HIGHLIGHT_STYLES[arg0]='fg=39'
ZSH_HIGHLIGHT_STYLES[single-hyphen-option]='fg=229'
ZSH_HIGHLIGHT_STYLES[double-hyphen-option]='fg=228'
ZSH_HIGHLIGHT_STYLES[autodirectory]='fg=blue'
ZSH_HIGHLIGHT_STYLES[path]='none'
# HACK: performance fix assuming "none" isn't truly none
ZSH_HIGHLIGHT_DIRS_BLACKLIST+=(/*)
# fix aliased highlighting of suid precmds
typeset -A ZSH_HIGHLIGHT_PATTERNS
ZSH_HIGHLIGHT_PATTERNS+=('doas' 'fg=33')
ZSH_HIGHLIGHT_PATTERNS+=('sudo' 'fg=33')
ZSH_HIGHLIGHT_HIGHLIGHTERS=(main pattern)
# set up LS_COLORS
if which dircolors >/dev/null 2>&1; then
export $(dircolors)
fi
# colorful tab completion listings
zstyle ':completion:*' list-colors "${(s.:.)LS_COLORS}"

7
config/zsh/components/history.zsh Normal file
View file

@ -0,0 +1,7 @@
HISTFILE=~/.cache/zsh_history
HISTSIZE=15000
SAVEHIST=10000
setopt share_history
setopt hist_expire_dups_first
setopt hist_no_functions hist_no_store hist_reduce_blanks
setopt hist_verify

38
config/zsh/components/keybinds.zsh Normal file
View file

@ -0,0 +1,38 @@
# partial outtake from ohmyzsh lib/key-bindings.zsh
# https://github.com/ohmyzsh/ohmyzsh/pull/1355/files
if (( ${+terminfo[smkx]} )) && (( ${+terminfo[rmkx]} )); then
function zle-line-init() {
echoti smkx
}
function zle-line-finish() {
echoti rmkx
}
zle -N zle-line-init
zle -N zle-line-finish
fi
bindkey -e # Use emacs key bindings
bindkey '\ew' kill-region # [Esc-w] - Kill from the cursor to the mark
bindkey -s '\el' 'ls\n' # [Esc-l] - run command: ls
bindkey '^r' history-incremental-search-backward # [Ctrl-r] - Search backward incrementally for a specified string. The string may begin with ^ to anchor the search to the beginning of the line.
bindkey "${terminfo[kpp]}" up-line-or-history # [PageUp] - Up a line of history
bindkey "${terminfo[knp]}" down-line-or-history # [PageDown] - Down a line of history
bindkey "${terminfo[kcuu1]}" history-substring-search-up
bindkey "${terminfo[kcud1]}" history-substring-search-down
bindkey "${terminfo[khome]}" beginning-of-line # [Home] - Go to beginning of line
bindkey "${terminfo[kend]}" end-of-line # [End] - Go to end of line
bindkey ' ' magic-space # [Space] - do history expansion
bindkey '^[[1;5C' forward-word # [Ctrl-RightArrow] - move forward one word
bindkey '^[[1;5D' backward-word # [Ctrl-LeftArrow] - move backward one word
bindkey "${terminfo[kcbt]}" reverse-menu-complete # [Shift-Tab] - move through the completion menu backwards
bindkey '^?' backward-delete-char # [Backspace] - delete backward
bindkey "${terminfo[kdch1]}" delete-char # [Delete] - delete forward

2
config/zsh/components/magic-space.zsh Normal file
View file

@ -0,0 +1,2 @@
bindkey ' ' magic-space
bindkey '^ ' autosuggest-accept

15
config/zsh/components/misc.zsh Normal file
View file

@ -0,0 +1,15 @@
# allow using comments in interactive
setopt interactive_comments
# basic support for the omz theme format
setopt prompt_subst
# completions
autoload -U compinit
compinit
# allow fully dynamic alias completion - like it's supposed to be
unsetopt complete_aliases
setopt glob_complete
setopt glob_star_short
unsetopt bad_pattern

43
config/zsh/components/navigation.zsh Normal file
View file

@ -0,0 +1,43 @@
alias d="dirs -v | head -n10"
# backdir auto expansion: ... -> ../..
function rationalise-dot() {
local MATCH # keep the regex match from leaking to the environment
if [[ $LBUFFER =~ '(^|/| | |'$'\n''|\||;|&)\.\.$' && ! $LBUFFER = p4* ]]; then
#if [[ ! $LBUFFER = p4* && $LBUFFER = *.. ]]; then
LBUFFER+=/..
else
zle self-insert
fi
}
zle -N rationalise-dot
bindkey . rationalise-dot
bindkey -M isearch . self-insert
# absolutize a relative path, or vice versa, or alternatively insert the cwd
function insert-cwd-or-absolute() {
local MATCH # keep the regex match from leaking to the environment
# match anything that could be a path
if [[ $LBUFFER =~ '(|'$'\n''|\||;|&)[^= ]+$' && ! $LBUFFER = p4* ]]; then
# make sure it exists
if [[ -e $MATCH ]]; then
local XMATCH="$MATCH"
# absolute - make relative
if [[ $XMATCH =~ '^/' ]]; then
# cut away the last piece of the buffer
local LENGTH=$(( $#LBUFFER - $#XMATCH ))
LBUFFER="${LBUFFER:0:${LENGTH}}"
# and replace it with a relative realpath
LBUFFER+="$(realpath --relative-to=. $XMATCH)"
else # relative - make absolute
local LENGTH=$(( $#LBUFFER - $#XMATCH ))
LBUFFER="${LBUFFER:0:${LENGTH}}"
LBUFFER+="$(realpath $XMATCH)"
fi
fi
else
LBUFFER+=$(pwd)
fi
}
zle -N insert-cwd-or-absolute
bindkey '\ed' insert-cwd-or-absolute

88
config/zsh/components/theme-common-mod.zsh Normal file
View file

@ -0,0 +1,88 @@
# vim: filetype=sh
# Prompt symbol
COMMON_PROMPT_SYMBOL="Ψ"
# Colors
COMMON_COLORS_HOST_ME=green
COMMON_COLORS_HOST_AWS_VAULT=yellow
COMMON_COLORS_CURRENT_DIR=blue
COMMON_COLORS_RETURN_STATUS_TRUE=99
COMMON_COLORS_RETURN_STATUS_FALSE=red
COMMON_COLORS_GIT_STATUS_DEFAULT=green
COMMON_COLORS_GIT_STATUS_STAGED=red
COMMON_COLORS_GIT_STATUS_UNSTAGED=yellow
COMMON_COLORS_GIT_PROMPT_SHA=green
COMMON_COLORS_BG_JOBS=yellow
# Left Prompt
PROMPT='$(common_host)$(common_current_dir)$(common_bg_jobs)$(common_return_status)'
# Right Prompt
RPROMPT='$(common_git_status)'
# Prompt with current SHA
# PROMPT='$(common_host)$(common_current_dir)$(common_bg_jobs)$(common_return_status)'
# RPROMPT='$(common_git_status) $(git_prompt_short_sha)'
# Host
common_host() {
if [[ -n $SSH_CONNECTION ]]; then
me="%n@%m"
elif [[ $LOGNAME != $USER ]]; then
me="%n"
fi
if [[ -n $me ]]; then
echo "%{$fg[$COMMON_COLORS_HOST_ME]%}$me%{$reset_color%}:"
fi
if [[ $AWS_VAULT ]]; then
echo "%{$fg[$COMMON_COLORS_HOST_AWS_VAULT]%}$AWS_VAULT%{$reset_color%} "
fi
}
# Current directory
common_current_dir() {
echo -n "%{$fg[$COMMON_COLORS_CURRENT_DIR]%}%c "
}
# Prompt symbol
common_return_status() {
echo -n "%(?.%F{$COMMON_COLORS_RETURN_STATUS_TRUE}.%F{$COMMON_COLORS_RETURN_STATUS_FALSE})$COMMON_PROMPT_SYMBOL%f "
}
# Git status
common_git_status() {
local message=""
local message_color="%F{$COMMON_COLORS_GIT_STATUS_DEFAULT}"
# https://git-scm.com/docs/git-status#_short_format
local staged=$(git status --porcelain 2>/dev/null | grep -e "^[MADRCU]")
local unstaged=$(git status --porcelain 2>/dev/null | grep -e "^[MADRCU? ][MADRCU?]")
if [[ -n ${staged} ]]; then
message_color="%F{$COMMON_COLORS_GIT_STATUS_STAGED}"
elif [[ -n ${unstaged} ]]; then
message_color="%F{$COMMON_COLORS_GIT_STATUS_UNSTAGED}"
fi
local branch=$(git rev-parse --abbrev-ref HEAD 2>/dev/null)
if [[ -n ${branch} ]]; then
message+="${message_color}${branch}%f"
fi
echo -n "${message}"
}
# Git prompt SHA
ZSH_THEME_GIT_PROMPT_SHA_BEFORE="%{%F{$COMMON_COLORS_GIT_PROMPT_SHA}%}"
ZSH_THEME_GIT_PROMPT_SHA_AFTER="%{$reset_color%} "
# Background Jobs
common_bg_jobs() {
bg_status="%{$fg[$COMMON_COLORS_BG_JOBS]%}%(1j.↓%j .)"
echo -n $bg_status
}
# xterm title
PROMPT_XTITLE=$'%{\033]0;%n@%M:%~\007%}'
PROMPT="${PROMPT_XTITLE}${PROMPT}"

54
config/zsh/components/theme-delta-mod.zsh Normal file
View file

@ -0,0 +1,54 @@
# Delta
# Reference/Resources:
#
# Prompt Expansion:
# http://zsh.sourceforge.net/Doc/Release/Prompt-Expansion.html
# http://unix.stackexchange.com/questions/157693/howto-include-output-of-a-script-into-the-zsh-prompt
#
# vcs_info
# https://github.com/zsh-users/zsh/blob/master/Misc/vcs_info-examples
# http://zsh.sourceforge.net/Doc/Release/User-Contributions.html#Version-Control-Information
delta_prompt_symbol() {
if [[ "$1" -eq 0 ]]; then
print -n '%F{red}'
else
print -n '%F{8}'
fi
}
delta_prompt_init() {
local hostnamevar PRETTY_HOSTNAME CHASSIS LOCATION
if [[ -f /etc/machine-info ]]; then
. /etc/machine-info
if [[ -n $PRETTY_HOSTNAME ]]; then
hostnamevar=$PRETTY_HOSTNAME
fi
fi
if [[ -z $hostnamevar ]]; then
hostnamevar='%m'
fi
if [[ -n $SSH_CONNECTION ]]; then
PROMPT=" \$(delta_prompt_symbol \$?)Δ%f %F{8}$hostnamevar %c >%f "
else
PROMPT=" \$(delta_prompt_symbol \$?)Δ%f %F{8}%c >%f "
fi
zstyle ':vcs_info:*' enable git
zstyle ':vcs_info:*' use-simple true
zstyle ':vcs_info:git*' formats '%b'
zstyle ':vcs_info:git*' actionformats '%b|%a'
zstyle ':vcs_info:*' max-exports 2
}
delta_prompt_init "$@"
# xterm title
PROMPT_XTITLE=$'%{\033]0;%n@%M:%~\007%}'
PROMPT="${PROMPT_XTITLE}${PROMPT}"

99
config/zsh/prompt.zsh Normal file
View file

@ -0,0 +1,99 @@
# Delta
# Reference/Resources:
#
# Prompt Expansion:
# http://zsh.sourceforge.net/Doc/Release/Prompt-Expansion.html
# http://unix.stackexchange.com/questions/157693/howto-include-output-of-a-script-into-the-zsh-prompt
#
# vcs_info
# https://github.com/zsh-users/zsh/blob/master/Misc/vcs_info-examples
# http://zsh.sourceforge.net/Doc/Release/User-Contributions.html#Version-Control-Information
#
__shlvl_deep() {
[[ $SHLVL -gt 1 ]]
}
delta_prompt_symbol() {
if [[ "$1" -eq 0 ]]; then
local color
if __shlvl_deep; then
color=blue
else
color=red
fi
print -n "%F{$color}"
else
print -n '%F{8}'
fi
}
delta_prompt_nix_shell() {
if __shlvl_deep; then
print -n " %F{cyan}>%F{blue}>%F{8}"
tr : '\n' <<<$PATH | grep '^/nix/store' | while read storepath; do
print -n " ${${storepath#*-}%/*}"
done
print -n '%f\n '
else
print -n ' '
fi
}
delta_prompt_init() {
local hostnamevar PRETTY_HOSTNAME CHASSIS LOCATION
if [[ -f /etc/machine-info ]]; then
. /etc/machine-info
if [[ -n $PRETTY_HOSTNAME ]]; then
hostnamevar=$PRETTY_HOSTNAME
fi
fi
if [[ -z $hostnamevar ]]; then
hostnamevar='%m'
fi
if [[ -n $SSH_CONNECTION ]]; then
PROMPT="$(delta_prompt_nix_shell)\$(delta_prompt_symbol \$? red)Δ%f %F{8}$hostnamevar %c >%f "
else
PROMPT="$(delta_prompt_nix_shell)\$(delta_prompt_symbol \$? red)Δ%f %F{8}%c >%f "
fi
unfunction delta_prompt_nix_shell
zstyle ':vcs_info:*' enable git
zstyle ':vcs_info:*' use-simple true
zstyle ':vcs_info:git*' formats '%b'
zstyle ':vcs_info:git*' actionformats '%b|%a'
zstyle ':vcs_info:*' max-exports 2
}
delta_prompt_git_status() {
local message=""
local message_color="%F{green}"
# https://git-scm.com/docs/git-status#_short_format
local staged=$(git status --porcelain 2>/dev/null | grep -e "^[MADRCU]")
local unstaged=$(git status --porcelain 2>/dev/null | grep -e "^[MADRCU? ][MADRCU?]")
if [[ -n ${staged} ]]; then
message_color="%F{red}"
elif [[ -n ${unstaged} ]]; then
message_color="%F{yellow}"
fi
local branch=$(git rev-parse --abbrev-ref HEAD 2>/dev/null)
if [[ -n ${branch} ]]; then
message+="${message_color}${branch}%f"
fi
echo -n "${message}"
}
delta_prompt_init "$@"
# xterm title
PROMPT_XTITLE=$'%{\033]0;%n@%M:%~\007%}'
PROMPT="${PROMPT_XTITLE}${PROMPT}"
RPROMPT='$(delta_prompt_git_status)'

188
flake.lock Normal file
View file

@ -0,0 +1,188 @@
{
"nodes": {
"agenix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1620877075,
"narHash": "sha256-XvgTqtmQZHegu9UMDSR50gK5cHEM2gbnRH0qecmdN54=",
"owner": "ryantm",
"repo": "agenix",
"rev": "e543aa7d68f222e1e771165da9e9a64b5bf7b3e3",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"naersk": [
"naersk"
],
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1621509262,
"narHash": "sha256-XyCLtTVTQPXM5LXA1vffP27/tWwEn9VVESESHYNNMFA=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "d2d05e1357b84d5d70a3acba866c01eca2e4e2aa",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1606424373,
"narHash": "sha256-oq8d4//CJOrVj+EcOaSXvMebvuTkmBJuT5tzlfewUnQ=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "99f1c2157fba4bfe6211a321fd0ee43199025dbf",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1622678600,
"narHash": "sha256-mDNqOvtiZs6HuNxkfMUGhmUwAbQxdOyqecf0rVGq7h0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "95da56b783e4ccc8ded71137e4add780b239dd46",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "home-manager",
"type": "github"
}
},
"lowdown-src": {
"flake": false,
"locked": {
"lastModified": 1617481909,
"narHash": "sha256-SqnfOFuLuVRRNeVJr1yeEPJue/qWoCp5N6o5Kr///p4=",
"owner": "kristapsdz",
"repo": "lowdown",
"rev": "148f9b2f586c41b7e36e73009db43ea68c7a1a4d",
"type": "github"
},
"original": {
"owner": "kristapsdz",
"ref": "VERSION_0_8_4",
"repo": "lowdown",
"type": "github"
}
},
"naersk": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1620316130,
"narHash": "sha256-sU0VS5oJS1FsHsZsLELAXc7G2eIelVuucRw+q5B1x9k=",
"owner": "nmattia",
"repo": "naersk",
"rev": "a3f40fe42cc6d267ff7518fa3199e99ff1444ac4",
"type": "github"
},
"original": {
"owner": "nmattia",
"ref": "master",
"repo": "naersk",
"type": "github"
}
},
"nix-super-unstable": {
"inputs": {
"lowdown-src": "lowdown-src",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1622633535,
"narHash": "sha256-EelxH4BcFDowm5+c8Kl6wUTyvP6LhMpzoOS6r559oHo=",
"owner": "NixOS",
"repo": "nix",
"rev": "bb066409719f3b0e820115a3f89589457bf7f500",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nix",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1622622179,
"narHash": "sha256-XCw/9QDuj9J6prVR8YrteTcFKj2sRWYIjwgs8qOOrYQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "eaba7870ffc3400eca4407baa24184b7fe337ec1",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-21.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"deploy-rs": "deploy-rs",
"home-manager": "home-manager",
"naersk": "naersk",
"nix-super-unstable": "nix-super-unstable",
"nixpkgs": "nixpkgs"
}
},
"utils": {
"locked": {
"lastModified": 1610051610,
"narHash": "sha256-U9rPz/usA1/Aohhk7Cmc2gBrEEKRzcW4nwPWMPwja4Y=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3982c9903e93927c2164caa727cd3f6a0e6d14cc",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

78
flake.nix Normal file
View file

@ -0,0 +1,78 @@
{
description = "Private Void system configurations";
nixConfig = {
substituters = [ "https://cache.privatevoid.net" ];
trusted-public-keys = ["cache.privatevoid.net:SErQ8bvNWANeAvtsOESUwVYr2VJynfuc9JRwlzTTkVg="];
};
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.05";
nix-super-unstable.url = "github:NixOS/nix";
nix-super-unstable.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager/master";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
deploy-rs.url = "github:serokell/deploy-rs";
deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
deploy-rs.inputs.naersk.follows = "naersk";
# re-pin naersk to fix deprecation warning in deploy-rs
naersk.url = "github:nmattia/naersk/master";
naersk.inputs.nixpkgs.follows = "nixpkgs";
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, home-manager, ... }@inputs:
let
inherit (nixpkgs) lib;
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
};
deploy-rs-lib = inputs.deploy-rs.lib.${system};
agenixModule = inputs.agenix.nixosModules.age;
aspect = import ./modules inputs;
hosts = import ./hosts;
specialArgs = { inherit inputs hosts aspect; };
mkNixOS' = lib: name: lib.nixosSystem {
inherit system;
inherit specialArgs;
modules = [ hosts."${name}".nixos ];
};
mkNixOS = mkNixOS' lib;
in {
nixosModules = aspect.modules;
nixosConfigurations =
(lib.genAttrs [ "styx" ] mkNixOS);
deploy.nodes = with deploy-rs-lib; {
styx = {
hostname = "styx.services.privatevoid.net";
profiles.system = {
user = "root";
path = activate.nixos self.nixosConfigurations.styx;
};
};
};
packages.${system} = import ./packages {
inherit pkgs inputs;
};
defaultApp.${system} = {
type = "app";
program = self.packages.${system}.flake-installer.outPath;
};
hydraJobs = {
systems.${system} = lib.mapAttrs (_: x: x.config.system.build.toplevel) self.nixosConfigurations;
packages = self.packages;
};
};
}

22
hosts/default.nix Normal file
View file

@ -0,0 +1,22 @@
let
tools = import ./tools.nix;
in with tools.dns; {
# NixOS machines
styx = import ./styx tools;
# Non-NixOS machine metadata
VEGAS = {
ssh.id = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICz2nGA+Y4OxhMKsV6vKIns3hOoBkK557712h7FfWXcE";
hostNames = subResolve "vegas" "backbone";
};
};
AnimusAlpha = let hostNames = [ "alpha.animus.com" "animus.com" ]; in {
ssh.id = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGpFR47Ev+W+bdng6IrDVpl8rlKBBHSr1v5lwJmZcEFH";
hostNames = portMap 69 hostNames;
};
ssh.extraConfig = tools.ssh.extraConfig hostNames [ "Port 69" ];
};
}

7
hosts/styx/default.nix Normal file
View file

@ -0,0 +1,7 @@
tools: {
ssh.id = with tools.dns; {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOYLrmiuPK77cw71QNzG2zaWs6gsxmYuLyqsUrWMYLnk";
hostNames = subResolve "styx" "services";
};
nixos = import ./system.nix;
}

17
hosts/styx/system.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, pkgs, modulesPath, aspect, inputs, ... }:
{
imports = [
(modulesPath + "/virtualisation/lxc-container.nix")
inputs.agenix.nixosModules.age
]
++ (import ../../users "server").groups.admin
++ aspect.sets.server
++ (with aspect.modules; [ hydra ]);
networking.hostName = "styx";
networking.firewall.enable = false;
nix.trustedUsers = [ "root" "@wheel" ];
security.sudo.wheelNeedsPassword = false;
}

32
hosts/tools.nix Normal file
View file

@ -0,0 +1,32 @@
{
dns = rec {
findSvc = name: [
"any.${name}"
"local.${name}"
"tunnel.${name}"
"wired.${name}"
"wireless.${name}"
"*.if.${name}"
];
findResolve = list: dnameResolve (append "find" list) ++ append "f.void" list;
dnameResolve = list: append "private.void" list ++ append "privatevoid.net" list;
vpnResolve = list: dnameResolve (append "vpn" list);
llmnrResolve = append "local";
append = part: map (x: "${x}.${part}");
portMap = port: map (x: "[${x}]:${builtins.toString port}");
as = x: [x];
clientResolve = x: [x] ++
findResolve (findSvc x) ++
vpnResolve [x] ++
llmnrResolve [x];
subResolve = name: sub: [name] ++ dnameResolve ["${name}.${sub}"];
};
ssh = {
extraConfig = patterns: config: with builtins; let
match = "Host ${concatStringsSep " " patterns}";
indent = map (x: " " + x) config;
in concatStringsSep "\n" ([match] ++ indent);
};
}

20
modules/autopatch/default.nix Normal file
View file

@ -0,0 +1,20 @@
{ pkgs, lib, config, ... }:
{
nixpkgs.overlays = [
(self: super:
(let
patched = import ../../packages/patched-derivations.nix super;
in {
ipfs = patched.lain-ipfs;
hydra-unstable = patched.hydra;
} // lib.optionalAttrs config.krb5.enable {
bind = patched.kerberized-bind;
dnsutils = patched.kerberized-dnsutils;
dig = patched.kerberized-dig;
})
)
];
}

30
modules/default.nix Normal file
View file

@ -0,0 +1,30 @@
inputs:
with builtins;
let
aspects = {
autopatch = import ./autopatch;
enterprise = import ./enterprise;
hydra = import ./hydra;
ipfs-lain = import ./ipfs-lain;
nix-builder = import ./nix-builder;
nix-config = import ./nix-config;
nix-config-server = import ./nix-config/server.nix;
nix-register-flakes = import ./nix-register-flakes;
shell-config = import ./shell-config;
ssh = import ./ssh;
};
in rec {
modules = aspects;
sets = with modules; rec {
base = [
autopatch
enterprise
];
networking = [ ssh ];
server = [
nix-config-server
] ++ base ++ networking;
};
}

30
modules/enterprise/default.nix Normal file
View file

@ -0,0 +1,30 @@
{ pkgs, config, inputs, ... }:
let
orgDomain = "privatevoid.net";
orgRealm = "PRIVATEVOID.NET";
in {
krb5 = {
enable = true;
domain_realm = {
${orgDomain} = orgRealm;
".${orgDomain}" = orgRealm;
};
libdefaults = {
default_realm = orgRealm;
dns_lookup_kdc = true;
rdns = false;
forwardable = true;
default_ccache_name = "KEYRING:persistent:%{uid}";
pkinit_anchors = "FILE:${inputs.self.packages.x86_64-linux.privatevoid-smart-card-ca-bundle}";
};
realms = {
"${orgRealm}" = rec {
kdc = "authsys.virtual-machines.privatevoid.net";
admin_server = kdc;
kpasswd_server = kdc;
default_domain = orgDomain;
};
};
};
services.pcscd.enable = true;
}

13
modules/hardened/default.nix Normal file
View file

@ -0,0 +1,13 @@
{ pkgs, config, ... }:
{
boot.kernel.sysctl = {
"kernel.yama.ptrace_scope" = 1;
"kernel.kptr_restrict" = 2;
"net.ipv4.conf.all.rp_filter" = 1;
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.send_redirects" = false;
"net.ipv4.conf.default.send_redirects" = false;
};
}

63
modules/hydra/default.nix Normal file
View file

@ -0,0 +1,63 @@
{ pkgs, lib, config, ... }:
{
age.secrets = {
hydraS3 = {
file = ../../secrets/hydra-s3.age;
group = "hydra";
mode = "0440";
};
} // lib.mapAttrs' (k: v: lib.nameValuePair "hydra-database-credentials-for-${k}" v)
(lib.genAttrs [ "hydra-queue-runner" "hydra-www" "hydra" ]
(x:
{
file = ../../secrets/hydra-db-credentials.age;
group = "hydra";
owner = x;
mode = "0400";
}
)
);
services.hydra = {
enable = true;
dbi = "dbi:Pg:dbname=hydra;host=10.1.0.1;user=hydra;";
hydraURL = "https://hydra.privatevoid.net";
notificationSender = "hydra@privatevoid.net";
buildMachinesFiles = [ "/etc/nix/hydra-machines" ];
useSubstitutes = true;
extraConfig = ''
store_uri = s3://nix-store?scheme=https&endpoint=object-storage.privatevoid.net&secret-key=/etc/hydra/bincache.key
server_store_uri = https://cache.privatevoid.net
'';
extraEnv = {
AWS_SHARED_CREDENTIALS_FILE = config.age.secrets.hydraS3.path;
PGPASSFILE = config.age.secrets."hydra-database-credentials-for-hydra".path;
};
};
# override weird hydra module stuff
systemd.services = {
hydra-send-stats = lib.mkForce {};
} // lib.genAttrs [ "hydra-notify" "hydra-queue-runner" "hydra-server" ]
(x: let
name = if x == "hydra-server" then "hydra-www" else
if x == "hydra-notify" then "hydra-queue-runner" else x;
in {
environment = {
PGPASSFILE = lib.mkForce config.age.secrets."hydra-database-credentials-for-${name}".path;
};
}
);
nix.extraOptions = lib.mkForce ''
allowed-uris = https://git.privatevoid.net
keep-outputs = true
keep-derivations = true
'';
programs.ssh.knownHosts.git = {
hostNames = [ "git" "git.services.privatevoid.net" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0rChVEO9Qt7hr7vyiyOP7N45CjaxssFCZNOPCszEQi";
};
}

22
modules/ipfs-lain/default.nix Normal file
View file

@ -0,0 +1,22 @@
{ pkgs, config, ... }:
{
services.ipfs = {
enable = true;
extraConfig = {
Bootstrap = [
"/ip4/95.216.8.12/tcp/4001/p2p/Qmd7QHZU8UjfYdwmjmq1SBh9pvER9AwHpfwQvnvNo3HBBo"
"/ip4/34.75.66.204/tcp/4001/p2p/QmUDwdaJthQkxgoHN1QQFvj4jR12A2nGQMXxYJEqtPMsYJ"
"/ip4/35.233.49.84/tcp/4001/p2p/QmTuZN9VtqiVWjcqTkRAUnRWYurwFbC6j9E2gvnMs5XEFy"
];
};
};
systemd.services.ipfs.environment.LIBP2P_FORCE_PNET = "1";
environment.shellAliases = {
ipfs =
"doas -u ${config.services.ipfs.user} env IPFS_PATH=${config.services.ipfs.dataDir} ipfs";
f =
"doas -u ${config.services.ipfs.user} env IPFS_PATH=${config.services.ipfs.dataDir} ipfs files";
};
}

14
modules/nix-builder/default.nix Normal file
View file

@ -0,0 +1,14 @@
{ pkgs, config, ... }:
{
nix.trustedUsers = [ "nix" ];
users.users.nix = {
isSystemUser = true;
description = "Nix Remote Build";
home = "/var/tmp/nix-remote-builder";
createHome = true;
useDefaultShell = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBa9gDXWdp7Kqzbjz9Zchu91ZoYcBD6AbjvuktYA//yg"
];
};
}

71
modules/nix-config/default.nix Normal file
View file

@ -0,0 +1,71 @@
{ pkgs, config, inputs, ... }:
let
builder = {
systems = [ "x86_64-linux" "i686-linux" ];
speedFactor = 500;
supportedFeatures = [ "benchmark" "nixos-test" ];
sshKey = config.age.secrets.nixBuilderKey.path;
};
bigBuilder = builder // {
speedFactor = 1000;
supportedFeatures = builder.supportedFeatures ++ [ "kvm" "big-parallel" ];
};
in {
age.secrets.nixBuilderKey = {
file = ../../secrets/builder_key.age;
mode = "0400";
};
nixpkgs.overlays = [
(self: super: {
nixSuperUnstable = inputs.self.packages.x86_64-linux.nix-super-unstable;
})
];
nix = {
package = pkgs.nixSuperUnstable;
trustedUsers = [ "root" "@wheel" ];
extraOptions = ''
experimental-features = nix-command flakes ca-references
warn-dirty = false
builders-use-substitutes = true
flake-registry = ${
pkgs.writeText "null-registry.json" ''{"flakes":[],"version":2}''
}
'';
binaryCaches = [ "https://cache.privatevoid.net" ];
binaryCachePublicKeys = [ "cache.privatevoid.net:SErQ8bvNWANeAvtsOESUwVYr2VJynfuc9JRwlzTTkVg=" ];
autoOptimiseStore = true;
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
distributedBuilds = true;
buildMachines = [
(bigBuilder // {
sshUser = "root";
hostName = "styx.services.private.void";
speedFactor = 2000;
maxJobs = 2;
})
(bigBuilder // {
sshUser = "nix";
hostName = "wired.titan.find.private.void";
maxJobs = 12;
})
(bigBuilder // {
sshUser = "nixbuilder";
hostName = "animus.com";
speedFactor = 3000;
maxJobs = 4;
})
];
};
}

29
modules/nix-config/server.nix Normal file
View file

@ -0,0 +1,29 @@
{ pkgs, lib, config, ... }:
let
fixPriority = x: if config.services.hydra.enable
then lib.mkForce x
else x;
in {
nix = {
package = pkgs.nixUnstable;
extraOptions = fixPriority ''
experimental-features = nix-command flakes ca-references
builders-use-substitutes = true
flake-registry = ${
pkgs.writeText "null-registry.json" ''{"flakes":[],"version":2}''
}
'';
binaryCaches = [ "https://cache.privatevoid.net" ];
binaryCachePublicKeys = [ "cache.privatevoid.net:SErQ8bvNWANeAvtsOESUwVYr2VJynfuc9JRwlzTTkVg=" ];
autoOptimiseStore = true;
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
};
}

23
modules/nix-register-flakes/default.nix Normal file
View file

@ -0,0 +1,23 @@
{ config, inputs, ... }:
with inputs;
{
nix.nixPath = [
"repl=/etc/nixos/flake-channels/system/repl.nix"
"nixpkgs=/etc/nixos/flake-channels/nixpkgs"
"home-manager=/etc/nixos/flake-channels/home-manager"
];
nix.registry = {
system.flake = self;
nixpkgs.flake = nixpkgs;
default.flake = nixpkgs;
home-manager.flake = home-manager;
};
environment.etc = {
"nixos/flake-channels/system".source = inputs.self;
"nixos/flake-channels/nixpkgs".source = nixpkgs;
"nixos/flake-channels/home-manager".source = home-manager;
};
}

74
modules/shell-config/default.nix Normal file
View file

@ -0,0 +1,74 @@
{ pkgs, config, ... }:
let
component = name: builtins.readFile (builtins.toString ../../config/zsh/components + "/${name}.zsh");
snippets = map component [
"console-256color"
"fuzzy-tab"
"magic-space"
"navigation"
] ++ [
"source ${pkgs.fzf}/share/fzf/key-bindings.zsh"
];
in {
environment.shellAliases = {
cat = "${pkgs.bat} -p";
doas = "doas ";
ip = "ip -c";
ls = "${pkgs.lsd}";
sudo = "sudo ";
tree = "${pkgs.lsd} --tree";
uctl = "systemctl --user";
nix-repl = "nix repl '<repl>'";
};
programs = {
zsh = {
enable = true;
histFile = "$HOME/.cache/zsh_history";
histSize = 15000;
setOptions = [
"autocd"
"autopushd"
"globcomplete"
"globstarshort"
"histexpiredupsfirst"
"histfcntllock"
"histignoredups"
"histnofunctions"
"histnostore"
"histreduceblanks"
"histverify"
"interactivecomments"
"monitor"
"nobadpattern"
"promptsubst"
"sharehistory"
"zle"
];
vteIntegration = true;
promptInit = builtins.readFile ../../config/zsh/prompt.zsh;
interactiveShellInit = builtins.concatStringsSep "\n" snippets;
enableCompletion = true;
autosuggestions.enable = true;
syntaxHighlighting = {
enable = true;
highlighters = [ "main" "pattern" ];
styles = {
"precommand" = "fg=33";
"arg0" = "fg=39";
"single-hyphen-option" = "fg=229";
"double-hyphen-option" = "fg=228";
"path" = "none";
};
# these are aliases, highlight them properly regardless
patterns = {
"doas" = "fg=33";
"sudo" = "fg=33";
};
};
};
};
}

14
modules/ssh/default.nix Normal file
View file

@ -0,0 +1,14 @@
{ hosts, config, lib, ... }:
let
filtered = lib.filterAttrs (_: host: host ? ssh) hosts;
idCapable = lib.filterAttrs (_: host: host.ssh ? id) filtered;
configCapable = lib.filterAttrs (_: host: host.ssh ? extraConfig) filtered;
sshHosts = lib.mapAttrs (_: host: host.ssh.id) idCapable;
sshExtras = lib.mapAttrsToList (_: host: host.ssh.extraConfig) configCapable;
in {
programs.ssh = {
knownHosts = sshHosts;
extraConfig = builtins.concatStringsSep "\n" sshExtras;
};
}

7
packages/data/privatevoid-smart-card-certificate-authority-bundle.nix Normal file
View file

@ -0,0 +1,7 @@
{ fetchurl }:
fetchurl {
url =
"https://export.privatevoid.net/Certificates/PRIVATEVOID.NET__Private_Void_Smart_Card_Authority-bundle-s12.pem";
sha256 = "3939eb6512e5675bb27028f9bf9892dbb1d1a60b014f4537f8d2b6180deece68";
}

8
packages/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ pkgs, inputs }@args:
let
patched-derivations = import ./patched-derivations.nix pkgs;
patched-inputs = import ./patched-inputs.nix args;
packages = import ./packages.nix args;
in patched-derivations
// patched-inputs
// packages

27
packages/lib/tools.nix Normal file
View file

@ -0,0 +1,27 @@
rec {
dirfilter = type: path:
(let root = builtins.readDir path;
in builtins.filter (x: builtins.getAttr x root == type)
(builtins.attrNames root));
absolutify = path: ../../. + ("/" + path);
mkpatchlist = pkg:
map (patch: absolutify (builtins.concatStringsSep "/" [ pkg patch ]))
(dirfilter "regular" (absolutify pkg));
patch = super: patchdir:
super.overrideAttrs
(attrs: { patches = (attrs.patches or [ ]) ++ (mkpatchlist patchdir); });
patch-rename = super: pname: patchdir:
super.overrideAttrs (attrs: {
patches = (attrs.patches or [ ]) ++ (mkpatchlist patchdir);
inherit pname;
});
patch-rename-direct = super: renameWith: patchdir:
super.overrideAttrs (attrs: {
patches = (attrs.patches or [ ]) ++ (mkpatchlist patchdir);
name = renameWith attrs;
});
}

3
packages/packages.nix Normal file
View file

@ -0,0 +1,3 @@
{ pkgs, ... }: {
privatevoid-smart-card-ca-bundle = pkgs.callPackage ./data/privatevoid-smart-card-certificate-authority-bundle.nix { };
}

14
packages/patched-derivations.nix Normal file
View file

@ -0,0 +1,14 @@
let tools = import ./lib/tools.nix;
in with tools;
super: rec {
kerberized-bind = super.bind.overrideAttrs (attrs: {
configureFlags = attrs.configureFlags ++ [ "--with-gssapi=${super.krb5.dev}" ];
buildInputs = attrs.buildInputs ++ [ super.krb5 ];
});
kerberized-dnsutils = kerberized-bind.dnsutils;
kerberized-dig = kerberized-bind.dnsutils;
hydra = patch super.hydra-unstable "patches/base/hydra";
lain-ipfs = patch-rename super.ipfs "lain-ipfs" "patches/base/ipfs";
}

19
packages/patched-inputs.nix Normal file
View file

@ -0,0 +1,19 @@
let tools = import ./lib/tools.nix;
in with tools;
{ inputs, pkgs, ... }: rec {
deploy-rs = patch inputs.deploy-rs.packages.x86_64-linux.deploy-rs "patches/custom/deploy-rs";
nix-super-unstable = let
system = "x86_64-linux";
pkgs = import inputs.nixpkgs { inherit system;
overlays = [
inputs.nix-super-unstable.overlay
(self: super: rec {
nixSuperUnstable = patch-rename-direct super.nix (attrs: "nix-super-unstable-${attrs.version}") "patches/base/nix";
})
];
};
in pkgs.nixSuperUnstable;
agenix = inputs.agenix.packages.x86_64-linux.agenix.override { nix = nix-super-unstable; };
}

12
patches/base/hydra/fix-queue-runner-hang.patch Normal file
View file

@ -0,0 +1,12 @@
diff --git a/src/hydra-queue-runner/queue-monitor.cc b/src/hydra-queue-runner/queue-monitor.cc
--- a/src/hydra-queue-runner/queue-monitor.cc
+++ b/src/hydra-queue-runner/queue-monitor.cc
@@ -42,7 +42,7 @@ void State::queueMonitorLoop()
/* Sleep until we get notification from the database about an
event. */
if (done && !quit) {
- conn->await_notification();
+ conn->await_notification(5*60, 0);
nrQueueWakeups++;
} else

14
patches/base/ipfs/ipfs-allow-publish-with-ipns-mounted.patch Normal file
View file

@ -0,0 +1,14 @@
diff --git a/core/coreapi/coreapi.go b/core/coreapi/coreapi.go
index 5b638826b..32747fe53 100644
--- a/core/coreapi/coreapi.go
+++ b/core/coreapi/coreapi.go
@@ -191,9 +191,6 @@ func (api *CoreAPI) WithOptions(opts ...options.ApiOption) (coreiface.CoreAPI, e
}
subApi.checkPublishAllowed = func() error {
- if n.Mounts.Ipns != nil && n.Mounts.Ipns.IsActive() {
- return errors.New("cannot manually publish while IPNS is mounted")
- }
return nil
}

23
patches/base/ipfs/ipfs-fuse-big-chunks.patch Normal file
View file

@ -0,0 +1,23 @@
diff --git a/fuse/mount/fuse.go b/fuse/mount/fuse.go
index c317f5e7d..6e3951757 100644
--- a/fuse/mount/fuse.go
+++ b/fuse/mount/fuse.go
@@ -33,11 +33,15 @@ func NewMount(p goprocess.Process, fsys fs.FS, mountpoint string, allow_other bo
var conn *fuse.Conn
var err error
+ var mountOpts = []fuse.MountOption{
+ fuse.MaxReadahead(64*1024*1024),
+ fuse.AsyncRead(),
+ }
+
if allow_other {
- conn, err = fuse.Mount(mountpoint, fuse.AllowOther())
- } else {
- conn, err = fuse.Mount(mountpoint)
+ mountOpts = append(mountOpts,fuse.AllowOther())
}
+ conn, err = fuse.Mount(mountpoint, mountOpts...)
if err != nil {
return nil, err

43
patches/base/ipfs/ipfs-fuse-cache-child-nodes.patch Normal file
View file

@ -0,0 +1,43 @@
diff --git a/fuse/readonly/readonly_unix.go b/fuse/readonly/readonly_unix.go
index 866cdca1a..3a2269393 100644
--- a/fuse/readonly/readonly_unix.go
+++ b/fuse/readonly/readonly_unix.go
@@ -73,7 +73,7 @@ func (s *Root) Lookup(ctx context.Context, name string) (fs.Node, error) {
switch nd := nd.(type) {
case *mdag.ProtoNode, *mdag.RawNode:
- return &Node{Ipfs: s.Ipfs, Nd: nd}, nil
+ return &Node{Ipfs: s.Ipfs, Nd: nd, children: make(map[string]fs.Node)}, nil
default:
log.Error("fuse node was not a protobuf node")
return nil, fuse.ENOTSUP
@@ -92,6 +92,7 @@ type Node struct {
Ipfs *core.IpfsNode
Nd ipld.Node
cached *ft.FSNode
+ children map[string]fs.Node
}
func (s *Node) loadData() error {
@@ -144,6 +145,9 @@ func (s *Node) Attr(ctx context.Context, a *fuse.Attr) error {
// Lookup performs a lookup under this node.
func (s *Node) Lookup(ctx context.Context, name string) (fs.Node, error) {
log.Debugf("Lookup '%s'", name)
+ if childNode, ok := s.children[name] ; ok {
+ return childNode, nil
+ }
link, _, err := uio.ResolveUnixfsOnce(ctx, s.Ipfs.DAG, s.Nd, []string{name})
switch err {
case os.ErrNotExist, mdag.ErrLinkNotFound:
@@ -165,8 +169,9 @@ func (s *Node) Lookup(ctx context.Context, name string) (fs.Node, error) {
case nil:
// noop
}
-
- return &Node{Ipfs: s.Ipfs, Nd: nd}, nil
+ childNode := &Node{Ipfs: s.Ipfs, Nd: nd, children: make(map[string]fs.Node)}
+ s.children[name] = childNode
+ return childNode, nil
}
// ReadDirAll reads the link structure as directory entries

25
patches/base/ipfs/ipfs-fuse-nuke-getxattr.patch Normal file
View file

@ -0,0 +1,25 @@
diff --git a/fuse/readonly/readonly_unix.go b/fuse/readonly/readonly_unix.go
index 3a2269393..8bff88f28 100644
--- a/fuse/readonly/readonly_unix.go
+++ b/fuse/readonly/readonly_unix.go
@@ -228,12 +228,6 @@ func (s *Node) ReadDirAll(ctx context.Context) ([]fuse.Dirent, error) {
return nil, fuse.ENOENT
}
-func (s *Node) Getxattr(ctx context.Context, req *fuse.GetxattrRequest, resp *fuse.GetxattrResponse) error {
- // TODO: is nil the right response for 'bug off, we ain't got none' ?
- resp.Xattr = nil
- return nil
-}
-
func (s *Node) Readlink(ctx context.Context, req *fuse.ReadlinkRequest) (string, error) {
if s.cached == nil || s.cached.Type() != ft.TSymlink {
return "", fuse.Errno(syscall.EINVAL)
@@ -278,7 +272,6 @@ type roNode interface {
fs.Node
fs.NodeStringLookuper
fs.NodeReadlinker
- fs.NodeGetxattrer
}
var _ roNode = (*Node)(nil)

14
patches/base/ipfs/ipfs-unsafe-allow-all-paths-for-filestore.patch Normal file
View file

@ -0,0 +1,14 @@
diff --git a/vendor/github.com/ipfs/go-filestore/fsrefstore.go b/vendor/github.com/ipfs/go-filestore/fsrefstore.go
index 19927e0..7ff13aa 100644
--- a/vendor/github.com/ipfs/go-filestore/fsrefstore.go
+++ b/vendor/github.com/ipfs/go-filestore/fsrefstore.go
@@ -281,9 +281,6 @@ func (f *FileManager) putTo(b *posinfo.FilestoreNode, to putter) error {
if !f.AllowFiles {
return ErrFilestoreNotEnabled
}
- if !filepath.HasPrefix(b.PosInfo.FullPath, f.root) { //nolint:staticcheck
- return fmt.Errorf("cannot add filestore references outside ipfs root (%s)", f.root)
- }
p, err := filepath.Rel(f.root, b.PosInfo.FullPath)
if err != nil {

12
patches/base/ipfs/ipfs-void-tld.patch Normal file
View file

@ -0,0 +1,12 @@
diff --git a/namesys/namesys.go b/namesys/namesys.go
index 760d04c17..4f3de146d 100644
--- a/namesys/namesys.go
+++ b/namesys/namesys.go
@@ -236,3 +236,7 @@ func (ns *mpns) PublishWithEOL(ctx context.Context, name ci.PrivKey, value path.
ns.cacheSet(string(id), value, ttl)
return nil
}
+
+func init() {
+ isd.ExtendedTLDs["VOID"] = true
+}

11
patches/base/ipfs/lain-webui-0.8.0.patch Normal file
View file

@ -0,0 +1,11 @@
--- a/core/corehttp/webui.go 2020-05-09 04:58:18.000000000 +0200
+++ b/core/corehttp/webui.go 2020-07-15 00:22:00.439862559 +0200
@@ -1,7 +1,7 @@
package corehttp
// TODO: move to IPNS
-const WebUIPath = "/ipfs/bafybeif4zkmu7qdhkpf3pnhwxipylqleof7rl6ojbe7mq3fzogz6m4xk3i" // v2.11.4
+const WebUIPath = "/ipns/webui.ipfs.privatevoid.net"
// this is a list of all past webUI paths.
var WebUIPaths = []string{

162
patches/base/nix/nix-flake-default.patch Normal file
View file

@ -0,0 +1,162 @@
diff --git a/src/nix/installables.cc b/src/nix/installables.cc
index 4e6bf4a9a..ab672f8be 100644
--- a/src/libcmd/installables.cc
+++ b/src/libcmd/installables.cc
@@ -20,6 +20,10 @@
namespace nix {
+const static std::regex attrPathRegex(
+ R"((?:[a-zA-Z0-9_"-][a-zA-Z0-9_".-]*))",
+ std::regex::ECMAScript);
+
void completeFlakeInputPath(
ref<EvalState> evalState,
const FlakeRef & flakeRef,
@@ -215,10 +219,19 @@ void completeFlakeRefWithFragment(
/* Look for flake output attributes that match the
prefix. */
try {
+ bool isAttrPath = std::regex_match(prefix.begin(), prefix.end(), attrPathRegex);
auto hash = prefix.find('#');
- if (hash != std::string::npos) {
- auto fragment = prefix.substr(hash + 1);
- auto flakeRefS = std::string(prefix.substr(0, hash));
+ if (isAttrPath || hash != std::string::npos) {
+ auto fragment =
+ isAttrPath
+ ? prefix
+ : prefix.substr(hash + 1);
+
+ auto flakeRefS =
+ isAttrPath
+ ? std::string("flake:default")
+ : std::string(prefix.substr(0, hash));
+
// FIXME: do tilde expansion.
auto flakeRef = parseFlakeRef(flakeRefS, absPath("."));
@@ -251,7 +264,10 @@ void completeFlakeRefWithFragment(
auto attrPath2 = attr->getAttrPath(attr2);
/* Strip the attrpath prefix. */
attrPath2.erase(attrPath2.begin(), attrPath2.begin() + attrPathPrefix.size());
- completions->add(flakeRefS + "#" + concatStringsSep(".", attrPath2));
+ if (isAttrPath)
+ completions->add(concatStringsSep(".", attrPath2));
+ else
+ completions->add(flakeRefS + "#" + concatStringsSep(".", attrPath2));
}
}
}
@@ -626,7 +642,13 @@ std::vector<std::shared_ptr<Installable>> SourceExprCommand::parseInstallables(
std::exception_ptr ex;
try {
- auto [flakeRef, fragment] = parseFlakeRefWithFragment(s, absPath("."));
+ bool isAttrPath = std::regex_match(s, attrPathRegex);
+
+ auto [flakeRef, fragment] =
+ isAttrPath
+ ? std::make_pair(parseFlakeRef("flake:default", absPath(".")), s)
+ : parseFlakeRefWithFragment(s, absPath("."));
+
result.push_back(std::make_shared<InstallableFlake>(
getEvalState(), std::move(flakeRef),
fragment == "" ? getDefaultFlakeAttrPaths() : Strings{fragment},
diff --git a/src/nix/search.cc b/src/nix/search.cc
index 9f864b3a4..b21118ece 100644
--- a/src/nix/search.cc
+++ b/src/nix/search.cc
@@ -30,13 +30,32 @@ std::string hilite(const std::string & s, const std::smatch & m, std::string pos
+ std::string(m.suffix());
}
-struct CmdSearch : InstallableCommand, MixJSON
+struct CmdSearch : SourceExprCommand, MixJSON
{
+ std::string _installable{"flake:default"};
std::vector<std::string> res;
CmdSearch()
{
- expectArgs("regex", &res);
+ bool hasInstallable = false;
+
+ addFlag({
+ .longName = "installable",
+ .shortName = 'i',
+ .description = "Search within this installable",
+ .labels = {"installable"},
+ .handler = {[this, &hasInstallable](std::string ss) {
+ hasInstallable = true;
+ _installable = ss;
+ }},
+ .completer = completePath
+ });
+
+ if (hasInstallable && (file || expr)) {
+ throw UsageError("'--installable' cannot be used together with '--file' or '--expr'");
+ }
+
+ expectArgs("args", &res);
}
std::string description() override
@@ -63,6 +82,8 @@ struct CmdSearch : InstallableCommand, MixJSON
{
settings.readOnlyMode = true;
+ auto installable = parseInstallable(store, (file || expr) ? "" : _installable);
+
// Empty search string should match all packages
// Use "^" here instead of ".*" due to differences in resulting highlighting
// (see #1893 -- libc++ claims empty search string is not in POSIX grammar)
diff --git a/tests/flakes.sh b/tests/flakes.sh
index 2b7bcdd68..f654b2f36 100644
--- a/tests/flakes.sh
+++ b/tests/flakes.sh
@@ -188,7 +188,7 @@ nix build -o $TEST_ROOT/result flake1#foo
[[ -e $TEST_ROOT/result/hello ]]
# Test defaultPackage.
-nix build -o $TEST_ROOT/result flake1
+nix build -o $TEST_ROOT/result flake1#
[[ -e $TEST_ROOT/result/hello ]]
nix build -o $TEST_ROOT/result $flake1Dir
diff --git a/tests/search.sh b/tests/search.sh
index ee3261687..e41963c2d 100644
--- a/tests/search.sh
+++ b/tests/search.sh
@@ -3,23 +3,23 @@ source common.sh
clearStore
clearCache
-(( $(nix search -f search.nix '' hello | wc -l) > 0 ))
+(( $(nix search -f search.nix hello | wc -l) > 0 ))
# Check descriptions are searched
-(( $(nix search -f search.nix '' broken | wc -l) > 0 ))
+(( $(nix search -f search.nix broken | wc -l) > 0 ))
# Check search that matches nothing
-(( $(nix search -f search.nix '' nosuchpackageexists | wc -l) == 0 ))
+(( $(nix search -f search.nix nosuchpackageexists | wc -l) == 0 ))
# Search for multiple arguments
-(( $(nix search -f search.nix '' hello empty | wc -l) == 2 ))
+(( $(nix search -f search.nix hello empty | wc -l) == 2 ))
# Multiple arguments will not exist
-(( $(nix search -f search.nix '' hello broken | wc -l) == 0 ))
+(( $(nix search -f search.nix hello broken | wc -l) == 0 ))
## Search expressions
# Check that empty search string matches all
-nix search -f search.nix '' |grep -q foo
-nix search -f search.nix '' |grep -q bar
-nix search -f search.nix '' |grep -q hello
+nix search -f search.nix |grep -q foo
+nix search -f search.nix |grep -q bar
+nix search -f search.nix |grep -q hello

15
patches/base/nix/nix-profile-list-better-ui.patch Normal file
View file

@ -0,0 +1,15 @@
diff --git a/src/nix/profile.cc b/src/nix/profile.cc
index 4d275f5..48e9625 100644
--- a/src/nix/profile.cc
+++ b/src/nix/profile.cc
@@ -453,9 +453,8 @@ struct CmdProfileList : virtual EvalCommand, virtual StoreCommand, MixDefaultPro
for (size_t i = 0; i < manifest.elements.size(); ++i) {
auto & element(manifest.elements[i]);
- logger->cout("%d %s %s %s", i,
+ logger->cout("%03d %s\t%s", i,
element.source ? element.source->originalRef.to_string() + "#" + element.source->attrPath : "-",
- element.source ? element.source->resolvedRef.to_string() + "#" + element.source->attrPath : "-",
concatStringsSep(" ", store->printStorePathSet(element.storePaths)));
}
}

13
patches/base/nix/no-unknown-flake-outputs.patch Normal file
View file

@ -0,0 +1,13 @@
diff --git a/src/nix/flake.cc b/src/nix/flake.cc
index 2f0c468..492a7de 100644
--- a/src/nix/flake.cc
+++ b/src/nix/flake.cc
@@ -574,8 +574,6 @@ struct CmdFlakeCheck : FlakeCommand
*attr.value, *attr.pos);
}
- else
- warn("unknown flake output '%s'", name);
} catch (Error & e) {
e.addTrace(pos, hintfmt("while checking flake output '%s'", name));

51
patches/custom/deploy-rs/deploy-rs-no-emojis.patch Normal file
View file

@ -0,0 +1,51 @@
diff --git a/src/lib.rs b/src/lib.rs
index b93b9ae..9081214 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -17,16 +17,6 @@ pub fn make_lock_path(temp_path: &str, closure: &str) -> String {
format!("{}/deploy-rs-canary-{}", temp_path, lock_hash)
}
-fn make_emoji(level: log::Level) -> &'static str {
- match level {
- log::Level::Error => "❌",
- log::Level::Warn => "⚠️",
- log::Level::Info => "",
- log::Level::Debug => "❓",
- log::Level::Trace => "🖊️",
- }
-}
-
pub fn logger_formatter_activate(
w: &mut dyn std::io::Write,
_now: &mut DeferredNow,
@@ -36,8 +26,7 @@ pub fn logger_formatter_activate(
write!(
w,
- "⭐ {} [activate] [{}] {}",
- make_emoji(level),
+ "[activate] [{}] {}",
style(level, level.to_string()),
record.args()
)
@@ -52,8 +41,7 @@ pub fn logger_formatter_wait(
write!(
w,
- "👀 {} [wait] [{}] {}",
- make_emoji(level),
+ "[wait] [{}] {}",
style(level, level.to_string()),
record.args()
)
@@ -68,8 +56,7 @@ pub fn logger_formatter_deploy(
write!(
w,
- "🚀 {} [deploy] [{}] {}",
- make_emoji(level),
+ "[deploy] [{}] {}",
style(level, level.to_string()),
record.args()
)

8
repl.nix Normal file
View file

@ -0,0 +1,8 @@
let
flake = builtins.getFlake (toString ./.);
nixpkgs = import <nixpkgs> { };
in {
inherit flake;
inherit nixpkgs;
nixos = flake.nixosConfigurations;
}

12
secrets/hydra-db-credentials.age Normal file
View file

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 NO562A 8y69PgCxhGnJyWidqAWhMu5W6KmOyrPj6Yq6CH2zeXs
L+qJsxC0eJJZ6QkHk/mif/jSrlV135nYV36p8I2VABI
-> ssh-ed25519 5/zT0w 4EzS5JYeSpxinLyP1dPDar2uN/HP+mZ1SpaFrO4Z9T8
E3FWjk7Ma1+XYls0tZyVzt9rdeVC2Cxd7p0aXR8BMmY
-> ssh-ed25519 8Ib2bg IU8rm12IoW6rjJvtKZQjPypE6//B8N+zT6aYOsGsagQ
V1gwYZ2mSmwwRGrQy+5Yi6X2jc7cuSb4i8ug78TgNNs
-> 8?D(x;Zq-grease
eLVD9rsrAlXCtjq1xYeWksV+NrZJGLWIpVXOS/L5G6YoS5tmZfPIEpIJ75wylUSu
dCmo2xg
--- K4HxduHKm3NBmH/0fWai2n4O+6H7JF/4tkjc+2GQjtg
Í».>Ø9æ$¨ZòÂÄßoÓ˜ÃCé€4R'Ú<>¥p¯20A^~½“¤B<C2A4>X=b—<4A>¾gàßm¬¯n¾RÖÅÅ8{†Œës ,ùdiEá±~Ï¢‰p!¹ñ¯üº{‹½)¸¹Šž>WB²¡½È-Q nV ¨A

12
secrets/hydra-s3.age Normal file
View file

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 NO562A /BSDGnygvS3MifbGGMuh4aEYLPU/ZWTHmbY2vIhati0
JKVX2J0gCpL3eUyobQySzxmjmbSGGgeYjjLxLv+psZs
-> ssh-ed25519 5/zT0w YJd4JqY/YGg6/VfzdK+6FI1/72RyRLlHsIc/CSdHwX0
85UB6ky6eeBbFIMMXeqwIwt7PN/FaWK6qNwaXdHZkj8
-> ssh-ed25519 8Ib2bg fTOeo/9ndpGTMVK0B1ZWpFOPZdbdreiulrASoJgy4Bo
X1UHKTGpFdk5TMeY7StlGVV01GNJTrXMOoSi9kAEm1c
-> 3jS]IIF-grease = `,U>Z ^m41U@0 C
Jh+cNu7e0o/a3m4yN6Wrqf3bYjXuzKfQBF3uSY+578mzlTxuhigdM7mXU8RUBad1
hoYavMvK5ipI8bbK6pNeM/R24SDJPtd28TPZ8AlWHWKqknoDW1gXndcHiJDe
--- LpT1SWpbWrqdFDV4cf2rEP9ssFr3aubcyNm3rXfdj9Y
´‰ã "˜÷9îÒ«ìÊ>nfY»ânÌ7—×žÑ 7Zl'à;>-¬áú)½zV"Š§a Á¡†;Å.f@ý’ÔŠÖM<C396>¦¼£ÛÙáš]Ô”ëN+$j´ªd`aˆFÀ_Ï„Ö±JǦšE~\ŽÖ¯{7ªÄ<C2AA>iˆÇV¾eëìeýKC%³ÁÑ̦BKR9<>QV0µ¡Y}

9
secrets/secrets.nix Normal file
View file

@ -0,0 +1,9 @@
let
max = (import ../users/max/userinfo.nix null).sshKeys;
hosts = import ../hosts;
systemKeys = x: x.ssh.id.publicKey or null;
in with hosts;
{
"hydra-s3.age".publicKeys = max ++ map systemKeys [ styx ];
"hydra-db-credentials.age".publicKeys = max ++ map systemKeys [ styx ];
}

16
users/max/userinfo.nix Normal file
View file

@ -0,0 +1,16 @@
pkgs: rec {
firstName = "Max";
lastName = "Headroom";
userName = "max";
orgDomain = "privatevoid.net";
security = { pkcs11Providers = [ "${pkgs.opensc}/lib/opensc-pkcs11.so" ]; };
sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL5C7mC5S2gM0K6x0L/jNwAeQYbFSzs16Q73lONUlIkL max@TITAN"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMmdWfmAs/0rno8zJlhBFMY2SumnHbTNdZUXJqxgd9ON max@jericho"
];
email = "${userName}@${orgDomain}";
gecos = "${firstName} ${lastName}";
}