From a4177f9382cc541035937c87fb38513cc1f36460 Mon Sep 17 00:00:00 2001 From: Gabriel Arazas Date: Sun, 11 Feb 2024 15:16:25 +0800 Subject: [PATCH] flake-parts/setups: set separate namespace for custom library This at least allows us to make custom environment-specific library sets. --- apps/run-workflow-with-vm/configuration.nix | 7 ++- .../home-manager/foo-dogsquared/default.nix | 4 +- configs/nixos/_users/plover/default.nix | 4 +- configs/nixos/ni/default.nix | 4 +- .../nixos/ni/modules/networking/wireguard.nix | 4 +- .../ni/modules/services/backup/default.nix | 30 +++++------ .../services/download-media/default.nix | 4 +- configs/nixos/plover/default.nix | 8 +-- .../nixos/plover/modules/services/backup.nix | 4 +- .../plover/modules/services/dns-server.nix | 4 +- .../nixos/plover/modules/services/gitea.nix | 4 +- .../nixos/plover/modules/services/grafana.nix | 4 +- .../plover/modules/services/vaultwarden.nix | 4 +- .../plover/modules/services/vouch-proxy.nix | 4 +- .../plover/modules/services/wireguard.nix | 4 +- configs/nixos/winnowing/default.nix | 4 +- lib/default.nix | 51 ++---------------- lib/extras/extend-lib.nix | 16 ------ lib/extras/home-manager-set.nix | 6 +++ lib/extras/nixos-set.nix | 6 +++ lib/extras/nixvim-set.nix | 4 ++ lib/{private.nix => nixos.nix} | 9 +--- lib/sops.nix | 53 +++++++++++++++++++ modules/flake-parts/setups/home-manager.nix | 7 ++- modules/flake-parts/setups/nixos.nix | 10 ++-- modules/flake-parts/setups/nixvim.nix | 9 +++- modules/nixos/workflows/default.nix | 6 ++- 27 files changed, 151 insertions(+), 123 deletions(-) delete mode 100644 lib/extras/extend-lib.nix create mode 100644 lib/extras/home-manager-set.nix create mode 100644 lib/extras/nixos-set.nix create mode 100644 lib/extras/nixvim-set.nix rename lib/{private.nix => nixos.nix} (71%) create mode 100644 lib/sops.nix diff --git a/apps/run-workflow-with-vm/configuration.nix b/apps/run-workflow-with-vm/configuration.nix index 84d1af80..cd3a0405 100644 --- a/apps/run-workflow-with-vm/configuration.nix +++ b/apps/run-workflow-with-vm/configuration.nix @@ -6,7 +6,7 @@ let pkgs = import { }; config' = import { }; - lib = pkgs.lib.extend (import ); + lib = pkgs.lib; in import { inherit lib; @@ -41,9 +41,14 @@ import { ({ config, lib, ... }: { xdg.userDirs.createDirectories = lib.mkForce true; + _module.args.foodogsquaredLib = + import ../../lib/extras/home-manager-set.nix { inherit lib; }; }) ]; + _module.args.foodogsquaredLib = + import ../../lib/extras/nixos-set.nix { inherit lib; }; + workflows.workflows.${workflow}.enable = true; nixpkgs.overlays = [ diff --git a/configs/home-manager/foo-dogsquared/default.nix b/configs/home-manager/foo-dogsquared/default.nix index 99cee53b..86969d85 100644 --- a/configs/home-manager/foo-dogsquared/default.nix +++ b/configs/home-manager/foo-dogsquared/default.nix @@ -1,4 +1,4 @@ -{ config, lib, options, pkgs, ... }: +{ config, lib, pkgs, foodogsquaredLib, ... }: { imports = [ ./modules ]; @@ -32,7 +32,7 @@ # The keyfile required to decrypt the secrets. sops.age.keyFile = "${config.xdg.configHome}/age/user"; - sops.secrets = lib.private.getSecrets ./secrets/secrets.yaml { + sops.secrets = foodogsquaredLib.sops-nix.getSecrets ./secrets/secrets.yaml { davfs2-credentials = { path = "${config.home.homeDirectory}/.davfs2/davfs2.conf"; }; diff --git a/configs/nixos/_users/plover/default.nix b/configs/nixos/_users/plover/default.nix index 96f1d224..42400c42 100644 --- a/configs/nixos/_users/plover/default.nix +++ b/configs/nixos/_users/plover/default.nix @@ -1,9 +1,9 @@ # This is the user that is often used for servers. -{ lib, pkgs, ... }: +{ lib, pkgs, foodogsquaredLib, ... }: let user = "plover"; - homeManagerUser = lib.private.getConfig "home-manager" user; + homeManagerUser = foodogsquaredLib.getConfig "home-manager" user; in { users.users.${user} = { diff --git a/configs/nixos/ni/default.nix b/configs/nixos/ni/default.nix index 4dd46545..c9a31f4a 100644 --- a/configs/nixos/ni/default.nix +++ b/configs/nixos/ni/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, foodogsquaredModulesPath, ... }: +{ config, pkgs, lib, foodogsquaredLib, foodogsquaredModulesPath, ... }: { imports = [ @@ -33,7 +33,7 @@ type = "ed25519"; }]; - sops.secrets = lib.private.getSecrets ./secrets/secrets.yaml { + sops.secrets = foodogsquaredLib.sops-nix.getSecrets ./secrets/secrets.yaml { "ssh-key" = { }; }; diff --git a/configs/nixos/ni/modules/networking/wireguard.nix b/configs/nixos/ni/modules/networking/wireguard.nix index 0e84d173..834cdbb4 100644 --- a/configs/nixos/ni/modules/networking/wireguard.nix +++ b/configs/nixos/ni/modules/networking/wireguard.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, foodogsquaredLib, ... }: let hostCfg = config.hosts.ni; @@ -31,7 +31,7 @@ in { environment.systemPackages = with pkgs; [ wireguard-tools ]; networking.firewall.allowedUDPPorts = [ wireguardPort ]; - sops.secrets = lib.private.getSecrets ../../secrets/secrets.yaml { + sops.secrets = foodogsquaredLib.sops-nix.getSecrets ../../secrets/secrets.yaml { "wireguard/private-key" = { }; "wireguard/preshared-keys/plover" = { }; "wireguard/preshared-keys/phone" = { }; diff --git a/configs/nixos/ni/modules/services/backup/default.nix b/configs/nixos/ni/modules/services/backup/default.nix index e9ff7369..ab94f5b7 100644 --- a/configs/nixos/ni/modules/services/backup/default.nix +++ b/configs/nixos/ni/modules/services/backup/default.nix @@ -1,5 +1,5 @@ # It's a setup for my backup. -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, foodogsquaredLib, ... }: let hostCfg = config.hosts.ni; @@ -47,9 +47,9 @@ in lib.mkEnableOption "backup setup with BorgBackup"; config = lib.mkIf cfg.enable { - sops.secrets = lib.private.getSecrets + sops.secrets = foodogsquaredLib.sops-nix.getSecrets ./secrets.yaml - (lib.private.attachSopsPathPrefix pathPrefix { + (foodogsquaredLib.sops-nix.attachSopsPathPrefix pathPrefix { "patterns/home" = { }; "patterns/etc" = { }; "patterns/keys" = { }; @@ -94,18 +94,18 @@ in startAt = "04:30"; }; - remote-backup-hetzner-box = borgJobCommonSetting - { - patterns = with config.sops; [ - secrets."${pathPrefix}/patterns/remote-backup".path - ]; - passCommand = "cat ${config.sops.secrets."${pathPrefix}/repos/hetzner-box/password".path}"; - } // { - doInit = true; - repo = "ssh://${hetzner-boxes-user}@${hetzner-boxes-server}:23/./borg/desktop/ni"; - startAt = "04:30"; - environment.BORG_RSH = "ssh -i ${config.sops.secrets."${pathPrefix}/ssh-key".path}"; - }; + #remote-backup-hetzner-box = borgJobCommonSetting + # { + # patterns = with config.sops; [ + # secrets."${pathPrefix}/patterns/remote-backup".path + # ]; + # passCommand = "cat ${config.sops.secrets."${pathPrefix}/repos/hetzner-box/password".path}"; + # } // { + # doInit = true; + # repo = "ssh://${hetzner-boxes-user}@${hetzner-boxes-server}:23/./borg/desktop/ni"; + # startAt = "04:30"; + # environment.BORG_RSH = "ssh -i ${config.sops.secrets."${pathPrefix}/ssh-key".path}"; + #}; }; programs.ssh.extraConfig = '' diff --git a/configs/nixos/ni/modules/services/download-media/default.nix b/configs/nixos/ni/modules/services/download-media/default.nix index 0074256d..24fc2b5e 100644 --- a/configs/nixos/ni/modules/services/download-media/default.nix +++ b/configs/nixos/ni/modules/services/download-media/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, foodogsquaredLib, ... }: let hostCfg = config.hosts.ni; @@ -95,7 +95,7 @@ in { environment.systemPackages = [ ytdlpArchiveVariant ]; - sops.secrets = lib.private.getSecrets ./secrets.yaml + sops.secrets = foodogsquaredLib.sops-nix.getSecrets ./secrets.yaml (lib.attachSopsPathPrefix pathPrefix { "secrets-config" = { }; }); diff --git a/configs/nixos/plover/default.nix b/configs/nixos/plover/default.nix index 9806fde8..a286c671 100644 --- a/configs/nixos/plover/default.nix +++ b/configs/nixos/plover/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, foodogsquaredModulesPath, ... }: +{ config, lib, pkgs, foodogsquaredLib, foodogsquaredModulesPath, ... }: { imports = [ @@ -8,8 +8,8 @@ ./modules/profiles/hetzner-cloud-cx21.nix # The users for this host. - (lib.private.getUser "nixos" "admin") - (lib.private.getUser "nixos" "plover") + (foodogsquaredLib.getUser "nixos" "admin") + (foodogsquaredLib.getUser "nixos" "plover") "${foodogsquaredModulesPath}/profiles/headless.nix" "${foodogsquaredModulesPath}/profiles/hardened.nix" @@ -45,7 +45,7 @@ # Offline SSH!?! programs.mosh.enable = true; - sops.secrets = lib.private.getSecrets ./secrets/secrets.yaml { + sops.secrets = foodogsquaredLib.sops-nix.getSecrets ./secrets/secrets.yaml { "ssh-key" = { }; "lego/env" = { }; }; diff --git a/configs/nixos/plover/modules/services/backup.nix b/configs/nixos/plover/modules/services/backup.nix index 9f4191f7..bcede8f0 100644 --- a/configs/nixos/plover/modules/services/backup.nix +++ b/configs/nixos/plover/modules/services/backup.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, foodogsquaredLib, ... }: let hostCfg = config.hosts.plover; @@ -49,7 +49,7 @@ in lib.mkEnableOption "backup service"; config = lib.mkIf cfg.enable { - sops.secrets = lib.private.getSecrets ../../secrets/secrets.yaml { + sops.secrets = foodogsquaredLib.sops-nix.getSecrets ../../secrets/secrets.yaml { "borg/repos/host/patterns/keys" = { }; "borg/repos/host/password" = { }; "borg/repos/services/password" = { }; diff --git a/configs/nixos/plover/modules/services/dns-server.nix b/configs/nixos/plover/modules/services/dns-server.nix index fbfddff1..b9d37f38 100644 --- a/configs/nixos/plover/modules/services/dns-server.nix +++ b/configs/nixos/plover/modules/services/dns-server.nix @@ -1,7 +1,7 @@ # The DNS server for my domains. Take note it uses a hidden master setup with # the secondary nameservers of the service (as of 2023-10-05, we're using # Hetzner's secondary nameservers). -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, foodogsquaredLib, ... }: let hostCfg = config.hosts.plover; @@ -46,7 +46,7 @@ in mode = "0400"; }; in - lib.private.getSecrets ../../secrets/secrets.yaml { + foodogsquaredLib.sops-nix.getSecrets ../../secrets/secrets.yaml { "dns/${domain}/mailbox-security-key" = dnsFileAttribute; "dns/${domain}/mailbox-security-key-record" = dnsFileAttribute; "dns/${domain}/keybase-verification-key" = dnsFileAttribute; diff --git a/configs/nixos/plover/modules/services/gitea.nix b/configs/nixos/plover/modules/services/gitea.nix index 6a0b0009..aa82e68f 100644 --- a/configs/nixos/plover/modules/services/gitea.nix +++ b/configs/nixos/plover/modules/services/gitea.nix @@ -2,7 +2,7 @@ # feature in particular to see how this plays out. It might not be toppling # over the popular services but it is interesting to see new spaces for this # one. -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, foodogsquaredLib, ... }: let hostCfg = config.hosts.plover; @@ -18,7 +18,7 @@ in config = lib.mkIf cfg.enable (lib.mkMerge [ { - sops.secrets = lib.private.getSecrets ../../secrets/secrets.yaml { + sops.secrets = foodogsquaredLib.sops-nix.getSecrets ../../secrets/secrets.yaml { "gitea/db/password".owner = giteaUser; "gitea/smtp/password".owner = giteaUser; }; diff --git a/configs/nixos/plover/modules/services/grafana.nix b/configs/nixos/plover/modules/services/grafana.nix index 14a38617..39c642ab 100644 --- a/configs/nixos/plover/modules/services/grafana.nix +++ b/configs/nixos/plover/modules/services/grafana.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, foodogsquaredLib, ... }: let hostCfg = config.hosts.plover; @@ -28,7 +28,7 @@ in mode = "0400"; }; in - lib.private.getSecrets ../../secrets/secrets.yaml { + foodogsquaredLib.sops-nix.getSecrets ../../secrets/secrets.yaml { "grafana/database/password" = grafanaFileAttributes; "grafana/users/admin/password" = grafanaFileAttributes; }; diff --git a/configs/nixos/plover/modules/services/vaultwarden.nix b/configs/nixos/plover/modules/services/vaultwarden.nix index 0a38f35f..9f7849ff 100644 --- a/configs/nixos/plover/modules/services/vaultwarden.nix +++ b/configs/nixos/plover/modules/services/vaultwarden.nix @@ -1,6 +1,6 @@ # An alternative implementation of Bitwarden written in Rust. The project # being written in Rust is a insta-self-hosting material right there. -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, foodogsquaredLib, ... }: let hostCfg = config.hosts.plover; @@ -20,7 +20,7 @@ in config = lib.mkIf cfg.enable (lib.mkMerge [ { - sops.secrets = lib.private.getSecrets ../../secrets/secrets.yaml { + sops.secrets = foodogsquaredLib.sops-nix.getSecrets ../../secrets/secrets.yaml { "vaultwarden/env".owner = vaultwardenUser; }; diff --git a/configs/nixos/plover/modules/services/vouch-proxy.nix b/configs/nixos/plover/modules/services/vouch-proxy.nix index b5eec4a1..3065a12c 100644 --- a/configs/nixos/plover/modules/services/vouch-proxy.nix +++ b/configs/nixos/plover/modules/services/vouch-proxy.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, foodogsquaredLib, ... }: let hostCfg = config.hosts.plover; @@ -22,7 +22,7 @@ in mode = "0400"; }; in - lib.private.getSecrets ../../secrets/secrets.yaml { + foodogsquaredLib.sops-nix.getSecrets ../../secrets/secrets.yaml { "vouch-proxy/jwt/secret" = vouchPermissions; "vouch-proxy/client/secret" = vouchPermissions; }; diff --git a/configs/nixos/plover/modules/services/wireguard.nix b/configs/nixos/plover/modules/services/wireguard.nix index deadbe25..2834712b 100644 --- a/configs/nixos/plover/modules/services/wireguard.nix +++ b/configs/nixos/plover/modules/services/wireguard.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, foodogsquaredLib, ... }: # Take note this service is heavily based on the hardware networking setup of # this host so better stay focused on the hardware configuration on this host. @@ -29,7 +29,7 @@ in mode = "0640"; }; in - lib.private.getSecrets ../../secrets/secrets.yaml { + foodogsquaredLib.sops-nix.getSecrets ../../secrets/secrets.yaml { "wireguard/private-key" = systemdNetworkdPermission; "wireguard/preshared-keys/ni" = systemdNetworkdPermission; "wireguard/preshared-keys/phone" = systemdNetworkdPermission; diff --git a/configs/nixos/winnowing/default.nix b/configs/nixos/winnowing/default.nix index 08b76926..55f6417a 100644 --- a/configs/nixos/winnowing/default.nix +++ b/configs/nixos/winnowing/default.nix @@ -1,10 +1,10 @@ -{ config, lib, pkgs, modulesPath, ... }: +{ config, lib, pkgs, modulesPath, foodogsquaredLib, ... }: { imports = [ "${modulesPath}/profiles/minimal.nix" - (lib.private.mapHomeManagerUser "winnow" { + (foodogsquaredLib.mapHomeManagerUser "winnow" { extraGroups = [ "wheel" "docker" diff --git a/lib/default.nix b/lib/default.nix index a70c86e6..f2cd421b 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,4 +1,4 @@ -# All of the custom functions used for this configuration. +# All of the custom functions suitable for all environments. { lib }: rec { @@ -15,52 +15,7 @@ rec { lib.count (attr: pred attr.name attr.value) (lib.mapAttrsToList lib.nameValuePair attrs); - /* Get the secrets from a given sops file. This will set the individual - attributes `sopsFile` with the given file to not interrupt as much as - possible with your own sops-nix workflow. + getConfig = type: config: ../configs/${type}/${config}; - Examples: - lib.getSecrets ./sops.yaml { - ssh-key = { }; - "borg/ssh-key" = { }; - "wireguard/private-key" = { - group = config.users.users.systemd-network.group; - reloadUnits = [ "systemd-networkd.service" ]; - mode = "0640"; - }; - } - */ - getSecrets = sopsFile: secrets: - let - getKey = key: { inherit key sopsFile; }; - in - lib.mapAttrs - (path: attrs: - (getKey path) // attrs) - secrets; - - /* Prepend a prefix for the given secrets. This allows a workflow for - separate sops file. - - Examples: - lib.getSecrets ./sops.yaml { - ssh-key = { }; - "borg/ssh-key" = { }; - } // - (lib.getSecrets ./wireguard.yaml - (lib.attachSopsPathPrefix "wireguard" { - "private-key" = { - group = config.users.users.systemd-network.group; - reloadUnits = [ "systemd-networkd.service" ]; - mode = "0640"; - }; - })) - */ - attachSopsPathPrefix = prefix: secrets: - lib.mapAttrs' - (key: settings: - lib.nameValuePair - "${prefix}/${key}" - ({ inherit key; } // settings)) - secrets; + getUser = type: user: ../configs/${type}/_users/${user}; } diff --git a/lib/extras/extend-lib.nix b/lib/extras/extend-lib.nix deleted file mode 100644 index a114f44b..00000000 --- a/lib/extras/extend-lib.nix +++ /dev/null @@ -1,16 +0,0 @@ -# A lambda suitable to be used for `pkgs.lib.extend`. -self: super: -let - publicLib = import ../. { lib = super; }; -in -{ - inherit (publicLib) countAttrs getSecrets attachSopsPathPrefix; - - # Until I figure out how to properly add them only for their respective - # environment, this is the working solution for now. Not really perfect - # since we use one nixpkgs instance for each configuration (home-manager or - # otherwise). - private = publicLib - // import ../private.nix { lib = self; } - // import ../home-manager.nix { lib = self; }; -} diff --git a/lib/extras/home-manager-set.nix b/lib/extras/home-manager-set.nix new file mode 100644 index 00000000..d747fa9b --- /dev/null +++ b/lib/extras/home-manager-set.nix @@ -0,0 +1,6 @@ +# The home-manager set. +{ lib }: + +import ../default.nix { inherit lib; } +// import ../home-manager.nix { inherit lib; } +// { sops-nix = import ../sops.nix { inherit lib; }; } diff --git a/lib/extras/nixos-set.nix b/lib/extras/nixos-set.nix new file mode 100644 index 00000000..26f3bed2 --- /dev/null +++ b/lib/extras/nixos-set.nix @@ -0,0 +1,6 @@ +# The NixOS library set. +{ lib }: + +import ../default.nix { inherit lib; } +// import ../home-manager.nix { inherit lib; } +// { sops-nix = import ../sops.nix { inherit lib; }; } diff --git a/lib/extras/nixvim-set.nix b/lib/extras/nixvim-set.nix new file mode 100644 index 00000000..da95b8ac --- /dev/null +++ b/lib/extras/nixvim-set.nix @@ -0,0 +1,4 @@ +# NixVim library set. +{ lib }: + +import ../default.nix { inherit lib; } diff --git a/lib/private.nix b/lib/nixos.nix similarity index 71% rename from lib/private.nix rename to lib/nixos.nix index da89b10a..7a200dc6 100644 --- a/lib/private.nix +++ b/lib/nixos.nix @@ -1,5 +1,4 @@ -# This is just a library intended solely for this flake. -# It is expected to use the nixpkgs library with `lib/default.nix`. +# All of the functions suitable only for NixOS. { lib }: rec { @@ -22,7 +21,7 @@ rec { home.homeDirectory = homeDirectory; } - (getConfig "home-manager" user) + ../configs/home-manager/${user} ]; }; @@ -31,8 +30,4 @@ rec { settings ]; }); - - getConfig = type: config: ../configs/${type}/${config}; - - getUser = type: user: ../configs/${type}/_users/${user}; } diff --git a/lib/sops.nix b/lib/sops.nix new file mode 100644 index 00000000..f2033274 --- /dev/null +++ b/lib/sops.nix @@ -0,0 +1,53 @@ +# A library specifically for environments with sops-nix. +{ lib }: + +{ + /* Get the secrets from a given sops file. This will set the individual + attributes `sopsFile` with the given file to not interrupt as much as + possible with your own sops-nix workflow. + + Examples: + lib.getSecrets ./sops.yaml { + ssh-key = { }; + "borg/ssh-key" = { }; + "wireguard/private-key" = { + group = config.users.users.systemd-network.group; + reloadUnits = [ "systemd-networkd.service" ]; + mode = "0640"; + }; + } + */ + getSecrets = sopsFile: secrets: + let + getKey = key: { inherit key sopsFile; }; + in + lib.mapAttrs + (path: attrs: + (getKey path) // attrs) + secrets; + + /* Prepend a prefix for the given secrets. This allows a workflow for + separate sops file. + + Examples: + lib.getSecrets ./sops.yaml { + ssh-key = { }; + "borg/ssh-key" = { }; + } // + (lib.getSecrets ./wireguard.yaml + (lib.attachSopsPathPrefix "wireguard" { + "private-key" = { + group = config.users.users.systemd-network.group; + reloadUnits = [ "systemd-networkd.service" ]; + mode = "0640"; + }; + })) + */ + attachSopsPathPrefix = prefix: secrets: + lib.mapAttrs' + (key: settings: + lib.nameValuePair + "${prefix}/${key}" + ({ inherit key; } // settings)) + secrets; +} diff --git a/modules/flake-parts/setups/home-manager.nix b/modules/flake-parts/setups/home-manager.nix index 0ef5509d..73e023ee 100644 --- a/modules/flake-parts/setups/home-manager.nix +++ b/modules/flake-parts/setups/home-manager.nix @@ -22,7 +22,7 @@ let }; inherit pkgs; - lib = pkgs.lib.extend (import ../../../lib/extras/extend-lib.nix); + lib = pkgs.lib; modules = extraModules; }; @@ -236,6 +236,11 @@ in setups.home-manager.sharedModules = [ homeManagerModules + ({ lib, ... }: { + _module.args.foodogsquaredLib = + import ../../../lib/extras/home-manager-set.nix { inherit lib; }; + }) + # Import our private modules... ../../home-manager/_private ]; diff --git a/modules/flake-parts/setups/nixos.nix b/modules/flake-parts/setups/nixos.nix index a8542ed0..2639d43e 100644 --- a/modules/flake-parts/setups/nixos.nix +++ b/modules/flake-parts/setups/nixos.nix @@ -18,7 +18,7 @@ let nixpkgs = inputs.${nixpkgsBranch}; # Just to be sure, we'll use everything with the given nixpkgs' stdlib. - lib' = nixpkgs.lib.extend (import ../../../lib/extras/extend-lib.nix); + lib = nixpkgs.lib; # A modified version of `nixosSystem` from nixpkgs flake. There is a # recent change at nixpkgs (at 039f73f134546e59ec6f1b56b4aff5b81d889f64) @@ -26,11 +26,10 @@ let # evaluate the NixOS system ourselves. nixosSystem = args: import "${nixpkgs}/nixos/lib/eval-config.nix" args; in - (lib'.makeOverridable nixosSystem) { + (lib.makeOverridable nixosSystem) { specialArgs = { foodogsquaredModulesPath = builtins.toString nixosModules; }; - lib = lib'; modules = extraModules ++ [{ nixpkgs.hostPlatform = lib.mkForce system; }]; @@ -515,6 +514,11 @@ in # Import our private modules. ../../nixos/_private + ({ lib, ... }: { + _module.args.foodogsquaredLib = + import ../../../lib/extras/nixos-set.nix { inherit lib; }; + }) + # Set the home-manager-related settings. ({ lib, ... }: { home-manager.sharedModules = partsConfig.setups.home-manager.sharedModules; diff --git a/modules/flake-parts/setups/nixvim.nix b/modules/flake-parts/setups/nixvim.nix index abdb3825..04a635d1 100644 --- a/modules/flake-parts/setups/nixvim.nix +++ b/modules/flake-parts/setups/nixvim.nix @@ -102,7 +102,14 @@ in }; config = lib.mkIf (cfg.configs != { }) { - setups.nixvim.sharedModules = [ nixvimModules ]; + setups.nixvim.sharedModules = [ + nixvimModules + + ({ lib, ... }: { + _module.args.foodogsquaredLib = + import ../../../lib/extras/nixvim-set.nix { inherit lib; }; + }) + ]; perSystem = { system, config, lib, ... }: ( diff --git a/modules/nixos/workflows/default.nix b/modules/nixos/workflows/default.nix index 2f819b64..2b08e052 100644 --- a/modules/nixos/workflows/default.nix +++ b/modules/nixos/workflows/default.nix @@ -23,7 +23,11 @@ in { config = { assertions = [{ assertion = - let enabledThemes = lib.countAttrs (_: theme: theme.enable) cfg.workflows; + let + countAttrs = pred: attrs: + lib.count (attr: pred attr.name attr.value) + (lib.mapAttrsToList lib.nameValuePair attrs); + enabledThemes = countAttrs (_: theme: theme.enable) cfg.workflows; in cfg.disableLimit || (enabledThemes <= 1); message = "Can't have more than one theme enabled at any given time."; }];