From 29fa1e35fda0a2294efc272c3f6140649a3959a4 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sun, 25 Oct 2020 11:36:16 +0000 Subject: [PATCH] nixos: start using home-manager --- ops/nixos/lib/client.nix | 17 +- ops/nixos/lib/common.nix | 165 ++++++++++-------- ops/nixos/lib/graphical-client.nix | 40 +++-- ops/nixos/lib/home-manager/client.nix | 38 ++++ ops/nixos/lib/home-manager/common.nix | 55 ++++++ .../lib/home-manager/graphical-client.nix | 15 ++ ops/nixos/lib/{ => home-manager}/hgrc | 0 ops/nixos/porcorosso/default.nix | 8 +- 8 files changed, 235 insertions(+), 103 deletions(-) create mode 100644 ops/nixos/lib/home-manager/client.nix create mode 100644 ops/nixos/lib/home-manager/common.nix create mode 100644 ops/nixos/lib/home-manager/graphical-client.nix rename ops/nixos/lib/{ => home-manager}/hgrc (100%) diff --git a/ops/nixos/lib/client.nix b/ops/nixos/lib/client.nix index c917f25e25..ccefd16728 100644 --- a/ops/nixos/lib/client.nix +++ b/ops/nixos/lib/client.nix @@ -2,20 +2,15 @@ # # SPDX-License-Identifier: Apache-2.0 -{ pkgs, depot, lib, ... }: +{ pkgs, config, depot, lib, ... }: let inherit (lib) mkBefore; in { - nix.gc.automatic = false; + imports = [ ../../../third_party/home-manager/nixos ]; - users.users.lukegb.packages = mkBefore (with pkgs; [ - depot.nix.pkgs.copybara - direnv - git - go - graphicsmagick-imagemagick-compat - ripgrep - whois - ]); + config = { + my.home-manager.imports = lib.mkAfter [ ./home-manager/client.nix ]; + nix.gc.automatic = false; + }; } diff --git a/ops/nixos/lib/common.nix b/ops/nixos/lib/common.nix index f0cb90692f..2297ddb513 100644 --- a/ops/nixos/lib/common.nix +++ b/ops/nixos/lib/common.nix @@ -2,90 +2,113 @@ # # SPDX-License-Identifier: Apache-2.0 -{ pkgs, depot, lib, rebuilder, ... }: +{ pkgs, config, depot, lib, rebuilder, ... }@args: let inherit (lib) mkDefault; in { - hardware.enableRedistributableFirmware = true; - - nix = { - nixPath = [ "depot=/home/lukegb/depot/" "nixpkgs=/home/lukegb/depot/third_party/nixpkgs/" ]; - trustedUsers = [ "root" "@wheel" ]; - binaryCaches = lib.mkForce [ "https://cache.nixos.org/" "s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1" ]; - trustedBinaryCaches = lib.mkForce [ "https://cache.nixos.org/" "s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1" ]; - envVars = { - AWS_ACCESS_KEY_ID = "${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}"; - AWS_SECRET_ACCESS_KEY = "${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}"; - }; + options.my.home-manager.imports = lib.mkOption { + type = lib.types.listOf lib.types.path; + default = [ ./home-manager/common.nix ]; }; - nixpkgs.config = depot.third_party.nixpkgsConfig; - - i18n.defaultLocale = "en_GB.UTF-8"; - console.keyMap = "us"; - - time.timeZone = mkDefault "Etc/UTC"; - - environment.systemPackages = with pkgs; [ - vim rxvt_unicode.terminfo tmux rebuilder tailscale rsync - (mercurial.overridePythonAttrs (origAttrs: { - propagatedBuildInputs = origAttrs.propagatedBuildInputs ++ [python3Packages.hg-evolve depot.nix.pkgs.hg-git]; - })) - ]; - - networking.firewall = { - allowPing = true; + options.my.home-manager.system = lib.mkOption { + type = lib.types.nullOr lib.types.anything; + default = null; }; - users.mutableUsers = false; - users.users = let secrets = depot.ops.secrets; in { - root.hashedPassword = secrets.passwordHashes.root; - lukegb = { - isNormalUser = true; - uid = 1000; - extraGroups = [ "wheel" ]; - hashedPassword = secrets.passwordHashes.lukegb; + config = { + hardware.enableRedistributableFirmware = true; + + nix = { + nixPath = [ "depot=/home/lukegb/depot/" "nixpkgs=/home/lukegb/depot/third_party/nixpkgs/" ]; + trustedUsers = [ "root" "@wheel" ]; + binaryCaches = lib.mkForce [ "https://cache.nixos.org/" "s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1" ]; + trustedBinaryCaches = lib.mkForce [ "https://cache.nixos.org/" "s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1" ]; + envVars = { + AWS_ACCESS_KEY_ID = "${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}"; + AWS_SECRET_ACCESS_KEY = "${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}"; + }; }; - deployer = { - isSystemUser = true; - uid = 1001; - hashedPassword = "!"; - useDefaultShell = true; - home = "/var/lib/deployer"; - createHome = true; - openssh.authorizedKeys.keyFiles = [ - ../../secrets/deployer_ed25519.pub - ]; + nixpkgs.config = depot.third_party.nixpkgsConfig; + + i18n.defaultLocale = "en_GB.UTF-8"; + console.keyMap = "us"; + + time.timeZone = mkDefault "Etc/UTC"; + + environment.systemPackages = with pkgs; [ + vim rxvt_unicode.terminfo tmux rebuilder tailscale rsync + (mercurial.overridePythonAttrs (origAttrs: { + propagatedBuildInputs = origAttrs.propagatedBuildInputs ++ [python3Packages.hg-evolve depot.nix.pkgs.hg-git]; + })) + ]; + + networking.firewall = { + allowPing = true; }; - }; - security.sudo.extraRules = [{ - users = [ "deployer" ]; - commands = [{ - command = "${rebuilder}/bin/rebuilder"; - options = [ "NOPASSWD" ]; + + users.mutableUsers = false; + users.users = let secrets = depot.ops.secrets; in { + root.hashedPassword = secrets.passwordHashes.root; + lukegb = { + isNormalUser = true; + uid = 1000; + extraGroups = [ "wheel" ]; + hashedPassword = secrets.passwordHashes.lukegb; + }; + deployer = { + isSystemUser = true; + uid = 1001; + hashedPassword = "!"; + useDefaultShell = true; + home = "/var/lib/deployer"; + createHome = true; + openssh.authorizedKeys.keyFiles = [ + ../../secrets/deployer_ed25519.pub + ]; + }; + }; + security.sudo.extraRules = [{ + users = [ "deployer" ]; + commands = [{ + command = "${rebuilder}/bin/rebuilder"; + options = [ "NOPASSWD" ]; + }]; }]; - }]; - security.sudo.extraConfig = '' - Defaults:deployer !requiretty - ''; + security.sudo.extraConfig = '' + Defaults:deployer !requiretty + ''; - programs.mtr.enable = true; - services.openssh.enable = true; - services.tailscale.enable = true; + programs.mtr.enable = true; + services.openssh.enable = true; + services.tailscale.enable = true; - boot = { - kernelModules = [ "tcp_bbr" ]; - kernel.sysctl."net.ipv4.tcp_congestion_control" = "bbr"; - kernel.sysctl."net.core.default_qdisc" = "fq_codel"; - }; + boot = { + kernelModules = [ "tcp_bbr" ]; + kernel.sysctl."net.ipv4.tcp_congestion_control" = "bbr"; + kernel.sysctl."net.core.default_qdisc" = "fq_codel"; + }; - system.activationScripts.lukegb-hgrc = lib.stringAfter [ "users" "groups" ] '' - ln -sfn ${./hgrc} /home/lukegb/.hgrc - ''; + # Clean up daily. + nix.gc = { + automatic = lib.mkDefault true; + dates = "*-*-* 05:00:00"; + }; - # Clean up daily. - nix.gc = { - automatic = lib.mkDefault true; - dates = "*-*-* 05:00:00"; + home-manager.useUserPackages = true; + home-manager.useGlobalPkgs = true; + + systemd.services."home-manager-lukegb" = { + before = [ "display-manager.service" ]; + wantedBy = [ "multi-user.target" ]; + }; + + home-manager.users.lukegb = { pkgs, ... }: ({ + imports = [ ({ + _module.args = args; + })] ++ config.my.home-manager.imports ++ ( + lib.optional (config.my.home-manager.system != null) config.my.home-manager.system + ); + }); }; } diff --git a/ops/nixos/lib/graphical-client.nix b/ops/nixos/lib/graphical-client.nix index b6c6cb7579..1f0fdb2c1f 100644 --- a/ops/nixos/lib/graphical-client.nix +++ b/ops/nixos/lib/graphical-client.nix @@ -11,24 +11,28 @@ in ./client.nix ]; - fonts.fonts = with pkgs; [ - iosevka - ]; - services.udev.packages = [ pkgs.libu2f-host ]; - services.pcscd.enable = true; + config = { + my.home-manager.imports = lib.mkAfter [ ./home-manager/graphical-client.nix ]; - sound.enable = true; - hardware.pulseaudio.enable = true; + fonts.fonts = with pkgs; [ + iosevka + ]; + services.udev.packages = [ pkgs.libu2f-host ]; + services.pcscd.enable = true; - users.users.lukegb.packages = mkBefore (with pkgs; [ - chromium - dino - lutris - pavucontrol - rxvt_unicode - teamspeak_client - virtmanager - xclip - yubioath-desktop - ]); + sound.enable = true; + hardware.pulseaudio.enable = true; + + users.users.lukegb.packages = mkBefore (with pkgs; [ + chromium + dino + lutris + pavucontrol + rxvt_unicode + teamspeak_client + virtmanager + xclip + yubioath-desktop + ]); + }; } diff --git a/ops/nixos/lib/home-manager/client.nix b/ops/nixos/lib/home-manager/client.nix new file mode 100644 index 0000000000..40f2eae1f4 --- /dev/null +++ b/ops/nixos/lib/home-manager/client.nix @@ -0,0 +1,38 @@ +{ depot, lib, pkgs, ... }: +{ + imports = [ ./common.nix ]; + + programs.git = { + enable = true; + package = pkgs.gitAndTools.gitFull; + extraConfig = { + user.name = "Luke Granger-Brown"; + user.email = "git@lukegb.com"; + pull.ff = "only"; + }; + }; + programs.direnv.enable = true; + programs.bash.enableVteIntegration = true; + programs.vim = { + plugins = (with pkgs.vimPlugins; [ + vim-go + ]); + extraConfig = '' + source $VIMRUNTIME/defaults.vim + + let g:go_def_mode='gopls' + let g:go_info_mode='gopls' + let g:go_fmt_command='goimports' + + set mouse= + ''; + }; + + home.packages = lib.mkAfter (with pkgs; [ + depot.nix.pkgs.copybara + go + gopls + goimports + graphicsmagick-imagemagick-compat + ]); +} diff --git a/ops/nixos/lib/home-manager/common.nix b/ops/nixos/lib/home-manager/common.nix new file mode 100644 index 0000000000..e655864813 --- /dev/null +++ b/ops/nixos/lib/home-manager/common.nix @@ -0,0 +1,55 @@ +{ depot, pkgs, ... }: +{ + programs.home-manager.enable = true; + + home.username = "lukegb"; + home.homeDirectory = "/home/lukegb"; + home.file = { + ".hgrc".source = ./hgrc; + }; + + programs.bash = { + enable = true; + enableVteIntegration = true; + + initExtra = '' + function join_by { local IFS="$1"; shift; echo "$*"; } + + if [[ -z "$LAUNCH_SHLVL" ]]; then + export LAUNCH_SHLVL="$SHLVL" + fi + export LAUNCH_DEPTH="$(expr $SHLVL - $LAUNCH_SHLVL)" + export LAUNCH_DEPTH_STR="" + if [[ "$LAUNCH_DEPTH" > 0 ]]; then + if [[ "$PATH" == /nix/store/* ]]; then + declare -a RECENT_PKGS + while read -rd: pathseg; do + if [[ "$pathseg" != /nix/store/* ]]; then + break + fi + RECENT_PKGS+=("$(echo "$pathseg" | sed -E -e 's,^/nix/store/[a-z0-9]+-,,' -e 's,/.*$,,' -e 's,-[0-9.]+$,,')") + done <<< $PATH + RECENT_PKG="$(join_by ":" "''${RECENT_PKGS[@]}")" + if [[ "''${#RECENT_PKG}" > 32 ]]; then + RECENT_PKGS="''${RECENT_PKGS[0]}" + fi + if [[ ! -z "$RECENT_PKG" ]]; then + LAUNCH_DEPTH_STR="[$RECENT_PKG] " + fi + fi + if [[ -z "$LAUNCH_DEPTH_STR" ]]; then + LAUNCH_DEPTH_STR="[$LAUNCH_DEPTH] " + fi + fi + export PS1="\n\[\033[1;32m\]$LAUNCH_DEPTH_STR[\[\e]0;\u@\h: \w\a\]\u@\h:\w]\$ \[\033[0m\]" + ''; + }; + programs.vim.enable = true; + + home.packages = (with pkgs; [ + ripgrep + whois + ]); + + home.stateVersion = "20.09"; +} diff --git a/ops/nixos/lib/home-manager/graphical-client.nix b/ops/nixos/lib/home-manager/graphical-client.nix new file mode 100644 index 0000000000..cf92eaacc6 --- /dev/null +++ b/ops/nixos/lib/home-manager/graphical-client.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: +{ + imports = [ ./client.nix ]; + + gtk = { + enable = true; + gtk3.extraConfig = { + gtk-application-prefer-dark-theme = 1; + }; + }; + qt = { + enable = true; + platformTheme = "gtk"; + }; +} diff --git a/ops/nixos/lib/hgrc b/ops/nixos/lib/home-manager/hgrc similarity index 100% rename from ops/nixos/lib/hgrc rename to ops/nixos/lib/home-manager/hgrc diff --git a/ops/nixos/porcorosso/default.nix b/ops/nixos/porcorosso/default.nix index 67353f11d7..729053f963 100644 --- a/ops/nixos/porcorosso/default.nix +++ b/ops/nixos/porcorosso/default.nix @@ -110,7 +110,7 @@ in { if [[ $EUID -ne 0 ]]; then exec sudo "$0" "$@" fi - + efibootmgr -n 0001 systemctl reboot '') @@ -142,7 +142,9 @@ in { # Define a user account. users.users.lukegb = { extraGroups = [ "wheel" "networkmanager" ]; - packages = with pkgs; [ + }; + my.home-manager.system = {...}: { + home.packages = lib.mkAfter (with pkgs; [ (steam.override { extraProfile = nvidia-offload-profile; }) (writeScriptBin "javaws" '' #!/bin/sh @@ -160,7 +162,7 @@ in { iotop iw vulkan-tools - ]; + ]); }; # github.com/target/lorri