npins

2024-06-01 00:28:17 +02:00 · 2024-06-01 00:28:17 +02:00 · 82ed339683
commit 82ed339683
parent b0192a4371
6 changed files with 142 additions and 19 deletions
--- a/hive.nix
+++ b/hive.nix
@ -1,16 +1,20 @@
 let
  mods = import ./modules;
  users = import ./users;
+  sources = import ./npins;
 in
 {
-  meta.nixpkgs = <nixpkgs>;
+  meta.nixpkgs = import sources.nixpkgs { };
  meta.specialArgs = {
-    inherit mods users;
+    inherit mods users sources;
  };
  defaults =
    { name, pkgs, ... }:
    {
-      imports = [ <home-manager/nixos> ];
+      imports = [
+        "${sources.home-manager}/nixos"
+        "${sources.agenix}/modules/age.nix"
+      ];
      boot.tmp.useTmpfs = true;
      networking.hostName = name;
      nix.package = pkgs.lix;
@ -91,7 +95,12 @@ in
    };

  kat-iso =
-    { name, pkgs, ... }:
+    {
+      name,
+      pkgs,
+      modulesPath,
+      ...
+    }:
    {
      deployment = {
        allowLocalDeployment = false;
@ -99,7 +108,7 @@ in
      };

      imports = [
-        <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel-no-zfs.nix>
+        (modulesPath + "/installer/cd-dvd/installation-cd-minimal-new-kernel-no-zfs.nix")
        (users.root { ssh = true; })
      ];

--- a/machines/kat-probook/configuration.nix
+++ b/machines/kat-probook/configuration.nix
@ -9,7 +9,6 @@
 {
  imports = [
    ./hardware-configuration.nix
-    <agenix/modules/age.nix>
    ./secrets.nix
    # ./router.nix
  ];
@ -117,7 +116,7 @@
        ca-cert = "${builtins.fetchurl {
          url = "https://letsencrypt.org/certs/isrgrootx1.pem";
          sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92";
-          }}";
+        }}";
      };
      ipv4 = {
        method = "auto";
--- a/machines/kat-r86s/router.nix
+++ b/machines/kat-r86s/router.nix
@ -22,21 +22,21 @@
  #   ];
  # };

-#  networking.useDHCP = false;
+  #  networking.useDHCP = false;
  networking.interfaces.enp3s0.useDHCP = lib.mkForce false;
  networking.interfaces.enp2s0.useDHCP = lib.mkForce false;
  networking.interfaces.enp1s0.useDHCP = lib.mkForce true;
  networking.useNetworkd = true;

-#  services.dnsmasq = {
-#    enable = true;
-#    settings = {
-#      interface = [ "vlan-admin" ];
-#      bind-dynamic = true;
-#      dhcp-option = "3,0.0.0.0";
-#      dhcp-range = "192.168.222.100,192.168.222.254,255.255.255.0,infinite";
-#    };
-#  };
+  #  services.dnsmasq = {
+  #    enable = true;
+  #    settings = {
+  #      interface = [ "vlan-admin" ];
+  #      bind-dynamic = true;
+  #      dhcp-option = "3,0.0.0.0";
+  #      dhcp-range = "192.168.222.100,192.168.222.254,255.255.255.0,infinite";
+  #    };
+  #  };

  systemd.network = {
    enable = true;
--- a/machines/kat-runner/configuration.nix
+++ b/machines/kat-runner/configuration.nix
@ -22,8 +22,8 @@
        "fe80::3/64"
      ];
      routes = [
-        { routeConfig.Gateway = "192.168.122.1"; }
-        { routeConfig.Gateway = "fe80::1"; }
+        { Gateway = "192.168.122.1"; }
+        { Gateway = "fe80::1"; }
      ];
    };
  };
--- a/npins/default.nix
+++ b/npins/default.nix
@ -0,0 +1,80 @@
+# Generated by npins. Do not modify; will be overwritten regularly
+let
+  data = builtins.fromJSON (builtins.readFile ./sources.json);
+  version = data.version;
+
+  mkSource =
+    spec:
+    assert spec ? type;
+    let
+      path =
+        if spec.type == "Git" then
+          mkGitSource spec
+        else if spec.type == "GitRelease" then
+          mkGitSource spec
+        else if spec.type == "PyPi" then
+          mkPyPiSource spec
+        else if spec.type == "Channel" then
+          mkChannelSource spec
+        else
+          builtins.throw "Unknown source type ${spec.type}";
+    in
+    spec // { outPath = path; };
+
+  mkGitSource =
+    {
+      repository,
+      revision,
+      url ? null,
+      hash,
+      branch ? null,
+      ...
+    }:
+    assert repository ? type;
+    # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
+    # In the latter case, there we will always be an url to the tarball
+    if url != null then
+      (builtins.fetchTarball {
+        inherit url;
+        sha256 = hash; # FIXME: check nix version & use SRI hashes
+      })
+    else
+      assert repository.type == "Git";
+      let
+        urlToName =
+          url: rev:
+          let
+            matched = builtins.match "^.*/([^/]*)(\\.git)?$" repository.url;
+
+            short = builtins.substring 0 7 rev;
+
+            appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else "";
+          in
+          "${if matched == null then "source" else builtins.head matched}${appendShort}";
+        name = urlToName repository.url revision;
+      in
+      builtins.fetchGit {
+        url = repository.url;
+        rev = revision;
+        inherit name;
+        # hash = hash;
+      };
+
+  mkPyPiSource =
+    { url, hash, ... }:
+    builtins.fetchurl {
+      inherit url;
+      sha256 = hash;
+    };
+
+  mkChannelSource =
+    { url, hash, ... }:
+    builtins.fetchTarball {
+      inherit url;
+      sha256 = hash;
+    };
+in
+if version == 3 then
+  builtins.mapAttrs (_: mkSource) data.pins
+else
+  throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"
--- a/npins/sources.json
+++ b/npins/sources.json
@ -0,0 +1,35 @@
+{
+  "pins": {
+    "agenix": {
+      "type": "Git",
+      "repository": {
+        "type": "GitHub",
+        "owner": "ryantm",
+        "repo": "agenix"
+      },
+      "branch": "main",
+      "revision": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
+      "url": "https://github.com/ryantm/agenix/archive/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9.tar.gz",
+      "hash": "1lpkwinlax40b7xgzspbkm9rsi4a1x48hxhixnni4irxxwnav0ah"
+    },
+    "home-manager": {
+      "type": "Git",
+      "repository": {
+        "type": "GitHub",
+        "owner": "nix-community",
+        "repo": "home-manager"
+      },
+      "branch": "master",
+      "revision": "0eb314b4f0ba337e88123e0b1e57ef58346aafd9",
+      "url": "https://github.com/nix-community/home-manager/archive/0eb314b4f0ba337e88123e0b1e57ef58346aafd9.tar.gz",
+      "hash": "1fwcxx8ilkih855g2dk9n9wvhizkxy1r16x414n3rchqg8knybhw"
+    },
+    "nixpkgs": {
+      "type": "Channel",
+      "name": "nixpkgs-unstable",
+      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre633168.6132b0f6e344/nixexprs.tar.xz",
+      "hash": "0jli5364mw57krjc9csswc3xh1bvbjcv85hf81l9gx7fcp5qkswa"
+    }
+  },
+  "version": 3
+}