npins

hive.nix

@@ -1,16 +1,20 @@
 let
   mods = import ./modules;
   users = import ./users;
+  sources = import ./npins;
 in
 {
-  meta.nixpkgs = <nixpkgs>;
+  meta.nixpkgs = import sources.nixpkgs { };
   meta.specialArgs = {
-    inherit mods users;
+    inherit mods users sources;
   };
   defaults =
     { name, pkgs, ... }:
     {
-      imports = [ <home-manager/nixos> ];
+      imports = [
+        "${sources.home-manager}/nixos"
+        "${sources.agenix}/modules/age.nix"
+      ];
       boot.tmp.useTmpfs = true;
       networking.hostName = name;
       nix.package = pkgs.lix;
@@ -91,7 +95,12 @@ in
     };
 
   kat-iso =
-    { name, pkgs, ... }:
+    {
+      name,
+      pkgs,
+      modulesPath,
+      ...
+    }:
     {
       deployment = {
         allowLocalDeployment = false;
@@ -99,7 +108,7 @@ in
       };
 
       imports = [
-        <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel-no-zfs.nix>
+        (modulesPath + "/installer/cd-dvd/installation-cd-minimal-new-kernel-no-zfs.nix")
         (users.root { ssh = true; })
       ];
 

machines/kat-probook/configuration.nix

@@ -9,7 +9,6 @@
 {
   imports = [
     ./hardware-configuration.nix
-    <agenix/modules/age.nix>
     ./secrets.nix
     # ./router.nix
   ];

machines/kat-r86s/router.nix

@@ -22,21 +22,21 @@
   #   ];
   # };
 
-#  networking.useDHCP = false;
+  #  networking.useDHCP = false;
   networking.interfaces.enp3s0.useDHCP = lib.mkForce false;
   networking.interfaces.enp2s0.useDHCP = lib.mkForce false;
   networking.interfaces.enp1s0.useDHCP = lib.mkForce true;
   networking.useNetworkd = true;
 
-#  services.dnsmasq = {
+  #  services.dnsmasq = {
-#    enable = true;
+  #    enable = true;
-#    settings = {
+  #    settings = {
-#      interface = [ "vlan-admin" ];
+  #      interface = [ "vlan-admin" ];
-#      bind-dynamic = true;
+  #      bind-dynamic = true;
-#      dhcp-option = "3,0.0.0.0";
+  #      dhcp-option = "3,0.0.0.0";
-#      dhcp-range = "192.168.222.100,192.168.222.254,255.255.255.0,infinite";
+  #      dhcp-range = "192.168.222.100,192.168.222.254,255.255.255.0,infinite";
-#    };
+  #    };
-#  };
+  #  };
 
   systemd.network = {
     enable = true;

machines/kat-runner/configuration.nix

@@ -22,8 +22,8 @@
         "fe80::3/64"
       ];
       routes = [
-        { routeConfig.Gateway = "192.168.122.1"; }
+        { Gateway = "192.168.122.1"; }
-        { routeConfig.Gateway = "fe80::1"; }
+        { Gateway = "fe80::1"; }
       ];
     };
   };

npins/default.nix

@@ -0,0 +1,80 @@
+# Generated by npins. Do not modify; will be overwritten regularly
+let
+  data = builtins.fromJSON (builtins.readFile ./sources.json);
+  version = data.version;
+
+  mkSource =
+    spec:
+    assert spec ? type;
+    let
+      path =
+        if spec.type == "Git" then
+          mkGitSource spec
+        else if spec.type == "GitRelease" then
+          mkGitSource spec
+        else if spec.type == "PyPi" then
+          mkPyPiSource spec
+        else if spec.type == "Channel" then
+          mkChannelSource spec
+        else
+          builtins.throw "Unknown source type ${spec.type}";
+    in
+    spec // { outPath = path; };
+
+  mkGitSource =
+    {
+      repository,
+      revision,
+      url ? null,
+      hash,
+      branch ? null,
+      ...
+    }:
+    assert repository ? type;
+    # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
+    # In the latter case, there we will always be an url to the tarball
+    if url != null then
+      (builtins.fetchTarball {
+        inherit url;
+        sha256 = hash; # FIXME: check nix version & use SRI hashes
+      })
+    else
+      assert repository.type == "Git";
+      let
+        urlToName =
+          url: rev:
+          let
+            matched = builtins.match "^.*/([^/]*)(\\.git)?$" repository.url;
+
+            short = builtins.substring 0 7 rev;
+
+            appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else "";
+          in
+          "${if matched == null then "source" else builtins.head matched}${appendShort}";
+        name = urlToName repository.url revision;
+      in
+      builtins.fetchGit {
+        url = repository.url;
+        rev = revision;
+        inherit name;
+        # hash = hash;
+      };
+
+  mkPyPiSource =
+    { url, hash, ... }:
+    builtins.fetchurl {
+      inherit url;
+      sha256 = hash;
+    };
+
+  mkChannelSource =
+    { url, hash, ... }:
+    builtins.fetchTarball {
+      inherit url;
+      sha256 = hash;
+    };
+in
+if version == 3 then
+  builtins.mapAttrs (_: mkSource) data.pins
+else
+  throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"

npins/sources.json

@@ -0,0 +1,35 @@
+{
+  "pins": {
+    "agenix": {
+      "type": "Git",
+      "repository": {
+        "type": "GitHub",
+        "owner": "ryantm",
+        "repo": "agenix"
+      },
+      "branch": "main",
+      "revision": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
+      "url": "https://github.com/ryantm/agenix/archive/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9.tar.gz",
+      "hash": "1lpkwinlax40b7xgzspbkm9rsi4a1x48hxhixnni4irxxwnav0ah"
+    },
+    "home-manager": {
+      "type": "Git",
+      "repository": {
+        "type": "GitHub",
+        "owner": "nix-community",
+        "repo": "home-manager"
+      },
+      "branch": "master",
+      "revision": "0eb314b4f0ba337e88123e0b1e57ef58346aafd9",
+      "url": "https://github.com/nix-community/home-manager/archive/0eb314b4f0ba337e88123e0b1e57ef58346aafd9.tar.gz",
+      "hash": "1fwcxx8ilkih855g2dk9n9wvhizkxy1r16x414n3rchqg8knybhw"
+    },
+    "nixpkgs": {
+      "type": "Channel",
+      "name": "nixpkgs-unstable",
+      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre633168.6132b0f6e344/nixexprs.tar.xz",
+      "hash": "0jli5364mw57krjc9csswc3xh1bvbjcv85hf81l9gx7fcp5qkswa"
+    }
+  },
+  "version": 3
+}