feat(grfn/system): Resuscitate roswell

Resuscitate the configuration for roswell, the semi-portable
configuration I use for ec2 development boxes. Lots of the changes here
are trying to get Tramp working.

Change-Id: I2dc2fd1d9aa76e145fa3f3f847af761cb652ab47
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5798
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI

users/grfn/system/home/machines/roswell.nix

@@ -1,7 +1,7 @@
 { pkgs, lib, config, ... }:
 
 let
-  laptopKeyboardId = "5";
+  inherit (builtins) pathExists;
 in
 
 {
@@ -11,7 +11,9 @@ in
     ../modules/development.nix
     ../modules/emacs.nix
     ../modules/vim.nix
-  ];
+    ../modules/development/readyset.nix
+    ../modules/tmux.nix
+  ] ++ (lib.optional (pathExists ../modules/private.nix) ../modules/private.nix);
 
   home.packages = with pkgs; [
     # System utilities
@@ -36,6 +38,12 @@ in
     nix-prefetch-github
     nix-review
     cachix
+
+    # ReadySet stuff
+    nodejs
+    mysql80
+
+    (writeShellScriptBin "xdg-open" "echo xdg-open: \"$@\"")
   ];
 
   programs.password-store.enable = true;

users/grfn/system/home/machines/yeren.nix

@@ -9,6 +9,8 @@ in
   imports = [
     ../platforms/linux.nix
     ../modules/common.nix
+    ../modules/desktop.nix
+    ../modules/development/agda.nix
     ../modules/development/readyset.nix
   ] ++ (lib.optional (pathExists ../modules/private.nix) ../modules/private.nix);
 

users/grfn/system/home/modules/common.nix

@@ -1,6 +1,7 @@
 { config, lib, pkgs, ... }:
 
-# Everything in here needs to work on linux or darwin
+# Everything in here needs to work on linux or darwin, with or without a desktop
+# environment
 
 {
   imports = [
@@ -55,6 +56,18 @@
       system=$(readlink -ef /tmp/mugwump)
       ssh mugwump sudo nix-env -p /nix/var/nix/profiles/system --set $system
       ssh mugwump sudo $system/bin/switch-to-configuration switch
+      rm /tmp/mugwump
+    '')
+    (writeShellScriptBin "rebuild-roswell" ''
+      set -eo pipefail
+      cd ~/code/depot
+      nix build -f . users.grfn.system.system.roswellSystem -o /tmp/roswell
+      nix copy -f . users.grfn.system.system.roswellSystem \
+        --to ssh://roswell
+      system=$(readlink -ef /tmp/roswell)
+      ssh roswell sudo nix-env -p /nix/var/nix/profiles/system --set $system
+      ssh roswell sudo $system/bin/switch-to-configuration switch
+      rm /tmp/roswell
     '')
     (writeShellScriptBin "rebuild-home" ''
       set -eo pipefail
@@ -95,7 +108,6 @@
 
       "roswell" = {
         host = "roswell";
-        hostname = "18.223.118.13";
         forwardAgent = true;
       };
     };

users/grfn/system/home/modules/desktop.nix

@@ -0,0 +1,29 @@
+{ config, lib, pkgs, ... }:
+
+# Things that only work in the presence of a linux desktop environment
+
+{
+  imports = [
+    ./i3.nix
+    ./obs.nix
+    ./games.nix
+  ];
+
+  home.packages = with pkgs; [
+    ntfy
+  ];
+
+  programs.zsh.initExtra = ''
+    eval "$(${pkgs.ntfy}/bin/ntfy shell-integration)"
+  '';
+
+  services.syncthing.tray.enable = true;
+
+  gtk = {
+    enable = true;
+    gtk3.bookmarks = [
+      "file:///home/grfn/code"
+      "file:///home/grfn/notes"
+    ];
+  };
+}

users/grfn/system/home/modules/development/readyset.nix

@@ -28,4 +28,11 @@
   programs.zsh.shellAliases = {
     "tf" = "terraform";
   };
+
+  home.file.".docker/config.json".text = builtins.toJSON {
+    credHelpers = {
+      "305232526136.dkr.ecr.us-east-2.amazonaws.com" = "ecr-login";
+      "public.ecr.aws" = "ecr-login";
+    };
+  };
 }

users/grfn/system/home/modules/emacs.nix

@@ -100,10 +100,7 @@ in
     }
     (mkIf pkgs.stdenv.isLinux {
       # Notes
-      services.syncthing = {
-        enable = true;
-        tray.enable = true;
-      };
+      services.syncthing.enable = true;
     })
   ];
 }

users/grfn/system/home/modules/lib/cloneRepo.nix

@@ -62,10 +62,13 @@ with lib;
           in hm.dag.entryAfter ([ "writeBoundary" ] ++ after) ''
             $DRY_RUN_CMD mkdir -p $(dirname "${path}")
             if [[ ! -d ${path} ]]; then
-              $DRY_RUN_CMD git clone "${repoURL}" "${path}"
-              pushd ${path}
-              $DRY_RUN_CMD ${onClone}
-              popd
+              if $DRY_RUN_CMD git clone "${repoURL}" "${path}"; then
+                pushd ${path}
+                $DRY_RUN_CMD ${onClone}
+                popd
+              else
+                echo "Git repository ${path} failed to clone"
+              fi
             fi
           '')
         config.grfn.impure.clonedRepos;

users/grfn/system/home/modules/pure.zsh-theme

@@ -92,6 +92,10 @@ prompt_pure_nix_info() {
 }
 
 prompt_pure_precmd() {
+	if [[ "$TERM" == "dumb" ]]; then
+		return
+	fi
+
 	# shows the full path in the title
 	print -Pn '\e]0;%~\a'
 

users/grfn/system/home/modules/shell.nix

@@ -68,7 +68,6 @@ in
   home.packages = with pkgs; [
     zsh
     autojump
-    ntfy
   ];
 
   home.sessionVariables = {
@@ -133,6 +132,12 @@ in
       };
     }];
 
+    initExtraFirst = ''
+      if [[ "$TERM" = "dumb" ]]; then
+        return
+      fi
+    '';
+
     initExtraBeforeCompInit = ''
       zstyle ':completion:*' completer _complete _ignored _correct _approximate
       zstyle ':completion:*' matcher-list \'\' 'm:{[:lower:]}={[:upper:]} m:{[:lower:][:upper:]}={[:upper:][:lower:]} r:|[._- :]=** r:|=**' 'l:|=* r:|=*'
@@ -145,33 +150,32 @@ in
     '';
 
     initExtra = ''
-      source ${./zshrc}
-      source ${pkgs.fetchFromGitHub {
-        owner = "zsh-users";
-        repo = "zsh-syntax-highlighting";
-        rev = "7678a8a22780141617f809002eeccf054bf8f448";
-        sha256 = "0xh4fbd54kvwwpqvabk8lpw7m80phxdzrd75q3y874jw0xx1a9q6";
-      }}/zsh-syntax-highlighting.zsh
-      source ${pkgs.autojump}/share/autojump/autojump.zsh
-      source ${pkgs.fetchFromGitHub {
-        owner = "chisui";
-        repo = "zsh-nix-shell";
-        rev = "a65382a353eaee5a98f068c330947c032a1263bb";
-        sha256 = "0l41ac5b7p8yyjvpfp438kw7zl9dblrpd7icjg1v3ig3xy87zv0n";
-      }}/nix-shell.plugin.zsh
+      if [[ "$TERM" != "dumb" ]]; then
+        source ${./zshrc}
+        source ${pkgs.fetchFromGitHub {
+          owner = "zsh-users";
+          repo = "zsh-syntax-highlighting";
+          rev = "7678a8a22780141617f809002eeccf054bf8f448";
+          sha256 = "0xh4fbd54kvwwpqvabk8lpw7m80phxdzrd75q3y874jw0xx1a9q6";
+        }}/zsh-syntax-highlighting.zsh
+        source ${pkgs.autojump}/share/autojump/autojump.zsh
+        source ${pkgs.fetchFromGitHub {
+          owner = "chisui";
+          repo = "zsh-nix-shell";
+          rev = "a65382a353eaee5a98f068c330947c032a1263bb";
+          sha256 = "0l41ac5b7p8yyjvpfp438kw7zl9dblrpd7icjg1v3ig3xy87zv0n";
+        }}/nix-shell.plugin.zsh
 
-      eval "$(${pkgs.ntfy}/bin/ntfy shell-integration)"
-
-      export RPS1=""
-      autoload -U promptinit; promptinit
-      prompt pure
+        export RPS1=""
+        autoload -U promptinit; promptinit
+        prompt pure
+      fi
 
       if [[ "$TERM" == "dumb" ]]; then
         unsetopt zle
         unsetopt prompt_cr
         unsetopt prompt_subst
-        unfunction precmd
-        unfunction preexec
+        unset zle_bracketed_paste
         export PS1='$ '
       fi
     '';

users/grfn/system/home/modules/tmux.nix

@@ -0,0 +1,42 @@
+{ config, lib, pkgs, ... }:
+
+{
+  programs.tmux = {
+    enable = true;
+    customPaneNavigationAndResize = true;
+    keyMode = "vi";
+    newSession = true;
+    prefix = "C-a";
+    shell = "${pkgs.zsh}/bin/zsh";
+    shortcut = "a";
+
+    extraConfig = ''
+      set -g status-bg "colour0"
+      set -g message-command-fg "colour7"
+      set -g status-justify "centre"
+      set -g status-left-length "100"
+      set -g status "on"
+      set -g pane-active-border-fg "colour14"
+      set -g message-bg "colour11"
+      set -g status-right-length "100"
+      set -g status-right-attr "none"
+      set -g message-fg "colour7"
+      set -g message-command-bg "colour11"
+      set -g status-attr "none"
+      # set -g status-utf8 "on"
+      set -g pane-border-fg "colour11"
+      set -g status-left-attr "none"
+      setw -g window-status-fg "colour10"
+      setw -g window-status-attr "none"
+      setw -g window-status-activity-bg "colour0"
+      setw -g window-status-activity-attr "none"
+      setw -g window-status-activity-fg "colour14"
+      setw -g window-status-separator ""
+      setw -g window-status-bg "colour0"
+      set -g status-left "#[fg=colour15,bg=colour14,bold] #S #[fg=colour14,bg=colour11,nobold,nounderscore,noitalics]#[fg=colour7,bg=colour11] #F #[fg=colour11,bg=colour0,nobold,nounderscore,noitalics]#[fg=colour10,bg=colour0] #W #[fg=colour0,bg=colour0,nobold,nounderscore,noitalics]"
+      set -g status-right "#{battery_status_bg} Batt: #{battery_percentage} #{battery_remain} | #[fg=colour0,bg=colour0,nobold,nounderscore,noitalics]#[fg=colour10,bg=colour0] %a #[fg=colour11,bg=colour0,nobold,nounderscore,noitalics]#[fg=colour7,bg=colour11] %b %d  %R #[fg=colour14,bg=colour11,nobold,nounderscore,noitalics]#[fg=colour15,bg=colour14] #H "
+      setw -g window-status-format "#[fg=colour0,bg=colour0,nobold,nounderscore,noitalics]#[default] #I  #W #[fg=colour0,bg=colour0,nobold,nounderscore,noitalics]"
+      setw -g window-status-current-format "#[fg=colour0,bg=colour11,nobold,nounderscore,noitalics]#[fg=colour7,bg=colour11] #I  #W #[fg=colour11,bg=colour0,nobold,nounderscore,noitalics]"
+    '';
+  };
+}

users/grfn/system/home/platforms/linux.nix

@@ -15,8 +15,6 @@ in
     ../modules/email.nix
     ../modules/firefox.nix
     ../modules/games.nix
-    ../modules/obs.nix
-    ../modules/i3.nix
     ../modules/shell.nix
     ../modules/tarsnap.nix
     ../modules/vim.nix
@@ -77,15 +75,8 @@ in
     enable = true;
   };
 
-  gtk = {
-    enable = true;
-    gtk3.bookmarks = [
-      "file:///home/grfn/code"
-    ];
-  };
-
   programs.zsh.initExtra = ''
-    [[ ! $IN_NIX_SHELL ]] && alsi -l
+    [[ ! $IN_NIX_SHELL && "$TERM" != "dumb" ]] && alsi -l
   '';
 
   services.lorri.enable = true;

users/grfn/system/system/machines/roswell.nix

@@ -3,10 +3,13 @@
 {
   imports = [
     ../modules/common.nix
+    ../modules/development.nix
     "${modulesPath}/installer/scan/not-detected.nix"
     "${modulesPath}/virtualisation/amazon-image.nix"
   ];
 
+  system.stateVersion = "22.05";
+
   ec2.hvm = true;
 
   networking.hostName = "roswell";
@@ -14,4 +17,13 @@
   users.users.grfn.openssh.authorizedKeys.keys = [
     depot.users.grfn.keys.main
   ];
+
+  boot.loader.systemd-boot.enable = lib.mkForce false;
+  boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
+
+  services.openssh.passwordAuthentication = false;
+
+  services.tailscale.enable = true;
+
+  security.sudo.wheelNeedsPassword = false;
 }

users/grfn/system/system/machines/yeren.nix

@@ -105,15 +105,6 @@
   systemd.services.fprintd.environment.FP_TOD_DRIVERS_DIR =
     "${pkgs.libfprint-2-tod1-goodix}/usr/lib/libfprint-2/tod-1";
 
-  security.pam.loginLimits = [
-    {
-      domain = "grfn";
-      type = "soft";
-      item = "nofile";
-      value = "65535";
-    }
-  ];
-
   security.pam.services = {
     login.fprintAuth = true;
     sudo.fprintAuth = true;

users/grfn/system/system/modules/common.nix

@@ -55,7 +55,6 @@ with lib;
       "wheel"
       "networkmanager"
       "audio"
-      "docker"
     ];
     shell = pkgs.zsh;
   };

users/grfn/system/system/modules/development.nix

@@ -3,4 +3,13 @@
 {
   virtualisation.docker.enable = true;
   users.users.grfn.extraGroups = [ "docker" ];
+
+  security.pam.loginLimits = [
+    {
+      domain = "grfn";
+      type = "soft";
+      item = "nofile";
+      value = "65535";
+    }
+  ];
 }