diff --git a/README.md b/README.md index 04de368..70b6a25 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,24 @@ just secrets-sync # shell env vars -> ~/.config/secrets/shell.zsh just secrets-restore-files # SSH keys, AWS, GCloud, Codex, GitHub CLI ``` +## dev + +```bash +nix develop +just check +just fmt +``` + ## layout ``` -hosts/darwin/ - macOS nix-darwin config -hosts/netty/ - NixOS VPS config (disko + hardware) -modules/ - system-level modules (packages, macos defaults, homebrew) -home/ - Home Manager modules (shell, editor, tools) +hosts/darwin/ - macOS host entrypoint +hosts/netty/ - NixOS VPS entrypoint (disko + hardware) +modules/ - shared system modules + devshells +modules/hosts/ - flake-parts host output definitions +modules/nixpkgs.nix - shared flake context (hosts, args, pkgs helpers) +home/ - Home Manager modules +lib/hosts.nix - host metadata used by the flake lib/ - shared package sets and theme system config/ - repo-owned config files (nvim, tmux, etc.) scripts/ - secret management and utility scripts diff --git a/flake.lock b/flake.lock index 7bb5df8..9718ab1 100644 --- a/flake.lock +++ b/flake.lock @@ -76,6 +76,24 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -226,6 +244,21 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1772328832, + "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1767640445, @@ -265,6 +298,7 @@ "agentcomputer-cli": "agentcomputer-cli", "claudeCode": "claudeCode", "disko": "disko", + "flake-parts": "flake-parts", "googleworkspace-cli": "googleworkspace-cli", "home-manager": "home-manager", "nix-darwin": "nix-darwin", diff --git a/flake.nix b/flake.nix index 557a243..5b340ef 100644 --- a/flake.nix +++ b/flake.nix @@ -3,6 +3,7 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + flake-parts.url = "github:hercules-ci/flake-parts"; nix-darwin = { url = "github:nix-darwin/nix-darwin/master"; @@ -24,7 +25,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - agentcomputer-cli = { url = "path:/Users/rathi/Documents/GitHub/companion/agentcomputer/apps/cli"; inputs.nixpkgs.follows = "nixpkgs"; @@ -44,96 +44,14 @@ }; }; - outputs = inputs @ { - self, - nixpkgs, - nix-darwin, - home-manager, - claudeCode, - nix-homebrew, - ... - }: let - darwinSystem = "aarch64-darwin"; - linuxSystem = "x86_64-linux"; - username = "rathi"; - darwinConfigName = "darwin"; - darwinMachineHostname = "hari-macbook-pro"; - linuxConfigName = "netty"; - linuxHostname = "netty"; - darwinPkgs = import nixpkgs {system = darwinSystem;}; - linuxPkgs = import nixpkgs { - system = linuxSystem; - config.allowUnfree = true; - }; - in { - formatter.${darwinSystem} = darwinPkgs.alejandra; - formatter.${linuxSystem} = linuxPkgs.alejandra; - - darwinConfigurations.${darwinConfigName} = nix-darwin.lib.darwinSystem { - system = darwinSystem; - specialArgs = { - inherit inputs self username; - hostname = darwinMachineHostname; - }; - modules = [ - ./hosts/${darwinConfigName} - home-manager.darwinModules.home-manager - nix-homebrew.darwinModules.nix-homebrew - { - users.users.${username}.home = "/Users/${username}"; - - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.extraSpecialArgs = { - inherit inputs self username; - hostname = darwinMachineHostname; - }; - home-manager.backupFileExtension = "hm-bak"; - home-manager.users.${username} = import ./home; - - nix-homebrew = { - enable = true; - enableRosetta = true; - user = username; - autoMigrate = true; - }; - } + outputs = + inputs@{ flake-parts, ... }: + flake-parts.lib.mkFlake { inherit inputs; } { + imports = [ + ./modules/nixpkgs.nix + ./modules/devshells.nix + ./modules/hosts/darwin.nix + ./modules/hosts/netty.nix ]; }; - - nixosConfigurations.${linuxConfigName} = nixpkgs.lib.nixosSystem { - system = linuxSystem; - specialArgs = { - inherit inputs self username; - hostname = linuxHostname; - }; - modules = [ - inputs.disko.nixosModules.disko - ./hosts/${linuxConfigName}/configuration.nix - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.extraSpecialArgs = { - inherit inputs self username; - hostname = linuxHostname; - }; - home-manager.backupFileExtension = "hm-bak"; - home-manager.users.${username} = import ./home/netty.nix; - } - ]; - }; - - # Standalone Home Manager config (fallback for non-NixOS Linux) - homeConfigurations.${linuxConfigName} = home-manager.lib.homeManagerConfiguration { - pkgs = linuxPkgs; - extraSpecialArgs = { - inherit inputs self username; - hostname = linuxConfigName; - }; - modules = [ - ./hosts/${linuxConfigName} - ]; - }; - }; } diff --git a/home/git.nix b/home/git.nix index 4d68d8f..7eda60b 100644 --- a/home/git.nix +++ b/home/git.nix @@ -2,6 +2,7 @@ programs.git = { enable = true; lfs.enable = true; + signing.format = "openpgp"; settings = { user = { diff --git a/hosts/netty/configuration.nix b/hosts/netty/configuration.nix index 0316d87..9fcbe92 100644 --- a/hosts/netty/configuration.nix +++ b/hosts/netty/configuration.nix @@ -11,6 +11,7 @@ in { imports = [ ./hardware-configuration.nix ./disk-config.nix + ../../modules/base.nix ]; boot.loader.grub = { @@ -52,35 +53,12 @@ in { security.sudo.wheelNeedsPassword = false; - programs.zsh.enable = true; - environment.shells = [pkgs.zsh]; + nix.settings.trusted-users = lib.mkForce [ + "root" + username + ]; - environment.variables = { - EDITOR = "nvim"; - VISUAL = "nvim"; - }; - - nix.settings = { - auto-optimise-store = true; - experimental-features = [ - "nix-command" - "flakes" - ]; - trusted-users = [ - "root" - username - ]; - }; - - nix.gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 14d"; - }; - - nixpkgs.config.allowUnfree = true; - - environment.systemPackages = packageSets.core ++ packageSets.extras ++ [ + environment.systemPackages = packageSets.extras ++ [ pkgs.bubblewrap pkgs.pnpm ]; diff --git a/justfile b/justfile index 8a0c150..ee60ce5 100644 --- a/justfile +++ b/justfile @@ -17,7 +17,8 @@ switch config='darwin': if [[ "{{config}}" == "darwin" ]]; then sudo env PATH="$PATH" nix --extra-experimental-features 'nix-command flakes' run github:nix-darwin/nix-darwin/master#darwin-rebuild -- switch --flake path:.#{{config}} else - nix --extra-experimental-features 'nix-command flakes' run github:nix-community/home-manager -- switch --flake path:.#{{config}} -b hm-bak + backup_ext="hm-bak-$(date +%Y%m%d-%H%M%S)" + nix --extra-experimental-features 'nix-command flakes' run github:nix-community/home-manager -- switch --flake path:.#{{config}} -b "$backup_ext" fi fmt: diff --git a/lib/hosts.nix b/lib/hosts.nix new file mode 100644 index 0000000..2aaef04 --- /dev/null +++ b/lib/hosts.nix @@ -0,0 +1,21 @@ +{ username }: +{ + darwin = { + name = "darwin"; + kind = "darwin"; + system = "aarch64-darwin"; + hostname = "hari-macbook-pro"; + homeModule = ../home; + homeDirectory = "/Users/${username}"; + }; + + netty = { + name = "netty"; + kind = "nixos"; + system = "x86_64-linux"; + hostname = "netty"; + homeModule = ../home/netty.nix; + standaloneHomeModule = ../hosts/netty; + homeDirectory = "/home/${username}"; + }; +} diff --git a/modules/base.nix b/modules/base.nix index 8af1303..8e1ed86 100644 --- a/modules/base.nix +++ b/modules/base.nix @@ -10,6 +10,7 @@ in { nix.enable = true; nix.settings = { + auto-optimise-store = true; experimental-features = [ "nix-command" "flakes" @@ -18,17 +19,28 @@ in { "@admin" username ]; + use-xdg-base-directories = true; }; - nix.gc = { - automatic = true; - interval = { - Weekday = 7; - Hour = 3; - Minute = 0; - }; - options = "--delete-older-than 14d"; - }; + nix.gc = + { + automatic = true; + options = "--delete-older-than 14d"; + } + // ( + if pkgs.stdenv.isDarwin then + { + interval = { + Weekday = 7; + Hour = 3; + Minute = 0; + }; + } + else + { + dates = "weekly"; + } + ); nixpkgs.config.allowUnfree = true; diff --git a/modules/devshells.nix b/modules/devshells.nix new file mode 100644 index 0000000..925c045 --- /dev/null +++ b/modules/devshells.nix @@ -0,0 +1,23 @@ +{ ... }: +{ + perSystem = + { pkgs, ... }: + { + formatter = pkgs.nixfmt-tree; + + devShells.default = pkgs.mkShell { + packages = with pkgs; [ + deadnix + git + just + nixfmt-tree + nodePackages.prettier + pre-commit + selene + shfmt + statix + stylua + ]; + }; + }; +} diff --git a/modules/hosts/darwin.nix b/modules/hosts/darwin.nix new file mode 100644 index 0000000..12320eb --- /dev/null +++ b/modules/hosts/darwin.nix @@ -0,0 +1,33 @@ +{ + hosts, + inputs, + username, + mkSpecialArgs, + mkHomeManagerModule, + ... +}: +let + host = hosts.darwin; +in +{ + flake.darwinConfigurations.${host.name} = inputs.nix-darwin.lib.darwinSystem { + system = host.system; + specialArgs = mkSpecialArgs host; + modules = [ + ../../hosts/${host.name} + inputs.home-manager.darwinModules.home-manager + inputs.nix-homebrew.darwinModules.nix-homebrew + { + users.users.${username}.home = host.homeDirectory; + + nix-homebrew = { + enable = true; + enableRosetta = true; + user = username; + autoMigrate = true; + }; + } + (mkHomeManagerModule host) + ]; + }; +} diff --git a/modules/hosts/netty.nix b/modules/hosts/netty.nix new file mode 100644 index 0000000..a5d090e --- /dev/null +++ b/modules/hosts/netty.nix @@ -0,0 +1,33 @@ +{ + hosts, + inputs, + mkPkgs, + mkSpecialArgs, + mkHomeManagerModule, + ... +}: +let + host = hosts.netty; +in +{ + flake = { + nixosConfigurations.${host.name} = inputs.nixpkgs.lib.nixosSystem { + system = host.system; + specialArgs = mkSpecialArgs host; + modules = [ + inputs.disko.nixosModules.disko + ../../hosts/${host.name}/configuration.nix + inputs.home-manager.nixosModules.home-manager + (mkHomeManagerModule host) + ]; + }; + + homeConfigurations.${host.name} = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = mkPkgs host.system; + extraSpecialArgs = mkSpecialArgs host; + modules = [ + host.standaloneHomeModule + ]; + }; + }; +} diff --git a/modules/nixpkgs.nix b/modules/nixpkgs.nix new file mode 100644 index 0000000..cbc9007 --- /dev/null +++ b/modules/nixpkgs.nix @@ -0,0 +1,45 @@ +{ + self, + inputs, + lib, + ... +}: +let + username = "rathi"; + hosts = import ../lib/hosts.nix { inherit username; }; + + mkPkgs = + system: + import inputs.nixpkgs { + inherit system; + config.allowUnfree = true; + }; + + mkSpecialArgs = host: { + inherit inputs self username; + hostname = host.hostname; + }; + + mkHomeManagerModule = + host: + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.extraSpecialArgs = mkSpecialArgs host; + home-manager.backupCommand = "bash ${../scripts/home-manager-backup.sh}"; + home-manager.users.${username} = import host.homeModule; + }; +in +{ + systems = lib.unique (map (host: host.system) (builtins.attrValues hosts)); + + _module.args = { + inherit + username + hosts + mkPkgs + mkSpecialArgs + mkHomeManagerModule + ; + }; +} diff --git a/scripts/home-manager-backup.sh b/scripts/home-manager-backup.sh new file mode 100644 index 0000000..f093f91 --- /dev/null +++ b/scripts/home-manager-backup.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash +set -euo pipefail + +if [[ $# -eq 0 ]]; then + exit 0 +fi + +target_path="${1:?expected target path}" +base_backup="${target_path}.hm-bak" + +if [[ ! -e "$base_backup" ]]; then + mv "$target_path" "$base_backup" + exit 0 +fi + +timestamp="$(date +%Y%m%d-%H%M%S)" +backup_path="${base_backup}.${timestamp}" +suffix=0 + +while [[ -e "$backup_path" ]]; do + suffix=$((suffix + 1)) + backup_path="${base_backup}.${timestamp}.${suffix}" +done + +mv "$target_path" "$backup_path"