From 795ea2858393c0eb9f5e55d37317bc2e7964c47e Mon Sep 17 00:00:00 2001 From: Nikolaos Karaolidis Date: Sun, 17 Aug 2025 16:47:20 +0300 Subject: [PATCH] Flakify lib, sas Signed-off-by: Nikolaos Karaolidis --- .gitignore | 7 +++ .gitmodules | 3 ++ README.md | 11 +++-- flake.lock | 44 ++++++++++++++++--- flake.nix | 22 +++++++--- .../configs/user/gui/spicetify/default.nix | 9 ++-- hosts/elara/configs/globalprotect/default.nix | 29 ++++++++++++ lib/default.nix | 5 --- lib/fetchers/default.nix | 4 -- lib/fetchers/sshKnownHosts/default.nix | 33 -------------- lib/runtime/default.nix | 4 -- lib/runtime/merge/default.nix | 4 -- lib/runtime/merge/keyValue/default.nix | 11 ----- lib/runtime/merge/keyValue/key-value.sh | 15 ------- packages/ssh/known-hosts/github/default.nix | 2 +- packages/ssh/known-hosts/gitlab/default.nix | 2 +- {lib/scripts => scripts}/add-host.sh | 0 {lib/scripts => scripts}/remove-host.sh | 0 {lib/scripts => scripts}/update-keys.sh | 0 {lib/scripts => scripts}/update.sh | 0 submodules/lib | 1 + submodules/sas | 2 +- 22 files changed, 110 insertions(+), 98 deletions(-) create mode 100644 .gitignore create mode 100644 hosts/elara/configs/globalprotect/default.nix delete mode 100644 lib/default.nix delete mode 100644 lib/fetchers/default.nix delete mode 100644 lib/fetchers/sshKnownHosts/default.nix delete mode 100644 lib/runtime/default.nix delete mode 100644 lib/runtime/merge/default.nix delete mode 100644 lib/runtime/merge/keyValue/default.nix delete mode 100644 lib/runtime/merge/keyValue/key-value.sh rename {lib/scripts => scripts}/add-host.sh (100%) rename {lib/scripts => scripts}/remove-host.sh (100%) rename {lib/scripts => scripts}/update-keys.sh (100%) rename {lib/scripts => scripts}/update.sh (100%) create mode 160000 submodules/lib diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5631c13 --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +# ---> Nix +# Ignore build outputs from performing a nix-build or `nix build` command +result +result-* + +# Ignore automatically generated direnv output +.direnv diff --git a/.gitmodules b/.gitmodules index a0025f4..5548b5c 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,3 +4,6 @@ [submodule "sas"] path = submodules/sas url = git@karaolidis.com:karaolidis/nix-sas.git +[submodule "submodules/lib"] + path = submodules/lib + url = git@karaolidis.com:karaolidis/nix-lib.git diff --git a/README.md b/README.md index c625bac..8bfbc11 100644 --- a/README.md +++ b/README.md @@ -18,12 +18,11 @@ NixOS dotfiles and configuration for various hosts and users. - [`packages/`](./packages/): Custom packages. -- [`lib/`](./lib): Nix library function definitions and utilities. - - [`scripts/`](./lib/scripts): Utility scripts for managing the repository. - - [`add-host.sh`](./lib/scripts/add-host.sh): Instantiate the keys for a new host configuration. - - [`remove-host.sh`](./lib/scripts/remove-host.sh): Remove references to a host. - - [`update-keys.sh`](./lib/scripts/update-keys.sh): Update the encryption keys in all relevant files using `sops.yaml` configurations. - - [`update.sh`](./lib/scripts/update.sh): Update flake and all packages. +- [`scripts/`](./lib/scripts): Utility scripts for managing the repository. + - [`add-host.sh`](./lib/scripts/add-host.sh): Instantiate the keys for a new host configuration. + - [`remove-host.sh`](./lib/scripts/remove-host.sh): Remove references to a host. + - [`update-keys.sh`](./lib/scripts/update-keys.sh): Update the encryption keys in all relevant files using `sops.yaml` configurations. + - [`update.sh`](./lib/scripts/update.sh): Update flake and all packages. Any `options.nix` files create custom option definitions when present. diff --git a/flake.lock b/flake.lock index f8ed82d..585166e 100644 --- a/flake.lock +++ b/flake.lock @@ -225,6 +225,29 @@ "type": "github" } }, + "lib": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": [ + "treefmt-nix" + ] + }, + "locked": { + "lastModified": 1755424080, + "narHash": "sha256-twJkLmKjrtIijjo8ov+n+l1jC5DXIU4wlZ8NH756tsw=", + "ref": "refs/heads/main", + "rev": "00d04c73f6ab7635d05586447fc350491c25989b", + "revCount": 4, + "type": "git", + "url": "https://git.karaolidis.com/karaolidis/nix-lib.git" + }, + "original": { + "type": "git", + "url": "https://git.karaolidis.com/karaolidis/nix-lib.git" + } + }, "nixpkgs": { "locked": { "lastModified": 1754725699, @@ -353,6 +376,7 @@ "flake-utils": "flake-utils", "home-manager": "home-manager", "lanzaboote": "lanzaboote", + "lib": "lib", "nixpkgs": "nixpkgs", "nur": "nur", "nvidia-patch": "nvidia-patch", @@ -387,13 +411,23 @@ } }, "sas": { - "flake": false, + "inputs": { + "lib": [ + "lib" + ], + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": [ + "treefmt-nix" + ] + }, "locked": { - "lastModified": 1755341965, - "narHash": "sha256-A6d2eaKp/AVr7pw6qY860XZMSSMr9suaoKEEKlpYHXo=", + "lastModified": 1755438221, + "narHash": "sha256-9rZCYTQRQc1YKcCukRYGHMZv4oxOH5cTlrc18Ntf79o=", "ref": "refs/heads/main", - "rev": "954fc8c375876169d0549548b0fdf905d3ebe06b", - "revCount": 6, + "rev": "5ff6864ab10b9cdf3262c97aa670dcf42374278f", + "revCount": 7, "type": "git", "url": "ssh://git@karaolidis.com/karaolidis/nix-sas.git" }, diff --git a/flake.nix b/flake.nix index 9bea796..94eac24 100644 --- a/flake.nix +++ b/flake.nix @@ -26,14 +26,27 @@ }; # FIXME: https://github.com/NixOS/nix/issues/12281 - secrets = { - url = "git+ssh://git@karaolidis.com/karaolidis/nix-secrets.git"; - flake = false; + lib = { + url = "git+https://git.karaolidis.com/karaolidis/nix-lib.git"; + inputs = { + nixpkgs.follows = "nixpkgs"; + treefmt-nix.follows = "treefmt-nix"; + }; }; # FIXME: https://github.com/NixOS/nix/issues/12281 sas = { url = "git+ssh://git@karaolidis.com/karaolidis/nix-sas.git"; + inputs = { + nixpkgs.follows = "nixpkgs"; + lib.follows = "lib"; + treefmt-nix.follows = "treefmt-nix"; + }; + }; + + # FIXME: https://github.com/NixOS/nix/issues/12281 + secrets = { + url = "git+ssh://git@karaolidis.com/karaolidis/nix-secrets.git"; flake = false; }; @@ -138,11 +151,10 @@ }; devShells.${system} = import ./hosts/common/shells { inherit pkgs; }; - lib.${system} = import ./lib { inherit pkgs; }; packages.${system} = import ./packages { inherit pkgs inputs system; }; formatter.${system} = treefmt.config.build.wrapper; - checks.formatting.${system} = treefmt.config.build.check inputs.self; + checks.${system}.formatting = treefmt.config.build.check inputs.self; } ); } diff --git a/hosts/common/configs/user/gui/spicetify/default.nix b/hosts/common/configs/user/gui/spicetify/default.nix index fe09e25..abfd3a3 100644 --- a/hosts/common/configs/user/gui/spicetify/default.nix +++ b/hosts/common/configs/user/gui/spicetify/default.nix @@ -7,7 +7,6 @@ ... }: let - selfLib = inputs.self.lib.${system}; hmConfig = config.home-manager.users.${user}; in { @@ -70,7 +69,9 @@ in "spotify/prefs.init" = { source = ./config/prefs; onChange = '' - ${selfLib.runtime.merge.keyValue} "${home}/.config/spotify/prefs.init" "${home}/.config/spotify/prefs" + ${ + inputs.lib.lib.${system}.runtime.merge.keyValue + } "${home}/.config/spotify/prefs.init" "${home}/.config/spotify/prefs" ''; }; @@ -78,7 +79,9 @@ in source = ./config/prefs-user; onChange = '' user=$(cat "${hmConfig.sops.secrets."spotify/username".path}") - ${selfLib.runtime.merge.keyValue} "${home}/.config/spotify/prefs-user.init" "${home}/.config/spotify/Users/''${user}-user/prefs" + ${ + inputs.lib.lib.${system}.runtime.merge.keyValue + } "${home}/.config/spotify/prefs-user.init" "${home}/.config/spotify/Users/''${user}-user/prefs" ''; }; }; diff --git a/hosts/elara/configs/globalprotect/default.nix b/hosts/elara/configs/globalprotect/default.nix new file mode 100644 index 0000000..7b6a7c1 --- /dev/null +++ b/hosts/elara/configs/globalprotect/default.nix @@ -0,0 +1,29 @@ +{ config, inputs, ... }: +{ + sops.secrets = { + "globalprotect/email".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; + "globalprotect/gateway".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; + "globalprotect/ssh/key".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; + "ntfy/username".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; + "ntfy/password".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; + }; + + sas.globalprotect = { + enable = true; + + email.file = config.sops.secrets."globalprotect/email".path; + gateway.file = config.sops.secrets."globalprotect/gateway".path; + + sish = { + host = "karaolidis.com"; + port = "2222"; + keyFile = config.sops.secrets."globalprotect/ssh/key".path; + }; + + ntfy = { + url = "https://ntfy.karaolidis.com/sas"; + username.file = config.sops.secrets."ntfy/username".path; + password.file = config.sops.secrets."ntfy/password".path; + }; + }; +} diff --git a/lib/default.nix b/lib/default.nix deleted file mode 100644 index 8f17b57..0000000 --- a/lib/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ pkgs, ... }: -{ - fetchers = import ./fetchers { inherit pkgs; }; - runtime = import ./runtime { inherit pkgs; }; -} diff --git a/lib/fetchers/default.nix b/lib/fetchers/default.nix deleted file mode 100644 index 2b9448f..0000000 --- a/lib/fetchers/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs, ... }: -{ - sshKnownHosts = import ./sshKnownHosts { inherit pkgs; }; -} diff --git a/lib/fetchers/sshKnownHosts/default.nix b/lib/fetchers/sshKnownHosts/default.nix deleted file mode 100644 index 440c1c0..0000000 --- a/lib/fetchers/sshKnownHosts/default.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ pkgs, ... }: -pkgs.lib.fetchers.withNormalizedHash { } ( - { - host, - name ? "ssh-known-hosts-${host}", - outputHash, - outputHashAlgo, - port ? 22, - keyTypes ? [ - "rsa" - "ecdsa" - "ed25519" - ], - }: - let - keyTypeArgs = pkgs.lib.concatStringsSep "," keyTypes; - in - pkgs.runCommandLocal name - { - inherit outputHash outputHashAlgo; - outputHashMode = "flat"; - preferLocalBuild = true; - - nativeBuildInputs = with pkgs; [ - openssh - gnugrep - coreutils - ]; - } - '' - ssh-keyscan -p ${toString port} -t ${keyTypeArgs} ${host} | grep -v '^#' | sort > $out - '' -) diff --git a/lib/runtime/default.nix b/lib/runtime/default.nix deleted file mode 100644 index 8c9cbce..0000000 --- a/lib/runtime/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs, ... }: -{ - merge = import ./merge { inherit pkgs; }; -} diff --git a/lib/runtime/merge/default.nix b/lib/runtime/merge/default.nix deleted file mode 100644 index 347ec94..0000000 --- a/lib/runtime/merge/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs, ... }: -{ - keyValue = import ./keyValue { inherit pkgs; }; -} diff --git a/lib/runtime/merge/keyValue/default.nix b/lib/runtime/merge/keyValue/default.nix deleted file mode 100644 index e4504c8..0000000 --- a/lib/runtime/merge/keyValue/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, ... }: -"${ - pkgs.writeShellApplication { - name = "merge-key-value"; - runtimeInputs = with pkgs; [ - coreutils - gawk - ]; - text = builtins.readFile ./key-value.sh; - } -}/bin/merge-key-value" diff --git a/lib/runtime/merge/keyValue/key-value.sh b/lib/runtime/merge/keyValue/key-value.sh deleted file mode 100644 index d238bdd..0000000 --- a/lib/runtime/merge/keyValue/key-value.sh +++ /dev/null @@ -1,15 +0,0 @@ -# shellcheck shell=bash - -source=$(realpath -m "$1") -target=$(realpath -m "$2") - -if [[ -f "$target" ]]; then - temp=$(mktemp) - awk -F '=' 'NR==FNR{a[$1]=$0;next}($1 in a){$0=a[$1]}1' "$source" "$target" > "$temp" - mv "$temp" "$target" -else - mkdir -p "$(dirname "$target")" - cp "$source" "$target" -fi - -echo "Configuration file $target has been updated." diff --git a/packages/ssh/known-hosts/github/default.nix b/packages/ssh/known-hosts/github/default.nix index 1858151..a2d1ae6 100644 --- a/packages/ssh/known-hosts/github/default.nix +++ b/packages/ssh/known-hosts/github/default.nix @@ -8,7 +8,7 @@ pkgs.stdenv.mkDerivation { pname = "ssh-known-hosts-github"; version = "0-unstable-2025-02-25"; - src = inputs.self.lib.${system}.fetchers.sshKnownHosts { + src = inputs.lib.lib.${system}.fetchers.sshKnownHosts { host = "github.com"; hash = "sha256-wkNdynz7rhZvfXSAXDpQ2sk40afKAPeYHQ8Ei44CICI="; }; diff --git a/packages/ssh/known-hosts/gitlab/default.nix b/packages/ssh/known-hosts/gitlab/default.nix index 54ad2ca..075c16d 100644 --- a/packages/ssh/known-hosts/gitlab/default.nix +++ b/packages/ssh/known-hosts/gitlab/default.nix @@ -8,7 +8,7 @@ pkgs.stdenv.mkDerivation { pname = "ssh-known-hosts-github"; version = "0-unstable-2025-02-25"; - src = inputs.self.lib.${system}.fetchers.sshKnownHosts { + src = inputs.lib.lib.${system}.fetchers.sshKnownHosts { host = "gitlab.com"; hash = "sha256-5flUNj4vKn1Y2YE8bkUcsW3kQLRKn8WB3uPUxlhZMTk="; }; diff --git a/lib/scripts/add-host.sh b/scripts/add-host.sh similarity index 100% rename from lib/scripts/add-host.sh rename to scripts/add-host.sh diff --git a/lib/scripts/remove-host.sh b/scripts/remove-host.sh similarity index 100% rename from lib/scripts/remove-host.sh rename to scripts/remove-host.sh diff --git a/lib/scripts/update-keys.sh b/scripts/update-keys.sh similarity index 100% rename from lib/scripts/update-keys.sh rename to scripts/update-keys.sh diff --git a/lib/scripts/update.sh b/scripts/update.sh similarity index 100% rename from lib/scripts/update.sh rename to scripts/update.sh diff --git a/submodules/lib b/submodules/lib new file mode 160000 index 0000000..00d04c7 --- /dev/null +++ b/submodules/lib @@ -0,0 +1 @@ +Subproject commit 00d04c73f6ab7635d05586447fc350491c25989b diff --git a/submodules/sas b/submodules/sas index 954fc8c..5ff6864 160000 --- a/submodules/sas +++ b/submodules/sas @@ -1 +1 @@ -Subproject commit 954fc8c375876169d0549548b0fdf905d3ebe06b +Subproject commit 5ff6864ab10b9cdf3262c97aa670dcf42374278f