From 681a64ae71f701c80dbccde4985dd9c8ab65f031 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20B=C3=B6hme?= Date: Sun, 13 Apr 2025 13:55:05 +0200 Subject: [PATCH 1/6] Update vars via generator remotebuild for machine moritz-server --- .../remotebuild/ssh.id_ed25519.pub/value | 1 + .../ssh.id_ed25519/machines/moritz-server | 1 + .../remotebuild/ssh.id_ed25519/secret | 19 +++++++++++++++++++ .../remotebuild/ssh.id_ed25519/users/moritz | 1 + 4 files changed, 22 insertions(+) create mode 100644 vars/per-machine/moritz-server/remotebuild/ssh.id_ed25519.pub/value create mode 120000 vars/per-machine/moritz-server/remotebuild/ssh.id_ed25519/machines/moritz-server create mode 100644 vars/per-machine/moritz-server/remotebuild/ssh.id_ed25519/secret create mode 120000 vars/per-machine/moritz-server/remotebuild/ssh.id_ed25519/users/moritz diff --git a/vars/per-machine/moritz-server/remotebuild/ssh.id_ed25519.pub/value b/vars/per-machine/moritz-server/remotebuild/ssh.id_ed25519.pub/value new file mode 100644 index 0000000..636c340 --- /dev/null +++ b/vars/per-machine/moritz-server/remotebuild/ssh.id_ed25519.pub/value @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDoIlWeeBd62kg2zTnzV2XONAEOh4FOsj0txaV9D3+gJ nixbld@moritz-desktop diff --git a/vars/per-machine/moritz-server/remotebuild/ssh.id_ed25519/machines/moritz-server b/vars/per-machine/moritz-server/remotebuild/ssh.id_ed25519/machines/moritz-server new file mode 120000 index 0000000..f18ca49 --- /dev/null +++ b/vars/per-machine/moritz-server/remotebuild/ssh.id_ed25519/machines/moritz-server @@ -0,0 +1 @@ +../../../../../../sops/machines/moritz-server \ No newline at end of file diff --git a/vars/per-machine/moritz-server/remotebuild/ssh.id_ed25519/secret b/vars/per-machine/moritz-server/remotebuild/ssh.id_ed25519/secret new file mode 100644 index 0000000..cc21b51 --- /dev/null +++ b/vars/per-machine/moritz-server/remotebuild/ssh.id_ed25519/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:c/p7rMTgcaLzy9E6OZ+P1ASsiKLGYs1sZcX4vzTImusI/SVnyW/8F+EftXQxpz3+TaKAKfQMzIQSqf5v8xzt2T/zYsugU7l5UJRPnAshuEO1KjMsZ3q0CGOtbxCCjRxBcmvZiSuD1Cwwn8mzMFucs8obPnhBCNgfWOsLBrpyUWnZf1ENTUmnZxZZlgWnlfF1N7pvWlRWFiFsUCtTgHKH4cenTmrLLszrswTP0CF5u88/ViWalbrqEXnmpbn33IVfb42JOhsB85Ne0FbpkhKOMN4B8ATefCMMEAjsyXdgVTd3RrcKa2Pk4PRLTx2L/hT9p/Da5eefAwzwRkMlywrHIB5vH4bifNJF5VKQ+5/Xwm1imAjk42L+vMz2j6MaUEwd/70WXqvjC7l8bcQejrcC4AsF7twx5hF0IG2DCykr/fyWQTgPSXKMUfmRfh9jcQABCh5uSfKdxWXcUqSwxMplZPCAO/vhdxmbpr47prvigu1n/H2NVqURPsRIi7y/o9a8sEauh/GRQI3E3maIyTBcKcNXO1jT3L+a97lV,iv:8vcecC0Hugfb8GdO3qy/WR25xdpgiMMepz+9pvN3sq4=,tag:ldsVNqmkQXxKNJaUOgEOTA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age12jlzcjwwhtgws4ku4nemwknsps3a6um74kdpxfv9pzvgdlhufp8q08c0j7", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYa2VoYVVNZXlrYlRyWEIv\nZVNtTFRHNmFFeHp6YktKbXdIK2t1SjlndzIwCmx2UkJVbUc0RHJvNVo0Z1VMZ21l\nd0hxVW5LZW9EOC8ySHUwN2ExSUk1djQKLS0tIFA2ZWFqSnhDOThaUm0vRVZKWjJm\neEZDbXFybmE2ZStWMTFGbkxWaFhqN1UK0cQRTC3bnJOOhElqpT1SEZNoBVKtruwX\nbZRNTPgikUvHCuTe3kfj46qLNOuxo2s3g7rK585mvY0dgAm+DD8xYQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1wwlwwv9gscl9z6k59z6pp8hcay7vehvqp6y5f85pjyd9seqe8s0q5dkmr4", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVc3pCQnFITmNoKzlLcG1D\ndm55b2Z6T3F6Z25JNHBzMnhma3lnMHVpNm53ClR1OHhoN3B2NEE1ZGlMTldRK0JR\nWUx6bXg4ck00S21KTjNpUDYvOUMzTkUKLS0tIElySStXK3N6Rk1sSnRGT0xNWDEy\nOHJwek9qek1aU2NWMkk0UVkxUktadjAKRCrIuQxWsWPl7Lr7y1EQNcY8Kuai+65H\nx+suJmtmeD08369hw8kZBubpABcMdlPbGVlCquxP9vrlYlw2DR70gA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-04-13T11:55:05Z", + "mac": "ENC[AES256_GCM,data:nMfo8tuyMtw33sxFKIEy0HxQlu/1fAyv/aecsT+LAFrtlT0QDqc9VDEXZGtjNCZc1OC8mO8aEHv7R+Jw3LNTr0I3YxxWcI9MjVJt9VrQpTsOGK/aXa/KW7FkRn4cFAKfAzD9t5rY9LNffUzG+bzElLndGNAfV5DK95Mf0HK3nWA=,iv:vJsJtiRID0Ucq0qNfrJeyYzQXU1ApYPlsIXPphoqF3k=,tag:J11YXHgawyUcuH62Ox8Qxg==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.1" + } +} diff --git a/vars/per-machine/moritz-server/remotebuild/ssh.id_ed25519/users/moritz b/vars/per-machine/moritz-server/remotebuild/ssh.id_ed25519/users/moritz new file mode 120000 index 0000000..1b45802 --- /dev/null +++ b/vars/per-machine/moritz-server/remotebuild/ssh.id_ed25519/users/moritz @@ -0,0 +1 @@ +../../../../../../sops/users/moritz \ No newline at end of file From 20952f4c824af072f34be429e33fabf73c827f0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20B=C3=B6hme?= Date: Sun, 13 Apr 2025 13:55:12 +0200 Subject: [PATCH 2/6] Update vars via generator remotebuild for machine moritz-desktop --- .../remotebuild/ssh.id_ed25519.pub/value | 1 + .../ssh.id_ed25519/machines/moritz-desktop | 1 + .../remotebuild/ssh.id_ed25519/secret | 19 +++++++++++++++++++ .../remotebuild/ssh.id_ed25519/users/moritz | 1 + 4 files changed, 22 insertions(+) create mode 100644 vars/per-machine/moritz-desktop/remotebuild/ssh.id_ed25519.pub/value create mode 120000 vars/per-machine/moritz-desktop/remotebuild/ssh.id_ed25519/machines/moritz-desktop create mode 100644 vars/per-machine/moritz-desktop/remotebuild/ssh.id_ed25519/secret create mode 120000 vars/per-machine/moritz-desktop/remotebuild/ssh.id_ed25519/users/moritz diff --git a/vars/per-machine/moritz-desktop/remotebuild/ssh.id_ed25519.pub/value b/vars/per-machine/moritz-desktop/remotebuild/ssh.id_ed25519.pub/value new file mode 100644 index 0000000..1db9e4f --- /dev/null +++ b/vars/per-machine/moritz-desktop/remotebuild/ssh.id_ed25519.pub/value @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJq4+ag8BxUWbu52EkT3qorn6mqxdq4t/JhYdCNdSd/m nixbld@moritz-desktop diff --git a/vars/per-machine/moritz-desktop/remotebuild/ssh.id_ed25519/machines/moritz-desktop b/vars/per-machine/moritz-desktop/remotebuild/ssh.id_ed25519/machines/moritz-desktop new file mode 120000 index 0000000..32315cc --- /dev/null +++ b/vars/per-machine/moritz-desktop/remotebuild/ssh.id_ed25519/machines/moritz-desktop @@ -0,0 +1 @@ +../../../../../../sops/machines/moritz-desktop \ No newline at end of file diff --git a/vars/per-machine/moritz-desktop/remotebuild/ssh.id_ed25519/secret b/vars/per-machine/moritz-desktop/remotebuild/ssh.id_ed25519/secret new file mode 100644 index 0000000..ab6e797 --- /dev/null +++ b/vars/per-machine/moritz-desktop/remotebuild/ssh.id_ed25519/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:sf2EdpZgP2Go44wOQ92yOFnRtL3DsXxwncdgjPnu1KFP4f6GQvvOq6oaa/fgyHsKxYXj965O3H+jXr2EHmLzTvRwjDjWNlw7nlL9Cc5wKOKWPK0SXuNAp0LGX2/yI9LAP64oHgkI9w65S+VcwSgUbw73WLFo89ArIJT4iYVjXl5LInxHPujS/djsRdUL55owYD8t0wfpkD/ic482zA69zCKjXaaXXaLKlpo/XSgYyVcz1hBtFRhzCpGwBO3wUUfVsMJqjGla79FPTyC899Y+SCjNSKv9BXaWKNpLmAbJBJkwGdxHeDaEhC89tdGO+LeJSNnyucqvUjT3hY0930eqjSWm8XL64RILhVo1GhSOWqNmf4DjrmvqKtFMv9XdU8FbnESrFTfHp/ofNwWLEpceFcUxS26MtvHMuxQH0yHFiJUCUbSTvHDFBTS6rvaMZRbA8c4/J9D0YlDyMPF1ZjMqjsMOIUyCYf3bcCTavQql9GB3/rcKrmdPFbe23f9F42OhbW4VNcCmW6wXJ5fOGDFyY40r/+lS6NGt++4S,iv:GK61dGHFCIS03pMSXi3TNO4aCfwMUwi5XWGUaKNd4C4=,tag:9DTZnn3tE1LR8rcoH8AHFQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age12jlzcjwwhtgws4ku4nemwknsps3a6um74kdpxfv9pzvgdlhufp8q08c0j7", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVTmg2d09nTUt2c1E0bGFh\nNGZTeUJ5UW5uUUZEQXZNZWQ0alRxQUxJWFU0Cm9FMUlxejlUS0J4WWNWKzBWQUJG\ndHYzQm14NDU1ZDdoNFdxOEU5TlBjejAKLS0tIEJ3ZXZIYUdNUzJ6RGRiMUs2cnlT\nYk5ZVUNUUytHSkFJQm9vSm9Pai95dHMKPVRW5oAmB8OaEN1nMAfpQdVDacpbxst0\nHb3U4B97DEUBljPz6iDGlMSxLqDDoeNFUKuzenmtiTe1gCgNeEiDRg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age13u2jaly7xxpehmh0r9573gzrh5ffcstfx7u7py57lrugm09nxqeqx5w265", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtUjgwMWtKa3EvN3NpVWdh\naXd3LytRRXBGRzl0aUxEcjNEUnl3UCtMcVdBCjcrTWovR2NkQWNmK212SWZDNCtW\nUFhEdHhkR3U4RmdkOGNzUkM1ZE9TMUUKLS0tIERFdHJ6WlMxdzMvbitkMUpERlRi\nVngzMXZ0Z2V4VjQzSnNlNjA5WkQrVWsKTwXDYvz41DYLXyXMdSCfUp5Wo+/vC/5T\nCdfury5aL0gKUV8fW+xPDlbZ8EP2RKUByX79kT5jdDBStzykCQZmrA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-04-13T11:55:07Z", + "mac": "ENC[AES256_GCM,data:byFPVRtOx4Lb2xL4VX4DYJTX/duqa9ks2FjXCYql37+fqW998HSQdYTZjFOaqfmRETnIjAfTIRdVMReZKN5OkQztU0Viw700T/1eg0kk/hvHbwQ/mehMMlBjHjALyAXnpYQ5gwYKZLeDrqfmrSUz3e8EeTvy827RhiCkDu5L/dU=,iv:RevARNSjV1p1zYVYt/Gc+US8GBw4BV7cThVrwCiJihQ=,tag:dWxM/EVypx25MJ/V+gW+1Q==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.1" + } +} diff --git a/vars/per-machine/moritz-desktop/remotebuild/ssh.id_ed25519/users/moritz b/vars/per-machine/moritz-desktop/remotebuild/ssh.id_ed25519/users/moritz new file mode 120000 index 0000000..1b45802 --- /dev/null +++ b/vars/per-machine/moritz-desktop/remotebuild/ssh.id_ed25519/users/moritz @@ -0,0 +1 @@ +../../../../../../sops/users/moritz \ No newline at end of file From 2995d7f50428425582c840477e31535e54db6ca4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20B=C3=B6hme?= Date: Sun, 13 Apr 2025 14:04:25 +0200 Subject: [PATCH 3/6] feat: use seperate keys for remotebuild auth --- modules/remote_builders.nix | 38 ++++++++++++++++++++++++++++--------- 1 file changed, 29 insertions(+), 9 deletions(-) diff --git a/modules/remote_builders.nix b/modules/remote_builders.nix index a07ec02..60f8374 100644 --- a/modules/remote_builders.nix +++ b/modules/remote_builders.nix @@ -1,8 +1,8 @@ { - config, - clan-core, - self, lib, + config, + pkgs, + self, ... }: @@ -22,6 +22,8 @@ let others = filterAttrs (n: v: n != config.networking.hostName) self.nixosConfigurations; + max = a: b: if a > b then a else b; + mkBuilder = hostName: attrs: let @@ -40,7 +42,7 @@ let protocol = "ssh-ng"; # default is 1 but may keep the builder idle in between builds maxJobs = 3; - speedFactor = cfg'.speedFactor - (cfg.speedFactor) + 1; + speedFactor = max (cfg'.speedFactor - cfg.speedFactor + 1) 1; supportedFeatures = cfg'.supportedFeatures; mandatoryFeatures = [ ]; }; @@ -48,8 +50,16 @@ let buildMachines = mapAttrsToList mkBuilder others; remotebuildKeys = mapAttrsToList ( - _name: attrs: attrs.config.clan.core.vars.generators.openssh.files."ssh.id_ed25519.pub".value + _name: attrs: attrs.config.clan.core.vars.generators.remotebuild.files."ssh.id_ed25519.pub".value ) others; + + mkMatch = host: + '' + Match User remotebuild Host ${host} + IdentityFile ${config.clan.core.vars.generators.remotebuild.files."ssh.id_ed25519".path} + ''; + othersName = attrNames others; + sshConfig = concatLines (map mkMatch othersName); in { options.our.buildMachines = { @@ -88,10 +98,20 @@ in users.groups.remotebuild = { }; - programs.ssh.extraConfig = '' - Match User remotebuild - IdentityFile ${config.clan.core.vars.generators.openssh.files."ssh.id_ed25519".path} - ''; + clan.core.vars.generators.remotebuild = { + files."ssh.id_ed25519" = { }; + files."ssh.id_ed25519.pub".secret = false; + runtimeInputs = [ + pkgs.coreutils + pkgs.openssh + ]; + script = '' + ssh-keygen -t ed25519 -N "" -f "$out"/ssh.id_ed25519 + ''; + }; + + programs.ssh.extraConfig = sshConfig; + nix = { buildMachines = buildMachines; # required, otherwise remote buildMachines above aren't used From 960d0244bc04e26abd8c0577e530d27ed87da7fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20B=C3=B6hme?= Date: Sun, 13 Apr 2025 14:05:16 +0200 Subject: [PATCH 4/6] feat(fish): add command to pick up completions in nix shells --- modules/moritz/programs/fish.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/modules/moritz/programs/fish.nix b/modules/moritz/programs/fish.nix index d96f9b0..026452f 100644 --- a/modules/moritz/programs/fish.nix +++ b/modules/moritz/programs/fish.nix @@ -29,6 +29,15 @@ in programs = { fish = { enable = true; + plugins = [{ + name = "fish-completion-sync"; + src = pkgs.fetchFromGitHub { + owner = "pfgray"; + repo = "fish-completion-sync"; + rev = "ba70b6457228af520751eab48430b1b995e3e0e2"; + sha256 = "sha256-JdOLsZZ1VFRv7zA2i/QEZ1eovOym/Wccn0SJyhiP9hI="; + }; + }]; shellAbbrs = shellConfig.abbreviations; shellAliases = shellConfig.aliases; shellInit = /* fish */ '' From fa98060dcfeaac94487765029bdcae92d16a804a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20B=C3=B6hme?= Date: Sun, 13 Apr 2025 17:19:30 +0200 Subject: [PATCH 5/6] feat: add pre-commit hooks --- alejandra.toml | 3 ++ flake.lock | 112 ++++++++++++++++++++++++++++++++++++++++--------- flake.nix | 14 ++++++- 3 files changed, 108 insertions(+), 21 deletions(-) create mode 100644 alejandra.toml diff --git a/alejandra.toml b/alejandra.toml new file mode 100644 index 0000000..868dd0b --- /dev/null +++ b/alejandra.toml @@ -0,0 +1,3 @@ +# (experimental) Configuration options for Alejandra + +indentation = "TwoSpaces" # Or: FourSpaces, Tabs diff --git a/flake.lock b/flake.lock index 4dec1b6..f671351 100644 --- a/flake.lock +++ b/flake.lock @@ -176,6 +176,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1733328505, @@ -191,7 +207,7 @@ "type": "github" } }, - "flake-compat_2": { + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1696426674, @@ -207,7 +223,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1696426674, @@ -344,8 +360,8 @@ }, "git-hooks": { "inputs": { - "flake-compat": "flake-compat_2", - "gitignore": "gitignore", + "flake-compat": "flake-compat_3", + "gitignore": "gitignore_2", "nixpkgs": [ "neovim-nightly-overlay", "nixpkgs" @@ -365,7 +381,48 @@ "type": "github" } }, + "git-hooks-nix": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "gitignore": { + "inputs": { + "nixpkgs": [ + "git-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { "inputs": { "nixpkgs": [ "neovim-nightly-overlay", @@ -387,7 +444,7 @@ "type": "github" } }, - "gitignore_2": { + "gitignore_3": { "inputs": { "nixpkgs": [ "pre-commit-hooks", @@ -496,7 +553,7 @@ "jovian": { "inputs": { "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1744436521, @@ -551,12 +608,12 @@ }, "neovim-nightly-overlay": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "flake-parts": "flake-parts_2", "git-hooks": "git-hooks", "hercules-ci-effects": "hercules-ci-effects", "neovim-src": "neovim-src", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "treefmt-nix": "treefmt-nix_2" }, "locked": { @@ -777,6 +834,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1730768919, + "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1743583204, "narHash": "sha256-F7n4+KOIfWrwoQjXrL2wD9RhFYLs2/GGe/MQY1sSdlE=", @@ -792,7 +865,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1744316434, "narHash": "sha256-lzFCg/1C39pyY2hMB2gcuHV79ozpOz/Vu15hdjiFOfI=", @@ -808,7 +881,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1744442362, "narHash": "sha256-i47t4DRIZgwBZw2Osbrp1OJhhO1k/n+QzRx+TrmfE9Y=", @@ -824,7 +897,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1744232761, "narHash": "sha256-gbl9hE39nQRpZaLjhWKmEu5ejtQsgI5TWYrIVVJn30U=", @@ -840,7 +913,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1730768919, "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=", @@ -856,7 +929,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1692934111, "narHash": "sha256-9EEE59v/esKNMR5zKbLRV9NoRPYvERw5jHQOnfr47bk=", @@ -899,7 +972,7 @@ "nur": { "inputs": { "flake-parts": "flake-parts_4", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "treefmt-nix": "treefmt-nix_3" }, "locked": { @@ -941,9 +1014,9 @@ }, "pre-commit-hooks": { "inputs": { - "flake-compat": "flake-compat_3", - "gitignore": "gitignore_2", - "nixpkgs": "nixpkgs_6" + "flake-compat": "flake-compat_4", + "gitignore": "gitignore_3", + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1742649964, @@ -966,6 +1039,7 @@ "clan-core": "clan-core", "filetags": "filetags", "flake-parts": "flake-parts", + "git-hooks-nix": "git-hooks-nix", "home-manager": "home-manager", "impermanence": "impermanence", "jovian": "jovian", @@ -974,7 +1048,7 @@ "niri": "niri", "nix-index-database": "nix-index-database", "nix-monitored": "nix-monitored", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nixvim": "nixvim", "nur": "nur", "pre-commit-hooks": "pre-commit-hooks", @@ -1099,7 +1173,7 @@ "timers": { "inputs": { "naersk": "naersk", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "utils": "utils" }, "locked": { diff --git a/flake.nix b/flake.nix index f467b2f..03cbc53 100644 --- a/flake.nix +++ b/flake.nix @@ -8,11 +8,11 @@ # New flake-parts input flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; + git-hooks-nix.url = "github:cachix/git-hooks.nix"; clan-core = { url = "git+https://git.clan.lol/clan/clan-core"; inputs.nixpkgs.follows = "nixpkgs"; # Needed if your configuration uses nixpkgs unstable. - # New inputs.flake-parts.follows = "flake-parts"; }; @@ -66,11 +66,21 @@ # import clan-core modules imports = [ inputs.clan-core.flakeModules.default + inputs.git-hooks-nix.flakeModule ]; + perSystem = { config, inputs', pkgs, ... }: { devShells.default = pkgs.mkShell { - packages = [ inputs'.clan-core.packages.clan-cli ]; + packages = [ inputs'.clan-core.packages.clan-cli pkgs.alejandra ]; + }; + pre-commit.settings.hooks = { + alejandra.enable = true; + check-merge-conflicts.enable = true; + flake-checker.enable = true; + deadnix.enable = true; + nil.enable = true; + statix.enable = true; }; }; From 8b60ded69d16d8c7befdf6ee0bed92389c74939e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20B=C3=B6hme?= Date: Sun, 13 Apr 2025 17:22:08 +0200 Subject: [PATCH 6/6] feat: open port for calibre --- machines/moritz-desktop/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/machines/moritz-desktop/configuration.nix b/machines/moritz-desktop/configuration.nix index fbf0d0c..0ff6902 100644 --- a/machines/moritz-desktop/configuration.nix +++ b/machines/moritz-desktop/configuration.nix @@ -53,6 +53,8 @@ stable.calibre # NOTE: breaks often in unstable ]; + networking.firewall.allowedTCPPorts = [9090]; + home-manager.users.moritz.services.kanshi.settings = [ { profile.name = "default";