refactor(ops/nixos): Ensure that pkgs == depot.third_party.nixpkgs
This is currently done ad-hoc in a bunch of our systems, but we should just do it centrally. The commit message is a bit of a lie, as this doesn't yet update grfn's systems. Change-Id: Ic771c1a1da78ec5de9cffbf94c296dce5e11fd84 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3047 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
This commit is contained in:
		
							parent
							
								
									d485ebf01a
								
							
						
					
					
						commit
						5f19e8e6a7
					
				
					 4 changed files with 22 additions and 42 deletions
				
			
		|  | @ -8,6 +8,13 @@ in rec { | ||||||
|     _module.args = { |     _module.args = { | ||||||
|       inherit (args) depot; |       inherit (args) depot; | ||||||
|     }; |     }; | ||||||
|  | 
 | ||||||
|  |     # Ensure that pkgs == third_party.nix | ||||||
|  |     nixpkgs.pkgs = depot.third_party.nixpkgs; | ||||||
|  |     nix.nixPath = [ | ||||||
|  |       "nixos=${pkgs.path}" | ||||||
|  |       "nixpath=${pkgs.path}" | ||||||
|  |     ]; | ||||||
|   }; |   }; | ||||||
| 
 | 
 | ||||||
|   nixosFor = configuration: (depot.third_party.nixos { |   nixosFor = configuration: (depot.third_party.nixos { | ||||||
|  |  | ||||||
|  | @ -2,10 +2,6 @@ | ||||||
| { depot, pkgs, lib, ... }: | { depot, pkgs, lib, ... }: | ||||||
| 
 | 
 | ||||||
| config: let | config: let | ||||||
|   nixpkgs = import pkgs.path { |  | ||||||
|     config.allowUnfree = true; |  | ||||||
|   }; |  | ||||||
| 
 |  | ||||||
|   nginxRedirect = { from, to, acmeHost }: { |   nginxRedirect = { from, to, acmeHost }: { | ||||||
|     serverName = from; |     serverName = from; | ||||||
|     useACMEHost = acmeHost; |     useACMEHost = acmeHost; | ||||||
|  | @ -83,11 +79,6 @@ in lib.fix(self: { | ||||||
|   nix = { |   nix = { | ||||||
|     maxJobs = lib.mkDefault 4; |     maxJobs = lib.mkDefault 4; | ||||||
| 
 | 
 | ||||||
|     nixPath = [ |  | ||||||
|       "depot=/home/tazjin/depot" |  | ||||||
|       "nixpkgs=${pkgs.path}" |  | ||||||
|     ]; |  | ||||||
| 
 |  | ||||||
|     trustedUsers = [ "root" "tazjin" ]; |     trustedUsers = [ "root" "tazjin" ]; | ||||||
| 
 | 
 | ||||||
|     binaryCaches = [ |     binaryCaches = [ | ||||||
|  | @ -98,7 +89,6 @@ in lib.fix(self: { | ||||||
|       "tazjin.cachix.org-1:IZkgLeqfOr1kAZjypItHMg1NoBjm4zX9Zzep8oRSh7U=" |       "tazjin.cachix.org-1:IZkgLeqfOr1kAZjypItHMg1NoBjm4zX9Zzep8oRSh7U=" | ||||||
|     ]; |     ]; | ||||||
|   }; |   }; | ||||||
|   nixpkgs.pkgs = nixpkgs; |  | ||||||
| 
 | 
 | ||||||
|   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; |   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; | ||||||
| 
 | 
 | ||||||
|  | @ -122,7 +112,7 @@ in lib.fix(self: { | ||||||
|   programs.mosh.enable = true; |   programs.mosh.enable = true; | ||||||
| 
 | 
 | ||||||
|   fonts = { |   fonts = { | ||||||
|     fonts = [ nixpkgs.jetbrains-mono ]; |     fonts = [ pkgs.jetbrains-mono ]; | ||||||
|     fontconfig.defaultFonts.monospace = [ "JetBrains Mono" ]; |     fontconfig.defaultFonts.monospace = [ "JetBrains Mono" ]; | ||||||
|   }; |   }; | ||||||
| 
 | 
 | ||||||
|  | @ -134,7 +124,7 @@ in lib.fix(self: { | ||||||
|     ]) ++ |     ]) ++ | ||||||
| 
 | 
 | ||||||
|     # programs from nixpkgs |     # programs from nixpkgs | ||||||
|     (with nixpkgs; [ |     (with pkgs; [ | ||||||
|       bat |       bat | ||||||
|       curl |       curl | ||||||
|       direnv |       direnv | ||||||
|  | @ -158,7 +148,7 @@ in lib.fix(self: { | ||||||
|       isNormalUser = true; |       isNormalUser = true; | ||||||
|       uid = 1000; |       uid = 1000; | ||||||
|       extraGroups = [ "git" "wheel" "quassel" "video" ]; |       extraGroups = [ "git" "wheel" "quassel" "video" ]; | ||||||
|       shell = nixpkgs.fish; |       shell = pkgs.fish; | ||||||
|     }; |     }; | ||||||
| 
 | 
 | ||||||
|     # Set up a user & group for general git shenanigans |     # Set up a user & group for general git shenanigans | ||||||
|  | @ -183,7 +173,7 @@ in lib.fix(self: { | ||||||
|   # anymore, all solution attempts have failed, so here's a |   # anymore, all solution attempts have failed, so here's a | ||||||
|   # brute-force fix. |   # brute-force fix. | ||||||
|   systemd.services.fix-nginx = { |   systemd.services.fix-nginx = { | ||||||
|     script = "${nixpkgs.coreutils}/bin/chown -R nginx: /var/spool/nginx /var/cache/nginx"; |     script = "${pkgs.coreutils}/bin/chown -R nginx: /var/spool/nginx /var/cache/nginx"; | ||||||
| 
 | 
 | ||||||
|     serviceConfig = { |     serviceConfig = { | ||||||
|       User = "root"; |       User = "root"; | ||||||
|  | @ -253,7 +243,7 @@ in lib.fix(self: { | ||||||
|   services.nginx = { |   services.nginx = { | ||||||
|     enable = true; |     enable = true; | ||||||
|     enableReload = true; |     enableReload = true; | ||||||
|     package = with nixpkgs; nginx.override { |     package = with pkgs; nginx.override { | ||||||
|       modules = [ nginxModules.rtmp ]; |       modules = [ nginxModules.rtmp ]; | ||||||
|     }; |     }; | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -61,17 +61,10 @@ in lib.fix(self: { | ||||||
| 
 | 
 | ||||||
|   nix = { |   nix = { | ||||||
|     maxJobs = 48; |     maxJobs = 48; | ||||||
|     nixPath = [ |  | ||||||
|       "depot=/depot" |  | ||||||
|       "nixpkgs=${pkgs.path}" |  | ||||||
|     ]; |  | ||||||
| 
 |  | ||||||
|     binaryCaches = ["ssh://nix-ssh@whitby.tvl.fyi"]; |     binaryCaches = ["ssh://nix-ssh@whitby.tvl.fyi"]; | ||||||
|     binaryCachePublicKeys = ["cache.tvl.fyi:fd+9d1ceCPvDX/xVhcfv8nAa6njEhAGAEe+oGJDEeoc="]; |     binaryCachePublicKeys = ["cache.tvl.fyi:fd+9d1ceCPvDX/xVhcfv8nAa6njEhAGAEe+oGJDEeoc="]; | ||||||
|   }; |   }; | ||||||
| 
 | 
 | ||||||
|   nixpkgs.pkgs = pkgs; |  | ||||||
| 
 |  | ||||||
|   networking = { |   networking = { | ||||||
|     hostName = "frog"; |     hostName = "frog"; | ||||||
|     useDHCP = true; |     useDHCP = true; | ||||||
|  |  | ||||||
|  | @ -1,10 +1,6 @@ | ||||||
| { depot, lib, pkgs, ... }: | { depot, lib, pkgs, ... }: | ||||||
| 
 | 
 | ||||||
| config: let | config: let | ||||||
|   nixpkgs = import pkgs.path { |  | ||||||
|     config.allowUnfree = true; |  | ||||||
|   }; |  | ||||||
| 
 |  | ||||||
|   quasselClient = pkgs.quassel.override { |   quasselClient = pkgs.quassel.override { | ||||||
|     client = true; |     client = true; | ||||||
|     enableDaemon = false; |     enableDaemon = false; | ||||||
|  | @ -14,24 +10,18 @@ config: let | ||||||
|   # Use a screen lock command that resets the keyboard layout |   # Use a screen lock command that resets the keyboard layout | ||||||
|   # before locking, to avoid locking me out when the layout is |   # before locking, to avoid locking me out when the layout is | ||||||
|   # in Russian. |   # in Russian. | ||||||
|   screenLock = nixpkgs.writeShellScriptBin "tazjin-screen-lock" '' |   screenLock = pkgs.writeShellScriptBin "tazjin-screen-lock" '' | ||||||
|     ${nixpkgs.xorg.setxkbmap}/bin/setxkbmap us |     ${pkgs.xorg.setxkbmap}/bin/setxkbmap us | ||||||
|     ${nixpkgs.xorg.setxkbmap}/bin/setxkbmap -option caps:super |     ${pkgs.xorg.setxkbmap}/bin/setxkbmap -option caps:super | ||||||
|     exec ${nixpkgs.xsecurelock}/bin/xsecurelock |     exec ${pkgs.xsecurelock}/bin/xsecurelock | ||||||
|   ''; |   ''; | ||||||
| in lib.fix(self: { | in lib.fix(self: { | ||||||
|   imports = [ |   imports = [ | ||||||
|     "${depot.third_party.impermanence}/nixos.nix" |     "${depot.third_party.impermanence}/nixos.nix" | ||||||
|     "${nixpkgs.home-manager.src}/nixos" |     "${pkgs.home-manager.src}/nixos" | ||||||
|   ]; |   ]; | ||||||
| 
 | 
 | ||||||
|   nix = { |   nix = { | ||||||
|     nixPath = lib.mkForce [ |  | ||||||
|       "nixpkgs=${pkgs.path}" |  | ||||||
|       "nixos=${pkgs.path}" |  | ||||||
|       "depot=/depot" |  | ||||||
|     ]; |  | ||||||
| 
 |  | ||||||
|     binaryCachePublicKeys = [ |     binaryCachePublicKeys = [ | ||||||
|       "cache.tvl.su:kjc6KOMupXc1vHVufJUoDUYeLzbwSr9abcAKdn/U1Jk=" |       "cache.tvl.su:kjc6KOMupXc1vHVufJUoDUYeLzbwSr9abcAKdn/U1Jk=" | ||||||
|     ]; |     ]; | ||||||
|  | @ -52,7 +42,7 @@ in lib.fix(self: { | ||||||
| 
 | 
 | ||||||
|     kernelModules = [ "kvm-amd" "i2c_dev" ]; |     kernelModules = [ "kvm-amd" "i2c_dev" ]; | ||||||
|     extraModulePackages = [ ]; |     extraModulePackages = [ ]; | ||||||
|     kernelPackages = nixpkgs.linuxPackages_latest; |     kernelPackages = pkgs.linuxPackages_latest; | ||||||
|     loader.systemd-boot.enable = true; |     loader.systemd-boot.enable = true; | ||||||
|     loader.efi.canTouchEfiVariables = true; |     loader.efi.canTouchEfiVariables = true; | ||||||
|   }; |   }; | ||||||
|  | @ -118,7 +108,7 @@ in lib.fix(self: { | ||||||
|   }; |   }; | ||||||
| 
 | 
 | ||||||
|   fonts = { |   fonts = { | ||||||
|     fonts = with nixpkgs; [ |     fonts = with pkgs; [ | ||||||
|       corefonts |       corefonts | ||||||
|       dejavu_fonts |       dejavu_fonts | ||||||
|       jetbrains-mono |       jetbrains-mono | ||||||
|  | @ -178,7 +168,7 @@ in lib.fix(self: { | ||||||
| 
 | 
 | ||||||
|       displayManager = { |       displayManager = { | ||||||
|         # Give EXWM permission to control the session. |         # Give EXWM permission to control the session. | ||||||
|         sessionCommands = "${nixpkgs.xorg.xhost}/bin/xhost +SI:localuser:$USER"; |         sessionCommands = "${pkgs.xorg.xhost}/bin/xhost +SI:localuser:$USER"; | ||||||
|         lightdm.enable = true; |         lightdm.enable = true; | ||||||
|         # lightdm.greeters.gtk.clock-format = "%H:%M"; # TODO(tazjin): TZ? |         # lightdm.greeters.gtk.clock-format = "%H:%M"; # TODO(tazjin): TZ? | ||||||
|       }; |       }; | ||||||
|  | @ -203,7 +193,7 @@ in lib.fix(self: { | ||||||
|     createHome = true; |     createHome = true; | ||||||
|     extraGroups = [ "wheel" "networkmanager" "video" ]; |     extraGroups = [ "wheel" "networkmanager" "video" ]; | ||||||
|     uid = 1000; |     uid = 1000; | ||||||
|     shell = nixpkgs.fish; |     shell = pkgs.fish; | ||||||
|     initialHashedPassword = "$6$d3FywUNCuZnJ4l.$ZW2ul59MLYon1v1xhC3lTJZfZ91lWW6Tpi13MpME0cJcYZNrsx7ABdgQRn.K05awruG2Y9ARAzURnmiJ31WTS1"; |     initialHashedPassword = "$6$d3FywUNCuZnJ4l.$ZW2ul59MLYon1v1xhC3lTJZfZ91lWW6Tpi13MpME0cJcYZNrsx7ABdgQRn.K05awruG2Y9ARAzURnmiJ31WTS1"; | ||||||
|   }; |   }; | ||||||
| 
 | 
 | ||||||
|  | @ -227,7 +217,7 @@ in lib.fix(self: { | ||||||
|     ]) ++ |     ]) ++ | ||||||
| 
 | 
 | ||||||
|     # programs from nixpkgs |     # programs from nixpkgs | ||||||
|     (with nixpkgs; [ |     (with pkgs; [ | ||||||
|       bat |       bat | ||||||
|       chromium |       chromium | ||||||
|       curl |       curl | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue