Ivan Malison
504ec1a105
Consolidates container builds from colonelpanic-org-agenda-api repo: - Add org-agenda-api input to nixos flake - Add container-colonelpanic and container-kat package outputs - Add org-agenda-api cachix as substituter - Add org-agenda-api devShell for deployment work New org-agenda-api directory contains: - container.nix: Container build logic using mkContainer - configs/: Instance configs (custom-config.el, fly.toml, secrets) - deploy.sh: Fly.io deployment script - secrets.nix: agenix secret declarations Build with: nix build .#container-colonelpanic Deploy with: cd org-agenda-api && ./deploy.sh colonelpanic Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
398 lines
12 KiB
Nix
398 lines
12 KiB
Nix
{
|
|
inputs = {
|
|
nixpkgs = {
|
|
url = "github:NixOS/nixpkgs/nixos-unstable";
|
|
};
|
|
|
|
flake-utils = {
|
|
url = "github:numtide/flake-utils";
|
|
inputs.systems.follows = "systems";
|
|
};
|
|
|
|
systems = {url = "github:nix-systems/default";};
|
|
|
|
git-ignore-nix = {
|
|
url = "github:hercules-ci/gitignore.nix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
home-manager = {
|
|
url = "github:nix-community/home-manager/master";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
nixos-hardware = {url = "github:colonelpanic8/nixos-hardware/my-master";};
|
|
|
|
nixos-wsl = {url = "github:nix-community/NixOS-WSL";};
|
|
|
|
agenix = {url = "github:ryantm/agenix";};
|
|
|
|
org-agenda-api = {
|
|
url = "github:colonelpanic8/org-agenda-api";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
# Hyprland and plugins from official flakes for proper plugin compatibility
|
|
hyprland = {
|
|
url = "git+https://github.com/hyprwm/Hyprland?submodules=1&ref=refs/tags/v0.53.0";
|
|
};
|
|
|
|
hy3 = {
|
|
url = "github:outfoxxed/hy3?ref=hl0.53.0";
|
|
inputs.hyprland.follows = "hyprland";
|
|
};
|
|
|
|
railbird-secrets = {
|
|
url = "git+ssh://gitea@dev.railbird.ai:1123/railbird/secrets-flake.git";
|
|
};
|
|
# railbird-secrets = {
|
|
# url = "git+ssh://gitea@dev.railbird.ai:1123/railbird/secrets-flake.git";
|
|
# };
|
|
|
|
xmonad = {
|
|
url = "github:xmonad/xmonad";
|
|
inputs = {
|
|
nixpkgs.follows = "nixpkgs";
|
|
flake-utils.follows = "flake-utils";
|
|
git-ignore-nix.follows = "git-ignore-nix";
|
|
};
|
|
};
|
|
|
|
xmonad-contrib = {
|
|
url = "github:IvanMalison/xmonad-contrib/withMyChanges";
|
|
inputs = {
|
|
nixpkgs.follows = "nixpkgs";
|
|
flake-utils.follows = "flake-utils";
|
|
git-ignore-nix.follows = "git-ignore-nix";
|
|
xmonad.follows = "xmonad";
|
|
};
|
|
};
|
|
|
|
taffybar = {
|
|
url = "github:taffybar/taffybar/old-master";
|
|
inputs = {
|
|
nixpkgs.follows = "nixpkgs";
|
|
};
|
|
};
|
|
|
|
imalison-taffybar = {
|
|
url = "path:../dotfiles/config/taffybar";
|
|
# inputs = {
|
|
# nixpkgs.follows = "nixpkgs";
|
|
# flake-utils.follows = "flake-utils";
|
|
# xmonad.follows = "xmonad";
|
|
# taffybar.follows = "taffybar";
|
|
# };
|
|
};
|
|
|
|
notifications-tray-icon = {
|
|
url = "github:IvanMalison/notifications-tray-icon";
|
|
inputs.flake-utils.follows = "flake-utils";
|
|
inputs.git-ignore-nix.follows = "git-ignore-nix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
gtk-sni-tray = {
|
|
url = "github:taffybar/gtk-sni-tray";
|
|
inputs = {
|
|
nixpkgs.follows = "nixpkgs";
|
|
flake-utils.follows = "flake-utils";
|
|
git-ignore-nix.follows = "git-ignore-nix";
|
|
status-notifier-item.follows = "status-notifier-item";
|
|
};
|
|
};
|
|
|
|
status-notifier-item = {
|
|
url = "github:taffybar/status-notifier-item";
|
|
inputs = {
|
|
nixpkgs.follows = "nixpkgs";
|
|
flake-utils.follows = "flake-utils";
|
|
git-ignore-nix.follows = "git-ignore-nix";
|
|
};
|
|
};
|
|
|
|
gtk-strut = {
|
|
url = "github:taffybar/gtk-strut";
|
|
inputs = {
|
|
nixpkgs.follows = "nixpkgs";
|
|
flake-utils.follows = "flake-utils";
|
|
git-ignore-nix.follows = "git-ignore-nix";
|
|
};
|
|
};
|
|
|
|
vscode-server.url = "github:nix-community/nixos-vscode-server";
|
|
|
|
nixified-ai = {url = "github:nixified-ai/flake";};
|
|
|
|
nixtheplanet.url = "github:matthewcroughan/nixtheplanet";
|
|
|
|
};
|
|
|
|
outputs = inputs @ {
|
|
self,
|
|
nixpkgs,
|
|
nixos-hardware,
|
|
home-manager,
|
|
taffybar,
|
|
xmonad,
|
|
nixtheplanet,
|
|
xmonad-contrib,
|
|
notifications-tray-icon,
|
|
nix,
|
|
agenix,
|
|
imalison-taffybar,
|
|
hyprland,
|
|
hy3,
|
|
org-agenda-api,
|
|
flake-utils,
|
|
...
|
|
}: let
|
|
# Nixpkgs PR patches - just specify PR number and hash
|
|
nixpkgsPRPatches = [
|
|
{
|
|
pr = 434160; # git-sync-rs package
|
|
hash = "sha256-0j0IcyHd7rE+MXc0SHu8UixW7Jbtzu1NnzSjEVeZmTA=";
|
|
}
|
|
# claude-code
|
|
# {
|
|
# pr = 464698;
|
|
# hash = "sha256-Pe9G6b/rI0874mM7FIOSEKiaubk95NcFhTQ7paAeLTU=";
|
|
# }
|
|
# {
|
|
# pr = 464816;
|
|
# hash = "sha256-bKEoRy4dzP5TyRBjYskwEzr7tj8/ez/Y1XHiQgu5q5I=";
|
|
# }
|
|
];
|
|
|
|
# Custom patches that don't fit the PR template
|
|
nixpkgsCustomPatches = [
|
|
];
|
|
|
|
# Home-manager PR patches - just specify PR number and hash
|
|
homeManagerPRPatches = [
|
|
# Example:
|
|
# {
|
|
# pr = 1234;
|
|
# hash = "sha256-...";
|
|
# }
|
|
];
|
|
|
|
# Custom home-manager patches that don't fit the PR template
|
|
homeManagerCustomPatches = [
|
|
{
|
|
url = "https://github.com/colonelpanic8/home-manager/commit/92f4b7aa5254f8bcddc9ef86e04ea5314410d10b.patch";
|
|
hash = "sha256-RQl5daVpCqQi05l9QfTEz2PpQxmsv/HYnXrgXbqbwWk=";
|
|
}
|
|
];
|
|
|
|
# Convert PR patches to full patch format for nixpkgs
|
|
nixpkgsPrPatchesToPatches = prPatches:
|
|
map (p: {
|
|
url = "https://patch-diff.githubusercontent.com/raw/NixOS/nixpkgs/pull/${toString p.pr}.patch";
|
|
hash = p.hash;
|
|
})
|
|
prPatches;
|
|
|
|
# Convert PR patches to full patch format for home-manager
|
|
homeManagerPrPatchesToPatches = prPatches:
|
|
map (p: {
|
|
url = "https://patch-diff.githubusercontent.com/raw/nix-community/home-manager/pull/${toString p.pr}.patch";
|
|
hash = p.hash;
|
|
})
|
|
prPatches;
|
|
|
|
# Combine all nixpkgs patches
|
|
allNixpkgsPatches = (nixpkgsPrPatchesToPatches nixpkgsPRPatches) ++ nixpkgsCustomPatches;
|
|
|
|
# Combine all home-manager patches
|
|
allHomeManagerPatches = (homeManagerPrPatchesToPatches homeManagerPRPatches) ++ homeManagerCustomPatches;
|
|
|
|
machinesFilepath = ./machines;
|
|
machineFilenames = builtins.attrNames (builtins.readDir machinesFilepath);
|
|
machineNameFromFilename = filename: builtins.head (builtins.split "\\." filename);
|
|
machineNames = map machineNameFromFilename machineFilenames;
|
|
mkConfigurationParams = filename: {
|
|
name = machineNameFromFilename filename;
|
|
value = {
|
|
baseModules = [
|
|
(machinesFilepath + ("/" + filename))
|
|
agenix.nixosModules.default
|
|
nixtheplanet.nixosModules.macos-ventura
|
|
];
|
|
};
|
|
};
|
|
defaultConfigurationParams =
|
|
builtins.listToAttrs (map mkConfigurationParams machineFilenames);
|
|
customParams = {
|
|
biskcomp = {
|
|
system = "aarch64-linux";
|
|
};
|
|
air-gapped-pi = {
|
|
system = "aarch64-linux";
|
|
};
|
|
};
|
|
mkConfig = {
|
|
system ? "x86_64-linux",
|
|
baseModules ? [],
|
|
modules ? [],
|
|
specialArgs ? {},
|
|
...
|
|
}: let
|
|
# Bootstrap nixpkgs for this specific system
|
|
bootstrapPkgs = import nixpkgs {
|
|
inherit system;
|
|
config = {};
|
|
overlays = [];
|
|
};
|
|
# Apply patches to nixpkgs source
|
|
patchedSource = bootstrapPkgs.applyPatches {
|
|
name = "nixpkgs-patched";
|
|
src = nixpkgs;
|
|
patches = map bootstrapPkgs.fetchpatch allNixpkgsPatches;
|
|
prePatch = ''
|
|
mkdir -p pkgs/by-name/an/antigravity
|
|
'';
|
|
};
|
|
# Get eval-config from patched source
|
|
evalConfig = import "${patchedSource}/nixos/lib/eval-config.nix";
|
|
# Apply patches to home-manager source (only if there are patches)
|
|
patchedHomeManagerSource =
|
|
if allHomeManagerPatches == []
|
|
then home-manager
|
|
else
|
|
bootstrapPkgs.applyPatches {
|
|
name = "home-manager-patched";
|
|
src = home-manager;
|
|
patches = map bootstrapPkgs.fetchpatch allHomeManagerPatches;
|
|
};
|
|
# Import the patched home-manager flake
|
|
patchedHomeManager =
|
|
if allHomeManagerPatches == []
|
|
then home-manager
|
|
else import "${patchedHomeManagerSource}/flake.nix";
|
|
# Get the NixOS module from the patched source
|
|
patchedHomeManagerModule =
|
|
if allHomeManagerPatches == []
|
|
then home-manager.nixosModules.home-manager
|
|
else import "${patchedHomeManagerSource}/nixos";
|
|
# Create a modified inputs with patched home-manager
|
|
patchedInputs = inputs // {
|
|
home-manager = inputs.home-manager // {
|
|
nixosModules = inputs.home-manager.nixosModules // {
|
|
home-manager = patchedHomeManagerModule;
|
|
};
|
|
# Also provide the patched source path for any direct imports
|
|
outPath = patchedHomeManagerSource.outPath or "${patchedHomeManagerSource}";
|
|
};
|
|
};
|
|
in
|
|
evalConfig {
|
|
inherit system;
|
|
modules = baseModules ++ modules;
|
|
specialArgs =
|
|
rec {
|
|
inputs = patchedInputs;
|
|
inherit machineNames;
|
|
makeEnable = (import ./make-enable.nix) nixpkgs.lib;
|
|
keys = import ./keys.nix;
|
|
usersInfo = (import ./users.nix) {
|
|
pkgs = {zsh = "zsh";};
|
|
inherit keys system;
|
|
inputs = patchedInputs;
|
|
};
|
|
realUsers = (
|
|
builtins.attrNames
|
|
(nixpkgs.lib.filterAttrs
|
|
(_: value: (builtins.elem "isNormalUser" (builtins.attrNames value)) && value.isNormalUser)
|
|
usersInfo.users.users)
|
|
);
|
|
mapAllKeysToValue = keys: value: builtins.listToAttrs (map (name: {inherit name value;}) keys);
|
|
forEachUser = mapAllKeysToValue realUsers;
|
|
}
|
|
// specialArgs;
|
|
};
|
|
in {
|
|
nixConfig = {
|
|
substituters = [
|
|
"https://cache.nixos.org/"
|
|
];
|
|
trusted-public-keys = [
|
|
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
|
];
|
|
extra-substituters = [
|
|
"http://192.168.1.26:5050"
|
|
"https://cache.flox.dev"
|
|
"https://org-agenda-api.cachix.org"
|
|
];
|
|
extra-trusted-public-keys = [
|
|
"1896Folsom.duckdns.org:U2FTjvP95qwAJo0oGpvmUChJCgi5zQoG1YisoI08Qoo="
|
|
"flox-cache-public-1:7F4OyH7ZCnFhcze3fJdfyXYLQw/aV7GEed86nQ7IsOs="
|
|
"org-agenda-api.cachix.org-1:liKFemKkOLV/rJt2txDNcpDjRsqLuBneBjkSw/UVXKA="
|
|
];
|
|
};
|
|
nixosConfigurations =
|
|
builtins.mapAttrs (
|
|
machineName: params: let
|
|
machineParams =
|
|
if builtins.hasAttr machineName customParams
|
|
then (builtins.getAttr machineName customParams)
|
|
else {};
|
|
in
|
|
mkConfig (params // machineParams)
|
|
)
|
|
defaultConfigurationParams;
|
|
} // flake-utils.lib.eachDefaultSystem (system:
|
|
let
|
|
pkgs = import nixpkgs { inherit system; };
|
|
|
|
# Get short revs for tagging
|
|
orgApiRev = builtins.substring 0 7 (org-agenda-api.rev or "unknown");
|
|
dotfilesRev = builtins.substring 0 7 (self.rev or self.dirtyRev or "dirty");
|
|
|
|
# Get tangled config files from org-agenda-api.nix
|
|
dotfilesOrgApi = import ./org-agenda-api.nix {
|
|
inherit pkgs system;
|
|
inherit inputs;
|
|
};
|
|
tangledConfig = dotfilesOrgApi.org-agenda-custom-config;
|
|
|
|
# Import container build logic
|
|
containerLib = import ../org-agenda-api/container.nix {
|
|
inherit pkgs system tangledConfig org-agenda-api orgApiRev dotfilesRev;
|
|
};
|
|
in {
|
|
packages = {
|
|
container-colonelpanic = containerLib.containers.colonelpanic;
|
|
container-kat = containerLib.containers.kat;
|
|
# Default container
|
|
container = containerLib.containers.colonelpanic;
|
|
};
|
|
|
|
# Dev shell for org-agenda-api deployment
|
|
devShells.org-agenda-api = pkgs.mkShell {
|
|
buildInputs = [
|
|
pkgs.flyctl
|
|
agenix.packages.${system}.default
|
|
pkgs.age
|
|
pkgs.ssh-to-age
|
|
pkgs.git
|
|
pkgs.jq
|
|
pkgs.just
|
|
pkgs.curl
|
|
];
|
|
shellHook = ''
|
|
echo ""
|
|
echo "org-agenda-api deployment shell"
|
|
echo ""
|
|
echo "Commands:"
|
|
echo " just --list - Show available API commands"
|
|
echo " ./deploy.sh <instance> - Deploy to Fly.io (colonelpanic or kat)"
|
|
echo " flyctl - Fly.io CLI"
|
|
echo " agenix -e <file> - Edit encrypted secrets"
|
|
echo ""
|
|
'';
|
|
};
|
|
}
|
|
);
|
|
}
|