thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

style: format tree

Browse Source
This commit is contained in:
nhnn
2025-06-18 19:53:44 +03:00
parent ed990906bd
commit 86233cac27
44 changed files with 2523 additions and 2253 deletions
Download Patch File Download Diff File Expand all files Collapse all files

258
flake.nix
View File

@@ -2,148 +2,156 @@
description = "SelfPrivacy NixOS configuration flake";
inputs = {
nixpkgs.url = github:nixos/nixpkgs;
nixos-unstable.url = github:nixos/nixpkgs/nixos-unstable;
nixpkgs.url = "github:nixos/nixpkgs";
nixos-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
selfprivacy-api.url =
git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git;
selfprivacy-api.url = "git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git";
# make selfprivacy-api use the same shared nixpkgs
selfprivacy-api.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, nixos-unstable, selfprivacy-api }: {
nixosConfigurations-fun =
{ hardware-configuration
, deployment
, userdata
, top-level-flake
, sp-modules
}:
{
default = nixpkgs.lib.nixosSystem {
modules = [
hardware-configuration
deployment
./configuration.nix
./auth/auth.nix
{
nixpkgs.overlays = [
(
_final: prev:
{
outputs =
{
self,
nixpkgs,
nixos-unstable,
selfprivacy-api,
}:
{
nixosConfigurations-fun =
{
hardware-configuration,
deployment,
userdata,
top-level-flake,
sp-modules,
}:
{
default = nixpkgs.lib.nixosSystem {
modules =
[
hardware-configuration
deployment
./configuration.nix
./auth/auth.nix
{
nixpkgs.overlays = [
(_final: prev: {
inherit (nixos-unstable.legacyPackages.${prev.system})
kanidm
kanidm-provision
;
}
})
];
disabledModules = [ "services/security/kanidm.nix" ];
imports = [ ./auth/kanidm.nix ];
}
selfprivacy-api.nixosModules.default
(
{ pkgs, lib, ... }:
{
environment.etc =
(lib.attrsets.mapAttrs' (name: sp-module: {
name = "sp-modules/${name}";
value.text = import ./lib/meta.nix { inherit pkgs sp-module; };
}) sp-modules)
// {
suggested-sp-modules.text = builtins.toJSON (builtins.attrNames (builtins.readDir ./sp-modules));
};
}
)
];
disabledModules = [ "services/security/kanidm.nix" ];
imports = [ ./auth/kanidm.nix ];
}
selfprivacy-api.nixosModules.default
({ pkgs, lib, ... }: {
environment.etc = (lib.attrsets.mapAttrs'
(name: sp-module: {
name = "sp-modules/${name}";
value.text = import ./lib/meta.nix { inherit pkgs sp-module; };
})
sp-modules) // {
suggested-sp-modules.text = builtins.toJSON (builtins.attrNames (builtins.readDir ./sp-modules));
};
})
(
let
deepFilter = ref: attrset:
builtins.foldl'
(acc: key:
if builtins.hasAttr key ref then
let
value = attrset.${key};
refValue = ref.${key};
in
acc // {
${key} =
if builtins.isAttrs value && builtins.isAttrs refValue then
deepFilter refValue value
else
value;
}
else
acc
)
{ }
(builtins.attrNames attrset);
in
{ options, ... }: {
# pass userdata (parsed from JSON) options to selfprivacy module
selfprivacy = deepFilter options.selfprivacy userdata;
(
let
deepFilter =
ref: attrset:
builtins.foldl' (
acc: key:
if builtins.hasAttr key ref then
let
value = attrset.${key};
refValue = ref.${key};
in
acc
// {
${key} =
if builtins.isAttrs value && builtins.isAttrs refValue then deepFilter refValue value else value;
}
else
acc
) { } (builtins.attrNames attrset);
in
{ options, ... }:
{
# pass userdata (parsed from JSON) options to selfprivacy module
selfprivacy = deepFilter options.selfprivacy userdata;
# embed top-level flake source folder into the build
environment.etc."selfprivacy/nixos-config-source".source =
top-level-flake;
# embed top-level flake source folder into the build
environment.etc."selfprivacy/nixos-config-source".source = top-level-flake;
# for running "nix search nixpkgs", "nix shell nixpkgs#PKG... etc
nix.registry.nixpkgs.flake = nixpkgs;
# for running "nix search nixpkgs", "nix shell nixpkgs#PKG... etc
nix.registry.nixpkgs.flake = nixpkgs;
# embed commit sha1 for `nixos-version --configuration-revision`
system.configurationRevision = self.rev
or "@${self.lastModifiedDate}"; # for development
# TODO assertion to forbid dirty builds caused by top-level-flake
# embed commit sha1 for `nixos-version --configuration-revision`
system.configurationRevision = self.rev or "@${self.lastModifiedDate}"; # for development
# TODO assertion to forbid dirty builds caused by top-level-flake
# reset contents of /etc/nixos to match running NixOS generation
system.activationScripts.selfprivacy-nixos-config-source = ''
rm -rf /etc/nixos/{*,.[!.]*}
cp -r --no-preserve=all ${top-level-flake}/ -T /etc/nixos/
'';
}
)
]
++
# add SP modules, but constrain available config attributes for each
# (TODO revise evaluation performance of the code below)
nixpkgs.lib.attrsets.mapAttrsToList
(name: sp-module: args@{ config, pkgs, ... }:
let
lib = nixpkgs.lib;
configPathsNeeded = sp-module.configPathsNeeded or
(abort "allowed config paths not set for module \"${name}\"");
constrainConfigArgs = args'@{ pkgs, ... }: args' // {
config =
# TODO use lib.attrsets.mergeAttrsList from nixpkgs 23.05
(builtins.foldl' lib.attrsets.recursiveUpdate { }
(map
(p: lib.attrsets.setAttrByPath p
(lib.attrsets.getAttrFromPath p config))
configPathsNeeded
)
);
};
constrainImportsArgsRecursive = lib.attrsets.mapAttrsRecursive
(p: v:
# reset contents of /etc/nixos to match running NixOS generation
system.activationScripts.selfprivacy-nixos-config-source = ''
rm -rf /etc/nixos/{*,.[!.]*}
cp -r --no-preserve=all ${top-level-flake}/ -T /etc/nixos/
'';
}
)
]
++
# add SP modules, but constrain available config attributes for each
# (TODO revise evaluation performance of the code below)
nixpkgs.lib.attrsets.mapAttrsToList (
name: sp-module:
args@{ config, pkgs, ... }:
let
lib = nixpkgs.lib;
configPathsNeeded =
sp-module.configPathsNeeded or (abort "allowed config paths not set for module \"${name}\"");
constrainConfigArgs =
args'@{ pkgs, ... }:
args'
// {
config =
# TODO use lib.attrsets.mergeAttrsList from nixpkgs 23.05
(
builtins.foldl' lib.attrsets.recursiveUpdate { } (
map (p: lib.attrsets.setAttrByPath p (lib.attrsets.getAttrFromPath p config)) configPathsNeeded
)
);
};
constrainImportsArgsRecursive = lib.attrsets.mapAttrsRecursive (
p: v:
# TODO traverse only imports and imports of imports, etc
# without traversing all attributes
if lib.lists.last p == "imports"
then
map
(m:
(args'@{ pkgs, ... }: constrainImportsArgsRecursive
(if builtins.isPath m
then import m (constrainConfigArgs args')
if lib.lists.last p == "imports" then
map (
m:
(
args'@{ pkgs, ... }:
constrainImportsArgsRecursive (
if builtins.isPath m then
import m (constrainConfigArgs args')
else if builtins.isFunction m then
m (constrainConfigArgs args')
else
if builtins.isFunction m
then m (constrainConfigArgs args')
else m))
m
)
)
v
else v);
in
constrainImportsArgsRecursive
(sp-module.nixosModules.default (constrainConfigArgs args))
)
sp-modules;
) v
else
v
);
in
constrainImportsArgsRecursive (sp-module.nixosModules.default (constrainConfigArgs args))
) sp-modules;
};
};
};
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
};
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
};
}