diff options
Diffstat (limited to 'ops')
| -rw-r--r-- | ops/journaldriver/default.nix | 10 | ||||
| -rw-r--r-- | ops/kms_pass.nix | 4 | ||||
| -rw-r--r-- | ops/kontemplate/default.nix | 4 | ||||
| -rw-r--r-- | ops/mq_cli/default.nix | 4 | ||||
| -rw-r--r-- | ops/nixos/camden/default.nix | 23 | ||||
| -rw-r--r-- | ops/nixos/default.nix | 12 | ||||
| -rw-r--r-- | ops/nixos/nugget/default.nix | 23 | ||||
| -rw-r--r-- | ops/posix_mq.rs/default.nix | 4 | ||||
| -rw-r--r-- | ops/sync-gcsr/default.nix | 6 |
9 files changed, 44 insertions, 46 deletions
diff --git a/ops/journaldriver/default.nix b/ops/journaldriver/default.nix index 2df5e58fc8df..cc274094a962 100644 --- a/ops/journaldriver/default.nix +++ b/ops/journaldriver/default.nix @@ -1,9 +1,11 @@ -{ pkgs, ... }: +{ depot, ... }: -pkgs.third_party.naersk.buildPackage { +with depot.third_party; + +naersk.buildPackage { src = ./.; - buildInputs = with pkgs.third_party; [ - pkgconfig openssl systemd.dev + buildInputs = [ + pkgconfig openssl systemd.dev ]; } diff --git a/ops/kms_pass.nix b/ops/kms_pass.nix index b8a97d1332f8..2399559b4da8 100644 --- a/ops/kms_pass.nix +++ b/ops/kms_pass.nix @@ -6,9 +6,9 @@ # # Only the 'show' and 'insert' commands are supported. -{ pkgs, kms, ... }: +{ depot, kms, ... }: -let inherit (pkgs.third_party) google-cloud-sdk tree writeShellScriptBin; +let inherit (depot.third_party) google-cloud-sdk tree writeShellScriptBin; in (writeShellScriptBin "pass" '' set -eo pipefail diff --git a/ops/kontemplate/default.nix b/ops/kontemplate/default.nix index 8a56bba7fe88..9085f31c304b 100644 --- a/ops/kontemplate/default.nix +++ b/ops/kontemplate/default.nix @@ -10,9 +10,9 @@ # This file is the Nix derivation used to install Kontemplate on # Nix-based systems. -{ pkgs, ... }: +{ depot, ... }: -with pkgs.third_party; buildGoPackage rec { +with depot.third_party; buildGoPackage rec { name = "kontemplate-${version}"; version = "master"; src = ./.; diff --git a/ops/mq_cli/default.nix b/ops/mq_cli/default.nix index 190a05c80577..6b0e32009a66 100644 --- a/ops/mq_cli/default.nix +++ b/ops/mq_cli/default.nix @@ -1,3 +1,3 @@ -{ pkgs, ... }: +{ depot, ... }: -pkgs.third_party.naersk.buildPackage ./. +depot.third_party.naersk.buildPackage ./. diff --git a/ops/nixos/camden/default.nix b/ops/nixos/camden/default.nix index 7c9c2a4c598d..e60385e8fe08 100644 --- a/ops/nixos/camden/default.nix +++ b/ops/nixos/camden/default.nix @@ -1,12 +1,11 @@ # This file configures camden.tazj.in, my homeserver. - -{ pkgs, lib, ... }: +{ depot, lib, ... }: config: let - nixpkgs = import pkgs.third_party.nixpkgsSrc { + nixpkgs = import depot.third_party.nixpkgsSrc { config.allowUnfree = true; }; -in pkgs.lib.fix(self: { +in lib.fix(self: { imports = [ ../modules/tailscale.nix ]; # camden is intended to boot unattended, despite having an encrypted @@ -64,7 +63,7 @@ in pkgs.lib.fix(self: { nixPath = [ "depot=/home/tazjin/depot" - "nixpkgs=${pkgs.third_party.nixpkgsSrc}" + "nixpkgs=${depot.third_party.nixpkgsSrc}" ]; trustedUsers = [ "root" "tazjin" ]; @@ -87,7 +86,7 @@ in pkgs.lib.fix(self: { environment.systemPackages = # programs from the depot - (with pkgs; [ + (with depot; [ third_party.git third_party.tailscale third_party.pounce @@ -129,8 +128,8 @@ in pkgs.lib.fix(self: { services.tailscale = { enable = true; relayConf = "/etc/tailscale.conf"; - package = pkgs.third_party.tailscale; - aclFile = pkgs.nix.tailscale { + package = depot.third_party.tailscale; + aclFile = depot.nix.tailscale { ACLs = [ # Allow any traffic from myself { @@ -145,7 +144,7 @@ in pkgs.lib.fix(self: { # Run cgit for the depot. The onion here is nginx(thttpd(cgit)). systemd.services.cgit = { wantedBy = [ "multi-user.target" ]; - script = "${pkgs.web.cgit-taz}/bin/cgit-launch"; + script = "${depot.web.cgit-taz}/bin/cgit-launch"; serviceConfig = { Restart = "on-failure"; @@ -202,18 +201,18 @@ in pkgs.lib.fix(self: { serverAliases = [ "camden.tazj.in" ]; default = true; useACMEHost = "tazj.in"; - root = pkgs.web.homepage; + root = depot.web.homepage; addSSL = true; extraConfig = '' - ${pkgs.web.blog.oldRedirects} + ${depot.web.blog.oldRedirects} location ~* \.(webp|woff2)$ { add_header Cache-Control "public, max-age=31536000"; } location /blog/ { - alias ${pkgs.web.blog.rendered}/; + alias ${depot.web.blog.rendered}/; if ($request_uri ~ ^/(.*)\.html$) { return 302 /$1; diff --git a/ops/nixos/default.nix b/ops/nixos/default.nix index 0182d9bd09d3..040bfeb6e23e 100644 --- a/ops/nixos/default.nix +++ b/ops/nixos/default.nix @@ -1,17 +1,15 @@ -# TODO(tazjin): rename 'pkgs' -> 'depot'? -{ pkgs, ... }: +{ depot, lib, ... }: let - inherit (pkgs) lib; inherit (builtins) foldl'; - systemFor = configs: (pkgs.third_party.nixos { + systemFor = configs: (depot.third_party.nixos { configuration = lib.fix(config: foldl' lib.recursiveUpdate {} (map (c: c config) configs) ); }).system; - rebuilder = pkgs.third_party.writeShellScriptBin "rebuilder" '' + rebuilder = depot.third_party.writeShellScriptBin "rebuilder" '' set -ue if [[ $EUID -ne 0 ]]; then echo "Oh no! Only root is allowed to rebuild the system!" >&2 @@ -39,6 +37,6 @@ let in { inherit rebuilder; - nuggetSystem = systemFor [ pkgs.ops.nixos.nugget ]; - camdenSystem = systemFor [ pkgs.ops.nixos.camden ]; + nuggetSystem = systemFor [ depot.ops.nixos.nugget ]; + camdenSystem = systemFor [ depot.ops.nixos.camden ]; } diff --git a/ops/nixos/nugget/default.nix b/ops/nixos/nugget/default.nix index 4bc88d277b76..877f7d4948e9 100644 --- a/ops/nixos/nugget/default.nix +++ b/ops/nixos/nugget/default.nix @@ -1,14 +1,13 @@ # This file configures nugget, my home desktop machine. - -{ pkgs, lib, ... }: +{ depot, lib, ... }: config: let - nixpkgs = import pkgs.third_party.nixpkgsSrc { + nixpkgs = import depot.third_party.nixpkgsSrc { config.allowUnfree = true; }; - lieer = (pkgs.third_party.lieer {}); -in pkgs.lib.fix(self: { + lieer = (depot.third_party.lieer {}); +in depot.lib.fix(self: { imports = [ ../modules/tailscale.nix ]; @@ -39,7 +38,7 @@ in pkgs.lib.fix(self: { nix = { nixPath = [ "depot=/home/tazjin/depot" - "nixpkgs=${pkgs.third_party.nixpkgsSrc}" + "nixpkgs=${depot.third_party.nixpkgsSrc}" ]; }; @@ -79,8 +78,8 @@ in pkgs.lib.fix(self: { # Generate an immutable /etc/resolv.conf from the nameserver settings # above (otherwise DHCP overwrites it): - environment.etc."resolv.conf" = with lib; with pkgs; { - source = writeText "resolv.conf" '' + environment.etc."resolv.conf" = with lib; { + source = depot.third_party.writeText "resolv.conf" '' ${concatStringsSep "\n" (map (ns: "nameserver ${ns}") self.networking.nameservers)} options edns0 ''; @@ -90,7 +89,7 @@ in pkgs.lib.fix(self: { environment.systemPackages = # programs from the depot - (with pkgs; [ + (with depot; [ lieer ops.kontemplate third_party.git @@ -217,9 +216,9 @@ in pkgs.lib.fix(self: { lightdm.greeters.gtk.clock-format = "%H·%M"; }; - windowManager.session = pkgs.lib.singleton { + windowManager.session = lib.singleton { name = "exwm"; - start = "${pkgs.tools.emacs}/bin/tazjins-emacs"; + start = "${depot.tools.emacs}/bin/tazjins-emacs"; }; }; @@ -251,7 +250,7 @@ in pkgs.lib.fix(self: { enable = true; relayConf = "/etc/tailscale/relay.conf"; aclFile = null; # allow all traffic for testing - package = pkgs.third_party.tailscale; + package = depot.third_party.tailscale; }; # ... and other nonsense. diff --git a/ops/posix_mq.rs/default.nix b/ops/posix_mq.rs/default.nix index 190a05c80577..6b0e32009a66 100644 --- a/ops/posix_mq.rs/default.nix +++ b/ops/posix_mq.rs/default.nix @@ -1,3 +1,3 @@ -{ pkgs, ... }: +{ depot, ... }: -pkgs.third_party.naersk.buildPackage ./. +depot.third_party.naersk.buildPackage ./. diff --git a/ops/sync-gcsr/default.nix b/ops/sync-gcsr/default.nix index ae88b34124dc..ea5d0594a871 100644 --- a/ops/sync-gcsr/default.nix +++ b/ops/sync-gcsr/default.nix @@ -1,10 +1,10 @@ -{ pkgs, ... }: +{ depot, ... }: -pkgs.buildGo.program { +depot.nix.buildGo.program { name = "sync-gcsr"; srcs = [ ./main.go ]; - deps = with pkgs.third_party; map (p: p.gopkg) [ + deps = with depot.third_party; map (p: p.gopkg) [ gopkgs."gopkg.in".src-d.go-git ]; |