From 5f19e8e6a73f7d76fa4bb62036891e824b64b515 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Mon, 19 Apr 2021 23:58:11 +0200
Subject: refactor(ops/nixos): Ensure that pkgs == depot.third_party.nixpkgs

This is currently done ad-hoc in a bunch of our systems, but we should
just do it centrally.

The commit message is a bit of a lie, as this doesn't yet update
grfn's systems.

Change-Id: Ic771c1a1da78ec5de9cffbf94c296dce5e11fd84
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3047
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
---
 users/tazjin/nixos/camden/default.nix   | 20 +++++---------------
 users/tazjin/nixos/frog/default.nix     |  7 -------
 users/tazjin/nixos/tverskoy/default.nix | 30 ++++++++++--------------------
 3 files changed, 15 insertions(+), 42 deletions(-)

(limited to 'users/tazjin')

diff --git a/users/tazjin/nixos/camden/default.nix b/users/tazjin/nixos/camden/default.nix
index eae359ccec1b..ec72377f4a6e 100644
--- a/users/tazjin/nixos/camden/default.nix
+++ b/users/tazjin/nixos/camden/default.nix
@@ -2,10 +2,6 @@
 { depot, pkgs, lib, ... }:
 
 config: let
-  nixpkgs = import pkgs.path {
-    config.allowUnfree = true;
-  };
-
   nginxRedirect = { from, to, acmeHost }: {
     serverName = from;
     useACMEHost = acmeHost;
@@ -83,11 +79,6 @@ in lib.fix(self: {
   nix = {
     maxJobs = lib.mkDefault 4;
 
-    nixPath = [
-      "depot=/home/tazjin/depot"
-      "nixpkgs=${pkgs.path}"
-    ];
-
     trustedUsers = [ "root" "tazjin" ];
 
     binaryCaches = [
@@ -98,7 +89,6 @@ in lib.fix(self: {
       "tazjin.cachix.org-1:IZkgLeqfOr1kAZjypItHMg1NoBjm4zX9Zzep8oRSh7U="
     ];
   };
-  nixpkgs.pkgs = nixpkgs;
 
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
 
@@ -122,7 +112,7 @@ in lib.fix(self: {
   programs.mosh.enable = true;
 
   fonts = {
-    fonts = [ nixpkgs.jetbrains-mono ];
+    fonts = [ pkgs.jetbrains-mono ];
     fontconfig.defaultFonts.monospace = [ "JetBrains Mono" ];
   };
 
@@ -134,7 +124,7 @@ in lib.fix(self: {
     ]) ++
 
     # programs from nixpkgs
-    (with nixpkgs; [
+    (with pkgs; [
       bat
       curl
       direnv
@@ -158,7 +148,7 @@ in lib.fix(self: {
       isNormalUser = true;
       uid = 1000;
       extraGroups = [ "git" "wheel" "quassel" "video" ];
-      shell = nixpkgs.fish;
+      shell = pkgs.fish;
     };
 
     # Set up a user & group for general git shenanigans
@@ -183,7 +173,7 @@ in lib.fix(self: {
   # anymore, all solution attempts have failed, so here's a
   # brute-force fix.
   systemd.services.fix-nginx = {
-    script = "${nixpkgs.coreutils}/bin/chown -R nginx: /var/spool/nginx /var/cache/nginx";
+    script = "${pkgs.coreutils}/bin/chown -R nginx: /var/spool/nginx /var/cache/nginx";
 
     serviceConfig = {
       User = "root";
@@ -253,7 +243,7 @@ in lib.fix(self: {
   services.nginx = {
     enable = true;
     enableReload = true;
-    package = with nixpkgs; nginx.override {
+    package = with pkgs; nginx.override {
       modules = [ nginxModules.rtmp ];
     };
 
diff --git a/users/tazjin/nixos/frog/default.nix b/users/tazjin/nixos/frog/default.nix
index 05df8caab515..896c7e8c9772 100644
--- a/users/tazjin/nixos/frog/default.nix
+++ b/users/tazjin/nixos/frog/default.nix
@@ -61,17 +61,10 @@ in lib.fix(self: {
 
   nix = {
     maxJobs = 48;
-    nixPath = [
-      "depot=/depot"
-      "nixpkgs=${pkgs.path}"
-    ];
-
     binaryCaches = ["ssh://nix-ssh@whitby.tvl.fyi"];
     binaryCachePublicKeys = ["cache.tvl.fyi:fd+9d1ceCPvDX/xVhcfv8nAa6njEhAGAEe+oGJDEeoc="];
   };
 
-  nixpkgs.pkgs = pkgs;
-
   networking = {
     hostName = "frog";
     useDHCP = true;
diff --git a/users/tazjin/nixos/tverskoy/default.nix b/users/tazjin/nixos/tverskoy/default.nix
index b6b639ec717e..8e4593a2ad37 100644
--- a/users/tazjin/nixos/tverskoy/default.nix
+++ b/users/tazjin/nixos/tverskoy/default.nix
@@ -1,10 +1,6 @@
 { depot, lib, pkgs, ... }:
 
 config: let
-  nixpkgs = import pkgs.path {
-    config.allowUnfree = true;
-  };
-
   quasselClient = pkgs.quassel.override {
     client = true;
     enableDaemon = false;
@@ -14,24 +10,18 @@ config: let
   # Use a screen lock command that resets the keyboard layout
   # before locking, to avoid locking me out when the layout is
   # in Russian.
-  screenLock = nixpkgs.writeShellScriptBin "tazjin-screen-lock" ''
-    ${nixpkgs.xorg.setxkbmap}/bin/setxkbmap us
-    ${nixpkgs.xorg.setxkbmap}/bin/setxkbmap -option caps:super
-    exec ${nixpkgs.xsecurelock}/bin/xsecurelock
+  screenLock = pkgs.writeShellScriptBin "tazjin-screen-lock" ''
+    ${pkgs.xorg.setxkbmap}/bin/setxkbmap us
+    ${pkgs.xorg.setxkbmap}/bin/setxkbmap -option caps:super
+    exec ${pkgs.xsecurelock}/bin/xsecurelock
   '';
 in lib.fix(self: {
   imports = [
     "${depot.third_party.impermanence}/nixos.nix"
-    "${nixpkgs.home-manager.src}/nixos"
+    "${pkgs.home-manager.src}/nixos"
   ];
 
   nix = {
-    nixPath = lib.mkForce [
-      "nixpkgs=${pkgs.path}"
-      "nixos=${pkgs.path}"
-      "depot=/depot"
-    ];
-
     binaryCachePublicKeys = [
       "cache.tvl.su:kjc6KOMupXc1vHVufJUoDUYeLzbwSr9abcAKdn/U1Jk="
     ];
@@ -52,7 +42,7 @@ in lib.fix(self: {
 
     kernelModules = [ "kvm-amd" "i2c_dev" ];
     extraModulePackages = [ ];
-    kernelPackages = nixpkgs.linuxPackages_latest;
+    kernelPackages = pkgs.linuxPackages_latest;
     loader.systemd-boot.enable = true;
     loader.efi.canTouchEfiVariables = true;
   };
@@ -118,7 +108,7 @@ in lib.fix(self: {
   };
 
   fonts = {
-    fonts = with nixpkgs; [
+    fonts = with pkgs; [
       corefonts
       dejavu_fonts
       jetbrains-mono
@@ -178,7 +168,7 @@ in lib.fix(self: {
 
       displayManager = {
         # Give EXWM permission to control the session.
-        sessionCommands = "${nixpkgs.xorg.xhost}/bin/xhost +SI:localuser:$USER";
+        sessionCommands = "${pkgs.xorg.xhost}/bin/xhost +SI:localuser:$USER";
         lightdm.enable = true;
         # lightdm.greeters.gtk.clock-format = "%H:%M"; # TODO(tazjin): TZ?
       };
@@ -203,7 +193,7 @@ in lib.fix(self: {
     createHome = true;
     extraGroups = [ "wheel" "networkmanager" "video" ];
     uid = 1000;
-    shell = nixpkgs.fish;
+    shell = pkgs.fish;
     initialHashedPassword = "$6$d3FywUNCuZnJ4l.$ZW2ul59MLYon1v1xhC3lTJZfZ91lWW6Tpi13MpME0cJcYZNrsx7ABdgQRn.K05awruG2Y9ARAzURnmiJ31WTS1";
   };
 
@@ -227,7 +217,7 @@ in lib.fix(self: {
     ]) ++
 
     # programs from nixpkgs
-    (with nixpkgs; [
+    (with pkgs; [
       bat
       chromium
       curl
-- 
cgit 1.4.1