From 51b7e7887d013ad0ab34544a1f98e51a8bd52158 Mon Sep 17 00:00:00 2001 From: Lyn Date: Tue, 17 Sep 2024 02:46:45 +0200 Subject: [PATCH] it finally worky now \o/ --- flake.nix | 17 ++-- hosts/forgejo-ci/default.nix | 12 ++- hosts/forgenite/default.nix | 5 +- kernel/latest.nix | 3 - meta/default.nix | 5 +- meta/lib.nix | 16 ---- meta/mkLocalMods.nix | 53 +++++++++++ meta/mkLocalModule.nix | 71 --------------- .../modules-extracted.nix | 0 {kernel => modules/kernel}/hardened.nix | 20 ++-- modules/kernel/latest.nix | 3 + .../packages}/archivetools.nix | 0 {packages => modules/packages}/crypto.nix | 0 {packages => modules/packages}/network.nix | 0 {packages => modules/packages}/security.nix | 0 {meta => modules}/profiles/base.nix | 9 +- {meta => modules}/profiles/vm.nix | 0 {services => modules/services}/forgejo-ci.nix | 10 +- {services => modules/services}/forgejo.nix | 7 +- {meta/modules => modules}/sops/default.nix | 2 +- modules/test/example.nix | 6 -- secrets/hosts/forgejo-ci.yaml | 6 +- test.nix | 91 ------------------- 23 files changed, 103 insertions(+), 233 deletions(-) delete mode 100644 kernel/latest.nix delete mode 100644 meta/lib.nix create mode 100644 meta/mkLocalMods.nix delete mode 100644 meta/mkLocalModule.nix rename modules-extracted.nix => meta/modules-extracted.nix (100%) rename {kernel => modules/kernel}/hardened.nix (94%) create mode 100644 modules/kernel/latest.nix rename {packages => modules/packages}/archivetools.nix (100%) rename {packages => modules/packages}/crypto.nix (100%) rename {packages => modules/packages}/network.nix (100%) rename {packages => modules/packages}/security.nix (100%) rename {meta => modules}/profiles/base.nix (86%) rename {meta => modules}/profiles/vm.nix (100%) rename {services => modules/services}/forgejo-ci.nix (65%) rename {services => modules/services}/forgejo.nix (86%) rename {meta/modules => modules}/sops/default.nix (75%) delete mode 100644 modules/test/example.nix delete mode 100644 test.nix diff --git a/flake.nix b/flake.nix index 93e6c23..3dc7b93 100644 --- a/flake.nix +++ b/flake.nix @@ -7,36 +7,37 @@ }; outputs = {self, nixpkgs, nixpkgs-unstable, sops-nix }@inputs: let imports = [ - ./meta ]; passInputs = ({lib,config,...}:{ - options.inputs = lib.mkOption{type = lib.types.attrs;}; + options.flakePath = lib.mkOption {type = lib.types.path;}; + config.flakePath = ./.; + options.inputs = lib.mkOption {type = lib.types.attrs;}; config.inputs = inputs; - options.pkgsInstances = lib.mkOption{type = lib.types.attrs;}; + options.pkgsInstances = lib.mkOption {type = lib.types.attrs;}; config.pkgsInstances = { - unstable = import inputs.nixpkgs-unstable{system = config.nixpkgs.system;}; + unstable = import inputs.nixpkgs-unstable {system = config.nixpkgs.system;}; }; }); - + inherit (nixpkgs) lib; + mkLocalMods = import ./meta/mkLocalMods.nix {inherit lib;}; in { - nixosConfigurations = { "forgejo" = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ - ./meta ./hosts/forgenite sops-nix.nixosModules.sops passInputs + (mkLocalMods {prefix = ["lyn"]; dir = ./modules;}) ]; }; "forgejo-ci" = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ ./hosts/forgejo-ci - ./meta sops-nix.nixosModules.sops passInputs + (mkLocalMods {prefix = ["lyn"]; dir = ./modules;}) ]; }; }; diff --git a/hosts/forgejo-ci/default.nix b/hosts/forgejo-ci/default.nix index f60ba1a..ab65ed8 100644 --- a/hosts/forgejo-ci/default.nix +++ b/hosts/forgejo-ci/default.nix @@ -1,18 +1,20 @@ { config, pkgs, lib, inputs, ... }: with config.lyn.lib; { imports = [ - ./../../services/forgejo-ci.nix ./hardware-configuration.nix ./../../users/lyn - ./../../meta/profiles/base.nix - ./../../meta/profiles/vm.nix ]; lyn.sops.secrets."hosts/forgejo-ci/forgejo_ci_token" = {}; - #lyn.kernel = enable ["latest" "hardened"]; + lyn.kernel.latest.enable = true; + lyn.profiles.base.enable = true; + lyn.profiles.vm.enable = true; + lyn.services.forgejo-ci.enable = true; + lyn.services.forgejo-ci.domain = "git.shibe.pro"; + lyn.services.forgejo-ci.instancename = "shibepro-ci"; # Use UEFI boot.loader.systemd-boot.enable = true; - networking.hostName = "forgenite"; # Define your hostname. + networking.hostName = "forgejo-ci"; # Define your hostname. # Firewall stuff: networking.firewall.enable = true; diff --git a/hosts/forgenite/default.nix b/hosts/forgenite/default.nix index 3d2af14..eb7207b 100644 --- a/hosts/forgenite/default.nix +++ b/hosts/forgenite/default.nix @@ -1,7 +1,6 @@ { config, pkgs, lib, inputs, ... }: { imports = [ - ./../../services/forgejo.nix ./../../users/lyn ./hardware-configuration.nix ./../../meta/profiles/base.nix @@ -10,7 +9,9 @@ lyn.sops.secrets."hosts/forgenite/forgejo_db_password".owner = "forgejo"; # Use UEFI boot.loader.systemd-boot.enable = true; - + # enable git + lyn.services.forgejo.enable = true; + lyn.services.forgejo.domain = "git.shibe.pro"; networking.hostName = "forgenite"; # Define your hostname. # Firewall stuff: diff --git a/kernel/latest.nix b/kernel/latest.nix deleted file mode 100644 index 515407e..0000000 --- a/kernel/latest.nix +++ /dev/null @@ -1,3 +0,0 @@ -{lib, config, pkgs, ...}: config.lyn.lib.mkLocalModule ./latest.nix "latest linux kernel" { - boot.kernelPackages = pkgs.linuxPackages_latest; -} diff --git a/meta/default.nix b/meta/default.nix index 6511e22..f669d22 100644 --- a/meta/default.nix +++ b/meta/default.nix @@ -1,8 +1,7 @@ { imports = [ - ./mkLocalModule.nix - ./enable.nix - ./lib.nix + ./mkLocalMods.nix +# ./enable.nix ]; } diff --git a/meta/lib.nix b/meta/lib.nix deleted file mode 100644 index 4a68a87..0000000 --- a/meta/lib.nix +++ /dev/null @@ -1,16 +0,0 @@ -{lib, config, ...}: { - options.lyn = { - lib = lib.mkOption { - type = lib.types.attrs; - default = {}; - }; - prelude = lib.mkOption { - type = lib.types.attrs; - default = {}; - }; - }; - config = { - lyn.prelude.llib = config.lyn.lib; - }; -} - diff --git a/meta/mkLocalMods.nix b/meta/mkLocalMods.nix new file mode 100644 index 0000000..333af67 --- /dev/null +++ b/meta/mkLocalMods.nix @@ -0,0 +1,53 @@ +{lib, ...}: +let + mapAttrKVs = mapFn: attrs: builtins.foldl' (acc: cur: acc // {${cur.key} = cur.value;}) {} (builtins.attrValues (builtins.mapAttrs mapFn attrs)); + #kv = key: value: {inherit key value;}; + recurseNaive = curPath: fn: mapAttrKVs (k: v: let + match = builtins.match "(.*)[.]nix" k; + in if v == "regular" && match != null then {key = builtins.elemAt match 0; value = fn (curPath + ("/" + k));} + else if v == "directory" then {key = k; value = recurseNaive (curPath + ("/" + k)) fn;} + else {key = null; value = null;} + ) (builtins.readDir curPath); + + getAttrKVsRec = prefix: as: lib.flatten (lib.mapAttrsToList (k: v: + if lib.isAttrs v then getAttrKVsRec (prefix ++ [k]) v + else [{path = prefix ++ [k]; value = v;}] + ) as); + + getPathKVsRec = prefix: dir: getAttrKVsRec prefix (lib.packagesFromDirectoryRecursive { callPackage = path: x: path; directory = dir; }); + + unifyMod = (import ./modules-extracted.nix {lib = lib;}).unifyModuleSyntax; + transformLocalMod = {path, value}: let + modFn = if lib.isFunction (import value) then import value else (p: import value); + newMod = p: let + paramNew = p // { + cfg = lib.getAttrFromPath path p.config; + }; + + pathStr = builtins.concatStringsSep "." path; + modRaw = modFn paramNew; + modUni = unifyMod pathStr pathStr (builtins.removeAttrs modRaw ["opt" "mod"]); + + mod = modRaw.mod or {}; + fileCtx = str: "${modUni._file} (mkLocalMods ${str})"; + enablePath = path ++ ["enable"]; + + imports = [ { + _file = fileCtx "`opt` processor"; + key = fileCtx "`opt` processor"; + options = lib.setAttrByPath path (modRaw.opt or {}); + } { + _file = fileCtx "`enable` definition"; + key = fileCtx "`enable` definition"; + options = lib.setAttrByPath enablePath (lib.mkEnableOption (mod.desc or mod.description or mod.name or pathStr)); + } ({config, ...}: { + _file = fileCtx "config wrapper"; + key = fileCtx "config wrapper"; + config = lib.mkIf (lib.getAttrFromPath enablePath config) modUni.config; + })]; + + newMod = modUni // { imports = modUni.imports ++ imports; config = {}; }; + in newMod; in lib.mirrorFunctionArgs modFn newMod; + + mkLocalMods = {prefix ? [], dir}: { _file = "mkLocalMods collector"; imports = builtins.map transformLocalMod (getPathKVsRec prefix dir); }; +in mkLocalMods diff --git a/meta/mkLocalModule.nix b/meta/mkLocalModule.nix deleted file mode 100644 index 19b5d41..0000000 --- a/meta/mkLocalModule.nix +++ /dev/null @@ -1,71 +0,0 @@ -{lib, ...}: { config.lyn.lib = rec { - /** - Split a string, and return all elements after a marker. - - # Example - - ``` - splitAfterMarker "/" "modules" /home/user/flake/modules/abc/def - == ["abc" "def"] - ``` - */ - splitAfterMarker = splitter: marker: input: builtins.foldl' (acc: new: - if acc == false then # marker not found yet - if new == marker then [] /* marker found */ else false - else acc ++ [new] # marker already found, add to output list - ) false (lib.splitString splitter input); - /** - Make a Nix module, with its attrpath being the local path - relative to a marker directory. Accepts a prefix, and removes `.nix` file endings. - - # Example - - ``` - mkLocalModuleMarker "modules" ["myModules" "abc"] ./current-file.nix "enable something" {} - { myModules.abc.current.file.path.current-file.enable = true; } - ``` - */ - mkLocalModuleMarker = marker: prefix: currentPath: optDesc: moduleConfig: let - normalizedPath = lib.strings.removeSuffix ".nix" (builtins.toString currentPath); - attrPath = prefix ++ (splitAfterMarker "/" marker normalizedPath); - mod = {config, ...}: { - options = lib.setAttrsByPath attrPath (lib.mkEnableOption optDesc); - config = lib.mkIf (lib.getAttrByPath attrPath config) moduleConfig; - }; - in mod; - /** - Find a folder or a parent folder containing a file. - - # Example - - ``` - findFolderWithFile "flake.nix" ./. - == /home/user/flake/ - ``` - */ - findFolderWithFile = file: arg: - if builtins.pathExists (arg + "/" + file) then arg - else if arg == /. then throw "could not find folder containing ${file}" - else findFolderWithFile file (arg + "/.."); - /** - Shorthand for mkLocalModuleMarker, setting marker to your flake and prefix to l. - */ - mkLocalModule = path: mkLocalModuleMarker (findFolderWithFile "flake.nix" path) ["lyn"] path; -};} - -# foldl' op nul [x0 x1 x2 ...] = op (op (op nul x0) x1) x2) .... For example, foldl' (x: y: x + y) 0 [1 2 3] - - -# input = /home/alina/flake/desktop/common -# options.desktop.common -# input' = /nix/store/aaa-flake/desktop/common -# foldl' (split "/" input) -# marker = flake -# foldl' ([home alina flake modules audio.nix ]) -# acc = false false [] [modules] [modules audio.nix] -# | ^ marker found -# | marker not found yet - - -# $ echo "abc\ndef" > readme -# readPathsFromFile "readme" == [./abc ./def] diff --git a/modules-extracted.nix b/meta/modules-extracted.nix similarity index 100% rename from modules-extracted.nix rename to meta/modules-extracted.nix diff --git a/kernel/hardened.nix b/modules/kernel/hardened.nix similarity index 94% rename from kernel/hardened.nix rename to modules/kernel/hardened.nix index e92071c..3c02f5b 100644 --- a/kernel/hardened.nix +++ b/modules/kernel/hardened.nix @@ -1,14 +1,14 @@ {lib, pkgs, config, ...}: let - ifApparmor = config.l.kernel.lsm.apparmor.enable; -in config.l.lib.mkLocalModule ./hardened.nix "custom hardened linux kernel" { + ifApparmor = config.lyn.kernel.hardened.apparmor.enable; +in{ boot.kernelPackages = let kernel = pkgs.linux-libre; llvm = pkgs.llvmPackages_latest; - version = pkgs.kernelPatches.hardened${kernel.meta.branch}.version; + version = pkgs.kernelPatches."hardened${kernel.meta.branch}".version; major = lib.versions.major version; - sha256 = pkgs.kernelPatches.hardened.${kernel.meta.branch}.sha256; + sha256 = pkgs.kernelPatches.hardened."${kernel.meta.branch}:".sha256; modDirVer = lib.replaceStrings [ kernel.version ] [ version ] @@ -17,10 +17,10 @@ in config.l.lib.mkLocalModule ./hardened.nix "custom hardened linux kernel" { stdenv = llvm.stdenv; extraMakeFlags = [ "LLVM=${llvm.bintools-unwrapped}/bin/" ]; kernelPatches = kernel.kernelPatches - ++ [ pkgs.kernelPatches.hardened.${kernel.meta.branch} ]; + ++ [ pkgs.kernelPatches.hardened."${kernel.meta.branch}" ]; modDirVersionArg = modDirVer + - (pkgs.kernelPatches.hardened.${kernel.meta.branch}).extra; + (pkgs.kernelPatches.hardened."${kernel.meta.branch}").extra; isHardened = true; argsOverride = { inherit version; @@ -93,7 +93,6 @@ in config.l.lib.mkLocalModule ./hardened.nix "custom hardened linux kernel" { # randomize allocator freelists, harden metadata SLAB_FREELIST_RANDOM = yes; SLAB_FREELIST_HARDENED = yes; - SHUFFLE_PAGE_ALLOCATOR = yes; RANDOM_KMALLOC_CACHES = yes; # sanity check userspace page table mappings @@ -189,7 +188,7 @@ in config.l.lib.mkLocalModule ./hardened.nix "custom hardened linux kernel" { SECURITY_SAFESETID = yes; DEFAULT_SECURITY_APPARMOR = lib.mkIf ifApparmor yes; DEFAULT_SECURITY = lib.mkIf ifApparmor (freeform "apparmor"); - SECURITY_APPARMOR_BOOTPARAM_VALUE = lib.mkIf ifApparmor (freeform "1";) + SECURITY_APPARMOR_BOOTPARAM_VALUE = lib.mkIf ifApparmor (freeform "1"); # mark LSM hooks read-only after init SECURITY_WRITABLE_HOOKS = no; @@ -230,7 +229,7 @@ in config.l.lib.mkLocalModule ./hardened.nix "custom hardened linux kernel" { # disable IO delay IO_DELAY_NONE = yes; }; - })) + })); boot.kernelParams = [ # set apparmor as the default security module (lib.mkIf ifApparmor "security=apparmor") @@ -278,9 +277,6 @@ in config.l.lib.mkLocalModule ./hardened.nix "custom hardened linux kernel" { # restrict ptrace() "kernel.yama.ptrace_scope" = 1; - # hide kernel memory addresses - "kernel.kptr_restrict" = 2; - # enable hardened eBPF JIT "net.core.bpf_jit_enable" = 1; "net.core.bpf_jit_harden" = 1; diff --git a/modules/kernel/latest.nix b/modules/kernel/latest.nix new file mode 100644 index 0000000..aa40ca5 --- /dev/null +++ b/modules/kernel/latest.nix @@ -0,0 +1,3 @@ +{lib, config, pkgs, ...}: { + boot.kernelPackages = pkgs.linuxPackages_latest; +} diff --git a/packages/archivetools.nix b/modules/packages/archivetools.nix similarity index 100% rename from packages/archivetools.nix rename to modules/packages/archivetools.nix diff --git a/packages/crypto.nix b/modules/packages/crypto.nix similarity index 100% rename from packages/crypto.nix rename to modules/packages/crypto.nix diff --git a/packages/network.nix b/modules/packages/network.nix similarity index 100% rename from packages/network.nix rename to modules/packages/network.nix diff --git a/packages/security.nix b/modules/packages/security.nix similarity index 100% rename from packages/security.nix rename to modules/packages/security.nix diff --git a/meta/profiles/base.nix b/modules/profiles/base.nix similarity index 86% rename from meta/profiles/base.nix rename to modules/profiles/base.nix index 3c101ef..7dcbad2 100644 --- a/meta/profiles/base.nix +++ b/modules/profiles/base.nix @@ -1,11 +1,9 @@ {lib, config, pkgs, ...}: { - imports = [ - ../modules/sops - ]; + lyn.sops.default.enable = true; nix.settings.experimental-features = [ "nix-command" "flakes" ]; nixpkgs.config.allowUnfree = true; nix.package = config.pkgsInstances.unstable.lix; - environment.variables.EDITOR = "vim"; + environment.variables.EDITOR = "nvim"; time.timeZone = "Europe/Berlin"; @@ -23,7 +21,8 @@ environment.systemPackages = with pkgs; [ git - vim + vim + neovim wget curl htop diff --git a/meta/profiles/vm.nix b/modules/profiles/vm.nix similarity index 100% rename from meta/profiles/vm.nix rename to modules/profiles/vm.nix diff --git a/services/forgejo-ci.nix b/modules/services/forgejo-ci.nix similarity index 65% rename from services/forgejo-ci.nix rename to modules/services/forgejo-ci.nix index 5a06c1e..6b6305a 100644 --- a/services/forgejo-ci.nix +++ b/modules/services/forgejo-ci.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, inputs, ... }: +{ config, pkgs, lib, inputs, cfg, ... }: { environment.systemPackages = with pkgs; [ docker @@ -12,14 +12,16 @@ ipv6 = true; }; }; + opt.domain = lib.mkOption {type = lib.types.str;}; + opt.instancename = lib.mkOption {type = lib.types.str;}; # Forgejo actions runner services.gitea-actions-runner = { package = config.pkgsInstances.unstable.forgejo-runner; instances = { - "shibepro-ci" = { + "${cfg.instancename}" = { enable = true; - url = "https://git.shibe.pro"; - name = "shibepro-ci"; + url = "https://${cfg.domain}"; + name = cfg.instancename; tokenFile = config.sops.secrets."hosts/forgejo-ci/forgejo_ci_token".path; labels = []; }; diff --git a/services/forgejo.nix b/modules/services/forgejo.nix similarity index 86% rename from services/forgejo.nix rename to modules/services/forgejo.nix index db1f4f4..38f447c 100644 --- a/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -1,11 +1,12 @@ -{pkgs, lib, config, ...}: +{pkgs, lib, config, cfg, ...}: with lib; with builtins; { + opt.domain = lib.mkOption {type = lib.types.string;}; services.forgejo = { enable = true; package = config.pkgsInstances.unstable.forgejo; settings.server = { - ROOT_URL = "https://git.shibe.pro"; - DOMAIN = "git.shibe.pro"; + ROOT_URL = "https://${cfg.domain}"; + DOMAIN = cfg.domain; HTTP_PORT = 48540; OFFLINE_MODE = true; # disable gravatar, CDN }; diff --git a/meta/modules/sops/default.nix b/modules/sops/default.nix similarity index 75% rename from meta/modules/sops/default.nix rename to modules/sops/default.nix index 49b8cb7..cc08255 100644 --- a/meta/modules/sops/default.nix +++ b/modules/sops/default.nix @@ -16,7 +16,7 @@ in name_split = lib.splitString "/" name; in { - sopsFile = ../../../secrets/${builtins.elemAt name_split 0}/${builtins.elemAt name_split 1}.yaml; + sopsFile = config.flakePath + /secrets/${builtins.elemAt name_split 0}/${builtins.elemAt name_split 1}.yaml; } // value) cfg.secrets; }; diff --git a/modules/test/example.nix b/modules/test/example.nix deleted file mode 100644 index 448002a..0000000 --- a/modules/test/example.nix +++ /dev/null @@ -1,6 +0,0 @@ -{config, cfg, lib, ...}: { - #mod.desc = "an example"; - options.networking.hostName = lib.mkOption { default = "nixos"; }; - opt.name = lib.mkOption { default = "foo"; }; - config.networking.hostName = cfg.name; -} diff --git a/secrets/hosts/forgejo-ci.yaml b/secrets/hosts/forgejo-ci.yaml index adb9d56..51f4469 100644 --- a/secrets/hosts/forgejo-ci.yaml +++ b/secrets/hosts/forgejo-ci.yaml @@ -1,6 +1,6 @@ hosts: forgejo-ci: - forgejo_ci_token: ENC[AES256_GCM,data:zZQPn/YxMKly1hcT2m3cGoIILh4wG7GiCXwiKRwNLrrPfwJlfAUn9g==,iv:xKVR09JhCIM5plxifcHeAEcsp1UyuXaqXaQCqIPywtU=,tag:zF032vUnTr8Mj79ZLCWcfg==,type:str] + forgejo_ci_token: ENC[AES256_GCM,data:mUGfczGcttcKQ8kXmESnRjpOxF1WNHZn7PSuek5dsbuZyaErCqQxtIUjvV90sQ==,iv:CjTrx56WChzFq5PSGj23dirl6iWF6Nqx93yCLHJQPRo=,tag:FrkOjdAiTq0kAYaUAQKfBQ==,type:str] sops: kms: [] gcp_kms: [] @@ -25,8 +25,8 @@ sops: SVdvMjEyVi81Nnh1UndKMGdXRkIwQjgK+uRsg09wkhyYMW/31mCrRK1AE/Zrvcy8 Vc7oHU0jscuhBNl/nMRsdquUgIZ67wAf6xJHjAXkUmQ2zi3PVXELvw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-06T03:55:48Z" - mac: ENC[AES256_GCM,data:H9RZy7w/quqfjMedaQe1NHAasC0FspxcXPyAXoy5uZaAoevNdXQNIe5yqBW+BRrw/5uIKKtLuS7YS5B3evpor2WRV0EeoPmy4dI/oFYZWg2kNzLVTumxQp4Q1vOOcrBrMUmm7OeoItr85p42Cx/08I9TnwRieGMnG5Mn0J6o+Zo=,iv:XbWd6j2LhhOld7NXN2m58f1cUJpLcdb3Ywf0bNkQYdA=,tag:T5gTjfRCCLfGFtIzXE7OfA==,type:str] + lastmodified: "2024-09-17T00:30:12Z" + mac: ENC[AES256_GCM,data:bppWgKwMHPDHwHdegjcseFJefUZ2bThMWvk9s8l3IG/jRJaP5bTtdJppKeC0EGE0W1FjQtFP+aYscZRLsFYdpVqJMvo5XJp5VcW+vE1IZ09Qs5GCMpHHDEmuU5tx6h8fTIk5KLskGfxbtBvSABS+QZgF6QRa6FRq2DxVaf07P2I=,iv:NVrqJZOfpTwkTlmycR1Zg0XdHJwRkDaiR5uud7IML3g=,tag:I++gzcdhJR2eiIMJHUZ9Ag==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/test.nix b/test.nix deleted file mode 100644 index 8821bbf..0000000 --- a/test.nix +++ /dev/null @@ -1,91 +0,0 @@ -let - flake = builtins.getFlake "/home/lyn/flake"; - pkgs = import flake.inputs.nixpkgs {}; - lib = pkgs.lib; - - mapAttrKVs = mapFn: attrs: builtins.foldl' (acc: cur: acc // {${cur.key} = cur.value;}) {} (builtins.attrValues (builtins.mapAttrs mapFn attrs)); - #kv = key: value: {inherit key value;}; - recurseNaive = curPath: fn: mapAttrKVs (k: v: let - match = builtins.match "(.*)[.]nix" k; - in if v == "regular" && match != null then {key = builtins.elemAt match 0; value = fn (curPath + ("/" + k));} - else if v == "directory" then {key = k; value = recurseNaive (curPath + ("/" + k)) fn;} - else {key = null; value = null;} - ) (builtins.readDir curPath); - - getAttrKVsRec = prefix: as: pkgs.lib.flatten (pkgs.lib.mapAttrsToList (k: v: - if pkgs.lib.isAttrs v then getAttrKVsRec (prefix ++ [k]) v - else [{path = prefix ++ [k]; value = v;}] - ) as); - - getPathKVsRec = prefix: dir: getAttrKVsRec prefix (lib.packagesFromDirectoryRecursive { callPackage = path: x: path; directory = dir; }); - - unifyMod = (import ./modules-extracted.nix {lib = lib;}).unifyModuleSyntax; - transformLocalMod = {path, value}: p: let - param = p // { - cfg = lib.getAttrFromPath path p.config; - }; - - pathStr = builtins.concatStringsSep "." path; - modFn = p: let i = import value; in if lib.isFunction i then i p else i; - modUni = unifyMod pathStr pathStr (builtins.removeAttrs modRaw ["opt" "mod"]); - - meta = modRaw.mod or {}; - fileCtx = str: "${modUni._file} (mkLocalMods ${str})"; - enablePath = path ++ ["enable"]; - - merge = cur: upd: - - runExts = exts: let - nul = x: rec { - # First pass - args = p; # Args to call the module with. This immediately changes the params of `raw`, `mod` etc. through Nix magic - deletedKeys = ["opt" "mod"]; # Keys to delete before calling unifyModuleSyntax - - # Second pass - imports = {}; # Put any modules to import as *attributes* here (for other extensions to modify them) - raw = modFn x.args; # The raw module result, called with `args` - mod = unifyMod pathStr pathStr (builtins.removeAttrs raw x.deletedKeys); # The unified module, e.g. the result of `unifyModuleSyntax .. .. raw`, and has the default module attrs - meta = raw.mod or {}; # Equivalent to raw.mod, contains metadata of the module - }; - firstPass = builtins.foldl' (acc: ext: - builtins.foldl' (acc: ext: let - acc' = acc // (let acc2 = (ext acc) // acc; in rec { - raw = modFn acc2.args; - mod = unifyMod pathStr pathStr (builtins.removeAttrs raw acc2.deletedKeys); - meta = raw.mod or {}; - }); - res = lib.recursiveUpdate acc' (ext acc'); - in res) exts - - addMod = c: ctx: newMod: { mod.imports = c.mod.imports ++ [ (newMod // {_file = fileCtx ctx;}) ]; }; - - defaultExtensions = [ - (c: { imports.opt = { - name = "`opt` processor"; - options = lib.setAttrByPath c.path raw.opt; - };}) - (c: { imports.enable = { - name "`enable` definition"; - opt.enable = lib.mkEnableOption (c.meta.desc or c.meta.description or c.meta.name or pathStr); - };}) - (c: { - - }) - ] - - imports = [ { - _file = fileCtx "`opt` processor"; - options = lib.setAttrByPath path modRaw.opt; - } { - _file = fileCtx "`enable` definition"; - options = lib.setAttrByPath enablePath (lib.mkEnableOption (mod.desc or mod.description or mod.name or pathStr)); - } ({config, ...}: { - _file = fileCtx "config wrapper"; - config = lib.mkIf (lib.getAttrFromPath enablePath config) modUni.config; - }) ]; - - newMod = modUni // { imports = modUni.imports ++ imports; config = {}; }; - in newMod; - - mkLocalMods = {prefix ? [], dir}: { _file = "mkLocalMods collector"; imports = builtins.map transformLocalMod (getPathKVsRec prefix dir); }; -in cfg: (pkgs.lib.evalModules { modules = [ (mkLocalMods {prefix = ["lyn"]; dir = ./modules;}) cfg ]; })