commit d43eaa037a6574754a8f66e803911d5d5642ba12 Author: Vijfhoek Date: Sat Jun 5 10:46:58 2021 +0200 init diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..96e5188 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,32 @@ +# Editor configuration, see http://editorconfig.org +root = true + +[*] +end_of_line = lf +insert_final_newline = true +trim_trailing_whitespace = true +charset = utf-8 +indent_style = space +indent_size = 2 + +# Ignore diffs/patches +[*.{diff,patch}] +end_of_line = unset +insert_final_newline = unset +trim_trailing_whitespace = unset +indent_size = unset + +[{.*,secrets}/**] +end_of_line = unset +insert_final_newline = unset +trim_trailing_whitespace = unset +charset = unset +indent_style = unset +indent_size = unset + +[*.py] +indent_size = 4 + +[*.md] +max_line_length = off +trim_trailing_whitespace = false diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..a6d5743 --- /dev/null +++ b/.envrc @@ -0,0 +1,2 @@ +watch_file shell/* flake.nix +use flake || use nix diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..ca1ca28 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,38 @@ +--- +name: Bug report +about: Create a report to help improve +title: '' +labels: 'bug' +assignees: '' + +--- + +Your issue may already be reported! +Please search on the [issue tracker](../) before creating one. + +## Expected Behavior + + + +## Current Behavior + + +## Possible Solution + + + +## Steps to Reproduce + + +1. +2. +3. +4. + +## Context + + + +## Your Environment + + diff --git a/.github/ISSUE_TEMPLATE/community_request.md b/.github/ISSUE_TEMPLATE/community_request.md new file mode 100644 index 0000000..c55a3fa --- /dev/null +++ b/.github/ISSUE_TEMPLATE/community_request.md @@ -0,0 +1,22 @@ +--- +name: Commuity Request +about: inspire contribution to the `community` branch +title: '' +labels: 'community' +assignees: '' + +--- + +Your issue may already be reported! +Please search on the [issue tracker](../) before creating one. + +## Ideas + + + + + + +## Requests + + diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..327943c --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,24 @@ +--- +name: Feature request +about: Suggest an idea +title: '' +labels: 'enhancement' +assignees: '' + +--- + +Your issue may already be reported! +Please search on the [issue tracker](../) before creating one. + +## Would your feature fix an existing issue? + + +## Describe the solution you'd like + + +## Describe alternatives you've considered + + +## Additional context + + diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml new file mode 100644 index 0000000..e4fc197 --- /dev/null +++ b/.github/workflows/check.yml @@ -0,0 +1,28 @@ +name: "Check & Cachix" +on: + push: + branches: + - core + - trying + - staging +jobs: + check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2.3.4 + - uses: cachix/install-nix-action@v13 + with: + install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20210415_76980a1/install + extra_nix_config: | + experimental-features = nix-command flakes + system-features = nixos-test benchmark big-parallel kvm recursive-nix + substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org + trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= + - uses: cachix/cachix-action@v10 + with: + name: nrdxp + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + - run: nix -Lv flake check + - run: nix -Lv build ".#nixosConfigurations.NixOS.config.system.build.toplevel" + - run: nix -Lv develop -c echo OK diff --git a/.github/workflows/mdbook_docs.yml b/.github/workflows/mdbook_docs.yml new file mode 100644 index 0000000..842171c --- /dev/null +++ b/.github/workflows/mdbook_docs.yml @@ -0,0 +1,27 @@ +name: Deploy Docs to GitHub Pages + +on: + push: + branches: + - core + +jobs: + deploy: + runs-on: ubuntu-18.04 + steps: + - uses: actions/checkout@v2 + + - name: Setup mdBook + uses: peaceiris/actions-mdbook@v1 + with: + mdbook-version: 'latest' + + - run: mdbook build doc + + - name: Deploy + uses: peaceiris/actions-gh-pages@v3 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + publish_branch: gh-pages + publish_dir: ./doc/book + cname: devos.divnix.com diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..6b22de0 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,71 @@ +name: Release + +on: + push: + tags: + - v* + +jobs: + changelog: + name: Update Changelog + runs-on: ubuntu-latest + steps: + - name: Get version from tag + env: + GITHUB_REF: ${{ github.ref }} + run: | + export CURRENT_VERSION=${GITHUB_TAG/refs\/tags\/v/} + echo "CURRENT_VERSION=$CURRENT_VERSION" >> $GITHUB_ENV + - name: Checkout code + uses: actions/checkout@v2 + with: + ref: core + - name: Update Changelog + uses: heinrichreimer/github-changelog-generator-action@v2.1.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + issues: false + issuesWoLabels: false + pullRequests: true + prWoLabels: true + addSections: '{"documentation":{"prefix":"**Documentation:**","labels":["documentation"]}}' + - uses: stefanzweifel/git-auto-commit-action@v4 + with: + commit_message: Update Changelog for tag ${{ env.CURRENT_VERSION }} + file_pattern: CHANGELOG.md + + release_notes: + name: Create Release Notes + runs-on: ubuntu-latest + needs: changelog + steps: + - name: Get version from tag + env: + GITHUB_REF: ${{ github.ref }} + run: | + export CURRENT_VERSION=${GITHUB_TAG/refs\/tags\/v/} + echo "CURRENT_VERSION=$CURRENT_VERSION" >> $GITHUB_ENV + + - name: Checkout code + uses: actions/checkout@v2 + with: + ref: core + + - name: Get Changelog Entry + id: changelog_reader + uses: mindsers/changelog-reader-action@v1 + with: + version: ${{ env.CURRENT_VERSION }} + path: ./CHANGELOG.md + + - name: Create Release + id: create_release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: ${{ github.ref }} + release_name: Release ${{ github.ref }} + body: ${{ steps.changelog_reader.outputs.log_entry }} + draft: false + prerelease: false diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..72a0166 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +result +up +hosts/up-* +.direnv +doc/index.html diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..b8d9a68 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,114 @@ +# Changelog + +## [v0.10.0](https://github.com/divnix/devos/tree/v0.10.0) (2021-05-24) + +**Implemented enhancements:** + +- Providing an interface to nixpkgs.config [\#237](https://github.com/divnix/devos/issues/237) +- Making the user available in profiles [\#230](https://github.com/divnix/devos/issues/230) +- copy evaluation store paths to iso [\#195](https://github.com/divnix/devos/issues/195) +- Extract custom system builds from devosSystem out of lib [\#170](https://github.com/divnix/devos/issues/170) +- Allow setting of channel host-wide [\#117](https://github.com/divnix/devos/issues/117) +- alacritty: CSIu support [\#51](https://github.com/divnix/devos/issues/51) + +**Fixed bugs:** + +- Cachix timeouts + how to disable nrdxp cachix \(if needed\) [\#294](https://github.com/divnix/devos/issues/294) +- default.nix flake-compat is broken [\#285](https://github.com/divnix/devos/issues/285) +- All suites return "attribute missing" [\#282](https://github.com/divnix/devos/issues/282) +- nix is built two times [\#203](https://github.com/divnix/devos/issues/203) +- fix lib docs [\#166](https://github.com/divnix/devos/issues/166) + +**Closed issues:** + +- eliminate userFlakeNixOS [\#257](https://github.com/divnix/devos/issues/257) +- devos-as-library [\#214](https://github.com/divnix/devos/issues/214) + +**Merged pull requests:** + +- Update evalArgs to match the new planned API [\#239](https://github.com/divnix/devos/pull/239) + +## [v0.9.0](https://github.com/divnix/devos/tree/v0.9.0) (2021-04-19) + +**Implemented enhancements:** + +- pin inputs into iso live registry [\#190](https://github.com/divnix/devos/issues/190) +- Pass 'self' to lib [\#169](https://github.com/divnix/devos/issues/169) +- doc: quickstart "ISO. What next?" [\#167](https://github.com/divnix/devos/issues/167) +- Integrate Android AOSP putting mobile under control [\#149](https://github.com/divnix/devos/issues/149) +- Inoculate host identity on first use [\#132](https://github.com/divnix/devos/issues/132) +- kubenix support [\#130](https://github.com/divnix/devos/issues/130) +- Improve Home Manager support: profiles/suites, modules, extern, flake outputs [\#119](https://github.com/divnix/devos/issues/119) +- Local CA \(between hosts\) [\#104](https://github.com/divnix/devos/issues/104) +- Q5: git annex for machine state [\#68](https://github.com/divnix/devos/issues/68) +- name space ./pkgs overlays [\#60](https://github.com/divnix/devos/issues/60) +- remap global keys easily [\#57](https://github.com/divnix/devos/issues/57) +- make pass state part of this repo's structure [\#56](https://github.com/divnix/devos/issues/56) +- Incorporate ./shells [\#38](https://github.com/divnix/devos/issues/38) +- Encrypt with \(r\)age [\#37](https://github.com/divnix/devos/issues/37) + +**Fixed bugs:** + +- `pathsToImportedAttrs` does not accept directories [\#221](https://github.com/divnix/devos/issues/221) +- Cachix caches aren't added to the configuration [\#208](https://github.com/divnix/devos/issues/208) +- Issues with current changelog workflow [\#205](https://github.com/divnix/devos/issues/205) +- iso: systemd service startup [\#194](https://github.com/divnix/devos/issues/194) +- Help adding easy-hls-nix to devos [\#174](https://github.com/divnix/devos/issues/174) +- `flk update` fails because of obsolete flag [\#159](https://github.com/divnix/devos/issues/159) +- Expected that not all packages are exported? [\#151](https://github.com/divnix/devos/issues/151) +- Segmentation fault when generating iso [\#150](https://github.com/divnix/devos/issues/150) + +**Documentation:** + +- doc: split iso [\#193](https://github.com/divnix/devos/issues/193) +- lib: can depend on pkgs \(a la nixpkgs\#pkgs/pkgs-lib\) [\#147](https://github.com/divnix/devos/pull/147) + +**Closed issues:** + +- FRRouting router implementation [\#154](https://github.com/divnix/devos/issues/154) +- ARM aarch64 Support [\#72](https://github.com/divnix/devos/issues/72) + +## [v0.8.0](https://github.com/divnix/devos/tree/v0.8.0) (2021-03-02) + +**Implemented enhancements:** + +- semi automatic update for /pkgs [\#118](https://github.com/divnix/devos/issues/118) +- Home-manager external modules from flakes [\#106](https://github.com/divnix/devos/issues/106) + +**Fixed bugs:** + +- My emacsGcc overlay is not working [\#146](https://github.com/divnix/devos/issues/146) +- local flake registry freezes branches [\#142](https://github.com/divnix/devos/issues/142) +- nixos-option no longer works after collect garbage [\#138](https://github.com/divnix/devos/issues/138) +- Profiles imports are brittle, causing failure if imported twice [\#136](https://github.com/divnix/devos/issues/136) + +## [0.7.0](https://github.com/divnix/devos/tree/0.7.0) (2021-02-20) + +**Implemented enhancements:** + +- add zoxide [\#53](https://github.com/divnix/devos/issues/53) +- Multiarch support? [\#17](https://github.com/divnix/devos/issues/17) +- initial multiArch support [\#18](https://github.com/divnix/devos/pull/18) + +**Fixed bugs:** + +- Missing shebang from flk.sh [\#131](https://github.com/divnix/devos/issues/131) +- Rename Meta Issue [\#128](https://github.com/divnix/devos/issues/128) +- specialisations break the `system` argument [\#46](https://github.com/divnix/devos/issues/46) +- Revert "Add extraArgs to lib.nixosSystem call to add system args." [\#47](https://github.com/divnix/devos/pull/47) + +**Documentation:** + +- update home-manager urls [\#62](https://github.com/divnix/devos/pull/62) + +**Closed issues:** + +- add github action for cachix build ci [\#59](https://github.com/divnix/devos/issues/59) + +## [12052020](https://github.com/divnix/devos/tree/12052020) (2020-12-06) + +## [07092020](https://github.com/divnix/devos/tree/07092020) (2020-07-09) + + + +\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* diff --git a/COPYING b/COPYING new file mode 100644 index 0000000..c9b44cb --- /dev/null +++ b/COPYING @@ -0,0 +1,18 @@ +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..f347f4a --- /dev/null +++ b/README.md @@ -0,0 +1,115 @@ +[![Bors enabled](https://bors.tech/images/badge_small.svg)](https://app.bors.tech/repositories/32678) +[![MIT License](https://img.shields.io/github/license/divnix/devos)][mit] +[![NixOS](https://img.shields.io/badge/NixOS-unstable-blue.svg?style=flat&logo=NixOS&logoColor=white)](https://nixos.org) + +> #### โš  Advisory โš  +> DevOS requires the [flakes][flakes] feature available via an _experimental_ +> branch of [nix][nix]. Until nix 3.0 is released, this project +> should be considered unstable, though quite usable as flakes have been +> maturing _well_ [for a while](https://github.com/divnix/devos/tree/17713c22d07c54525c728c62060a0428b76dee3b). + +# Introduction +DevOS grants a simple template to use, deploy and manage [NixOS][nixos] systems +for personal and productive use. A sane repository structure is provided, +integrating several popular projects like [home-manager][home-manager], +[devshell][devshell], and [more](./doc/integrations). + +Striving for ___nix firstโ„ข___ solutions with unobstrusive implementations, +a [flake centric][flake-doc] approach is taken for useful conveniences such as +[automatic source updates](./pkgs#automatic-source-updates). + +Skip the indeterminate nature of other systems, _and_ the perceived +tedium of bootstrapping Nix. It's easier than you think! + +### Status: Beta +Although this project has already matured quite a bit, especially through +recent outfactoring of [`digga`][digga], a fair amount of api polishing is still +expected. There are unstable versions (0._x_._x_) to help users keep track +of changes and progress. + +## Getting Started +Check out the [guide](https://devos.divnix.com/start) to get up and running. +Also, have a look at [_flake.nix_][toc]. If anything is not immediately +discoverable from there through [`digga`][digga] library's [`mkFlake`][mk-flake], +please file a bug report. + +## In the Wild +The author maintains his own branch, so you can take inspiration, direction, or +make critical comments about the [code][please]. ๐Ÿ˜œ + +## Motivation +NixOS provides an amazing abstraction to manage our environment, but that new +power can sometimes bring feelings of overwhelm and confusion. Having a turing +complete system can easily lead to unlimited complexity if we do it wrong. +Instead, we should have a community consensus on how to manage a NixOS system +and its satellite projects, from which best practices can evolve. + +___The future is declarative! ๐ŸŽ‰___ + +## Community Profiles +There are two branches from which to choose: [core][core] and +[community][community]. The community branch builds on core and includes +several ready-made profiles for discretionary use. + +Every package and NixOS profile declared in community is uploaded to +[cachix](./integrations/cachix.md), so everything provided is available +without building anything. This is especially useful for the packages that are +[overridden](./concepts/overrides.md) from master, as without the cache, +rebuilds are quite frequent. + +## Shoulders +This work does not reinvent the wheel. It stands on the [shoulders of the +following giants][giants]: + +### :onion: — like the layers of an onion +- [`divnix/digga`][digga] +- [`gytis-ivaskevicius/flake-utils-plus`][fup] +- [`numtide/flake-utils`][fu] + +### :family: — like family +- [`numtide/devshell`][devshell] +- [`serokell/deploy-rs`][deploy] +- [`NixOS/nixpkgs`][nixpkgs] + +:heart: + +## Inspiration & Art +- [hlissner/dotfiles][dotfiles] +- [nix-user-chroot](https://github.com/nix-community/nix-user-chroot) +- [Nickel](https://github.com/tweag/nickel) +- [Awesome Nix](https://github.com/nix-community/awesome-nix) +- [devshell](https://github.com/numtide/devshell) + +## Divnix +The divnix org is an open space that spontaniously formed out of "the Nix". +It is really just a place where otherwise unrelated people a) get +together and b) stuff done. + +It's a place to stop "geeking out in isolation" (or within company boundaries), +experiment and learn together and iterate quickly on best practices. That's what it is. + +It might eventually become a non-profit if that's not too complicated or if those +goals are sufficiently upstreamed into "the Nix", dissolved. + +# License +DevOS is licensed under the [MIT License][mit]. + +[mk-flake]: https://github.com/divnix/digga/tree/master/src/mkFlake +[nixpkgs]: https://github.com/NixOS/nixpkgs +[deploy]: https://github.com/serokell/deploy-rs +[toc]: https://github.com/divnix/devos/blob/core/flake.nix +[giants]: https://en.wikipedia.org/wiki/Standing_on_the_shoulders_of_giants +[digga]: https://github.com/divnix/digga +[fup]: https://github.com/gytis-ivaskevicius/flake-utils-plus +[fu]: https://github.com/numtide/flake-utils +[devshell]: https://github.com/numtide/devshell +[nix]: https://nixos.org/manual/nix/stable +[mit]: https://mit-license.org +[nixos]: https://nixos.org/manual/nixos/stable +[home-manager]: https://nix-community.github.io/home-manager +[flakes]: https://nixos.wiki/wiki/Flakes +[flake-doc]: https://github.com/NixOS/nix/blob/master/src/nix/flake.md +[core]: https://github.com/divnix/devos +[community]: https://github.com/divnix/devos/tree/community +[dotfiles]: https://github.com/hlissner/dotfiles +[please]: https://github.com/nrdxp/devos/tree/nrd diff --git a/bors.toml b/bors.toml new file mode 100644 index 0000000..6703d41 --- /dev/null +++ b/bors.toml @@ -0,0 +1,5 @@ +status = [ "check" ] + +required_approvals = 1 + +up_to_date_approvals = true diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..0e6bdee --- /dev/null +++ b/default.nix @@ -0,0 +1,31 @@ +let + inherit (default.inputs.nixos) lib; + + default = (import ./lib/compat).defaultNix; + + ciSystems = [ + "aarch64-linux" + "i686-linux" + "x86_64-linux" + ]; + + filterSystems = lib.filterAttrs + (system: _: lib.elem system ciSystems); + + recurseIntoAttrsRecursive = lib.mapAttrs (_: v: + if lib.isAttrs v + then recurseIntoAttrsRecursive (lib.recurseIntoAttrs v) + else v + ); + + systemOutputs = lib.filterAttrs + (name: set: lib.isAttrs set + && lib.any + (system: set ? ${system} && name != "legacyPackages") + ciSystems + ) + default.outputs; + + ciDrvs = lib.mapAttrs (_: system: filterSystems system) systemOutputs; +in +(recurseIntoAttrsRecursive ciDrvs) // { shell = import ./shell.nix; } diff --git a/doc/.gitignore b/doc/.gitignore new file mode 100644 index 0000000..7585238 --- /dev/null +++ b/doc/.gitignore @@ -0,0 +1 @@ +book diff --git a/doc/CONTRIBUTING.md b/doc/CONTRIBUTING.md new file mode 100644 index 0000000..bb480ae --- /dev/null +++ b/doc/CONTRIBUTING.md @@ -0,0 +1,28 @@ +# Pull Requests +If making a change to core, or adding a feature, please be sure to update the +relevant docs. Each directory contains its own README.md, which will +automatically be pulled into the [mdbook](https://devos.divnix.com). The book is +rendered on every change, so the docs should always be up to date. + +We also use [BORS](https://bors.tech) to ensure that all pull requests pass the +test suite once at least one review is completed. + +## Community PRs +While much of your work in this template may be idiosyncratic in nature. Anything +that might be generally useful to the broader NixOS community can be synced to +the `community` branch to provide a host of useful NixOS configurations available +"out of the box". + +# Style +If you wish to contribute please follow these guidelines: + +* format your code with [`nixpkgs-fmt`][nixpkgs-fmt]. The default devshell + includes a pre-commit hook that does this for you. + +* The commit message follows the same semantics as [nixpkgs][nixpkgs]. + * You can use a `#` symbol to specify ambiguities. For example, + `develop#zsh: ` would tell me that you're updating the + `zsh` subprofile living under the `develop` profile. + +[nixpkgs-fmt]: https://github.com/nix-community/nixpkgs-fmt +[nixpkgs]: https://github.com/NixOS/nixpkgs diff --git a/doc/SUMMARY.md b/doc/SUMMARY.md new file mode 100644 index 0000000..f35bf37 --- /dev/null +++ b/doc/SUMMARY.md @@ -0,0 +1,34 @@ +# Summary + +- [Introduction](../README.md) +- [Quick Start](./start/index.md) + - [ISO](./start/iso.md) + - [Bootstrapping](./start/bootstrapping.md) + - [From NixOS](./start/from-nixos.md) +- [Key Concepts](./concepts/index.md) + - [Extern](./concepts/extern.md) + - [Hosts](./concepts/hosts.md) + - [Overrides](./concepts/overrides.md) + - [Profiles](./concepts/profiles.md) + - [Suites](./concepts/suites.md) + - [Users](./concepts/users.md) +- [Outputs](./outputs/index.md) + - [Modules](./outputs/modules.md) + - [Overlays](./outputs/overlays.md) + - [Packages](./outputs/pkgs.md) +- [Concerns]() + - [Lib](./lib.md) + - [Secrets](./secrets.md) + - [Tests](./tests.md) +- [Helper Script โ€“ `flk`](./flk/index.md) + - [up](./flk/up.md) + - [update](./flk/update.md) + - [get](./flk/get.md) + - [iso](./flk/iso.md) + - [install](./flk/install.md) + - [home](./flk/home.md) +- [Integrations](./integrations/index.md) + - [Cachix](./integrations/cachix.md) + - [Deploy RS](./integrations/deploy.md) + - [Hercules CI](./integrations/hercules.md) +- [Contributing](./CONTRIBUTING.md) diff --git a/doc/book.toml b/doc/book.toml new file mode 100644 index 0000000..373d26f --- /dev/null +++ b/doc/book.toml @@ -0,0 +1,6 @@ +[book] +authors = ["Timothy DeHerrera"] +language = "en" +multilingual = false +src = "." +title = "devos docs" diff --git a/doc/concepts/extern.md b/doc/concepts/extern.md new file mode 100644 index 0000000..45d8dcb --- /dev/null +++ b/doc/concepts/extern.md @@ -0,0 +1,42 @@ +# External Art +When you need to use a module, overlay, or pass a value from one of your inputs +to the rest of your NixOS configuration, you can make use of a couple arguments. +It is encouraged to add external art directly in your `flake.nix` so the file +represents a complete dependency overview of your flake. + +## Overlays +External overlays can directly be added to a channel's `overlays` list. + +flake.nix: +```nix +{ + channels.nixos.overlays = [ inputs.agenix.overlay ]; +} +``` +Upon exporting overlays, these overlays will be automatically filtered out by inspecting the `inputs` argument. + +## Modules +There is a dedicated `nixos.hostDefaults.externalModules` argument for external +modules. + +flake.nix: +```nix +{ + nixos.hostDefaults.externalModules = [ inputs.agenix.nixosModules.age ]; +} +``` + +## Home Manager +Since there isn't a `hosts` concept for home-manager, externalModules is just a +top-level argument in the `home` namespace. + +flake.nix: +```nix +{ + home.externalModules = [ doom-emacs = doom-emacs.hmModule ]; +} +``` + +> ##### Note: +> To avoid declaring "external" modules separately, which is obvious since they come from `inputs`, the optimal solution would be to automatically export modules that were created in +> your flake. But this is not possible due to NixOS/nix#4740. diff --git a/doc/concepts/hosts.md b/doc/concepts/hosts.md new file mode 100644 index 0000000..37130f3 --- /dev/null +++ b/doc/concepts/hosts.md @@ -0,0 +1,61 @@ +# Hosts + +Nix flakes contain an output called `nixosConfigurations` declaring an +attribute set of valid NixOS systems. To simplify the management and creation +of these hosts, devos automatically imports every _.nix_ file inside this +directory to the mentioned attribute set, applying the projects defaults to +each. The only hard requirement is that the file contain a valid NixOS module. + +As an example, a file `hosts/system.nix` will be available via the flake +output `nixosConfigurations.system`. You can have as many hosts as you want +and all of them will be automatically imported based on their name. + +For each host, the configuration automatically sets the `networking.hostName` +attribute to the name of the file minus the _.nix_ extension. This is for +convenience, since `nixos-rebuild` automatically searches for a configuration +matching the current systems hostname if one is not specified explicitly. + +You can set channels, systems, and add extra modules to each host by editing the +`nixos.hosts` argument in flake.nix. This is the perfect place to import +host specific modules from external sources, such as the +[nixos-hardware][nixos-hardware] repository. + +It is recommended that the host modules only contain configuration information +specific to a particular piece of hardware. Anything reusable across machines +is best saved for [profile modules](./profiles.md). + +This is a good place to import sets of profiles, called [suites](./suites.md), +that you intend to use on your machine. + + +## Example + +flake.nix: +```nix +{ + nixos = { + imports = [ (devos.lib.importHosts ./hosts) ]; + hosts = { + librem = { + channelName = "latest"; + modules = [ nixos-hardware.nixosModules.purism-librem-13v3 ]; + }; + }; + }; +} +``` + +hosts/librem.nix: +```nix +{ suites, ... }: +{ + imports = suites.laptop; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + fileSystems."/" = { device = "/dev/disk/by-label/nixos"; }; +} +``` + +[nixos-hardware]: https://github.com/NixOS/nixos-hardware diff --git a/doc/concepts/index.md b/doc/concepts/index.md new file mode 100644 index 0000000..8aca6e5 --- /dev/null +++ b/doc/concepts/index.md @@ -0,0 +1,4 @@ +# Key Concepts + +There are few idioms unique to DevOS. This section is dedicated to helping you +understand them. diff --git a/doc/concepts/overrides.md b/doc/concepts/overrides.md new file mode 100644 index 0000000..303108c --- /dev/null +++ b/doc/concepts/overrides.md @@ -0,0 +1,41 @@ +# Overrides +Each NixOS host follows one channel. But many times it is useful to get packages +or modules from different channels. + +## Packages +You can make use of `overlays/overrides.nix` to override specific packages in the +default channel to be pulled from other channels. That file is simply an example +of how any overlay can get `channels` as their first argument. + +You can add overlays to any channel to override packages from other channels. + +Pulling the manix package from the `latest` channel: +```nix +channels: final: prev: { + __dontExport = true; + inherit (pkgs.latest) manix; +} +``` + +It is recommended to set the `__dontExport` property for override specific +overlays. `overlays/overrides.nix` is the best place to consolidate all package +overrides and the property is already set for you. + +## Modules + +You can also pull modules from other channels. All modules have access to the +`modulesPath` for each channel as `ModulesPath`. And you can use +`disabledModules` to remove modules from the current channel. + +Pulling the zsh module from the `latest` channel: +```nix +{ latestModulesPath }: { + modules = [ "${latestModulesPath}/programs/zsh/zsh.nix" ]; + disabledModules = [ "programs/zsh/zsh.nix" ]; +} +``` + +> ##### _Note:_ +> Sometimes a modules name will change from one branch to another. + +[nixpkgs-modules]: https://github.com/NixOS/nixpkgs/tree/master/nixos/modules diff --git a/doc/concepts/profiles.md b/doc/concepts/profiles.md new file mode 100644 index 0000000..1c8f416 --- /dev/null +++ b/doc/concepts/profiles.md @@ -0,0 +1,65 @@ +# Profiles + +Profiles are a convenient shorthand for the [_definition_][definition] of +[options][options] in contrast to their [_declaration_][declaration]. They're +built into the NixOS module system for a reason: to elegantly provide a clear +separation of concerns. + +If you need guidance, a community [branch](https://github.com/divnix/devos/tree/community/profiles) +is maintained to help get up to speed on their usage. + +## Constraints +For the sake of consistency, a profile should always be defined in a +___default.nix___ containing a [nixos module config][config]. +A profile's directory is used for quick modularization of +[interelated bits](./profiles.md#subprofiles). + +> ##### _Notes:_ +> * For _declaring_ module options, there's the [modules](../outputs/modules.md) directory. +> * This directory takes inspiration from +> [upstream](https://github.com/NixOS/nixpkgs/tree/master/nixos/modules/profiles) +> . +> * Sticking to a simple [spec][spec] has refreshing advantages. +> [hercules-ci](../integrations/hercules.md) expects all profiles to be +> defined in a ___default.nix___, allowing them to be built automatically when +> added. Congruently, [suites](suites.md) expect ___default.nix___ to avoid +> having to manage their paths manually. + +## Subprofiles +Profiles can also define subprofiles. They follow the same constraints outlined +above. A good top level profile should be a high level concern, such as your +personal development environment while the subprofiles should be more focused +program configurations such as your text editor, and shell configs. This way, +you can either pull in the whole development profile, or pick and choose +individual programs. + +### Example + +profiles/develop/default.nix: +```nix +{ + imports = [ ./zsh ]; + # some generic development concerns ... +} +``` + +profiles/develop/zsh/default.nix: +```nix +{ ... }: +{ + programs.zsh.enable = true; + # zsh specific options ... +} +``` + +## Conclusion +Profiles are the most important concept in DevOS. They allow us to keep our +Nix expressions self contained and modular. This way we can maximize reuse +across hosts while minimizing boilerplate. Remember, anything machine +specific belongs in your [host](hosts.md) files instead. + +[definition]: https://nixos.org/manual/nixos/stable/index.html#sec-option-definitions +[declaration]: https://nixos.org/manual/nixos/stable/index.html#sec-option-declarations +[options]: https://nixos.org/manual/nixos/stable/index.html#sec-writing-modules +[spec]: https://github.com/divnix/devos/tree/core/lib/devos/mkProfileAttrs.nix +[config]: https://nixos.wiki/wiki/Module#structure diff --git a/doc/concepts/suites.md b/doc/concepts/suites.md new file mode 100644 index 0000000..5c0d590 --- /dev/null +++ b/doc/concepts/suites.md @@ -0,0 +1,32 @@ +# Suites +Suites provide a mechanism for users to easily combine and name collecitons of +profiles. For good examples, check out the suites defined in the community +[branch](https://github.com/divnix/devos/blob/community/suites/default.nix). + +In the future, we will use suites as a mechanism for deploying various machine +types which don't depend on hardware, such as vm's and containers. + +They are defined with the `suites` argument in either `home` or `nixos` namespace. +Suites should be passed as a function that take profiles as an argument. + +The profiles are passed based on the folder names and list passed to the relevant +`profiles` argument. In the template's flake.nix `profiles` is set as +`[ ./profiles ./users ]` and that corresponds to the `{ profiles, users }` argument +pattern. + +## Definition +```nix +rec { + workstation = [ profiles.develop profiles.graphical users.nixos ]; + mobileWS = workstation ++ [ profiles.laptop ]; +} +``` + +## Usage +`hosts/my-laptop.nix`: +```nix +{ suites, ... }: +{ + imports = suites.mobileWS; +} +``` diff --git a/doc/concepts/users.md b/doc/concepts/users.md new file mode 100644 index 0000000..235884a --- /dev/null +++ b/doc/concepts/users.md @@ -0,0 +1,60 @@ +# Users + +Users are a special case of [profiles](profiles.md) that define system +users and [home-manager][home-manager] configurations. For your convenience, +home manager is wired in by default so all you have to worry about is declaring +your users. For a fully fleshed out example, check out the developers personal +[branch](https://github.com/divnix/devos/tree/nrd/users/nrd/default.nix). + +## Basic Usage +`users/myuser/default.nix`: +```nix +{ ... }: +{ + users.users.myuser = { + isNormalUser = true; + }; + + home-manager.users.myuser = { + programs.mpv.enable = true; + }; +} + +``` + +## Home Manager +Home Manager support follows the same principles as regular nixos configurations. +All modules defined in [user modules][modules-list] will be imported to +Home Manager. All profiles are availabe in [suites][suites] as userProfiles. +The `userSuites` output will be available in your Home Manager Configuration as +the special argument, `suites`. + +## External Usage +You can easily use the defined home-manager configurations outside of NixOS +using the `homeConfigurations` flake output. The [flk](../flk/index.md) helper +script makes this even easier. + +This is great for keeping your environment consistent across Unix systems, +including OSX. + +### From within the projects devshell: +```sh +# builds the nixos user defined in the NixOS host +flk home NixOS nixos + +# build and activate +flk home NixOS nixos switch +``` + +### Manually from outside the project: +```sh +# build +nix build "github:divnix/devos#homeConfigurations.nixos@NixOS.home.activationPackage" + +# activate +./result/activate && unlink result +``` + +[home-manager]: https://nix-community.github.io/home-manager +[suites]: https://github.com/divnix/devos/tree/core/suites/default.nix +[modules-list]: https://github.com/divnix/devos/tree/core/modules/module-list.nix diff --git a/doc/flk/get.md b/doc/flk/get.md new file mode 100644 index 0000000..b1f7990 --- /dev/null +++ b/doc/flk/get.md @@ -0,0 +1,10 @@ +# get +The `get` subcommand is useful for getting a bare copy of devos without the +git history. You can pull either the core or community branches. + +## Usage +```sh +flk get BRANCH DEST-DIR +``` + +If DEST-DIR is ommitted, it defaults to _./flk_. diff --git a/doc/flk/home.md b/doc/flk/home.md new file mode 100644 index 0000000..f0bae76 --- /dev/null +++ b/doc/flk/home.md @@ -0,0 +1,8 @@ +# home +The `home` subcommand is for using your home-manager configurations outside of +NixOS, providing an awesome mechanism for keeping your environments +synchronized, even when using other systems. + +## Usage +The [users](../concepts/users.md#external-usage) page contains a good usage +example. diff --git a/doc/flk/index.md b/doc/flk/index.md new file mode 100644 index 0000000..04fc1c4 --- /dev/null +++ b/doc/flk/index.md @@ -0,0 +1,20 @@ +# flk command +The devshell for the project incudes a convenient script for managing your +system called `flk`. Each of the following chapters is a reference for one of +its subcommands. + +## Rebuild +Without any of the subcommands, `flk` acts as a convenient shortcut for +`nixos-rebuild`: +```sh +flk NixOS build +``` + +Will build _hosts/NixOS.nix_. You can change out `build` for `switch`, `test`, +etc. Any additional arguments are passed through to the call to +`nixos-rebuild`. + +## Usage +```sh +flk help +``` diff --git a/doc/flk/install.md b/doc/flk/install.md new file mode 100644 index 0000000..3ae5250 --- /dev/null +++ b/doc/flk/install.md @@ -0,0 +1,12 @@ +# install +The `install` subcommand is a simple convenience for `nixos-install`, similar +to the shortcut for `nixos-rebuild`, all additional arguments are passed +through. + +## Example +```sh +flk install NixOS +``` + +This will install _hosts/NixOS.nix_ to /mnt. You can override this directory +using standard `nixos-install` args. diff --git a/doc/flk/iso.md b/doc/flk/iso.md new file mode 120000 index 0000000..fa658ef --- /dev/null +++ b/doc/flk/iso.md @@ -0,0 +1 @@ +../start/iso.md \ No newline at end of file diff --git a/doc/flk/up.md b/doc/flk/up.md new file mode 100644 index 0000000..265e03a --- /dev/null +++ b/doc/flk/up.md @@ -0,0 +1,4 @@ +# up +The `up` subcommand is a simple shortcut for `nixos-generate-config` that is +compatible with devos. There is a short explanation in the the getting started +[guide](../start/from-nixos.md#generate-configuration). diff --git a/doc/flk/update.md b/doc/flk/update.md new file mode 100644 index 0000000..869db72 --- /dev/null +++ b/doc/flk/update.md @@ -0,0 +1,22 @@ +# update +The `update` subcommand is a simple alias for: +```sh +nix flake update +``` +As it sounds, this will update your lock file. + +## Updating Package Sources +If you pass directory name then it will update that input if the directory +contains a flake.nix, with an optional arguement to update only a specific +input in the subflake. + +For example, you can update any +[package sources](../outputs/pkgs.md#automatic-source-updates) you may have +declared in _pkgs/flake.nix_: +```sh +flk update pkgs +``` +or just its _nixpkgs_: +```sh +flk update pkgs nixpkgs +``` diff --git a/doc/integrations/cachix.md b/doc/integrations/cachix.md new file mode 100644 index 0000000..b025459 --- /dev/null +++ b/doc/integrations/cachix.md @@ -0,0 +1,17 @@ +# Cachix +The system will automatically pull a cachix.nix at the root if one exists. +This is usually created automatically by a `sudo cachix use`. If you're more +inclined to keep the root clean, you can drop any generated files in the +`cachix` directory into the `profiles/cachix` directory without further +modification. + +For example, to add your own cache, assuming the template lives in /etc/nixos, +by simply running `sudo cachix use yourcache`. Then, optionally, move +`cachix/yourcache.nix` to `profiles/cachix/yourcache.nix` + +These caches are only added to the system after a `nixos-rebuild switch`, so it +is recommended to call `cachix use nrdxp` before the initial deployment, as it +will save a lot of build time. + +In the future, users will be able to skip this step once the ability to define +the nix.conf within the flake is fully fleshed out upstream. diff --git a/doc/integrations/deploy.md b/doc/integrations/deploy.md new file mode 100644 index 0000000..2903210 --- /dev/null +++ b/doc/integrations/deploy.md @@ -0,0 +1,49 @@ +# deploy-rs +[Deploy-rs][d-rs] is a tool for managing NixOS remote machines. It was +chosen for devos after the author experienced some frustrations with the +stateful nature of nixops' db. It was also designed from scratch to support +flake based deployments, and so is an excellent tool for the job. + +By default, all the [hosts](../concepts/hosts.md) are also available as deploy-rs nodes, +configured with the hostname set to `networking.hostName`; overridable via +the command line. + +## Usage + +Just add your ssh key to the host: +```nix +{ ... }: +{ + users.users.${sshUser}.openssh.authorizedKeys.keyFiles = [ + ../secrets/path/to/key.pub + ]; +} +``` + +And the private key to your user: +```nix +{ ... }: +{ + home-manager.users.${sshUser}.programs.ssh = { + enable = true; + + matchBlocks = { + ${host} = { + host = hostName; + identityFile = ../secrets/path/to/key; + extraOptions = { AddKeysToAgent = "yes"; }; + }; + }; + } +} +``` + +And run the deployment: +```sh +deploy "flk#hostName" --hostname host.example.com +``` + +> ##### _Note:_ +> Your user will need **passwordless** sudo access + +[d-rs]: https://github.com/serokell/deploy-rs diff --git a/doc/integrations/hercules.md b/doc/integrations/hercules.md new file mode 100644 index 0000000..aa0185e --- /dev/null +++ b/doc/integrations/hercules.md @@ -0,0 +1,36 @@ +# Hercules CI +If you start adding your own packages and configurations, you'll probably have +at least a few binary artifacts. With hercules we can build every package in +our configuration automatically, on every commit. Additionally, we can have it +upload all our build artifacts to a binary cache like [cachix][cachix]. + +This will work whether your copy is a fork, or a bare template, as long as your +repo is hosted on GitHub. + +## Setup +Just head over to [hercules-ci.com](https://hercules-ci.com) to make an account. + +Then follow the docs to set up an [agent][agent], if you want to deploy to a +binary cache (and of course you do), be sure _not_ to skip the +[binary-caches.json][cache]. + +## Ready to Use +The repo is already set up with the proper _default.nix_ file, building all +declared packages, checks, profiles and shells. So you can see if something +breaks, and never build the same package twice! + +If you want to get fancy, you could even have hercules +[deploy your configuration](https://docs.hercules-ci.com/hercules-ci-effects/guide/deploy-a-nixos-machine/)! + +> ##### _Note:_ +> Hercules doesn't have access to anything encrypted in the +> [secrets folder](../../secrets), so none of your secrets will accidentally get +> pushed to a cache by mistake. +> +> You could pull all your secrets via your user, and then exclude it from +> [allUsers](https://github.com/nrdxp/devos/blob/nrd/suites/default.nix#L17) +> to keep checks passing. + +[agent]: https://docs.hercules-ci.com/hercules-ci/getting-started/#github +[cache]: https://docs.hercules-ci.com/hercules-ci/getting-started/deploy/nixos/#_3_configure_a_binary_cache +[cachix]: https://cachix.org diff --git a/doc/integrations/index.md b/doc/integrations/index.md new file mode 100644 index 0000000..5ea739e --- /dev/null +++ b/doc/integrations/index.md @@ -0,0 +1,5 @@ +# Integrations +This section explores some of the optional tools included with devos to provide +a solution to common concerns such as ci and remote deployment. An effort is +made to choose tools that treat nix, and where possible flakes, as first class +citizens. diff --git a/doc/lib.md b/doc/lib.md new file mode 100644 index 0000000..ee402eb --- /dev/null +++ b/doc/lib.md @@ -0,0 +1,87 @@ +# Lib +The lib directory mirrors the upstream concepts of [`nixpkgs:./lib`][nixpkgs-lib], +[`nixpkgs:./nixos/lib`][nixpkgs-nixos-lib] and [`nixpkgs:./pkgs/pkgs-lib`][nixpkgs-pkgs-lib], +but also occasionally [`nixpkgs:./pkgs/build-support`][nixpkgs-pkgs-build-support]. + +All functions defined in lib can be accessed in modules and packages as `ourlib`. + +For example: + +- you want to add a library function that depends on some packages +and use it throughout your devos environment: place it into `./lib` +as if you would place it into [`nixpkgs:./pkgs/pkgs-lib`][nixpkgs-pkgs-lib]. + +- you want to add library functions that don't depend on `pkgs`: place +them into `./lib` as if you would place them into [`nixpkgs:./lib`][nixpkgs-lib]. + +- need to try out a newish custom build support: place it here before +upstreaming into [`nixpkgs:./pkgs/build-support`][nixpkgs-pkgs-build-support]. + +- you want to reutilize certain module configuration functions or helpers: +place them into `./lib` as if you would place them into [`nixpkgs:./nixos/lib`][nixpkgs-nixos-lib]. + +Once your library grows, we recoomend you start organizing them into subfolders +analogous `nixpkgs`: + +| `nixpkgs` | `devos` | +| ---------------------- | ------------------ | +| `./lib` | `./lib` | +| `./pkgs/pkgs-lib` | `./lib/pkgs-lib` | +| `./nixos/lib` | `./lib/nixos-lib` | +| `./pkgs/build-support` | `./lib/pkgs-build` | + + +## Example +lib/nixos-lib/mkCustomI3BindSym/default.nix: +```nix +{ pkgs, writers, ... }: +{ name, cmd, workspace, baseKey }: +let + isWorkspaceEmpty = writers.writePython3 "is-workspace-empty" { + libraries = [ pkgs.python3Packages.i3ipc ]; + } (builtins.readFile ./is-workspace-empty.py); + + ws = builtins.toString workspace; +in +'' + + # ${name} + #bindsym ${baseKey}+${ws} workspace ${ws}; exec ${cmd} + bindsym ${baseKey}+${ws} workspace ${ws}; exec bash -c "${isWorkspaceEmpty} && ${cmd}" +'' +``` + +lib/nixos-lib/mkCustomI3BindSym/is-workspace-empty.py: +```python +# returns 0/1 if current workspace is empty/non-empty + +import i3ipc + +i3 = i3ipc.Connection() +tree = i3.get_tree() + + +def current_workspace(): + return tree.find_focused().workspace() + + +if current_workspace().leaves(): + print("Error current workspace is not empty") + exit(1) +exit(0) +``` + +lib/default.nix: +```nix +{ nixos, pkgs, ... }: +# ... +{ + # ... + mkCustomI3BindSym = pkgs.callPackage ./nixos-lib/mkCustomI3BindSym { }; +} +``` + +[nixpkgs-lib]: https://github.com/NixOS/nixpkgs/tree/master/lib +[nixpkgs-pkgs-lib]: https://github.com/NixOS/nixpkgs/tree/master/pkgs/pkgs-lib +[nixpkgs-pkgs-build-support]: https://github.com/NixOS/nixpkgs/tree/master/pkgs/build-support +[nixpkgs-nixos-lib]: https://github.com/NixOS/nixpkgs/tree/master/nixos/lib diff --git a/doc/mkFlakeOptions.md b/doc/mkFlakeOptions.md new file mode 100644 index 0000000..90719ba --- /dev/null +++ b/doc/mkFlakeOptions.md @@ -0,0 +1,407 @@ +## channels +nixpkgs channels to create + + +*_Type_*: +attribute set of submodules + + +*_Default_* +``` +{} +``` + + + + +## channels.\.config +nixpkgs config for this channel + + +*_Type_*: +attribute set or path convertible to it + + +*_Default_* +``` +{} +``` + + + + +## channels.\.input +nixpkgs flake input to use for this channel + + +*_Type_*: +nix flake + + +*_Default_* +``` +"inputs." +``` + + + + +## channels.\.overlays +overlays to apply to this channel +these will get exported under the 'overlays' flake output +as \/\ and any overlay pulled from ${inputs} +will be filtered out + + +*_Type_*: +list of valid Nixpkgs overlay or path convertible to its or anything convertible to it + + +*_Default_* +``` +[] +``` + + + + +## channelsConfig +nixpkgs config for all channels + + +*_Type_*: +attribute set or path convertible to it + + +*_Default_* +``` +{} +``` + + + + +## home +hosts, modules, suites, and profiles for home-manager + + +*_Type_*: +submodule + + +*_Default_* +``` +{} +``` + + + + +## home.externalModules +modules to include that won't be exported +meant importing modules from external flakes + + +*_Type_*: +list of valid module or path convertible to its + + +*_Default_* +``` +[] +``` + + + + +## home.modules +modules to include in all hosts and export to homeModules output + + +*_Type_*: +list of path to a modules or anything convertible to it or path convertible to it + + +*_Default_* +``` +[] +``` + + + + +## home.profiles +profile folders that can be collected into suites +the name of the argument passed to suites is based +on the folder name. +[ ./profiles ] => { profiles }: + + +*_Type_*: +list of paths + + +*_Default_* +``` +[] +``` + + + + +## home.suites +Function that takes profiles and returns suites for this config system +These can be accessed through the 'suites' special argument. + + +*_Type_*: +function that evaluates to a(n) attrs or path convertible to it + + +*_Default_* +``` +"" +``` + + + + +## inputs +inputs for this flake +used to set channel defaults and create registry + + +*_Type_*: +attribute set of nix flakes + + + + + + +## nixos +hosts, modules, suites, and profiles for nixos + + +*_Type_*: +submodule + + +*_Default_* +``` +{} +``` + + + + +## nixos.hostDefaults +Defaults for all hosts. +the modules passed under hostDefaults will be exported +to the 'nixosModules' flake output. +They will also be added to all hosts. + + +*_Type_*: +submodule + + +*_Default_* +``` +{} +``` + + + + +## nixos.hostDefaults.channelName +Channel this host should follow + + +*_Type_*: +a channel defined in `channels` + + +*_Default_* +``` +null +``` + + + + +## nixos.hostDefaults.externalModules +modules to include that won't be exported +meant importing modules from external flakes + + +*_Type_*: +list of valid module or path convertible to its + + +*_Default_* +``` +[] +``` + + + + +## nixos.hostDefaults.modules +modules to include in all hosts and export to nixosModules output + + +*_Type_*: +list of path to a modules or anything convertible to it or path convertible to it + + +*_Default_* +``` +[] +``` + + + + +## nixos.hostDefaults.system +system for this host + + +*_Type_*: +system defined in `supportedSystems` + + +*_Default_* +``` +null +``` + + + + +## nixos.hosts +configurations to include in the nixosConfigurations output + + +*_Type_*: +attribute set of submodules + + +*_Default_* +``` +{} +``` + + + + +## nixos.hosts.\.channelName +Channel this host should follow + + +*_Type_*: +a channel defined in `channels` + + +*_Default_* +``` +null +``` + + + + +## nixos.hosts.\.modules +modules to include + + +*_Type_*: +list of valid module or path convertible to its or anything convertible to it + + +*_Default_* +``` +[] +``` + + + + +## nixos.hosts.\.system +system for this host + + +*_Type_*: +system defined in `supportedSystems` + + +*_Default_* +``` +null +``` + + + + +## nixos.profiles +profile folders that can be collected into suites +the name of the argument passed to suites is based +on the folder name. +[ ./profiles ] => { profiles }: + + +*_Type_*: +list of paths + + +*_Default_* +``` +[] +``` + + + + +## nixos.suites +Function that takes profiles and returns suites for this config system +These can be accessed through the 'suites' special argument. + + +*_Type_*: +function that evaluates to a(n) attrs or path convertible to it + + +*_Default_* +``` +"" +``` + + + + +## self +The flake to create the devos outputs for + +*_Type_*: +nix flake + + + + + + +## supportedSystems +The systems supported by this flake + + +*_Type_*: +list of strings + + +*_Default_* +``` +["aarch64-linux","i686-linux","x86_64-darwin","x86_64-linux"] +``` + + + diff --git a/doc/outputs/index.md b/doc/outputs/index.md new file mode 100644 index 0000000..3620718 --- /dev/null +++ b/doc/outputs/index.md @@ -0,0 +1,3 @@ +# Layout +Each of the following sections is a directory whose contents are output to the +outside world via the flake's outputs. Check each chapter for details. diff --git a/doc/outputs/modules.md b/doc/outputs/modules.md new file mode 100644 index 0000000..f698e9f --- /dev/null +++ b/doc/outputs/modules.md @@ -0,0 +1,79 @@ +# Modules +The modules directory is a replica of nixpkg's NixOS [modules][nixpkgs-modules] +, and follows the same semantics. This allows for trivial upstreaming into +nixpkgs proper once your module is sufficiently stable. + +All modules linked in _module-list.nix_ are automatically exported via +`nixosModules.`, and imported into all [hosts](../concepts/hosts.md). + + +> ##### _Note:_ +> This is reserved for declaring brand new module options. If you just want to +> declare a coherent configuration of already existing and related NixOS options +> , use [profiles](../concepts/profiles.md) instead. + +## Semantics +In case you've never written a module for nixpkgs before, here is a brief +outline of the process. + +### Declaration +modules/services/service-category/my-service.nix: +```nix +{ config, lib, ... }: +let + cfg = config.services.myService; +in +{ + options.services.myService = { + enable = lib.mkEnableOption "Description of my new service."; + + # additional options ... + }; + + config = lib.mkIf cfg.enable { + # implementation ... + }; +} +``` + +### Import +modules/module-list.nix: +```nix +[ + ./services/service-category/my-service.nix +] +``` + +## Usage + +### Internal +profiles/profile-category/my-profile.nix: +```nix +{ ... }: +{ + services.MyService.enable = true; +} +``` + +### External +flake.nix: +```nix +{ + # inputs omitted + + outputs = { self, devos, nixpkgs, ... }: { + nixosConfigurations.myConfig = nixpkgs.lib.nixosSystem { + system = "..."; + + modules = [ + devos.nixosModules.my-service + ({ ... }: { + services.MyService.enable = true; + }) + ]; + }; + }; +} +``` + +[nixpkgs-modules]: https://github.com/NixOS/nixpkgs/tree/master/nixos/modules diff --git a/doc/outputs/overlays.md b/doc/outputs/overlays.md new file mode 100644 index 0000000..f463d1a --- /dev/null +++ b/doc/outputs/overlays.md @@ -0,0 +1,25 @@ +# Overlays +Writing overlays is a common occurence when using a NixOS system. Therefore, +we want to keep the process as simple and straightforward as possible. + +Any _.nix_ files declared in this directory will be assumed to be a valid +overlay, and will be automatically imported into all [hosts](../concepts/hosts.md), and +exported via `overlays./` _as well as_ +`packages..` (for valid systems), so all you have to do is +write it. + +## Example +overlays/kakoune.nix: +```nix +final: prev: { + kakoune = prev.kakoune.override { + configure.plugins = with final.kakounePlugins; [ + (kak-fzf.override { fzf = final.skim; }) + kak-auto-pairs + kak-buffers + kak-powerline + kak-vertical-selection + ]; + }; +} +``` diff --git a/doc/outputs/pkgs.md b/doc/outputs/pkgs.md new file mode 100644 index 0000000..99684b5 --- /dev/null +++ b/doc/outputs/pkgs.md @@ -0,0 +1,65 @@ +# Packages +Similar to [modules](./modules.md), the pkgs directory mirrors the upstream +[nixpkgs/pkgs][pkgs], and for the same reason; if you ever want to upstream +your package, it's as simple as dropping it into the nixpkgs/pkgs directory. + +The only minor difference is that, instead of adding the `callPackage` call to +`all-packages.nix`, you just add it the the _default.nix_ in this directory, +which is defined as a simple overlay. + +This overlay is set as the default `overlay` output attribute for the flake. +And all the packages are exported via `packages..`, for all +the supported systems listed in the package's `meta.platforms` attribute. + +And, as usual, every package in the overlay is also available to any NixOS +[host](../concepts/hosts.md). + +## Automatic Source Updates +There is the added, but optional, convenience of declaring your sources in +_pkgs/flake.nix_ as an input. You can then access them from the `srcs` package. +This allows updates to be managed automatically by simply +[updating](../flk/update.md#updating-package-sources) the lock file. No +more manually entering sha256 hashes! + +As an added bonus, version strings are also generated automatically from either +the flake ref, or the date and git revision of the source. + +## Example +pkgs/development/libraries/libinih/default.nix: +```nix +{ stdenv, meson, ninja, lib, srcs, ... }: +let inherit (srcs) libinih; in +stdenv.mkDerivation { + pname = "libinih"; + + # version will resolve to 53, as specified in the final example below + inherit (libinih) version; + + src = libinih; + + buildInputs = [ meson ninja ]; + + # ... +} +``` + +pkgs/default.nix: +```nix +final: prev: { + libinih = prev.callPackage ./development/libraries/libinih { }; +} +``` + +pkgs/flake.nix: +```nix +{ + description = "Package sources"; + + inputs = { + libinih.url = "github:benhoyt/inih/r53"; + libinih.flake = false; + }; +} +``` + +[pkgs]: https://github.com/NixOS/nixpkgs/tree/master/pkgs diff --git a/doc/secrets.md b/doc/secrets.md new file mode 100644 index 0000000..de77c5b --- /dev/null +++ b/doc/secrets.md @@ -0,0 +1,18 @@ +# Secrets +Secrets are managed using [git-crypt][git-crypt] so you can keep your flake in +a public repository like GitHub without exposing your password or other +sensitive data. + +By default, everything in the secrets folder is automatically encrypted. Just +be sure to run `git-crypt init` before putting anything in here. + +> ##### _Note:_ +> Currently, there is [no mechanism][secrets-issue] in nix to deploy secrets +> within the nix/store so, if they end up in the nix/store after deployment, they +> will be world readable on that machine. +> +> The author of devos intends to implement a workaround for this situation in +> the near future, but for the time being, simple be aware of this. + +[git-crypt]: https://github.com/AGWA/git-crypt +[secrets-issue]: https://github.com/NixOS/nix/issues/8 diff --git a/doc/start/bootstrapping.md b/doc/start/bootstrapping.md new file mode 100644 index 0000000..873af32 --- /dev/null +++ b/doc/start/bootstrapping.md @@ -0,0 +1,99 @@ +# Bootstrapping + +This will help you boostrap a bare host with the help of the +[bespoke iso](./iso.md) live installer. + +_Note: nothing prevents you from remotely executing the boostrapping +process. See below._ + +Once your target host has booted into the live iso, you need to partion +and format your disk according to the [official manual][manual]. + +## Mount partitions + +Then properly mount the formatted partitions at `/mnt`, so that you can +install your system to those new partitions. + +Mount `nixos` partition to `/mnt` and — for UEFI — `boot` +partition to `/mnt/boot`: + +```console +$ mount /dev/disk/by-label/nixos /mnt +$ mkdir -p /mnt/boot && mount /dev/disk/by-label/boot /mnt/boot # UEFI only +$ swapon /dev/$your_swap_partition +``` + +## Install + +Install using the `flk` wrapper baked into the iso off of a copy of devos +from the time the iso was built: + +```console +$ cd /iso/devos +$ nix develop +$ flk install NixOS --impure # use same host as above +``` + + + +## Notes of interest + +### Remote access to the live installer + +The iso live installer comes preconfigured with a network configuration +which announces it's hostname via [MulticastDNS][mDNS] as `hostname.local`, +that is `NixOS.local` in the [iso example](./iso). + +In the rare case that [MulticastDNS][mDNS] is not availabe or turned off +in your network, there is a static link-local IPv6 address configured to +`fe80::47`(mnemonic from the letter's position in the english alphabet: +`n=14 i=9 x=24; 47 = n+i+x`). + +Provided that you have added your public key to the authorized keys of the +`root` user _(hint: [`deploy-rs`](../integrations/deploy.md) needs passwordless +sudo access)_: + +```nix +{ ... }: +{ + users.users.root.openssh.authorizedKeys.keyFiles = [ + ../secrets/path/to/key.pub + ]; +} +``` + +You can then ssh into the live installer through one of the +following options: + +```console +ssh root@NixOS.local + +ssh root@fe80::47%eno1 # where eno1 is your network interface on which you are linked to the target +``` + +_Note: the [static link-local IPv6 address][staticLLA] and [MulticastDNS][mDNS] is only +configured on the live installer. If you wish to enable [MulticastDNS][mDNS] +for your environment, you ought to configure that in a regular [profile](../concepts/profiles.md)._ + +### EUI-64 LLA & Host Identity + +The iso's IPv6 Link Local Address (LLA) is configured with a static 64-bit Extended +Unique Identifiers (EUI-64) that is derived from the host interface's Message +Authentication Code (MAC) address. + +After a little while (a few seconds), you can remotely discover this unique and host +specific address over [NDP][NDP] for example with: + +```console +ip -6 neigh show # also shows fe80::47 +``` + +***This LLA is stable for the host, unless you need to swap that particular network card.*** +Under this reservation, though, you may use this EUI-64 to wire up a specific +(cryptographic) host identity. + + +[manual]: https://nixos.org/manual/nixos/stable/index.html#sec-installation-partitioning +[mDNS]: https://en.wikipedia.org/wiki/Multicast_DNS +[NDP]: https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol +[staticLLA]: https://tools.ietf.org/html/rfc7404 diff --git a/doc/start/from-nixos.md b/doc/start/from-nixos.md new file mode 100644 index 0000000..0e1d48c --- /dev/null +++ b/doc/start/from-nixos.md @@ -0,0 +1,54 @@ +# From NixOS + +## Generate Configuration +Assuming you're happy with your existing partition layout, you can generate a +basic NixOS configuration for your system using: +```sh +flk up +``` + +This will make a new file `hosts/up-$(hostname).nix`, which you can edit to +your liking. + +You must then add a host to `nixos.hosts` in flake.nix: +```nix +{ + nixos.hosts = { + modules = hosts/NixOS.nix; + }; +} +``` + +Make sure your `i18n.defaultLocale` and `time.timeZone` are set properly for +your region. Keep in mind that `networking.hostName` will be automatically +set to the name of your host; + +Now might be a good time to read the docs on [suites](../concepts/suites.md) and +[profiles](../concepts/profiles.md) and add or create any that you need. + +> ##### _Note:_ +> While the `up` sub-command is provided as a convenience to quickly set up and +> install a "fresh" NixOS system on current hardware, committing these files is +> discouraged. +> +> They are placed in the git staging area automatically because they would be +> invisible to the flake otherwise, but it is best to move what you need from +> them directly into a host module of your own making, and commit that instead. +# Installation + +Once you're ready to deploy `hosts/my-host.nix`: +```sh +flk my-host switch +``` + + +This calls `nixos-rebuild` with sudo to build and install your configuration. + +> ##### _Notes:_ +> - Instead of `switch`, you can pass `build`, `test`, `boot`, etc just as with +> `nixos-rebuild`. +> +> - It is convenient to have the template living at `/etc/nixos` so you can +> simply `sudo nixos-rebuild switch` from anywhere on the system, but it is +> not required. + diff --git a/doc/start/index.md b/doc/start/index.md new file mode 100644 index 0000000..fbfab09 --- /dev/null +++ b/doc/start/index.md @@ -0,0 +1,43 @@ +# Quick Start +The only dependency is nix, so make sure you have it [installed][install-nix]. + +## Get the Template +Here is a snippet that will get you the template without the git history: +```sh +nix-shell -p cachix --run "cachix use nrdxp" + +nix-shell https://github.com/divnix/devos/archive/core.tar.gz -A shell \ + --run "flk get core" + +cd flk + +nix-shell + +git init +git add . +git commit -m init +``` + +This will place you in a new folder named `flk` with git initialized, and a +nix-shell that provides all the dependencies, including the unstable nix +version required. + +In addition, the [binary cache](../integrations/cachix.md) is added for faster deployment. + +> ##### _Notes:_ +> - You can change `core` to [`community`](../../index.md#community-profiles) +> in the call to `flk get` +> - Flakes ignore files that have not been added to git, so be sure to stage new +> files before building the system. +> - You can choose to simply clone the repo with git if you want to follow +> upstream changes. +> - If the `nix-shell -p cachix --run "cachix use nrdxp"` line doesn't work +> you can try with sudo: `sudo nix-shell -p cachix --run "cachix use nrdxp"` + +## Next Steps: +- [Make installable ISO](./iso.md) +- [Bootstrap Host](./bootstrapping.md) +- [Already on NixOS](./from-nixos.md) + + +[install-nix]: https://nixos.org/manual/nix/stable/#sect-multi-user-installation diff --git a/doc/start/iso.md b/doc/start/iso.md new file mode 100644 index 0000000..efa515a --- /dev/null +++ b/doc/start/iso.md @@ -0,0 +1,24 @@ +# ISO + +Making and writing an installable iso for `hosts/NixOS.nix` is as simple as: +```sh +flk iso NixOS + +dd bs=4M if=result/iso/*.iso of=/dev/$your_installation_device \ + status=progress oflag=sync +``` + +This works for any file matching `hosts/*.nix` excluding `default.nix`. + +## ISO image nix store & cache + +The iso image holds the store to the live environment and _also_ acts as a binary cache +to the installer. To considerably speed up things, the image already includes all flake +`inputs` as well as the `devshell` closures. + +While you _could_ provision any machine with a single stick, a custom-made iso for +the host you want to install DevOS to, maximises those local cache hits. + +For hosts that don't differ too much, a single usb stick might be ok, whereas when +there are bigger differences, a custom-made usb stick will be considerably faster. + diff --git a/doc/tests.md b/doc/tests.md new file mode 100644 index 0000000..f6fd7fe --- /dev/null +++ b/doc/tests.md @@ -0,0 +1,36 @@ +# Testing + +Testing is always an important aspect of any software development project, and +NixOS offers some incredibly powerful tools to write tests for your +configuration, and, optionally, run them in +[CI](./integrations/hercules.md). + +## Lib Tests +You can easily write tests for your own library functions in the +lib/___tests/lib.nix___ file and they will be run on every `nix flake check` or +during a CI run. + +## Unit Tests +Unit tests are can be created from regular derivations, and they can do +almost anything you can imagine. By convention, it is best to test your +packages during their [check phase][check]. All packages and their tests will +be built during CI. + +## Integration Tests +You can write integration tests for one or more NixOS VMs that can, +optionally, be networked together, and yes, it's as awesome as it sounds! + +Be sure to use the `mkTest` function, in the [___tests/default.nix___][default] +which wraps the official [testing-python][testing-python] function to ensure +that the system is setup exactly as it is for a bare DevOS system. There are +already great resources for learning how to use these tests effectively, +including the official [docs][test-doc], a fantastic [blog post][test-blog], +and the examples in [nixpkgs][nixos-tests]. + +[test-doc]: https://nixos.org/manual/nixos/stable/index.html#sec-nixos-tests +[test-blog]: https://www.haskellforall.com/2020/11/how-to-use-nixos-for-lightweight.html +[default]: https://github.com/divnix/devos/tree/core/tests/default.nix +[run-test]: https://github.com/NixOS/nixpkgs/blob/6571462647d7316aff8b8597ecdf5922547bf365/lib/debug.nix#L154-L166 +[nixos-tests]: https://github.com/NixOS/nixpkgs/tree/master/nixos/tests +[testing-python]: https://github.com/NixOS/nixpkgs/tree/master/nixos/lib/testing-python.nix +[check]: https://nixos.org/manual/nixpkgs/stable/#ssec-check-phase diff --git a/doc/theme/highlight.js b/doc/theme/highlight.js new file mode 100644 index 0000000..f4fd4fa --- /dev/null +++ b/doc/theme/highlight.js @@ -0,0 +1,6 @@ +/* + Highlight.js 10.1.2 (edd73d24) + License: BSD-3-Clause + Copyright (c) 2006-2020, Ivan Sagalaev +*/ +var hljs=function(){"use strict";function e(n){Object.freeze(n);var t="function"==typeof n;return Object.getOwnPropertyNames(n).forEach((function(r){!Object.hasOwnProperty.call(n,r)||null===n[r]||"object"!=typeof n[r]&&"function"!=typeof n[r]||t&&("caller"===r||"callee"===r||"arguments"===r)||Object.isFrozen(n[r])||e(n[r])})),n}class n{constructor(e){void 0===e.data&&(e.data={}),this.data=e.data}ignoreMatch(){this.ignore=!0}}function t(e){return e.replace(/&/g,"&").replace(//g,">").replace(/"/g,""").replace(/'/g,"'")}function r(e,...n){var t={};for(const n in e)t[n]=e[n];return n.forEach((function(e){for(const n in e)t[n]=e[n]})),t}function a(e){return e.nodeName.toLowerCase()}var i=Object.freeze({__proto__:null,escapeHTML:t,inherit:r,nodeStream:function(e){var n=[];return function e(t,r){for(var i=t.firstChild;i;i=i.nextSibling)3===i.nodeType?r+=i.nodeValue.length:1===i.nodeType&&(n.push({event:"start",offset:r,node:i}),r=e(i,r),a(i).match(/br|hr|img|input/)||n.push({event:"stop",offset:r,node:i}));return r}(e,0),n},mergeStreams:function(e,n,r){var i=0,s="",o=[];function l(){return e.length&&n.length?e[0].offset!==n[0].offset?e[0].offset"}function u(e){s+=""}function d(e){("start"===e.event?c:u)(e.node)}for(;e.length||n.length;){var g=l();if(s+=t(r.substring(i,g[0].offset)),i=g[0].offset,g===e){o.reverse().forEach(u);do{d(g.splice(0,1)[0]),g=l()}while(g===e&&g.length&&g[0].offset===i);o.reverse().forEach(c)}else"start"===g[0].event?o.push(g[0].node):o.pop(),d(g.splice(0,1)[0])}return s+t(r.substr(i))}});const s="",o=e=>!!e.kind;class l{constructor(e,n){this.buffer="",this.classPrefix=n.classPrefix,e.walk(this)}addText(e){this.buffer+=t(e)}openNode(e){if(!o(e))return;let n=e.kind;e.sublanguage||(n=`${this.classPrefix}${n}`),this.span(n)}closeNode(e){o(e)&&(this.buffer+=s)}value(){return this.buffer}span(e){this.buffer+=``}}class c{constructor(){this.rootNode={children:[]},this.stack=[this.rootNode]}get top(){return this.stack[this.stack.length-1]}get root(){return this.rootNode}add(e){this.top.children.push(e)}openNode(e){const n={kind:e,children:[]};this.add(n),this.stack.push(n)}closeNode(){if(this.stack.length>1)return this.stack.pop()}closeAllNodes(){for(;this.closeNode(););}toJSON(){return JSON.stringify(this.rootNode,null,4)}walk(e){return this.constructor._walk(e,this.rootNode)}static _walk(e,n){return"string"==typeof n?e.addText(n):n.children&&(e.openNode(n),n.children.forEach(n=>this._walk(e,n)),e.closeNode(n)),e}static _collapse(e){"string"!=typeof e&&e.children&&(e.children.every(e=>"string"==typeof e)?e.children=[e.children.join("")]:e.children.forEach(e=>{c._collapse(e)}))}}class u extends c{constructor(e){super(),this.options=e}addKeyword(e,n){""!==e&&(this.openNode(n),this.addText(e),this.closeNode())}addText(e){""!==e&&this.add(e)}addSublanguage(e,n){const t=e.root;t.kind=n,t.sublanguage=!0,this.add(t)}toHTML(){return new l(this,this.options).value()}finalize(){return!0}}function d(e){return e?"string"==typeof e?e:e.source:null}const g="(-?)(\\b0[xX][a-fA-F0-9]+|(\\b\\d+(\\.\\d*)?|\\.\\d+)([eE][-+]?\\d+)?)",h={begin:"\\\\[\\s\\S]",relevance:0},f={className:"string",begin:"'",end:"'",illegal:"\\n",contains:[h]},p={className:"string",begin:'"',end:'"',illegal:"\\n",contains:[h]},b={begin:/\b(a|an|the|are|I'm|isn't|don't|doesn't|won't|but|just|should|pretty|simply|enough|gonna|going|wtf|so|such|will|you|your|they|like|more)\b/},m=function(e,n,t={}){var a=r({className:"comment",begin:e,end:n,contains:[]},t);return a.contains.push(b),a.contains.push({className:"doctag",begin:"(?:TODO|FIXME|NOTE|BUG|OPTIMIZE|HACK|XXX):",relevance:0}),a},v=m("//","$"),x=m("/\\*","\\*/"),E=m("#","$");var _=Object.freeze({__proto__:null,IDENT_RE:"[a-zA-Z]\\w*",UNDERSCORE_IDENT_RE:"[a-zA-Z_]\\w*",NUMBER_RE:"\\b\\d+(\\.\\d+)?",C_NUMBER_RE:g,BINARY_NUMBER_RE:"\\b(0b[01]+)",RE_STARTERS_RE:"!|!=|!==|%|%=|&|&&|&=|\\*|\\*=|\\+|\\+=|,|-|-=|/=|/|:|;|<<|<<=|<=|<|===|==|=|>>>=|>>=|>=|>>>|>>|>|\\?|\\[|\\{|\\(|\\^|\\^=|\\||\\|=|\\|\\||~",SHEBANG:(e={})=>{const n=/^#![ ]*\//;return e.binary&&(e.begin=function(...e){return e.map(e=>d(e)).join("")}(n,/.*\b/,e.binary,/\b.*/)),r({className:"meta",begin:n,end:/$/,relevance:0,"on:begin":(e,n)=>{0!==e.index&&n.ignoreMatch()}},e)},BACKSLASH_ESCAPE:h,APOS_STRING_MODE:f,QUOTE_STRING_MODE:p,PHRASAL_WORDS_MODE:b,COMMENT:m,C_LINE_COMMENT_MODE:v,C_BLOCK_COMMENT_MODE:x,HASH_COMMENT_MODE:E,NUMBER_MODE:{className:"number",begin:"\\b\\d+(\\.\\d+)?",relevance:0},C_NUMBER_MODE:{className:"number",begin:g,relevance:0},BINARY_NUMBER_MODE:{className:"number",begin:"\\b(0b[01]+)",relevance:0},CSS_NUMBER_MODE:{className:"number",begin:"\\b\\d+(\\.\\d+)?(%|em|ex|ch|rem|vw|vh|vmin|vmax|cm|mm|in|pt|pc|px|deg|grad|rad|turn|s|ms|Hz|kHz|dpi|dpcm|dppx)?",relevance:0},REGEXP_MODE:{begin:/(?=\/[^/\n]*\/)/,contains:[{className:"regexp",begin:/\//,end:/\/[gimuy]*/,illegal:/\n/,contains:[h,{begin:/\[/,end:/\]/,relevance:0,contains:[h]}]}]},TITLE_MODE:{className:"title",begin:"[a-zA-Z]\\w*",relevance:0},UNDERSCORE_TITLE_MODE:{className:"title",begin:"[a-zA-Z_]\\w*",relevance:0},METHOD_GUARD:{begin:"\\.\\s*[a-zA-Z_]\\w*",relevance:0},END_SAME_AS_BEGIN:function(e){return Object.assign(e,{"on:begin":(e,n)=>{n.data._beginMatch=e[1]},"on:end":(e,n)=>{n.data._beginMatch!==e[1]&&n.ignoreMatch()}})}}),N="of and for in not or if then".split(" ");function w(e,n){return n?+n:function(e){return N.includes(e.toLowerCase())}(e)?0:1}const R=t,y=r,{nodeStream:O,mergeStreams:k}=i,M=Symbol("nomatch");return function(t){var a=[],i=Object.create(null),s=Object.create(null),o=[],l=!0,c=/(^(<[^>]+>|\t|)+|\n)/gm,g="Could not find the language '{}', did you forget to load/include a language module?";const h={disableAutodetect:!0,name:"Plain text",contains:[]};var f={noHighlightRe:/^(no-?highlight)$/i,languageDetectRe:/\blang(?:uage)?-([\w-]+)\b/i,classPrefix:"hljs-",tabReplace:null,useBR:!1,languages:null,__emitter:u};function p(e){return f.noHighlightRe.test(e)}function b(e,n,t,r){var a={code:n,language:e};S("before:highlight",a);var i=a.result?a.result:m(a.language,a.code,t,r);return i.code=a.code,S("after:highlight",i),i}function m(e,t,a,s){var o=t;function c(e,n){var t=E.case_insensitive?n[0].toLowerCase():n[0];return Object.prototype.hasOwnProperty.call(e.keywords,t)&&e.keywords[t]}function u(){null!=y.subLanguage?function(){if(""!==A){var e=null;if("string"==typeof y.subLanguage){if(!i[y.subLanguage])return void k.addText(A);e=m(y.subLanguage,A,!0,O[y.subLanguage]),O[y.subLanguage]=e.top}else e=v(A,y.subLanguage.length?y.subLanguage:null);y.relevance>0&&(I+=e.relevance),k.addSublanguage(e.emitter,e.language)}}():function(){if(!y.keywords)return void k.addText(A);let e=0;y.keywordPatternRe.lastIndex=0;let n=y.keywordPatternRe.exec(A),t="";for(;n;){t+=A.substring(e,n.index);const r=c(y,n);if(r){const[e,a]=r;k.addText(t),t="",I+=a,k.addKeyword(n[0],e)}else t+=n[0];e=y.keywordPatternRe.lastIndex,n=y.keywordPatternRe.exec(A)}t+=A.substr(e),k.addText(t)}(),A=""}function h(e){return e.className&&k.openNode(e.className),y=Object.create(e,{parent:{value:y}})}function p(e){return 0===y.matcher.regexIndex?(A+=e[0],1):(L=!0,0)}var b={};function x(t,r){var i=r&&r[0];if(A+=t,null==i)return u(),0;if("begin"===b.type&&"end"===r.type&&b.index===r.index&&""===i){if(A+=o.slice(r.index,r.index+1),!l){const n=Error("0 width match regex");throw n.languageName=e,n.badRule=b.rule,n}return 1}if(b=r,"begin"===r.type)return function(e){var t=e[0],r=e.rule;const a=new n(r),i=[r.__beforeBegin,r["on:begin"]];for(const n of i)if(n&&(n(e,a),a.ignore))return p(t);return r&&r.endSameAsBegin&&(r.endRe=RegExp(t.replace(/[-/\\^$*+?.()|[\]{}]/g,"\\$&"),"m")),r.skip?A+=t:(r.excludeBegin&&(A+=t),u(),r.returnBegin||r.excludeBegin||(A=t)),h(r),r.returnBegin?0:t.length}(r);if("illegal"===r.type&&!a){const e=Error('Illegal lexeme "'+i+'" for mode "'+(y.className||"")+'"');throw e.mode=y,e}if("end"===r.type){var s=function(e){var t=e[0],r=o.substr(e.index),a=function e(t,r,a){let i=function(e,n){var t=e&&e.exec(n);return t&&0===t.index}(t.endRe,a);if(i){if(t["on:end"]){const e=new n(t);t["on:end"](r,e),e.ignore&&(i=!1)}if(i){for(;t.endsParent&&t.parent;)t=t.parent;return t}}if(t.endsWithParent)return e(t.parent,r,a)}(y,e,r);if(!a)return M;var i=y;i.skip?A+=t:(i.returnEnd||i.excludeEnd||(A+=t),u(),i.excludeEnd&&(A=t));do{y.className&&k.closeNode(),y.skip||y.subLanguage||(I+=y.relevance),y=y.parent}while(y!==a.parent);return a.starts&&(a.endSameAsBegin&&(a.starts.endRe=a.endRe),h(a.starts)),i.returnEnd?0:t.length}(r);if(s!==M)return s}if("illegal"===r.type&&""===i)return 1;if(B>1e5&&B>3*r.index)throw Error("potential infinite loop, way more iterations than matches");return A+=i,i.length}var E=T(e);if(!E)throw console.error(g.replace("{}",e)),Error('Unknown language: "'+e+'"');var _=function(e){function n(n,t){return RegExp(d(n),"m"+(e.case_insensitive?"i":"")+(t?"g":""))}class t{constructor(){this.matchIndexes={},this.regexes=[],this.matchAt=1,this.position=0}addRule(e,n){n.position=this.position++,this.matchIndexes[this.matchAt]=n,this.regexes.push([n,e]),this.matchAt+=function(e){return RegExp(e.toString()+"|").exec("").length-1}(e)+1}compile(){0===this.regexes.length&&(this.exec=()=>null);const e=this.regexes.map(e=>e[1]);this.matcherRe=n(function(e,n="|"){for(var t=/\[(?:[^\\\]]|\\.)*\]|\(\??|\\([1-9][0-9]*)|\\./,r=0,a="",i=0;i0&&(a+=n),a+="(";o.length>0;){var l=t.exec(o);if(null==l){a+=o;break}a+=o.substring(0,l.index),o=o.substring(l.index+l[0].length),"\\"===l[0][0]&&l[1]?a+="\\"+(+l[1]+s):(a+=l[0],"("===l[0]&&r++)}a+=")"}return a}(e),!0),this.lastIndex=0}exec(e){this.matcherRe.lastIndex=this.lastIndex;const n=this.matcherRe.exec(e);if(!n)return null;const t=n.findIndex((e,n)=>n>0&&void 0!==e),r=this.matchIndexes[t];return n.splice(0,t),Object.assign(n,r)}}class a{constructor(){this.rules=[],this.multiRegexes=[],this.count=0,this.lastIndex=0,this.regexIndex=0}getMatcher(e){if(this.multiRegexes[e])return this.multiRegexes[e];const n=new t;return this.rules.slice(e).forEach(([e,t])=>n.addRule(e,t)),n.compile(),this.multiRegexes[e]=n,n}considerAll(){this.regexIndex=0}addRule(e,n){this.rules.push([e,n]),"begin"===n.type&&this.count++}exec(e){const n=this.getMatcher(this.regexIndex);n.lastIndex=this.lastIndex;const t=n.exec(e);return t&&(this.regexIndex+=t.position+1,this.regexIndex===this.count&&(this.regexIndex=0)),t}}function i(e,n){const t=e.input[e.index-1],r=e.input[e.index+e[0].length];"."!==t&&"."!==r||n.ignoreMatch()}if(e.contains&&e.contains.includes("self"))throw Error("ERR: contains `self` is not supported at the top-level of a language. See documentation.");return function t(s,o){const l=s;if(s.compiled)return l;s.compiled=!0,s.__beforeBegin=null,s.keywords=s.keywords||s.beginKeywords;let c=null;if("object"==typeof s.keywords&&(c=s.keywords.$pattern,delete s.keywords.$pattern),s.keywords&&(s.keywords=function(e,n){var t={};return"string"==typeof e?r("keyword",e):Object.keys(e).forEach((function(n){r(n,e[n])})),t;function r(e,r){n&&(r=r.toLowerCase()),r.split(" ").forEach((function(n){var r=n.split("|");t[r[0]]=[e,w(r[0],r[1])]}))}}(s.keywords,e.case_insensitive)),s.lexemes&&c)throw Error("ERR: Prefer `keywords.$pattern` to `mode.lexemes`, BOTH are not allowed. (see mode reference) ");return l.keywordPatternRe=n(s.lexemes||c||/\w+/,!0),o&&(s.beginKeywords&&(s.begin="\\b("+s.beginKeywords.split(" ").join("|")+")(?=\\b|\\s)",s.__beforeBegin=i),s.begin||(s.begin=/\B|\b/),l.beginRe=n(s.begin),s.endSameAsBegin&&(s.end=s.begin),s.end||s.endsWithParent||(s.end=/\B|\b/),s.end&&(l.endRe=n(s.end)),l.terminator_end=d(s.end)||"",s.endsWithParent&&o.terminator_end&&(l.terminator_end+=(s.end?"|":"")+o.terminator_end)),s.illegal&&(l.illegalRe=n(s.illegal)),void 0===s.relevance&&(s.relevance=1),s.contains||(s.contains=[]),s.contains=[].concat(...s.contains.map((function(e){return function(e){return e.variants&&!e.cached_variants&&(e.cached_variants=e.variants.map((function(n){return r(e,{variants:null},n)}))),e.cached_variants?e.cached_variants:function e(n){return!!n&&(n.endsWithParent||e(n.starts))}(e)?r(e,{starts:e.starts?r(e.starts):null}):Object.isFrozen(e)?r(e):e}("self"===e?s:e)}))),s.contains.forEach((function(e){t(e,l)})),s.starts&&t(s.starts,o),l.matcher=function(e){const n=new a;return e.contains.forEach(e=>n.addRule(e.begin,{rule:e,type:"begin"})),e.terminator_end&&n.addRule(e.terminator_end,{type:"end"}),e.illegal&&n.addRule(e.illegal,{type:"illegal"}),n}(l),l}(e)}(E),N="",y=s||_,O={},k=new f.__emitter(f);!function(){for(var e=[],n=y;n!==E;n=n.parent)n.className&&e.unshift(n.className);e.forEach(e=>k.openNode(e))}();var A="",I=0,S=0,B=0,L=!1;try{for(y.matcher.considerAll();;){B++,L?L=!1:(y.matcher.lastIndex=S,y.matcher.considerAll());const e=y.matcher.exec(o);if(!e)break;const n=x(o.substring(S,e.index),e);S=e.index+n}return x(o.substr(S)),k.closeAllNodes(),k.finalize(),N=k.toHTML(),{relevance:I,value:N,language:e,illegal:!1,emitter:k,top:y}}catch(n){if(n.message&&n.message.includes("Illegal"))return{illegal:!0,illegalBy:{msg:n.message,context:o.slice(S-100,S+100),mode:n.mode},sofar:N,relevance:0,value:R(o),emitter:k};if(l)return{illegal:!1,relevance:0,value:R(o),emitter:k,language:e,top:y,errorRaised:n};throw n}}function v(e,n){n=n||f.languages||Object.keys(i);var t=function(e){const n={relevance:0,emitter:new f.__emitter(f),value:R(e),illegal:!1,top:h};return n.emitter.addText(e),n}(e),r=t;return n.filter(T).filter(I).forEach((function(n){var a=m(n,e,!1);a.language=n,a.relevance>r.relevance&&(r=a),a.relevance>t.relevance&&(r=t,t=a)})),r.language&&(t.second_best=r),t}function x(e){return f.tabReplace||f.useBR?e.replace(c,e=>"\n"===e?f.useBR?"
":e:f.tabReplace?e.replace(/\t/g,f.tabReplace):e):e}function E(e){let n=null;const t=function(e){var n=e.className+" ";n+=e.parentNode?e.parentNode.className:"";const t=f.languageDetectRe.exec(n);if(t){var r=T(t[1]);return r||(console.warn(g.replace("{}",t[1])),console.warn("Falling back to no-highlight mode for this block.",e)),r?t[1]:"no-highlight"}return n.split(/\s+/).find(e=>p(e)||T(e))}(e);if(p(t))return;S("before:highlightBlock",{block:e,language:t}),f.useBR?(n=document.createElement("div")).innerHTML=e.innerHTML.replace(/\n/g,"").replace(//g,"\n"):n=e;const r=n.textContent,a=t?b(t,r,!0):v(r),i=O(n);if(i.length){const e=document.createElement("div");e.innerHTML=a.value,a.value=k(i,O(e),r)}a.value=x(a.value),S("after:highlightBlock",{block:e,result:a}),e.innerHTML=a.value,e.className=function(e,n,t){var r=n?s[n]:t,a=[e.trim()];return e.match(/\bhljs\b/)||a.push("hljs"),e.includes(r)||a.push(r),a.join(" ").trim()}(e.className,t,a.language),e.result={language:a.language,re:a.relevance,relavance:a.relevance},a.second_best&&(e.second_best={language:a.second_best.language,re:a.second_best.relevance,relavance:a.second_best.relevance})}const N=()=>{if(!N.called){N.called=!0;var e=document.querySelectorAll("pre code");a.forEach.call(e,E)}};function T(e){return e=(e||"").toLowerCase(),i[e]||i[s[e]]}function A(e,{languageName:n}){"string"==typeof e&&(e=[e]),e.forEach(e=>{s[e]=n})}function I(e){var n=T(e);return n&&!n.disableAutodetect}function S(e,n){var t=e;o.forEach((function(e){e[t]&&e[t](n)}))}Object.assign(t,{highlight:b,highlightAuto:v,fixMarkup:x,highlightBlock:E,configure:function(e){f=y(f,e)},initHighlighting:N,initHighlightingOnLoad:function(){window.addEventListener("DOMContentLoaded",N,!1)},registerLanguage:function(e,n){var r=null;try{r=n(t)}catch(n){if(console.error("Language definition for '{}' could not be registered.".replace("{}",e)),!l)throw n;console.error(n),r=h}r.name||(r.name=e),i[e]=r,r.rawDefinition=n.bind(null,t),r.aliases&&A(r.aliases,{languageName:e})},listLanguages:function(){return Object.keys(i)},getLanguage:T,registerAliases:A,requireLanguage:function(e){var n=T(e);if(n)return n;throw Error("The '{}' language is required, but not loaded.".replace("{}",e))},autoDetection:I,inherit:y,addPlugin:function(e){o.push(e)}}),t.debugMode=function(){l=!1},t.safeMode=function(){l=!0},t.versionString="10.1.2";for(const n in _)"object"==typeof _[n]&&e(_[n]);return Object.assign(t,_),t}({})}();"object"==typeof exports&&"undefined"!=typeof module&&(module.exports=hljs);hljs.registerLanguage("xml",function(){"use strict";return function(e){var n={className:"symbol",begin:"&[a-z]+;|&#[0-9]+;|&#x[a-f0-9]+;"},a={begin:"\\s",contains:[{className:"meta-keyword",begin:"#?[a-z_][a-z1-9_-]+",illegal:"\\n"}]},s=e.inherit(a,{begin:"\\(",end:"\\)"}),t=e.inherit(e.APOS_STRING_MODE,{className:"meta-string"}),i=e.inherit(e.QUOTE_STRING_MODE,{className:"meta-string"}),c={endsWithParent:!0,illegal:/`]+/}]}]}]};return{name:"HTML, XML",aliases:["html","xhtml","rss","atom","xjb","xsd","xsl","plist","wsf","svg"],case_insensitive:!0,contains:[{className:"meta",begin:"",relevance:10,contains:[a,i,t,s,{begin:"\\[",end:"\\]",contains:[{className:"meta",begin:"",contains:[a,s,i,t]}]}]},e.COMMENT("\x3c!--","--\x3e",{relevance:10}),{begin:"<\\!\\[CDATA\\[",end:"\\]\\]>",relevance:10},n,{className:"meta",begin:/<\?xml/,end:/\?>/,relevance:10},{className:"tag",begin:")",end:">",keywords:{name:"style"},contains:[c],starts:{end:"",returnEnd:!0,subLanguage:["css","xml"]}},{className:"tag",begin:")",end:">",keywords:{name:"script"},contains:[c],starts:{end:"<\/script>",returnEnd:!0,subLanguage:["javascript","handlebars","xml"]}},{className:"tag",begin:"",contains:[{className:"name",begin:/[^\/><\s]+/,relevance:0},c]}]}}}());hljs.registerLanguage("markdown",function(){"use strict";return function(n){const e={begin:"<",end:">",subLanguage:"xml",relevance:0},a={begin:"\\[.+?\\][\\(\\[].*?[\\)\\]]",returnBegin:!0,contains:[{className:"string",begin:"\\[",end:"\\]",excludeBegin:!0,returnEnd:!0,relevance:0},{className:"link",begin:"\\]\\(",end:"\\)",excludeBegin:!0,excludeEnd:!0},{className:"symbol",begin:"\\]\\[",end:"\\]",excludeBegin:!0,excludeEnd:!0}],relevance:10},i={className:"strong",contains:[],variants:[{begin:/_{2}/,end:/_{2}/},{begin:/\*{2}/,end:/\*{2}/}]},s={className:"emphasis",contains:[],variants:[{begin:/\*(?!\*)/,end:/\*/},{begin:/_(?!_)/,end:/_/,relevance:0}]};i.contains.push(s),s.contains.push(i);var c=[e,a];return i.contains=i.contains.concat(c),s.contains=s.contains.concat(c),{name:"Markdown",aliases:["md","mkdown","mkd"],contains:[{className:"section",variants:[{begin:"^#{1,6}",end:"$",contains:c=c.concat(i,s)},{begin:"(?=^.+?\\n[=-]{2,}$)",contains:[{begin:"^[=-]*$"},{begin:"^",end:"\\n",contains:c}]}]},e,{className:"bullet",begin:"^[ \t]*([*+-]|(\\d+\\.))(?=\\s+)",end:"\\s+",excludeEnd:!0},i,s,{className:"quote",begin:"^>\\s+",contains:c,end:"$"},{className:"code",variants:[{begin:"(`{3,})(.|\\n)*?\\1`*[ ]*"},{begin:"(~{3,})(.|\\n)*?\\1~*[ ]*"},{begin:"```",end:"```+[ ]*$"},{begin:"~~~",end:"~~~+[ ]*$"},{begin:"`.+?`"},{begin:"(?=^( {4}|\\t))",contains:[{begin:"^( {4}|\\t)",end:"(\\n)$"}],relevance:0}]},{begin:"^[-\\*]{3,}",end:"$"},a,{begin:/^\[[^\n]+\]:/,returnBegin:!0,contains:[{className:"symbol",begin:/\[/,end:/\]/,excludeBegin:!0,excludeEnd:!0},{className:"link",begin:/:\s*/,end:/$/,excludeBegin:!0}]}]}}}());hljs.registerLanguage("perl",function(){"use strict";return function(e){var n={$pattern:/[\w.]+/,keyword:"getpwent getservent quotemeta msgrcv scalar kill dbmclose undef lc ma syswrite tr send umask sysopen shmwrite vec qx utime local oct semctl localtime readpipe do return format read sprintf dbmopen pop getpgrp not getpwnam rewinddir qq fileno qw endprotoent wait sethostent bless s|0 opendir continue each sleep endgrent shutdown dump chomp connect getsockname die socketpair close flock exists index shmget sub for endpwent redo lstat msgctl setpgrp abs exit select print ref gethostbyaddr unshift fcntl syscall goto getnetbyaddr join gmtime symlink semget splice x|0 getpeername recv log setsockopt cos last reverse gethostbyname getgrnam study formline endhostent times chop length gethostent getnetent pack getprotoent getservbyname rand mkdir pos chmod y|0 substr endnetent printf next open msgsnd readdir use unlink getsockopt getpriority rindex wantarray hex system getservbyport endservent int chr untie rmdir prototype tell listen fork shmread ucfirst setprotoent else sysseek link getgrgid shmctl waitpid unpack getnetbyname reset chdir grep split require caller lcfirst until warn while values shift telldir getpwuid my getprotobynumber delete and sort uc defined srand accept package seekdir getprotobyname semop our rename seek if q|0 chroot sysread setpwent no crypt getc chown sqrt write setnetent setpriority foreach tie sin msgget map stat getlogin unless elsif truncate exec keys glob tied closedir ioctl socket readlink eval xor readline binmode setservent eof ord bind alarm pipe atan2 getgrent exp time push setgrent gt lt or ne m|0 break given say state when"},t={className:"subst",begin:"[$@]\\{",end:"\\}",keywords:n},s={begin:"->{",end:"}"},r={variants:[{begin:/\$\d/},{begin:/[\$%@](\^\w\b|#\w+(::\w+)*|{\w+}|\w+(::\w*)*)/},{begin:/[\$%@][^\s\w{]/,relevance:0}]},i=[e.BACKSLASH_ESCAPE,t,r],a=[r,e.HASH_COMMENT_MODE,e.COMMENT("^\\=\\w","\\=cut",{endsWithParent:!0}),s,{className:"string",contains:i,variants:[{begin:"q[qwxr]?\\s*\\(",end:"\\)",relevance:5},{begin:"q[qwxr]?\\s*\\[",end:"\\]",relevance:5},{begin:"q[qwxr]?\\s*\\{",end:"\\}",relevance:5},{begin:"q[qwxr]?\\s*\\|",end:"\\|",relevance:5},{begin:"q[qwxr]?\\s*\\<",end:"\\>",relevance:5},{begin:"qw\\s+q",end:"q",relevance:5},{begin:"'",end:"'",contains:[e.BACKSLASH_ESCAPE]},{begin:'"',end:'"'},{begin:"`",end:"`",contains:[e.BACKSLASH_ESCAPE]},{begin:"{\\w+}",contains:[],relevance:0},{begin:"-?\\w+\\s*\\=\\>",contains:[],relevance:0}]},{className:"number",begin:"(\\b0[0-7_]+)|(\\b0x[0-9a-fA-F_]+)|(\\b[1-9][0-9_]*(\\.[0-9_]+)?)|[0_]\\b",relevance:0},{begin:"(\\/\\/|"+e.RE_STARTERS_RE+"|\\b(split|return|print|reverse|grep)\\b)\\s*",keywords:"split return print reverse grep",relevance:0,contains:[e.HASH_COMMENT_MODE,{className:"regexp",begin:"(s|tr|y)/(\\\\.|[^/])*/(\\\\.|[^/])*/[a-z]*",relevance:10},{className:"regexp",begin:"(m|qr)?/",end:"/[a-z]*",contains:[e.BACKSLASH_ESCAPE],relevance:0}]},{className:"function",beginKeywords:"sub",end:"(\\s*\\(.*?\\))?[;{]",excludeEnd:!0,relevance:5,contains:[e.TITLE_MODE]},{begin:"-\\w\\b",relevance:0},{begin:"^__DATA__$",end:"^__END__$",subLanguage:"mojolicious",contains:[{begin:"^@@.*",end:"$",className:"comment"}]}];return t.contains=a,s.contains=a,{name:"Perl",aliases:["pl","pm"],keywords:n,contains:a}}}());hljs.registerLanguage("plaintext",function(){"use strict";return function(t){return{name:"Plain text",aliases:["text","txt"],disableAutodetect:!0}}}());hljs.registerLanguage("ini",function(){"use strict";function e(e){return e?"string"==typeof e?e:e.source:null}function n(...n){return n.map(n=>e(n)).join("")}return function(a){var s={className:"number",relevance:0,variants:[{begin:/([\+\-]+)?[\d]+_[\d_]+/},{begin:a.NUMBER_RE}]},i=a.COMMENT();i.variants=[{begin:/;/,end:/$/},{begin:/#/,end:/$/}];var t={className:"variable",variants:[{begin:/\$[\w\d"][\w\d_]*/},{begin:/\$\{(.*?)}/}]},r={className:"literal",begin:/\bon|off|true|false|yes|no\b/},l={className:"string",contains:[a.BACKSLASH_ESCAPE],variants:[{begin:"'''",end:"'''",relevance:10},{begin:'"""',end:'"""',relevance:10},{begin:'"',end:'"'},{begin:"'",end:"'"}]},c={begin:/\[/,end:/\]/,contains:[i,r,t,l,s,"self"],relevance:0},g="("+[/[A-Za-z0-9_-]+/,/"(\\"|[^"])*"/,/'[^']*'/].map(n=>e(n)).join("|")+")";return{name:"TOML, also INI",aliases:["toml"],case_insensitive:!0,illegal:/\S/,contains:[i,{className:"section",begin:/\[+/,end:/\]+/},{begin:n(g,"(\\s*\\.\\s*",g,")*",n("(?=",/\s*=\s*[^#\s]/,")")),className:"attr",starts:{end:/$/,contains:[i,c,r,t,l,s]}}]}}}());hljs.registerLanguage("json",function(){"use strict";return function(n){var e={literal:"true false null"},i=[n.C_LINE_COMMENT_MODE,n.C_BLOCK_COMMENT_MODE],t=[n.QUOTE_STRING_MODE,n.C_NUMBER_MODE],a={end:",",endsWithParent:!0,excludeEnd:!0,contains:t,keywords:e},l={begin:"{",end:"}",contains:[{className:"attr",begin:/"/,end:/"/,contains:[n.BACKSLASH_ESCAPE],illegal:"\\n"},n.inherit(a,{begin:/:/})].concat(i),illegal:"\\S"},s={begin:"\\[",end:"\\]",contains:[n.inherit(a)],illegal:"\\S"};return t.push(l,s),i.forEach((function(n){t.push(n)})),{name:"JSON",contains:t,keywords:e,illegal:"\\S"}}}());hljs.registerLanguage("ruby",function(){"use strict";return function(e){var n="[a-zA-Z_]\\w*[!?=]?|[-+~]\\@|<<|>>|=~|===?|<=>|[<>]=?|\\*\\*|[-/+%^&*~`|]|\\[\\]=?",a={keyword:"and then defined module in return redo if BEGIN retry end for self when next until do begin unless END rescue else break undef not super class case require yield alias while ensure elsif or include attr_reader attr_writer attr_accessor",literal:"true false nil"},s={className:"doctag",begin:"@[A-Za-z]+"},i={begin:"#<",end:">"},r=[e.COMMENT("#","$",{contains:[s]}),e.COMMENT("^\\=begin","^\\=end",{contains:[s],relevance:10}),e.COMMENT("^__END__","\\n$")],c={className:"subst",begin:"#\\{",end:"}",keywords:a},t={className:"string",contains:[e.BACKSLASH_ESCAPE,c],variants:[{begin:/'/,end:/'/},{begin:/"/,end:/"/},{begin:/`/,end:/`/},{begin:"%[qQwWx]?\\(",end:"\\)"},{begin:"%[qQwWx]?\\[",end:"\\]"},{begin:"%[qQwWx]?{",end:"}"},{begin:"%[qQwWx]?<",end:">"},{begin:"%[qQwWx]?/",end:"/"},{begin:"%[qQwWx]?%",end:"%"},{begin:"%[qQwWx]?-",end:"-"},{begin:"%[qQwWx]?\\|",end:"\\|"},{begin:/\B\?(\\\d{1,3}|\\x[A-Fa-f0-9]{1,2}|\\u[A-Fa-f0-9]{4}|\\?\S)\b/},{begin:/<<[-~]?'?(\w+)(?:.|\n)*?\n\s*\1\b/,returnBegin:!0,contains:[{begin:/<<[-~]?'?/},e.END_SAME_AS_BEGIN({begin:/(\w+)/,end:/(\w+)/,contains:[e.BACKSLASH_ESCAPE,c]})]}]},b={className:"params",begin:"\\(",end:"\\)",endsParent:!0,keywords:a},d=[t,i,{className:"class",beginKeywords:"class module",end:"$|;",illegal:/=/,contains:[e.inherit(e.TITLE_MODE,{begin:"[A-Za-z_]\\w*(::\\w+)*(\\?|\\!)?"}),{begin:"<\\s*",contains:[{begin:"("+e.IDENT_RE+"::)?"+e.IDENT_RE}]}].concat(r)},{className:"function",beginKeywords:"def",end:"$|;",contains:[e.inherit(e.TITLE_MODE,{begin:n}),b].concat(r)},{begin:e.IDENT_RE+"::"},{className:"symbol",begin:e.UNDERSCORE_IDENT_RE+"(\\!|\\?)?:",relevance:0},{className:"symbol",begin:":(?!\\s)",contains:[t,{begin:n}],relevance:0},{className:"number",begin:"(\\b0[0-7_]+)|(\\b0x[0-9a-fA-F_]+)|(\\b[1-9][0-9_]*(\\.[0-9_]+)?)|[0_]\\b",relevance:0},{begin:"(\\$\\W)|((\\$|\\@\\@?)(\\w+))"},{className:"params",begin:/\|/,end:/\|/,keywords:a},{begin:"("+e.RE_STARTERS_RE+"|unless)\\s*",keywords:"unless",contains:[i,{className:"regexp",contains:[e.BACKSLASH_ESCAPE,c],illegal:/\n/,variants:[{begin:"/",end:"/[a-z]*"},{begin:"%r{",end:"}[a-z]*"},{begin:"%r\\(",end:"\\)[a-z]*"},{begin:"%r!",end:"![a-z]*"},{begin:"%r\\[",end:"\\][a-z]*"}]}].concat(r),relevance:0}].concat(r);c.contains=d,b.contains=d;var g=[{begin:/^\s*=>/,starts:{end:"$",contains:d}},{className:"meta",begin:"^([>?]>|[\\w#]+\\(\\w+\\):\\d+:\\d+>|(\\w+-)?\\d+\\.\\d+\\.\\d(p\\d+)?[^>]+>)",starts:{end:"$",contains:d}}];return{name:"Ruby",aliases:["rb","gemspec","podspec","thor","irb"],keywords:a,illegal:/\/\*/,contains:r.concat(g).concat(d)}}}());hljs.registerLanguage("yaml",function(){"use strict";return function(e){var n="true false yes no null",a="[\\w#;/?:@&=+$,.~*\\'()[\\]]+",s={className:"string",relevance:0,variants:[{begin:/'/,end:/'/},{begin:/"/,end:/"/},{begin:/\S+/}],contains:[e.BACKSLASH_ESCAPE,{className:"template-variable",variants:[{begin:"{{",end:"}}"},{begin:"%{",end:"}"}]}]},i=e.inherit(s,{variants:[{begin:/'/,end:/'/},{begin:/"/,end:/"/},{begin:/[^\s,{}[\]]+/}]}),l={end:",",endsWithParent:!0,excludeEnd:!0,contains:[],keywords:n,relevance:0},t={begin:"{",end:"}",contains:[l],illegal:"\\n",relevance:0},g={begin:"\\[",end:"\\]",contains:[l],illegal:"\\n",relevance:0},b=[{className:"attr",variants:[{begin:"\\w[\\w :\\/.-]*:(?=[ \t]|$)"},{begin:'"\\w[\\w :\\/.-]*":(?=[ \t]|$)'},{begin:"'\\w[\\w :\\/.-]*':(?=[ \t]|$)"}]},{className:"meta",begin:"^---s*$",relevance:10},{className:"string",begin:"[\\|>]([0-9]?[+-])?[ ]*\\n( *)[\\S ]+\\n(\\2[\\S ]+\\n?)*"},{begin:"<%[%=-]?",end:"[%-]?%>",subLanguage:"ruby",excludeBegin:!0,excludeEnd:!0,relevance:0},{className:"type",begin:"!\\w+!"+a},{className:"type",begin:"!<"+a+">"},{className:"type",begin:"!"+a},{className:"type",begin:"!!"+a},{className:"meta",begin:"&"+e.UNDERSCORE_IDENT_RE+"$"},{className:"meta",begin:"\\*"+e.UNDERSCORE_IDENT_RE+"$"},{className:"bullet",begin:"\\-(?=[ ]|$)",relevance:0},e.HASH_COMMENT_MODE,{beginKeywords:n,keywords:{literal:n}},{className:"number",begin:"\\b[0-9]{4}(-[0-9][0-9]){0,2}([Tt \\t][0-9][0-9]?(:[0-9][0-9]){2})?(\\.[0-9]*)?([ \\t])*(Z|[-+][0-9][0-9]?(:[0-9][0-9])?)?\\b"},{className:"number",begin:e.C_NUMBER_RE+"\\b"},t,g,s],c=[...b];return c.pop(),c.push(i),l.contains=c,{name:"YAML",case_insensitive:!0,aliases:["yml","YAML"],contains:b}}}());hljs.registerLanguage("haskell",function(){"use strict";return function(e){var n={variants:[e.COMMENT("--","$"),e.COMMENT("{-","-}",{contains:["self"]})]},i={className:"meta",begin:"{-#",end:"#-}"},a={className:"meta",begin:"^#",end:"$"},s={className:"type",begin:"\\b[A-Z][\\w']*",relevance:0},l={begin:"\\(",end:"\\)",illegal:'"',contains:[i,a,{className:"type",begin:"\\b[A-Z][\\w]*(\\((\\.\\.|,|\\w+)\\))?"},e.inherit(e.TITLE_MODE,{begin:"[_a-z][\\w']*"}),n]};return{name:"Haskell",aliases:["hs"],keywords:"let in if then else case of where do module import hiding qualified type data newtype deriving class instance as default infix infixl infixr foreign export ccall stdcall cplusplus jvm dotnet safe unsafe family forall mdo proc rec",contains:[{beginKeywords:"module",end:"where",keywords:"module where",contains:[l,n],illegal:"\\W\\.|;"},{begin:"\\bimport\\b",end:"$",keywords:"import qualified as hiding",contains:[l,n],illegal:"\\W\\.|;"},{className:"class",begin:"^(\\s*)?(class|instance)\\b",end:"where",keywords:"class family instance where",contains:[s,l,n]},{className:"class",begin:"\\b(data|(new)?type)\\b",end:"$",keywords:"data family type newtype deriving",contains:[i,s,l,{begin:"{",end:"}",contains:l.contains},n]},{beginKeywords:"default",end:"$",contains:[s,l,n]},{beginKeywords:"infix infixl infixr",end:"$",contains:[e.C_NUMBER_MODE,n]},{begin:"\\bforeign\\b",end:"$",keywords:"foreign import export ccall stdcall cplusplus jvm dotnet safe unsafe",contains:[s,e.QUOTE_STRING_MODE,n]},{className:"meta",begin:"#!\\/usr\\/bin\\/env runhaskell",end:"$"},i,a,e.QUOTE_STRING_MODE,e.C_NUMBER_MODE,s,e.inherit(e.TITLE_MODE,{begin:"^[_a-z][\\w']*"}),n,{begin:"->|<-"}]}}}());hljs.registerLanguage("nix",function(){"use strict";return function(e){var n={keyword:"rec with let in inherit assert if else then",literal:"true false or and null",built_in:"import abort baseNameOf dirOf isNull builtins map removeAttrs throw toString derivation"},i={className:"subst",begin:/\$\{/,end:/}/,keywords:n},t={className:"string",contains:[i],variants:[{begin:"''",end:"''"},{begin:'"',end:'"'}]},s=[e.NUMBER_MODE,e.HASH_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,t,{begin:/[a-zA-Z0-9-_]+(\s*=)/,returnBegin:!0,relevance:0,contains:[{className:"attr",begin:/\S+/}]}];return i.contains=s,{name:"Nix",aliases:["nixos"],keywords:n,contains:s}}}());hljs.registerLanguage("bash",function(){"use strict";return function(e){const s={};Object.assign(s,{className:"variable",variants:[{begin:/\$[\w\d#@][\w\d_]*/},{begin:/\$\{/,end:/\}/,contains:[{begin:/:-/,contains:[s]}]}]});const t={className:"subst",begin:/\$\(/,end:/\)/,contains:[e.BACKSLASH_ESCAPE]},n={className:"string",begin:/"/,end:/"/,contains:[e.BACKSLASH_ESCAPE,s,t]};t.contains.push(n);const a={begin:/\$\(\(/,end:/\)\)/,contains:[{begin:/\d+#[0-9a-f]+/,className:"number"},e.NUMBER_MODE,s]},i=e.SHEBANG({binary:"(fish|bash|zsh|sh|csh|ksh|tcsh|dash|scsh)",relevance:10}),c={className:"function",begin:/\w[\w\d_]*\s*\(\s*\)\s*\{/,returnBegin:!0,contains:[e.inherit(e.TITLE_MODE,{begin:/\w[\w\d_]*/})],relevance:0};return{name:"Bash",aliases:["sh","zsh"],keywords:{$pattern:/\b-?[a-z\._]+\b/,keyword:"if then else elif fi for while in do done case esac function",literal:"true false",built_in:"break cd continue eval exec exit export getopts hash pwd readonly return shift test times trap umask unset alias bind builtin caller command declare echo enable help let local logout mapfile printf read readarray source type typeset ulimit unalias set shopt autoload bg bindkey bye cap chdir clone comparguments compcall compctl compdescribe compfiles compgroups compquote comptags comptry compvalues dirs disable disown echotc echoti emulate fc fg float functions getcap getln history integer jobs kill limit log noglob popd print pushd pushln rehash sched setcap setopt stat suspend ttyctl unfunction unhash unlimit unsetopt vared wait whence where which zcompile zformat zftp zle zmodload zparseopts zprof zpty zregexparse zsocket zstyle ztcp",_:"-ne -eq -lt -gt -f -d -e -s -l -a"},contains:[i,e.SHEBANG(),c,a,e.HASH_COMMENT_MODE,n,{className:"",begin:/\\"/},{className:"string",begin:/'/,end:/'/},s]}}}());hljs.registerLanguage("shell",function(){"use strict";return function(s){return{name:"Shell Session",aliases:["console"],contains:[{className:"meta",begin:"^\\s{0,3}[/\\w\\d\\[\\]()@-]*[>%$#]",starts:{end:"$",subLanguage:"bash"}}]}}}());hljs.registerLanguage("python",function(){"use strict";return function(e){var n={keyword:"and elif is global as in if from raise for except finally print import pass return exec else break not with class assert yield try while continue del or def lambda async await nonlocal|10",built_in:"Ellipsis NotImplemented",literal:"False None True"},a={className:"meta",begin:/^(>>>|\.\.\.) /},i={className:"subst",begin:/\{/,end:/\}/,keywords:n,illegal:/#/},s={begin:/\{\{/,relevance:0},r={className:"string",contains:[e.BACKSLASH_ESCAPE],variants:[{begin:/(u|b)?r?'''/,end:/'''/,contains:[e.BACKSLASH_ESCAPE,a],relevance:10},{begin:/(u|b)?r?"""/,end:/"""/,contains:[e.BACKSLASH_ESCAPE,a],relevance:10},{begin:/(fr|rf|f)'''/,end:/'''/,contains:[e.BACKSLASH_ESCAPE,a,s,i]},{begin:/(fr|rf|f)"""/,end:/"""/,contains:[e.BACKSLASH_ESCAPE,a,s,i]},{begin:/(u|r|ur)'/,end:/'/,relevance:10},{begin:/(u|r|ur)"/,end:/"/,relevance:10},{begin:/(b|br)'/,end:/'/},{begin:/(b|br)"/,end:/"/},{begin:/(fr|rf|f)'/,end:/'/,contains:[e.BACKSLASH_ESCAPE,s,i]},{begin:/(fr|rf|f)"/,end:/"/,contains:[e.BACKSLASH_ESCAPE,s,i]},e.APOS_STRING_MODE,e.QUOTE_STRING_MODE]},l={className:"number",relevance:0,variants:[{begin:e.BINARY_NUMBER_RE+"[lLjJ]?"},{begin:"\\b(0o[0-7]+)[lLjJ]?"},{begin:e.C_NUMBER_RE+"[lLjJ]?"}]},t={className:"params",variants:[{begin:/\(\s*\)/,skip:!0,className:null},{begin:/\(/,end:/\)/,excludeBegin:!0,excludeEnd:!0,contains:["self",a,l,r,e.HASH_COMMENT_MODE]}]};return i.contains=[r,l,a],{name:"Python",aliases:["py","gyp","ipython"],keywords:n,illegal:/(<\/|->|\?)|=>/,contains:[a,l,{beginKeywords:"if",relevance:0},r,e.HASH_COMMENT_MODE,{variants:[{className:"function",beginKeywords:"def"},{className:"class",beginKeywords:"class"}],end:/:/,illegal:/[${=;\n,]/,contains:[e.UNDERSCORE_TITLE_MODE,t,{begin:/->/,endsWithParent:!0,keywords:"None"}]},{className:"meta",begin:/^[\t ]*@/,end:/$/},{begin:/\b(print|exec)\(/}]}}}()); diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..b082071 --- /dev/null +++ b/flake.lock @@ -0,0 +1,404 @@ +{ + "nodes": { + "ci-agent": { + "inputs": { + "flake-compat": "flake-compat", + "nix-darwin": [ + "darwin" + ], + "nixos-20_09": [ + "nixos" + ], + "nixos-unstable": [ + "latest" + ], + "pre-commit-hooks-nix": "pre-commit-hooks-nix" + }, + "locked": { + "lastModified": 1619088868, + "narHash": "sha256-l9db+HpNIkY41MonGE8z4pbkjBa5BdzJTG5AxV7V7Lw=", + "owner": "hercules-ci", + "repo": "hercules-ci-agent", + "rev": "08f953a263518a3af0ca28cd887020ff3465bdf5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "hercules-ci-agent", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "latest" + ] + }, + "locked": { + "lastModified": 1613595894, + "narHash": "sha256-MOk/7rCAUB5Lf4GL+HimvyAAZXYEw8gWsq5nW4PPQQA=", + "owner": "LnL7", + "repo": "nix-darwin", + "rev": "5c3146b75d5d478f0693d0ea6c83f1da8382ff56", + "type": "github" + }, + "original": { + "owner": "LnL7", + "repo": "nix-darwin", + "type": "github" + } + }, + "deploy": { + "inputs": { + "flake-compat": "flake-compat_2", + "naersk": "naersk", + "nixpkgs": "nixpkgs", + "utils": "utils" + }, + "locked": { + "lastModified": 1616406726, + "narHash": "sha256-n9zmgxR03QNrvs9/fHewqE0j3SjL7Y+cglBCFu3U3rg=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "9e405fbc5ab5bacbd271fd78c6b6b6877c4d9f8d", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, + "devshell": { + "locked": { + "lastModified": 1618523768, + "narHash": "sha256-Gev9da35pHUey3kGz/zrJFc/9ICs++vPCho7qB1mqd8=", + "owner": "numtide", + "repo": "devshell", + "rev": "709fe4d04a9101c9d224ad83f73416dce71baf21", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "digga": { + "inputs": { + "deploy": "deploy", + "devshell": "devshell", + "nixlib": "nixlib", + "nixpkgs": "nixpkgs_2", + "utils": "utils_2" + }, + "locked": { + "lastModified": 1621354376, + "narHash": "sha256-b597Jj8B1Nq4NX/Gl/+bYGKqJxpSfUtr1Nmp9m1DND8=", + "owner": "divnix", + "repo": "digga", + "rev": "5ef9b8cabbc10c9b4fe5534107224c7241c63b3d", + "type": "github" + }, + "original": { + "owner": "divnix", + "repo": "digga", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1606424373, + "narHash": "sha256-oq8d4//CJOrVj+EcOaSXvMebvuTkmBJuT5tzlfewUnQ=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "99f1c2157fba4bfe6211a321fd0ee43199025dbf", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1606424373, + "narHash": "sha256-oq8d4//CJOrVj+EcOaSXvMebvuTkmBJuT5tzlfewUnQ=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "99f1c2157fba4bfe6211a321fd0ee43199025dbf", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1620759905, + "narHash": "sha256-WiyWawrgmyN0EdmiHyG2V+fqReiVi8bM9cRdMaKQOFg=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b543720b25df6ffdfcf9227afafc5b8c1fabfae8", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home": { + "inputs": { + "nixpkgs": [ + "nixos" + ] + }, + "locked": { + "lastModified": 1616724076, + "narHash": "sha256-SwbPXLjN2sLy4NL/GhodiJrdkIVZwGGTGiCN3JxH1cU=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "fedfd430f96695997b3eaf8d7e82ca79406afa23", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "latest": { + "locked": { + "lastModified": 1619400530, + "narHash": "sha256-7ZO7B+b9i1wFbHw62EFT+iwuBBpXeA/fcHlR63Z4J0w=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e8dc8adab655eb27957859c62bef11484b53f639", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "naersk": { + "inputs": { + "nixpkgs": [ + "latest" + ] + }, + "locked": { + "lastModified": 1610392286, + "narHash": "sha256-3wFl5y+4YZO4SgRYK8WE7JIS3p0sxbgrGaQ6RMw+d98=", + "owner": "nmattia", + "repo": "naersk", + "rev": "d7bfbad3304fd768c0f93a4c3b50976275e6d4be", + "type": "github" + }, + "original": { + "owner": "nmattia", + "ref": "master", + "repo": "naersk", + "type": "github" + } + }, + "naersk_2": { + "inputs": { + "nixpkgs": [ + "latest" + ] + }, + "locked": { + "lastModified": 1614785451, + "narHash": "sha256-TPw8kQvr2UNCuvndtY+EjyXp6Q5GEW2l9UafXXh1XmI=", + "owner": "nmattia", + "repo": "naersk", + "rev": "e0fe990b478a66178a58c69cf53daec0478ca6f9", + "type": "github" + }, + "original": { + "owner": "nmattia", + "repo": "naersk", + "type": "github" + } + }, + "nixlib": { + "locked": { + "lastModified": 1620519687, + "narHash": "sha256-+6Dd72b2CASuXm2W7KRxZIE7AOy/dj4mU28vaF+zxcs=", + "owner": "divnix", + "repo": "nixpkgs.lib", + "rev": "c7b6169809c5f74dd0c34f3d69e9d12ba4d448de", + "type": "github" + }, + "original": { + "owner": "divnix", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos": { + "locked": { + "lastModified": 1615797423, + "narHash": "sha256-5NGDZXPQzuoxf/42NiyC9YwwhwzfMfIRrz3aT0XHzSc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "266dc8c3d052f549826ba246d06787a219533b8f", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1615652054, + "narHash": "sha256-jqXKU8Ovpi7MmPRqGf2FB3QOPcZtGwO2MFc0AYiOPjg=", + "owner": "nixos", + "repo": "nixos-hardware", + "rev": "31f61b90ddb9257b94888ee17ccf96236e180c76", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1610942247, + "narHash": "sha256-PKo1ATAlC6BmfYSRmX0TVmNoFbrec+A5OKcabGEu2yU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7d71001b796340b219d1bfa8552c81995017544a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1620962350, + "narHash": "sha256-9ASW4d4/Z8HmRvuJI8rxbEOTbXTBpQ8y+CmFYBwtXzE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "5d4a430472cafada97888cc80672fab255231f57", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "nur": { + "locked": { + "lastModified": 1615921934, + "narHash": "sha256-nURGM869KKA1+c1SHHsXKYcPXhHIuxWBjNXjJ90OzRQ=", + "owner": "nix-community", + "repo": "NUR", + "rev": "faf862e8cf009edfa38ecc61188f7a6ace293552", + "type": "github" + }, + "original": { + "id": "nur", + "type": "indirect" + } + }, + "pkgs": { + "inputs": { + "nixpkgs": [ + "nixos" + ] + }, + "locked": { + "narHash": "sha256-Zs7dc0dNNa0Z3//+Gckxj7SKrMqVovY0xZZ1z8xWnEg=", + "path": "./pkgs", + "type": "path" + }, + "original": { + "path": "./pkgs", + "type": "path" + } + }, + "pre-commit-hooks-nix": { + "flake": false, + "locked": { + "lastModified": 1617783930, + "narHash": "sha256-SigoU2LWM1fMggqfM9H8XEIvjOjBVQ/wj/zrn02J28c=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "2d169bb1b23f3b71a894a66ea81f45c788943248", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "ci-agent": "ci-agent", + "darwin": "darwin", + "digga": "digga", + "home": "home", + "latest": "latest", + "naersk": "naersk_2", + "nixos": "nixos", + "nixos-hardware": "nixos-hardware", + "nur": "nur", + "pkgs": "pkgs" + } + }, + "utils": { + "locked": { + "lastModified": 1610051610, + "narHash": "sha256-U9rPz/usA1/Aohhk7Cmc2gBrEEKRzcW4nwPWMPwja4Y=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3982c9903e93927c2164caa727cd3f6a0e6d14cc", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_2": { + "inputs": { + "flake-utils": "flake-utils" + }, + "locked": { + "lastModified": 1620801141, + "narHash": "sha256-XPJ+/nP/s218E11R+4LJyvkrQXvdT3D6TzNjfWVYZnI=", + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "rev": "1a742047f3f7c97b22768ba7738ac5a01052099e", + "type": "github" + }, + "original": { + "owner": "gytis-ivaskevicius", + "ref": "staging", + "repo": "flake-utils-plus", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..27024b0 --- /dev/null +++ b/flake.nix @@ -0,0 +1,97 @@ +{ + description = "A highly structured configuration database."; + + inputs = + { + nixos.url = "nixpkgs/nixos-unstable"; + latest.url = "nixpkgs"; + digga.url = "github:divnix/digga"; + + ci-agent = { + url = "github:hercules-ci/hercules-ci-agent"; + inputs = { nix-darwin.follows = "darwin"; nixos-20_09.follows = "nixos"; nixos-unstable.follows = "latest"; }; + }; + darwin.url = "github:LnL7/nix-darwin"; + darwin.inputs.nixpkgs.follows = "latest"; + home.url = "github:nix-community/home-manager"; + home.inputs.nixpkgs.follows = "nixos"; + naersk.url = "github:nmattia/naersk"; + naersk.inputs.nixpkgs.follows = "latest"; + nixos-hardware.url = "github:nixos/nixos-hardware"; + + pkgs.url = "path:./pkgs"; + pkgs.inputs.nixpkgs.follows = "nixos"; + }; + + outputs = inputs@{ self, pkgs, digga, nixos, ci-agent, home, nixos-hardware, nur, ... }: + digga.lib.mkFlake { + inherit self inputs; + + channelsConfig = { allowUnfree = true; }; + + channels = { + nixos = { + imports = [ (digga.lib.importers.overlays ./overlays) ]; + overlays = [ + ./pkgs/default.nix + pkgs.overlay # for `srcs` + nur.overlay + ]; + }; + latest = { }; + }; + + lib = import ./lib { lib = digga.lib // nixos.lib; }; + + sharedOverlays = [ + (final: prev: { + lib = prev.lib.extend (lfinal: lprev: { + our = self.lib; + }); + }) + ]; + + nixos = { + hostDefaults = { + system = "x86_64-linux"; + channelName = "nixos"; + modules = ./modules/module-list.nix; + externalModules = [ + { _module.args.ourLib = self.lib; } + ci-agent.nixosModules.agent-profile + home.nixosModules.home-manager + ./modules/customBuilds.nix + ]; + }; + + imports = [ (digga.lib.importers.hosts ./hosts) ]; + hosts = { + /* set host specific properties here */ + NixOS = { }; + }; + profiles = [ ./profiles ./users ]; + suites = { profiles, users, ... }: with profiles; rec { + base = [ core users.nixos users.root ]; + }; + }; + + home = { + modules = ./users/modules/module-list.nix; + externalModules = [ ]; + profiles = [ ./users/profiles ]; + suites = { profiles, ... }: with profiles; rec { + base = [ direnv git ]; + }; + }; + + homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations; + + deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { }; + + defaultTemplate = self.templates.flk; + templates.flk.path = ./.; + templates.flk.description = "flk template"; + + } + ; +} diff --git a/hosts/NixOS.nix b/hosts/NixOS.nix new file mode 100644 index 0000000..3b08411 --- /dev/null +++ b/hosts/NixOS.nix @@ -0,0 +1,12 @@ +{ suites, ... }: +{ + ### root password is empty by default ### + imports = suites.base; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.networkmanager.enable = true; + + fileSystems."/" = { device = "/dev/disk/by-label/nixos"; }; +} diff --git a/lib/compat/default.nix b/lib/compat/default.nix new file mode 100644 index 0000000..9d0c283 --- /dev/null +++ b/lib/compat/default.nix @@ -0,0 +1,14 @@ +let + rev = "e7e5d481a0e15dcd459396e55327749989e04ce0"; + flake = (import + ( + fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/${rev}.tar.gz"; + sha256 = "0zd3x46fswh5n6faq4x2kkpy6p3c6j593xbdlbsl40ppkclwc80x"; + } + ) + { + src = ../../.; + }); +in +flake diff --git a/lib/compat/nixos/default.nix b/lib/compat/nixos/default.nix new file mode 100644 index 0000000..e4e0e68 --- /dev/null +++ b/lib/compat/nixos/default.nix @@ -0,0 +1,10 @@ +{ ... }: +let + inherit (default.inputs.nixos) lib; + + host = configs.${hostname} or configs.NixOS; + configs = default.nixosConfigurations; + default = (import ../.).defaultNix; + hostname = lib.fileContents /etc/hostname; +in +host diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..2356e1f --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,2 @@ +{ lib }: +lib.makeExtensible (self: { }) diff --git a/modules/customBuilds.nix b/modules/customBuilds.nix new file mode 100644 index 0000000..875d23a --- /dev/null +++ b/modules/customBuilds.nix @@ -0,0 +1,30 @@ +{ lib, self, diggaLib, config, modules, channel, ... }: +let + mkBuild = buildModule: + # TODO: get specialArgs as a module argument and drop builderArgs usage + channel.input.lib.nixosSystem (diggaLib.mergeAny config.lib.builderArgs { + modules = [ buildModule ]; + }); +in +{ + system.build = { + iso = (mkBuild (diggaLib.modules.isoConfig { + inherit self; + inherit (self) inputs; + fullHostConfig = config; + })).config.system.build.isoImage; + + homes = (mkBuild ({ config, ... }: { + home-manager.useUserPackages = lib.mkForce false; + home-manager.sharedModules = [ + { + home.sessionVariables = { + inherit (config.environment.sessionVariables) NIX_PATH; + }; + xdg.configFile."nix/registry.json".text = + config.environment.etc."nix/registry.json".text; + } + ]; + })).config.home-manager.users; + }; +} diff --git a/modules/module-list.nix b/modules/module-list.nix new file mode 100644 index 0000000..1e3ec72 --- /dev/null +++ b/modules/module-list.nix @@ -0,0 +1 @@ +[ ] diff --git a/overlays/overrides.nix b/overlays/overrides.nix new file mode 100644 index 0000000..59516b3 --- /dev/null +++ b/overlays/overrides.nix @@ -0,0 +1,28 @@ +channels: final: prev: { + + __dontExport = true; # overrides clutter up actual creations + + inherit (channels.latest) + cachix + dhall + discord + element-desktop + manix + nixpkgs-fmt + qutebrowser + signal-desktop + starship; + + + haskellPackages = prev.haskellPackages.override { + overrides = hfinal: hprev: + let version = prev.lib.replaceChars [ "." ] [ "" ] prev.ghc.version; + in + { + # same for haskell packages, matching ghc versions + inherit (channels.latest.haskell.packages."ghc${version}") + haskell-language-server; + }; + }; + +} diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 0000000..ce16870 --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1 @@ +final: prev: { } diff --git a/pkgs/flake.lock b/pkgs/flake.lock new file mode 100644 index 0000000..ef3f5a9 --- /dev/null +++ b/pkgs/flake.lock @@ -0,0 +1,25 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1615926763, + "narHash": "sha256-yeq8A3EPNuQVlsxlEQrIRsklfJwJK0Us6jtcG/u8wNs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b702a56d417647de4090ac56c0f18bdc7e646610", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/pkgs/flake.nix b/pkgs/flake.nix new file mode 100644 index 0000000..1b6cc0a --- /dev/null +++ b/pkgs/flake.nix @@ -0,0 +1,52 @@ +{ + description = "Package Sources"; + + inputs = { }; + + outputs = { self, nixpkgs, ... }: { + overlay = final: prev: { + inherit (self) srcs; + }; + + srcs = + let + inherit (nixpkgs) lib; + + mkVersion = name: input: + let + inputs = (builtins.fromJSON + (builtins.readFile ./flake.lock)).nodes; + + ref = + if lib.hasAttrByPath [ name "original" "ref" ] inputs + then inputs.${name}.original.ref + else ""; + + version = + let version' = builtins.match + "[[:alpha:]]*[-._]?([0-9]+(\.[0-9]+)*)+" + ref; + in + if lib.isList version' + then lib.head version' + else if input ? lastModifiedDate && input ? shortRev + then "${lib.substring 0 8 input.lastModifiedDate}_${input.shortRev}" + else null; + in + version; + in + lib.mapAttrs + (pname: input: + let + version = mkVersion pname input; + in + input // { inherit pname; } + // lib.optionalAttrs (! isNull version) + { + inherit version; + } + ) + (lib.filterAttrs (n: _: n != "nixpkgs") + self.inputs); + }; +} diff --git a/profiles/cachix/default.nix b/profiles/cachix/default.nix new file mode 100644 index 0000000..d88a3f7 --- /dev/null +++ b/profiles/cachix/default.nix @@ -0,0 +1,11 @@ +{ pkgs, lib, ... }: +let + folder = ./.; + toImport = name: value: folder + ("/" + name); + filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key && key != "default.nix"; + imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder)); +in +{ + inherit imports; + nix.binaryCaches = [ "https://cache.nixos.org/" ]; +} diff --git a/profiles/cachix/nix-community.nix b/profiles/cachix/nix-community.nix new file mode 100644 index 0000000..7e4be28 --- /dev/null +++ b/profiles/cachix/nix-community.nix @@ -0,0 +1,10 @@ +{ + nix = { + binaryCaches = [ + "https://nix-community.cachix.org" + ]; + binaryCachePublicKeys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + }; +} diff --git a/profiles/cachix/nrdxp.nix b/profiles/cachix/nrdxp.nix new file mode 100644 index 0000000..bb3b4a5 --- /dev/null +++ b/profiles/cachix/nrdxp.nix @@ -0,0 +1,10 @@ +{ + nix = { + binaryCaches = [ + "https://nrdxp.cachix.org" + ]; + binaryCachePublicKeys = [ + "nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4=" + ]; + }; +} diff --git a/profiles/core/default.nix b/profiles/core/default.nix new file mode 100644 index 0000000..41b5136 --- /dev/null +++ b/profiles/core/default.nix @@ -0,0 +1,148 @@ +{ self, config, lib, pkgs, ... }: +let inherit (lib) fileContents; +in +{ + imports = [ ../cachix ]; + + nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; + + environment = { + + systemPackages = with pkgs; [ + binutils + coreutils + curl + direnv + dnsutils + dosfstools + fd + git + gotop + gptfdisk + iputils + jq + manix + moreutils + nix-index + nmap + ripgrep + skim + tealdeer + usbutils + utillinux + whois + ]; + + shellInit = '' + export STARSHIP_CONFIG=${ + pkgs.writeText "starship.toml" + (fileContents ./starship.toml) + } + ''; + + shellAliases = + let ifSudo = lib.mkIf config.security.sudo.enable; + in + { + # quick cd + ".." = "cd .."; + "..." = "cd ../.."; + "...." = "cd ../../.."; + "....." = "cd ../../../.."; + + # git + g = "git"; + + # grep + grep = "rg"; + gi = "grep -i"; + + # internet ip + myip = "dig +short myip.opendns.com @208.67.222.222 2>&1"; + + # nix + n = "nix"; + np = "n profile"; + ni = "np install"; + nr = "np remove"; + ns = "n search --no-update-lock-file"; + nf = "n flake"; + nepl = "n repl ''"; + srch = "ns nixos"; + orch = "ns override"; + nrb = ifSudo "sudo nixos-rebuild"; + mn = '' + manix "" | grep '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | sk --preview="manix '{}'" | xargs manix + ''; + + # fix nixos-option + nixos-option = "nixos-option -I nixpkgs=${self}/lib/compat"; + + # sudo + s = ifSudo "sudo -E "; + si = ifSudo "sudo -i"; + se = ifSudo "sudoedit"; + + # top + top = "gotop"; + + # systemd + ctl = "systemctl"; + stl = ifSudo "s systemctl"; + utl = "systemctl --user"; + ut = "systemctl --user start"; + un = "systemctl --user stop"; + up = ifSudo "s systemctl start"; + dn = ifSudo "s systemctl stop"; + jtl = "journalctl"; + + }; + }; + + fonts = { + fonts = with pkgs; [ powerline-fonts dejavu_fonts ]; + + fontconfig.defaultFonts = { + + monospace = [ "DejaVu Sans Mono for Powerline" ]; + + sansSerif = [ "DejaVu Sans" ]; + + }; + }; + + nix = { + + autoOptimiseStore = true; + + gc.automatic = true; + + optimise.automatic = true; + + useSandbox = true; + + allowedUsers = [ "@wheel" ]; + + trustedUsers = [ "root" "@wheel" ]; + + extraOptions = '' + min-free = 536870912 + keep-outputs = true + keep-derivations = true + fallback = true + ''; + + }; + + programs.bash = { + promptInit = '' + eval "$(${pkgs.starship}/bin/starship init bash)" + ''; + interactiveShellInit = '' + eval "$(${pkgs.direnv}/bin/direnv hook bash)" + ''; + }; + + services.earlyoom.enable = true; + +} diff --git a/profiles/core/starship.toml b/profiles/core/starship.toml new file mode 100644 index 0000000..6ed366b --- /dev/null +++ b/profiles/core/starship.toml @@ -0,0 +1,95 @@ +[aws] +symbol = "๎Œฝ " + +[character] +success_symbol = "[โฏ](bold purple)" +vicmd_symbol = "[โฎ](bold purple)" + +[battery] +full_symbol = "๏•ธ" +charging_symbol = "๏–ƒ" +discharging_symbol = "๏–‚" + +[conda] +symbol = "๏„Œ " + +[directory] +style = "cyan" +read_only = " ๐Ÿ”’" + +[docker] +symbol = "๏Œˆ " + +[elixir] +symbol = "๎‰ต " + +[elm] +symbol = "๎˜ฌ " + +[git_branch] +format = "[$symbol$branch]($style) " +symbol = "๏˜ " +style = "bold dimmed white" + +[git_status] +format = '([ใ€Œ$all_status$ahead_behindใ€]($style) )' +conflicted = "โš ๏ธ" +ahead = "โŸซ${count} " +behind = "โŸช${count}" +diverged = "๐Ÿ”€ " +untracked = "๐Ÿ“ " +stashed = "โ†ช " +modified = "๐šซ " +staged = "โœ” " +renamed = "โ‡† " +deleted = "โœ˜ " +style = "bold bright-white" + +[golang] +symbol = "๎˜ง " + +[haskell] +symbol = "๎˜Ÿ " + +[hg_branch] +symbol = "๏˜ " + +[java] +symbol = "๎‰– " + +[julia] +symbol = "๎˜ค " + +[memory_usage] +symbol = "๏กš " +disabled = false + +[nim] +symbol = "๏šค " + +[nix_shell] +format = '[$symbol$state]($style) ' +symbol = "๏‹œ " +pure_msg = "ฮป" +impure_msg = "โŽ”" + +[nodejs] +symbol = "๎‰ " + +[package] +symbol = "๏ฃ– " + +[php] +symbol = "๎˜ˆ " + +[python] +symbol = "๎˜† " + +[ruby] +symbol = "๎ˆพ " + +[rust] +symbol = "๏€“ " + +[status] +disabled = false diff --git a/secrets/.gitattributes b/secrets/.gitattributes new file mode 100644 index 0000000..ff69eb2 --- /dev/null +++ b/secrets/.gitattributes @@ -0,0 +1,3 @@ +* filter=git-crypt diff=git-crypt +.gitattributes !filter !diff +README.md !filter !diff diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..575a5d8 --- /dev/null +++ b/shell.nix @@ -0,0 +1 @@ +(import ./lib/compat).shellNix diff --git a/users/modules/module-list.nix b/users/modules/module-list.nix new file mode 100644 index 0000000..1e3ec72 --- /dev/null +++ b/users/modules/module-list.nix @@ -0,0 +1 @@ +[ ] diff --git a/users/nixos/default.nix b/users/nixos/default.nix new file mode 100644 index 0000000..700467b --- /dev/null +++ b/users/nixos/default.nix @@ -0,0 +1,14 @@ +{ ... }: +{ + home-manager.users.nixos = { suites, ... }: { + imports = suites.base; + }; + + users.users.nixos = { + uid = 1000; + password = "nixos"; + description = "default"; + isNormalUser = true; + extraGroups = [ "wheel" ]; + }; +} diff --git a/users/profiles/direnv/default.nix b/users/profiles/direnv/default.nix new file mode 100644 index 0000000..173a9c5 --- /dev/null +++ b/users/profiles/direnv/default.nix @@ -0,0 +1,6 @@ +{ + programs.direnv = { + enable = true; + enableNixDirenvIntegration = true; + }; +} diff --git a/users/profiles/git/default.nix b/users/profiles/git/default.nix new file mode 100644 index 0000000..4c9637e --- /dev/null +++ b/users/profiles/git/default.nix @@ -0,0 +1,45 @@ +{ + programs.git = { + enable = true; + + extraConfig = { + pull.rebase = false; + }; + + aliases = { + a = "add -p"; + co = "checkout"; + cob = "checkout -b"; + f = "fetch -p"; + c = "commit"; + p = "push"; + ba = "branch -a"; + bd = "branch -d"; + bD = "branch -D"; + d = "diff"; + dc = "diff --cached"; + ds = "diff --staged"; + r = "restore"; + rs = "restore --staged"; + st = "status -sb"; + + # reset + soft = "reset --soft"; + hard = "reset --hard"; + s1ft = "soft HEAD~1"; + h1rd = "hard HEAD~1"; + + # logging + lg = + "log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit"; + plog = + "log --graph --pretty='format:%C(red)%d%C(reset) %C(yellow)%h%C(reset) %ar %C(green)%aN%C(reset) %s'"; + tlog = + "log --stat --since='1 Day Ago' --graph --pretty=oneline --abbrev-commit --date=relative"; + rank = "shortlog -sn --no-merges"; + + # delete merged branches + bdm = "!git branch --merged | grep -v '*' | xargs -n 1 git branch -d"; + }; + }; +} diff --git a/users/root/default.nix b/users/root/default.nix new file mode 100644 index 0000000..f38c739 --- /dev/null +++ b/users/root/default.nix @@ -0,0 +1,5 @@ +{ ... }: +# recommend using `hashedPassword` +{ + users.users.root.password = ""; +}