Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to implement in Nix Flakes? #2

Open
NovaViper opened this issue Sep 19, 2023 · 2 comments
Open

How to implement in Nix Flakes? #2

NovaViper opened this issue Sep 19, 2023 · 2 comments

Comments

@NovaViper
Copy link

Hey I'm trying to add scalpel into my dotfiles config but I'm unsure how to implement the extendModules hook into my particular flake, which is based on Misterio77's start config. This is what my flake.nix looks like below

{
  # BASED ON https://github.com/Misterio77/nix-config/
  description = "My NixOS Configurations for multiple machines";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";

    hardware.url = "github:nixos/nixos-hardware";
    impermanence.url = "github:nix-community/impermanence";
    nix-colors.url = "github:misterio77/nix-colors";

    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    nh = {
      url = "github:viperml/nh";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    firefox-addons = {
      url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    nixpkgs-howdy.url = "github:fufexan/nixpkgs/howdy";

  };

  outputs = { self, nixpkgs, home-manager, ... }@inputs:
    let
      inherit (self) outputs;
      lib = nixpkgs.lib // home-manager.lib;
      # Supported systems for your flake packages, shell, etc.
      systems = [
        "aarch64-linux"
        "i686-linux"
        "x86_64-linux"
        "aarch64-darwin"
        "x86_64-darwin"
      ];
      # This is a function that generates an attribute by calling a function you pass to it, with each system as an argument
      forEachSystem = f: lib.genAttrs systems (sys: f pkgsFor.${sys});
      pkgsFor = nixpkgs.legacyPackages;
    in {
      inherit lib;
      # Reusable nixos modules you might want to export
      # These are usually stuff you would upstream into nixpkgs
      nixosModules = import ./modules/nixos;
      # Reusable home-manager modules you might want to export
      # These are usually stuff you would upstream into home-manager
      homeManagerModules = import ./modules/home-manager;
      #templates = import ./templates;

      # Your custom packages and modifications, exported as overlays
      overlays = import ./overlays { inherit inputs outputs; };

      # Your custom packages
      # Acessible through 'nix build', 'nix shell', etc
      packages = forEachSystem (pkgs: import ./pkgs { inherit pkgs; });
      # Devshell for bootstrapping
      # Acessible through 'nix develop' or 'nix-shell' (legacy)
      devShells = forEachSystem (pkgs: import ./shell.nix { inherit pkgs; });
      # Formatter for your nix files, available through 'nix fmt'
      # Other options beside 'alejandra' include 'nixpkgs-fmt'
      formatter = forEachSystem (pkgs: pkgs.nixpkgs-fmt);

      #wallpapers = import ./home/misterio/wallpapers;

      # NixOS configuration entrypoint
      # Available through 'nixos-rebuild --flake .#your-hostname'
      nixosConfigurations = {
        # Main desktop
        ryzennova = lib.nixosSystem {
          modules = [ ./hosts/ryzennova ];
          specialArgs = { inherit inputs outputs; };
        };
        # Personal laptop
        yoganova = lib.nixosSystem {
          modules = [ ./hosts/yoganova ];
          specialArgs = { inherit inputs outputs; };
        };
      };

      # Standalone home-manager configuration entrypoint
      # Available through 'home-manager --flake .#your-username@your-hostname'
      homeConfigurations = {
        # Desktops
        "novaviper@ryzennova" = lib.homeManagerConfiguration {
          modules = [ ./home/novaviper/ryzennova.nix ];
          pkgs = pkgsFor.x86_64-linux;
          extraSpecialArgs = { inherit inputs outputs; };
        };
        # Laptops
        "novaviper@yoganova" = lib.homeManagerConfiguration {
          modules = [ ./home/novaviper/yoganova.nix ];
          pkgs = pkgsFor.x86_64-linux;
          extraSpecialArgs = { inherit inputs outputs; };
        };
      };
    };
}
@polygon
Copy link
Owner

polygon commented Sep 19, 2023

Probably something like

    nixosConfigurations = {
        # Main desktop
        ryzennova = 
            let base = lib.nixosSystem {
              modules = [ ./hosts/ryzennova ];
              specialArgs = { inherit inputs outputs; };
            };
            in base.extendModules {
              modules = [ 
                scalpel.nixosModules.scalpel
                <yourscalpelconfigfiles>
              ];
              specialArgs = { prev = base; };
            };
   };

@NovaViper
Copy link
Author

NovaViper commented Sep 20, 2023

Thank you the info! Sorry it took a bit for me to respond back, I was fighting with sops trying to get that part working again. So far I got it added like you showed, but now I'm really confused from reading the documentation for how to implement scalpel. I got a nix module I want to replace secrets that lie inside of it with scalpel. The module basically contains HomeManager configs for setting up mbsync and my email addresses for mu. It looks like the following below (I removed alot of the uncessary stuff as they aren't relavent to the question and it's just quite long).

  sops.secrets = {
    # Add addresses!
    "uni-address" = {
      format = "yaml";
      sopsFile = ../../dots/secrets/esecrets.yaml;
    };
    "gmail-address" = {
      format = "yaml";
      sopsFile = ../../dots/secrets/esecrets.yaml;
    };
    "main-address" = {
      format = "yaml";
      sopsFile = ../../dots/secrets/esecrets.yaml;
    };
  };

  accounts.email = {
    maildirBasePath = "${config.xdg.cacheHome}/mail";
    accounts = {
      "uni" = {
        address = "!!UNI_ADDRESS!!";
        passwordCommand =
          "gpg -q --for-your-eyes-only --no-tty -d ~/.authinfo.gpg | awk '/machine smtp.gmail.com login ${config.accounts.email.accounts.uni.address}/ {print $NF}'";
        ... more stuff after here
      };
      "gmail" = {
        address = "!!GMAIL_ADDRESS!!";
        passwordCommand =
          "gpg -q --for-your-eyes-only --no-tty -d ~/.authinfo.gpg | awk '/machine smtp.gmail.com login ${config.accounts.email.accounts.gmail.address}/ {print $NF}'";
        ... more stuff after here
      };
      "mailbox" = {
        address = "!!MAIN_ADDRESS!!";
        passwordCommand =
          "gpg -q --for-your-eyes-only --no-tty -d ~/.authinfo.gpg | awk '/machine smtp.mailbox.org login ${config.accounts.email.accounts.mailbox.address}/ {print $NF}'";
        ... More stuff after here
      };
    };
  };

So I went ahead and replaced the email addresses with the placeholders as mentioned in the tutorial but I'm puzzled with how to actually get scalpel to transform these placeholders. So far I made the following below but I'm still confused on how to define the start variable and the config file variable as I just copied directly from the example used

{ config, lib, pkgs, prev, ... }:
let
  start = "${prev.config.accounts.email.accounts}";
  uniconfig = builtins.head (builtins.match ".*-c ([^[:space:]]+)" "${start}");
in
{
  systemd.services.mosquitto.serviceConfig.ExecStart = lib.mkForce (
    builtins.replaceStrings [ "${mosquitto_cfgfile}" ] [ "${config.scalpel.trafos."mosquitto.conf".destination} "] "${start}"
  );
  scalpel.trafos."mosquitto.conf" = {
    source = mosquitto_cfgfile;
    matchers."BR1_PASSWORD".secret = config.sops.secrets.br1passwd.path;
    matchers."BR2_PASSWORD".secret = config.sops.secrets.br2passwd.path;
    owner = "mosquitto";
    group = "mosquitto";
    mode = "0440";
  };
}

And the resultant mbsync file that the original makes is like this

# Generated by Home Manager.

IMAPAccount gmail
CertificateFile /etc/ssl/certs/ca-certificates.crt
Host imap.gmail.com
PassCmd "gpg -q --for-your-eyes-only --no-tty -d ~/.authinfo.gpg | awk '/machine smtp.gmail.com login [REDACTED GMAIL]/ {print $NF}'"
Port 993
SSLType IMAPS
User [REDACTED GMAIL]
...More stuff after this


IMAPAccount mailbox
CertificateFile /etc/ssl/certs/ca-certificates.crt
Host imap.mailbox.org
PassCmd "gpg -q --for-your-eyes-only --no-tty -d ~/.authinfo.gpg | awk '/machine smtp.mailbox.org login [REDACTED MAIN]/ {print $NF}'"
SSLType STARTTLS
User [REDACTED MAIN]
...More stuff after this


IMAPAccount uni
CertificateFile /etc/ssl/certs/ca-certificates.crt
Host imap.gmail.com
PassCmd "gpg -q --for-your-eyes-only --no-tty -d ~/.authinfo.gpg | awk '/machine smtp.gmail.com login  [REDACTED UNI]/ {print $NF}'"
Port 993
SSLType IMAPS
User  [REDACTED UNI]
...More stuff after this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants