diff --git a/README.md b/README.md index 6a21df1..e045dca 100644 --- a/README.md +++ b/README.md @@ -12,11 +12,11 @@ Currently managed systems: Create garbage collection roots like so: ``` -colmena build --keep-result +colmena build --keep-result --experimental-flake-eval ``` -- **sue**: `colmena apply-local --sudo --impure` -- **gamepc**: `colmena apply --on gamepc --impure` +- **sue**: `sudo colmena apply-local --sudo --experimental-flake-eval` +- **gamepc**: `colmena apply --on gamepc --experimental-flake-eval` > [!NOTE] -> Currently the `--impure` is necessary until I upgrade to NixOS 24.11. See [this PR](https://github.com/zhaofengli/colmena/pull/228). +> Currently the `--experimental-flake-eval` flag is necessary. See [this PR](https://github.com/zhaofengli/colmena/pull/228). diff --git a/colmena.nix b/colmena.nix index 73ce84a..68dbbf1 100644 --- a/colmena.nix +++ b/colmena.nix @@ -1,6 +1,7 @@ inputs @ { self, nixpkgs, + colmena, ... }: { colmena = { @@ -35,4 +36,6 @@ inputs @ { ]; }; }; + + colmenaHive = colmena.lib.makeHive self.outputs.colmena; } diff --git a/flake.lock b/flake.lock index 7862885..8913b76 100644 --- a/flake.lock +++ b/flake.lock @@ -114,6 +114,28 @@ "type": "github" } }, + "colmena": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nix-github-actions": "nix-github-actions", + "nixpkgs": "nixpkgs", + "stable": "stable" + }, + "locked": { + "lastModified": 1731527002, + "narHash": "sha256-dI9I6suECoIAmbS4xcrqF8r2pbmed8WWm5LIF1yWPw8=", + "owner": "zhaofengli", + "repo": "colmena", + "rev": "e3ad42138015fcdf2524518dd564a13145c72ea1", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "colmena", + "type": "github" + } + }, "crane": { "inputs": { "flake-compat": [ @@ -168,6 +190,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1696426674, @@ -183,7 +221,7 @@ "type": "github" } }, - "flake-compat_2": { + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1673956053, @@ -199,7 +237,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1717312683, @@ -215,7 +253,7 @@ "type": "github" } }, - "flake-compat_4": { + "flake-compat_5": { "flake": false, "locked": { "lastModified": 1673956053, @@ -253,6 +291,21 @@ } }, "flake-utils": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "inputs": { "systems": "systems" }, @@ -270,7 +323,7 @@ "type": "github" } }, - "flake-utils_2": { + "flake-utils_3": { "inputs": { "systems": "systems_2" }, @@ -288,7 +341,7 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_4": { "inputs": { "systems": [ "stylix", @@ -327,7 +380,7 @@ }, "git-hooks": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "gitignore": "gitignore", "nixpkgs": [ "nixpkgs-unstable" @@ -453,9 +506,9 @@ "lanzaboote": { "inputs": { "crane": "crane", - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "flake-parts": "flake-parts", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ], @@ -477,6 +530,27 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "colmena", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -515,8 +589,8 @@ }, "nixos-cosmic": { "inputs": { - "flake-compat": "flake-compat_3", - "nixpkgs": "nixpkgs", + "flake-compat": "flake-compat_4", + "nixpkgs": "nixpkgs_2", "nixpkgs-stable": [ "nixpkgs-unstable" ], @@ -569,11 +643,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732521221, - "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", + "lastModified": 1730785428, + "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", + "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", "type": "github" }, "original": { @@ -632,6 +706,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1732521221, + "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1732824227, "narHash": "sha256-fYNXgpu1AEeLyd3fQt4Ym0tcVP7cdJ8wRoqJ+CtTRyY=", @@ -647,7 +737,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1725194671, "narHash": "sha256-tLGCFEFTB5TaOKkpfw3iYT9dnk4awTP/q4w+ROpMfuw=", @@ -663,7 +753,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1731890469, "narHash": "sha256-D1FNZ70NmQEwNxpSSdTXCSklBH1z2isPR84J6DQrJGs=", @@ -727,8 +817,9 @@ }, "root": { "inputs": { + "colmena": "colmena", "disko": "disko", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "git-hooks": "git-hooks", "home-manager": "home-manager", "lanzaboote": "lanzaboote", @@ -737,7 +828,7 @@ "nixos-cosmic": "nixos-cosmic", "nixos-facter-modules": "nixos-facter-modules", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-unstable": "nixpkgs-unstable", "nur": "nur", "sops-nix": "sops-nix", @@ -811,6 +902,22 @@ "type": "github" } }, + "stable": { + "locked": { + "lastModified": 1730883749, + "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, "stylix": { "inputs": { "base16": "base16", @@ -820,11 +927,11 @@ "base16-kitty": "base16-kitty", "base16-tmux": "base16-tmux", "base16-vim": "base16-vim", - "flake-compat": "flake-compat_4", - "flake-utils": "flake-utils_3", + "flake-compat": "flake-compat_5", + "flake-utils": "flake-utils_4", "gnome-shell": "gnome-shell", "home-manager": "home-manager_2", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "systems": "systems_3" }, "locked": { @@ -889,7 +996,7 @@ }, "treefmt-nix": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1732894027, diff --git a/flake.nix b/flake.nix index c7fa14c..0f7851c 100644 --- a/flake.nix +++ b/flake.nix @@ -10,6 +10,7 @@ nixos-facter-modules.url = "github:numtide/nixos-facter-modules"; flake-utils.url = "github:numtide/flake-utils"; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + colmena.url = "github:zhaofengli/colmena"; git-hooks = { url = "github:cachix/git-hooks.nix"; @@ -57,6 +58,7 @@ self, nixpkgs, flake-utils, + colmena, ... }: (flake-utils.lib.meld inputs [ @@ -70,8 +72,7 @@ devShells.default = nixpkgs.legacyPackages.${system}.mkShell { inherit (self.checks.${system}.pre-commit-check) shellHook; buildInputs = - self.checks.${system}.pre-commit-check.enabledPackages - ++ (with nixpkgs.legacyPackages.${system}; [colmena]); + self.checks.${system}.pre-commit-check.enabledPackages ++ [colmena.defaultPackage.${system}]; }; }); } diff --git a/nixos/default.nix b/nixos/default.nix index d9940ce..6a47dba 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -60,12 +60,10 @@ if user == "root" then "/root" else "/home/${user}"; - maybeSudo = lib.optional (user == "root") "sudo"; - sops = lib.getExe pkgs.sops; in { name = "${user}-sops-age-key"; value = { - keyCommand = maybeSudo ++ ["nix" "run" "nixpkgs#sops" "--" "--extract" "[\"sops_age_key\"]" "-d" (builtins.toString sopsFile)]; + keyCommand = ["nix" "run" "nixpkgs#sops" "--" "--extract" "[\"sops_age_key\"]" "-d" (builtins.toString sopsFile)]; name = "keys.txt"; destDir = "${homeDirectory}/.config/sops/age"; inherit user;