• Stars
    star
    106
  • Rank 325,871 (Top 7 %)
  • Language
    Nix
  • Created over 4 years ago
  • Updated about 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Structured system configuration (I moved from NixOS to GuixSD)

NixOS System Configuration

{
  description = "A highly structured configuration database.";

  inputs = {
    priv.url = "hg+ssh://bao@delta/../../srv/hg/nixpriv";

    master.url = "github:nixos/nixpkgs/master";               #|.
    staged.url = "github:nixos/nixpkgs/staging";              #| |-- Nix
    small.url  = "github:nixos/nixpkgs/nixos-unstable-small"; #| |--   pkgs
    large.url  = "github:nixos/nixpkgs/nixos-unstable";       #|'

    rel2009.url = "github:nixos/nixpkgs/nixos-20.09";         #| Stable
    rel2003.url = "github:nixos/nixpkgs/nixos-20.03";         #| Old Stable
    rel1909 = { url = "github:nixos/nixpkgs/nixos-19.09"; flake = false; };
    rel1903 = { url = "github:nixos/nixpkgs/nixos-19.03"; flake = false; };
    rel1809 = { url = "github:nixos/nixpkgs/nixos-18.09"; flake = false; };
    rel1803 = { url = "github:nixos/nixpkgs/18.03"; flake = false; };
    pr75800.url = "github:nixos/nixpkgs/517b290754f6a7cc487ce11932a8b750f868324d"; #|\ Pull
    pr93659.url = "github:ju1m/nixpkgs/security.pass";                             #|/ Reqs

    nix.url = "github:nixos/nix";                             #|- Nix
    nix-ipfs.url = "github:obsidiansystems/nix/ipfs-develop"; #|  ^^^IPFS

    dwarffs.url = "github:edolstra/dwarffs";         #|- Dwarffs
    dwarffs.inputs.nix.follows = "/nix";             #|
    dwarffs.inputs.nixpkgs.follows = "/nix/nixpkgs"; #|

    home.url = "github:nix-community/home-manager"; #|- Home-manager
    home.inputs.nixpkgs.follows = "/master";        #|

    naersk.url = "github:nmattia/naersk";      #|- Naersk
    naersk.inputs.nixpkgs.follows = "/master"; #|

    guix.url = "github:emiller88/guix";      #|- Guix
    guix.inputs.nixpkgs.follows = "/master"; #|

    construct.url = "github:matrix-construct/construct"; #|- Construct
    construct.inputs.nixpkgs.follows = "/large";         #|

    hydra.url = "github:nixos/hydra/f64230b45edf07d1"; #|- Hydra

    emacs.url = "github:nix-community/emacs-overlay"; # Emacs-overlay

    lisp.url = "github:nix-lisp/lisp-overlay"; # Lisp-overlay

    funkwhale.url = "github:mmai/funkwhale-flake"; # Funkwhale

    devshell.url = "github:numtide/devshell"; # Devshell

    wayland.url = "github:colemickens/nixpkgs-wayland"; #|- Nixpkgs-wayland
    wayland.inputs.nixpkgs.follows = "/small";          #|

    agenix.url = "github:ryantm/agenix";          #|- AgeNix
    agenix.inputs.nixpkgs.follows = "/small";     #|
    agenix.inputs.flake-utils.follows = "/utils"; #|

    haskell.url = "github:input-output-hk/haskell.nix"; # Haskell.nix
    utils.url = "github:numtide/flake-utils";           # Flake-utils
    hardware.url = "github:nixos/nixos-hardware";       # Nixos-hardware
    android.url = "github:tadfisher/android-nixpkgs";   # Android SDK

    xontribs.url = "github:bqv/xontribs"; #|- Xontribs
    xontribs.inputs = {
      nixpkgs.follows = "/master";
      prompt-bar = { url = "github:anki-code/xontrib-prompt-bar/68b3487e156ed3dce80578ebe552b6afa94c7eb8"; flake = false; };
      pipeliner = { url = "github:anki-code/xontrib-pipeliner/daccb6c8a67bbda799dfa2d6d8d829b5e9151c92"; flake = false; };
    };

    nyxt = { url = "github:atlas-engineer/nyxt"; flake = false; };                 # Nyxt
    processmgmt = { url = "github:svanderburg/nix-processmgmt"; flake = false; };  # ProcessMgmt
    hnix-overlay = { url = "github:haskell-nix/hnix"; flake = false; };            # Hnix
    impermanence = { url = "github:nix-community/impermanence"; flake = false; };  # Impermanence
    mozilla = { url = "github:mozilla/nixpkgs-mozilla"; flake = false; };          # Nixpkgs-mozilla
    baduk = { url = "github:dustinlacewell/baduk.nix"; flake = false; };           # Baduk
    snack = { url = "github:nmattia/snack"; flake = false; };                      # Snack
    napalm = { url = "github:nmattia/napalm"; flake = false; };                    # Napalm
    statichask = { url = "github:nh2/static-haskell-nix"; flake = false; };        # Static Haskell
   #anki-sync = { url = "github:ankicommunity/anki-sync-server/125f7bb1"; flake = false; }; # Anki Server
    android-nix = { url = "github:tmcl/minimal-android-nix-example"; flake = false; };
    conix = { url = "github:thenerd247/conix"; flake = false; };
    matrix-nio = { url = "github:poljar/matrix-nio/98f0c244"; flake = false; };
    weechat-matrix = { url = "github:poljar/weechat-matrix/d4158416"; flake = false; };
    sqlcmdline = { url = "github:sebasmonia/sqlcmdline"; flake = false; };
    fish-bass = { url = "github:edc/bass"; flake = false; };
    spotify-adblock = { url = "github:x0uid/spotifyadblock"; flake = false; };
    bottom = { url = "github:clementtsang/bottom/0.4.5"; flake = false; };
    twitterpub = { url = "github:bqv/twitterpub"; flake = false; };
    zsh-pure = { url = "github:sindresorhus/pure"; flake = false; };
    fsnoop = { url = "github:jeffwalter/fsnoop"; flake = false; };
    shflags = { url = "github:kward/shflags"; flake = false; };
    git-remote-ipfs = { url = "github:bqv/git-remote-ipfs"; flake = false; };
    git-get = { url = "github:grdl/git-get"; flake = false; };
    git-pullrequest = { url = "github:google/git-pull-request-mirror"; flake = false; };
    dgit = { url = "github:quorumcontrol/dgit/v0.0.14-alpha"; flake = false; };
    wld = { url = "github:michaelforney/wld"; flake = false; };
    swc = { url = "github:bqv/swc"; flake = false; };
    velox = { url = "github:michaelforney/velox"; flake = false; };
    st-wl = { url = "github:michaelforney/st"; flake = false; };
    dmenu = { url = "github:michaelforney/dmenu"; flake = false; };
    emacs-bitwarden = { url = "github:seanfarley/emacs-bitwarden"; flake = false; };
    ivy-exwm = { url = "github:pjones/ivy-exwm"; flake = false; };
    flycheck-purescript = { url = "github:bsermons/flycheck-purescript"; flake = false; };
    eterm-256color = { url = "github:dieggsy/eterm-256color"; flake = false; };
    emacsbridge = { url = "github:aardsoft/emacsbridge"; flake = false; };
    font-lock-ext = { url = "github:sensorflo/font-lock-ext"; flake = false; };
    sln-mode = { url = "github:sensorflo/sln-mode"; flake = false; };
    emacs-ffi = { url = "github:tromey/emacs-ffi"; flake = false; };
    explain-pause-mode = { url = "github:lastquestion/explain-pause-mode"; flake = false; };
    gnome-network-displays = { url = "git+https://gitlab.gnome.org/gnome/gnome-network-displays"; flake = false; };
    emacs-webkit = { url = "github:akirakyle/emacs-webkit"; flake = false; };
    ini2json = { url = "github:anubisss/ini2json"; flake = false; };
    mfs-replace-root = { url = "github:hsanjuan/mfs-replace-root"; flake = false; };
    brig = { url = "github:sahib/brig/develop"; flake = false; };
    emacs-straight = { url = "github:raxod502/straight.el"; flake = false; };
    cloudflare-cli = { url = "github:danielpigott/cloudflare-cli"; flake = false; };
    wgvanity = { url = "github:warner/wireguard-vanity-address"; flake = false; };
    wold = { url = "github:pauliuszaleckas/wold"; flake = false; };
    mactelnet = { url = "github:haakonnessjoen/mac-telnet"; flake = false; };
    gh-notify = { url = "github:anticomputer/gh-notify"; flake = false; };
    dendrite = { url = "github:matrix-org/dendrite"; flake = false; };
    matrix-client = { url = "github:alphapapa/matrix-client.el"; flake = false; };
    git-bug = { url = "github:michaelmure/git-bug"; flake = false; };
  };

  outputs = inputs: with builtins; let
    allSystems = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];

    # Nixos Config
    config = {
      allowUnfree = true;
      android_sdk.accept_license = true;
    };

    patchNixpkgs = basePkgs: let
      pullReqs = map (meta: {
        url = meta.url or "https://github.com/nixos/nixpkgs/pull/${toString meta.id}.diff";
        name = "nixpkgs-pull-request-${toString meta.id}";
        inherit meta;
        sha256 = meta.hash;
      }) [
        {
          description = "nixos/anbox: use mainline drivers when available";
          id = 102341; hash = "rHKK1id+DHug+4drCfNuPBcGNT3bhQ/bvqYZxf+TVuI=";
        }
        {
          description = "nixos/nat: substitute iptables for compat under nftables";
          id = 085462; hash = "vU53uZUhhO6U2RGElAnZqAy3KForw/yyPiU5Rg1hL74=";
        } # see also #81172
       #{
       #  description = "matrix-dendrite: init at 0.3.9";
       #  id = 109561; hash = "+lTYEXjiMGh6hsYAWU+y5Cn0nFfzeW0yD84AZKsyHT4=";
       #} # broken, for now
      ];
      patches = [
       #(basePkgs.fetchurl {
       #  name = "grub-use-xkb-config";
       #  url = "https://github.com/NixOS/nixpkgs/compare/master...mdevlamynck:4a709715e3de83bfc34b880b8044af41a558316e.diff";
       #  sha256 = "1bkbr2znnwi5yc210vhnj638i1ls1w35sdhh3hfh6fnxlbjlmfbn";
       #})
      ] ++ map basePkgs.fetchpatch pullReqs;
      patchedTree = basePkgs.applyPatches {
        name = "nixpkgs-patched";
        src = basePkgs.path;
        inherit patches;
        postPatch = ''
          patch=$(printf '%s\n' ${builtins.concatStringsSep " " (map (p: p.outputHash or (builtins.baseNameOf p)) patches)} |
          sort | sha256sum | cut -c -7)
          echo "+patch-$patch" >.version-suffix
        '';
      };

      import_nixpkgs = args: import patchedTree ({ inherit (basePkgs) system config overlays; } // args);
    in import_nixpkgs {} // patchedTree // {
      lib = (import_nixpkgs {}).lib;
      legacyPackages = basePkgs.lib.genAttrs allSystems (system: _: import_nixpkgs { inherit system; });
    };

    patchedPkgs = forAllSystems ({ system, ... }:
      patchNixpkgs (channels.modules.legacyPackages.${system})
    );

    channels = with inputs; {
      patched = lib.mapAttrs (_: nixpkgs: forAllSystems ({ system, ... }:
        patchNixpkgs nixpkgs.legacyPackages.${system}
      )) channels;

      pkgs = small;       # For packages
      modules = master;   # For nixos modules
      lib = master;       # For flake-wide lib
    }; inherit (channels.lib) lib; # this ^

    # Packages for nixos configs
    pkgsForSystem = system: patchNixpkgs (import channels.pkgs rec {
      inherit system config;
      overlays = builtins.map (o: o // { value = lib.fix o.__functor; }) [{
        # Project each overlay through recursive subsets
        __functor = self: final: prev: let
          overlaySets = lib.mapAttrs' (ident: overlay: {
            name = "with" + (with lib.strings; let
              ch = stringToCharacters ident;
              ch' = [(toUpper (head ch))] ++ tail ch;
            in concatStringsSep "" ch');
            value = import prev.path {
              inherit (prev) system config;
              overlays = prev.overlays ++ [{
                value = _final: _prev: {
                  inherit overlay;
                  pkgsParent = final;
                } // overlay _final _prev;
                __functor = x: x.value;
                name = ident;
              }];
            };
          }) inputs.self.overlays;
        in overlaySets // {
          inherit overlaySets;
          overlay = self;
          overlaysBase = overlays;
          pkgsParent = prev // { overlays = []; };
          appendOverlays = extensions: prev.appendOverlays [{
            inherit extensions;
            value = lib.fold lib.composeExtensions (self: lib.id) extensions;
            __functor = x: _final: _prev: x.value _final _prev // {
              pkgsParent = final;
            };
            provides = builtins.listToAttrs (lib.imap0 (n: ext: {
              name = "_${toString n}";
              value = builtins.attrNames (ext {} {});
            }) extensions);
            name = "config";
          }];
          withPins = import prev.path {
            inherit (prev) system config;
            overlays = prev.overlays ++ [{
              # Flatten pkgs architecture superficially for convenient maintenance
              value = _final: _prev: let
                overlayPkgs = with final; {
                  # hack to prioritize config overlays
                  appendOverlays = exts: (final.appendOverlays exts).withPins;

                  # this is one light breeze away from infrec
                  inherit (withDevshellFlake) devshell;
                  mkDevShell = configuration: (withDevshellFlake.devshell.eval { inherit configuration; }).shell;
                  inherit (withGuixFlake) guix;
                  inherit (withFunkwhaleFlake) funkwhale;
                  inherit (withEmacsFlake.withSelfFlake.withEmacs) emacsPgtkGcc emacsPgtkGccClient emacsPgtkGccPackages;
                  inherit (withCordless) cordless;
                  inherit (withNix) nixFlakes nix-static nix-ipfs;
                  inherit (withInsecureSSL) epsxe;
                  inherit (withHydraFlake.withNix.withHydra) hydra hydra-unstable;
                  inherit (withSelfFlake) velox electronmail;
                  dotnetPackages = dotnetPackages // {
                    inherit (withSelfFlake.dotnetPackages) azure-functions-core-tools;
                  };
                  haskellPackages = haskellPackages // {
                    inherit (withRel2009.haskellPackages) pointfree-fancy;
                  };
                  inherit (withSelfFlake) dejavu_nerdfont;
                  emacsPackagesFor = emacs: let
                    inherit (withEmacsFlake) emacsPackagesFor;
                    epkgs = withEmacsFlake.withSelfFlake.withEmacs.emacsPackagesFor emacs;
                  in (emacsPackagesFor emacs).overrideScope' (_: _: {
                    inherit (epkgs) bitwarden ivy-exwm emacs-webkit matrix-client;
                    inherit (epkgs) flycheck-purescript eterm-256color gh-notify;
                    inherit (epkgs) emacsbridge font-lock-ext sln-mode;
                    inherit (epkgs) emacs-ffi explain-pause-mode weechat-patched;
                  });
                  inherit (withSelfFlake) git-pr-mirror git-remote-ipfs git-get ipfscat;
                  inherit (import path { inherit system; }) notmuch; # ouch
                  inherit (withSelfFlake) guix-ns twitterpub;
                  inherit (withConstructFlake.withConstruct) matrix-construct;
                  inherit (withSelfFlake) yacy;
                  inherit (withRel2003.withSelfFlake) vervis;

                  inherit (withSelfFlake) cfcli dgit fsnoop pure shflags taiwins;
                  inherit (withIni2json) ini2json;
                  inherit (withNix.withDwarffsFlake) dwarffs;
                  inherit (withNaersk) naersk;
                  inherit (withXonsh.withXontribsFlake) xonsh;

                  inherit (withWeechat) weechatScripts;
                  inherit (withRel2003) bcachefs-tools; # to match kernel ver
                  inherit (withNaersk.withSelfFlake) wgvanity wold mactelnet;
                  inherit (withNix.withSelfFlake) nix-bundle;
                  inherit (withSelfFlake) matrix-dendrite;
                  inherit (withGit-bug) git-bug;

                  inherit (withMaster) discord;
                 #inherit (withLarge.withHnix) hnix;
                 #inherit (withLarge.withNyxt) nyxt;
                  plasma5 = plasma5Packages;
                  inherit (libsForQt5) kdeFrameworks;
                };
              in overlaySets // overlayPkgs // {
                inherit overlaySets overlayPkgs;
                pkgsParent = final;
              };
              __functor = x: x.value;
              name = "pins";
            }];
          };
        };
        name = "index";
      }];
    });

    forAllSystems = f: lib.genAttrs allSystems (system: f {
      inherit system;
      pkgs = (pkgsForSystem system).withPins;
      inherit (pkgs) lib;
    });

    inputMap = let
      tryGetValue = res: if res.success then res.value else null;
    in {
      n1 = lib.mapAttrsToList lib.nameValuePair inputs;

      n2 = let
        s0 = inputs // { self = {}; };
        s1 = lib.mapAttrs (k: v: v.inputs) (lib.filterAttrs (k: v: v ? inputs) s0);
        s2 = lib.mapAttrsRecursiveCond (s: !(s ? outPath)) (n: i: lib.nameValuePair (lib.concatStringsSep "." n) i) s1;
      in lib.concatMap lib.attrValues (lib.attrValues s2);

      n3 = lib.const [] (let # broken (but why?)
        s0 = inputs // { self = {}; };
        s1 = lib.mapAttrs (k: v: v.inputs) (lib.filterAttrs (k: v: v ? inputs) s0);
        s2 = lib.mapAttrsRecursiveCond (s: !(s ? outPath)) (n: i: lib.nameValuePair (lib.concatStringsSep "." n) i) s1;
        s3 = lib.concatMap lib.attrValues (lib.attrValues s2);
        s4 = lib.mapAttrs (k: v: v.inputs) (lib.filterAttrs (k: v: v ? inputs) (lib.listToAttrs s3));
        s5 = lib.mapAttrsRecursiveCond (s: !(s ? outPath)) (n: i: lib.nameValuePair (lib.concatStringsSep "." n) i) s4;
        s6 = lib.concatMap lib.attrValues (lib.attrValues s5);
      in tryGetValue (builtins.tryEval (lib.concatMap lib.attrValues (lib.attrValues s6))));
    };

    inherit (inputs.self.passthru) secrets;
  in {
    nixosConfigurations = builtins.mapAttrs (host: node: {
      config = node.configuration;
    }) inputs.self.defaultPackage.x86_64-linux.config.nodes;

    homeConfigurations = lib.genAttrs (builtins.attrNames inputs.self.nixosConfigurations)
      (host: inputs.self.nixosConfigurations.${host}.config.home-manager.users) //
    {
      epsilon = forAllSystems ({ pkgs, system, ... }:
        let
          inherit (pkgs) pkgsStatic nix nix-static termonad-with-packages;
          flakeModules = import ./modules/home-manager.nix;
        in inputs.home.lib.homeManagerConfiguration rec {
          pkgs = pkgsStatic // {
            nixFlakes = nix;
            termonad = termonad-with-packages;
          };
          configuration = {
            _module.args = rec {
              pkgsPath = pkgs.path;
              inherit pkgs;
              nixosConfig = {
                services.aria2.rpcSecret = "";
                networking.hostName = "epsilon";
              };
              flake = inputs.self;
            };
            nixpkgs = {
              inherit config system;
            };
            home.packages = with pkgs; [ nixFlakes termonad ];
            imports = flakeModules ++ [ ./users/aion.nix ];
          };
          inherit system;
          homeDirectory = "/home/${username}";
          username = "aion";
        }
      );
    };

    legacyPackages = forAllSystems ({ pkgs, ... }: pkgs);

    overlay = import ./pkgs;

    overlays = let
      diffTrace = left: right: string: value: if left != right then trace string value else value;
      silentKeys = [ "config" "system" "path" "stdenv" "lib" ];

      channelOverlay = { flake, branch }: { ${flake} = final: prev: let
        mapWarn = mapAttrs (k: v: if lib.elem k silentKeys then v
          else if lib.elem k ([ "overlaySets" ] ++ builtins.attrNames prev.overlaySets) then mapWarn v
          else diffTrace (baseNameOf inputs.${flake}) (baseNameOf prev.path) "pkgs.${k} pinned to nixpkgs/${branch}" v);
      in
        mapWarn (import inputs.${flake} { inherit (prev) config system; overlays = [(builtins.head prev.overlays)]; });
      };
      flakeOverlay = { flake, name }: { ${flake} = final: prev: let
        mapWarn = mapAttrs (k: v: if lib.elem k silentKeys then v
          else if lib.elem k ([ "overlaySets" ] ++ builtins.attrNames prev.overlaySets) then mapWarn v
          else diffTrace (baseNameOf inputs.${flake}) (baseNameOf prev.path) "pkgs.${k} pinned to ${name}" v);
      in
        mapWarn inputs.${flake}.legacyPackages.${prev.system};
      };
      inputsOverlay = builtins.listToAttrs (builtins.filter (v: v != null)
        (builtins.map (name: if inputs.${name} ? overlay then {
          name = "${name}Flake";
          value = inputs.${name}.overlay;
        } else null) (builtins.attrNames inputs)));
      configOverlay = config: final: prev: import prev.path {
        inherit (prev) system;
        overlays = [(builtins.head prev.overlays)];
        config = prev.config // config;
      };
    in lib.fold (lib.mergeAttrsNoOverride {}) {} [
      {
        broken = configOverlay { allowBroken = true; };
        insecureSSL = configOverlay { permittedInsecurePackages = [ "openssl-1.0.2u" ]; };
        sources = final: prev: inputs;
        lib = final: prev: { inherit lib; };
      }
      {
        mozilla = final: prev: import inputs.mozilla final prev;
        naersk = final: prev: { naersk = inputs.naersk.lib.${prev.system}; };
        snack = final: prev: { snack = final.callPackage "${inputs.snack}/snack-lib"; };
        napalm = final: prev: { napalm = final.callPackage inputs.napalm; };
        nix = final: prev: let inherit (prev) system; in rec {
          nixFlakes = nix;
          nixUnstable = nix;
          nix = inputs.nix.packages.${system}.nix.overrideAttrs (drv: {
            patches = (drv.patches or []) ++ [
             #(final.fetchpatch {
             #  name = "libfetcher-file.patch";
             #  url = "https://github.com/nixos/nix/pull/4153.diff";
             #  sha256 = "JfcswqOG0V5qlolxxYFOpqXJgENC4Adfk4J8r//tgfA=";
             #})
              (final.fetchpatch {
                name = "log-all-ifd.patch";
                url = "https://github.com/NixOS/nix/pull/3494.diff";
                sha256 = "OMDCAc3GalFZwdDsaOfcM07e08334yPE+e8KiyVUWYo=";
              })
            ];
            passthru = {
              inherit (inputs.nix.packages.${system}.nix) perl-bindings;
            };
          });
          nix-static = inputs.nix.packages.${system}.nix-static or null;
          nix-ipfs = inputs.nix-ipfs.packages.${system}.nix;
         #nix-ipfs-static = inputs.nix-ipfs.packages.${system}.nix-static;
        };
        hydra = final: prev: {
          hydra-unstable = final.hydra;
        };
        construct = final: prev: {
          riot-web = final.element-web;
          matrix-construct = (final.callPackage "${inputs.construct}/default.nix" { pkgs = final; }).overrideAttrs (_: {
            EXTRA_CXXFLAGS = "-mabm -mbmi";
            patchPhase = '' sed '/RB_INC_EXECUTION/d' -i ./include/ircd/stdinc.h '';
            preAutoreconf = let
              VERSION_COMMIT_CMD = "git rev-parse --short HEAD";
              VERSION_BRANCH_CMD = "git rev-parse --abbrev-ref HEAD";
              VERSION_TAG_CMD = "git describe --tags --abbrev=0 --dirty --always --broken";
              VERSION_CMD = "git describe --tags --always";
            in ''
              substituteInPlace configure.ac --replace "${VERSION_COMMIT_CMD}" "echo ${inputs.construct.rev}"
              substituteInPlace configure.ac --replace "${VERSION_BRANCH_CMD}" "echo master"
              substituteInPlace configure.ac --replace "${VERSION_TAG_CMD}" "echo ${inputs.construct.rev}"
              substituteInPlace configure.ac --replace "${VERSION_CMD}" "echo ${inputs.construct.rev}"
            '';
            src = builtins.toPath "${inputs.construct}/.";
          });
        };
      }
     #(flakeOverlay { flake = "lg400"; name = "delta/system-400-link"; })
      (channelOverlay { flake = "master"; branch = "master"; })
      (channelOverlay { flake = "staged"; branch = "staging"; })
      (channelOverlay { flake = "small"; branch = "nixos-unstable-small"; })
      (channelOverlay { flake = "large"; branch = "nixos-unstable"; })
      (channelOverlay { flake = "rel2009"; branch = "nixos-20.09"; })
      (channelOverlay { flake = "rel2003"; branch = "nixos-20.03"; })
      (channelOverlay { flake = "rel1909"; branch = "nixos-19.09"; })
      (channelOverlay { flake = "rel1903"; branch = "nixos-19.03"; })
      (channelOverlay { flake = "rel1809"; branch = "nixos-18.09"; })
      (channelOverlay { flake = "rel1803"; branch = "nixos-18.03"; })
      (listToAttrs (map
        (name: {
          name = lib.removeSuffix ".nix" name;
          value = import (./overlays + "/${name}") inputs;
        })
        (builtins.filter
          (file: lib.hasSuffix ".nix" file || file == "default.nix")
          (attrNames (readDir ./overlays)))))
      inputsOverlay
    ];

    packages = forAllSystems ({ pkgs, ... }: lib.filterAttrs (_: p:
      (lib.isDerivation p) && (p.meta.broken or null) != true
    ) pkgs.overlayPkgs);

    defaultPackage = forAllSystems ({ pkgs, system, ... }: let
      deployment = import ./deploy {
        nixpkgs = channels.patched.modules.${system};
        deploySystem = system; # By habit, system is deployer, platform is target
      } ({ config, lib, ... }: let
        inherit (config) nodes;
      in {
        defaults = { name, config, ... }: let
          evalConfig = import "${patchNixpkgs pkgs}/nixos/lib/eval-config.nix";

          getPlatform = with lib.modules; { modules, specialArgs, ... }: let
            args = { config = null; options = null; inherit lib; } // specialArgs;
          in (mergeModules [] (collectModules "" modules args)).matchedOptions.platform.value;

          nixos = with inputs.self.nixosModules; let
            base = hosts.${system}.${name} or null;
            platform = getPlatform base;
          in if base == null then hosts.${system}.image else hosts.${platform}.${name};

          vmsystem = { modules, pkgs, specialArgs, ... }: {
            system.build.vm = (evalConfig {
              inherit specialArgs;
              inherit (pkgs) system;
              modules = modules ++ [
                (import "${channels.modules}/nixos/modules/virtualisation/qemu-vm.nix")
              ];
            }).config.system.build.toplevel;
          };

          linkage = { config, pkgs, ... }: let
            systems = builtins.mapAttrs (host: _: with inputs.self;
              let platform = getPlatform nixosModules.hosts.${system}.${host};
              in defaultPackage.${platform}.config.nodes.${host}.configuration
            ) nodes;
          in {
            options.system.linkOtherSystems = lib.mkOption {
              type = lib.types.bool;
              default = true;
              description = "Whether to link other flake nodes to the system derivation.";
            };

            # Link raw hosts on each host (non-recursively)
            config.system = {
              extraSystemBuilderCmds = lib.mkIf config.system.linkOtherSystems (''
                mkdir -p $out/flake/hosts

                # Link other hosts (nonrecursively)
                ${lib.concatMapStringsSep "\n" ({ name, value }: ''
                  ln -s '${value.system.build.toplevel}' "$out/flake/hosts/${name}"
                '') (lib.mapAttrsToList lib.nameValuePair systems)}

                # Link host containers
                ${lib.concatMapStringsSep "\n" (host@{ name, value }: ''
                  mkdir -p $out/flake/container/${name}
                  ${lib.concatMapStringsSep "\n" (container@{ name, value }: ''
                    ln -s '${value.config.system.build.toplevel}' "$out/flake/container/${host.name}/${name}"
                  '') (lib.mapAttrsToList lib.nameValuePair value.containers)}
                '') (lib.mapAttrsToList lib.nameValuePair systems)}
              '');
            };
          };

         ifdroots = { config, pkgs, ... }: {
            config.system.extraDependencies = [
              channels.patched.modules.${system}
            ];
          };
        in {
          options = {
            configuration = lib.mkOption {
              type = lib.types.submoduleWith {
                inherit (nixos) modules;
              };
            };
          };

          config = {
            host = "root@${nixos.specialArgs.hosts.wireguard.ipv4.${name}}";

            configuration = {
              imports = [
                ifdroots
               #linkage # TODO: figure out how to make this work
                vmsystem
              ];
              config = {
                secrets.baseDirectory = "/var/lib/secrets";
                _module.args = nixos.specialArgs;
              };
            };

            # Filter out "added to list of known hosts" spam from output
            deployScriptPhases.filter-known-hosts = lib.dag.entryBefore ["copy-closure"] ''
              # Remove known hosts spam
              pipeline -w { ${pkgs.gnugrep}/bin/grep --line-buffered -v "list of known hosts" }
              fdswap 1 2
              pipeline -w { ${pkgs.gnugrep}/bin/grep --line-buffered -v "list of known hosts" }
              fdswap 2 1
            '';

            # Git tag all systems and deployments
            deployScriptPhases.git-tag = let
              inherit (config.configuration) system;
            in lib.dag.entryAfter ["trigger-switch"] ''
              foreground {
                backtick -i -n systemstorepath { basename "${system.build.toplevel.outPath}" }
                importas -i systemstorepath systemstorepath
                define systempath "nix/store/''${systemstorepath}"
                importas -i id ID
                define systemnum "${name}/system-''${id}"
                fdswap 1 2
                foreground { echo Tagging $systempath }
                foreground { ${pkgs.git}/bin/git tag $systempath "${system.configurationRevision}" }
                foreground { echo Tagging $systemnum }
                foreground { ${pkgs.git}/bin/git tag $systemnum "${system.configurationRevision}" }
                exit 0
              }
            '';

            privilegeEscalationCommand = []; # already root

            successTimeout = lib.mkDefault 120;
            switchTimeout = lib.mkDefault 120;

            ignoreFailingSystemdUnits = true;
            systemSwitcherDir = "/nix/node/";

            dirty = ! (inputs.self ? rev);
          };
        };

        nodes = let
          hosts = builtins.attrNames inputs.self.nixosModules.hosts.${system};
        in (lib.genAttrs hosts (_: {})) // {
          delta.hasFastConnection = true; # it's local!
          delta.rollbackOnFailure = false; # accidentally rebooting this gets annoying
          image.enabled = false;
          zeta.panicAction = "false"; # we shouldn't reboot this carelessly
          zeta.hasFastConnection = true;
          zeta.successTimeout = 240; # Zeta seems very slow...
          zeta.switchTimeout = 240; # maybe due to wireguard reloading?
        };

        ssh.access = let
          collapse = attrs: lib.fold (a: b: a // b) {}
            (builtins.concatMap builtins.attrValues (builtins.attrValues
              (lib.mapAttrs (u: lib.mapAttrs (t: v: {
                "${u}-${t}" = v;
              })) attrs)));
        in lib.mkIf false {
          delta = {
            hostKeys = lib.genAttrs [ "rsa" "ecdsa" "ed25519" "dsa" ] (type:
              lib.removeSuffix "\n" (builtins.readFile "${secrets.keyDir}/deltassh/ssh_host_${type}_key.pub")
            );
            keys = collapse {
              bao = {
                rsa = {
                  publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQC/Ca5MUwmHMZt4sH/xLAq20X12xDj2bSqg88thxWLvpqnLpLEJmpasaHKRRh9O6E/NE0Zsn45dsTuvB9/otoDGdstYX2VZyi3UBIWp3BjxdbvmMrbhvpihiZl6rAFXU45/LM/4PvraLic2ZXuOGFqoLcnKDAvCATJsQfUGcEnM0YJVcFLjA4sSPHarSoSHFxZ90RXVmW8m5sfNCsMMo3jCMgE49zlWhcrKfp/FfpIlKMytTDdb+JE0JIsR+28oxJtL63wTbO9p2zFS8geNPVMfj8+Ge4bb0YWroBNGaMo3cHcdtquWWvTzZxWJu+AiSlZIWcP6aOhOoRiFrCWIYBP91dtARm2+OXIpUNAT+yPR+YQ4BAUNxYyBZO3hTH47cq2dC4NAQVcjuUb5VLoRAOAl+DzHSj7FNFGo49CxE/eDlhoXzmgP28N5tDktZYYstrr4j/KAZPYzGW8tB6s/VhhiCGFgZQXq2irH2UtU3Amr7cw0Wiiuyoe4x67dUB+sy3yT5jle/dLe0U9qgAiFTptix1QpjDaT8dFYQsi0kzXlSUEB05pmnCjM2n9eksdtF5kggLDNQ3VKH+LRN/rd5JKJsMJn9Lxr9nO3x+x+fhBurthumrDB2S3oqEOWQDxJ+JaZi5mshzZ2bB4lSXGB5aYjaBSk49EmlrNo8dUUXpZFT9mePx8BIC73XtoEsFgH9kpvHqHxOaBBO3wsxWekbS5bzi2KkBWxMAHq/fVV37iNaDHnldEn9DGDIQb6fQnjLkWbwNRBsdZxqfJGBqVpUNVbsS4BOFoa7yxnCZ6OgxzXpScoyeTxgM1nDALRnwee2d+3GrKHzE23Db6tIwUUeHEkcNwY2L6MW6Z2Onv2T9+V0IITe16EV+TcTc04DQ2XtnVEqUfqK5NZX0wpDuO0Bw0cJrbxJy3lk1PbnUnP/slfRgB4yOvkA0zRrer27EiyRsQe9QSfcmcpIK66+UncYqTFZ/qJFBdupn2ruYaDfCq/G8HyNsm7fXJLgsnGrAfEqUlBabbmLBdSvPqWpkMCjmmX7tMvTTWV5/IdFo0NVPQ7VBdZrRoPbYOQetZqr6S1tkKvpISrBKMRXXgaCcegnqWKqomZsFWcTnhyV0vCJM16IaNp++2rqw426hvpm2F+hhUzDa7CP/+HKvo0ucwC1u24CX75eT/pEP7WuINNMEx1y+/VxyeWscAK89NYa2YGBzqBEJ9+0QVFNYye/baaNn1dNEuPk49bkM7g3LTp8ae+J+5dAb3QsKMxL/bssFzAc+7M5+LFQDFpWtxkzkB5+X9HzMtVbsgDk9CDgn56OfkpzjFR7PeDUcKeFWeccWHRMOyXVX1daoUTeDIpESID2FnR bao@delta";
                  hasAccessTo.zeta.bao = true;
                };
                ecdsa = {
                  publicKey = "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAEY1DRzmt77NPp64/DEkuPwdOd5yzchRBDmZJBvu+ip42tV3c1FdDNs/7ictpROqfm/Nkh6D/mmbQV+MI2Aa1H66AC+8/wMJl/fkfSEeX6Z6thVM7oC6a2kXuJjlZNF5wQngTP5AWydEFacuZduW+Ir2++IVFyjtIVOR/lumtdzuvi5/A== bao@delta";
                  hasAccessTo.zeta.bao = true;
                };
                ed25519 = {
                  publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvcvk1nLYImKqjhL8HdAb1sM2vXcEGu+rMZJ8XIG4H7 bao@delta";
                  hasAccessTo.zeta.bao = true;
                };
                gpg = {
                  publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDX40Dm37dDdxreqQxQ+bd9c9mNXfSqC5k3Rrf4iQHy7OdzsQD0qngHFdcq2dG0d4sYeHeyJGYHPbtwNYb0AED/zDVgfuiW6+xYSW+apg5Hc2EfktxxmVbRXqq8SoWUP9CtwJLIw0Q4vBiWBKT367VlXnWJ5ob8bwhfRlK7Sk4595Mm2Wp98sgMXdcQbFc+nQ+TYyYnkIYv63g3Lyxi8NQKWGwh2zspGl2rbDVJrtr196bSd3leZhD/v+YquqO2Saf9DZCmDMJmw4rUWZ84rkUZ0lB5eSICfQZAl5UxpnorWutLDxjuFOc/7H6iSGFRNjQ/fM8Jh2dxDm3XWxWp+E+F9q5Q9bsziL+zwxkAL2SvWULhmAALbLMqEC2qkPU9ccqRRBteGIRt/ix+J87lImz6Zp2UqSYFe2GpwP+NtMB8TyMaDUOni+L/NGw7o/EvAm7K7tH6OJW5vSC7e8P5lLc825SHlJdfn5L2aAfD+vr8rZv4L9uy1isJTMvVDRp4CLHwsw+xn4XfnfvsNtWNyVoAfi7NN3+jtCGlpNckj+5ylaQcgGuFbQUJ7jhsUGDYRSvX3wWaRBD94Pi+XS1jUTLyRmIbgcbiSeyzx2fZm1saQAb3MSF9yf0ibCJlTJ3JMLfqlDYP6Yl64bQ67T8QcYvDSUurqh+T6AN83SF6aHT3HQ== gpg";
                  hasAccessTo.zeta.bao = true;
                };
              };
            };
          };
          zeta = {
            hostKeys = lib.genAttrs [ "rsa" "ecdsa" "ed25519" "dsa" ] (type:
              lib.removeSuffix "\n" (builtins.readFile "${secrets.keyDir}/zetassh/ssh_host_${type}_key.pub")
            );
            keys = collapse {
            };
          };
        };

        vpn.networks = {
          # TBC
        };
      });
    in pkgs.runCommandLocal "deployment" {
      outputs = [ "out" "systems" ] ++ builtins.attrNames (
        lib.filterAttrs (_: n: n.enabled) deployment.config.nodes
      );
      passthru = deployment;
    } ''
      mkdir -p $(dirname $out)
      ln -s ${deployment.config.deployScript} $out
      ${lib.concatStringsSep "" (lib.mapAttrsToList (host: node: if node.enabled then ''
        ln -s ${node.nodeDeployScript} ''$${host}
        mkdir -p $systems
        ln -s ${node.configuration.system.build.toplevel} $systems/${host}
      '' else "") deployment.config.nodes)}
    '');

    apps = forAllSystems ({ pkgs, system, ... }: {
      epsilon = rec {
        type = "app";
        inherit (inputs.self.homeConfigurations.epsilon.${system}) activationPackage;
        program = (pkgs.writeShellScript "reconfigure-epsilon" ''
          echo Deploying ${activationPackage}
          export HOST=epsilon
          export NIX_SSHOPTS="-o StrictHostKeyChecking=no"
          nix copy --to ssh://$HOST '${activationPackage}' \
            && ssh $NIX_SSHOPTS $HOST -t \
              sh -c ". $HOME/.nix-profile/etc/profile.d/nix.sh && \
                exec ${activationPackage}/activate $@"
        '').outPath;
      };
      zeta = rec {
        type = "app";
        inherit (inputs.self.nixosConfigurations.zeta.config.system.build) toplevel;
        program = (pkgs.writeShellScript "test-zeta" ''
          echo Deploying ${toplevel}
          export HOST=${inputs.self.passthru.secrets.hosts.wireguard.ipv4.zeta}
          export NIX_SSHOPTS="-o StrictHostKeyChecking=no"
          nix copy --to ssh://root@$HOST '${toplevel}' \
            && ssh $NIX_SSHOPTS root@$HOST -t \
              exec ${toplevel}/bin/switch-to-configuration test $@
        '').outPath;
      };
      delta = rec {
        type = "app";
        inherit (inputs.self.nixosConfigurations.delta.config.system.build) toplevel;
        program = (pkgs.writeShellScript "test-delta" ''
          echo Deploying ${toplevel}
          exec doas ${toplevel}/bin/switch-to-configuration test $@
        '').outPath;
        bao = rec {
          type = "app";
          inherit (inputs.self.homeConfigurations.delta.bao.home) activationPackage;
          program = (pkgs.writeShellScript "test-delta-bao" ''
            echo Deploying ${activationPackage}
            exec ${activationPackage}/activate $@
          '').outPath;
        };
      };
    });

    defaultApp = forAllSystems ({ system, ... }: inputs.self.apps.${system}.delta);

    nixosModules = let
      mergeAll = lib.fold lib.recursiveUpdate {};
      pathsToAttrs = map (file:
        let cleanFile = lib.removeSuffix ".nix" (lib.removePrefix "${toString ./.}/" (toString file));
        in lib.setAttrByPath (lib.splitString "/" cleanFile) (import file)
      );
      nixFilesOf = builtins.filter (lib.hasSuffix ".nix");

      moduleList = (import ./modules/nixos.nix)
        ++ (import ./modules/home-manager.nix);

      profilesList = (lib.filesystem.listFilesRecursive ./profiles)
        ++ (builtins.filter (f: ! builtins.hasAttr (builtins.baseNameOf f) (builtins.readDir ./users))
                            (lib.filesystem.listFilesRecursive ./users));
    in (mergeAll (pathsToAttrs (nixFilesOf moduleList)))
    // (mergeAll (pathsToAttrs (nixFilesOf profilesList)))
    // {
      hosts = forAllSystems ({ pkgs, system, ... }: (let
        usr = {
          tools = import ./lib/utils.nix {
            inherit lib;
          };
          elisp = import ./lib/elisp.nix {
            inherit lib;
            pkgs = channels.lib.legacyPackages.${system};
          };
          dag = let dagLib = import ./lib/dag.nix lib lib;
          in dagLib.dag // { inherit (dagLib) types; };
          units = {
            kilobytes = b: b * 1024;
            megabytes = k: k * 1024;
            gigabytes = m: m * 1024;
          };
          inherit (inputs.self.passthru) secrets;
        };

        modulesFor = hostName: appendModules: let
          specialArgs = {
            inherit usr;
            flake = inputs.self;

            inherit (secrets) hosts domains;

            modules = modules ++ [
              { _module.args = specialArgs; }
            ];
            inherit extraModules;
          };

          # External modules
          inherit (inputs.home.nixosModules) home-manager;
          inherit (inputs.dwarffs.nixosModules) dwarffs;
          inherit (inputs.guix.nixosModules) guix;
          inherit (inputs.construct.nixosModules) matrix-construct;
          inherit (inputs.agenix.nixosModules) age;
          hydra = "${inputs.hydra}/hydra-module.nix";
          funkwhale = inputs.funkwhale.nixosModule;

          # Some common basic stuff
          core = ./profiles/core.nix;

          # The flake-ier common basic stuff
          global = {
            environment.pathsToLink = [ "/share/bios" ];

            documentation.nixos.extraModuleSources = [./.]
              ++ lib.mapAttrsToList (_: x: x.outPath) inputs;

            nix.package = lib.mkDefault pkgs.nixFlakes;
            nix.registry = lib.mapAttrs (id: flake: {
              inherit flake;
              from = { inherit id; type = "indirect"; };
            }) (inputs // { nixpkgs = inputs.master; });
            nix.nixPath = lib.mapAttrsToList (k: v: "${k}=${toString v}") {
              nixpkgs = "${channels.pkgs}/";
              nixos = "${inputs.self}/";
              home-manager = "${inputs.home}/";
              self = "/run/current-system/flake/input/self/";
              flake = "/srv/git/github.com/bqv/nixrc";
            };

            system.configurationRevision = inputs.self.rev or "dirty";
            system.nixos.versionSuffix = let inherit (inputs) self;
              date = lib.substring 0 8 (self.lastModifiedDate or "19700101");
              rev = self.shortRev or "dirty";
            in lib.mkForce ".${date}.${rev}";

            system.extraSystemBuilderCmds = (''

              mkdir -p $out/flake/input

              # Link first-class inputs
              ${lib.concatMapStringsSep "\n" ({ name, value }: ''
                ln -s '${value}' "$out/flake/input/${name}"
              '') inputMap.n1}

              # Link second-class inputs
              ${(lib.concatMapStringsSep "\n" ({ name, value }: ''
                ln -s '${value}' "$out/flake/input/${name}"
              '') inputMap.n2)}

              # Link third-class inputs (skipped)
              ${lib.concatMapStringsSep "\n" ({ name, value }: ''
                ln -s '${value}' "$out/flake/input/${name}"
              '') inputMap.n3}

            '');

            system.activationScripts.etcnixos = ''
              rm -f /etc/nixos && \
              ln -sfn /run/current-system/flake/input/self /etc/nixos || \
              true
            '';
          };

          # Host-specific basic stuff
          host = {
            environment.etc."machine-id".text = builtins.hashString "md5" hostName;

            networking = { inherit hostName; };
          };

          # Nixos eval settings
          nixpkgs = { config, ... }: {
            config.nixpkgs = {
              inherit pkgs;
              system = config.platform;
            };
          };

          # Amend home-manager (inject modules, set common stuff)
          home = { config, ... }: {
            options.home-manager.users = lib.mkOption {
              type = with lib.types; attrsOf (submoduleWith {
                inherit specialArgs;
                modules = let
                  flakeModules = import ./modules/home-manager.nix;
                  nixProfile = { lib, ... }: {
                    home.activation.disableNixEnv = lib.hm.dag.entryBefore ["installPackages"] ''
                      alias nix-env=true
                    '';
                    home.activation.installPackages = lib.mapAttrs (k: v: lib.mkForce v) (lib.hm.dag.entryAnywhere "true");
                  };
                  baduk = {
                    imports = [ (import inputs.baduk) ];
                   #baduk.sabaki.enable = false; # needs flake-ification patches
                    baduk.sabaki.engines = lib.mkDefault [];
                   #baduk.gnugo.enable = false;
                   #baduk.katago.enable = false;
                   #baduk.leela-zero.enable = false;
                  };
                  impermanence = import "${inputs.impermanence}/home-manager.nix";
                in flakeModules ++ [
                  nixProfile
                  baduk
                ];
              });
            };

            config.home-manager = {
              useUserPackages = true;
              useGlobalPkgs = true;
              verbose = true;
            };
          };

          # Hack in the gnupg secrets module (fix docbook)
          gnupg = import "${inputs.pr93659}/nixos/modules/security/gnupg.nix";

          # Plug in the impermanence module (not a flake :<)
          impermanence = import "${inputs.impermanence}/nixos.nix";

          # Set up any other pull request modules
          iwd = { config, ... }: let
            iwdModule = "services/networking/iwd.nix";
          in {
            disabledModules = [ iwdModule ];
            imports = [
              (import "${inputs.pr75800}/nixos/modules/${iwdModule}" {
                inherit config pkgs;
                lib = let
                  iwdLib = import "${inputs.pr75800}/lib/default.nix";
                in lib // {
                  types = {
                    inherit (iwdLib.types) fixedLengthString lengthCheckedString;
                  } // lib.types;
                };
              })
            ];
          };

          # Our modules
          flakeModules = import ./modules/nixos.nix;

          # Actual host config
          configuration = import "${toString ./hosts}/${hostName}";

          # Modules to propagate to containers
          extraModules = [
            core global
          ];

          # Final modules set
          modules = flakeModules ++ extraModules ++ [
            home nixpkgs iwd gnupg
            home-manager dwarffs matrix-construct hydra
            impermanence age guix funkwhale
          ];
        in {
          inherit system specialArgs;
          modules = modules ++ [
            host configuration
          ] ++ appendModules;
        };

        forEachHost = do: usr.tools.recImport {
          # Build a nixos system for each dir in ./hosts using modulesFor
          dir = ./hosts;
          _import = do;
        };
      in forEachHost (host: let
        pkgs = channels.modules.legacyPackages.${system};
      in modulesFor host [])));
    };

    devShell = forAllSystems ({ system, ... }:
      let
        pkgs = import channels.pkgs { inherit system; overlays = [ inputs.devshell.overlay ]; };
        mkDevShell = configuration: (pkgs.devshell.eval { inherit configuration; }).shell;
      in mkDevShell {
        packages = with pkgs; let
          git-crypt = pkgs.git-crypt.overrideAttrs (attrs: rec {
            worktreePatch = fetchurl {
              name = "support-worktree-simple-version.patch";
              url = "https://github.com/AGWA/git-crypt/files/2771938/git-crypt-support-worktree-simple-version-patch.txt";
              sha256 = "1k477m6g3zjdarjr38lndh0kpgkp0yi8lg2iqdispfd4c85krrax";
              # date = 2021-01-29T23:45:21+0000;
            };
            patches = [ worktreePatch ];
          });
        in [
          git git-crypt git-secrets nixfmt
        ];

        env = with pkgs; let
          nixConf = ''
            ${lib.optionalString (builtins.pathExists /etc/nix/nix.conf)
              (builtins.readFile /etc/nix/nix.conf)}
            experimental-features = nix-command flakes ca-references
            print-build-logs = true
            access-tokens = "github.com=${secrets.git.github.oauth-token}"
          '';
        in [{
          name = "NIX_CONF_DIR";
          value = "${linkFarm "nix-conf-dir" ( [
            { name = "nix.conf"; path = writeText "flakes-nix.conf" nixConf; }
            { name = "registry.json"; path = /etc/nix/registry.json; }
            { name = "machines"; path = /etc/nix/machines; }
          ] )}";
        }];

        commands = [{
          name = "forecast";
          category = "automation";
          command = ''
            export ARGS="$*"
            REPO=$(
              nix build --impure --json --no-link '.#lib.forecast' \
              | jq '.[] | .outputs.out' -r \
            )
            git fetch $REPO substrate:substrate
            git branch -f substrate FETCH_HEAD
          '';
        }];

        motd = "";
      }
    );

    passthru = rec {
      inherit inputs channels config allSystems inputMap patchNixpkgs;
      patchedPkgs = forAllSystems ({ system, ... }:
        patchNixpkgs (channels.modules.legacyPackages.${system})
      );

      #$ git config secrets.providers "nix eval --raw .#passthru.textFilter"
      textFilter = with inputs.priv.lib.textFilter { inherit lib; }; lines;
      inherit (inputs.priv.lib) secrets;

      forecast = let
        inherit (channels.pkgs.legacyPackages.${builtins.currentSystem}) pkgs;
        date = builtins.readFile (pkgs.runCommandLocal "forecast-name" {
          nonce = builtins.currentTime;
        } "date -Iminutes | tr 'T\\-:' '---' | cut -d+ -f1 | tr -d '\n' > $out");
      in pkgs.runCommandLocal "forecast-${date}" rec {
        repo = builtins.getEnv "PWD";
        inputs = builtins.getEnv "ARGS";
        buildInputs = [ pkgs.git pkgs.nixUnstable pkgs.cacert ];
        PAGER = "cat";
        GIT_AUTHOR_NAME = "ci";
        GIT_AUTHOR_EMAIL = "nix@system";
        GIT_COMMITTER_NAME = "systemd";
        GIT_COMMITTER_EMAIL = "timer@service";
        __noChroot = true;
      } ''
        git clone $repo $out
        export NIX_REMOTE=local?real=$PWD/nix/store\&store=/nix/store
        export NIX_STATE_DIR=$PWD/nix/var NIX_LOG_DIR=$PWD/nix/var/log
        export HOME=$PWD
        cd $out
        git switch -c substrate live
        git commit-tree -m "merge: live" -p HEAD -p origin/live origin/live:
        git reset --hard origin/live
        for INPUT in $inputs; do
          nix flake update --update-input $INPUT \
            --experimental-features "nix-command flakes ca-references"
          git commit -m "flake(lock): autoupdate $INPUT" flake.lock
        done
      '';
    };

    hydraJobs = rec {
      deployment = forAllSystems ({ system, ... }:
        inputs.self.defaultPackage.${system}
      );
    };
  };
}

More Repositories

1

weechat-xmpp

C++
19
star
2

guix

A package and module for using GNU Guix on Nix(OS). Kinda more a code dump than for actual use. See fork
Nix
15
star
3

weechat-slack

Weechat plugin for Slack | Fork at your own risk
C
5
star
4

ntris

This Application is a Tetris game extended to 4 dimension. The visulaization uses OpenGL and GLUT.
C
4
star
5

earl

A cobouncer (load-balancing IRC multiplexer)
Erlang
3
star
6

hebi

A node for the Hydra Decentralised IRC Bot
C++
3
star
7

wmonad

A wayland compositor based on https://github.com/michaelforney/swc
Haskell
3
star
8

carbon

An IRC Bouncer in Rust
Rust
3
star
9

ffnn

A FeedForward Neural Network under a Genetic Algorithm, in Haskell
Haskell
2
star
10

fnp2

A C++ Template Metaprogramming library and sandbox
C++
2
star
11

ircat

Linux utility to stream text to IRC channels
C
2
star
12

sadaharu

Modular python irc bot
Python
2
star
13

.dotfiles

Home Directory
Vim Script
2
star
14

mako

Haskell IRC bot
Haskell
2
star
15

weechat

Weechat++ - A Weechat Relay Client for Windows
C
2
star
16

apparmor-nix

Alternative apparmor nixos infrastructure flake
Nix
2
star
17

BotBot

IRC Bot managing IRC Bot
Python
1
star
18

echecs

Half an IRC bot
C++
1
star
19

ldap-forwardauth

LDAP forward auth server for my domain(s)
HTML
1
star
20

ougi

Clojure IRC bot
Clojure
1
star
21

session

User Daemon Tree
C
1
star
22

OrgSyn

Organic Synthesis
Java
1
star
23

Symmetry

Bracket counting IRC bot
C
1
star
24

xontribs

Flake for xonsh contributed packages
Nix
1
star
25

gummi-vim

A fork of Gummi to use GVim as an editor
C
1
star
26

aoc

Advent of Code
Rust
1
star
27

asciibrot-rs

A Fractal viewer in Rust
Rust
1
star
28

weechat-extras

Package Repositories | Extra functionality plugins for weechat
1
star
29

cv

Curriculum Vitae
TeX
1
star