From 869778df2abe198fd50298b2975fe2f8ada780da Mon Sep 17 00:00:00 2001 From: servius Date: Fri, 23 Jan 2026 16:27:52 +0530 Subject: [PATCH] feat(nix): integrate cratesNix across Darwin and home modules --- darwin/default.nix | 2 ++ darwin/kuro/configuration.nix | 2 +- flake.lock | 11 +++++---- flake.nix | 9 ++++++- home/default.nix | 20 ---------------- home/module.nix | 2 ++ home/programs/cargo.nix | 21 ++++++++++++++++ home/programs/default.nix | 1 + home/programs/fish.nix | 3 +++ home/programs/sops.nix | 8 +++++++ nixos/tako/services/kellnr.nix | 44 +++++++++++++++++++++------------- secrets/secrets.yaml | 5 ++-- 12 files changed, 84 insertions(+), 44 deletions(-) create mode 100644 home/programs/cargo.nix diff --git a/darwin/default.nix b/darwin/default.nix index e394f7ce..1adfe1cf 100644 --- a/darwin/default.nix +++ b/darwin/default.nix @@ -3,6 +3,7 @@ inputs, nix-darwin, overlays, + nixpkgs, ... }: (builtins.mapAttrs ( name: device: @@ -11,6 +12,7 @@ specialArgs = { inherit device inputs; stablePkgs = inputs.nixpkgs-stable.legacyPackages.${device.system}; + cratesNix = inputs.crates-nix.mkLib {pkgs = nixpkgs.legacyPackages.${device.system};}; }; modules = [ inputs.home-manager.darwinModules.home-manager diff --git a/darwin/kuro/configuration.nix b/darwin/kuro/configuration.nix index dff8587c..4a502c67 100644 --- a/darwin/kuro/configuration.nix +++ b/darwin/kuro/configuration.nix @@ -28,7 +28,7 @@ extra-nix-path = nixpkgs=flake:nixpkgs builders-use-substitutes = true ''; - package = pkgs.nixVersions.latest; + package = pkgs.nixVersions.nix_2_32; buildMachines = [ ../../builders/tako.nix ../../builders/shiro.nix diff --git a/flake.lock b/flake.lock index fbe75c10..79d3552d 100644 --- a/flake.lock +++ b/flake.lock @@ -595,10 +595,10 @@ "crates-io-index_2": { "flake": false, "locked": { - "lastModified": 1763363725, - "narHash": "sha256-cxr5xIKZFP45yV1ZHFTB1sHo5YGiR3FA8D9vAfDizMo=", + "lastModified": 1769156654, + "narHash": "sha256-sARuZUnbpOTz6FBpO1j1TlLdA4Wj7bcZc0vTLJhOBzc=", "ref": "refs/heads/master", - "rev": "0382002e816a4cbd17d8d5b172f08b848aa22ff6", + "rev": "fa8b4a3aa55113e4e9e504aaae8d6b7ebd0db564", "shallow": true, "type": "git", "url": "https://github.com/rust-lang/crates.io-index" @@ -632,7 +632,9 @@ }, "crates-nix_2": { "inputs": { - "crates-io-index": "crates-io-index_2" + "crates-io-index": [ + "crates-io-index" + ] }, "locked": { "lastModified": 1763364255, @@ -3492,6 +3494,7 @@ "anyrun-rink": "anyrun-rink", "arion": "arion", "command-runner": "command-runner", + "crates-io-index": "crates-io-index_2", "crates-nix": "crates-nix_2", "csshacks": "csshacks", "d2": "d2", diff --git a/flake.nix b/flake.nix index 20860d79..367b73bd 100644 --- a/flake.nix +++ b/flake.nix @@ -230,7 +230,14 @@ url = "github:xatuke/handoff"; inputs.nixpkgs.follows = "nixpkgs"; }; - crates-nix.url = "github:uttarayan21/crates.nix"; + crates-io-index = { + url = "git+https://github.com/rust-lang/crates.io-index?shallow=1"; + flake = false; + }; + crates-nix = { + url = "github:uttarayan21/crates.nix"; + inputs.crates-io-index.follows = "crates-io-index"; + }; headplane = { url = "github:tale/headplane"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/home/default.nix b/home/default.nix index 225ab69a..f5f8342f 100644 --- a/home/default.nix +++ b/home/default.nix @@ -35,26 +35,6 @@ username = device.user; homeDirectory = lib.mkForce device.home; - file = { - ".config/fish/themes".source = pkgs.catppuccinThemes.fish + "/themes"; - ".cargo/config.toml".text = - # toml - '' - [alias] - lldb = ["with", "rust-lldb", "--"] - t = ["nextest", "run"] - - [net] - git-fetch-with-cli = true - - [registries.catscii] - index = "https://git.shipyard.rs/catscii/crate-index.git" - - [http] - user-agent = "shipyard J0/QFq2Sa5y6nTxJQAb8t+e/3qLSub1/sa3zn0leZv6LKG/zmQcoikT9U3xPwbzp8hQ=" - ''; - }; - sessionVariables = { EDITOR = "nvim"; SHELL = "${pkgs.bash}/bin/bash"; diff --git a/home/module.nix b/home/module.nix index d912ec04..b5473b9a 100644 --- a/home/module.nix +++ b/home/module.nix @@ -1,6 +1,7 @@ { device, inputs, + pkgs, ... }: { nixpkgs.config.allowUnfree = true; @@ -12,6 +13,7 @@ inherit inputs; inherit device; stablePkgs = inputs.nixpkgs-stable.legacyPackages.${device.system}; + cratesNix = inputs.crates-nix.mkLib {inherit pkgs;}; }; users.${device.user}.imports = [ inputs.nixvim.homeModules.nixvim diff --git a/home/programs/cargo.nix b/home/programs/cargo.nix new file mode 100644 index 00000000..a7376335 --- /dev/null +++ b/home/programs/cargo.nix @@ -0,0 +1,21 @@ +{cratesNix, ...}: { + home.file.".cargo/config.toml".text = + # toml + '' + [alias] + lldb = ["with", "rust-lldb", "--"] + t = ["nextest", "run"] + + [net] + git-fetch-with-cli = true + + [registries.kellnr] + index = "sparse+https://crates.darksailor.dev/api/v1/crates/" + + [registry] + global-credential-providers = ["cargo:token", "/etc/profiles/per-user/fs0c131y/bin/cargo-credential-1password --account my.1password.com"] + ''; + home.packages = [ + (cratesNix.buildCrate "cargo-credential-1password" {}) + ]; +} diff --git a/home/programs/default.nix b/home/programs/default.nix index 09e99d0e..557bf4e2 100644 --- a/home/programs/default.nix +++ b/home/programs/default.nix @@ -74,5 +74,6 @@ # ./zellij.nix ./dysk.nix ./binwalk.nix + ./cargo.nix ]; } diff --git a/home/programs/fish.nix b/home/programs/fish.nix index c9481f3d..fa159e20 100644 --- a/home/programs/fish.nix +++ b/home/programs/fish.nix @@ -6,6 +6,9 @@ ... }: { + home.file = { + ".config/fish/themes".source = pkgs.catppuccinThemes.fish + "/themes"; + }; programs.fish = { enable = true; shellAbbrs = { diff --git a/home/programs/sops.nix b/home/programs/sops.nix index 8c48882d..2caa2735 100644 --- a/home/programs/sops.nix +++ b/home/programs/sops.nix @@ -12,4 +12,12 @@ defaultSopsFormat = "yaml"; age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt"; }; + launchd.agents.sops-nix = pkgs.lib.mkIf pkgs.stdenv.isDarwin { + enable = true; + config = { + EnvironmentVariables = { + PATH = pkgs.lib.mkForce "/usr/bin:/bin:/usr/sbin:/sbin"; + }; + }; + }; } diff --git a/nixos/tako/services/kellnr.nix b/nixos/tako/services/kellnr.nix index fd04292d..c9f57065 100644 --- a/nixos/tako/services/kellnr.nix +++ b/nixos/tako/services/kellnr.nix @@ -2,11 +2,18 @@ # -p 8000:8000 \ # -e "KELLNR_ORIGIN__HOSTNAME=kellnr.example.com" \ # -v $(pwd):/opt/kdata ghcr.io/kellnr/kellnr:5 -{...}: let +# E.g. docker run -v /path/to/config.toml:/usr/local/cargo/config.toml:ro ghcr.io/kellnr/kellnr:5.2.4 +{config, ...}: let port = 8899; domain = "crates.darksailor.dev"; in { sops = { + secrets."kellnr/password" = {}; + secrets."kellnr/token" = {}; + templates."kellnr.env".content = '' + KELLNR_SETUP__ADMIN_PWD=${config.sops.placeholder."kellnr/password"} + KELLNR_SETUP__ADMIN_TOKEN=${config.sops.placeholder."kellnr/token"} + ''; }; virtualisation.oci-containers = { backend = "docker"; @@ -20,26 +27,31 @@ in { environment = { KELLNR_ORIGIN__HOSTNAME = domain; KELLNR_DOCS__ENABLED = "true"; + KELLNR_ORIGIN__PROTOCOL = "https"; + KELLNR_ORIGIN__PORT = "443"; }; + environmentFiles = [ + config.sops.templates."kellnr.env".path + ]; }; }; }; services.caddy.virtualHosts."${domain}".extraConfig = '' - import auth + # import auth reverse_proxy localhost:${toString port} ''; - services.authelia = { - instances.darksailor = { - settings = { - access_control = { - rules = [ - { - inherit domain; - policy = "one_factor"; - } - ]; - }; - }; - }; - }; + # services.authelia = { + # instances.darksailor = { + # settings = { + # access_control = { + # rules = [ + # { + # inherit domain; + # policy = "one_factor"; + # } + # ]; + # }; + # }; + # }; + # }; } diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 93969361..3b0afc28 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -81,6 +81,7 @@ pihole: nas: password: ENC[AES256_GCM,data:lWb/l3srLrA=,iv:SN8+ziMJZZ1F+RT6JhoqWXcr1c4pSAkiT6gYfsi2LS4=,tag:g5Whb9nV8FHrOA5/Nbg0Fw==,type:str] kellnr: + token: ENC[AES256_GCM,data:te5psUTLr8+NLsliJAgz71j8AT3BUkJ8f0eGgnsRbbk2zF9fH3cCfZbry+mmxwvhmwL8ktNexaPUixatNDrWpA==,iv:Ao6Iqr3z8/3azo9H9lPUeVwto7nQMlMuAZp4Q9fIwJE=,tag:r2FXoxgrvlaCnQlngg12qg==,type:str] password: ENC[AES256_GCM,data:OZkfHckKHu/EM6+PquknU+aKmyyFw5o25ZENqNGc0d/vYiNBo4FBdCZwj1W0efo43+hTgsxVj7QCDSxFgROdOg==,iv:2G3fy5dIufL7tXEgRaOGBFNaVoKbfKqcFnRiZN1I1F4=,tag:iyHQD5oXy44tL18W7Fw35g==,type:str] sops: age: @@ -93,7 +94,7 @@ sops: VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-14T06:29:20Z" - mac: ENC[AES256_GCM,data:86cBNjAgiF9XBClEN0GCg74JP2O3nMzYAIkpsoU14HE2T9H1PzfDO3kzTaujfyVTw2PRfOPko8xvQrg8L8eSSAbO1h/I4Ta34L0Pc8Ud7zlDjKaa+a31nOlrdBLom1qGZytlI/IRgdBTexjMZPprsHbrS9pCwd3bUnH5YhcRBF0=,iv:s88NUl5tSq5pe3J+WI0JP0olAExkH1Gxs0KW8dzNkrY=,tag:VOKYIP3aPGON7BwNm28PQg==,type:str] + lastmodified: "2026-01-23T07:40:21Z" + mac: ENC[AES256_GCM,data:lmpI0sQJbEz0U8oxJ+gLZTfFBwCyJYdaiCmKcRU1juL7/mqyRYrB4Dh8lMMmW5I+n0Z1P0zZ5+CD/WnRXcqdZ/Yj40ZlaUgIdsH1qMImvdv1wld0OIThDWKxoTSywGcbaMz7PpAsC5FNoRo5v/uBT9y42xBXoxw8urdHCrIi21Y=,iv:KFL4fuyqv1TKg36kHxSZiiHTi4MoGEnRP5JyB6BQq78=,tag:sVbK6UwRC+f0Z3HSCtZ2qQ==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0