feat(nix): integrate cratesNix across Darwin and home modules

2026-01-23 16:27:52 +05:30
parent 0a2ad32dfb
commit 869778df2a
12 changed files with 84 additions and 44 deletions
--- a/darwin/default.nix
+++ b/darwin/default.nix
@@ -3,6 +3,7 @@
  inputs,
  nix-darwin,
  overlays,
+  nixpkgs,
  ...
 }: (builtins.mapAttrs (
    name: device:
@@ -11,6 +12,7 @@
        specialArgs = {
          inherit device inputs;
          stablePkgs = inputs.nixpkgs-stable.legacyPackages.${device.system};
+          cratesNix = inputs.crates-nix.mkLib {pkgs = nixpkgs.legacyPackages.${device.system};};
        };
        modules = [
          inputs.home-manager.darwinModules.home-manager
--- a/darwin/kuro/configuration.nix
+++ b/darwin/kuro/configuration.nix
@@ -28,7 +28,7 @@
      extra-nix-path = nixpkgs=flake:nixpkgs
      builders-use-substitutes = true
    '';
-    package = pkgs.nixVersions.latest;
+    package = pkgs.nixVersions.nix_2_32;
    buildMachines = [
      ../../builders/tako.nix
      ../../builders/shiro.nix
--- a/flake.lock
+++ b/flake.lock
@@ -595,10 +595,10 @@
    "crates-io-index_2": {
      "flake": false,
      "locked": {
-        "lastModified": 1763363725,
-        "narHash": "sha256-cxr5xIKZFP45yV1ZHFTB1sHo5YGiR3FA8D9vAfDizMo=",
+        "lastModified": 1769156654,
+        "narHash": "sha256-sARuZUnbpOTz6FBpO1j1TlLdA4Wj7bcZc0vTLJhOBzc=",
        "ref": "refs/heads/master",
-        "rev": "0382002e816a4cbd17d8d5b172f08b848aa22ff6",
+        "rev": "fa8b4a3aa55113e4e9e504aaae8d6b7ebd0db564",
        "shallow": true,
        "type": "git",
        "url": "https://github.com/rust-lang/crates.io-index"
@@ -632,7 +632,9 @@
    },
    "crates-nix_2": {
      "inputs": {
-        "crates-io-index": "crates-io-index_2"
+        "crates-io-index": [
+          "crates-io-index"
+        ]
      },
      "locked": {
        "lastModified": 1763364255,
@@ -3492,6 +3494,7 @@
        "anyrun-rink": "anyrun-rink",
        "arion": "arion",
        "command-runner": "command-runner",
+        "crates-io-index": "crates-io-index_2",
        "crates-nix": "crates-nix_2",
        "csshacks": "csshacks",
        "d2": "d2",
--- a/flake.nix
+++ b/flake.nix
@@ -230,7 +230,14 @@
      url = "github:xatuke/handoff";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    crates-nix.url = "github:uttarayan21/crates.nix";
+    crates-io-index = {
+      url = "git+https://github.com/rust-lang/crates.io-index?shallow=1";
+      flake = false;
+    };
+    crates-nix = {
+      url = "github:uttarayan21/crates.nix";
+      inputs.crates-io-index.follows = "crates-io-index";
+    };
    headplane = {
      url = "github:tale/headplane";
      inputs.nixpkgs.follows = "nixpkgs";
--- a/home/default.nix
+++ b/home/default.nix
@@ -35,26 +35,6 @@
    username = device.user;
    homeDirectory = lib.mkForce device.home;

-    file = {
-      ".config/fish/themes".source = pkgs.catppuccinThemes.fish + "/themes";
-      ".cargo/config.toml".text =
-        # toml
-        ''
-          [alias]
-          lldb = ["with", "rust-lldb", "--"]
-          t = ["nextest", "run"]
-
-          [net]
-          git-fetch-with-cli = true
-
-          [registries.catscii]
-          index = "https://git.shipyard.rs/catscii/crate-index.git"
-
-          [http]
-          user-agent = "shipyard J0/QFq2Sa5y6nTxJQAb8t+e/3qLSub1/sa3zn0leZv6LKG/zmQcoikT9U3xPwbzp8hQ="
-        '';
-    };
-
    sessionVariables = {
      EDITOR = "nvim";
      SHELL = "${pkgs.bash}/bin/bash";
--- a/home/module.nix
+++ b/home/module.nix
@@ -1,6 +1,7 @@
 {
  device,
  inputs,
+  pkgs,
  ...
 }: {
  nixpkgs.config.allowUnfree = true;
@@ -12,6 +13,7 @@
      inherit inputs;
      inherit device;
      stablePkgs = inputs.nixpkgs-stable.legacyPackages.${device.system};
+      cratesNix = inputs.crates-nix.mkLib {inherit pkgs;};
    };
    users.${device.user}.imports = [
      inputs.nixvim.homeModules.nixvim
--- a/home/programs/cargo.nix
+++ b/home/programs/cargo.nix
@@ -0,0 +1,21 @@
+{cratesNix, ...}: {
+  home.file.".cargo/config.toml".text =
+    # toml
+    ''
+      [alias]
+      lldb = ["with", "rust-lldb", "--"]
+      t = ["nextest", "run"]
+
+      [net]
+      git-fetch-with-cli = true
+
+      [registries.kellnr]
+      index = "sparse+https://crates.darksailor.dev/api/v1/crates/"
+
+      [registry]
+      global-credential-providers = ["cargo:token", "/etc/profiles/per-user/fs0c131y/bin/cargo-credential-1password --account my.1password.com"]
+    '';
+  home.packages = [
+    (cratesNix.buildCrate "cargo-credential-1password" {})
+  ];
+}
--- a/home/programs/default.nix
+++ b/home/programs/default.nix
@@ -74,5 +74,6 @@
    # ./zellij.nix
    ./dysk.nix
    ./binwalk.nix
+    ./cargo.nix
  ];
 }
--- a/home/programs/fish.nix
+++ b/home/programs/fish.nix
@@ -6,6 +6,9 @@
  ...
 }:
 {
+  home.file = {
+    ".config/fish/themes".source = pkgs.catppuccinThemes.fish + "/themes";
+  };
  programs.fish = {
    enable = true;
    shellAbbrs = {
--- a/home/programs/sops.nix
+++ b/home/programs/sops.nix
@@ -12,4 +12,12 @@
    defaultSopsFormat = "yaml";
    age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
  };
+  launchd.agents.sops-nix = pkgs.lib.mkIf pkgs.stdenv.isDarwin {
+    enable = true;
+    config = {
+      EnvironmentVariables = {
+        PATH = pkgs.lib.mkForce "/usr/bin:/bin:/usr/sbin:/sbin";
+      };
+    };
+  };
 }
--- a/nixos/tako/services/kellnr.nix
+++ b/nixos/tako/services/kellnr.nix
@@ -2,11 +2,18 @@
 # -p 8000:8000 \
 # -e "KELLNR_ORIGIN__HOSTNAME=kellnr.example.com" \
 # -v $(pwd):/opt/kdata ghcr.io/kellnr/kellnr:5
-{...}: let
+# E.g. docker run -v /path/to/config.toml:/usr/local/cargo/config.toml:ro ghcr.io/kellnr/kellnr:5.2.4
+{config, ...}: let
  port = 8899;
  domain = "crates.darksailor.dev";
 in {
  sops = {
+    secrets."kellnr/password" = {};
+    secrets."kellnr/token" = {};
+    templates."kellnr.env".content = ''
+      KELLNR_SETUP__ADMIN_PWD=${config.sops.placeholder."kellnr/password"}
+      KELLNR_SETUP__ADMIN_TOKEN=${config.sops.placeholder."kellnr/token"}
+    '';
  };
  virtualisation.oci-containers = {
    backend = "docker";
@@ -20,26 +27,31 @@ in {
        environment = {
          KELLNR_ORIGIN__HOSTNAME = domain;
          KELLNR_DOCS__ENABLED = "true";
+          KELLNR_ORIGIN__PROTOCOL = "https";
+          KELLNR_ORIGIN__PORT = "443";
        };
-      };
-    };
-  };
-  services.caddy.virtualHosts."${domain}".extraConfig = ''
-    import auth
-    reverse_proxy localhost:${toString port}
-  '';
-  services.authelia = {
-    instances.darksailor = {
-      settings = {
-        access_control = {
-          rules = [
-            {
-              inherit domain;
-              policy = "one_factor";
-            }
+        environmentFiles = [
+          config.sops.templates."kellnr.env".path
        ];
      };
    };
  };
-  };
+  services.caddy.virtualHosts."${domain}".extraConfig = ''
+    # import auth
+    reverse_proxy localhost:${toString port}
+  '';
+  # services.authelia = {
+  #   instances.darksailor = {
+  #     settings = {
+  #       access_control = {
+  #         rules = [
+  #           {
+  #             inherit domain;
+  #             policy = "one_factor";
+  #           }
+  #         ];
+  #       };
+  #     };
+  #   };
+  # };
 }
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -81,6 +81,7 @@ pihole:
 nas:
    password: ENC[AES256_GCM,data:lWb/l3srLrA=,iv:SN8+ziMJZZ1F+RT6JhoqWXcr1c4pSAkiT6gYfsi2LS4=,tag:g5Whb9nV8FHrOA5/Nbg0Fw==,type:str]
 kellnr:
+    token: ENC[AES256_GCM,data:te5psUTLr8+NLsliJAgz71j8AT3BUkJ8f0eGgnsRbbk2zF9fH3cCfZbry+mmxwvhmwL8ktNexaPUixatNDrWpA==,iv:Ao6Iqr3z8/3azo9H9lPUeVwto7nQMlMuAZp4Q9fIwJE=,tag:r2FXoxgrvlaCnQlngg12qg==,type:str]
    password: ENC[AES256_GCM,data:OZkfHckKHu/EM6+PquknU+aKmyyFw5o25ZENqNGc0d/vYiNBo4FBdCZwj1W0efo43+hTgsxVj7QCDSxFgROdOg==,iv:2G3fy5dIufL7tXEgRaOGBFNaVoKbfKqcFnRiZN1I1F4=,tag:iyHQD5oXy44tL18W7Fw35g==,type:str]
 sops:
    age:
@@ -93,7 +94,7 @@ sops:
            VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
            ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-01-14T06:29:20Z"
-    mac: ENC[AES256_GCM,data:86cBNjAgiF9XBClEN0GCg74JP2O3nMzYAIkpsoU14HE2T9H1PzfDO3kzTaujfyVTw2PRfOPko8xvQrg8L8eSSAbO1h/I4Ta34L0Pc8Ud7zlDjKaa+a31nOlrdBLom1qGZytlI/IRgdBTexjMZPprsHbrS9pCwd3bUnH5YhcRBF0=,iv:s88NUl5tSq5pe3J+WI0JP0olAExkH1Gxs0KW8dzNkrY=,tag:VOKYIP3aPGON7BwNm28PQg==,type:str]
+    lastmodified: "2026-01-23T07:40:21Z"
+    mac: ENC[AES256_GCM,data:lmpI0sQJbEz0U8oxJ+gLZTfFBwCyJYdaiCmKcRU1juL7/mqyRYrB4Dh8lMMmW5I+n0Z1P0zZ5+CD/WnRXcqdZ/Yj40ZlaUgIdsH1qMImvdv1wld0OIThDWKxoTSywGcbaMz7PpAsC5FNoRo5v/uBT9y42xBXoxw8urdHCrIi21Y=,iv:KFL4fuyqv1TKg36kHxSZiiHTi4MoGEnRP5JyB6BQq78=,tag:sVbK6UwRC+f0Z3HSCtZ2qQ==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.11.0