john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: john/dendritic:58066d2a084d964eb5de6a24b636ceffb52da959
Branches Tags
john/dendritic:main john/dendritic:wrappers john/dendritic:forgejo
...
compare: john/dendritic:70315d50201ea0aec7f6d42ec8b0e7560a5207ee
Branches Tags
john/dendritic:wrappers john/dendritic:forgejo john/dendritic:main

4 Commits
58066d2a08 ... 70315d5020

Author SHA1 Message Date
John Lancaster 70315d5020 nvim-web-devicons 2026-04-12 23:21:57 -05:00
John Lancaster 7080410c0c more writeShellApplication 2026-04-12 23:21:12 -05:00
John Lancaster 35e1d5ee61 writeShellApplication updates 2026-04-12 23:21:12 -05:00
John Lancaster ec5ff115ce writeShellApplication reworks 2026-04-12 23:21:12 -05:00
7 changed files with 153 additions and 124 deletions
Expand all files Collapse all files
modules/features/mtls.nix
+44 -45
View File
@@ -96,32 +96,35 @@ let
group, group,
}: }:
let let
catCmd = lib.getExe' pkgs.coreutils "cat";
chownCmd = lib.getExe' pkgs.coreutils "chown";
chmodCmd = lib.getExe' pkgs.coreutils "chmod";
stepCmd = lib.getExe pkgs.step-cli;
sanArgs = lib.concatMapStringsSep " " (s: "--san \"${s}\"") san; sanArgs = lib.concatMapStringsSep " " (s: "--san \"${s}\"") san;
in in
pkgs.writeShellScriptBin "mtls-generate" '' pkgs.writeShellApplication {
set -euo pipefail name = "mtls-generate";
${stepCmd} ca certificate \ runtimeInputs = with pkgs; [ coreutils step-cli ];
${subject} ${certFile} ${keyFile} \ text = ''
--not-before=-5m --not-after=${lifetime} \ set -euo pipefail
--provisioner ${provisioner} \ step ca certificate ${subject} ${certFile} ${keyFile} \
${sanArgs} \ --provisioner ${provisioner} \
"$@" --not-before=-5m --not-after=${lifetime} \
(umask 077; ${catCmd} ${certFile} ${keyFile} > ${bundleFile}) ${sanArgs} \
${chownCmd} ${user}:${group} ${certFile} ${keyFile} ${bundleFile} "$@"
${chmodCmd} 640 ${certFile} ${keyFile} ${bundleFile} (umask 077; cat ${certFile} ${keyFile} > ${bundleFile})
printf '\033[32m\033[0m \033[1mmTLS Bundle:\033[0m %s\n' ${lib.escapeShellArg bundleFile} chown ${user}:${group} ${certFile} ${keyFile} ${bundleFile}
''; chmod 640 ${certFile} ${keyFile} ${bundleFile}
printf '\033[32m\033[0m \033[1mmTLS Bundle:\033[0m %s\n' ${lib.escapeShellArg bundleFile}
'';
};
mkMtlsCheckScript = { pkgs, bundleFile }: pkgs.writeShellScriptBin "mtls-check" '' mkMtlsCheckScript = { pkgs, bundleFile }: pkgs.writeShellApplication {
${lib.getExe pkgs.openssl} x509 \ name = "mtls-check";
-noout -subject -issuer \ runtimeInputs = with pkgs; [ openssl ];
-ext subjectAltName,extendedKeyUsage \ text = ''
-enddate -in ${bundleFile} openssl x509 -noout -in ${bundleFile} \
''; -subject -issuer \
-ext subjectAltName,extendedKeyUsage \
-enddate
'';
};
mkMtlsRenewScript = { mkMtlsRenewScript = {
pkgs, pkgs,
@@ -129,12 +132,7 @@ let
systemctlArgs ? [ ], systemctlArgs ? [ ],
}: }:
let let
catCmd = lib.getExe' pkgs.coreutils "cat"; systemctlCmd = "systemctl ${lib.escapeShellArgs systemctlArgs}";
echoCmd = lib.getExe' pkgs.coreutils "echo";
chownCmd = lib.getExe' pkgs.coreutils "chown";
chmodCmd = lib.getExe' pkgs.coreutils "chmod";
stepCmd = lib.getExe pkgs.step-cli;
systemctlCmd = "${lib.getExe' pkgs.systemd "systemctl"} ${lib.escapeShellArgs systemctlArgs}";
hasReloadUnits = cfg.renew.reloadUnits != [ ]; hasReloadUnits = cfg.renew.reloadUnits != [ ];
renewReloadScript = lib.concatMapStringsSep "\n" (unit: '' renewReloadScript = lib.concatMapStringsSep "\n" (unit: ''
@@ -148,7 +146,10 @@ let
fileOwner = "${cfg.renew.user}:${cfg.renew.group}"; fileOwner = "${cfg.renew.user}:${cfg.renew.group}";
in in
pkgs.writeShellScriptBin "mtls-renew" '' pkgs.writeShellApplication {
name = "mtls-renew";
runtimeInputs = with pkgs; [ coreutils step-cli systemd ];
text = ''
set -euo pipefail set -euo pipefail
YELLOW_BANG="\e[33m!\e[0m" YELLOW_BANG="\e[33m!\e[0m"
@@ -161,33 +162,31 @@ let
shift shift
;; ;;
*) *)
${echoCmd} -e "$YELLOW_BANG Warning: ignoring unrecognized argument '$1'" echo -e "$YELLOW_BANG Warning: ignoring unrecognized argument '$1'"
exit 1 exit 1
;; ;;
esac esac
done done
if [[ $force -eq 0 ]] && ! ${stepCmd} certificate needs-renewal "${cfg.certFile}"; then if [[ $force -eq 0 ]] && ! step certificate needs-renewal "${cfg.certFile}"; then
${echoCmd} "Skipping renew" echo "Skipping renew"
exit 0 exit 0
fi fi
${echoCmd} "Renewing mTLS certificate" echo "Renewing mTLS certificate"
${stepCmd} ca renew --force "${cfg.certFile}" "${cfg.keyFile}" step ca renew --force "${cfg.certFile}" "${cfg.keyFile}"
(umask 077; ${catCmd} "${cfg.certFile}" "${cfg.keyFile}" > "${cfg.bundleFile}") (umask 077; cat "${cfg.certFile}" "${cfg.keyFile}" > "${cfg.bundleFile}")
${chownCmd} ${fileOwner} ${cfg.certFile} ${cfg.keyFile} ${cfg.bundleFile} chown ${fileOwner} ${cfg.certFile} ${cfg.keyFile} ${cfg.bundleFile}
${chmodCmd} 640 ${cfg.certFile} ${cfg.keyFile} ${cfg.bundleFile} chmod 640 ${cfg.certFile} ${cfg.keyFile} ${cfg.bundleFile}
${lib.optionalString hasReloadUnits '' ${lib.optionalString hasReloadUnits ''
${echoCmd} "Reloading units: ${lib.concatStringsSep ", " cfg.renew.reloadUnits}" echo "Reloading units: ${lib.concatStringsSep ", " cfg.renew.reloadUnits}"
${renewReloadScript} ${renewReloadScript}
''} ''}
${lib.optionalString hasPostCommands '' ${lib.optionalString hasPostCommands ''echo "Post commands:" ${renewPostCommands}''}
${echoCmd} "Post commands:" '';
${renewPostCommands} };
''}
'';
mkNixosMtlsRenewService = { pkgs, cfg, ... }: mkNixosMtlsRenewService = { pkgs, cfg, ... }:
{ {
modules/features/shell-tools.nix
+1 -3
View File
@@ -34,9 +34,7 @@
xclip xclip
jq jq
ripgrep ripgrep
(writeShellScriptBin "ds" '' (writeShellScriptBin "ds" ''${lib.getExe pkgs.gdu} -x -I /snap /'')
${lib.getExe pkgs.gdu} -x -I /snap /
'')
]; ];
}; };
}; };
modules/hosts/janus/default.nix
+2 -2
View File
@@ -3,7 +3,7 @@ let
username = "john"; username = "john";
hostname = "janus"; hostname = "janus";
ca-url = "https://janus.john-stream.com/"; ca-url = "https://janus.john-stream.com/";
fingerprint = "2036c44f7b5901566ff7611ea6c927291ecc6d2dd00779c0eead70ec77fa10d6"; fingerprint = builtins.readFile ./fingerprint;
in in
{ {
flake.modules.nixos.janus-ca = flake.modules.nixos.janus-ca =
@@ -102,7 +102,7 @@ in
}; };
}; };
perSystem = { pkgs, lib, ... }: { perSystem = { system, pkgs, lib, ... }: {
packages.janus-ca = inputs.wrappers.lib.wrapPackage { packages.janus-ca = inputs.wrappers.lib.wrapPackage {
inherit pkgs; inherit pkgs;
package = pkgs.step-cli; package = pkgs.step-cli;
modules/hosts/janus/fingerprint
+1
View File
@@ -0,0 +1 @@
2036c44f7b5901566ff7611ea6c927291ecc6d2dd00779c0eead70ec77fa10d6
modules/hosts/john-pc/default.nix
+15 -15
View File
@@ -3,26 +3,23 @@ let
username = "john"; username = "john";
hostname = "john-pc-ubuntu"; hostname = "john-pc-ubuntu";
testHost = "soteria"; # which host to test build
testTarget = "fded:fb16:653e:25da:be24:11ff:fea0:753f"; # test-nix
resolvedTarget = "test-nix";
# testTarget = "fded:fb16:653e:25da:be24:11ff:fe89:1cc3"; # soteria # testTarget = "fded:fb16:653e:25da:be24:11ff:fe89:1cc3"; # soteria
# testTarget = "fded:fb16:653e:25da:be24:11ff:fea0:753f"; # test-nix
testHost = "soteria"; # which host to test build
testTarget = "test-nix";
in in
{ {
flake.modules.homeManager."${hostname}" = { config, pkgs, lib, ... }: flake.modules.homeManager."${hostname}" = { config, pkgs, lib, ... }:
let let
flakeDir = "${config.xdg.configHome}/home-manager/jsl-dendritic"; selfPkgs = inputs.self.packages.${pkgs.stdenv.hostPlatform.system};
resticPasswordFile = "${config.xdg.configHome}/restic/password.txt"; resticPasswordFile = "${config.xdg.configHome}/restic/password.txt";
flakeDir = "${config.xdg.configHome}/home-manager/jsl-dendritic";
testPushCmd = (pkgs.writeShellScriptBin "test-push" '' test-push = with pkgs; writeShellApplication {
${lib.getExe' pkgs.coreutils "echo"} "Pushing ${testHost} to ${resolvedTarget}" name = "test-push";
${lib.getExe pkgs.nh} os switch ${flakeDir}#${testHost} \ runtimeInputs = [ nh ];
-e passwordless \ text = ''nh os switch ${flakeDir}#${testHost} --target-host root@${testTarget} -e none'';
--target-host ${resolvedTarget} \ };
--diff always \
"$@"
'');
in in
{ {
imports = with inputs.self.modules.homeManager; [ imports = with inputs.self.modules.homeManager; [
@@ -46,8 +43,11 @@ in
home.homeDirectory = "/home/${username}"; home.homeDirectory = "/home/${username}";
home.packages = with pkgs; [ home.packages = with pkgs; [
nixos-rebuild nixos-rebuild
testPushCmd test-push
inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.my-neovim selfPkgs.neovim-min
# ${selfPkgs}.my-neovim
selfPkgs.richPrinter
selfPkgs.janus-ca
]; ];
shell.program = "zsh"; shell.program = "zsh";
modules/nix-tools/rebuild.nix
+85 -58
View File
@@ -6,11 +6,21 @@
flakeDir = config.rebuild.flakeDir; flakeDir = config.rebuild.flakeDir;
echoCmd = lib.getExe' pkgs.coreutils "echo"; echoCmd = lib.getExe' pkgs.coreutils "echo";
hostnameCmd = "$(${lib.getExe pkgs.hostname} -s)"; hostnameCmd = "$(${lib.getExe pkgs.hostname} -s)";
nfs = (pkgs.writeShellScriptBin "nfs" ''
HOSTNAME=${hostnameCmd} nfs = with pkgs; writeShellApplication {
${echoCmd} "Switching to the $HOSTNAME nixos profile" name = "nfs";
sudo ${lib.getExe pkgs.nixos-rebuild} switch --impure --flake ${flakeDir}#$HOSTNAME runtimeInputs = [ coreutils hostname nh ];
''); text = ''
HOSTNAME=$(hostname -s)
echo "Switching to the $HOSTNAME nixos profile"
sudo nh os switch "$@" ${flakeDir}#$HOSTNAME
'';
};
nfsu = with pkgs; writeShellApplication {
name = "nfsu";
runtimeInputs = [ nfs pkgs.git ];
text = ''nfs --refresh "$@"'';
};
in in
{ {
options.rebuild = { options.rebuild = {
@@ -22,29 +32,73 @@
}; };
config = { config = {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ nfs nfsu ];
nfs
(writeShellScriptBin "nfsu" ''
${lib.getExe nix} flake update --impure --flake ${flakeDir}
${lib.getExe git} -C ${flakeDir} add ${flakeDir}/flake.lock > /dev/null 2>&1
${lib.getExe nfs}
'')
];
}; };
}; };
flake.modules.homeManager.rebuild = flake.modules.homeManager.rebuild =
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
nixBin = lib.getExe pkgs.nix;
flakeDir = config.homeManagerFlakeDir; flakeDir = config.homeManagerFlakeDir;
echoCmd = lib.getExe' pkgs.coreutils "echo";
hostnameCmd = "$(${lib.getExe pkgs.hostname} -s)"; hostnameCmd = "$(${lib.getExe pkgs.hostname} -s)";
nhms = (pkgs.writeShellScriptBin "nhms" ''
HOSTNAME=${hostnameCmd} flake-parts-check = with pkgs; writeShellApplication {
${echoCmd} "Switching to the $HOSTNAME home-manager profile" name = "flake-parts-check";
${lib.getExe pkgs.nh} home switch ${flakeDir} -c $HOSTNAME "$@" runtimeInputs = [ nix ];
''); text = ''
cd ${flakeDir}
nix run "${flakeDir}#write-flake"
nix flake check
'';
};
nhms = with pkgs; writeShellApplication {
name = "nhms";
runtimeInputs = [ coreutils hostname nh ];
text = ''
HOSTNAME=$(hostname -s)
echo "Switching to the $HOSTNAME home-manager profile"
nh home switch ${flakeDir} -c "$HOSTNAME" "$@"
'';
};
nhmu = with pkgs; writeShellApplication {
name = "nhmu";
runtimeInputs = [ nhms ];
text = ''nhms --update'';
};
test-build = with pkgs; writeShellApplication {
name = "test-build";
runtimeInputs = [ coreutils nix hostname ];
text = ''
if [ -z "$1" ]; then
HOSTNAME=$(hostname -s)
else
HOSTNAME="$1"
fi
echo "Testing the evaulation of the nixos config for $HOSTNAME"
nix eval "${flakeDir}#nixosConfigurations.$HOSTNAME.config.system.build.toplevel.drvPath"
'';
};
cleanup = with pkgs; writeShellApplication {
name = "cleanup";
runtimeInputs = [ coreutils home-manager nix ];
text = ''
set -e
DAYS=$1
if [ -z "$DAYS" ]; then
echo "usage: cleanup <days>"
exit 1
fi
home-manager expire-generations "-$DAYS days"
nix profile wipe-history --older-than "''${DAYS}d"
nix store gc
nix store optimise
'';
};
in in
{ {
options = { options = {
@@ -53,52 +107,25 @@
type = lib.types.str; type = lib.types.str;
default = "${config.xdg.configHome}/home-manager"; default = "${config.xdg.configHome}/home-manager";
}; };
buildHostname = lib.mkOption {
description = "Hostname for the NixOS configuration to use.";
type = lib.types.str;
default = hostnameCmd;
};
}; };
config = { config = {
home.activation.printFlakeDir = lib.hm.dag.entryAfter ["writeBoundary"] '' home.activation.printFlakeDir = lib.hm.dag.entryAfter ["writeBoundary"] ''
run ${echoCmd} "Home Manager flake directory: ${flakeDir}" run echo "Home Manager flake directory: ${flakeDir}"
''; '';
home.packages = with pkgs; [ home.packages = with pkgs; [
home-manager home-manager
(writeShellScriptBin "flake-parts-check" '' (symlinkJoin {
cd ${flakeDir} name = "build-tools";
${nixBin} run "${flakeDir}#write-flake" paths = [
${nixBin} flake check flake-parts-check
'') nhms
nhms nhmu
(writeShellScriptBin "nhmu" '' test-build
${lib.getExe nhms} --update cleanup
'') ];
})
(writeShellScriptBin "test-build" ''
if [ -z "$1" ]; then
HOSTNAME=${hostnameCmd}
else
HOSTNAME="$1"
fi
${echoCmd} "Testing the evaulation of the nixos config for $HOSTNAME"
${lib.getExe nix} eval ${flakeDir}#nixosConfigurations.$HOSTNAME.config.system.build.toplevel.drvPath
'')
(writeShellScriptBin "cleanup" ''
set -e
DAYS=$1
if [ -z "$DAYS" ]; then
${echoCmd} "usage: cleanup <days>"
exit 1
fi
${lib.getExe home-manager} expire-generations "-$DAYS days"
${lib.getExe nix} profile wipe-history --older-than "''${DAYS}d"
${lib.getExe nix} store gc
${lib.getExe nix} store optimise
'')
]; ];
}; };
}; };
modules/programs/zsh.nix
+5 -1
View File
@@ -93,9 +93,13 @@ in
git.enable = true; git.enable = true;
# git.neogit.enable = true; # git.neogit.enable = true;
extraPlugins = with pkgs.vimPlugins; { extraPlugins = with pkgs.vimPlugins; {
icons = {
package = nvim-web-devicons;
};
octo = { octo = {
package = octo-nvim; package = octo-nvim;
after = ["telescope"]; setup = "require('octo').setup {}";
after = ["telescope" "icons"];
}; };
}; };