vieitesss.eu / dot
Dotfiles managed with Nix
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'main' of github.com:vieitesss/.dot into feat/easier-configuration-set-up

Daniel Vieites a27b2514 87de64e1

+186 -33
+59
.github/workflows/update-flake-lock.yml
··· 1 + name: Update flake lock 2 + 3 + on: 4 + schedule: 5 + - cron: "15 23 * * *" 6 + workflow_dispatch: 7 + 8 + permissions: 9 + contents: write 10 + pull-requests: write 11 + 12 + jobs: 13 + update-flake-lock: 14 + runs-on: ubuntu-latest 15 + 16 + steps: 17 + - name: Check out main 18 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd 19 + with: 20 + ref: main 21 + 22 + - name: Install Nix 23 + uses: cachix/install-nix-action@4eae8bea4afaa8f8ea8aa638ab9a7fead2f3d21e 24 + with: 25 + extra_nix_config: | 26 + experimental-features = nix-command flakes 27 + 28 + - name: Update package inputs 29 + run: nix flake update nixpkgs neovim-nightly-overlay 30 + 31 + - name: Validate flake evaluation 32 + run: nix flake show 33 + 34 + - name: Create update pull request 35 + id: cpr 36 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 37 + with: 38 + token: ${{ secrets.UPDATE_FLAKE_LOCK_TOKEN }} 39 + branch: ci/update-flake-lock 40 + delete-branch: true 41 + commit-message: "chore: update flake lock" 42 + title: "chore: update flake lock" 43 + body: | 44 + ## Summary 45 + - update `nixpkgs` and `neovim-nightly-overlay` 46 + - regenerate `flake.lock` after a successful `nix flake show` 47 + 48 + - name: Enable auto-merge 49 + if: ${{ steps.cpr.outputs.pull-request-operation == 'created' }} 50 + env: 51 + GH_TOKEN: ${{ secrets.UPDATE_FLAKE_LOCK_TOKEN }} 52 + run: gh pr merge --auto --squash "${{ steps.cpr.outputs.pull-request-url }}" 53 + 54 + - name: Report created pull request 55 + if: ${{ steps.cpr.outputs.pull-request-number != '' }} 56 + run: | 57 + printf 'Created PR #%s: %s\n' \ 58 + "${{ steps.cpr.outputs.pull-request-number }}" \ 59 + "${{ steps.cpr.outputs.pull-request-url }}"
+26
.github/workflows/validate-pull-request.yml
··· 1 + name: Validate pull request 2 + 3 + on: 4 + pull_request: 5 + branches: 6 + - main 7 + 8 + permissions: 9 + contents: read 10 + 11 + jobs: 12 + validate-flake-lock: 13 + runs-on: ubuntu-24.04 14 + 15 + steps: 16 + - name: Check out pull request 17 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd 18 + 19 + - name: Install Nix 20 + uses: cachix/install-nix-action@4eae8bea4afaa8f8ea8aa638ab9a7fead2f3d21e 21 + with: 22 + extra_nix_config: | 23 + experimental-features = nix-command flakes 24 + 25 + - name: Validate flake evaluation 26 + run: nix flake show
+11 -2
README.md
··· 11 11 2. Clone this repo to `~/.dot`. 12 12 3. Apply the configuration for the current host. 13 13 14 + Automatic upgrades use a separate deploy clone at `~/.dot-deploy` by default. 15 + That clone is bootstrapped from the `origin` remote of `~/.dot` the first time 16 + the scheduled macOS upgrade job runs, then updated independently from its own 17 + `origin/main` afterward. 18 + 14 19 macOS: 15 20 16 21 ```sh ··· 44 49 2. Add an entry to `hosts.nix` using that hostname as the attribute name. 45 50 3. Set `system` to the target platform string, for example `aarch64-darwin`, `x86_64-linux`, or `aarch64-linux`. 46 51 4. Set `username` to the local account that Home Manager should manage. 47 - 5. Override `homeDirectory` or `flakeDirectory` only when the machine uses a non-standard path. 52 + 5. Override `homeDirectory`, `flakeDirectory`, or `deployDirectory` only when the machine uses a non-standard path. 48 53 49 54 You can get the `system` value on the target machine with: 50 55 ··· 55 60 ## Repository Layout 56 61 57 62 ```text 63 + .github/workflows/ # remote lock-file maintenance on GitHub 58 64 darwin/ # nix-darwin system-level modules for macOS 59 65 default.nix # main macOS settings, users, Homebrew 60 - auto-upgrade.nix # scheduled darwin-rebuild and Nix garbage collection 66 + auto-upgrade.nix # sync deploy clone, run darwin-rebuild, and garbage collect 61 67 home/ # Home Manager user-level modules shared across platforms 62 68 default.nix # shared user configuration entry point 63 69 packages/ ··· 72 78 73 79 - `flake.nix` exports Darwin hosts as `darwinConfigurations` and non-Darwin hosts as `homeConfigurations`. 74 80 - On macOS, Home Manager is embedded inside `nix-darwin`, so user configuration still lives under `home/`. 81 + - Daily macOS upgrades rebuild from `~/.dot-deploy`, keeping `~/.dot` free for branch work and local edits. 82 + - The deploy clone is updated with `git fetch origin main` followed by `git merge --ff-only FETCH_HEAD` before each scheduled rebuild. 83 + - A scheduled GitHub Actions workflow opens a PR that refreshes `flake.lock` for `nixpkgs` and `neovim-nightly-overlay`. 75 84 - Automatic upgrade logs live at `/var/log/darwin-auto-upgrade.log`. 76 85 - The automatic `darwin-rebuild` job runs daily at 02:00. 77 86 - Nix garbage collection runs weekly on Sunday at 03:15 and deletes generations older than 30 days.
+44 -14
darwin/auto-upgrade.nix
··· 1 - { config, lib, pkgs, flakeDirectory, hostName, username, ... }: 1 + { config, lib, pkgs, deployDirectory, flakeDirectory, homeDirectory, hostName, username, ... }: 2 2 3 3 let 4 - flakeDir = flakeDirectory; 5 - flakeRef = "path:${flakeDir}#${hostName}"; 4 + deployDir = deployDirectory; 5 + deployRef = "path:${deployDir}#${hostName}"; 6 6 upgradeLogFile = "/var/log/darwin-auto-upgrade.log"; 7 7 upgradeScript = pkgs.writeShellScript "darwin-auto-upgrade" '' 8 8 set -euo pipefail 9 9 10 - flake_dir=${lib.escapeShellArg flakeDir} 11 - flake_ref=${lib.escapeShellArg flakeRef} 10 + authoring_dir=${lib.escapeShellArg flakeDirectory} 11 + deploy_dir=${lib.escapeShellArg deployDir} 12 + user_home=${lib.escapeShellArg homeDirectory} 13 + 14 + run_as_user() { 15 + /usr/bin/sudo -u ${lib.escapeShellArg username} \ 16 + /usr/bin/env HOME="$user_home" "$@" 17 + } 12 18 13 - # Update flake inputs as the regular user to preserve flake.lock ownership. 14 - # GIT_CONFIG_COUNT/KEY/VALUE mark the flake dir as a safe git directory so 15 - # that nix can read it; GIT_CONFIG_NOSYSTEM + the custom safe.directory 16 - # entry prevent git from refusing to write the lock file due to ownership. 17 - sudo -u ${lib.escapeShellArg username} \ 18 - HOME=${lib.escapeShellArg "/Users/${username}"} \ 19 - ${pkgs.nix}/bin/nix flake update --flake "$flake_dir" 19 + user_git() { 20 + run_as_user ${pkgs.git}/bin/git "$@" 21 + } 22 + 23 + if [ ! -e "$deploy_dir" ]; then 24 + remote_url="$(user_git -C "$authoring_dir" remote get-url origin)" || { 25 + printf 'Cannot bootstrap %s from %s\n' "$deploy_dir" "$authoring_dir" >&2 26 + exit 1 27 + } 28 + 29 + run_as_user ${pkgs.coreutils}/bin/mkdir -p "$(${pkgs.coreutils}/bin/dirname "$deploy_dir")" 30 + user_git clone --branch main --single-branch "$remote_url" "$deploy_dir" 31 + fi 32 + 33 + user_git -C "$deploy_dir" rev-parse --is-inside-work-tree >/dev/null 2>&1 || { 34 + printf 'Deploy directory %s is not a git repository\n' "$deploy_dir" >&2 35 + exit 1 36 + } 37 + 38 + [ -z "$(user_git -C "$deploy_dir" status --porcelain)" ] || { 39 + printf 'Deploy directory %s must stay clean for unattended upgrades\n' "$deploy_dir" >&2 40 + exit 1 41 + } 42 + 43 + [ "$(user_git -C "$deploy_dir" branch --show-current)" = "main" ] || { 44 + printf 'Deploy directory %s must stay on main\n' "$deploy_dir" >&2 45 + exit 1 46 + } 47 + 48 + user_git -C "$deploy_dir" fetch origin main 49 + user_git -C "$deploy_dir" merge --ff-only FETCH_HEAD 20 50 21 51 export HOME="/var/root" 22 52 export GIT_CONFIG_COUNT=1 23 53 export GIT_CONFIG_KEY_0="safe.directory" 24 - export GIT_CONFIG_VALUE_0="$flake_dir" 54 + export GIT_CONFIG_VALUE_0="$deploy_dir" 25 55 26 56 ${config.system.build.darwin-rebuild}/bin/darwin-rebuild switch \ 27 - --flake "$flake_ref" \ 57 + --flake ${lib.escapeShellArg deployRef} \ 28 58 --print-build-logs 29 59 ''; 30 60 in
+15 -15
flake.lock
··· 28 28 ] 29 29 }, 30 30 "locked": { 31 - "lastModified": 1774738535, 32 - "narHash": "sha256-2jfBEZUC67IlnxO5KItFCAd7Oc+1TvyV/jQlR+2ykGQ=", 31 + "lastModified": 1774898676, 32 + "narHash": "sha256-0Utnqo+FbB+0CVUi0MI3oonF0Kuzy9VcgRkxl53Euvk=", 33 33 "owner": "nix-community", 34 34 "repo": "home-manager", 35 - "rev": "769e07ef8f4cf7b1ec3b96ef015abec9bc6b1e2a", 35 + "rev": "a184bd2f8426087bae93f203403cd4b86c99e57d", 36 36 "type": "github" 37 37 }, 38 38 "original": { ··· 48 48 "nixpkgs": "nixpkgs" 49 49 }, 50 50 "locked": { 51 - "lastModified": 1774742707, 52 - "narHash": "sha256-a3FjZJxDOn0t18VwtIAgpNuUNaIEl6T+Awu5tXifQQw=", 51 + "lastModified": 1775076062, 52 + "narHash": "sha256-ruqxqJtdmNm/fmjuAdwtSBNcbBeMgE1hwELlUnAFgyU=", 53 53 "owner": "nix-community", 54 54 "repo": "neovim-nightly-overlay", 55 - "rev": "7966a9c203276bea3b7e8dd2e125fd2b4c8b6753", 55 + "rev": "215965fbe5b5dbd61bf33c8bda4a20c2b32c3df2", 56 56 "type": "github" 57 57 }, 58 58 "original": { ··· 64 64 "neovim-src": { 65 65 "flake": false, 66 66 "locked": { 67 - "lastModified": 1774725909, 68 - "narHash": "sha256-aOiiQCmjCrvo+jAUDO2oMa377FvOtU97aqvTm74ZRGU=", 67 + "lastModified": 1774915197, 68 + "narHash": "sha256-yor+eo8CVi7wBp7CjAMQnVoK+m197gsl7MvUzaqicns=", 69 69 "owner": "neovim", 70 70 "repo": "neovim", 71 - "rev": "d5516daf121aa718e79bcd423ee24c24492893c0", 71 + "rev": "dbc4800dda2b0dc3290dc79955f857256e0694e2", 72 72 "type": "github" 73 73 }, 74 74 "original": { ··· 100 100 }, 101 101 "nixpkgs": { 102 102 "locked": { 103 - "lastModified": 1774610258, 104 - "narHash": "sha256-HaThtroVD9wRdx7KQk0B75JmFcXlMUoEdDFNOMOlsOs=", 103 + "lastModified": 1774701658, 104 + "narHash": "sha256-CIS/4AMUSwUyC8X5g+5JsMRvIUL3YUfewe8K4VrbsSQ=", 105 105 "owner": "NixOS", 106 106 "repo": "nixpkgs", 107 - "rev": "832efc09b4caf6b4569fbf9dc01bec3082a00611", 107 + "rev": "b63fe7f000adcfa269967eeff72c64cafecbbebe", 108 108 "type": "github" 109 109 }, 110 110 "original": { ··· 116 116 }, 117 117 "nixpkgs_2": { 118 118 "locked": { 119 - "lastModified": 1774610258, 120 - "narHash": "sha256-HaThtroVD9wRdx7KQk0B75JmFcXlMUoEdDFNOMOlsOs=", 119 + "lastModified": 1775034801, 120 + "narHash": "sha256-tsecHNsWwr4wSaM2oW9GwafMwE24J+xD8bKDoto3exY=", 121 121 "owner": "NixOS", 122 122 "repo": "nixpkgs", 123 - "rev": "832efc09b4caf6b4569fbf9dc01bec3082a00611", 123 + "rev": "8d029aa64915e54b7846873d9583af4c9fd21ea4", 124 124 "type": "github" 125 125 }, 126 126 "original": {
+30 -2
flake.nix
··· 26 26 # Home Manager based on its target system string. 27 27 isDarwin = host: lib.hasSuffix "darwin" host.system; 28 28 29 + <<<<<<< HEAD 29 30 hosts = import ./_hosts.nix { 30 31 inherit lib isDarwin; 31 32 }; 33 + ======= 34 + # Fill in default paths so every host entry has the same shape, even when 35 + # `homeDirectory`, `flakeDirectory`, or `deployDirectory` are omitted in 36 + # `hosts.nix`. 37 + # { 38 + # system 39 + # username 40 + # homeDirectory 41 + # flakeDirectory 42 + # deployDirectory 43 + # } 44 + mkHost = host: 45 + let 46 + homeDirectory = host.homeDirectory or ( 47 + if isDarwin host then 48 + "/Users/${host.username}" 49 + else 50 + "/home/${host.username}" 51 + ); 52 + in 53 + host // { 54 + inherit homeDirectory; 55 + flakeDirectory = host.flakeDirectory or "${homeDirectory}/.dot"; 56 + deployDirectory = host.deployDirectory or "${homeDirectory}/.dot-deploy"; 57 + }; 58 + >>>>>>> bdb4f209785149a53df37d77d5f04fff5c45dfe1 32 59 33 60 configs = import ./_configs.nix 34 61 ··· 76 103 # Values passed here: 77 104 # self - the flake's own output set 78 105 # hostName - the attribute name from `darwinConfigurations` 79 - # flakeDirectory - absolute path where the flake lives on disk 106 + # flakeDirectory - interactive working checkout on disk 107 + # deployDirectory - dedicated checkout that tracks `origin/main` 80 108 # username - primary user account name 81 109 # homeDirectory - absolute path to the user's home directory 82 110 specialArgs = { 83 111 inherit self hostName; 84 - inherit (host) flakeDirectory username homeDirectory; 112 + inherit (host) flakeDirectory deployDirectory username homeDirectory; 85 113 }; 86 114 87 115 modules = [
+1
hosts.nix
··· 12 12 # Optional overrides: 13 13 # - `homeDirectory`: defaults to `/Users/<username>` on macOS and `/home/<username>` on Linux 14 14 # - `flakeDirectory`: defaults to `<homeDirectory>/.dot` 15 + # - `deployDirectory`: defaults to `<homeDirectory>/.dot-deploy` 15 16 MacBook-Air-de-Daniel = { 16 17 system = "aarch64-darwin"; 17 18 username = "vieitesprefapp";