~kaction/config

93da02b2d5f31b25c06a388df9d829892319c563 — Dmitry Bogatov 11 months ago 1196bde
flake.nix: split universe into public and full versions

Public part is for anybody who may be interested, and full version
contains some information that may affect my privacy.
2 files changed, 111 insertions(+), 95 deletions(-)

M flake.nix
A universe/default.nix
M flake.nix => flake.nix +23 -95
@@ 31,9 31,9 @@
      #
      # Also, it allows simple access to pristine versions of packages
      # from nixpkgs.
      packages."${system}" = pkgs.lib.makeScope pkgs.newScope (self:
      packages."${system}" = pkgs.lib.makeScope pkgs.newScope (self':
        let
          inherit (self) callPackage;
          inherit (self') callPackage;
          call = f: callPackage f { };
          do-rebuild = packages: path: rec {
            name = builtins.baseNameOf path;


@@ 77,33 77,33 @@
        in pkgs // pristine // rebuilded // rebuildedStatic // { # nixfmt: sort
          inherit (pkgs.pkgsStatic) execline;
          inherit system;

          nix-sys-generate = callPackage ./system-v2/nix-sys-generate { };
          nix-sys = callPackage ./system-v2/nix-sys {
            inherit (pkgs.pkgsStatic) stdenv;
          };
          Documentation =
            callPackage ./universe/Documentation { inherit nixpkgs; };
          attach-shell = call ./universe/attach-shell;
          blurdate = callPackage ./universe/blurdate { };
          dropbox_uploader = call ./universe/dropbox_uploader;
          dhall-latest = call ./universe/dhall-latest;
          diohsc = call ./universe/diohsc;
          dropbox_uploader = call ./universe/dropbox_uploader;
          dvtm =
            import ./universe/dvtm { inherit (pkgs.pkgsStatic) dvtm-unstable; };
          fasm-arch = call ./universe/fasm-arch;
          git-recall = call ./universe/git-recall;

          font-psf = call ./universe/font-psf;
          git = callPackage ./universe/git {
            # Imperfect, but compatible with old overlay-based code.
            git = pkgs.git.override { inherit (self) openssh curl; };
            git = pkgs.git.override { inherit (self') openssh curl; };
          };
          git-bug = callPackage ./universe/git-bug {
            inherit (pkgs.gitAndTools) git-bug;
          };
          git-recall = call ./universe/git-recall;
          githooks = call ./universe/githooks;
          nix = callPackage ./universe/nix { nix = pkgs.nixFlakes; };
          nix-sys = callPackage ./system-v2/nix-sys {
            inherit (pkgs.pkgsStatic) stdenv;
          };

          nix-sys-generate = callPackage ./system-v2/nix-sys-generate { };
          nixfmt = call ./universe/nixfmt;

          perl = callPackage ./universe/perl { inherit (pkgs) perl530; };


@@ 119,91 119,19 @@
          system-wide = callPackage ./system-v2 { };
          tempfile = pkgs.pkgsStatic.callPackage ./universe/tempfile { };
          uenv = call ./universe/uenv;
        });
      defaultPackage."${system}" = with self.packages."${system}";
        let
          inherit (pkgs.lib) isDerivation filterAttrs attrValues;
          outputs = drv:
            [ drv ] ++ attrValues (filterAttrs (_: isDerivation) drv);
          evil = [
            pkgs.execline
            systemd
            pam
            kerberos
            dbus
            coreutils
            man
            acl
            attr
            libusb1
          ];
          banished = builtins.concatLists (map outputs evil);
          drv = buildEnv {
            name = "universe-13";
            paths = [
              Documentation
              acpi # Check battery status
              attach-shell
              bmake # Not GNU Make, to learn about Make portability
              busybox # simpler than coreutils
              curl
              diohsc
              dvtm
              dropbox_uploader
              dhall-latest.dhall
              dhall-latest.dhall-bash
              dhall-latest.dhall-docs
              dhall-latest.dhall-json
              dhall-latest.dhall-yaml
              dhall-latest.dhall-lsp-server
              dhall-latest.dhall-nixpkgs
              fasm
              fasm-arch
              file # This is part of base system.
              gdb
              git
              git-bug
              git-recall
              gitAndTools.hub
              gnupg
              groff
              kpcli
              htop
              jq # json dominated web, and it is probably good
              less
              man-pages # syscall and libc library reference.
              msmtp
              mpop
              newsboat
              nix # unstable Nix with flakes support
              nixfmt
              nnn # file manager for poorly named files
              openssh
              pkgsStatic.par # Like fmt(1), but better.
              pass
              posix_man_pages # busybox does not provide manpages
              postgresql_10.doc # My ${dayjob} uses Postgres-10
              postgresql_10.man
              psql # client-only
              pstree # overview of processes running on the system.
              python3.pkgs.trezor
              python3.pkgs.trezor_agent
              python3.pkgs.md2gemini
              rename # mass rename of files
              reuse # automatic management of copyright headers.
              rsync
              srht-ui
              strace # When things break, and they break all the time.
              surfraw
              tig
              tree # Useful to inspect result of Nix derivation build
              trezord
              uenv
              urlview # open links in email
              vim
              w3m # Web-browser that supports tables
            ];

          # This one requires secret key.
          universe-full = import ./universe {
            use-hardware-token = true;
            pkgs = self.packages."${system}";
          };

          universe-public = import ./universe {
            use-hardware-token = false;
            pkgs = self.packages."${system}";
          };
        in drv.overrideAttrs (_: { disallowedRequisites = banished; });
        });

      defaultPackage."${system}" = self.packages."${system}".universe-public;
    };
}

A universe/default.nix => universe/default.nix +88 -0
@@ 0,0 1,88 @@
{ pkgs, use-hardware-token ? false }:
let
  inherit (pkgs.lib) isDerivation filterAttrs attrValues optionals;
  outputs = drv: [ drv ] ++ attrValues (filterAttrs (_: isDerivation) drv);

  # This is sanity check that I actually managed to get overrides right
  # to avoid useless dependencies or correctly use static version
  # everwhyere.
  banished = with pkgs; builtins.concatLists (map outputs [
    pristine-execline
    systemd
    pam
    kerberos
    dbus
    coreutils
    man
    acl
    attr
    libusb1
  ]);
  drv = with pkgs; buildEnv {
    name = "universe-13";
    paths = [
      Documentation
      acpi # Check battery status
      attach-shell
      bmake # Not GNU Make, to learn about Make portability
      busybox # simpler than coreutils
      curl
      diohsc
      dvtm
      dropbox_uploader
      dhall-latest.dhall
      dhall-latest.dhall-bash
      dhall-latest.dhall-docs
      dhall-latest.dhall-json
      dhall-latest.dhall-yaml
      dhall-latest.dhall-lsp-server
      dhall-latest.dhall-nixpkgs
      fasm
      fasm-arch
      file # This is part of base system.
      gdb
      git
      git-bug
      git-recall
      gitAndTools.hub
      gnupg
      groff
      kpcli
      htop
      jq # json dominated web, and it is probably good
      less
      man-pages # syscall and libc library reference.
      msmtp
      mpop
      newsboat
      nix # unstable Nix with flakes support
      nixfmt
      nnn # file manager for poorly named files
      openssh
      pkgsStatic.par # Like fmt(1), but better.
      pass
      posix_man_pages # busybox does not provide manpages
      postgresql_10.doc # My ${dayjob} uses Postgres-10
      postgresql_10.man
      psql # client-only
      pstree # overview of processes running on the system.
      python3.pkgs.md2gemini
      rename # mass rename of files
      reuse # automatic management of copyright headers.
      rsync
      srht-ui
      strace # When things break, and they break all the time.
      surfraw
      tig
      tree # Useful to inspect result of Nix derivation build
      trezord
      uenv
      urlview # open links in email
      vim
      w3m # Web-browser that supports tables
    ] ++ optionals use-hardware-token [
      python3.pkgs.trezor
      python3.pkgs.trezor_agent
    ];
  };
in drv.overrideAttrs (_: { disallowedRequisites = banished; })