~kaction/config

ref: 148d52ff7ac67eb34f6378608072c50b4fe5391f config/manifest/default.nix -rw-r--r-- 2.4 KiB
148d52ff — Dmitry Bogatov neovim: configure $ and 0 work on visual lines 4 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
{ writeText, runCommandLocal, dhall-json, stdenv, callPackage, mk-passwd, doas
}:
let
  symlink = path: {
    action = "symlink";
    inherit path;
  };
  symlink' = expr: symlink (callPackage expr { });
  touch = {
    path = writeText "empty.txt" "";
    action = "copy";
    mode = "0000";
  };
  suid = path: {
    action = "copy";
    mode = "04555";
    inherit path;
  };
  auth = stdenv.mkDerivation {
    name = "auth";
    src = runCommandLocal "passwd.json" { } ''
      set -x
      ${dhall-json}/bin/dhall-to-json < ${./passwd.dhall} > $out
    '';
    nativeBuildInputs = [ mk-passwd ];
    phases = [ "installPhase" ];
    installPhase = ''
      mkdir -p $out
      mk-passwd --passwd $out/passwd --group $out/group < $src
    '';
    allowSubstitutes = false;
  };
  manifest = {
    base = let
      user-mkdir = {
        action = "mkdir";
        owner = 1000; # fixme: extract from {auth}
        mode = "0700";
      };

      f = self: {
        # Must specify explicitly, or it will be root:root
        "/home/kaction" = user-mkdir;
        "/home/kaction/Mail" = user-mkdir;
        "/home/kaction/Mail/cur" = user-mkdir;
        "/home/kaction/Mail/new" = user-mkdir;
        "/home/kaction/Mail/tmp" = user-mkdir;
        "/home/kaction/.config" = user-mkdir;
        "/home/kaction/.config/dbxcli" = user-mkdir;
        "/home/kaction/.config/dbxcli/auth.json" = symlink ./secret/dbx.json;

        "/etc/group" = symlink "${auth}/group";
        "/etc/gshadow" = { action = "unlink"; };
        "/etc/hosts" = symlink' ./hosts;
        "/etc/profile.d/auth.sh" = symlink ./secret/auth.sh;
        "/etc/doas.conf" = symlink ./doas.conf;
        "/etc/nix/nix.conf" = symlink ./nix.conf;
        "/etc/nsswitch.conf" = symlink ./nsswitch.conf;
        "/etc/passwd" = symlink "${auth}/passwd";
        "/etc/runit/runsvdir/default/nix-daemon" =
          symlink' ./nix-daemon/runit.nix;
        "/etc/resolv.conf" = {
          path = ./openvpn/resolv.conf;
          action = "copy";
          mode = "0444";
        };
        "/etc/sysctl.conf" = symlink ./sysctl.conf;

        "/etc/runit/runsvdir/default/activate" =
          symlink (callPackage ./activate { manifest = self; });

        "/var/log/runit/activate/.keep" = touch;
        "/usr/local/bin/doas" = suid "${doas}/bin/doas";
        "/etc/xbps.d/xbps.conf" = symlink ./xbps.conf;
      };
    in writeText "manifest.json" (builtins.toJSON (stdenv.lib.fix f));
  };
in manifest.base