tack and everything and wow

2026-06-09 16:01:48 +10:00 · 2026-06-09 16:01:48 +10:00 · 7a6f387652
commit 7a6f387652
parent 480c556d32
24 changed files with 801 additions and 358 deletions
--- a/common/cli.nix
+++ b/common/cli.nix
@ -89,7 +89,7 @@ in
        SHELL = "${config.users.defaultUserShell}/bin/nu";
      };
    };
-    btop = wrapXdg "btop" pkgs.btop btopConfigDir;
+    btop = wrapXdg "btop" (pkgs.btop.override { cudaSupport = true; }) btopConfigDir;
  };

  environment.variables.BAT_THEME = "ansi";
--- a/common/nix/gc.nix
+++ b/common/nix/gc.nix
@ -1,14 +1,8 @@
 {
-  pkgs,
-  inputs,
  ...
 }:
 {
-  imports = [
-    inputs.angrr.nixosModules.angrr
-  ];
  nix = {
-    package = pkgs.nixVersions.git;
    optimise = {
      automatic = true;
      dates = "weekly";
@ -23,9 +17,4 @@
    };
  };

-  services.angrr = {
-    enable = true;
-    period = "7d";
-  };
-
 }
--- a/common/nix/managers.nix
+++ b/common/nix/managers.nix
@ -12,6 +12,7 @@
    enable = true;
    flake = "/home/${mainUser}/.nix";
    monitor = getFlakePkg inputs.rom;
+    tack = getFlakePkg inputs.tack;
  };

  # services.smooooth = {
--- a/common/nix/substituters.nix
+++ b/common/nix/substituters.nix
@ -1,28 +1,75 @@
 {
-  scope,
+  lib,
+  inputs,
  ...
 }:
-scope "nix.settings" {
-  substituters = [
-    "https://nix-community.cachix.org"
-    "https://anmonteiro.nix-cache.workers.dev"
-    "https://cache.lobotomise.me"
-    # "https://cache.atagen.co"
-    # "https://cache.privatevoid.net"
-    "https://cache.flox.dev"
-    "https://cache.amaanq.com"
-    "https://cache.nixos-cuda.org"
-    "https://niri.cachix.org"
-  ];
-  trusted-public-keys = [
-    "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-    "ocaml.nix-cache.com-1:/xI2h2+56rwFfKyyFVbkJSeGqSIYMC/Je+7XXqGKDIY="
-    "cache.lobotomise.me:oF5s/f/RDfVuMH7hl0q/Cby4V/KbPCrZJn8SjKOf/bk="
-    # "cache.atagen.co:SOUkNQxuu/eQ7FcI8nlUe7FpV27e7YjQlDQdn8HTUnw="
-    # "cache.privatevoid.net:SErQ8bvNWANeAvtsOESUwVYr2VJynfuc9JRwlzTTkVg="
-    "flox-cache-public-1:7F4OyH7ZCnFhcze3fJdfyXYLQw/aV7GEed86nQ7IsOs="
-    "cache.amaanq.com:H0iXsEEFsvUNtWb5v9V8Kss+L4F/tnXwDHXcY+xbmKk="
-    "cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M="
-    "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
-  ];
+{
+  imports = [ inputs.ncro.nixosModules.default ];
+  nix.settings = {
+    # trusted-public-keys = [
+    #   "cache.privatevoid.net:SErQ8bvNWANeAvtsOESUwVYr2VJynfuc9JRwlzTTkVg="
+    # ];
+    substituters = lib.mkForce [
+      "http://localhost:8080"
+    ];
+  };
+  services.ncro = {
+    enable = true;
+    settings = {
+      upstreams = [
+        {
+          url = "https://cache.nixos.org";
+          public_key = "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=";
+          priority = 10;
+        }
+        {
+          url = "https://nix-community.cachix.org";
+          public_key = "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=";
+          priority = 20;
+        }
+        {
+          url = "https://cache.lobotomise.me";
+          public_key = "cache.lobotomise.me:oF5s/f/RDfVuMH7hl0q/Cby4V/KbPCrZJn8SjKOf/bk=";
+          priority = 30;
+        }
+        {
+          public_key = "cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M=";
+          url = "https://cache.nixos-cuda.org";
+          priority = 40;
+        }
+        # {
+        #   url = "https://cache.privatevoid.net";
+        #   # public_key = "cache.privatevoid.net:SErQ8bvNWANeAvtsOESUwVYr2VJynfuc9JRwlzTTkVg=";
+        #   priority = 50;
+        #   filters = [
+        #     {
+        #       action = "allow";
+        #       field = "name";
+        #       pattern = "zedless*";
+        #     }
+        #     {
+        #       action = "deny";
+        #       field = "name";
+        #       pattern = "*";
+        #     }
+        #   ];
+        # }
+        {
+          url = "https://cache.flox.dev";
+          public_key = "flox-cache-public-1:7F4OyH7ZCnFhcze3fJdfyXYLQw/aV7GEed86nQ7IsOs=";
+          priority = 50;
+        }
+        {
+          url = "https://cache.amaanq.com";
+          public_key = "cache.amaanq.com:H0iXsEEFsvUNtWb5v9V8Kss+L4F/tnXwDHXcY+xbmKk=";
+          priority = 50;
+        }
+        {
+          url = "https://niri.cachix.org";
+          public_key = "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=";
+          priority = 50;
+        }
+      ];
+    };
+  };
 }
--- a/common/nix/tools.nix
+++ b/common/nix/tools.nix
@ -1,6 +1,7 @@
 {
  pkgs,
  inputs,
+  getFlakePkg,
  ...
 }:
 {
@ -8,8 +9,16 @@
    nixfmt
    nil
  ];
+
  imports = [
    inputs.nix-index-database.nixosModules.nix-index
+    inputs.tack.nixosModules.default
  ];
+
+  programs.tack = {
+    enable = true;
+    nixConfTokens = true;
+  };
+
  programs.nix-index-database.comma.enable = true;
 }
--- a/common/preserve-system.nix
+++ b/common/preserve-system.nix
@ -0,0 +1 @@
+{ scope, ... }: scope "environment.etc.current-flake.source" ../.
--- a/common/security.nix
+++ b/common/security.nix
@ -1,6 +1,8 @@
 {
  lib,
+  pkgs,
  inputs,
+  mainUser,
  getFlakePkg,
  ...
 }:
@ -44,4 +46,38 @@
      StartLimitBurst = 5;
    };
  };
+
+  # polkitd drops every registered authentication agent when it restarts, and
+  # soteria 0.3.1 never re-registers — it lingers as a live process with a dead
+  # registration, after which run0/sudo silently falls back to a tty pkttyagent
+  # prompt instead of the GUI dialog. `nixos-rebuild switch` was restarting
+  # polkitd on every config change, knocking soteria out of the agent slot many
+  # times a day. Two-part fix:
+  #   (B) reload polkit instead of restarting it for config-only changes —
+  #       a polkitd SIGHUP re-reads rules without tearing down live agent
+  #       registrations, so editing the rule above no longer de-registers soteria.
+  #   (A) for the cases that still force a genuine restart (manual restart,
+  #       reboot), bounce soteria afterwards so it re-registers.
+  # Caveat of (B): a polkit *package* bump changes the unit but won't restart it,
+  # so the new polkitd binary only takes effect after a reboot or manual
+  # `systemctl restart polkit`. Acceptable here; rule edits are the hot path.
+  # Proper upstream fix: soteria should watch org.freedesktop.PolicyKit1 for
+  # NameOwnerChanged and re-register itself (issue to be filed).
+  systemd.services.polkit = {
+    restartIfChanged = false;
+    reloadIfChanged = true;
+  };
+  systemd.services.polkit-soteria-reregister = {
+    description = "Re-register soteria with polkitd after polkit (re)starts";
+    after = [ "polkit.service" ];
+    partOf = [ "polkit.service" ];
+    wantedBy = [ "polkit.service" ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      # `-` ignores failure: the user manager may not be up yet (e.g. at boot),
+      # and try-restart is a no-op when soteria isn't currently running.
+      ExecStart = "-${pkgs.systemd}/bin/systemctl --user --machine ${mainUser}@.host try-restart polkit-soteria.service";
+    };
+  };
 }
--- a/common/terminal.nix
+++ b/common/terminal.nix
@ -2,7 +2,7 @@
  lib,
  pkgs,
  inputs,
-  # getFlakePkg',
+  getFlakePkg,
  config,
  mainUser,
  ...
@ -16,6 +16,7 @@ let
    nativeBuildInputs = [ pkgs.makeWrapper ];
    postBuild = ''
      wrapProgram $out/bin/nu \
+        --add-flags "--env-config ${nuEnv}" \
        --add-flags "--config ${nuConfig}"
    '';
    passthru = nushell.passthru or { } // {
@ -215,20 +216,25 @@ let

  nuScriptsPath = "${pkgs.nu_scripts}/share/nu_scripts";

+  nuEnv = pkgs.writeText "env.nu" ''
+    use ${nuScriptsPath}/modules/capture-foreign-env
+    source ${nuScriptsPath}/modules/formats/from-env.nu
+
+    let nixos_env = ('source /etc/set-environment' | capture-foreign-env --shell bash)
+    if ($nixos_env | describe | str starts-with "record") { $nixos_env | load-env }
+  '';
+
  nuConfig = pkgs.writeText "config.nu" ''
    use std/config *

    ${lib.mapAttrsToList (n: v: "alias ${n} = ${v}") aliases |> lib.concatStringsSep "\n"}
    $env.NU_LIB_DIRS = ( $env.NU_LIB_DIRS | append "${nuScriptsPath}")

-    use ${nuScriptsPath}/modules/capture-foreign-env
-    source ${nuScriptsPath}/modules/formats/from-env.nu
-
-    let nixos_env = ('source /etc/set-environment' | capture-foreign-env --shell bash)
-    if ($nixos_env | describe | str starts-with "record") { $nixos_env | load-env }
-
    source ${(pkgs.runCommand "zoxide.nu" { } ''${pkgs.zoxide}/bin/zoxide init nushell >> "$out"'')}

+    source ${
+      (pkgs.runCommand "cade.nu" { } ''${lib.getExe (getFlakePkg inputs.cade)} hook nushell >> "$out"'')
+    }

    $env.config.buffer_editor = "${lib.getExe config.apps.editor}"

@ -250,35 +256,6 @@ let
      sudo $"$(p)/bin/switch-to-configuration" switch
    }

-        # direnv
-        $env.config = ($env.config? | default {})
-        $env.config.hooks = ($env.config.hooks? | default {})
-        $env.config.hooks.pre_prompt = (
-            $env.config.hooks.pre_prompt?
-            | default []
-            | append {||
-                ${pkgs.direnv}/bin/direnv export json
-                | from json --strict
-                | default {}
-                | items {|key, value|
-                    let value = do (
-                        {
-                          "PATH": {
-                            from_string: {|s| $s | split row (char esep) | path expand --no-symlink }
-                            to_string: {|v| $v | path expand --no-symlink | str join (char esep) }
-                          }
-                        }
-                        | merge ($env.ENV_CONVERSIONS? | default {})
-                        | get ([[value, optional, insensitive]; [$key, true, true] [from_string, true, false]] | into cell-path)
-                        | if ($in | is-empty) { {|x| $x} } else { $in }
-                    ) $value
-                    return [ $key $value ]
-                }
-                | into record
-                | load-env
-            }
-        )
-
    # $cmd doesn't carry its args ?
    # $env.config.hooks.command_not_found = { |cmd| , $cmd; echo }

@ -300,11 +277,17 @@ let
 in
 {

-  imports = [ inputs.inshellah.nixosModules.default ];
-  programs.inshellah = {
+  imports = [
+    inputs.inshellah.nixosModules.default
+    inputs.autonym.nixosModules.default
+  ];
+
+  programs.autonym = {
    enable = true;
-    helpOnlyCommands = [ "nh" ];
+    historyLimit = 2000;
+
  };
+  programs.inshellah.enable = true;

  programs.command-not-found.enable = false;
  programs.zoxide.enable = true;
				`@ -0,0 +1 @@`
				`{ scope, ... }: scope "environment.etc.current-flake.source" ../.`