nix: Common bases

config/automatrop/roles/access/tasks/main.yml

@@ -1,22 +0,0 @@
-- name: Set variables
-  set_fact:
-    manjaro: "{{ ansible_lsb.id == 'Manjaro' or ansible_lsb.id == 'Manjaro-ARM' }}"
-
-- name: Enable passwordless sudo access to wheel group (Others)
-  lineinfile:
-    path: /etc/sudoers
-    line: "%wheel ALL=(ALL) NOPASSWD: ALL"
-    regexp: "^#? *%wheel ALL=\\(ALL\\) NOPASSWD: ALL$"
-  become: yes
-  when: not manjaro
-
-- name: Enable passwordless sudo access to wheel group (Manjaro)
-  copy:
-    content: "%wheel ALL=(ALL) NOPASSWD: ALL" 
-    dest: /etc/sudoers.d/11-wheel-nopasswd
-    mode: "u=rwx,g=rx,o="
-  when: manjaro
-  become: yes
-# /etc/sudoers.d/10-installer is the same thing,
-# but **with** a password, and it's overwritten
-# with each upgrade of manjaro-system, hence this.

config/automatrop/roles/software/tasks/main.yml

@@ -1,200 +1,4 @@
 
-# TODO Install python if not done
-# Or maybe not, it requires a lot of automation for something that can be done
-# very quickly manually and is usually already installed
-
-- name: Install python-apt dependency for Termux
-  block:
-    # TODO Check if the correct version
-    - name: Check for DistUtilsExtra (Termux)
-      command: python -c 'import DistUtilsExtra'
-      changed_when: False
-  rescue:
-    - name: Create temporarty folder for DistUtilsExtra (Termux)
-      tempfile:
-        state: directory
-        suffix: python-distutils-extra
-        # path: /data/data/com.termux/files/usr/tmp/
-      register: pde_tempdir
-
-    - name: Download DistUtilsExtra (Termux)
-      get_url:
-        url: "https://launchpad.net/python-distutils-extra/trunk/{{ version }}/+download/python-distutils-extra-{{ version }}.tar.gz"
-        dest: "{{ pde_tempdir.path }}/python-distutils-extra.tar.gz"
-
-    - name: Extract DistUtilsExtra (Termux)
-      unarchive:
-        src: "{{ pde_tempdir.path }}/python-distutils-extra.tar.gz"
-        remote_src: yes
-        dest: "{{ pde_tempdir.path }}"
-
-    - name: Install DistUtilsExtra (Termux)
-      command:
-        cmd: python3 setup.py install
-        chdir: "{{ pde_tempdir.path }}/python-distutils-extra-{{ version }}"
-  when: termux
-  vars:
-    version: 2.39
-
-- name: Install python-apt (Termux)
-  pip:
-    name: python-apt
-  when: termux
-
-# Collecting python-apt
-#   Using cached python-apt-0.7.8.tar.bz2 (49 kB)
-#     ERROR: Command errored out with exit status 1:
-#      command: /data/data/com.termux/files/usr/bin/python3 -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/data/data/com.termux/files/usr/tmp/pip-install-dsga__i7/python-apt/setup.py'"'"'; __file__='"'"'/data/data/com.termux/files/usr/tmp/pip-install-dsga__i7/python-apt/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' egg_info --egg-base /data/data/com.termux/files/usr/tmp/pip-pip-egg-info-ptpprl0m
-#          cwd: /data/data/com.termux/files/usr/tmp/pip-install-dsga__i7/python-apt/
-#     Complete output (5 lines):
-#     Traceback (most recent call last):
-#       File "<string>", line 1, in <module>
-#       File "/data/data/com.termux/files/usr/tmp/pip-install-dsga__i7/python-apt/setup.py", line 11, in <module>
-#         string.split(parse_makefile("python/makefile")["APT_PKG_SRC"]))
-#     AttributeError: module 'string' has no attribute 'split'
-#     ----------------------------------------
-# ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.
-# WARNING: You are using pip version 20.2.3; however, version 20.3.3 is available.
-# You should consider upgrading via the '/data/data/com.termux/files/usr/bin/python3 -m pip install --upgrade pip' command.
-
-# Arch configuration
-
-# TODO Patch sudo-fake so it allows using -u so `become` works
-
-- name: Enable multilib repo
-  lineinfile:
-    path: /etc/pacman.conf
-    regexp: '^#?\s*\[multilib\]$'
-    line: '[multilib]'
-  become: yes
-  when: arch_based and ansible_architecture == "x86_64"
-  notify: udpate pacman cache
-
-- name: Configure multilib repo
-  lineinfile:
-    path: /etc/pacman.conf
-    regexp: '^#?\s*Include\s*=\s*/etc/pacman.d/mirrorlist'
-    line: 'Include = /etc/pacman.d/mirrorlist'
-    insertafter: '^\[multilib\]$'
-  become: yes
-  when: arch_based and ansible_architecture == "x86_64"
-  notify: udpate pacman cache
-
-- name: Update cache if needed
-  meta: flush_handlers
-
-- name: Install ccache
-  pacman:
-    name: ccache
-    state: present
-    extra_args: "--asdeps"
-  become: yes
-  when: arch_based
-
-- name: Enable makepkg color
-  replace:
-    path: /etc/makepkg.conf
-    regexp: '^BUILDENV=(.+)!color(.+)$'
-    replace: 'BUILDENV=\1color\2'
-  become: yes
-  when: arch_based
-
-- name: Enable makepkg ccache
-  replace:
-    path: /etc/makepkg.conf
-    regexp: '^BUILDENV=(.+)!ccache(.+)$'
-    replace: 'BUILDENV=\1ccache\2'
-  become: yes
-  when: arch_based
-
-- name: Remove -mtune from makepkg CFLAGS
-  replace:
-    path: /etc/makepkg.conf
-    regexp: '^#? *CFLAGS=(.+)-mtune=\S+\s(.*)$'
-    replace: "CFLAGS=\\1\\2"
-  become: yes
-  when: arch_based
-
-- name: Change -march to native from makepkg CFLAGS
-  replace:
-    path: /etc/makepkg.conf
-    regexp: '^#? *CFLAGS=(.+)-march=\S+(\s)(.*)$'
-    replace: "CFLAGS=\\1-march=native\\2\\3"
-  become: yes
-  when: arch_based
-
-- name: Set makepkg MAKEFLAGS
-  replace:
-    path: /etc/makepkg.conf
-    regexp: '^#? *MAKEFLAGS=(.+)-j[0-9]+(.+)$'
-    replace: "MAKEFLAGS=\\1-j{{ j }}\\2"
-  become: yes
-  vars:
-    j: "{{ [ansible_processor_nproc - 1, 1] | max | int }}"
-  when: arch_based
-
-- name: Enable pacman ParallelDownloads
-  lineinfile:
-    path: /etc/pacman.conf
-    regexp: '^#?ParallelDownloads'
-    line: 'ParallelDownloads = 5'
-    insertafter: '^\[options\]$'
-  become: yes
-  when: arch_based
-
-- name: Enable pacman colors
-  lineinfile:
-    path: /etc/pacman.conf
-    regexp: '^#?Color'
-    line: 'Color'
-    insertafter: '^\[options\]$'
-  become: yes
-  when: arch_based
-
-- name: Enable pacman pac-man
-  lineinfile:
-    path: /etc/pacman.conf
-    regexp: '^#?ILoveCandy'
-    line: 'ILoveCandy'
-    insertafter: '^#?Color'
-  become: yes
-  when: arch_based
-
-
-# Install alternative package managers
-- name: List packages from base-devel
-  command: pacman -Sqg base-devel
-  register: base_devel_packages
-  changed_when: no
-  check_mode: no
-
-- name: Install dependencies for AUR helpers
-  pacman:
-    name: "{{ (base_devel_packages.stdout | split('\n') | reject('eq', 'sudo')) + ['fakeroot'] }}"
-  become: yes
-  when: arch_based
-# Do not install sudo because maybe sudo-fake is installed (otherwise it conflicts)
-# It should already be installed already anyway
-
-- name: Install AUR package manager (Arch)
-  aur:
-    name: yay-bin
-  when: arch
-
-- name: Install AUR package manager (Manjaro)
-  pacman:
-    name: yay
-  become: yes
-  when: manjaro
-# Not sure if regular Manjaro has yay in its community packages,
-# but Manjaro-ARM sure does
-
-- name: Create cache folder
-  file:
-    state: directory
-    mode: "u=rwx,g=rx,o=rx"
-    path: "{{ ansible_user_dir }}/.cache/automatrop"
-
 - name: Generate list of packages for package manager
   set_fact:
     packages: "{{ query('template', 'package_manager.j2')[0].split('\n')[:-1]|sort|unique }}"

config/automatrop/roles/software/templates/package_manager.j2

@@ -1,15 +1,5 @@
 {# Macros #}
-{% if debian_based %}
-{% set python_prefix = 'python3' %}
-{% set lib_suffix = '-common' %}
-{% else %}
-{% set python_prefix = 'python' %}
-{% set lib_suffix = '' %}
-{% endif %}
 {# Include essential snippets #}
-{% include 'snippets/pm_dotfiles_dependencies.j2' %}
-{% include 'snippets/pm_shell.j2' %}
-{% include 'snippets/pm_terminal_essentials.j2' %}
 {% include 'snippets/pm_remote.j2' %}
 {% include 'snippets/pm_disk_cleanup.j2' %}
 {% include 'snippets/pm_local_monitoring.j2' %}

config/automatrop/roles/software/templates/snippets/pm_dotfiles_dependencies.j2

@@ -1,23 +0,0 @@
-{#
-Stuff that is required for scripts/programs of dotfiles to work properly
-#}
-coreutils
-bash
-grep
-sed
-tar
-openssl
-git
-wget
-curl
-{% if not termux %}
-{{ python_prefix }}-pip
-{# Termux already has pip via Python #}
-{% endif %}
-ansible
-{# Uncompressors #}
-unzip
-unrar
-p7zip
-{{ python_prefix }}-pystache
-{# EOF #}

config/automatrop/roles/software/templates/snippets/pm_terminal_essentials.j2

@@ -1,24 +0,0 @@
-moreutils
-man
-visidata
-{% if can_chown or not arch_based %}
-insect
-{% endif %}
-translate-shell
-gnupg
-{# Editor #}
-{% if termux %}
-nvim
-{% else %}
-neovim
-{% endif %}
-{% if not termux %}
-{{ python_prefix }}-neovim
-{% endif %}
-{# Downloaders #}
-wget
-{# Uncompressors #}
-unzip
-unrar
-p7zip
-{# EOF #}

config/nix/build.sh

@@ -1,4 +1,5 @@
 #/usr/bin/env sh
+export NIXPKGS_ALLOW_UNFREE=1
 nix-build '<nixpkgs/nixos>' -A vm \
 -I nixpkgs=channel:nixos-23.05 \
 -I nixos-config=./configuration.nix

config/nix/configuration.nix

@@ -13,7 +13,7 @@
   # Enable the X11 windowing system
   services.xserver.enable = true;
 
-  # TODO qwerty-fr for X11
+  # FIXME qwerty-fr for X11
 
   # Enable CUPS to print documents
   services.printing.enable = true;
@@ -22,19 +22,63 @@
   sound.enable = true;
   hardware.pulseaudio.enable = true;
 
-  # services.xserver.displayManager.gdm.enable = true;
+  services.xserver.displayManager.startx.enable = true;
   services.xserver.windowManager.i3.enable = true;
 
+  # Enable passwordless sudo
+  security.sudo.extraRules = [
+    { groups = ["wheel"]; commands = [ { command = "ALL"; options = ["NOPASSWD"]; } ]; }
+  ];
+
   # Users
   users.users.geoffrey = {
     isNormalUser = true;
     extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
     packages = with pkgs; [
+      # dotfiles dependencies
+      coreutils
+      bash
+      gnugrep
+      gnused
+      gnutar
+      openssl
+      git
+      wget
+      curl
+      python3Packages.pip
+      ansible # TODO Reevaluate
+
+      # shell
+      zsh-completions
+      nix-zsh-completions
+      zsh-history-substring-search
+      antigen # TODO Reevaluate
+      powerline-go
+
+      # terminal essentials
+      moreutils
+      man
+      visidata
+      nodePackages.insect
+      translate-shell
+      unzip
+      unrar
+      p7zip
+
+      # remote
+      openssh
+      rsync
+      tigervnc # FIXME Only with display server
+
+      # DEBUG
       firefox
       tree
       lolcat
     ];
-    initialPassword = "cartable";
+    initialPassword = "cartable"; # DEBUG
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPE41gxrO8oZ5n3saapSwZDViOQphm6RzqgsBUyA88pU geoffrey@frogeye.fr"
+    ];
   };
 
   environment.systemPackages = with pkgs; [
@@ -42,8 +86,34 @@
     wget
   ];
 
-  # Enable the OpenSSH daemon
-  services.openssh.enable = true;
+  # Enable compilation cache
+  programs = {
+    ccache.enable = true;
+    # TODO Not enough, see https://nixos.wiki/wiki/CCache.
+    # Might want to see if it's worth using on NixOS
+    gnupg.agent.enable = true;
+
+    # TODO Below should be user config
+
+    zsh = {
+      enable = true;
+      autosuggestions.enable = true;
+      enableCompletion = true;
+      syntaxHighlighting.enable = true;
+    };
+    neovim = {
+      enable = true;
+      defaultEditor = true;
+      vimAlias = true;
+      viAlias = true;
+    };
+  };
+
+  services = {
+    # Enable the OpenSSH daemon
+    openssh.enable = true;
+    getty.autologinUser = "geoffrey"; # DEBUG
+  };
 
   # TEST
   system.copySystemConfiguration = true;