feat: flakify, gnome3

chore: nix fmt
refactor: split out more home-manager programs
feat: migrate shell as flake devShell
feat: initial flake structure with colmena
feat: migrate elias-e525 to colmena
feat: migrate steveej-t14 with colmena
feat: configure chromium extensions
chore: remove all overlays and package overrides
chore: delete some of _archive
feat: migrate vmd102066
feat: migrate sj-vps-htz0

nix/os/profiles/common/configuration.nix

@@ -1,5 +1,3 @@
 {...}: {
-  nixpkgs.overlays = builtins.attrValues (import ../../../overlays);
-
   imports = [./boot.nix ./pkg.nix ./user.nix ./system.nix ./hw.nix];
 }

nix/os/profiles/common/pkg.nix

@@ -1,40 +1,31 @@
 {
-  config,
+  flake,
   pkgs,
+  # these come in via nodeSpecialArgs and are expected to be defined for every node
+  nodeFlake,
+  packages',
   ...
 }: {
-  imports = ["${<home-manager-module>}/nixos"];
-  home-manager.users.root = import ../../../home-manager/configuration/text-minimal.nix {
-    inherit pkgs;
+  imports = [
+  ];
+
+  nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs;
+  home-manager.useGlobalPkgs = false;
+  home-manager.useUserPackages = true;
+  home-manager.users.root = import ../../../home-manager/configuration/text-minimal.nix;
+
+  # TODO: investigate an issue with the "name" arg contained here, which causes problems with home-manager
+  # home-manager.extraSpecialArgs = specialArgs;
+  # hence, opt for passing the arguments selectively instead
+  home-manager.extraSpecialArgs = {
+    inherit
+      packages'
+      nodeFlake
+      ;
   };
 
   nixpkgs.config = {
     allowBroken = false;
     allowUnfree = true;
-
-    packageOverrides = pkgs: with pkgs; {};
   };
-
-  environment.systemPackages = with pkgs; [
-    elfutils
-    exfat
-    file
-    tree
-    pwgen
-    proot
-
-    parted
-    pv
-    tmux
-    wget
-    curl
-
-    gitFull
-    pastebinit
-    gist
-    mr
-
-    usbutils
-    pciutils
-  ];
 }

nix/os/profiles/common/system.nix

@@ -2,25 +2,18 @@
   config,
   pkgs,
   lib,
+  nodeName,
   ...
 }: {
-  nix.settings.trusted-public-keys = [
-    # "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
-  ];
-  nix.settings.substituters = [
-    "https://cache.nixos.org"
-    # "https://hydra.nixos.org"
-  ];
-  nix.settings.trusted-substituters = [
-    "https://cache.nixos.org"
-    # "https://hydra.nixos.org"
-  ];
+  networking.hostName = builtins.elemAt (builtins.split "\\." nodeName) 0; # Define your hostname.
+  networking.domain = builtins.elemAt (builtins.split "(^[^\\.]+\.)" nodeName) 2;
 
   nix.daemonCPUSchedPolicy = "idle";
   nix.daemonIOSchedClass = "idle";
   nix.settings.max-jobs = lib.mkDefault "auto";
   nix.settings.cores = lib.mkDefault 0;
   nix.settings.sandbox = true;
+  nix.nixPath = ["nixpkgs=${pkgs.path}"];
 
   environment.etc."lvm/lvm.conf".text = ''
     devices {
@@ -28,8 +21,6 @@
     }
   '';
 
-  environment.variables = {NIX_PATH = lib.mkForce pkgs.nixPath;};
-
   # Fonts, I18N, Date ...
   fonts.fonts = [pkgs.corefonts];
 

nix/os/profiles/containers/configuration.nix

@@ -1,6 +1,4 @@
 {...}: {
-  nixpkgs.overlays = builtins.attrValues (import ../../../overlays);
-
   networking.useHostResolvConf = false;
   services.resolved = {enable = true;};
 

nix/os/profiles/graphical/system.nix

@@ -1,4 +1,8 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  lib,
+  ...
+}: {
   networking.networkmanager = {
     enable = true;
     dns = "systemd-resolved";
@@ -26,7 +30,7 @@
     };
   };
   # required for running blueman-applet in user sessions
-  services.dbus.packages = with pkgs; [blueman];
+  services.dbus.packages = with pkgs; [blueman dconf];
   services.blueman.enable = true;
 
   services.xserver = {
@@ -57,31 +61,23 @@
     };
 
     displayManager = {
-      gdm.enable = false;
+      gdm.enable = true;
 
       autoLogin = {
         enable = true;
         user = "steveej";
       };
-
-      lightdm = {
-        enable = true;
-        background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png";
-      };
-
-      sessionCommands = "";
     };
   };
 
-  services.gvfs.enable = true;
-  programs.seahorse.enable = true;
+  # gnome, most of it is disabled and ideally it could live entirely in the user's home config
   programs.gpaste.enable = false;
   programs.gnome-terminal.enable = false;
   programs.gnome-documents.enable = false;
   programs.gnome-disks.enable = false;
 
   services.gnome = {
-    # gnome-online-miners.enable = false; TODO: enable this again
+    gnome-online-miners.enable = lib.mkForce false;
     games.enable = false;
     gnome-remote-desktop.enable = false;
     gnome-user-share.enable = false;
@@ -90,15 +86,47 @@
     tracker.enable = false;
     tracker-miners.enable = false;
 
-    # FIXME: gnome should be moved to user session
+    gnome-browser-connector.enable = false;
+    gnome-initial-setup.enable = false;
+
+    # FIXME: gnome should be moved to home config
+    gnome-settings-daemon.enable = true;
     core-os-services.enable = true;
     at-spi2-core.enable = true;
     evolution-data-server.enable = true;
     gnome-online-accounts.enable = true;
-    gnome-keyring.enable = true;
+    gnome-keyring.enable = lib.mkForce false;
   };
 
+  # FIXME: gnome should be moved to user session
+  services.gvfs.enable = true;
+  programs.seahorse.enable = true;
+  programs.dconf.enable = true;
+
+  environment.gnome.excludePackages =
+    (with pkgs; [
+      orca
+      gnome-photos
+      gnome-tour
+    ])
+    ++ (with pkgs.gnome; [
+      cheese # webcam tool
+      gnome-music
+      gnome-terminal
+      gedit # text editor
+      epiphany # web browser
+      geary # email reader
+      evince # document viewer
+      gnome-characters
+      totem # video player
+      tali # poker game
+      iagno # go game
+      hitori # sudoku game
+      atomix # puzzle game
+    ]);
+
   # More Services
+  environment.systemPackages = [pkgs.gnome.adwaita-icon-theme pkgs.gnomeExtensions.appindicator];
   services.udev.packages = [pkgs.libu2f-host pkgs.yubikey-personalization pkgs.android-udev-rules];
   services.udev.extraRules = ''
     # OnePlusOne
@@ -120,4 +148,9 @@
   '';
 
   services.logind.lidSwitchExternalPower = "ignore";
+
+  services.printing = {
+    enable = true;
+    drivers = with pkgs; [mfcl3770cdwlpr mfcl3770cdwcupswrapper];
+  };
 }

nix/os/profiles/podman/configuration.nix

@@ -1,182 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}: {
-  environment.systemPackages = with pkgs; [
-    podman
-    runc
-    conmon
-    cni
-    cni-plugins
-    slirp4netns
-  ];
-
-  environment.etc."containers/registries.conf".text = ''
-    # This is a system-wide configuration file used to
-    # keep track of registries for various container backends.
-    # It adheres to TOML format and does not support recursive
-    # lists of registries.
-
-    [registries.search]
-    registries = [ 'docker.io'
-      , 'registry.fedoraproject.org'
-      , 'registry.access.redhat.com'
-      , 'quay.io'
-    ]
-
-    # If you need to access insecure registries, add the registry's fully-qualified name.
-    # An insecure registry is one that does not have a valid SSL certificate or only does HTTP.
-    [registries.insecure]
-    registries = ['localhost:5000']
-  '';
-
-  environment.etc."containers/policy.json".text = ''
-    {
-        "default": [
-            {
-                "type": "insecureAcceptAnything"
-            }
-        ],
-        "transports":
-            {
-                "docker-daemon":
-                    {
-                        "": [{"type":"insecureAcceptAnything"}]
-                    }
-            }
-    }
-  '';
-
-  environment.etc."cni/net.d/00-loopback.conf".text = ''
-    {
-        "cniVersion": "0.3.0",
-        "type": "loopback"
-    }
-  '';
-
-  environment.etc."cni/net.d/87-podman-bridge.conflist".text = ''
-    {
-        "cniVersion": "0.3.0",
-        "name": "podman",
-        "plugins": [
-          {
-            "type": "bridge",
-            "bridge": "cni0",
-            "isGateway": true,
-            "ipMasq": true,
-            "ipam": {
-                "type": "host-local",
-                "subnet": "10.88.0.0/16",
-                "routes": [
-                    { "dst": "0.0.0.0/0" }
-                ]
-            }
-          },
-          {
-            "type": "portmap",
-            "capabilities": {
-              "portMappings": true
-            }
-          }
-        ]
-    }
-  '';
-
-  environment.etc."containers/libpod.conf".text = ''
-    # libpod.conf is the default configuration file for all tools using libpod to
-    # manage containers
-
-    # Default transport method for pulling and pushing for images
-    image_default_transport = "docker://"
-
-    # Paths to search for the Conmon container manager binary
-    runtime_path = [
-      "${pkgs.runc}/bin/runc"
-    ]
-
-
-    # Paths to look for the Conmon container manager binary
-    conmon_path = [
-      "${pkgs.conmon}/bin/conmon"
-    ]
-
-
-    # Environment variables to pass into conmon
-    conmon_env_vars = [
-      # "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-    ]
-
-    # CGroup Manager - valid values are "systemd" and "cgroupfs"
-    cgroup_manager = "systemd"
-
-    # Container init binary
-    #init_path = "/usr/libexec/podman/catatonit"
-
-    # Directory for persistent libpod files (database, etc)
-    # By default, this will be configured relative to where containers/storage
-    # stores containers
-    # Uncomment to change location from this default
-    #static_dir = "/var/lib/containers/storage/libpod"
-
-    # Directory for temporary files. Must be tmpfs (wiped after reboot)
-    tmp_dir = "/var/run/libpod"
-
-    # Maximum size of log files (in bytes)
-    # -1 is unlimited
-    max_log_size = -1
-
-    # Whether to use chroot instead of pivot_root in the runtime
-    no_pivot_root = false
-
-    # Directory containing CNI plugin configuration files
-    cni_config_dir = "/etc/cni/net.d/"
-
-    # Directories where the CNI plugin binaries may be located
-    cni_plugin_dir = [
-      "${pkgs.cni-plugins}/bin"
-    ]
-
-
-    # Default CNI network for libpod.
-    # If multiple CNI network configs are present, libpod will use the network with
-    # the name given here for containers unless explicitly overridden.
-    # The default here is set to the name we set in the
-    # 87-podman-bridge.conflist included in the repository.
-    # Not setting this, or setting it to the empty string, will use normal CNI
-    # precedence rules for selecting between multiple networks.
-    cni_default_network = "podman"
-
-    # Default libpod namespace
-    # If libpod is joined to a namespace, it will see only containers and pods
-    # that were created in the same namespace, and will create new containers and
-    # pods in that namespace.
-    # The default namespace is "", which corresponds to no namespace. When no
-    # namespace is set, all containers and pods are visible.
-    #namespace = ""
-
-    # Default pause image name for pod pause containers
-    pause_image = "k8s.gcr.io/pause:3.1"
-
-    # Default command to run the pause container
-    pause_command = "/pause"
-
-    # Determines whether libpod will reserve ports on the host when they are
-    # forwarded to containers. When enabled, when ports are forwarded to containers,
-    # they are held open by conmon as long as the container is running, ensuring that
-    # they cannot be reused by other programs on the host. However, this can cause
-    # significant memory usage if a container has many ports forwarded to it.
-    # Disabling this can save memory.
-    #enable_port_reservation = true
-
-    # Default libpod support for container labeling
-    # label=true
-
-    # Paths to look for a valid OCI runtime (runc, runv, etc)
-    # FIXME: this doesn't seem to take effect
-    [runtimes]
-    runc = [
-      "${pkgs.runc}/bin/runc"
-    ]
-  '';
-}