spanch

11 files changed, 211 insertions, 107 deletions

diff --git a/derivations/codex/default.nix b/derivations/codex/default.nix
new file mode 100644
index 0000000..5a0f366
--- /dev/null
+++ b/derivations/codex/default.nix
@@ -0,0 +1,63 @@
+{
+  lib,
+  rustPlatform,
+  fetchFromGitHub,
+  nix-update-script,
+  pkg-config,
+  openssl,
+  versionCheckHook,
+}:
+rustPlatform.buildRustPackage (finalAttrs: {
+  pname = "codex";
+  version = "0.7.0";
+
+  src = fetchFromGitHub {
+    owner = "openai";
+    repo = "codex";
+    rev = "f14b5adabf5db34864c44c1ffc6c566b018fe0cc";
+    # tag = "rust-v${finalAttrs.version}";
+    hash = "sha256-rRe0JFEO5ixxrZYDL8kxXDOH0n7lqabkXNNaSlNnQDg=";
+  };
+
+  sourceRoot = "${finalAttrs.src.name}/codex-rs";
+
+  useFetchCargoVendor = true;
+  cargoHash = "sha256-QIZ3V4NUo1VxJN3cwdQf3S0zwePnwdKKfch0jlIJacU=";
+
+  nativeBuildInputs = [
+    pkg-config
+  ];
+  buildInputs = [
+    openssl
+  ];
+
+  checkFlags = [
+    "--skip=keeps_previous_response_id_between_tasks" # Requires network access
+    "--skip=retries_on_early_close" # Requires network access
+  ];
+
+  doInstallCheck = true;
+  nativeInstallCheckInputs = [versionCheckHook];
+
+  passthru = {
+    updateScript = nix-update-script {
+      extraArgs = [
+        "--version-regex"
+        "^rust-v(\\d+\\.\\d+\\.\\d+)$"
+      ];
+    };
+  };
+
+  meta = {
+    description = "Lightweight coding agent that runs in your terminal";
+    homepage = "https://github.com/openai/codex";
+    changelog = "https://raw.githubusercontent.com/openai/codex/refs/tags/rust-v${finalAttrs.version}/CHANGELOG.md";
+    license = lib.licenses.asl20;
+    mainProgram = "codex";
+    maintainers = with lib.maintainers; [
+      malo
+      delafthi
+    ];
+    platforms = lib.platforms.unix;
+  };
+})
diff --git a/derivations/codex/flake.nix b/derivations/codex/flake.nix
new file mode 100644
index 0000000..3a0a46f
--- /dev/null
+++ b/derivations/codex/flake.nix
@@ -0,0 +1,19 @@
+{
+  description = "Gemini CLI flake";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  };
+
+  outputs = {
+    self,
+    nixpkgs,
+  }: let
+    system = "x86_64-linux";
+    pkgs = nixpkgs.legacyPackages.${system};
+  in {
+    packages.${system}.default = pkgs.callPackage ./default.nix {
+      inherit (pkgs) lib buildNpmPackage fetchFromGitHub fetchNpmDeps gitUpdater;
+    };
+  };
+}
diff --git a/derivations/gemini/default.nix b/derivations/gemini/default.nix
new file mode 100644
index 0000000..ee53130
--- /dev/null
+++ b/derivations/gemini/default.nix
@@ -0,0 +1,103 @@
+# {
+#   lib,
+#   buildNpmPackage,
+#   fetchFromGitHub,
+#   fetchNpmDeps,
+#   writeShellApplication,
+#   cacert,
+#   curl,
+#   gnused,
+#   jq,
+#   nix-prefetch-github,
+#   prefetch-npm-deps,
+#   gitUpdater,
+# }:
+# buildNpmPackage (finalAttrs: {
+#   pname = "superapp";
+#   version = "0.4.2";
+#   src = fetchFromGitHub {
+#     owner = "sortugdev";
+#     repo = "superapp";
+#     tag = "v${finalAttrs.version}";
+#     hash = "sha256-DAenod/w9BydYdYsOnuLj7kCQRcTnZ81tf4MhLUug6c=";
+#   };
+#   npmDeps = fetchNpmDeps {
+#     inherit (finalAttrs) src;
+#     hash = "sha256-otogkSsKJ5j1BY00y4SRhL9pm7CK9nmzVisvGCDIMlU=";
+#   };
+#   preConfigure = ''
+#     mkdir -p packages/generated
+#     echo "export const GIT_COMMIT_INFO = { commitHash: '${finalAttrs.src.rev}' };" > packages/generated/git-commit.ts
+#   '';
+#   installPhase = ''
+#     runHook preInstall
+#     mkdir -p $out/{bin,share/superapp-cli}
+#     cp -r node_modules $out/share/superapp-cli/
+#     rm -f $out/share/superapp-cli/node_modules/@sortug/superapp-cli
+#     rm -f $out/share/superapp-cli/node_modules/@sortug/superapp-cli-core
+#     cp -r packages/cli $out/share/superapp-cli/node_modules/@sortug/superapp-cli
+#     cp -r packages/core $out/share/superapp-cli/node_modules/@sortug/superapp-cli-core
+#     ln -s $out/share/superapp-cli/node_modules/@sortug/superapp-cli/dist/index.js $out/bin/superapp
+#     runHook postInstall
+#   '';
+#   postInstall = ''
+#     chmod +x "$out/bin/superapp"
+#   '';
+#   passthru.updateScript = gitUpdater {};
+#   meta = {
+#     description = "Super app that will save the world";
+#     homepage = "https://github.com/sortugdev/superapp";
+#     license = lib.licenses.asl20;
+#     maintainers = with lib.maintainers; [pepe];
+#     platforms = lib.platforms.all;
+#     mainProgram = "superapp";
+#   };
+# })
+{
+  lib,
+  buildNpmPackage,
+  fetchFromGitHub,
+  fetchNpmDeps,
+  gitUpdater,
+}:
+buildNpmPackage (finalAttrs: {
+  pname = "gemini-cli";
+  version = "0.1.7";
+  src = fetchFromGitHub {
+    owner = "google-gemini";
+    repo = "gemini-cli";
+    tag = "v${finalAttrs.version}";
+    hash = "sha256-DAenod/w9BydYdYsOnuLj7kCQRcTnZ81tf4MhLUug6c=";
+  };
+  npmDeps = fetchNpmDeps {
+    inherit (finalAttrs) src;
+    hash = "sha256-otogkSsKJ5j1BY00y4SRhL9pm7CK9nmzVisvGCDIMlU=";
+  };
+  preConfigure = ''
+    mkdir -p packages/generated
+    echo "export const GIT_COMMIT_INFO = { commitHash: '${finalAttrs.src.rev}' };" > packages/generated/git-commit.ts
+  '';
+  installPhase = ''
+    runHook preInstall
+    mkdir -p $out/{bin,share/gemini-cli}
+    cp -r node_modules $out/share/gemini-cli/
+    rm -f $out/share/gemini-cli/node_modules/@google/gemini-cli
+    rm -f $out/share/gemini-cli/node_modules/@google/gemini-cli-core
+    cp -r packages/cli $out/share/gemini-cli/node_modules/@google/gemini-cli
+    cp -r packages/core $out/share/gemini-cli/node_modules/@google/gemini-cli-core
+    ln -s $out/share/gemini-cli/node_modules/@google/gemini-cli/dist/index.js $out/bin/gemini
+    runHook postInstall
+  '';
+  postInstall = ''
+    chmod +x "$out/bin/gemini"
+  '';
+  passthru.updateScript = gitUpdater {};
+  meta = {
+    description = "AI agent that brings the power of Gemini directly into your terminal";
+    homepage = "https://github.com/google-gemini/gemini-cli";
+    license = lib.licenses.asl20;
+    maintainers = with lib.maintainers; [donteatoreo];
+    platforms = lib.platforms.all;
+    mainProgram = "gemini";
+  };
+})
diff --git a/derivations/gemini/flake.nix b/derivations/gemini/flake.nix
new file mode 100644
index 0000000..9dd913d
--- /dev/null
+++ b/derivations/gemini/flake.nix
@@ -0,0 +1,20 @@
+{
+  description = "Gemini CLI flake";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  };
+
+  outputs = {
+    self,
+    nixpkgs,
+  }: let
+    system = "x86_64-linux";
+    pkgs = nixpkgs.legacyPackages.${system};
+  in {
+    packages.${system}.default = pkgs.callPackage ./default.nix {
+      inherit (pkgs) lib buildNpmPackage fetchFromGitHub fetchNpmDeps gitUpdater;
+      inherit nixpkgs;
+    };
+  };
+}
diff --git a/hosts/cloud/span/configuration.nix b/hosts/cloud/span/configuration.nix
index 1157308..cdf39d7 100644
--- a/hosts/cloud/span/configuration.nix
+++ b/hosts/cloud/span/configuration.nix
@@ -10,8 +10,8 @@
     # Include the results of the hardware scan.
     ./hardware-configuration.nix
     ./users.nix
-    ./mail.nix
-    ./packages.nix
+    # ./mail.nix
+    ../packages.nix
     ./nginx.nix
   ];
 
diff --git a/hosts/cloud/span/default.nix b/hosts/cloud/span/default.nix
index 3669483..6bce414 100644
--- a/hosts/cloud/span/default.nix
+++ b/hosts/cloud/span/default.nix
@@ -1,4 +1,5 @@
 inputs: [
   inputs.disko.nixosModules.disko
+  inputs.nixos-mailserver.nixosModule
   ./configuration.nix
 ]
diff --git a/hosts/cloud/span/flake.lock b/hosts/cloud/span/flake.lock
deleted file mode 100644
index 6bc7bd0..0000000
--- a/hosts/cloud/span/flake.lock
+++ /dev/null
@@ -1,27 +0,0 @@
-{
-  "nodes": {
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1704008649,
-        "narHash": "sha256-rGPSWjXTXTurQN9beuHdyJhB8O761w1Zc5BqSSmHvoM=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "d44d59d2b5bd694cd9d996fd8c51d03e3e9ba7f7",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "root": {
-      "inputs": {
-        "nixpkgs": "nixpkgs"
-      }
-    }
-  },
-  "root": "root",
-  "version": 7
-}
diff --git a/hosts/cloud/span/flake.nix b/hosts/cloud/span/flake.nix
deleted file mode 100644
index b801212..0000000
--- a/hosts/cloud/span/flake.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{
-  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
-
-  outputs = { nixpkgs, ... }:
-    {
-      nixosConfigurations.spanmail = nixpkgs.lib.nixosSystem {
-        system = "x86_64-linux";
-        modules = [
-          ./configuration.nix
-          ./users.nix
-          ./packages.nix
-          ./mail.nix
-        ];
-      };
-    };
-}
diff --git a/hosts/cloud/span/mail.nix b/hosts/cloud/span/mail.nix
index 9cc44a7..69be6a9 100644
--- a/hosts/cloud/span/mail.nix
+++ b/hosts/cloud/span/mail.nix
@@ -3,17 +3,6 @@
   pkgs,
   ...
 }: {
-  imports = [
-    (builtins.fetchTarball {
-      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-23.11/nixos-mailserver-nixos-23.11.tar.gz";
-      # To get the sha256 of the nixos-mailserver tarball, we can use the nix-prefetch-url command:
-      # release="nixos-23.05"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack
-
-      sha256 = "122vm4n3gkvlkqmlskiq749bhwfd0r71v6vcmg1bbyg4998brvx8";
-    })
-  ];
-
-  services.dovecot2.sieve.extensions = ["fileinto"];
   mailserver = {
     enable = true;
     fqdn = "mail.spandrell.ch";
@@ -32,7 +21,7 @@
         hashedPasswordFile = "/home/span/mail.key";
       };
       "lol@spandrell.ch" = {
-        hashedPasswordFile = "/home/span/mail2.key";
+        hashedPasswordFile = "/home/span/mail.key";
       };
       "sub@spandrell.ch" = {
         hashedPasswordFile = "/home/span/mail.key";
@@ -52,8 +41,6 @@
     # down nginx and opens port 80.
     certificateScheme = "acme-nginx";
   };
-  security.acme.acceptTerms = true;
-  security.acme.defaults.email = "security@spandrell.ch";
   services.roundcube = {
     enable = true;
     # this is the url of the vhost, not necessarily the same as the fqdn of
@@ -67,5 +54,4 @@
       $config['smtp_pass'] = "%p";
     '';
   };
-  services.nginx.enable = true;
 }
diff --git a/hosts/cloud/span/nginx.nix b/hosts/cloud/span/nginx.nix
index 4da4b68..9bfa8ea 100644
--- a/hosts/cloud/span/nginx.nix
+++ b/hosts/cloud/span/nginx.nix
@@ -3,6 +3,8 @@
   pkgs,
   ...
 }: {
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "admin@spandrell.ch";
   services.nginx = {
     enable = true;
     appendHttpConfig = ''
diff --git a/hosts/cloud/span/packages.nix b/hosts/cloud/span/packages.nix
deleted file mode 100644
index 6574071..0000000
--- a/hosts/cloud/span/packages.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-   nixpkgs.config = {
-     allowUnfree = true;
-   };
-
-  environment.systemPackages = with pkgs; [
-    vim
-    helix
-    fish
-    # unix utilities
-    tmux
-    bat # cat replacement written in Rust
-    colordiff
-    direnv # Per-directory environment variables
-    lsd
-    fd # find replacement written in Rust
-    fzf # Fuzzy finder
-    git
-    htop # Resource monitoring
-    jq # JSON parsing for the CLI
-    lsof
-    ripgrep # grep replacement written in Rust
-    sd # Fancy sed replacement
-    silver-searcher
-    strace # debug stack trace
-    tealdeer # tldr for various shell tools
-    testdisk
-    tokei # Handy tool to see lines of code by language
-    watchexec # Fileystem watcher/executor useful for speedy development
-    xsv # CSV file parsing utility
-    just # Intriguing new make replacement
-    mdcat # Markdown converter/reader for the CLI
-    tree
-    unzip
-    zip
-
-    # networking
-    curl
-    wget
-    
-    minio
-    ncdu
-  ];
-}
-