fix: agenix on nix-darwin, update flake.nix

Makefile

@@ -58,15 +58,13 @@ darwin-set-proxy:
 
 ha: darwin-set-proxy
 	nix build .#darwinConfigurations.harmonica.system
-	./result/sw/bin/darwin-rebuild switch --flake .
+	./result/sw/bin/darwin-rebuild switch --flake .#harmonica
 	sleep 1
-	sudo chmod 644 /etc/agenix/alias-for-work.*
 
 ha-debug: darwin-set-proxy
-	nix build .#darwinConfigurations.harmonica.system --show-trace --verbose
+	nom build .#darwinConfigurations.harmonica.system --show-trace --verbose
 	./result/sw/bin/darwin-rebuild switch --flake .#harmonica --show-trace --verbose
 	sleep 1
-	sudo chmod 644 /etc/agenix/alias-for-work.*
 
 ############################################################################
 #

flake.lock

@@ -4,7 +4,9 @@
       "inputs": {
         "darwin": "darwin",
         "home-manager": "home-manager",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": [
+          "nixpkgs"
+        ]
       },
       "locked": {
         "lastModified": 1689334118,
@@ -456,7 +458,9 @@
     "hyprland": {
       "inputs": {
         "hyprland-protocols": "hyprland-protocols",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
         "systems": "systems",
         "wlroots": "wlroots",
         "xdph": "xdph"
@@ -635,7 +639,7 @@
     },
     "nixos-licheepi4a": {
       "inputs": {
-        "nixpkgs": "nixpkgs_3",
+        "nixpkgs": "nixpkgs",
         "thead-kernel": "thead-kernel"
       },
       "locked": {
@@ -655,7 +659,7 @@
     "nixos-rk3588": {
       "inputs": {
         "mesa-panfork": "mesa-panfork",
-        "nixpkgs": "nixpkgs_4"
+        "nixpkgs": "nixpkgs_2"
       },
       "locked": {
         "lastModified": 1694350741,
@@ -673,16 +677,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1677676435,
+        "lastModified": 1691280485,
-        "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",
+        "narHash": "sha256-/8Ct9092OC1TTNzHgbcE9ejQdS2QxZYGqrWXEwUxdtQ=",
-        "owner": "NixOS",
+        "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169",
+        "rev": "240472b7e47a641e9e7675f58b64d3626ca7824d",
         "type": "github"
       },
       "original": {
-        "owner": "NixOS",
+        "owner": "nixos",
-        "ref": "nixos-unstable",
+        "ref": "nixos-23.05-small",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -752,38 +756,6 @@
       }
     },
     "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1700612854,
-        "narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "19cbff58383a4ae384dea4d1d0c823d72b49d614",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_3": {
-      "locked": {
-        "lastModified": 1691280485,
-        "narHash": "sha256-/8Ct9092OC1TTNzHgbcE9ejQdS2QxZYGqrWXEwUxdtQ=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "240472b7e47a641e9e7675f58b64d3626ca7824d",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "nixos-23.05-small",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_4": {
       "locked": {
         "lastModified": 1691486536,
         "narHash": "sha256-W2jYTn6rNiJEpjXkOiZxNltgxxwgeZE5cQ967NgsrHU=",
@@ -799,7 +771,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_5": {
+    "nixpkgs_3": {
       "locked": {
         "lastModified": 1702346276,
         "narHash": "sha256-eAQgwIWApFQ40ipeOjVSoK4TEHVd6nbSd9fApiHIw5A=",
@@ -815,7 +787,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_6": {
+    "nixpkgs_4": {
       "locked": {
         "lastModified": 1692221125,
         "narHash": "sha256-nKUDlbLL8/WW3Fpx9Y0sY+LliTqU3/GexvHU9BdA8Qk=",
@@ -831,25 +803,9 @@
         "type": "github"
       }
     },
-    "nixpkgs_7": {
-      "locked": {
-        "lastModified": 1689261696,
-        "narHash": "sha256-LzfUtFs9MQRvIoQ3MfgSuipBVMXslMPH/vZ+nM40LkA=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "df1eee2aa65052a18121ed4971081576b25d6b5c",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nur-ryan4yin": {
       "inputs": {
-        "nixpkgs": "nixpkgs_6"
+        "nixpkgs": "nixpkgs_4"
       },
       "locked": {
         "lastModified": 1701952536,
@@ -887,7 +843,9 @@
         "flake-compat": "flake-compat_2",
         "flake-utils": "flake-utils_2",
         "gitignore": "gitignore_2",
-        "nixpkgs": "nixpkgs_7",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
         "nixpkgs-stable": "nixpkgs-stable_2"
       },
       "locked": {
@@ -958,7 +916,7 @@
         "nixos-generators": "nixos-generators",
         "nixos-licheepi4a": "nixos-licheepi4a",
         "nixos-rk3588": "nixos-rk3588",
-        "nixpkgs": "nixpkgs_5",
+        "nixpkgs": "nixpkgs_3",
         "nixpkgs-darwin": "nixpkgs-darwin",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "nur-ryan4yin": "nur-ryan4yin",

flake.nix

@@ -17,6 +17,7 @@
     self,
     nixpkgs,
     nixpkgs-unstable,
+    nixpkgs-darwin,
     pre-commit-hooks,
     nix-darwin,
     home-manager,
@@ -124,7 +125,7 @@
     nixosConfigurations = let
       base_args = {
         inherit home-manager nixos-generators;
-        nixpkgs = nixpkgs; # or nixpkgs-unstable
+        inherit nixpkgs; # or nixpkgs-unstable
         system = x64_system;
         specialArgs = x64_specialArgs;
       };
@@ -145,7 +146,7 @@
       # x86_64 related
       x64_base_args = {
         inherit home-manager;
-        nixpkgs = nixpkgs; # or nixpkgs-unstable
+        inherit nixpkgs; # or nixpkgs-unstable
         specialArgs = x64_specialArgs;
       };
 
@@ -160,7 +161,7 @@
         // inputs;
       lpi4a_base_args = {
         inherit home-manager;
-        nixpkgs = nixos-licheepi4a.inputs.nixpkgs; # or nixpkgs-unstable
+        inherit (nixos-licheepi4a.inputs) nixpkgs; # or nixpkgs-unstable
         specialArgs = lpi4a_specialArgs;
         targetUser = "root";
       };
@@ -175,7 +176,7 @@
         // nixos-rk3588.inputs;
       rk3588_base_args = {
         inherit home-manager;
-        nixpkgs = nixos-rk3588.inputs.nixpkgs; # or nixpkgs-unstable
+        inherit (nixos-rk3588.inputs) nixpkgs; # or nixpkgs-unstable
         specialArgs = rk3588_specialArgs;
         targetUser = "root";
       };
@@ -253,7 +254,8 @@
         }
         // inputs;
       base_args = {
-        inherit nix-darwin home-manager system specialArgs nixpkgs;
+        inherit nix-darwin home-manager system specialArgs;
+        nixpkgs = nixpkgs-darwin;
       };
     in {
       harmonica = macosSystem (base_args
@@ -306,7 +308,10 @@
     nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
 
     # add git hooks to format nix code before commit
-    pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
+    pre-commit-hooks = {
+      url = "github:cachix/pre-commit-hooks.nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
 
     # for macos
     nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-23.11-darwin";
@@ -333,7 +338,11 @@
 
     impermanence.url = "github:nix-community/impermanence";
 
-    hyprland.url = "github:hyprwm/Hyprland/v0.33.1";
+    hyprland = {
+      url = "github:hyprwm/Hyprland/v0.33.1";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     # community wayland nixpkgs
     # nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland";
     # anyrun - a wayland launcher
@@ -349,7 +358,10 @@
     };
 
     # secrets management, lock with git commit at 2023/7/15
-    agenix.url = "github:ryantm/agenix/0d8c5325fc81daf00532e3e26c6752f7bcde1143";
+    agenix = {
+      url = "github:ryantm/agenix/0d8c5325fc81daf00532e3e26c6752f7bcde1143";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
 
     ########################  Some non-flake repositories  #########################################
 

home/base/server/zellij/default.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   programs.zellij = {
     enable = true;
   };

home/darwin/default.nix

@@ -11,7 +11,7 @@
   # Home Manager needs a bit of information about you and the
   # paths it should manage.
   home = {
-    username = username;
+    inherit username;
     # set homeDirectory make build fail
     homeDirectory = "/Users/${username}";
 

hosts/idols/aquamarine/default.nix

@@ -1,4 +1,4 @@
-{...} @ args:
+args:
 #############################################################
 #
 #  Aquamarine - A NixOS VM running on Proxmox

hosts/idols/kana/default.nix

@@ -1,4 +1,4 @@
-{...} @ args:
+args:
 #############################################################
 #
 #  Kana - a NixOS VM running on Proxmox

hosts/idols/ruby/default.nix

@@ -1,4 +1,4 @@
-{...} @ args:
+args:
 #############################################################
 #
 #  Ruby - a NixOS VM running on Proxmox

lib/colmenaSystem.nix

@@ -12,7 +12,6 @@
 in
   {
     name,
-    nodes,
     ...
   }: {
     deployment = {

lib/macosSystem.nix

@@ -15,6 +15,7 @@ in
       darwin-modules
       ++ [
         ({lib, ...}: {
+          nixpkgs.pkgs = import nixpkgs {inherit system;};
           # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake.
           nix.registry.nixpkgs.flake = nixpkgs;
 

lib/nixosSystem.nix

@@ -7,7 +7,7 @@
   nixos-modules,
   home-module,
 }: let
-  username = specialArgs.username;
+  inherit (specialArgs) username;
 in
   nixpkgs.lib.nixosSystem {
     inherit system specialArgs;

modules/base.nix

@@ -29,25 +29,6 @@
     builders-use-substitutes = true;
   };
 
-  # do garbage collection weekly to keep disk usage low
-  nix.gc =
-    {
-      automatic = lib.mkDefault true;
-      options = lib.mkDefault "--delete-older-than 7d";
-    }
-    // (
-      if pkgs.stdenv.isLinux
-      then {
-        dates = lib.mkDefault "weekly";
-      }
-      else {
-        # nix-darwin
-        interval = {
-          Hour = 24;
-        };
-      }
-    );
-
   # Allow unfree packages
   nixpkgs.config.allowUnfree = lib.mkDefault false;
 }

modules/darwin/nix-core.nix

@@ -1,6 +1,5 @@
 {
   pkgs,
-  lib,
   ...
 }: {
   ###################################################################################
@@ -27,7 +26,7 @@
   # Disable auto-optimise-store because of this issue:
   #   https://github.com/NixOS/nix/issues/7273
   # "error: cannot link '/nix/store/.tmp-link-xxxxx-xxxxx' to '/nix/store/.links/xxxx': File exists"
-  nix.settings = {
+  nix.settings.auto-optimise-store = false;
-    auto-optimise-store = false;
+
-  };
+  nix.gc.automatic = false;
 }

modules/nixos/base/misc.nix

@@ -15,6 +15,13 @@
   # for nix server, we do not need to keep too much generations
   boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
 
+  # do garbage collection weekly to keep disk usage low
+  nix.gc = {
+    automatic = lib.mkDefault true;
+    dates = lib.mkDefault "weekly";
+    options = lib.mkDefault "--delete-older-than 7d";
+  };
+
   # Manual optimise storage: nix-store --optimise
   # https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-optimise-store
   nix.settings.auto-optimise-store = true;

overlays/fonts/default.nix

@@ -1,3 +1,3 @@
-{...}: (self: super: {
+_: (self: super: {
   icomoon-feather-icon-font = super.callPackage ./icomoon-feather-icon-font.nix {};
 })

overlays/fonts/icomoon-feather-icon-font.nix

@@ -30,7 +30,7 @@ stdenvNoCC.mkDerivation rec {
   meta = with lib; {
     homepage = "https://github.com/feathericons/feather";
     description = "Icomoon feather font";
-    version = version;
+    inherit version;
     longDescription = ''
       Feather is a collection of simply beautiful open source icons.
       Each icon is designed on a 24x24 grid with an emphasis on simplicity, consistency, and flexibility.

secrets/darwin.nix

@@ -53,11 +53,33 @@
   };
 
   # activationScripts are executed every time you run `nixos-rebuild` / `darwin-rebuild`.
-  # but not when you reboot the system, so currently you need to run those commands manually after reboot...
+  system.activationScripts.postActivation.text = ''
-  #
+    chmod 644 /etc/agenix/*
-  # /etc/agenix/* will be created after the first time you run `nixos-rebuild` / `darwin-rebuild` successfully.
+  '';
-  # so you may need to comment out the following lines if it's the first time you run `nixos-rebuild` / `darwin-rebuild` on a new system.
+  # When you eboot the system, only these scripts will be executed:
-  system.activationScripts.postUserActivation.text = ''
+  #    https://github.com/LnL7/nix-darwin/blob/4eb1c549a9d4/modules/services/activate-system/default.nix6
-    sudo chmod 644 /etc/agenix/*
+  # So we need to add the following line to the script:
+  launchd.daemons.activate-system.script = ''
+    set -e
+    set -o pipefail
+    export PATH="${pkgs.gnugrep}/bin:${pkgs.coreutils}/bin:@out@/sw/bin:/usr/bin:/bin:/usr/sbin:/sbin"
+
+    systemConfig=$(cat ${config.system.profile}/systemConfig)
+
+    # Make this configuration the current configuration.
+    # The readlink is there to ensure that when $systemConfig = /system
+    # (which is a symlink to the store), /run/current-system is still
+    # used as a garbage collection root.
+    ln -sfn $(cat ${config.system.profile}/systemConfig) /run/current-system
+
+    # Prevent the current configuration from being garbage-collected.
+    ln -sfn /run/current-system /nix/var/nix/gcroots/current-system
+
+    ${config.system.activationScripts.etcChecks.text}
+    ${config.system.activationScripts.etc.text}
+    ${config.system.activationScripts.keyboard.text}
+
+    # The following line is added by me
+    ${config.system.activationScripts.postActivation.text}
   '';
 }