all: embrace unit packages where possible

Since we now pin nixpkgs to the same as the flake input, builds are
deterministic from run to run and there's no point running when the
version hasn't changed.

.github/workflows/build.yml

@@ -1,14 +1,25 @@
-name: "Build and populate cache"
+name: "CI"
 on:
   pull_request:
   push:
-  schedule:
-    # rebuild everyday at 6:50
-    # TIP: Choose a random time here so not all repositories are build at once:
-    # https://www.random.org/clock-times/?num=1&earliest=01%3A00&latest=08%3A00&interval=5&format=html&rnd=new
-    - cron:  '50 6 * * *'
 jobs:
-  tests:
+
+  checks:
+    strategy:
+      matrix:
+        check:
+          - nixpkgs-fmt
+          - deadnix
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - uses: cachix/install-nix-action@v19
+      - name: Check ${{ matrix.check }}
+        # Depends on nixos/nix#7759 to simply `nix flake check`
+        run: nix run .#checks.$(nix eval --raw --impure --expr "builtins.currentSystem").${{ matrix.check }}
+
+  build-and-update:
     strategy:
       matrix:
         # Set this to notify the global nur package registry that changes are
@@ -28,23 +39,14 @@ jobs:
         # in your repository settings in Github found at https://github.com/<your_githubname>/nur-packages/settings/secrets
         cachixName:
           - xeals
-        nixPath:
-          # - nixpkgs=channel:nixos-unstable
-          - nixpkgs=channel:nixpkgs-unstable
-          # Disable due to buildGoModule and buildRustPackage
-          # - nixpkgs=channel:nixos-20.03
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
       uses: actions/checkout@v3
     - name: Install nix
       uses: cachix/install-nix-action@v19
-      with:
-        nix_path: "${{ matrix.nixPath }}"
-        extra_nix_config: |
-          experimental-features = nix-command flakes
     - name: Show nixpkgs version
-      run: nix-instantiate --eval -E '(import <nixpkgs> {}).lib.version'
+      run: nix eval --impure --expr '(import ./flake-compat.nix { src = ./.; }).lib.version'
     - name: Setup cachix
       uses: cachix/cachix-action@v12
       if: ${{ matrix.cachixName != '<YOUR_CACHIX_NAME>' }}
@@ -52,7 +54,7 @@ jobs:
         name: ${{ matrix.cachixName }}
         signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
     - name: Build nix packages
-      run: nix shell -f '<nixpkgs>' nix-build-uncached -c nix-build-uncached ci.nix -A cacheOutputs
+      run: nix develop .#ci -c nix-build-uncached ci.nix -A cacheOutputs
     - name: Trigger NUR update
       if: ${{ matrix.nurRepo != '<YOUR_REPO_NAME>' }}
-      run: curl -XPOST "https://nur-update.herokuapp.com/update?repo=${{ matrix.nurRepo }}"
+      run: curl -XPOST "https://nur-update.nix-community.org/update?repo=${{ matrix.nurRepo }}"

.github/workflows/update.yml

@@ -0,0 +1,27 @@
+name: "Update flake inputs"
+on:
+  workflow_dispatch:
+  schedule:
+    # bump weekly at 6:50
+    - cron:  '50 6 * * 1'
+jobs:
+  update-flake:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        input:
+          - nixpkgs
+          - flake-utils
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - uses: cachix/install-nix-action@v19
+        with:
+          extra_nix_config: |
+            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+      - name: "Update input ${{ matrix.input }}"
+        uses: DeterminateSystems/update-flake-lock@v16
+        with:
+          inputs: ${{ matrix.input }}
+          pr-labels: dependencies

ci.nix

@@ -9,7 +9,7 @@
 # then your CI will be able to build and cache only those packages for
 # which this is possible.
 
-{ pkgs ? import <nixpkgs> { } }:
+{ pkgs ? import ./flake-compat.nix { src = ./.; } }:
 
 with builtins;
 

flake-compat.nix

@@ -0,0 +1,12 @@
+{ src, system ? builtins.currentSystem or "unknown-system" }:
+
+let
+  lockFilePath = "${src}/flake.lock";
+  lockFile = builtins.fromJSON (builtins.readFile lockFilePath);
+  nixpkgs = lockFile.nodes.nixpkgs.locked;
+  tarball = fetchTarball {
+    url = "https://github.com/${nixpkgs.owner}/${nixpkgs.repo}/archive/${nixpkgs.rev}.zip";
+    sha256 = nixpkgs.narHash;
+  };
+in
+import tarball { inherit system; }

flake.lock

@@ -1,5 +1,20 @@
 {
   "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1676283394,
+        "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1650194139,
@@ -18,6 +33,7 @@
     },
     "root": {
       "inputs": {
+        "flake-utils": "flake-utils",
         "nixpkgs": "nixpkgs"
       }
     }

flake.nix

@@ -2,62 +2,75 @@
   description = "xeals's Nix repository";
 
   inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+  inputs.flake-utils.url = "github:numtide/flake-utils";
 
-  outputs = { self, nixpkgs }:
+  outputs = { self, nixpkgs, flake-utils }:
     let
-
       inherit (nixpkgs) lib;
-
-      supportedSystems = [
-        "aarch64-darwin"
-        "aarch64-linux"
-        "i686-linux"
-        "x86_64-darwin"
-        "x86_64-linux"
-      ];
-
-      forAllSystems = f: lib.genAttrs supportedSystems (system: f system);
-
+      inherit (flake-utils.lib) mkApp;
+    in
+    flake-utils.lib.eachDefaultSystem
+      (system:
+        let
+          pkgs = import nixpkgs { inherit system; };
         in
         {
+          # nixos/rfcs#140
+          # Only produces the package set of the proposed functionality.
+          # Unstable names are variables.
+          packages =
+            let
+              unitDir = "unit";
+              packageFun = "package.nix";
 
-      nixosModules = lib.mapAttrs (_: path: import path) (import ./modules);
+              callUnitRoot = root:
+                let
+                  shards = lib.attrNames (builtins.readDir root);
+                  namesForShard = shard: lib.mapAttrs'
+                    (name: _: { inherit name; value = "${root}/${shard}/${name}"; })
+                    (builtins.readDir "${root}/${shard}");
+                  namesToPath = lib.foldl' lib.recursiveUpdate { } (map namesForShard shards);
+                  units = lib.mapAttrs (_: path: pkgs.callPackage "${path}/${packageFun}" { }) namesToPath;
+                in
+                units;
+              legacyPackages = import ./pkgs/top-level/all-packages.nix { inherit pkgs; };
+              onlyAvailable = lib.filterAttrs (_: drv: builtins.elem system (drv.meta.platforms or [ ]));
+            in
+            onlyAvailable (legacyPackages // callUnitRoot "${./pkgs}/${unitDir}");
 
-      nixosModule = {
+          checks = {
+            nixpkgs-fmt = pkgs.writeShellScriptBin "nixpkgs-fmt-check" ''
+              ${pkgs.nixpkgs-fmt}/bin/nixpkgs-fmt --check .
+            '';
+            deadnix = pkgs.writeShellScriptBin "deadnix-check" ''
+              ${pkgs.deadnix}/bin/deadnix --fail .
+            '';
+          };
+
+          devShells.ci = pkgs.mkShellNoCC {
+            buildInputs = [ pkgs.nix-build-uncached ];
+          };
+
+          apps = {
+            alacritty = mkApp { drv = pkgs.alacritty-ligatures; exePath = "/bin/alacritty"; };
+            protonmail-bridge = mkApp { drv = pkgs.protonmail-bridge; };
+            protonmail-bridge-headless = mkApp { drv = pkgs.protonmail-bridge; };
+            psst-cli = mkApp { drv = pkgs.psst; exePath = "/bin/psst-cli"; };
+            psst-gui = mkApp { drv = pkgs.psst; exePath = "/bin/psst-gui"; };
+            samrewritten = mkApp { drv = pkgs.samrewritten; };
+            spotify-ripper = mkApp { drv = pkgs.spotify-ripper; };
+          };
+        })
+    // {
+      nixosModules = lib.mapAttrs (_: path: import path) (import ./modules) // {
+        default = {
           imports = lib.attrValues self.nixosModules;
         };
+      };
 
       overlays = import ./overlays // {
-        pkgs = _final: prev: import ./pkgs/top-level/all-packages.nix { pkgs = prev; };
+        pkgs = _: prev: import ./pkgs/top-level/all-packages.nix { pkgs = prev; };
+        default = _: _: { xeals = nixpkgs.lib.composeExtensions self.overlays.pkgs; };
       };
-
-      overlay = _final: _prev: {
-        xeals = nixpkgs.lib.composeExtensions self.overlays.pkgs;
-      };
-
-      packages = forAllSystems (system:
-        let
-          pkgs = nixpkgs.legacyPackages.${system};
-          xPkgs = import ./pkgs/top-level/all-packages.nix { inherit pkgs; };
-        in
-        lib.filterAttrs
-          (_attr: drv: builtins.elem system (drv.meta.platforms or [ ]))
-          xPkgs);
-
-      apps = forAllSystems (system:
-        let
-          mkApp = opts: { type = "app"; } // opts;
-          pkgs = self.packages.${system};
-        in
-        {
-          alacritty = mkApp { program = "${pkgs.alacritty-ligatures}/bin/alacritty"; };
-          protonmail-bridge = mkApp { program = "${pkgs.protonmail-bridge}/bin/protonmail-bridge"; };
-          protonmail-bridge-headless = mkApp { program = "${pkgs.protonmail-bridge}/bin/protonmail-bridge"; };
-          psst-cli = mkApp { program = "${pkgs.psst}/bin/psst-cli"; };
-          psst-gui = mkApp { program = "${pkgs.psst}/bin/psst-gui"; };
-          samrewritten = mkApp { program = "${pkgs.samrewritten}/bin/samrewritten"; };
-          spotify-ripper = mkApp { program = "${pkgs.spotify-ripper}/bin/spotify-ripper"; };
-        });
-
     };
 }

pkgs/top-level/all-packages.nix

@@ -1,15 +1,6 @@
 { pkgs }:
 
 rec {
-  # Alacritty with the unmerged ligature patches applied.
-  alacritty-ligatures = pkgs.callPackage ../applications/terminal-emulators/alacritty-ligatures { };
-
-  atlauncher = pkgs.callPackage ../games/atlauncher { };
-
-  amdgpu-fan = pkgs.callPackage ../tools/misc/amdgpu-fan { };
-
-  cardboard = pkgs.callPackage ../applications/window-managers/cardboard { };
-
   goModules = pkgs.recurseIntoAttrs rec {
     qt = pkgs.libsForQt512.callPackage ../development/go-modules/qt { };
   };
@@ -34,14 +25,10 @@ rec {
     ideaUltimateWithPlugins = ideaUltimatePlugins.jetbrainsWithPlugins;
   };
 
-  libhl = pkgs.callPackage ../development/libraries/libhl { };
-
   mopidy-subidy = pkgs.callPackage ../applications/audio/mopidy/subidy.nix {
     python3Packages = pkgs.python3Packages // python3Packages;
   };
 
-  pam_gnupg = pkgs.callPackage ../os-specific/linux/pam_gnupg { };
-
   picom-animations = pkgs.picom.overrideAttrs (_oldAttrs: {
     pname = "picom-animations";
     src = pkgs.fetchFromGitHub {
@@ -58,27 +45,17 @@ rec {
     patches = (oldAttrs.patches or [ ]) ++ [ ../applications/misc/polybar/9button.patch ];
   });
 
-  psst = pkgs.callPackage ../applications/audio/psst { };
-
   python3Packages = pkgs.recurseIntoAttrs {
     py-sonic = pkgs.python3.pkgs.callPackage ../development/python-modules/py-sonic { };
   };
 
   # The one in Nixpkgs still extracts the pre-built Debian package instead
   # of building from source.
-  protonmailBridgePackages = pkgs.libsForQt512.callPackage ../applications/networking/protonmail-bridge {
+  protonmailBridgePackages = pkgs.libsForQt5.callPackage ../applications/networking/protonmail-bridge {
     inherit goModules;
   };
   protonmail-bridge = protonmailBridgePackages.protonmail-bridge;
   protonmail-bridge-headless = protonmailBridgePackages.protonmail-bridge-headless;
 
   radeon-profile-daemon = pkgs.libsForQt5.callPackage ../tools/misc/radeon-profile-daemon { };
-
-  samrewritten = pkgs.callPackage ../tools/misc/samrewritten { };
-
-  spotify-ripper = pkgs.callPackage ../tools/misc/spotify-ripper { };
-
-  ytarchive = pkgs.callPackage ../tools/misc/ytarchive { };
-
-  zsh-z = pkgs.callPackage ../shells/zsh/zsh-z { };
 }