From e99fb387cb89399b4c3089924562bb83ac69ec0b Mon Sep 17 00:00:00 2001
From: Aleksandr Lebedev <alex.lebedev2003@icloud.com>
Date: Fri, 14 Nov 2025 14:44:58 +0100
Subject: [PATCH] Guix (not working)

---
 modules/nixos/services/guix/default.nix       | 47 +++++++++++++++
 modules/nixos/users/kylekrein/default.nix     |  2 +-
 systems/x86_64-linux/stargate/disko.nix       |  5 ++
 .../x86_64-linux/stargate/guix-substitute.nix | 59 +++++++++++++++++++
 .../x86_64-linux/stargate/services/nginx.nix  |  7 +++
 5 files changed, 119 insertions(+), 1 deletion(-)
 create mode 100644 modules/nixos/services/guix/default.nix
 create mode 100644 systems/x86_64-linux/stargate/guix-substitute.nix

diff --git a/modules/nixos/services/guix/default.nix b/modules/nixos/services/guix/default.nix
new file mode 100644
index 0000000..70b7b51
--- /dev/null
+++ b/modules/nixos/services/guix/default.nix
@@ -0,0 +1,47 @@
+{
+  lib,
+  pkgs,
+  inputs,
+  namespace,
+  system,
+  target,
+  format,
+  virtual,
+  systems,
+  config,
+  ...
+}:
+with lib;
+with lib.${namespace}; let
+  cfg = config.${namespace}.services.guix;
+  impermanence = config.${namespace}.impermanence;
+  persist = impermanence.persistentStorage;
+in {
+  options.${namespace}.services.guix = with types; {
+    enable = mkBoolOpt false "Enable guix";
+  };
+
+  config = mkIf cfg.enable {
+    services.guix = {
+      enable = true;
+      gc.enable = true;
+      publish = {
+        enable = true;
+        port = 17333;
+        extraArgs = [
+          "--advertise"
+          "--compression=zstd:6"
+        ];
+      };
+    };
+
+    systemd.tmpfiles.rules = [
+      "d /var/guix 2775 root guixbuild - -"
+      "d /var/guix/daemon-socket 2770 root guixbuild - -"
+    ];
+
+    environment.persistence."${persist}/guix".directories = lib.optionals impermanence.enable [
+      "/var/guix"
+    ];
+  };
+}
diff --git a/modules/nixos/users/kylekrein/default.nix b/modules/nixos/users/kylekrein/default.nix
index cf0cc89..367bec7 100644
--- a/modules/nixos/users/kylekrein/default.nix
+++ b/modules/nixos/users/kylekrein/default.nix
@@ -18,7 +18,7 @@ with lib.${namespace}; let
   extraGroups = ["networkmanager" "touchscreen"];
   trustedSshKeys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFDdxZ5OyGcfD1JwEa4RWw86HWZ2dKFR0syrRckl7EvG kylekrein@kylekrein-homepc"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILt+CDDU4gDo12IO2dc50fceIWkn26/NuTq4j25hiGre kylekrein@kylekrein-framework12"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1HsOkUz+E0taJqwpWx/wCfHzHvhL3ia+LxdDj2Gn4T kylekrein@anaconda"
   ];
 
   cfg = config.${namespace}.users.${username};
diff --git a/systems/x86_64-linux/stargate/disko.nix b/systems/x86_64-linux/stargate/disko.nix
index 61117bb..ca0f1c3 100644
--- a/systems/x86_64-linux/stargate/disko.nix
+++ b/systems/x86_64-linux/stargate/disko.nix
@@ -37,6 +37,11 @@
 in {
   disko.devices = {
     disk = {
+      #main.content.partitions.luks.content.content.subvolumes."/gnu" = {
+      #	mountpoint = "/gnu";
+      #       mountOptions = ["subvol=guix" "compress=zstd" "noatime"];
+      #    };
+
       hdd1 = addHdd "/dev/sda" "crypt-hdd1";
       hdd2 = addHdd "/dev/sdb" "crypt-hdd2";
       hdd3 = addHdd "/dev/sdc" "crypt-hdd3";
diff --git a/systems/x86_64-linux/stargate/guix-substitute.nix b/systems/x86_64-linux/stargate/guix-substitute.nix
new file mode 100644
index 0000000..c1a686f
--- /dev/null
+++ b/systems/x86_64-linux/stargate/guix-substitute.nix
@@ -0,0 +1,59 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib.custom; let
+  enable = false;
+in {
+  custom.services.guix = {inherit enable;};
+  systemd.timers."guix-build" = {
+    inherit enable;
+    wantedBy = ["timers.target"];
+    timerConfig = {
+      OnBootSec = "120m";
+      OnUnitActiveSec = "120m";
+      Unit = "guix-build.service";
+    };
+  };
+
+  systemd.services."guix-build" = {
+    inherit enable;
+    script = let
+      gitRepo = "/root/dotfiles";
+      git = "${pkgs.git}/bin/git";
+      echo = "${pkgs.coreutils}/bin/echo";
+      repoUrl = "https://git.kylekrein.com/kylekrein/dotfiles.git";
+      guix = "${pkgs.guix}/bin/guix time-machine -C ${gitRepo}/guix-config/channels-lock.scm --";
+    in ''
+      if [ ! -d "${gitRepo}" ]; then
+              ${echo} "dotfiles repo not found, cloning..."
+              ${git} clone "${repoUrl}" "${gitRepo}"
+            else
+              ${echo} "Updating repo..."
+              cd "${gitRepo}"
+              ${git} fetch --all
+              ${git} reset --hard origin/master
+            fi
+
+            cd "${gitRepo}"
+
+            ${echo} "Building packages..."
+            ${guix} build -L "${gitRepo}" ${gitRepo}/guix-config/packages/*
+
+            ${echo} "Building system config..."
+            ${guix} system build -L "${gitRepo}" ${gitRepo}/guix-config/system/anaconda.scm
+
+            ${echo} "Building home config..."
+            ${guix} home build -L "${gitRepo}" ${gitRepo}/guix-config/home/workstation.scm
+
+            ${echo} "All builds complete!"
+    '';
+    serviceConfig = {
+      Type = "oneshot";
+      User = "root";
+      WorkingDirectory = "/root";
+    };
+  };
+}
diff --git a/systems/x86_64-linux/stargate/services/nginx.nix b/systems/x86_64-linux/stargate/services/nginx.nix
index c611bab..606a275 100644
--- a/systems/x86_64-linux/stargate/services/nginx.nix
+++ b/systems/x86_64-linux/stargate/services/nginx.nix
@@ -195,6 +195,13 @@ in {
           proxyWebsockets = true;
         };
       };
+      "guix.kylekrein.com" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = "http://localhost:${toString config.services.guix.publish.port}";
+        };
+      };
       "paperless.kylekrein.com" = {
         enableACME = true;
         forceSSL = true;