add chungus
This commit is contained in:
Ingolf Wagner
parent
63603e872a
commit
f47eb1017d
3 changed files with 117 additions and 111 deletions
224
flake.nix
224
flake.nix
|
|
@ -110,32 +110,6 @@
|
|||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
inherit (nixpkgs) lib;
|
||||
|
||||
nixosSystem = args:
|
||||
(lib.makeOverridable lib.nixosSystem)
|
||||
(lib.recursiveUpdate args {
|
||||
modules =
|
||||
args.modules
|
||||
++ [
|
||||
{
|
||||
config.nixpkgs.pkgs = lib.mkDefault args.pkgs;
|
||||
config.nixpkgs.localSystem = lib.mkDefault args.pkgs.stdenv.hostPlatform;
|
||||
}
|
||||
];
|
||||
});
|
||||
|
||||
|
||||
pullNetworkPasswords = pkgs.writers.writeBashBin "pull-network-passwords" ''
|
||||
# collect all network configurations and save them in the store
|
||||
sudo ls /etc/NetworkManager/system-connections \
|
||||
| while read file
|
||||
do
|
||||
sudo cat "/etc/NetworkManager/system-connections/$file" \
|
||||
| ${pkgs.pass}/bin/pass insert -m "krops/desktop_secrets/network-manager/system-connections/$file"
|
||||
done
|
||||
'';
|
||||
pushNetworkPasswords = pkgs.writers.writeBashBin "push-network-passwords" ''
|
||||
echo "push network passwords to $1"
|
||||
'';
|
||||
|
||||
meta = rec {
|
||||
system = "x86_64-linux";
|
||||
|
|
@ -158,10 +132,10 @@
|
|||
legacy_2105 = nixpkgs-legacy_2105 {
|
||||
inherit system;
|
||||
};
|
||||
polygon-art = polygon-art.packages.${pkgs.system};
|
||||
landingpage = landingpage.packages.${pkgs.system}.plain;
|
||||
trilium-server = nixpkgs-unstable.legacyPackages.${pkgs.system}.trilium-server;
|
||||
kmonad = kmonad.packages.${pkgs.system}.kmonad;
|
||||
polygon-art = polygon-art.packages.${system};
|
||||
landingpage = landingpage.packages.${system}.plain;
|
||||
trilium-server = nixpkgs-unstable.legacyPackages.${system}.trilium-server;
|
||||
kmonad = kmonad.packages.${system}.kmonad;
|
||||
#deploy-rs = deploy-rs.packages.${system}.deploy-rs;
|
||||
})
|
||||
(import ./nixos/pkgs)
|
||||
|
|
@ -173,9 +147,56 @@
|
|||
};
|
||||
};
|
||||
|
||||
# todo : why redefine it?
|
||||
nixosSystem = args:
|
||||
(lib.makeOverridable lib.nixosSystem)
|
||||
(lib.recursiveUpdate args {
|
||||
modules =
|
||||
args.modules
|
||||
++ [
|
||||
{
|
||||
config.nixpkgs.pkgs = lib.mkDefault args.pkgs;
|
||||
config.nixpkgs.localSystem = lib.mkDefault args.pkgs.stdenv.hostPlatform;
|
||||
}
|
||||
];
|
||||
});
|
||||
|
||||
nixosConfigurationSetup =
|
||||
{ name
|
||||
, host ? "${name}.private"
|
||||
, modules
|
||||
}:
|
||||
nixosSystem {
|
||||
inherit (meta) system specialArgs pkgs;
|
||||
modules = modules ++ defaultModules ++ [
|
||||
{
|
||||
_module.args.nixinate = {
|
||||
host = "${name}.private";
|
||||
sshUser = "root";
|
||||
buildOn = "remote"; # valid args are "local" or "remote"
|
||||
substituteOnTarget = false; # if buildOn is "local" then it will substitute on the target, "-s"
|
||||
hermetic = false;
|
||||
};
|
||||
}
|
||||
{
|
||||
imports = [
|
||||
./nixos/machines/${name}/configuration.nix
|
||||
(sopsModule name)
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
defaultModules = [
|
||||
{
|
||||
# todo : find out what this is?
|
||||
# make flake inputs accessiable in NixOS
|
||||
_module.args.self = self;
|
||||
_module.args.inputs = self.inputs;
|
||||
}
|
||||
({ pkgs, lib, ... }:
|
||||
{
|
||||
# todo : check if this is still needed
|
||||
nix = {
|
||||
# no channesl needed this way
|
||||
nixPath = [ "nixpkgs=${pkgs.path}" ];
|
||||
|
|
@ -185,104 +206,91 @@
|
|||
experimental-features = nix-command flakes
|
||||
'';
|
||||
};
|
||||
boot.tmp.useTmpfs = lib.mkDefault true;
|
||||
environment.systemPackages = [ nixpkgs-fmt.defaultPackage.${system} ];
|
||||
imports = [
|
||||
#./nixos/machines/${name}/configuration.nix
|
||||
#(sopsModule name)
|
||||
home-manager.nixosModules.home-manager
|
||||
permown.nixosModules.permown
|
||||
disko.nixosModules.disko
|
||||
kmonad.nixosModules.default
|
||||
{ nix.settings.substituters = [ "https://cache.nixos.org/" ]; }
|
||||
];
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
})
|
||||
{ nix.settings.substituters = [ "https://cache.nixos.org/" ]; }
|
||||
{
|
||||
boot.tmp.useTmpfs = lib.mkDefault true;
|
||||
environment.systemPackages = [ nixpkgs-fmt.defaultPackage.${system} ];
|
||||
imports = [
|
||||
permown.nixosModules.permown
|
||||
disko.nixosModules.disko
|
||||
kmonad.nixosModules.default
|
||||
grocy-scanner.nixosModule
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
sopsModule = name: { lib, ... }: {
|
||||
sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml";
|
||||
imports = [
|
||||
sops-nix.nixosModules.sops
|
||||
homeManagerModules = {
|
||||
imports = [ home-manager.nixosModules.home-manager ];
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.users.mainUser.imports = [
|
||||
doom-emacs-nix.hmModule
|
||||
home-manager-utils.hmModule
|
||||
];
|
||||
};
|
||||
|
||||
sopsModule = name: { lib, ... }: {
|
||||
imports = [ sops-nix.nixosModules.sops ];
|
||||
sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml";
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
devShells.${system}.default =
|
||||
pkgs.mkShell {
|
||||
buildInputs = [
|
||||
pushNetworkPasswords
|
||||
pullNetworkPasswords
|
||||
nixpkgs-fmt.defaultPackage.${system}
|
||||
#deploy-rs.packages.${system}.deploy-rs
|
||||
];
|
||||
};
|
||||
|
||||
#deploy.nodes.cream.profiles.system = {
|
||||
# user = "root";
|
||||
# path = meta.deployPkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.cream;
|
||||
#};
|
||||
|
||||
# This is highly advised, and will prevent many possible mistakes
|
||||
# checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
|
||||
|
||||
apps = nixinate.nixinate.x86_64-linux self;
|
||||
|
||||
#packages = with nixpkgs.lib; {
|
||||
# "x86_64-linux" = (mapAttrs'
|
||||
# (host: sys: {
|
||||
# name = "vm-${host}";
|
||||
# value = sys.config.system.build.vm;
|
||||
# })
|
||||
# self.nixosConfigurations) // (mapAttrs'
|
||||
# (host: sys: {
|
||||
# name = "sd-${host}";
|
||||
# value = sys.config.system.build.sdImage;
|
||||
# })
|
||||
# (filterAttrs
|
||||
# (n: hasAttrByPath [ "config" "system" "build" "sdImage" ])
|
||||
# self.nixosConfigurations));
|
||||
#};
|
||||
packages = with nixpkgs.lib; {
|
||||
${system} =
|
||||
let
|
||||
vms = mapAttrs'
|
||||
(host: sys: {
|
||||
name = "vm-${host}";
|
||||
value = sys.config.system.build.vm;
|
||||
})
|
||||
self.nixosConfigurations;
|
||||
sds = mapAttrs'
|
||||
(host: sys: {
|
||||
name = "sd-${host}";
|
||||
value = sys.config.system.build.sdImage;
|
||||
})
|
||||
(filterAttrs
|
||||
(n: hasAttrByPath [ "config" "system" "build" "sdImage" ])
|
||||
self.nixosConfigurations);
|
||||
|
||||
nixosConfigurations = {
|
||||
cream = nixosSystem {
|
||||
inherit (meta) system specialArgs;
|
||||
pkgs = meta.pkgs;
|
||||
modules = defaultModules ++ [
|
||||
{
|
||||
_module.args.nixinate = {
|
||||
host = "cream.private";
|
||||
sshUser = "root";
|
||||
buildOn = "remote"; # valid args are "local" or "remote"
|
||||
substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s"
|
||||
hermetic = false;
|
||||
};
|
||||
}
|
||||
{
|
||||
# make flake inputs accessiable in NixOS
|
||||
_module.args.self = self;
|
||||
_module.args.inputs = self.inputs;
|
||||
}
|
||||
{
|
||||
imports = [
|
||||
./nixos/machines/cream/configuration.nix
|
||||
(sopsModule "cream")
|
||||
grocy-scanner.nixosModule
|
||||
nixos-hardware.nixosModules.framework-12th-gen-intel
|
||||
private_assets.nixosModules.jobrad
|
||||
retiolum.nixosModules.retiolum
|
||||
];
|
||||
home-manager.users.mainUser.imports = [
|
||||
doom-emacs-nix.hmModule
|
||||
home-manager-utils.hmModule
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
in
|
||||
vms // sds;
|
||||
};
|
||||
|
||||
nixosConfigurations =
|
||||
{
|
||||
cream = nixosConfigurationSetup {
|
||||
name = "cream";
|
||||
modules = [
|
||||
nixos-hardware.nixosModules.framework-12th-gen-intel
|
||||
retiolum.nixosModules.retiolum
|
||||
private_assets.nixosModules.jobrad
|
||||
homeManagerModules
|
||||
];
|
||||
};
|
||||
chungus = nixosConfigurationSetup {
|
||||
name = "chungus";
|
||||
modules = [
|
||||
#retiolum.nixosModules.retiolum
|
||||
#private_assets.nixosModules.jobrad
|
||||
#homeManagerModules
|
||||
];
|
||||
};
|
||||
|
||||
|
||||
};
|
||||
|
||||
|
||||
|
||||
};
|
||||
|
|
|
|||
|
|
@ -55,7 +55,7 @@
|
|||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.tmpOnTmpfs = true; # make /tmp a tmpfs (performance!)
|
||||
boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)
|
||||
|
||||
boot.supportedFilesystems = [ "zfs" ];
|
||||
# head -c4 /dev/urandom | od -A none -t x4
|
||||
|
|
|
|||
|
|
@ -26,6 +26,4 @@
|
|||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
powerManagement.cpuFreqGovernor = "powersave";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
# high-resolution display
|
||||
hardware.video.hidpi.enable = lib.mkDefault true;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue