palo
/
nixos-config
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

add chungus

feature/nixinite
Ingolf Wagner 2023-06-30 11:02:05 +02:00
parent 63603e872a
commit f47eb1017d
Signed by: palo
GPG Key ID: 76BF5F1928B9618B
3 changed files with 117 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

224
flake.nix
View File

@ -110,32 +110,6 @@
pkgs = nixpkgs.legacyPackages.${system};
inherit (nixpkgs) lib;
nixosSystem = args:
(lib.makeOverridable lib.nixosSystem)
(lib.recursiveUpdate args {
modules =
args.modules
++ [
{
config.nixpkgs.pkgs = lib.mkDefault args.pkgs;
config.nixpkgs.localSystem = lib.mkDefault args.pkgs.stdenv.hostPlatform;
}
];
});
pullNetworkPasswords = pkgs.writers.writeBashBin "pull-network-passwords" ''
# collect all network configurations and save them in the store
sudo ls /etc/NetworkManager/system-connections \
| while read file
do
sudo cat "/etc/NetworkManager/system-connections/$file" \
| ${pkgs.pass}/bin/pass insert -m "krops/desktop_secrets/network-manager/system-connections/$file"
done
'';
pushNetworkPasswords = pkgs.writers.writeBashBin "push-network-passwords" ''
echo "push network passwords to $1"
'';
meta = rec {
system = "x86_64-linux";
@ -158,10 +132,10 @@
legacy_2105 = nixpkgs-legacy_2105 {
inherit system;
};
polygon-art = polygon-art.packages.${pkgs.system};
landingpage = landingpage.packages.${pkgs.system}.plain;
trilium-server = nixpkgs-unstable.legacyPackages.${pkgs.system}.trilium-server;
kmonad = kmonad.packages.${pkgs.system}.kmonad;
polygon-art = polygon-art.packages.${system};
landingpage = landingpage.packages.${system}.plain;
trilium-server = nixpkgs-unstable.legacyPackages.${system}.trilium-server;
kmonad = kmonad.packages.${system}.kmonad;
#deploy-rs = deploy-rs.packages.${system}.deploy-rs;
})
(import ./nixos/pkgs)
@ -173,9 +147,56 @@
};
};
# todo : why redefine it?
nixosSystem = args:
(lib.makeOverridable lib.nixosSystem)
(lib.recursiveUpdate args {
modules =
args.modules
++ [
{
config.nixpkgs.pkgs = lib.mkDefault args.pkgs;
config.nixpkgs.localSystem = lib.mkDefault args.pkgs.stdenv.hostPlatform;
}
];
});
nixosConfigurationSetup =
{ name
, host ? "${name}.private"
, modules
}:
nixosSystem {
inherit (meta) system specialArgs pkgs;
modules = modules ++ defaultModules ++ [
{
_module.args.nixinate = {
host = "${name}.private";
sshUser = "root";
buildOn = "remote"; # valid args are "local" or "remote"
substituteOnTarget = false; # if buildOn is "local" then it will substitute on the target, "-s"
hermetic = false;
};
}
{
imports = [
./nixos/machines/${name}/configuration.nix
(sopsModule name)
];
}
];
};
defaultModules = [
{
# todo : find out what this is?
# make flake inputs accessiable in NixOS
_module.args.self = self;
_module.args.inputs = self.inputs;
}
({ pkgs, lib, ... }:
{
# todo : check if this is still needed
nix = {
# no channesl needed this way
nixPath = [ "nixpkgs=${pkgs.path}" ];
@ -185,104 +206,91 @@
experimental-features = nix-command flakes
'';
};
boot.tmp.useTmpfs = lib.mkDefault true;
environment.systemPackages = [ nixpkgs-fmt.defaultPackage.${system} ];
imports = [
#./nixos/machines/${name}/configuration.nix
#(sopsModule name)
home-manager.nixosModules.home-manager
permown.nixosModules.permown
disko.nixosModules.disko
kmonad.nixosModules.default
{ nix.settings.substituters = [ "https://cache.nixos.org/" ]; }
];
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
})
{ nix.settings.substituters = [ "https://cache.nixos.org/" ]; }
{
boot.tmp.useTmpfs = lib.mkDefault true;
environment.systemPackages = [ nixpkgs-fmt.defaultPackage.${system} ];
imports = [
permown.nixosModules.permown
disko.nixosModules.disko
kmonad.nixosModules.default
grocy-scanner.nixosModule
];
}
];
sopsModule = name: { lib, ... }: {
sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml";
imports = [
sops-nix.nixosModules.sops
homeManagerModules = {
imports = [ home-manager.nixosModules.home-manager ];
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.mainUser.imports = [
doom-emacs-nix.hmModule
home-manager-utils.hmModule
];
};
sopsModule = name: { lib, ... }: {
imports = [ sops-nix.nixosModules.sops ];
sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml";
};
in
{
devShells.${system}.default =
pkgs.mkShell {
buildInputs = [
pushNetworkPasswords
pullNetworkPasswords
nixpkgs-fmt.defaultPackage.${system}
#deploy-rs.packages.${system}.deploy-rs
];
};
#deploy.nodes.cream.profiles.system = {
# user = "root";
# path = meta.deployPkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.cream;
#};
# This is highly advised, and will prevent many possible mistakes
# checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
apps = nixinate.nixinate.x86_64-linux self;
#packages = with nixpkgs.lib; {
# "x86_64-linux" = (mapAttrs'
# (host: sys: {
# name = "vm-${host}";
# value = sys.config.system.build.vm;
# })
# self.nixosConfigurations) // (mapAttrs'
# (host: sys: {
# name = "sd-${host}";
# value = sys.config.system.build.sdImage;
# })
# (filterAttrs
# (n: hasAttrByPath [ "config" "system" "build" "sdImage" ])
# self.nixosConfigurations));
#};
packages = with nixpkgs.lib; {
${system} =
let
vms = mapAttrs'
(host: sys: {
name = "vm-${host}";
value = sys.config.system.build.vm;
})
self.nixosConfigurations;
sds = mapAttrs'
(host: sys: {
name = "sd-${host}";
value = sys.config.system.build.sdImage;
})
(filterAttrs
(n: hasAttrByPath [ "config" "system" "build" "sdImage" ])
self.nixosConfigurations);
nixosConfigurations = {
cream = nixosSystem {
inherit (meta) system specialArgs;
pkgs = meta.pkgs;
modules = defaultModules ++ [
{
_module.args.nixinate = {
host = "cream.private";
sshUser = "root";
buildOn = "remote"; # valid args are "local" or "remote"
substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s"
hermetic = false;
};
}
{
# make flake inputs accessiable in NixOS
_module.args.self = self;
_module.args.inputs = self.inputs;
}
{
imports = [
./nixos/machines/cream/configuration.nix
(sopsModule "cream")
grocy-scanner.nixosModule
nixos-hardware.nixosModules.framework-12th-gen-intel
private_assets.nixosModules.jobrad
retiolum.nixosModules.retiolum
];
home-manager.users.mainUser.imports = [
doom-emacs-nix.hmModule
home-manager-utils.hmModule
];
}
];
};
in
vms // sds;
};
nixosConfigurations =
{
cream = nixosConfigurationSetup {
name = "cream";
modules = [
nixos-hardware.nixosModules.framework-12th-gen-intel
retiolum.nixosModules.retiolum
private_assets.nixosModules.jobrad
homeManagerModules
];
};
chungus = nixosConfigurationSetup {
name = "chungus";
modules = [
#retiolum.nixosModules.retiolum
#private_assets.nixosModules.jobrad
#homeManagerModules
];
};
};
};

2
nixos/machines/chungus/configuration.nix
View File

@ -55,7 +55,7 @@
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.tmpOnTmpfs = true; # make /tmp a tmpfs (performance!)
boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)
boot.supportedFilesystems = [ "zfs" ];
# head -c4 /dev/urandom | od -A none -t x4

2
nixos/machines/chungus/hardware-configuration.nix
View File

@ -26,6 +26,4 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# high-resolution display
hardware.video.hidpi.enable = lib.mkDefault true;
}