From f47eb1017da87b0c082b84f8b1cad7f9241fec08 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Fri, 30 Jun 2023 11:02:05 +0200 Subject: [PATCH] add chungus --- flake.nix | 224 +++++++++--------- nixos/machines/chungus/configuration.nix | 2 +- .../chungus/hardware-configuration.nix | 2 - 3 files changed, 117 insertions(+), 111 deletions(-) diff --git a/flake.nix b/flake.nix index dcc8567..83dfaab 100644 --- a/flake.nix +++ b/flake.nix @@ -110,32 +110,6 @@ pkgs = nixpkgs.legacyPackages.${system}; inherit (nixpkgs) lib; - nixosSystem = args: - (lib.makeOverridable lib.nixosSystem) - (lib.recursiveUpdate args { - modules = - args.modules - ++ [ - { - config.nixpkgs.pkgs = lib.mkDefault args.pkgs; - config.nixpkgs.localSystem = lib.mkDefault args.pkgs.stdenv.hostPlatform; - } - ]; - }); - - - pullNetworkPasswords = pkgs.writers.writeBashBin "pull-network-passwords" '' - # collect all network configurations and save them in the store - sudo ls /etc/NetworkManager/system-connections \ - | while read file - do - sudo cat "/etc/NetworkManager/system-connections/$file" \ - | ${pkgs.pass}/bin/pass insert -m "krops/desktop_secrets/network-manager/system-connections/$file" - done - ''; - pushNetworkPasswords = pkgs.writers.writeBashBin "push-network-passwords" '' - echo "push network passwords to $1" - ''; meta = rec { system = "x86_64-linux"; @@ -158,10 +132,10 @@ legacy_2105 = nixpkgs-legacy_2105 { inherit system; }; - polygon-art = polygon-art.packages.${pkgs.system}; - landingpage = landingpage.packages.${pkgs.system}.plain; - trilium-server = nixpkgs-unstable.legacyPackages.${pkgs.system}.trilium-server; - kmonad = kmonad.packages.${pkgs.system}.kmonad; + polygon-art = polygon-art.packages.${system}; + landingpage = landingpage.packages.${system}.plain; + trilium-server = nixpkgs-unstable.legacyPackages.${system}.trilium-server; + kmonad = kmonad.packages.${system}.kmonad; #deploy-rs = deploy-rs.packages.${system}.deploy-rs; }) (import ./nixos/pkgs) @@ -173,9 +147,56 @@ }; }; + # todo : why redefine it? + nixosSystem = args: + (lib.makeOverridable lib.nixosSystem) + (lib.recursiveUpdate args { + modules = + args.modules + ++ [ + { + config.nixpkgs.pkgs = lib.mkDefault args.pkgs; + config.nixpkgs.localSystem = lib.mkDefault args.pkgs.stdenv.hostPlatform; + } + ]; + }); + + nixosConfigurationSetup = + { name + , host ? "${name}.private" + , modules + }: + nixosSystem { + inherit (meta) system specialArgs pkgs; + modules = modules ++ defaultModules ++ [ + { + _module.args.nixinate = { + host = "${name}.private"; + sshUser = "root"; + buildOn = "remote"; # valid args are "local" or "remote" + substituteOnTarget = false; # if buildOn is "local" then it will substitute on the target, "-s" + hermetic = false; + }; + } + { + imports = [ + ./nixos/machines/${name}/configuration.nix + (sopsModule name) + ]; + } + ]; + }; + defaultModules = [ + { + # todo : find out what this is? + # make flake inputs accessiable in NixOS + _module.args.self = self; + _module.args.inputs = self.inputs; + } ({ pkgs, lib, ... }: { + # todo : check if this is still needed nix = { # no channesl needed this way nixPath = [ "nixpkgs=${pkgs.path}" ]; @@ -185,104 +206,91 @@ experimental-features = nix-command flakes ''; }; - boot.tmp.useTmpfs = lib.mkDefault true; - environment.systemPackages = [ nixpkgs-fmt.defaultPackage.${system} ]; - imports = [ - #./nixos/machines/${name}/configuration.nix - #(sopsModule name) - home-manager.nixosModules.home-manager - permown.nixosModules.permown - disko.nixosModules.disko - kmonad.nixosModules.default - { nix.settings.substituters = [ "https://cache.nixos.org/" ]; } - ]; - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; }) + { nix.settings.substituters = [ "https://cache.nixos.org/" ]; } + { + boot.tmp.useTmpfs = lib.mkDefault true; + environment.systemPackages = [ nixpkgs-fmt.defaultPackage.${system} ]; + imports = [ + permown.nixosModules.permown + disko.nixosModules.disko + kmonad.nixosModules.default + grocy-scanner.nixosModule + ]; + } ]; - sopsModule = name: { lib, ... }: { - sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml"; - imports = [ - sops-nix.nixosModules.sops + homeManagerModules = { + imports = [ home-manager.nixosModules.home-manager ]; + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.mainUser.imports = [ + doom-emacs-nix.hmModule + home-manager-utils.hmModule ]; }; + sopsModule = name: { lib, ... }: { + imports = [ sops-nix.nixosModules.sops ]; + sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml"; + }; + in { devShells.${system}.default = pkgs.mkShell { buildInputs = [ - pushNetworkPasswords - pullNetworkPasswords nixpkgs-fmt.defaultPackage.${system} - #deploy-rs.packages.${system}.deploy-rs ]; }; - #deploy.nodes.cream.profiles.system = { - # user = "root"; - # path = meta.deployPkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.cream; - #}; - - # This is highly advised, and will prevent many possible mistakes - # checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; - apps = nixinate.nixinate.x86_64-linux self; - #packages = with nixpkgs.lib; { - # "x86_64-linux" = (mapAttrs' - # (host: sys: { - # name = "vm-${host}"; - # value = sys.config.system.build.vm; - # }) - # self.nixosConfigurations) // (mapAttrs' - # (host: sys: { - # name = "sd-${host}"; - # value = sys.config.system.build.sdImage; - # }) - # (filterAttrs - # (n: hasAttrByPath [ "config" "system" "build" "sdImage" ]) - # self.nixosConfigurations)); - #}; + packages = with nixpkgs.lib; { + ${system} = + let + vms = mapAttrs' + (host: sys: { + name = "vm-${host}"; + value = sys.config.system.build.vm; + }) + self.nixosConfigurations; + sds = mapAttrs' + (host: sys: { + name = "sd-${host}"; + value = sys.config.system.build.sdImage; + }) + (filterAttrs + (n: hasAttrByPath [ "config" "system" "build" "sdImage" ]) + self.nixosConfigurations); - nixosConfigurations = { - cream = nixosSystem { - inherit (meta) system specialArgs; - pkgs = meta.pkgs; - modules = defaultModules ++ [ - { - _module.args.nixinate = { - host = "cream.private"; - sshUser = "root"; - buildOn = "remote"; # valid args are "local" or "remote" - substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s" - hermetic = false; - }; - } - { - # make flake inputs accessiable in NixOS - _module.args.self = self; - _module.args.inputs = self.inputs; - } - { - imports = [ - ./nixos/machines/cream/configuration.nix - (sopsModule "cream") - grocy-scanner.nixosModule - nixos-hardware.nixosModules.framework-12th-gen-intel - private_assets.nixosModules.jobrad - retiolum.nixosModules.retiolum - ]; - home-manager.users.mainUser.imports = [ - doom-emacs-nix.hmModule - home-manager-utils.hmModule - ]; - } - ]; - }; + in + vms // sds; }; + nixosConfigurations = + { + cream = nixosConfigurationSetup { + name = "cream"; + modules = [ + nixos-hardware.nixosModules.framework-12th-gen-intel + retiolum.nixosModules.retiolum + private_assets.nixosModules.jobrad + homeManagerModules + ]; + }; + chungus = nixosConfigurationSetup { + name = "chungus"; + modules = [ + #retiolum.nixosModules.retiolum + #private_assets.nixosModules.jobrad + #homeManagerModules + ]; + }; + + + }; + }; diff --git a/nixos/machines/chungus/configuration.nix b/nixos/machines/chungus/configuration.nix index 0c25116..d1d337c 100644 --- a/nixos/machines/chungus/configuration.nix +++ b/nixos/machines/chungus/configuration.nix @@ -55,7 +55,7 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - boot.tmpOnTmpfs = true; # make /tmp a tmpfs (performance!) + boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!) boot.supportedFilesystems = [ "zfs" ]; # head -c4 /dev/urandom | od -A none -t x4 diff --git a/nixos/machines/chungus/hardware-configuration.nix b/nixos/machines/chungus/hardware-configuration.nix index f80864a..9e5d555 100644 --- a/nixos/machines/chungus/hardware-configuration.nix +++ b/nixos/machines/chungus/hardware-configuration.nix @@ -26,6 +26,4 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = "powersave"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - # high-resolution display - hardware.video.hidpi.enable = lib.mkDefault true; }