add chungus

2023-06-30 11:02:05 +02:00 · 2023-06-30 11:02:05 +02:00 · f47eb1017d
commit f47eb1017d
parent 63603e872a
3 changed files with 117 additions and 111 deletions
--- a/flake.nix
+++ b/flake.nix
@ -110,32 +110,6 @@
      pkgs = nixpkgs.legacyPackages.${system};
      inherit (nixpkgs) lib;
      nixosSystem = args:
        (lib.makeOverridable lib.nixosSystem)
          (lib.recursiveUpdate args {
            modules =
              args.modules
              ++ [
                {
                  config.nixpkgs.pkgs = lib.mkDefault args.pkgs;
                  config.nixpkgs.localSystem = lib.mkDefault args.pkgs.stdenv.hostPlatform;
                }
              ];
          });
      pullNetworkPasswords = pkgs.writers.writeBashBin "pull-network-passwords" ''
        # collect all network configurations and save them in the store
        sudo ls /etc/NetworkManager/system-connections \
            | while read file
            do
            sudo cat "/etc/NetworkManager/system-connections/$file" \
                | ${pkgs.pass}/bin/pass insert -m "krops/desktop_secrets/network-manager/system-connections/$file"
            done
      '';
      pushNetworkPasswords = pkgs.writers.writeBashBin "push-network-passwords" ''
        echo "push network passwords to $1"
      '';
      meta = rec {
        system = "x86_64-linux";
@ -158,10 +132,10 @@
              legacy_2105 = nixpkgs-legacy_2105 {
                inherit system;
              };
-              polygon-art = polygon-art.packages.${pkgs.system};
+              polygon-art = polygon-art.packages.${system};
-              landingpage = landingpage.packages.${pkgs.system}.plain;
+              landingpage = landingpage.packages.${system}.plain;
-              trilium-server = nixpkgs-unstable.legacyPackages.${pkgs.system}.trilium-server;
+              trilium-server = nixpkgs-unstable.legacyPackages.${system}.trilium-server;
-              kmonad = kmonad.packages.${pkgs.system}.kmonad;
+              kmonad = kmonad.packages.${system}.kmonad;
              #deploy-rs = deploy-rs.packages.${system}.deploy-rs;
            })
            (import ./nixos/pkgs)
@ -173,9 +147,56 @@
        };
      };
      # todo : why redefine it?
      nixosSystem = args:
        (lib.makeOverridable lib.nixosSystem)
          (lib.recursiveUpdate args {
            modules =
              args.modules
              ++ [
                {
                  config.nixpkgs.pkgs = lib.mkDefault args.pkgs;
                  config.nixpkgs.localSystem = lib.mkDefault args.pkgs.stdenv.hostPlatform;
                }
              ];
          });
      nixosConfigurationSetup =
        { name
        , host ? "${name}.private"
        , modules
        }:
        nixosSystem {
          inherit (meta) system specialArgs pkgs;
          modules = modules ++ defaultModules ++ [
            {
              _module.args.nixinate = {
                host = "${name}.private";
                sshUser = "root";
                buildOn = "remote"; # valid args are "local" or "remote"
                substituteOnTarget = false; # if buildOn is "local" then it will substitute on the target, "-s"
                hermetic = false;
              };
            }
            {
              imports = [
                ./nixos/machines/${name}/configuration.nix
                (sopsModule name)
              ];
            }
          ];
        };
      defaultModules = [
        {
          # todo : find out what this is?
          # make flake inputs accessiable in NixOS
          _module.args.self = self;
          _module.args.inputs = self.inputs;
        }
        ({ pkgs, lib, ... }:
          {
            # todo : check if this is still needed
            nix = {
              # no channesl needed this way
              nixPath = [ "nixpkgs=${pkgs.path}" ];
@ -185,102 +206,89 @@
                experimental-features = nix-command flakes
              '';
            };
          })
        { nix.settings.substituters = [ "https://cache.nixos.org/" ]; }
        {
          boot.tmp.useTmpfs = lib.mkDefault true;
          environment.systemPackages = [ nixpkgs-fmt.defaultPackage.${system} ];
          imports = [
              #./nixos/machines/${name}/configuration.nix
              #(sopsModule name)
              home-manager.nixosModules.home-manager
            permown.nixosModules.permown
            disko.nixosModules.disko
            kmonad.nixosModules.default
-              { nix.settings.substituters = [ "https://cache.nixos.org/" ]; }
+            grocy-scanner.nixosModule
          ];
-            home-manager.useGlobalPkgs = true;
+        }
            home-manager.useUserPackages = true;
          })
      ];
-      sopsModule = name: { lib, ... }: {
+      homeManagerModules = {
-        sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml";
+        imports = [ home-manager.nixosModules.home-manager ];
-        imports = [
+        home-manager.useGlobalPkgs = true;
-          sops-nix.nixosModules.sops
+        home-manager.useUserPackages = true;
        home-manager.users.mainUser.imports = [
          doom-emacs-nix.hmModule
          home-manager-utils.hmModule
        ];
      };
      sopsModule = name: { lib, ... }: {
        imports = [ sops-nix.nixosModules.sops ];
        sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml";
      };
    in
    {
      devShells.${system}.default =
        pkgs.mkShell {
          buildInputs = [
            pushNetworkPasswords
            pullNetworkPasswords
            nixpkgs-fmt.defaultPackage.${system}
            #deploy-rs.packages.${system}.deploy-rs
          ];
        };
      #deploy.nodes.cream.profiles.system = {
      #  user = "root";
      #  path = meta.deployPkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.cream;
      #};
      # This is highly advised, and will prevent many possible mistakes
      # checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
      apps = nixinate.nixinate.x86_64-linux self;
-      #packages = with nixpkgs.lib; {
+      packages = with nixpkgs.lib; {
-      #  "x86_64-linux" = (mapAttrs'
+        ${system} =
-      #    (host: sys: {
+          let
-      #      name = "vm-${host}";
+            vms = mapAttrs'
-      #      value = sys.config.system.build.vm;
+              (host: sys: {
-      #    })
+                name = "vm-${host}";
-      #    self.nixosConfigurations) // (mapAttrs'
+                value = sys.config.system.build.vm;
-      #    (host: sys: {
+              })
-      #      name = "sd-${host}";
+              self.nixosConfigurations;
-      #      value = sys.config.system.build.sdImage;
+            sds = mapAttrs'
-      #    })
+              (host: sys: {
-      #    (filterAttrs
+                name = "sd-${host}";
-      #      (n: hasAttrByPath [ "config" "system" "build" "sdImage" ])
+                value = sys.config.system.build.sdImage;
-      #      self.nixosConfigurations));
+              })
-      #};
+              (filterAttrs
                (n: hasAttrByPath [ "config" "system" "build" "sdImage" ])
                self.nixosConfigurations);
-      nixosConfigurations = {
+          in
-        cream = nixosSystem {
+          vms // sds;
          inherit (meta) system specialArgs;
          pkgs = meta.pkgs;
          modules = defaultModules ++ [
            {
              _module.args.nixinate = {
                host = "cream.private";
                sshUser = "root";
                buildOn = "remote"; # valid args are "local" or "remote"
                substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s"
                hermetic = false;
      };
-            }
+
      nixosConfigurations =
        {
-              # make flake inputs accessiable in NixOS
+          cream = nixosConfigurationSetup {
-              _module.args.self = self;
+            name = "cream";
-              _module.args.inputs = self.inputs;
+            modules = [
            }
            {
              imports = [
                ./nixos/machines/cream/configuration.nix
                (sopsModule "cream")
                grocy-scanner.nixosModule
              nixos-hardware.nixosModules.framework-12th-gen-intel
                private_assets.nixosModules.jobrad
              retiolum.nixosModules.retiolum
-              ];
+              private_assets.nixosModules.jobrad
-              home-manager.users.mainUser.imports = [
+              homeManagerModules
                doom-emacs-nix.hmModule
                home-manager-utils.hmModule
              ];
            }
            ];
          };
          chungus = nixosConfigurationSetup {
            name = "chungus";
            modules = [
              #retiolum.nixosModules.retiolum
              #private_assets.nixosModules.jobrad
              #homeManagerModules
            ];
          };
        };
--- a/nixos/machines/chungus/configuration.nix
+++ b/nixos/machines/chungus/configuration.nix
@ -55,7 +55,7 @@
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
-  boot.tmpOnTmpfs = true; # make /tmp a tmpfs (performance!)
+  boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)
  boot.supportedFilesystems = [ "zfs" ];
  # head -c4 /dev/urandom | od -A none -t x4
--- a/nixos/machines/chungus/hardware-configuration.nix
+++ b/nixos/machines/chungus/hardware-configuration.nix
@ -26,6 +26,4 @@
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  powerManagement.cpuFreqGovernor = "powersave";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  # high-resolution display
  hardware.video.hidpi.enable = lib.mkDefault true;
 }