palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add chungus

Browse source
This commit is contained in:
Ingolf Wagner 2023-06-30 11:02:05 +02:00
parent 63603e872a
commit f47eb1017d
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
3 changed files with 117 additions and 111 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

224
flake.nix
View file

@ -110,32 +110,6 @@
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
nixosSystem = args:
(lib.makeOverridable lib.nixosSystem)
(lib.recursiveUpdate args {
modules =
args.modules
++ [
{
config.nixpkgs.pkgs = lib.mkDefault args.pkgs;
config.nixpkgs.localSystem = lib.mkDefault args.pkgs.stdenv.hostPlatform;
}
];
});
pullNetworkPasswords = pkgs.writers.writeBashBin "pull-network-passwords" ''
# collect all network configurations and save them in the store
sudo ls /etc/NetworkManager/system-connections \
| while read file
do
sudo cat "/etc/NetworkManager/system-connections/$file" \
| ${pkgs.pass}/bin/pass insert -m "krops/desktop_secrets/network-manager/system-connections/$file"
done
'';
pushNetworkPasswords = pkgs.writers.writeBashBin "push-network-passwords" ''
echo "push network passwords to $1"
'';
meta = rec { meta = rec {
system = "x86_64-linux"; system = "x86_64-linux";
@ -158,10 +132,10 @@
legacy_2105 = nixpkgs-legacy_2105 { legacy_2105 = nixpkgs-legacy_2105 {
inherit system; inherit system;
}; };
polygon-art = polygon-art.packages.${pkgs.system}; polygon-art = polygon-art.packages.${system};
landingpage = landingpage.packages.${pkgs.system}.plain; landingpage = landingpage.packages.${system}.plain;
trilium-server = nixpkgs-unstable.legacyPackages.${pkgs.system}.trilium-server; trilium-server = nixpkgs-unstable.legacyPackages.${system}.trilium-server;
kmonad = kmonad.packages.${pkgs.system}.kmonad; kmonad = kmonad.packages.${system}.kmonad;
#deploy-rs = deploy-rs.packages.${system}.deploy-rs; #deploy-rs = deploy-rs.packages.${system}.deploy-rs;
}) })
(import ./nixos/pkgs) (import ./nixos/pkgs)
@ -173,9 +147,56 @@
}; };
}; };
# todo : why redefine it?
nixosSystem = args:
(lib.makeOverridable lib.nixosSystem)
(lib.recursiveUpdate args {
modules =
args.modules
++ [
{
config.nixpkgs.pkgs = lib.mkDefault args.pkgs;
config.nixpkgs.localSystem = lib.mkDefault args.pkgs.stdenv.hostPlatform;
}
];
});
nixosConfigurationSetup =
{ name
, host ? "${name}.private"
, modules
}:
nixosSystem {
inherit (meta) system specialArgs pkgs;
modules = modules ++ defaultModules ++ [
{
_module.args.nixinate = {
host = "${name}.private";
sshUser = "root";
buildOn = "remote"; # valid args are "local" or "remote"
substituteOnTarget = false; # if buildOn is "local" then it will substitute on the target, "-s"
hermetic = false;
};
}
{
imports = [
./nixos/machines/${name}/configuration.nix
(sopsModule name)
];
}
];
};
defaultModules = [ defaultModules = [
{
# todo : find out what this is?
# make flake inputs accessiable in NixOS
_module.args.self = self;
_module.args.inputs = self.inputs;
}
({ pkgs, lib, ... }: ({ pkgs, lib, ... }:
{ {
# todo : check if this is still needed
nix = { nix = {
# no channesl needed this way # no channesl needed this way
nixPath = [ "nixpkgs=${pkgs.path}" ]; nixPath = [ "nixpkgs=${pkgs.path}" ];
@ -185,104 +206,91 @@
experimental-features = nix-command flakes experimental-features = nix-command flakes
''; '';
}; };
boot.tmp.useTmpfs = lib.mkDefault true;
environment.systemPackages = [ nixpkgs-fmt.defaultPackage.${system} ];
imports = [
#./nixos/machines/${name}/configuration.nix
#(sopsModule name)
home-manager.nixosModules.home-manager
permown.nixosModules.permown
disko.nixosModules.disko
kmonad.nixosModules.default
{ nix.settings.substituters = [ "https://cache.nixos.org/" ]; }
];
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
}) })
{ nix.settings.substituters = [ "https://cache.nixos.org/" ]; }
{
boot.tmp.useTmpfs = lib.mkDefault true;
environment.systemPackages = [ nixpkgs-fmt.defaultPackage.${system} ];
imports = [
permown.nixosModules.permown
disko.nixosModules.disko
kmonad.nixosModules.default
grocy-scanner.nixosModule
];
}
]; ];
sopsModule = name: { lib, ... }: { homeManagerModules = {
sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml"; imports = [ home-manager.nixosModules.home-manager ];
imports = [ home-manager.useGlobalPkgs = true;
sops-nix.nixosModules.sops home-manager.useUserPackages = true;
home-manager.users.mainUser.imports = [
doom-emacs-nix.hmModule
home-manager-utils.hmModule
]; ];
}; };
sopsModule = name: { lib, ... }: {
imports = [ sops-nix.nixosModules.sops ];
sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml";
};
in in
{ {
devShells.${system}.default = devShells.${system}.default =
pkgs.mkShell { pkgs.mkShell {
buildInputs = [ buildInputs = [
pushNetworkPasswords
pullNetworkPasswords
nixpkgs-fmt.defaultPackage.${system} nixpkgs-fmt.defaultPackage.${system}
#deploy-rs.packages.${system}.deploy-rs
]; ];
}; };
#deploy.nodes.cream.profiles.system = {
# user = "root";
# path = meta.deployPkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.cream;
#};
# This is highly advised, and will prevent many possible mistakes
# checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
apps = nixinate.nixinate.x86_64-linux self; apps = nixinate.nixinate.x86_64-linux self;
#packages = with nixpkgs.lib; { packages = with nixpkgs.lib; {
# "x86_64-linux" = (mapAttrs' ${system} =
# (host: sys: { let
# name = "vm-${host}"; vms = mapAttrs'
# value = sys.config.system.build.vm; (host: sys: {
# }) name = "vm-${host}";
# self.nixosConfigurations) // (mapAttrs' value = sys.config.system.build.vm;
# (host: sys: { })
# name = "sd-${host}"; self.nixosConfigurations;
# value = sys.config.system.build.sdImage; sds = mapAttrs'
# }) (host: sys: {
# (filterAttrs name = "sd-${host}";
# (n: hasAttrByPath [ "config" "system" "build" "sdImage" ]) value = sys.config.system.build.sdImage;
# self.nixosConfigurations)); })
#}; (filterAttrs
(n: hasAttrByPath [ "config" "system" "build" "sdImage" ])
self.nixosConfigurations);
nixosConfigurations = { in
cream = nixosSystem { vms // sds;
inherit (meta) system specialArgs;
pkgs = meta.pkgs;
modules = defaultModules ++ [
{
_module.args.nixinate = {
host = "cream.private";
sshUser = "root";
buildOn = "remote"; # valid args are "local" or "remote"
substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s"
hermetic = false;
};
}
{
# make flake inputs accessiable in NixOS
_module.args.self = self;
_module.args.inputs = self.inputs;
}
{
imports = [
./nixos/machines/cream/configuration.nix
(sopsModule "cream")
grocy-scanner.nixosModule
nixos-hardware.nixosModules.framework-12th-gen-intel
private_assets.nixosModules.jobrad
retiolum.nixosModules.retiolum
];
home-manager.users.mainUser.imports = [
doom-emacs-nix.hmModule
home-manager-utils.hmModule
];
}
];
};
}; };
nixosConfigurations =
{
cream = nixosConfigurationSetup {
name = "cream";
modules = [
nixos-hardware.nixosModules.framework-12th-gen-intel
retiolum.nixosModules.retiolum
private_assets.nixosModules.jobrad
homeManagerModules
];
};
chungus = nixosConfigurationSetup {
name = "chungus";
modules = [
#retiolum.nixosModules.retiolum
#private_assets.nixosModules.jobrad
#homeManagerModules
];
};
};
}; };

2
nixos/machines/chungus/configuration.nix
View file

@ -55,7 +55,7 @@
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.tmpOnTmpfs = true; # make /tmp a tmpfs (performance!) boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];
# head -c4 /dev/urandom | od -A none -t x4 # head -c4 /dev/urandom | od -A none -t x4

2
nixos/machines/chungus/hardware-configuration.nix
View file

@ -26,6 +26,4 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = "powersave"; powerManagement.cpuFreqGovernor = "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# high-resolution display
hardware.video.hidpi.enable = lib.mkDefault true;
} }