reidlab/nix-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

abstract away architectures

Browse source
This commit is contained in:
Reid 2025-12-31 22:36:01 -08:00
parent 8ebf7b68df
commit 9414398f68
Signed by: reidlab
GPG key ID: DAF5EAF6665839FD
8 changed files with 80 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

9
README.md
View file

@ -12,10 +12,17 @@ run `rg /etc/secrets/` to see where you need to add secret files when deploying
unfortunately, as a consequence of this secret method, you need to do impure builds unfortunately, as a consequence of this secret method, you need to do impure builds
## hosts
each host should have these files:
- `default.nix`, contains everything relating to the basic system
- `hardware.nix`, hardware-specific configuration
- `meta.nix`, extra things passed thru to `mkHost`
## todo ## todo
- find a better way to do cloudflare ips - find a better way to do cloudflare ips
- per-host architecture selection, atm it is hardcoded to `aarch64`
- swap back to hardened kernel - swap back to hardened kernel
- wtaf is going on w/ our user management?? - wtaf is going on w/ our user management??
- Jellyfin... yea,,, - Jellyfin... yea,,,

18
flake.lock generated
View file

@ -21,7 +21,7 @@
}, },
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1681202837, "lastModified": 1681202837,
@ -124,6 +124,7 @@
"hardware": "hardware", "hardware": "hardware",
"home-manager": "home-manager", "home-manager": "home-manager",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"systems": "systems_2",
"vscode-server": "vscode-server" "vscode-server": "vscode-server"
} }
}, },
@ -143,6 +144,21 @@
} }
}, },
"systems_2": { "systems_2": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_3": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",

45
flake.nix
View file

@ -3,6 +3,7 @@
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
systems.url = "github:nix-systems/default-linux";
home-manager.url = "github:nix-community/home-manager"; home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
@ -14,41 +15,49 @@
vscode-server.url = "github:nix-community/nixos-vscode-server"; vscode-server.url = "github:nix-community/nixos-vscode-server";
}; };
outputs = inputs @ { self, nixpkgs, ... }: outputs = inputs @ { self, nixpkgs, systems, ... }:
let let
inherit (lib.my) mapModules mapModulesRec mapHosts; inherit (lib.my) mapModules mapModulesRec mapHosts;
system = "aarch64-linux"; eachSystem = nixpkgs.lib.genAttrs (import systems);
mkPkgs = pkgs: extraOverlays: lib = nixpkgs.lib.extend (final: prev: {
my = import ./lib {
inherit inputs;
lib = final;
pkgs = null;
};
});
mkPkgs = system: pkgs: extraOverlays:
import pkgs { import pkgs {
inherit system; inherit system;
config.allowUnfree = true; config.allowUnfree = true;
config.allowAliases = true; config.allowAliases = true;
overlays = extraOverlays ++ (lib.attrValues self.overlays); overlays = extraOverlays ++ (lib.attrValues self.overlays);
}; };
pkgs = mkPkgs nixpkgs [ self.overlays.default ];
lib = nixpkgs.lib.extend (final: prev: { pkgsFor = eachSystem (system:
my = import ./lib { mkPkgs system nixpkgs [
inherit pkgs inputs; self.overlays.default
lib = final; ]
}; );
});
in { in {
lib = lib.my; lib = lib.my;
overlays = overlays = (mapModules ./overlays import) // {
(mapModules ./overlays import) default = final: prev: {
// { my = self.packages.${final.stdenv.hostPlatform.system};
default = final: prev: {
my = self.packages.${system};
};
}; };
};
packages."${system}" = mapModules ./packages (p: pkgs.callPackage p {}); packages = eachSystem (system: let
pkgs = pkgsFor.${system};
in
mapModules ./packages (p: pkgs.callPackage p {})
);
nixosModules = mapModulesRec ./modules import; nixosModules = mapModulesRec ./modules import;
nixosConfigurations = mapHosts ./hosts {}; nixosConfigurations = mapHosts ./hosts { inherit pkgsFor; };
}; };
} }

4
hosts/nixos-server-reid/hardware.nix
View file

@ -25,7 +25,7 @@
# needed for initial framebuffer logs to appear on raspberry pi # needed for initial framebuffer logs to appear on raspberry pi
# i think. this fixes it but idk if they are all required # i think. this fixes it but idk if they are all required
boot.kernelParams = [ boot.kernelParams = [
"8250.nr_uarts=1" "8250.nr_uarts=1"
"cma=128M" "cma=128M"
"console=tty0" "console=tty0"
@ -44,6 +44,4 @@
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true; # networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true; # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
} }

3
hosts/nixos-server-reid/meta.nix Normal file
View file

@ -0,0 +1,3 @@
{
system = "aarch64-linux";
}

2
lib/attrs.nix
View file

@ -4,7 +4,7 @@
in rec { in rec {
# attrsToList # attrsToList
attrsToList = attrs: attrsToList = attrs:
mapAttrsToList (name: value: {inherit name value;}) attrs; mapAttrsToList (name: value: { inherit name value; }) attrs;
# mapFilterAttrs :: # mapFilterAttrs ::
# (name -> value -> bool) # (name -> value -> bool)

25
lib/nixos.nix
View file

@ -1,35 +1,42 @@
{ {
inputs, inputs,
lib, lib,
pkgs,
self, self,
... ...
}: let }: let
inherit (inputs.nixpkgs.lib) nixosSystem; inherit (inputs.nixpkgs.lib) nixosSystem;
inherit (builtins) baseNameOf elem;
inherit (lib.attrsets) filterAttrs;
inherit (lib.modules) mkDefault; inherit (lib.modules) mkDefault;
inherit (lib.strings) removeSuffix; inherit (lib.strings) removeSuffix;
inherit (self.modules) mapModules; inherit (self.modules) mapModules;
in rec { in rec {
mkHost = path: attrs @ {system ? "aarch64-linux", ...}: mkHost = path: {
system,
pkgsFor,
...
}:
nixosSystem { nixosSystem {
inherit system; inherit system;
specialArgs = {inherit lib inputs system;}; specialArgs = { inherit lib inputs system; };
modules = [ modules = [
{ {
nixpkgs.pkgs = pkgs; nixpkgs.pkgs = pkgsFor.${system};
nixpkgs.hostPlatform = lib.mkDefault system;
networking.hostName = networking.hostName =
mkDefault (removeSuffix ".nix" (baseNameOf path)); mkDefault (removeSuffix ".nix" (baseNameOf path));
} }
(filterAttrs (n: v: !elem n ["system"]) attrs)
../. # /default.nix ../. # /default.nix
(import path) (import path)
]; ];
}; };
mapHosts = dir: attrs @ {system ? system, ...}: mapHosts = dir: attrs:
mapModules dir (hostPath: mkHost hostPath attrs); mapModules dir (hostPath:
let
metaPath = "${hostPath}/meta.nix";
meta = import metaPath;
in
mkHost hostPath (attrs // meta)
);
} }

7
lib/options.nix Normal file
View file

@ -0,0 +1,7 @@
{lib, ...}: let
inherit (lib.options) mkOption;
in {
mkOpt = type: default: mkOption { inherit type default; };
mkOpt' = type: default: description: mkOption { inherit type default description; };
}