Compare commits
2 commits
9305b3be8f
...
1a6b8afdce
| Author | SHA1 | Date | |
|---|---|---|---|
1a6b8afdce
|
|||
|
8ebf7b68df
|
9 changed files with 83 additions and 33 deletions
|
|
@ -12,10 +12,17 @@ run `rg /etc/secrets/` to see where you need to add secret files when deploying
|
|||
|
||||
unfortunately, as a consequence of this secret method, you need to do impure builds
|
||||
|
||||
## hosts
|
||||
|
||||
each host should have these files:
|
||||
|
||||
- `default.nix`, contains everything relating to the basic system
|
||||
- `hardware.nix`, hardware-specific configuration
|
||||
- `meta.nix`, extra things passed thru to `mkHost`
|
||||
|
||||
## todo
|
||||
|
||||
- find a better way to do cloudflare ips
|
||||
- per-host architecture selection, atm it is hardcoded to `aarch64`
|
||||
- swap back to hardened kernel
|
||||
- wtaf is going on w/ our user management??
|
||||
- Jellyfin... yea,,,
|
||||
|
|
|
|||
18
flake.lock
generated
18
flake.lock
generated
|
|
@ -21,7 +21,7 @@
|
|||
},
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
"systems": "systems_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1681202837,
|
||||
|
|
@ -124,6 +124,7 @@
|
|||
"hardware": "hardware",
|
||||
"home-manager": "home-manager",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"systems": "systems_2",
|
||||
"vscode-server": "vscode-server"
|
||||
}
|
||||
},
|
||||
|
|
@ -143,6 +144,21 @@
|
|||
}
|
||||
},
|
||||
"systems_2": {
|
||||
"locked": {
|
||||
"lastModified": 1689347949,
|
||||
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default-linux",
|
||||
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default-linux",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_3": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
|
|
|
|||
46
flake.nix
46
flake.nix
|
|
@ -3,6 +3,7 @@
|
|||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
systems.url = "github:nix-systems/default-linux";
|
||||
|
||||
home-manager.url = "github:nix-community/home-manager";
|
||||
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
|
@ -14,41 +15,50 @@
|
|||
vscode-server.url = "github:nix-community/nixos-vscode-server";
|
||||
};
|
||||
|
||||
outputs = inputs @ { self, nixpkgs, ... }:
|
||||
outputs = inputs @ { self, nixpkgs, systems, ... }:
|
||||
let
|
||||
inherit (lib.my) mapModules mapModulesRec mapHosts;
|
||||
system = "aarch64-linux";
|
||||
eachSystem = nixpkgs.lib.genAttrs (import systems);
|
||||
|
||||
mkPkgs = pkgs: extraOverlays:
|
||||
lib = nixpkgs.lib.extend (final: prev: {
|
||||
my = import ./lib {
|
||||
inherit inputs;
|
||||
lib = final;
|
||||
pkgs = null;
|
||||
};
|
||||
});
|
||||
|
||||
mkPkgs = system: pkgs: extraOverlays:
|
||||
import pkgs {
|
||||
inherit system;
|
||||
config.allowUnfree = true;
|
||||
config.allowAliases = true;
|
||||
overlays = extraOverlays ++ (lib.attrValues self.overlays);
|
||||
};
|
||||
pkgs = mkPkgs nixpkgs [ self.overlays.default ];
|
||||
|
||||
lib = nixpkgs.lib.extend (final: prev: {
|
||||
my = import ./lib {
|
||||
inherit pkgs inputs;
|
||||
lib = final;
|
||||
};
|
||||
});
|
||||
pkgsFor = eachSystem (system:
|
||||
mkPkgs system nixpkgs [
|
||||
self.overlays.default
|
||||
inputs.niri.overlays.niri
|
||||
]
|
||||
);
|
||||
in {
|
||||
lib = lib.my;
|
||||
|
||||
overlays =
|
||||
(mapModules ./overlays import)
|
||||
// {
|
||||
default = final: prev: {
|
||||
my = self.packages.${system};
|
||||
};
|
||||
overlays = (mapModules ./overlays import) // {
|
||||
default = final: prev: {
|
||||
my = self.packages.${final.stdenv.hostPlatform.system};
|
||||
};
|
||||
};
|
||||
|
||||
packages."${system}" = mapModules ./packages (p: pkgs.callPackage p {});
|
||||
packages = eachSystem (system: let
|
||||
pkgs = pkgsFor.${system};
|
||||
in
|
||||
mapModules ./packages (p: pkgs.callPackage p {})
|
||||
);
|
||||
|
||||
nixosModules = mapModulesRec ./modules import;
|
||||
|
||||
nixosConfigurations = mapHosts ./hosts {};
|
||||
nixosConfigurations = mapHosts ./hosts { inherit pkgsFor; };
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -44,6 +44,4 @@
|
|||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
|
||||
}
|
||||
|
|
|
|||
3
hosts/nixos-server-reid/meta.nix
Normal file
3
hosts/nixos-server-reid/meta.nix
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
{
|
||||
system = "aarch64-linux";
|
||||
}
|
||||
|
|
@ -4,7 +4,7 @@
|
|||
in rec {
|
||||
# attrsToList
|
||||
attrsToList = attrs:
|
||||
mapAttrsToList (name: value: {inherit name value;}) attrs;
|
||||
mapAttrsToList (name: value: { inherit name value; }) attrs;
|
||||
|
||||
# mapFilterAttrs ::
|
||||
# (name -> value -> bool)
|
||||
|
|
|
|||
|
|
@ -1,35 +1,42 @@
|
|||
{
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
self,
|
||||
...
|
||||
}: let
|
||||
inherit (inputs.nixpkgs.lib) nixosSystem;
|
||||
inherit (builtins) baseNameOf elem;
|
||||
inherit (lib.attrsets) filterAttrs;
|
||||
inherit (lib.modules) mkDefault;
|
||||
inherit (lib.strings) removeSuffix;
|
||||
inherit (self.modules) mapModules;
|
||||
in rec {
|
||||
mkHost = path: attrs @ {system ? "aarch64-linux", ...}:
|
||||
mkHost = path: {
|
||||
system,
|
||||
pkgsFor,
|
||||
...
|
||||
}:
|
||||
nixosSystem {
|
||||
inherit system;
|
||||
|
||||
specialArgs = {inherit lib inputs system;};
|
||||
specialArgs = { inherit lib inputs system; };
|
||||
|
||||
modules = [
|
||||
{
|
||||
nixpkgs.pkgs = pkgs;
|
||||
nixpkgs.pkgs = pkgsFor.${system};
|
||||
nixpkgs.hostPlatform = lib.mkDefault system;
|
||||
networking.hostName =
|
||||
mkDefault (removeSuffix ".nix" (baseNameOf path));
|
||||
}
|
||||
(filterAttrs (n: v: !elem n ["system"]) attrs)
|
||||
../. # /default.nix
|
||||
(import path)
|
||||
];
|
||||
};
|
||||
|
||||
mapHosts = dir: attrs @ {system ? system, ...}:
|
||||
mapModules dir (hostPath: mkHost hostPath attrs);
|
||||
mapHosts = dir: attrs:
|
||||
mapModules dir (hostPath:
|
||||
let
|
||||
metaPath = "${hostPath}/meta.nix";
|
||||
meta = import metaPath;
|
||||
in
|
||||
mkHost hostPath (attrs // meta)
|
||||
);
|
||||
}
|
||||
|
|
|
|||
7
lib/options.nix
Normal file
7
lib/options.nix
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
{lib, ...}: let
|
||||
inherit (lib.options) mkOption;
|
||||
in {
|
||||
mkOpt = type: default: mkOption { inherit type default; };
|
||||
|
||||
mkOpt' = type: default: description: mkOption { inherit type default description; };
|
||||
}
|
||||
|
|
@ -59,6 +59,8 @@ in {
|
|||
|
||||
# while this is on by default, i am going to explicitly specify this
|
||||
networking.firewall.enable = true;
|
||||
|
||||
services.fwupd.enable = true;
|
||||
} // (mkIf cfg.useDoas {
|
||||
security.sudo.enable = false;
|
||||
security.doas.enable = true;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue