forked from pub-solar/os
Merge branch 'refac-profs' into template
This commit is contained in:
commit
ec8a357ff9
20
DOC.md
20
DOC.md
|
@ -8,8 +8,8 @@ See [`hosts/default.nix`](hosts/default.nix) for the implementation.
|
|||
|
||||
## Profiles
|
||||
A profile is any directory under [profiles](profiles) containing a `default.nix`
|
||||
defining a valid NixOS module, with the added restriction that no new
|
||||
declarations to the `options` _or_ `config` attributes are allowed
|
||||
defining a function that returns a valid NixOS module, with the added restriction
|
||||
that no new declarations to the `options` _or_ `config` attributes are allowed
|
||||
(use [modules](modules) instead). Their purpose is to provide abstract
|
||||
expressions suitable for reuse by multiple deployments. They are perhaps _the_
|
||||
key mechanism by which we keep this repo maintainable.
|
||||
|
@ -30,9 +30,19 @@ profile should be independent of its parent. i.e:
|
|||
It is okay for profiles to depend on other profiles so long as they are
|
||||
explicitly loaded via `imports`.
|
||||
|
||||
Optionally, you may choose to export your profiles via the flake output. If
|
||||
you include it in the list defined in [profiles/list.nix](profiles/list.nix),
|
||||
it will be available to other flakes via `nixosModules.profiles`.
|
||||
## Suites
|
||||
|
||||
[Suites](./profiles/suites.nix) are simple collections of profiles that can be
|
||||
directly imported from any host like so:
|
||||
```
|
||||
{ suites, ... }:
|
||||
{
|
||||
imports = suites.mySuite;
|
||||
}
|
||||
```
|
||||
|
||||
You can declare any combination of users and profiles that you wish, providing
|
||||
a nice abstraction, free from the idiosyncratic concerns of specific hardware.
|
||||
|
||||
## Users
|
||||
User declarations belong in the `users` directory.
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ suites, ... }:
|
||||
{
|
||||
### root password is empty by default ###
|
||||
imports = [ ../users/nixos ../users/root ];
|
||||
imports = suites.graphics;
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
|
|
@ -1,10 +1,6 @@
|
|||
{ suites, ... }:
|
||||
{
|
||||
imports =
|
||||
let
|
||||
profiles = builtins.filter (n: n != ../profiles/core)
|
||||
(import ../profiles/list.nix);
|
||||
in
|
||||
profiles ++ [ ../users/nixos ../users/root ];
|
||||
imports = with suites; allProfiles ++ allUsers;
|
||||
|
||||
security.mitigations.acceptRisk = true;
|
||||
|
||||
|
|
|
@ -9,9 +9,12 @@
|
|||
, ...
|
||||
}:
|
||||
let
|
||||
inherit (lib.flk) recImport nixosSystemExtended;
|
||||
inherit (lib.flk) recImport nixosSystemExtended defaultImports;
|
||||
inherit (builtins) attrValues removeAttrs;
|
||||
|
||||
profiles = defaultImports (toString ../profiles);
|
||||
suites = import ../profiles/suites.nix { inherit lib profiles; };
|
||||
|
||||
unstableModules = [ ];
|
||||
addToDisabledModules = [ ];
|
||||
|
||||
|
@ -21,13 +24,14 @@ let
|
|||
|
||||
specialArgs =
|
||||
{
|
||||
inherit suites;
|
||||
unstableModulesPath = "${master}/nixos/modules";
|
||||
hardware = nixos-hardware.nixosModules;
|
||||
};
|
||||
|
||||
modules =
|
||||
let
|
||||
core = self.nixosModules.profiles.core;
|
||||
core = profiles.core.default;
|
||||
|
||||
modOverrides = { config, unstableModulesPath, ... }: {
|
||||
disabledModules = unstableModules ++ addToDisabledModules;
|
||||
|
@ -63,7 +67,7 @@ let
|
|||
|
||||
# Everything in `./modules/list.nix`.
|
||||
flakeModules =
|
||||
attrValues (removeAttrs self.nixosModules [ "profiles" ]);
|
||||
attrValues self.nixosModules;
|
||||
|
||||
in
|
||||
flakeModules ++ [
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ nixos, ... }:
|
||||
let
|
||||
inherit (builtins) attrNames attrValues isAttrs readDir listToAttrs mapAttrs;
|
||||
inherit (builtins) attrNames attrValues isAttrs readDir listToAttrs mapAttrs
|
||||
pathExists;
|
||||
|
||||
inherit (nixos.lib) fold filterAttrs hasSuffix mapAttrs' nameValuePair removeSuffix
|
||||
recursiveUpdate genAttrs nixosSystem mkForce;
|
||||
|
@ -38,12 +39,26 @@ let
|
|||
in
|
||||
map fullPath (attrNames (readDir overlayDir));
|
||||
|
||||
defaultImports = dir:
|
||||
let
|
||||
filtered = filterAttrs
|
||||
(n: v: v == "directory" && pathExists "${dir}/${n}/default.nix")
|
||||
(readDir dir);
|
||||
in
|
||||
mapAttrs
|
||||
(n: v: {
|
||||
default = import "${dir}/${n}/default.nix";
|
||||
} // defaultImports "${dir}/${n}")
|
||||
filtered;
|
||||
|
||||
in
|
||||
{
|
||||
inherit mapFilterAttrs genAttrs' pkgImport pathsToImportedAttrs;
|
||||
inherit defaultImports mapFilterAttrs genAttrs' pkgImport pathsToImportedAttrs;
|
||||
|
||||
overlays = pathsToImportedAttrs overlayPaths;
|
||||
|
||||
profileMap = map (profile: profile.default);
|
||||
|
||||
recImport = { dir, _import ? base: import "${dir}/${base}.nix" }:
|
||||
mapFilterAttrs
|
||||
(_: v: v != null)
|
||||
|
@ -93,13 +108,8 @@ in
|
|||
moduleList = import ../modules/list.nix;
|
||||
modulesAttrs = pathsToImportedAttrs moduleList;
|
||||
|
||||
# profiles
|
||||
profilesList = import ../profiles/list.nix;
|
||||
profilesAttrs = { profiles = pathsToImportedAttrs profilesList; };
|
||||
in
|
||||
recursiveUpdate
|
||||
(recursiveUpdate cachixAttrs modulesAttrs)
|
||||
profilesAttrs;
|
||||
recursiveUpdate cachixAttrs modulesAttrs;
|
||||
|
||||
genHomeActivationPackages = hmConfigs:
|
||||
mapAttrs
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
{
|
||||
{ ... }: {
|
||||
services.hercules-ci-agent.enable = true;
|
||||
}
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let inherit (lib) fileContents;
|
||||
|
||||
in
|
||||
{
|
||||
nix.package = pkgs.nixFlakes;
|
||||
|
|
1
profiles/db/default.nix
Normal file
1
profiles/db/default.nix
Normal file
|
@ -0,0 +1 @@
|
|||
{ ... }: { }
|
|
@ -1,26 +0,0 @@
|
|||
[
|
||||
./ci-agent
|
||||
./core
|
||||
./db/postgres
|
||||
./develop
|
||||
./develop/kakoune
|
||||
./develop/python
|
||||
./develop/tmux
|
||||
./develop/zsh
|
||||
./graphical
|
||||
./graphical/games
|
||||
./graphical/im
|
||||
./graphical/plex.nix
|
||||
./graphical/qutebrowser
|
||||
./graphical/sway
|
||||
./graphical/xmonad
|
||||
./laptop
|
||||
./misc/disable-mitigations.nix
|
||||
./network
|
||||
./network/adblocking.nix
|
||||
./network/networkmanager
|
||||
./network/stubby.nix
|
||||
./network/torrent.nix
|
||||
./ssh
|
||||
./virt
|
||||
]
|
1
profiles/misc/default.nix
Normal file
1
profiles/misc/default.nix
Normal file
|
@ -0,0 +1 @@
|
|||
{ ... }: { }
|
|
@ -1,3 +1,3 @@
|
|||
{
|
||||
imports = [ ./networkmanager ./adblocking.nix ];
|
||||
{ ... }: {
|
||||
imports = [ ./networkmanager ./adblocking ];
|
||||
}
|
||||
|
|
34
profiles/suites.nix
Normal file
34
profiles/suites.nix
Normal file
|
@ -0,0 +1,34 @@
|
|||
{ lib, profiles }:
|
||||
let
|
||||
inherit (builtins) mapAttrs isFunction;
|
||||
|
||||
allProfiles =
|
||||
let
|
||||
filtered = lib.filterAttrs (n: _: n != "core") profiles;
|
||||
in
|
||||
lib.collect isFunction filtered;
|
||||
|
||||
allUsers = lib.collect isFunction users;
|
||||
|
||||
users = lib.flk.defaultImports (toString ../users);
|
||||
in
|
||||
with profiles;
|
||||
mapAttrs (_: v: lib.flk.profileMap v)
|
||||
# define your own suites below
|
||||
rec {
|
||||
work = [ develop virt users.nixos users.root ];
|
||||
|
||||
graphics = work ++ [ graphical ];
|
||||
|
||||
mobile = graphics ++ [ laptop ];
|
||||
|
||||
play = graphics ++ [
|
||||
graphical.games
|
||||
network.torrent
|
||||
misc.disable-mitigations
|
||||
];
|
||||
|
||||
goPlay = play ++ [ laptop ];
|
||||
} // {
|
||||
inherit allProfiles allUsers;
|
||||
}
|
|
@ -1,6 +1,5 @@
|
|||
{ ... }:
|
||||
{
|
||||
imports = [ ../../profiles/develop ];
|
||||
|
||||
home-manager.users.nixos = {
|
||||
imports = [ ../profiles/git ../profiles/direnv ];
|
||||
};
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
{ ... }:
|
||||
# recommend using `hashedPassword`
|
||||
{
|
||||
users.users.root.password = "";
|
||||
|
|
Loading…
Reference in a new issue