From 0837303bb58eb0b7fd5d5fcb43490391b6e12c67 Mon Sep 17 00:00:00 2001 From: Timothy DeHerrera Date: Mon, 1 Feb 2021 20:26:47 -0700 Subject: [PATCH 1/3] profiles: add concept of suites * Import attrs of profiles automatically with `defaultImport`. * Refactor profiles to ensure all are functions returning a module. * Add a suites.nix with collections of profiles. * Add suites as `specialArgs` to modules. * Add suite import to NixOS host. --- DOC.md | 17 +++++++---- hosts/NixOS.nix | 3 +- hosts/ci.nix | 8 ++---- hosts/default.nix | 10 +++++-- lib/default.nix | 26 +++++++++++------ profiles/ci-agent/default.nix | 2 +- profiles/core/default.nix | 1 - profiles/db/default.nix | 1 + .../graphical/{plex.nix => plex/default.nix} | 0 profiles/list.nix | 26 ----------------- profiles/misc/default.nix | 1 + .../default.nix} | 0 .../default.nix} | 0 profiles/network/default.nix | 4 +-- .../{stubby.nix => stubby/default.nix} | 0 .../{torrent.nix => torrent/default.nix} | 0 profiles/suites.nix | 28 +++++++++++++++++++ users/nixos/default.nix | 2 -- 18 files changed, 74 insertions(+), 55 deletions(-) create mode 100644 profiles/db/default.nix rename profiles/graphical/{plex.nix => plex/default.nix} (100%) delete mode 100644 profiles/list.nix create mode 100644 profiles/misc/default.nix rename profiles/misc/{disable-mitigations.nix => disable-mitigations/default.nix} (100%) rename profiles/network/{adblocking.nix => adblocking/default.nix} (100%) rename profiles/network/{stubby.nix => stubby/default.nix} (100%) rename profiles/network/{torrent.nix => torrent/default.nix} (100%) create mode 100644 profiles/suites.nix diff --git a/DOC.md b/DOC.md index bd0da9b2..5a188459 100644 --- a/DOC.md +++ b/DOC.md @@ -8,8 +8,8 @@ See [`hosts/default.nix`](hosts/default.nix) for the implementation. ## Profiles A profile is any directory under [profiles](profiles) containing a `default.nix` -defining a valid NixOS module, with the added restriction that no new -declarations to the `options` _or_ `config` attributes are allowed +defining a function that returns a valid NixOS module, with the added restriction +that no new declarations to the `options` _or_ `config` attributes are allowed (use [modules](modules) instead). Their purpose is to provide abstract expressions suitable for reuse by multiple deployments. They are perhaps _the_ key mechanism by which we keep this repo maintainable. @@ -30,9 +30,16 @@ profile should be independent of its parent. i.e: It is okay for profiles to depend on other profiles so long as they are explicitly loaded via `imports`. -Optionally, you may choose to export your profiles via the flake output. If -you include it in the list defined in [profiles/list.nix](profiles/list.nix), -it will be available to other flakes via `nixosModules.profiles`. +## Suites + +[Suites](./profiles/suites.nix) are simple collections of profiles that can be +directly imported from any host like so: +``` +{ suites, ... }: +{ + imports = suites.mySuite; +} +``` ## Users User declarations belong in the `users` directory. diff --git a/hosts/NixOS.nix b/hosts/NixOS.nix index 5039cff7..e7522f0e 100644 --- a/hosts/NixOS.nix +++ b/hosts/NixOS.nix @@ -1,6 +1,7 @@ +{ suites, ... }: { ### root password is empty by default ### - imports = [ ../users/nixos ../users/root ]; + imports = [ ../users/nixos ../users/root ] ++ suites.graphics; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; diff --git a/hosts/ci.nix b/hosts/ci.nix index 4049d3b4..5a292960 100644 --- a/hosts/ci.nix +++ b/hosts/ci.nix @@ -1,10 +1,6 @@ +{ suites, ... }: { - imports = - let - profiles = builtins.filter (n: n != ../profiles/core) - (import ../profiles/list.nix); - in - profiles ++ [ ../users/nixos ../users/root ]; + imports = [ ../users/nixos ../users/root ] ++ suites.all; security.mitigations.acceptRisk = true; diff --git a/hosts/default.nix b/hosts/default.nix index 849af9b3..7baf62ed 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -9,9 +9,12 @@ , ... }: let - inherit (lib.flk) recImport nixosSystemExtended; + inherit (lib.flk) recImport nixosSystemExtended defaultImports; inherit (builtins) attrValues removeAttrs; + profiles = defaultImports (toString ../profiles); + suites = import ../profiles/suites.nix { inherit lib profiles; }; + unstableModules = [ ]; addToDisabledModules = [ ]; @@ -21,13 +24,14 @@ let specialArgs = { + inherit suites; unstableModulesPath = "${master}/nixos/modules"; hardware = nixos-hardware.nixosModules; }; modules = let - core = self.nixosModules.profiles.core; + core = profiles.core.default; modOverrides = { config, unstableModulesPath, ... }: { disabledModules = unstableModules ++ addToDisabledModules; @@ -63,7 +67,7 @@ let # Everything in `./modules/list.nix`. flakeModules = - attrValues (removeAttrs self.nixosModules [ "profiles" ]); + attrValues self.nixosModules; in flakeModules ++ [ diff --git a/lib/default.nix b/lib/default.nix index 6d393b89..bd39e615 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,6 +1,7 @@ { nixos, ... }: let - inherit (builtins) attrNames attrValues isAttrs readDir listToAttrs mapAttrs; + inherit (builtins) attrNames attrValues isAttrs readDir listToAttrs mapAttrs + pathExists; inherit (nixos.lib) fold filterAttrs hasSuffix mapAttrs' nameValuePair removeSuffix recursiveUpdate genAttrs nixosSystem mkForce; @@ -38,12 +39,26 @@ let in map fullPath (attrNames (readDir overlayDir)); + defaultImports = dir: + let + filtered = filterAttrs + (n: v: v == "directory" && pathExists "${dir}/${n}/default.nix") + (readDir dir); + in + mapAttrs + (n: v: { + default = import "${dir}/${n}/default.nix"; + } // defaultImports "${dir}/${n}") + filtered; + in { - inherit mapFilterAttrs genAttrs' pkgImport pathsToImportedAttrs; + inherit defaultImports mapFilterAttrs genAttrs' pkgImport pathsToImportedAttrs; overlays = pathsToImportedAttrs overlayPaths; + profileMap = map (profile: profile.default); + recImport = { dir, _import ? base: import "${dir}/${base}.nix" }: mapFilterAttrs (_: v: v != null) @@ -93,13 +108,8 @@ in moduleList = import ../modules/list.nix; modulesAttrs = pathsToImportedAttrs moduleList; - # profiles - profilesList = import ../profiles/list.nix; - profilesAttrs = { profiles = pathsToImportedAttrs profilesList; }; in - recursiveUpdate - (recursiveUpdate cachixAttrs modulesAttrs) - profilesAttrs; + recursiveUpdate cachixAttrs modulesAttrs; genHomeActivationPackages = hmConfigs: mapAttrs diff --git a/profiles/ci-agent/default.nix b/profiles/ci-agent/default.nix index c5ae3630..9dcb15a9 100644 --- a/profiles/ci-agent/default.nix +++ b/profiles/ci-agent/default.nix @@ -1,3 +1,3 @@ -{ +{ ... }: { services.hercules-ci-agent.enable = true; } diff --git a/profiles/core/default.nix b/profiles/core/default.nix index 383a8286..05f2383c 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -1,6 +1,5 @@ { config, lib, pkgs, ... }: let inherit (lib) fileContents; - in { nix.package = pkgs.nixFlakes; diff --git a/profiles/db/default.nix b/profiles/db/default.nix new file mode 100644 index 00000000..c915eb0a --- /dev/null +++ b/profiles/db/default.nix @@ -0,0 +1 @@ +{ ... }: { } diff --git a/profiles/graphical/plex.nix b/profiles/graphical/plex/default.nix similarity index 100% rename from profiles/graphical/plex.nix rename to profiles/graphical/plex/default.nix diff --git a/profiles/list.nix b/profiles/list.nix deleted file mode 100644 index 2dfa3830..00000000 --- a/profiles/list.nix +++ /dev/null @@ -1,26 +0,0 @@ -[ - ./ci-agent - ./core - ./db/postgres - ./develop - ./develop/kakoune - ./develop/python - ./develop/tmux - ./develop/zsh - ./graphical - ./graphical/games - ./graphical/im - ./graphical/plex.nix - ./graphical/qutebrowser - ./graphical/sway - ./graphical/xmonad - ./laptop - ./misc/disable-mitigations.nix - ./network - ./network/adblocking.nix - ./network/networkmanager - ./network/stubby.nix - ./network/torrent.nix - ./ssh - ./virt -] diff --git a/profiles/misc/default.nix b/profiles/misc/default.nix new file mode 100644 index 00000000..c915eb0a --- /dev/null +++ b/profiles/misc/default.nix @@ -0,0 +1 @@ +{ ... }: { } diff --git a/profiles/misc/disable-mitigations.nix b/profiles/misc/disable-mitigations/default.nix similarity index 100% rename from profiles/misc/disable-mitigations.nix rename to profiles/misc/disable-mitigations/default.nix diff --git a/profiles/network/adblocking.nix b/profiles/network/adblocking/default.nix similarity index 100% rename from profiles/network/adblocking.nix rename to profiles/network/adblocking/default.nix diff --git a/profiles/network/default.nix b/profiles/network/default.nix index c3f9e9ad..13b5f0e1 100644 --- a/profiles/network/default.nix +++ b/profiles/network/default.nix @@ -1,3 +1,3 @@ -{ - imports = [ ./networkmanager ./adblocking.nix ]; +{ ... }: { + imports = [ ./networkmanager ./adblocking ]; } diff --git a/profiles/network/stubby.nix b/profiles/network/stubby/default.nix similarity index 100% rename from profiles/network/stubby.nix rename to profiles/network/stubby/default.nix diff --git a/profiles/network/torrent.nix b/profiles/network/torrent/default.nix similarity index 100% rename from profiles/network/torrent.nix rename to profiles/network/torrent/default.nix diff --git a/profiles/suites.nix b/profiles/suites.nix new file mode 100644 index 00000000..c8088388 --- /dev/null +++ b/profiles/suites.nix @@ -0,0 +1,28 @@ +{ lib, profiles }: +let + inherit (builtins) mapAttrs isFunction; + all = + let + filtered = lib.filterAttrs (n: _: n != "core") profiles; + in + lib.collect isFunction filtered; +in +with profiles; +mapAttrs (_: v: lib.flk.profileMap v) + rec { + work = [ develop virt ]; + + graphics = work ++ [ graphical ]; + + mobile = graphics ++ [ laptop ]; + + play = graphics ++ [ + graphical.games + torrent + misc.disable-mitigations + ]; + + goPlay = play ++ [ laptop ]; + } // { + inherit all; +} diff --git a/users/nixos/default.nix b/users/nixos/default.nix index 3c3d3570..409d9972 100644 --- a/users/nixos/default.nix +++ b/users/nixos/default.nix @@ -1,6 +1,4 @@ { - imports = [ ../../profiles/develop ]; - home-manager.users.nixos = { imports = [ ../profiles/git ../profiles/direnv ]; }; From 57c60bcdcd5e25a59439a27b51eb369a0fa64118 Mon Sep 17 00:00:00 2001 From: Timothy DeHerrera Date: Mon, 1 Feb 2021 20:57:14 -0700 Subject: [PATCH 2/3] suites: add users to suites --- DOC.md | 3 +++ hosts/NixOS.nix | 2 +- hosts/ci.nix | 2 +- profiles/suites.nix | 12 +++++++++--- users/nixos/default.nix | 1 + users/root/default.nix | 1 + 6 files changed, 16 insertions(+), 5 deletions(-) diff --git a/DOC.md b/DOC.md index 5a188459..d3838388 100644 --- a/DOC.md +++ b/DOC.md @@ -41,6 +41,9 @@ directly imported from any host like so: } ``` +You can declare any combination of users and profiles that you wish, providing +a nice abstraction, free from the idiosyncratic concerns of specific hardware. + ## Users User declarations belong in the `users` directory. diff --git a/hosts/NixOS.nix b/hosts/NixOS.nix index e7522f0e..6fd834ed 100644 --- a/hosts/NixOS.nix +++ b/hosts/NixOS.nix @@ -1,7 +1,7 @@ { suites, ... }: { ### root password is empty by default ### - imports = [ ../users/nixos ../users/root ] ++ suites.graphics; + imports = suites.graphics; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; diff --git a/hosts/ci.nix b/hosts/ci.nix index 5a292960..90d28af0 100644 --- a/hosts/ci.nix +++ b/hosts/ci.nix @@ -1,6 +1,6 @@ { suites, ... }: { - imports = [ ../users/nixos ../users/root ] ++ suites.all; + imports = with suites; allProfiles ++ allUsers; security.mitigations.acceptRisk = true; diff --git a/profiles/suites.nix b/profiles/suites.nix index c8088388..99a901a0 100644 --- a/profiles/suites.nix +++ b/profiles/suites.nix @@ -1,16 +1,22 @@ { lib, profiles }: let inherit (builtins) mapAttrs isFunction; - all = + + allProfiles = let filtered = lib.filterAttrs (n: _: n != "core") profiles; in lib.collect isFunction filtered; + + allUsers = lib.collect isFunction users; + + users = lib.flk.defaultImports (toString ../users); in with profiles; mapAttrs (_: v: lib.flk.profileMap v) + # define your own suites below rec { - work = [ develop virt ]; + work = [ develop virt users.nixos users.root ]; graphics = work ++ [ graphical ]; @@ -24,5 +30,5 @@ mapAttrs (_: v: lib.flk.profileMap v) goPlay = play ++ [ laptop ]; } // { - inherit all; + inherit allProfiles allUsers; } diff --git a/users/nixos/default.nix b/users/nixos/default.nix index 409d9972..38bf20fd 100644 --- a/users/nixos/default.nix +++ b/users/nixos/default.nix @@ -1,3 +1,4 @@ +{ ... }: { home-manager.users.nixos = { imports = [ ../profiles/git ../profiles/direnv ]; diff --git a/users/root/default.nix b/users/root/default.nix index 9ca9d349..f38c7391 100644 --- a/users/root/default.nix +++ b/users/root/default.nix @@ -1,3 +1,4 @@ +{ ... }: # recommend using `hashedPassword` { users.users.root.password = ""; From b7b8b592fa2be90347c817258f4988ed0cd21218 Mon Sep 17 00:00:00 2001 From: Timothy DeHerrera Date: Mon, 1 Feb 2021 23:37:08 -0700 Subject: [PATCH 3/3] suites: fix play --- profiles/suites.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/suites.nix b/profiles/suites.nix index 99a901a0..a359c28c 100644 --- a/profiles/suites.nix +++ b/profiles/suites.nix @@ -24,7 +24,7 @@ mapAttrs (_: v: lib.flk.profileMap v) play = graphics ++ [ graphical.games - torrent + network.torrent misc.disable-mitigations ];