setup configurations API

NixOS file, configurations/<name>.nix, will be easily installable via `nixos-rebuild --flake ".#<name>"`.
2019-12-04 22:36:36 -07:00 · 2019-12-04 22:36:36 -07:00 · 79181e103f
parent 17713c22d0
commit 79181e103f
15 changed files with 266 additions and 13 deletions
--- a/.git-crypt/.gitattributes
+++ b/.git-crypt/.gitattributes
@ -0,0 +1,4 @@
 # Do not edit this file.  To specify the files to encrypt, create your own
 # .gitattributes file in the directory where your files are.
 * !filter !diff
 *.gpg binary
--- a/.git-crypt/keys/default/0/54718D2B78DCAA9C770296F18985725DB5B0C122.gpg
+++ b/.git-crypt/keys/default/0/54718D2B78DCAA9C770296F18985725DB5B0C122.gpg
@ -0,0 +1,3 @@
 …¨¬j›zq¤¦ÿa3Û«¡B:³bÒ…§
–ù·=uˆ„Ýl-Œê
*‰EÕ¯’DÅ4¤! WUÍ|˜Á$2^lÝ	)í.è–•ƒóa`	¤	'Œi1!žÜ²¢-¦æ6¼q~þ„
 ™‹INÒy8)[<5B>"#0 ø<C2A0>\8:†übd Ü^gÇ)gh0ÞãcÏM`ÜMó—!ªŒ®¢SîG~§e"³¢u:$]c ½öBý„Mä"Ç÷êõl²jAÞKµN–2™4Q+^„iX|«›µfÌ<66>üX¨Aäµ.RËXÑ>jºWÏRWûÆià±:Áe'Õ3»XùŠ¾ñ³È‚Ä—ã‡™§Ë‰ÒÀ…WCX0B'yêÒ¹¶d£~("‡"ÍSqÔ´ŒçÊÒA´0_–{HÕ'S"’d…ãŒ¢ñ¡
7PŸA}0UPZ´ð/AcjÒ¯tÏñmëßœ%æÅ[WQÆGFXdåLÄÝàO<C3A0>â\íR<1B>*r«²+2
EEVÈqÞ{ç}"·f¶õ‚Fk<46>5Œ¥ùI/•³kJÉ3Ô²Û¦ú½µ@qžu¯íy%½¨È<C2A8>Ð¤u3Œcž$;€	¤¥×úO·j
 ”C
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1 @@
 secrets/* filter=git-crypt diff=git-crypt
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-
+result
--- a/README.md
+++ b/README.md
@ -1,4 +1,4 @@
->Warning: Highly experimental, API __will__ break!
+## ⚠W️arning: Highly experimental, API __will__ break!
 # Introduction
 Welcome to DevOS. This project is under construction as a rewrite of my current
--- a/configurations/default.nix
+++ b/configurations/default.nix
@ -0,0 +1,72 @@
 { nix, nixpkgs, flake, ... }:
 let
  inherit (builtins)
    isAttrs
    readDir
    ;
  inherit (nixpkgs.lib)
    filterAttrs
    hasSuffix
    mapAttrs'
    nameValuePair
    removeSuffix
    ;
  configs = let
    configs' = let
      config = this:
        nixpkgs.lib.nixosSystem rec {
          system = "x86_64-linux";
          modules = let
            coreConfig = ../modules/profiles/core.nix;
            globalConfig = {
              system.configurationRevision = flake.rev;
              networking.hostName = "${this}";
              nix.package = nix.defaultPackage."${system}";
            };
            thisConfig = ./. + "/${this}.nix";
          in
            [
              coreConfig
              globalConfig
              thisConfig
            ];
        };
      dot = readDir ./.;
    in
      mapAttrs'
        (
          name: value:
            if
              name != "default.nix"
              && hasSuffix ".nix" name
              && value == "regular"
            then let
              name' = removeSuffix ".nix" name;
            in
              nameValuePair (name') (config name')
            else
              nameValuePair ("") (null)
        )
        dot;
    removeInvalid =
      filterAttrs (_: value: isAttrs value);
  in
    removeInvalid configs';
 in
 configs
--- a/configurations/gaze12.nix
+++ b/configurations/gaze12.nix
@ -0,0 +1,18 @@
 { ... }:
 let
  inherit (builtins) readFile;
 in
 {
  imports = [];
  boot.loader.systemd-boot = {
    enable = true;
    editor = false;
  };
  users.users.root.hashedPassword =
    readFile
      ../secrets/root;
 }
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,18 @@
 {
    "inputs": {
        "nix": {
            "inputs": {
                "nixpkgs": {
                    "inputs": {},
                    "narHash": "sha256-ZzR2l1dovxeZ555KXxz7SAXrC72BfaR4BeqvJzRdmwQ=",
                    "originalUrl": "nixpkgs/release-19.09",
                    "url": "github:edolstra/nixpkgs/d37927a77e70a2b3408ceaa2e763b6df1f4d941a"
                }
            },
            "narHash": "sha256-8Y2swdV7/T7jjhGAKVrMRkAn7y4qTSjKNIW7NUe7V5s=",
            "originalUrl": "nix",
            "url": "github:NixOS/nix/90d2cf6ff98fc970c9abeae6c37dd323fd0ef953"
        },
        "nixpkgs": {
            "inputs": {},
            "narHash": "sha256-Y5ZOTgInrYYoas3vM8uTPLA2DvFI9YoI6haftIKl9go=",
--- a/flake.nix
+++ b/flake.nix
@ -1,16 +1,19 @@
 {
  description = "DevOS";
  epoch = 201909;
  description = "NixOS Configuration";
-  outputs = { self, nixpkgs }: {
+  outputs = { self, nixpkgs, nix }: {
-    nixosConfigurations.gaze12 = nixpkgs.lib.nixosSystem {
+    nixosConfigurations =
-      system = "x86_64-linux";
+      let
        configs = import ./configurations {
          inherit nix nixpkgs;
          flake = self;
        };
      in
        configs;
      modules = [
        {
          system.configurationRevision = self.rev;
        }
      ];
    };
  };
 }
--- a/lib/utils.nix
+++ b/lib/utils.nix
@ -1,2 +1,2 @@
-{}:
+{ ... }:
 {}
--- a/local/.gitignore
+++ b/local/.gitignore
@ -0,0 +1,2 @@
 *
 !.gitignore
--- a/local/file-systems.nix
+++ b/local/file-systems.nix
@ -0,0 +1,3 @@
 {
  fileSystems = {};
 }
--- a/modules/profiles/core.nix
+++ b/modules/profiles/core.nix
@ -0,0 +1,129 @@
 { config, lib, pkgs, ... }:
 {
  imports = [
    ./locale.nix
    ../../local/file-systems.nix
  ];
  boot = {
    kernelPackages = pkgs.linuxPackages_latest;
    tmpOnTmpfs = true;
    kernel.sysctl."kernel.sysrq" = 1;
  };
  environment = {
    systemPackages = with pkgs; [
      binutils
      coreutils
      curl
      dnsutils
      fd
      git
      iputils
      manpages
      moreutils
      ripgrep
      stdmanpages
      utillinux
    ];
    shellAliases = let
      ifSudo = string: lib.mkIf config.security.sudo.enable string;
    in
      {
        # quick cd
        ".." = "cd ..";
        "..." = "cd ../..";
        "...." = "cd ../../..";
        "....." = "cd ../../../..";
        # internet ip
        myip = "dig +short myip.opendns.com @208.67.222.222 2>&1";
        # sudo
        si = ifSudo "env sudo -i";
        sudo = ifSudo "sudo -E ";
        se = ifSudo "sudoedit";
        # systemd
        ctl = "systemctl";
        stl = ifSudo "sudo systemctl";
        utl = "systemctl --user";
        ut = "systemctl --user start";
        un = "systemctl --user stop";
        up = ifSudo "sudo systemctl start";
        dn = ifSudo "sudo systemctl stop";
        jctl = "journalctl";
      };
  };
  fonts = {
    fonts = with pkgs; [
      powerline-fonts
      dejavu_fonts
    ];
    fontconfig.defaultFonts = {
      monospace = [ "DejaVu Sans Mono for Powerline" ];
      sansSerif = [ "DejaVu Sans" ];
    };
  };
  nix = {
    autoOptimiseStore = true;
    gc.automatic = true;
    optimise.automatic = true;
    useSandbox = true;
    allowedUsers = [ "@wheel" ];
    trustedUsers = [ "root" "@wheel" ];
    extraOptions = ''
      experimental-features = nix-command flakes
    '';
  };
  nixpkgs.config.allowUnfree = true;
  programs.mtr.enable = true;
  security = {
    hideProcessInformation = true;
    protectKernelImage = true;
  };
  services.earlyoom.enable = true;
  users.mutableUsers = false;
 }
--- a/modules/profiles/locale.nix
+++ b/modules/profiles/locale.nix
@ -0,0 +1,5 @@
 { ... }:
 {
  i18n.defaultLocale = "en_US.UTF-8";
  time.timeZone = "America/Denver";
 }
--- a/secrets/root
+++ b/secrets/root