setup configurations API

NixOS file, configurations/<name>.nix, will be easily installable
via `nixos-rebuild --flake ".#<name>"`.
This commit is contained in:
Timothy DeHerrera 2019-12-04 22:36:36 -07:00
parent 17713c22d0
commit 79181e103f
No known key found for this signature in database
GPG key ID: 8985725DB5B0C122
15 changed files with 266 additions and 13 deletions

4
.git-crypt/.gitattributes vendored Normal file
View file

@ -0,0 +1,4 @@
# Do not edit this file. To specify the files to encrypt, create your own
# .gitattributes file in the directory where your files are.
* !filter !diff
*.gpg binary

View file

@ -0,0 +1,3 @@
 ¨¬jzq¤¦ÿa3Û«¡B:³bÒ…§ –ù·=uˆ„Ýl-Œê *‰EÕ¯DÅ4¤! WUÍ|˜Á$2^lÝ )í.è–•ƒó a` ¤ 'Œi1!žÜ ²¢-¦æ6¼q~þ„
INÒy8)[<5B>"#0 ø<C2A0>\8:†ü b d Ü^gÇ)gh0ÞãcÏM`ÜMó—!ªŒ®¢SîG~§e"³¢u:$]c ½öBý„Mä"Ç÷êõl²jAÞKµN2™4Q+^„iX|«µfÌ<66>üX¨Aäµ.RËXÑ> jºWÏRWûÆià±:Áe'Õ3»XùŠ¾ñ³È‚ė㙧ˉÒÀWCX0B'yêÒ¹¶d£~("‡"ÍSqÔ´ŒçÊÒA´0_{HÕ'S"d…㌠¢ñ¡ 7PŸA}0UPZ´ð/AcjÒ¯tÏñmëßœ%æÅ[WQÆGFXdåLÄÝàO<C3A0>â\ íR<1B>* r«²+2 EEVÈqÞ{ç}"·f¶õFk<46>5Œ¥ùI/•³kJÉ3Ô²Û¦ú½µ@qžu¯íy%½¨È<C2A8>Фu3Œcž$;€ ¤¥×úO·j
”C

1
.gitattributes vendored Normal file
View file

@ -0,0 +1 @@
secrets/* filter=git-crypt diff=git-crypt

2
.gitignore vendored
View file

@ -1 +1 @@
result

View file

@ -1,4 +1,4 @@
>Warning: Highly experimental, API __will__ break! ## ⚠Warning: Highly experimental, API __will__ break!
# Introduction # Introduction
Welcome to DevOS. This project is under construction as a rewrite of my current Welcome to DevOS. This project is under construction as a rewrite of my current

View file

@ -0,0 +1,72 @@
{ nix, nixpkgs, flake, ... }:
let
inherit (builtins)
isAttrs
readDir
;
inherit (nixpkgs.lib)
filterAttrs
hasSuffix
mapAttrs'
nameValuePair
removeSuffix
;
configs = let
configs' = let
config = this:
nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
modules = let
coreConfig = ../modules/profiles/core.nix;
globalConfig = {
system.configurationRevision = flake.rev;
networking.hostName = "${this}";
nix.package = nix.defaultPackage."${system}";
};
thisConfig = ./. + "/${this}.nix";
in
[
coreConfig
globalConfig
thisConfig
];
};
dot = readDir ./.;
in
mapAttrs'
(
name: value:
if
name != "default.nix"
&& hasSuffix ".nix" name
&& value == "regular"
then let
name' = removeSuffix ".nix" name;
in
nameValuePair (name') (config name')
else
nameValuePair ("") (null)
)
dot;
removeInvalid =
filterAttrs (_: value: isAttrs value);
in
removeInvalid configs';
in
configs

18
configurations/gaze12.nix Normal file
View file

@ -0,0 +1,18 @@
{ ... }:
let
inherit (builtins) readFile;
in
{
imports = [];
boot.loader.systemd-boot = {
enable = true;
editor = false;
};
users.users.root.hashedPassword =
readFile
../secrets/root;
}

View file

@ -1,5 +1,18 @@
{ {
"inputs": { "inputs": {
"nix": {
"inputs": {
"nixpkgs": {
"inputs": {},
"narHash": "sha256-ZzR2l1dovxeZ555KXxz7SAXrC72BfaR4BeqvJzRdmwQ=",
"originalUrl": "nixpkgs/release-19.09",
"url": "github:edolstra/nixpkgs/d37927a77e70a2b3408ceaa2e763b6df1f4d941a"
}
},
"narHash": "sha256-8Y2swdV7/T7jjhGAKVrMRkAn7y4qTSjKNIW7NUe7V5s=",
"originalUrl": "nix",
"url": "github:NixOS/nix/90d2cf6ff98fc970c9abeae6c37dd323fd0ef953"
},
"nixpkgs": { "nixpkgs": {
"inputs": {}, "inputs": {},
"narHash": "sha256-Y5ZOTgInrYYoas3vM8uTPLA2DvFI9YoI6haftIKl9go=", "narHash": "sha256-Y5ZOTgInrYYoas3vM8uTPLA2DvFI9YoI6haftIKl9go=",

View file

@ -1,16 +1,19 @@
{ {
description = "DevOS";
epoch = 201909; epoch = 201909;
description = "NixOS Configuration";
outputs = { self, nixpkgs }: { outputs = { self, nixpkgs, nix }: {
nixosConfigurations.gaze12 = nixpkgs.lib.nixosSystem { nixosConfigurations =
system = "x86_64-linux"; let
configs = import ./configurations {
inherit nix nixpkgs;
flake = self;
};
in
configs;
modules = [
{
system.configurationRevision = self.rev;
}
];
};
}; };
} }

View file

@ -1,2 +1,2 @@
{}: { ... }:
{} {}

2
local/.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
*
!.gitignore

3
local/file-systems.nix Normal file
View file

@ -0,0 +1,3 @@
{
fileSystems = {};
}

129
modules/profiles/core.nix Normal file
View file

@ -0,0 +1,129 @@
{ config, lib, pkgs, ... }:
{
imports = [
./locale.nix
../../local/file-systems.nix
];
boot = {
kernelPackages = pkgs.linuxPackages_latest;
tmpOnTmpfs = true;
kernel.sysctl."kernel.sysrq" = 1;
};
environment = {
systemPackages = with pkgs; [
binutils
coreutils
curl
dnsutils
fd
git
iputils
manpages
moreutils
ripgrep
stdmanpages
utillinux
];
shellAliases = let
ifSudo = string: lib.mkIf config.security.sudo.enable string;
in
{
# quick cd
".." = "cd ..";
"..." = "cd ../..";
"...." = "cd ../../..";
"....." = "cd ../../../..";
# internet ip
myip = "dig +short myip.opendns.com @208.67.222.222 2>&1";
# sudo
si = ifSudo "env sudo -i";
sudo = ifSudo "sudo -E ";
se = ifSudo "sudoedit";
# systemd
ctl = "systemctl";
stl = ifSudo "sudo systemctl";
utl = "systemctl --user";
ut = "systemctl --user start";
un = "systemctl --user stop";
up = ifSudo "sudo systemctl start";
dn = ifSudo "sudo systemctl stop";
jctl = "journalctl";
};
};
fonts = {
fonts = with pkgs; [
powerline-fonts
dejavu_fonts
];
fontconfig.defaultFonts = {
monospace = [ "DejaVu Sans Mono for Powerline" ];
sansSerif = [ "DejaVu Sans" ];
};
};
nix = {
autoOptimiseStore = true;
gc.automatic = true;
optimise.automatic = true;
useSandbox = true;
allowedUsers = [ "@wheel" ];
trustedUsers = [ "root" "@wheel" ];
extraOptions = ''
experimental-features = nix-command flakes
'';
};
nixpkgs.config.allowUnfree = true;
programs.mtr.enable = true;
security = {
hideProcessInformation = true;
protectKernelImage = true;
};
services.earlyoom.enable = true;
users.mutableUsers = false;
}

View file

@ -0,0 +1,5 @@
{ ... }:
{
i18n.defaultLocale = "en_US.UTF-8";
time.timeZone = "America/Denver";
}

BIN
secrets/root Normal file

Binary file not shown.