Compare commits
53 commits
main
...
hensoko-pr
Author | SHA1 | Date | |
---|---|---|---|
Hendrik Sokolowski | 06d72216b5 | ||
Hendrik Sokolowski | 5117333177 | ||
Hendrik Sokolowski | 86eab03d87 | ||
Hendrik Sokolowski | 845444f528 | ||
Hendrik Sokolowski | 552f60b7be | ||
Hendrik Sokolowski | 464f059089 | ||
Hendrik Sokolowski | 0028058588 | ||
Hendrik Sokolowski | 4a436666ad | ||
Hendrik Sokolowski | ae0cd2e1fd | ||
Hendrik Sokolowski | 8144c332d1 | ||
Hendrik Sokolowski | 91c8eea69f | ||
Hendrik Sokolowski | 98751b66c9 | ||
Hendrik Sokolowski | e5c9d8e07b | ||
Hendrik Sokolowski | c39d7f8d0b | ||
Hendrik Sokolowski | 51201be734 | ||
Hendrik Sokolowski | 153df0ab4f | ||
Hendrik Sokolowski | e967841fe4 | ||
Hendrik Sokolowski | f6706c9aa5 | ||
Hendrik Sokolowski | 40cb22a7fc | ||
Hendrik Sokolowski | b4df0ccbce | ||
Hendrik Sokolowski | 830ddca0fc | ||
Hendrik Sokolowski | 0d0ca1ac7e | ||
Hendrik Sokolowski | 25d362ed79 | ||
Hendrik Sokolowski | 80e26a3350 | ||
Hendrik Sokolowski | a1c834002a | ||
Hendrik Sokolowski | 069d63e56e | ||
Hendrik Sokolowski | 1e15ff9372 | ||
Hendrik Sokolowski | db551c0588 | ||
Hendrik Sokolowski | afecf5b555 | ||
Hendrik Sokolowski | bcbc1440b8 | ||
Hendrik Sokolowski | 8dc8a846d4 | ||
Hendrik Sokolowski | 5c4b11bd92 | ||
Hendrik Sokolowski | 2c4f7967f5 | ||
Hendrik Sokolowski | a1fa3ef7f0 | ||
Hendrik Sokolowski | cee78aa6cc | ||
Hendrik Sokolowski | 7d240cd3e9 | ||
Hendrik Sokolowski | 2b81a311bb | ||
Hendrik Sokolowski | d46e871d9e | ||
Hendrik Sokolowski | c00e84ea39 | ||
Hendrik Sokolowski | da5aeefbff | ||
Hendrik Sokolowski | cc0dd3f8c4 | ||
Hendrik Sokolowski | 9fa666aeba | ||
Hendrik Sokolowski | 1da25fe215 | ||
Hendrik Sokolowski | 19b91c2898 | ||
Hendrik Sokolowski | 2bcedac110 | ||
Hendrik Sokolowski | 783a114146 | ||
Hendrik Sokolowski | 61525f1390 | ||
Hendrik Sokolowski | 5d9d2caa4f | ||
Hendrik Sokolowski | 60b13f9ec2 | ||
Hendrik Sokolowski | 4bd786be0e | ||
Hendrik Sokolowski | c60b82b3fc | ||
Hendrik Sokolowski | fe56abbd55 | ||
Hendrik Sokolowski | e3295e29a1 |
200
.drone.yml
200
.drone.yml
|
@ -1,74 +1,79 @@
|
||||||
---
|
|
||||||
kind: pipeline
|
|
||||||
type: exec
|
|
||||||
name: Check
|
|
||||||
node:
|
|
||||||
hosttype: baremetal
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: "Check"
|
|
||||||
when:
|
|
||||||
event:
|
|
||||||
- pull_request
|
|
||||||
environment:
|
|
||||||
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
|
|
||||||
commands:
|
|
||||||
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
|
|
||||||
- nix $$NIX_FLAGS develop --command nix flake show
|
|
||||||
- nix $$NIX_FLAGS develop --command treefmt --fail-on-change
|
|
||||||
- nix $$NIX_FLAGS develop --command editorconfig-checker
|
|
||||||
- nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel"
|
|
||||||
|
|
||||||
---
|
|
||||||
kind: pipeline
|
|
||||||
type: exec
|
|
||||||
name: Tests
|
|
||||||
node:
|
|
||||||
hosttype: baremetal
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: "Tests"
|
|
||||||
environment:
|
|
||||||
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
|
|
||||||
commands:
|
|
||||||
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
|
|
||||||
- nix $$NIX_FLAGS build ".#checks.x86_64-linux.customTestFor-PubSolarOS-firstTest"
|
|
||||||
- nix-store --read-log result
|
|
||||||
- nix $$NIX_FLAGS flake check
|
|
||||||
- nix $$NIX_FLAGS develop --command echo OK
|
|
||||||
|
|
||||||
- name: "Upload artifacts"
|
|
||||||
environment:
|
|
||||||
TRITON_DONT_SOURCE_PROFILE: 1
|
|
||||||
PRIVATE_SSH_KEY:
|
|
||||||
from_secret: private_ssh_key
|
|
||||||
MANTA_USER: pub_solar
|
|
||||||
MANTA_URL: https://eu-central.manta.greenbaum.cloud
|
|
||||||
MANTA_KEY_ID: "5d:5f:3d:22:8d:37:1f:e6:d6:ab:06:18:d9:a2:04:67"
|
|
||||||
commands:
|
|
||||||
- export TARGET_DIR="ci/$${DRONE_REPO}/$${DRONE_BUILD_NUMBER}"
|
|
||||||
- echo env var TARGET_DIR is set to $$TARGET_DIR
|
|
||||||
- "mkdir ~/.ssh && chmod 700 ~/.ssh"
|
|
||||||
- echo "$$PRIVATE_SSH_KEY" > ~/.ssh/id_ed25519 && chmod 600 ~/.ssh/id_ed25519
|
|
||||||
- nix flake new --template "git+https://git.greenbaum.cloud/dev/tritonshell?ref=main" ./tritonshell
|
|
||||||
- git add tritonshell
|
|
||||||
- cd tritonshell
|
|
||||||
- nix develop --command mput -p -f ../result/foot_wayland_info.png ~~/public/$${TARGET_DIR}/foot_wayland_info.png
|
|
||||||
- nix develop --command mput -p -f ../result/test-wayland.out ~~/public/$${TARGET_DIR}/test-wayland.out
|
|
||||||
|
|
||||||
trigger:
|
|
||||||
ref:
|
|
||||||
- refs/tags/v*
|
|
||||||
- refs/tags/t*
|
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: pipeline
|
kind: pipeline
|
||||||
type: docker
|
type: docker
|
||||||
name: Notification
|
name: Upstreaming
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
- name: "Sync 'devos' branch with upstream"
|
||||||
|
image: alpine/git
|
||||||
|
when:
|
||||||
|
event:
|
||||||
|
- cron
|
||||||
|
cron:
|
||||||
|
- sync-main-with-upstream
|
||||||
|
environment:
|
||||||
|
GITEA_SSH_KEY:
|
||||||
|
from_secret: gitea_ssh_key
|
||||||
|
commands:
|
||||||
|
- ./.drone/setup_ssh.sh
|
||||||
|
- git remote add devos git@git.b12f.io:pub-solar/devos
|
||||||
|
- git remote set-url origin git@git.b12f.io:pub-solar/os
|
||||||
|
- git fetch --all
|
||||||
|
- git checkout -b devos --track origin/devos
|
||||||
|
- git merge -X theirs devos/main
|
||||||
|
- git push origin devos
|
||||||
|
- git remote set-url origin https://git.b12f.io/pub-solar/os.git
|
||||||
|
|
||||||
|
- name: "Sync $BRANCH with upstream"
|
||||||
|
image: alpine/git
|
||||||
|
when:
|
||||||
|
event:
|
||||||
|
- cron
|
||||||
|
cron:
|
||||||
|
- sync-main-with-upstream
|
||||||
|
- sync-b12f-with-main
|
||||||
|
- sync-teutat3s-with-main
|
||||||
|
environment:
|
||||||
|
GITEA_SSH_KEY:
|
||||||
|
from_secret: gitea_ssh_key
|
||||||
|
commands:
|
||||||
|
- git fetch origin
|
||||||
|
- git checkout origin/main
|
||||||
|
- ./.drone/setup_ssh.sh
|
||||||
|
- git remote set-url origin git@git.b12f.io:pub-solar/os
|
||||||
|
- git fetch --all
|
||||||
|
- ./.drone/upstream-branch.sh
|
||||||
|
|
||||||
|
- name: "Open pull request for failed merge"
|
||||||
|
image: nixery.dev/shell/tea
|
||||||
|
when:
|
||||||
|
status:
|
||||||
|
- failure
|
||||||
|
event:
|
||||||
|
- cron
|
||||||
|
cron:
|
||||||
|
- sync-main-with-upstream
|
||||||
|
- sync-b12f-with-main
|
||||||
|
- sync-teutat3s-with-main
|
||||||
|
environment:
|
||||||
|
TEA_CONFIG:
|
||||||
|
from_secret: tea_config
|
||||||
|
commands:
|
||||||
|
- mkdir -p ~/.config/tea
|
||||||
|
- echo "$$TEA_CONFIG" > ~/.config/tea/config.yml
|
||||||
|
- tea pulls create --base main --head devos
|
||||||
|
|
||||||
- name: "Notify matrix"
|
- name: "Notify matrix"
|
||||||
image: plugins/matrix
|
image: plugins/matrix
|
||||||
|
when:
|
||||||
|
status:
|
||||||
|
- failure
|
||||||
|
event:
|
||||||
|
- cron
|
||||||
|
cron:
|
||||||
|
- sync-main-with-upstream
|
||||||
|
- sync-b12f-with-main
|
||||||
|
- sync-teutat3s-with-main
|
||||||
settings:
|
settings:
|
||||||
homeserver: https://matrix.pub.solar
|
homeserver: https://matrix.pub.solar
|
||||||
roomid: dfQBqwkhIzrFjMSsxy:pub.solar
|
roomid: dfQBqwkhIzrFjMSsxy:pub.solar
|
||||||
|
@ -76,15 +81,31 @@ steps:
|
||||||
from_secret: matrix_username
|
from_secret: matrix_username
|
||||||
password:
|
password:
|
||||||
from_secret: matrix_password
|
from_secret: matrix_password
|
||||||
template: "Test run triggered by tag: {{ build.tag }}. Test run exit status: {{ build.status }}. Artifacts uploaded to Manta: https://eu-central.manta.greenbaum.cloud/pub_solar/public/ci/{{ repo.Owner }}/{{ repo.Name }}/{{ build.number }}/foot_wayland_info.png"
|
template: "Upstreaming {{ build.status }} [{{ build.branch }}#{{ truncate build.commit 8 }}]({{ build.link }}) by {{ build.author }}. [Pull requests](https://git.b12f.io/pub-solar/os/pulls)"
|
||||||
|
|
||||||
depends_on:
|
|
||||||
- Tests
|
|
||||||
|
|
||||||
trigger:
|
trigger:
|
||||||
ref:
|
event:
|
||||||
- refs/tags/v*
|
- cron
|
||||||
- refs/tags/t*
|
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
type: docker
|
||||||
|
name: Check
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: "Check"
|
||||||
|
image: docker.nix-community.org/nixpkgs/nix-flakes:latest
|
||||||
|
when:
|
||||||
|
event:
|
||||||
|
- pull_request
|
||||||
|
- tag
|
||||||
|
environment:
|
||||||
|
NIX_FLAGS: "--print-build-logs --verbose"
|
||||||
|
commands:
|
||||||
|
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
|
||||||
|
- nix $$NIX_FLAGS flake check
|
||||||
|
- nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel"
|
||||||
|
- nix $$NIX_FLAGS develop --command echo OK
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: pipeline
|
kind: pipeline
|
||||||
|
@ -94,54 +115,41 @@ name: Publish ISO
|
||||||
steps:
|
steps:
|
||||||
- name: "Build ISO"
|
- name: "Build ISO"
|
||||||
image: docker.nix-community.org/nixpkgs/nix-flakes:latest
|
image: docker.nix-community.org/nixpkgs/nix-flakes:latest
|
||||||
environment:
|
|
||||||
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
|
|
||||||
volumes:
|
volumes:
|
||||||
- name: file-exchange
|
- name: file-exchange
|
||||||
path: /var/nix/iso-cache
|
path: /var/nix/iso-cache
|
||||||
commands:
|
commands:
|
||||||
- |
|
- |
|
||||||
nix $$NIX_FLAGS build \
|
nix --print-build-logs --verbose \
|
||||||
'.#nixosConfigurations.bootstrap.config.system.build.isoImage'
|
build \
|
||||||
- cp $(readlink -f result)/iso/PubSolarOS*.iso /var/nix/iso-cache/
|
'.#nixosConfigurations.bootstrap.config.system.build.bootstrapIso'
|
||||||
- nix shell nixpkgs#findutils
|
- cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/
|
||||||
- cd /var/nix/iso-cache/
|
|
||||||
- export ISO_NAME=$(find . -name '*.iso' -printf "%f\n")
|
|
||||||
- sha256sum $ISO_NAME > $ISO_NAME.sha256
|
|
||||||
- ln -s $ISO_NAME PubSolarOS-latest.iso
|
|
||||||
- cp $ISO_NAME.sha256 PubSolarOS-latest.iso.sha256
|
|
||||||
- nix run nixpkgs#gnused -- --in-place "s/$ISO_NAME/PubSolarOS-latest.iso/" PubSolarOS-latest.iso.sha256
|
|
||||||
|
|
||||||
- name: "Publish ISO"
|
- name: "Publish ISO"
|
||||||
# https://github.com/appleboy/drone-scp/pull/141 got merged, yay
|
image: appleboy/drone-scp
|
||||||
image: appleboy/drone-scp:1.6.5-linux-amd64
|
|
||||||
volumes:
|
volumes:
|
||||||
- name: file-exchange
|
- name: file-exchange
|
||||||
path: /var/nix/iso-cache
|
path: /var/nix/iso-cache
|
||||||
settings:
|
settings:
|
||||||
host:
|
host:
|
||||||
from_secret: iso_web_ssh_host
|
from_secret: ssh_host
|
||||||
user:
|
user:
|
||||||
from_secret: iso_web_ssh_user
|
from_secret: ssh_user
|
||||||
port:
|
port:
|
||||||
from_secret: iso_web_ssh_port
|
from_secret: ssh_port
|
||||||
key:
|
key:
|
||||||
from_secret: iso_web_ssh_key
|
from_secret: ssh_key
|
||||||
target: /data/srv/www/os/download
|
target: /srv/os
|
||||||
source:
|
source:
|
||||||
- /var/nix/iso-cache/*.iso
|
- /var/nix/iso-cache/*.iso
|
||||||
- /var/nix/iso-cache/*.iso.sha256
|
|
||||||
unlink_first: true
|
|
||||||
strip_components: 3
|
strip_components: 3
|
||||||
|
|
||||||
depends_on:
|
depends_on:
|
||||||
- Check
|
- Check
|
||||||
|
|
||||||
trigger:
|
trigger:
|
||||||
branch:
|
|
||||||
- main
|
|
||||||
event:
|
event:
|
||||||
- push
|
- tag
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
- name: file-exchange
|
- name: file-exchange
|
||||||
|
@ -149,6 +157,6 @@ volumes:
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: signature
|
kind: signature
|
||||||
hmac: a116f78a0b22188052893bdb46aa40f8de66438826c10ced362ea183d7644d67
|
hmac: da951ba8ede88996728acfb47846e01880eb0e3b91f66e47848d6c1cc727c5d9
|
||||||
|
|
||||||
...
|
...
|
||||||
|
|
11
.drone/setup_ssh.sh
Executable file
11
.drone/setup_ssh.sh
Executable file
|
@ -0,0 +1,11 @@
|
||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Setup ssh inside container
|
||||||
|
mkdir -p ~/.ssh
|
||||||
|
echo "$GITEA_SSH_KEY" > ~/.ssh/id_rsa
|
||||||
|
echo "[git.b12f.io]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4uaREL7acSSCNAX+voDYl1Kj7JipP62fR5x1UyGP9u" >> ~/.ssh/known_hosts
|
||||||
|
echo "Host git.b12f.io" >> ~/.ssh/config
|
||||||
|
echo " Port 2222" >> ~/.ssh/config
|
||||||
|
chmod -R 600 ~/.ssh
|
12
.drone/upstream-branch.sh
Executable file
12
.drone/upstream-branch.sh
Executable file
|
@ -0,0 +1,12 @@
|
||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
set -u
|
||||||
|
|
||||||
|
LOCAL="$DRONE_BRANCH"
|
||||||
|
[ "$LOCAL" = "main" ] && UPSTREAM=origin/devos || UPSTREAM=origin/main
|
||||||
|
|
||||||
|
git fetch --all
|
||||||
|
git checkout "$LOCAL"
|
||||||
|
git merge "$UPSTREAM"
|
||||||
|
git push origin "$LOCAL"
|
|
@ -15,9 +15,6 @@ end_of_line = unset
|
||||||
insert_final_newline = unset
|
insert_final_newline = unset
|
||||||
trim_trailing_whitespace = unset
|
trim_trailing_whitespace = unset
|
||||||
indent_size = unset
|
indent_size = unset
|
||||||
charset = unset
|
|
||||||
indent_style = unset
|
|
||||||
indent_size = unset
|
|
||||||
|
|
||||||
[{.*,secrets}/**]
|
[{.*,secrets}/**]
|
||||||
end_of_line = unset
|
end_of_line = unset
|
||||||
|
|
|
@ -1,2 +0,0 @@
|
||||||
# Formatted code using treefmt and alejandra
|
|
||||||
73bf158392a427d188b7aad36244b94506f57a15
|
|
38
.github/ISSUE_TEMPLATE/bug_report.md
vendored
Normal file
38
.github/ISSUE_TEMPLATE/bug_report.md
vendored
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
---
|
||||||
|
name: Bug report
|
||||||
|
about: Create a report to help improve
|
||||||
|
title: ''
|
||||||
|
labels: 'bug'
|
||||||
|
assignees: ''
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Your issue may already be reported!
|
||||||
|
Please search on the [issue tracker](../) before creating one.
|
||||||
|
|
||||||
|
## Expected Behavior
|
||||||
|
<!--- What should happen? -->
|
||||||
|
<!--- How it should work? -->
|
||||||
|
|
||||||
|
## Current Behavior
|
||||||
|
<!--- What happens instead of the expected behavior? -->
|
||||||
|
|
||||||
|
## Possible Solution
|
||||||
|
<!--- Not obligatory, but suggest a fix/reason for the bug, -->
|
||||||
|
<!--- or ideas how to implement the addition or change -->
|
||||||
|
|
||||||
|
## Steps to Reproduce
|
||||||
|
<!--- An unambiguous set of steps to reproduce this bug. -->
|
||||||
|
<!--- Linked fork or gist if needed. -->
|
||||||
|
1.
|
||||||
|
2.
|
||||||
|
3.
|
||||||
|
4.
|
||||||
|
|
||||||
|
## Context
|
||||||
|
<!--- How has this issue affected you? What are you trying to accomplish? -->
|
||||||
|
<!--- Providing context helps us come up with a solution that is most useful in the real world. -->
|
||||||
|
|
||||||
|
## Your Environment
|
||||||
|
<!--- Include relevant details about the environment you experienced the bug in. -->
|
||||||
|
<!--- If you have run `bud update`, for example, post the flake.lock file. -->
|
22
.github/ISSUE_TEMPLATE/community_request.md
vendored
Normal file
22
.github/ISSUE_TEMPLATE/community_request.md
vendored
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
---
|
||||||
|
name: Commuity Request
|
||||||
|
about: inspire contribution to the `community` branch
|
||||||
|
title: ''
|
||||||
|
labels: 'community'
|
||||||
|
assignees: ''
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Your issue may already be reported!
|
||||||
|
Please search on the [issue tracker](../) before creating one.
|
||||||
|
|
||||||
|
## Ideas
|
||||||
|
<!--- The `community` branch is meant to provide various preconfigured system options, -->
|
||||||
|
<!--- useful to all kinds of users. -->
|
||||||
|
|
||||||
|
<!--- The point is to engage the community for what it thinks are -->
|
||||||
|
<!--- sane defaults for various tools. -->
|
||||||
|
|
||||||
|
## Requests
|
||||||
|
<!--- Have a tool that you'd like to see a system profile for? -->
|
||||||
|
<!--- Feel free to request it here. -->
|
24
.github/ISSUE_TEMPLATE/feature_request.md
vendored
Normal file
24
.github/ISSUE_TEMPLATE/feature_request.md
vendored
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
name: Feature request
|
||||||
|
about: Suggest an idea
|
||||||
|
title: ''
|
||||||
|
labels: 'enhancement'
|
||||||
|
assignees: ''
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Your issue may already be reported!
|
||||||
|
Please search on the [issue tracker](../) before creating one.
|
||||||
|
|
||||||
|
## Would your feature fix an existing issue?
|
||||||
|
<!--- If your idea is related to, or resolves other issues, please mention. -->
|
||||||
|
|
||||||
|
## Describe the solution you'd like
|
||||||
|
<!--- What you want to happen. -->
|
||||||
|
|
||||||
|
## Describe alternatives you've considered
|
||||||
|
<!--- Any alternative solutions or features you've considered? -->
|
||||||
|
|
||||||
|
## Additional context
|
||||||
|
<!--- Is this feature only useful for a particular usecase? -->
|
||||||
|
<!--- Please elaborate. -->
|
16
.github/ISSUE_TEMPLATE/upstream_notice.md
vendored
Normal file
16
.github/ISSUE_TEMPLATE/upstream_notice.md
vendored
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
name: Upstream notice (Issues or Changes)
|
||||||
|
about: Create an upstream notice to help our research
|
||||||
|
title: '[ <put the upstream project> ]: <topic>'
|
||||||
|
labels: 'upstream'
|
||||||
|
assignees: ''
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Link
|
||||||
|
<!-- just place a link to the upstream issue, or PR -->
|
||||||
|
|
||||||
|
|
||||||
|
## Context
|
||||||
|
<!-- We want to make this as cheap for you as possible.
|
||||||
|
Context is not required but helpful -->
|
29
.github/workflows/check.yml
vendored
Normal file
29
.github/workflows/check.yml
vendored
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
name: "Check & Cachix"
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
- trying
|
||||||
|
- staging
|
||||||
|
jobs:
|
||||||
|
check:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2.3.4
|
||||||
|
- uses: cachix/install-nix-action@v13
|
||||||
|
with:
|
||||||
|
install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20210415_76980a1/install
|
||||||
|
extra_nix_config: |
|
||||||
|
experimental-features = nix-command flakes
|
||||||
|
system-features = nixos-test benchmark big-parallel kvm recursive-nix
|
||||||
|
substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org
|
||||||
|
trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
|
||||||
|
- uses: cachix/cachix-action@v10
|
||||||
|
with:
|
||||||
|
name: nrdxp
|
||||||
|
signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
|
||||||
|
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
|
||||||
|
- run: nix -Lv flake check
|
||||||
|
- run: nix -Lv build ".#nixosConfigurations.NixOS.config.system.build.toplevel"
|
||||||
|
- run: nix -Lv develop -c echo OK
|
||||||
|
- run: nix -Lv develop --command bud --help
|
27
.github/workflows/mdbook_docs.yml
vendored
Normal file
27
.github/workflows/mdbook_docs.yml
vendored
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
name: Deploy Docs to GitHub Pages
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
deploy:
|
||||||
|
runs-on: ubuntu-18.04
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
|
||||||
|
- name: Setup mdBook
|
||||||
|
uses: peaceiris/actions-mdbook@v1
|
||||||
|
with:
|
||||||
|
mdbook-version: 'latest'
|
||||||
|
|
||||||
|
- run: mdbook build doc
|
||||||
|
|
||||||
|
- name: Deploy
|
||||||
|
uses: peaceiris/actions-gh-pages@v3
|
||||||
|
with:
|
||||||
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
publish_branch: gh-pages
|
||||||
|
publish_dir: ./doc/book
|
||||||
|
cname: devos.divnix.com
|
71
.github/workflows/release.yml
vendored
Normal file
71
.github/workflows/release.yml
vendored
Normal file
|
@ -0,0 +1,71 @@
|
||||||
|
name: Release
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
tags:
|
||||||
|
- v*
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
changelog:
|
||||||
|
name: Update Changelog
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Get version from tag
|
||||||
|
env:
|
||||||
|
GITHUB_REF: ${{ github.ref }}
|
||||||
|
run: |
|
||||||
|
export CURRENT_VERSION=${GITHUB_TAG/refs\/tags\/v/}
|
||||||
|
echo "CURRENT_VERSION=$CURRENT_VERSION" >> $GITHUB_ENV
|
||||||
|
- name: Checkout code
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
with:
|
||||||
|
ref: main
|
||||||
|
- name: Update Changelog
|
||||||
|
uses: heinrichreimer/github-changelog-generator-action@v2.1.1
|
||||||
|
with:
|
||||||
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
issues: false
|
||||||
|
issuesWoLabels: false
|
||||||
|
pullRequests: true
|
||||||
|
prWoLabels: true
|
||||||
|
addSections: '{"documentation":{"prefix":"**Documentation:**","labels":["documentation"]}}'
|
||||||
|
- uses: stefanzweifel/git-auto-commit-action@v4
|
||||||
|
with:
|
||||||
|
commit_message: Update Changelog for tag ${{ env.CURRENT_VERSION }}
|
||||||
|
file_pattern: CHANGELOG.md
|
||||||
|
|
||||||
|
release_notes:
|
||||||
|
name: Create Release Notes
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
needs: changelog
|
||||||
|
steps:
|
||||||
|
- name: Get version from tag
|
||||||
|
env:
|
||||||
|
GITHUB_REF: ${{ github.ref }}
|
||||||
|
run: |
|
||||||
|
export CURRENT_VERSION=${GITHUB_TAG/refs\/tags\/v/}
|
||||||
|
echo "CURRENT_VERSION=$CURRENT_VERSION" >> $GITHUB_ENV
|
||||||
|
|
||||||
|
- name: Checkout code
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
with:
|
||||||
|
ref: main
|
||||||
|
|
||||||
|
- name: Get Changelog Entry
|
||||||
|
id: changelog_reader
|
||||||
|
uses: mindsers/changelog-reader-action@v1
|
||||||
|
with:
|
||||||
|
version: ${{ env.CURRENT_VERSION }}
|
||||||
|
path: ./CHANGELOG.md
|
||||||
|
|
||||||
|
- name: Create Release
|
||||||
|
id: create_release
|
||||||
|
uses: actions/create-release@v1
|
||||||
|
env:
|
||||||
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
with:
|
||||||
|
tag_name: ${{ github.ref }}
|
||||||
|
release_name: Release ${{ github.ref }}
|
||||||
|
body: ${{ steps.changelog_reader.outputs.log_entry }}
|
||||||
|
draft: false
|
||||||
|
prerelease: false
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -11,3 +11,4 @@ pkgs/_sources/.shake*
|
||||||
|
|
||||||
tags
|
tags
|
||||||
/owners
|
/owners
|
||||||
|
|
||||||
|
|
|
@ -109,4 +109,6 @@
|
||||||
|
|
||||||
## [07092020](https://github.com/divnix/devos/tree/07092020) (2020-07-09)
|
## [07092020](https://github.com/divnix/devos/tree/07092020) (2020-07-09)
|
||||||
|
|
||||||
\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_
|
|
||||||
|
|
||||||
|
\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
|
||||||
|
|
|
@ -1,33 +0,0 @@
|
||||||
# Quick branch overview
|
|
||||||
|
|
||||||
We work with several branches in this repo. This document aims to explain how
|
|
||||||
to contribute changes to the existing branches.
|
|
||||||
|
|
||||||
### `main` branch
|
|
||||||
|
|
||||||
- Changes to `modules` and `profiles` should go [the main branch](https://git.pub.solar/pub-solar/os/src/branch/main)
|
|
||||||
- Changes can get accepted via: Pull Request
|
|
||||||
- Branch protected from direct `git push`
|
|
||||||
|
|
||||||
### `infra` branch
|
|
||||||
|
|
||||||
- Changes to the [pub.solar](https://pub.solar) infrastructure should be merged [into this branch](https://git.pub.solar/pub-solar/os/src/branch/infra)
|
|
||||||
- Changes can get accepted via: Pull Request
|
|
||||||
- Branch protected from direct `git push`
|
|
||||||
|
|
||||||
### `momo/main` branch
|
|
||||||
|
|
||||||
- Changes to the [Momo](https://momo.koeln) infrastructure should be merged [into this branch](https://git.pub.solar/pub-solar/os/src/branch/momo/main)
|
|
||||||
- Changes can get accepted via: Pull Request
|
|
||||||
- Deployment of changes is [automatic via CI pipeline](https://git.pub.solar/pub-solar/os/src/commit/43bd7421509f7cc9ba06d7c740f3f536a4a2af76/.drone.yml#L20-L38)
|
|
||||||
- Branch protected from direct `git push`
|
|
||||||
|
|
||||||
### `$USER` branches
|
|
||||||
|
|
||||||
- User's custom hosts and changes can be worked on in these branches
|
|
||||||
- Direct `git push` possible
|
|
||||||
- Examples:
|
|
||||||
- [hensoko](https://git.pub.solar/pub-solar/os/src/branch/hensoko)
|
|
||||||
- [b12f](https://git.pub.solar/pub-solar/os/src/branch/b12f)
|
|
||||||
- [axeman](https://git.pub.solar/pub-solar/os/src/branch/axeman)
|
|
||||||
- [teutat3s](https://git.pub.solar/pub-solar/os/src/branch/teutat3s)
|
|
20
README.md
20
README.md
|
@ -10,36 +10,36 @@ At its core, it's a NixOS installation running our configuration. The UX
|
||||||
decisions and the way the project is structured are what make it
|
decisions and the way the project is structured are what make it
|
||||||
_PubSolarOS_:
|
_PubSolarOS_:
|
||||||
|
|
||||||
- Reproducibility is king, and the future is with declarative and functional
|
* Reproducibility is king, and the future is with declarative and functional
|
||||||
programming. Even if Nix does not turn out to be the end-all-be-all of
|
programming. Even if Nix does not turn out to be the end-all-be-all of
|
||||||
reproducible package management (Guix looks good), it has a plethora
|
reproducible package management (Guix looks good), it has a plethora
|
||||||
of packages, a very active and helpful community, and very solid
|
of packages, a very active and helpful community, and very solid
|
||||||
software engineering practices.
|
software engineering practices.
|
||||||
- Because reproducibility is king, we're using nix flakes for locking flake
|
* Because reproducibility is king, we're using nix flakes for locking flake
|
||||||
dependencies. [Digga](https://github.com/divnix/digga) is our flake
|
dependencies. [Digga](https://github.com/divnix/digga) is our flake
|
||||||
utility library, made by the wonderful people of the Divnix community.
|
utility library, made by the wonderful people of the Divnix community.
|
||||||
- Physical devices are not shared anymore nowadays. Only seldomly will you
|
* Physical devices are not shared anymore nowadays. Only seldomly will you
|
||||||
find shared devices that need more than one user account. For this
|
find shared devices that need more than one user account. For this
|
||||||
reason, only one user (excluding `root`) is assumed.
|
reason, only one user (excluding `root`) is assumed.
|
||||||
- Keyboard navigation wins where it matters; ergonomics, programmability,
|
* Keyboard navigation wins where it matters; ergonomics, programmability,
|
||||||
efficiency, and speed. We use a tiling window manager (`sway`) and
|
efficiency, and speed. We use a tiling window manager (`sway`) and
|
||||||
prioritize cli-based solutions where sensible. The editor is `neovim`
|
prioritize cli-based solutions where sensible. The editor is `neovim`
|
||||||
configured to be just as opiniated as the operating system it is a part
|
configured to be just as opiniated as the operating system it is a part
|
||||||
of. For mailing, `neomutt` is the default, but we're more divided on
|
of. For mailing, `neomutt` is the default, but we're more divided on
|
||||||
that part.
|
that part.
|
||||||
- We like new and shiny things, so we've moved to Wayland and pipewire.
|
* We like new and shiny things, so we've moved to Wayland and pipewire.
|
||||||
- SICHERHEIT is written in capital letters at pub.solar, so we have first-
|
* SICHERHEIT is written in capital letters at pub.solar, so we have first-
|
||||||
class disk-encryption support. Currently in the works is a paranoid
|
class disk-encryption support. Currently in the works is a paranoid
|
||||||
mode where the device can only hibernate (no more sleep or lockscreen)
|
mode where the device can only hibernate (no more sleep or lockscreen)
|
||||||
so your data is locked any time you leave the device.
|
so your data is locked any time you leave the device.
|
||||||
- Free software is better. If we can avoid it, nonfree software is avoided.
|
* Free software is better. If we can avoid it, nonfree software is avoided.
|
||||||
By default, `allowUnfree` is `false` so we don't ship non-free software
|
By default, `allowUnfree` is `false` so we don't ship non-free software
|
||||||
in a basic PubSolarOS ISO. However, nothing prevents you from using
|
in a basic PubSolarOS ISO. However, nothing prevents you from using
|
||||||
as much non-free software as you like.
|
as much non-free software as you like.
|
||||||
- Automation is better. The reproducibility of nix feels so much more
|
* Automation is better. The reproducibility of nix feels so much more
|
||||||
powerful once you're deploying your new configuration from your laptop
|
powerful once you're deploying your new configuration from your laptop
|
||||||
to all your other devices with one command. [We have an automated CI using drone](https://ci.pub.solar/pub-solar/os).
|
to all your other devices with one command. [We have an automated CI using drone](https://ci.b12f.io/pub-solar/os).
|
||||||
- Community is important. We just like working on this together, and it
|
* Community is important. We just like working on this together, and it
|
||||||
feels really good to see our progress at the end of a
|
feels really good to see our progress at the end of a
|
||||||
[hakken.irl](https://pub.solar/hakken) session.
|
[hakken.irl](https://pub.solar/hakken) session.
|
||||||
|
|
||||||
|
|
16
default.nix
16
default.nix
|
@ -5,25 +5,21 @@ let
|
||||||
|
|
||||||
ciSystems = [
|
ciSystems = [
|
||||||
"aarch64-linux"
|
"aarch64-linux"
|
||||||
|
"i686-linux"
|
||||||
"x86_64-linux"
|
"x86_64-linux"
|
||||||
];
|
];
|
||||||
|
|
||||||
filterSystems =
|
filterSystems = lib.filterAttrs
|
||||||
lib.filterAttrs
|
|
||||||
(system: _: lib.elem system ciSystems);
|
(system: _: lib.elem system ciSystems);
|
||||||
|
|
||||||
recurseIntoAttrsRecursive = lib.mapAttrs (
|
recurseIntoAttrsRecursive = lib.mapAttrs (_: v:
|
||||||
_: v:
|
|
||||||
if lib.isAttrs v
|
if lib.isAttrs v
|
||||||
then recurseIntoAttrsRecursive (lib.recurseIntoAttrs v)
|
then recurseIntoAttrsRecursive (lib.recurseIntoAttrs v)
|
||||||
else v
|
else v
|
||||||
);
|
);
|
||||||
|
|
||||||
systemOutputs =
|
systemOutputs = lib.filterAttrs
|
||||||
lib.filterAttrs
|
(name: set: lib.isAttrs set
|
||||||
(
|
|
||||||
name: set:
|
|
||||||
lib.isAttrs set
|
|
||||||
&& lib.any
|
&& lib.any
|
||||||
(system: set ? ${system} && name != "legacyPackages")
|
(system: set ? ${system} && name != "legacyPackages")
|
||||||
ciSystems
|
ciSystems
|
||||||
|
@ -32,4 +28,4 @@ let
|
||||||
|
|
||||||
ciDrvs = lib.mapAttrs (_: system: filterSystems system) systemOutputs;
|
ciDrvs = lib.mapAttrs (_: system: filterSystems system) systemOutputs;
|
||||||
in
|
in
|
||||||
(recurseIntoAttrsRecursive ciDrvs) // {shell = import ./shell.nix;}
|
(recurseIntoAttrsRecursive ciDrvs) // { shell = import ./shell.nix; }
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
# TL;DR;
|
# TL;DR;
|
||||||
|
|
||||||
- **Target Branch**: `main`
|
- **Target Branch**: `main`
|
||||||
- **Merge Policy**: green check: merge away. yellow circle: have patience. red x: try again.
|
- **Merge Policy**: green check: merge away. yellow circle: have patience. red x: try again.
|
||||||
- **Docs**: every change set is expected to contain doc updates
|
- **Docs**: every change set is expected to contain doc updates
|
||||||
|
@ -10,6 +9,5 @@
|
||||||
make use of the `./examples` & `./e2e` and wire test up in the devshell.
|
make use of the `./examples` & `./e2e` and wire test up in the devshell.
|
||||||
|
|
||||||
### Within the Devshell (`nix develop`)
|
### Within the Devshell (`nix develop`)
|
||||||
|
|
||||||
- **Hooks**: please `git commit` within the devshell
|
- **Hooks**: please `git commit` within the devshell
|
||||||
- **Fail Early**: please run `check-all` from within the devshell on your local machine
|
- **Fail Early**: please run `check-all` from within the devshell on your local machine
|
||||||
|
|
|
@ -28,3 +28,4 @@
|
||||||
- [NixOS](./api-reference-nixos.md)
|
- [NixOS](./api-reference-nixos.md)
|
||||||
- [Library Reference]()
|
- [Library Reference]()
|
||||||
- [Contributing](./CONTRIBUTING.md)
|
- [Contributing](./CONTRIBUTING.md)
|
||||||
|
|
||||||
|
|
|
@ -1,76 +1,91 @@
|
||||||
# Channels API Container
|
# Channels API Container
|
||||||
|
|
||||||
Configure your channels that you can use throughout your configurations.
|
Configure your channels that you can use throughout your configurations.
|
||||||
|
|
||||||
> #### ⚠ Gotcha ⚠
|
> #### ⚠ Gotcha ⚠
|
||||||
>
|
|
||||||
> Devshell & (non-host-specific) Home-Manager `pkgs` instances are rendered off the
|
> Devshell & (non-host-specific) Home-Manager `pkgs` instances are rendered off the
|
||||||
> `nixos.hostDefaults.channelName` (default) channel.
|
> `nixos.hostDefaults.channelName` (default) channel.
|
||||||
|
|
||||||
## channels
|
|
||||||
|
|
||||||
|
## channels
|
||||||
nixpkgs channels to create
|
nixpkgs channels to create
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
attribute set of submodules or path convertible to it
|
attribute set of submodules or path convertible to it
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
{}
|
{}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## channels.\<name\>.config
|
## channels.\<name\>.config
|
||||||
|
|
||||||
nixpkgs config for this channel
|
nixpkgs config for this channel
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
attribute set or path convertible to it
|
attribute set or path convertible to it
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
{}
|
{}
|
||||||
```
|
```
|
||||||
|
|
||||||
## channels.\<name\>.input
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## channels.\<name\>.input
|
||||||
nixpkgs flake input to use for this channel
|
nixpkgs flake input to use for this channel
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
nix flake
|
nix flake
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
"self.inputs.<name>"
|
"self.inputs.<name>"
|
||||||
```
|
```
|
||||||
|
|
||||||
## channels.\<name\>.overlays
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## channels.\<name\>.overlays
|
||||||
overlays to apply to this channel
|
overlays to apply to this channel
|
||||||
these will get exported under the 'overlays' flake output
|
these will get exported under the 'overlays' flake output
|
||||||
as \<channel\>/\<name\> and any overlay pulled from \<inputs\>
|
as \<channel\>/\<name\> and any overlay pulled from \<inputs\>
|
||||||
will be filtered out
|
will be filtered out
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
list of valid Nixpkgs overlay or path convertible to its or anything convertible to it or path convertible to it
|
list of valid Nixpkgs overlay or path convertible to its or anything convertible to it or path convertible to it
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
[]
|
[]
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## channels.\<name\>.patches
|
## channels.\<name\>.patches
|
||||||
|
|
||||||
patches to apply to this channel
|
patches to apply to this channel
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
list of paths
|
list of paths
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
[]
|
[]
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,59 +1,72 @@
|
||||||
# Devshell API Container
|
# Devshell API Container
|
||||||
|
|
||||||
Configure your devshell module collections of your environment.
|
Configure your devshell module collections of your environment.
|
||||||
|
|
||||||
## devshell
|
|
||||||
|
|
||||||
|
## devshell
|
||||||
Modules to include in your DevOS shell. the `modules` argument
|
Modules to include in your DevOS shell. the `modules` argument
|
||||||
will be exported under the `devshellModules` output
|
will be exported under the `devshellModules` output
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
submodule or path convertible to it
|
submodule or path convertible to it
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
{}
|
{}
|
||||||
```
|
```
|
||||||
|
|
||||||
## devshell.exportedModules
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## devshell.exportedModules
|
||||||
modules to include in all hosts and export to devshellModules output
|
modules to include in all hosts and export to devshellModules output
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
list of valid module or path convertible to its or anything convertible to it
|
list of valid module or path convertible to its or anything convertible to it
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
[]
|
[]
|
||||||
```
|
```
|
||||||
|
|
||||||
## devshell.externalModules
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## devshell.externalModules
|
||||||
The `externalModules` option has been removed.
|
The `externalModules` option has been removed.
|
||||||
Any modules that should be exported should be defined with the `exportedModules`
|
Any modules that should be exported should be defined with the `exportedModules`
|
||||||
option and all other modules should just go into the `modules` option.
|
option and all other modules should just go into the `modules` option.
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
list of valid modules or anything convertible to it
|
list of valid modules or anything convertible to it
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
[]
|
[]
|
||||||
```
|
```
|
||||||
|
|
||||||
## devshell.modules
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## devshell.modules
|
||||||
modules to include that won't be exported
|
modules to include that won't be exported
|
||||||
meant importing modules from external flakes
|
meant importing modules from external flakes
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
list of valid modules or anything convertible to it or path convertible to it
|
list of valid modules or anything convertible to it or path convertible to it
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
[]
|
[]
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,97 +1,119 @@
|
||||||
# Home-Manager API Container
|
# Home-Manager API Container
|
||||||
|
|
||||||
Configure your home manager modules, profiles & suites.
|
Configure your home manager modules, profiles & suites.
|
||||||
|
|
||||||
## home
|
|
||||||
|
|
||||||
|
## home
|
||||||
hosts, modules, suites, and profiles for home-manager
|
hosts, modules, suites, and profiles for home-manager
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
submodule or path convertible to it
|
submodule or path convertible to it
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
{}
|
{}
|
||||||
```
|
```
|
||||||
|
|
||||||
## home.exportedModules
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## home.exportedModules
|
||||||
modules to include in all hosts and export to homeModules output
|
modules to include in all hosts and export to homeModules output
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
list of valid modules or anything convertible to it or path convertible to it
|
list of valid modules or anything convertible to it or path convertible to it
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
[]
|
[]
|
||||||
```
|
```
|
||||||
|
|
||||||
## home.externalModules
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## home.externalModules
|
||||||
The `externalModules` option has been removed.
|
The `externalModules` option has been removed.
|
||||||
Any modules that should be exported should be defined with the `exportedModules`
|
Any modules that should be exported should be defined with the `exportedModules`
|
||||||
option and all other modules should just go into the `modules` option.
|
option and all other modules should just go into the `modules` option.
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
list of valid modules or anything convertible to it
|
list of valid modules or anything convertible to it
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
[]
|
[]
|
||||||
```
|
```
|
||||||
|
|
||||||
## home.importables
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## home.importables
|
||||||
Packages of paths to be passed to modules as `specialArgs`.
|
Packages of paths to be passed to modules as `specialArgs`.
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
attribute set
|
attribute set
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
{}
|
{}
|
||||||
```
|
```
|
||||||
|
|
||||||
## home.importables.suites
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## home.importables.suites
|
||||||
collections of profiles
|
collections of profiles
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
null or attribute set of list of paths or anything convertible to its or path convertible to it
|
null or attribute set of list of paths or anything convertible to its or path convertible to it
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
null
|
null
|
||||||
```
|
```
|
||||||
|
|
||||||
## home.modules
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## home.modules
|
||||||
modules to include that won't be exported
|
modules to include that won't be exported
|
||||||
meant importing modules from external flakes
|
meant importing modules from external flakes
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
list of valid modules or anything convertible to it or path convertible to it
|
list of valid modules or anything convertible to it or path convertible to it
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
[]
|
[]
|
||||||
```
|
```
|
||||||
|
|
||||||
## home.users
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## home.users
|
||||||
HM users that can be deployed portably without a host.
|
HM users that can be deployed portably without a host.
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
attribute set of HM user configs
|
attribute set of HM user configs
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
{}
|
{}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,191 +1,234 @@
|
||||||
# NixOS API Container
|
# NixOS API Container
|
||||||
|
|
||||||
Configure your nixos modules, profiles & suites.
|
Configure your nixos modules, profiles & suites.
|
||||||
|
|
||||||
## nixos
|
|
||||||
|
|
||||||
|
## nixos
|
||||||
hosts, modules, suites, and profiles for NixOS
|
hosts, modules, suites, and profiles for NixOS
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
submodule or path convertible to it
|
submodule or path convertible to it
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
{}
|
{}
|
||||||
```
|
```
|
||||||
|
|
||||||
## nixos.hostDefaults
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## nixos.hostDefaults
|
||||||
Defaults for all hosts.
|
Defaults for all hosts.
|
||||||
the modules passed under hostDefaults will be exported
|
the modules passed under hostDefaults will be exported
|
||||||
to the 'nixosModules' flake output.
|
to the 'nixosModules' flake output.
|
||||||
They will also be added to all hosts.
|
They will also be added to all hosts.
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
submodule
|
submodule
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
{}
|
{}
|
||||||
```
|
```
|
||||||
|
|
||||||
## nixos.hostDefaults.channelName
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## nixos.hostDefaults.channelName
|
||||||
Channel this host should follow
|
Channel this host should follow
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
channel defined in `channels`
|
channel defined in `channels`
|
||||||
|
|
||||||
## nixos.hostDefaults.exportedModules
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## nixos.hostDefaults.exportedModules
|
||||||
modules to include in all hosts and export to nixosModules output
|
modules to include in all hosts and export to nixosModules output
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
list of valid modules or anything convertible to it or path convertible to it
|
list of valid modules or anything convertible to it or path convertible to it
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
[]
|
[]
|
||||||
```
|
```
|
||||||
|
|
||||||
## nixos.hostDefaults.externalModules
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## nixos.hostDefaults.externalModules
|
||||||
The `externalModules` option has been removed.
|
The `externalModules` option has been removed.
|
||||||
Any modules that should be exported should be defined with the `exportedModules`
|
Any modules that should be exported should be defined with the `exportedModules`
|
||||||
option and all other modules should just go into the `modules` option.
|
option and all other modules should just go into the `modules` option.
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
list of valid modules or anything convertible to it
|
list of valid modules or anything convertible to it
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
[]
|
[]
|
||||||
```
|
```
|
||||||
|
|
||||||
## nixos.hostDefaults.modules
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## nixos.hostDefaults.modules
|
||||||
modules to include that won't be exported
|
modules to include that won't be exported
|
||||||
meant importing modules from external flakes
|
meant importing modules from external flakes
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
list of valid modules or anything convertible to it or path convertible to it
|
list of valid modules or anything convertible to it or path convertible to it
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
[]
|
[]
|
||||||
```
|
```
|
||||||
|
|
||||||
## nixos.hostDefaults.system
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## nixos.hostDefaults.system
|
||||||
system for this host
|
system for this host
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
null or system defined in `supportedSystems`
|
null or system defined in `supportedSystems`
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
null
|
null
|
||||||
```
|
```
|
||||||
|
|
||||||
## nixos.hosts
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## nixos.hosts
|
||||||
configurations to include in the nixosConfigurations output
|
configurations to include in the nixosConfigurations output
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
attribute set of submodules
|
attribute set of submodules
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
{}
|
{}
|
||||||
```
|
```
|
||||||
|
|
||||||
## nixos.hosts.\<name\>.channelName
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## nixos.hosts.\<name\>.channelName
|
||||||
Channel this host should follow
|
Channel this host should follow
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
null or channel defined in `channels`
|
null or channel defined in `channels`
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
null
|
null
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## nixos.hosts.\<name\>.modules
|
## nixos.hosts.\<name\>.modules
|
||||||
|
|
||||||
modules to include
|
modules to include
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
list of valid modules or anything convertible to it or path convertible to it
|
list of valid modules or anything convertible to it or path convertible to it
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
[]
|
[]
|
||||||
```
|
```
|
||||||
|
|
||||||
## nixos.hosts.\<name\>.system
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## nixos.hosts.\<name\>.system
|
||||||
system for this host
|
system for this host
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
null or system defined in `supportedSystems`
|
null or system defined in `supportedSystems`
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
null
|
null
|
||||||
```
|
```
|
||||||
|
|
||||||
## nixos.hosts.\<name\>.tests
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## nixos.hosts.\<name\>.tests
|
||||||
tests to run
|
tests to run
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
list of valid NixOS test or path convertible to its or anything convertible to it
|
list of valid NixOS test or path convertible to its or anything convertible to it
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
[]
|
[]
|
||||||
```
|
```
|
||||||
|
|
||||||
_*Example*_
|
|
||||||
|
|
||||||
|
*_Example_*
|
||||||
```
|
```
|
||||||
{"_type":"literalExpression","text":"[\n {\n name = \"testname1\";\n machine = { ... };\n testScript = ''\n # ...\n '';\n }\n ({ corutils, writers, ... }: {\n name = \"testname2\";\n machine = { ... };\n testScript = ''\n # ...\n '';\n })\n ./path/to/test.nix\n];\n"}
|
{"_type":"literalExpression","text":"[\n {\n name = \"testname1\";\n machine = { ... };\n testScript = ''\n # ...\n '';\n }\n ({ corutils, writers, ... }: {\n name = \"testname2\";\n machine = { ... };\n testScript = ''\n # ...\n '';\n })\n ./path/to/test.nix\n];\n"}
|
||||||
```
|
```
|
||||||
|
|
||||||
## nixos.importables
|
|
||||||
|
|
||||||
|
## nixos.importables
|
||||||
Packages of paths to be passed to modules as `specialArgs`.
|
Packages of paths to be passed to modules as `specialArgs`.
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
attribute set
|
attribute set
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
{}
|
{}
|
||||||
```
|
```
|
||||||
|
|
||||||
## nixos.importables.suites
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## nixos.importables.suites
|
||||||
collections of profiles
|
collections of profiles
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
null or attribute set of list of paths or anything convertible to its or path convertible to it
|
null or attribute set of list of paths or anything convertible to its or path convertible to it
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
null
|
null
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
# Top Level API
|
# Top Level API
|
||||||
|
|
||||||
`digga`'s top level API. API Containers are documented in their respective sub-chapter:
|
`digga`'s top level API. API Containers are documented in their respective sub-chapter:
|
||||||
|
|
||||||
- [Channels](./api-reference-channels.md)
|
- [Channels](./api-reference-channels.md)
|
||||||
|
@ -9,55 +8,73 @@
|
||||||
- [Darwin](./api-reference-darwin.md)
|
- [Darwin](./api-reference-darwin.md)
|
||||||
|
|
||||||
## channelsConfig
|
## channelsConfig
|
||||||
|
|
||||||
nixpkgs config for all channels
|
nixpkgs config for all channels
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
attribute set or path convertible to it
|
attribute set or path convertible to it
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
{}
|
{}
|
||||||
```
|
```
|
||||||
|
|
||||||
## inputs
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## inputs
|
||||||
The flake's inputs
|
The flake's inputs
|
||||||
|
|
||||||
_*Type*_:
|
*_Type_*:
|
||||||
attribute set of nix flakes
|
attribute set of nix flakes
|
||||||
|
|
||||||
## outputsBuilder
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## outputsBuilder
|
||||||
builder for flake system-spaced outputs
|
builder for flake system-spaced outputs
|
||||||
The builder gets passed an attrset of all channels
|
The builder gets passed an attrset of all channels
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
function that evaluates to a(n) attribute set or path convertible to it
|
function that evaluates to a(n) attribute set or path convertible to it
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
"channels: { }"
|
"channels: { }"
|
||||||
```
|
```
|
||||||
|
|
||||||
## self
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## self
|
||||||
The flake to create the DevOS outputs for
|
The flake to create the DevOS outputs for
|
||||||
|
|
||||||
_*Type*_:
|
*_Type_*:
|
||||||
nix flake
|
nix flake
|
||||||
|
|
||||||
## supportedSystems
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## supportedSystems
|
||||||
The systems supported by this flake
|
The systems supported by this flake
|
||||||
|
|
||||||
_*Type*_:
|
|
||||||
|
*_Type_*:
|
||||||
list of strings
|
list of strings
|
||||||
|
|
||||||
_*Default*_
|
|
||||||
|
|
||||||
|
*_Default_*
|
||||||
```
|
```
|
||||||
["aarch64-linux","aarch64-darwin","x86_64-darwin","x86_64-linux"]
|
["aarch64-linux","aarch64-darwin","i686-linux","x86_64-darwin","x86_64-linux"]
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,9 +1,5 @@
|
||||||
[book]
|
[book]
|
||||||
authors = [
|
authors = ["Timothy DeHerrera"]
|
||||||
"Timothy DeHerrera",
|
|
||||||
"Parthiv Seetharaman",
|
|
||||||
"David Arnold",
|
|
||||||
]
|
|
||||||
language = "en"
|
language = "en"
|
||||||
multilingual = false
|
multilingual = false
|
||||||
src = "."
|
src = "."
|
||||||
|
|
|
@ -28,10 +28,10 @@ is best saved for [profile modules](./profiles.md).
|
||||||
This is a good place to import sets of profiles, called [suites](./suites.md),
|
This is a good place to import sets of profiles, called [suites](./suites.md),
|
||||||
that you intend to use on your machine.
|
that you intend to use on your machine.
|
||||||
|
|
||||||
|
|
||||||
## Example
|
## Example
|
||||||
|
|
||||||
flake.nix:
|
flake.nix:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
{
|
{
|
||||||
nixos = {
|
nixos = {
|
||||||
|
@ -47,7 +47,6 @@ flake.nix:
|
||||||
```
|
```
|
||||||
|
|
||||||
hosts/librem.nix:
|
hosts/librem.nix:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
{ suites, ... }:
|
{ suites, ... }:
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,10 +1,8 @@
|
||||||
# Overrides
|
# Overrides
|
||||||
|
|
||||||
Each NixOS host follows one channel. But many times it is useful to get packages
|
Each NixOS host follows one channel. But many times it is useful to get packages
|
||||||
or modules from different channels.
|
or modules from different channels.
|
||||||
|
|
||||||
## Packages
|
## Packages
|
||||||
|
|
||||||
You can make use of `overlays/overrides.nix` to override specific packages in the
|
You can make use of `overlays/overrides.nix` to override specific packages in the
|
||||||
default channel to be pulled from other channels. That file is simply an example
|
default channel to be pulled from other channels. That file is simply an example
|
||||||
of how any overlay can get `channels` as their first argument.
|
of how any overlay can get `channels` as their first argument.
|
||||||
|
@ -12,7 +10,6 @@ of how any overlay can get `channels` as their first argument.
|
||||||
You can add overlays to any channel to override packages from other channels.
|
You can add overlays to any channel to override packages from other channels.
|
||||||
|
|
||||||
Pulling the manix package from the `latest` channel:
|
Pulling the manix package from the `latest` channel:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
channels: final: prev: {
|
channels: final: prev: {
|
||||||
__dontExport = true;
|
__dontExport = true;
|
||||||
|
@ -31,7 +28,6 @@ You can also pull modules from other channels. All modules have access to the
|
||||||
`disabledModules` to remove modules from the current channel.
|
`disabledModules` to remove modules from the current channel.
|
||||||
|
|
||||||
To pull zsh module from the `latest` channel this code can be placed in any module, whether its your host file, a profile, or a module in ./modules etc:
|
To pull zsh module from the `latest` channel this code can be placed in any module, whether its your host file, a profile, or a module in ./modules etc:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
{ latestModulesPath }:
|
{ latestModulesPath }:
|
||||||
{
|
{
|
||||||
|
@ -41,7 +37,6 @@ To pull zsh module from the `latest` channel this code can be placed in any modu
|
||||||
```
|
```
|
||||||
|
|
||||||
> ##### _Note:_
|
> ##### _Note:_
|
||||||
>
|
|
||||||
> Sometimes a modules name will change from one branch to another.
|
> Sometimes a modules name will change from one branch to another.
|
||||||
|
|
||||||
[nixpkgs-modules]: https://github.com/NixOS/nixpkgs/tree/master/nixos/modules
|
[nixpkgs-modules]: https://github.com/NixOS/nixpkgs/tree/master/nixos/modules
|
||||||
|
|
|
@ -6,7 +6,6 @@ built into the NixOS module system for a reason: to elegantly provide a clear
|
||||||
separation of concerns.
|
separation of concerns.
|
||||||
|
|
||||||
## Creation
|
## Creation
|
||||||
|
|
||||||
Profiles are created with the `rakeLeaves` function which recursively collects
|
Profiles are created with the `rakeLeaves` function which recursively collects
|
||||||
`.nix` files from within a folder. The recursion stops at folders with a `default.nix`
|
`.nix` files from within a folder. The recursion stops at folders with a `default.nix`
|
||||||
in them. You end up with an attribute set with leaves(paths to profiles) or
|
in them. You end up with an attribute set with leaves(paths to profiles) or
|
||||||
|
@ -15,14 +14,12 @@ nodes(attrsets leading to more nodes or leaves).
|
||||||
A profile is used for quick modularization of [interelated bits](./profiles.md#subprofiles).
|
A profile is used for quick modularization of [interelated bits](./profiles.md#subprofiles).
|
||||||
|
|
||||||
> ##### _Notes:_
|
> ##### _Notes:_
|
||||||
>
|
> * For _declaring_ module options, there's the [modules](../outputs/modules.md) directory.
|
||||||
> - For _declaring_ module options, there's the [modules](../outputs/modules.md) directory.
|
> * This directory takes inspiration from
|
||||||
> - This directory takes inspiration from
|
|
||||||
> [upstream](https://github.com/NixOS/nixpkgs/tree/master/nixos/modules/profiles)
|
> [upstream](https://github.com/NixOS/nixpkgs/tree/master/nixos/modules/profiles)
|
||||||
> .
|
> .
|
||||||
|
|
||||||
### Nested profiles
|
### Nested profiles
|
||||||
|
|
||||||
Profiles can be nested in attribute sets due to the recursive nature of `rakeLeaves`.
|
Profiles can be nested in attribute sets due to the recursive nature of `rakeLeaves`.
|
||||||
This can be useful to have a set of profiles created for a specific purpose. It is
|
This can be useful to have a set of profiles created for a specific purpose. It is
|
||||||
sometimes useful to have a `common` profile that has high level concerns related
|
sometimes useful to have a `common` profile that has high level concerns related
|
||||||
|
@ -31,7 +28,6 @@ to all its sister profiles.
|
||||||
### Example
|
### Example
|
||||||
|
|
||||||
profiles/develop/common.nix:
|
profiles/develop/common.nix:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
{
|
{
|
||||||
imports = [ ./zsh ];
|
imports = [ ./zsh ];
|
||||||
|
@ -40,7 +36,6 @@ profiles/develop/common.nix:
|
||||||
```
|
```
|
||||||
|
|
||||||
profiles/develop/zsh.nix:
|
profiles/develop/zsh.nix:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
{ ... }:
|
{ ... }:
|
||||||
{
|
{
|
||||||
|
@ -50,7 +45,6 @@ profiles/develop/zsh.nix:
|
||||||
```
|
```
|
||||||
|
|
||||||
The examples above will end up with a profiles set like this:
|
The examples above will end up with a profiles set like this:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
{
|
{
|
||||||
develop = {
|
develop = {
|
||||||
|
@ -61,7 +55,6 @@ The examples above will end up with a profiles set like this:
|
||||||
```
|
```
|
||||||
|
|
||||||
## Conclusion
|
## Conclusion
|
||||||
|
|
||||||
Profiles are the most important concept in DevOS. They allow us to keep our
|
Profiles are the most important concept in DevOS. They allow us to keep our
|
||||||
Nix expressions self contained and modular. This way we can maximize reuse
|
Nix expressions self contained and modular. This way we can maximize reuse
|
||||||
across hosts while minimizing boilerplate. Remember, anything machine
|
across hosts while minimizing boilerplate. Remember, anything machine
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
# Suites
|
# Suites
|
||||||
|
|
||||||
Suites provide a mechanism for users to easily combine and name collections of
|
Suites provide a mechanism for users to easily combine and name collections of
|
||||||
profiles.
|
profiles.
|
||||||
|
|
||||||
|
@ -9,7 +8,6 @@ argument (one that can be use in an `imports` line) to your hosts. All lists def
|
||||||
in `suites` are flattened and type-checked as paths.
|
in `suites` are flattened and type-checked as paths.
|
||||||
|
|
||||||
## Definition
|
## Definition
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
rec {
|
rec {
|
||||||
workstation = [ profiles.develop profiles.graphical users.nixos ];
|
workstation = [ profiles.develop profiles.graphical users.nixos ];
|
||||||
|
@ -18,9 +16,7 @@ rec {
|
||||||
```
|
```
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
`hosts/my-laptop.nix`:
|
`hosts/my-laptop.nix`:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
{ suites, ... }:
|
{ suites, ... }:
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
> ##### _Note:_
|
> ##### _Note:_
|
||||||
>
|
|
||||||
> This section and its semantics need a conceptiual rework.
|
> This section and its semantics need a conceptiual rework.
|
||||||
> Since recently [portable home configurations][portableuser]
|
> Since recently [portable home configurations][portableuser]
|
||||||
> that are not bound to any specific host are a thing.
|
> that are not bound to any specific host are a thing.
|
||||||
|
@ -9,12 +8,11 @@
|
||||||
Users are a special case of [profiles](profiles.md) that define system
|
Users are a special case of [profiles](profiles.md) that define system
|
||||||
users and [home-manager][home-manager] configurations. For your convenience,
|
users and [home-manager][home-manager] configurations. For your convenience,
|
||||||
home manager is wired in by default so all you have to worry about is declaring
|
home manager is wired in by default so all you have to worry about is declaring
|
||||||
your users.
|
your users. For a fully fleshed out example, check out the developers personal
|
||||||
|
[branch](https://github.com/divnix/devos/tree/nrd/users/nrd/default.nix).
|
||||||
|
|
||||||
## Basic Usage
|
## Basic Usage
|
||||||
|
|
||||||
`users/myuser/default.nix`:
|
`users/myuser/default.nix`:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
{ ... }:
|
{ ... }:
|
||||||
{
|
{
|
||||||
|
@ -30,7 +28,6 @@ your users.
|
||||||
```
|
```
|
||||||
|
|
||||||
## Home Manager
|
## Home Manager
|
||||||
|
|
||||||
Home Manager support follows the same principles as regular nixos configurations,
|
Home Manager support follows the same principles as regular nixos configurations,
|
||||||
it even gets its own namespace in your `flake.nix` as `home`.
|
it even gets its own namespace in your `flake.nix` as `home`.
|
||||||
|
|
||||||
|
@ -40,9 +37,7 @@ User profiles can be collected in a similar fashion as system ones into a `suite
|
||||||
argument that gets passed to your home-manager users.
|
argument that gets passed to your home-manager users.
|
||||||
|
|
||||||
### Example
|
### Example
|
||||||
|
|
||||||
`flake.nix`
|
`flake.nix`
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
{
|
{
|
||||||
home.users.nixos = { suites, ... }: {
|
home.users.nixos = { suites, ... }: {
|
||||||
|
@ -51,14 +46,24 @@ argument that gets passed to your home-manager users.
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
## External Usage
|
|
||||||
|
|
||||||
|
## External Usage
|
||||||
You can easily use the defined home-manager configurations outside of NixOS
|
You can easily use the defined home-manager configurations outside of NixOS
|
||||||
using the `homeConfigurations` flake output.
|
using the `homeConfigurations` flake output.
|
||||||
|
|
||||||
This is great for keeping your environment consistent across Unix-like systems,
|
This is great for keeping your environment consistent across Unix-like systems,
|
||||||
including macOS.
|
including macOS.
|
||||||
|
|
||||||
|
### From within the projects devshell:
|
||||||
|
```sh
|
||||||
|
# builds the pub-solar user defined in the PubSolarOS host
|
||||||
|
nix build '.#homeConfigurations."pub-solar@PubSolarOS".activationPackage'
|
||||||
|
|
||||||
|
# build and activate
|
||||||
|
nix build '.#homeConfigurations."pub-solar@PubSolarOS".activationPackage' && ./result/activate && unlink result
|
||||||
|
```
|
||||||
|
|
||||||
|
### Manually from outside the project:
|
||||||
```sh
|
```sh
|
||||||
# build
|
# build
|
||||||
nix build "github:divnix/devos#homeConfigurations.nixos@NixOS.home.activationPackage"
|
nix build "github:divnix/devos#homeConfigurations.nixos@NixOS.home.activationPackage"
|
||||||
|
@ -68,5 +73,5 @@ nix build "github:divnix/devos#homeConfigurations.nixos@NixOS.home.activationPac
|
||||||
```
|
```
|
||||||
|
|
||||||
[home-manager]: https://nix-community.github.io/home-manager
|
[home-manager]: https://nix-community.github.io/home-manager
|
||||||
[modules-list]: https://github.com/divnix/digga/tree/main/users/modules/module-list.nix
|
[modules-list]: https://github.com/divnix/devos/tree/main/users/modules/module-list.nix
|
||||||
[portableuser]: https://digga.divnix.com/api-reference-home.html#homeusers
|
[portableuser]: https://digga.divnix.com/api-reference-home.html#homeusers
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
# Cachix
|
# Cachix
|
||||||
|
|
||||||
The system will automatically pull a cachix.nix at the root if one exists.
|
The system will automatically pull a cachix.nix at the root if one exists.
|
||||||
This is usually created automatically by a `sudo cachix use`. If you're more
|
This is usually created automatically by a `sudo cachix use`. If you're more
|
||||||
inclined to keep the root clean, you can drop any generated files in the
|
inclined to keep the root clean, you can drop any generated files in the
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
# deploy-rs
|
# deploy-rs
|
||||||
|
|
||||||
[Deploy-rs][d-rs] is a tool for managing NixOS remote machines. It was
|
[Deploy-rs][d-rs] is a tool for managing NixOS remote machines. It was
|
||||||
chosen for devos after the author experienced some frustrations with the
|
chosen for devos after the author experienced some frustrations with the
|
||||||
stateful nature of nixops' db. It was also designed from scratch to support
|
stateful nature of nixops' db. It was also designed from scratch to support
|
||||||
|
@ -12,7 +11,6 @@ the command line.
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
Just add your ssh key to the host:
|
Just add your ssh key to the host:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
{ ... }:
|
{ ... }:
|
||||||
{
|
{
|
||||||
|
@ -23,7 +21,6 @@ Just add your ssh key to the host:
|
||||||
```
|
```
|
||||||
|
|
||||||
And the private key to your user:
|
And the private key to your user:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
{ ... }:
|
{ ... }:
|
||||||
{
|
{
|
||||||
|
@ -42,20 +39,16 @@ And the private key to your user:
|
||||||
```
|
```
|
||||||
|
|
||||||
And run the deployment:
|
And run the deployment:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
deploy '.#hostName' --hostname host.example.com
|
deploy '.#hostName' --hostname host.example.com
|
||||||
```
|
```
|
||||||
|
|
||||||
> ##### _Note:_
|
> ##### _Note:_
|
||||||
>
|
|
||||||
> Your user will need **passwordless** sudo access
|
> Your user will need **passwordless** sudo access
|
||||||
|
|
||||||
### Home Manager
|
### Home Manager
|
||||||
|
|
||||||
Digga's `lib.mkDeployNodes` provides only `system` profile.
|
Digga's `lib.mkDeployNodes` provides only `system` profile.
|
||||||
In order to deploy your `home-manager` configuration you should provide additional profile(s) to deploy-rs config:
|
In order to deploy your `home-manager` configuration you should provide additional profile(s) to deploy-rs config:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
# Initially, this line looks like this: deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { };
|
# Initially, this line looks like this: deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { };
|
||||||
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations
|
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations
|
||||||
|
@ -79,4 +72,5 @@ Substitute `<HOSTNAME>`, `<HM_PROFILE>` and `<YOUR_USERNAME>` placeholders (omit
|
||||||
`<ANOTHER_HM_PROFILE>` is there to illustrate deploying multiple `home-manager` configurations. Either substitute those as well,
|
`<ANOTHER_HM_PROFILE>` is there to illustrate deploying multiple `home-manager` configurations. Either substitute those as well,
|
||||||
or remove them altogether. Don't forget the `profileOrder` variable.
|
or remove them altogether. Don't forget the `profileOrder` variable.
|
||||||
|
|
||||||
|
|
||||||
[d-rs]: https://github.com/serokell/deploy-rs
|
[d-rs]: https://github.com/serokell/deploy-rs
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
# Hercules CI
|
# Hercules CI
|
||||||
|
|
||||||
If you start adding your own packages and configurations, you'll probably have
|
If you start adding your own packages and configurations, you'll probably have
|
||||||
at least a few binary artifacts. With hercules we can build every package in
|
at least a few binary artifacts. With hercules we can build every package in
|
||||||
our configuration automatically, on every commit. Additionally, we can have it
|
our configuration automatically, on every commit. Additionally, we can have it
|
||||||
|
@ -9,7 +8,6 @@ This will work whether your copy is a fork, or a bare template, as long as your
|
||||||
repo is hosted on GitHub.
|
repo is hosted on GitHub.
|
||||||
|
|
||||||
## Setup
|
## Setup
|
||||||
|
|
||||||
Just head over to [hercules-ci.com](https://hercules-ci.com) to make an account.
|
Just head over to [hercules-ci.com](https://hercules-ci.com) to make an account.
|
||||||
|
|
||||||
Then follow the docs to set up an [agent][agent], if you want to deploy to a
|
Then follow the docs to set up an [agent][agent], if you want to deploy to a
|
||||||
|
@ -17,7 +15,6 @@ binary cache (and of course you do), be sure _not_ to skip the
|
||||||
[binary-caches.json][cache].
|
[binary-caches.json][cache].
|
||||||
|
|
||||||
## Ready to Use
|
## Ready to Use
|
||||||
|
|
||||||
The repo is already set up with the proper _default.nix_ file, building all
|
The repo is already set up with the proper _default.nix_ file, building all
|
||||||
declared packages, checks, profiles and shells. So you can see if something
|
declared packages, checks, profiles and shells. So you can see if something
|
||||||
breaks, and never build the same package twice!
|
breaks, and never build the same package twice!
|
||||||
|
@ -26,7 +23,6 @@ If you want to get fancy, you could even have hercules
|
||||||
[deploy your configuration](https://docs.hercules-ci.com/hercules-ci-effects/guide/deploy-a-nixos-machine/)!
|
[deploy your configuration](https://docs.hercules-ci.com/hercules-ci-effects/guide/deploy-a-nixos-machine/)!
|
||||||
|
|
||||||
> ##### _Note:_
|
> ##### _Note:_
|
||||||
>
|
|
||||||
> Hercules doesn't have access to anything encrypted in the
|
> Hercules doesn't have access to anything encrypted in the
|
||||||
> [secrets folder](../../secrets), so none of your secrets will accidentally get
|
> [secrets folder](../../secrets), so none of your secrets will accidentally get
|
||||||
> pushed to a cache by mistake.
|
> pushed to a cache by mistake.
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
# Integrations
|
# Integrations
|
||||||
|
|
||||||
This section explores some of the optional tools included with devos to provide
|
This section explores some of the optional tools included with devos to provide
|
||||||
a solution to common concerns such as ci and remote deployment. An effort is
|
a solution to common concerns such as ci and remote deployment. An effort is
|
||||||
made to choose tools that treat nix, and where possible flakes, as first class
|
made to choose tools that treat nix, and where possible flakes, as first class
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
# nvfetcher
|
# nvfetcher
|
||||||
|
|
||||||
[NvFetcher][nvf] is a workflow companion for updating nix sources.
|
[NvFetcher][nvf] is a workflow companion for updating nix sources.
|
||||||
|
|
||||||
You can specify an origin source and an update configuration, and
|
You can specify an origin source and an update configuration, and
|
||||||
|
@ -16,7 +15,6 @@ and commit the results.
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
Statically fetching (not tracking) a particular tag from a github repo:
|
Statically fetching (not tracking) a particular tag from a github repo:
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[manix]
|
[manix]
|
||||||
src.manual = "v0.6.3"
|
src.manual = "v0.6.3"
|
||||||
|
@ -24,7 +22,6 @@ fetch.github = "mlvzk/manix"
|
||||||
```
|
```
|
||||||
|
|
||||||
Tracking the latest github _release_ from a github repo:
|
Tracking the latest github _release_ from a github repo:
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[manix]
|
[manix]
|
||||||
src.github = "mlvzk/manix" # responsible for tracking
|
src.github = "mlvzk/manix" # responsible for tracking
|
||||||
|
@ -32,7 +29,6 @@ fetch.github = "mlvzk/manix" # responsible for fetching
|
||||||
```
|
```
|
||||||
|
|
||||||
Tracking the latest commit of a git repository and fetch from a git repo:
|
Tracking the latest commit of a git repository and fetch from a git repo:
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[manix]
|
[manix]
|
||||||
src.git = "https://github.com/mlvzk/manix.git" # responsible for tracking
|
src.git = "https://github.com/mlvzk/manix.git" # responsible for tracking
|
||||||
|
@ -40,7 +36,6 @@ fetch.git = "https://github.com/mlvzk/manix.git" # responsible for fetching
|
||||||
```
|
```
|
||||||
|
|
||||||
> ##### _Note:_
|
> ##### _Note:_
|
||||||
>
|
|
||||||
> Please refer to the [NvFetcher Readme][nvf-readme] for more options.
|
> Please refer to the [NvFetcher Readme][nvf-readme] for more options.
|
||||||
|
|
||||||
[nvf]: https://github.com/berberman/nvfetcher
|
[nvf]: https://github.com/berberman/nvfetcher
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
# Layout
|
# Layout
|
||||||
|
|
||||||
Each of the following sections is a directory whose contents are output to the
|
Each of the following sections is a directory whose contents are output to the
|
||||||
outside world via the flake's outputs. Check each chapter for details.
|
outside world via the flake's outputs. Check each chapter for details.
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
# Modules
|
# Modules
|
||||||
|
|
||||||
The modules directory is a replica of nixpkg's NixOS [modules][nixpkgs-modules]
|
The modules directory is a replica of nixpkg's NixOS [modules][nixpkgs-modules]
|
||||||
, and follows the same semantics. This allows for trivial upstreaming into
|
, and follows the same semantics. This allows for trivial upstreaming into
|
||||||
nixpkgs proper once your module is sufficiently stable.
|
nixpkgs proper once your module is sufficiently stable.
|
||||||
|
@ -7,21 +6,18 @@ nixpkgs proper once your module is sufficiently stable.
|
||||||
All modules linked in _module-list.nix_ are automatically exported via
|
All modules linked in _module-list.nix_ are automatically exported via
|
||||||
`nixosModules.<file-basename>`, and imported into all [hosts](../concepts/hosts.md).
|
`nixosModules.<file-basename>`, and imported into all [hosts](../concepts/hosts.md).
|
||||||
|
|
||||||
|
|
||||||
> ##### _Note:_
|
> ##### _Note:_
|
||||||
>
|
|
||||||
> This is reserved for declaring brand new module options. If you just want to
|
> This is reserved for declaring brand new module options. If you just want to
|
||||||
> declare a coherent configuration of already existing and related NixOS options
|
> declare a coherent configuration of already existing and related NixOS options
|
||||||
> , use [profiles](../concepts/profiles.md) instead.
|
> , use [profiles](../concepts/profiles.md) instead.
|
||||||
|
|
||||||
## Semantics
|
## Semantics
|
||||||
|
|
||||||
In case you've never written a module for nixpkgs before, here is a brief
|
In case you've never written a module for nixpkgs before, here is a brief
|
||||||
outline of the process.
|
outline of the process.
|
||||||
|
|
||||||
### Declaration
|
### Declaration
|
||||||
|
|
||||||
modules/services/service-category/my-service.nix:
|
modules/services/service-category/my-service.nix:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
{ config, lib, ... }:
|
{ config, lib, ... }:
|
||||||
let
|
let
|
||||||
|
@ -41,9 +37,7 @@ in
|
||||||
```
|
```
|
||||||
|
|
||||||
### Import
|
### Import
|
||||||
|
|
||||||
modules/module-list.nix:
|
modules/module-list.nix:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
[
|
[
|
||||||
./services/service-category/my-service.nix
|
./services/service-category/my-service.nix
|
||||||
|
@ -53,9 +47,7 @@ modules/module-list.nix:
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
### Internal
|
### Internal
|
||||||
|
|
||||||
profiles/profile-category/my-profile.nix:
|
profiles/profile-category/my-profile.nix:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
{ ... }:
|
{ ... }:
|
||||||
{
|
{
|
||||||
|
@ -64,9 +56,7 @@ profiles/profile-category/my-profile.nix:
|
||||||
```
|
```
|
||||||
|
|
||||||
### External
|
### External
|
||||||
|
|
||||||
flake.nix:
|
flake.nix:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
{
|
{
|
||||||
# inputs omitted
|
# inputs omitted
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
# Overlays
|
# Overlays
|
||||||
|
|
||||||
Writing overlays is a common occurence when using a NixOS system. Therefore,
|
Writing overlays is a common occurence when using a NixOS system. Therefore,
|
||||||
we want to keep the process as simple and straightforward as possible.
|
we want to keep the process as simple and straightforward as possible.
|
||||||
|
|
||||||
|
@ -10,9 +9,7 @@ exported via `overlays.<channel>/<pkgName>` _as well as_
|
||||||
write it.
|
write it.
|
||||||
|
|
||||||
## Example
|
## Example
|
||||||
|
|
||||||
overlays/kakoune.nix:
|
overlays/kakoune.nix:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
final: prev: {
|
final: prev: {
|
||||||
kakoune = prev.kakoune.override {
|
kakoune = prev.kakoune.override {
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
# Packages
|
# Packages
|
||||||
|
|
||||||
Similar to [modules](./modules.md), the pkgs directory mirrors the upstream
|
Similar to [modules](./modules.md), the pkgs directory mirrors the upstream
|
||||||
[nixpkgs/pkgs][pkgs], and for the same reason; if you ever want to upstream
|
[nixpkgs/pkgs][pkgs], and for the same reason; if you ever want to upstream
|
||||||
your package, it's as simple as dropping it into the nixpkgs/pkgs directory.
|
your package, it's as simple as dropping it into the nixpkgs/pkgs directory.
|
||||||
|
@ -20,24 +19,20 @@ date.
|
||||||
This is best understood by the simple example below.
|
This is best understood by the simple example below.
|
||||||
|
|
||||||
## Example
|
## Example
|
||||||
|
|
||||||
It is possible to specify sources separately to keep them up to date semi
|
It is possible to specify sources separately to keep them up to date semi
|
||||||
automatically.
|
automatically.
|
||||||
The basic rules are specified in pkgs/sources.toml:
|
The basic rules are specified in pkgs/sources.toml:
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
# nvfetcher.toml
|
# nvfetcher.toml
|
||||||
[libinih]
|
[libinih]
|
||||||
src.github = "benhoyt/inih"
|
src.github = "benhoyt/inih"
|
||||||
fetch.github = "benhoyt/inih"
|
fetch.github = "benhoyt/inih"
|
||||||
```
|
```
|
||||||
|
|
||||||
After changes to this file as well as to update the packages specified in there run
|
After changes to this file as well as to update the packages specified in there run
|
||||||
nvfetcher (for more details see [nvfetcher](https://github.com/berberman/nvfetcher)).
|
nvfetcher (for more details see [nvfetcher](https://github.com/berberman/nvfetcher)).
|
||||||
|
|
||||||
The pkgs overlay is managed in
|
The pkgs overlay is managed in
|
||||||
pkgs/default.nix:
|
pkgs/default.nix:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
final: prev: {
|
final: prev: {
|
||||||
# keep sources first, this makes sources available to the pkgs
|
# keep sources first, this makes sources available to the pkgs
|
||||||
|
@ -50,7 +45,6 @@ final: prev: {
|
||||||
|
|
||||||
Lastly the example package is in
|
Lastly the example package is in
|
||||||
pkgs/development/libraries/libinih/default.nix:
|
pkgs/development/libraries/libinih/default.nix:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
{ stdenv, meson, ninja, lib, sources, ... }:
|
{ stdenv, meson, ninja, lib, sources, ... }:
|
||||||
stdenv.mkDerivation {
|
stdenv.mkDerivation {
|
||||||
|
@ -65,8 +59,8 @@ stdenv.mkDerivation {
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
## Migration from flake based approach
|
|
||||||
|
|
||||||
|
## Migration from flake based approach
|
||||||
Previous to nvfetcher it was possible to manage sources via a pkgs/flake.nix, the main changes from there are that sources where in the attribute "srcs" (now "sources") and the contents of the sources where slightly different.
|
Previous to nvfetcher it was possible to manage sources via a pkgs/flake.nix, the main changes from there are that sources where in the attribute "srcs" (now "sources") and the contents of the sources where slightly different.
|
||||||
In order to switch to the new system, rewrite pkgs/flake.nix to a pkgs/sources.toml file using the documentation of nvfetcher,
|
In order to switch to the new system, rewrite pkgs/flake.nix to a pkgs/sources.toml file using the documentation of nvfetcher,
|
||||||
add the line that calls the sources at the beginning of pkgs/default.nix, and
|
add the line that calls the sources at the beginning of pkgs/default.nix, and
|
||||||
|
@ -75,7 +69,6 @@ accomodate the small changes in the packages as can be seen from the example.
|
||||||
The example package looked like:
|
The example package looked like:
|
||||||
|
|
||||||
pkgs/flake.nix:
|
pkgs/flake.nix:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
{
|
{
|
||||||
description = "Package sources";
|
description = "Package sources";
|
||||||
|
@ -88,7 +81,6 @@ pkgs/flake.nix:
|
||||||
```
|
```
|
||||||
|
|
||||||
pkgs/default.nix:
|
pkgs/default.nix:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
final: prev: {
|
final: prev: {
|
||||||
# then, call packages with `final.callPackage`
|
# then, call packages with `final.callPackage`
|
||||||
|
@ -97,7 +89,6 @@ final: prev: {
|
||||||
```
|
```
|
||||||
|
|
||||||
pkgs/development/libraries/libinih/default.nix:
|
pkgs/development/libraries/libinih/default.nix:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
{ stdenv, meson, ninja, lib, srcs, ... }:
|
{ stdenv, meson, ninja, lib, srcs, ... }:
|
||||||
let inherit (srcs) libinih; in
|
let inherit (srcs) libinih; in
|
||||||
|
|
|
@ -1,11 +1,9 @@
|
||||||
# Secrets
|
# Secrets
|
||||||
|
|
||||||
Secrets are managed using [agenix][agenix]
|
Secrets are managed using [agenix][agenix]
|
||||||
so you can keep your flake in a public repository like GitHub without
|
so you can keep your flake in a public repository like GitHub without
|
||||||
exposing your password or other sensitive data.
|
exposing your password or other sensitive data.
|
||||||
|
|
||||||
## Agenix
|
## Agenix
|
||||||
|
|
||||||
Currently, there is [no mechanism][secrets-issue] in nix itself to deploy secrets
|
Currently, there is [no mechanism][secrets-issue] in nix itself to deploy secrets
|
||||||
within the nix store because it is world-readable.
|
within the nix store because it is world-readable.
|
||||||
|
|
||||||
|
@ -19,7 +17,6 @@ matching ssh private key can read the data. The [age module][age module] will ad
|
||||||
encrypted files to the nix store and decrypt them on activation to `/run/agenix`.
|
encrypted files to the nix store and decrypt them on activation to `/run/agenix`.
|
||||||
|
|
||||||
### Setup
|
### Setup
|
||||||
|
|
||||||
All hosts must have openssh enabled, this is done by default in the core profile.
|
All hosts must have openssh enabled, this is done by default in the core profile.
|
||||||
|
|
||||||
You need to populate your `secrets/secrets.nix` with the proper ssh public keys.
|
You need to populate your `secrets/secrets.nix` with the proper ssh public keys.
|
||||||
|
@ -27,7 +24,6 @@ Be extra careful to make sure you only add public keys, you should never share a
|
||||||
private key!!
|
private key!!
|
||||||
|
|
||||||
secrets/secrets.nix:
|
secrets/secrets.nix:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
let
|
let
|
||||||
system = "<system ssh key>";
|
system = "<system ssh key>";
|
||||||
|
@ -41,25 +37,22 @@ this file doesn't exist you likely need to enable openssh and rebuild your syste
|
||||||
|
|
||||||
Your users ssh public key is probably stored in `~/.ssh/id_ed25519.pub` or
|
Your users ssh public key is probably stored in `~/.ssh/id_ed25519.pub` or
|
||||||
`~/.ssh/id_rsa.pub`. If you haven't generated a ssh key yet, be sure do so:
|
`~/.ssh/id_rsa.pub`. If you haven't generated a ssh key yet, be sure do so:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
ssh-keygen -t ed25519
|
ssh-keygen -t ed25519
|
||||||
```
|
```
|
||||||
|
|
||||||
> ##### _Note:_
|
> ##### _Note:_
|
||||||
>
|
|
||||||
> The underlying tool used by agenix, rage, doesn't work well with password protected
|
> The underlying tool used by agenix, rage, doesn't work well with password protected
|
||||||
> ssh keys. So if you have lots of secrets you might have to type in your password many
|
> ssh keys. So if you have lots of secrets you might have to type in your password many
|
||||||
> times.
|
> times.
|
||||||
|
|
||||||
### Secrets
|
|
||||||
|
|
||||||
|
### Secrets
|
||||||
You will need the `agenix` command to create secrets. DevOS conveniently provides that
|
You will need the `agenix` command to create secrets. DevOS conveniently provides that
|
||||||
in the devShell, so just run `nix develop` whenever you want to edit secrets. Make sure
|
in the devShell, so just run `nix develop` whenever you want to edit secrets. Make sure
|
||||||
to always run `agenix` while in the `secrets/` folder, so it can pick up your `secrets.nix`.
|
to always run `agenix` while in the `secrets/` folder, so it can pick up your `secrets.nix`.
|
||||||
|
|
||||||
To create secrets, simply add lines to your `secrets/secrets.nix`:
|
To create secrets, simply add lines to your `secrets/secrets.nix`:
|
||||||
|
|
||||||
```
|
```
|
||||||
let
|
let
|
||||||
...
|
...
|
||||||
|
@ -69,26 +62,21 @@ in
|
||||||
"secret.age".publicKeys = allKeys;
|
"secret.age".publicKeys = allKeys;
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
That would tell agenix to create a `secret.age` file that is encrypted with the `system`
|
That would tell agenix to create a `secret.age` file that is encrypted with the `system`
|
||||||
and `user` ssh public key.
|
and `user` ssh public key.
|
||||||
|
|
||||||
Then go into the `secrets` folder and run:
|
Then go into the `secrets` folder and run:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
agenix -e secret.age
|
agenix -e secret.age
|
||||||
```
|
```
|
||||||
|
|
||||||
This will create the `secret.age`, if it doesn't already exist, and allow you to edit it.
|
This will create the `secret.age`, if it doesn't already exist, and allow you to edit it.
|
||||||
|
|
||||||
If you ever change the `publicKeys` entry of any secret make sure to rekey the secrets:
|
If you ever change the `publicKeys` entry of any secret make sure to rekey the secrets:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
agenix --rekey
|
agenix --rekey
|
||||||
```
|
```
|
||||||
|
|
||||||
### Usage
|
### Usage
|
||||||
|
|
||||||
Once you have your secret file encrypted and ready to use, you can utilize the [age module][age module]
|
Once you have your secret file encrypted and ready to use, you can utilize the [age module][age module]
|
||||||
to ensure that your secrets end up in `/run/secrets`.
|
to ensure that your secrets end up in `/run/secrets`.
|
||||||
|
|
||||||
|
@ -101,14 +89,15 @@ In any profile that uses a NixOS module that requires a secret you can enable a
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
Then you can just pass the path `/run/agenix/mysecret` to the module.
|
Then you can just pass the path `/run/agenix/mysecret` to the module.
|
||||||
|
|
||||||
You can make use of the many options provided by the age module to customize where and how
|
You can make use of the many options provided by the age module to customize where and how
|
||||||
secrets get decrypted. You can learn about them by looking at the
|
secrets get decrypted. You can learn about them by looking at the
|
||||||
[age module][age module].
|
[age module][age module].
|
||||||
|
|
||||||
|
|
||||||
> ##### _Note:_
|
> ##### _Note:_
|
||||||
>
|
|
||||||
> You can take a look at the [agenix repository][agenix] for more information
|
> You can take a look at the [agenix repository][agenix] for more information
|
||||||
> about the tool.
|
> about the tool.
|
||||||
|
|
||||||
|
|
|
@ -1,49 +1,50 @@
|
||||||
# Quick Start
|
# Quick Start
|
||||||
|
|
||||||
The only dependency is nix, so make sure you have it [installed][install-nix].
|
The only dependency is nix, so make sure you have it [installed][install-nix].
|
||||||
|
|
||||||
## Get the Template
|
## Get the Template
|
||||||
|
If you currently don't have flakes setup, you can utilize the digga shell to pull the template:
|
||||||
If you currently don't have flakes setup, you can utilize the digga shell to
|
|
||||||
pull the template:
|
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
nix-shell "https://github.com/divnix/digga/archive/main.tar.gz" \
|
nix-shell "https://github.com/divnix/digga/archive/main.tar.gz" \
|
||||||
--run "nix flake init -t github:divnix/digga"
|
--run "nix flake init -t github:divnix/digga"
|
||||||
```
|
```
|
||||||
|
|
||||||
If you already have flakes support, you can directly pull the template:
|
If you already have flakes support, you can directly pull the template:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
nix flake init -t github:divnix/digga
|
nix flake init -t github:divnix/digga
|
||||||
```
|
```
|
||||||
|
|
||||||
Then make sure to create the git repository:
|
Then make sure to create the git repository:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
git init
|
git init
|
||||||
git add .
|
git add .
|
||||||
git commit
|
git commit -m init
|
||||||
```
|
```
|
||||||
|
|
||||||
Finally, run `nix-shell` to get to an interactive shell with all the
|
To drop into a nix-shell, if you don't have flakes setup, use the digga shell to create a `flake.lock`:
|
||||||
dependencies, including the unstable nix version required. You can run `menu` to
|
```sh
|
||||||
confirm that you are using digga (expected output includes [docs], [general
|
nix-shell "https://github.com/divnix/digga/archive/main.tar.gz" \
|
||||||
commands], [linter], etc.).
|
--run "nix flake lock"
|
||||||
|
```
|
||||||
|
Or if you do have flakes support, just run:
|
||||||
|
```sh
|
||||||
|
nix flake lock
|
||||||
|
```
|
||||||
|
|
||||||
|
Finally, run `nix-shell` to get to an interactive shell with all the dependencies, including the unstable nix
|
||||||
|
version required. You can run `menu` to confirm that you are using digga (expected output includes [docs], [general commands], [linter], etc.).
|
||||||
|
|
||||||
In addition, the [binary cache](../integrations/cachix.md) is added for faster deployment.
|
In addition, the [binary cache](../integrations/cachix.md) is added for faster deployment.
|
||||||
|
|
||||||
> # _Notes:_
|
> ##### _Notes:_
|
||||||
>
|
|
||||||
> - Flakes ignore files that have not been added to git, so be sure to stage new
|
> - Flakes ignore files that have not been added to git, so be sure to stage new
|
||||||
> files before building the system.
|
> files before building the system.
|
||||||
> - You can choose to simply clone the repo with git if you want to follow
|
> - You can choose to simply clone the repo with git if you want to follow
|
||||||
> upstream changes.
|
> upstream changes.
|
||||||
> - If the `nix-shell -p cachix --run "cachix use nrdxp"` line doesn't work you
|
> - If the `nix-shell -p cachix --run "cachix use nrdxp"` line doesn't work
|
||||||
> can try with sudo: `sudo nix-shell -p cachix --run "cachix use nrdxp"`
|
> you can try with sudo: `sudo nix-shell -p cachix --run "cachix use nrdxp"`
|
||||||
|
|
||||||
## Next Steps
|
## Next Steps:
|
||||||
|
|
||||||
- [Make installable ISO](./iso.md)
|
- [Make installable ISO](./iso.md)
|
||||||
|
|
||||||
|
|
||||||
[install-nix]: https://nixos.org/manual/nix/stable/#sect-multi-user-installation
|
[install-nix]: https://nixos.org/manual/nix/stable/#sect-multi-user-installation
|
||||||
|
|
17
doc/tests.md
17
doc/tests.md
|
@ -6,29 +6,18 @@ configuration, and, optionally, run them in
|
||||||
[CI](./integrations/hercules.md).
|
[CI](./integrations/hercules.md).
|
||||||
|
|
||||||
## Unit Tests
|
## Unit Tests
|
||||||
|
|
||||||
Unit tests can be created from regular derivations, and they can do
|
Unit tests can be created from regular derivations, and they can do
|
||||||
almost anything you can imagine. By convention, it is best to test your
|
almost anything you can imagine. By convention, it is best to test your
|
||||||
packages during their [check phase][check]. All packages and their tests will
|
packages during their [check phase][check]. All packages and their tests will
|
||||||
be built during CI.
|
be built during CI.
|
||||||
|
|
||||||
## Integration Tests
|
## Integration Tests
|
||||||
|
All your profiles defined in suites will be tested in a NixOS VM.
|
||||||
All your profiles defined in suites can be tested against an individual host.
|
|
||||||
Simply use digga's pre-baked `digga.lib.allProfilesTest` like so:
|
|
||||||
|
|
||||||
```nix
|
|
||||||
{
|
|
||||||
hosts = {
|
|
||||||
Morty.tests = [ allProfilesTest ];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
You can write integration tests for one or more NixOS VMs that can,
|
You can write integration tests for one or more NixOS VMs that can,
|
||||||
optionally, be networked together, and yes, it's as awesome as it sounds!
|
optionally, be networked together, and yes, it's as awesome as it sounds!
|
||||||
|
|
||||||
Be sure to use the `mkTest` function from Digga, `digga.lib.mkTest`
|
Be sure to use the `mkTest` function from digga, `digga.lib.pkgs-lib.mkTest`
|
||||||
which wraps the official [testing-python][testing-python] function to ensure
|
which wraps the official [testing-python][testing-python] function to ensure
|
||||||
that the system is setup exactly as it is for a bare DevOS system. There are
|
that the system is setup exactly as it is for a bare DevOS system. There are
|
||||||
already great resources for learning how to use these tests effectively,
|
already great resources for learning how to use these tests effectively,
|
||||||
|
@ -37,7 +26,7 @@ and the examples in [nixpkgs][nixos-tests].
|
||||||
|
|
||||||
[test-doc]: https://nixos.org/manual/nixos/stable/index.html#sec-nixos-tests
|
[test-doc]: https://nixos.org/manual/nixos/stable/index.html#sec-nixos-tests
|
||||||
[test-blog]: https://www.haskellforall.com/2020/11/how-to-use-nixos-for-lightweight.html
|
[test-blog]: https://www.haskellforall.com/2020/11/how-to-use-nixos-for-lightweight.html
|
||||||
[default]: https://github.com/divnix/devos/tree/core/tests/default.nix
|
[default]: https://github.com/divnix/devos/tree/main/tests/default.nix
|
||||||
[run-test]: https://github.com/NixOS/nixpkgs/blob/6571462647d7316aff8b8597ecdf5922547bf365/lib/debug.nix#L154-L166
|
[run-test]: https://github.com/NixOS/nixpkgs/blob/6571462647d7316aff8b8597ecdf5922547bf365/lib/debug.nix#L154-L166
|
||||||
[nixos-tests]: https://github.com/NixOS/nixpkgs/tree/master/nixos/tests
|
[nixos-tests]: https://github.com/NixOS/nixpkgs/tree/master/nixos/tests
|
||||||
[testing-python]: https://github.com/NixOS/nixpkgs/tree/master/nixos/lib/testing-python.nix
|
[testing-python]: https://github.com/NixOS/nixpkgs/tree/master/nixos/lib/testing-python.nix
|
||||||
|
|
348
flake.lock
348
flake.lock
|
@ -2,19 +2,16 @@
|
||||||
"nodes": {
|
"nodes": {
|
||||||
"agenix": {
|
"agenix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"darwin": [
|
|
||||||
"darwin"
|
|
||||||
],
|
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixos"
|
"nixos"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1682101079,
|
"lastModified": 1652712410,
|
||||||
"narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=",
|
"narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=",
|
||||||
"owner": "ryantm",
|
"owner": "ryantm",
|
||||||
"repo": "agenix",
|
"repo": "agenix",
|
||||||
"rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447",
|
"rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -23,6 +20,21 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"blank": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1625557891,
|
||||||
|
"narHash": "sha256-O8/MWsPBGhhyPoPLHZAuoZiiHo9q6FLlEeIDEXuj6T4=",
|
||||||
|
"owner": "divnix",
|
||||||
|
"repo": "blank",
|
||||||
|
"rev": "5a5d2684073d9f563072ed07c871d577a6c614a8",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "divnix",
|
||||||
|
"repo": "blank",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"darwin": {
|
"darwin": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
@ -30,11 +42,32 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1696360011,
|
"lastModified": 1660649317,
|
||||||
"narHash": "sha256-HpPv27qMuPou4acXcZ8Klm7Zt0Elv9dgDvSJaomWb9Y=",
|
"narHash": "sha256-16sWaj3cTZOQQgrmzlvBSRaBFKLrHJrfYh1k7/sSWok=",
|
||||||
"owner": "LnL7",
|
"owner": "LnL7",
|
||||||
"repo": "nix-darwin",
|
"repo": "nix-darwin",
|
||||||
"rev": "8b6ea26d5d2e8359d06278364f41fbc4b903b28a",
|
"rev": "80871c71edb3da76d40bdff9cae007a2a035c074",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "LnL7",
|
||||||
|
"repo": "nix-darwin",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"darwin_2": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"digga",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1651916036,
|
||||||
|
"narHash": "sha256-UuD9keUGm4IuVEV6wdSYbuRm7CwfXE63hVkzKDjVsh4=",
|
||||||
|
"owner": "LnL7",
|
||||||
|
"repo": "nix-darwin",
|
||||||
|
"rev": "2f2bdf658d2b79bada78dc914af99c53cad37cba",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -45,20 +78,18 @@
|
||||||
},
|
},
|
||||||
"deploy": {
|
"deploy": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": [
|
"flake-compat": "flake-compat",
|
||||||
"flake-compat"
|
|
||||||
],
|
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixos"
|
"nixos"
|
||||||
],
|
],
|
||||||
"utils": "utils"
|
"utils": "utils"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1695052866,
|
"lastModified": 1659725433,
|
||||||
"narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=",
|
"narHash": "sha256-1ZxuK67TL29YLw88vQ18Y2Y6iYg8Jb7I6/HVzmNB6nM=",
|
||||||
"owner": "serokell",
|
"owner": "serokell",
|
||||||
"repo": "deploy-rs",
|
"repo": "deploy-rs",
|
||||||
"rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9",
|
"rev": "41f15759dd8b638e7b4f299730d94d5aa46ab7eb",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -76,11 +107,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1671489820,
|
"lastModified": 1655976588,
|
||||||
"narHash": "sha256-qoei5HDJ8psd1YUPD7DhbHdhLIT9L2nadscp4Qk37uk=",
|
"narHash": "sha256-VreHyH6ITkf/1EX/8h15UqhddJnUleb0HgbC3gMkAEQ=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "devshell",
|
"repo": "devshell",
|
||||||
"rev": "5aa3a8039c68b4bf869327446590f4cdf90bb634",
|
"rev": "899ca4629020592a13a46783587f6e674179d1db",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -91,21 +122,18 @@
|
||||||
},
|
},
|
||||||
"digga": {
|
"digga": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"darwin": [
|
"blank": "blank",
|
||||||
"darwin"
|
"darwin": "darwin_2",
|
||||||
],
|
|
||||||
"deploy": [
|
"deploy": [
|
||||||
"deploy"
|
"deploy"
|
||||||
],
|
],
|
||||||
"devshell": "devshell",
|
"devshell": "devshell",
|
||||||
"flake-compat": [
|
"flake-compat": "flake-compat_2",
|
||||||
"flake-compat"
|
|
||||||
],
|
|
||||||
"flake-utils": "flake-utils_2",
|
|
||||||
"flake-utils-plus": "flake-utils-plus",
|
"flake-utils-plus": "flake-utils-plus",
|
||||||
"home-manager": [
|
"home-manager": [
|
||||||
"home"
|
"home"
|
||||||
],
|
],
|
||||||
|
"latest": "latest",
|
||||||
"nixlib": [
|
"nixlib": [
|
||||||
"nixos"
|
"nixos"
|
||||||
],
|
],
|
||||||
|
@ -115,16 +143,15 @@
|
||||||
"nixpkgs-unstable": "nixpkgs-unstable"
|
"nixpkgs-unstable": "nixpkgs-unstable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1674947971,
|
"lastModified": 1659622306,
|
||||||
"narHash": "sha256-6gKqegJHs72jnfFP9g2sihl4fIZgtKgKuqU2rCkIdGY=",
|
"narHash": "sha256-Kpfm2PNs+kZU0W7qcugoPATLG8I2P7FJFGTgsf1LJiU=",
|
||||||
"owner": "pub-solar",
|
"owner": "divnix",
|
||||||
"repo": "digga",
|
"repo": "digga",
|
||||||
"rev": "2da608bd8afb48afef82c6b1b6d852a36094a497",
|
"rev": "d1193743a535d7fbbc7f3eda4e51295b10bd4d2c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "pub-solar",
|
"owner": "divnix",
|
||||||
"ref": "fix/bootstrap-iso",
|
|
||||||
"repo": "digga",
|
"repo": "digga",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -132,11 +159,43 @@
|
||||||
"flake-compat": {
|
"flake-compat": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1673956053,
|
"lastModified": 1648199409,
|
||||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
"narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=",
|
||||||
"owner": "edolstra",
|
"owner": "edolstra",
|
||||||
"repo": "flake-compat",
|
"repo": "flake-compat",
|
||||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
"rev": "64a525ee38886ab9028e6f61790de0832aa3ef03",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-compat_2": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1650374568,
|
||||||
|
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-compat_3": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1648199409,
|
||||||
|
"narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=",
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"rev": "64a525ee38886ab9028e6f61790de0832aa3ef03",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -162,10 +221,7 @@
|
||||||
},
|
},
|
||||||
"flake-utils-plus": {
|
"flake-utils-plus": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-utils": [
|
"flake-utils": "flake-utils_2"
|
||||||
"digga",
|
|
||||||
"flake-utils"
|
|
||||||
]
|
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1654029967,
|
"lastModified": 1654029967,
|
||||||
|
@ -184,11 +240,11 @@
|
||||||
},
|
},
|
||||||
"flake-utils_2": {
|
"flake-utils_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1667395993,
|
"lastModified": 1644229661,
|
||||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
"narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
"rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -197,19 +253,18 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"fork": {
|
"flake-utils_3": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1692960587,
|
"lastModified": 1649676176,
|
||||||
"narHash": "sha256-39SKGdhn8jKKkdqhULbCvQOpdUPE9NNJpy5HTB++Jvg=",
|
"narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=",
|
||||||
"owner": "teutat3s",
|
"owner": "numtide",
|
||||||
"repo": "nixpkgs",
|
"repo": "flake-utils",
|
||||||
"rev": "312709dd70684f52496580e533d58645526b1c90",
|
"rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "teutat3s",
|
"owner": "numtide",
|
||||||
"ref": "nvfetcher-fix",
|
"repo": "flake-utils",
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -220,27 +275,27 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1695108154,
|
"lastModified": 1656169755,
|
||||||
"narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=",
|
"narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "07682fff75d41f18327a871088d20af2710d4744",
|
"rev": "4a3d01fb53f52ac83194081272795aa4612c2381",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"ref": "release-23.05",
|
"ref": "release-22.05",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"latest": {
|
"latest": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1696604326,
|
"lastModified": 1657265485,
|
||||||
"narHash": "sha256-YXUNI0kLEcI5g8lqGMb0nh67fY9f2YoJsILafh6zlMo=",
|
"narHash": "sha256-PUQ9C7mfi0/BnaAUX2R/PIkoNCb/Jtx9EpnhMBNrO/o=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "87828a0e03d1418e848d3dd3f3014a632e4a4f64",
|
"rev": "b39924fc7764c08ae3b51beef9a3518c414cdb7d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -250,29 +305,119 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"latest_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1660574513,
|
||||||
|
"narHash": "sha256-nkMQ1TKIIAYIVbbUzjxfjPn3H1zZFW20TrHUFAjwvNU=",
|
||||||
|
"owner": "nixos",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "af9e00071d0971eb292fd5abef334e66eda3cb69",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nixos",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"musnix": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixos"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1628019651,
|
||||||
|
"narHash": "sha256-zLXDF2sfvN8BXb78nHAp3KSbhE1flOkia5+KtiPQ+mQ=",
|
||||||
|
"owner": "musnix",
|
||||||
|
"repo": "musnix",
|
||||||
|
"rev": "7fb04384544fa2e68bf5e71869760674656b62e8",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "musnix",
|
||||||
|
"repo": "musnix",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"naersk": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixos"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1659610603,
|
||||||
|
"narHash": "sha256-LYgASYSPYo7O71WfeUOaEUzYfzuXm8c8eavJcel+pfI=",
|
||||||
|
"owner": "nmattia",
|
||||||
|
"repo": "naersk",
|
||||||
|
"rev": "c6a45e4277fa58abd524681466d3450f896dc094",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nmattia",
|
||||||
|
"repo": "naersk",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixlib": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1636849918,
|
||||||
|
"narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "nixpkgs.lib",
|
||||||
|
"rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "nixpkgs.lib",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixos": {
|
"nixos": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1696697597,
|
"lastModified": 1660581366,
|
||||||
"narHash": "sha256-q26Qv4DQ+h6IeozF2o1secyQG0jt2VUT3V0K58jr3pg=",
|
"narHash": "sha256-et+bi9/jlSF/pHx5AYB9ZP2XDdZEQ0vnF7xlvs4503Y=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "5a237aecb57296f67276ac9ab296a41c23981f56",
|
"rev": "3d47bbaa26e7a771059d828eecf3bd8bf28a8b0f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"ref": "nixos-23.05",
|
"ref": "nixos-22.05",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixos-generators": {
|
||||||
|
"inputs": {
|
||||||
|
"nixlib": "nixlib",
|
||||||
|
"nixpkgs": "nixpkgs"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1660661347,
|
||||||
|
"narHash": "sha256-0eSeeQ7oH502rX5hXXi4Pt9CTgEhygp0/EL+biwhkrk=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "nixos-generators",
|
||||||
|
"rev": "ecef210472ddac2a9e06c7d4c7247a5be96b1cab",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "nixos-generators",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1696614066,
|
"lastModified": 1660407119,
|
||||||
"narHash": "sha256-nAyYhO7TCr1tikacP37O9FnGr2USOsVBD3IgvndUYjM=",
|
"narHash": "sha256-04lWO0pDbhAXFdL4v2VzzwgxrZ5IefKn+TmZPiPeKxg=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "bb2db418b616fea536b1be7f6ee72fb45c11afe0",
|
"rev": "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -281,43 +426,96 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1637186689,
|
||||||
|
"narHash": "sha256-NU7BhgnwA/3ibmCeSzFK6xGi+Bari9mPfn+4cBmyEjw=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "7fad01d9d5a3f82081c00fb57918d64145dc904c",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixpkgs-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1672791794,
|
"lastModified": 1657292830,
|
||||||
"narHash": "sha256-mqGPpGmwap0Wfsf3o2b6qHJW1w2kk/I6cGCGIU+3t6o=",
|
"narHash": "sha256-ldfVSTveWceDCmW6gf3B4kR6vwmz/XS80y5wsLLHFJU=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "9813adc7f7c0edd738c6bdd8431439688bb0cb3d",
|
"rev": "334ec8b503c3981e37a04b817a70e8d026ea9e84",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"ref": "nixos-unstable",
|
"ref": "nixpkgs-unstable",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nur": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 0,
|
||||||
|
"narHash": "sha256-XzuvFTmsXULdWynQWzgaPHikepNhjEpK4o5WXfmRqek=",
|
||||||
|
"path": "/nix/store/all4f5y28iyigh60lz4j1j6j02106dn2-source",
|
||||||
|
"type": "path"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"id": "nur",
|
||||||
|
"type": "indirect"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nvfetcher": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-compat": "flake-compat_3",
|
||||||
|
"flake-utils": "flake-utils_3",
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixos"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1654975372,
|
||||||
|
"narHash": "sha256-wkNZ16akgKViuZzE/IM+bux4uaJ04KIwUeexH8gBjgw=",
|
||||||
|
"owner": "berberman",
|
||||||
|
"repo": "nvfetcher",
|
||||||
|
"rev": "d4b237c10f14f72f8266b0f658faad822e491e55",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "berberman",
|
||||||
|
"repo": "nvfetcher",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"agenix": "agenix",
|
"agenix": "agenix",
|
||||||
"darwin": "darwin",
|
"darwin": "darwin",
|
||||||
"deploy": "deploy",
|
"deploy": "deploy",
|
||||||
"digga": "digga",
|
"digga": "digga",
|
||||||
"flake-compat": "flake-compat",
|
|
||||||
"fork": "fork",
|
|
||||||
"home": "home",
|
"home": "home",
|
||||||
"latest": "latest",
|
"latest": "latest_2",
|
||||||
|
"musnix": "musnix",
|
||||||
|
"naersk": "naersk",
|
||||||
"nixos": "nixos",
|
"nixos": "nixos",
|
||||||
"nixos-hardware": "nixos-hardware"
|
"nixos-generators": "nixos-generators",
|
||||||
|
"nixos-hardware": "nixos-hardware",
|
||||||
|
"nur": "nur",
|
||||||
|
"nvfetcher": "nvfetcher"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"utils": {
|
"utils": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1667395993,
|
"lastModified": 1648297722,
|
||||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
"narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
"rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
201
flake.nix
201
flake.nix
|
@ -2,26 +2,22 @@
|
||||||
description = "A highly structured configuration database.";
|
description = "A highly structured configuration database.";
|
||||||
|
|
||||||
nixConfig.extra-experimental-features = "nix-command flakes";
|
nixConfig.extra-experimental-features = "nix-command flakes";
|
||||||
|
nixConfig.extra-substituters = "https://nix-dram.cachix.org https://dram.cachix.org https://nrdxp.cachix.org https://nix-community.cachix.org";
|
||||||
|
nixConfig.extra-trusted-public-keys = "nix-dram.cachix.org-1:CKjZ0L1ZiqH3kzYAZRt8tg8vewAx5yj8Du/+iR8Efpg= dram.cachix.org-1:baoy1SXpwYdKbqdTbfKGTKauDDeDlHhUpC+QuuILEMY= nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=";
|
||||||
|
|
||||||
inputs = {
|
inputs =
|
||||||
|
{
|
||||||
# Track channels with commits tested and built by hydra
|
# Track channels with commits tested and built by hydra
|
||||||
nixos.url = "github:nixos/nixpkgs/nixos-23.05";
|
nixos.url = "github:nixos/nixpkgs/nixos-22.05";
|
||||||
latest.url = "github:nixos/nixpkgs/nixos-unstable";
|
latest.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
|
|
||||||
fork.url = "github:teutat3s/nixpkgs/nvfetcher-fix";
|
digga.url = "github:divnix/digga";
|
||||||
|
|
||||||
flake-compat.url = "github:edolstra/flake-compat";
|
|
||||||
flake-compat.flake = false;
|
|
||||||
|
|
||||||
digga.url = "github:pub-solar/digga/fix/bootstrap-iso";
|
|
||||||
digga.inputs.nixpkgs.follows = "nixos";
|
digga.inputs.nixpkgs.follows = "nixos";
|
||||||
digga.inputs.nixlib.follows = "nixos";
|
digga.inputs.nixlib.follows = "nixos";
|
||||||
digga.inputs.home-manager.follows = "home";
|
digga.inputs.home-manager.follows = "home";
|
||||||
digga.inputs.deploy.follows = "deploy";
|
digga.inputs.deploy.follows = "deploy";
|
||||||
digga.inputs.darwin.follows = "darwin";
|
|
||||||
digga.inputs.flake-compat.follows = "flake-compat";
|
|
||||||
|
|
||||||
home.url = "github:nix-community/home-manager/release-23.05";
|
home.url = "github:nix-community/home-manager/release-22.05";
|
||||||
home.inputs.nixpkgs.follows = "nixos";
|
home.inputs.nixpkgs.follows = "nixos";
|
||||||
|
|
||||||
darwin.url = "github:LnL7/nix-darwin";
|
darwin.url = "github:LnL7/nix-darwin";
|
||||||
|
@ -29,24 +25,37 @@
|
||||||
|
|
||||||
deploy.url = "github:serokell/deploy-rs";
|
deploy.url = "github:serokell/deploy-rs";
|
||||||
deploy.inputs.nixpkgs.follows = "nixos";
|
deploy.inputs.nixpkgs.follows = "nixos";
|
||||||
deploy.inputs.flake-compat.follows = "flake-compat";
|
|
||||||
|
|
||||||
agenix.url = "github:ryantm/agenix";
|
agenix.url = "github:ryantm/agenix";
|
||||||
agenix.inputs.nixpkgs.follows = "nixos";
|
agenix.inputs.nixpkgs.follows = "nixos";
|
||||||
agenix.inputs.darwin.follows = "darwin";
|
|
||||||
|
nvfetcher.url = "github:berberman/nvfetcher";
|
||||||
|
nvfetcher.inputs.nixpkgs.follows = "nixos";
|
||||||
|
|
||||||
|
naersk.url = "github:nmattia/naersk";
|
||||||
|
naersk.inputs.nixpkgs.follows = "nixos";
|
||||||
|
|
||||||
nixos-hardware.url = "github:nixos/nixos-hardware";
|
nixos-hardware.url = "github:nixos/nixos-hardware";
|
||||||
|
|
||||||
|
nixos-generators.url = "github:nix-community/nixos-generators";
|
||||||
|
|
||||||
|
# hensoko additions
|
||||||
|
musnix.url = "github:musnix/musnix";
|
||||||
|
musnix.inputs.nixpkgs.follows = "nixos";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = {
|
outputs =
|
||||||
self,
|
{ self
|
||||||
digga,
|
, digga
|
||||||
nixos,
|
, nixos
|
||||||
home,
|
, home
|
||||||
nixos-hardware,
|
, nixos-hardware
|
||||||
agenix,
|
, nur
|
||||||
deploy,
|
, agenix
|
||||||
...
|
, nvfetcher
|
||||||
|
, deploy
|
||||||
|
, musnix
|
||||||
|
, ...
|
||||||
} @ inputs:
|
} @ inputs:
|
||||||
digga.lib.mkFlake
|
digga.lib.mkFlake
|
||||||
{
|
{
|
||||||
|
@ -56,25 +65,17 @@
|
||||||
# allowUnfree = true;
|
# allowUnfree = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
supportedSystems = ["x86_64-linux" "aarch64-linux" "aarch64-darwin"];
|
supportedSystems = [ "x86_64-linux" "aarch64-linux" ];
|
||||||
|
|
||||||
channels = {
|
channels = {
|
||||||
nixos = {
|
nixos = {
|
||||||
imports = [(digga.lib.importOverlays ./overlays)];
|
imports = [ (digga.lib.importOverlays ./overlays) ];
|
||||||
overlays = [
|
overlays = [ ];
|
||||||
(self: super: {
|
|
||||||
deploy-rs = {
|
|
||||||
inherit (inputs.nixos.legacyPackages.x86_64-linux) deploy-rs;
|
|
||||||
lib = inputs.deploy.lib.x86_64-linux;
|
|
||||||
};
|
};
|
||||||
})
|
latest = { };
|
||||||
];
|
|
||||||
};
|
|
||||||
latest = {};
|
|
||||||
fork = {};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
lib = import ./lib {lib = digga.lib // nixos.lib;};
|
lib = import ./lib { lib = digga.lib // nixos.lib; };
|
||||||
|
|
||||||
sharedOverlays = [
|
sharedOverlays = [
|
||||||
(final: prev: {
|
(final: prev: {
|
||||||
|
@ -83,7 +84,8 @@
|
||||||
our = self.lib;
|
our = self.lib;
|
||||||
});
|
});
|
||||||
})
|
})
|
||||||
agenix.overlays.default
|
nur.overlay
|
||||||
|
agenix.overlay
|
||||||
|
|
||||||
(import ./pkgs)
|
(import ./pkgs)
|
||||||
];
|
];
|
||||||
|
@ -92,66 +94,86 @@
|
||||||
hostDefaults = {
|
hostDefaults = {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
channelName = "nixos";
|
channelName = "nixos";
|
||||||
imports = [(digga.lib.importExportableModules ./modules)];
|
imports = [ (digga.lib.importExportableModules ./modules) ];
|
||||||
modules = [
|
modules = [
|
||||||
{lib.our = self.lib;}
|
{ lib.our = self.lib; }
|
||||||
# FIXME: upstream module causes a huge number of unnecessary
|
digga.nixosModules.bootstrapIso
|
||||||
# dependencies to be pulled in for all systems -- many of them are
|
|
||||||
# graphical. should only be imported as needed.
|
|
||||||
# digga.nixosModules.bootstrapIso
|
|
||||||
digga.nixosModules.nixConfig
|
digga.nixosModules.nixConfig
|
||||||
home.nixosModules.home-manager
|
home.nixosModules.home-manager
|
||||||
agenix.nixosModules.age
|
agenix.nixosModules.age
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
imports = [(digga.lib.importHosts ./hosts)];
|
imports = [ (digga.lib.importHosts ./hosts) ];
|
||||||
hosts = {
|
hosts = {
|
||||||
# Set host-specific properties here
|
/* set host specific properties here */
|
||||||
bootstrap = {
|
PubSolarOS = { };
|
||||||
|
companion = {
|
||||||
|
system = "aarch64-linux";
|
||||||
|
};
|
||||||
|
cox = {
|
||||||
|
system = "aarch64-linux";
|
||||||
|
};
|
||||||
|
giggles = {
|
||||||
|
system = "aarch64-linux";
|
||||||
|
};
|
||||||
|
harrison = {
|
||||||
modules = [
|
modules = [
|
||||||
digga.nixosModules.bootstrapIso
|
musnix.nixosModules.musnix
|
||||||
];
|
|
||||||
};
|
|
||||||
PubSolarOS = {
|
|
||||||
tests = [
|
|
||||||
#(import ./tests/first-test.nix {
|
|
||||||
# pkgs = nixos.legacyPackages.x86_64-linux;
|
|
||||||
# lib = nixos.lib;
|
|
||||||
#})
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
norman = { };
|
||||||
};
|
};
|
||||||
importables = rec {
|
importables = rec {
|
||||||
profiles =
|
profiles = digga.lib.rakeLeaves ./profiles // {
|
||||||
digga.lib.rakeLeaves ./profiles
|
|
||||||
// {
|
|
||||||
users = digga.lib.rakeLeaves ./users;
|
users = digga.lib.rakeLeaves ./users;
|
||||||
};
|
};
|
||||||
suites = with profiles; rec {
|
suites = with profiles; rec {
|
||||||
base = [users.pub-solar users.root];
|
base = [ users.pub-solar users.root ];
|
||||||
iso = base ++ [base-user graphical pub-solar-iso];
|
iso = base ++ [ base-user graphical pub-solar-iso ];
|
||||||
pubsolaros = [full-install base-user users.root];
|
pubsolaros = [ base-user users.root ];
|
||||||
anonymous = [pubsolaros users.pub-solar];
|
anonymous = [ pubsolaros users.pub-solar ];
|
||||||
|
pubsolaros-light = [ base-user users.root ];
|
||||||
|
hensoko = pubsolaros ++ [ users.hensoko ];
|
||||||
|
hensoko-light = pubsolaros-light ++ [ users.hensoko ];
|
||||||
|
hensoko-iot = [ base-user users.root users.hensoko ];
|
||||||
|
|
||||||
|
# server
|
||||||
|
cube = hensoko-iot;
|
||||||
|
|
||||||
|
# home-controller
|
||||||
|
companion = hensoko-iot;
|
||||||
|
cox = hensoko-iot;
|
||||||
|
giggles = hensoko-iot;
|
||||||
|
|
||||||
|
# laptop
|
||||||
|
ringo = hensoko-light ++ [ ];
|
||||||
|
|
||||||
|
# vm
|
||||||
|
redpanda = hensoko;
|
||||||
|
|
||||||
|
# home pc
|
||||||
|
harrison = hensoko ++ [ daw graphical non-free social work ];
|
||||||
|
|
||||||
|
# work laptop
|
||||||
|
norman = hensoko ++ [ graphical non-free social virtualisation work ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
home = {
|
home = {
|
||||||
imports = [(digga.lib.importExportableModules ./users/modules)];
|
imports = [ (digga.lib.importExportableModules ./users/modules) ];
|
||||||
modules = [];
|
modules = [ ];
|
||||||
importables = rec {
|
importables = rec {
|
||||||
profiles = digga.lib.rakeLeaves ./users/profiles;
|
profiles = digga.lib.rakeLeaves ./users/profiles;
|
||||||
suites = with profiles; rec {
|
suites = with profiles; rec {
|
||||||
base = [direnv git];
|
base = [ direnv git ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
users = {
|
users = {
|
||||||
pub-solar = {suites, ...}: {
|
pub-solar = { suites, ... }: { imports = suites.base; };
|
||||||
imports = suites.base;
|
hensoko = { suites, ... }: { imports = suites.base; };
|
||||||
|
hensoko_iot = { suites, ... }: { imports = suites.base; };
|
||||||
home.stateVersion = "21.03";
|
|
||||||
};
|
|
||||||
}; # digga.lib.importers.rakeLeaves ./users/hm;
|
}; # digga.lib.importers.rakeLeaves ./users/hm;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -160,16 +182,39 @@
|
||||||
homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
|
homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
|
||||||
|
|
||||||
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
|
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
|
||||||
#example = {
|
cube = { };
|
||||||
# hostname = "example.com:22";
|
companion = {
|
||||||
# sshUser = "bartender";
|
#profilesOrder = [ "system" "direnv" ];
|
||||||
# fastConnect = true;
|
#profiles.direnv = {
|
||||||
# profilesOrder = ["system" "direnv"];
|
# user = "hensoko";
|
||||||
# profiles.direnv = {
|
# path = deploy.lib.aarch64-linux.activate.home-manager self.homeConfigurationsPortable.aarch64-linux."hensoko";
|
||||||
# user = "bartender";
|
#};
|
||||||
# path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.bartender;
|
};
|
||||||
# };
|
cox = {
|
||||||
|
#profilesOrder = [ "system" "direnv" ];
|
||||||
|
#profiles.direnv = {
|
||||||
|
# user = "hensoko";
|
||||||
|
# path = deploy.lib.aarch64-linux.activate.home-manager self.homeConfigurationsPortable.aarch64-linux."hensoko";
|
||||||
|
#};
|
||||||
|
};
|
||||||
|
giggles = {
|
||||||
|
#profilesOrder = [ "system" "direnv" ];
|
||||||
|
#profiles.direnv = {
|
||||||
|
# user = "hensoko";
|
||||||
|
# path = deploy.lib.aarch64-linux.activate.home-manager self.homeConfigurationsPortable.aarch64-linux."hensoko";
|
||||||
|
#};
|
||||||
|
};
|
||||||
|
ringo = {
|
||||||
|
#profilesOrder = [ "system" "direnv" ];
|
||||||
|
#profiles.direnv = {
|
||||||
|
# user = "hensoko";
|
||||||
|
# path = deploy.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux."hensoko";
|
||||||
#};
|
#};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
defaultTemplate = self.templates.bud;
|
||||||
|
templates.bud.path = ./.;
|
||||||
|
templates.bud.description = "bud template";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,15 +1,17 @@
|
||||||
{suites, ...}: {
|
{ suites, ... }:
|
||||||
|
{
|
||||||
### root password is empty by default ###
|
### root password is empty by default ###
|
||||||
### default password: pub-solar, optional: add your SSH keys
|
### default password: pub-solar, optional: add your SSH keys
|
||||||
imports =
|
imports =
|
||||||
suites.iso;
|
suites.iso
|
||||||
|
;
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
networking.networkmanager.enable = true;
|
networking.networkmanager.enable = true;
|
||||||
|
|
||||||
fileSystems."/" = {device = "/dev/disk/by-label/nixos";};
|
fileSystems."/" = { device = "/dev/disk/by-label/nixos"; };
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
|
|
|
@ -1,23 +1,9 @@
|
||||||
|
{ profiles, ... }:
|
||||||
{
|
{
|
||||||
config,
|
# build with: `nix build '.#nixosConfigurations.bootstrap.config.system.build.bootstrapIso'`
|
||||||
lib,
|
# reachable on the local link via ssh root@fe80::47%eno1
|
||||||
pkgs,
|
# where 'eno1' is replaced by your own machine's network
|
||||||
profiles,
|
# interface that has the local link to the target machine
|
||||||
...
|
|
||||||
}:
|
|
||||||
with lib; let
|
|
||||||
# Gets hostname of host to be bundled inside iso
|
|
||||||
# Copied from https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L3-L11
|
|
||||||
getFqdn = config: let
|
|
||||||
net = config.networking;
|
|
||||||
fqdn =
|
|
||||||
if (net ? domain) && (net.domain != null)
|
|
||||||
then "${net.hostName}.${net.domain}"
|
|
||||||
else net.hostName;
|
|
||||||
in
|
|
||||||
fqdn;
|
|
||||||
in {
|
|
||||||
# build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"`
|
|
||||||
imports = [
|
imports = [
|
||||||
# profiles.networking
|
# profiles.networking
|
||||||
profiles.users.root # make sure to configure ssh keys
|
profiles.users.root # make sure to configure ssh keys
|
||||||
|
@ -27,21 +13,10 @@ in {
|
||||||
profiles.pub-solar-iso
|
profiles.pub-solar-iso
|
||||||
];
|
];
|
||||||
|
|
||||||
config = {
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
|
||||||
# will be overridden by the bootstrapIso instrumentation
|
# will be overridden by the bootstrapIso instrumentation
|
||||||
fileSystems."/" = {device = "/dev/disk/by-label/nixos";};
|
fileSystems."/" = { device = "/dev/disk/by-label/nixos"; };
|
||||||
|
|
||||||
system.nixos.label = "PubSolarOS-" + config.system.nixos.version;
|
|
||||||
|
|
||||||
# mkForce because a similar transformation gets double applied otherwise
|
|
||||||
# https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L17
|
|
||||||
# https://github.com/NixOS/nixpkgs/blob/aecd4d8349b94f9bd5718c74a5b789f233f67326/nixos/modules/installer/cd-dvd/installation-cd-base.nix#L21-L22
|
|
||||||
isoImage = {
|
|
||||||
isoBaseName = mkForce (getFqdn config);
|
|
||||||
isoName = mkForce "${config.system.nixos.label}-${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso";
|
|
||||||
};
|
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
|
@ -50,5 +25,4 @@ in {
|
||||||
# Before changing this value read the documentation for this option
|
# Before changing this value read the documentation for this option
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
system.stateVersion = "21.05"; # Did you read the comment?
|
system.stateVersion = "21.05"; # Did you read the comment?
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
16
hosts/companion/companion.nix
Normal file
16
hosts/companion/companion.nix
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
config = {
|
||||||
|
boot.plymouth.enable = lib.mkForce false;
|
||||||
|
pub-solar.nextcloud.enable = lib.mkForce false;
|
||||||
|
};
|
||||||
|
}
|
63
hosts/companion/configuration.nix
Normal file
63
hosts/companion/configuration.nix
Normal file
|
@ -0,0 +1,63 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./home-controller.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.loader.timeout = 0;
|
||||||
|
|
||||||
|
boot.loader.generic-extlinux-compatible.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
boot.loader.grub = {
|
||||||
|
enable = true;
|
||||||
|
efiSupport = true;
|
||||||
|
efiInstallAsRemovable = true;
|
||||||
|
device = "nodev";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
|
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||||
|
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||||
|
# replicates the default behaviour.
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.interfaces.eth0.useDHCP = true;
|
||||||
|
networking.interfaces.wlan0.useDHCP = false;
|
||||||
|
networking.networkmanager.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
nix = {
|
||||||
|
extraOptions = lib.optionalString (config.nix.package == pkgs.nixFlakes) "experimental-features = nix-command flakes";
|
||||||
|
};
|
||||||
|
|
||||||
|
# List packages installed in system profile. To search, run:
|
||||||
|
# $ nix search wget
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
vim
|
||||||
|
wget
|
||||||
|
];
|
||||||
|
|
||||||
|
# Open ports in the firewall.
|
||||||
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||||
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||||
|
# Or disable the firewall altogether.
|
||||||
|
# networking.firewall.enable = false;
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "22.11"; # Did you read the comment?
|
||||||
|
}
|
||||||
|
|
6
hosts/companion/default.nix
Normal file
6
hosts/companion/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{ suites, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./companion.nix
|
||||||
|
] ++ suites.companion;
|
||||||
|
}
|
61
hosts/companion/hardware-configuration.nix
Normal file
61
hosts/companion/hardware-configuration.nix
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "uas" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
boot.initrd.supportedFilesystems = [ "zfs" ];
|
||||||
|
boot.supportedFilesystems = [ "zfs" ];
|
||||||
|
|
||||||
|
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_5_18;
|
||||||
|
|
||||||
|
boot.initrd.luks.devices = {
|
||||||
|
cryptroot = {
|
||||||
|
device = "/dev/disk/by-uuid/3bbde916-e12a-46a7-9eea-4f5e2aef7883";
|
||||||
|
keyFile = "/dev/disk/by-id/usb-SanDisk_Cruzer_Blade_04017028021722045451-0:0-part1";
|
||||||
|
bypassWorkqueues = true;
|
||||||
|
fallbackToPassword = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{
|
||||||
|
device = "zroot/root";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/5552-1B21";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/var/lib/rancher/k3s/storage" =
|
||||||
|
{
|
||||||
|
device = "zroot/kubernetes-localstorage";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices =
|
||||||
|
[{ device = "/dev/disk/by-uuid/0545db4a-0494-44d7-927a-4c78351c4303"; }];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.interfaces.eth0.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
|
||||||
|
networking.hostId = "71f2d82a";
|
||||||
|
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||||
|
}
|
55
hosts/companion/home-controller.nix
Normal file
55
hosts/companion/home-controller.nix
Normal file
|
@ -0,0 +1,55 @@
|
||||||
|
{ self, config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
config = {
|
||||||
|
age.secrets.home_controller_k3s_token.file = "${self}/secrets/home_controller_k3s_server_token.age";
|
||||||
|
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_companion_wireguard_key.age";
|
||||||
|
|
||||||
|
pub-solar.home-controller = {
|
||||||
|
enable = true;
|
||||||
|
role = "server";
|
||||||
|
ownIp = "10.0.1.13";
|
||||||
|
|
||||||
|
k3s = {
|
||||||
|
serverAddr = "https://api.kube:6443";
|
||||||
|
tokenFile = "/run/agenix/home_controller_k3s_token";
|
||||||
|
enableLocalStorage = true;
|
||||||
|
enableZfs = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
wireguard = {
|
||||||
|
privateKeyFile = "/run/agenix/home_controller_wireguard";
|
||||||
|
peers = [
|
||||||
|
{
|
||||||
|
# cube
|
||||||
|
publicKey = "UVzVK5FwXW/AGNVipudUDT43NgCiNpsunzkzjpTvVnk=";
|
||||||
|
allowedIPs = [ "10.0.1.5/32" ];
|
||||||
|
endpoint = "data.gssws.de:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# giggles
|
||||||
|
publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg=";
|
||||||
|
allowedIPs = [ "10.0.1.11/32" ];
|
||||||
|
endpoint = "giggles.local:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# cox
|
||||||
|
publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k=";
|
||||||
|
allowedIPs = [ "10.0.1.12/32" ];
|
||||||
|
endpoint = "cox.local:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# ringo
|
||||||
|
publicKey = "n4fGufXDjHitgS2HqVjKRdSNw+co1rYEV1Sw+sCCVzw=";
|
||||||
|
allowedIPs = [ "10.0.1.21/32" ];
|
||||||
|
endpoint = "ringo.local:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
64
hosts/cox/configuration.nix
Normal file
64
hosts/cox/configuration.nix
Normal file
|
@ -0,0 +1,64 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./home-controller.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.loader.timeout = 0;
|
||||||
|
|
||||||
|
boot.loader.generic-extlinux-compatible.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
boot.loader.grub = {
|
||||||
|
enable = true;
|
||||||
|
efiSupport = true;
|
||||||
|
efiInstallAsRemovable = true;
|
||||||
|
device = "nodev";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
|
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||||
|
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||||
|
# replicates the default behaviour.
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.interfaces.eth0.useDHCP = true;
|
||||||
|
networking.interfaces.wlan0.useDHCP = false;
|
||||||
|
networking.networkmanager.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
nix = {
|
||||||
|
#package = pkgs.nixFlakes;
|
||||||
|
extraOptions = lib.optionalString (config.nix.package == pkgs.nixFlakes) "experimental-features = nix-command flakes";
|
||||||
|
};
|
||||||
|
|
||||||
|
# List packages installed in system profile. To search, run:
|
||||||
|
# $ nix search wget
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
vim
|
||||||
|
wget
|
||||||
|
];
|
||||||
|
|
||||||
|
# Open ports in the firewall.
|
||||||
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||||
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||||
|
# Or disable the firewall altogether.
|
||||||
|
# networking.firewall.enable = false;
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "22.11"; # Did you read the comment?
|
||||||
|
}
|
||||||
|
|
16
hosts/cox/cox.nix
Normal file
16
hosts/cox/cox.nix
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
config = {
|
||||||
|
boot.plymouth.enable = lib.mkForce false;
|
||||||
|
pub-solar.nextcloud.enable = lib.mkForce false;
|
||||||
|
};
|
||||||
|
}
|
6
hosts/cox/default.nix
Normal file
6
hosts/cox/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{ suites, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./cox.nix
|
||||||
|
] ++ suites.cox;
|
||||||
|
}
|
61
hosts/cox/hardware-configuration.nix
Normal file
61
hosts/cox/hardware-configuration.nix
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "uas" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
boot.initrd.supportedFilesystems = [ "zfs" ];
|
||||||
|
boot.supportedFilesystems = [ "zfs" ];
|
||||||
|
|
||||||
|
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_5_18;
|
||||||
|
|
||||||
|
boot.initrd.luks.devices = {
|
||||||
|
cryptroot = {
|
||||||
|
device = "/dev/disk/by-uuid/bf333b74-875f-4187-922e-4b433fb53aa2";
|
||||||
|
keyFile = "/dev/disk/by-id/usb-SanDisk_Cruzer_Blade_03024516121421043657-0:0-part1";
|
||||||
|
bypassWorkqueues = true;
|
||||||
|
fallbackToPassword = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{
|
||||||
|
device = "zroot/root";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/6CB3-6DB8";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/var/lib/rancher/k3s/storage" =
|
||||||
|
{
|
||||||
|
device = "zroot/kubernetes-localstorage";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices =
|
||||||
|
[{ device = "/dev/disk/by-uuid/7ef4a3f8-f4a6-42f5-a57d-21f502ed3dba"; }];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.interfaces.eth0.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
|
||||||
|
networking.hostId = "71f2d82a";
|
||||||
|
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||||
|
}
|
55
hosts/cox/home-controller.nix
Normal file
55
hosts/cox/home-controller.nix
Normal file
|
@ -0,0 +1,55 @@
|
||||||
|
{ self, config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
config = {
|
||||||
|
age.secrets.home_controller_k3s_token.file = "${self}/secrets/home_controller_k3s_server_token.age";
|
||||||
|
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_cox_wireguard_key.age";
|
||||||
|
|
||||||
|
pub-solar.home-controller = {
|
||||||
|
enable = true;
|
||||||
|
role = "server";
|
||||||
|
ownIp = "10.0.1.12";
|
||||||
|
|
||||||
|
k3s = {
|
||||||
|
serverAddr = "https://api.kube:6443";
|
||||||
|
tokenFile = "/run/agenix/home_controller_k3s_token";
|
||||||
|
enableLocalStorage = true;
|
||||||
|
enableZfs = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
wireguard = {
|
||||||
|
privateKeyFile = "/run/agenix/home_controller_wireguard";
|
||||||
|
peers = [
|
||||||
|
{
|
||||||
|
# cube
|
||||||
|
publicKey = "UVzVK5FwXW/AGNVipudUDT43NgCiNpsunzkzjpTvVnk=";
|
||||||
|
allowedIPs = [ "10.0.1.5/32" ];
|
||||||
|
endpoint = "data.gssws.de:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# giggles
|
||||||
|
publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg=";
|
||||||
|
allowedIPs = [ "10.0.1.11/32" ];
|
||||||
|
endpoint = "giggles.local:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# companion
|
||||||
|
publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0=";
|
||||||
|
allowedIPs = [ "10.0.1.13/32" ];
|
||||||
|
endpoint = "companion.local:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# ringo
|
||||||
|
publicKey = "n4fGufXDjHitgS2HqVjKRdSNw+co1rYEV1Sw+sCCVzw=";
|
||||||
|
allowedIPs = [ "10.0.1.21/32" ];
|
||||||
|
endpoint = "ringo.local:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
8
hosts/cube/acme.nix
Normal file
8
hosts/cube/acme.nix
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
{ pkgs, config, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
defaults.email = "hensoko@gssws.de";
|
||||||
|
};
|
||||||
|
}
|
42
hosts/cube/configuration.nix
Normal file
42
hosts/cube/configuration.nix
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
# Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./acme.nix
|
||||||
|
./home-assistant.nix
|
||||||
|
./nextcloud.nix
|
||||||
|
./wireguard.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# Use the GRUB 2 boot loader.
|
||||||
|
boot.loader.grub.enable = true;
|
||||||
|
boot.loader.grub.version = 2;
|
||||||
|
boot.loader.grub.device = "/dev/disk/by-id/usb-HP_iLO_Internal_SD-CARD_000002660A01-0:0";
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
useDHCP = false;
|
||||||
|
|
||||||
|
interfaces.eno1.ipv4.addresses = [{
|
||||||
|
address = "80.244.242.2";
|
||||||
|
prefixLength = 29;
|
||||||
|
}];
|
||||||
|
|
||||||
|
defaultGateway = "80.244.242.1";
|
||||||
|
nameservers = [ "95.129.51.51" "80.244.244.244" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.openssh.ports = [ 2222 ];
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 2222 ];
|
||||||
|
networking.firewall.allowedUDPPorts = [ 51899 ];
|
||||||
|
networking.firewall.enable = lib.mkForce true;
|
||||||
|
|
||||||
|
system.stateVersion = "21.05"; # Did you read the comment?
|
||||||
|
}
|
13
hosts/cube/cube.nix
Normal file
13
hosts/cube/cube.nix
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
with pkgs;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
pub-solar.core.disk-encryption-active = false;
|
||||||
|
}
|
6
hosts/cube/default.nix
Normal file
6
hosts/cube/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{ suites, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./cube.nix
|
||||||
|
] ++ suites.cube;
|
||||||
|
}
|
37
hosts/cube/hardware-configuration.nix
Normal file
37
hosts/cube/hardware-configuration.nix
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "uhci_hcd" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/715ef65c-6cb3-4455-99ed-fe7408935d00";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/e76a2e82-bf17-4287-967c-bd0f16d16875";
|
||||||
|
fsType = "ext2";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/mnt/internal" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/3563f624-f8ed-4664-95d0-ca8b9db1c60a";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices =
|
||||||
|
[{ device = "/dev/disk/by-uuid/4b0b445b-ae72-439a-8aeb-cbd6a3ed73b9"; }];
|
||||||
|
}
|
19
hosts/cube/home-assistant.nix
Normal file
19
hosts/cube/home-assistant.nix
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
{ self, pkgs, config, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
# HTTP
|
||||||
|
services.nginx = {
|
||||||
|
virtualHosts."ha.gssws.de" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://10.0.1.254:8123";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
extraConfig =
|
||||||
|
"proxy_ssl_server_name on;" +
|
||||||
|
"proxy_pass_header Authorization;"
|
||||||
|
;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
72
hosts/cube/nextcloud.nix
Normal file
72
hosts/cube/nextcloud.nix
Normal file
|
@ -0,0 +1,72 @@
|
||||||
|
{ self, pkgs, config, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
age.secrets.nextcloud_db_pass = {
|
||||||
|
owner = "nextcloud";
|
||||||
|
group = "nextcloud";
|
||||||
|
file = "${self}/secrets/cube_nextcloud_db_pass.age";
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets.nextcloud_admin_pass = {
|
||||||
|
owner = "nextcloud";
|
||||||
|
group = "nextcloud";
|
||||||
|
file = "${self}/secrets/cube_nextcloud_admin_pass.age";
|
||||||
|
};
|
||||||
|
|
||||||
|
# HTTP
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
|
||||||
|
virtualHosts."data.gssws.de" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# DATABASES
|
||||||
|
services.postgresql = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.postgresql_11;
|
||||||
|
|
||||||
|
ensureDatabases = [ "nextcloud" ];
|
||||||
|
ensureUsers = [
|
||||||
|
{
|
||||||
|
name = "nextcloud";
|
||||||
|
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
systemd.services."nextcloud-setup" = {
|
||||||
|
requires = [ "postgresql.service" ];
|
||||||
|
after = [ "postgresql.service" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
# NEXTCLOUD
|
||||||
|
services.nextcloud = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.nextcloud24;
|
||||||
|
hostName = "data.gssws.de";
|
||||||
|
https = true;
|
||||||
|
datadir = "/mnt/internal/nextcloud";
|
||||||
|
autoUpdateApps.enable = true;
|
||||||
|
autoUpdateApps.startAt = "05:00:00";
|
||||||
|
|
||||||
|
config = {
|
||||||
|
# Further forces Nextcloud to use HTTPS
|
||||||
|
overwriteProtocol = "https";
|
||||||
|
|
||||||
|
dbtype = "pgsql";
|
||||||
|
dbuser = "nextcloud";
|
||||||
|
dbhost = "/run/postgresql";
|
||||||
|
dbname = "nextcloud";
|
||||||
|
dbpassFile = "/run/agenix/nextcloud_db_pass";
|
||||||
|
adminpassFile = "/run/agenix/nextcloud_admin_pass";
|
||||||
|
adminuser = "admin";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
63
hosts/cube/wireguard.nix
Normal file
63
hosts/cube/wireguard.nix
Normal file
|
@ -0,0 +1,63 @@
|
||||||
|
{ self, config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_cube_wireguard_key.age";
|
||||||
|
|
||||||
|
|
||||||
|
systemd.services.wireguard-wg0.serviceConfig.Restart = "on-failure";
|
||||||
|
systemd.services.wireguard-wg0.serviceConfig.RestartSec = "5s";
|
||||||
|
|
||||||
|
# Enable WireGuard
|
||||||
|
networking.wireguard.interfaces = {
|
||||||
|
wg1 = {
|
||||||
|
# Determines the IP address and subnet of the client's end of the tunnel interface.
|
||||||
|
ips = [ "10.0.1.5" ];
|
||||||
|
listenPort = 51899; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
|
||||||
|
|
||||||
|
# Path to the private key file.
|
||||||
|
#
|
||||||
|
# Note: The private key can also be included inline via the privateKey option,
|
||||||
|
# but this makes the private key world-readable; thus, using privateKeyFile is
|
||||||
|
# recommended.
|
||||||
|
privateKeyFile = "/run/agenix/home_controller_wireguard";
|
||||||
|
|
||||||
|
peers = [
|
||||||
|
# For a client configuration, one peer entry for the server will suffice.
|
||||||
|
|
||||||
|
{
|
||||||
|
# giggles
|
||||||
|
publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg=";
|
||||||
|
allowedIPs = [ "10.0.1.11/32" ];
|
||||||
|
|
||||||
|
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# cox
|
||||||
|
publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k=";
|
||||||
|
allowedIPs = [ "10.0.1.12/32" ];
|
||||||
|
|
||||||
|
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# companion
|
||||||
|
publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0=";
|
||||||
|
allowedIPs = [ "10.0.1.13/32" ];
|
||||||
|
|
||||||
|
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
# hsha
|
||||||
|
publicKey = "sC0wWHE/tvNaVYX3QQTHQUmSTTjZMOjkQ5x/qy6qjTc=";
|
||||||
|
allowedIPs = [ "10.0.1.254/32" ];
|
||||||
|
|
||||||
|
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
65
hosts/giggles/configuration.nix
Normal file
65
hosts/giggles/configuration.nix
Normal file
|
@ -0,0 +1,65 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
# Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./home-controller.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.loader.timeout = 0;
|
||||||
|
|
||||||
|
boot.loader.generic-extlinux-compatible.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
boot.loader.grub = {
|
||||||
|
enable = true;
|
||||||
|
efiSupport = true;
|
||||||
|
efiInstallAsRemovable = true;
|
||||||
|
device = "nodev";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
|
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||||
|
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||||
|
# replicates the default behaviour.
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.interfaces.eth0.useDHCP = true;
|
||||||
|
networking.interfaces.wlan0.useDHCP = false;
|
||||||
|
networking.networkmanager.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
nix = {
|
||||||
|
#package = pkgs.nixFlakes;
|
||||||
|
extraOptions = lib.optionalString (config.nix.package == pkgs.nixFlakes) "experimental-features = nix-command flakes";
|
||||||
|
};
|
||||||
|
|
||||||
|
# List packages installed in system profile. To search, run:
|
||||||
|
# $ nix search wget
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
vim
|
||||||
|
wget
|
||||||
|
];
|
||||||
|
|
||||||
|
# Open ports in the firewall.
|
||||||
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||||
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||||
|
# Or disable the firewall altogether.
|
||||||
|
# networking.firewall.enable = false;
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "22.11"; # Did you read the comment?
|
||||||
|
}
|
||||||
|
|
6
hosts/giggles/default.nix
Normal file
6
hosts/giggles/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{ suites, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./giggles.nix
|
||||||
|
] ++ suites.giggles;
|
||||||
|
}
|
16
hosts/giggles/giggles.nix
Normal file
16
hosts/giggles/giggles.nix
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
config = {
|
||||||
|
boot.plymouth.enable = lib.mkForce false;
|
||||||
|
pub-solar.nextcloud.enable = lib.mkForce false;
|
||||||
|
};
|
||||||
|
}
|
61
hosts/giggles/hardware-configuration.nix
Normal file
61
hosts/giggles/hardware-configuration.nix
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "uas" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
boot.initrd.supportedFilesystems = [ "zfs" ];
|
||||||
|
boot.supportedFilesystems = [ "zfs" ];
|
||||||
|
|
||||||
|
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_5_18;
|
||||||
|
|
||||||
|
boot.initrd.luks.devices = {
|
||||||
|
cryptroot = {
|
||||||
|
device = "/dev/disk/by-uuid/ef5804e2-2b07-4434-8144-6ae7d9f615e2";
|
||||||
|
keyFile = "/dev/disk/by-id/usb-SanDisk_Cruzer_Blade_04020116120721075123-0:0-part1";
|
||||||
|
bypassWorkqueues = true;
|
||||||
|
fallbackToPassword = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{
|
||||||
|
device = "zroot/root";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/2F05-9B4A";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/var/lib/rancher/k3s/storage" =
|
||||||
|
{
|
||||||
|
device = "zroot/kubernetes-localstorage";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices =
|
||||||
|
[{ device = "/dev/disk/by-uuid/ddad2310-57b5-4851-a7bd-280d7182bcec"; }];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.interfaces.eth0.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
|
||||||
|
networking.hostId = "71f2d82a";
|
||||||
|
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||||
|
}
|
53
hosts/giggles/home-controller.nix
Normal file
53
hosts/giggles/home-controller.nix
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
{ self, config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
config = {
|
||||||
|
age.secrets.home_controller_k3s_token.file = "${self}/secrets/home_controller_k3s_server_token.age";
|
||||||
|
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_giggles_wireguard_key.age";
|
||||||
|
|
||||||
|
pub-solar.home-controller = {
|
||||||
|
enable = true;
|
||||||
|
role = "server";
|
||||||
|
ownIp = "10.0.1.11";
|
||||||
|
|
||||||
|
k3s = {
|
||||||
|
enableLocalStorage = true;
|
||||||
|
enableZfs = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
wireguard = {
|
||||||
|
privateKeyFile = "/run/agenix/home_controller_wireguard";
|
||||||
|
peers = [
|
||||||
|
{
|
||||||
|
# cube
|
||||||
|
publicKey = "UVzVK5FwXW/AGNVipudUDT43NgCiNpsunzkzjpTvVnk=";
|
||||||
|
allowedIPs = [ "10.0.1.5/32" ];
|
||||||
|
endpoint = "data.gssws.de:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# cox
|
||||||
|
publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k=";
|
||||||
|
allowedIPs = [ "10.0.1.12/32" ];
|
||||||
|
endpoint = "cox.local:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# companion
|
||||||
|
publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0=";
|
||||||
|
allowedIPs = [ "10.0.1.13/32" ];
|
||||||
|
endpoint = "companion.local:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# ringo
|
||||||
|
publicKey = "n4fGufXDjHitgS2HqVjKRdSNw+co1rYEV1Sw+sCCVzw=";
|
||||||
|
allowedIPs = [ "10.0.1.21/32" ];
|
||||||
|
endpoint = "ringo.local:51899";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
19
hosts/harrison/.config/sway/config.d/screens.conf
Normal file
19
hosts/harrison/.config/sway/config.d/screens.conf
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
set $left 'Eizo Nanao Corporation EV2316W 92008103'
|
||||||
|
set $middle 'Samsung Electric Company SMBX2450L 0x00003231'
|
||||||
|
set $right 'Eizo Nanao Corporation EV2316W 39117013'
|
||||||
|
|
||||||
|
output $left {
|
||||||
|
scale 1
|
||||||
|
pos 0 0
|
||||||
|
transform 270
|
||||||
|
}
|
||||||
|
|
||||||
|
output $middle {
|
||||||
|
scale 1
|
||||||
|
pos 1080 600
|
||||||
|
}
|
||||||
|
|
||||||
|
output $right {
|
||||||
|
scale 1
|
||||||
|
pos 3000 600
|
||||||
|
}
|
48
hosts/harrison/configuration.nix
Normal file
48
hosts/harrison/configuration.nix
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
# Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
|
time.hardwareClockInLocalTime = true; # easiest quirk for windows time offset feature
|
||||||
|
|
||||||
|
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||||
|
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||||
|
# replicates the default behaviour.
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.interfaces.eno1 = {
|
||||||
|
useDHCP = true;
|
||||||
|
wakeOnLan = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
networking.networkmanager.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnsupportedSystem = true;
|
||||||
|
|
||||||
|
# List services that you want to enable:
|
||||||
|
|
||||||
|
# Open ports in the firewall.
|
||||||
|
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||||
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||||
|
# Or disable the firewall altogether.
|
||||||
|
# networking.firewall.enable = false;
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "21.05"; # Did you read the comment?
|
||||||
|
}
|
||||||
|
|
6
hosts/harrison/default.nix
Normal file
6
hosts/harrison/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{ suites, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./harrison.nix
|
||||||
|
] ++ suites.harrison;
|
||||||
|
}
|
76
hosts/harrison/hardware-configuration.nix
Normal file
76
hosts/harrison/hardware-configuration.nix
Normal file
|
@ -0,0 +1,76 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "usb_storage" "usbhid" "sd_mod" "raid1" ];
|
||||||
|
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
boot.initrd.luks.devices."cryptoroot" = {
|
||||||
|
device = "/dev/disk/by-uuid/e3a0394d-8bb5-4049-bf65-90d7202163cd";
|
||||||
|
keyFile = "/dev/disk/by-id/usb-SanDisk_Cruzer_Blade_04011806021722115743-0:0-part1";
|
||||||
|
fallbackToPassword = true;
|
||||||
|
bypassWorkqueues = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||||
|
boot.loader.efi = {
|
||||||
|
canTouchEfiVariables = true;
|
||||||
|
efiSysMountPoint = "/boot";
|
||||||
|
};
|
||||||
|
boot.loader.grub = {
|
||||||
|
efiSupport = true;
|
||||||
|
enable = true;
|
||||||
|
extraEntries = ''
|
||||||
|
menuentry "Windows" {
|
||||||
|
insmod part_gpt
|
||||||
|
insmod fat
|
||||||
|
insmod search_fs_uuid
|
||||||
|
insmod chain
|
||||||
|
search --fs-uuid --set=root 02DB-F12C
|
||||||
|
chainloader /efi/Microsoft/Boot/bootmgfw.efi
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
devices = [ "nodev" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
fileSystems = {
|
||||||
|
"/" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/4ad4db6d-543e-4cc5-a781-396e3b527a05";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
"/boot" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/4B4A-B1B4";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
"/boot2" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/4B2C-385A";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
"/home" =
|
||||||
|
{
|
||||||
|
device = "/dev/mapper/vg0-home";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices =
|
||||||
|
[{ device = "/dev/mapper/vg0-swap"; }];
|
||||||
|
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
21
hosts/harrison/harrison.nix
Normal file
21
hosts/harrison/harrison.nix
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
with pkgs;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
config = {
|
||||||
|
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||||
|
|
||||||
|
home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
|
||||||
|
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.teamviewer.enable = true;
|
||||||
|
};
|
||||||
|
}
|
16
hosts/norman/.config/sway/config.d/custom-keybindings.conf
Normal file
16
hosts/norman/.config/sway/config.d/custom-keybindings.conf
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
# Screen brightness controls
|
||||||
|
bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
|
||||||
|
bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')"
|
||||||
|
|
||||||
|
# Keyboard backlight brightness controls
|
||||||
|
bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
|
||||||
|
bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
|
||||||
|
|
||||||
|
# Pulse Audio controls
|
||||||
|
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
|
||||||
|
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
|
||||||
|
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
|
||||||
|
# Media player controls
|
||||||
|
bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
|
||||||
|
bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
|
||||||
|
bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"
|
13
hosts/norman/.config/sway/config.d/screens.conf
Normal file
13
hosts/norman/.config/sway/config.d/screens.conf
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
set $left 'Eizo Nanao Corporation EV2316W 92008103'
|
||||||
|
set $middle 'Samsung Electric Company SMBX2450L 0x00003231'
|
||||||
|
|
||||||
|
output $left {
|
||||||
|
scale 1
|
||||||
|
pos 0 0
|
||||||
|
transform 270
|
||||||
|
}
|
||||||
|
|
||||||
|
output $middle {
|
||||||
|
scale 1
|
||||||
|
pos 1080 600
|
||||||
|
}
|
67
hosts/norman/configuration.nix
Normal file
67
hosts/norman/configuration.nix
Normal file
|
@ -0,0 +1,67 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
# Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./wireguard.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
|
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||||
|
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||||
|
# replicates the default behaviour.
|
||||||
|
networking.firewall = {
|
||||||
|
allowedUDPPorts = [
|
||||||
|
51820
|
||||||
|
51821
|
||||||
|
]; # Clients and peers can use the same port, see listenport
|
||||||
|
};
|
||||||
|
|
||||||
|
hardware.nitrokey.enable = true;
|
||||||
|
|
||||||
|
programs.gnupg.agent = {
|
||||||
|
enable = true;
|
||||||
|
enableSSHSupport = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Disable bluetooth
|
||||||
|
hardware.bluetooth.enable = false;
|
||||||
|
services.blueman.enable = false;
|
||||||
|
|
||||||
|
services.tlp = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
|
||||||
|
CPU_SCALING_GOVERNOR_ON_AC = "performance";
|
||||||
|
|
||||||
|
# The following prevents the battery from charging fully to
|
||||||
|
# preserve lifetime. Run `tlp fullcharge` to temporarily force
|
||||||
|
# full charge.
|
||||||
|
# https://linrunner.de/tlp/faq/battery.html#how-to-choose-good-battery-charge-thresholds
|
||||||
|
START_CHARGE_THRESH_BAT0 = 40;
|
||||||
|
STOP_CHARGE_THRESH_BAT0 = 80;
|
||||||
|
|
||||||
|
# 100 being the maximum, limit the speed of my CPU to reduce
|
||||||
|
# heat and increase battery usage:
|
||||||
|
CPU_MAX_PERF_ON_AC = 100;
|
||||||
|
CPU_MAX_PERF_ON_BAT = 30;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "21.11"; # Did you read the comment?
|
||||||
|
}
|
||||||
|
|
6
hosts/norman/default.nix
Normal file
6
hosts/norman/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{ suites, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./norman.nix
|
||||||
|
] ++ suites.norman;
|
||||||
|
}
|
46
hosts/norman/hardware-configuration.nix
Normal file
46
hosts/norman/hardware-configuration.nix
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ ];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "uas" "sdhci_pci" ];
|
||||||
|
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
boot.loader.grub.trustedBoot = {
|
||||||
|
enable = true;
|
||||||
|
systemHasTPM = "YES_TPM_is_activated";
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.initrd.luks.devices."cryptroot" = {
|
||||||
|
device = "/dev/disk/by-uuid/cdc29f0f-5b18-4ee7-8d38-1f4bac80b1e6";
|
||||||
|
bypassWorkqueues = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/5b441f8f-d7eb-44f8-8df2-7354b3314a61";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/84CD-91B6";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices =
|
||||||
|
[{ device = "/dev/disk/by-uuid/54162798-9017-4b59-afd7-ab9578da4bb9"; }];
|
||||||
|
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
|
||||||
|
hardware.trackpoint = {
|
||||||
|
enable = true;
|
||||||
|
device = "TPPS/2 ALPS TrackPoint";
|
||||||
|
emulateWheel = true;
|
||||||
|
};
|
||||||
|
}
|
20
hosts/norman/norman.nix
Normal file
20
hosts/norman/norman.nix
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
config = {
|
||||||
|
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||||
|
|
||||||
|
home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
|
||||||
|
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
|
||||||
|
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
93
hosts/norman/wireguard.nix
Normal file
93
hosts/norman/wireguard.nix
Normal file
|
@ -0,0 +1,93 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
systemd.services.wireguard-wg0.serviceConfig.Restart = "on-failure";
|
||||||
|
systemd.services.wireguard-wg0.serviceConfig.RestartSec = "5s";
|
||||||
|
systemd.services.wireguard-wg1.serviceConfig.Restart = "on-failure";
|
||||||
|
systemd.services.wireguard-wg1.serviceConfig.RestartSec = "5s";
|
||||||
|
|
||||||
|
# Enable WireGuard
|
||||||
|
networking.wireguard.interfaces = {
|
||||||
|
# "wg0" is the network interface name. You can name the interface arbitrarily.
|
||||||
|
wg0 = {
|
||||||
|
# Determines the IP address and subnet of the client's end of the tunnel interface.
|
||||||
|
ips = [
|
||||||
|
"10.0.0.13/32"
|
||||||
|
"fc00:200::13/128"
|
||||||
|
];
|
||||||
|
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
|
||||||
|
|
||||||
|
# Path to the private key file.
|
||||||
|
#
|
||||||
|
# Note: The private key can also be included inline via the privateKey option,
|
||||||
|
# but this makes the private key world-readable; thus, using privateKeyFile is
|
||||||
|
# recommended.
|
||||||
|
privateKeyFile = "/home/hensoko/.config/wireguard/hosting-de.private";
|
||||||
|
|
||||||
|
peers = [
|
||||||
|
# For a client configuration, one peer entry for the server will suffice.
|
||||||
|
|
||||||
|
{
|
||||||
|
# Public key of the server (not a file path).
|
||||||
|
publicKey = "02/MRPduMGx1as7yS4G7GpL4+pQjsjpyS/tD9iPu8X0=";
|
||||||
|
|
||||||
|
# Forward all the traffic via VPN.
|
||||||
|
allowedIPs = [
|
||||||
|
"10.0.0.0/24"
|
||||||
|
"192.168.50.0/24"
|
||||||
|
"192.168.200.0/24"
|
||||||
|
"10.20.30.0/24"
|
||||||
|
"fc00:200::/120"
|
||||||
|
"95.129.51.5"
|
||||||
|
"95.129.54.43"
|
||||||
|
"134.0.28.89"
|
||||||
|
"134.0.27.108"
|
||||||
|
"134.0.25.181"
|
||||||
|
];
|
||||||
|
|
||||||
|
# Set this to the server IP and port.
|
||||||
|
endpoint = "134.0.30.154:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
|
||||||
|
|
||||||
|
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
wg1 = {
|
||||||
|
# Determines the IP address and subnet of the client's end of the tunnel interface.
|
||||||
|
ips = [
|
||||||
|
"10.7.0.21"
|
||||||
|
];
|
||||||
|
listenPort = 51821; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
|
||||||
|
|
||||||
|
# Path to the private key file.
|
||||||
|
#
|
||||||
|
# Note: The private key can also be included inline via the privateKey option,
|
||||||
|
# but this makes the private key world-readable; thus, using privateKeyFile is
|
||||||
|
# recommended.
|
||||||
|
privateKeyFile = "/home/hensoko/.config/wireguard/data-gssws-de.private";
|
||||||
|
|
||||||
|
peers = [
|
||||||
|
# For a client configuration, one peer entry for the server will suffice.
|
||||||
|
|
||||||
|
{
|
||||||
|
# Public key of the server (not a file path).
|
||||||
|
publicKey = "RwMocdha7fyx+MGTtQpZhZQGJY4WU79YgpspYBclK3c=";
|
||||||
|
|
||||||
|
# Forward all the traffic via VPN.
|
||||||
|
allowedIPs = [
|
||||||
|
"10.7.0.0/24"
|
||||||
|
];
|
||||||
|
|
||||||
|
# Set this to the server IP and port.
|
||||||
|
endpoint = "80.244.242.2:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
|
||||||
|
|
||||||
|
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
110
hosts/redpanda/configuration.nix
Normal file
110
hosts/redpanda/configuration.nix
Normal file
|
@ -0,0 +1,110 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
# Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
# Use the GRUB 2 boot loader.
|
||||||
|
boot.loader.grub.enable = true;
|
||||||
|
boot.loader.grub.version = 2;
|
||||||
|
# boot.loader.grub.efiSupport = true;
|
||||||
|
# boot.loader.grub.efiInstallAsRemovable = true;
|
||||||
|
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
||||||
|
# Define on which hard drive you want to install Grub.
|
||||||
|
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
|
||||||
|
|
||||||
|
# networking.hostName = "nixos"; # Define your hostname.
|
||||||
|
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
# time.timeZone = "Europe/Amsterdam";
|
||||||
|
|
||||||
|
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||||
|
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||||
|
# replicates the default behaviour.
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.interfaces.enp0s3.useDHCP = true;
|
||||||
|
|
||||||
|
# Configure network proxy if necessary
|
||||||
|
# networking.proxy.default = "http://user:password@proxy:port/";
|
||||||
|
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
||||||
|
|
||||||
|
nix = {
|
||||||
|
#package = pkgs.nixFlakes;
|
||||||
|
extraOptions = lib.optionalString (config.nix.package == pkgs.nixFlakes) "experimental-features = nix-command flakes";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Select internationalisation properties.
|
||||||
|
# i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
# console = {
|
||||||
|
# font = "Lat2-Terminus16";
|
||||||
|
# keyMap = "us";
|
||||||
|
# };
|
||||||
|
|
||||||
|
# Enable the X11 windowing system.
|
||||||
|
# services.xserver.enable = true;
|
||||||
|
|
||||||
|
# Configure keymap in X11
|
||||||
|
# services.xserver.layout = "us";
|
||||||
|
# services.xserver.xkbOptions = "eurosign:e";
|
||||||
|
|
||||||
|
# Enable CUPS to print documents.
|
||||||
|
# services.printing.enable = true;
|
||||||
|
|
||||||
|
# Enable sound.
|
||||||
|
# sound.enable = true;
|
||||||
|
# hardware.pulseaudio.enable = true;
|
||||||
|
|
||||||
|
# Enable touchpad support (enabled default in most desktopManager).
|
||||||
|
# services.xserver.libinput.enable = true;
|
||||||
|
|
||||||
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||||
|
# users.users.jane = {
|
||||||
|
# isNormalUser = true;
|
||||||
|
# extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
||||||
|
# };
|
||||||
|
|
||||||
|
# List packages installed in system profile. To search, run:
|
||||||
|
# $ nix search wget
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
vim
|
||||||
|
wget
|
||||||
|
firefox
|
||||||
|
];
|
||||||
|
|
||||||
|
# Some programs need SUID wrappers, can be configured further or are
|
||||||
|
# started in user sessions.
|
||||||
|
# programs.mtr.enable = true;
|
||||||
|
# programs.gnupg.agent = {
|
||||||
|
# enable = true;
|
||||||
|
# enableSSHSupport = true;
|
||||||
|
# };
|
||||||
|
|
||||||
|
# List services that you want to enable:
|
||||||
|
|
||||||
|
# Open ports in the firewall.
|
||||||
|
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||||
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||||
|
# Or disable the firewall altogether.
|
||||||
|
# networking.firewall.enable = false;
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "21.05"; # Did you read the comment?
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
6
hosts/redpanda/default.nix
Normal file
6
hosts/redpanda/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{ suites, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./redpanda.nix
|
||||||
|
] ++ suites.redpanda;
|
||||||
|
}
|
21
hosts/redpanda/hardware-configuration.nix
Normal file
21
hosts/redpanda/hardware-configuration.nix
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ ];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ohci_pci" "virtio_pci" "sd_mod" "sr_mod" "virtio_scsi" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-label/nixos";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
#virtualisation.virtualbox.guest.enable = true;
|
||||||
|
}
|
17
hosts/redpanda/redpanda.nix
Normal file
17
hosts/redpanda/redpanda.nix
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
#pub-solar.nextcloud.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
config = {
|
||||||
|
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||||
|
};
|
||||||
|
}
|
35
hosts/ringo/configuration.nix
Normal file
35
hosts/ringo/configuration.nix
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./home-controller.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# Use the systemd-boot EFI boot loader.
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
|
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||||
|
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||||
|
# replicates the default behaviour.
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.interfaces.enp0s25.useDHCP = true;
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "21.11"; # Did you read the comment?
|
||||||
|
}
|
||||||
|
|
6
hosts/ringo/default.nix
Normal file
6
hosts/ringo/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{ suites, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./ringo.nix
|
||||||
|
] ++ suites.ringo;
|
||||||
|
}
|
43
hosts/ringo/hardware-configuration.nix
Normal file
43
hosts/ringo/hardware-configuration.nix
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ ];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
boot.initrd.luks.devices."cryptroot" = {
|
||||||
|
device = "/dev/disk/by-uuid/bd1ebf98-adc1-4868-842f-3d2c6ee04e13";
|
||||||
|
keyFile = "/dev/disk/by-partuuid/9ff6ebf7-01";
|
||||||
|
fallbackToPassword = true;
|
||||||
|
bypassWorkqueues = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/1999ec2e-4564-4f5a-8333-6eb23ae03c8b";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/47ED-2F0B";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/home" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/69c89392-be11-4bd4-8f3b-6b7db20c716e";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices =
|
||||||
|
[{ device = "/dev/disk/by-uuid/4ef0cdbc-38f4-4dcb-8fe8-553bbdb06192"; }];
|
||||||
|
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
43
hosts/ringo/home-controller.nix
Normal file
43
hosts/ringo/home-controller.nix
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
{ self, config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
config = {
|
||||||
|
age.secrets.home_controller_k3s_token.file = "${self}/secrets/home_controller_k3s_server_token.age";
|
||||||
|
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_ringo_wireguard_key.age";
|
||||||
|
|
||||||
|
pub-solar.home-controller = {
|
||||||
|
enable = true;
|
||||||
|
role = "agent";
|
||||||
|
ownIp = "10.0.1.21";
|
||||||
|
|
||||||
|
k3s = {
|
||||||
|
serverAddr = "https://api.kube:6443";
|
||||||
|
tokenFile = "/run/agenix/home_controller_k3s_token";
|
||||||
|
};
|
||||||
|
|
||||||
|
wireguard = {
|
||||||
|
privateKeyFile = "/run/agenix/home_controller_wireguard";
|
||||||
|
peers = [
|
||||||
|
{
|
||||||
|
# giggles
|
||||||
|
publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg=";
|
||||||
|
allowedIPs = [ "10.0.1.11/32" ];
|
||||||
|
endpoint = "giggles.local:51899";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# cox
|
||||||
|
publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k=";
|
||||||
|
allowedIPs = [ "10.0.1.12/32" ];
|
||||||
|
endpoint = "cox.local:51899";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# companion
|
||||||
|
publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0=";
|
||||||
|
allowedIPs = [ "10.0.1.13/32" ];
|
||||||
|
endpoint = "companion.local:51899";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
13
hosts/ringo/ringo.nix
Normal file
13
hosts/ringo/ringo.nix
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
pub-solar.nextcloud.enable = lib.mkForce false;
|
||||||
|
}
|
|
@ -1,21 +1,14 @@
|
||||||
let
|
let
|
||||||
lock = builtins.fromJSON (builtins.readFile builtins.path {
|
rev = "e7e5d481a0e15dcd459396e55327749989e04ce0";
|
||||||
path = ../../flake.lock;
|
flake = (import
|
||||||
name = "lockPath";
|
|
||||||
});
|
|
||||||
flake =
|
|
||||||
import
|
|
||||||
(
|
(
|
||||||
fetchTarball {
|
fetchTarball {
|
||||||
url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
|
url = "https://github.com/edolstra/flake-compat/archive/${rev}.tar.gz";
|
||||||
sha256 = lock.nodes.flake-compat.locked.narHash;
|
sha256 = "0zd3x46fswh5n6faq4x2kkpy6p3c6j593xbdlbsl40ppkclwc80x";
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
src = builtins.path {
|
src = ../../.;
|
||||||
path = ../../.;
|
});
|
||||||
name = "projectRoot";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in
|
in
|
||||||
flake
|
flake
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
{...}: let
|
{ ... }:
|
||||||
|
let
|
||||||
inherit (default.inputs.nixos) lib;
|
inherit (default.inputs.nixos) lib;
|
||||||
|
|
||||||
host = configs.${hostname} or configs.PubSolarOS;
|
host = configs.${hostname} or configs.PubSolarOS;
|
||||||
|
@ -6,4 +7,4 @@
|
||||||
default = (import ../.).defaultNix;
|
default = (import ../.).defaultNix;
|
||||||
hostname = lib.fileContents /etc/hostname;
|
hostname = lib.fileContents /etc/hostname;
|
||||||
in
|
in
|
||||||
host
|
host
|
||||||
|
|
|
@ -1,10 +1,2 @@
|
||||||
{lib}:
|
{ lib }:
|
||||||
lib.makeExtensible (self: let
|
lib.makeExtensible (self: { })
|
||||||
callLibs = file: import file {lib = self;};
|
|
||||||
in rec {
|
|
||||||
## Define your own library functions here!
|
|
||||||
#id = x: x;
|
|
||||||
## Or in files, containing functions that take {lib}
|
|
||||||
#foo = callLibs ./foo.nix;
|
|
||||||
## In configs, they can be used under "lib.our"
|
|
||||||
})
|
|
||||||
|
|
|
@ -1,23 +1,19 @@
|
||||||
{
|
{ lib, config, pkgs, ... }:
|
||||||
lib,
|
with lib;
|
||||||
config,
|
let
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
with lib; let
|
|
||||||
psCfg = config.pub-solar;
|
psCfg = config.pub-solar;
|
||||||
cfg = config.pub-solar.devops;
|
cfg = config.pub-solar.devops;
|
||||||
in {
|
in
|
||||||
|
{
|
||||||
options.pub-solar.arduino = {
|
options.pub-solar.arduino = {
|
||||||
enable = mkEnableOption "Life with home automation";
|
enable = mkEnableOption "Life with home automation";
|
||||||
};
|
};
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
users.users = pkgs.lib.setAttrByPath [psCfg.user.name] {
|
users.users = pkgs.lib.setAttrByPath [ psCfg.user.name ] {
|
||||||
extraGroups = ["dialout"];
|
extraGroups = [ "dialout" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
home-manager = with pkgs;
|
home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
|
||||||
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
|
|
||||||
home.packages = [
|
home.packages = [
|
||||||
arduino
|
arduino
|
||||||
arduino-cli
|
arduino-cli
|
||||||
|
|
|
@ -1,14 +1,11 @@
|
||||||
{
|
{ lib, config, pkgs, ... }:
|
||||||
lib,
|
with lib;
|
||||||
config,
|
let
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
with lib; let
|
|
||||||
psCfg = config.pub-solar;
|
psCfg = config.pub-solar;
|
||||||
cfg = config.pub-solar.audio;
|
cfg = config.pub-solar.audio;
|
||||||
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
in {
|
in
|
||||||
|
{
|
||||||
options.pub-solar.audio = {
|
options.pub-solar.audio = {
|
||||||
enable = mkEnableOption "Life in highs and lows";
|
enable = mkEnableOption "Life in highs and lows";
|
||||||
mopidy.enable = mkEnableOption "Life with mopidy";
|
mopidy.enable = mkEnableOption "Life with mopidy";
|
||||||
|
@ -23,14 +20,12 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
users.users = pkgs.lib.setAttrByPath [psCfg.user.name] {
|
users.users = pkgs.lib.setAttrByPath [ psCfg.user.name ] {
|
||||||
extraGroups = ["audio"];
|
extraGroups = [ "audio" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
home-manager = with pkgs;
|
home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
|
||||||
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
|
home.packages = [
|
||||||
home.packages =
|
|
||||||
[
|
|
||||||
# easyeffects, e.g. for microphone noise filtering
|
# easyeffects, e.g. for microphone noise filtering
|
||||||
easyeffects
|
easyeffects
|
||||||
mu
|
mu
|
||||||
|
@ -40,12 +35,7 @@ in {
|
||||||
# Needed for pactl cmd, until pw-cli is more mature (vol up/down hotkeys?)
|
# Needed for pactl cmd, until pw-cli is more mature (vol up/down hotkeys?)
|
||||||
pulseaudio
|
pulseaudio
|
||||||
vimpc
|
vimpc
|
||||||
]
|
] ++ (if cfg.spotify.enable then [ pkgs.spotify-tui ] else [ ]);
|
||||||
++ (
|
|
||||||
if cfg.spotify.enable
|
|
||||||
then [pkgs.spotify-tui]
|
|
||||||
else []
|
|
||||||
);
|
|
||||||
xdg.configFile."vimpc/vimpcrc".source = ./.config/vimpc/vimpcrc;
|
xdg.configFile."vimpc/vimpcrc".source = ./.config/vimpc/vimpcrc;
|
||||||
systemd.user.services.easyeffects = import ./easyeffects.service.nix pkgs;
|
systemd.user.services.easyeffects = import ./easyeffects.service.nix pkgs;
|
||||||
|
|
||||||
|
@ -64,54 +54,40 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# rtkit is optional but recommended
|
# Enable sound using pipewire-pulse
|
||||||
security.rtkit.enable = true;
|
|
||||||
# Enable sound using pipewire-pulse, default config:
|
|
||||||
# https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/master/src/daemon/pipewire.conf.in
|
|
||||||
services.pipewire = {
|
services.pipewire = {
|
||||||
enable = true;
|
enable = true;
|
||||||
alsa.enable = true;
|
alsa.enable = true;
|
||||||
alsa.support32Bit = true;
|
alsa.support32Bit = true;
|
||||||
pulse.enable = true;
|
pulse.enable = true;
|
||||||
|
|
||||||
|
config.pipewire = {
|
||||||
|
context.default.clock = {
|
||||||
|
allowed-rates = [ 44100 48000 88200 96000 ];
|
||||||
|
rate = 44100;
|
||||||
|
quantum = 2048;
|
||||||
|
min-quantum = 1024;
|
||||||
|
max-quantum = 4096;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
config.pipewire-pulse = builtins.fromJSON (builtins.readFile ./pipewire-pulse.conf.json);
|
||||||
};
|
};
|
||||||
|
|
||||||
# Make pulseaudio listen on port 4713 for mopidy, extending the default
|
# Bluetooth configuration using wireplumber
|
||||||
# config: https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/master/src/daemon/pipewire-pulse.conf.in
|
# https://nixos.wiki/wiki/PipeWire#Bluetooth_Configuration
|
||||||
environment.etc = mkIf cfg.mopidy.enable {
|
environment.etc = mkIf cfg.bluetooth.enable {
|
||||||
"pipewire/pipewire-pulse.conf.d/99-custom.conf".text = ''
|
"wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
|
||||||
{
|
bluez_monitor.properties = {
|
||||||
"context.modules": [
|
["bluez5.enable-sbc-xq"] = true,
|
||||||
{
|
["bluez5.enable-msbc"] = true,
|
||||||
"name": "libpipewire-module-protocol-pulse",
|
["bluez5.enable-hw-volume"] = true,
|
||||||
"args": {
|
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
|
||||||
"server.address": ["unix:native", "tcp:4713"],
|
|
||||||
"vm.overrides": {
|
|
||||||
"pulse.min.quantum": "1024/48000"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enable bluetooth
|
# Enable bluetooth
|
||||||
hardware.bluetooth = mkIf cfg.bluetooth.enable {
|
hardware.bluetooth.enable = mkIf cfg.bluetooth.enable true;
|
||||||
enable = true;
|
|
||||||
# Disable bluetooth on startup to save battery
|
|
||||||
powerOnBoot = false;
|
|
||||||
# Disable useless SIM Access Profile plugin
|
|
||||||
disabledPlugins = [
|
|
||||||
"sap"
|
|
||||||
];
|
|
||||||
settings = {
|
|
||||||
General = {
|
|
||||||
# Enables experimental features and interfaces.
|
|
||||||
# Makes BlueZ Battery Provider available
|
|
||||||
Experimental = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
services.blueman.enable = mkIf cfg.bluetooth.enable true;
|
services.blueman.enable = mkIf cfg.bluetooth.enable true;
|
||||||
|
|
||||||
# Enable audio server & client
|
# Enable audio server & client
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
pkgs: {
|
pkgs:
|
||||||
|
{
|
||||||
Service = {
|
Service = {
|
||||||
Type = "dbus";
|
Type = "dbus";
|
||||||
BusName = "com.github.wwmm.easyeffects";
|
BusName = "com.github.wwmm.easyeffects";
|
||||||
|
|
42
modules/audio/pipewire-pulse.conf.json
Normal file
42
modules/audio/pipewire-pulse.conf.json
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
{
|
||||||
|
"context.properties": {},
|
||||||
|
"context.spa-libs": {
|
||||||
|
"audio.convert.*": "audioconvert/libspa-audioconvert",
|
||||||
|
"support.*": "support/libspa-support"
|
||||||
|
},
|
||||||
|
"context.modules": [
|
||||||
|
{
|
||||||
|
"name": "libpipewire-module-rtkit",
|
||||||
|
"args": {},
|
||||||
|
"flags": [
|
||||||
|
"ifexists",
|
||||||
|
"nofail"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "libpipewire-module-protocol-native"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "libpipewire-module-client-node"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "libpipewire-module-adapter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "libpipewire-module-metadata"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "libpipewire-module-protocol-pulse",
|
||||||
|
"args": {
|
||||||
|
"server.address": [
|
||||||
|
"unix:native",
|
||||||
|
"tcp:4713"
|
||||||
|
],
|
||||||
|
"vm.overrides": {
|
||||||
|
"pulse.min.quantum": "1024/48000"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"stream.properties": {}
|
||||||
|
}
|
|
@ -1,45 +0,0 @@
|
||||||
{
|
|
||||||
lib,
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
self,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
with lib; let
|
|
||||||
psCfg = config.pub-solar;
|
|
||||||
cfg = config.pub-solar.ci-runner;
|
|
||||||
in {
|
|
||||||
options.pub-solar.ci-runner = {
|
|
||||||
enable = mkEnableOption "Enables a systemd service that runs drone-ci-runner";
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
systemd.user.services.ci-runner = {
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
description = "CI runner for the PubSolarOS repository that can run test VM instances with KVM.";
|
|
||||||
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "simple";
|
|
||||||
Restart = "always";
|
|
||||||
};
|
|
||||||
|
|
||||||
path = [
|
|
||||||
pkgs.git
|
|
||||||
pkgs.nix
|
|
||||||
pkgs.libvirt
|
|
||||||
];
|
|
||||||
|
|
||||||
wantedBy = ["multi-user.target"];
|
|
||||||
after = ["network.target" "libvirtd.service"];
|
|
||||||
|
|
||||||
script = ''${pkgs.drone-runner-exec}/bin/drone-runner-exec daemon /run/agenix/drone-runner-exec-config'';
|
|
||||||
};
|
|
||||||
|
|
||||||
age.secrets."drone-runner-exec-config" = {
|
|
||||||
file = "${self}/secrets/drone-runner-exec-config";
|
|
||||||
mode = "700";
|
|
||||||
owner = psCfg.user.name;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
6
modules/compat/default.nix
Normal file
6
modules/compat/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{ config, pkgs, lib, ... }: with lib; {
|
||||||
|
# Both things below are for
|
||||||
|
# https://github.com/NixOS/nixpkgs/issues/124215
|
||||||
|
documentation.info.enable = lib.mkForce false;
|
||||||
|
nix.sandboxPaths = [ "/bin/sh=${pkgs.bash}/bin/sh" ];
|
||||||
|
}
|
|
@ -1,12 +1,9 @@
|
||||||
{
|
{ config, pkgs, lib, ... }:
|
||||||
config,
|
with lib;
|
||||||
pkgs,
|
let
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
with lib; let
|
|
||||||
cfg = config.pub-solar.core;
|
cfg = config.pub-solar.core;
|
||||||
in {
|
in
|
||||||
|
{
|
||||||
options.pub-solar.core.iso-options.enable = mkOption {
|
options.pub-solar.core.iso-options.enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
|
@ -22,7 +19,7 @@ in {
|
||||||
config = {
|
config = {
|
||||||
boot = {
|
boot = {
|
||||||
# Enable plymouth for better experience of booting
|
# Enable plymouth for better experience of booting
|
||||||
plymouth.enable = mkIf (!cfg.lite) (lib.mkDefault true);
|
plymouth.enable = true;
|
||||||
|
|
||||||
# Mount / luks device in initrd
|
# Mount / luks device in initrd
|
||||||
# Allow fstrim to work on it.
|
# Allow fstrim to work on it.
|
||||||
|
@ -33,13 +30,13 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
loader.systemd-boot.enable = lib.mkDefault true;
|
loader.systemd-boot.enable = true;
|
||||||
|
|
||||||
# Use latest LTS linux kernel by default
|
# Use latest LTS linux kernel by default
|
||||||
kernelPackages = lib.mkDefault pkgs.linuxPackages_6_1;
|
kernelPackages = pkgs.linuxPackages_5_15;
|
||||||
|
|
||||||
# Support ntfs drives
|
# Support ntfs drives
|
||||||
supportedFilesystems = ["ntfs"];
|
supportedFilesystems = [ "ntfs" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue