forked from pub-solar/os
profiles: add concept of suites
* Import attrs of profiles automatically with `defaultImport`. * Refactor profiles to ensure all are functions returning a module. * Add a suites.nix with collections of profiles. * Add suites as `specialArgs` to modules. * Add suite import to NixOS host.
This commit is contained in:
parent
61c732a8e0
commit
0837303bb5
17
DOC.md
17
DOC.md
|
@ -8,8 +8,8 @@ See [`hosts/default.nix`](hosts/default.nix) for the implementation.
|
||||||
|
|
||||||
## Profiles
|
## Profiles
|
||||||
A profile is any directory under [profiles](profiles) containing a `default.nix`
|
A profile is any directory under [profiles](profiles) containing a `default.nix`
|
||||||
defining a valid NixOS module, with the added restriction that no new
|
defining a function that returns a valid NixOS module, with the added restriction
|
||||||
declarations to the `options` _or_ `config` attributes are allowed
|
that no new declarations to the `options` _or_ `config` attributes are allowed
|
||||||
(use [modules](modules) instead). Their purpose is to provide abstract
|
(use [modules](modules) instead). Their purpose is to provide abstract
|
||||||
expressions suitable for reuse by multiple deployments. They are perhaps _the_
|
expressions suitable for reuse by multiple deployments. They are perhaps _the_
|
||||||
key mechanism by which we keep this repo maintainable.
|
key mechanism by which we keep this repo maintainable.
|
||||||
|
@ -30,9 +30,16 @@ profile should be independent of its parent. i.e:
|
||||||
It is okay for profiles to depend on other profiles so long as they are
|
It is okay for profiles to depend on other profiles so long as they are
|
||||||
explicitly loaded via `imports`.
|
explicitly loaded via `imports`.
|
||||||
|
|
||||||
Optionally, you may choose to export your profiles via the flake output. If
|
## Suites
|
||||||
you include it in the list defined in [profiles/list.nix](profiles/list.nix),
|
|
||||||
it will be available to other flakes via `nixosModules.profiles`.
|
[Suites](./profiles/suites.nix) are simple collections of profiles that can be
|
||||||
|
directly imported from any host like so:
|
||||||
|
```
|
||||||
|
{ suites, ... }:
|
||||||
|
{
|
||||||
|
imports = suites.mySuite;
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
## Users
|
## Users
|
||||||
User declarations belong in the `users` directory.
|
User declarations belong in the `users` directory.
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
|
{ suites, ... }:
|
||||||
{
|
{
|
||||||
### root password is empty by default ###
|
### root password is empty by default ###
|
||||||
imports = [ ../users/nixos ../users/root ];
|
imports = [ ../users/nixos ../users/root ] ++ suites.graphics;
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
|
@ -1,10 +1,6 @@
|
||||||
|
{ suites, ... }:
|
||||||
{
|
{
|
||||||
imports =
|
imports = [ ../users/nixos ../users/root ] ++ suites.all;
|
||||||
let
|
|
||||||
profiles = builtins.filter (n: n != ../profiles/core)
|
|
||||||
(import ../profiles/list.nix);
|
|
||||||
in
|
|
||||||
profiles ++ [ ../users/nixos ../users/root ];
|
|
||||||
|
|
||||||
security.mitigations.acceptRisk = true;
|
security.mitigations.acceptRisk = true;
|
||||||
|
|
||||||
|
|
|
@ -9,9 +9,12 @@
|
||||||
, ...
|
, ...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
inherit (lib.flk) recImport nixosSystemExtended;
|
inherit (lib.flk) recImport nixosSystemExtended defaultImports;
|
||||||
inherit (builtins) attrValues removeAttrs;
|
inherit (builtins) attrValues removeAttrs;
|
||||||
|
|
||||||
|
profiles = defaultImports (toString ../profiles);
|
||||||
|
suites = import ../profiles/suites.nix { inherit lib profiles; };
|
||||||
|
|
||||||
unstableModules = [ ];
|
unstableModules = [ ];
|
||||||
addToDisabledModules = [ ];
|
addToDisabledModules = [ ];
|
||||||
|
|
||||||
|
@ -21,13 +24,14 @@ let
|
||||||
|
|
||||||
specialArgs =
|
specialArgs =
|
||||||
{
|
{
|
||||||
|
inherit suites;
|
||||||
unstableModulesPath = "${master}/nixos/modules";
|
unstableModulesPath = "${master}/nixos/modules";
|
||||||
hardware = nixos-hardware.nixosModules;
|
hardware = nixos-hardware.nixosModules;
|
||||||
};
|
};
|
||||||
|
|
||||||
modules =
|
modules =
|
||||||
let
|
let
|
||||||
core = self.nixosModules.profiles.core;
|
core = profiles.core.default;
|
||||||
|
|
||||||
modOverrides = { config, unstableModulesPath, ... }: {
|
modOverrides = { config, unstableModulesPath, ... }: {
|
||||||
disabledModules = unstableModules ++ addToDisabledModules;
|
disabledModules = unstableModules ++ addToDisabledModules;
|
||||||
|
@ -63,7 +67,7 @@ let
|
||||||
|
|
||||||
# Everything in `./modules/list.nix`.
|
# Everything in `./modules/list.nix`.
|
||||||
flakeModules =
|
flakeModules =
|
||||||
attrValues (removeAttrs self.nixosModules [ "profiles" ]);
|
attrValues self.nixosModules;
|
||||||
|
|
||||||
in
|
in
|
||||||
flakeModules ++ [
|
flakeModules ++ [
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
{ nixos, ... }:
|
{ nixos, ... }:
|
||||||
let
|
let
|
||||||
inherit (builtins) attrNames attrValues isAttrs readDir listToAttrs mapAttrs;
|
inherit (builtins) attrNames attrValues isAttrs readDir listToAttrs mapAttrs
|
||||||
|
pathExists;
|
||||||
|
|
||||||
inherit (nixos.lib) fold filterAttrs hasSuffix mapAttrs' nameValuePair removeSuffix
|
inherit (nixos.lib) fold filterAttrs hasSuffix mapAttrs' nameValuePair removeSuffix
|
||||||
recursiveUpdate genAttrs nixosSystem mkForce;
|
recursiveUpdate genAttrs nixosSystem mkForce;
|
||||||
|
@ -38,12 +39,26 @@ let
|
||||||
in
|
in
|
||||||
map fullPath (attrNames (readDir overlayDir));
|
map fullPath (attrNames (readDir overlayDir));
|
||||||
|
|
||||||
|
defaultImports = dir:
|
||||||
|
let
|
||||||
|
filtered = filterAttrs
|
||||||
|
(n: v: v == "directory" && pathExists "${dir}/${n}/default.nix")
|
||||||
|
(readDir dir);
|
||||||
|
in
|
||||||
|
mapAttrs
|
||||||
|
(n: v: {
|
||||||
|
default = import "${dir}/${n}/default.nix";
|
||||||
|
} // defaultImports "${dir}/${n}")
|
||||||
|
filtered;
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
inherit mapFilterAttrs genAttrs' pkgImport pathsToImportedAttrs;
|
inherit defaultImports mapFilterAttrs genAttrs' pkgImport pathsToImportedAttrs;
|
||||||
|
|
||||||
overlays = pathsToImportedAttrs overlayPaths;
|
overlays = pathsToImportedAttrs overlayPaths;
|
||||||
|
|
||||||
|
profileMap = map (profile: profile.default);
|
||||||
|
|
||||||
recImport = { dir, _import ? base: import "${dir}/${base}.nix" }:
|
recImport = { dir, _import ? base: import "${dir}/${base}.nix" }:
|
||||||
mapFilterAttrs
|
mapFilterAttrs
|
||||||
(_: v: v != null)
|
(_: v: v != null)
|
||||||
|
@ -93,13 +108,8 @@ in
|
||||||
moduleList = import ../modules/list.nix;
|
moduleList = import ../modules/list.nix;
|
||||||
modulesAttrs = pathsToImportedAttrs moduleList;
|
modulesAttrs = pathsToImportedAttrs moduleList;
|
||||||
|
|
||||||
# profiles
|
|
||||||
profilesList = import ../profiles/list.nix;
|
|
||||||
profilesAttrs = { profiles = pathsToImportedAttrs profilesList; };
|
|
||||||
in
|
in
|
||||||
recursiveUpdate
|
recursiveUpdate cachixAttrs modulesAttrs;
|
||||||
(recursiveUpdate cachixAttrs modulesAttrs)
|
|
||||||
profilesAttrs;
|
|
||||||
|
|
||||||
genHomeActivationPackages = hmConfigs:
|
genHomeActivationPackages = hmConfigs:
|
||||||
mapAttrs
|
mapAttrs
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
{
|
{ ... }: {
|
||||||
services.hercules-ci-agent.enable = true;
|
services.hercules-ci-agent.enable = true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let inherit (lib) fileContents;
|
let inherit (lib) fileContents;
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
nix.package = pkgs.nixFlakes;
|
nix.package = pkgs.nixFlakes;
|
||||||
|
|
1
profiles/db/default.nix
Normal file
1
profiles/db/default.nix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
{ ... }: { }
|
|
@ -1,26 +0,0 @@
|
||||||
[
|
|
||||||
./ci-agent
|
|
||||||
./core
|
|
||||||
./db/postgres
|
|
||||||
./develop
|
|
||||||
./develop/kakoune
|
|
||||||
./develop/python
|
|
||||||
./develop/tmux
|
|
||||||
./develop/zsh
|
|
||||||
./graphical
|
|
||||||
./graphical/games
|
|
||||||
./graphical/im
|
|
||||||
./graphical/plex.nix
|
|
||||||
./graphical/qutebrowser
|
|
||||||
./graphical/sway
|
|
||||||
./graphical/xmonad
|
|
||||||
./laptop
|
|
||||||
./misc/disable-mitigations.nix
|
|
||||||
./network
|
|
||||||
./network/adblocking.nix
|
|
||||||
./network/networkmanager
|
|
||||||
./network/stubby.nix
|
|
||||||
./network/torrent.nix
|
|
||||||
./ssh
|
|
||||||
./virt
|
|
||||||
]
|
|
1
profiles/misc/default.nix
Normal file
1
profiles/misc/default.nix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
{ ... }: { }
|
|
@ -1,3 +1,3 @@
|
||||||
{
|
{ ... }: {
|
||||||
imports = [ ./networkmanager ./adblocking.nix ];
|
imports = [ ./networkmanager ./adblocking ];
|
||||||
}
|
}
|
||||||
|
|
28
profiles/suites.nix
Normal file
28
profiles/suites.nix
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
{ lib, profiles }:
|
||||||
|
let
|
||||||
|
inherit (builtins) mapAttrs isFunction;
|
||||||
|
all =
|
||||||
|
let
|
||||||
|
filtered = lib.filterAttrs (n: _: n != "core") profiles;
|
||||||
|
in
|
||||||
|
lib.collect isFunction filtered;
|
||||||
|
in
|
||||||
|
with profiles;
|
||||||
|
mapAttrs (_: v: lib.flk.profileMap v)
|
||||||
|
rec {
|
||||||
|
work = [ develop virt ];
|
||||||
|
|
||||||
|
graphics = work ++ [ graphical ];
|
||||||
|
|
||||||
|
mobile = graphics ++ [ laptop ];
|
||||||
|
|
||||||
|
play = graphics ++ [
|
||||||
|
graphical.games
|
||||||
|
torrent
|
||||||
|
misc.disable-mitigations
|
||||||
|
];
|
||||||
|
|
||||||
|
goPlay = play ++ [ laptop ];
|
||||||
|
} // {
|
||||||
|
inherit all;
|
||||||
|
}
|
|
@ -1,6 +1,4 @@
|
||||||
{
|
{
|
||||||
imports = [ ../../profiles/develop ];
|
|
||||||
|
|
||||||
home-manager.users.nixos = {
|
home-manager.users.nixos = {
|
||||||
imports = [ ../profiles/git ../profiles/direnv ];
|
imports = [ ../profiles/git ../profiles/direnv ];
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue