setup configurations API

NixOS file, configurations/<name>.nix, will be easily installable via `nixos-rebuild --flake ".#<name>"`.
2019-12-04 22:36:36 -07:00 · 2019-12-04 22:36:36 -07:00 · 79181e103f
parent 17713c22d0
commit 79181e103f
15 changed files with 266 additions and 13 deletions
--- a/.git-crypt/.gitattributes
+++ b/.git-crypt/.gitattributes
@ -0,0 +1,4 @@
+# Do not edit this file.  To specify the files to encrypt, create your own
+# .gitattributes file in the directory where your files are.
+* !filter !diff
+*.gpg binary
--- a/.git-crypt/keys/default/0/54718D2B78DCAA9C770296F18985725DB5B0C122.gpg
+++ b/.git-crypt/keys/default/0/54718D2B78DCAA9C770296F18985725DB5B0C122.gpg
@ -0,0 +1,3 @@
+…¨¬j›zq¤¦ÿa3Û«¡B:³bÒ…§
–ù·=uˆ„Ýl-Œê
*‰EÕ¯’DÅ4¤! WUÍ|˜Á$2^lÝ	)í.è–•ƒóa`	¤	'Œi1!žÜ²¢-¦æ6¼q~þ„
+™‹INÒy8)[<5B>"#0 ø<C2A0>\8:†übd Ü^gÇ)gh0ÞãcÏM`ÜMó—!ªŒ®¢SîG~§e"³¢u:$]c ½öBý„Mä"Ç÷êõl²jAÞKµN–2™4Q+^„iX|«›µfÌ<66>üX¨Aäµ.RËXÑ>jºWÏRWûÆià±:Áe'Õ3»XùŠ¾ñ³È‚Ä—ã‡™§Ë‰ÒÀ…WCX0B'yêÒ¹¶d£~("‡"ÍSqÔ´ŒçÊÒA´0_–{HÕ'S"’d…ãŒ¢ñ¡
7PŸA}0UPZ´ð/AcjÒ¯tÏñmëßœ%æÅ[WQÆGFXdåLÄÝàO<C3A0>â\íR<1B>*r«²+2
EEVÈqÞ{ç}"·f¶õ‚Fk<46>5Œ¥ùI/•³kJÉ3Ô²Û¦ú½µ@qžu¯íy%½¨È<C2A8>Ð¤u3Œcž$;€	¤¥×úO·j
+”C
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1 @@
+secrets/* filter=git-crypt diff=git-crypt
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-
+result
--- a/README.md
+++ b/README.md
@ -1,4 +1,4 @@
->Warning: Highly experimental, API __will__ break!
+## ⚠W️arning: Highly experimental, API __will__ break!
 # Introduction

 Welcome to DevOS. This project is under construction as a rewrite of my current
--- a/configurations/default.nix
+++ b/configurations/default.nix
@ -0,0 +1,72 @@
+{ nix, nixpkgs, flake, ... }:
+let
+  inherit (builtins)
+    isAttrs
+    readDir
+    ;
+
+  inherit (nixpkgs.lib)
+    filterAttrs
+    hasSuffix
+    mapAttrs'
+    nameValuePair
+    removeSuffix
+    ;
+
+
+  configs = let
+    configs' = let
+      config = this:
+        nixpkgs.lib.nixosSystem rec {
+          system = "x86_64-linux";
+
+          modules = let
+            coreConfig = ../modules/profiles/core.nix;
+
+            globalConfig = {
+              system.configurationRevision = flake.rev;
+
+              networking.hostName = "${this}";
+
+              nix.package = nix.defaultPackage."${system}";
+            };
+
+            thisConfig = ./. + "/${this}.nix";
+
+          in
+            [
+              coreConfig
+              globalConfig
+              thisConfig
+            ];
+
+        };
+
+      dot = readDir ./.;
+
+    in
+      mapAttrs'
+        (
+          name: value:
+            if
+              name != "default.nix"
+              && hasSuffix ".nix" name
+              && value == "regular"
+
+            then let
+              name' = removeSuffix ".nix" name;
+            in
+              nameValuePair (name') (config name')
+
+            else
+              nameValuePair ("") (null)
+        )
+        dot;
+
+    removeInvalid =
+      filterAttrs (_: value: isAttrs value);
+  in
+    removeInvalid configs';
+
+in
+configs
--- a/configurations/gaze12.nix
+++ b/configurations/gaze12.nix
@ -0,0 +1,18 @@
+{ ... }:
+let
+  inherit (builtins) readFile;
+in
+{
+  imports = [];
+
+
+  boot.loader.systemd-boot = {
+    enable = true;
+    editor = false;
+  };
+
+
+  users.users.root.hashedPassword =
+    readFile
+      ../secrets/root;
+}
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,18 @@
 {
    "inputs": {
+        "nix": {
+            "inputs": {
+                "nixpkgs": {
+                    "inputs": {},
+                    "narHash": "sha256-ZzR2l1dovxeZ555KXxz7SAXrC72BfaR4BeqvJzRdmwQ=",
+                    "originalUrl": "nixpkgs/release-19.09",
+                    "url": "github:edolstra/nixpkgs/d37927a77e70a2b3408ceaa2e763b6df1f4d941a"
+                }
+            },
+            "narHash": "sha256-8Y2swdV7/T7jjhGAKVrMRkAn7y4qTSjKNIW7NUe7V5s=",
+            "originalUrl": "nix",
+            "url": "github:NixOS/nix/90d2cf6ff98fc970c9abeae6c37dd323fd0ef953"
+        },
        "nixpkgs": {
            "inputs": {},
            "narHash": "sha256-Y5ZOTgInrYYoas3vM8uTPLA2DvFI9YoI6haftIKl9go=",
--- a/flake.nix
+++ b/flake.nix
@ -1,16 +1,19 @@
 {
+  description = "DevOS";
+
  epoch = 201909;
-  description = "NixOS Configuration";

-  outputs = { self, nixpkgs }: {
-    nixosConfigurations.gaze12 = nixpkgs.lib.nixosSystem {
-      system = "x86_64-linux";
+  outputs = { self, nixpkgs, nix }: {
+    nixosConfigurations =
+      let
+        configs = import ./configurations {
+          inherit nix nixpkgs;
+          flake = self;
+        };
+
+      in
+        configs;

-      modules = [
-        {
-          system.configurationRevision = self.rev;
-        }
-      ];
-    };
  };
+
 }
--- a/lib/utils.nix
+++ b/lib/utils.nix
@ -1,2 +1,2 @@
-{}:
+{ ... }:
 {}
--- a/local/.gitignore
+++ b/local/.gitignore
@ -0,0 +1,2 @@
+*
+!.gitignore
--- a/local/file-systems.nix
+++ b/local/file-systems.nix
@ -0,0 +1,3 @@
+{
+  fileSystems = {};
+}
--- a/modules/profiles/core.nix
+++ b/modules/profiles/core.nix
@ -0,0 +1,129 @@
+{ config, lib, pkgs, ... }:
+{
+
+  imports = [
+    ./locale.nix
+    ../../local/file-systems.nix
+  ];
+
+
+  boot = {
+
+    kernelPackages = pkgs.linuxPackages_latest;
+
+    tmpOnTmpfs = true;
+
+    kernel.sysctl."kernel.sysrq" = 1;
+
+  };
+
+
+  environment = {
+
+    systemPackages = with pkgs; [
+      binutils
+      coreutils
+      curl
+      dnsutils
+      fd
+      git
+      iputils
+      manpages
+      moreutils
+      ripgrep
+      stdmanpages
+      utillinux
+    ];
+
+    shellAliases = let
+      ifSudo = string: lib.mkIf config.security.sudo.enable string;
+    in
+      {
+        # quick cd
+        ".." = "cd ..";
+        "..." = "cd ../..";
+        "...." = "cd ../../..";
+        "....." = "cd ../../../..";
+
+        # internet ip
+        myip = "dig +short myip.opendns.com @208.67.222.222 2>&1";
+
+        # sudo
+        si = ifSudo "env sudo -i";
+        sudo = ifSudo "sudo -E ";
+        se = ifSudo "sudoedit";
+
+        # systemd
+        ctl = "systemctl";
+        stl = ifSudo "sudo systemctl";
+        utl = "systemctl --user";
+        ut = "systemctl --user start";
+        un = "systemctl --user stop";
+        up = ifSudo "sudo systemctl start";
+        dn = ifSudo "sudo systemctl stop";
+        jctl = "journalctl";
+
+      };
+
+  };
+
+
+  fonts = {
+    fonts = with pkgs; [
+      powerline-fonts
+      dejavu_fonts
+    ];
+
+
+    fontconfig.defaultFonts = {
+
+      monospace = [ "DejaVu Sans Mono for Powerline" ];
+
+      sansSerif = [ "DejaVu Sans" ];
+
+    };
+  };
+
+
+  nix = {
+
+    autoOptimiseStore = true;
+
+    gc.automatic = true;
+
+    optimise.automatic = true;
+
+    useSandbox = true;
+
+    allowedUsers = [ "@wheel" ];
+
+    trustedUsers = [ "root" "@wheel" ];
+
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+
+  };
+
+
+  nixpkgs.config.allowUnfree = true;
+
+
+  programs.mtr.enable = true;
+
+
+  security = {
+
+    hideProcessInformation = true;
+
+    protectKernelImage = true;
+
+  };
+
+
+  services.earlyoom.enable = true;
+
+
+  users.mutableUsers = false;
+
+}
--- a/modules/profiles/locale.nix
+++ b/modules/profiles/locale.nix
@ -0,0 +1,5 @@
+{ ... }:
+{
+  i18n.defaultLocale = "en_US.UTF-8";
+  time.timeZone = "America/Denver";
+}
--- a/secrets/root
+++ b/secrets/root