diff --git a/.git-crypt/.gitattributes b/.git-crypt/.gitattributes new file mode 100644 index 00000000..665b10e8 --- /dev/null +++ b/.git-crypt/.gitattributes @@ -0,0 +1,4 @@ +# Do not edit this file. To specify the files to encrypt, create your own +# .gitattributes file in the directory where your files are. +* !filter !diff +*.gpg binary diff --git a/.git-crypt/keys/default/0/54718D2B78DCAA9C770296F18985725DB5B0C122.gpg b/.git-crypt/keys/default/0/54718D2B78DCAA9C770296F18985725DB5B0C122.gpg new file mode 100644 index 00000000..bc59e421 --- /dev/null +++ b/.git-crypt/keys/default/0/54718D2B78DCAA9C770296F18985725DB5B0C122.gpg @@ -0,0 +1,3 @@ + jzqa3۫B:b҅ =ul- *EկD4! WU|$2^l ).薕 a` 'i1! -6q~ +INy8)["#0\8: b d^g)gh0cM`M!SG~e"u:$]cBM"ljAKN24Q+^iX|f̏XA.RX> jWRWi:e'3XȂėˉWCX0B'yҹd~(""SqԴA0_{H'S"d 7PA}0UPZ/Acjүtmߜ%[WQGFXdLO\ R* r+2 EEVq{}"fFk5I/kJ3ۦ@quy%ȍФu3c$; Oj +C \ No newline at end of file diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 00000000..5c975fae --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +secrets/* filter=git-crypt diff=git-crypt diff --git a/.gitignore b/.gitignore index 8b137891..b2be92b7 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ - +result diff --git a/README.md b/README.md index de4cce7c..8f771d00 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ ->Warning: Highly experimental, API __will__ break! +## ⚠W️arning: Highly experimental, API __will__ break! # Introduction Welcome to DevOS. This project is under construction as a rewrite of my current diff --git a/configurations/default.nix b/configurations/default.nix new file mode 100644 index 00000000..0b09419f --- /dev/null +++ b/configurations/default.nix @@ -0,0 +1,72 @@ +{ nix, nixpkgs, flake, ... }: +let + inherit (builtins) + isAttrs + readDir + ; + + inherit (nixpkgs.lib) + filterAttrs + hasSuffix + mapAttrs' + nameValuePair + removeSuffix + ; + + + configs = let + configs' = let + config = this: + nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + + modules = let + coreConfig = ../modules/profiles/core.nix; + + globalConfig = { + system.configurationRevision = flake.rev; + + networking.hostName = "${this}"; + + nix.package = nix.defaultPackage."${system}"; + }; + + thisConfig = ./. + "/${this}.nix"; + + in + [ + coreConfig + globalConfig + thisConfig + ]; + + }; + + dot = readDir ./.; + + in + mapAttrs' + ( + name: value: + if + name != "default.nix" + && hasSuffix ".nix" name + && value == "regular" + + then let + name' = removeSuffix ".nix" name; + in + nameValuePair (name') (config name') + + else + nameValuePair ("") (null) + ) + dot; + + removeInvalid = + filterAttrs (_: value: isAttrs value); + in + removeInvalid configs'; + +in +configs diff --git a/configurations/gaze12.nix b/configurations/gaze12.nix new file mode 100644 index 00000000..af4ba43a --- /dev/null +++ b/configurations/gaze12.nix @@ -0,0 +1,18 @@ +{ ... }: +let + inherit (builtins) readFile; +in +{ + imports = []; + + + boot.loader.systemd-boot = { + enable = true; + editor = false; + }; + + + users.users.root.hashedPassword = + readFile + ../secrets/root; +} diff --git a/flake.lock b/flake.lock index a730a190..e2f49e06 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,18 @@ { "inputs": { + "nix": { + "inputs": { + "nixpkgs": { + "inputs": {}, + "narHash": "sha256-ZzR2l1dovxeZ555KXxz7SAXrC72BfaR4BeqvJzRdmwQ=", + "originalUrl": "nixpkgs/release-19.09", + "url": "github:edolstra/nixpkgs/d37927a77e70a2b3408ceaa2e763b6df1f4d941a" + } + }, + "narHash": "sha256-8Y2swdV7/T7jjhGAKVrMRkAn7y4qTSjKNIW7NUe7V5s=", + "originalUrl": "nix", + "url": "github:NixOS/nix/90d2cf6ff98fc970c9abeae6c37dd323fd0ef953" + }, "nixpkgs": { "inputs": {}, "narHash": "sha256-Y5ZOTgInrYYoas3vM8uTPLA2DvFI9YoI6haftIKl9go=", diff --git a/flake.nix b/flake.nix index 3b8ecc97..1e9a9742 100644 --- a/flake.nix +++ b/flake.nix @@ -1,16 +1,19 @@ { + description = "DevOS"; + epoch = 201909; - description = "NixOS Configuration"; - outputs = { self, nixpkgs }: { - nixosConfigurations.gaze12 = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; + outputs = { self, nixpkgs, nix }: { + nixosConfigurations = + let + configs = import ./configurations { + inherit nix nixpkgs; + flake = self; + }; + + in + configs; - modules = [ - { - system.configurationRevision = self.rev; - } - ]; - }; }; + } diff --git a/lib/utils.nix b/lib/utils.nix index 6416a04e..4b42ce71 100644 --- a/lib/utils.nix +++ b/lib/utils.nix @@ -1,2 +1,2 @@ -{}: +{ ... }: {} diff --git a/local/.gitignore b/local/.gitignore new file mode 100644 index 00000000..d6b7ef32 --- /dev/null +++ b/local/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/local/file-systems.nix b/local/file-systems.nix new file mode 100644 index 00000000..837cf6e2 --- /dev/null +++ b/local/file-systems.nix @@ -0,0 +1,3 @@ +{ + fileSystems = {}; +} diff --git a/modules/profiles/core.nix b/modules/profiles/core.nix new file mode 100644 index 00000000..2cb6f08c --- /dev/null +++ b/modules/profiles/core.nix @@ -0,0 +1,129 @@ +{ config, lib, pkgs, ... }: +{ + + imports = [ + ./locale.nix + ../../local/file-systems.nix + ]; + + + boot = { + + kernelPackages = pkgs.linuxPackages_latest; + + tmpOnTmpfs = true; + + kernel.sysctl."kernel.sysrq" = 1; + + }; + + + environment = { + + systemPackages = with pkgs; [ + binutils + coreutils + curl + dnsutils + fd + git + iputils + manpages + moreutils + ripgrep + stdmanpages + utillinux + ]; + + shellAliases = let + ifSudo = string: lib.mkIf config.security.sudo.enable string; + in + { + # quick cd + ".." = "cd .."; + "..." = "cd ../.."; + "...." = "cd ../../.."; + "....." = "cd ../../../.."; + + # internet ip + myip = "dig +short myip.opendns.com @208.67.222.222 2>&1"; + + # sudo + si = ifSudo "env sudo -i"; + sudo = ifSudo "sudo -E "; + se = ifSudo "sudoedit"; + + # systemd + ctl = "systemctl"; + stl = ifSudo "sudo systemctl"; + utl = "systemctl --user"; + ut = "systemctl --user start"; + un = "systemctl --user stop"; + up = ifSudo "sudo systemctl start"; + dn = ifSudo "sudo systemctl stop"; + jctl = "journalctl"; + + }; + + }; + + + fonts = { + fonts = with pkgs; [ + powerline-fonts + dejavu_fonts + ]; + + + fontconfig.defaultFonts = { + + monospace = [ "DejaVu Sans Mono for Powerline" ]; + + sansSerif = [ "DejaVu Sans" ]; + + }; + }; + + + nix = { + + autoOptimiseStore = true; + + gc.automatic = true; + + optimise.automatic = true; + + useSandbox = true; + + allowedUsers = [ "@wheel" ]; + + trustedUsers = [ "root" "@wheel" ]; + + extraOptions = '' + experimental-features = nix-command flakes + ''; + + }; + + + nixpkgs.config.allowUnfree = true; + + + programs.mtr.enable = true; + + + security = { + + hideProcessInformation = true; + + protectKernelImage = true; + + }; + + + services.earlyoom.enable = true; + + + users.mutableUsers = false; + +} diff --git a/modules/profiles/locale.nix b/modules/profiles/locale.nix new file mode 100644 index 00000000..6db93143 --- /dev/null +++ b/modules/profiles/locale.nix @@ -0,0 +1,5 @@ +{ ... }: +{ + i18n.defaultLocale = "en_US.UTF-8"; + time.timeZone = "America/Denver"; +} diff --git a/secrets/root b/secrets/root new file mode 100644 index 00000000..d8f05b85 Binary files /dev/null and b/secrets/root differ