Merge branch 'refac-profs' into template

This commit is contained in:
Timothy DeHerrera 2021-02-03 15:35:30 -07:00
commit ec8a357ff9
No known key found for this signature in database
GPG key ID: 8985725DB5B0C122
19 changed files with 85 additions and 55 deletions

20
DOC.md
View file

@ -8,8 +8,8 @@ See [`hosts/default.nix`](hosts/default.nix) for the implementation.
## Profiles
A profile is any directory under [profiles](profiles) containing a `default.nix`
defining a valid NixOS module, with the added restriction that no new
declarations to the `options` _or_ `config` attributes are allowed
defining a function that returns a valid NixOS module, with the added restriction
that no new declarations to the `options` _or_ `config` attributes are allowed
(use [modules](modules) instead). Their purpose is to provide abstract
expressions suitable for reuse by multiple deployments. They are perhaps _the_
key mechanism by which we keep this repo maintainable.
@ -30,9 +30,19 @@ profile should be independent of its parent. i.e:
It is okay for profiles to depend on other profiles so long as they are
explicitly loaded via `imports`.
Optionally, you may choose to export your profiles via the flake output. If
you include it in the list defined in [profiles/list.nix](profiles/list.nix),
it will be available to other flakes via `nixosModules.profiles`.
## Suites
[Suites](./profiles/suites.nix) are simple collections of profiles that can be
directly imported from any host like so:
```
{ suites, ... }:
{
imports = suites.mySuite;
}
```
You can declare any combination of users and profiles that you wish, providing
a nice abstraction, free from the idiosyncratic concerns of specific hardware.
## Users
User declarations belong in the `users` directory.

View file

@ -1,6 +1,7 @@
{ suites, ... }:
{
### root password is empty by default ###
imports = [ ../users/nixos ../users/root ];
imports = suites.graphics;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;

View file

@ -1,10 +1,6 @@
{ suites, ... }:
{
imports =
let
profiles = builtins.filter (n: n != ../profiles/core)
(import ../profiles/list.nix);
in
profiles ++ [ ../users/nixos ../users/root ];
imports = with suites; allProfiles ++ allUsers;
security.mitigations.acceptRisk = true;

View file

@ -9,9 +9,12 @@
, ...
}:
let
inherit (lib.flk) recImport nixosSystemExtended;
inherit (lib.flk) recImport nixosSystemExtended defaultImports;
inherit (builtins) attrValues removeAttrs;
profiles = defaultImports (toString ../profiles);
suites = import ../profiles/suites.nix { inherit lib profiles; };
unstableModules = [ ];
addToDisabledModules = [ ];
@ -21,13 +24,14 @@ let
specialArgs =
{
inherit suites;
unstableModulesPath = "${master}/nixos/modules";
hardware = nixos-hardware.nixosModules;
};
modules =
let
core = self.nixosModules.profiles.core;
core = profiles.core.default;
modOverrides = { config, unstableModulesPath, ... }: {
disabledModules = unstableModules ++ addToDisabledModules;
@ -63,7 +67,7 @@ let
# Everything in `./modules/list.nix`.
flakeModules =
attrValues (removeAttrs self.nixosModules [ "profiles" ]);
attrValues self.nixosModules;
in
flakeModules ++ [

View file

@ -1,6 +1,7 @@
{ nixos, ... }:
let
inherit (builtins) attrNames attrValues isAttrs readDir listToAttrs mapAttrs;
inherit (builtins) attrNames attrValues isAttrs readDir listToAttrs mapAttrs
pathExists;
inherit (nixos.lib) fold filterAttrs hasSuffix mapAttrs' nameValuePair removeSuffix
recursiveUpdate genAttrs nixosSystem mkForce;
@ -38,12 +39,26 @@ let
in
map fullPath (attrNames (readDir overlayDir));
defaultImports = dir:
let
filtered = filterAttrs
(n: v: v == "directory" && pathExists "${dir}/${n}/default.nix")
(readDir dir);
in
mapAttrs
(n: v: {
default = import "${dir}/${n}/default.nix";
} // defaultImports "${dir}/${n}")
filtered;
in
{
inherit mapFilterAttrs genAttrs' pkgImport pathsToImportedAttrs;
inherit defaultImports mapFilterAttrs genAttrs' pkgImport pathsToImportedAttrs;
overlays = pathsToImportedAttrs overlayPaths;
profileMap = map (profile: profile.default);
recImport = { dir, _import ? base: import "${dir}/${base}.nix" }:
mapFilterAttrs
(_: v: v != null)
@ -93,13 +108,8 @@ in
moduleList = import ../modules/list.nix;
modulesAttrs = pathsToImportedAttrs moduleList;
# profiles
profilesList = import ../profiles/list.nix;
profilesAttrs = { profiles = pathsToImportedAttrs profilesList; };
in
recursiveUpdate
(recursiveUpdate cachixAttrs modulesAttrs)
profilesAttrs;
recursiveUpdate cachixAttrs modulesAttrs;
genHomeActivationPackages = hmConfigs:
mapAttrs

View file

@ -1,3 +1,3 @@
{
{ ... }: {
services.hercules-ci-agent.enable = true;
}

View file

@ -1,6 +1,5 @@
{ config, lib, pkgs, ... }:
let inherit (lib) fileContents;
in
{
nix.package = pkgs.nixFlakes;

1
profiles/db/default.nix Normal file
View file

@ -0,0 +1 @@
{ ... }: { }

View file

@ -1,26 +0,0 @@
[
./ci-agent
./core
./db/postgres
./develop
./develop/kakoune
./develop/python
./develop/tmux
./develop/zsh
./graphical
./graphical/games
./graphical/im
./graphical/plex.nix
./graphical/qutebrowser
./graphical/sway
./graphical/xmonad
./laptop
./misc/disable-mitigations.nix
./network
./network/adblocking.nix
./network/networkmanager
./network/stubby.nix
./network/torrent.nix
./ssh
./virt
]

View file

@ -0,0 +1 @@
{ ... }: { }

View file

@ -1,3 +1,3 @@
{
imports = [ ./networkmanager ./adblocking.nix ];
{ ... }: {
imports = [ ./networkmanager ./adblocking ];
}

34
profiles/suites.nix Normal file
View file

@ -0,0 +1,34 @@
{ lib, profiles }:
let
inherit (builtins) mapAttrs isFunction;
allProfiles =
let
filtered = lib.filterAttrs (n: _: n != "core") profiles;
in
lib.collect isFunction filtered;
allUsers = lib.collect isFunction users;
users = lib.flk.defaultImports (toString ../users);
in
with profiles;
mapAttrs (_: v: lib.flk.profileMap v)
# define your own suites below
rec {
work = [ develop virt users.nixos users.root ];
graphics = work ++ [ graphical ];
mobile = graphics ++ [ laptop ];
play = graphics ++ [
graphical.games
network.torrent
misc.disable-mitigations
];
goPlay = play ++ [ laptop ];
} // {
inherit allProfiles allUsers;
}

View file

@ -1,6 +1,5 @@
{ ... }:
{
imports = [ ../../profiles/develop ];
home-manager.users.nixos = {
imports = [ ../profiles/git ../profiles/direnv ];
};

View file

@ -1,3 +1,4 @@
{ ... }:
# recommend using `hashedPassword`
{
users.users.root.password = "";