From 9feae67e9db581f34e3ef0d07913bceb2482b871 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Thu, 23 Dec 2021 05:00:44 +0100 Subject: [PATCH] Convert nix config into a flake --- nixpkgs/config.nix | 5 - nixpkgs/flake.lock | 69 ++++ nixpkgs/flake.nix | 88 +++++ nixpkgs/home.nix | 21 +- nixpkgs/hosts/eisei/default.nix | 312 ++++++++++++++++++ .../hosts/eisei/hardware-configuration.nix | 37 +++ nixpkgs/{secret => misc}/ssh/hosts/pvv.nix | 11 +- nixpkgs/programs/comma.nix | 8 +- nixpkgs/secret/.gitignore | 17 - nixpkgs/secret/README.md | 36 -- nixpkgs/secret/default.nix | 8 - nixpkgs/secret/programs/chromium/default.nix | 7 - nixpkgs/secret/programs/default.nix | 8 - nixpkgs/secret/programs/newsboat/default.nix | 6 - .../secret/programs/qutebrowser/default.nix | 7 - nixpkgs/secret/ssh/hosts/default.nix | 8 - nixpkgs/secret/update.sh | 2 - nixpkgs/shellOptions.nix | 11 +- 18 files changed, 521 insertions(+), 140 deletions(-) delete mode 100644 nixpkgs/config.nix create mode 100644 nixpkgs/flake.lock create mode 100644 nixpkgs/flake.nix create mode 100644 nixpkgs/hosts/eisei/default.nix create mode 100644 nixpkgs/hosts/eisei/hardware-configuration.nix rename nixpkgs/{secret => misc}/ssh/hosts/pvv.nix (91%) delete mode 100644 nixpkgs/secret/.gitignore delete mode 100644 nixpkgs/secret/README.md delete mode 100644 nixpkgs/secret/default.nix delete mode 100644 nixpkgs/secret/programs/chromium/default.nix delete mode 100644 nixpkgs/secret/programs/default.nix delete mode 100644 nixpkgs/secret/programs/newsboat/default.nix delete mode 100644 nixpkgs/secret/programs/qutebrowser/default.nix delete mode 100644 nixpkgs/secret/ssh/hosts/default.nix delete mode 100755 nixpkgs/secret/update.sh diff --git a/nixpkgs/config.nix b/nixpkgs/config.nix deleted file mode 100644 index 0b84d86..0000000 --- a/nixpkgs/config.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: -{ - allowUnfree = true; - android_sdk.accept_license = true; -} diff --git a/nixpkgs/flake.lock b/nixpkgs/flake.lock new file mode 100644 index 0000000..366063a --- /dev/null +++ b/nixpkgs/flake.lock @@ -0,0 +1,69 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1639871969, + "narHash": "sha256-6feWUnMygRzA9tzkrfAzpA5/NBYg75bkFxnqb1DtD7E=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "697cc8c68ed6a606296efbbe9614c32537078756", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-21.11", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1640077788, + "narHash": "sha256-YMSDk3hlucJTTARaHNOeQEF6zEW3A/x4sXgrz94VbS0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9ab7d12287ced0e1b4c03b61c781901f178d9d77", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-21.11", + "type": "indirect" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "secrets": "secrets" + } + }, + "secrets": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1640231944, + "narHash": "sha256-nb743xTN5n7LRmiTzfKgknTe+R68FKXIQX/8ERU5JS4=", + "ref": "main", + "rev": "a489b4a3b5ec636da65886226102a8372c40dcc4", + "revCount": 1, + "type": "git", + "url": "file:///home/h7x4/git/nix-secrets" + }, + "original": { + "type": "git", + "url": "file:///home/h7x4/git/nix-secrets" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/nixpkgs/flake.nix b/nixpkgs/flake.nix new file mode 100644 index 0000000..6a2c788 --- /dev/null +++ b/nixpkgs/flake.nix @@ -0,0 +1,88 @@ +{ + description = "Mmmmmh, Spaghetti™"; + + inputs = { + nixpkgs.url = "nixpkgs/nixos-21.11"; + + home-manager = { + url = "github:nix-community/home-manager/release-21.11"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + # Nix expressions and keys (TODO: move keys to another solution like agenix) + # which should be kept from the main repo for privacy reasons. + # + # Includes stuff like usernames, emails, ports, other server users, ssh hosts, etc. + secrets = { + # TODO: Push this to a remote. + url = "git+file:///home/h7x4/git/nix-secrets"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, home-manager, secrets, ... }: let + system = "x86_64-linux"; + + pkgs = import nixpkgs { + inherit system; + + config = { + allowUnfree = true; + android_sdk.accept_license = true; + }; + + overlays = [ (import ./overlays/lib) ]; + }; + + specialArgs = { + secrets = secrets.outputs.default; + colorTheme = import ./common/colors.nix; + }; + + in { + overlays = { + lib = import ./overlays/lib; + }; + + homeConfigurations = { + h7x4 = home-manager.lib.homeManagerConfiguration { + inherit system; + inherit pkgs; + + extraSpecialArgs = specialArgs; + username = "h7x4"; + homeDirectory = "/home/h7x4"; + stateVersion = "21.11"; + configuration = { + + imports = [ + ./home.nix + secrets.outputs.nixosModule + ]; + }; + }; + }; + + nixosConfigurations = let + # String -> AttrSet -> AttrSet + nixSys = + name: extraOpts: + nixpkgs.lib.nixosSystem { + inherit system; + inherit pkgs; + + lib = pkgs.lib; + inherit specialArgs; + + modules = [ + ./hosts/${name} + ]; + } // extraOpts; + + in { + # Tsuki = nixSys "tsuki" {}; + Eisei = nixSys "eisei" {}; + }; + + }; +} diff --git a/nixpkgs/home.nix b/nixpkgs/home.nix index 5b30b51..3e69943 100644 --- a/nixpkgs/home.nix +++ b/nixpkgs/home.nix @@ -1,23 +1,11 @@ -{ pkgs, lib, ... } @ args: -let - colorType = with lib.types; (attrsOf str); - colorTheme = import ./common/colors.nix; -in +{ pkgs, ... } @ args: { - _module.args = { - inherit colorTheme; - }; - - # FIXME: this isn't really working? see shellOptions - nixpkgs.overlays = [ - (import ./overlays/lib) - ]; - imports = [ ./shellOptions.nix ./packages.nix ./misc/mimetypes.nix + ./misc/ssh/hosts/pvv.nix ./programs/alacritty.nix ./programs/comma.nix @@ -39,15 +27,12 @@ in ./services/picom.nix ./services/stalonetray.nix ./services/sxhkd.nix - - ./secret ]; home = { - stateVersion = "21.05"; + stateVersion = "21.11"; username = "h7x4"; homeDirectory = "/home/h7x4"; - # enableNixpkgsReleaseCheck = true; }; news.display = "silent"; diff --git a/nixpkgs/hosts/eisei/default.nix b/nixpkgs/hosts/eisei/default.nix new file mode 100644 index 0000000..6bad48c --- /dev/null +++ b/nixpkgs/hosts/eisei/default.nix @@ -0,0 +1,312 @@ +{ pkgs, config, ... }: let + # FIXME: lib should be imported directly as a module argument. + inherit (pkgs) lib; +in { + imports = [ + ./hardware-configuration.nix + ]; + + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; + }; + + boot.loader = { + efi.canTouchEfiVariables = false; + grub = { + enable = true; + device = "/dev/sda"; + version = 2; + }; + }; + + time.timeZone = "Europe/Oslo"; + + networking = { + hostName = "Eisei"; + networkmanager.enable = true; + useDHCP = false; + + interfaces = { + eno1.useDHCP = true; + wlo1.useDHCP = true; + }; + + # firewall = { + # enable = false; + # allowedTCPPorts = [ ... ]; + # allowedUDPPorts = [ ... ]; + # }; + }; + + i18n = { + defaultLocale = "en_US.UTF-8"; + + inputMethod = { + enabled = "fcitx"; + fcitx.engines = with pkgs.fcitx-engines; [ mozc ]; + }; + + # inputMethod = { + # enabled = "fcitx5"; + # fcitx5.addons = with pkgs; [ + # fcitx5-mozc + # fcitx5-gtk + # ]; + # }; + }; + + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + + services = { + openssh.enable = true; + gnome.gnome-keyring.enable = true; + printing.enable = true; + dbus = { + enable = true; + packages = with pkgs; [ + gcr + gnome3.dconf + ]; + }; + cron = { + enable = true; + systemCronJobs = [ + # "*/5 * * * * root date >> /tmp/cron.log" + ]; + }; + + xserver = { + enable = true; + layout = "us"; + xkbOptions = "caps:escape"; + + libinput = { + enable = true; + touchpad.disableWhileTyping = true; + }; + + windowManager.xmonad = { + enable = true; + enableContribAndExtras = true; + }; + }; + }; + + sound.enable = true; + hardware.pulseaudio.enable = true; + + hardware.bluetooth.enable = true; + + nixpkgs.config = { + allowUnfree = true; + }; + + nix = { + distributedBuilds = true; + package = pkgs.nixFlakes; + binaryCaches = [ + "https://cache.nixos.org/" + ]; + extraOptions = '' + experimental-features = nix-command flakes + builders-use-substitutes = true + ''; + + buildMachines = [ + { + hostName = "Tsuki"; + system = "x86_64-linux"; + maxJobs = 1; + speedFactor = 3; + supportedFeatures = [ + "nixos-test" + "benchmark" + "big-paralell" + "kvm" + ]; + mandatoryFeatures = []; + } + ]; + + }; + + users.users.h7x4 = { + isNormalUser = true; + extraGroups = [ + "wheel" + "networkmanager" + "docker" + "disk" + "audio" + "video" + "libvirtd" + "input" + ]; + shell = pkgs.zsh; + }; + + system.extraDependencies = with pkgs; [ + asciidoc + asciidoctor + cabal2nix + clang + dart + dotnet-sdk + dotnet-sdk_3 + dotnet-sdk_5 + dotnetPackages.Nuget + elm2nix + elmPackages.elm + flutter + gcc + ghc + ghcid + haskellPackages.Cabal_3_6_2_0 + maven + nodePackages.node2nix + nodePackages.npm + nodePackages.sass + nodePackages.typescript + nodePackages.yarn + nodejs + plantuml + python3 + rustc + rustc + rustup + ]; + + environment = { + variables = { + EDITOR = "nvim"; + VISUAL = "nvim"; + }; + + systemPackages = with pkgs; [ + wget + haskellPackages.xmobar + ]; + + shells = with pkgs; [ + bashInteractive + zsh + dash + ]; + + etc = { + # TODO: move this out of etc, and reference it directly in sudo config. + sudoLecture = { + target = "sudo.lecture"; + text = lib.termColors.front.red "Be careful or something, idk...\n"; + }; + + currentSystemPackages = { + target = "current-system-packages"; + text = let + inherit (lib.strings) concatStringsSep; + inherit (lib.lists) sort; + inherit (lib.trivial) lessThan; + packages = map (p: "${p.name}") config.environment.systemPackages; + sortedUnique = sort lessThan (lib.unique packages); + in concatStringsSep "\n" sortedUnique; + }; + }; + }; + + fonts = { + enableDefaultFonts = true; + + fonts = with pkgs; [ + cm_unicode + dejavu_fonts + fira-code + fira-code-symbols + powerline-fonts + iosevka + symbola + corefonts + ipaexfont + ipafont + liberation_ttf + migmix + noto-fonts + noto-fonts-cjk + noto-fonts-emoji + open-sans + source-han-sans + source-sans + ubuntu_font_family + victor-mono + (nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" ]; }) + ]; + + fontconfig = { + defaultFonts = { + serif = [ "Droid Sans Serif" "Ubuntu" ]; + sansSerif = [ "Droid Sans" "Ubuntu" ]; + monospace = [ "Fira Code" "Ubuntu" ]; + emoji = [ "Noto Sans Emoji" ]; + }; + }; + }; + + programs = { + dconf.enable = true; + git.enable = true; + light.enable = true; + npm.enable = true; + tmux.enable = true; + neovim = { + enable = true; + defaultEditor = true; + viAlias = true; + vimAlias = true; + configure = { + packages.myVimPackage = with pkgs.vimPlugins; { + start = [ + direnv-vim + vim-nix + vim-polyglot + ]; + + opt = [ + vim-monokai + ]; + }; + + customRC = '' + set number relativenumber + set undofile + set undodir=~/.cache/vim/undodir + + packadd! vim-monokai + colorscheme monokai + ''; + }; + }; + + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + }; + + security.sudo.extraConfig = '' + Defaults lecture = always + Defaults lecture_file = /etc/${config.environment.etc.sudoLecture.target} + ''; + + virtualisation = { + docker.enable = true; + libvirtd.enable = true; + }; + + system.stateVersion = "21.11"; +} + diff --git a/nixpkgs/hosts/eisei/hardware-configuration.nix b/nixpkgs/hosts/eisei/hardware-configuration.nix new file mode 100644 index 0000000..59f27d0 --- /dev/null +++ b/nixpkgs/hosts/eisei/hardware-configuration.nix @@ -0,0 +1,37 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/59d56b94-29f0-45be-81cc-16050c712902"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/e66ad6d8-28d5-4411-8289-5ec47d60858b"; + fsType = "ext4"; + }; + + fileSystems."/home/h7x4/Dropbox" = + { device = "/dev/disk/by-uuid/b6b244ab-fdb2-4d90-8a38-b21b0932027b"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/62738962-4764-4136-bdd3-348de09400d0"; } + ]; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixpkgs/secret/ssh/hosts/pvv.nix b/nixpkgs/misc/ssh/hosts/pvv.nix similarity index 91% rename from nixpkgs/secret/ssh/hosts/pvv.nix rename to nixpkgs/misc/ssh/hosts/pvv.nix index 9dcdb1b..62ba497 100644 --- a/nixpkgs/secret/ssh/hosts/pvv.nix +++ b/nixpkgs/misc/ssh/hosts/pvv.nix @@ -1,12 +1,7 @@ -{ ... }: +{ pkgs, secrets, ... }: let - - # TODO: Fix overlay in home.nix - pkgs = import { overlays = [(import ../../../overlays/lib)]; }; - lib = pkgs.lib; - - users = import ./users.nix; - inherit (users.pvv) normalUser adminUser; + inherit (pkgs) lib; + inherit (secrets.ssh.users.pvv) normalUser adminUser; # http://www.pvv.ntnu.no/pvv/Maskiner normalMachines = [ diff --git a/nixpkgs/programs/comma.nix b/nixpkgs/programs/comma.nix index 45b261e..e4c1595 100644 --- a/nixpkgs/programs/comma.nix +++ b/nixpkgs/programs/comma.nix @@ -8,7 +8,9 @@ let }) {}; in { - home.packages = with pkgs; [ - comma - ]; + # FIXME: this projects default.nix imports , which makes it very much not kosher + + # home.packages = with pkgs; [ + # comma + # ]; } diff --git a/nixpkgs/secret/.gitignore b/nixpkgs/secret/.gitignore deleted file mode 100644 index 4af8d57..0000000 --- a/nixpkgs/secret/.gitignore +++ /dev/null @@ -1,17 +0,0 @@ - -# Ignore everything -* - -# Sincde it's not possible to re-include a file if a -# parent directory of that file is excluded, we need to -# reinclude all directories. -!/**/ - -# Root level exceptions -!/**/default.nix -!.gitignore -!update.sh -!README.md - -# Other exceptions -!ssh/hosts/pvv.nix diff --git a/nixpkgs/secret/README.md b/nixpkgs/secret/README.md deleted file mode 100644 index 5e05f5d..0000000 --- a/nixpkgs/secret/README.md +++ /dev/null @@ -1,36 +0,0 @@ -# Secrets - - - -## Structure - - -``` -. -├── common -│ ├── browser-bookmarks.nix -│ └── browser-engines.nix -├── programs -│ ├── chromium -│ │ ├── bookmarks.nix -│ │ ├── default.nix -│ │ └── engines.nix -│ ├── newsboat -│ │ ├── default.nix -│ │ └── sources.nix -│ ├── qutebrowser -│ │ ├── bookmarks.nix -│ │ ├── default.nix -│ │ └── engines.nix -│ └── default.nix -├── ssh -│ └── hosts -│ ├── default.nix -│ ├── home.nix -│ ├── ntnu.nix -│ ├── pvv.nix -│ └── users.nix -├── default.nix -├── README.md -└── update.sh -``` diff --git a/nixpkgs/secret/default.nix b/nixpkgs/secret/default.nix deleted file mode 100644 index 1064a12..0000000 --- a/nixpkgs/secret/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: -{ - imports = [ - ./programs - ./ssh/hosts - ./gtk/bookmarks.nix - ]; -} diff --git a/nixpkgs/secret/programs/chromium/default.nix b/nixpkgs/secret/programs/chromium/default.nix deleted file mode 100644 index 00bfafc..0000000 --- a/nixpkgs/secret/programs/chromium/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: -{ - imports = [ - ./bookmarks.nix - ./engines.nix - ]; -} diff --git a/nixpkgs/secret/programs/default.nix b/nixpkgs/secret/programs/default.nix deleted file mode 100644 index aac34ab..0000000 --- a/nixpkgs/secret/programs/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: -{ - imports = [ - ./chromium - ./newsboat - ./qutebrowser - ]; -} diff --git a/nixpkgs/secret/programs/newsboat/default.nix b/nixpkgs/secret/programs/newsboat/default.nix deleted file mode 100644 index b2330c5..0000000 --- a/nixpkgs/secret/programs/newsboat/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: -{ - imports = [ - ./sources.nix - ]; -} diff --git a/nixpkgs/secret/programs/qutebrowser/default.nix b/nixpkgs/secret/programs/qutebrowser/default.nix deleted file mode 100644 index 00bfafc..0000000 --- a/nixpkgs/secret/programs/qutebrowser/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: -{ - imports = [ - ./bookmarks.nix - ./engines.nix - ]; -} diff --git a/nixpkgs/secret/ssh/hosts/default.nix b/nixpkgs/secret/ssh/hosts/default.nix deleted file mode 100644 index aa6b92a..0000000 --- a/nixpkgs/secret/ssh/hosts/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: -{ - imports = [ - ./pvv.nix - ./ntnu.nix - ./home.nix - ]; -} diff --git a/nixpkgs/secret/update.sh b/nixpkgs/secret/update.sh deleted file mode 100755 index c839548..0000000 --- a/nixpkgs/secret/update.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/usr/bin/env sh -perl -0777 -pi -e '$tree=`exa -I XX* --tree --group-directories-first`; s/\n```\n(?:.|\n)+```/\n```\n$tree```/' README.md diff --git a/nixpkgs/shellOptions.nix b/nixpkgs/shellOptions.nix index 55c638a..285daec 100644 --- a/nixpkgs/shellOptions.nix +++ b/nixpkgs/shellOptions.nix @@ -1,10 +1,7 @@ -{ config, ... }: -let - # TODO: These should really be inputs in the main function, and the - # overlaying should be happening in home.nix. I wasn't able to - # make it work though. - pkgs = import { overlays = [(import ./overlays/lib)]; }; - lib = pkgs.lib; +{ pkgs, config, ... }: let + + # FIXME: lib should be imported directly as a module argument. + inherit (pkgs) lib; sedColor = color: