nixfiles/nixos/modules/common.nix

{ lib, pkgsFlake, pkgs, pkgs', self, inputs, config, ... }:
let
  inherit (lib) mkIf mkDefault mkMerge;
  inherit (lib.my) mkDefault';
in
{
  options = with lib.types; {
    my = { };
  };

  imports = [
    inputs.impermanence.nixosModule
    inputs.ragenix.nixosModules.age
    inputs.sharry.nixosModules.default
  ];

  config = mkMerge [
    {
      system = {
        stateVersion = "22.05";
        configurationRevision = with inputs; mkIf (self ? rev) self.rev;
      };

      home-manager = {
        # Installs packages in the system config instead of in the local profile on activation
        useUserPackages = mkDefault true;
      };

      users = {
        mutableUsers = false;
      };

      security = {
        sudo.enable = mkDefault false;
        doas = {
          enable = mkDefault true;
          wheelNeedsPassword = mkDefault false;
        };
      };

      nix = {
        package = pkgs'.mine.nix;
        channel.enable = false;
        settings = with lib.my.c.nix; {
          trusted-users = [ "@wheel" ];
          experimental-features = [ "nix-command" "flakes" "ca-derivations" ];
          extra-substituters = cache.substituters;
          extra-trusted-public-keys = cache.keys;
          connect-timeout = 5;
          fallback = true;
        };
        registry = {
          pkgs = {
            to = {
              type = "path";
              path = "${pkgsFlake}";
            };
            exact = true;
          };
        };
        gc = {
          options = mkDefault "--max-freed $((8 * 1024**3))";
          automatic = mkDefault true;
        };
      };
      nixpkgs = {
        overlays = [
          inputs.deploy-rs.overlay
          inputs.sharry.overlays.default
          inputs.borgthin.overlays.default
          inputs.boardie.overlays.default
        ];
        config = {
          allowUnfree = true;
        };
      };

      documentation = {
        enable = mkDefault true;
        nixos = {
          enable = mkDefault true;
          options.warningsAreErrors = mkDefault false;
        };
      };

      time.timeZone = mkDefault "Europe/Dublin";
      i18n.defaultLocale = "en_IE.UTF-8";

      boot = {
        # Use latest LTS release by default
        kernelPackages = mkDefault (lib.my.c.kernel.lts pkgs);
        kernel = {
          sysctl = {
            "net.ipv6.route.max_size" = mkDefault 16384;
          };
        };

        loader = {
          efi = {
            efiSysMountPoint = mkDefault "/boot";
            # Should generally be enough with just /EFI/BOOT/BOOTX64.EFI in place
            canTouchEfiVariables = mkDefault false;
          };
          grub = {
            memtest86.enable = mkDefault true;
          };
          systemd-boot = {
            enable = mkDefault true;
            editor = mkDefault true;
            consoleMode = mkDefault "max";
            configurationLimit = mkDefault 10;
            memtest86.enable = mkDefault true;
          };
        };

        initrd = {
          systemd = {
            enable = mkDefault true;
            emergencyAccess = mkDefault true;
          };
          services.lvm.enable = mkDefault true;
        };
      };
      system = {
        nixos = {
          distroName = mkDefault' "JackOS";
        };
      };

      environment.etc = {
        "nixos/flake.nix".source = "/run/nixfiles/flake.nix";
      };
      environment.systemPackages = with pkgs; mkMerge [
        [
          bash-completion
          git
          unzip
        ]
        (mkIf config.services.netdata.enable [ netdata ])
      ];

      programs = {
        # This will enable generating completions at build time and prevent home-manager fish from generating them
        # locally
        fish.enable = mkDefault true;
        # TODO: This is expecting to look up the channel for the database...
        command-not-found.enable = mkDefault false;
        vim = {
          enable = true;
          defaultEditor = true;
        };
      };

      services = {
        kmscon = {
          # As it turns out, kmscon hasn't been updated in years and has some bugs...
          enable = mkDefault false;
          hwRender = mkDefault true;
          extraOptions = "--verbose";
          extraConfig =
            ''
              font-name=SauceCodePro Nerd Font Mono
            '';
        };
        getty.greetingLine = mkDefault' ''<<< Welcome to ${config.system.nixos.distroName} ${config.system.nixos.label} (\m) - \l >>>'';

        openssh = {
          enable = mkDefault true;
          settings = {
            PermitRootLogin = mkDefault "no";
            PasswordAuthentication = mkDefault false;
            StrictModes = mkDefault true;
          };
        };

        netdata = {
          config = {
            global = {
              "memory mode" = "dbengine";
              "page cache size" = 32;
              "dbengine multihost disk space" = 256;
            };
            "plugin:cgroups" = {
              "cgroups to match as systemd services" =
                " /system.slice/system-*.slice/*.service !/system.slice/*/*.service /system.slice/*.service";
            };
          };
          configDir = {
            "go.d.conf" = mkDefault (pkgs.writeText "netdata-go.d.conf" ''
              modules:
                systemdunits: yes
            '');

            "go.d/systemdunits.conf" = mkDefault (pkgs.writeText "netdata-systemdunits.conf" ''
              jobs:
                - name: service-units
                  include:
                    - '*.service'

                - name: socket-units
                  include:
                    - '*.socket'
            '');
          };
        };
      };

      systemd = {
        tmpfiles.rules = [
          "d /nix/tmp 0775 root nixbld 24h"
        ];
        services = {
          nix-daemon.environment.TMPDIR = "/nix/tmp";
          netdata = mkIf config.services.netdata.enable {
            # python.d plugin script does #!/usr/bin/env bash
            path = with pkgs; [ bash ];
          };

          nixfiles-mutable = {
            description = "Mutable nixfiles";
            serviceConfig = {
              Type = "oneshot";
              RemainAfterExit = true;
            };

            path = with pkgs; [ util-linux ];
            script = ''
              nixfilesDir="${self}"

              mkdir -p /run/nixfiles{,/.rw,/.work}
              mount -t overlay overlay -o lowerdir="$nixfilesDir",upperdir=/run/nixfiles/.rw,workdir=/run/nixfiles/.work /run/nixfiles
              chmod -R u+w /run/nixfiles
            '';
            preStop = ''
              umount /run/nixfiles
              rm -rf /run/nixfiles
            '';

            wantedBy = [ "multi-user.target" ];
          };
        };
      };
    }
    (mkIf config.services.kmscon.enable {
      fonts.fonts = with pkgs; [
        nerd-fonts.sauce-code-pro
      ];
    })
  ];

  meta.buildDocsInSandbox = false;
}
nixos: Include mutable flake in every system 2024-07-21 12:37:32 +01:00			`{ lib, pkgsFlake, pkgs, pkgs', self, inputs, config, ... }:`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`let`
Initial networking VM Also general improvements around VMs 2022-05-16 00:05:02 +01:00			`inherit (lib) mkIf mkDefault mkMerge;`
Update inputs and add custom NixOS branding 2023-12-28 17:07:40 +00:00			`inherit (lib.my) mkDefault';`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`in`
			`{`
Add capability to choose home-manager branch 2022-02-15 20:50:27 +00:00			`options = with lib.types; {`
Update inputs (stable -> 23.05) 2023-06-24 16:33:16 +01:00			`my = { };`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`};`
Initial basic setup 2022-02-06 00:06:26 +00:00
Modularise NixOS and home-manager configs 2022-02-20 15:59:07 +00:00			`imports = [`
			`inputs.impermanence.nixosModule`
Switch to ragenix over agenix 2023-01-08 18:50:52 +00:00			`inputs.ragenix.nixosModules.age`
nixos: Add Sharry file sharing service 2022-11-20 18:41:49 +00:00			`inputs.sharry.nixosModules.default`
Modularise NixOS and home-manager configs 2022-02-20 15:59:07 +00:00			`];`

Add kmscon 2022-02-16 01:38:17 +00:00			`config = mkMerge [`
Functioning installation 2022-02-19 22:55:53 +00:00			`{`
Use fish instead of bash as default shell 2022-02-20 23:55:51 +00:00			`system = {`
Move NixOS and home-manager stable to 22.05 2022-05-28 18:38:03 +01:00			`stateVersion = "22.05";`
Use fish instead of bash as default shell 2022-02-20 23:55:51 +00:00			`configurationRevision = with inputs; mkIf (self ? rev) self.rev;`
			`};`

Implement home-manager support 2022-02-13 23:06:31 +00:00			`home-manager = {`
Add capability to choose home-manager branch 2022-02-15 20:50:27 +00:00			`# Installs packages in the system config instead of in the local profile on activation`
Implement home-manager support 2022-02-13 23:06:31 +00:00			`useUserPackages = mkDefault true;`
			`};`
Initial basic setup 2022-02-06 00:06:26 +00:00
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`users = {`
			`mutableUsers = false;`
			`};`
Initial basic setup 2022-02-06 00:06:26 +00:00
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`security = {`
			`sudo.enable = mkDefault false;`
			`doas = {`
			`enable = mkDefault true;`
			`wheelNeedsPassword = mkDefault false;`
Initial basic setup 2022-02-06 00:06:26 +00:00			`};`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`};`
Initial basic setup 2022-02-06 00:06:26 +00:00
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`nix = {`
Update nixpkgs and home-manager And fix weird nixpkgs config behaviour 2022-05-07 15:12:29 +01:00			`package = pkgs'.mine.nix;`
nixos/common: Disable channels 2024-12-12 12:25:34 +00:00			`channel.enable = false;`
Set up homes and systems to use cache 2023-11-17 22:57:44 +00:00			`settings = with lib.my.c.nix; {`
Move NixOS and home-manager stable to 22.05 2022-05-28 18:38:03 +01:00			`trusted-users = [ "@wheel" ];`
			`experimental-features = [ "nix-command" "flakes" "ca-derivations" ];`
Set up homes and systems to use cache 2023-11-17 22:57:44 +00:00			`extra-substituters = cache.substituters;`
			`extra-trusted-public-keys = cache.keys;`
Add binary cache timeout and fallback 2023-11-18 00:10:05 +00:00			`connect-timeout = 5;`
			`fallback = true;`
Move NixOS and home-manager stable to 22.05 2022-05-28 18:38:03 +01:00			`};`
Fix pkgs ref in home-manager / NixOS registry.json 2022-06-17 22:48:47 +01:00			`registry = {`
			`pkgs = {`
			`to = {`
			`type = "path";`
nixos/common: Update registry to point to nixpkgs flake 2024-03-25 11:17:30 +00:00			`path = "${pkgsFlake}";`
Fix pkgs ref in home-manager / NixOS registry.json 2022-06-17 22:48:47 +01:00			`};`
			`exact = true;`
			`};`
			`};`
nixos/common: Add automatic Nix store GC 2022-06-06 13:24:46 +01:00			`gc = {`
			`options = mkDefault "--max-freed $((8 * 1024**3))";`
			`automatic = mkDefault true;`
			`};`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`};`
			`nixpkgs = {`
Add custom module documentation 2022-02-13 17:44:14 +00:00			`overlays = [`
Functioning installation 2022-02-19 22:55:53 +00:00			`inputs.deploy-rs.overlay`
nixos: Add Sharry file sharing service 2022-11-20 18:41:49 +00:00			`inputs.sharry.overlays.default`
nixos: Add borgthin module 2023-02-20 01:43:48 +00:00			`inputs.borgthin.overlays.default`
nixos/castle: Add boardie 2023-04-23 23:44:55 +01:00			`inputs.boardie.overlays.default`
Add custom module documentation 2022-02-13 17:44:14 +00:00			`];`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`config = {`
			`allowUnfree = true;`
Actually working (probably) root on tmpfs 2022-02-11 01:15:24 +00:00			`};`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`};`
Actually working (probably) root on tmpfs 2022-02-11 01:15:24 +00:00
Add capability to choose home-manager branch 2022-02-15 20:50:27 +00:00			`documentation = {`
Re-enable installer documentation 2022-02-21 01:15:27 +00:00			`enable = mkDefault true;`
Add capability to choose home-manager branch 2022-02-15 20:50:27 +00:00			`nixos = {`
			`enable = mkDefault true;`
			`options.warningsAreErrors = mkDefault false;`
			`};`
			`};`

Implement home-manager support 2022-02-13 23:06:31 +00:00			`time.timeZone = mkDefault "Europe/Dublin";`
Add initial config for tower 2022-09-08 20:31:44 +01:00			`i18n.defaultLocale = "en_IE.UTF-8";`
Implement home-manager support 2022-02-13 23:06:31 +00:00
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`boot = {`
			`# Use latest LTS release by default`
Upgrade nixpkgs and NixOS stable to 23.11 2023-12-03 15:06:11 +00:00			`kernelPackages = mkDefault (lib.my.c.kernel.lts pkgs);`
nixos/estuary: Implement recursive DNS 2022-05-23 00:57:25 +01:00			`kernel = {`
			`sysctl = {`
			`"net.ipv6.route.max_size" = mkDefault 16384;`
			`};`
			`};`
nixos: Switch to systemd initrd 2023-12-04 23:00:25 +00:00
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`loader = {`
			`efi = {`
			`efiSysMountPoint = mkDefault "/boot";`
Slight installer improvements 2022-06-30 00:49:23 +01:00			`# Should generally be enough with just /EFI/BOOT/BOOTX64.EFI in place`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`canTouchEfiVariables = mkDefault false;`
			`};`
Add initial installer 2022-02-17 15:47:24 +00:00			`grub = {`
			`memtest86.enable = mkDefault true;`
			`};`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`systemd-boot = {`
			`enable = mkDefault true;`
			`editor = mkDefault true;`
			`consoleMode = mkDefault "max";`
			`configurationLimit = mkDefault 10;`
			`memtest86.enable = mkDefault true;`
Actually working (probably) root on tmpfs 2022-02-11 01:15:24 +00:00			`};`
			`};`
nixos: Switch to systemd initrd 2023-12-04 23:00:25 +00:00
			`initrd = {`
			`systemd = {`
			`enable = mkDefault true;`
			`emergencyAccess = mkDefault true;`
			`};`
			`services.lvm.enable = mkDefault true;`
			`};`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`};`
Update inputs and add custom NixOS branding 2023-12-28 17:07:40 +00:00			`system = {`
			`nixos = {`
			`distroName = mkDefault' "JackOS";`
			`};`
			`};`
Use custom nix package 2022-02-06 00:19:29 +00:00
nixos: Include mutable flake in every system 2024-07-21 12:37:32 +01:00			`environment.etc = {`
			`"nixos/flake.nix".source = "/run/nixfiles/flake.nix";`
			`};`
nixos/common: Add netdata to system when enabled 2022-06-12 17:54:00 +01:00			`environment.systemPackages = with pkgs; mkMerge [`
			`[`
			`bash-completion`
devshell: Use `nixos-rebuild` instead of calling config directly 2022-09-09 14:08:37 +01:00			`git`
nixos/common: Add unzip 2023-05-13 22:19:56 +01:00			`unzip`
nixos/common: Add netdata to system when enabled 2022-06-12 17:54:00 +01:00			`]`
			`(mkIf config.services.netdata.enable [ netdata ])`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`];`
Initial basic setup 2022-02-06 00:06:26 +00:00
Use fish instead of bash as default shell 2022-02-20 23:55:51 +00:00			`programs = {`
			`# This will enable generating completions at build time and prevent home-manager fish from generating them`
			`# locally`
			`fish.enable = mkDefault true;`
nixos/common: Disable command-not-found by default 2022-06-17 22:56:22 +01:00			`# TODO: This is expecting to look up the channel for the database...`
			`command-not-found.enable = mkDefault false;`
Update nixpkgs-stable to 24.11 2024-11-30 17:45:59 +00:00			`vim = {`
			`enable = true;`
			`defaultEditor = true;`
			`};`
Use fish instead of bash as default shell 2022-02-20 23:55:51 +00:00			`};`

Add kmscon 2022-02-16 01:38:17 +00:00			`services = {`
			`kmscon = {`
Update inputs and disable kmscon 2022-02-20 16:10:57 +00:00			`# As it turns out, kmscon hasn't been updated in years and has some bugs...`
			`enable = mkDefault false;`
Add kmscon 2022-02-16 01:38:17 +00:00			`hwRender = mkDefault true;`
			`extraOptions = "--verbose";`
			`extraConfig =`
			`''`
			`font-name=SauceCodePro Nerd Font Mono`
			`'';`
			`};`
Update inputs and add custom NixOS branding 2023-12-28 17:07:40 +00:00			`getty.greetingLine = mkDefault' ''<<< Welcome to ${config.system.nixos.distroName} ${config.system.nixos.label} (\m) - \l >>>'';`
Add kmscon 2022-02-16 01:38:17 +00:00
			`openssh = {`
nixos/modules/firewall: Inherit `networking.firewall.allowed*Ports` 2022-02-17 17:08:25 +00:00			`enable = mkDefault true;`
Update inputs (stable -> 23.05) 2023-06-24 16:33:16 +01:00			`settings = {`
			`PermitRootLogin = mkDefault "no";`
			`PasswordAuthentication = mkDefault false;`
			`StrictModes = mkDefault true;`
			`};`
Add kmscon 2022-02-16 01:38:17 +00:00			`};`
nixos: Add Netdata 2022-06-12 17:27:11 +01:00
			`netdata = {`
			`config = {`
			`global = {`
			`"memory mode" = "dbengine";`
			`"page cache size" = 32;`
			`"dbengine multihost disk space" = 256;`
			`};`
nixos/common: Fix Netdata missing systemd units 2022-06-12 20:29:54 +01:00			`"plugin:cgroups" = {`
			`"cgroups to match as systemd services" =`
			`" /system.slice/system-.slice/.service !/system.slice//.service /system.slice/*.service";`
			`};`
nixos: Add Netdata 2022-06-12 17:27:11 +01:00			`};`
nixos/common: Monitor systemd units with Netdata 2022-06-12 20:20:28 +01:00			`configDir = {`
			`"go.d.conf" = mkDefault (pkgs.writeText "netdata-go.d.conf" ''`
			`modules:`
			`systemdunits: yes`
			`'');`

			`"go.d/systemdunits.conf" = mkDefault (pkgs.writeText "netdata-systemdunits.conf" ''`
			`jobs:`
			`- name: service-units`
			`include:`
			`- '*.service'`

			`- name: socket-units`
			`include:`
			`- '*.socket'`
			`'');`
			`};`
nixos: Add Netdata 2022-06-12 17:27:11 +01:00			`};`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`};`
nixos/common: Fix netdata's python.d not working 2022-06-13 02:13:50 +01:00
			`systemd = {`
nixos/common: Make Nix daemon's TMPDIR /nix/tmp 2022-10-06 11:49:27 +01:00			`tmpfiles.rules = [`
			`"d /nix/tmp 0775 root nixbld 24h"`
			`];`
nixos/common: Fix netdata's python.d not working 2022-06-13 02:13:50 +01:00			`services = {`
nixos/common: Make Nix daemon's TMPDIR /nix/tmp 2022-10-06 11:49:27 +01:00			`nix-daemon.environment.TMPDIR = "/nix/tmp";`
nixos/common: Fix netdata's python.d not working 2022-06-13 02:13:50 +01:00			`netdata = mkIf config.services.netdata.enable {`
			`# python.d plugin script does #!/usr/bin/env bash`
			`path = with pkgs; [ bash ];`
			`};`
nixos: Include mutable flake in every system 2024-07-21 12:37:32 +01:00
			`nixfiles-mutable = {`
			`description = "Mutable nixfiles";`
			`serviceConfig = {`
			`Type = "oneshot";`
			`RemainAfterExit = true;`
			`};`

			`path = with pkgs; [ util-linux ];`
			`script = ''`
			`nixfilesDir="${self}"`

			`mkdir -p /run/nixfiles{,/.rw,/.work}`
			`mount -t overlay overlay -o lowerdir="$nixfilesDir",upperdir=/run/nixfiles/.rw,workdir=/run/nixfiles/.work /run/nixfiles`
			`chmod -R u+w /run/nixfiles`
			`'';`
			`preStop = ''`
			`umount /run/nixfiles`
			`rm -rf /run/nixfiles`
			`'';`

			`wantedBy = [ "multi-user.target" ];`
			`};`
nixos/common: Fix netdata's python.d not working 2022-06-13 02:13:50 +01:00			`};`
			`};`
Add kmscon 2022-02-16 01:38:17 +00:00			`}`
			`(mkIf config.services.kmscon.enable {`
			`fonts.fonts = with pkgs; [`
Update nixpkgs-stable to 24.11 2024-11-30 17:45:59 +00:00			`nerd-fonts.sauce-code-pro`
Add kmscon 2022-02-16 01:38:17 +00:00			`];`
			`})`
			`];`
Add capability to choose home-manager branch 2022-02-15 20:50:27 +00:00
			`meta.buildDocsInSandbox = false;`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`}`