diff --git a/flake.nix b/flake.nix index 3e7e962..2e1b0ab 100644 --- a/flake.nix +++ b/flake.nix @@ -39,10 +39,10 @@ ... }: let - inherit (builtins) mapAttrs attrValues; - inherit (lib) recurseIntoAttrs filterAttrs; + inherit (builtins) mapAttrs; + inherit (lib) recurseIntoAttrs filterAttrs evalModules; inherit (lib.flake) flattenTree eachDefaultSystem; - inherit (lib.my) inlineModules mkDefaultSystemsPkgs flakePackageOverlay; + inherit (lib.my) mkDefaultSystemsPkgs flakePackageOverlay; # Extend a lib with extras that _must not_ internally reference private nixpkgs. flake-utils doesn't, but many # other flakes (e.g. home-manager) probably do internally. @@ -90,41 +90,40 @@ })) pkgsFlakes; - modules = mapAttrs (_: f: ./. + "/nixos/modules/${f}") { - common = "common.nix"; - user = "user.nix"; - build = "build.nix"; - dynamic-motd = "dynamic-motd.nix"; - tmproot = "tmproot.nix"; - firewall = "firewall.nix"; - server = "server.nix"; - deploy-rs = "deploy-rs.nix"; - }; - homeModules = mapAttrs (_: f: ./. + "/home-manager/modules/${f}") { - common = "common.nix"; - gui = "gui.nix"; + configs = [ + # Systems + nixos/boxes/colony.nix + nixos/installer.nix + + # Homes + home-manager/configs/castle.nix + ]; + + nixfiles = evalModules { + modules = [ + { + _module.args = { + inherit lib pkgsFlakes hmFlakes inputs; + pkgs' = configPkgs'; + }; + } + + ./nixos + ./home-manager + ] ++ configs; }; in # Platform independent stuff { lib = lib.my; nixpkgs = pkgs'; + inherit nixfiles; - nixosModules = inlineModules modules; - homeModules = inlineModules homeModules; + nixosModules = nixfiles.config.nixos.modules; + homeModules = nixfiles.config.home-manager.modules; - nixosConfigurations = import ./nixos { - inherit lib pkgsFlakes hmFlakes inputs; - pkgs' = configPkgs'; - modules = attrValues modules; - homeModules = attrValues homeModules; - }; - - homeConfigurations = import ./home-manager { - inherit lib hmFlakes inputs; - pkgs' = configPkgs'; - modules = attrValues homeModules; - }; + nixosConfigurations = mapAttrs (_: s: s.configuration) nixfiles.config.nixos.systems; + homeConfigurations = mapAttrs (_: s: s.configuration) nixfiles.config.home-manager.homes; deploy = { nodes = filterAttrs (_: n: n != null) @@ -142,7 +141,7 @@ # Stuff for each platform { checks = flattenTree { - homeConfigurations = recurseIntoAttrs self.homes; + homeConfigurations = recurseIntoAttrs (mapAttrs (_: h: h.activationPackage) self.homeConfigurations); deploy = recurseIntoAttrs (pkgs.deploy-rs.lib.deployChecks self.deploy); }; diff --git a/home-manager/configs/castle.nix b/home-manager/configs/castle.nix index db29b92..77e0ccd 100644 --- a/home-manager/configs/castle.nix +++ b/home-manager/configs/castle.nix @@ -1,20 +1,29 @@ -{ pkgs, ... }: { - # So home-manager will inject the sourcing of ~/.nix-profile/etc/profile.d/nix.sh - targets.genericLinux.enable = true; + home-manager.homes."dev@castle" = { + system = "x86_64-linux"; + nixpkgs = "unstable"; + homeDirectory = "/home/dev"; + username = "dev"; - my = { - ssh.matchBlocks = { - home = { - host = - "vm keep.core fw firewall moat.vm storage cellar.vm lxd ship.vm docker whale.vm kerberos gatehouse.lxd " + - "nginx.lxd upnp.lxd souterrain.lxd drawbridge.lxd mailcow.lxd"; - user = "root"; + configuration = { pkgs, ... }: + { + # So home-manager will inject the sourcing of ~/.nix-profile/etc/profile.d/nix.sh + targets.genericLinux.enable = true; + + my = { + ssh.matchBlocks = { + home = { + host = + "vm keep.core fw firewall moat.vm storage cellar.vm lxd ship.vm docker whale.vm kerberos gatehouse.lxd " + + "nginx.lxd upnp.lxd souterrain.lxd drawbridge.lxd mailcow.lxd"; + user = "root"; + }; + }; + }; + + programs = { + kakoune.enable = true; + }; }; - }; - }; - - programs = { - kakoune.enable = true; }; } diff --git a/home-manager/default.nix b/home-manager/default.nix index d1e4597..b219b7f 100644 --- a/home-manager/default.nix +++ b/home-manager/default.nix @@ -1,51 +1,69 @@ -{ lib, hmFlakes, inputs, pkgs', modules }: +{ lib, hmFlakes, inputs, pkgs', config, ... }: let - inherit (builtins) removeAttrs mapAttrs; - inherit (lib) flatten optional recursiveUpdate; - inherit (lib.my) homeStateVersion; + inherit (builtins) head tail mapAttrs attrValues; + inherit (lib) flatten optional mkOption mkOptionType; + inherit (lib.my) homeStateVersion mkOpt' commonOpts inlineModule'; - mkHome = name: { - system, - nixpkgs ? "unstable", - home-manager ? nixpkgs, - config, - ... - }@args: - let - rest = removeAttrs args [ "nixpkgs" "home-manager" "config" ]; - in + cfg = config.home-manager; + + mkHome = { + config', + defs, + }: # homeManagerConfiguration doesn't allow us to set lib directly (inherits from passed pkgs) - hmFlakes.${home-manager}.lib.homeManagerConfiguration (recursiveUpdate rest { - configuration = config; + hmFlakes.${config'.home-manager}.lib.homeManagerConfiguration { + inherit (config') system homeDirectory username; + # Pull the first def as `configuration` and add any others to `extraModules` (they should end up in the same list + # of modules to evaluate anyway) + configuration = head defs; # Passing pkgs here doesn't set the global pkgs, just where it'll be imported from (and where the global lib is # derived from). We want home-manager to import pkgs itself so it'll apply config and overlays modularly. Any config # and overlays previously applied will be passed on by `homeManagerConfiguration` though. - pkgs = pkgs'.${nixpkgs}.${system}; - extraModules = modules ++ [ + pkgs = pkgs'.${config'.nixpkgs}.${config'.system}; + extraSpecialArgs = { inherit inputs; }; + extraModules = (attrValues cfg.modules) ++ [ { warnings = flatten [ - (optional (nixpkgs != home-manager) + (optional (config'.nixpkgs != config'.home-manager) '' - Using nixpkgs ${nixpkgs} with home-manager ${home-manager} may cause issues. + Using nixpkgs ${config'.nixpkgs} with home-manager ${config'.home-manager} may cause issues. '') ]; _module.args = { - inherit inputs; - pkgs' = mapAttrs (_: p: p.${system}) pkgs'; + pkgs' = mapAttrs (_: p: p.${config'.system}) pkgs'; }; } - (homeStateVersion home-manager) - ]; - }); -in -mapAttrs mkHome { - "dev@castle" = { - system = "x86_64-linux"; - nixpkgs = "unstable"; - config = configs/castle.nix; + (homeStateVersion config'.home-manager) + ] ++ (tail defs); + }; - homeDirectory = "/home/dev"; - username = "dev"; + homeOpts = with lib.types; { config, ... }: { + options = { + inherit (commonOpts) system nixpkgs home-manager; + # TODO: docCustom for home-manager? + homeDirectory = mkOpt' str null "Absolute path to home directory."; + username = mkOpt' str null "Username for the configuration."; + + configuration = mkOption { + description = "home-manager configuration module."; + type = mkOptionType { + name = "home-manager configuration"; + merge = _: defs: mkHome { + config' = config; + defs = map (d: inlineModule' d.file d.value) defs; + }; + }; + }; + }; + }; +in +{ + imports = [ modules/_list.nix ]; + options = with lib.types; { + home-manager = { + modules = mkOpt' (attrsOf commonOpts.moduleType) { } "home-manager modules to be exported by nixfiles."; + homes = mkOpt' (attrsOf (submodule homeOpts)) { } "home-manager configurations to be exported by nixfiles."; + }; }; } diff --git a/home-manager/modules/_list.nix b/home-manager/modules/_list.nix new file mode 100644 index 0000000..12c913a --- /dev/null +++ b/home-manager/modules/_list.nix @@ -0,0 +1,6 @@ +{ + home-manager.modules = { + common = ./common.nix; + gui = ./gui.nix; + }; +} diff --git a/lib.nix b/lib.nix index 39c7b02..617571a 100644 --- a/lib.nix +++ b/lib.nix @@ -3,11 +3,10 @@ let inherit (builtins) replaceStrings elemAt mapAttrs; inherit (lib) genAttrs mapAttrs' mapAttrsToList filterAttrsRecursive nameValuePair types - mkOption mkOverride mkForce; + mkOption mkOverride mkForce mergeEqualOption; inherit (lib.flake) defaultSystems; in rec { - addPrefix = prefix: mapAttrs' (n: v: { name = "${prefix}${n}"; value = v; }); # Yoinked from nixpkgs/nixos/modules/services/networking/nat.nix isIPv6 = ip: builtins.length (lib.splitString ":" ip) > 2; parseIPPort = ipp: @@ -31,13 +30,6 @@ rec { let app = pkgs.writeShellApplication args; in mkApp "${app}/bin/${app.meta.mainProgram}"; - inlineModules = modules: mapAttrs - (_: path: - { - _file = path; - imports = [ (import path) ]; - }) - modules; flakePackageOverlay' = flake: pkg: system: (final: prev: let pkg' = if pkg != null then flake.packages.${system}.${pkg} else flake.defaultPackage.${system}; @@ -48,6 +40,12 @@ rec { }); flakePackageOverlay = flake: flakePackageOverlay' flake null; + inlineModule' = path: module: { + _file = path; + imports = [ module ]; + }; + inlineModule = path: inlineModule' path (import path); + # Merge together modules which are defined as functions with others that aren't naiveModule = with types; (coercedTo (attrsOf anything) (conf: { ... }: conf) (functionTo (attrsOf anything))); @@ -75,6 +73,17 @@ rec { home.stateVersion = mkForce (if hmBranch == "unstable" then "22.05" else "21.11"); }; + commonOpts = with types; { + moduleType = mkOptionType { + name = "Inline flake-exportable module"; + merge = loc: defs: inlineModule (mergeEqualOption loc defs); + }; + + system = mkOpt' (enum defaultSystems) null "Nix-style system string."; + nixpkgs = mkOpt' (enum [ "master" "unstable" "stable" "mine" ]) "unstable" "Branch of nixpkgs to use."; + home-manager = mkOpt' (enum [ "unstable" "stable" ]) "unstable" "Branch of home-manager to use."; + }; + deploy-rs = with types; let diff --git a/nixos/boxes/colony.nix b/nixos/boxes/colony.nix index 0682b5d..6fedf28 100644 --- a/nixos/boxes/colony.nix +++ b/nixos/boxes/colony.nix @@ -1,44 +1,53 @@ -{ lib, pkgs, modulesPath, ... }: { - imports = [ "${modulesPath}/profiles/qemu-guest.nix" ]; + nixos.systems.colony = { + system = "x86_64-linux"; + nixpkgs = "stable"; + home-manager = "unstable"; + docCustom = false; - my = { - firewall = { - trustedInterfaces = [ "blah" ]; - nat = { - externalInterface = "eth0"; - forwardPorts = [ - { - proto = "tcp"; - sourcePort = 2222; - destination = "127.0.0.1:22"; - } - ]; + configuration = { lib, pkgs, modulesPath, ... }: + { + imports = [ "${modulesPath}/profiles/qemu-guest.nix" ]; + + my = { + firewall = { + trustedInterfaces = [ "blah" ]; + nat = { + externalInterface = "eth0"; + forwardPorts = [ + { + proto = "tcp"; + sourcePort = 2222; + destination = "127.0.0.1:22"; + } + ]; + }; + }; + server.enable = true; + tmproot.unsaved.ignore = [ + "/var/db/dhcpcd/enp1s0.lease" + ]; + }; + + fileSystems = { + "/boot" = { + device = "/dev/disk/by-label/ESP"; + fsType = "vfat"; + }; + "/nix" = { + device = "/dev/disk/by-label/nix"; + fsType = "ext4"; + }; + "/persist" = { + device = "/dev/disk/by-label/persist"; + fsType = "ext4"; + neededForBoot = true; + }; + }; + + networking = { + interfaces.enp1s0.useDHCP = true; + }; }; - }; - server.enable = true; - tmproot.unsaved.ignore = [ - "/var/db/dhcpcd/enp1s0.lease" - ]; - }; - - fileSystems = { - "/boot" = { - device = "/dev/disk/by-label/ESP"; - fsType = "vfat"; - }; - "/nix" = { - device = "/dev/disk/by-label/nix"; - fsType = "ext4"; - }; - "/persist" = { - device = "/dev/disk/by-label/persist"; - fsType = "ext4"; - neededForBoot = true; - }; - }; - - networking = { - interfaces.enp1s0.useDHCP = true; }; } diff --git a/nixos/default.nix b/nixos/default.nix index aa6509c..ecf12b4 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -1,71 +1,64 @@ -{ lib, pkgsFlakes, hmFlakes, inputs, pkgs', modules, homeModules }: +{ lib, pkgsFlakes, hmFlakes, inputs, pkgs', config, ... }: let inherit (builtins) attrValues mapAttrs; - inherit (lib) flatten optional optionals mkDefault mkForce; - inherit (lib.my) homeStateVersion; + inherit (lib) substring flatten optional optionals mkDefault mkOption mkOptionType; + inherit (lib.my) homeStateVersion mkOpt' mkBoolOpt' commonOpts inlineModule'; + + cfg = config.nixos; mkSystem = - name: { - system, - - nixpkgs ? "unstable", - home-manager ? nixpkgs, - hmNixpkgs ? home-manager, - - config, - # This causes a (very slow) docs rebuild on every change to a module's options it seems - docCustom ? true, + { + name, + config', + defs, }: let # The flake contains `nixosSystem`, so we do need it (if we didn't have the TODO hacked version anyway) - pkgsFlake = pkgsFlakes.${nixpkgs}; + pkgsFlake = pkgsFlakes.${config'.nixpkgs}; # TODO: This is mostly yoinked from nixpkgs/flake.nix master (as of 2022/02/11) since 21.11's version has hacky # vm build stuff that breaks our impl. REMOVE WHEN 22.05 IS OUT! nixosSystem' = args: import "${pkgsFlake}/nixos/lib/eval-config.nix" (args // { modules = args.modules ++ [{ system.nixos.versionSuffix = - ".${lib.substring 0 8 pkgsFlake.lastModifiedDate}.${pkgsFlake.shortRev}"; + ".${substring 0 8 pkgsFlake.lastModifiedDate}.${pkgsFlake.shortRev}"; system.nixos.revision = pkgsFlake.rev; }]; }); - modules' = [ - # Importing modules from module args causes infinite recursion - inputs.impermanence.nixosModule - hmFlake.nixosModule - inputs.agenix.nixosModules.age - ] ++ modules; - pkgs = pkgs'.${nixpkgs}.${system}; - allPkgs = mapAttrs (_: p: p.${system}) pkgs'; + pkgs = pkgs'.${config'.nixpkgs}.${config'.system}; + allPkgs = mapAttrs (_: p: p.${config'.system}) pkgs'; - hmFlake = hmFlakes.${home-manager}; + modules' = [ hmFlakes.${config'.home-manager}.nixosModule ] ++ (attrValues cfg.modules); in nixosSystem' { # Gotta override lib here unforunately, eval-config.nix likes to import its own (unextended) lib. We explicitly # don't pass pkgs so that it'll be imported with modularly applied config and overlays. lib = pkgs.lib; + + # Put the inputs in specialArgs to avoid infinite recursion when modules try to do imports + specialArgs = { inherit inputs; }; + # `baseModules` informs the manual which modules to document baseModules = - (import "${pkgsFlake}/nixos/modules/module-list.nix") ++ (optionals docCustom modules'); - modules = (optionals (!docCustom) modules') ++ [ - (modArgs: { + (import "${pkgsFlake}/nixos/modules/module-list.nix") ++ (optionals config'.docCustom modules'); + modules = (optionals (!config'.docCustom) modules') ++ [ + (sysModArgs: { warnings = flatten [ - (optional (modArgs.config.home-manager.useGlobalPkgs && (nixpkgs != home-manager)) + (optional (sysModArgs.config.home-manager.useGlobalPkgs && (config'.nixpkgs != config'.home-manager)) '' - Using global nixpkgs ${nixpkgs} with home-manager ${home-manager} may cause problems. + Using global nixpkgs ${config'.nixpkgs} with home-manager ${config'.home-manager} may cause problems. '') ]; _module.args = { - inherit inputs; pkgs' = allPkgs; }; system.name = name; networking.hostName = mkDefault name; nixpkgs = { - inherit system; + inherit (config') system; # Make sure any previously set config / overlays (e.g. lib which will be inherited by home-manager down the # line) are passed on when nixpkgs is imported. inherit (pkgs) config overlays; @@ -74,45 +67,61 @@ let # Unfortunately it seems there's no way to fully decouple home-manager's lib from NixOS's pkgs.lib. :( # https://github.com/nix-community/home-manager/blob/7c2ae0bdd20ddcaafe41ef669226a1df67f8aa06/nixos/default.nix#L22 home-manager = { + extraSpecialArgs = { inherit inputs; }; # Optimise if system and home-manager nixpkgs are the same - useGlobalPkgs = mkDefault (nixpkgs == home-manager); - sharedModules = homeModules ++ [ + useGlobalPkgs = mkDefault (config'.nixpkgs == config'.home-manager); + sharedModules = (attrValues config.home-manager.modules) ++ [ { warnings = flatten [ - (optional (!modArgs.config.home-manager.useGlobalPkgs && (hmNixpkgs != home-manager)) + (optional (!sysModArgs.config.home-manager.useGlobalPkgs && (config'.hmNixpkgs != config'.home-manager)) '' - Using per-user nixpkgs ${hmNixpkgs} with home-manager ${home-manager} may cause issues. + Using per-user nixpkgs ${config'.hmNixpkgs} with home-manager ${config'.home-manager} + may cause issues. '') ]; - # pkgsPath is used by home-manager's nixkpgs module to import nixpkgs (i.e. if !useGlobalPkgs) + # pkgsPath is used by home-manager's nixpkgs module to import nixpkgs (i.e. if !useGlobalPkgs) _module.args = { - inherit inputs; - pkgsPath = toString pkgsFlakes.${hmNixpkgs}; + pkgsPath = toString pkgsFlakes.${config'.hmNixpkgs}; pkgs' = allPkgs; }; } - (homeStateVersion home-manager) + (homeStateVersion config'.home-manager) ]; }; }) - config - ]; + ] ++ defs; }; -in -mapAttrs mkSystem { - colony = { - system = "x86_64-linux"; - nixpkgs = "stable"; - home-manager = "unstable"; - config = boxes/colony.nix; - docCustom = false; - }; - installer = { - system = "x86_64-linux"; - nixpkgs = "unstable"; - config = ./installer.nix; - docCustom = false; + systemOpts = with lib.types; { name, config, ... }: { + options = { + inherit (commonOpts) system nixpkgs home-manager; + hmNixpkgs = commonOpts.nixpkgs; + # This causes a (very slow) docs rebuild on every change to a module's options it seems + docCustom = mkBoolOpt' false "Whether to document nixfiles' custom NixOS modules."; + + configuration = mkOption { + description = "NixOS configuration module."; + # Based on the definition of containers..config + type = mkOptionType { + name = "Toplevel NixOS config"; + merge = _: defs: mkSystem { + inherit name; + config' = config; + defs = map (d: inlineModule' d.file d.value) defs; + }; + }; + }; + }; + }; +in +{ + imports = [ modules/_list.nix ]; + + options = with lib.types; { + nixos = { + modules = mkOpt' (attrsOf commonOpts.moduleType) { } "NixOS modules to be exported by nixfiles."; + systems = mkOpt' (attrsOf (submodule systemOpts)) { } "NixOS systems to be exported by nixfiles."; + }; }; } diff --git a/nixos/installer.nix b/nixos/installer.nix index 52b2c37..0df78d4 100644 --- a/nixos/installer.nix +++ b/nixos/installer.nix @@ -1,97 +1,106 @@ -{ lib, pkgs, modulesPath, config, ... }: -let - inherit (lib) mkDefault mkForce mkImageMediaOverride; - - installRoot = "/mnt"; -in { - imports = [ - # Lots of kernel modules and firmware - "${modulesPath}/profiles/all-hardware.nix" - # Useful tools to have - "${modulesPath}/profiles/base.nix" - ]; + nixos.systems.installer = { + system = "x86_64-linux"; + nixpkgs = "unstable"; + docCustom = false; - config = { - my = { - # Whatever installer mechanism is chosen will provied an appropriate `/` - tmproot.enable = false; - firewall.nat.enable = false; - deploy.enable = false; - user.enable = false; + configuration = + { lib, pkgs, modulesPath, config, ... }: + let + inherit (lib) mkDefault mkForce mkImageMediaOverride; - server.enable = true; - }; + installRoot = "/mnt"; + in + { + imports = [ + # Lots of kernel modules and firmware + "${modulesPath}/profiles/all-hardware.nix" + # Useful tools to have + "${modulesPath}/profiles/base.nix" + ]; - environment.sessionVariables = { - INSTALL_ROOT = installRoot; - }; - users.users.root.openssh.authorizedKeys.keyFiles = [ lib.my.authorizedKeys ]; - home-manager.users.root = { - programs = { - starship.settings = { - hostname.ssh_only = false; + config = { + my = { + # Whatever installer mechanism is chosen will provied an appropriate `/` + tmproot.enable = false; + firewall.nat.enable = false; + deploy.enable = false; + user.enable = false; + + server.enable = true; + }; + + environment.sessionVariables = { + INSTALL_ROOT = installRoot; + }; + users.users.root.openssh.authorizedKeys.keyFiles = [ lib.my.authorizedKeys ]; + home-manager.users.root = { + programs = { + starship.settings = { + hostname.ssh_only = false; + }; + }; + + home.shellAliases = { + show-hw-config = "nixos-generate-config --show-hardware-config --root $INSTALL_ROOT"; + }; + }; + + services = { + openssh = { + permitRootLogin = mkImageMediaOverride "prohibit-password"; + }; + }; + + # Will be set dynamically + networking.hostName = ""; + + # This should be overridden by whatever boot mechanism is used + fileSystems."/" = mkDefault { + device = "none"; + fsType = "tmpfs"; + }; + + systemd.tmpfiles.rules = [ + "d ${installRoot} 0755 root root" + ]; + boot.postBootCommands = + '' + ${pkgs.nettools}/bin/hostname "installer-$(${pkgs.coreutils}/bin/head -c4 /dev/urandom | \ + ${pkgs.coreutils}/bin/od -A none -t x4 | \ + ${pkgs.gawk}/bin/awk '{ print $1 }')" + ''; + + environment.systemPackages = with pkgs; [ + # We disable networking.useDHCP, so bring these in for the user + # dhcpcd probably has more features, but dhclient actually seems a bit more simple + (pkgs.writeShellScriptBin "dhclient" ''exec ${pkgs.dhcp}/bin/dhclient -v "$@"'') + dhcpcd + ]; + + # Much of this onwards is yoinked from modules/profiles/installation-device.nix + # Good to have docs in the installer! + # TODO: docs rebuilding every time? + documentation.enable = mkForce false; + documentation.nixos.enable = mkForce false; + + # Enable wpa_supplicant, but don't start it by default. + networking.wireless.enable = mkDefault true; + networking.wireless.userControlled.enable = true; + systemd.services.wpa_supplicant.wantedBy = mkForce []; + + # Tell the Nix evaluator to garbage collect more aggressively. + # This is desirable in memory-constrained environments that don't + # (yet) have swap set up. + environment.variables.GC_INITIAL_HEAP_SIZE = "1M"; + + # Make the installer more likely to succeed in low memory + # environments. The kernel's overcommit heustistics bite us + # fairly often, preventing processes such as nix-worker or + # download-using-manifests.pl from forking even if there is + # plenty of free memory. + boot.kernel.sysctl."vm.overcommit_memory" = "1"; }; }; - - home.shellAliases = { - show-hw-config = "nixos-generate-config --show-hardware-config --root $INSTALL_ROOT"; - }; - }; - - services = { - openssh = { - permitRootLogin = mkImageMediaOverride "prohibit-password"; - }; - }; - - # Will be set dynamically - networking.hostName = ""; - - # This should be overridden by whatever boot mechanism is used - fileSystems."/" = mkDefault { - device = "none"; - fsType = "tmpfs"; - }; - - systemd.tmpfiles.rules = [ - "d ${installRoot} 0755 root root" - ]; - boot.postBootCommands = - '' - ${pkgs.nettools}/bin/hostname "installer-$(${pkgs.coreutils}/bin/head -c4 /dev/urandom | \ - ${pkgs.coreutils}/bin/od -A none -t x4 | \ - ${pkgs.gawk}/bin/awk '{ print $1 }')" - ''; - - environment.systemPackages = with pkgs; [ - # We disable networking.useDHCP, so bring these in for the user - # dhcpcd probably has more features, but dhclient actually seems a bit more simple - (pkgs.writeShellScriptBin "dhclient" ''exec ${pkgs.dhcp}/bin/dhclient -v "$@"'') - dhcpcd - ]; - - # Much of this onwards is yoinked from modules/profiles/installation-device.nix - # Good to have docs in the installer! - # TODO: docs rebuilding every time? - documentation.enable = mkForce false; - documentation.nixos.enable = mkForce false; - - # Enable wpa_supplicant, but don't start it by default. - networking.wireless.enable = mkDefault true; - networking.wireless.userControlled.enable = true; - systemd.services.wpa_supplicant.wantedBy = mkForce []; - - # Tell the Nix evaluator to garbage collect more aggressively. - # This is desirable in memory-constrained environments that don't - # (yet) have swap set up. - environment.variables.GC_INITIAL_HEAP_SIZE = "1M"; - - # Make the installer more likely to succeed in low memory - # environments. The kernel's overcommit heustistics bite us - # fairly often, preventing processes such as nix-worker or - # download-using-manifests.pl from forking even if there is - # plenty of free memory. - boot.kernel.sysctl."vm.overcommit_memory" = "1"; }; } diff --git a/nixos/modules/_list.nix b/nixos/modules/_list.nix new file mode 100644 index 0000000..da24a82 --- /dev/null +++ b/nixos/modules/_list.nix @@ -0,0 +1,12 @@ +{ + nixos.modules = { + common = ./common.nix; + user = ./user.nix; + build = ./build.nix; + dynamic-motd = ./dynamic-motd.nix; + tmproot = ./tmproot.nix; + firewall = ./firewall.nix; + server = ./server.nix; + deploy-rs = ./deploy-rs.nix; + }; +} diff --git a/nixos/modules/common.nix b/nixos/modules/common.nix index d55ef55..2c7f89c 100644 --- a/nixos/modules/common.nix +++ b/nixos/modules/common.nix @@ -17,6 +17,11 @@ in documentation.nixos.options.warningsAreErrors = dummyOption; }; + imports = [ + inputs.impermanence.nixosModule + inputs.agenix.nixosModules.age + ]; + config = mkMerge [ { home-manager = {