Initial basic setup

.gitignore

@@ -0,0 +1,2 @@
+result*
+*.qcow2

boxes/colony.nix

@@ -0,0 +1,6 @@
+{ lib, pkgs, inputs, ... }:
+  {
+    my = {
+      server.enable = true;
+    };
+  }

flake.lock

@@ -0,0 +1,154 @@
+{
+  "nodes": {
+    "agenix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs-unstable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1643841757,
+        "narHash": "sha256-9tKhu4JzoZvustC9IEWK6wKcDhPLuK/ICbLgm8QnLnk=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "a17d1f30550260f8b45764ddbd0391f4b1ed714a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
+    "deploy-rs": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "nixpkgs": [
+          "nixpkgs-unstable"
+        ],
+        "utils": "utils"
+      },
+      "locked": {
+        "lastModified": 1643787431,
+        "narHash": "sha256-8IwuVgXulRE3ZWq6z8mytarawC32pKPKR20EyDtSH+w=",
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "rev": "4154ba1aaaf7333a916384c348d867d03b6f1409",
+        "type": "github"
+      },
+      "original": {
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1641205782,
+        "narHash": "sha256-4jY7RCWUoZ9cKD8co0/4tFARpWB+57+r1bLLvXNJliY=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "b7547d3eed6f32d06102ead8991ec52ab0a4f1a7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1642700792,
+        "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs-unstable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1643933104,
+        "narHash": "sha256-NZPuFxRsZKN8pjRuHPpzlMyt6JQhcjiduBG8bMghSjE=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "63dccc4e60422c1db2c3929b2fd1541f36b7e664",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1643788601,
+        "narHash": "sha256-6l5Ax44pC/Oo/Muj5Y/NA27Pd38Wty/7GtGSSmYNug4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "f6ddd55d5f9d5eca08df138c248008c1ba73ecec",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-21.11",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1643805626,
+        "narHash": "sha256-AXLDVMG+UaAGsGSpOtQHPIKB+IZ0KSd9WS77aanGzgc=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "554d2d8aa25b6e583575459c297ec23750adb6cb",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-unstable",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "agenix": "agenix",
+        "deploy-rs": "deploy-rs",
+        "flake-utils": "flake-utils",
+        "home-manager": "home-manager",
+        "nixpkgs-stable": "nixpkgs-stable",
+        "nixpkgs-unstable": "nixpkgs-unstable"
+      }
+    },
+    "utils": {
+      "locked": {
+        "lastModified": 1642700792,
+        "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,84 @@
+{
+  description = "System configs";
+
+  inputs = {
+    flake-utils.url = "github:numtide/flake-utils";
+    # Used by most systems
+    nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
+    # For extra-stable systems
+    nixpkgs-stable.url = "nixpkgs/nixos-21.11";
+
+    agenix.url = "github:ryantm/agenix";
+    agenix.inputs.nixpkgs.follows = "nixpkgs-unstable";
+    deploy-rs.url = "github:serokell/deploy-rs";
+    deploy-rs.inputs.nixpkgs.follows = "nixpkgs-unstable";
+
+    home-manager.url = "github:nix-community/home-manager";
+    home-manager.inputs.nixpkgs.follows = "nixpkgs-unstable";
+  };
+
+  outputs =
+    inputs@{
+      self,
+
+      flake-utils,
+
+      nixpkgs-unstable, nixpkgs-stable,
+
+      agenix,
+      deploy-rs,
+
+      ...
+    }:
+    let
+      inherit (builtins) mapAttrs;
+      inherit (lib) genAttrs mapAttrs';
+      inherit (lib.flake) defaultSystems eachDefaultSystem;
+      inherit (lib.my) addPrefix;
+
+      extendLib = lib: lib.extend (final: prev: {
+        my = import ./util.nix { lib = final; };
+        flake = flake-utils.lib;
+      });
+      libOverlay = final: prev: { lib = extendLib prev.lib; };
+
+      pkgsFlakes = mapAttrs (_: pkgs: pkgs // { lib = extendLib pkgs.lib; }) {
+        unstable = nixpkgs-unstable;
+        stable = nixpkgs-stable;
+      };
+
+      lib = pkgsFlakes.unstable.lib;
+
+      pkgs' = mapAttrs (_: path: lib.my.mkPkgs path { overlays = [libOverlay]; }) pkgsFlakes;
+    in {
+      inherit lib;
+
+      nixosModules = mapAttrs (_: path: let path' = ./. + "/modules/${path}"; in {
+          _file = path';
+          imports = [ (import path') ];
+        }) {
+        common = "common.nix";
+        server = "server.nix";
+      };
+
+      nixosConfigurations = import ./systems.nix { inherit lib pkgsFlakes inputs; modules = self.nixosModules; };
+      vms = mapAttrs (_: system: system.config.system.build.vm) self.nixosConfigurations;
+
+      apps =
+        let apps' = {}
+          // addPrefix "vms/" (mapAttrs (name: vm: { type = "app"; program = "${vm}/bin/run-${name}-vm"; }) self.vms);
+        in { x86_64-linux = apps'; };
+
+      devShell = genAttrs defaultSystems (system:
+        let
+          pkgs = pkgs'.unstable.${system};
+          flakePkg = f: f.defaultPackage.${system};
+        in pkgs.mkShell {
+            packages = map flakePkg [
+              agenix
+              deploy-rs
+            ];
+          }
+        );
+    };
+}

modules/common.nix

@@ -0,0 +1,45 @@
+{ lib, pkgs, inputs, config, options, ... }:
+  let
+    inherit (lib) mkIf mkDefault mkAliasDefinitions;
+    inherit (lib.my) mkOpt;
+  in {
+    options.my = with lib.types; {
+      user = mkOpt (attrsOf anything) {};
+    };
+
+    config =
+      let
+        defaultUsername = "dev";
+        uname = config.my.user.name;
+      in {
+        my.user = rec {
+          name = mkDefault defaultUsername;
+          isNormalUser = true;
+          uid = mkDefault 1000;
+          extraGroups = mkDefault [ "wheel" ];
+          password = mkDefault "hunter2"; # TODO: secrets...
+        };
+
+        time.timeZone = mkDefault "Europe/Dublin";
+
+        users.mutableUsers = false;
+        users.users.${uname} = mkAliasDefinitions options.my.user;
+        users.groups.${uname}.gid = mkDefault config.users.users.${uname}.uid;
+
+        security = {
+          sudo.enable = mkDefault false;
+          doas = {
+            enable = mkDefault true;
+            wheelNeedsPassword = mkDefault false;
+          };
+        };
+
+        environment.systemPackages = with pkgs; [
+          vim
+          iperf3
+        ];
+
+        system.stateVersion = "21.11";
+        system.configurationRevision = with inputs; mkIf (self ? rev) self.rev;
+      };
+  }

modules/server.nix

@@ -0,0 +1,10 @@
+{ config, lib, ... }:
+  let
+    inherit (lib) mkIf;
+    inherit (lib.my) mkBoolOpt;
+  in {
+    options.my.server.enable = mkBoolOpt false;
+    config = mkIf config.my.server.enable {
+      services.getty.autologinUser = config.my.user.name;
+    };
+  }

systems.nix

@@ -0,0 +1,24 @@
+{ lib, pkgsFlakes, inputs, modules }:
+  let
+    inherit (builtins) attrValues mapAttrs;
+    inherit (lib) mkDefault;
+
+    mkSystem = name: {
+      system,
+      nixpkgs ? "unstable",
+      config,
+    }:
+      let
+        lib = pkgsFlakes.${nixpkgs}.lib;
+      in lib.nixosSystem {
+        inherit lib system;
+        specialArgs = { inherit inputs; myModules = modules; };
+        modules = attrValues modules ++ [ { networking.hostName = mkDefault name; } config  ];
+      };
+  in mapAttrs mkSystem {
+    colony = {
+      system = "x86_64-linux";
+      nixpkgs = "stable";
+      config = boxes/colony.nix;
+    };
+  }

util.nix

@@ -0,0 +1,15 @@
+{ lib }:
+  let
+    inherit (lib) genAttrs mapAttrs' types mkOption;
+    inherit (lib.flake) defaultSystems;
+  in {
+    addPrefix = prefix: mapAttrs' (n: v: { name = "${prefix}${n}"; value = v; });
+    mkPkgs = path: args: genAttrs defaultSystems (system: import path (args // { inherit system; }));
+
+    mkOpt = type: default: mkOption { inherit type default; };
+    mkBoolOpt = default: mkOption {
+      inherit default;
+      type = types.bool;
+      example = true;
+    };
+  }