From c0414cd062ca83ccbe3d5a074a0fe09cf589c83e Mon Sep 17 00:00:00 2001 From: Jack O'Sullivan Date: Thu, 17 Feb 2022 15:47:24 +0000 Subject: [PATCH] Add initial installer --- flake.nix | 11 +-- {homes => home-manager/configs}/castle.nix | 0 homes.nix => home-manager/default.nix | 2 +- .../modules}/common.nix | 16 +++- .../modules}/gui.nix | 18 ---- modules/build.nix | 49 ----------- {boxes => nixos/boxes}/colony.nix | 7 +- systems.nix => nixos/default.nix | 7 ++ nixos/installer.nix | 43 ++++++++++ nixos/modules/build.nix | 82 +++++++++++++++++++ {modules => nixos/modules}/common.nix | 7 +- {modules => nixos/modules}/dynamic-motd.nix | 0 {modules => nixos/modules}/firewall.nix | 10 ++- {modules => nixos/modules}/server.nix | 0 {modules => nixos/modules}/tmproot.nix | 4 +- 15 files changed, 169 insertions(+), 87 deletions(-) rename {homes => home-manager/configs}/castle.nix (100%) rename homes.nix => home-manager/default.nix (97%) rename {home-modules => home-manager/modules}/common.nix (89%) rename {home-modules => home-manager/modules}/gui.nix (60%) delete mode 100644 modules/build.nix rename {boxes => nixos/boxes}/colony.nix (81%) rename systems.nix => nixos/default.nix (96%) create mode 100644 nixos/installer.nix create mode 100644 nixos/modules/build.nix rename {modules => nixos/modules}/common.nix (92%) rename {modules => nixos/modules}/dynamic-motd.nix (100%) rename {modules => nixos/modules}/firewall.nix (93%) rename {modules => nixos/modules}/server.nix (100%) rename {modules => nixos/modules}/tmproot.nix (98%) diff --git a/flake.nix b/flake.nix index fd4a7c9..c5b5442 100644 --- a/flake.nix +++ b/flake.nix @@ -90,7 +90,7 @@ })) pkgsFlakes; - modules = mapAttrs (_: f: ./. + "/modules/${f}") { + modules = mapAttrs (_: f: ./. + "/nixos/modules/${f}") { common = "common.nix"; build = "build.nix"; dynamic-motd = "dynamic-motd.nix"; @@ -98,7 +98,7 @@ firewall = "firewall.nix"; server = "server.nix"; }; - homeModules = mapAttrs (_: f: ./. + "/home-modules/${f}") { + homeModules = mapAttrs (_: f: ./. + "/home-manager/modules/${f}") { common = "common.nix"; gui = "gui.nix"; }; @@ -111,16 +111,17 @@ nixosModules = inlineModules modules; homeModules = inlineModules homeModules; - nixosConfigurations = import ./systems.nix { + nixosConfigurations = import ./nixos { inherit lib pkgsFlakes hmFlakes inputs; pkgs' = configPkgs'; modules = attrValues modules; homeModules = attrValues homeModules; }; systems = mapAttrs (_: system: system.config.system.build.toplevel) self.nixosConfigurations; - vms = mapAttrs (_: system: system.config.my.build.devVM) self.nixosConfigurations; + vms = mapAttrs (_: system: system.config.my.buildAs.devVM) self.nixosConfigurations; + isos = mapAttrs (_: system: system.config.my.buildAs.iso) self.nixosConfigurations; - homeConfigurations = import ./homes.nix { + homeConfigurations = import ./home-manager { inherit lib hmFlakes inputs; pkgs' = configPkgs'; modules = attrValues homeModules; diff --git a/homes/castle.nix b/home-manager/configs/castle.nix similarity index 100% rename from homes/castle.nix rename to home-manager/configs/castle.nix diff --git a/homes.nix b/home-manager/default.nix similarity index 97% rename from homes.nix rename to home-manager/default.nix index 4820405..d1e4597 100644 --- a/homes.nix +++ b/home-manager/default.nix @@ -43,7 +43,7 @@ mapAttrs mkHome { "dev@castle" = { system = "x86_64-linux"; nixpkgs = "unstable"; - config = homes/castle.nix; + config = configs/castle.nix; homeDirectory = "/home/dev"; username = "dev"; diff --git a/home-modules/common.nix b/home-manager/modules/common.nix similarity index 89% rename from home-modules/common.nix rename to home-manager/modules/common.nix index 81c5e7e..2341ebb 100644 --- a/home-modules/common.nix +++ b/home-manager/modules/common.nix @@ -29,7 +29,7 @@ in }; }) { - my.isStandalone = !(args ? sysConfig); + my.isStandalone = !(args ? osConfig); programs = { # Even when enabled this will only be actually installed in standalone mode @@ -37,6 +37,18 @@ in # never care about. home-manager.enable = true; + lsd = { + enable = mkDefault true; + enableAliases = mkDefault true; + }; + + starship = { + enable = mkDefault true; + settings = { + aws.disabled = true; + }; + }; + bash = { # This not only installs bash but has home-manager control .bashrc and friends enable = mkDefault true; @@ -92,7 +104,7 @@ in language.base = mkDefault "en_IE.UTF-8"; }; } - (mkIf (config.my.isStandalone || !args.sysConfig.home-manager.useGlobalPkgs) { + (mkIf (config.my.isStandalone || !args.osConfig.home-manager.useGlobalPkgs) { # Note: If globalPkgs mode is on, then these will be overridden by the NixOS equivalents of these options nixpkgs = { overlays = [ diff --git a/home-modules/gui.nix b/home-manager/modules/gui.nix similarity index 60% rename from home-modules/gui.nix rename to home-manager/modules/gui.nix index 341d327..2395932 100644 --- a/home-modules/gui.nix +++ b/home-manager/modules/gui.nix @@ -12,11 +12,6 @@ in config = mkMerge [ (mkIf cfg.enable { - programs = { - lsd.enable = true; - starship.enable = mkDefault true; - }; - home = { packages = with pkgs; [ (nerdfonts.override { @@ -25,18 +20,5 @@ in ]; }; }) - { - programs = { - lsd = { - enableAliases = mkDefault true; - }; - - starship = { - settings = { - aws.disabled = true; - }; - }; - }; - } ]; } diff --git a/modules/build.nix b/modules/build.nix deleted file mode 100644 index 6515100..0000000 --- a/modules/build.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ lib, extendModules, modulesPath, baseModules, options, config, ... }: -let - inherit (lib) recursiveUpdate mkOption mkDefault; - inherit (lib.my) mkBoolOpt' dummyOption; - - cfg = config.my.build; - - asDevVM = extendModules { - # TODO: Hack because this is kinda broken on 21.11 (https://github.com/NixOS/nixpkgs/issues/148343) - specialArgs = { inherit baseModules; }; - modules = [ - "${modulesPath}/virtualisation/qemu-vm.nix" - ({ ... }: { - my.boot.isDevVM = true; - }) - ]; - }; -in -{ - options = with lib.types; { - my = { - boot.isDevVM = mkBoolOpt' false "Whether the system is a development VM."; - build = options.system.build; - asDevVM = mkOption { - inherit (asDevVM) type; - default = { }; - visible = "shallow"; - description = "Configuration as a development VM"; - }; - }; - - # Forward declare options that won't exist until the VM module is actually imported - virtualisation = { - diskImage = dummyOption; - }; - }; - - config = { - virtualisation = { - diskImage = mkDefault "./.vms/${config.system.name}.qcow2"; - }; - my.build = { - # The meta.mainProgram should probably be set upstream but oh well... - devVM = recursiveUpdate config.my.asDevVM.system.build.vm { meta.mainProgram = "run-${config.system.name}-vm"; }; - }; - }; - - meta.buildDocsInSandbox = false; -} diff --git a/boxes/colony.nix b/nixos/boxes/colony.nix similarity index 81% rename from boxes/colony.nix rename to nixos/boxes/colony.nix index 4001869..d75e462 100644 --- a/boxes/colony.nix +++ b/nixos/boxes/colony.nix @@ -16,12 +16,7 @@ }; server.enable = true; - homeConfig = { - programs = { - lsd.enable = true; - starship.enable = true; - }; - }; + homeConfig = {}; }; fileSystems = { diff --git a/systems.nix b/nixos/default.nix similarity index 96% rename from systems.nix rename to nixos/default.nix index e92af59..aa6509c 100644 --- a/systems.nix +++ b/nixos/default.nix @@ -108,4 +108,11 @@ mapAttrs mkSystem { config = boxes/colony.nix; docCustom = false; }; + + installer = { + system = "x86_64-linux"; + nixpkgs = "unstable"; + config = ./installer.nix; + docCustom = false; + }; } diff --git a/nixos/installer.nix b/nixos/installer.nix new file mode 100644 index 0000000..2a7dcd6 --- /dev/null +++ b/nixos/installer.nix @@ -0,0 +1,43 @@ +{ lib, modulesPath, config, ... }: +let + inherit (lib) mkDefault mkForce; +in +{ + imports = [ + # Lots of kernel modules and firmware + "${modulesPath}/profiles/all-hardware.nix" + # Useful tools to have + "${modulesPath}/profiles/base.nix" + ]; + + # Some of this is yoinked from modules/profiles/installation-device.nix + config = { + my = { + # Whatever installer mechanism is chosen will provied an appropriate `/` + tmproot.enable = false; + firewall.nat.enable = false; + server.enable = true; + }; + + # Good to have docs in the installer! + documentation.enable = mkForce true; + documentation.nixos.enable = mkForce true; + + # Enable wpa_supplicant, but don't start it by default. + networking.wireless.enable = mkDefault true; + networking.wireless.userControlled.enable = true; + systemd.services.wpa_supplicant.wantedBy = mkForce []; + + # Tell the Nix evaluator to garbage collect more aggressively. + # This is desirable in memory-constrained environments that don't + # (yet) have swap set up. + environment.variables.GC_INITIAL_HEAP_SIZE = "1M"; + + # Make the installer more likely to succeed in low memory + # environments. The kernel's overcommit heustistics bite us + # fairly often, preventing processes such as nix-worker or + # download-using-manifests.pl from forking even if there is + # plenty of free memory. + boot.kernel.sysctl."vm.overcommit_memory" = "1"; + }; +} diff --git a/nixos/modules/build.nix b/nixos/modules/build.nix new file mode 100644 index 0000000..9977e57 --- /dev/null +++ b/nixos/modules/build.nix @@ -0,0 +1,82 @@ +{ lib, extendModules, modulesPath, baseModules, options, config, ... }: +let + inherit (lib) recursiveUpdate mkOption mkDefault mkIf mkMerge; + inherit (lib.my) mkBoolOpt' dummyOption; + + cfg = config.my.build; + + asDevVM = extendModules { + # TODO: Hack because this is kinda broken on 21.11 (https://github.com/NixOS/nixpkgs/issues/148343) + specialArgs = { inherit baseModules; }; + modules = [ + "${modulesPath}/virtualisation/qemu-vm.nix" + { my.build.isDevVM = true; } + ]; + }; + asISO = extendModules { + # TODO: see previous + specialArgs = { inherit baseModules; }; + modules = lib.flatten [ + "${modulesPath}/installer/cd-dvd/iso-image.nix" + (lib.optional config.my.build.allHardware { imports = [ "${modulesPath}/profiles/all-hardware.nix" ]; }) + { + isoImage = { + makeEfiBootable = true; + makeUsbBootable = true; + # Not necessarily an installer + appendToMenuLabel = mkDefault ""; + + squashfsCompression = "zstd -Xcompression-level 8"; + }; + } + ]; + }; +in +{ + options = with lib.types; { + my = { + build = { + isDevVM = mkBoolOpt' false "Whether the system is a development VM."; + allHardware = mkBoolOpt' false + ("Whether to enable a lot of firmware and kernel modules for a wide range of hardware." + + "Only applies to some build targets."); + }; + + asDevVM = mkOption { + inherit (asDevVM) type; + default = { }; + visible = "shallow"; + description = "Configuration as a development VM"; + }; + asISO = mkOption { + inherit (asISO) type; + default = { }; + visible = "shallow"; + description = "Configuration as a bootable .iso image"; + }; + + buildAs = options.system.build; + }; + + # Forward declare options that won't exist until the VM module is actually imported + virtualisation = { + diskImage = dummyOption; + }; + }; + + config = { + virtualisation = { + diskImage = mkDefault "./.vms/${config.system.name}.qcow2"; + }; + + my = { + buildAs = { + # The meta.mainProgram should probably be set upstream but oh well... + devVM = recursiveUpdate config.my.asDevVM.system.build.vm { meta.mainProgram = "run-${config.system.name}-vm"; }; + iso = config.my.asISO.system.build.isoImage; + }; + }; + }; + + meta.buildDocsInSandbox = false; +} diff --git a/modules/common.nix b/nixos/modules/common.nix similarity index 92% rename from modules/common.nix rename to nixos/modules/common.nix index 2b42305..65b3628 100644 --- a/modules/common.nix +++ b/nixos/modules/common.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, inputs, options, config, ... }: +{ lib, pkgs, pkgs', inputs, options, config, ... }: let inherit (builtins) attrValues; inherit (lib) mkIf mkDefault mkMerge mkAliasDefinitions; @@ -62,6 +62,8 @@ in nixpkgs = { overlays = [ (final: prev: { nix = inputs.nix.defaultPackage.${config.nixpkgs.system}; }) + # TODO: Wait for https://github.com/NixOS/nixpkgs/pull/159074 to arrive to nixos-unstable + (final: prev: { remarshal = pkgs'.master.remarshal; }) ]; config = { allowUnfree = true; @@ -85,6 +87,9 @@ in efiSysMountPoint = mkDefault "/boot"; canTouchEfiVariables = mkDefault false; }; + grub = { + memtest86.enable = mkDefault true; + }; systemd-boot = { enable = mkDefault true; editor = mkDefault true; diff --git a/modules/dynamic-motd.nix b/nixos/modules/dynamic-motd.nix similarity index 100% rename from modules/dynamic-motd.nix rename to nixos/modules/dynamic-motd.nix diff --git a/modules/firewall.nix b/nixos/modules/firewall.nix similarity index 93% rename from modules/firewall.nix rename to nixos/modules/firewall.nix index 57b5ba8..980bedb 100644 --- a/modules/firewall.nix +++ b/nixos/modules/firewall.nix @@ -1,7 +1,7 @@ { lib, options, config, ... }: let inherit (lib) optionalString concatStringsSep concatMapStringsSep optionalAttrs mkIf mkDefault mkMerge mkOverride; - inherit (lib.my) parseIPPort mkOpt' mkBoolOpt' dummyOption; + inherit (lib.my) parseIPPort mkOpt' mkBoolOpt'; cfg = config.my.firewall; in @@ -149,7 +149,9 @@ in ${concatMapStringsSep "\n " makeFilter cfg.nat.forwardPorts} } chain forward { - iifname ${cfg.nat.externalInterface} jump filter-port-forwards + ${optionalString + (cfg.nat.externalInterface != null) + "iifname ${cfg.nat.externalInterface} jump filter-port-forwards"} } } @@ -158,7 +160,9 @@ in ${concatMapStringsSep "\n " makeForward cfg.nat.forwardPorts} } chain prerouting { - iifname ${cfg.nat.externalInterface} jump port-forward + ${optionalString + (cfg.nat.externalInterface != null) + "iifname ${cfg.nat.externalInterface} jump port-forward"} } } ''; diff --git a/modules/server.nix b/nixos/modules/server.nix similarity index 100% rename from modules/server.nix rename to nixos/modules/server.nix diff --git a/modules/tmproot.nix b/nixos/modules/tmproot.nix similarity index 98% rename from modules/tmproot.nix rename to nixos/modules/tmproot.nix index acd1240..d32e52f 100644 --- a/modules/tmproot.nix +++ b/nixos/modules/tmproot.nix @@ -132,7 +132,7 @@ in (mkIf config.security.doas.enable { my.tmproot.unsaved.ignore = [ "/etc/doas.conf" ]; }) - (mkIf config.my.boot.isDevVM { + (mkIf config.my.build.isDevVM { my.tmproot.unsaved.ignore = [ "/nix" ]; fileSystems = mkVMOverride { @@ -199,7 +199,7 @@ in environment.persistence."${cfg.persistDir}".files = concatMap (k: [ k.path "${k.path}.pub" ]) config.services.openssh.hostKeys; }) - (mkIf config.my.boot.isDevVM { + (mkIf config.my.build.isDevVM { fileSystems = mkVMOverride { # Hijack the "root" device for persistence in the VM "${cfg.persistDir}" = {