dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Add initial installer

Browse Source
This commit is contained in:
Jack O'Sullivan 2022-02-17 15:47:24 +00:00
parent 788e476c01
commit c0414cd062
15 changed files with 169 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
flake.nix
View File

@ -90,7 +90,7 @@
})) }))
pkgsFlakes; pkgsFlakes;
modules = mapAttrs (_: f: ./. + "/modules/${f}") { modules = mapAttrs (_: f: ./. + "/nixos/modules/${f}") {
common = "common.nix"; common = "common.nix";
build = "build.nix"; build = "build.nix";
dynamic-motd = "dynamic-motd.nix"; dynamic-motd = "dynamic-motd.nix";
@ -98,7 +98,7 @@
firewall = "firewall.nix"; firewall = "firewall.nix";
server = "server.nix"; server = "server.nix";
}; };
homeModules = mapAttrs (_: f: ./. + "/home-modules/${f}") { homeModules = mapAttrs (_: f: ./. + "/home-manager/modules/${f}") {
common = "common.nix"; common = "common.nix";
gui = "gui.nix"; gui = "gui.nix";
}; };
@ -111,16 +111,17 @@
nixosModules = inlineModules modules; nixosModules = inlineModules modules;
homeModules = inlineModules homeModules; homeModules = inlineModules homeModules;
nixosConfigurations = import ./systems.nix { nixosConfigurations = import ./nixos {
inherit lib pkgsFlakes hmFlakes inputs; inherit lib pkgsFlakes hmFlakes inputs;
pkgs' = configPkgs'; pkgs' = configPkgs';
modules = attrValues modules; modules = attrValues modules;
homeModules = attrValues homeModules; homeModules = attrValues homeModules;
}; };
systems = mapAttrs (_: system: system.config.system.build.toplevel) self.nixosConfigurations; systems = mapAttrs (_: system: system.config.system.build.toplevel) self.nixosConfigurations;
vms = mapAttrs (_: system: system.config.my.build.devVM) self.nixosConfigurations; vms = mapAttrs (_: system: system.config.my.buildAs.devVM) self.nixosConfigurations;
isos = mapAttrs (_: system: system.config.my.buildAs.iso) self.nixosConfigurations;
homeConfigurations = import ./homes.nix { homeConfigurations = import ./home-manager {
inherit lib hmFlakes inputs; inherit lib hmFlakes inputs;
pkgs' = configPkgs'; pkgs' = configPkgs';
modules = attrValues homeModules; modules = attrValues homeModules;

0
homes/castle.nix → home-manager/configs/castle.nix
View File

2
homes.nix → home-manager/default.nix
View File

@ -43,7 +43,7 @@ mapAttrs mkHome {
"dev@castle" = { "dev@castle" = {
system = "x86_64-linux"; system = "x86_64-linux";
nixpkgs = "unstable"; nixpkgs = "unstable";
config = homes/castle.nix; config = configs/castle.nix;
homeDirectory = "/home/dev"; homeDirectory = "/home/dev";
username = "dev"; username = "dev";

16
home-modules/common.nix → home-manager/modules/common.nix
View File

@ -29,7 +29,7 @@ in
}; };
}) })
{ {
my.isStandalone = !(args ? sysConfig); my.isStandalone = !(args ? osConfig);
programs = { programs = {
# Even when enabled this will only be actually installed in standalone mode # Even when enabled this will only be actually installed in standalone mode
@ -37,6 +37,18 @@ in
# never care about. # never care about.
home-manager.enable = true; home-manager.enable = true;
lsd = {
enable = mkDefault true;
enableAliases = mkDefault true;
};
starship = {
enable = mkDefault true;
settings = {
aws.disabled = true;
};
};
bash = { bash = {
# This not only installs bash but has home-manager control .bashrc and friends # This not only installs bash but has home-manager control .bashrc and friends
enable = mkDefault true; enable = mkDefault true;
@ -92,7 +104,7 @@ in
language.base = mkDefault "en_IE.UTF-8"; language.base = mkDefault "en_IE.UTF-8";
}; };
} }
(mkIf (config.my.isStandalone || !args.sysConfig.home-manager.useGlobalPkgs) { (mkIf (config.my.isStandalone || !args.osConfig.home-manager.useGlobalPkgs) {
# Note: If globalPkgs mode is on, then these will be overridden by the NixOS equivalents of these options # Note: If globalPkgs mode is on, then these will be overridden by the NixOS equivalents of these options
nixpkgs = { nixpkgs = {
overlays = [ overlays = [

18
home-modules/gui.nix → home-manager/modules/gui.nix
View File

@ -12,11 +12,6 @@ in
config = mkMerge [ config = mkMerge [
(mkIf cfg.enable { (mkIf cfg.enable {
programs = {
lsd.enable = true;
starship.enable = mkDefault true;
};
home = { home = {
packages = with pkgs; [ packages = with pkgs; [
(nerdfonts.override { (nerdfonts.override {
@ -25,18 +20,5 @@ in
]; ];
}; };
}) })
{
programs = {
lsd = {
enableAliases = mkDefault true;
};
starship = {
settings = {
aws.disabled = true;
};
};
};
}
]; ];
} }

49
modules/build.nix
View File

@ -1,49 +0,0 @@
{ lib, extendModules, modulesPath, baseModules, options, config, ... }:
let
inherit (lib) recursiveUpdate mkOption mkDefault;
inherit (lib.my) mkBoolOpt' dummyOption;
cfg = config.my.build;
asDevVM = extendModules {
# TODO: Hack because this is kinda broken on 21.11 (https://github.com/NixOS/nixpkgs/issues/148343)
specialArgs = { inherit baseModules; };
modules = [
"${modulesPath}/virtualisation/qemu-vm.nix"
({ ... }: {
my.boot.isDevVM = true;
})
];
};
in
{
options = with lib.types; {
my = {
boot.isDevVM = mkBoolOpt' false "Whether the system is a development VM.";
build = options.system.build;
asDevVM = mkOption {
inherit (asDevVM) type;
default = { };
visible = "shallow";
description = "Configuration as a development VM";
};
};
# Forward declare options that won't exist until the VM module is actually imported
virtualisation = {
diskImage = dummyOption;
};
};
config = {
virtualisation = {
diskImage = mkDefault "./.vms/${config.system.name}.qcow2";
};
my.build = {
# The meta.mainProgram should probably be set upstream but oh well...
devVM = recursiveUpdate config.my.asDevVM.system.build.vm { meta.mainProgram = "run-${config.system.name}-vm"; };
};
};
meta.buildDocsInSandbox = false;
}

7
boxes/colony.nix → nixos/boxes/colony.nix
View File

@ -16,12 +16,7 @@
}; };
server.enable = true; server.enable = true;
homeConfig = { homeConfig = {};
programs = {
lsd.enable = true;
starship.enable = true;
};
};
}; };
fileSystems = { fileSystems = {

7
systems.nix → nixos/default.nix
View File

@ -108,4 +108,11 @@ mapAttrs mkSystem {
config = boxes/colony.nix; config = boxes/colony.nix;
docCustom = false; docCustom = false;
}; };
installer = {
system = "x86_64-linux";
nixpkgs = "unstable";
config = ./installer.nix;
docCustom = false;
};
} }

43
nixos/installer.nix Normal file
View File

@ -0,0 +1,43 @@
{ lib, modulesPath, config, ... }:
let
inherit (lib) mkDefault mkForce;
in
{
imports = [
# Lots of kernel modules and firmware
"${modulesPath}/profiles/all-hardware.nix"
# Useful tools to have
"${modulesPath}/profiles/base.nix"
];
# Some of this is yoinked from modules/profiles/installation-device.nix
config = {
my = {
# Whatever installer mechanism is chosen will provied an appropriate `/`
tmproot.enable = false;
firewall.nat.enable = false;
server.enable = true;
};
# Good to have docs in the installer!
documentation.enable = mkForce true;
documentation.nixos.enable = mkForce true;
# Enable wpa_supplicant, but don't start it by default.
networking.wireless.enable = mkDefault true;
networking.wireless.userControlled.enable = true;
systemd.services.wpa_supplicant.wantedBy = mkForce [];
# Tell the Nix evaluator to garbage collect more aggressively.
# This is desirable in memory-constrained environments that don't
# (yet) have swap set up.
environment.variables.GC_INITIAL_HEAP_SIZE = "1M";
# Make the installer more likely to succeed in low memory
# environments. The kernel's overcommit heustistics bite us
# fairly often, preventing processes such as nix-worker or
# download-using-manifests.pl from forking even if there is
# plenty of free memory.
boot.kernel.sysctl."vm.overcommit_memory" = "1";
};
}

82
nixos/modules/build.nix Normal file
View File

@ -0,0 +1,82 @@
{ lib, extendModules, modulesPath, baseModules, options, config, ... }:
let
inherit (lib) recursiveUpdate mkOption mkDefault mkIf mkMerge;
inherit (lib.my) mkBoolOpt' dummyOption;
cfg = config.my.build;
asDevVM = extendModules {
# TODO: Hack because this is kinda broken on 21.11 (https://github.com/NixOS/nixpkgs/issues/148343)
specialArgs = { inherit baseModules; };
modules = [
"${modulesPath}/virtualisation/qemu-vm.nix"
{ my.build.isDevVM = true; }
];
};
asISO = extendModules {
# TODO: see previous
specialArgs = { inherit baseModules; };
modules = lib.flatten [
"${modulesPath}/installer/cd-dvd/iso-image.nix"
(lib.optional config.my.build.allHardware { imports = [ "${modulesPath}/profiles/all-hardware.nix" ]; })
{
isoImage = {
makeEfiBootable = true;
makeUsbBootable = true;
# Not necessarily an installer
appendToMenuLabel = mkDefault "";
squashfsCompression = "zstd -Xcompression-level 8";
};
}
];
};
in
{
options = with lib.types; {
my = {
build = {
isDevVM = mkBoolOpt' false "Whether the system is a development VM.";
allHardware = mkBoolOpt' false
("Whether to enable a lot of firmware and kernel modules for a wide range of hardware." +
"Only applies to some build targets.");
};
asDevVM = mkOption {
inherit (asDevVM) type;
default = { };
visible = "shallow";
description = "Configuration as a development VM";
};
asISO = mkOption {
inherit (asISO) type;
default = { };
visible = "shallow";
description = "Configuration as a bootable .iso image";
};
buildAs = options.system.build;
};
# Forward declare options that won't exist until the VM module is actually imported
virtualisation = {
diskImage = dummyOption;
};
};
config = {
virtualisation = {
diskImage = mkDefault "./.vms/${config.system.name}.qcow2";
};
my = {
buildAs = {
# The meta.mainProgram should probably be set upstream but oh well...
devVM = recursiveUpdate config.my.asDevVM.system.build.vm { meta.mainProgram = "run-${config.system.name}-vm"; };
iso = config.my.asISO.system.build.isoImage;
};
};
};
meta.buildDocsInSandbox = false;
}

7
modules/common.nix → nixos/modules/common.nix
View File

@ -1,4 +1,4 @@
{ lib, pkgs, inputs, options, config, ... }: { lib, pkgs, pkgs', inputs, options, config, ... }:
let let
inherit (builtins) attrValues; inherit (builtins) attrValues;
inherit (lib) mkIf mkDefault mkMerge mkAliasDefinitions; inherit (lib) mkIf mkDefault mkMerge mkAliasDefinitions;
@ -62,6 +62,8 @@ in
nixpkgs = { nixpkgs = {
overlays = [ overlays = [
(final: prev: { nix = inputs.nix.defaultPackage.${config.nixpkgs.system}; }) (final: prev: { nix = inputs.nix.defaultPackage.${config.nixpkgs.system}; })
# TODO: Wait for https://github.com/NixOS/nixpkgs/pull/159074 to arrive to nixos-unstable
(final: prev: { remarshal = pkgs'.master.remarshal; })
]; ];
config = { config = {
allowUnfree = true; allowUnfree = true;
@ -85,6 +87,9 @@ in
efiSysMountPoint = mkDefault "/boot"; efiSysMountPoint = mkDefault "/boot";
canTouchEfiVariables = mkDefault false; canTouchEfiVariables = mkDefault false;
}; };
grub = {
memtest86.enable = mkDefault true;
};
systemd-boot = { systemd-boot = {
enable = mkDefault true; enable = mkDefault true;
editor = mkDefault true; editor = mkDefault true;

0
modules/dynamic-motd.nix → nixos/modules/dynamic-motd.nix
View File

10
modules/firewall.nix → nixos/modules/firewall.nix
View File

@ -1,7 +1,7 @@
{ lib, options, config, ... }: { lib, options, config, ... }:
let let
inherit (lib) optionalString concatStringsSep concatMapStringsSep optionalAttrs mkIf mkDefault mkMerge mkOverride; inherit (lib) optionalString concatStringsSep concatMapStringsSep optionalAttrs mkIf mkDefault mkMerge mkOverride;
inherit (lib.my) parseIPPort mkOpt' mkBoolOpt' dummyOption; inherit (lib.my) parseIPPort mkOpt' mkBoolOpt';
cfg = config.my.firewall; cfg = config.my.firewall;
in in
@ -149,7 +149,9 @@ in
${concatMapStringsSep "\n " makeFilter cfg.nat.forwardPorts} ${concatMapStringsSep "\n " makeFilter cfg.nat.forwardPorts}
} }
chain forward { chain forward {
iifname ${cfg.nat.externalInterface} jump filter-port-forwards ${optionalString
(cfg.nat.externalInterface != null)
"iifname ${cfg.nat.externalInterface} jump filter-port-forwards"}
} }
} }
@ -158,7 +160,9 @@ in
${concatMapStringsSep "\n " makeForward cfg.nat.forwardPorts} ${concatMapStringsSep "\n " makeForward cfg.nat.forwardPorts}
} }
chain prerouting { chain prerouting {
iifname ${cfg.nat.externalInterface} jump port-forward ${optionalString
(cfg.nat.externalInterface != null)
"iifname ${cfg.nat.externalInterface} jump port-forward"}
} }
} }
''; '';

0
modules/server.nix → nixos/modules/server.nix
View File

4
modules/tmproot.nix → nixos/modules/tmproot.nix
View File

@ -132,7 +132,7 @@ in
(mkIf config.security.doas.enable { (mkIf config.security.doas.enable {
my.tmproot.unsaved.ignore = [ "/etc/doas.conf" ]; my.tmproot.unsaved.ignore = [ "/etc/doas.conf" ];
}) })
(mkIf config.my.boot.isDevVM { (mkIf config.my.build.isDevVM {
my.tmproot.unsaved.ignore = [ "/nix" ]; my.tmproot.unsaved.ignore = [ "/nix" ];
fileSystems = mkVMOverride { fileSystems = mkVMOverride {
@ -199,7 +199,7 @@ in
environment.persistence."${cfg.persistDir}".files = environment.persistence."${cfg.persistDir}".files =
concatMap (k: [ k.path "${k.path}.pub" ]) config.services.openssh.hostKeys; concatMap (k: [ k.path "${k.path}.pub" ]) config.services.openssh.hostKeys;
}) })
(mkIf config.my.boot.isDevVM { (mkIf config.my.build.isDevVM {
fileSystems = mkVMOverride { fileSystems = mkVMOverride {
# Hijack the "root" device for persistence in the VM # Hijack the "root" device for persistence in the VM
"${cfg.persistDir}" = { "${cfg.persistDir}" = {