migrate to fup
This commit is contained in:
parent
8a3b7aaa57
commit
0f3dabe547
@ -1,5 +0,0 @@
|
|||||||
status = [ "check" ]
|
|
||||||
|
|
||||||
required_approvals = 1
|
|
||||||
|
|
||||||
up_to_date_approvals = true
|
|
@ -1,15 +0,0 @@
|
|||||||
{
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
budUtils,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
bud.cmds = with pkgs; {
|
|
||||||
get = {
|
|
||||||
writer = budUtils.writeBashWithPaths [nixUnstable git coreutils];
|
|
||||||
synopsis = "get [DEST]";
|
|
||||||
help = "Copy the desired template to DEST";
|
|
||||||
script = ./get.bash;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -1 +0,0 @@
|
|||||||
nix flake new -t "github:divnix/devos/main" "${2:-devos}"
|
|
16
default.nix
16
default.nix
@ -1,16 +0,0 @@
|
|||||||
let
|
|
||||||
inherit (default.inputs.nixos) lib;
|
|
||||||
default = (import ./lib/compat).defaultNix;
|
|
||||||
ciSystems = ["aarch64-linux" "i686-linux" "x86_64-linux"];
|
|
||||||
filterSystems = lib.filterAttrs (system: _: lib.elem system ciSystems);
|
|
||||||
recurseIntoAttrsRecursive = lib.mapAttrs (_: v:
|
|
||||||
if lib.isAttrs v
|
|
||||||
then recurseIntoAttrsRecursive (lib.recurseIntoAttrs v)
|
|
||||||
else v);
|
|
||||||
systemOutputs =
|
|
||||||
lib.filterAttrs
|
|
||||||
(name: set: lib.isAttrs set && lib.any (system: set ? ${system} && name != "legacyPackages") ciSystems)
|
|
||||||
default.outputs;
|
|
||||||
ciDrvs = lib.mapAttrs (_: system: filterSystems system) systemOutputs;
|
|
||||||
in
|
|
||||||
(recurseIntoAttrsRecursive ciDrvs) // {shell = import ./shell.nix;}
|
|
1
doc/.gitignore
vendored
1
doc/.gitignore
vendored
@ -1 +0,0 @@
|
|||||||
book
|
|
@ -1,18 +0,0 @@
|
|||||||
# Pull Requests
|
|
||||||
|
|
||||||
## TL;DR;
|
|
||||||
- **Target Branch**: `main`
|
|
||||||
- **Merge Policy**: [`bors`][bors] is always right (→ `bors try`)
|
|
||||||
- **Docs**: every changeset is expected to contain doc updates
|
|
||||||
- **Commit Msg**: be a poet! Comprehensive and explanatory commit messages
|
|
||||||
should cover the motivation and use case in an easily understandable manner
|
|
||||||
even when read after a few months.
|
|
||||||
- **Test Driven Development**: please default to test driven development where possible.
|
|
||||||
|
|
||||||
### Within the Devshell (`nix develop`)
|
|
||||||
- **Hooks**: please `git commit` within the devshell
|
|
||||||
- **Fail Early**: please run from within the devshell on your local machine:
|
|
||||||
- `nix flake check`
|
|
||||||
|
|
||||||
[bors]: https://bors.tech
|
|
||||||
|
|
@ -1,28 +0,0 @@
|
|||||||
# Summary
|
|
||||||
|
|
||||||
- [Introduction](../README.md)
|
|
||||||
- [Quick Start](./start/index.md)
|
|
||||||
- [ISO](./start/iso.md)
|
|
||||||
- [Bootstrapping](./start/bootstrapping.md)
|
|
||||||
- [From NixOS](./start/from-nixos.md)
|
|
||||||
- [Key Concepts](./concepts/index.md)
|
|
||||||
- [Hosts](./concepts/hosts.md)
|
|
||||||
- [Overrides](./concepts/overrides.md)
|
|
||||||
- [Profiles](./concepts/profiles.md)
|
|
||||||
- [Suites](./concepts/suites.md)
|
|
||||||
- [Users](./concepts/users.md)
|
|
||||||
- [Outputs](./outputs/index.md)
|
|
||||||
- [Modules](./outputs/modules.md)
|
|
||||||
- [Overlays](./outputs/overlays.md)
|
|
||||||
- [Packages](./outputs/pkgs.md)
|
|
||||||
- [Concerns]()
|
|
||||||
- [Secrets](./secrets.md)
|
|
||||||
- [Tests](./tests.md)
|
|
||||||
- [Helper Script – `bud`](./bud/index.md)
|
|
||||||
- [get](./bud/get.md)
|
|
||||||
- [Integrations](./integrations/index.md)
|
|
||||||
- [Cachix](./integrations/cachix.md)
|
|
||||||
- [Deploy RS](./integrations/deploy.md)
|
|
||||||
- [NvFetcher](./integrations/nvfetcher.md)
|
|
||||||
- [Hercules CI](./integrations/hercules.md)
|
|
||||||
- [Contributing](./CONTRIBUTING.md)
|
|
@ -1,6 +0,0 @@
|
|||||||
[book]
|
|
||||||
authors = ["Timothy DeHerrera"]
|
|
||||||
language = "en"
|
|
||||||
multilingual = false
|
|
||||||
src = "."
|
|
||||||
title = "devos docs"
|
|
@ -1,10 +0,0 @@
|
|||||||
# get
|
|
||||||
The `get` subcommand is useful for getting a bare copy of devos without the
|
|
||||||
git history.
|
|
||||||
|
|
||||||
## Usage
|
|
||||||
```sh
|
|
||||||
bud get DEST-DIR
|
|
||||||
```
|
|
||||||
|
|
||||||
If DEST-DIR is ommitted, it defaults to _./devos_.
|
|
@ -1,24 +0,0 @@
|
|||||||
# [`bud`][bud] command
|
|
||||||
The template incudes a convenient script for managing your system called [`bud`][bud].
|
|
||||||
|
|
||||||
It is a portable and highly composable system control tool that work anywhere on your host
|
|
||||||
or in the flake's devshell.
|
|
||||||
|
|
||||||
Although it comes with some predefined standard helpers,
|
|
||||||
it is very extensible and you are encouraged to write your own script snippets
|
|
||||||
to ease your workflows. An example is the bud module for a `get` command that
|
|
||||||
comes included with `devos`.
|
|
||||||
|
|
||||||
While writing scripts you can convenientely access smart environment variables
|
|
||||||
that can tell the current architecture, user or host name, among others, regardless
|
|
||||||
wether you invoke `bud` within the devshell or as the system-wide installed `bud`.
|
|
||||||
|
|
||||||
For details, please review the [bud repo][bud].
|
|
||||||
|
|
||||||
## Usage
|
|
||||||
```sh
|
|
||||||
bud help
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
[bud]: https://github.com/divnix/bud
|
|
@ -1,62 +0,0 @@
|
|||||||
# Hosts
|
|
||||||
|
|
||||||
Nix flakes contain an output called `nixosConfigurations` declaring an
|
|
||||||
attribute set of valid NixOS systems. To simplify the management and creation
|
|
||||||
of these hosts, devos automatically imports every _.nix_ file inside this
|
|
||||||
directory to the mentioned attribute set, applying the projects defaults to
|
|
||||||
each. The only hard requirement is that the file contain a valid NixOS module.
|
|
||||||
|
|
||||||
As an example, a file `hosts/system.nix` or `hosts/system/default.nix` will
|
|
||||||
be available via the flake output `nixosConfigurations.system`. You can have
|
|
||||||
as many hosts as you want and all of them will be automatically imported based
|
|
||||||
on their name.
|
|
||||||
|
|
||||||
For each host, the configuration automatically sets the `networking.hostName`
|
|
||||||
attribute to the folder name or name of the file minus the _.nix_ extension. This
|
|
||||||
is for convenience, since `nixos-rebuild` automatically searches for a configuration
|
|
||||||
matching the current systems hostname if one is not specified explicitly.
|
|
||||||
|
|
||||||
You can set channels, systems, and add extra modules to each host by editing the
|
|
||||||
`nixos.hosts` argument in flake.nix. This is the perfect place to import
|
|
||||||
host specific modules from external sources, such as the
|
|
||||||
[nixos-hardware][nixos-hardware] repository.
|
|
||||||
|
|
||||||
It is recommended that the host modules only contain configuration information
|
|
||||||
specific to a particular piece of hardware. Anything reusable across machines
|
|
||||||
is best saved for [profile modules](./profiles.md).
|
|
||||||
|
|
||||||
This is a good place to import sets of profiles, called [suites](./suites.md),
|
|
||||||
that you intend to use on your machine.
|
|
||||||
|
|
||||||
|
|
||||||
## Example
|
|
||||||
|
|
||||||
flake.nix:
|
|
||||||
```nix
|
|
||||||
{
|
|
||||||
nixos = {
|
|
||||||
imports = [ (devos.lib.importHosts ./hosts) ];
|
|
||||||
hosts = {
|
|
||||||
librem = {
|
|
||||||
channelName = "latest";
|
|
||||||
modules = [ nixos-hardware.nixosModules.purism-librem-13v3 ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
hosts/librem.nix:
|
|
||||||
```nix
|
|
||||||
{ suites, ... }:
|
|
||||||
{
|
|
||||||
imports = suites.laptop;
|
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
|
||||||
|
|
||||||
fileSystems."/" = { device = "/dev/disk/by-label/nixos"; };
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
[nixos-hardware]: https://github.com/NixOS/nixos-hardware
|
|
@ -1,10 +0,0 @@
|
|||||||
# Key Concepts
|
|
||||||
|
|
||||||
Key concepts are derived from [digga][digga]. Please refer to its
|
|
||||||
[docs][digga-docs] for more details.
|
|
||||||
|
|
||||||
This section is dedicated to helping you develop a more hands on
|
|
||||||
understanding of them them.
|
|
||||||
|
|
||||||
[digga-docs]: https://digga.divnix.com
|
|
||||||
[digga]: https://github.com/divnix/digga
|
|
@ -1,42 +0,0 @@
|
|||||||
# Overrides
|
|
||||||
Each NixOS host follows one channel. But many times it is useful to get packages
|
|
||||||
or modules from different channels.
|
|
||||||
|
|
||||||
## Packages
|
|
||||||
You can make use of `overlays/overrides.nix` to override specific packages in the
|
|
||||||
default channel to be pulled from other channels. That file is simply an example
|
|
||||||
of how any overlay can get `channels` as their first argument.
|
|
||||||
|
|
||||||
You can add overlays to any channel to override packages from other channels.
|
|
||||||
|
|
||||||
Pulling the manix package from the `latest` channel:
|
|
||||||
```nix
|
|
||||||
channels: final: prev: {
|
|
||||||
__dontExport = true;
|
|
||||||
inherit (pkgs.latest) manix;
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
It is recommended to set the `__dontExport` property for override specific
|
|
||||||
overlays. `overlays/overrides.nix` is the best place to consolidate all package
|
|
||||||
overrides and the property is already set for you.
|
|
||||||
|
|
||||||
## Modules
|
|
||||||
|
|
||||||
You can also pull modules from other channels. All modules have access to the
|
|
||||||
`modulesPath` for each channel as `<channelName>ModulesPath`. And you can use
|
|
||||||
`disabledModules` to remove modules from the current channel.
|
|
||||||
|
|
||||||
To pull zsh module from the `latest` channel this code can be placed in any module, whether its your host file, a profile, or a module in ./modules etc:
|
|
||||||
```nix
|
|
||||||
{ latestModulesPath }:
|
|
||||||
{
|
|
||||||
imports = [ "${latestModulesPath}/programs/zsh/zsh.nix" ];
|
|
||||||
disabledModules = [ "programs/zsh/zsh.nix" ];
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
> ##### _Note:_
|
|
||||||
> Sometimes a modules name will change from one branch to another.
|
|
||||||
|
|
||||||
[nixpkgs-modules]: https://github.com/NixOS/nixpkgs/tree/master/nixos/modules
|
|
@ -1,67 +0,0 @@
|
|||||||
# Profiles
|
|
||||||
|
|
||||||
Profiles are a convenient shorthand for the [_definition_][definition] of
|
|
||||||
[options][options] in contrast to their [_declaration_][declaration]. They're
|
|
||||||
built into the NixOS module system for a reason: to elegantly provide a clear
|
|
||||||
separation of concerns.
|
|
||||||
|
|
||||||
## Creation
|
|
||||||
Profiles are created with the `rakeLeaves` function which recursively collects
|
|
||||||
`.nix` files from within a folder. The recursion stops at folders with a `default.nix`
|
|
||||||
in them. You end up with an attribute set with leaves(paths to profiles) or
|
|
||||||
nodes(attrsets leading to more nodes or leaves).
|
|
||||||
|
|
||||||
A profile is used for quick modularization of [interelated bits](./profiles.md#subprofiles).
|
|
||||||
|
|
||||||
> ##### _Notes:_
|
|
||||||
> * For _declaring_ module options, there's the [modules](../outputs/modules.md) directory.
|
|
||||||
> * This directory takes inspiration from
|
|
||||||
> [upstream](https://github.com/NixOS/nixpkgs/tree/master/nixos/modules/profiles)
|
|
||||||
> .
|
|
||||||
|
|
||||||
### Nested profiles
|
|
||||||
Profiles can be nested in attribute sets due to the recursive nature of `rakeLeaves`.
|
|
||||||
This can be useful to have a set of profiles created for a specific purpose. It is
|
|
||||||
sometimes useful to have a `common` profile that has high level concerns related
|
|
||||||
to all its sister profiles.
|
|
||||||
|
|
||||||
### Example
|
|
||||||
|
|
||||||
profiles/develop/common.nix:
|
|
||||||
```nix
|
|
||||||
{
|
|
||||||
imports = [ ./zsh ];
|
|
||||||
# some generic development concerns ...
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
profiles/develop/zsh.nix:
|
|
||||||
```nix
|
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
programs.zsh.enable = true;
|
|
||||||
# zsh specific options ...
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
The examples above will end up with a profiles set like this:
|
|
||||||
```nix
|
|
||||||
{
|
|
||||||
develop = {
|
|
||||||
common = ./profiles/develop/common.nix;
|
|
||||||
zsh = ./profiles/develop/zsh.nix;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
## Conclusion
|
|
||||||
Profiles are the most important concept in DevOS. They allow us to keep our
|
|
||||||
Nix expressions self contained and modular. This way we can maximize reuse
|
|
||||||
across hosts while minimizing boilerplate. Remember, anything machine
|
|
||||||
specific belongs in your [host](hosts.md) files instead.
|
|
||||||
|
|
||||||
[definition]: https://nixos.org/manual/nixos/stable/index.html#sec-option-definitions
|
|
||||||
[declaration]: https://nixos.org/manual/nixos/stable/index.html#sec-option-declarations
|
|
||||||
[options]: https://nixos.org/manual/nixos/stable/index.html#sec-writing-modules
|
|
||||||
[spec]: https://github.com/divnix/devos/tree/main/lib/devos/mkProfileAttrs.nix
|
|
||||||
[config]: https://nixos.wiki/wiki/Module#structure
|
|
@ -1,25 +0,0 @@
|
|||||||
# Suites
|
|
||||||
Suites provide a mechanism for users to easily combine and name collections of
|
|
||||||
profiles.
|
|
||||||
|
|
||||||
`suites` are defined in the `importables` argument in either the `home` or `nixos`
|
|
||||||
namespace. They are a special case of an `importable` which is passed as a special
|
|
||||||
argument (one that can be use in an `imports` line) to your hosts. All lists defined
|
|
||||||
in `suites` are flattened and type-checked as paths.
|
|
||||||
|
|
||||||
## Definition
|
|
||||||
```nix
|
|
||||||
rec {
|
|
||||||
workstation = [ profiles.develop profiles.graphical users.nixos ];
|
|
||||||
mobileWS = workstation ++ [ profiles.laptop ];
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
## Usage
|
|
||||||
`hosts/my-laptop.nix`:
|
|
||||||
```nix
|
|
||||||
{ suites, ... }:
|
|
||||||
{
|
|
||||||
imports = suites.mobileWS;
|
|
||||||
}
|
|
||||||
```
|
|
@ -1,77 +0,0 @@
|
|||||||
> ##### _Note:_
|
|
||||||
> This section and its semantics need a conceptiual rework.
|
|
||||||
> Since recently [portable home configurations][portableuser]
|
|
||||||
> that are not bound to any specific host are a thing.
|
|
||||||
|
|
||||||
# Users
|
|
||||||
|
|
||||||
Users are a special case of [profiles](profiles.md) that define system
|
|
||||||
users and [home-manager][home-manager] configurations. For your convenience,
|
|
||||||
home manager is wired in by default so all you have to worry about is declaring
|
|
||||||
your users. For a fully fleshed out example, check out the developers personal
|
|
||||||
[branch](https://github.com/divnix/devos/tree/nrd/users/nrd/default.nix).
|
|
||||||
|
|
||||||
## Basic Usage
|
|
||||||
`users/myuser/default.nix`:
|
|
||||||
```nix
|
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
users.users.myuser = {
|
|
||||||
isNormalUser = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
home-manager.users.myuser = {
|
|
||||||
programs.mpv.enable = true;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
## Home Manager
|
|
||||||
Home Manager support follows the same principles as regular nixos configurations,
|
|
||||||
it even gets its own namespace in your `flake.nix` as `home`.
|
|
||||||
|
|
||||||
All modules defined in [user modules][modules-list] will be imported to
|
|
||||||
Home Manager.
|
|
||||||
User profiles can be collected in a similar fashion as system ones into a `suites`
|
|
||||||
argument that gets passed to your home-manager users.
|
|
||||||
|
|
||||||
### Example
|
|
||||||
```nix
|
|
||||||
{
|
|
||||||
home-manager.users.nixos = { suites, ... }: {
|
|
||||||
imports = suites.base;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
## External Usage
|
|
||||||
You can easily use the defined home-manager configurations outside of NixOS
|
|
||||||
using the `homeConfigurations` flake output. The [bud](../bud/index.md) helper
|
|
||||||
script makes this even easier.
|
|
||||||
|
|
||||||
This is great for keeping your environment consistent across Unix systems,
|
|
||||||
including OSX.
|
|
||||||
|
|
||||||
### From within the projects devshell:
|
|
||||||
```sh
|
|
||||||
# builds the nixos user defined in the NixOS host
|
|
||||||
bud home NixOS nixos
|
|
||||||
|
|
||||||
# build and activate
|
|
||||||
bud home NixOS nixos switch
|
|
||||||
```
|
|
||||||
|
|
||||||
### Manually from outside the project:
|
|
||||||
```sh
|
|
||||||
# build
|
|
||||||
nix build "github:divnix/devos#homeConfigurations.nixos@NixOS.home.activationPackage"
|
|
||||||
|
|
||||||
# activate
|
|
||||||
./result/activate && unlink result
|
|
||||||
```
|
|
||||||
|
|
||||||
[home-manager]: https://nix-community.github.io/home-manager
|
|
||||||
[modules-list]: https://github.com/divnix/devos/tree/main/users/modules/module-list.nix
|
|
||||||
[portableuser]: https://digga.divnix.com/api-reference-home.html#homeusers
|
|
@ -1,17 +0,0 @@
|
|||||||
# Cachix
|
|
||||||
The system will automatically pull a cachix.nix at the root if one exists.
|
|
||||||
This is usually created automatically by a `sudo cachix use`. If you're more
|
|
||||||
inclined to keep the root clean, you can drop any generated files in the
|
|
||||||
`cachix` directory into the `profiles/cachix` directory without further
|
|
||||||
modification.
|
|
||||||
|
|
||||||
For example, to add your own cache, assuming the template lives in /etc/nixos,
|
|
||||||
by simply running `sudo cachix use yourcache`. Then, optionally, move
|
|
||||||
`cachix/yourcache.nix` to `profiles/cachix/yourcache.nix`
|
|
||||||
|
|
||||||
These caches are only added to the system after a `nixos-rebuild switch`, so it
|
|
||||||
is recommended to call `cachix use nrdxp` before the initial deployment, as it
|
|
||||||
will save a lot of build time.
|
|
||||||
|
|
||||||
In the future, users will be able to skip this step once the ability to define
|
|
||||||
the nix.conf within the flake is fully fleshed out upstream.
|
|
@ -1,49 +0,0 @@
|
|||||||
# deploy-rs
|
|
||||||
[Deploy-rs][d-rs] is a tool for managing NixOS remote machines. It was
|
|
||||||
chosen for devos after the author experienced some frustrations with the
|
|
||||||
stateful nature of nixops' db. It was also designed from scratch to support
|
|
||||||
flake based deployments, and so is an excellent tool for the job.
|
|
||||||
|
|
||||||
By default, all the [hosts](../concepts/hosts.md) are also available as deploy-rs nodes,
|
|
||||||
configured with the hostname set to `networking.hostName`; overridable via
|
|
||||||
the command line.
|
|
||||||
|
|
||||||
## Usage
|
|
||||||
|
|
||||||
Just add your ssh key to the host:
|
|
||||||
```nix
|
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
users.users.${sshUser}.openssh.authorizedKeys.keyFiles = [
|
|
||||||
../secrets/path/to/key.pub
|
|
||||||
];
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
And the private key to your user:
|
|
||||||
```nix
|
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
home-manager.users.${sshUser}.programs.ssh = {
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
matchBlocks = {
|
|
||||||
${host} = {
|
|
||||||
host = hostName;
|
|
||||||
identityFile = ../secrets/path/to/key;
|
|
||||||
extraOptions = { AddKeysToAgent = "yes"; };
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
And run the deployment:
|
|
||||||
```sh
|
|
||||||
deploy '.#hostName' --hostname host.example.com
|
|
||||||
```
|
|
||||||
|
|
||||||
> ##### _Note:_
|
|
||||||
> Your user will need **passwordless** sudo access
|
|
||||||
|
|
||||||
[d-rs]: https://github.com/serokell/deploy-rs
|
|
@ -1,36 +0,0 @@
|
|||||||
# Hercules CI
|
|
||||||
If you start adding your own packages and configurations, you'll probably have
|
|
||||||
at least a few binary artifacts. With hercules we can build every package in
|
|
||||||
our configuration automatically, on every commit. Additionally, we can have it
|
|
||||||
upload all our build artifacts to a binary cache like [cachix][cachix].
|
|
||||||
|
|
||||||
This will work whether your copy is a fork, or a bare template, as long as your
|
|
||||||
repo is hosted on GitHub.
|
|
||||||
|
|
||||||
## Setup
|
|
||||||
Just head over to [hercules-ci.com](https://hercules-ci.com) to make an account.
|
|
||||||
|
|
||||||
Then follow the docs to set up an [agent][agent], if you want to deploy to a
|
|
||||||
binary cache (and of course you do), be sure _not_ to skip the
|
|
||||||
[binary-caches.json][cache].
|
|
||||||
|
|
||||||
## Ready to Use
|
|
||||||
The repo is already set up with the proper _default.nix_ file, building all
|
|
||||||
declared packages, checks, profiles and shells. So you can see if something
|
|
||||||
breaks, and never build the same package twice!
|
|
||||||
|
|
||||||
If you want to get fancy, you could even have hercules
|
|
||||||
[deploy your configuration](https://docs.hercules-ci.com/hercules-ci-effects/guide/deploy-a-nixos-machine/)!
|
|
||||||
|
|
||||||
> ##### _Note:_
|
|
||||||
> Hercules doesn't have access to anything encrypted in the
|
|
||||||
> [secrets folder](../../secrets), so none of your secrets will accidentally get
|
|
||||||
> pushed to a cache by mistake.
|
|
||||||
>
|
|
||||||
> You could pull all your secrets via your user, and then exclude it from
|
|
||||||
> [allUsers](https://github.com/nrdxp/devos/blob/nrd/suites/default.nix#L17)
|
|
||||||
> to keep checks passing.
|
|
||||||
|
|
||||||
[agent]: https://docs.hercules-ci.com/hercules-ci/getting-started/#github
|
|
||||||
[cache]: https://docs.hercules-ci.com/hercules-ci/getting-started/deploy/nixos/#_3_configure_a_binary_cache
|
|
||||||
[cachix]: https://cachix.org
|
|
@ -1,5 +0,0 @@
|
|||||||
# Integrations
|
|
||||||
This section explores some of the optional tools included with devos to provide
|
|
||||||
a solution to common concerns such as ci and remote deployment. An effort is
|
|
||||||
made to choose tools that treat nix, and where possible flakes, as first class
|
|
||||||
citizens.
|
|
@ -1,43 +0,0 @@
|
|||||||
# nvfetcher
|
|
||||||
[NvFetcher][nvf] is a workflow companion for updating nix sources.
|
|
||||||
|
|
||||||
You can specify an origin source and an update configuration, and
|
|
||||||
nvfetcher can for example track updates to a specific branch and
|
|
||||||
automatically update your nix sources configuration on each run
|
|
||||||
to the tip of that branch.
|
|
||||||
|
|
||||||
All package source declaration is done in [sources.toml][sources.toml].
|
|
||||||
|
|
||||||
From within the devshell of this repo, run `nvfetcher`, a wrapped
|
|
||||||
version of `nvfetcher` that knows where to find and place its files
|
|
||||||
and commit the results.
|
|
||||||
|
|
||||||
## Usage
|
|
||||||
|
|
||||||
Statically fetching (not tracking) a particular tag from a github repo:
|
|
||||||
```toml
|
|
||||||
[manix]
|
|
||||||
src.manual = "v0.6.3"
|
|
||||||
fetch.github = "mlvzk/manix"
|
|
||||||
```
|
|
||||||
|
|
||||||
Tracking the latest github _release_ from a github repo:
|
|
||||||
```toml
|
|
||||||
[manix]
|
|
||||||
src.github = "mlvzk/manix" # responsible for tracking
|
|
||||||
fetch.github = "mlvzk/manix" # responsible for fetching
|
|
||||||
```
|
|
||||||
|
|
||||||
Tracking the latest commit of a git repository and fetch from a git repo:
|
|
||||||
```toml
|
|
||||||
[manix]
|
|
||||||
src.git = "https://github.com/mlvzk/manix.git" # responsible for tracking
|
|
||||||
fetch.git = "https://github.com/mlvzk/manix.git" # responsible for fetching
|
|
||||||
```
|
|
||||||
|
|
||||||
> ##### _Note:_
|
|
||||||
> Please refer to the [NvFetcher Readme][nvf-readme] for more options.
|
|
||||||
|
|
||||||
[nvf]: https://github.com/berberman/nvfetcher
|
|
||||||
[nvf-readme]: https://github.com/berberman/nvfetcher#readme
|
|
||||||
[sources.toml]: https://github.com/divnix/devos/tree/main/pkgs/sources.toml
|
|
@ -1,3 +0,0 @@
|
|||||||
# Layout
|
|
||||||
Each of the following sections is a directory whose contents are output to the
|
|
||||||
outside world via the flake's outputs. Check each chapter for details.
|
|
@ -1,79 +0,0 @@
|
|||||||
# Modules
|
|
||||||
The modules directory is a replica of nixpkg's NixOS [modules][nixpkgs-modules]
|
|
||||||
, and follows the same semantics. This allows for trivial upstreaming into
|
|
||||||
nixpkgs proper once your module is sufficiently stable.
|
|
||||||
|
|
||||||
All modules linked in _module-list.nix_ are automatically exported via
|
|
||||||
`nixosModules.<file-basename>`, and imported into all [hosts](../concepts/hosts.md).
|
|
||||||
|
|
||||||
|
|
||||||
> ##### _Note:_
|
|
||||||
> This is reserved for declaring brand new module options. If you just want to
|
|
||||||
> declare a coherent configuration of already existing and related NixOS options
|
|
||||||
> , use [profiles](../concepts/profiles.md) instead.
|
|
||||||
|
|
||||||
## Semantics
|
|
||||||
In case you've never written a module for nixpkgs before, here is a brief
|
|
||||||
outline of the process.
|
|
||||||
|
|
||||||
### Declaration
|
|
||||||
modules/services/service-category/my-service.nix:
|
|
||||||
```nix
|
|
||||||
{ config, lib, ... }:
|
|
||||||
let
|
|
||||||
cfg = config.services.myService;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.services.myService = {
|
|
||||||
enable = lib.mkEnableOption "Description of my new service.";
|
|
||||||
|
|
||||||
# additional options ...
|
|
||||||
};
|
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
|
||||||
# implementation ...
|
|
||||||
};
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
### Import
|
|
||||||
modules/module-list.nix:
|
|
||||||
```nix
|
|
||||||
[
|
|
||||||
./services/service-category/my-service.nix
|
|
||||||
]
|
|
||||||
```
|
|
||||||
|
|
||||||
## Usage
|
|
||||||
|
|
||||||
### Internal
|
|
||||||
profiles/profile-category/my-profile.nix:
|
|
||||||
```nix
|
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
services.MyService.enable = true;
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
### External
|
|
||||||
flake.nix:
|
|
||||||
```nix
|
|
||||||
{
|
|
||||||
# inputs omitted
|
|
||||||
|
|
||||||
outputs = { self, devos, nixpkgs, ... }: {
|
|
||||||
nixosConfigurations.myConfig = nixpkgs.lib.nixosSystem {
|
|
||||||
system = "...";
|
|
||||||
|
|
||||||
modules = [
|
|
||||||
devos.nixosModules.my-service
|
|
||||||
({ ... }: {
|
|
||||||
services.MyService.enable = true;
|
|
||||||
})
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
[nixpkgs-modules]: https://github.com/NixOS/nixpkgs/tree/master/nixos/modules
|
|
@ -1,25 +0,0 @@
|
|||||||
# Overlays
|
|
||||||
Writing overlays is a common occurence when using a NixOS system. Therefore,
|
|
||||||
we want to keep the process as simple and straightforward as possible.
|
|
||||||
|
|
||||||
Any _.nix_ files declared in this directory will be assumed to be a valid
|
|
||||||
overlay, and will be automatically imported into all [hosts](../concepts/hosts.md), and
|
|
||||||
exported via `overlays.<channel>/<pkgName>` _as well as_
|
|
||||||
`packages.<system>.<pkgName>` (for valid systems), so all you have to do is
|
|
||||||
write it.
|
|
||||||
|
|
||||||
## Example
|
|
||||||
overlays/kakoune.nix:
|
|
||||||
```nix
|
|
||||||
final: prev: {
|
|
||||||
kakoune = prev.kakoune.override {
|
|
||||||
configure.plugins = with final.kakounePlugins; [
|
|
||||||
(kak-fzf.override { fzf = final.skim; })
|
|
||||||
kak-auto-pairs
|
|
||||||
kak-buffers
|
|
||||||
kak-powerline
|
|
||||||
kak-vertical-selection
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
```
|
|
@ -1,109 +0,0 @@
|
|||||||
# Packages
|
|
||||||
Similar to [modules](./modules.md), the pkgs directory mirrors the upstream
|
|
||||||
[nixpkgs/pkgs][pkgs], and for the same reason; if you ever want to upstream
|
|
||||||
your package, it's as simple as dropping it into the nixpkgs/pkgs directory.
|
|
||||||
|
|
||||||
The only minor difference is that, instead of adding the `callPackage` call to
|
|
||||||
`all-packages.nix`, you just add it the the _default.nix_ in this directory,
|
|
||||||
which is defined as a simple overlay.
|
|
||||||
|
|
||||||
All the packages are exported via `packages.<system>.<pkg-name>`, for all
|
|
||||||
the supported systems listed in the package's `meta.platforms` attribute.
|
|
||||||
|
|
||||||
And, as usual, every package in the overlay is also available to any NixOS
|
|
||||||
[host](../concepts/hosts.md).
|
|
||||||
|
|
||||||
Another convenient difference is that it is possible to use
|
|
||||||
[nvfetcher](https://github.com/berberman/nvfetcher) to keep packages up to
|
|
||||||
date.
|
|
||||||
This is best understood by the simple example below.
|
|
||||||
|
|
||||||
## Example
|
|
||||||
It is possible to specify sources separately to keep them up to date semi
|
|
||||||
automatically.
|
|
||||||
The basic rules are specified in pkgs/sources.toml:
|
|
||||||
```toml
|
|
||||||
# nvfetcher.toml
|
|
||||||
[libinih]
|
|
||||||
src.github = "benhoyt/inih"
|
|
||||||
fetch.github = "benhoyt/inih"
|
|
||||||
```
|
|
||||||
After changes to this file as well as to update the packages specified in there run
|
|
||||||
nvfetcher (for more details see [nvfetcher](https://github.com/berberman/nvfetcher)).
|
|
||||||
|
|
||||||
The pkgs overlay is managed in
|
|
||||||
pkgs/default.nix:
|
|
||||||
```nix
|
|
||||||
final: prev: {
|
|
||||||
# keep sources first, this makes sources available to the pkgs
|
|
||||||
sources = prev.callPackage (import ./_sources/generated.nix) { };
|
|
||||||
|
|
||||||
# then, call packages with `final.callPackage`
|
|
||||||
libinih = prev.callPackage ./development/libraries/libinih { };
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
Lastly the example package is in
|
|
||||||
pkgs/development/libraries/libinih/default.nix:
|
|
||||||
```nix
|
|
||||||
{ stdenv, meson, ninja, lib, sources, ... }:
|
|
||||||
stdenv.mkDerivation {
|
|
||||||
pname = "libinih";
|
|
||||||
|
|
||||||
# version will resolve to the latest available on gitub
|
|
||||||
inherit (sources.libinih) version src;
|
|
||||||
|
|
||||||
buildInputs = [ meson ninja ];
|
|
||||||
|
|
||||||
# ...
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
## Migration from flake based approach
|
|
||||||
Previous to nvfetcher it was possible to manage sources via a pkgs/flake.nix, the main changes from there are that sources where in the attribute "srcs" (now "sources") and the contents of the sources where slightly different.
|
|
||||||
In order to switch to the new system, rewrite pkgs/flake.nix to a pkgs/sources.toml file using the documentation of nvfetcher,
|
|
||||||
add the line that calls the sources at the beginning of pkgs/default.nix, and
|
|
||||||
accomodate the small changes in the packages as can be seen from the example.
|
|
||||||
|
|
||||||
The example package looked like:
|
|
||||||
|
|
||||||
pkgs/flake.nix:
|
|
||||||
```nix
|
|
||||||
{
|
|
||||||
description = "Package sources";
|
|
||||||
|
|
||||||
inputs = {
|
|
||||||
libinih.url = "github:benhoyt/inih/r53";
|
|
||||||
libinih.flake = false;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
pkgs/default.nix:
|
|
||||||
```nix
|
|
||||||
final: prev: {
|
|
||||||
# then, call packages with `final.callPackage`
|
|
||||||
libinih = prev.callPackage ./development/libraries/libinih { };
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
pkgs/development/libraries/libinih/default.nix:
|
|
||||||
```nix
|
|
||||||
{ stdenv, meson, ninja, lib, srcs, ... }:
|
|
||||||
let inherit (srcs) libinih; in
|
|
||||||
stdenv.mkDerivation {
|
|
||||||
pname = "libinih";
|
|
||||||
|
|
||||||
# version will resolve to 53, as specified in the flake.nix file
|
|
||||||
inherit (libinih) version;
|
|
||||||
|
|
||||||
src = libinih;
|
|
||||||
|
|
||||||
buildInputs = [ meson ninja ];
|
|
||||||
|
|
||||||
# ...
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
[pkgs]: https://github.com/NixOS/nixpkgs/tree/master/pkgs
|
|
110
doc/secrets.md
110
doc/secrets.md
@ -1,110 +0,0 @@
|
|||||||
# Secrets
|
|
||||||
Secrets are managed using [git-crypt][git-crypt] and [agenix][agenix]
|
|
||||||
so you can keep your flake in a public repository like GitHub without
|
|
||||||
exposing your password or other sensitive data.
|
|
||||||
|
|
||||||
By default, everything in the secrets folder is automatically encrypted. Just
|
|
||||||
be sure to run `git-crypt init` before putting anything in here.
|
|
||||||
|
|
||||||
## Agenix
|
|
||||||
Currently, there is [no mechanism][secrets-issue] in nix itself to deploy secrets
|
|
||||||
within the nix store because it is world-readable.
|
|
||||||
|
|
||||||
Most NixOS modules have the ability to set options to files in the system, outside
|
|
||||||
the nix store, that contain sensitive information. You can use [agenix][agenix]
|
|
||||||
to easily setup those secret files declaratively.
|
|
||||||
|
|
||||||
[agenix][agenix] encrypts secrets and stores them as .age files in your repository.
|
|
||||||
Age files are encrypted with multiple ssh public keys, so any host or user with a
|
|
||||||
matching ssh private key can read the data. The [age module][age module] will add those
|
|
||||||
encrypted files to the nix store and decrypt them on activation to `/run/secrets`.
|
|
||||||
|
|
||||||
### Setup
|
|
||||||
All hosts must have openssh enabled, this is done by default in the core profile.
|
|
||||||
|
|
||||||
You need to populate your `secrets/secrets.nix` with the proper ssh public keys.
|
|
||||||
Be extra careful to make sure you only add public keys, you should never share a
|
|
||||||
private key!!
|
|
||||||
|
|
||||||
secrets/secrets.nix:
|
|
||||||
```nix
|
|
||||||
let
|
|
||||||
system = "<system ssh key>";
|
|
||||||
user = "<user ssh key>";
|
|
||||||
allKeys = [ system user ];
|
|
||||||
in
|
|
||||||
```
|
|
||||||
|
|
||||||
On most systems, you can get your systems ssh public key from `/etc/ssh/ssh_host_ed25519_key.pub`. If
|
|
||||||
this file doesn't exist you likely need to enable openssh and rebuild your system.
|
|
||||||
|
|
||||||
Your users ssh public key is probably stored in `~/.ssh/id_ed25519.pub` or
|
|
||||||
`~/.ssh/id_rsa.pub`. If you haven't generated a ssh key yet, be sure do so:
|
|
||||||
```sh
|
|
||||||
ssh-keygen -t ed25519
|
|
||||||
```
|
|
||||||
|
|
||||||
> ##### _Note:_
|
|
||||||
> The underlying tool used by agenix, rage, doesn't work well with password protected
|
|
||||||
> ssh keys. So if you have lots of secrets you might have to type in your password many
|
|
||||||
> times.
|
|
||||||
|
|
||||||
|
|
||||||
### Secrets
|
|
||||||
You will need the `agenix` command to create secrets. DevOS conveniently provides that
|
|
||||||
in the devShell, so just run `nix develop` whenever you want to edit secrets. Make sure
|
|
||||||
to always run `agenix` while in the `secrets/` folder, so it can pick up your `secrets.nix`.
|
|
||||||
|
|
||||||
To create secrets, simply add lines to your `secrets/secrets.nix`:
|
|
||||||
```
|
|
||||||
let
|
|
||||||
...
|
|
||||||
allKeys = [ system user ];
|
|
||||||
in
|
|
||||||
{
|
|
||||||
"secret.age".publicKeys = allKeys;
|
|
||||||
}
|
|
||||||
```
|
|
||||||
That would tell agenix to create a `secret.age` file that is encrypted with the `system`
|
|
||||||
and `user` ssh public key.
|
|
||||||
|
|
||||||
Then go into the `secrets` folder and run:
|
|
||||||
```sh
|
|
||||||
agenix -e secret.age
|
|
||||||
```
|
|
||||||
This will create the `secret.age`, if it doesn't already exist, and allow you to edit it.
|
|
||||||
|
|
||||||
If you ever change the `publicKeys` entry of any secret make sure to rekey the secrets:
|
|
||||||
```sh
|
|
||||||
agenix --rekey
|
|
||||||
```
|
|
||||||
|
|
||||||
### Usage
|
|
||||||
Once you have your secret file encrypted and ready to use, you can utilize the [age module][age module]
|
|
||||||
to ensure that your secrets end up in `/run/secrets`.
|
|
||||||
|
|
||||||
In any profile that uses a NixOS module that requires a secret you can enable a particular secret like so:
|
|
||||||
|
|
||||||
```nix
|
|
||||||
{ self, ... }:
|
|
||||||
{
|
|
||||||
age.secrets.mysecret.file = "${self}/secrets/mysecret.age";
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
Then you can just pass the path `/run/secrets/mysecret` to the module.
|
|
||||||
|
|
||||||
You can make use of the many options provided by the age module to customize where and how
|
|
||||||
secrets get decrypted. You can learn about them by looking at the
|
|
||||||
[age module][age module].
|
|
||||||
|
|
||||||
|
|
||||||
> ##### _Note:_
|
|
||||||
> You can take a look at the [agenix repository][agenix] for more information
|
|
||||||
> about the tool.
|
|
||||||
|
|
||||||
[git-crypt]: https://github.com/AGWA/git-crypt
|
|
||||||
[agenix]: https://github.com/ryantm/agenix
|
|
||||||
[age module]: https://github.com/ryantm/agenix/blob/master/modules/age.nix
|
|
||||||
[secrets-issue]: https://github.com/NixOS/nix/issues/8
|
|
@ -1,102 +0,0 @@
|
|||||||
# Bootstrapping
|
|
||||||
|
|
||||||
This will help you boostrap a bare host with the help of the
|
|
||||||
[bespoke iso](./iso.md) live installer.
|
|
||||||
|
|
||||||
_Note: nothing prevents you from remotely executing the boostrapping
|
|
||||||
process. See below._
|
|
||||||
|
|
||||||
Once your target host has booted into the live iso, you need to partion
|
|
||||||
and format your disk according to the [official manual][manual].
|
|
||||||
|
|
||||||
## Mount partitions
|
|
||||||
|
|
||||||
Then properly mount the formatted partitions at `/mnt`, so that you can
|
|
||||||
install your system to those new partitions.
|
|
||||||
|
|
||||||
Mount `nixos` partition to `/mnt` and — for UEFI — `boot`
|
|
||||||
partition to `/mnt/boot`:
|
|
||||||
|
|
||||||
```console
|
|
||||||
$ mount /dev/disk/by-label/nixos /mnt
|
|
||||||
$ mkdir -p /mnt/boot && mount /dev/disk/by-label/boot /mnt/boot # UEFI only
|
|
||||||
$ swapon /dev/disk/by-label/swap
|
|
||||||
```
|
|
||||||
|
|
||||||
Add some extra space to the store. In the iso, it's running on a tmpfs
|
|
||||||
off your RAM:
|
|
||||||
```console
|
|
||||||
$ mkdir -p /mnt/tmpstore/{work,store}
|
|
||||||
$ mount -t overlay overlay -olowerdir=/nix/store,upperdir=/mnt/tmpstore/store,workdir=/mnt/tmpstore/work /nix/store
|
|
||||||
```
|
|
||||||
|
|
||||||
## Install
|
|
||||||
|
|
||||||
Install off of a copy of devos from the time the iso was built:
|
|
||||||
|
|
||||||
```console
|
|
||||||
$ cd /iso/devos
|
|
||||||
$ nixos-install --flake .#NixOS
|
|
||||||
```
|
|
||||||
|
|
||||||
## Notes of interest
|
|
||||||
|
|
||||||
### Remote access to the live installer
|
|
||||||
|
|
||||||
The iso live installer comes preconfigured with a network configuration
|
|
||||||
which announces it's hostname via [MulticastDNS][mDNS] as `hostname.local`,
|
|
||||||
that is `bootstrap.local` in the [iso example](./iso).
|
|
||||||
|
|
||||||
In the rare case that [MulticastDNS][mDNS] is not availabe or turned off
|
|
||||||
in your network, there is a static link-local IPv6 address configured to
|
|
||||||
`fe80::47`(mnemonic from the letter's position in the english alphabet:
|
|
||||||
`n=14 i=9 x=24; 47 = n+i+x`).
|
|
||||||
|
|
||||||
Provided that you have added your public key to the authorized keys of the
|
|
||||||
`root` user _(hint: [`deploy-rs`](../integrations/deploy.md) needs passwordless
|
|
||||||
sudo access)_:
|
|
||||||
|
|
||||||
```nix
|
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
users.users.root.openssh.authorizedKeys.keyFiles = [
|
|
||||||
../secrets/path/to/key.pub
|
|
||||||
];
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
You can then ssh into the live installer through one of the
|
|
||||||
following options:
|
|
||||||
|
|
||||||
```console
|
|
||||||
ssh root@bootstrap.local
|
|
||||||
|
|
||||||
ssh root@fe80::47%eno1 # where eno1 is your network interface on which you are linked to the target
|
|
||||||
```
|
|
||||||
|
|
||||||
_Note: the [static link-local IPv6 address][staticLLA] and [MulticastDNS][mDNS] is only
|
|
||||||
configured on the live installer. If you wish to enable [MulticastDNS][mDNS]
|
|
||||||
for your environment, you ought to configure that in a regular [profile](../concepts/profiles.md)._
|
|
||||||
|
|
||||||
### EUI-64 LLA & Host Identity
|
|
||||||
|
|
||||||
The iso's IPv6 Link Local Address (LLA) is configured with a static 64-bit Extended
|
|
||||||
Unique Identifiers (EUI-64) that is derived from the host interface's Message
|
|
||||||
Authentication Code (MAC) address.
|
|
||||||
|
|
||||||
After a little while (a few seconds), you can remotely discover this unique and host
|
|
||||||
specific address over [NDP][NDP] for example with:
|
|
||||||
|
|
||||||
```console
|
|
||||||
ip -6 neigh show # also shows fe80::47
|
|
||||||
```
|
|
||||||
|
|
||||||
***This LLA is stable for the host, unless you need to swap that particular network card.***
|
|
||||||
Under this reservation, though, you may use this EUI-64 to wire up a specific
|
|
||||||
(cryptographic) host identity.
|
|
||||||
|
|
||||||
|
|
||||||
[manual]: https://nixos.org/manual/nixos/stable/index.html#sec-installation-partitioning
|
|
||||||
[mDNS]: https://en.wikipedia.org/wiki/Multicast_DNS
|
|
||||||
[NDP]: https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol
|
|
||||||
[staticLLA]: https://tools.ietf.org/html/rfc7404
|
|
@ -1,54 +0,0 @@
|
|||||||
# From NixOS
|
|
||||||
|
|
||||||
## Generate Configuration
|
|
||||||
Assuming you're happy with your existing partition layout, you can generate a
|
|
||||||
basic NixOS configuration for your system using:
|
|
||||||
```sh
|
|
||||||
bud up
|
|
||||||
```
|
|
||||||
|
|
||||||
This will make a new file `hosts/up-$(hostname).nix`, which you can edit to
|
|
||||||
your liking.
|
|
||||||
|
|
||||||
You must then add a host to `nixos.hosts` in flake.nix:
|
|
||||||
```nix
|
|
||||||
{
|
|
||||||
nixos.hosts = {
|
|
||||||
modules = hosts/NixOS.nix;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
Make sure your `i18n.defaultLocale` and `time.timeZone` are set properly for
|
|
||||||
your region. Keep in mind that `networking.hostName` will be automatically
|
|
||||||
set to the name of your host;
|
|
||||||
|
|
||||||
Now might be a good time to read the docs on [suites](../concepts/suites.md) and
|
|
||||||
[profiles](../concepts/profiles.md) and add or create any that you need.
|
|
||||||
|
|
||||||
> ##### _Note:_
|
|
||||||
> While the `up` sub-command is provided as a convenience to quickly set up and
|
|
||||||
> install a "fresh" NixOS system on current hardware, committing these files is
|
|
||||||
> discouraged.
|
|
||||||
>
|
|
||||||
> They are placed in the git staging area automatically because they would be
|
|
||||||
> invisible to the flake otherwise, but it is best to move what you need from
|
|
||||||
> them directly into a host module of your own making, and commit that instead.
|
|
||||||
# Installation
|
|
||||||
|
|
||||||
Once you're ready to deploy `hosts/my-host.nix`:
|
|
||||||
```sh
|
|
||||||
bud my-host switch
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
This calls `nixos-rebuild` with sudo to build and install your configuration.
|
|
||||||
|
|
||||||
> ##### _Notes:_
|
|
||||||
> - Instead of `switch`, you can pass `build`, `test`, `boot`, etc just as with
|
|
||||||
> `nixos-rebuild`.
|
|
||||||
>
|
|
||||||
> - It is convenient to have the template living at `/etc/nixos` so you can
|
|
||||||
> simply `sudo nixos-rebuild switch` from anywhere on the system, but it is
|
|
||||||
> not required.
|
|
||||||
|
|
@ -1,41 +0,0 @@
|
|||||||
# Quick Start
|
|
||||||
The only dependency is nix, so make sure you have it [installed][install-nix].
|
|
||||||
|
|
||||||
## Get the Template
|
|
||||||
Here is a snippet that will get you the template without the git history:
|
|
||||||
```sh
|
|
||||||
nix-shell -p cachix --run "cachix use nrdxp"
|
|
||||||
|
|
||||||
nix-shell https://github.com/divnix/devos/archive/main.tar.gz -A shell \
|
|
||||||
--run "bud get main"
|
|
||||||
|
|
||||||
cd devos
|
|
||||||
|
|
||||||
nix-shell
|
|
||||||
|
|
||||||
git init
|
|
||||||
git add .
|
|
||||||
git commit -m init
|
|
||||||
```
|
|
||||||
|
|
||||||
This will place you in a new folder named `devos` with git initialized, and a
|
|
||||||
nix-shell that provides all the dependencies, including the unstable nix
|
|
||||||
version required.
|
|
||||||
|
|
||||||
In addition, the [binary cache](../integrations/cachix.md) is added for faster deployment.
|
|
||||||
|
|
||||||
> ##### _Notes:_
|
|
||||||
> - Flakes ignore files that have not been added to git, so be sure to stage new
|
|
||||||
> files before building the system.
|
|
||||||
> - You can choose to simply clone the repo with git if you want to follow
|
|
||||||
> upstream changes.
|
|
||||||
> - If the `nix-shell -p cachix --run "cachix use nrdxp"` line doesn't work
|
|
||||||
> you can try with sudo: `sudo nix-shell -p cachix --run "cachix use nrdxp"`
|
|
||||||
|
|
||||||
## Next Steps:
|
|
||||||
- [Make installable ISO](./iso.md)
|
|
||||||
- [Bootstrap Host](./bootstrapping.md)
|
|
||||||
- [Already on NixOS](./from-nixos.md)
|
|
||||||
|
|
||||||
|
|
||||||
[install-nix]: https://nixos.org/manual/nix/stable/#sect-multi-user-installation
|
|
@ -1,22 +0,0 @@
|
|||||||
# ISO
|
|
||||||
|
|
||||||
Making and writing an installable iso for `hosts/bootstrap.nix` is as simple as:
|
|
||||||
```sh
|
|
||||||
bud build bootstrap bootstrapIso
|
|
||||||
sudo -E $(which bud) burn
|
|
||||||
```
|
|
||||||
|
|
||||||
This works for any host.
|
|
||||||
|
|
||||||
## ISO image nix store & cache
|
|
||||||
|
|
||||||
The iso image holds the store to the live environment and _also_ acts as a binary cache
|
|
||||||
to the installer. To considerably speed up things, the image already includes all flake
|
|
||||||
`inputs` as well as the `devshell` closures.
|
|
||||||
|
|
||||||
While you _could_ provision any machine with a single stick, a custom-made iso for
|
|
||||||
the host you want to install DevOS to, maximises those local cache hits.
|
|
||||||
|
|
||||||
For hosts that don't differ too much, a single usb stick might be ok, whereas when
|
|
||||||
there are bigger differences, a custom-made usb stick will be considerably faster.
|
|
||||||
|
|
33
doc/tests.md
33
doc/tests.md
@ -1,33 +0,0 @@
|
|||||||
# Testing
|
|
||||||
|
|
||||||
Testing is always an important aspect of any software development project, and
|
|
||||||
NixOS offers some incredibly powerful tools to write tests for your
|
|
||||||
configuration, and, optionally, run them in
|
|
||||||
[CI](./integrations/hercules.md).
|
|
||||||
|
|
||||||
## Unit Tests
|
|
||||||
Unit tests can be created from regular derivations, and they can do
|
|
||||||
almost anything you can imagine. By convention, it is best to test your
|
|
||||||
packages during their [check phase][check]. All packages and their tests will
|
|
||||||
be built during CI.
|
|
||||||
|
|
||||||
## Integration Tests
|
|
||||||
All your profiles defined in suites will be tested in a NixOS VM.
|
|
||||||
|
|
||||||
You can write integration tests for one or more NixOS VMs that can,
|
|
||||||
optionally, be networked together, and yes, it's as awesome as it sounds!
|
|
||||||
|
|
||||||
Be sure to use the `mkTest` function from digga, `digga.lib.pkgs-lib.mkTest`
|
|
||||||
which wraps the official [testing-python][testing-python] function to ensure
|
|
||||||
that the system is setup exactly as it is for a bare DevOS system. There are
|
|
||||||
already great resources for learning how to use these tests effectively,
|
|
||||||
including the official [docs][test-doc], a fantastic [blog post][test-blog],
|
|
||||||
and the examples in [nixpkgs][nixos-tests].
|
|
||||||
|
|
||||||
[test-doc]: https://nixos.org/manual/nixos/stable/index.html#sec-nixos-tests
|
|
||||||
[test-blog]: https://www.haskellforall.com/2020/11/how-to-use-nixos-for-lightweight.html
|
|
||||||
[default]: https://github.com/divnix/devos/tree/main/tests/default.nix
|
|
||||||
[run-test]: https://github.com/NixOS/nixpkgs/blob/6571462647d7316aff8b8597ecdf5922547bf365/lib/debug.nix#L154-L166
|
|
||||||
[nixos-tests]: https://github.com/NixOS/nixpkgs/tree/master/nixos/tests
|
|
||||||
[testing-python]: https://github.com/NixOS/nixpkgs/tree/master/nixos/lib/testing-python.nix
|
|
||||||
[check]: https://nixos.org/manual/nixpkgs/stable/#ssec-check-phase
|
|
6
doc/theme/highlight.js
vendored
6
doc/theme/highlight.js
vendored
File diff suppressed because one or more lines are too long
435
flake.lock
435
flake.lock
@ -8,11 +8,11 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1646360966,
|
"lastModified": 1649191071,
|
||||||
"narHash": "sha256-fJ/WHSU45bMJRDqz9yA3B2lwXtW5DKooU+Pzn13GyZI=",
|
"narHash": "sha256-35hEJuMvRswOPKb9lbB9ZuHVe0eJN6WJc4T8Frn0hYQ=",
|
||||||
"owner": "kamadorueda",
|
"owner": "kamadorueda",
|
||||||
"repo": "alejandra",
|
"repo": "alejandra",
|
||||||
"rev": "511c3f6a88b6964e1496fb6f441f4ae5e58bd3ea",
|
"rev": "3d3f24127a8e2b28998a81c444f8b4b4f11da6c6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -21,21 +21,6 @@
|
|||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"blank": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1625557891,
|
|
||||||
"narHash": "sha256-O8/MWsPBGhhyPoPLHZAuoZiiHo9q6FLlEeIDEXuj6T4=",
|
|
||||||
"owner": "divnix",
|
|
||||||
"repo": "blank",
|
|
||||||
"rev": "5a5d2684073d9f563072ed07c871d577a6c614a8",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "divnix",
|
|
||||||
"repo": "blank",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"cachix": {
|
"cachix": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1642244250,
|
"lastModified": 1642244250,
|
||||||
@ -52,36 +37,36 @@
|
|||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"deploy": {
|
"crane": {
|
||||||
"inputs": {
|
"flake": false,
|
||||||
"flake-compat": "flake-compat",
|
|
||||||
"nixpkgs": [
|
|
||||||
"digga",
|
|
||||||
"latest"
|
|
||||||
],
|
|
||||||
"utils": "utils"
|
|
||||||
},
|
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1632822684,
|
"lastModified": 1644785799,
|
||||||
"narHash": "sha256-lt7eayYmgsD5OQwpb1XYfHpxttn43bWo7G7hIJs+zJw=",
|
"narHash": "sha256-VpAJO1L0XeBvtCuNGK4IDKp6ENHIpTrlaZT7yfBCvwo=",
|
||||||
"owner": "serokell",
|
"owner": "ipetkov",
|
||||||
"repo": "deploy-rs",
|
"repo": "crane",
|
||||||
"rev": "9a02de4373e0ec272d08a417b269a28ac8b961b4",
|
"rev": "fc7a94f841347c88f2cb44217b2a3faa93e2a0b2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "serokell",
|
"owner": "ipetkov",
|
||||||
"repo": "deploy-rs",
|
"repo": "crane",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"devshell": {
|
"devshell": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-utils": "flake-utils_2",
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixCargoIntegration",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1637575296,
|
"lastModified": 1647857022,
|
||||||
"narHash": "sha256-ZY8YR5u8aglZPe27+AJMnPTG6645WuavB+w0xmhTarw=",
|
"narHash": "sha256-Aw70NWLOIwKhT60MHDGjgWis3DP3faCzr6ap9CSayek=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "devshell",
|
"repo": "devshell",
|
||||||
"rev": "0e56ef21ba1a717169953122c7415fa6a8cd2618",
|
"rev": "0a5ff74dacb9ea22614f64e61aeb3ca0bf0e7311",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -90,56 +75,57 @@
|
|||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"digga": {
|
"dream2nix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"blank": "blank",
|
"alejandra": [
|
||||||
"deploy": "deploy",
|
"nixCargoIntegration",
|
||||||
"devshell": "devshell",
|
"nixpkgs"
|
||||||
"flake-utils-plus": "flake-utils-plus",
|
|
||||||
"home-manager": [
|
|
||||||
"home"
|
|
||||||
],
|
],
|
||||||
"latest": "latest",
|
"crane": "crane",
|
||||||
"nixlib": [
|
"flake-utils-pre-commit": [
|
||||||
"nixos"
|
"nixCargoIntegration",
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"gomod2nix": [
|
||||||
|
"nixCargoIntegration",
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"mach-nix": [
|
||||||
|
"nixCargoIntegration",
|
||||||
|
"nixpkgs"
|
||||||
],
|
],
|
||||||
"nixos-generators": "nixos-generators",
|
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixos"
|
"nixCargoIntegration",
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"node2nix": [
|
||||||
|
"nixCargoIntegration",
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"poetry2nix": [
|
||||||
|
"nixCargoIntegration",
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"pre-commit-hooks": [
|
||||||
|
"nixCargoIntegration",
|
||||||
|
"nixpkgs"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1643510242,
|
"lastModified": 1649088506,
|
||||||
"narHash": "sha256-9C9DyJhQ5bevk0CEEjGct+U9EqUgHg8T70nxz47zjMI=",
|
"narHash": "sha256-rIpLWnomSDYlaZfQiXs4Ui3EqmiY6d9qEkIY/vzZg6s=",
|
||||||
"owner": "divnix",
|
"owner": "nix-community",
|
||||||
"repo": "digga",
|
"repo": "dream2nix",
|
||||||
"rev": "33bfb05b8a148d8ad6a842de74e22209bf9fe5d7",
|
"rev": "84135ea205bcc04648fcc7776261e1dcb6e78ceb",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "divnix",
|
"owner": "nix-community",
|
||||||
"ref": "main",
|
"repo": "dream2nix",
|
||||||
"repo": "digga",
|
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-compat": {
|
"flake-compat": {
|
||||||
"flake": false,
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1627913399,
|
|
||||||
"narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=",
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-compat_2": {
|
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1641205782,
|
"lastModified": 1641205782,
|
||||||
@ -157,11 +143,11 @@
|
|||||||
},
|
},
|
||||||
"flake-utils": {
|
"flake-utils": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1638122382,
|
"lastModified": 1644229661,
|
||||||
"narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
|
"narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
|
"rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -170,32 +156,44 @@
|
|||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-utils-plus": {
|
"flake-utils_2": {
|
||||||
"inputs": {
|
|
||||||
"flake-utils": "flake-utils"
|
|
||||||
},
|
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1639385028,
|
"lastModified": 1642700792,
|
||||||
"narHash": "sha256-oqorKz3mwf7UuDJwlbCEYCB2LfcWLL0DkeCWhRIL820=",
|
"narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
|
||||||
"owner": "gytis-ivaskevicius",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils-plus",
|
"repo": "flake-utils",
|
||||||
"rev": "be1be083af014720c14f3b574f57b6173b4915d0",
|
"rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "gytis-ivaskevicius",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils-plus",
|
"repo": "flake-utils",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-utils_3": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1637014545,
|
||||||
|
"narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flakeCompat": {
|
"flakeCompat": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1641205782,
|
"lastModified": 1648199409,
|
||||||
"narHash": "sha256-4jY7RCWUoZ9cKD8co0/4tFARpWB+57+r1bLLvXNJliY=",
|
"narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=",
|
||||||
"owner": "edolstra",
|
"owner": "edolstra",
|
||||||
"repo": "flake-compat",
|
"repo": "flake-compat",
|
||||||
"rev": "b7547d3eed6f32d06102ead8991ec52ab0a4f1a7",
|
"rev": "64a525ee38886ab9028e6f61790de0832aa3ef03",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -204,6 +202,50 @@
|
|||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"fup": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-utils": "flake-utils"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1647259887,
|
||||||
|
"narHash": "sha256-yEkMbEHVO9qydluQ3uHGWX1PkfZhgDKxnd1rhZYZ72w=",
|
||||||
|
"owner": "gytis-ivaskevicius",
|
||||||
|
"repo": "flake-utils-plus",
|
||||||
|
"rev": "06dba5f3b4fa2cc0bfc98ce9cd6f9a4d8db11d46",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "gytis-ivaskevicius",
|
||||||
|
"repo": "flake-utils-plus",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"helix": {
|
||||||
|
"inputs": {
|
||||||
|
"nixCargoIntegration": [
|
||||||
|
"nixCargoIntegration"
|
||||||
|
],
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixos"
|
||||||
|
],
|
||||||
|
"rust-overlay": [
|
||||||
|
"rust-overlay"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1649456512,
|
||||||
|
"narHash": "sha256-evrtUI3NkwEhQGJmRPnDqvoYex3SnH9NAxgCLJw2v3s=",
|
||||||
|
"owner": "helix-editor",
|
||||||
|
"repo": "helix",
|
||||||
|
"rev": "7779dbfcb847e9aa20e01ae0f8354c3c0de38fe3",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "helix-editor",
|
||||||
|
"repo": "helix",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"home": {
|
"home": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
@ -211,36 +253,20 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1645746341,
|
"lastModified": 1648834319,
|
||||||
"narHash": "sha256-j4fTWByYMGSSl0P7HEJQmbU/ifJtW25n/SoF6hgXN8c=",
|
"narHash": "sha256-i5Aj4Aw64D/A0X6XW5LxSS4XBnYj7gMz+kN4dpsbdk8=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "650cfe60f31f3d27ba869bf7db12ca8ded5f1d74",
|
"rev": "0bdbdea2e26c984b096f4f7d10e3c88536a980b0",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"ref": "master",
|
"ref": "release-21.11",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"latest": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1638198142,
|
|
||||||
"narHash": "sha256-plU9b8r4St6q4U7VHtG9V7oF8k9fIpfXl/KDaZLuY9k=",
|
|
||||||
"owner": "nixos",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "8a308775674e178495767df90c419425474582a1",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nixos",
|
|
||||||
"ref": "nixos-unstable",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"naersk": {
|
"naersk": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
@ -248,11 +274,11 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1639947939,
|
"lastModified": 1649096192,
|
||||||
"narHash": "sha256-pGsM8haJadVP80GFq4xhnSpNitYNQpaXk4cnA796Cso=",
|
"narHash": "sha256-7O8e+eZEYeU+ET98u/zW5epuoN/xYx9G+CIh4DjZVzY=",
|
||||||
"owner": "nmattia",
|
"owner": "nmattia",
|
||||||
"repo": "naersk",
|
"repo": "naersk",
|
||||||
"rev": "2fc8ce9d3c025d59fee349c1f80be9785049d653",
|
"rev": "d626f73332a8f587b613b0afe7293dd0777be07d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -261,22 +287,78 @@
|
|||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixlib": {
|
"nixCargoIntegration": {
|
||||||
|
"inputs": {
|
||||||
|
"devshell": "devshell",
|
||||||
|
"dream2nix": "dream2nix",
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixos"
|
||||||
|
],
|
||||||
|
"rustOverlay": [
|
||||||
|
"rust-overlay"
|
||||||
|
]
|
||||||
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1641688481,
|
"lastModified": 1649398335,
|
||||||
"narHash": "sha256-6L+EU12xLDHby7y8elgFtRKVBxix+7qV8DhVgXqrKZo=",
|
"narHash": "sha256-SjE4w4kcg3NphapPwBMiIdZDLvVqEf9+IfIskQMd4OY=",
|
||||||
"owner": "nix-community",
|
"owner": "yusdacra",
|
||||||
"repo": "nixpkgs.lib",
|
"repo": "nix-cargo-integration",
|
||||||
"rev": "f697717b3d3a074ffc16c8c8227504f0db292886",
|
"rev": "791bf70e720869431479bd4f2133e466b13fe088",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nix-community",
|
"owner": "yusdacra",
|
||||||
"repo": "nixpkgs.lib",
|
"repo": "nix-cargo-integration",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixos": {
|
"nixos": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1649225869,
|
||||||
|
"narHash": "sha256-u1zLtPmQzhT9mNXyM8Ey9pk7orDrIKdwooeGDEXm5xM=",
|
||||||
|
"owner": "nixos",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "b6966d911da89e5a7301aaef8b4f0a44c77e103c",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nixos",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixosHardware": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1649401245,
|
||||||
|
"narHash": "sha256-mce0dpugKD9qgFgzloE2yoYJRD6Bvsy2QDzODpXMsss=",
|
||||||
|
"owner": "nixos",
|
||||||
|
"repo": "nixos-hardware",
|
||||||
|
"rev": "ddeb6a0aa430914674d6f0bc1646cf11e799a5bb",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nixos",
|
||||||
|
"repo": "nixos-hardware",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixosPersistence": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1646131459,
|
||||||
|
"narHash": "sha256-GPmgxvUFvQ1GmsGfWHy9+rcxWrczeDhS9XnAIPHi9XQ=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "impermanence",
|
||||||
|
"rev": "2f39baeb7d039fda5fc8225111bb79474138e6f4",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "impermanence",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1645433236,
|
"lastModified": 1645433236,
|
||||||
"narHash": "sha256-4va4MvJ076XyPp5h8sm5eMQvCrJ6yZAbBmyw95dGyw4=",
|
"narHash": "sha256-4va4MvJ076XyPp5h8sm5eMQvCrJ6yZAbBmyw95dGyw4=",
|
||||||
@ -292,78 +374,20 @@
|
|||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixos-generators": {
|
|
||||||
"inputs": {
|
|
||||||
"nixlib": "nixlib",
|
|
||||||
"nixpkgs": [
|
|
||||||
"digga",
|
|
||||||
"blank"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1637655461,
|
|
||||||
"narHash": "sha256-kXZPbclN3gKwjhp2/RYFDFpAsSBwzX1iLF4EcnHZsPQ=",
|
|
||||||
"owner": "nix-community",
|
|
||||||
"repo": "nixos-generators",
|
|
||||||
"rev": "05a3eb158a9c7746a5d463726d7f7cccf07500e4",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-community",
|
|
||||||
"repo": "nixos-generators",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixos-hardware": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1645346782,
|
|
||||||
"narHash": "sha256-3qd0cu+2kapIP7cdHW9n8zh1wCvRGg83K7/cCj5Xv+A=",
|
|
||||||
"owner": "nixos",
|
|
||||||
"repo": "nixos-hardware",
|
|
||||||
"rev": "1ccfe243aa6e94bf80f2a66f6be41d086d37fc87",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nixos",
|
|
||||||
"repo": "nixos-hardware",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixosPersistence": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1644791231,
|
|
||||||
"narHash": "sha256-iDihsF1fUMK4xXiUudPnDM3veH1LXbbxfP9Lzekw9iU=",
|
|
||||||
"owner": "nix-community",
|
|
||||||
"repo": "impermanence",
|
|
||||||
"rev": "635bcd2d88739197a0b584aa9fadaa53c717a853",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-community",
|
|
||||||
"repo": "impermanence",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgsWayland": {
|
"nixpkgsWayland": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"cachix": "cachix",
|
"cachix": "cachix",
|
||||||
"flake-compat": "flake-compat_2",
|
"flake-compat": "flake-compat",
|
||||||
"nixpkgs": [
|
"nixpkgs": "nixpkgs"
|
||||||
"nixos"
|
|
||||||
]
|
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1645727284,
|
|
||||||
"narHash": "sha256-xwi46ruR5z4THe967gzW74dQhPmlS5FWSiWuo9aYquY=",
|
"narHash": "sha256-xwi46ruR5z4THe967gzW74dQhPmlS5FWSiWuo9aYquY=",
|
||||||
"owner": "colemickens",
|
"path": "/nix/store/23by5yfsvzynznfjk2kjwn1gpb231fl9-source",
|
||||||
"repo": "nixpkgs-wayland",
|
"type": "path"
|
||||||
"rev": "ddd6f194eed2779df5730e702cecda28bd8938df",
|
|
||||||
"type": "github"
|
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "colemickens",
|
"id": "nixpkgsWayland",
|
||||||
"repo": "nixpkgs-wayland",
|
"type": "indirect"
|
||||||
"type": "github"
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"rnixLsp": {
|
"rnixLsp": {
|
||||||
@ -374,14 +398,14 @@
|
|||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixos"
|
"nixos"
|
||||||
],
|
],
|
||||||
"utils": "utils_2"
|
"utils": "utils"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1643586450,
|
"lastModified": 1647240246,
|
||||||
"narHash": "sha256-BRIAc3+zavSlJPYSbov2n1W9/a4Iuh2swFPYRWjCm1g=",
|
"narHash": "sha256-/MLdBWfFUN1C1eNVBYfaVAIcDiZKXpWEbzBC2pqVXj0=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "rnix-lsp",
|
"repo": "rnix-lsp",
|
||||||
"rev": "41eb2f3366e3f351bf2563c2a7c46fd17e78dfe0",
|
"rev": "4d1024ccfe1bc569811769d1ef52a2fc6c1d482d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -393,32 +417,41 @@
|
|||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"alejandra": "alejandra",
|
"alejandra": "alejandra",
|
||||||
"digga": "digga",
|
"fup": "fup",
|
||||||
|
"helix": "helix",
|
||||||
"home": "home",
|
"home": "home",
|
||||||
"naersk": "naersk",
|
"naersk": "naersk",
|
||||||
|
"nixCargoIntegration": "nixCargoIntegration",
|
||||||
"nixos": "nixos",
|
"nixos": "nixos",
|
||||||
"nixos-hardware": "nixos-hardware",
|
"nixosHardware": "nixosHardware",
|
||||||
"nixosPersistence": "nixosPersistence",
|
"nixosPersistence": "nixosPersistence",
|
||||||
"nixpkgsWayland": "nixpkgsWayland",
|
"nixpkgsWayland": "nixpkgsWayland",
|
||||||
"rnixLsp": "rnixLsp"
|
"rnixLsp": "rnixLsp",
|
||||||
|
"rust-overlay": "rust-overlay"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"utils": {
|
"rust-overlay": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-utils": "flake-utils_3",
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixos"
|
||||||
|
]
|
||||||
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1638122382,
|
"lastModified": 1649447403,
|
||||||
"narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
|
"narHash": "sha256-JZMYKsCxpLpPKLVjDUVmKs/bVnbcaPa8crf2uKh0lKY=",
|
||||||
"owner": "numtide",
|
"owner": "oxalica",
|
||||||
"repo": "flake-utils",
|
"repo": "rust-overlay",
|
||||||
"rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
|
"rev": "44801306a2aa0e9aaa47588d615ce6df4acf18c6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "numtide",
|
"owner": "oxalica",
|
||||||
"repo": "flake-utils",
|
"repo": "rust-overlay",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"utils_2": {
|
"utils": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1638122382,
|
"lastModified": 1638122382,
|
||||||
"narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
|
"narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
|
||||||
|
188
flake.nix
188
flake.nix
@ -2,15 +2,25 @@
|
|||||||
description = "A highly structured configuration database.";
|
description = "A highly structured configuration database.";
|
||||||
inputs = {
|
inputs = {
|
||||||
nixos.url = "github:nixos/nixpkgs/nixos-unstable";
|
nixos.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
digga.url = "github:divnix/digga/main";
|
|
||||||
digga.inputs.nixpkgs.follows = "nixos";
|
fup.url = "github:gytis-ivaskevicius/flake-utils-plus";
|
||||||
digga.inputs.nixlib.follows = "nixos";
|
|
||||||
digga.inputs.home-manager.follows = "home";
|
home.url = "github:nix-community/home-manager/release-21.11";
|
||||||
home.url = "github:nix-community/home-manager/master";
|
|
||||||
home.inputs.nixpkgs.follows = "nixos";
|
home.inputs.nixpkgs.follows = "nixos";
|
||||||
|
|
||||||
|
rust-overlay = {
|
||||||
|
url = "github:oxalica/rust-overlay";
|
||||||
|
inputs.nixpkgs.follows = "nixos";
|
||||||
|
};
|
||||||
naersk.url = "github:nmattia/naersk";
|
naersk.url = "github:nmattia/naersk";
|
||||||
naersk.inputs.nixpkgs.follows = "nixos";
|
naersk.inputs.nixpkgs.follows = "nixos";
|
||||||
nixos-hardware.url = "github:nixos/nixos-hardware";
|
nixCargoIntegration.url = "github:yusdacra/nix-cargo-integration";
|
||||||
|
nixCargoIntegration.inputs.nixpkgs.follows = "nixos";
|
||||||
|
nixCargoIntegration.inputs.rustOverlay.follows = "rust-overlay";
|
||||||
|
|
||||||
|
nixosHardware.url = "github:nixos/nixos-hardware";
|
||||||
|
nixosPersistence.url = "github:nix-community/impermanence";
|
||||||
|
|
||||||
rnixLsp = {
|
rnixLsp = {
|
||||||
url = "github:nix-community/rnix-lsp";
|
url = "github:nix-community/rnix-lsp";
|
||||||
inputs.naersk.follows = "naersk";
|
inputs.naersk.follows = "naersk";
|
||||||
@ -20,116 +30,96 @@
|
|||||||
url = "github:kamadorueda/alejandra";
|
url = "github:kamadorueda/alejandra";
|
||||||
inputs.nixpkgs.follows = "nixos";
|
inputs.nixpkgs.follows = "nixos";
|
||||||
};
|
};
|
||||||
/*
|
helix = {
|
||||||
helix = {
|
url = "github:helix-editor/helix";
|
||||||
url = "https://github.com/helix-editor/helix.git";
|
|
||||||
type = "git";
|
|
||||||
submodules = true;
|
|
||||||
inputs.nixpkgs.follows = "nixos";
|
|
||||||
};
|
|
||||||
*/
|
|
||||||
nixosPersistence.url = "github:nix-community/impermanence";
|
|
||||||
nixpkgsWayland = {
|
|
||||||
url = "github:colemickens/nixpkgs-wayland";
|
|
||||||
inputs.nixpkgs.follows = "nixos";
|
inputs.nixpkgs.follows = "nixos";
|
||||||
|
inputs.rust-overlay.follows = "rust-overlay";
|
||||||
|
inputs.nixCargoIntegration.follows = "nixCargoIntegration";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
outputs = {
|
outputs = {
|
||||||
self,
|
self,
|
||||||
digga,
|
fup,
|
||||||
nixos,
|
|
||||||
home,
|
home,
|
||||||
nixos-hardware,
|
nixosHardware,
|
||||||
nixosPersistence,
|
nixosPersistence,
|
||||||
nixpkgsWayland,
|
nixpkgsWayland,
|
||||||
rnixLsp,
|
rnixLsp,
|
||||||
alejandra,
|
alejandra,
|
||||||
|
helix,
|
||||||
|
nixos,
|
||||||
...
|
...
|
||||||
} @ inputs:
|
} @ inputs:
|
||||||
digga.lib.mkFlake
|
fup.lib.mkFlake
|
||||||
{
|
{
|
||||||
inherit self inputs;
|
inherit self inputs;
|
||||||
channelsConfig = {allowUnfree = true;};
|
|
||||||
channels = {
|
supportedSystems = ["x86_64-linux"];
|
||||||
nixos = {
|
channelsConfig.allowUnfree = true;
|
||||||
imports = [(digga.lib.importOverlays ./overlays)];
|
nix.generateRegistryFromInputs = true;
|
||||||
overlays = [
|
nix.generateNixPathFromInputs = true;
|
||||||
nixpkgsWayland.overlay
|
nix.linkInputs = true;
|
||||||
(
|
|
||||||
_: prev: {
|
|
||||||
#helix = helix.packages.${prev.system}.helix;
|
|
||||||
#helix-src = prev.helix.src;
|
|
||||||
#rnix-lsp = rnixLsp.packages.${prev.system}.rnix-lsp;
|
|
||||||
}
|
|
||||||
)
|
|
||||||
(
|
|
||||||
_: prev: {
|
|
||||||
alejandra = alejandra.defaultPackage.${prev.system};
|
|
||||||
remarshal =
|
|
||||||
prev.remarshal.overrideAttrs
|
|
||||||
(
|
|
||||||
old: {
|
|
||||||
postPatch = ''
|
|
||||||
substituteInPlace pyproject.toml \
|
|
||||||
--replace "poetry.masonry.api" "poetry.core.masonry.api" \
|
|
||||||
--replace 'PyYAML = "^5.3"' 'PyYAML = "*"' \
|
|
||||||
--replace 'tomlkit = "^0.7"' 'tomlkit = "*"'
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
);
|
|
||||||
}
|
|
||||||
)
|
|
||||||
./pkgs/default.nix
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
lib = import ./lib {lib = digga.lib // nixos.lib;};
|
|
||||||
sharedOverlays = [
|
sharedOverlays = [
|
||||||
(
|
(_: prev: {
|
||||||
_: prev: {
|
lib = prev.lib.extend (_: _: builtins);
|
||||||
__dontExport = true;
|
})
|
||||||
lib = prev.lib.extend (_: _: {our = self.lib;});
|
(_: prev: {
|
||||||
}
|
lib = prev.lib.extend (_: l: {
|
||||||
)
|
pkgBin = id:
|
||||||
|
if l.isString id
|
||||||
|
then "${prev.${id}}/bin/${id}"
|
||||||
|
else "${prev.${id.name}}/bin/${id.bin}";
|
||||||
|
});
|
||||||
|
})
|
||||||
];
|
];
|
||||||
nixos = {
|
|
||||||
hostDefaults = {
|
channels.nixos = {
|
||||||
system = "x86_64-linux";
|
overlays = [
|
||||||
channelName = "nixos";
|
./overlays/chromium-wayland.nix
|
||||||
imports = [(digga.lib.importExportableModules ./modules)];
|
./overlays/phantom.nix
|
||||||
modules = [
|
(
|
||||||
{lib.our = self.lib;}
|
_: prev: {
|
||||||
digga.nixosModules.bootstrapIso
|
helix = helix.packages.${prev.system}.helix;
|
||||||
digga.nixosModules.nixConfig
|
rnix-lsp = rnixLsp.packages.${prev.system}.rnix-lsp;
|
||||||
home.nixosModules.home-manager
|
alejandra = alejandra.defaultPackage.${prev.system};
|
||||||
nixosPersistence.nixosModules.impermanence
|
}
|
||||||
];
|
)
|
||||||
};
|
];
|
||||||
imports = [(digga.lib.importHosts ./hosts)];
|
};
|
||||||
hosts = {};
|
|
||||||
importables = rec {
|
hostDefaults = {
|
||||||
profiles =
|
channelName = "nixos";
|
||||||
(digga.lib.rakeLeaves ./profiles)
|
modules = [
|
||||||
// {
|
home.nixosModules.home-manager
|
||||||
users = digga.lib.rakeLeaves ./users;
|
./profiles
|
||||||
nixos-hardware = nixos-hardware.nixosModules;
|
./modules
|
||||||
};
|
./locale
|
||||||
suites = with profiles; {
|
./secrets
|
||||||
base = [cachix core users.root];
|
];
|
||||||
work = [users.patriot develop];
|
};
|
||||||
|
|
||||||
|
hosts.lungmen = {
|
||||||
|
modules = with nixosHardware.nixosModules; [
|
||||||
|
nixos.nixosModules.notDetected
|
||||||
|
nixosPersistence.nixosModules.impermanence
|
||||||
|
common-pc-ssd
|
||||||
|
common-pc
|
||||||
|
common-gpu-amd
|
||||||
|
common-cpu-amd
|
||||||
|
./profiles/network/networkmanager
|
||||||
|
./users/root
|
||||||
|
./users/patriot
|
||||||
|
./hosts/lungmen
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
outputsBuilder = channels:
|
||||||
|
with channels.nixos; {
|
||||||
|
devShell = mkShell {
|
||||||
|
name = "prts";
|
||||||
|
buildInputs = [git git-crypt];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
home = {
|
|
||||||
imports = [(digga.lib.importExportableModules ./users/modules)];
|
|
||||||
modules = [];
|
|
||||||
importables = rec {
|
|
||||||
profiles = digga.lib.rakeLeaves ./users/profiles;
|
|
||||||
suites = with profiles; rec {base = [direnv git starship];};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
devshell = ./shell;
|
|
||||||
homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
|
|
||||||
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -1,8 +0,0 @@
|
|||||||
{suites, ...}: {
|
|
||||||
### root password is empty by default ###
|
|
||||||
imports = suites.base;
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
|
||||||
networking.networkmanager.enable = true;
|
|
||||||
fileSystems."/" = {device = "/dev/disk/by-label/nixos";};
|
|
||||||
}
|
|
@ -1,16 +0,0 @@
|
|||||||
{profiles, ...}: {
|
|
||||||
# build with: `bud build bootstrap bootstrapIso`
|
|
||||||
# reachable on the local link via ssh root@fe80::47%eno1
|
|
||||||
# where 'eno1' is replaced by your own machine's network
|
|
||||||
# interface that has the local link to the target machine
|
|
||||||
imports = [
|
|
||||||
# profiles.networking
|
|
||||||
profiles.core
|
|
||||||
profiles.users.root
|
|
||||||
# make sure to configure ssh keys
|
|
||||||
profiles.users.nixos
|
|
||||||
];
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
# will be overridden by the bootstrapIso instrumentation
|
|
||||||
fileSystems."/" = {device = "/dev/disk/by-label/nixos";};
|
|
||||||
}
|
|
@ -3,8 +3,6 @@
|
|||||||
lib,
|
lib,
|
||||||
pkgs,
|
pkgs,
|
||||||
modulesPath,
|
modulesPath,
|
||||||
suites,
|
|
||||||
profiles,
|
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
btrfsPartPath = "/dev/disk/by-label/NIXOS";
|
btrfsPartPath = "/dev/disk/by-label/NIXOS";
|
||||||
@ -40,11 +38,6 @@
|
|||||||
sudo umount /mnt
|
sudo umount /mnt
|
||||||
'';
|
'';
|
||||||
in {
|
in {
|
||||||
imports =
|
|
||||||
suites.base
|
|
||||||
++ suites.work
|
|
||||||
++ [../profiles/network/networkmanager (modulesPath + "/installer/scan/not-detected.nix")]
|
|
||||||
++ (with profiles.nixos-hardware; [common-pc-ssd common-pc common-gpu-amd common-cpu-amd]);
|
|
||||||
boot = {
|
boot = {
|
||||||
loader = {
|
loader = {
|
||||||
efi.canTouchEfiVariables = true;
|
efi.canTouchEfiVariables = true;
|
||||||
@ -128,7 +121,6 @@ in {
|
|||||||
};
|
};
|
||||||
nix.settings.max-jobs = lib.mkDefault 4;
|
nix.settings.max-jobs = lib.mkDefault 4;
|
||||||
security = {
|
security = {
|
||||||
mitigations.disable = true;
|
|
||||||
allowSimultaneousMultithreading = false;
|
allowSimultaneousMultithreading = false;
|
||||||
# Deleting root subvolume makes sudo show lecture every boot
|
# Deleting root subvolume makes sudo show lecture every boot
|
||||||
sudo.extraConfig = ''
|
sudo.extraConfig = ''
|
||||||
@ -142,7 +134,6 @@ in {
|
|||||||
alsa.enable = true;
|
alsa.enable = true;
|
||||||
alsa.support32Bit = true;
|
alsa.support32Bit = true;
|
||||||
pulse.enable = true;
|
pulse.enable = true;
|
||||||
media-session.enable = true;
|
|
||||||
};
|
};
|
||||||
hardware = {
|
hardware = {
|
||||||
opengl = {
|
opengl = {
|
@ -1,15 +0,0 @@
|
|||||||
let
|
|
||||||
rev = "e7e5d481a0e15dcd459396e55327749989e04ce0";
|
|
||||||
flake = (
|
|
||||||
import
|
|
||||||
(
|
|
||||||
fetchTarball
|
|
||||||
{
|
|
||||||
url = "https://github.com/edolstra/flake-compat/archive/${rev}.tar.gz";
|
|
||||||
sha256 = "0zd3x46fswh5n6faq4x2kkpy6p3c6j593xbdlbsl40ppkclwc80x";
|
|
||||||
}
|
|
||||||
)
|
|
||||||
{src = ../../.;}
|
|
||||||
);
|
|
||||||
in
|
|
||||||
flake
|
|
@ -1,8 +0,0 @@
|
|||||||
{...}: let
|
|
||||||
inherit (default.inputs.nixos) lib;
|
|
||||||
host = configs.${hostname} or configs.NixOS;
|
|
||||||
configs = default.nixosConfigurations;
|
|
||||||
default = (import ../.).defaultNix;
|
|
||||||
hostname = lib.fileContents /etc/hostname;
|
|
||||||
in
|
|
||||||
host
|
|
@ -1,8 +0,0 @@
|
|||||||
{lib}:
|
|
||||||
lib.makeExtensible
|
|
||||||
(
|
|
||||||
self: {
|
|
||||||
pkgBinNoDep = pkgs: name: "${pkgs.${name}}/bin/${name}";
|
|
||||||
html = import ./html.nix {format = true;};
|
|
||||||
}
|
|
||||||
)
|
|
31
lib/html.nix
31
lib/html.nix
@ -1,31 +0,0 @@
|
|||||||
{format ? false}: let
|
|
||||||
inherit (builtins) isAttrs isList map;
|
|
||||||
fmt =
|
|
||||||
if format
|
|
||||||
then "\n "
|
|
||||||
else "";
|
|
||||||
mapAttrsToList = f: attrs: map (name: f name attrs.${name}) (builtins.attrNames attrs);
|
|
||||||
concatStrings = builtins.concatStringsSep "";
|
|
||||||
evalAttrs = attrs: concatStrings (mapAttrsToList (name: value: " ${name}=\"${value}\"") attrs);
|
|
||||||
genAttrs = f: names:
|
|
||||||
builtins.listToAttrs (map
|
|
||||||
(n: {
|
|
||||||
name = n;
|
|
||||||
value = f n;
|
|
||||||
})
|
|
||||||
names);
|
|
||||||
evalChildren = children:
|
|
||||||
if isList children
|
|
||||||
then concatStrings children
|
|
||||||
else children;
|
|
||||||
tag = name: maybeAttrs:
|
|
||||||
if isAttrs maybeAttrs
|
|
||||||
then (children: "<${name}${evalAttrs maybeAttrs}>${fmt}${evalChildren children}${fmt}</${name}>")
|
|
||||||
else tag name {} maybeAttrs;
|
|
||||||
tags = genAttrs tag ["html" "head" "body" "div" "p" "a"];
|
|
||||||
in
|
|
||||||
tags
|
|
||||||
// {
|
|
||||||
inherit tag;
|
|
||||||
link = url: tags.a {href = url;};
|
|
||||||
}
|
|
@ -1,9 +1,9 @@
|
|||||||
{...}: {
|
{...}: {
|
||||||
console.keyMap = "trq";
|
|
||||||
i18n = {
|
i18n = {
|
||||||
defaultLocale = "en_US.UTF-8";
|
defaultLocale = "en_US.UTF-8";
|
||||||
supportedLocales = ["en_US.UTF-8/UTF-8"];
|
supportedLocales = ["en_US.UTF-8/UTF-8"];
|
||||||
};
|
};
|
||||||
time.timeZone = "Turkey";
|
time.timeZone = "Turkey";
|
||||||
services.xserver.layout = "tr";
|
services.xserver.layout = "tr";
|
||||||
|
console.keyMap = "trq";
|
||||||
}
|
}
|
||||||
|
5
modules/default.nix
Normal file
5
modules/default.nix
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./hm-system-defaults.nix
|
||||||
|
];
|
||||||
|
}
|
@ -1,7 +0,0 @@
|
|||||||
{
|
|
||||||
channel,
|
|
||||||
inputs,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
nix.nixPath = ["nixpkgs=${channel.input}" "nixos-config=${../lib/compat/nixos}" "home-manager=${inputs.home}"];
|
|
||||||
}
|
|
@ -1,26 +0,0 @@
|
|||||||
{
|
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
with lib; let
|
|
||||||
inherit (builtins) readFile fetchurl;
|
|
||||||
cfg = config.security.mitigations;
|
|
||||||
cmdline = ''
|
|
||||||
ibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off tsx=on tsx_async_abort=off mitigations=off'';
|
|
||||||
in {
|
|
||||||
options = {
|
|
||||||
security.mitigations.disable =
|
|
||||||
mkOption
|
|
||||||
{
|
|
||||||
type = types.bool;
|
|
||||||
default = false;
|
|
||||||
description = ''
|
|
||||||
Whether to disable spectre and meltdown mitigations in the kernel. Do
|
|
||||||
not use this in mission critical deployments, or on any machine you do
|
|
||||||
not have physical access to.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
config = mkIf cfg.disable {boot.kernelParams = splitString " " cmdline;};
|
|
||||||
}
|
|
@ -1 +0,0 @@
|
|||||||
final: prev: {manix = prev.manix.overrideAttrs (o: rec {inherit (prev.sources.manix) pname version src;});}
|
|
@ -1,4 +0,0 @@
|
|||||||
channels: final: prev: {
|
|
||||||
__dontExport = true;
|
|
||||||
# overrides clutter up actual creations
|
|
||||||
}
|
|
@ -1,7 +0,0 @@
|
|||||||
final: prev: {
|
|
||||||
# Since: https://github.com/NixOS/nixpkgs/pull/126137
|
|
||||||
nix-direnv =
|
|
||||||
if builtins.hasAttr "enableFlakes" prev.nix-direnv.override.__functionArgs
|
|
||||||
then prev.nix-direnv.override {enableFlakes = true;}
|
|
||||||
else prev.nix-direnv;
|
|
||||||
}
|
|
@ -1,20 +0,0 @@
|
|||||||
# This file was generated by nvfetcher, please do not modify it manually.
|
|
||||||
{
|
|
||||||
fetchgit,
|
|
||||||
fetchurl,
|
|
||||||
}: {
|
|
||||||
manix = {
|
|
||||||
pname = "manix";
|
|
||||||
version = "d08e7ca185445b929f097f8bfb1243a8ef3e10e4";
|
|
||||||
src =
|
|
||||||
fetchgit
|
|
||||||
{
|
|
||||||
url = "https://github.com/mlvzk/manix";
|
|
||||||
rev = "d08e7ca185445b929f097f8bfb1243a8ef3e10e4";
|
|
||||||
fetchSubmodules = false;
|
|
||||||
deepClone = false;
|
|
||||||
leaveDotGit = false;
|
|
||||||
sha256 = "1b7xi8c2drbwzfz70czddc4j33s7g1alirv12dwl91hbqxifx8qs";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,5 +0,0 @@
|
|||||||
final: prev: {
|
|
||||||
# keep sources this first
|
|
||||||
sources = prev.callPackage (import ./_sources/generated.nix) {};
|
|
||||||
# then, call packages with `final.callPackage`
|
|
||||||
}
|
|
@ -1,4 +0,0 @@
|
|||||||
# nvfetcher.toml
|
|
||||||
[manix]
|
|
||||||
src.git = "https://github.com/mlvzk/manix"
|
|
||||||
fetch.github = "mlvzk/manix"
|
|
@ -1,17 +1,15 @@
|
|||||||
{
|
{
|
||||||
self,
|
|
||||||
inputs,
|
inputs,
|
||||||
config,
|
config,
|
||||||
pkgs,
|
pkgs,
|
||||||
lib,
|
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
inherit (lib) fileContents mkIf;
|
inherit (pkgs) lib;
|
||||||
pkgBin = lib.our.pkgBinNoDep pkgs;
|
inherit (lib) fileContents mkIf pkgBin;
|
||||||
coreBin = v: "${pkgs.coreutils}/bin/${v}";
|
coreBin = v: "${pkgs.coreutils}/bin/${v}";
|
||||||
nixBin = "${config.nix.package}/bin/nix";
|
nixBin = "${config.nix.package}/bin/nix";
|
||||||
in {
|
in {
|
||||||
imports = [../cachix ../../locale ../../secrets/secrets.nix];
|
imports = [./cachix];
|
||||||
boot = {
|
boot = {
|
||||||
tmpOnTmpfs = true;
|
tmpOnTmpfs = true;
|
||||||
loader.systemd-boot.configurationLimit = 10;
|
loader.systemd-boot.configurationLimit = 10;
|
||||||
@ -121,8 +119,6 @@ in {
|
|||||||
mn = let
|
mn = let
|
||||||
manix_preview = "manix '{}' | sed 's/type: /> type: /g' | bat -l Markdown --color=always --plain";
|
manix_preview = "manix '{}' | sed 's/type: /> type: /g' | bat -l Markdown --color=always --plain";
|
||||||
in ''manix "" | rg '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | sk --preview="${manix_preview}" | xargs manix'';
|
in ''manix "" | rg '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | sk --preview="${manix_preview}" | xargs manix'';
|
||||||
# fix nixos-option
|
|
||||||
nixos-option = "nixos-option -I nixpkgs=${self}/lib/compat";
|
|
||||||
# sudo
|
# sudo
|
||||||
s = ifSudo "sudo -E";
|
s = ifSudo "sudo -E";
|
||||||
si = ifSudo "sudo -i";
|
si = ifSudo "sudo -i";
|
@ -1,10 +0,0 @@
|
|||||||
{
|
|
||||||
self,
|
|
||||||
inputs,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
modules = with inputs; [
|
|
||||||
#bud.devshellModules.bud
|
|
||||||
];
|
|
||||||
exportedModules = [./devos.nix];
|
|
||||||
}
|
|
@ -1,54 +0,0 @@
|
|||||||
{
|
|
||||||
pkgs,
|
|
||||||
extraModulesPath,
|
|
||||||
...
|
|
||||||
}: let
|
|
||||||
hooks = import ./hooks;
|
|
||||||
pkgWithCategory = category: package: {inherit package category;};
|
|
||||||
linter = pkgWithCategory "linter";
|
|
||||||
docs = pkgWithCategory "docs";
|
|
||||||
devos = pkgWithCategory "devos";
|
|
||||||
in {
|
|
||||||
_file = toString ./.;
|
|
||||||
imports = ["${extraModulesPath}/git/hooks.nix"];
|
|
||||||
git = {inherit hooks;};
|
|
||||||
# tempfix: remove when merged https://github.com/numtide/devshell/pull/123
|
|
||||||
devshell.startup.load_profiles =
|
|
||||||
pkgs.lib.mkForce
|
|
||||||
(
|
|
||||||
pkgs.lib.noDepEntry
|
|
||||||
''
|
|
||||||
# PATH is devshell's exorbitant privilige:
|
|
||||||
# fence against its pollution
|
|
||||||
_PATH=''${PATH}
|
|
||||||
# Load installed profiles
|
|
||||||
for file in "$DEVSHELL_DIR/etc/profile.d/"*.sh; do
|
|
||||||
# If that folder doesn't exist, bash loves to return the whole glob
|
|
||||||
[[ -f "$file" ]] && source "$file"
|
|
||||||
done
|
|
||||||
# Exert exorbitant privilige and leave no trace
|
|
||||||
export PATH=''${_PATH}
|
|
||||||
unset _PATH
|
|
||||||
''
|
|
||||||
);
|
|
||||||
packages = with pkgs; [git-crypt];
|
|
||||||
commands = with pkgs;
|
|
||||||
[
|
|
||||||
(devos nixUnstable)
|
|
||||||
#(devos agenix)
|
|
||||||
/*
|
|
||||||
{
|
|
||||||
category = "devos";
|
|
||||||
name = pkgs.nvfetcher-bin.pname;
|
|
||||||
help = pkgs.nvfetcher-bin.meta.description;
|
|
||||||
command = "cd $PRJ_ROOT/pkgs; ${pkgs.nvfetcher-bin}/bin/nvfetcher -c ./sources.toml $@";
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
#(linter nixpkgs-fmt)
|
|
||||||
#(linter editorconfig-checker)
|
|
||||||
# (docs python3Packages.grip) too many deps
|
|
||||||
# (docs mdbook)
|
|
||||||
]
|
|
||||||
++ lib.optional (pkgs ? deploy-rs) (devos deploy-rs.deploy-rs)
|
|
||||||
++ lib.optional (system != "i686-linux") (devos cachix);
|
|
||||||
}
|
|
@ -1,4 +0,0 @@
|
|||||||
{
|
|
||||||
enable = false;
|
|
||||||
pre-commit.text = builtins.readFile ./pre-commit.sh;
|
|
||||||
}
|
|
@ -1,29 +0,0 @@
|
|||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
if git rev-parse --verify HEAD >/dev/null 2>&1
|
|
||||||
then
|
|
||||||
against=HEAD
|
|
||||||
else
|
|
||||||
# Initial commit: diff against an empty tree object
|
|
||||||
against=$(${git}/bin/git hash-object -t tree /dev/null)
|
|
||||||
fi
|
|
||||||
|
|
||||||
diff="git diff-index --name-only --cached $against --diff-filter d"
|
|
||||||
|
|
||||||
nix_files=($($diff -- '*.nix'))
|
|
||||||
all_files=($($diff))
|
|
||||||
|
|
||||||
# Format staged nix files.
|
|
||||||
if [[ -n "${nix_files[@]}" ]]; then
|
|
||||||
nixpkgs-fmt "${nix_files[@]}" \
|
|
||||||
&& git add "${nix_files[@]}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# check editorconfig
|
|
||||||
editorconfig-checker -- "${all_files[@]}"
|
|
||||||
if [[ $? != '0' ]]; then
|
|
||||||
printf "%b\n" \
|
|
||||||
"\nCode is not aligned with .editorconfig" \
|
|
||||||
"Review the output and commit your fixes" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
@ -1,9 +0,0 @@
|
|||||||
{...}: {
|
|
||||||
users.users.nixos = {
|
|
||||||
uid = 1000;
|
|
||||||
password = "nixos";
|
|
||||||
description = "default";
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = ["wheel"];
|
|
||||||
};
|
|
||||||
}
|
|
@ -97,7 +97,6 @@ in {
|
|||||||
home-manager.users.patriot = {
|
home-manager.users.patriot = {
|
||||||
config,
|
config,
|
||||||
pkgs,
|
pkgs,
|
||||||
suites,
|
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
personal = import ../../personal.nix;
|
personal = import ../../personal.nix;
|
||||||
@ -234,33 +233,11 @@ in {
|
|||||||
#export QT_PLATFORM_PLUGIN=qt5ct
|
#export QT_PLATFORM_PLUGIN=qt5ct
|
||||||
'';
|
'';
|
||||||
in {
|
in {
|
||||||
imports = suites.base;
|
imports = [
|
||||||
# needs to be fixed to use nix profile???
|
../profiles/direnv
|
||||||
/*
|
../profiles/git
|
||||||
gtk = {
|
../profiles/starship
|
||||||
enable = false;
|
];
|
||||||
font = {
|
|
||||||
package = pkgs.dejavu_fonts;
|
|
||||||
name = "DejaVu Sans 12";
|
|
||||||
};
|
|
||||||
iconTheme = {
|
|
||||||
package = pkgs.papirus-icon-theme;
|
|
||||||
name = "Papirus Dark";
|
|
||||||
};
|
|
||||||
theme = {
|
|
||||||
package = pkgs.numix-gtk-theme;
|
|
||||||
name = "Numix Dark";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
qt = {
|
|
||||||
enable = false;
|
|
||||||
style = {
|
|
||||||
package = pkgs.adwaita-qt;
|
|
||||||
name = "adwaita-dark";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
*/
|
|
||||||
fonts.fontconfig.enable = true;
|
fonts.fontconfig.enable = true;
|
||||||
home = {
|
home = {
|
||||||
homeDirectory = nixosConfig.users.users.patriot.home;
|
homeDirectory = nixosConfig.users.users.patriot.home;
|
||||||
@ -652,6 +629,9 @@ in {
|
|||||||
"nix.serverPath" = pkgBin "rnix-lsp";
|
"nix.serverPath" = pkgBin "rnix-lsp";
|
||||||
"editor.bracketPairColorization.enabled" = true;
|
"editor.bracketPairColorization.enabled" = true;
|
||||||
"editor.semanticHighlighting.enabled" = true;
|
"editor.semanticHighlighting.enabled" = true;
|
||||||
|
"remote.SSH.defaultExtensions" = [
|
||||||
|
"gitpod.gitpod-remote-ssh"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user