diff --git a/flake.nix b/flake.nix index ddd57b5..7f8f42f 100644 --- a/flake.nix +++ b/flake.nix @@ -131,6 +131,7 @@ hosts microvmConfigurations nixosConfigurations + nixosConfigurationsMinimal ; # All nixosSystem instanciations are collected here, so that we can refer @@ -141,11 +142,13 @@ # For each true NixOS system, we want to expose an installer package that # can be used to do the initial setup on the node from a live environment. + # We use the minimal sibling configuration to reduce the amount of stuff + # we have to copy to the live system. inherit (foldl' recursiveUpdate {} (mapAttrsToList (import ./nix/generate-installer-package.nix inputs) - self.nixosConfigurations)) + self.nixosConfigurationsMinimal)) packages ; } diff --git a/hosts/kroma/default.nix b/hosts/kroma/default.nix index 886d116..253bf65 100644 --- a/hosts/kroma/default.nix +++ b/hosts/kroma/default.nix @@ -1,4 +1,10 @@ -{inputs, ...}: { +{ + inputs, + lib, + minimal, + ... +}: +{ imports = [ inputs.nixos-hardware.nixosModules.common-cpu-amd inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate @@ -25,15 +31,17 @@ ]; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; - boot.binfmt.emulatedSystems = ["aarch64-linux"]; - graphical.gaming.enable = true; - +} +// lib.optionalAttrs (!minimal) { # TODO goodbye once -sk keys. environment.shellInit = '' gpg-connect-agent /bye export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) ''; + boot.binfmt.emulatedSystems = ["aarch64-linux"]; + graphical.gaming.enable = true; + stylix.fonts.sizes = { #desktop = 20; applications = 10; diff --git a/modules/config/nix.nix b/modules/config/nix.nix index 22573fd..e01c723 100644 --- a/modules/config/nix.nix +++ b/modules/config/nix.nix @@ -44,18 +44,12 @@ options = "--delete-older-than 90d"; }; # Define global flakes for this system - registry = { + registry = rec { nixpkgs.flake = inputs.nixpkgs; - p.flake = inputs.nixpkgs; - pkgs.flake = inputs.nixpkgs; + p = nixpkgs; templates.flake = inputs.templates; }; }; - system = { - extraSystemBuilderCmds = '' - ln -sv ${pkgs.path} $out/nixpkgs - ''; - stateVersion = "23.11"; - }; + system.stateVersion = "23.11"; } diff --git a/modules/optional/dev/default.nix b/modules/optional/dev/default.nix index de14d81..a1d295c 100644 --- a/modules/optional/dev/default.nix +++ b/modules/optional/dev/default.nix @@ -1,8 +1,11 @@ { inputs, pkgs, + lib, + minimal, ... -}: { +}: +lib.optionalAttrs (!minimal) { imports = [ inputs.nixseparatedebuginfod.nixosModules.default ./documentation.nix diff --git a/modules/optional/graphical/default.nix b/modules/optional/graphical/default.nix index f3e3e4f..7408835 100644 --- a/modules/optional/graphical/default.nix +++ b/modules/optional/graphical/default.nix @@ -2,55 +2,59 @@ config, inputs, lib, + minimal, ... }: let inherit (lib) mkOption types + optionalAttrs ; -in { - imports = [ - inputs.stylix.nixosModules.stylix +in + { + options.graphical.gaming.enable = mkOption { + description = "Enables gaming on this machine and will add a lot of gaming related packages and configuration."; + default = false; + type = types.bool; + }; + } + // optionalAttrs (!minimal) { + imports = [ + inputs.stylix.nixosModules.stylix - ./fonts.nix - ./steam.nix - ./wayland.nix - ./xserver.nix - ]; + ./fonts.nix + ./steam.nix + ./wayland.nix + ./xserver.nix + ]; - options.graphical.gaming.enable = mkOption { - description = "Enables gaming on this machine and will add a lot of gaming related packages and configuration."; - default = false; - type = types.bool; - }; - - config = { - # Needed for gtk - programs.dconf.enable = true; - stylix = { - # I want to choose what to style myself. - autoEnable = false; - polarity = "dark"; - image = config.lib.stylix.pixel "base00"; - base16Scheme = { - base00 = "282c34"; - base01 = "353b45"; - base02 = "3e4451"; - base03 = "545862"; - base04 = "565c64"; - base05 = "abb2bf"; - base06 = "b6bdca"; - base07 = "c8ccd4"; - base08 = "e06c75"; - base09 = "d19a66"; - base0A = "e5c07b"; - base0B = "98c379"; - base0C = "56b6c2"; - base0D = "61afef"; - base0E = "c678dd"; - base0F = "be5046"; + config = { + # Needed for gtk + programs.dconf.enable = true; + stylix = { + # I want to choose what to style myself. + autoEnable = false; + polarity = "dark"; + image = config.lib.stylix.pixel "base00"; + base16Scheme = { + base00 = "282c34"; + base01 = "353b45"; + base02 = "3e4451"; + base03 = "545862"; + base04 = "565c64"; + base05 = "abb2bf"; + base06 = "b6bdca"; + base07 = "c8ccd4"; + base08 = "e06c75"; + base09 = "d19a66"; + base0A = "e5c07b"; + base0B = "98c379"; + base0C = "56b6c2"; + base0D = "61afef"; + base0E = "c678dd"; + base0F = "be5046"; + }; }; }; - }; -} + } diff --git a/modules/optional/hardware/nvidia.nix b/modules/optional/hardware/nvidia.nix index a5dd9e3..cdc2bf5 100644 --- a/modules/optional/hardware/nvidia.nix +++ b/modules/optional/hardware/nvidia.nix @@ -1,8 +1,10 @@ { lib, + minimal, pkgs, ... -}: { +}: +lib.optionalAttrs (!minimal) { boot.blacklistedKernelModules = ["nouveau"]; services.xserver.videoDrivers = lib.mkForce ["nvidia"]; diff --git a/modules/optional/sound.nix b/modules/optional/sound.nix index 123be7b..3ba9619 100644 --- a/modules/optional/sound.nix +++ b/modules/optional/sound.nix @@ -1,8 +1,10 @@ { lib, + minimal, pkgs, ... -}: { +}: +lib.optionalAttrs (!minimal) { # Helpful utilities: # Show pipewire devices and application overview or specifics # > wpctl status; wpctl inspect diff --git a/modules/repo/meta.nix b/modules/repo/meta.nix index 1ecc9c1..124dc9e 100644 --- a/modules/repo/meta.nix +++ b/modules/repo/meta.nix @@ -5,19 +5,18 @@ }: let inherit (lib) - mdDoc mkOption types ; in { options.node = { name = mkOption { - description = mdDoc "A unique name for this node (host) in the repository. Defines the default hostname, but this can be overwritten."; + description = "A unique name for this node (host) in the repository. Defines the default hostname, but this can be overwritten."; type = types.str; }; secretsDir = mkOption { - description = mdDoc "Path to the secrets directory for this node."; + description = "Path to the secrets directory for this node."; type = types.path; }; }; diff --git a/nix/hosts.nix b/nix/hosts.nix index f51cf46..b9b4124 100644 --- a/nix/hosts.nix +++ b/nix/hosts.nix @@ -12,15 +12,15 @@ inputs: let ; # Creates a new nixosSystem with the correct specialArgs, pkgs and name definition - mkHost = name: system: let - pkgs = self.pkgs.${system}; + mkHost = {minimal}: name: hostCfg: let + pkgs = self.pkgs.${hostCfg.system}; in nixosSystem { specialArgs = { # Use the correct instance lib that has our overlays inherit (pkgs) lib; inherit (self) nodes; - inherit inputs; + inherit inputs minimal; }; modules = [ { @@ -28,7 +28,7 @@ inputs: let # inputs.nixpkgs.nixosModules.readOnlyPkgs, since some nixosModules # like nixseparatedebuginfod depend on adding packages via nixpkgs.overlays. # So we just mimic the options and overlays defined by the passed pkgs set. - nixpkgs.hostPlatform = system; + nixpkgs.hostPlatform = hostCfg.system; nixpkgs.overlays = pkgs.overlays; nixpkgs.config = pkgs.config; node.name = name; @@ -45,7 +45,8 @@ inputs: let # Get all hosts of type "nixos" nixosHosts = filterAttrs (_: x: x.type == "nixos") hosts; # Process each nixosHosts declaration and generatea nixosSystem definitions - nixosConfigurations = flip mapAttrs nixosHosts (name: hostCfg: mkHost name hostCfg.system); + nixosConfigurations = flip mapAttrs nixosHosts (mkHost {minimal = false;}); + nixosConfigurationsMinimal = flip mapAttrs nixosHosts (mkHost {minimal = true;}); # True NixOS nodes can define additional microvms (guest nodes) that are built # together with the true host. We collect all defined microvm nodes @@ -59,5 +60,6 @@ in { hosts microvmConfigurations nixosConfigurations + nixosConfigurationsMinimal ; } diff --git a/users/myuser/default.nix b/users/myuser/default.nix index 97e9c75..4fddf4d 100644 --- a/users/myuser/default.nix +++ b/users/myuser/default.nix @@ -1,54 +1,57 @@ { config, + lib, pkgs, + minimal, ... }: let myuser = config.repo.secrets.global.myuser.name; -in { - users.groups.${myuser}.gid = config.users.users.${myuser}.uid; - users.users.${myuser} = { - uid = 1000; - inherit (config.repo.secrets.global.myuser) hashedPassword; - createHome = true; - group = myuser; - extraGroups = ["wheel" "input" "video"]; - isNormalUser = true; - autoSubUidGidRange = false; - shell = pkgs.zsh; - }; - - repo.secretFiles.user-myuser = ./secrets/user.nix.age; - - age.secrets.my-gpg-pubkey-yubikey = { - rekeyFile = ./secrets/yubikey.gpg.age; - group = myuser; - mode = "640"; - }; - - age.secrets.mailpw-206fd3b8 = { - rekeyFile = ./secrets/mailpw-206fd3b8.age; - group = myuser; - mode = "640"; - }; - - home-manager.users.${myuser} = { - imports = [ - ../modules - ./dev - ./graphical - ./neovim - - ./git.nix - ./gpg.nix - ./ssh.nix - ]; - - # Remove dependence on username (which also comes from these secrets) to - # avoid triggering infinite recursion. - userSecretsName = "user-myuser"; - home = { - inherit (config.users.users.${myuser}) uid; - username = config.users.users.${myuser}.name; +in + lib.optionalAttrs (!minimal) { + users.groups.${myuser}.gid = config.users.users.${myuser}.uid; + users.users.${myuser} = { + uid = 1000; + inherit (config.repo.secrets.global.myuser) hashedPassword; + createHome = true; + group = myuser; + extraGroups = ["wheel" "input" "video"]; + isNormalUser = true; + autoSubUidGidRange = false; + shell = pkgs.zsh; }; - }; -} + + repo.secretFiles.user-myuser = ./secrets/user.nix.age; + + age.secrets.my-gpg-pubkey-yubikey = { + rekeyFile = ./secrets/yubikey.gpg.age; + group = myuser; + mode = "640"; + }; + + age.secrets.mailpw-206fd3b8 = { + rekeyFile = ./secrets/mailpw-206fd3b8.age; + group = myuser; + mode = "640"; + }; + + home-manager.users.${myuser} = { + imports = [ + ../modules + ./dev + ./graphical + ./neovim + + ./git.nix + ./gpg.nix + ./ssh.nix + ]; + + # Remove dependence on username (which also comes from these secrets) to + # avoid triggering infinite recursion. + userSecretsName = "user-myuser"; + home = { + inherit (config.users.users.${myuser}) uid; + username = config.users.users.${myuser}.name; + }; + }; + } diff --git a/users/myuser/graphical/default.nix b/users/myuser/graphical/default.nix index 16f76b8..5b193e8 100644 --- a/users/myuser/graphical/default.nix +++ b/users/myuser/graphical/default.nix @@ -37,6 +37,9 @@ zathura ]; + # TODO audible bell in qt pinentry drives me nuts + # TODO secureboot -> use pam yubikey login + # TODO keyboard stays lit on poweroff -> add systemd service to disable it on shutdown # TODO on neogit close do neotree update # TODO kitty terminfo missing with ssh root@localhost # TODO nix repl cltr+del doesnt work