mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

feat: build a much more minimal config for installing

Browse source
This commit is contained in:
oddlama 2023-09-26 21:43:23 +02:00
parent 73897f648d
commit 73d7a42879
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
11 changed files with 136 additions and 113 deletions
Download patch file Download diff file Expand all files Collapse all files

5
flake.nix
View file

@ -131,6 +131,7 @@
hosts hosts
microvmConfigurations microvmConfigurations
nixosConfigurations nixosConfigurations
nixosConfigurationsMinimal
; ;
# All nixosSystem instanciations are collected here, so that we can refer # All nixosSystem instanciations are collected here, so that we can refer
@ -141,11 +142,13 @@
# For each true NixOS system, we want to expose an installer package that # For each true NixOS system, we want to expose an installer package that
# can be used to do the initial setup on the node from a live environment. # can be used to do the initial setup on the node from a live environment.
# We use the minimal sibling configuration to reduce the amount of stuff
# we have to copy to the live system.
inherit inherit
(foldl' recursiveUpdate {} (foldl' recursiveUpdate {}
(mapAttrsToList (mapAttrsToList
(import ./nix/generate-installer-package.nix inputs) (import ./nix/generate-installer-package.nix inputs)
self.nixosConfigurations)) self.nixosConfigurationsMinimal))
packages packages
; ;
} }

16
hosts/kroma/default.nix
View file

@ -1,4 +1,10 @@
{inputs, ...}: { {
inputs,
lib,
minimal,
...
}:
{
imports = [ imports = [
inputs.nixos-hardware.nixosModules.common-cpu-amd inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
@ -25,15 +31,17 @@
]; ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
boot.binfmt.emulatedSystems = ["aarch64-linux"]; }
graphical.gaming.enable = true; // lib.optionalAttrs (!minimal) {
# TODO goodbye once -sk keys. # TODO goodbye once -sk keys.
environment.shellInit = '' environment.shellInit = ''
gpg-connect-agent /bye gpg-connect-agent /bye
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
''; '';
boot.binfmt.emulatedSystems = ["aarch64-linux"];
graphical.gaming.enable = true;
stylix.fonts.sizes = { stylix.fonts.sizes = {
#desktop = 20; #desktop = 20;
applications = 10; applications = 10;

12
modules/config/nix.nix
View file

@ -44,18 +44,12 @@
options = "--delete-older-than 90d"; options = "--delete-older-than 90d";
}; };
# Define global flakes for this system # Define global flakes for this system
registry = { registry = rec {
nixpkgs.flake = inputs.nixpkgs; nixpkgs.flake = inputs.nixpkgs;
p.flake = inputs.nixpkgs; p = nixpkgs;
pkgs.flake = inputs.nixpkgs;
templates.flake = inputs.templates; templates.flake = inputs.templates;
}; };
}; };
system = { system.stateVersion = "23.11";
extraSystemBuilderCmds = ''
ln -sv ${pkgs.path} $out/nixpkgs
'';
stateVersion = "23.11";
};
} }

5
modules/optional/dev/default.nix
View file

@ -1,8 +1,11 @@
{ {
inputs, inputs,
pkgs, pkgs,
lib,
minimal,
... ...
}: { }:
lib.optionalAttrs (!minimal) {
imports = [ imports = [
inputs.nixseparatedebuginfod.nixosModules.default inputs.nixseparatedebuginfod.nixosModules.default
./documentation.nix ./documentation.nix

86
modules/optional/graphical/default.nix
View file

@ -2,55 +2,59 @@
config, config,
inputs, inputs,
lib, lib,
minimal,
... ...
}: let }: let
inherit inherit
(lib) (lib)
mkOption mkOption
types types
optionalAttrs
; ;
in { in
imports = [ {
inputs.stylix.nixosModules.stylix options.graphical.gaming.enable = mkOption {
description = "Enables gaming on this machine and will add a lot of gaming related packages and configuration.";
default = false;
type = types.bool;
};
}
// optionalAttrs (!minimal) {
imports = [
inputs.stylix.nixosModules.stylix
./fonts.nix ./fonts.nix
./steam.nix ./steam.nix
./wayland.nix ./wayland.nix
./xserver.nix ./xserver.nix
]; ];
options.graphical.gaming.enable = mkOption { config = {
description = "Enables gaming on this machine and will add a lot of gaming related packages and configuration."; # Needed for gtk
default = false; programs.dconf.enable = true;
type = types.bool; stylix = {
}; # I want to choose what to style myself.
autoEnable = false;
config = { polarity = "dark";
# Needed for gtk image = config.lib.stylix.pixel "base00";
programs.dconf.enable = true; base16Scheme = {
stylix = { base00 = "282c34";
# I want to choose what to style myself. base01 = "353b45";
autoEnable = false; base02 = "3e4451";
polarity = "dark"; base03 = "545862";
image = config.lib.stylix.pixel "base00"; base04 = "565c64";
base16Scheme = { base05 = "abb2bf";
base00 = "282c34"; base06 = "b6bdca";
base01 = "353b45"; base07 = "c8ccd4";
base02 = "3e4451"; base08 = "e06c75";
base03 = "545862"; base09 = "d19a66";
base04 = "565c64"; base0A = "e5c07b";
base05 = "abb2bf"; base0B = "98c379";
base06 = "b6bdca"; base0C = "56b6c2";
base07 = "c8ccd4"; base0D = "61afef";
base08 = "e06c75"; base0E = "c678dd";
base09 = "d19a66"; base0F = "be5046";
base0A = "e5c07b"; };
base0B = "98c379";
base0C = "56b6c2";
base0D = "61afef";
base0E = "c678dd";
base0F = "be5046";
}; };
}; };
}; }
}

4
modules/optional/hardware/nvidia.nix
View file

@ -1,8 +1,10 @@
{ {
lib, lib,
minimal,
pkgs, pkgs,
... ...
}: { }:
lib.optionalAttrs (!minimal) {
boot.blacklistedKernelModules = ["nouveau"]; boot.blacklistedKernelModules = ["nouveau"];
services.xserver.videoDrivers = lib.mkForce ["nvidia"]; services.xserver.videoDrivers = lib.mkForce ["nvidia"];

4
modules/optional/sound.nix
View file

@ -1,8 +1,10 @@
{ {
lib, lib,
minimal,
pkgs, pkgs,
... ...
}: { }:
lib.optionalAttrs (!minimal) {
# Helpful utilities: # Helpful utilities:
# Show pipewire devices and application overview or specifics # Show pipewire devices and application overview or specifics
# > wpctl status; wpctl inspect <id> # > wpctl status; wpctl inspect <id>

5
modules/repo/meta.nix
View file

@ -5,19 +5,18 @@
}: let }: let
inherit inherit
(lib) (lib)
mdDoc
mkOption mkOption
types types
; ;
in { in {
options.node = { options.node = {
name = mkOption { name = mkOption {
description = mdDoc "A unique name for this node (host) in the repository. Defines the default hostname, but this can be overwritten."; description = "A unique name for this node (host) in the repository. Defines the default hostname, but this can be overwritten.";
type = types.str; type = types.str;
}; };
secretsDir = mkOption { secretsDir = mkOption {
description = mdDoc "Path to the secrets directory for this node."; description = "Path to the secrets directory for this node.";
type = types.path; type = types.path;
}; };
}; };

12
nix/hosts.nix
View file

@ -12,15 +12,15 @@ inputs: let
; ;
# Creates a new nixosSystem with the correct specialArgs, pkgs and name definition # Creates a new nixosSystem with the correct specialArgs, pkgs and name definition
mkHost = name: system: let mkHost = {minimal}: name: hostCfg: let
pkgs = self.pkgs.${system}; pkgs = self.pkgs.${hostCfg.system};
in in
nixosSystem { nixosSystem {
specialArgs = { specialArgs = {
# Use the correct instance lib that has our overlays # Use the correct instance lib that has our overlays
inherit (pkgs) lib; inherit (pkgs) lib;
inherit (self) nodes; inherit (self) nodes;
inherit inputs; inherit inputs minimal;
}; };
modules = [ modules = [
{ {
@ -28,7 +28,7 @@ inputs: let
# inputs.nixpkgs.nixosModules.readOnlyPkgs, since some nixosModules # inputs.nixpkgs.nixosModules.readOnlyPkgs, since some nixosModules
# like nixseparatedebuginfod depend on adding packages via nixpkgs.overlays. # like nixseparatedebuginfod depend on adding packages via nixpkgs.overlays.
# So we just mimic the options and overlays defined by the passed pkgs set. # So we just mimic the options and overlays defined by the passed pkgs set.
nixpkgs.hostPlatform = system; nixpkgs.hostPlatform = hostCfg.system;
nixpkgs.overlays = pkgs.overlays; nixpkgs.overlays = pkgs.overlays;
nixpkgs.config = pkgs.config; nixpkgs.config = pkgs.config;
node.name = name; node.name = name;
@ -45,7 +45,8 @@ inputs: let
# Get all hosts of type "nixos" # Get all hosts of type "nixos"
nixosHosts = filterAttrs (_: x: x.type == "nixos") hosts; nixosHosts = filterAttrs (_: x: x.type == "nixos") hosts;
# Process each nixosHosts declaration and generatea nixosSystem definitions # Process each nixosHosts declaration and generatea nixosSystem definitions
nixosConfigurations = flip mapAttrs nixosHosts (name: hostCfg: mkHost name hostCfg.system); nixosConfigurations = flip mapAttrs nixosHosts (mkHost {minimal = false;});
nixosConfigurationsMinimal = flip mapAttrs nixosHosts (mkHost {minimal = true;});
# True NixOS nodes can define additional microvms (guest nodes) that are built # True NixOS nodes can define additional microvms (guest nodes) that are built
# together with the true host. We collect all defined microvm nodes # together with the true host. We collect all defined microvm nodes
@ -59,5 +60,6 @@ in {
hosts hosts
microvmConfigurations microvmConfigurations
nixosConfigurations nixosConfigurations
nixosConfigurationsMinimal
; ;
} }

97
users/myuser/default.nix
View file

@ -1,54 +1,57 @@
{ {
config, config,
lib,
pkgs, pkgs,
minimal,
... ...
}: let }: let
myuser = config.repo.secrets.global.myuser.name; myuser = config.repo.secrets.global.myuser.name;
in { in
users.groups.${myuser}.gid = config.users.users.${myuser}.uid; lib.optionalAttrs (!minimal) {
users.users.${myuser} = { users.groups.${myuser}.gid = config.users.users.${myuser}.uid;
uid = 1000; users.users.${myuser} = {
inherit (config.repo.secrets.global.myuser) hashedPassword; uid = 1000;
createHome = true; inherit (config.repo.secrets.global.myuser) hashedPassword;
group = myuser; createHome = true;
extraGroups = ["wheel" "input" "video"]; group = myuser;
isNormalUser = true; extraGroups = ["wheel" "input" "video"];
autoSubUidGidRange = false; isNormalUser = true;
shell = pkgs.zsh; autoSubUidGidRange = false;
}; shell = pkgs.zsh;
repo.secretFiles.user-myuser = ./secrets/user.nix.age;
age.secrets.my-gpg-pubkey-yubikey = {
rekeyFile = ./secrets/yubikey.gpg.age;
group = myuser;
mode = "640";
};
age.secrets.mailpw-206fd3b8 = {
rekeyFile = ./secrets/mailpw-206fd3b8.age;
group = myuser;
mode = "640";
};
home-manager.users.${myuser} = {
imports = [
../modules
./dev
./graphical
./neovim
./git.nix
./gpg.nix
./ssh.nix
];
# Remove dependence on username (which also comes from these secrets) to
# avoid triggering infinite recursion.
userSecretsName = "user-myuser";
home = {
inherit (config.users.users.${myuser}) uid;
username = config.users.users.${myuser}.name;
}; };
};
} repo.secretFiles.user-myuser = ./secrets/user.nix.age;
age.secrets.my-gpg-pubkey-yubikey = {
rekeyFile = ./secrets/yubikey.gpg.age;
group = myuser;
mode = "640";
};
age.secrets.mailpw-206fd3b8 = {
rekeyFile = ./secrets/mailpw-206fd3b8.age;
group = myuser;
mode = "640";
};
home-manager.users.${myuser} = {
imports = [
../modules
./dev
./graphical
./neovim
./git.nix
./gpg.nix
./ssh.nix
];
# Remove dependence on username (which also comes from these secrets) to
# avoid triggering infinite recursion.
userSecretsName = "user-myuser";
home = {
inherit (config.users.users.${myuser}) uid;
username = config.users.users.${myuser}.name;
};
};
}

3
users/myuser/graphical/default.nix
View file

@ -37,6 +37,9 @@
zathura zathura
]; ];
# TODO audible bell in qt pinentry drives me nuts
# TODO secureboot -> use pam yubikey login
# TODO keyboard stays lit on poweroff -> add systemd service to disable it on shutdown
# TODO on neogit close do neotree update # TODO on neogit close do neotree update
# TODO kitty terminfo missing with ssh root@localhost # TODO kitty terminfo missing with ssh root@localhost
# TODO nix repl cltr+del doesnt work # TODO nix repl cltr+del doesnt work