From 4744a2844cd74ca9b122fbaaae5ae97159c0d30e Mon Sep 17 00:00:00 2001 From: oddlama Date: Thu, 11 Jan 2024 19:59:27 +0100 Subject: [PATCH] docs: add overview --- README.md | 137 ++++++++++++++++++++++++++++++++----- flake.nix | 17 ++--- modules/guests/default.nix | 2 +- modules/nginx.nix | 4 +- 4 files changed, 133 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 420406a..9d43a47 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,28 @@ # 🍵 nixos-extra-modules This repository contains extra modules for nixos that are very opinionated and mainly -useful to me and my colleagues. +useful to me and my colleagues. All modules in here are opt-in, so nothing will +be changed unless you decide you want to use that specific module. + +## Overview + +#### NixOS Modules + +| Name | Type | Source | Requires | Optional deps | Description | +|---|---|---|---|---|---| +Networking library and extensions | Lib | [Link](./lib/net.nix) | - | - | Integrates [this libary](https://gist.github.com/duairc/5c9bb3c922e5d501a1edb9e7b3b845ba) which adds option types for IPss, CIDRs, MACs, and more. Also adds some extensions for missing functions and cross-node hashtable-based lazy IP/MAC assignment. +Interface naming by MAC | Module | [Link](./modules/interface-naming.nix) | - | - | Allows you to define pairs of MAC address and interface name which will be enforced via udev as early as possible. +EFI/BIOS boot config | Module | [Link](./modules/boot.nix) | - | - | Allows you to specify a boot type (bios/efi) and the correct loader will automatically be configured +Nginx recommended options | Module | [Link](./modules/nginx.nix) | - | agenix | Sets many recommended settings for nginx with a single switch plus some opinionated defaults. Also adds a switch for setting recommended security headers on each location. +Node options | Module | [Link](./modules/node.nix) | - | - | A module that stores meta information about your nodes (hosts). Required for some other modules that operate across nodes. +Guests (MicroVMs & Containers) | Module | [Link](./modules/guests) | zfs, node options | - | This module implements a common interface to use guest systems with microvms or nixos-containers. + +#### Home Manager Modules + +| Name | Type | Source | Requires | Optional deps | Description | +|---|---|---|---|---|---| +i3 systemd targets | Module | [Link](./hm-modules/i3.nix) | - | - | Makes i3 setup and reach graphical-session.target so that other services are properly executed. +Wallpapers | Module | [Link](./hm-modules/wallpapers.nix) | - | - | A simple wallpaper service that changes the wallpaper of each monitor to a random image after a specified interval. ## Installation @@ -11,30 +32,114 @@ To use the extra modules, you will have to add this project to your `flake.nix`, and import the provided main NixOS module in your hosts. Afterwards the new options will be available. +Certain modules may require the use of additional flakes. In particular +depending on the modules you want to use, you might need: + +- [agenix](https://github.com/ryantm/agenix) +- [agenix-rekey](https://github.com/oddlama/agenix-rekey) +- [disko](https://github.com/nix-community/disko) +- [home-manager](https://github.com/nix-community/home-manager) +- [impermanence](https://github.com/nix-community/impermanence) +- [microvm.nix](https://github.com/astro/microvm.nix) + +You also must have a `specialArgs.inputs` that refers to all of your flake's inputs, +and `inputs.self.pkgs.${system}` must refer to an initialized package set for that +specific system that includes extra-modules as an overlay. + +Here's an example configuration: + ```nix { - inputs.extra-modules.url = "github:oddlama/extra-modules"; + inputs = { + flake-utils.url = "github:numtide/flake-utils"; - outputs = { self, nixpkgs, extra-modules }: { + nixos-extra-modules = { + url = "github:oddlama/nixos-extra-modules"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; + }; + + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + + # Additional inputs, may or may not be needed for a particular module or extension. + # Enable what you use. + + # agenix = { + # url = "github:ryantm/agenix"; + # inputs.home-manager.follows = "home-manager"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; + # + # agenix-rekey = { + # url = "github:oddlama/agenix-rekey"; + # inputs.nixpkgs.follows = "nixpkgs"; + # inputs.flake-utils.follows = "flake-utils"; + # }; + # + # disko = { + # url = "github:nix-community/disko"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; + # + # home-manager = { + # url = "github:nix-community/home-manager"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; + # + # impermanence.url = "github:nix-community/impermanence"; + # + # microvm = { + # url = "github:astro/microvm.nix"; + # inputs.nixpkgs.follows = "nixpkgs"; + # inputs.flake-utils.follows = "flake-utils"; + # }; + }; + + outputs = { + self, + nixos-extra-modules, + flake-utils, + nixpkgs, + ... + } @ inputs: { # Example system configuration - nixosConfigurations.yourhostname = nixpkgs.lib.nixosSystem { + nixosConfigurations.yourhostname = let system = "x86_64-linux"; + pkgs = self.pkgs.${system}; + in nixpkgs.lib.nixosSystem { + inherit system; modules = [ ./configuration.nix - extra-modules.nixosModules.default + nixos-extra-modules.nixosModules.default + { + # We cannot force the package set via nixpkgs.pkgs and + # inputs.nixpkgs.nixosModules.readOnlyPkgs, since nixosModules + # should be able to dynamicall add overlays via nixpkgs.overlays. + # So we just mimic the options and overlays defined by the passed pkgs set + # to not lose what we already have defined below. + nixpkgs.hostPlatform = system; + nixpkgs.overlays = pkgs.overlays; + nixpkgs.config = pkgs.config; + } + ]; + specialArgs = { + inherit inputs; + # Very important to inherit lib here, so that the additional + # lib overlays are available early. + inherit (pkgs) lib; + }; + }; + } + // flake-utils.lib.eachDefaultSystem (system: rec { + pkgs = import nixpkgs { + inherit system; + overlays = [ + nixos-extra-modules.overlays.default + # (enable hird-party modules if needed) + # agenix-rekey.overlays.default + # ... ]; }; } } ``` - -## Requirements - -Certain modules may require the use of additional flakes. In particular you might need: - -- [impermanence](https://github.com/nix-community/impermanence) -- [agenix](https://github.com/ryantm/agenix) -- [agenix-rekey](https://github.com/oddlama/agenix-rekey) -- [microvm.nix](https://github.com/astro/microvm.nix) - -You also must have a `specialArgs.inputs` that refers to all of your flake's inputs. diff --git a/flake.nix b/flake.nix index 257bd02..3c7b2a2 100644 --- a/flake.nix +++ b/flake.nix @@ -1,4 +1,6 @@ { + description = "Extra modules that nobody needs."; + inputs = { devshell = { url = "github:numtide/devshell"; @@ -21,7 +23,6 @@ }; }; - description = "Extra modules that nobody needs."; outputs = { self, nixpkgs, @@ -31,12 +32,12 @@ ... } @ inputs: { - nixosModules.extra-modules = import ./modules; - nixosModules.default = self.nixosModules.extra-modules; - homeManagerModules.extra-modules = import ./hm-modules; - homeManagerModules.default = self.homeManagerModules.extra-modules; - overlays.extra-modules = import ./lib inputs; - overlays.default = self.overlays.extra-modules; + nixosModules.nixos-extra-modules = import ./modules; + nixosModules.default = self.nixosModules.nixos-extra-modules; + homeManagerModules.nixos-extra-modules = import ./hm-modules; + homeManagerModules.default = self.homeManagerModules.nixos-extra-modules; + overlays.nixos-extra-modules = import ./lib inputs; + overlays.default = self.overlays.nixos-extra-modules; } // flake-utils.lib.eachDefaultSystem (system: rec { pkgs = import nixpkgs { @@ -61,7 +62,7 @@ # `nix develop` devShells.default = pkgs.devshell.mkShell { - name = "extra-modules"; + name = "nixos-extra-modules"; commands = with pkgs; [ { package = alejandra; diff --git a/modules/guests/default.nix b/modules/guests/default.nix index 56f9050..9c59a5f 100644 --- a/modules/guests/default.nix +++ b/modules/guests/default.nix @@ -46,7 +46,7 @@ defineGuest = _guestName: guestCfg: { # Add the required datasets to the disko configuration of the machine disko.devices.zpool = mkMerge (flip map (attrValues guestCfg.zfs) (zfsCfg: { - ${zfsCfg.pool}.datasets.${zfsCfg.dataset} = disko.filesystem zfsCfg.hostMountpoint; + ${zfsCfg.pool}.datasets.${zfsCfg.dataset} = disko.zfs.filesystem zfsCfg.hostMountpoint; })); # Ensure that the zfs dataset exists before it is mounted. diff --git a/modules/nginx.nix b/modules/nginx.nix index 310b214..3625318 100644 --- a/modules/nginx.nix +++ b/modules/nginx.nix @@ -52,7 +52,7 @@ in { }; config = mkIf (config.services.nginx.enable && config.services.nginx.recommendedSetup) { - age.secrets."dhparams.pem" = { + age.secrets."dhparams.pem" = mkIf (config ? age) { generator.script = "dhparams"; mode = "440"; group = "nginx"; @@ -71,7 +71,7 @@ in { # SSL config sslCiphers = "EECDH+AESGCM:EDH+AESGCM:!aNULL"; - sslDhparam = config.age.secrets."dhparams.pem".path; + sslDhparam = mkIf (config ? age) config.age.secrets."dhparams.pem".path; commonHttpConfig = '' log_format json_combined escape=json '{' '"time": $msec,'