feat: build a much more minimal config for installing

2023-09-26 21:43:23 +02:00 · 2023-09-26 21:43:23 +02:00 · 73d7a42879
commit 73d7a42879
parent 73897f648d
11 changed files with 136 additions and 113 deletions
--- a/flake.nix
+++ b/flake.nix
@ -131,6 +131,7 @@
        hosts
        microvmConfigurations
        nixosConfigurations
+        nixosConfigurationsMinimal
        ;

      # All nixosSystem instanciations are collected here, so that we can refer
@ -141,11 +142,13 @@

      # For each true NixOS system, we want to expose an installer package that
      # can be used to do the initial setup on the node from a live environment.
+      # We use the minimal sibling configuration to reduce the amount of stuff
+      # we have to copy to the live system.
      inherit
        (foldl' recursiveUpdate {}
          (mapAttrsToList
            (import ./nix/generate-installer-package.nix inputs)
-            self.nixosConfigurations))
+            self.nixosConfigurationsMinimal))
        packages
        ;
    }
--- a/hosts/kroma/default.nix
+++ b/hosts/kroma/default.nix
@ -1,4 +1,10 @@
-{inputs, ...}: {
+{
+  inputs,
+  lib,
+  minimal,
+  ...
+}:
+{
  imports = [
    inputs.nixos-hardware.nixosModules.common-cpu-amd
    inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
@ -25,15 +31,17 @@
  ];

  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
-  boot.binfmt.emulatedSystems = ["aarch64-linux"];
-  graphical.gaming.enable = true;
-
+}
+// lib.optionalAttrs (!minimal) {
  # TODO goodbye once -sk keys.
  environment.shellInit = ''
    gpg-connect-agent /bye
    export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
  '';

+  boot.binfmt.emulatedSystems = ["aarch64-linux"];
+  graphical.gaming.enable = true;
+
  stylix.fonts.sizes = {
    #desktop = 20;
    applications = 10;
--- a/modules/config/nix.nix
+++ b/modules/config/nix.nix
@ -44,18 +44,12 @@
      options = "--delete-older-than 90d";
    };
    # Define global flakes for this system
-    registry = {
+    registry = rec {
      nixpkgs.flake = inputs.nixpkgs;
-      p.flake = inputs.nixpkgs;
-      pkgs.flake = inputs.nixpkgs;
+      p = nixpkgs;
      templates.flake = inputs.templates;
    };
  };

-  system = {
-    extraSystemBuilderCmds = ''
-      ln -sv ${pkgs.path} $out/nixpkgs
-    '';
-    stateVersion = "23.11";
-  };
+  system.stateVersion = "23.11";
 }
--- a/modules/optional/dev/default.nix
+++ b/modules/optional/dev/default.nix
@ -1,8 +1,11 @@
 {
  inputs,
  pkgs,
+  lib,
+  minimal,
  ...
-}: {
+}:
+lib.optionalAttrs (!minimal) {
  imports = [
    inputs.nixseparatedebuginfod.nixosModules.default
    ./documentation.nix
--- a/modules/optional/graphical/default.nix
+++ b/modules/optional/graphical/default.nix
@ -2,14 +2,24 @@
  config,
  inputs,
  lib,
+  minimal,
  ...
 }: let
  inherit
    (lib)
    mkOption
    types
+    optionalAttrs
    ;
-in {
+in
+  {
+    options.graphical.gaming.enable = mkOption {
+      description = "Enables gaming on this machine and will add a lot of gaming related packages and configuration.";
+      default = false;
+      type = types.bool;
+    };
+  }
+  // optionalAttrs (!minimal) {
    imports = [
      inputs.stylix.nixosModules.stylix

@ -19,12 +29,6 @@ in {
      ./xserver.nix
    ];

-  options.graphical.gaming.enable = mkOption {
-    description = "Enables gaming on this machine and will add a lot of gaming related packages and configuration.";
-    default = false;
-    type = types.bool;
-  };
-
    config = {
      # Needed for gtk
      programs.dconf.enable = true;
@ -53,4 +57,4 @@ in {
        };
      };
    };
-}
+  }
--- a/modules/optional/hardware/nvidia.nix
+++ b/modules/optional/hardware/nvidia.nix
@ -1,8 +1,10 @@
 {
  lib,
+  minimal,
  pkgs,
  ...
-}: {
+}:
+lib.optionalAttrs (!minimal) {
  boot.blacklistedKernelModules = ["nouveau"];
  services.xserver.videoDrivers = lib.mkForce ["nvidia"];

--- a/modules/optional/sound.nix
+++ b/modules/optional/sound.nix
@ -1,8 +1,10 @@
 {
  lib,
+  minimal,
  pkgs,
  ...
-}: {
+}:
+lib.optionalAttrs (!minimal) {
  # Helpful utilities:
  # Show pipewire devices and application overview or specifics
  # > wpctl status; wpctl inspect <id>
--- a/modules/repo/meta.nix
+++ b/modules/repo/meta.nix
@ -5,19 +5,18 @@
 }: let
  inherit
    (lib)
-    mdDoc
    mkOption
    types
    ;
 in {
  options.node = {
    name = mkOption {
-      description = mdDoc "A unique name for this node (host) in the repository. Defines the default hostname, but this can be overwritten.";
+      description = "A unique name for this node (host) in the repository. Defines the default hostname, but this can be overwritten.";
      type = types.str;
    };

    secretsDir = mkOption {
-      description = mdDoc "Path to the secrets directory for this node.";
+      description = "Path to the secrets directory for this node.";
      type = types.path;
    };
  };
--- a/nix/hosts.nix
+++ b/nix/hosts.nix
@ -12,15 +12,15 @@ inputs: let
    ;

  # Creates a new nixosSystem with the correct specialArgs, pkgs and name definition
-  mkHost = name: system: let
-    pkgs = self.pkgs.${system};
+  mkHost = {minimal}: name: hostCfg: let
+    pkgs = self.pkgs.${hostCfg.system};
  in
    nixosSystem {
      specialArgs = {
        # Use the correct instance lib that has our overlays
        inherit (pkgs) lib;
        inherit (self) nodes;
-        inherit inputs;
+        inherit inputs minimal;
      };
      modules = [
        {
@ -28,7 +28,7 @@ inputs: let
          # inputs.nixpkgs.nixosModules.readOnlyPkgs, since some nixosModules
          # like nixseparatedebuginfod depend on adding packages via nixpkgs.overlays.
          # So we just mimic the options and overlays defined by the passed pkgs set.
-          nixpkgs.hostPlatform = system;
+          nixpkgs.hostPlatform = hostCfg.system;
          nixpkgs.overlays = pkgs.overlays;
          nixpkgs.config = pkgs.config;
          node.name = name;
@ -45,7 +45,8 @@ inputs: let
  # Get all hosts of type "nixos"
  nixosHosts = filterAttrs (_: x: x.type == "nixos") hosts;
  # Process each nixosHosts declaration and generatea nixosSystem definitions
-  nixosConfigurations = flip mapAttrs nixosHosts (name: hostCfg: mkHost name hostCfg.system);
+  nixosConfigurations = flip mapAttrs nixosHosts (mkHost {minimal = false;});
+  nixosConfigurationsMinimal = flip mapAttrs nixosHosts (mkHost {minimal = true;});

  # True NixOS nodes can define additional microvms (guest nodes) that are built
  # together with the true host. We collect all defined microvm nodes
@ -59,5 +60,6 @@ in {
    hosts
    microvmConfigurations
    nixosConfigurations
+    nixosConfigurationsMinimal
    ;
 }
--- a/users/myuser/default.nix
+++ b/users/myuser/default.nix
@ -1,10 +1,13 @@
 {
  config,
+  lib,
  pkgs,
+  minimal,
  ...
 }: let
  myuser = config.repo.secrets.global.myuser.name;
-in {
+in
+  lib.optionalAttrs (!minimal) {
    users.groups.${myuser}.gid = config.users.users.${myuser}.uid;
    users.users.${myuser} = {
      uid = 1000;
@ -51,4 +54,4 @@ in {
        username = config.users.users.${myuser}.name;
      };
    };
-}
+  }
--- a/users/myuser/graphical/default.nix
+++ b/users/myuser/graphical/default.nix
@ -37,6 +37,9 @@
      zathura
    ];

+    # TODO audible bell in qt pinentry drives me nuts
+    # TODO secureboot -> use pam yubikey login
+    # TODO keyboard stays lit on poweroff -> add systemd service to disable it on shutdown
    # TODO on neogit close do neotree update
    # TODO kitty terminfo missing with ssh root@localhost
    # TODO nix repl cltr+del doesnt work