home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

commit 10b8e12deef9c0a3e1bd82d055c0200c4fb2cb87
parent 67a72b31d165df5ac63c0b863393b85cf35a9cff
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Fri, 18 Dec 2020 16:37:24 +0100

flake: start populating profiles.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Mflake.nix | 3+++
Msystems/hosts/foo.flake.nix | 38++------------------------------------
Msystems/profiles/base.nix | 49+++++++++++++++++++++++++++++++++++++++++++++----
Msystems/profiles/default.nix | 1+
Msystems/profiles/desktop.nix | 21++++++++++++++++++++-
Asystems/profiles/home.nix | 39+++++++++++++++++++++++++++++++++++++++
6 files changed, 110 insertions(+), 41 deletions(-)

diff --git a/flake.nix b/flake.nix @@ -211,6 +211,7 @@ (self.overlay."${system}") (_: _: import inputs.gitignore-nix { lib = inputs.nixpkgs.lib; }) (import ./nix/overlays/infra.nix) + (import ./nix/overlays/mkSecret.nix) ]); }; @@ -271,9 +272,11 @@ pkgs = pkgsBySystem."${system}"; in { + # FIXME Do I really need / want that apeStable = stablePkgsBySystem."${system}".callPackage ./nix/packages/ape { }; apeUnstable = unstablePkgsBySystem."${system}".callPackage ./nix/packages/ape { }; ape = pkgs.callPackage ./nix/packages/ape { }; + nr = pkgs.callPackage ./nix/packages/nr { }; ram = pkgs.callPackage ./nix/packages/ram { }; systemd-email = pkgs.callPackage ./nix/packages/systemd-email { }; diff --git a/systems/hosts/foo.flake.nix b/systems/hosts/foo.flake.nix @@ -12,42 +12,8 @@ let endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey; in { - - fileSystems."/" = - { - device = "/dev/mapper/root"; - fsType = "ext4"; - options = [ "noatime" "discard" ]; - }; - - boot.initrd.luks.devices = { - root = { - device = "/dev/disk/by-uuid/50d7faba-8923-4b30-88f7-40df26e02def"; - preLVM = true; - allowDiscards = true; - }; - }; - - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/0101-68DE"; - fsType = "vfat"; - }; - - swapDevices = - [{ device = "/dev/disk/by-uuid/aff86817-55ae-47ed-876a-e5a027b560ba"; }]; - - boot = { - tmpOnTmpfs = true; - plymouth.enable = true; - extraModulePackages = with pkgs.linuxPackages; [ - v4l2loopback - ]; - kernelModules = [ "v4l2loopback" ]; - extraModprobeConfig = '' - options v4l2loopback exclusive_caps=1 - ''; - }; + profiles.desktop.enable = true; + profiles.home.enable = true; environment.systemPackages = with pkgs; [ tkn ]; /* diff --git a/systems/profiles/base.nix b/systems/profiles/base.nix @@ -10,19 +10,60 @@ in }; }; config = mkIf cfg.enable { - # Use systemd-boot by default, can be overridden by configurations - boot.loader.systemd-boot.enable = mkDefault true; - # `nix-daemon` will hit the stack limit when using `nixFlakes`. - systemd.services.nix-daemon.serviceConfig."LimitSTACK" = "infinity"; + boot = { + # Enable running aarch64 binaries using qemu. + binfmt.emulatedSystems = [ "aarch64-linux" ]; + + # Clean temporary directory on boot + cleanTmpDir = true; + + loader = { + # Use systemd-boot by default, can be overridden by configurations + systemd-boot.enable = true; + + # Make memtest available as a boot option. + grub.memtest86.enable = true; + systemd-boot.memtest86.enable = true; + }; + }; + + console = { + keyMap = "fr-bepo"; + font = "Lat2-Terminus16"; + }; + environment = { + # Path to link from packages to /run/current-system/sw + pathsToLink = [ + "/share/nix-direnv" + ]; + # System packages to install, those are the absolute minimum packages required + systemPackages = with pkgs; [ + file + htop + iotop + lsof + netcat + psmisc + pv + vim + wget + ]; + # Default editor for the system is vim + # (for the users, that might change :D) variables = { EDITOR = mkOverride 0 "vim"; }; }; + + i18n.defaultLocale = "en_US.UTF-8"; + # Make sure we never remove SSH_AUTH_SOCK when reseting env through sudo security.sudo.extraConfig = '' Defaults env_keep += SSH_AUTH_SOCK ''; + # `nix-daemon` will hit the stack limit when using `nixFlakes`. + systemd.services.nix-daemon.serviceConfig."LimitSTACK" = "infinity"; # Setup a *mailer* in case of failure in systemd systemd.services."status-email-root@" = { description = "status email for %i to vincent"; diff --git a/systems/profiles/default.nix b/systems/profiles/default.nix @@ -5,6 +5,7 @@ ./base.nix ./desktop.nix ./development.nix + ./home.nix # FIXME: vpn, server, builder, … ]; diff --git a/systems/profiles/desktop.nix b/systems/profiles/desktop.nix @@ -1 +1,20 @@ -{ } +{ config, lib, pkgs, ... }: +let + inherit (lib) mkIf mkEnableOption; + cfg = config.profiles.desktop; +in +{ + options = { + profiles.desktop = { + enable = mkEnableOption "desktop configuration"; + }; + }; + config = mkIf cfg.enable { + boot = { + # /tmp to be tmpfs + tmpOnTmpfs = true; + # Enable Plymouth on desktops + plymouth.enable = true; + }; + }; +} diff --git a/systems/profiles/home.nix b/systems/profiles/home.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, ... }: +let + inherit (lib) mkIf mkEnableOption; + cfg = config.profiles.home; + + secretPath = ../../secrets/machines.nix; + secretCondition = (builtins.pathExists secretPath); + machines = lib.optionalAttrs secretCondition (import secretPath); +in +{ + options = { + profiles.home = { + enable = mkEnableOption "home configuration"; + }; + }; + config = mkIf cfg.enable { + + # Mount nfs on all systems at home… + # … if we got the secret file + fileSystems = mkIf secretCondition { + "/net/synodine.home/" = { + device = "${machines.home.ips.synodine}:/"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" ]; + } // mkIf (config.networking.hostName != "sakhalin") { + "/net/sakhalin.home/export/" = { + device = "${machines.home.ips.sakhalin}:/"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" ]; + }; + }; + }; + + # Home is in France/Paris, so set the timezone accordingly + time.timeZone = "Europe/Paris"; + + # Because we are at home, we can make assumption around the network + }; +}