commit 10b8e12deef9c0a3e1bd82d055c0200c4fb2cb87
parent 67a72b31d165df5ac63c0b863393b85cf35a9cff
Author: Vincent Demeester <vincent@sbr.pm>
Date: Fri, 18 Dec 2020 16:37:24 +0100
flake: start populating profiles.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
6 files changed, 110 insertions(+), 41 deletions(-)
diff --git a/flake.nix b/flake.nix
@@ -211,6 +211,7 @@
(self.overlay."${system}")
(_: _: import inputs.gitignore-nix { lib = inputs.nixpkgs.lib; })
(import ./nix/overlays/infra.nix)
+ (import ./nix/overlays/mkSecret.nix)
]);
};
@@ -271,9 +272,11 @@
pkgs = pkgsBySystem."${system}";
in
{
+ # FIXME Do I really need / want that
apeStable = stablePkgsBySystem."${system}".callPackage ./nix/packages/ape { };
apeUnstable = unstablePkgsBySystem."${system}".callPackage ./nix/packages/ape { };
ape = pkgs.callPackage ./nix/packages/ape { };
+
nr = pkgs.callPackage ./nix/packages/nr { };
ram = pkgs.callPackage ./nix/packages/ram { };
systemd-email = pkgs.callPackage ./nix/packages/systemd-email { };
diff --git a/systems/hosts/foo.flake.nix b/systems/hosts/foo.flake.nix
@@ -12,42 +12,8 @@ let
endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey;
in
{
-
- fileSystems."/" =
- {
- device = "/dev/mapper/root";
- fsType = "ext4";
- options = [ "noatime" "discard" ];
- };
-
- boot.initrd.luks.devices = {
- root = {
- device = "/dev/disk/by-uuid/50d7faba-8923-4b30-88f7-40df26e02def";
- preLVM = true;
- allowDiscards = true;
- };
- };
-
- fileSystems."/boot" =
- {
- device = "/dev/disk/by-uuid/0101-68DE";
- fsType = "vfat";
- };
-
- swapDevices =
- [{ device = "/dev/disk/by-uuid/aff86817-55ae-47ed-876a-e5a027b560ba"; }];
-
- boot = {
- tmpOnTmpfs = true;
- plymouth.enable = true;
- extraModulePackages = with pkgs.linuxPackages; [
- v4l2loopback
- ];
- kernelModules = [ "v4l2loopback" ];
- extraModprobeConfig = ''
- options v4l2loopback exclusive_caps=1
- '';
- };
+ profiles.desktop.enable = true;
+ profiles.home.enable = true;
environment.systemPackages = with pkgs; [ tkn ];
/*
diff --git a/systems/profiles/base.nix b/systems/profiles/base.nix
@@ -10,19 +10,60 @@ in
};
};
config = mkIf cfg.enable {
- # Use systemd-boot by default, can be overridden by configurations
- boot.loader.systemd-boot.enable = mkDefault true;
- # `nix-daemon` will hit the stack limit when using `nixFlakes`.
- systemd.services.nix-daemon.serviceConfig."LimitSTACK" = "infinity";
+ boot = {
+ # Enable running aarch64 binaries using qemu.
+ binfmt.emulatedSystems = [ "aarch64-linux" ];
+
+ # Clean temporary directory on boot
+ cleanTmpDir = true;
+
+ loader = {
+ # Use systemd-boot by default, can be overridden by configurations
+ systemd-boot.enable = true;
+
+ # Make memtest available as a boot option.
+ grub.memtest86.enable = true;
+ systemd-boot.memtest86.enable = true;
+ };
+ };
+
+ console = {
+ keyMap = "fr-bepo";
+ font = "Lat2-Terminus16";
+ };
+
environment = {
+ # Path to link from packages to /run/current-system/sw
+ pathsToLink = [
+ "/share/nix-direnv"
+ ];
+ # System packages to install, those are the absolute minimum packages required
+ systemPackages = with pkgs; [
+ file
+ htop
+ iotop
+ lsof
+ netcat
+ psmisc
+ pv
+ vim
+ wget
+ ];
+ # Default editor for the system is vim
+ # (for the users, that might change :D)
variables = {
EDITOR = mkOverride 0 "vim";
};
};
+
+ i18n.defaultLocale = "en_US.UTF-8";
+
# Make sure we never remove SSH_AUTH_SOCK when reseting env through sudo
security.sudo.extraConfig = ''
Defaults env_keep += SSH_AUTH_SOCK
'';
+ # `nix-daemon` will hit the stack limit when using `nixFlakes`.
+ systemd.services.nix-daemon.serviceConfig."LimitSTACK" = "infinity";
# Setup a *mailer* in case of failure in systemd
systemd.services."status-email-root@" = {
description = "status email for %i to vincent";
diff --git a/systems/profiles/default.nix b/systems/profiles/default.nix
@@ -5,6 +5,7 @@
./base.nix
./desktop.nix
./development.nix
+ ./home.nix
# FIXME: vpn, server, builder, …
];
diff --git a/systems/profiles/desktop.nix b/systems/profiles/desktop.nix
@@ -1 +1,20 @@
-{ }
+{ config, lib, pkgs, ... }:
+let
+ inherit (lib) mkIf mkEnableOption;
+ cfg = config.profiles.desktop;
+in
+{
+ options = {
+ profiles.desktop = {
+ enable = mkEnableOption "desktop configuration";
+ };
+ };
+ config = mkIf cfg.enable {
+ boot = {
+ # /tmp to be tmpfs
+ tmpOnTmpfs = true;
+ # Enable Plymouth on desktops
+ plymouth.enable = true;
+ };
+ };
+}
diff --git a/systems/profiles/home.nix b/systems/profiles/home.nix
@@ -0,0 +1,39 @@
+{ config, lib, pkgs, ... }:
+let
+ inherit (lib) mkIf mkEnableOption;
+ cfg = config.profiles.home;
+
+ secretPath = ../../secrets/machines.nix;
+ secretCondition = (builtins.pathExists secretPath);
+ machines = lib.optionalAttrs secretCondition (import secretPath);
+in
+{
+ options = {
+ profiles.home = {
+ enable = mkEnableOption "home configuration";
+ };
+ };
+ config = mkIf cfg.enable {
+
+ # Mount nfs on all systems at home…
+ # … if we got the secret file
+ fileSystems = mkIf secretCondition {
+ "/net/synodine.home/" = {
+ device = "${machines.home.ips.synodine}:/";
+ fsType = "nfs";
+ options = [ "x-systemd.automount" "noauto" ];
+ } // mkIf (config.networking.hostName != "sakhalin") {
+ "/net/sakhalin.home/export/" = {
+ device = "${machines.home.ips.sakhalin}:/";
+ fsType = "nfs";
+ options = [ "x-systemd.automount" "noauto" ];
+ };
+ };
+ };
+
+ # Home is in France/Paris, so set the timezone accordingly
+ time.timeZone = "Europe/Paris";
+
+ # Because we are at home, we can make assumption around the network
+ };
+}