From df9e409448c0dc579cd69dc6b5d92949d854787e Mon Sep 17 00:00:00 2001 From: Filippo Berto Date: Mon, 12 Dec 2022 21:25:26 +0100 Subject: [PATCH] --wip-- [skip ci] --- flake.lock | 96 ++++++++--- flake.nix | 323 ++++++++++++++++++------------------ hm_modules/helix.nix | 2 +- hm_modules/latex.nix | 2 +- hm_modules/office.nix | 2 +- nixos_modules/nix-serve.nix | 43 +++++ odin/hm.nix | 2 +- thor/hm.nix | 2 +- 8 files changed, 276 insertions(+), 196 deletions(-) create mode 100644 nixos_modules/nix-serve.nix diff --git a/flake.lock b/flake.lock index 8ddaaa4..f69f364 100644 --- a/flake.lock +++ b/flake.lock @@ -1,6 +1,42 @@ { "nodes": { + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs", + "utils": "utils" + }, + "locked": { + "lastModified": 1668797197, + "narHash": "sha256-0w6iD3GSSQbIeSFVDzAAQZB+hDq670ZTms3d9XI+BtM=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "2a3c5f70eee04a465aa534d8bd4fcc9bb3c4a8ce", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1648199409, + "narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "64a525ee38886ab9028e6f61790de0832aa3ef03", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1668681692, @@ -79,7 +115,7 @@ "flake-utils" ], "nixpkgs": [ - "nixpkgs-u" + "nixpkgs" ], "pre-commit-hooks": "pre-commit-hooks" }, @@ -114,16 +150,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1670355658, - "narHash": "sha256-5q+lrQ11d1gJHYiYfaxvrlLu8sQw3TYbZJR9mKvOaI8=", + "lastModified": 1648219316, + "narHash": "sha256-Ctij+dOi0ZZIfX5eMhgwugfvB+WZSrvVNAyAuANOsnQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b9279279bd5abe3cbd08fee1275de3036487d489", + "rev": "30d3d79b7d3607d56546dd2a6b49e156ba0ec634", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-22.11", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -160,6 +196,22 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1670355658, + "narHash": "sha256-5q+lrQ11d1gJHYiYfaxvrlLu8sQw3TYbZJR9mKvOaI8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b9279279bd5abe3cbd08fee1275de3036487d489", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-22.11", + "repo": "nixpkgs", + "type": "github" + } + }, "pre-commit-hooks": { "inputs": { "flake-utils": [ @@ -187,13 +239,13 @@ }, "pre-commit-hooks_2": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "flake-utils": [ "flake-utils" ], "gitignore": "gitignore", "nixpkgs": [ - "nixpkgs-u" + "nixpkgs" ], "nixpkgs-stable": "nixpkgs-stable" }, @@ -213,36 +265,28 @@ }, "root": { "inputs": { + "deploy-rs": "deploy-rs", "flake-utils": "flake-utils", "home-manager": "home-manager", "nix-rice": "nix-rice", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "nixpkgs-u": "nixpkgs-u", - "pre-commit-hooks": "pre-commit-hooks_2", - "tex2nix": "tex2nix" + "pre-commit-hooks": "pre-commit-hooks_2" } }, - "tex2nix": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs-u" - ] - }, + "utils": { "locked": { - "lastModified": 1665144382, - "narHash": "sha256-CCnC3YsQCGoKIGdMND+pr5Rl7nufT1Krv1TZPBIEm8o=", - "owner": "Mic92", - "repo": "tex2nix", - "rev": "068e8655c754783d86f442f887f2e92305d9bd4a", + "lastModified": 1648297722, + "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade", "type": "github" }, "original": { - "owner": "Mic92", - "repo": "tex2nix", + "owner": "numtide", + "repo": "flake-utils", "type": "github" } } diff --git a/flake.nix b/flake.nix index c2ec926..e6ba4d4 100644 --- a/flake.nix +++ b/flake.nix @@ -4,7 +4,6 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/release-22.11"; nixpkgs-u.url = "github:NixOS/nixpkgs/nixos-unstable"; - home-manager = { url = "github:nix-community/home-manager/release-22.05"; inputs.nixpkgs.follows = "nixpkgs"; @@ -13,39 +12,28 @@ # url = "github:nix-community/home-manager"; # inputs.nixpkgs.follows = "nixpkgs-u"; # }; - + deploy-rs.url = "github:serokell/deploy-rs"; flake-utils.url = "github:numtide/flake-utils"; + # nixos-generators.url = "github:nix-community/nixos-generators"; nixos-hardware.url = "github:NixOS/nixos-hardware"; - - nix-rice = { - url = "github:bertof/nix-rice"; - inputs = { nixpkgs.follows = "nixpkgs-u"; flake-utils.follows = "flake-utils"; }; - }; - pre-commit-hooks = { - url = "github:cachix/pre-commit-hooks.nix"; - inputs = { nixpkgs.follows = "nixpkgs-u"; flake-utils.follows = "flake-utils"; }; - }; - tex2nix = { - url = "github:Mic92/tex2nix"; - inputs = { nixpkgs.follows = "nixpkgs-u"; flake-utils.follows = "flake-utils"; }; - }; + nix-rice = { url = "github:bertof/nix-rice"; inputs = { nixpkgs.follows = "nixpkgs"; flake-utils.follows = "flake-utils"; }; }; + pre-commit-hooks = { url = "github:cachix/pre-commit-hooks.nix"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; }; outputs = { self , nixpkgs - , home-manager , nixpkgs-u - # , home-manager-u + , home-manager + , deploy-rs , flake-utils + # , nixos-generators , nixos-hardware - , tex2nix , nix-rice , pre-commit-hooks }: let - - defaultConfig = { + config = { allowUnfree = true; extraOptions = "experimental-features = nix-command flakes"; permittedInsecurePackages = [ @@ -54,19 +42,17 @@ ]; }; - overlaysBuilder = { system }: [ + overlays = [ # Packages - (_: _: { stable = pkgs { inherit system; }; unstable = pkgs-u { inherit system; }; }) + # (_: _: { stable = import nixpkgs { inherit config overlays; }; unstable = import nixpkgs-u { inherit config overlays; }; }) # Nix rice - (nix-rice.overlays.default) + nix-rice.overlays.default (import ./rice.nix) # Flakes packages (final: _: { - inherit (tex2nix.packages.${system}) tex2nix; clipedit = final.callPackage ./custom/clipedit { }; - update-background = final.callPackage ./custom/update-background { backgrounds_directory = "$HOME/Immagini/Sfondi/1080+/1440+"; }; @@ -80,160 +66,167 @@ }) ]; - modulesBuilder = { system, config ? defaultConfig }: - let overlays = overlaysBuilder { inherit system; }; in - [ - # Nix configuration - ({ pkgs, ... }: { - nixpkgs = { inherit system overlays config; }; - nix = { - package = pkgs.nixVersions.stable; - extraOptions = "experimental-features = nix-command flakes"; + basic = with flake-utils.lib; eachDefaultSystem (system: + let pkgs = import nixpkgs-u { inherit system config overlays; }; in + { + formatter = pkgs.nixpkgs-fmt; + + checks = { + pre-commit-check = pre-commit-hooks.lib.${system}.run { + src = ./.; + hooks = { nixpkgs-fmt.enable = true; nix-linter.enable = true; }; }; - }) + }; - # Home manager configuration - home-manager.nixosModules.home-manager - ({ home-manager = { useGlobalPkgs = true; useUserPackages = true; }; }) + devShells.default = pkgs.mkShell { + buildInputs = with pkgs; [ + deploy-rs.packages.${system}.deploy-rs + ]; + shellHook = '' + ${self.checks.${system}.pre-commit-check.shellHook} + ''; + }; + }); - # Common modules - ./nixos_modules/bertof_user.nix - ./nixos_modules/automatic-garbage-collection.nix - ./nixos_modules/automatic-upgrade.nix - ./nixos_modules/zerotier.nix - ]; + commonModules = [ + # Nix configuration + ({ pkgs, ... }: { + nixpkgs = { inherit overlays config; }; + nix = { + package = pkgs.nixVersions.stable; + extraOptions = "experimental-features = nix-command flakes"; + # registry = { + # stable = { + # from = { + # # id = "stable"; + # type = "indirect"; + # }; + # flake = nixpkgs; + # to = { owner = "nixos"; repo = "nixpkgs"; type = "github"; }; + # }; + # }; + }; + }) - pkgs = { system, config ? defaultConfig }: - let overlays = overlaysBuilder { inherit system; }; in - import nixpkgs { inherit system config overlays; }; - pkgs-u = { system, config ? defaultConfig }: - let overlays = overlaysBuilder { inherit system; }; in - import nixpkgs-u { inherit system config overlays; }; + # Home manager configuration + home-manager.nixosModules.home-manager + { home-manager = { useGlobalPkgs = true; useUserPackages = true; }; } - odinBaseModules = [ - ./odin/hardware-configuration.nix - nixos-hardware.nixosModules.common-cpu-intel - nixos-hardware.nixosModules.common-pc-laptop - nixos-hardware.nixosModules.common-pc-laptop-ssd - ./odin/common_configuration.nix - - ./nixos_modules/pro_audio.nix - ./nixos_modules/sesar.nix + ./nixos_modules/bertof_user.nix + ./nixos_modules/automatic-garbage-collection.nix + ./nixos_modules/automatic-upgrade.nix + ./nixos_modules/zerotier.nix ]; - odinIntelModules = [ ./odin/configuration-intel.nix ]; - odinNvidiaModules = [ ./odin/configuration-nvidia.nix ]; - odinIntelBuilder = { extraModules ? [ ] }: - nixpkgs.lib.nixosSystem rec { - system = "x86_64-linux"; - modules = (modulesBuilder { inherit system; }) - ++ odinBaseModules ++ odinIntelModules - ++ [{ home-manager.users.bertof = import ./odin/hm.nix; }] - ++ extraModules; - }; - odinNvidiaBuilder = { extraModules ? [ ] }: - nixpkgs.lib.nixosSystem rec { - system = "x86_64-linux"; - modules = (modulesBuilder { inherit system; config = defaultConfig // { cudaSupport = true; }; }) - ++ odinBaseModules ++ odinNvidiaModules - ++ [{ home-manager.users.bertof = import ./odin/hm.nix; }] - ++ extraModules; - }; + thorConfig = { + nixosConfigurations = { + thor = nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + modules = commonModules ++ [ + { nixpkgs.config = config // { cudaSupport = true; }; } + ./thor/hardware-configuration.nix + nixos-hardware.nixosModules.common-cpu-amd + nixos-hardware.nixosModules.common-pc-ssd + ./thor/configuration.nix - thorBaseModules = [ - ./thor/hardware-configuration.nix - nixos-hardware.nixosModules.common-cpu-amd - nixos-hardware.nixosModules.common-pc-ssd - ./thor/configuration.nix + ./nixos_modules/pro_audio.nix + ./nixos_modules/sesar.nix + ./nixos_modules/pentablet.nix - ./nixos_modules/pro_audio.nix - ./nixos_modules/sesar.nix - ./nixos_modules/pentablet.nix - ]; - thorBuilder = { extraModules ? [ ] }: - nixpkgs.lib.nixosSystem rec { - system = "x86_64-linux"; - modules = (modulesBuilder { inherit system; config = defaultConfig // { cudaSupport = true; }; }) - ++ thorBaseModules - ++ [{ home-manager.users.bertof = import ./thor/hm.nix; }] - ++ extraModules; - }; - - lokiBaseModules = [ - ./loki/hardware-configuration.nix - nixos-hardware.nixosModules.common-cpu-intel - nixos-hardware.nixosModules.common-pc-ssd - ./loki/configuration.nix - ]; - lokiBuilder = { extraModules ? [ ] }: - nixpkgs.lib.nixosSystem rec { - system = "x86_64-linux"; - modules = (modulesBuilder { inherit system; }) - ++ lokiBaseModules - ++ [{ home-manager.users.bertof = import ./loki/hm.nix; }] - ++ extraModules; - }; - - freyaBaseModules = [ - # ./freya/hardware-configuration.nix - nixos-hardware.nixosModules.raspberry-pi."4" - ./freya/configuration.nix - ]; - freyaBuilder = { extraModules ? [ ] }: - nixpkgs.lib.nixosSystem rec { - system = "x86_64-linux"; - modules = (modulesBuilder { inherit system; }) - ++ freyaBaseModules - ++ [{ home-manager.users.bertof = import ./freya/hm.nix; }] - ++ extraModules; - }; - - baldurBaseModules = [ ./baldur/configuration.nix ]; - balurBuilder = { extraModules ? [ ] }: - nixpkgs.lib.nixosSystem rec { - system = "x86_64-linux"; - modules = (modulesBuilder { inherit system; }) - ++ baldurBaseModules - ++ [{ home-manager.users.bertof = import ./baldur/hm.nix; }] - ++ extraModules; - }; - in - (flake-utils.lib.eachDefaultSystem (system: rec { - packages = pkgs-u { inherit system; }; - - formatter = (pkgs-u { inherit system; }).nixpkgs-fmt; - - checks = { - pre-commit-check = pre-commit-hooks.lib.${system}.run { - src = ./.; - hooks = { - nixpkgs-fmt.enable = true; - nix-linter.enable = true; + { home-manager.users.bertof = import ./thor/hm.nix; } + ]; }; }; }; - devShells.default = packages.mkShell { - shellHook = '' - ${self.checks.${system}.pre-commit-check.shellHook} - ''; + odinConfig = { + nixosConfigurations = + let + odinCommonModules = [ + nixos-hardware.nixosModules.common-cpu-intel + nixos-hardware.nixosModules.common-pc-laptop + nixos-hardware.nixosModules.common-pc-laptop-ssd + ./odin/hardware-configuration.nix + ./odin/common_configuration.nix + + ./nixos_modules/pro_audio.nix + ./nixos_modules/sesar.nix + ./nixos_modules/pentablet.nix + + { home-manager.users.bertof = import ./odin/hm.nix; } + ]; + in + rec { + odin-nvidia = nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + modules = commonModules ++ odinCommonModules ++ [ + { nixpkgs.config = config // { cudaSupport = true; }; } + ./odin/configuration-nvidia.nix + ]; + }; + + odin-intel = nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + modules = commonModules ++ odinCommonModules ++ [ + ./odin/configuration-intel.nix + ]; + }; + + odin = odin-intel; + }; }; - })) // { - nixosConfigurations = rec { - thor = thorBuilder { }; - - odin = odin-intel; - odin-intel = odinIntelBuilder { }; - odin-nvidia = odinNvidiaBuilder { }; - - loki = lokiBuilder { }; - # loki-stable = lokiStable [ ./nixos_modules/dnsmasq.nix ]; - # loki-k3s = lokiStable [ ./nixos_modules/k3s.nix ]; - # loki-unstable = lokiUnstable [ ]; - - freya = freyaBuilder { }; - baldur = balurBuilder { }; + freyaConfig = { + nixosConfigurations = rec { + freya = nixpkgs.lib.nixosSystem rec { + system = "aarch64-linux"; + modules = commonModules ++ [ + nixos-hardware.nixosModules.raspberry-pi."4" + ./freya/hardware-configuration.nix + ./freya/configuration.nix + { home-manager.users.bertof = import ./freya/hm.nix; } + ]; + }; + }; }; - }; + + baldurConfig = { + nixosConfigurations = rec { + baldur = nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + modules = commonModules ++ [ + # nixos-hardware.nixosModules.common-cpu-amd + # nixos-hardware.nixosModules.common-pc-ssd + ./baldur/hardware-configuration.nix + ./baldur/configuration.nix + { home-manager.users.bertof = import ./baldur/hm.nix; } + ]; + }; + }; + }; + + lokiConfig = { + nixosConfigurations = rec { + loki = nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + modules = commonModules ++ [ + nixos-hardware.nixosModules.common-cpu-intel + nixos-hardware.nixosModules.common-pc-ssd + ./loki/hardware-configuration.nix + ./loki/configuration.nix + { home-manager.users.bertof = import ./loki/hm.nix; } + ]; + }; + }; + }; + + in + builtins.foldl' nixpkgs.lib.recursiveUpdate { } [ + basic + thorConfig + odinConfig + freyaConfig + baldurConfig + lokiConfig + ]; } diff --git a/hm_modules/helix.nix b/hm_modules/helix.nix index aafdbf0..8b95b7b 100644 --- a/hm_modules/helix.nix +++ b/hm_modules/helix.nix @@ -39,7 +39,7 @@ ]; programs.helix = { enable = true; - package = pkgs.unstable.helix; + # package = pkgs.helix; languages = [ ]; settings = { theme = "ayu_mirage"; diff --git a/hm_modules/latex.nix b/hm_modules/latex.nix index 90cf8a2..2af3291 100644 --- a/hm_modules/latex.nix +++ b/hm_modules/latex.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { home.packages = with pkgs; [ bibtool - tex2nix + # tex2nix texlab texlive.combined.scheme-medium ]; diff --git a/hm_modules/office.nix b/hm_modules/office.nix index eea0fd4..96271d9 100644 --- a/hm_modules/office.nix +++ b/hm_modules/office.nix @@ -1,5 +1,5 @@ { pkgs, ... }: { - home.packages = with pkgs.unstable; [ + home.packages = with pkgs; [ libreoffice-fresh # onlyoffice-bin hunspellDicts.en_GB-large diff --git a/nixos_modules/nix-serve.nix b/nixos_modules/nix-serve.nix new file mode 100644 index 0000000..e936aef --- /dev/null +++ b/nixos_modules/nix-serve.nix @@ -0,0 +1,43 @@ +{ config, lib, ... }: + +let + user_keys = user: lib.optionals + (builtins.hasAttr "bertof" config.users.users) + config.users.users.${user}.openssh.authorizedKeys.keys; +in +{ + # nix.buildMachines + nix.distributedBuilds = true; + + nix.sshServe = { + enable = true; + keys = user_keys "bertof"; + write = true; + protocol = "ssh-ng"; + }; + + services.nix-serve = { + enable = true; + openFirewall = true; + secretKeyFile = "/etc/nix/serve"; + }; + + nix.settings = { + trusted-users = [ "root" "nix-ssh" "@wheel" ]; + trusted-public-keys = [ + "odin:ukZZy//P0nBAcy4ycX8eYCByRJFOfJRlfW4sYjP/rGE=" + "loki:jVAH1bQugXdQ1w29lvVknyPqWwmAn7WhjKf7z4t+q7E=" + ]; + substituters = [ + # "https://192.168.0.10" + # "https://192.168.0.100" + # "ssh-ng://loki.local" + # "ssh-ng://odin.local" + # "ssh-ng://192.168.0.10" + # "ssh-ng://192.168.0.100" + ]; + # trusted-substituters = [ + # ]; + }; + +} diff --git a/odin/hm.nix b/odin/hm.nix index 7b5d380..8180721 100644 --- a/odin/hm.nix +++ b/odin/hm.nix @@ -65,7 +65,7 @@ teams thunderbird transmission-gtk - unstable.firefox + firefox virt-manager virt-viewer # wineFull diff --git a/thor/hm.nix b/thor/hm.nix index d24e569..d6afd19 100644 --- a/thor/hm.nix +++ b/thor/hm.nix @@ -67,7 +67,7 @@ teams thunderbird transmission-gtk - unstable.firefox + firefox virt-manager virt-viewer # wineFull