Changes to nutmeg and flake.nix

This commit is contained in:
niten 2021-11-19 10:26:10 -08:00
parent c2b16c0342
commit 08b2da1b6f
8 changed files with 137 additions and 93 deletions

View File

@ -272,11 +272,19 @@ in {
};
interfaces.eno2 = {
ipv4.addresses = [{
address = "208.81.4.82";
prefixLength = 29;
}];
ipv4.addresses = [
{
address = "208.81.4.82";
prefixLength = 29;
}
{
address = "208.81.1.141";
prefixLength = 32;
}
];
};
firewall.enable = false;
};
services = {

View File

@ -1,21 +1,19 @@
{ config, lib, pkgs, ... }:
{
config = {
fudo.slynk.enable = true;
fudo.slynk.enable = true;
networking = {
interfaces = {
extif0 = { useDHCP = true; };
};
};
i18n.inputMethod = {
enabled = "fcitx5";
fcitx5.addons = with pkgs; [
fcitx5-chinese-addons
fcitx5-rime
];
networking = {
interfaces = {
extif0 = { useDHCP = true; };
};
};
i18n.inputMethod = {
enabled = "fcitx5";
fcitx5.addons = with pkgs; [
fcitx5-chinese-addons
fcitx5-rime
];
};
}

View File

@ -2,12 +2,12 @@
with lib;
let
syslib = pkgs.callPackage ../lib/hosts.nix {};
syslib = pkgs.callPackage ../lib/system.nix {};
in {
config.fudo.hosts = let
build-seed = config.instance.build-seed;
base-config = syslib.base-host-config ./hosts;
base-config = syslib.hosts ./hosts;
in mapAttrs (hostname: base-config:
base-config // {
backplane-password-file =

View File

@ -3,7 +3,7 @@
enable-gui = false;
rp = "niten";
admin-email = "niten@fudo.org";
domain = "sea.fudo.org";
domain = "mobile.fudo.org";
site = "mobile";
profile = "laptop";
arch = "x86_64-linux";

View File

@ -4,7 +4,5 @@ with lib;
{
imports = [ ./common-ui.nix ];
config = {
networking.networkmanager.enable = mkForce false;
};
networking.networkmanager.enable = mkForce false;
}

118
flake.nix
View File

@ -11,64 +11,92 @@
fudo-secrets.url = "path:/state/secrets";
};
outputs = { self, nixpkgs, fudo-home, fudo-pkgs, fudo-secrets, ... }: let
hostlib = import ./lib/hosts.nix { lib = nixpkgs.lib; };
outputs = { self, nixpkgs, fudo-home, fudo-pkgs, fudo-secrets, ... }:
with nixpkgs.lib;
let
sys-lib = import ./lib/system.nix { lib = nixpkgs.lib; };
fudo-nix-hosts = nixpkgs.lib.filterAttrs (hostname: hostOpts:
hostOpts.nixos-system) (hostlib.base-host-config ./config/hosts);
in {
fudoHosts = fudo-nix-hosts;
fudo-nix-hosts = nixpkgs.lib.filterAttrs
(hostname: hostOpts: hostOpts.nixos-system)
(sys-lib.hosts ./config/hosts);
nixosConfigurations = let
fudo-networks = sys-lib.networks ./config/networks;
in {
fudoHosts = fudo-nix-hosts;
build-timestamp = self.sourceInfo.lastModified;
fudoNetworks = fudo-networks;
pkgs-for = arch: import nixpkgs {
system = arch;
config = {
allowUnfree = true;
permittedInsecurePackages = [
"openssh-with-gssapi-8.4p1"
];
};
overlays = [
fudo-pkgs.overlay
(import ./lib/overlay.nix)
nixosModule = {
imports = [
./lib
];
};
in nixpkgs.lib.mapAttrs (hostname: hostOpts: let
system = hostOpts.arch;
site = hostOpts.site;
domain = hostOpts.domain;
profile = hostOpts.profile;
in nixpkgs.lib.nixosSystem {
inherit system;
modules = let
config-path = ./config;
in [
fudo-home.nixosModule
fudo-secrets.nixosModule
./lib
./config
nixosConfigurations = let
(config-path + /hardware/${hostname}.nix)
(config-path + /host-config/${hostname}.nix)
(config-path + /profile-config/${profile}.nix)
(config-path + /domain-config/${domain}.nix)
(config-path + /site-config/${site}.nix)
({ config, ... }: {
build-timestamp = self.sourceInfo.lastModified;
pkgs-for = arch: import nixpkgs {
system = arch;
config = {
allowUnfree = true;
permittedInsecurePackages = [
"openssh-with-gssapi-8.4p1"
];
};
overlays = [
fudo-pkgs.overlay
(import ./lib/overlay.nix)
];
};
in mapAttrs (hostname: hostOpts: let
system = hostOpts.arch;
site = hostOpts.site;
domain = hostOpts.domain;
profile = hostOpts.profile;
in nixosSystem {
inherit system;
modules = let
config-path = ./config;
in [
fudo-home.nixosModule
fudo-secrets.nixosModule
({ config, ... }: let
network-hosts = config.fudo.networks.${domain}.hosts;
host-filesystem-keys =
config.fudo.secrets.files.host-filesystem-keys;
in {
imports = [
./lib
./config
(config-path + /hardware/${hostname}.nix)
(config-path + /host-config/${hostname}.nix)
(config-path + /profile-config/${profile}.nix)
(config-path + /domain-config/${domain}.nix)
(config-path + /site-config/${site}.nix)
];
instance = {
inherit hostname build-timestamp;
build-seed = builtins.readFile
config.fudo.secrets.files.build-seed;
};
nixpkgs.pkgs = pkgs-for system;
};
})
];
}) fudo-nix-hosts;
};
# deployment = {
# targetHost =
# network-hosts.${hostname}.ipv4-address;
# keys = if (hasAttr hostname host-filesystem-keys) then
# mapAttrs (secret: secret-file: {
# keyFile = secret-file;
# user = "root";
# permissions = "0400";
# }) host-filesystem-keys.${hostname}
# else {};
# };
})
];
}) fudo-nix-hosts;
};
}

View File

@ -1,24 +0,0 @@
{ lib, ... }:
with lib;
let
hostname-from-file = filename: builtins.replaceStrings [".nix"] [""] filename;
is-nix-file = filename: type: (builtins.match ".+\.nix$" filename) != null;
is-regular-file = filename: type: type == "regular" || type == "link";
host-files = host-path:
attrNames
(filterAttrs is-nix-file
(filterAttrs is-regular-file
(builtins.readDir host-path)));
hosts = host-path:
map hostname-from-file (host-files host-path);
in {
base-host-config = host-path: let
load-host-file = hostname: import (host-path + "/${hostname}.nix");
in genAttrs (hosts host-path) (hostname: load-host-file hostname);
host-list = host-path: hosts host-path;
}

36
lib/system.nix Normal file
View File

@ -0,0 +1,36 @@
{ lib, ... }:
with lib;
let
head-or-null = lst: if (lst == []) then null else head lst;
is-regular-file = filename: type: type == "regular" || type == "link";
regular-files = path: filterAttrs is-regular-file (builtins.readDir path);
matches-ext = ext: filename: type: (builtins.match ".+[.]${ext}$" filename) != null;
is-nix-file = matches-ext "nix";
strip-ext = ext: filename: head-or-null (builtins.match "(.+)[.]${ext}$" filename);
get-ext = filename: head-or-null (builtins.match "^.+[.](.+)$" filename);
hostname-from-file = filename: strip-ext "nix";
nix-files = path:
attrNames
(filterAttrs is-nix-file
(filterAttrs is-regular-file
(builtins.readDir path)));
basename-to-file = path: let
files = nix-files path;
in listToAttrs
(map (file:
nameValuePair (strip-ext "nix" file)
(path + "/${file}"))
files);
basename-import = path:
mapAttrs (attr: attr-file: import attr-file)
(basename-to-file path);
in {
hosts = host-path: basename-import host-path;
networks = network-path: basename-import network-path;
}