diff --git a/config/host-config/nutboy3.nix b/config/host-config/nutboy3.nix index e03e0db..838cfee 100644 --- a/config/host-config/nutboy3.nix +++ b/config/host-config/nutboy3.nix @@ -272,11 +272,19 @@ in { }; interfaces.eno2 = { - ipv4.addresses = [{ - address = "208.81.4.82"; - prefixLength = 29; - }]; + ipv4.addresses = [ + { + address = "208.81.4.82"; + prefixLength = 29; + } + { + address = "208.81.1.141"; + prefixLength = 32; + } + ]; }; + + firewall.enable = false; }; services = { diff --git a/config/host-config/spark.nix b/config/host-config/spark.nix index b9881ac..e52d8a2 100644 --- a/config/host-config/spark.nix +++ b/config/host-config/spark.nix @@ -1,21 +1,19 @@ { config, lib, pkgs, ... }: { - config = { - fudo.slynk.enable = true; + fudo.slynk.enable = true; - networking = { - interfaces = { - extif0 = { useDHCP = true; }; - }; - }; - - i18n.inputMethod = { - enabled = "fcitx5"; - fcitx5.addons = with pkgs; [ - fcitx5-chinese-addons - fcitx5-rime - ]; + networking = { + interfaces = { + extif0 = { useDHCP = true; }; }; }; + + i18n.inputMethod = { + enabled = "fcitx5"; + fcitx5.addons = with pkgs; [ + fcitx5-chinese-addons + fcitx5-rime + ]; + }; } diff --git a/config/hosts.nix b/config/hosts.nix index d2e2d5e..adeb744 100644 --- a/config/hosts.nix +++ b/config/hosts.nix @@ -2,12 +2,12 @@ with lib; let - syslib = pkgs.callPackage ../lib/hosts.nix {}; + syslib = pkgs.callPackage ../lib/system.nix {}; in { config.fudo.hosts = let build-seed = config.instance.build-seed; - base-config = syslib.base-host-config ./hosts; + base-config = syslib.hosts ./hosts; in mapAttrs (hostname: base-config: base-config // { backplane-password-file = diff --git a/config/hosts/atom.nix b/config/hosts/atom.nix index 08e059e..c59dbca 100644 --- a/config/hosts/atom.nix +++ b/config/hosts/atom.nix @@ -3,7 +3,7 @@ enable-gui = false; rp = "niten"; admin-email = "niten@fudo.org"; - domain = "sea.fudo.org"; + domain = "mobile.fudo.org"; site = "mobile"; profile = "laptop"; arch = "x86_64-linux"; diff --git a/config/profile-config/desktop.nix b/config/profile-config/desktop.nix index ca0d5d8..f3adc22 100644 --- a/config/profile-config/desktop.nix +++ b/config/profile-config/desktop.nix @@ -4,7 +4,5 @@ with lib; { imports = [ ./common-ui.nix ]; - config = { - networking.networkmanager.enable = mkForce false; - }; + networking.networkmanager.enable = mkForce false; } diff --git a/flake.nix b/flake.nix index d5ea178..76e4308 100644 --- a/flake.nix +++ b/flake.nix @@ -11,64 +11,92 @@ fudo-secrets.url = "path:/state/secrets"; }; - outputs = { self, nixpkgs, fudo-home, fudo-pkgs, fudo-secrets, ... }: let - hostlib = import ./lib/hosts.nix { lib = nixpkgs.lib; }; + outputs = { self, nixpkgs, fudo-home, fudo-pkgs, fudo-secrets, ... }: + with nixpkgs.lib; + let + sys-lib = import ./lib/system.nix { lib = nixpkgs.lib; }; - fudo-nix-hosts = nixpkgs.lib.filterAttrs (hostname: hostOpts: - hostOpts.nixos-system) (hostlib.base-host-config ./config/hosts); - in { - fudoHosts = fudo-nix-hosts; + fudo-nix-hosts = nixpkgs.lib.filterAttrs + (hostname: hostOpts: hostOpts.nixos-system) + (sys-lib.hosts ./config/hosts); - nixosConfigurations = let + fudo-networks = sys-lib.networks ./config/networks; + in { + fudoHosts = fudo-nix-hosts; - build-timestamp = self.sourceInfo.lastModified; + fudoNetworks = fudo-networks; - pkgs-for = arch: import nixpkgs { - system = arch; - config = { - allowUnfree = true; - permittedInsecurePackages = [ - "openssh-with-gssapi-8.4p1" - ]; - }; - overlays = [ - fudo-pkgs.overlay - (import ./lib/overlay.nix) + nixosModule = { + imports = [ + ./lib ]; }; - in nixpkgs.lib.mapAttrs (hostname: hostOpts: let - system = hostOpts.arch; - site = hostOpts.site; - domain = hostOpts.domain; - profile = hostOpts.profile; - in nixpkgs.lib.nixosSystem { - inherit system; - modules = let - config-path = ./config; - in [ - fudo-home.nixosModule - fudo-secrets.nixosModule - ./lib - ./config + nixosConfigurations = let - (config-path + /hardware/${hostname}.nix) - (config-path + /host-config/${hostname}.nix) - (config-path + /profile-config/${profile}.nix) - (config-path + /domain-config/${domain}.nix) - (config-path + /site-config/${site}.nix) - ({ config, ... }: { + build-timestamp = self.sourceInfo.lastModified; + + pkgs-for = arch: import nixpkgs { + system = arch; config = { + allowUnfree = true; + permittedInsecurePackages = [ + "openssh-with-gssapi-8.4p1" + ]; + }; + overlays = [ + fudo-pkgs.overlay + (import ./lib/overlay.nix) + ]; + }; + in mapAttrs (hostname: hostOpts: let + system = hostOpts.arch; + site = hostOpts.site; + domain = hostOpts.domain; + profile = hostOpts.profile; + in nixosSystem { + inherit system; + + modules = let + config-path = ./config; + in [ + fudo-home.nixosModule + fudo-secrets.nixosModule + + ({ config, ... }: let + network-hosts = config.fudo.networks.${domain}.hosts; + host-filesystem-keys = + config.fudo.secrets.files.host-filesystem-keys; + in { + imports = [ + ./lib + ./config + (config-path + /hardware/${hostname}.nix) + (config-path + /host-config/${hostname}.nix) + (config-path + /profile-config/${profile}.nix) + (config-path + /domain-config/${domain}.nix) + (config-path + /site-config/${site}.nix) + ]; instance = { inherit hostname build-timestamp; build-seed = builtins.readFile config.fudo.secrets.files.build-seed; }; - nixpkgs.pkgs = pkgs-for system; - }; - }) - ]; - }) fudo-nix-hosts; - }; + # deployment = { + # targetHost = + # network-hosts.${hostname}.ipv4-address; + + # keys = if (hasAttr hostname host-filesystem-keys) then + # mapAttrs (secret: secret-file: { + # keyFile = secret-file; + # user = "root"; + # permissions = "0400"; + # }) host-filesystem-keys.${hostname} + # else {}; + # }; + }) + ]; + }) fudo-nix-hosts; + }; } diff --git a/lib/hosts.nix b/lib/hosts.nix deleted file mode 100644 index ba83187..0000000 --- a/lib/hosts.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ lib, ... }: - -with lib; -let - hostname-from-file = filename: builtins.replaceStrings [".nix"] [""] filename; - - is-nix-file = filename: type: (builtins.match ".+\.nix$" filename) != null; - is-regular-file = filename: type: type == "regular" || type == "link"; - - host-files = host-path: - attrNames - (filterAttrs is-nix-file - (filterAttrs is-regular-file - (builtins.readDir host-path))); - - hosts = host-path: - map hostname-from-file (host-files host-path); -in { - base-host-config = host-path: let - load-host-file = hostname: import (host-path + "/${hostname}.nix"); - in genAttrs (hosts host-path) (hostname: load-host-file hostname); - - host-list = host-path: hosts host-path; -} diff --git a/lib/system.nix b/lib/system.nix new file mode 100644 index 0000000..bfb502e --- /dev/null +++ b/lib/system.nix @@ -0,0 +1,36 @@ +{ lib, ... }: + +with lib; +let + head-or-null = lst: if (lst == []) then null else head lst; + is-regular-file = filename: type: type == "regular" || type == "link"; + regular-files = path: filterAttrs is-regular-file (builtins.readDir path); + matches-ext = ext: filename: type: (builtins.match ".+[.]${ext}$" filename) != null; + is-nix-file = matches-ext "nix"; + strip-ext = ext: filename: head-or-null (builtins.match "(.+)[.]${ext}$" filename); + get-ext = filename: head-or-null (builtins.match "^.+[.](.+)$" filename); + hostname-from-file = filename: strip-ext "nix"; + nix-files = path: + attrNames + (filterAttrs is-nix-file + (filterAttrs is-regular-file + (builtins.readDir path))); + + basename-to-file = path: let + files = nix-files path; + in listToAttrs + (map (file: + nameValuePair (strip-ext "nix" file) + (path + "/${file}")) + files); + + basename-import = path: + mapAttrs (attr: attr-file: import attr-file) + (basename-to-file path); + +in { + + hosts = host-path: basename-import host-path; + + networks = network-path: basename-import network-path; +}