diff --git a/common.nix b/common.nix new file mode 100644 index 0000000..e11d919 --- /dev/null +++ b/common.nix @@ -0,0 +1,35 @@ +{ inputs, config, lib, pkgs, ... }: + +with lib; +with lib.my; +{ + imports = + [ inputs.home-manager.nixosModules.home-manager ]; + # ++ (mapModulesRec' (toString ./modules) import); + + nix = { + package = pkgs.nixFlakes; + extraOptions = "experimental-features = nix-command flakes"; + nixPath = [ + "nixpkgs=${inputs.nixpkgs-unstable}" + ]; + settings = { + substituters = [ + "https://nix-community.cachix.org" + "http://cache.banditlair.com" + "https://cache.nixos.org/" + ]; + trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "cache.banditlair.com:4zk7iDvzKh6VN+LxzKIGcVPKgL5dLeyEt2ydrgx4o8c=" + ]; + auto-optimise-store = true; + }; + }; + system.configurationRevision = with inputs; mkIf (self ? rev) self.rev; + + environment.systemPackages = with pkgs; [ + git + vim + ]; +} diff --git a/flake.nix b/flake.nix index 706d924..6c59fef 100644 --- a/flake.nix +++ b/flake.nix @@ -6,179 +6,38 @@ nix-doom-emacs.url = "github:nix-community/nix-doom-emacs"; }; - outputs = { self, home-manager, nixpkgs, nixpkgs-unstable, nix-doom-emacs }: + outputs = inputs @ { self, home-manager, nixpkgs, nixpkgs-unstable, ... }: let + inherit (lib.my) mapModules mapModulesRec mapHosts; + system = "x86_64-linux"; - commonModuleArgs = { pkgs, ... }: { - _module.args.pkgs-unstable = import nixpkgs-unstable { - inherit (pkgs.stdenv.targetPlatform) system; - overlays = [ (import ./overlay.nix) ]; - config.allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) [ - "corefonts" - "steam" - "steam-original" - "steam-run" - ]; - }; + + mkPkgs = pkgs: extraOverlays: import pkgs { + inherit system; + config.allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) [ + "corefonts" + "steam" + "steam-original" + "steam-run" + ]; + overlays = extraOverlays ++ (pkgs.lib.attrValues self.overlays); }; + pkgs = mkPkgs nixpkgs [ self.overlay ]; + pkgs-unstable = mkPkgs nixpkgs-unstable [ ]; + + lib = nixpkgs.lib.extend + (self: super: { my = import ./lib { inherit pkgs inputs; lib = self; }; }); in { - nixosConfigurations.nixos-desktop = nixpkgs.lib.nixosSystem { - inherit system; - specialArgs = { inherit nixpkgs; inherit nixpkgs-unstable; inherit nix-doom-emacs; }; - modules = - [ - home-manager.nixosModules.home-manager - commonModuleArgs - ./hardware/desktop.nix - ./profiles/base.nix - ./users - ( - { - networking.hostName = "nixos-desktop"; - # Allow to externally control MPD - networking.firewall.allowedTCPPorts = [ 6600 ]; + lib = lib.my; - nix.registry.nixpkgs.flake = nixpkgs; - - system.stateVersion = "19.09"; - } - ) - ]; + overlay = final: prev: { + unstable = pkgs-unstable; }; - nixosConfigurations.froidmpa-laptop = nixpkgs.lib.nixosSystem { - inherit system; - specialArgs = { inherit nixpkgs; inherit nixpkgs-unstable; inherit nix-doom-emacs; }; - modules = - [ - home-manager.nixosModules.home-manager - commonModuleArgs - ./hardware/clevo-nl51ru.nix - ./profiles/base.nix - ./users - ( - { - networking.hostName = "froidmpa-laptop"; + overlays = { my = (import ./overlay.nix); }; - nix.registry.nixpkgs.flake = nixpkgs; + nixosConfigurations = mapHosts ./hosts { }; - home-manager.users.froidmpa = { pkgs, config, ... }: { - services.network-manager-applet.enable = true; - services.blueman-applet.enable = true; - services.grobi = { - enable = true; - executeAfter = [ "${pkgs.systemd}/bin/systemctl --user restart stalonetray" "${pkgs.feh}/bin/feh --bg-fill ~/.wallpaper.png" ]; - rules = [ - { - name = "External HDMI"; - outputs_connected = [ "HDMI-1" ]; - configure_single = "HDMI-1"; - primary = true; - atomic = true; - } - { - name = "Primary"; - configure_single = "eDP"; - } - ]; - }; - }; - - system.stateVersion = "21.05"; - } - ) - - ]; - }; - - nixosConfigurations.rpi3 = nixpkgs.lib.nixosSystem { - system = "aarch64-linux"; - modules = - [ - ( - { pkgs, ... }: { - networking.hostName = "rpi3"; - - nix.registry.nixpkgs.flake = nixpkgs; - - boot.loader.grub.enable = false; - boot.loader.generic-extlinux-compatible.enable = true; - boot.kernelParams = [ "cma=256M" ]; - - fileSystems."/" = - { - device = "/dev/disk/by-label/NIXOS_SD"; - fsType = "ext4"; - }; - - swapDevices = [{ device = "/swapfile"; size = 1024; }]; - - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keyFiles = [ - ./ssh_keys/phfroidmont-desktop.pub - ./ssh_keys/phfroidmont-laptop.pub - ]; - - services.adguardhome = { - enable = true; - - host = "0.0.0.0"; - port = 80; - openFirewall = true; - - mutableSettings = false; - - settings = { - auth_attempts = 5; - block_auth_min = 15; - dns = { - bind_host = "0.0.0.0"; - port = 53; - statistics_interval = 90; - querylog_enabled = true; - querylog_interval = "2160h"; - upstream_dns = [ - "tls://doh.mullvad.net" - "[/lan/]192.168.1.1" - "[//]192.168.1.1" - ]; - local_ptr_upstreams = [ "192.168.1.1" ]; - use_private_ptr_resolvers = true; - resolve_clients = true; - bootstrap_dns = [ "9.9.9.10" ]; - rewrites = [ - { - domain = "rpi3"; - answer = "192.168.1.2"; - } - { - domain = "rpi3.lan"; - answer = "192.168.1.2"; - } - ]; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ 53 ]; - networking.firewall.allowedUDPPorts = [ 53 ]; - - environment.systemPackages = with pkgs; [ - vim - htop - ]; - - nix = { - nixPath = [ - "nixpkgs=${nixpkgs}" - ]; - }; - - system.stateVersion = "22.05"; - } - ) - ]; - }; }; } diff --git a/hosts/froidmpa-laptop/default.nix b/hosts/froidmpa-laptop/default.nix new file mode 100644 index 0000000..172618b --- /dev/null +++ b/hosts/froidmpa-laptop/default.nix @@ -0,0 +1,32 @@ +{ pkgs, config, lib, ... }: +{ + imports = [ + ./hardware-configuration.nix + ../../profiles/base.nix + ../../users + ]; + + home-manager.users.froidmpa = { pkgs, config, ... }: { + services.network-manager-applet.enable = true; + services.blueman-applet.enable = true; + services.grobi = { + enable = true; + executeAfter = [ "${pkgs.systemd}/bin/systemctl --user restart stalonetray" "${pkgs.feh}/bin/feh --bg-fill ~/.wallpaper.png" ]; + rules = [ + { + name = "External HDMI"; + outputs_connected = [ "HDMI-1" ]; + configure_single = "HDMI-1"; + primary = true; + atomic = true; + } + { + name = "Primary"; + configure_single = "eDP"; + } + ]; + }; + }; + + system.stateVersion = "21.05"; +} diff --git a/hardware/clevo-nl51ru.nix b/hosts/froidmpa-laptop/hardware-configuration.nix similarity index 100% rename from hardware/clevo-nl51ru.nix rename to hosts/froidmpa-laptop/hardware-configuration.nix diff --git a/hosts/nixos-desktop/default.nix b/hosts/nixos-desktop/default.nix new file mode 100644 index 0000000..9ff9d94 --- /dev/null +++ b/hosts/nixos-desktop/default.nix @@ -0,0 +1,13 @@ +{ pkgs, config, lib, ... }: +{ + imports = [ + ./hardware-configuration.nix + ../../profiles/base.nix + ../../users + ]; + + # Allow to externally control MPD + networking.firewall.allowedTCPPorts = [ 6600 ]; + + system.stateVersion = "19.09"; +} diff --git a/hardware/desktop.nix b/hosts/nixos-desktop/hardware-configuration.nix similarity index 100% rename from hardware/desktop.nix rename to hosts/nixos-desktop/hardware-configuration.nix diff --git a/hosts/rpi3/default.nix b/hosts/rpi3/default.nix new file mode 100644 index 0000000..2a66608 --- /dev/null +++ b/hosts/rpi3/default.nix @@ -0,0 +1,71 @@ +{ pkgs, config, lib, ... }: +{ + + boot.loader.grub.enable = false; + boot.loader.generic-extlinux-compatible.enable = true; + boot.kernelParams = [ "cma=256M" ]; + + fileSystems."/" = + { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + + swapDevices = [{ device = "/swapfile"; size = 1024; }]; + + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keyFiles = [ + ../../ssh_keys/phfroidmont-desktop.pub + ../../ssh_keys/phfroidmont-laptop.pub + ]; + + services.adguardhome = { + enable = true; + + host = "0.0.0.0"; + port = 80; + openFirewall = true; + + mutableSettings = false; + + settings = { + auth_attempts = 5; + block_auth_min = 15; + dns = { + bind_host = "0.0.0.0"; + port = 53; + statistics_interval = 90; + querylog_enabled = true; + querylog_interval = "2160h"; + upstream_dns = [ + "tls://doh.mullvad.net" + "[/lan/]192.168.1.1" + "[//]192.168.1.1" + ]; + local_ptr_upstreams = [ "192.168.1.1" ]; + use_private_ptr_resolvers = true; + resolve_clients = true; + bootstrap_dns = [ "9.9.9.10" ]; + rewrites = [ + { + domain = "rpi3"; + answer = "192.168.1.2"; + } + { + domain = "rpi3.lan"; + answer = "192.168.1.2"; + } + ]; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 53 ]; + networking.firewall.allowedUDPPorts = [ 53 ]; + + environment.systemPackages = with pkgs; [ + htop + ]; + + system.stateVersion = "22.05"; +} diff --git a/lib/attrs.nix b/lib/attrs.nix new file mode 100644 index 0000000..0f8ebd1 --- /dev/null +++ b/lib/attrs.nix @@ -0,0 +1,26 @@ +{ lib, ... }: + +with builtins; +with lib; +rec { + # attrsToList + attrsToList = attrs: + mapAttrsToList (name: value: { inherit name value; }) attrs; + + # mapFilterAttrs :: + # (name -> value -> bool) + # (name -> value -> { name = any; value = any; }) + # attrs + mapFilterAttrs = pred: f: attrs: filterAttrs pred (mapAttrs' f attrs); + + # Generate an attribute set by mapping a function over a list of values. + genAttrs' = values: f: listToAttrs (map f values); + + # anyAttrs :: (name -> value -> bool) attrs + anyAttrs = pred: attrs: + any (attr: pred attr.name attr.value) (attrsToList attrs); + + # countAttrs :: (name -> value -> bool) attrs + countAttrs = pred: attrs: + count (attr: pred attr.name attr.value) (attrsToList attrs); +} diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..a275c09 --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,18 @@ +{ inputs, lib, pkgs, ... }: + +let + inherit (lib) makeExtensible attrValues foldr; + inherit (modules) mapModules; + + modules = import ./modules.nix { + inherit lib; + self.attrs = import ./attrs.nix { inherit lib; self = { }; }; + }; + + mylib = makeExtensible (self: + with self; mapModules ./. + (file: import file { inherit self lib pkgs inputs; })); +in +mylib.extend + (self: super: + foldr (a: b: a // b) { } (attrValues super)) diff --git a/lib/modules.nix b/lib/modules.nix new file mode 100644 index 0000000..ef7c289 --- /dev/null +++ b/lib/modules.nix @@ -0,0 +1,54 @@ +{ self, lib, ... }: + +let + inherit (builtins) attrValues readDir pathExists concatLists; + inherit (lib) id mapAttrsToList filterAttrs hasPrefix hasSuffix nameValuePair removeSuffix; + inherit (self.attrs) mapFilterAttrs; +in +rec { + mapModules = dir: fn: + mapFilterAttrs + (n: v: + v != null && + !(hasPrefix "_" n)) + (n: v: + let path = "${toString dir}/${n}"; in + if v == "directory" && pathExists "${path}/default.nix" + then nameValuePair n (fn path) + else if v == "regular" && + n != "default.nix" && + hasSuffix ".nix" n + then nameValuePair (removeSuffix ".nix" n) (fn path) + else nameValuePair "" null) + (readDir dir); + + mapModules' = dir: fn: + attrValues (mapModules dir fn); + + mapModulesRec = dir: fn: + mapFilterAttrs + (n: v: + v != null && + !(hasPrefix "_" n)) + (n: v: + let path = "${toString dir}/${n}"; in + if v == "directory" + then nameValuePair n (mapModulesRec path fn) + else if v == "regular" && n != "default.nix" && hasSuffix ".nix" n + then nameValuePair (removeSuffix ".nix" n) (fn path) + else nameValuePair "" null) + (readDir dir); + + mapModulesRec' = dir: fn: + let + dirs = + mapAttrsToList + (k: _: "${dir}/${k}") + (filterAttrs + (n: v: v == "directory" && !(hasPrefix "_" n)) + (readDir dir)); + files = attrValues (mapModules dir id); + paths = files ++ concatLists (map (d: mapModulesRec' d id) dirs); + in + map fn paths; +} diff --git a/lib/nixos.nix b/lib/nixos.nix new file mode 100644 index 0000000..e904ecd --- /dev/null +++ b/lib/nixos.nix @@ -0,0 +1,26 @@ +{ inputs, lib, pkgs, ... }: + +with lib; +with lib.my; +let sys = "x86_64-linux"; +in { + mkHost = path: attrs @ { system ? sys, ... }: + nixosSystem { + inherit system; + specialArgs = { inherit lib inputs system; }; + modules = [ + { + nixpkgs.pkgs = pkgs; + nix.registry.nixpkgs.flake = inputs.nixpkgs; + networking.hostName = mkDefault (removeSuffix ".nix" (baseNameOf path)); + } + (filterAttrs (n: v: !elem n [ "system" ]) attrs) + ../common.nix + (import path) + ]; + }; + + mapHosts = dir: attrs @ { system ? system, ... }: + mapModules dir + (hostPath: mkHost hostPath attrs); +} diff --git a/modules/belgian-eid.nix b/modules/belgian-eid.nix index 17fa5fa..9a138e9 100644 --- a/modules/belgian-eid.nix +++ b/modules/belgian-eid.nix @@ -1,7 +1,7 @@ -{ config, lib, pkgs, pkgs-unstable, ... }: +{ config, lib, pkgs, ... }: { services.pcscd.enable = true; - environment.systemPackages = with pkgs-unstable; [ + environment.systemPackages = with pkgs.unstable; [ eid-mw ]; } diff --git a/modules/system.nix b/modules/system.nix index 2da2aaf..443ab83 100644 --- a/modules/system.nix +++ b/modules/system.nix @@ -1,42 +1,11 @@ -{ config, lib, pkgs, nixpkgs, pkgs-unstable, nixpkgs-unstable, ... }: +{ config, lib, pkgs, nixpkgs, ... }: { - nix = { - package = pkgs.nixUnstable; - settings = { - extra-sandbox-paths = [ - "/var/keys/netrc" - ]; - substituters = [ - "http://cache.banditlair.com" - "https://cache.nixos.org/" - ]; - trusted-public-keys = [ - "cache.banditlair.com:4zk7iDvzKh6VN+LxzKIGcVPKgL5dLeyEt2ydrgx4o8c=" - ]; - }; - - extraOptions = '' - experimental-features = nix-command flakes - ''; - nixPath = [ - "nixpkgs=${nixpkgs-unstable}" - ]; - }; - - environment.systemPackages = with pkgs-unstable; [ + environment.systemPackages = with pkgs.unstable; [ wget inetutils - openvpn - openfortivpn - man - dos2unix - - vim - git - git-lfs zip unzip @@ -52,7 +21,7 @@ dnsutils ]; fonts = { - fonts = with pkgs-unstable; [ + fonts = with pkgs.unstable; [ corefonts # Microsoft free fonts meslo-lgs-nf ]; diff --git a/users/default.nix b/users/default.nix index d118019..12bc9ec 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,8 +1,8 @@ -{ config, lib, pkgs, pkgs-unstable, nix-doom-emacs, ... }: +{ inputs, config, lib, pkgs, ... }: { environment.pathsToLink = [ "/share/zsh" ]; - home-manager.users.froidmpa = { pkgs, config, ... }: { + home-manager.users.froidmpa = { config, ... }: { imports = [ ./froidmpa/alacritty.nix @@ -12,7 +12,7 @@ ./froidmpa/htop.nix ./froidmpa/zsh.nix ./froidmpa/vscode.nix - nix-doom-emacs.hmModule + inputs.nix-doom-emacs.hmModule ]; xsession = { @@ -255,7 +255,7 @@ }; }; - packages = with pkgs-unstable; [ + packages = with pkgs.unstable; [ haskellPackages.xmobar i3lock ncmpcpp @@ -317,7 +317,7 @@ systemd.user.services.activitywatch = { Unit.Description = "Start ActivityWatch"; Service.Type = "simple"; - Service.ExecStart = "${pkgs-unstable.activitywatch-bin}/bin/aw-server"; + Service.ExecStart = "${pkgs.unstable.activitywatch-bin}/bin/aw-server"; Install.WantedBy = [ "default.target" ]; Service.Restart = "on-failure"; Service.RestartSec = 5; @@ -325,7 +325,7 @@ systemd.user.services.activitywatch-afk = { Unit.Description = "Start ActivityWatch AFK"; Service.Type = "simple"; - Service.ExecStart = "${pkgs-unstable.activitywatch-bin}/bin/aw-watcher-afk"; + Service.ExecStart = "${pkgs.unstable.activitywatch-bin}/bin/aw-watcher-afk"; Install.WantedBy = [ "default.target" ]; Service.Restart = "on-failure"; Service.RestartSec = 5; @@ -333,7 +333,7 @@ systemd.user.services.activitywatch-window = { Unit.Description = "Start ActivityWatch Window"; Service.Type = "simple"; - Service.ExecStart = "${pkgs-unstable.activitywatch-bin}/bin/aw-watcher-window"; + Service.ExecStart = "${pkgs.unstable.activitywatch-bin}/bin/aw-watcher-window"; Install.WantedBy = [ "default.target" ]; Service.Restart = "on-failure"; Service.RestartSec = 5;