From 0ddf01baef4494b08e088bd71953bb704bee8eed Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 19 May 2024 12:29:29 -0400 Subject: [PATCH] migrate constructSystem to lib/ migrates the bulk of constructSystem to lib/ and splits out the largest chunks into individual functions (namely SOPS, home-manager, and user creation); Signed-off-by: ahuston-0 --- flake.lock | 6 +- flake.nix | 230 +++++++++++++++++++----------------------------- lib/default.nix | 2 + lib/systems.nix | 88 ++++++++++++++++++ 4 files changed, 184 insertions(+), 142 deletions(-) create mode 100644 lib/systems.nix diff --git a/flake.lock b/flake.lock index 7d607c5..2762fb7 100644 --- a/flake.lock +++ b/flake.lock @@ -10,7 +10,9 @@ "nixpkgs": [ "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": [ + "nixpkgs-stable" + ] }, "locked": { "lastModified": 1711742460, @@ -458,7 +460,7 @@ "nixos-hardware": "nixos-hardware", "nixos-modules": "nixos-modules", "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable_2", + "nixpkgs-stable": "nixpkgs-stable", "rust-overlay": "rust-overlay", "sops-nix": "sops-nix", "systems": "systems", diff --git a/flake.nix b/flake.nix index 4c0a4d0..30e05c9 100644 --- a/flake.nix +++ b/flake.nix @@ -23,93 +23,96 @@ trusted-users = [ "root" ]; }; - inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; - nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-23.11"; - systems.url = "github:nix-systems/default"; - nix-index-database = { - url = "github:Mic92/nix-index-database"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + inputs = - nix = { - url = "github:NixOS/nix/latest-release"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; + nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-23.11"; + systems.url = "github:nix-systems/default"; + nix-index-database = { + url = "github:Mic92/nix-index-database"; + inputs.nixpkgs.follows = "nixpkgs"; + }; - flake-utils = { - url = "github:numtide/flake-utils"; - inputs.systems.follows = "systems"; - }; + nix = { + url = "github:NixOS/nix/latest-release"; + inputs.nixpkgs.follows = "nixpkgs"; + }; - fenix = { - url = "github:nix-community/fenix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + flake-utils = { + url = "github:numtide/flake-utils"; + inputs.systems.follows = "systems"; + }; - nixos-modules = { - url = "github:SuperSandro2000/nixos-modules"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-utils.follows = "flake-utils"; + fenix = { + url = "github:nix-community/fenix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + nixos-modules = { + url = "github:SuperSandro2000/nixos-modules"; + inputs = { + nixpkgs.follows = "nixpkgs"; + flake-utils.follows = "flake-utils"; + }; + }; + + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs = { + nixpkgs.follows = "nixpkgs"; + nixpkgs-stable.follows = "nixpkgs-stable"; + }; + }; + + nix-pre-commit = { + url = "github:jmgilman/nix-pre-commit"; + inputs = { + nixpkgs.follows = "nixpkgs"; + flake-utils.follows = "flake-utils"; + }; + }; + + wired-notify = { + url = "github:Toqozz/wired-notify"; + inputs = { + nixpkgs.follows = "nixpkgs"; + rust-overlay.follows = "rust-overlay"; + }; + }; + + rust-overlay = { + url = "github:oxalica/rust-overlay"; + inputs = { + flake-utils.follows = "flake-utils"; + nixpkgs.follows = "nixpkgs"; + }; + }; + + nixos-hardware = { + url = "github:NixOS/nixos-hardware"; + }; + + attic = { + url = "github:zhaofengli/attic"; + inputs = { + nixpkgs.follows = "nixpkgs"; + nixpkgs-stable.follows = "nixpkgs-stable"; + flake-utils.follows = "flake-utils"; + }; + }; + + hyprland-contrib = { + url = "github:hyprwm/contrib"; + inputs.nixpkgs.follows = "nixpkgs"; }; }; - home-manager = { - url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - sops-nix = { - url = "github:Mic92/sops-nix"; - inputs = { - nixpkgs.follows = "nixpkgs"; - nixpkgs-stable.follows = "nixpkgs-stable"; - }; - }; - - nix-pre-commit = { - url = "github:jmgilman/nix-pre-commit"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-utils.follows = "flake-utils"; - }; - }; - - wired-notify = { - url = "github:Toqozz/wired-notify"; - inputs = { - nixpkgs.follows = "nixpkgs"; - rust-overlay.follows = "rust-overlay"; - }; - }; - - rust-overlay = { - url = "github:oxalica/rust-overlay"; - inputs = { - flake-utils.follows = "flake-utils"; - nixpkgs.follows = "nixpkgs"; - }; - }; - - nixos-hardware = { - url = "github:NixOS/nixos-hardware"; - }; - - attic = { - url = "github:zhaofengli/attic"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-utils.follows = "flake-utils"; - }; - }; - - hyprland-contrib = { - url = "github:hyprwm/contrib"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - }; - outputs = { self, @@ -138,7 +141,11 @@ # # used for module imports and system search src = builtins.filterSource ( - path: type: type == "directory" || lib.hasSuffix ".nix" (baseNameOf path) + path: type: + type == "directory" + || lib.hasSuffix ".nix" + || lib.hasSuffix ".yaml" + || lib.hasSuffix ".yml" (baseNameOf path) ) ./.; config = { @@ -175,71 +182,14 @@ nixosConfigurations = let - constructSystem = - { - hostname, - users, - home ? true, - iso ? [ ], - modules ? [ ], - server ? true, - sops ? true, - system ? "x86_64-linux", - }: - lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = inputs; - modules = - [ - nixos-modules.nixosModule - sops-nix.nixosModules.sops - { config.networking.hostName = "${hostname}"; } - ./systems/${hostname}/hardware.nix - ./systems/${hostname}/configuration.nix - ] - ++ (lib.rad-dev.fileList src "modules") - ++ modules - ++ lib.optional home home-manager.nixosModules.home-manager - ++ ( - if home then - (map (user: { home-manager.users.${user} = import ./users/${user}/home.nix; }) users) - else - [ ] - ) - ++ lib.optional (system != "x86_64-linux") { - config.nixpkgs = { - config.allowUnsupportedSystem = true; - buildPlatform = "x86_64-linux"; - }; - } - ++ map ( - user: - { - config, - lib, - pkgs, - ... - }@args: - { - users.users.${user} = import ./users/${user} (args // { name = "${user}"; }); - boot.initrd.network.ssh.authorizedKeys = - lib.mkIf server - config.users.users.${user}.openssh.authorizedKeys.keys; - sops = lib.mkIf sops { - secrets."${user}/user-password" = { - sopsFile = ./users/${user}/secrets.yaml; - neededForUsers = true; - }; - }; - } - ) users; - }; + constructSystem = lib.rad-dev.systems.constructSystem; in (builtins.listToAttrs ( map (system: { name = system; value = constructSystem ( { + inherit inputs src; hostname = system; } // builtins.removeAttrs (import ./systems/${system} { inherit inputs; }) [ diff --git a/lib/default.nix b/lib/default.nix index 62d5158..484fb03 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -2,6 +2,8 @@ { # create rad-dev namespace for lib rad-dev = rec { + systems = import ./systems.nix { inherit lib; }; + # any(), but checks if any value in the list is true # # args: diff --git a/lib/systems.nix b/lib/systems.nix new file mode 100644 index 0000000..de73c11 --- /dev/null +++ b/lib/systems.nix @@ -0,0 +1,88 @@ +{ lib, ... }: + +rec { + genHostName = hostname: { config.networking.hostName = hostname; }; + + genHome = + { + inputs, + users, + src, + ... + }: + [ inputs.home-manager.nixosModules.home-manager ] + ++ (map (user: { home-manager.users.${user} = import (src + "/users/${user}/home.nix"); }) users); + + genSops = + { + inputs, + users, + src, + ... + }: + [ inputs.sops-nix.nixosModules.sops ] + ++ (map (user: { + sops.secrets."${user}/user-password" = { + sopsFile = src + "/users/${user}/secrets.yaml"; + neededForUsers = true; + }; + }) users); + + genUsers = + { users, src, ... }: + (map ( + user: + { + config, + lib, + pkgs, + ... + }@args: + { + users.users.${user} = import (src + "/users/${user}") (args // { name = user; }); + } + ) users); + + genWrapper = + var: func: args: + lib.optionals var (func args); + + nonX86 = { + config.nixpkgs = { + config.allowUnsupportedSystem = true; + buildPlatform = "x86_64-linux"; + }; + }; + + constructSystem = + { + hostname, + users, + inputs, + src, + home ? true, + iso ? [ ], + modules ? [ ], + server ? true, + sops ? true, + system ? "x86_64-linux", + + }@args: + + lib.nixosSystem { + inherit system; + specialArgs = inputs; + modules = + [ + inputs.nixos-modules.nixosModule + (genHostName hostname) + (src + "/systems/${hostname}/hardware.nix") + (src + "/systems/${hostname}/configuration.nix") + ] + ++ modules + ++ (lib.rad-dev.fileList src "modules") + ++ genWrapper sops genSops args + ++ genWrapper home genHome args + ++ genWrapper true genUsers args; + }; +}