ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

migrate constructSystem to lib/

Browse Source 
migrates the bulk of constructSystem to lib/ and splits out the largest
chunks into individual functions (namely SOPS, home-manager, and user creation);

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
This commit is contained in:
ahuston-0 2024-05-19 12:29:29 -04:00 committed by Alice Huston
parent 20abca4a8b
commit 0ddf01baef
4 changed files with 184 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
flake.lock generated
View File

@ -10,7 +10,9 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": [
"nixpkgs-stable"
]
}, },
"locked": { "locked": {
"lastModified": 1711742460, "lastModified": 1711742460,
@ -458,7 +460,7 @@
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixos-modules": "nixos-modules", "nixos-modules": "nixos-modules",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable_2", "nixpkgs-stable": "nixpkgs-stable",
"rust-overlay": "rust-overlay", "rust-overlay": "rust-overlay",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"systems": "systems", "systems": "systems",

72
flake.nix
View File

@ -23,7 +23,9 @@
trusted-users = [ "root" ]; trusted-users = [ "root" ];
}; };
inputs = { inputs =
{
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-23.11";
systems.url = "github:nix-systems/default"; systems.url = "github:nix-systems/default";
@ -100,6 +102,7 @@
url = "github:zhaofengli/attic"; url = "github:zhaofengli/attic";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs-stable";
flake-utils.follows = "flake-utils"; flake-utils.follows = "flake-utils";
}; };
}; };
@ -138,7 +141,11 @@
# #
# used for module imports and system search # used for module imports and system search
src = builtins.filterSource ( src = builtins.filterSource (
path: type: type == "directory" || lib.hasSuffix ".nix" (baseNameOf path) path: type:
type == "directory"
|| lib.hasSuffix ".nix"
|| lib.hasSuffix ".yaml"
|| lib.hasSuffix ".yml" (baseNameOf path)
) ./.; ) ./.;
config = { config = {
@ -175,71 +182,14 @@
nixosConfigurations = nixosConfigurations =
let let
constructSystem = constructSystem = lib.rad-dev.systems.constructSystem;
{
hostname,
users,
home ? true,
iso ? [ ],
modules ? [ ],
server ? true,
sops ? true,
system ? "x86_64-linux",
}:
lib.nixosSystem {
system = "x86_64-linux";
specialArgs = inputs;
modules =
[
nixos-modules.nixosModule
sops-nix.nixosModules.sops
{ config.networking.hostName = "${hostname}"; }
./systems/${hostname}/hardware.nix
./systems/${hostname}/configuration.nix
]
++ (lib.rad-dev.fileList src "modules")
++ modules
++ lib.optional home home-manager.nixosModules.home-manager
++ (
if home then
(map (user: { home-manager.users.${user} = import ./users/${user}/home.nix; }) users)
else
[ ]
)
++ lib.optional (system != "x86_64-linux") {
config.nixpkgs = {
config.allowUnsupportedSystem = true;
buildPlatform = "x86_64-linux";
};
}
++ map (
user:
{
config,
lib,
pkgs,
...
}@args:
{
users.users.${user} = import ./users/${user} (args // { name = "${user}"; });
boot.initrd.network.ssh.authorizedKeys =
lib.mkIf server
config.users.users.${user}.openssh.authorizedKeys.keys;
sops = lib.mkIf sops {
secrets."${user}/user-password" = {
sopsFile = ./users/${user}/secrets.yaml;
neededForUsers = true;
};
};
}
) users;
};
in in
(builtins.listToAttrs ( (builtins.listToAttrs (
map (system: { map (system: {
name = system; name = system;
value = constructSystem ( value = constructSystem (
{ {
inherit inputs src;
hostname = system; hostname = system;
} }
// builtins.removeAttrs (import ./systems/${system} { inherit inputs; }) [ // builtins.removeAttrs (import ./systems/${system} { inherit inputs; }) [

2
lib/default.nix
View File

@ -2,6 +2,8 @@
{ {
# create rad-dev namespace for lib # create rad-dev namespace for lib
rad-dev = rec { rad-dev = rec {
systems = import ./systems.nix { inherit lib; };
# any(), but checks if any value in the list is true # any(), but checks if any value in the list is true
# #
# args: # args:

88
lib/systems.nix Normal file
View File

@ -0,0 +1,88 @@
{ lib, ... }:
rec {
genHostName = hostname: { config.networking.hostName = hostname; };
genHome =
{
inputs,
users,
src,
...
}:
[ inputs.home-manager.nixosModules.home-manager ]
++ (map (user: { home-manager.users.${user} = import (src + "/users/${user}/home.nix"); }) users);
genSops =
{
inputs,
users,
src,
...
}:
[ inputs.sops-nix.nixosModules.sops ]
++ (map (user: {
sops.secrets."${user}/user-password" = {
sopsFile = src + "/users/${user}/secrets.yaml";
neededForUsers = true;
};
}) users);
genUsers =
{ users, src, ... }:
(map (
user:
{
config,
lib,
pkgs,
...
}@args:
{
users.users.${user} = import (src + "/users/${user}") (args // { name = user; });
}
) users);
genWrapper =
var: func: args:
lib.optionals var (func args);
nonX86 = {
config.nixpkgs = {
config.allowUnsupportedSystem = true;
buildPlatform = "x86_64-linux";
};
};
constructSystem =
{
hostname,
users,
inputs,
src,
home ? true,
iso ? [ ],
modules ? [ ],
server ? true,
sops ? true,
system ? "x86_64-linux",
}@args:
lib.nixosSystem {
inherit system;
specialArgs = inputs;
modules =
[
inputs.nixos-modules.nixosModule
(genHostName hostname)
(src + "/systems/${hostname}/hardware.nix")
(src + "/systems/${hostname}/configuration.nix")
]
++ modules
++ (lib.rad-dev.fileList src "modules")
++ genWrapper sops genSops args
++ genWrapper home genHome args
++ genWrapper true genUsers args;
};
}