ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

migrate constructSystem to lib/

Browse Source 
migrates the bulk of constructSystem to lib/ and splits out the largest
chunks into individual functions (namely SOPS, home-manager, and user creation);

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
This commit is contained in:
ahuston-0 2024-05-19 12:29:29 -04:00 committed by Alice Huston
parent 20abca4a8b
commit 0ddf01baef
4 changed files with 184 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
flake.lock generated
View File

@ -10,7 +10,9 @@
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
"nixpkgs-stable": [
"nixpkgs-stable"
]
},
"locked": {
"lastModified": 1711742460,
@ -458,7 +460,7 @@
"nixos-hardware": "nixos-hardware",
"nixos-modules": "nixos-modules",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable_2",
"nixpkgs-stable": "nixpkgs-stable",
"rust-overlay": "rust-overlay",
"sops-nix": "sops-nix",
"systems": "systems",

230
flake.nix
View File

@ -23,93 +23,96 @@
trusted-users = [ "root" ];
};
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-23.11";
systems.url = "github:nix-systems/default";
nix-index-database = {
url = "github:Mic92/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
inputs =
nix = {
url = "github:NixOS/nix/latest-release";
inputs.nixpkgs.follows = "nixpkgs";
};
{
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-23.11";
systems.url = "github:nix-systems/default";
nix-index-database = {
url = "github:Mic92/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
flake-utils = {
url = "github:numtide/flake-utils";
inputs.systems.follows = "systems";
};
nix = {
url = "github:NixOS/nix/latest-release";
inputs.nixpkgs.follows = "nixpkgs";
};
fenix = {
url = "github:nix-community/fenix";
inputs.nixpkgs.follows = "nixpkgs";
};
flake-utils = {
url = "github:numtide/flake-utils";
inputs.systems.follows = "systems";
};
nixos-modules = {
url = "github:SuperSandro2000/nixos-modules";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
fenix = {
url = "github:nix-community/fenix";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-modules = {
url = "github:SuperSandro2000/nixos-modules";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
};
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs = {
nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs-stable";
};
};
nix-pre-commit = {
url = "github:jmgilman/nix-pre-commit";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
};
};
wired-notify = {
url = "github:Toqozz/wired-notify";
inputs = {
nixpkgs.follows = "nixpkgs";
rust-overlay.follows = "rust-overlay";
};
};
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs = {
flake-utils.follows = "flake-utils";
nixpkgs.follows = "nixpkgs";
};
};
nixos-hardware = {
url = "github:NixOS/nixos-hardware";
};
attic = {
url = "github:zhaofengli/attic";
inputs = {
nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs-stable";
flake-utils.follows = "flake-utils";
};
};
hyprland-contrib = {
url = "github:hyprwm/contrib";
inputs.nixpkgs.follows = "nixpkgs";
};
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs = {
nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs-stable";
};
};
nix-pre-commit = {
url = "github:jmgilman/nix-pre-commit";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
};
};
wired-notify = {
url = "github:Toqozz/wired-notify";
inputs = {
nixpkgs.follows = "nixpkgs";
rust-overlay.follows = "rust-overlay";
};
};
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs = {
flake-utils.follows = "flake-utils";
nixpkgs.follows = "nixpkgs";
};
};
nixos-hardware = {
url = "github:NixOS/nixos-hardware";
};
attic = {
url = "github:zhaofengli/attic";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
};
};
hyprland-contrib = {
url = "github:hyprwm/contrib";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{
self,
@ -138,7 +141,11 @@
#
# used for module imports and system search
src = builtins.filterSource (
path: type: type == "directory" || lib.hasSuffix ".nix" (baseNameOf path)
path: type:
type == "directory"
|| lib.hasSuffix ".nix"
|| lib.hasSuffix ".yaml"
|| lib.hasSuffix ".yml" (baseNameOf path)
) ./.;
config = {
@ -175,71 +182,14 @@
nixosConfigurations =
let
constructSystem =
{
hostname,
users,
home ? true,
iso ? [ ],
modules ? [ ],
server ? true,
sops ? true,
system ? "x86_64-linux",
}:
lib.nixosSystem {
system = "x86_64-linux";
specialArgs = inputs;
modules =
[
nixos-modules.nixosModule
sops-nix.nixosModules.sops
{ config.networking.hostName = "${hostname}"; }
./systems/${hostname}/hardware.nix
./systems/${hostname}/configuration.nix
]
++ (lib.rad-dev.fileList src "modules")
++ modules
++ lib.optional home home-manager.nixosModules.home-manager
++ (
if home then
(map (user: { home-manager.users.${user} = import ./users/${user}/home.nix; }) users)
else
[ ]
)
++ lib.optional (system != "x86_64-linux") {
config.nixpkgs = {
config.allowUnsupportedSystem = true;
buildPlatform = "x86_64-linux";
};
}
++ map (
user:
{
config,
lib,
pkgs,
...
}@args:
{
users.users.${user} = import ./users/${user} (args // { name = "${user}"; });
boot.initrd.network.ssh.authorizedKeys =
lib.mkIf server
config.users.users.${user}.openssh.authorizedKeys.keys;
sops = lib.mkIf sops {
secrets."${user}/user-password" = {
sopsFile = ./users/${user}/secrets.yaml;
neededForUsers = true;
};
};
}
) users;
};
constructSystem = lib.rad-dev.systems.constructSystem;
in
(builtins.listToAttrs (
map (system: {
name = system;
value = constructSystem (
{
inherit inputs src;
hostname = system;
}
// builtins.removeAttrs (import ./systems/${system} { inherit inputs; }) [

2
lib/default.nix
View File

@ -2,6 +2,8 @@
{
# create rad-dev namespace for lib
rad-dev = rec {
systems = import ./systems.nix { inherit lib; };
# any(), but checks if any value in the list is true
#
# args:

88
lib/systems.nix Normal file
View File

@ -0,0 +1,88 @@
{ lib, ... }:
rec {
genHostName = hostname: { config.networking.hostName = hostname; };
genHome =
{
inputs,
users,
src,
...
}:
[ inputs.home-manager.nixosModules.home-manager ]
++ (map (user: { home-manager.users.${user} = import (src + "/users/${user}/home.nix"); }) users);
genSops =
{
inputs,
users,
src,
...
}:
[ inputs.sops-nix.nixosModules.sops ]
++ (map (user: {
sops.secrets."${user}/user-password" = {
sopsFile = src + "/users/${user}/secrets.yaml";
neededForUsers = true;
};
}) users);
genUsers =
{ users, src, ... }:
(map (
user:
{
config,
lib,
pkgs,
...
}@args:
{
users.users.${user} = import (src + "/users/${user}") (args // { name = user; });
}
) users);
genWrapper =
var: func: args:
lib.optionals var (func args);
nonX86 = {
config.nixpkgs = {
config.allowUnsupportedSystem = true;
buildPlatform = "x86_64-linux";
};
};
constructSystem =
{
hostname,
users,
inputs,
src,
home ? true,
iso ? [ ],
modules ? [ ],
server ? true,
sops ? true,
system ? "x86_64-linux",
}@args:
lib.nixosSystem {
inherit system;
specialArgs = inputs;
modules =
[
inputs.nixos-modules.nixosModule
(genHostName hostname)
(src + "/systems/${hostname}/hardware.nix")
(src + "/systems/${hostname}/configuration.nix")
]
++ modules
++ (lib.rad-dev.fileList src "modules")
++ genWrapper sops genSops args
++ genWrapper home genHome args
++ genWrapper true genUsers args;
};
}