2019-12-03 06:18:30 +01:00
|
|
|
# Introduction
|
2020-01-05 11:43:28 +01:00
|
|
|
A NixOS configuration template using the experimental [flakes][rfc] mechanism.
|
|
|
|
Its aim is to provide a generic repository which neatly separates concerns
|
|
|
|
and allows one to get up and running with NixOS faster than ever.
|
2020-01-04 04:23:13 +01:00
|
|
|
|
2020-01-04 04:37:07 +01:00
|
|
|
Flakes are still an experimental feature, but once they finally get merged
|
2020-01-05 11:43:28 +01:00
|
|
|
even more will become possible, i.e. [nixops](https://nixos.org/nixops)
|
2020-01-04 04:23:13 +01:00
|
|
|
support.
|
2019-12-05 09:36:15 +01:00
|
|
|
|
|
|
|
#### [Flake Talk][video]
|
|
|
|
|
2020-01-02 07:17:50 +01:00
|
|
|
# Usage
|
2020-01-04 01:47:17 +01:00
|
|
|
|
2020-01-05 11:43:28 +01:00
|
|
|
```sh
|
|
|
|
# not needed if using direnv
|
|
|
|
nix-shell
|
2020-01-04 01:47:17 +01:00
|
|
|
|
2020-01-05 11:43:28 +01:00
|
|
|
git checkout -b $new_branch template
|
2020-01-04 01:47:17 +01:00
|
|
|
|
2020-01-05 11:43:28 +01:00
|
|
|
# generate hardware config
|
|
|
|
nixos-generate-config --show-hardware-config > ./hosts/${new_host}.nix
|
2020-01-04 01:47:17 +01:00
|
|
|
|
2020-01-07 21:57:55 +01:00
|
|
|
# Edit the new file, removing `not-detected.nix` from the imports.
|
2020-01-07 21:04:32 +01:00
|
|
|
# In order to maintain purity flakes cannot resolve from the NIX_PATH.
|
|
|
|
# You may also want to import ./hosts/NixOS.nix from here which sets up
|
|
|
|
# an efi bootloader, enables Network Manager and sets an empty root password.
|
|
|
|
# Otherwise you'll need to set the bootloader, network and password yourself.
|
|
|
|
|
|
|
|
# Also ensure your file systems are set the way you want. And import
|
|
|
|
# any ./profiles you may wish to try out.
|
|
|
|
$EDITOR ./hosts/${new_host}.nix
|
|
|
|
|
|
|
|
|
|
|
|
# backup existing config and ensure configuration lives in expected location
|
|
|
|
mv /etc/nixos /etc/nixos.old
|
2020-01-06 08:01:00 +01:00
|
|
|
ln -s $PWD /etc/nixos
|
2020-01-04 01:47:17 +01:00
|
|
|
|
2020-01-07 00:57:35 +01:00
|
|
|
# a flake is vcs based, so only git aware files are bundled
|
|
|
|
# adding a new file to staging is enough
|
|
|
|
git add ./hosts/${new_host}.nix
|
|
|
|
|
2020-01-06 02:26:09 +01:00
|
|
|
# `rebuild` wrapper for `nix build` bypassing `nixos-rebuild`
|
|
|
|
# Usage: rebuild [host] {switch|boot|test|dry-activate}
|
2019-12-05 09:36:15 +01:00
|
|
|
|
2020-01-05 11:43:28 +01:00
|
|
|
# You can specify any of the host configurations living in the ./hosts
|
|
|
|
# directory. If omitted, it will default to your systems current hostname.
|
2020-01-07 21:02:35 +01:00
|
|
|
# This will be run as root.
|
2020-01-05 11:43:28 +01:00
|
|
|
rebuild $new_host switch
|
2020-01-04 01:47:17 +01:00
|
|
|
|
2020-01-02 07:17:50 +01:00
|
|
|
```
|
2019-12-05 09:36:15 +01:00
|
|
|
|
|
|
|
|
2020-01-04 01:47:17 +01:00
|
|
|
And now you should be ready to start writing your nix configuration or import
|
2020-01-06 02:26:09 +01:00
|
|
|
your current one. Review the [structure](#structure) below on how to build your
|
2020-01-05 11:43:28 +01:00
|
|
|
layout. And be sure to update the [locale.nix](local/locale.nix) for your
|
|
|
|
region.
|
2020-01-04 01:47:17 +01:00
|
|
|
|
2020-01-06 02:57:04 +01:00
|
|
|
You can always checkout my personal branch for more concrete examples.
|
2020-01-04 01:47:17 +01:00
|
|
|
|
|
|
|
## Additional Capabilities
|
|
|
|
|
2020-01-05 11:43:28 +01:00
|
|
|
```sh
|
|
|
|
# make an iso image based on ./hosts/niximg.nix
|
2020-01-02 07:17:50 +01:00
|
|
|
rebuild iso
|
2019-12-05 09:36:15 +01:00
|
|
|
|
2020-01-05 11:43:28 +01:00
|
|
|
# install any package the flake exports
|
|
|
|
nix profile install ".#packages.x86_64-linux.myPackage"
|
2019-12-05 09:36:15 +01:00
|
|
|
```
|
|
|
|
|
2020-01-06 02:26:09 +01:00
|
|
|
this flake exports multiple outputs for use in other flakes:
|
2020-01-05 11:43:28 +01:00
|
|
|
```nix
|
|
|
|
# external flake.nix
|
|
|
|
{
|
|
|
|
# ...
|
|
|
|
inputs.nixflk.url = "github:nrdxp/nixflk";
|
|
|
|
|
|
|
|
outputs = { self, nixpkgs, nixflk }: {
|
|
|
|
|
2020-01-06 02:26:09 +01:00
|
|
|
nixosConfigurations.newConfig = nixflk.nixosConfigurations.someConfig;
|
|
|
|
|
2020-01-05 11:43:28 +01:00
|
|
|
nixosConfigurations.myConfig = nixpkgs.lib.nixosSystem {
|
|
|
|
system = "x86_64-linux";
|
|
|
|
modules = [
|
|
|
|
{ nixpkgs.overlays = nixflk.overlays; }
|
|
|
|
nixflk.nixosModules.myModule
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|
2020-01-04 01:47:17 +01:00
|
|
|
|
2020-01-05 11:43:28 +01:00
|
|
|
```
|
2020-01-02 07:17:50 +01:00
|
|
|
|
2020-01-05 11:43:28 +01:00
|
|
|
# Structure
|
2020-01-04 01:47:17 +01:00
|
|
|
|
2020-01-05 11:43:28 +01:00
|
|
|
The structure is here to keep things simple and clean. Anything sufficiently
|
|
|
|
generic can ultimately be exported for use in other flakes without getting
|
2020-01-06 02:26:09 +01:00
|
|
|
tied up in user concerns. As an added bonus, one can now trivially swap or
|
|
|
|
combine [profiles](#profiles), creating a custom config in mere moments.
|
2020-01-02 07:17:50 +01:00
|
|
|
|
|
|
|
## Hosts
|
|
|
|
Distributions for particular machines should be stored in the [hosts](hosts)
|
|
|
|
directory. Every file in this directory will be added automatically to the
|
2020-01-06 02:26:09 +01:00
|
|
|
the `nixosConfigurations` flake output and thus becomes deployable. See the
|
2020-01-04 04:23:13 +01:00
|
|
|
[`default.nix`](hosts/default.nix) for the implementation details.
|
2020-01-02 07:17:50 +01:00
|
|
|
|
|
|
|
## Profiles
|
2020-01-06 02:26:09 +01:00
|
|
|
A profile is any directory under [profiles](profiles) containing a `default.nix`
|
2020-01-06 06:41:19 +01:00
|
|
|
defining a valid NixOS module, with the added restriction that no new
|
|
|
|
delclarations to the `options` _or_ `config` attributes are allowed
|
|
|
|
(use [modules](modules) instead). Their purpose is to provide abstract
|
|
|
|
expressions suitable for reuse by multiple deployments. They are perhaps _the_
|
|
|
|
key mechanism by which we keep this repo maintainable.
|
2020-01-06 02:26:09 +01:00
|
|
|
|
|
|
|
Profiles can have subprofiles which are themselves just profiles that live under
|
|
|
|
another. There's no hard rule that everything in the folder must be imported by
|
|
|
|
its `default.nix`, so you can also store relevant code that is useful but not
|
|
|
|
wanted by default in, say, an `alt.nix`. Importantly, every subdirectory in a
|
|
|
|
profile should be independent of its parent.
|
|
|
|
|
2020-01-04 01:47:17 +01:00
|
|
|
For example, a zsh directory lives under [profiles/develop](profiles/develop/zsh).
|
2020-01-06 02:26:09 +01:00
|
|
|
It's self contained to allow inclusion without the whole of
|
2020-01-04 01:47:17 +01:00
|
|
|
[develop](profiles/develop) if one so wished. This provides a wonderful level of
|
2020-01-06 02:26:09 +01:00
|
|
|
granularity and control. Put simply: take the best, leave the rest.
|
2019-12-03 06:18:30 +01:00
|
|
|
|
2020-01-06 02:26:09 +01:00
|
|
|
In addition, profiles can depend on other profiles. For instance, the
|
2020-01-02 07:17:50 +01:00
|
|
|
[graphical](profiles/graphical) profile depends on [develop](profiles/develop)
|
2020-01-06 02:26:09 +01:00
|
|
|
simply by importing it. This is to ensure my terminal configuration is always
|
|
|
|
available from within a graphical session.
|
2019-12-03 06:18:30 +01:00
|
|
|
|
2020-01-06 02:26:09 +01:00
|
|
|
Optionally, you may choose to export your profiles via the flake output. If
|
|
|
|
you include it in the list defined in [profiles/default.nix](profiles/default.nix),
|
|
|
|
it will be available to other flakes via `nixosModules.profiles`.
|
2020-01-04 04:23:13 +01:00
|
|
|
|
2020-01-02 07:17:50 +01:00
|
|
|
## Users
|
2020-01-07 01:24:25 +01:00
|
|
|
User declarations belong in the `users` directory, created on entering `nix-shell`.
|
|
|
|
These are actually just a special case of [profiles](#profiles). Any profile that
|
|
|
|
makes a declaration defining, or referencing a specific interactive user or uid
|
|
|
|
belongs in here. That way profiles stay general, and all our idiosyncratic data
|
|
|
|
has a clean home.
|
|
|
|
|
|
|
|
For convenience, [home-manager][home-manager] is available automatically for
|
|
|
|
home directory setup and should only be used from this directory.
|
2020-01-02 07:17:50 +01:00
|
|
|
|
2020-01-06 06:41:19 +01:00
|
|
|
## Lib
|
|
|
|
The [lib](lib) directory contains a file `utils.nix` which is an attribute set
|
|
|
|
meant to consist mainly of utility functions you might want to write and use
|
2020-01-06 07:01:00 +01:00
|
|
|
throughout the configuration. They are available via a new `usr` attribute
|
2020-01-06 06:41:19 +01:00
|
|
|
passed to every NixOS module, eg:
|
|
|
|
|
|
|
|
```
|
|
|
|
# hosts/some-host.nix
|
2020-01-06 07:01:00 +01:00
|
|
|
{ usr, ... }:
|
|
|
|
let data = usr.myFunction # ...
|
2020-01-06 06:41:19 +01:00
|
|
|
in
|
|
|
|
{
|
|
|
|
# NixOS configuration
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
2020-01-04 01:05:26 +01:00
|
|
|
## Secrets
|
2020-01-04 01:57:44 +01:00
|
|
|
Anything you wish to keep encrypted goes in the `secrets` directory, which is
|
|
|
|
created on first entering a `nix-shell`.
|
2020-01-04 01:54:27 +01:00
|
|
|
|
|
|
|
Be sure to run `git crypt init`, before committing anything to this directory.
|
2020-01-04 23:33:51 +01:00
|
|
|
Be sure to check out git-crypt's [documentation](https://github.com/AGWA/git-crypt)
|
2020-01-04 01:54:27 +01:00
|
|
|
if your not familiar. The filter is already set up to encrypt everything in this
|
|
|
|
folder by default.
|
2020-01-04 01:05:26 +01:00
|
|
|
|
2020-01-04 06:51:23 +01:00
|
|
|
To keep [profiles](profiles) reusable across configurations, secrets should
|
2020-01-06 02:26:09 +01:00
|
|
|
only be imported from the `users` or [`hosts`](hosts) directory.
|
2020-01-04 01:05:26 +01:00
|
|
|
|
2020-01-06 08:01:00 +01:00
|
|
|
## Modules, Packages and Overlays
|
2020-01-07 21:57:55 +01:00
|
|
|
All expressions in both [modules/default.nix](modules/default.nix) and
|
2020-01-06 02:26:09 +01:00
|
|
|
[pkgs/default.nix](pkgs/default.nix) are available globally, anywhere else in the
|
2020-01-06 08:16:21 +01:00
|
|
|
repo. They are additionally included in the `nixosModules` and `overlay` flake
|
|
|
|
outputs, respectively. Packages can manually be added to [flake.nix](flake.nix)
|
|
|
|
for inclusion in the `packages` output as well.
|
2020-01-06 08:01:00 +01:00
|
|
|
|
2020-01-06 02:26:09 +01:00
|
|
|
The directory structure is identical to nixpkgs to provide a kind of staging area
|
|
|
|
for any modules or packages we might be wanting to merge there later. If your not
|
|
|
|
familiar or can't be bothered, simply dropping a valid nix file and pointing the
|
|
|
|
`default.nix` to it, is all that's really required.
|
2020-01-02 07:17:50 +01:00
|
|
|
|
2020-01-06 08:16:21 +01:00
|
|
|
As for overlays, they should be defined in the [overlays](overlays) directory.
|
|
|
|
They will be automatically pulled in for use by all configurations. Nix command
|
|
|
|
line tools will be able to read overlays from here as well since it is set as
|
|
|
|
`nixpkgs-overlays` in `NIX_PATH`. And of course they will be exported via the
|
|
|
|
flake output `overlays` as well.
|
|
|
|
|
2019-12-03 06:18:30 +01:00
|
|
|
# License
|
|
|
|
|
|
|
|
This software is licensed under the [MIT License](COPYING).
|
|
|
|
|
|
|
|
Note: MIT license does not apply to the packages built by this configuration,
|
|
|
|
merely to the files in this repository (the Nix expressions, build
|
|
|
|
scripts, NixOS modules, etc.). It also might not apply to patches
|
|
|
|
included here, which may be derivative works of the packages to
|
|
|
|
which they apply. The aforementioned artifacts are all covered by the
|
|
|
|
licenses of the respective packages.
|
|
|
|
|
2020-01-02 07:17:50 +01:00
|
|
|
[direnv]: https://direnv.net
|
2020-01-04 01:47:17 +01:00
|
|
|
[home-manager]: https://github.com/rycee/home-manager
|
2019-12-03 06:18:30 +01:00
|
|
|
[NixOS]: https://nixos.org
|
|
|
|
[old]: https://github.com/nrdxp/nixos
|
2020-01-02 07:17:50 +01:00
|
|
|
[pr]: https://github.com/NixOS/nixpkgs/pull/68897
|
|
|
|
[rfc]: https://github.com/tweag/rfcs/blob/flakes/rfcs/0049-flakes.md
|
|
|
|
[video]: https://www.youtube.com/watch?v=UeBX7Ide5a0
|