setup configurations API
NixOS file, configurations/<name>.nix, will be easily installable via `nixos-rebuild --flake ".#<name>"`.
This commit is contained in:
parent
17713c22d0
commit
79181e103f
15 changed files with 266 additions and 13 deletions
4
.git-crypt/.gitattributes
vendored
Normal file
4
.git-crypt/.gitattributes
vendored
Normal file
|
@ -0,0 +1,4 @@
|
|||
# Do not edit this file. To specify the files to encrypt, create your own
|
||||
# .gitattributes file in the directory where your files are.
|
||||
* !filter !diff
|
||||
*.gpg binary
|
|
@ -0,0 +1,3 @@
|
|||
…¨¬j›zq¤¦ÿa3Û«¡B:³bÒ…§
–ù·=uˆ„Ýl-Œê
*‰EÕ¯’DÅ4¤! WUÍ|˜Á$2^lÝ )í.è–•ƒóa` ¤ 'Œi1!žÜ²¢-¦æ6¼q~þ„
|
||||
™‹INÒy8)[<5B>"#0 ø<C2A0>\8:†übd Ü^gÇ)gh0ÞãcÏM`ÜMó—!ªŒ®¢SîG~§e"³¢u:$]c ½öBý„Mä"Ç÷êõl²jAÞKµN–2™4Q+^„iX|«›µfÌ<66>üX¨Aäµ.RËXÑ>jºWÏRWûÆià±:Áe'Õ3»XùŠ¾ñ³È‚ė㇙§Ë‰ÒÀ…WCX0B'yêÒ¹¶d£~("‡"ÍSqÔ´ŒçÊÒA´0_–{HÕ'S"’d…㌢ñ¡
7PŸA}0UPZ´ð/AcjÒ¯tÏñmëßœ%æÅ[WQÆGFXdåLÄÝàO<C3A0>â\íR<1B>*r«²+2
EEVÈqÞ{ç}"·f¶õ‚Fk<46>5Œ¥ùI/•³kJÉ3Ô²Û¦ú½µ@qžu¯íy%½¨È<C2A8>Фu3Œcž$;€ ¤¥×úO·j
|
||||
”C
|
1
.gitattributes
vendored
Normal file
1
.gitattributes
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
secrets/* filter=git-crypt diff=git-crypt
|
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1 +1 @@
|
|||
|
||||
result
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
>Warning: Highly experimental, API __will__ break!
|
||||
## ⚠W️arning: Highly experimental, API __will__ break!
|
||||
# Introduction
|
||||
|
||||
Welcome to DevOS. This project is under construction as a rewrite of my current
|
||||
|
|
72
configurations/default.nix
Normal file
72
configurations/default.nix
Normal file
|
@ -0,0 +1,72 @@
|
|||
{ nix, nixpkgs, flake, ... }:
|
||||
let
|
||||
inherit (builtins)
|
||||
isAttrs
|
||||
readDir
|
||||
;
|
||||
|
||||
inherit (nixpkgs.lib)
|
||||
filterAttrs
|
||||
hasSuffix
|
||||
mapAttrs'
|
||||
nameValuePair
|
||||
removeSuffix
|
||||
;
|
||||
|
||||
|
||||
configs = let
|
||||
configs' = let
|
||||
config = this:
|
||||
nixpkgs.lib.nixosSystem rec {
|
||||
system = "x86_64-linux";
|
||||
|
||||
modules = let
|
||||
coreConfig = ../modules/profiles/core.nix;
|
||||
|
||||
globalConfig = {
|
||||
system.configurationRevision = flake.rev;
|
||||
|
||||
networking.hostName = "${this}";
|
||||
|
||||
nix.package = nix.defaultPackage."${system}";
|
||||
};
|
||||
|
||||
thisConfig = ./. + "/${this}.nix";
|
||||
|
||||
in
|
||||
[
|
||||
coreConfig
|
||||
globalConfig
|
||||
thisConfig
|
||||
];
|
||||
|
||||
};
|
||||
|
||||
dot = readDir ./.;
|
||||
|
||||
in
|
||||
mapAttrs'
|
||||
(
|
||||
name: value:
|
||||
if
|
||||
name != "default.nix"
|
||||
&& hasSuffix ".nix" name
|
||||
&& value == "regular"
|
||||
|
||||
then let
|
||||
name' = removeSuffix ".nix" name;
|
||||
in
|
||||
nameValuePair (name') (config name')
|
||||
|
||||
else
|
||||
nameValuePair ("") (null)
|
||||
)
|
||||
dot;
|
||||
|
||||
removeInvalid =
|
||||
filterAttrs (_: value: isAttrs value);
|
||||
in
|
||||
removeInvalid configs';
|
||||
|
||||
in
|
||||
configs
|
18
configurations/gaze12.nix
Normal file
18
configurations/gaze12.nix
Normal file
|
@ -0,0 +1,18 @@
|
|||
{ ... }:
|
||||
let
|
||||
inherit (builtins) readFile;
|
||||
in
|
||||
{
|
||||
imports = [];
|
||||
|
||||
|
||||
boot.loader.systemd-boot = {
|
||||
enable = true;
|
||||
editor = false;
|
||||
};
|
||||
|
||||
|
||||
users.users.root.hashedPassword =
|
||||
readFile
|
||||
../secrets/root;
|
||||
}
|
13
flake.lock
13
flake.lock
|
@ -1,5 +1,18 @@
|
|||
{
|
||||
"inputs": {
|
||||
"nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": {
|
||||
"inputs": {},
|
||||
"narHash": "sha256-ZzR2l1dovxeZ555KXxz7SAXrC72BfaR4BeqvJzRdmwQ=",
|
||||
"originalUrl": "nixpkgs/release-19.09",
|
||||
"url": "github:edolstra/nixpkgs/d37927a77e70a2b3408ceaa2e763b6df1f4d941a"
|
||||
}
|
||||
},
|
||||
"narHash": "sha256-8Y2swdV7/T7jjhGAKVrMRkAn7y4qTSjKNIW7NUe7V5s=",
|
||||
"originalUrl": "nix",
|
||||
"url": "github:NixOS/nix/90d2cf6ff98fc970c9abeae6c37dd323fd0ef953"
|
||||
},
|
||||
"nixpkgs": {
|
||||
"inputs": {},
|
||||
"narHash": "sha256-Y5ZOTgInrYYoas3vM8uTPLA2DvFI9YoI6haftIKl9go=",
|
||||
|
|
23
flake.nix
23
flake.nix
|
@ -1,16 +1,19 @@
|
|||
{
|
||||
description = "DevOS";
|
||||
|
||||
epoch = 201909;
|
||||
description = "NixOS Configuration";
|
||||
|
||||
outputs = { self, nixpkgs }: {
|
||||
nixosConfigurations.gaze12 = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
outputs = { self, nixpkgs, nix }: {
|
||||
nixosConfigurations =
|
||||
let
|
||||
configs = import ./configurations {
|
||||
inherit nix nixpkgs;
|
||||
flake = self;
|
||||
};
|
||||
|
||||
in
|
||||
configs;
|
||||
|
||||
modules = [
|
||||
{
|
||||
system.configurationRevision = self.rev;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
{}:
|
||||
{ ... }:
|
||||
{}
|
||||
|
|
2
local/.gitignore
vendored
Normal file
2
local/.gitignore
vendored
Normal file
|
@ -0,0 +1,2 @@
|
|||
*
|
||||
!.gitignore
|
3
local/file-systems.nix
Normal file
3
local/file-systems.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
{
|
||||
fileSystems = {};
|
||||
}
|
129
modules/profiles/core.nix
Normal file
129
modules/profiles/core.nix
Normal file
|
@ -0,0 +1,129 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
|
||||
imports = [
|
||||
./locale.nix
|
||||
../../local/file-systems.nix
|
||||
];
|
||||
|
||||
|
||||
boot = {
|
||||
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
tmpOnTmpfs = true;
|
||||
|
||||
kernel.sysctl."kernel.sysrq" = 1;
|
||||
|
||||
};
|
||||
|
||||
|
||||
environment = {
|
||||
|
||||
systemPackages = with pkgs; [
|
||||
binutils
|
||||
coreutils
|
||||
curl
|
||||
dnsutils
|
||||
fd
|
||||
git
|
||||
iputils
|
||||
manpages
|
||||
moreutils
|
||||
ripgrep
|
||||
stdmanpages
|
||||
utillinux
|
||||
];
|
||||
|
||||
shellAliases = let
|
||||
ifSudo = string: lib.mkIf config.security.sudo.enable string;
|
||||
in
|
||||
{
|
||||
# quick cd
|
||||
".." = "cd ..";
|
||||
"..." = "cd ../..";
|
||||
"...." = "cd ../../..";
|
||||
"....." = "cd ../../../..";
|
||||
|
||||
# internet ip
|
||||
myip = "dig +short myip.opendns.com @208.67.222.222 2>&1";
|
||||
|
||||
# sudo
|
||||
si = ifSudo "env sudo -i";
|
||||
sudo = ifSudo "sudo -E ";
|
||||
se = ifSudo "sudoedit";
|
||||
|
||||
# systemd
|
||||
ctl = "systemctl";
|
||||
stl = ifSudo "sudo systemctl";
|
||||
utl = "systemctl --user";
|
||||
ut = "systemctl --user start";
|
||||
un = "systemctl --user stop";
|
||||
up = ifSudo "sudo systemctl start";
|
||||
dn = ifSudo "sudo systemctl stop";
|
||||
jctl = "journalctl";
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
fonts = {
|
||||
fonts = with pkgs; [
|
||||
powerline-fonts
|
||||
dejavu_fonts
|
||||
];
|
||||
|
||||
|
||||
fontconfig.defaultFonts = {
|
||||
|
||||
monospace = [ "DejaVu Sans Mono for Powerline" ];
|
||||
|
||||
sansSerif = [ "DejaVu Sans" ];
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
nix = {
|
||||
|
||||
autoOptimiseStore = true;
|
||||
|
||||
gc.automatic = true;
|
||||
|
||||
optimise.automatic = true;
|
||||
|
||||
useSandbox = true;
|
||||
|
||||
allowedUsers = [ "@wheel" ];
|
||||
|
||||
trustedUsers = [ "root" "@wheel" ];
|
||||
|
||||
extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
'';
|
||||
|
||||
};
|
||||
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
|
||||
programs.mtr.enable = true;
|
||||
|
||||
|
||||
security = {
|
||||
|
||||
hideProcessInformation = true;
|
||||
|
||||
protectKernelImage = true;
|
||||
|
||||
};
|
||||
|
||||
|
||||
services.earlyoom.enable = true;
|
||||
|
||||
|
||||
users.mutableUsers = false;
|
||||
|
||||
}
|
5
modules/profiles/locale.nix
Normal file
5
modules/profiles/locale.nix
Normal file
|
@ -0,0 +1,5 @@
|
|||
{ ... }:
|
||||
{
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
time.timeZone = "America/Denver";
|
||||
}
|
BIN
secrets/root
Normal file
BIN
secrets/root
Normal file
Binary file not shown.
Loading…
Reference in a new issue