refactor profiles

flake.lock

@@ -623,6 +623,42 @@
         "type": "github"
       }
     },
+    "nixlib": {
+      "locked": {
+        "lastModified": 1636849918,
+        "narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
+    "nixos-generators": {
+      "inputs": {
+        "nixlib": "nixlib",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1674666581,
+        "narHash": "sha256-KNI2s/xrL7WOYaPJAWKBtb7cCH3335rLfsL+B+ssuGY=",
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "rev": "6a5dc1d3d557ea7b5c19b15ff91955124d0400fa",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "type": "github"
+      }
+    },
     "nixos-hardware": {
       "locked": {
         "lastModified": 1674550793,
@@ -842,6 +878,7 @@
         "homePage": "homePage",
         "myNixpkgs": "myNixpkgs",
         "nix-doom-emacs": "nix-doom-emacs",
+        "nixos-generators": "nixos-generators",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": [
           "myNixpkgs"

flake.nix

@@ -37,6 +37,11 @@
       inputs.nixpkgs.follows = "myNixpkgs";
     };
     helix.url = github:helix-editor/helix/22.08.1;
+
+    nixos-generators = {
+      url = "github:nix-community/nixos-generators";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs = { ... } @ args: import ./outputs.nix args;

nixos/agares/configuration.nix

@@ -63,12 +63,6 @@
 
   networking.interfaces.enp1s0.useDHCP = true;
 
-  i18n.defaultLocale = "en_US.UTF-8";
-  console = {
-    font = "Lat2-Terminus16";
-    keyMap = "us";
-  };
-
   networking.firewall = {
     enable = true;
     allowPing = true;

nixos/configurations.nix

@@ -8,6 +8,7 @@
 , scripts
 , recipemd
 , helix
+, nixos-generators
 , ...
 }@inputs:
 let
@@ -83,4 +84,23 @@ in
       ./agares/configuration.nix
     ];
   };
+
+  installer = nixpkgs.lib.nixosSystem rec {
+    system = "x86_64-linux";
+    modules = [
+      nixos-generators.nixosModules.install-iso
+      self.nixosModules.admin
+      {
+        networking.tempAddresses = "disabled";
+        dadada.admin.enable = true;
+        documentation.enable = false;
+        documentation.nixos.enable = false;
+        i18n.defaultLocale = "en_US.UTF-8";
+        console = {
+          font = "Lat2-Terminus16";
+          keyMap = "us";
+        };
+      }
+    ];
+  };
 }

nixos/gorgon/configuration.nix

@@ -41,7 +41,6 @@ in
   networking.hostName = "gorgon";
 
   dadada = {
-    autoUpgrade.enable = false;
     #headphones.enable = true;
     steam.enable = true;
     kanboard.enable = true;

nixos/modules/admin.nix

@@ -81,13 +81,6 @@ in
     security.sudo.wheelNeedsPassword = false;
     services.openssh.openFirewall = true;
 
-    system.autoUpgrade = {
-      enable = true;
-      flake = "github:dadada/nix-config#${config.networking.hostName}";
-      allowReboot = true;
-      randomizedDelaySec = "45min";
-    };
-
     users.users =
       mapAttrs
         (user: keys: {
@@ -98,7 +91,7 @@ in
         })
         cfg.users;
 
-    nix.trustedUsers = builtins.attrNames cfg.users;
+    nix.settings.trusted-users = builtins.attrNames cfg.users;
 
     users.mutableUsers = mkDefault false;
 

nixos/modules/default.nix

@@ -12,14 +12,13 @@
   kanboard = import ./kanboard;
   miniflux = import ./miniflux.nix;
   networking = import ./networking.nix;
-  nix = import ./nix.nix;
+  inputs = import ./inputs.nix;
   nixpkgs = import ./nixpkgs.nix;
   packages = import ./packages.nix;
   secrets = import ./secrets.nix;
   share = import ./share.nix;
   steam = import ./steam.nix;
   sway = import ./sway.nix;
-  update = import ./update.nix;
   vpnServer = import ./vpnServer.nix;
   weechat = import ./weechat.nix;
 }

nixos/modules/inputs.nix

@@ -0,0 +1,19 @@
+{ config
+, pkgs
+, lib
+, ...
+}:
+let
+  cfg = config.dadada.inputs;
+in
+{
+  options = {
+    dadada.inputs = lib.mkOption {
+      type = lib.types.attrsOf lib.types.attrs;
+      description = "Flake inputs that should be available inside Nix modules";
+      default = { };
+    };
+  };
+
+  config = { };
+}

nixos/modules/nix.nix

@@ -1,36 +0,0 @@
-{ config
-, pkgs
-, lib
-, ...
-}:
-let
-  cfg = config.dadada.inputs;
-in
-{
-  options = {
-    dadada.inputs = lib.mkOption {
-      type = lib.types.attrsOf lib.types.attrs;
-      description = "Flake inputs that should be available inside Nix modules";
-      default = { };
-    };
-  };
-
-  config = {
-    nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value}") cfg;
-    nix.registry = lib.mapAttrs' (name: value: lib.nameValuePair name { flake = value; }) cfg;
-
-    nix.settings.substituters = [
-      https://cache.nixos.org/
-      https://nix-community.cachix.org/
-    ];
-
-    nix.settings.trusted-public-keys = [
-      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
-      "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q="
-      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-    ];
-
-    nix.settings.require-sigs = true;
-    nix.settings.sandbox = true;
-  };
-}

nixos/modules/profiles/base.nix

@@ -1,7 +1,56 @@
-{ config, ... }:
+{ config, lib, ... }:
+let
+  mkDefault = lib.mkDefault;
+  inputs = config.dadada.inputs;
+in
 {
-  security.acme = {
-    defaults.email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li";
-    acceptTerms = true;
+  i18n.defaultLocale = mkDefault "en_US.UTF-8";
+  console = mkDefault {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
   };
+
+  time.timeZone = mkDefault "Europe/Berlin";
+
+  nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value}") inputs;
+  nix.registry = lib.mapAttrs' (name: value: lib.nameValuePair name { flake = value; }) inputs;
+
+  nix.settings.substituters = [
+    https://cache.nixos.org/
+    https://nix-community.cachix.org/
+  ];
+
+  nix.settings.trusted-public-keys = [
+    "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+    "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q="
+    "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+  ];
+
+  nix.settings.require-sigs = true;
+
+  nix.settings.auto-optimise-store = true;
+
+  nix.gc = {
+    automatic = true;
+    dates = "daily";
+    options = "--delete-older-than 3d";
+  };
+
+  nix.extraOptions = ''
+    experimental-features = nix-command flakes
+  '';
+
+  programs.zsh = mkDefault {
+    enable = true;
+    autosuggestions.enable = true;
+    enableCompletion = true;
+    histSize = 100000;
+    vteIntegration = true;
+    syntaxHighlighting = {
+      enable = true;
+      highlighters = [ "main" "brackets" "pattern" "root" "line" ];
+    };
+  };
+
 }
+

nixos/modules/profiles/laptop.nix

@@ -5,7 +5,8 @@
 }:
 let
   secretsPath = config.dadada.secrets.path;
-in with lib; {
+in
+with lib; {
   imports = [
     ./backup.nix
     ./base.nix
@@ -21,34 +22,8 @@ in with lib; {
     source-code-pro
   ]);
 
-  time.timeZone = mkDefault "Europe/Berlin";
-
-  i18n.defaultLocale = mkDefault "en_US.UTF-8";
-
-  console.keyMap = mkDefault "us";
-
   users.mutableUsers = mkDefault true;
 
-  programs.zsh = mkDefault {
-    enable = true;
-    autosuggestions.enable = true;
-    enableCompletion = true;
-    histSize = 100000;
-    vteIntegration = true;
-    syntaxHighlighting = {
-      enable = true;
-      highlighters = [ "main" "brackets" "pattern" "root" "line" ];
-    };
-  };
-
-  virtualisation = {
-    libvirtd.enable = mkDefault false;
-    docker.enable = mkDefault false;
-    docker.liveRestore = false;
-  };
-
-  virtualisation.docker.extraOptions = mkDefault "--bip=192.168.1.5/24";
-
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = mkDefault true;
   boot.loader.efi.canTouchEfiVariables = mkDefault true;

nixos/modules/profiles/server.nix

@@ -14,19 +14,25 @@ with lib; {
 
   dadada.admin.enable = true;
   dadada.networking.localResolver.enable = true;
-  dadada.autoUpgrade.enable = mkDefault true;
 
   environment.noXlibs = mkDefault true;
   documentation.enable = mkDefault false;
   documentation.nixos.enable = mkDefault false;
 
-  i18n.defaultLocale = mkDefault "en_US.UTF-8";
-  console = mkDefault {
-    font = "Lat2-Terminus16";
-    keyMap = "us";
-  };
-
   services.journald.extraConfig = ''
     SystemKeepFree = 2G
   '';
+
+  system.autoUpgrade = {
+    enable = true;
+    flake = "github:dadada/nix-config#${config.networking.hostName}";
+    allowReboot = true;
+    randomizedDelaySec = "45min";
+  };
+
+  security.acme = {
+    defaults.email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li";
+    acceptTerms = true;
+  };
+
 }

nixos/modules/update.nix

@@ -1,40 +0,0 @@
-{ config
-, pkgs
-, lib
-, ...
-}:
-with lib; let
-  cfg = config.dadada.autoUpgrade;
-in
-{
-  options.dadada.autoUpgrade = {
-    enable = mkEnableOption "Enable automatic upgrades";
-  };
-
-  config = mkIf cfg.enable {
-    nix = {
-      autoOptimiseStore = true;
-      gc = {
-        automatic = true;
-        dates = "daily";
-        options = "--delete-older-than 3d";
-      };
-
-      extraOptions = ''
-        experimental-features = nix-command flakes
-      '';
-
-      registry."dadada" = {
-        from = {
-          type = "indirect";
-          id = "dadada";
-        };
-        to = {
-          type = "github";
-          owner = "dadada";
-          repo = "nix-config";
-        };
-      };
-    };
-  };
-}

nixos/pruflas/configuration.nix

@@ -188,8 +188,6 @@ in
   dadada.networking.localResolver.uwu = true;
   dadada.networking.localResolver.s0 = true;
 
-  dadada.autoUpgrade.enable = mkDefault true;
-
   documentation.enable = false;
   documentation.nixos.enable = false;