diff --git a/flake.lock b/flake.lock index ae1e29a..cc7a0a0 100644 --- a/flake.lock +++ b/flake.lock @@ -623,6 +623,42 @@ "type": "github" } }, + "nixlib": { + "locked": { + "lastModified": 1636849918, + "narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1674666581, + "narHash": "sha256-KNI2s/xrL7WOYaPJAWKBtb7cCH3335rLfsL+B+ssuGY=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "6a5dc1d3d557ea7b5c19b15ff91955124d0400fa", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1674550793, @@ -842,6 +878,7 @@ "homePage": "homePage", "myNixpkgs": "myNixpkgs", "nix-doom-emacs": "nix-doom-emacs", + "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": [ "myNixpkgs" diff --git a/flake.nix b/flake.nix index a6eb1f8..7ff1357 100644 --- a/flake.nix +++ b/flake.nix @@ -37,6 +37,11 @@ inputs.nixpkgs.follows = "myNixpkgs"; }; helix.url = github:helix-editor/helix/22.08.1; + + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { ... } @ args: import ./outputs.nix args; diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index 0b2e4ed..f1a5828 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -63,12 +63,6 @@ networking.interfaces.enp1s0.useDHCP = true; - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - networking.firewall = { enable = true; allowPing = true; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index f920ac1..1e99485 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -8,6 +8,7 @@ , scripts , recipemd , helix +, nixos-generators , ... }@inputs: let @@ -83,4 +84,23 @@ in ./agares/configuration.nix ]; }; + + installer = nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + modules = [ + nixos-generators.nixosModules.install-iso + self.nixosModules.admin + { + networking.tempAddresses = "disabled"; + dadada.admin.enable = true; + documentation.enable = false; + documentation.nixos.enable = false; + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + } + ]; + }; } diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 34da64e..9c55b8c 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -41,7 +41,6 @@ in networking.hostName = "gorgon"; dadada = { - autoUpgrade.enable = false; #headphones.enable = true; steam.enable = true; kanboard.enable = true; diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index 4f7d4b6..87d9573 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -81,13 +81,6 @@ in security.sudo.wheelNeedsPassword = false; services.openssh.openFirewall = true; - system.autoUpgrade = { - enable = true; - flake = "github:dadada/nix-config#${config.networking.hostName}"; - allowReboot = true; - randomizedDelaySec = "45min"; - }; - users.users = mapAttrs (user: keys: { @@ -98,7 +91,7 @@ in }) cfg.users; - nix.trustedUsers = builtins.attrNames cfg.users; + nix.settings.trusted-users = builtins.attrNames cfg.users; users.mutableUsers = mkDefault false; diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 9b0bbc9..0d63712 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -12,14 +12,13 @@ kanboard = import ./kanboard; miniflux = import ./miniflux.nix; networking = import ./networking.nix; - nix = import ./nix.nix; + inputs = import ./inputs.nix; nixpkgs = import ./nixpkgs.nix; packages = import ./packages.nix; secrets = import ./secrets.nix; share = import ./share.nix; steam = import ./steam.nix; sway = import ./sway.nix; - update = import ./update.nix; vpnServer = import ./vpnServer.nix; weechat = import ./weechat.nix; } diff --git a/nixos/modules/inputs.nix b/nixos/modules/inputs.nix new file mode 100644 index 0000000..4db219c --- /dev/null +++ b/nixos/modules/inputs.nix @@ -0,0 +1,19 @@ +{ config +, pkgs +, lib +, ... +}: +let + cfg = config.dadada.inputs; +in +{ + options = { + dadada.inputs = lib.mkOption { + type = lib.types.attrsOf lib.types.attrs; + description = "Flake inputs that should be available inside Nix modules"; + default = { }; + }; + }; + + config = { }; +} diff --git a/nixos/modules/nix.nix b/nixos/modules/nix.nix deleted file mode 100644 index 85954b4..0000000 --- a/nixos/modules/nix.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ config -, pkgs -, lib -, ... -}: -let - cfg = config.dadada.inputs; -in -{ - options = { - dadada.inputs = lib.mkOption { - type = lib.types.attrsOf lib.types.attrs; - description = "Flake inputs that should be available inside Nix modules"; - default = { }; - }; - }; - - config = { - nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value}") cfg; - nix.registry = lib.mapAttrs' (name: value: lib.nameValuePair name { flake = value; }) cfg; - - nix.settings.substituters = [ - https://cache.nixos.org/ - https://nix-community.cachix.org/ - ]; - - nix.settings.trusted-public-keys = [ - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - - nix.settings.require-sigs = true; - nix.settings.sandbox = true; - }; -} diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index 146c443..2d221b3 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -1,7 +1,56 @@ -{ config, ... }: +{ config, lib, ... }: +let + mkDefault = lib.mkDefault; + inputs = config.dadada.inputs; +in { - security.acme = { - defaults.email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; - acceptTerms = true; + i18n.defaultLocale = mkDefault "en_US.UTF-8"; + console = mkDefault { + font = "Lat2-Terminus16"; + keyMap = "us"; }; + + time.timeZone = mkDefault "Europe/Berlin"; + + nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value}") inputs; + nix.registry = lib.mapAttrs' (name: value: lib.nameValuePair name { flake = value; }) inputs; + + nix.settings.substituters = [ + https://cache.nixos.org/ + https://nix-community.cachix.org/ + ]; + + nix.settings.trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + + nix.settings.require-sigs = true; + + nix.settings.auto-optimise-store = true; + + nix.gc = { + automatic = true; + dates = "daily"; + options = "--delete-older-than 3d"; + }; + + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + + programs.zsh = mkDefault { + enable = true; + autosuggestions.enable = true; + enableCompletion = true; + histSize = 100000; + vteIntegration = true; + syntaxHighlighting = { + enable = true; + highlighters = [ "main" "brackets" "pattern" "root" "line" ]; + }; + }; + } + diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index a517ede..fc6813f 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -5,7 +5,8 @@ }: let secretsPath = config.dadada.secrets.path; -in with lib; { +in +with lib; { imports = [ ./backup.nix ./base.nix @@ -21,34 +22,8 @@ in with lib; { source-code-pro ]); - time.timeZone = mkDefault "Europe/Berlin"; - - i18n.defaultLocale = mkDefault "en_US.UTF-8"; - - console.keyMap = mkDefault "us"; - users.mutableUsers = mkDefault true; - programs.zsh = mkDefault { - enable = true; - autosuggestions.enable = true; - enableCompletion = true; - histSize = 100000; - vteIntegration = true; - syntaxHighlighting = { - enable = true; - highlighters = [ "main" "brackets" "pattern" "root" "line" ]; - }; - }; - - virtualisation = { - libvirtd.enable = mkDefault false; - docker.enable = mkDefault false; - docker.liveRestore = false; - }; - - virtualisation.docker.extraOptions = mkDefault "--bip=192.168.1.5/24"; - # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = mkDefault true; boot.loader.efi.canTouchEfiVariables = mkDefault true; diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index 42740d0..2bb73ec 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -14,19 +14,25 @@ with lib; { dadada.admin.enable = true; dadada.networking.localResolver.enable = true; - dadada.autoUpgrade.enable = mkDefault true; environment.noXlibs = mkDefault true; documentation.enable = mkDefault false; documentation.nixos.enable = mkDefault false; - i18n.defaultLocale = mkDefault "en_US.UTF-8"; - console = mkDefault { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - services.journald.extraConfig = '' SystemKeepFree = 2G ''; + + system.autoUpgrade = { + enable = true; + flake = "github:dadada/nix-config#${config.networking.hostName}"; + allowReboot = true; + randomizedDelaySec = "45min"; + }; + + security.acme = { + defaults.email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; + acceptTerms = true; + }; + } diff --git a/nixos/modules/update.nix b/nixos/modules/update.nix deleted file mode 100644 index 68fc45c..0000000 --- a/nixos/modules/update.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config -, pkgs -, lib -, ... -}: -with lib; let - cfg = config.dadada.autoUpgrade; -in -{ - options.dadada.autoUpgrade = { - enable = mkEnableOption "Enable automatic upgrades"; - }; - - config = mkIf cfg.enable { - nix = { - autoOptimiseStore = true; - gc = { - automatic = true; - dates = "daily"; - options = "--delete-older-than 3d"; - }; - - extraOptions = '' - experimental-features = nix-command flakes - ''; - - registry."dadada" = { - from = { - type = "indirect"; - id = "dadada"; - }; - to = { - type = "github"; - owner = "dadada"; - repo = "nix-config"; - }; - }; - }; - }; -} diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index d53867c..5b8e592 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -188,8 +188,6 @@ in dadada.networking.localResolver.uwu = true; dadada.networking.localResolver.s0 = true; - dadada.autoUpgrade.enable = mkDefault true; - documentation.enable = false; documentation.nixos.enable = false;