From 4b05d8a9845ec7ff8345a47476a977feb6fb3be0 Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Wed, 10 Jul 2024 16:03:10 +0200 Subject: [PATCH] nix: clean up infra --- flake.lock | 27 ++++++++- flake.nix | 22 +++++-- nix/default.nix | 13 ++-- nix/infra.nix | 114 ----------------------------------- nix/infra/default.nix | 29 +++++++++ nix/infra/disk.nix | 38 ++++++++++++ nix/infra/nix.nix | 33 ++++++++++ nix/infra/system.nix | 37 ++++++++++++ nix/infra/users/default.nix | 5 ++ nix/infra/users/jopejoe1.nix | 96 +++++++++++++++++++++++++++++ nix/native.nix | 11 +++- nix/web.nix | 7 +-- shell.nix | 12 +++- 13 files changed, 307 insertions(+), 137 deletions(-) delete mode 100644 nix/infra.nix create mode 100644 nix/infra/default.nix create mode 100644 nix/infra/disk.nix create mode 100644 nix/infra/nix.nix create mode 100644 nix/infra/system.nix create mode 100644 nix/infra/users/default.nix create mode 100644 nix/infra/users/jopejoe1.nix diff --git a/flake.lock b/flake.lock index c4cbe4c..b807c8c 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,26 @@ "type": "github" } }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1720470846, + "narHash": "sha256-7ftA4Bv5KfH4QdTRxqe8/Hz2YTKo+7IQ9n7vbNWgv28=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "2fb5c1e0a17bc6059fa09dc411a43d75f35bb192", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1719708727, @@ -58,11 +78,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1720031269, - "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=", + "lastModified": 1720418205, + "narHash": "sha256-cPJoFPXU44GlhWg4pUk9oUPqurPlCFZ11ZQPk21GTPU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9f4128e00b0ae8ec65918efeba59db998750ead6", + "rev": "655a58a72a6601292512670343087c2d75d859c1", "type": "github" }, "original": { @@ -75,6 +95,7 @@ "root": { "inputs": { "disko": "disko", + "home-manager": "home-manager", "nixos-generators": "nixos-generators", "nixpkgs": "nixpkgs", "srvos": "srvos" diff --git a/flake.nix b/flake.nix index 86fc059..9ec3c73 100644 --- a/flake.nix +++ b/flake.nix @@ -15,24 +15,36 @@ url = "github:nix-community/srvos"; inputs.nixpkgs.follows = "nixpkgs"; }; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = inputs@{ self, nixpkgs, ... }: { + # System nixosConfigurations = { - main = nixpkgs.lib.nixosSystem rec { - system = "x86_64-linux"; + alisa = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; specialArgs = inputs; modules = [ - ./nix/infra.nix - #inputs.srvos.nixosModules.server - inputs.nixos-generators.nixosModules.all-formats + ./nix/infra ]; }; }; + + # Formatter + formatter = nixpkgs.lib.attrsets.genAttrs nixpkgs.lib.systems.flakeExposed (system: + nixpkgs.legacyPackages.${system}.nixfmt-rfc-style + ); + + # Packages legacyPackages = nixpkgs.lib.attrsets.genAttrs nixpkgs.lib.systems.flakeExposed (system: import ./nix { inherit system inputs; pkgs = nixpkgs.legacyPackages.${system}; }); + + # Shell devShells = nixpkgs.lib.attrsets.genAttrs nixpkgs.lib.systems.flakeExposed (system: { default = import ./shell.nix { inherit system inputs; diff --git a/nix/default.nix b/nix/default.nix index 9be12ab..47bc5f2 100644 --- a/nix/default.nix +++ b/nix/default.nix @@ -1,8 +1,11 @@ -{ system, pkgs, inputs }: +{ + system, + pkgs, + inputs, +}: { - native = pkgs.callPackage ./native.nix {}; - backend = pkgs.callPackage ./backend.nix {}; - web = pkgs.callPackage ./web.nix {}; - docker = inputs.self.nixosConfigurations.main.config.formats.docker; + native = pkgs.callPackage ./native.nix { }; + backend = pkgs.callPackage ./backend.nix { }; + web = pkgs.callPackage ./web.nix { }; } diff --git a/nix/infra.nix b/nix/infra.nix deleted file mode 100644 index c2334e9..0000000 --- a/nix/infra.nix +++ /dev/null @@ -1,114 +0,0 @@ -{ - config, - lib, - pkgs, - self, - ... -}: - -{ - system.stateVersion = "24.11"; - nixpkgs.hostPlatform = { - system = "x86_64-linux"; - config = "x86_64-unknown-linux-gnu"; - }; - networking.hostName = "Main"; - time.timeZone = "Europe/Berlin"; - - xdg = { - mime.enable = true; - autostart.enable = true; - }; - - i18n = { - defaultLocale = "en_NZ.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = "de_DE.UTF-8"; - LC_IDENTIFICATION = "de_DE.UTF-8"; - LC_MEASUREMENT = "de_DE.UTF-8"; - LC_MONETARY = "de_DE.UTF-8"; - LC_NAME = "de_DE.UTF-8"; - LC_NUMERIC = "de_DE.UTF-8"; - LC_PAPER = "de_DE.UTF-8"; - LC_TELEPHONE = "de_DE.UTF-8"; - LC_TIME = "de_DE.UTF-8"; - LC_CTYPE = "de_DE.UTF-8"; - LC_COLLATE = "de_DE.UTF-8"; - LC_MESSAGES = "en_NZ.UTF-8"; - }; - }; - - environment.variables = { - LOG_ICONS = "true"; - }; - - services.openssh = { - enable = true; - banner = "Hackers are in Your System!!!\n"; - settings = { - PasswordAuthentication = false; - PermitRootLogin = "prohibit-password"; - }; - }; - - fonts.fontDir.enable = true; - - networking.firewall.enable = lib.mkForce false; - - nix = { - settings = { - substituters = lib.mkForce [ - "https://cache.nixos.org" - "https://nix-community.cachix.org" - ]; - trusted-public-keys = lib.mkForce [ - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - trusted-users = [ "root" ]; - sandbox = true; - require-sigs = true; - max-jobs = "auto"; - auto-optimise-store = true; - allowed-users = [ "*" ]; - experimental-features = [ - "nix-command" - "flakes" - ]; - warn-dirty = true; - use-xdg-base-directories = true; - keep-going = true; - builders-use-substitutes = true; - }; - distributedBuilds = true; - package = pkgs.lix; - registry = lib.mkForce ((lib.mapAttrs (_: flake: { inherit flake; })) ((lib.filterAttrs (_: lib.isType "flake")) self.inputs) // { - self.flake = self; - }); - nixPath = lib.mkForce [ "/etc/nix/path" ]; - }; - - nixpkgs = { - config ={ - allowUnfree = true; - }; - }; - - environment.etc = lib.mapAttrs' (name: value: { name = "nix/path/${name}"; value.source = value.flake; }) config.nix.registry; - - services.postgresql.enable = true; - - users.users.master = { - isNormalUser = true; - shell = pkgs.nushell; - hashedPassword = "$2b$05$q5oW9Q25AjVAic1KY1xrIOZ6cyuleRxbsuMlW998lzOk6Us8Rplnq"; - extraGroups = [ "wheel" ]; - uid = 1000; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB8oyMpS2hK3gQXyHIIVS6oilgMpemLmfhKKJ6RBMwUh johannes@joens.email" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3pKtvhOOjG1pGJq7cVHS5uWy5IP8y1Ra/ENpmJcqOe root@zap" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFEcNAVRN66mfKmaCpxs++0094Eh4mqXkUwDPZPkIIBB johannes@joens.email" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFZDUoC+1lNR2JTY1Q+vhXpuLmKMdVl2OMFLVbQ3cGkw jopejoe1@kuraokami" - ]; - }; -} diff --git a/nix/infra/default.nix b/nix/infra/default.nix new file mode 100644 index 0000000..cf41487 --- /dev/null +++ b/nix/infra/default.nix @@ -0,0 +1,29 @@ +{ pkgs, self, ... }: + +{ + imports = [ + # Externel Modules + self.inputs.srvos.nixosModules.hardware-hetzner-cloud-arm + self.inputs.srvos.nixosModules.mixins-nginx + self.inputs.srvos.nixosModules.mixins-cloud-init + self.inputs.nixos-generators.nixosModules.all-formats + self.inputs.home-manager.nixosModules.home-manager + self.inputs.disko.nixosModules.disko + + # Local Modueles + ./nix.nix + ./system.nix + ./disk.nix + ./users + ]; + + services.openssh = { + enable = true; + banner = "Hackers are in Your System!!!\n"; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "prohibit-password"; + }; + }; + systemd.network.networks."10-uplink".networkConfig.Address = "2a01:4f8:c2c:3900::/64"; +} diff --git a/nix/infra/disk.nix b/nix/infra/disk.nix new file mode 100644 index 0000000..7762d68 --- /dev/null +++ b/nix/infra/disk.nix @@ -0,0 +1,38 @@ +{ ... }: + +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; + }; + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/nix/infra/nix.nix b/nix/infra/nix.nix new file mode 100644 index 0000000..e168b0b --- /dev/null +++ b/nix/infra/nix.nix @@ -0,0 +1,33 @@ +{ lib, pkgs, ... }: + +{ + nix = { + settings = { + substituters = [ "https://nix-community.cachix.org" ]; + trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; + trusted-users = [ "root" ]; + sandbox = true; + require-sigs = true; + max-jobs = "auto"; + auto-optimise-store = true; + allowed-users = [ "*" ]; + experimental-features = [ + "nix-command" + "flakes" + ]; + warn-dirty = true; + use-xdg-base-directories = true; + keep-going = true; + builders-use-substitutes = true; + }; + distributedBuilds = true; + package = pkgs.lix; + nixPath = lib.mkForce [ "/etc/nix/path" ]; + }; + + nixpkgs = { + config = { + allowUnfree = true; + }; + }; +} diff --git a/nix/infra/system.nix b/nix/infra/system.nix new file mode 100644 index 0000000..f3d8265 --- /dev/null +++ b/nix/infra/system.nix @@ -0,0 +1,37 @@ +{ ... }: + +{ + system.stateVersion = "24.11"; + + nixpkgs.hostPlatform = { + system = "aarch64-linux"; + config = "aarch64-unknown-linux-gnu"; + }; + + networking.hostName = "alisa"; + time.timeZone = "Europe/Berlin"; + + i18n = { + defaultLocale = "en_NZ.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "de_DE.UTF-8"; + LC_IDENTIFICATION = "de_DE.UTF-8"; + LC_MEASUREMENT = "de_DE.UTF-8"; + LC_MONETARY = "de_DE.UTF-8"; + LC_NAME = "de_DE.UTF-8"; + LC_NUMERIC = "de_DE.UTF-8"; + LC_PAPER = "de_DE.UTF-8"; + LC_TELEPHONE = "de_DE.UTF-8"; + LC_TIME = "de_DE.UTF-8"; + LC_CTYPE = "de_DE.UTF-8"; + LC_COLLATE = "de_DE.UTF-8"; + LC_MESSAGES = "en_NZ.UTF-8"; + }; + }; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + backupFileExtension = "backup"; + }; +} diff --git a/nix/infra/users/default.nix b/nix/infra/users/default.nix new file mode 100644 index 0000000..9d50ed3 --- /dev/null +++ b/nix/infra/users/default.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + imports = [ ./jopejoe1.nix ]; +} diff --git a/nix/infra/users/jopejoe1.nix b/nix/infra/users/jopejoe1.nix new file mode 100644 index 0000000..21d9ce0 --- /dev/null +++ b/nix/infra/users/jopejoe1.nix @@ -0,0 +1,96 @@ +{ pkgs, config, ... }: + +let + home = config.home-manager.users.jopejoe1; + user = config.users.users.jopejoe1; +in +{ + users.users = { + jopejoe1 = { + isNormalUser = true; + shell = pkgs.nushell; + description = "Johannes Jöns"; + hashedPassword = "$2b$05$Uk84TY/RHlH8DIigUlFYjeorjTlCMEY9wN2pAcw5BLaPoc7dKiSsC"; + extraGroups = [ "wheel" ]; + uid = 1000; + packages = with pkgs; [ ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFZDUoC+1lNR2JTY1Q+vhXpuLmKMdVl2OMFLVbQ3cGkw jopejoe1@desktop" + ]; + }; + }; + home-manager.users.jopejoe1 = { + home = { + username = user.name; + homeDirectory = user.home; + stateVersion = config.system.stateVersion; + }; + + programs = { + nushell = { + enable = true; + }; + + carapace.enable = true; + carapace.enableNushellIntegration = true; + + starship = { + enable = true; + settings = { + add_newline = true; + character = { + success_symbol = "[➜](bold green)"; + error_symbol = "[➜](bold red)"; + }; + }; + }; + + direnv = { + enable = true; + nix-direnv.enable = true; + }; + + neovim = { + enable = true; + defaultEditor = true; + }; + + git = { + enable = true; + package = pkgs.git; + userEmail = "johannes@joens.email"; + userName = "jopejoe1"; + extraConfig = { + core = { + whitespace = [ + "blank-at-eol" + "blank-at-eof" + "space-before-tab" + ]; + }; + }; + }; + }; + + xdg = { + enable = true; + mime.enable = true; + cacheHome = "${home.home.homeDirectory}/.cache"; + configHome = "${home.home.homeDirectory}/.config"; + dataHome = "${home.home.homeDirectory}/.local/share"; + stateHome = "${home.home.homeDirectory}/.local/state"; + userDirs = { + enable = true; + createDirectories = true; + desktop = "${home.home.homeDirectory}/Desktop"; + documents = "${home.home.homeDirectory}/Documents"; + download = "${home.home.homeDirectory}/Downloads"; + music = "${home.home.homeDirectory}/Music"; + pictures = "${home.home.homeDirectory}/Pictures"; + publicShare = "${home.home.homeDirectory}/Public"; + templates = "${home.home.homeDirectory}/Templates"; + videos = "${home.home.homeDirectory}/Videos"; + }; + }; + }; +} diff --git a/nix/native.nix b/nix/native.nix index 44ebf94..105dfc2 100644 --- a/nix/native.nix +++ b/nix/native.nix @@ -11,9 +11,16 @@ stdenv.mkDerivation { src = ../native; - buildInputs = [ kdePackages.qtbase kdePackages.qtdeclarative kdePackages.qtmultimedia ]; + buildInputs = [ + kdePackages.qtbase + kdePackages.qtdeclarative + kdePackages.qtmultimedia + ]; - nativeBuildInputs = [ cmake kdePackages.wrapQtAppsHook ]; + nativeBuildInputs = [ + cmake + kdePackages.wrapQtAppsHook + ]; meta = { maintainers = with lib.maintainers; [ jopejoe1 ]; diff --git a/nix/web.nix b/nix/web.nix index 3f976eb..1551e77 100644 --- a/nix/web.nix +++ b/nix/web.nix @@ -15,12 +15,9 @@ stdenv.mkDerivation (finalAttrs: { hash = "sha256-dTXWbUDjmlIlMZ/sIFaInTRmVdWpyzJA4oadJAzUivs="; }; - nativeBuildInputs = [ - pnpm.configHook - ]; + nativeBuildInputs = [ pnpm.configHook ]; - buildInputs = [ - ]; + buildInputs = [ ]; dontStrip = true; diff --git a/shell.nix b/shell.nix index e03aa18..bc8e35f 100644 --- a/shell.nix +++ b/shell.nix @@ -1,10 +1,16 @@ { pkgs ? import , system ? builtins.currentSystem, - inputs ? { self = import ./flake.nix; }, + inputs ? { + self = import ./flake.nix; + }, }: pkgs.mkShell { - packages = with pkgs; []; - inputsFrom = with inputs.self.outputs.legacyPackages.${system}; [ backend web native ]; + packages = with pkgs; [ ]; + inputsFrom = with inputs.self.outputs.legacyPackages.${system}; [ + backend + web + native + ]; }