nix: clean up infra

This commit is contained in:
Johannes Jöns 2024-07-10 16:03:10 +02:00
parent 41d510d388
commit 4b05d8a984
13 changed files with 307 additions and 137 deletions

View file

@ -20,6 +20,26 @@
"type": "github" "type": "github"
} }
}, },
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1720470846,
"narHash": "sha256-7ftA4Bv5KfH4QdTRxqe8/Hz2YTKo+7IQ9n7vbNWgv28=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2fb5c1e0a17bc6059fa09dc411a43d75f35bb192",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixlib": { "nixlib": {
"locked": { "locked": {
"lastModified": 1719708727, "lastModified": 1719708727,
@ -58,11 +78,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1720031269, "lastModified": 1720418205,
"narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=", "narHash": "sha256-cPJoFPXU44GlhWg4pUk9oUPqurPlCFZ11ZQPk21GTPU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9f4128e00b0ae8ec65918efeba59db998750ead6", "rev": "655a58a72a6601292512670343087c2d75d859c1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -75,6 +95,7 @@
"root": { "root": {
"inputs": { "inputs": {
"disko": "disko", "disko": "disko",
"home-manager": "home-manager",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"srvos": "srvos" "srvos": "srvos"

View file

@ -15,24 +15,36 @@
url = "github:nix-community/srvos"; url = "github:nix-community/srvos";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = inputs@{ self, nixpkgs, ... }: { outputs = inputs@{ self, nixpkgs, ... }: {
# System
nixosConfigurations = { nixosConfigurations = {
main = nixpkgs.lib.nixosSystem rec { alisa = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "aarch64-linux";
specialArgs = inputs; specialArgs = inputs;
modules = [ modules = [
./nix/infra.nix ./nix/infra
#inputs.srvos.nixosModules.server
inputs.nixos-generators.nixosModules.all-formats
]; ];
}; };
}; };
# Formatter
formatter = nixpkgs.lib.attrsets.genAttrs nixpkgs.lib.systems.flakeExposed (system:
nixpkgs.legacyPackages.${system}.nixfmt-rfc-style
);
# Packages
legacyPackages = nixpkgs.lib.attrsets.genAttrs nixpkgs.lib.systems.flakeExposed (system: import ./nix { legacyPackages = nixpkgs.lib.attrsets.genAttrs nixpkgs.lib.systems.flakeExposed (system: import ./nix {
inherit system inputs; inherit system inputs;
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
}); });
# Shell
devShells = nixpkgs.lib.attrsets.genAttrs nixpkgs.lib.systems.flakeExposed (system: { devShells = nixpkgs.lib.attrsets.genAttrs nixpkgs.lib.systems.flakeExposed (system: {
default = import ./shell.nix { default = import ./shell.nix {
inherit system inputs; inherit system inputs;

View file

@ -1,8 +1,11 @@
{ system, pkgs, inputs }: {
system,
pkgs,
inputs,
}:
{ {
native = pkgs.callPackage ./native.nix { }; native = pkgs.callPackage ./native.nix { };
backend = pkgs.callPackage ./backend.nix { }; backend = pkgs.callPackage ./backend.nix { };
web = pkgs.callPackage ./web.nix { }; web = pkgs.callPackage ./web.nix { };
docker = inputs.self.nixosConfigurations.main.config.formats.docker;
} }

View file

@ -1,114 +0,0 @@
{
config,
lib,
pkgs,
self,
...
}:
{
system.stateVersion = "24.11";
nixpkgs.hostPlatform = {
system = "x86_64-linux";
config = "x86_64-unknown-linux-gnu";
};
networking.hostName = "Main";
time.timeZone = "Europe/Berlin";
xdg = {
mime.enable = true;
autostart.enable = true;
};
i18n = {
defaultLocale = "en_NZ.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
LC_CTYPE = "de_DE.UTF-8";
LC_COLLATE = "de_DE.UTF-8";
LC_MESSAGES = "en_NZ.UTF-8";
};
};
environment.variables = {
LOG_ICONS = "true";
};
services.openssh = {
enable = true;
banner = "Hackers are in Your System!!!\n";
settings = {
PasswordAuthentication = false;
PermitRootLogin = "prohibit-password";
};
};
fonts.fontDir.enable = true;
networking.firewall.enable = lib.mkForce false;
nix = {
settings = {
substituters = lib.mkForce [
"https://cache.nixos.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = lib.mkForce [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
trusted-users = [ "root" ];
sandbox = true;
require-sigs = true;
max-jobs = "auto";
auto-optimise-store = true;
allowed-users = [ "*" ];
experimental-features = [
"nix-command"
"flakes"
];
warn-dirty = true;
use-xdg-base-directories = true;
keep-going = true;
builders-use-substitutes = true;
};
distributedBuilds = true;
package = pkgs.lix;
registry = lib.mkForce ((lib.mapAttrs (_: flake: { inherit flake; })) ((lib.filterAttrs (_: lib.isType "flake")) self.inputs) // {
self.flake = self;
});
nixPath = lib.mkForce [ "/etc/nix/path" ];
};
nixpkgs = {
config ={
allowUnfree = true;
};
};
environment.etc = lib.mapAttrs' (name: value: { name = "nix/path/${name}"; value.source = value.flake; }) config.nix.registry;
services.postgresql.enable = true;
users.users.master = {
isNormalUser = true;
shell = pkgs.nushell;
hashedPassword = "$2b$05$q5oW9Q25AjVAic1KY1xrIOZ6cyuleRxbsuMlW998lzOk6Us8Rplnq";
extraGroups = [ "wheel" ];
uid = 1000;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB8oyMpS2hK3gQXyHIIVS6oilgMpemLmfhKKJ6RBMwUh johannes@joens.email"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3pKtvhOOjG1pGJq7cVHS5uWy5IP8y1Ra/ENpmJcqOe root@zap"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFEcNAVRN66mfKmaCpxs++0094Eh4mqXkUwDPZPkIIBB johannes@joens.email"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFZDUoC+1lNR2JTY1Q+vhXpuLmKMdVl2OMFLVbQ3cGkw jopejoe1@kuraokami"
];
};
}

29
nix/infra/default.nix Normal file
View file

@ -0,0 +1,29 @@
{ pkgs, self, ... }:
{
imports = [
# Externel Modules
self.inputs.srvos.nixosModules.hardware-hetzner-cloud-arm
self.inputs.srvos.nixosModules.mixins-nginx
self.inputs.srvos.nixosModules.mixins-cloud-init
self.inputs.nixos-generators.nixosModules.all-formats
self.inputs.home-manager.nixosModules.home-manager
self.inputs.disko.nixosModules.disko
# Local Modueles
./nix.nix
./system.nix
./disk.nix
./users
];
services.openssh = {
enable = true;
banner = "Hackers are in Your System!!!\n";
settings = {
PasswordAuthentication = false;
PermitRootLogin = "prohibit-password";
};
};
systemd.network.networks."10-uplink".networkConfig.Address = "2a01:4f8:c2c:3900::/64";
}

38
nix/infra/disk.nix Normal file
View file

@ -0,0 +1,38 @@
{ ... }:
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02";
};
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

33
nix/infra/nix.nix Normal file
View file

@ -0,0 +1,33 @@
{ lib, pkgs, ... }:
{
nix = {
settings = {
substituters = [ "https://nix-community.cachix.org" ];
trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ];
trusted-users = [ "root" ];
sandbox = true;
require-sigs = true;
max-jobs = "auto";
auto-optimise-store = true;
allowed-users = [ "*" ];
experimental-features = [
"nix-command"
"flakes"
];
warn-dirty = true;
use-xdg-base-directories = true;
keep-going = true;
builders-use-substitutes = true;
};
distributedBuilds = true;
package = pkgs.lix;
nixPath = lib.mkForce [ "/etc/nix/path" ];
};
nixpkgs = {
config = {
allowUnfree = true;
};
};
}

37
nix/infra/system.nix Normal file
View file

@ -0,0 +1,37 @@
{ ... }:
{
system.stateVersion = "24.11";
nixpkgs.hostPlatform = {
system = "aarch64-linux";
config = "aarch64-unknown-linux-gnu";
};
networking.hostName = "alisa";
time.timeZone = "Europe/Berlin";
i18n = {
defaultLocale = "en_NZ.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
LC_CTYPE = "de_DE.UTF-8";
LC_COLLATE = "de_DE.UTF-8";
LC_MESSAGES = "en_NZ.UTF-8";
};
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
backupFileExtension = "backup";
};
}

View file

@ -0,0 +1,5 @@
{ ... }:
{
imports = [ ./jopejoe1.nix ];
}

View file

@ -0,0 +1,96 @@
{ pkgs, config, ... }:
let
home = config.home-manager.users.jopejoe1;
user = config.users.users.jopejoe1;
in
{
users.users = {
jopejoe1 = {
isNormalUser = true;
shell = pkgs.nushell;
description = "Johannes Jöns";
hashedPassword = "$2b$05$Uk84TY/RHlH8DIigUlFYjeorjTlCMEY9wN2pAcw5BLaPoc7dKiSsC";
extraGroups = [ "wheel" ];
uid = 1000;
packages = with pkgs; [ ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFZDUoC+1lNR2JTY1Q+vhXpuLmKMdVl2OMFLVbQ3cGkw jopejoe1@desktop"
];
};
};
home-manager.users.jopejoe1 = {
home = {
username = user.name;
homeDirectory = user.home;
stateVersion = config.system.stateVersion;
};
programs = {
nushell = {
enable = true;
};
carapace.enable = true;
carapace.enableNushellIntegration = true;
starship = {
enable = true;
settings = {
add_newline = true;
character = {
success_symbol = "[](bold green)";
error_symbol = "[](bold red)";
};
};
};
direnv = {
enable = true;
nix-direnv.enable = true;
};
neovim = {
enable = true;
defaultEditor = true;
};
git = {
enable = true;
package = pkgs.git;
userEmail = "johannes@joens.email";
userName = "jopejoe1";
extraConfig = {
core = {
whitespace = [
"blank-at-eol"
"blank-at-eof"
"space-before-tab"
];
};
};
};
};
xdg = {
enable = true;
mime.enable = true;
cacheHome = "${home.home.homeDirectory}/.cache";
configHome = "${home.home.homeDirectory}/.config";
dataHome = "${home.home.homeDirectory}/.local/share";
stateHome = "${home.home.homeDirectory}/.local/state";
userDirs = {
enable = true;
createDirectories = true;
desktop = "${home.home.homeDirectory}/Desktop";
documents = "${home.home.homeDirectory}/Documents";
download = "${home.home.homeDirectory}/Downloads";
music = "${home.home.homeDirectory}/Music";
pictures = "${home.home.homeDirectory}/Pictures";
publicShare = "${home.home.homeDirectory}/Public";
templates = "${home.home.homeDirectory}/Templates";
videos = "${home.home.homeDirectory}/Videos";
};
};
};
}

View file

@ -11,9 +11,16 @@ stdenv.mkDerivation {
src = ../native; src = ../native;
buildInputs = [ kdePackages.qtbase kdePackages.qtdeclarative kdePackages.qtmultimedia ]; buildInputs = [
kdePackages.qtbase
kdePackages.qtdeclarative
kdePackages.qtmultimedia
];
nativeBuildInputs = [ cmake kdePackages.wrapQtAppsHook ]; nativeBuildInputs = [
cmake
kdePackages.wrapQtAppsHook
];
meta = { meta = {
maintainers = with lib.maintainers; [ jopejoe1 ]; maintainers = with lib.maintainers; [ jopejoe1 ];

View file

@ -15,12 +15,9 @@ stdenv.mkDerivation (finalAttrs: {
hash = "sha256-dTXWbUDjmlIlMZ/sIFaInTRmVdWpyzJA4oadJAzUivs="; hash = "sha256-dTXWbUDjmlIlMZ/sIFaInTRmVdWpyzJA4oadJAzUivs=";
}; };
nativeBuildInputs = [ nativeBuildInputs = [ pnpm.configHook ];
pnpm.configHook
];
buildInputs = [ buildInputs = [ ];
];
dontStrip = true; dontStrip = true;

View file

@ -1,10 +1,16 @@
{ {
pkgs ? import <nixpkgs>, pkgs ? import <nixpkgs>,
system ? builtins.currentSystem, system ? builtins.currentSystem,
inputs ? { self = import ./flake.nix; }, inputs ? {
self = import ./flake.nix;
},
}: }:
pkgs.mkShell { pkgs.mkShell {
packages = with pkgs; [ ]; packages = with pkgs; [ ];
inputsFrom = with inputs.self.outputs.legacyPackages.${system}; [ backend web native ]; inputsFrom = with inputs.self.outputs.legacyPackages.${system}; [
backend
web
native
];
} }