diff --git a/flake.nix b/flake.nix index 18ce4d9..77712d2 100644 --- a/flake.nix +++ b/flake.nix @@ -44,16 +44,8 @@ vault-unseal.url = "git+https://git.0x76.dev/v/vault-unseal.git"; }; - outputs = - { self - , nixpkgs - , nixpkgs_22-11 - , vault-secrets - , colmena - , nixos-generators - , nur - , ... - }@inputs: + outputs = { self, nixpkgs, nixpkgs_22-11, vault-secrets, colmena + , nixos-generators, nur, nixvim, ... }@inputs: let inherit (nixpkgs) lib; @@ -87,8 +79,7 @@ source /etc/set-environment nix repl --file "${./.}/repl.nix" $@ ''; - in - { + in { # Make the nixosConfigurations for compat reasons (e.g. vault) nixosConfigurations = (import (inputs.colmena + "/src/nix/hive/eval.nix") { @@ -100,34 +91,20 @@ }).nodes; # Make the colmena configuration - colmena = lib.foldr (el: acc: acc // util.mkColmenaHost el) - { - meta = { - inherit specialArgs; - nixpkgs = pkgs; - }; - } - nixHosts; + colmena = lib.foldr (el: acc: acc // util.mkColmenaHost el) { + meta = { + inherit specialArgs; + nixpkgs = pkgs; + }; + } nixHosts; packages.${system} = { inherit apply-local; default = colmena.packages.${system}.colmena; - iso = nixos-generators.nixosGenerate { - inherit system pkgs; - format = "install-iso"; - modules = [ (import ./nixos/templates/iso.nix) ]; - }; - - iso-graphical = nixos-generators.nixosGenerate { - inherit system pkgs; - format = "install-iso"; - modules = [ (import ./nixos/templates/iso-graphical.nix) ]; - }; - proxmox-lxc = nixos-generators.nixosGenerate { - inherit pkgs; + inherit system pkgs specialArgs; format = "proxmox-lxc"; modules = util.base_imports ++ [ (import ./nixos/templates/proxmox-lxc.nix) ]; @@ -135,7 +112,7 @@ # Broken # proxmox-vm = nixos-generators.nixosGenerate { - # inherit system pkgs; + # inherit system pkgs specialArgs; # format = "proxmox"; # modules = util.base_imports # ++ [ (import ./nixos/templates/proxmox-vm.nix) ]; diff --git a/nixos/common/common.nix b/nixos/common/common.nix deleted file mode 100644 index fa2b2a8..0000000 --- a/nixos/common/common.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ config, lib, pkgs, ... }: { - imports = [ ./users ./modules ]; - - # Clean /tmp on boot. - boot.tmp.cleanOnBoot = true; - - # Set your time zone. - time.timeZone = lib.mkDefault "Europe/Amsterdam"; - - # Systemd OOMd - # Fedora enables these options by default. See the 10-oomd-* files here: - # https://src.fedoraproject.org/rpms/systemd/tree/acb90c49c42276b06375a66c73673ac3510255 - systemd.oomd = { - enableRootSlice = true; - enableUserServices = true; - }; - - # Nix Settings - nix = { - package = pkgs.nixUnstable; - settings = { - auto-optimise-store = true; - trusted-users = [ "root" "victor" ]; - substituters = [ - "https://cachix.cachix.org" - "https://nix-community.cachix.org" - "https://nixpkgs-review-bot.cachix.org" - "https://colmena.cachix.org" - "https://cache.garnix.io" - "https://0x76-infra.cachix.org" - "https://webcord.cachix.org" - ]; - trusted-public-keys = [ - "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE=" - "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg=" - "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" - "0x76-infra.cachix.org-1:dC1qp+VEN3jj5pdK4URlXR9hf3atT+MnpKGu6PZjMc8=" - "webcord.cachix.org-1:l555jqOZGHd2C9+vS8ccdh8FhqnGe8L78QrHNn+EFEs=" - ]; - }; - optimise = { - automatic = true; - dates = [ "weekly" ]; - }; - gc = { - automatic = true; - dates = "weekly"; - randomizedDelaySec = "3h"; - options = "--delete-older-than 7d"; - }; - extraOptions = '' - experimental-features = nix-command flakes - ''; - }; - - nixpkgs.config.allowUnfree = true; - - nixpkgs.config.permittedInsecurePackages = - [ "nodejs-14.21.3" "openssl-1.1.1t" "nodejs-16.20.0" ]; - - # Limit the systemd journal to 100 MB of disk or the - # last 7 days of logs, whichever happens first. - services.journald.extraConfig = '' - SystemMaxUse=100M - MaxFileSec=7day - ''; - - # Enable SSH - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = lib.mkDefault false; - PermitRootLogin = lib.mkDefault "no"; - }; - }; - - - - # Debloat - documentation = { - enable = lib.mkForce false; - doc.enable = lib.mkForce false; - man.enable = lib.mkForce false; - info.enable = lib.mkForce false; - nixos.enable = lib.mkForce false; - }; - - system.disableInstallerTools = lib.mkDefault true; -} diff --git a/nixos/common/default.nix b/nixos/common/default.nix index 0144463..f07a0f8 100644 --- a/nixos/common/default.nix +++ b/nixos/common/default.nix @@ -1,17 +1,6 @@ -{ inputs, lib, config, ... }: { - # This file deals with everything requiring `inputs`, the rest being delagated to `common.nix` - # this is because we can't import inputs from all contexts as that can lead to infinite recursion. - imports = [ ./common.nix inputs.vault-secrets.nixosModules.vault-secrets ]; - - nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; - nix.registry.nixpkgs.flake = inputs.nixpkgs; - - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = { inherit inputs; }; - sharedModules = [ ./hm-modules inputs.nixvim.homeManagerModules.nixvim ]; - }; +{ lib, pkgs, inputs, config, ... }: { + imports = + [ ./users ./modules inputs.vault-secrets.nixosModules.vault-secrets ]; vault-secrets = let inherit (config.networking) domain hostName; @@ -21,4 +10,99 @@ vaultAddress = "http://${server}.${domain}:8200/"; approlePrefix = "${domain}-${hostName}"; }; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + extraSpecialArgs = { inherit inputs; }; + sharedModules = [ ./hm-modules inputs.nixvim.homeManagerModules.nixvim ]; + }; + + # Clean /tmp on boot. + boot.tmp.cleanOnBoot = true; + + # Set your time zone. + time.timeZone = lib.mkDefault "Europe/Amsterdam"; + + # Systemd OOMd + # Fedora enables these options by default. See the 10-oomd-* files here: + # https://src.fedoraproject.org/rpms/systemd/tree/acb90c49c42276b06375a66c73673ac3510255 + systemd.oomd = { + enableRootSlice = true; + enableUserServices = true; + }; + + # Nix Settings + nix = { + registry.nixpkgs.flake = inputs.nixpkgs; + nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; + package = pkgs.nixUnstable; + settings = { + auto-optimise-store = true; + trusted-users = [ "root" "victor" ]; + substituters = [ + "https://cachix.cachix.org" + "https://nix-community.cachix.org" + "https://nixpkgs-review-bot.cachix.org" + "https://colmena.cachix.org" + "https://cache.garnix.io" + "https://0x76-infra.cachix.org" + "https://webcord.cachix.org" + ]; + trusted-public-keys = [ + "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE=" + "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg=" + "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + "0x76-infra.cachix.org-1:dC1qp+VEN3jj5pdK4URlXR9hf3atT+MnpKGu6PZjMc8=" + "webcord.cachix.org-1:l555jqOZGHd2C9+vS8ccdh8FhqnGe8L78QrHNn+EFEs=" + ]; + }; + optimise = { + automatic = true; + dates = [ "weekly" ]; + }; + gc = { + automatic = true; + dates = "weekly"; + randomizedDelaySec = "3h"; + options = "--delete-older-than 7d"; + }; + extraOptions = '' + experimental-features = nix-command flakes + ''; + }; + + nixpkgs.config.allowUnfree = true; + + nixpkgs.config.permittedInsecurePackages = + [ "nodejs-14.21.3" "openssl-1.1.1t" "nodejs-16.20.0" ]; + + # Limit the systemd journal to 100 MB of disk or the + # last 7 days of logs, whichever happens first. + services.journald.extraConfig = '' + SystemMaxUse=100M + MaxFileSec=7day + ''; + + # Enable SSH + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = lib.mkDefault false; + PermitRootLogin = lib.mkDefault "no"; + }; + }; + + # Debloat + documentation = { + enable = lib.mkForce false; + doc.enable = lib.mkForce false; + man.enable = lib.mkForce false; + info.enable = lib.mkForce false; + nixos.enable = lib.mkForce false; + }; + + system.disableInstallerTools = lib.mkDefault true; } diff --git a/nixos/templates/iso-graphical.nix b/nixos/templates/iso-graphical.nix deleted file mode 100644 index 4d92727..0000000 --- a/nixos/templates/iso-graphical.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs, modulesPath, lib, ... }: { - imports = [ - "${modulesPath}/installer/cd-dvd/installation-cd-graphical-calamares-gnome.nix" - ]; - - # use the latest Linux kernel - boot.kernelPackages = pkgs.linuxPackages_latest; - - environment.systemPackages = with pkgs; [ git ]; - - # Needed for https://github.com/NixOS/nixpkgs/issues/58959 - boot.supportedFilesystems = lib.mkForce [ "btrfs" "ext4" ]; -} diff --git a/nixos/templates/iso.nix b/nixos/templates/iso.nix deleted file mode 100644 index 48d7dc9..0000000 --- a/nixos/templates/iso.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pkgs, modulesPath, lib, ... }: { - imports = [ "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" ]; - - # use the latest Linux kernel - boot.kernelPackages = pkgs.linuxPackages_latest; - - environment.systemPackages = with pkgs; [ git ]; - - # Needed for https://github.com/NixOS/nixpkgs/issues/58959 - boot.supportedFilesystems = - lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ]; -} diff --git a/nixos/templates/proxmox-lxc.nix b/nixos/templates/proxmox-lxc.nix index 2d1502b..74079dd 100644 --- a/nixos/templates/proxmox-lxc.nix +++ b/nixos/templates/proxmox-lxc.nix @@ -1,5 +1,5 @@ { lib, ... }: { - imports = [ ../common/common.nix ../common/generic-lxc.nix ]; + imports = [ ../common ../common/generic-lxc.nix ]; proxmoxLXC = { manageNetwork = true;