balsoft/nixos-config
1
0
Fork 0
Code Issues Releases Wiki Activity

Set up deploy-rs

Browse Source
This commit is contained in:
Alexander Bantyev 2021-01-23 22:21:51 +03:00
parent 9b08252935
commit b970fa7651
Signed by: balsoft
GPG Key ID: E081FF12ADCB4AD5
12 changed files with 141 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
flake.lock generated
View File

@ -49,6 +49,43 @@
"type": "github" "type": "github"
} }
}, },
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"naersk": "naersk",
"nixpkgs": "nixpkgs",
"utils": "utils"
},
"locked": {
"lastModified": 1611390584,
"narHash": "sha256-KajML9i3j8Hrxv8AfG0NjJWttpgRgeldhWZbwPi5rkU=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "726d758768d7b8071dcffa14560a14f588460406",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1606424373,
"narHash": "sha256-oq8d4//CJOrVj+EcOaSXvMebvuTkmBJuT5tzlfewUnQ=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "99f1c2157fba4bfe6211a321fd0ee43199025dbf",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"haskell-nix": { "haskell-nix": {
"locked": { "locked": {
"lastModified": 1587989559, "lastModified": 1587989559,
@ -67,7 +104,7 @@
}, },
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1610405518, "lastModified": 1610405518,
@ -85,7 +122,7 @@
}, },
"lambda-launcher": { "lambda-launcher": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1610540707, "lastModified": 1610540707,
@ -133,10 +170,31 @@
"type": "github" "type": "github"
} }
}, },
"naersk": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1610392286,
"narHash": "sha256-3wFl5y+4YZO4SgRYK8WE7JIS3p0sxbgrGaQ6RMw+d98=",
"owner": "nmattia",
"repo": "naersk",
"rev": "d7bfbad3304fd768c0f93a4c3b50976275e6d4be",
"type": "github"
},
"original": {
"owner": "nmattia",
"ref": "master",
"repo": "naersk",
"type": "github"
}
},
"nix": { "nix": {
"inputs": { "inputs": {
"lowdown-src": "lowdown-src", "lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
"lastModified": 1608754232, "lastModified": 1608754232,
@ -168,16 +226,18 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1610452587, "lastModified": 1610942247,
"narHash": "sha256-2WYSBb7NxNJ6YTTVB6B1WLn6J/S9zMX2A6cmD3U3/Ug=", "narHash": "sha256-PKo1ATAlC6BmfYSRmX0TVmNoFbrec+A5OKcabGEu2yU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5322c1f7d77a99b3f44130a029db42e40c22a399", "rev": "7d71001b796340b219d1bfa8552c81995017544a",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "owner": "NixOS",
"type": "indirect" "ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
} }
}, },
"nixpkgs-old": { "nixpkgs-old": {
@ -214,6 +274,20 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1610452587,
"narHash": "sha256-2WYSBb7NxNJ6YTTVB6B1WLn6J/S9zMX2A6cmD3U3/Ug=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5322c1f7d77a99b3f44130a029db42e40c22a399",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1592810120, "lastModified": 1592810120,
"narHash": "sha256-1xlD1OIs75DvjkWpyZcQBjdu/IgugspPpz8CsBeutaM=", "narHash": "sha256-1xlD1OIs75DvjkWpyZcQBjdu/IgugspPpz8CsBeutaM=",
@ -229,7 +303,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1602702596, "lastModified": 1602702596,
"narHash": "sha256-fqJ4UgOb4ZUnCDIapDb4gCrtAah5Rnr2/At3IzMitig=", "narHash": "sha256-fqJ4UgOb4ZUnCDIapDb4gCrtAah5Rnr2/At3IzMitig=",
@ -244,7 +318,7 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs_4": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1610842533, "lastModified": 1610842533,
"narHash": "sha256-6hW8CML8RnNrRJMv7E56rXAhsCNgUM97HIVSqWxnO64=", "narHash": "sha256-6hW8CML8RnNrRJMv7E56rXAhsCNgUM97HIVSqWxnO64=",
@ -260,7 +334,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1599773960, "lastModified": 1599773960,
"narHash": "sha256-5bL52aaUOOyOBjgKh9/6jQlFbeE+WfVX7dpvjohmD+w=", "narHash": "sha256-5bL52aaUOOyOBjgKh9/6jQlFbeE+WfVX7dpvjohmD+w=",
@ -275,7 +349,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_6": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1587390417, "lastModified": 1587390417,
"narHash": "sha256-dLQebnBviLNiN2Ei3Iqyxm73EFwz77YcvitvMYwRNA8=", "narHash": "sha256-dLQebnBviLNiN2Ei3Iqyxm73EFwz77YcvitvMYwRNA8=",
@ -294,12 +368,13 @@
"inputs": { "inputs": {
"NUR": "NUR", "NUR": "NUR",
"base16-unclaimed-schemes": "base16-unclaimed-schemes", "base16-unclaimed-schemes": "base16-unclaimed-schemes",
"deploy-rs": "deploy-rs",
"home-manager": "home-manager", "home-manager": "home-manager",
"lambda-launcher": "lambda-launcher", "lambda-launcher": "lambda-launcher",
"materia-theme": "materia-theme", "materia-theme": "materia-theme",
"nix": "nix", "nix": "nix",
"nixos-fhs-compat": "nixos-fhs-compat", "nixos-fhs-compat": "nixos-fhs-compat",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_5",
"nixpkgs-old": "nixpkgs-old", "nixpkgs-old": "nixpkgs-old",
"nixpkgs-wayland": "nixpkgs-wayland", "nixpkgs-wayland": "nixpkgs-wayland",
"simple-nixos-mailserver": "simple-nixos-mailserver", "simple-nixos-mailserver": "simple-nixos-mailserver",
@ -328,7 +403,7 @@
"simple-osd-daemons": { "simple-osd-daemons": {
"inputs": { "inputs": {
"crate2nix": "crate2nix", "crate2nix": "crate2nix",
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_6"
}, },
"locked": { "locked": {
"lastModified": 1610453489, "lastModified": 1610453489,
@ -344,6 +419,21 @@
"type": "github" "type": "github"
} }
}, },
"utils": {
"locked": {
"lastModified": 1610051610,
"narHash": "sha256-U9rPz/usA1/Aohhk7Cmc2gBrEEKRzcW4nwPWMPwja4Y=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3982c9903e93927c2164caa727cd3f6a0e6d14cc",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"weechat-notify-send": { "weechat-notify-send": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -379,7 +469,7 @@
"yt-utilities": { "yt-utilities": {
"inputs": { "inputs": {
"haskell-nix": "haskell-nix", "haskell-nix": "haskell-nix",
"nixpkgs": "nixpkgs_6" "nixpkgs": "nixpkgs_7"
}, },
"locked": { "locked": {
"lastModified": 1588006875, "lastModified": 1588006875,

28
flake.nix
View File

@ -6,6 +6,7 @@
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
# nixpkgs-mesa.url = github:nixos/nixpkgs-channels/bdac777becdbb8780c35be4f552c9d4518fe0bdb; # nixpkgs-mesa.url = github:nixos/nixpkgs-channels/bdac777becdbb8780c35be4f552c9d4518fe0bdb;
lambda-launcher.url = "github:balsoft/lambda-launcher"; lambda-launcher.url = "github:balsoft/lambda-launcher";
deploy-rs.url = "github:serokell/deploy-rs";
NUR = { NUR = {
url = "github:nix-community/NUR"; url = "github:nix-community/NUR";
flake = false; flake = false;
@ -48,7 +49,7 @@
simple-osd-daemons.url = "github:balsoft/simple-osd-daemons"; simple-osd-daemons.url = "github:balsoft/simple-osd-daemons";
}; };
outputs = { nixpkgs, nix, self, ... }@inputs: { outputs = { nixpkgs, nix, self, deploy-rs, ... }@inputs: {
nixosModules = import ./modules; nixosModules = import ./modules;
nixosProfiles = import ./profiles; nixosProfiles = import ./profiles;
@ -59,12 +60,7 @@
mkHost = name: mkHost = name:
nixosSystem { nixosSystem {
system = builtins.readFile (./machines + "/${name}/system"); system = builtins.readFile (./machines + "/${name}/system");
modules = [ modules = [ (import (./machines + "/${name}")) { device = name; } ];
(import (./machines + "/${name}"))
{
device = name;
}
];
specialArgs = { inherit inputs; }; specialArgs = { inherit inputs; };
}; };
in genAttrs hosts mkHost; in genAttrs hosts mkHost;
@ -72,16 +68,16 @@
legacyPackages.x86_64-linux = legacyPackages.x86_64-linux =
(builtins.head (builtins.attrValues self.nixosConfigurations)).pkgs; (builtins.head (builtins.attrValues self.nixosConfigurations)).pkgs;
# nix run github:serokell/deploy defaultApp = deploy-rs.defaultApp;
# Because sudo requires local presence of my Yubikey, we have to manually activate the system
# sudo nix-env -p /nix/var/nix/profiles/system --set /nix/var/nix/profiles/per-user/balsoft/system;
# sudo /nix/var/nix/profiles/system/bin/switch-to-configuration switch
deploy = { deploy = {
user = "balsoft"; user = "root";
nodes = builtins.mapAttrs (_: conf: { nodes.T420-Laptop = {
hostname = conf.config.networking.hostName; hostname =
profiles.system.path = conf.config.system.build.toplevel; self.nixosConfigurations.T420-Laptop.config.networking.hostName;
}) self.nixosConfigurations; profiles.system.path = deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.T420-Laptop;
};
}; };
}; };
} }

2
machines/T420-Laptop/default.nix
View File

@ -1,7 +1,7 @@
{ inputs, ... }: { { inputs, ... }: {
imports = with inputs.self.nixosModules; [ imports = with inputs.self.nixosModules; [
./hardware-configuration.nix ./hardware-configuration.nix
inputs.self.nixosProfiles.desktop inputs.self.nixosProfiles.base
gitea gitea
jitsi jitsi
mailserver mailserver

9
machines/T420-Laptop/hardware-configuration.nix
View File

@ -13,20 +13,15 @@
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/29edff1b-4457-4d0c-9dfc-2cf5b6afcb46"; device = "/dev/disk/by-uuid/d3a1bd83-db4d-4e98-9231-b7c7f19a2cfc";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/4976-D10F"; device = "/dev/disk/by-uuid/D36A-068D";
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/var" = {
device = "/dev/disk/by-uuid/ad3f31e2-e6d1-43a0-a1ef-7f493fd3a9e2";
fsType = "ext4";
};
swapDevices = [ ]; swapDevices = [ ];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

2
machines/iso-image/default.nix
View File

@ -5,6 +5,6 @@
]; ];
networking.wireless.enable = lib.mkForce false; networking.wireless.enable = lib.mkForce false;
services.openssh.permitRootLogin = lib.mkForce "no"; services.openssh.permitRootLogin = lib.mkForce "no";
services.mingetty.autologinUser = lib.mkForce "balsoft"; services.getty.autologinUser = lib.mkForce "balsoft";
disabledModules = [ "installer/cd-dvd/channel.nix" ]; disabledModules = [ "installer/cd-dvd/channel.nix" ];
} }

4
modules/applications/packages.nix
View File

@ -6,7 +6,7 @@
curl curl
unrar unrar
neochat neochat
] ++ lib.optionals config.deviceSpecific.goodMachine ([ ] ++ lib.optionals config.deviceSpecific.goodMachine [
steamcmd steamcmd
steam steam
haskellPackages.hoogle haskellPackages.hoogle
@ -38,5 +38,5 @@
pass-wayland pass-wayland
papirus-icon-theme papirus-icon-theme
gnome3.simple-scan gnome3.simple-scan
]); ];
} }

13
modules/boot.nix
View File

@ -1,15 +1,10 @@
{ lib, pkgs, config, ... }: { { lib, pkgs, config, ... }: {
boot = { boot = {
loader = { loader = {
timeout = 1; timeout = lib.mkForce 1;
} // (if config.deviceSpecific.devInfo.legacy or false then { # Non-UEFI config grub.enable = lib.mkForce false;
grub.enable = true; systemd-boot.enable = pkgs.system == "x86_64-linux";
grub.version = 2; };
grub.useOSProber = true;
grub.device = "/dev/sda";
} else { # UEFI config
systemd-boot.enable = true;
});
kernelParams = [ "quiet" "scsi_mod.use_blk_mq=1" "modeset" "nofb" ] kernelParams = [ "quiet" "scsi_mod.use_blk_mq=1" "modeset" "nofb" ]
++ lib.optionals (pkgs.system == "x86_64-linux") [ ++ lib.optionals (pkgs.system == "x86_64-linux") [
"rd.systemd.show_status=auto" "rd.systemd.show_status=auto"

10
modules/secrets-envsubst.nix
View File

@ -97,13 +97,17 @@ let
mkIndividualSecrets = name: cfg: mkIndividualSecrets = name: cfg:
map (x: { map (x: {
"${name}-envsubst-${x}" = { "${name}-envsubst-${x}" = {
encrypted = "/home/balsoft/.password-store/${lib.optionalString (! isNull cfg.directory) "${cfg.directory}/"}${x}.gpg"; encrypted = "/home/balsoft/.password-store/${
lib.optionalString (!isNull cfg.directory) "${cfg.directory}/"
}${x}.gpg";
services = [ ]; services = [ ];
}; };
}) cfg.secrets; }) cfg.secrets;
in { in {
options.secrets-envsubst = options.secrets-envsubst = lib.mkOption {
lib.mkOption { type = attrsOf (submodule envsubstSecrets); }; type = attrsOf (submodule envsubstSecrets);
default = { };
};
config.systemd.services = config.systemd.services =
mkMerge (concatLists (mapAttrsToList mkServices config.secrets-envsubst)); mkMerge (concatLists (mapAttrsToList mkServices config.secrets-envsubst));
config.secrets = mkMerge config.secrets = mkMerge

8
modules/secrets.nix
View File

@ -94,13 +94,15 @@ let
mkServices = name: cfg: [ (decrypt name cfg) (addDependencies name cfg) ]; mkServices = name: cfg: [ (decrypt name cfg) (addDependencies name cfg) ];
allServices = toString allServices = toString (map (name: "${name}-envsubst.service")
(map (name: "${name}-envsubst.service")
(builtins.attrNames config.secrets-envsubst) (builtins.attrNames config.secrets-envsubst)
++ map (name: "${name}-secrets.service") ++ map (name: "${name}-secrets.service")
(builtins.attrNames config.secrets)); (builtins.attrNames config.secrets));
in { in {
options.secrets = lib.mkOption { type = attrsOf (submodule secret); }; options.secrets = lib.mkOption {
type = attrsOf (submodule secret);
default = { };
};
config.systemd.services = config.systemd.services =
mkMerge (concatLists (mapAttrsToList mkServices config.secrets)); mkMerge (concatLists (mapAttrsToList mkServices config.secrets));

2
modules/security.nix
View File

@ -62,7 +62,7 @@
then args="-s" then args="-s"
else args="-san" else args="-san"
fi fi
${lib.optionalString (config.deviceSpecific.isLaptop) ''USER=balsoft ${pkgs.vlock}/bin/vlock "$args"''} # ${lib.optionalString (config.deviceSpecific.isLaptop) ''USER=balsoft ${pkgs.vlock}/bin/vlock "$args"''}
'') '')
]; ];

1
profiles/base.nix
View File

@ -16,5 +16,6 @@
git git
gpg gpg
zsh zsh
misc
]; ];
} }

1
profiles/desktop.nix
View File

@ -25,7 +25,6 @@
kde kde
light light
mako mako
misc
simple-osd-daemons simple-osd-daemons
sway sway
xresources xresources