Commit 10b8e12deef9

Vincent Demeester <vincent@sbr.pm>
2020-12-18 16:37:24
flake: start populating profiles.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent 67a72b3
Changed files (6)
systems
hosts
foo.flake.nix
profiles
base.nix
default.nix
desktop.nix
home.nix
flake.nix
systems/hosts/foo.flake.nix
@@ -12,42 +12,8 @@ let
   endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey;
 in
 {
-
-  fileSystems."/" =
-    {
-      device = "/dev/mapper/root";
-      fsType = "ext4";
-      options = [ "noatime" "discard" ];
-    };
-
-  boot.initrd.luks.devices = {
-    root = {
-      device = "/dev/disk/by-uuid/50d7faba-8923-4b30-88f7-40df26e02def";
-      preLVM = true;
-      allowDiscards = true;
-    };
-  };
-
-  fileSystems."/boot" =
-    {
-      device = "/dev/disk/by-uuid/0101-68DE";
-      fsType = "vfat";
-    };
-
-  swapDevices =
-    [{ device = "/dev/disk/by-uuid/aff86817-55ae-47ed-876a-e5a027b560ba"; }];
-
-  boot = {
-    tmpOnTmpfs = true;
-    plymouth.enable = true;
-    extraModulePackages = with pkgs.linuxPackages; [
-      v4l2loopback
-    ];
-    kernelModules = [ "v4l2loopback" ];
-    extraModprobeConfig = ''
-      options v4l2loopback exclusive_caps=1
-    '';
-  };
+  profiles.desktop.enable = true;
+  profiles.home.enable = true;
 
   environment.systemPackages = with pkgs; [ tkn ];
   /*
systems/profiles/base.nix
@@ -10,19 +10,60 @@ in
     };
   };
   config = mkIf cfg.enable {
-    # Use systemd-boot by default, can be overridden by configurations
-    boot.loader.systemd-boot.enable = mkDefault true;
-    # `nix-daemon` will hit the stack limit when using `nixFlakes`.
-    systemd.services.nix-daemon.serviceConfig."LimitSTACK" = "infinity";
+    boot = {
+      # Enable running aarch64 binaries using qemu.
+      binfmt.emulatedSystems = [ "aarch64-linux" ];
+
+      # Clean temporary directory on boot
+      cleanTmpDir = true;
+
+      loader = {
+        # Use systemd-boot by default, can be overridden by configurations
+        systemd-boot.enable = true;
+
+        # Make memtest available as a boot option.
+        grub.memtest86.enable = true;
+        systemd-boot.memtest86.enable = true;
+      };
+    };
+
+    console = {
+      keyMap = "fr-bepo";
+      font = "Lat2-Terminus16";
+    };
+
     environment = {
+      # Path to link from packages to /run/current-system/sw
+      pathsToLink = [
+        "/share/nix-direnv"
+      ];
+      # System packages to install, those are the absolute minimum packages required
+      systemPackages = with pkgs; [
+        file
+        htop
+        iotop
+        lsof
+        netcat
+        psmisc
+        pv
+        vim
+        wget
+      ];
+      # Default editor for the system is vim
+      # (for the users, that might change :D)
       variables = {
         EDITOR = mkOverride 0 "vim";
       };
     };
+
+    i18n.defaultLocale = "en_US.UTF-8";
+
     # Make sure we never remove SSH_AUTH_SOCK when reseting env through sudo
     security.sudo.extraConfig = ''
       Defaults env_keep += SSH_AUTH_SOCK
     '';
+    # `nix-daemon` will hit the stack limit when using `nixFlakes`.
+    systemd.services.nix-daemon.serviceConfig."LimitSTACK" = "infinity";
     # Setup a *mailer* in case of failure in systemd
     systemd.services."status-email-root@" = {
       description = "status email for %i to vincent";
systems/profiles/default.nix
@@ -5,6 +5,7 @@
     ./base.nix
     ./desktop.nix
     ./development.nix
+    ./home.nix
     # FIXME: vpn, server, builder, …
   ];
systems/profiles/desktop.nix
@@ -1,1 +1,20 @@
-{ }
+{ config, lib, pkgs, ... }:
+let
+  inherit (lib) mkIf mkEnableOption;
+  cfg = config.profiles.desktop;
+in
+{
+  options = {
+    profiles.desktop = {
+      enable = mkEnableOption "desktop configuration";
+    };
+  };
+  config = mkIf cfg.enable {
+    boot = {
+      # /tmp to be tmpfs
+      tmpOnTmpfs = true;
+      # Enable Plymouth on desktops
+      plymouth.enable = true;
+    };
+  };
+}
systems/profiles/home.nix
@@ -0,0 +1,39 @@
+{ config, lib, pkgs, ... }:
+let
+  inherit (lib) mkIf mkEnableOption;
+  cfg = config.profiles.home;
+
+  secretPath = ../../secrets/machines.nix;
+  secretCondition = (builtins.pathExists secretPath);
+  machines = lib.optionalAttrs secretCondition (import secretPath);
+in
+{
+  options = {
+    profiles.home = {
+      enable = mkEnableOption "home configuration";
+    };
+  };
+  config = mkIf cfg.enable {
+
+    # Mount nfs on all systems at home…
+    # … if we got the secret file
+    fileSystems = mkIf secretCondition {
+      "/net/synodine.home/" = {
+        device = "${machines.home.ips.synodine}:/";
+        fsType = "nfs";
+        options = [ "x-systemd.automount" "noauto" ];
+      } // mkIf (config.networking.hostName != "sakhalin") {
+        "/net/sakhalin.home/export/" = {
+          device = "${machines.home.ips.sakhalin}:/";
+          fsType = "nfs";
+          options = [ "x-systemd.automount" "noauto" ];
+        };
+      };
+    };
+
+    # Home is in France/Paris, so set the timezone accordingly
+    time.timeZone = "Europe/Paris";
+
+    # Because we are at home, we can make assumption around the network
+  };
+}
flake.nix
@@ -211,6 +211,7 @@
           (self.overlay."${system}")
           (_: _: import inputs.gitignore-nix { lib = inputs.nixpkgs.lib; })
           (import ./nix/overlays/infra.nix)
+          (import ./nix/overlays/mkSecret.nix)
         ]);
       };
 
@@ -271,9 +272,11 @@
             pkgs = pkgsBySystem."${system}";
           in
           {
+            # FIXME Do I really need / want that
             apeStable = stablePkgsBySystem."${system}".callPackage ./nix/packages/ape { };
             apeUnstable = unstablePkgsBySystem."${system}".callPackage ./nix/packages/ape { };
             ape = pkgs.callPackage ./nix/packages/ape { };
+
             nr = pkgs.callPackage ./nix/packages/nr { };
             ram = pkgs.callPackage ./nix/packages/ram { };
             systemd-email = pkgs.callPackage ./nix/packages/systemd-email { };