Commit ab39d2cab281
Changed files (17)
systems
modules
systems/foo.nix → systems/hosts/foo.nix
@@ -3,14 +3,15 @@
with lib;
let
hostname = "foo";
- secretPath = ../secrets/machines.nix;
+ secretPath = ../../secrets/machines.nix;
secretCondition = (builtins.pathExists secretPath);
in
{
imports = [
- ./modules
- (import ../users).vincent
- (import ../users).root
+ ../modules
+ (import ../../users).vincent
+ (import ....//users
+ ).root
];
nix.maxJobs = 2;
systems/hokkaido.nix → systems/hosts/hokkaido.nix
@@ -3,7 +3,7 @@
with lib;
let
hostname = "hokkaido";
- secretPath = ../secrets/machines.nix;
+ secretPath = ../../secrets/machines.nix;
secretCondition = (builtins.pathExists secretPath);
ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}";
@@ -14,10 +14,10 @@ let
in
{
imports = [
- ./hardware/dell-latitude-e6540.nix
- ./modules
- (import ../users).vincent
- (import ../users).root
+ ../hardware/dell-latitude-e6540.nix
+ ../modules
+ (import ../../users).vincent
+ (import ../../users).root
];
fileSystems."/" =
{
systems/kerkouane.nix → systems/hosts/kerkouane.nix
@@ -4,9 +4,9 @@ with lib;
let
hostname = "kerkouane";
- networkingConfigPath = ../networking.nix;
+ networkingConfigPath = ../../networking.nix;
hasNetworkingConfig = (builtins.pathExists networkingConfigPath);
- secretPath = ../secrets/machines.nix;
+ secretPath = ../../secrets/machines.nix;
secretCondition = (builtins.pathExists secretPath);
sshPort = if secretCondition then (import secretPath).ssh.kerkouane.port else 22;
@@ -60,9 +60,9 @@ in
{
imports = [
(sources.nixos + "/nixos/modules/profiles/qemu-guest.nix")
- ./modules
- (import ../users).vincent
- (import ../users).root
+ ../modules
+ (import ../../users).vincent
+ (import ../../users).root
]
# digitalocean specifics
++ optionals hasNetworkingConfig [ networkingConfigPath ];
systems/naruhodo.nix → systems/hosts/naruhodo.nix
@@ -3,7 +3,7 @@
with lib;
let
hostname = "naruhodo";
- secretPath = ../secrets/machines.nix;
+ secretPath = ../../secrets/machines.nix;
secretCondition = (builtins.pathExists secretPath);
ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}";
@@ -14,10 +14,10 @@ let
in
{
imports = [
- ./hardware/thinkpad-t480s.nix
- ./modules
- (import ../users).vincent
- (import ../users).root
+ ../hardware/thinkpad-t480s.nix
+ ../modules
+ (import ../../users).vincent
+ (import ../../users).root
];
fileSystems."/" =
systems/okinawa.nix → systems/hosts/okinawa.nix
@@ -3,7 +3,7 @@
with lib;
let
hostname = "okinawa";
- secretPath = ../secrets/machines.nix;
+ secretPath = ../../secrets/machines.nix;
secretCondition = (builtins.pathExists secretPath);
ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}";
@@ -14,10 +14,10 @@ let
in
{
imports = [
- ./hardware/gigabyte-brix.nix
- ./modules
- (import ../users).vincent
- (import ../users).root
+ ../hardware/gigabyte-brix.nix
+ ../modules
+ (import ../../users).vincent
+ (import ../../users).root
];
fileSystems."/" = {
@@ -69,25 +69,25 @@ in
# home
name = "home";
slaves = [ ];
- file = pkgs.mkSecret ../secrets/db.home;
+ file = pkgs.mkSecret ../../secrets/db.home;
}
{
# home.reverse
name = "192.168.1.in-addr.arpa";
slaves = [ ];
- file = pkgs.mkSecret ../secrets/db.192.168.1;
+ file = pkgs.mkSecret ../../secrets/db.192.168.1;
}
{
# vpn
name = "vpn";
slaves = [ ];
- file = pkgs.mkSecret ../secrets/db.vpn;
+ file = pkgs.mkSecret ../../secrets/db.vpn;
}
{
# vpn.reverse
name = "10.100.0.in-addr.arpa";
slaves = [ ];
- file = pkgs.mkSecret ../secrets/db.10.100.0;
+ file = pkgs.mkSecret ../../secrets/db.10.100.0;
}
];
};
systems/sakhalin.nix → systems/hosts/sakhalin.nix
@@ -3,7 +3,7 @@
with lib;
let
hostname = "sakhalin";
- secretPath = ../secrets/machines.nix;
+ secretPath = ../../../secrets/machines.nix;
secretCondition = (builtins.pathExists secretPath);
ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}";
@@ -14,10 +14,10 @@ let
in
{
imports = [
- ./hardware/gigabyte-brix.nix
- ./modules
- (import ../users).vincent
- (import ../users).root
+ ../hardware/gigabyte-brix.nix
+ ../modules
+ (import ../../users).vincent
+ (import ../../users).root
];
fileSystems."/" = {
@@ -116,25 +116,25 @@ in
# home
name = "home";
slaves = [ ];
- file = pkgs.mkSecret ../secrets/db.home;
+ file = pkgs.mkSecret ../../secrets/db.home;
}
{
# home.reverse
name = "192.168.1.in-addr.arpa";
slaves = [ ];
- file = pkgs.mkSecret ../secrets/db.192.168.1;
+ file = pkgs.mkSecret ../../secrets/db.192.168.1;
}
{
# vpn
name = "vpn";
slaves = [ ];
- file = pkgs.mkSecret ../secrets/db.vpn;
+ file = pkgs.mkSecret ../../secrets/db.vpn;
}
{
# vpn.reverse
name = "10.100.0.in-addr.arpa";
slaves = [ ];
- file = pkgs.mkSecret ../secrets/db.10.100.0;
+ file = pkgs.mkSecret ../../secrets/db.10.100.0;
}
];
};
@@ -175,7 +175,7 @@ in
OnFailure = "status-email-root@%n.service";
};
};
- environment.etc."secrets/srht-token".source = pkgs.mkSecret ../secrets/token_srht;
+ environment.etc."secrets/srht-token".source = pkgs.mkSecret ../../secrets/token_srht;
# builds.sr.ht: daily builds
systemd.services.builds-srht = {
description = "Daily builds.sr.ht";
systems/wakasu.nix → systems/hosts/wakasu.nix
@@ -3,7 +3,7 @@
with lib;
let
hostname = "wakasu";
- secretPath = ../secrets/machines.nix;
+ secretPath = ../../secrets/machines.nix;
secretCondition = (builtins.pathExists secretPath);
ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}";
@@ -14,10 +14,10 @@ let
in
{
imports = [
- ./hardware/lenovo-p50.nix
- ./modules
- (import ../users).vincent
- (import ../users).root
+ ../hardware/lenovo-p50.nix
+ ../modules
+ (import ../../users).vincent
+ (import ../../users).root
];
networking = {
systems/modules/profiles/containerd.nix
@@ -41,7 +41,7 @@ in
containerd = {
enable = true;
package = cfg.package;
- packages = [ cfg.runcPackage ];
+ extraPackages = [ cfg.runcPackage ];
};
};
};
systems/modules/virtualisation/default.nix
@@ -1,7 +1,6 @@
{
imports = [
- # Remove "nixos" from here
- ./buildkit.nix
- ./containerd.nix
+ ../buildkit.nix
+ ../containerd.nix
];
}
systems/modules/virtualisation/buildkit.nix → systems/modules/buildkit.nix
@@ -1,33 +1,18 @@
{ config, lib, pkgs, ... }:
-
-with lib;
let
cfg = config.virtualisation.buildkitd;
+ inherit (lib) mkOption mkIf types;
in
{
- ###### interface
-
options.virtualisation.buildkitd = {
- enable =
- mkOption {
- type = types.bool;
- default = false;
- description =
- ''
- This option enables buildkitd
- '';
- };
-
- listenOptions =
- mkOption {
- type = types.listOf types.str;
- default = [ "/run/buildkitd/buildkitd.sock" ];
- description =
- ''
- A list of unix and tcp buildkitd should listen to. The format follows
- ListenStream as described in systemd.socket(5).
- '';
- };
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ description =
+ ''
+ This option enables buildkitd
+ '';
+ };
package = mkOption {
default = pkgs.buildkit;
@@ -44,20 +29,17 @@ in
description = "List of packages to be added to buildkitd service path";
};
- extraOptions =
- mkOption {
- type = types.separatedString " ";
- default = "";
- description =
- ''
- The extra command-line options to pass to
- <command>buildkitd</command> daemon.
- '';
- };
+ extraOptions = mkOption {
+ type = types.separatedString " ";
+ default = "";
+ description =
+ ''
+ The extra command-line options to pass to
+ <command>buildkitd</command> daemon.
+ '';
+ };
};
- ###### implementation
-
config = mkIf cfg.enable {
users.groups = [
{
@@ -89,7 +71,7 @@ in
description = "Buildkitd Socket for the API";
wantedBy = [ "sockets.target" ];
socketConfig = {
- ListenStream = cfg.listenOptions;
+ ListenStream = "/run/buildkitd/buildkitd.sock";
SocketMode = "0660";
SocketUser = "root";
SocketGroup = "buildkit";
systems/modules/virtualisation/containerd.nix → systems/modules/containerd.nix
@@ -1,38 +1,18 @@
-# Systemd services for containerd.
-
{ config, lib, pkgs, ... }:
-
-with lib;
let
-
cfg = config.virtualisation.containerd;
+ inherit (lib) mkOption types mkIf;
in
{
- ###### interface
-
options.virtualisation.containerd = {
- enable =
- mkOption {
- type = types.bool;
- default = false;
- description =
- ''
- This option enables containerd, a daemon that manages
- linux containers.
- '';
- };
-
- listenOptions =
- mkOption {
- type = types.listOf types.str;
- default = [ "/run/containerd/containerd.sock" ];
- description =
- ''
- A list of unix and tcp containerd should listen to. The format follows
- ListenStream as described in systemd.socket(5).
- '';
- };
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ This option enables containerd, a daemon that manages linux containers.
+ '';
+ };
package = mkOption {
default = pkgs.containerd;
@@ -43,26 +23,23 @@ in
'';
};
- packages = mkOption {
+ extraPackages = mkOption {
type = types.listOf types.package;
default = [ pkgs.runc ];
description = "List of packages to be added to containerd service path";
};
- extraOptions =
- mkOption {
- type = types.separatedString " ";
- default = "";
- description =
- ''
- The extra command-line options to pass to
- <command>containerd</command> daemon.
- '';
- };
+ extraOptions = mkOption {
+ type = types.separatedString " ";
+ default = "";
+ description =
+ ''
+ The extra command-line options to pass to
+ <command>containerd</command> daemon.
+ '';
+ };
};
- ###### implementation
-
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
systemd.packages = [ cfg.package ];
@@ -78,7 +55,7 @@ in
''
];
};
- path = [ cfg.package ] ++ cfg.packages;
+ path = [ cfg.package ] ++ cfg.extraPackages;
};
@@ -86,7 +63,7 @@ in
description = "Containerd Socket for the API";
wantedBy = [ "sockets.target" ];
socketConfig = {
- ListenStream = cfg.listenOptions;
+ ListenStream = "/run/containerd/containerd.sock";
SocketMode = "0660";
SocketUser = "root";
SocketGroup = "root";
systems/modules/default.flake.nix
@@ -0,0 +1,10 @@
+{ ... }:
+
+# This file just imports all the modules defined in this folder.
+
+{
+ imports = [
+ ./buildkit.nix
+ ./containerd.nix
+ ];
+}
systems/naruhodo.home.nix
@@ -1,35 +0,0 @@
-{ pkgs, lib, ... }:
-
-with lib;
-let
- hostname = "hokkaido";
- secretPath = ../secrets/machines.nix;
- secretCondition = (builtins.pathExists secretPath);
-in
-{
- imports = [
- (import ../users/vincent/core)
- # mails
- (import ../users/vincent/mails { inherit hostname pkgs; })
- # dev
- (import ../users/vincent/dev)
- # containers
- ../users/vincent/containers/kubernetes.nix
- ../users/vincent/containers/openshift.nix
- ];
-
- home.extraOutputsToInstall = [ "man" ];
- home.file.".local/share/applications/redhat-vpn.desktop".source = ./naruhodo/redhat-vpn.desktop;
-
- programs.bash.enable = lib.mkForce false;
- programs.man.enable = true;
-
- services = {
- gpg-agent = {
- enable = true;
- enableSshSupport = true;
- enableExtraSocket = true;
- defaultCacheTtlSsh = 7200;
- };
- };
-}
flake.nix
@@ -128,7 +128,9 @@
};
};
})
- (import ./systems/modules)
+ # FIXME remove flake suffix once migrated
+ (import ./systems/modules/default.flake.nix)
+ (import ./systems/profiles)
(import config)
];
specialArgs = { inherit name inputs; };
@@ -138,7 +140,6 @@
mkHomeManagerConfiguration = name: { system, config }:
nameValuePair name ({ ... }: {
imports = [
- (import ./home/configs)
(import ./home/modules)
(import ./home/profiles)
(import config)
@@ -215,18 +216,19 @@
# Attribute set of hostnames to be evaluated as NixOS configurations. Consumed by
# `nixos-rebuild` on those hosts.
nixosConfigurations = mapAttrs' mkNixOsConfiguration {
- naruhodo = { pkgs = inputs.nixos-unstable; system = "x86_64-linux"; config = ./systems/naruhodo.nix; };
- wakasu = { pkgs = inputs.nixos-unstable; system = "x86_64-linux"; config = ./systems/naruhodo.nix; };
- okinawa = { pkgs = inputs.nixos; system = "x86_64-linux"; config = ./systems/okinawa.nix; };
- sakhalin = { pkgs = inputs.nixos; system = "x86_64-linux"; config = ./systems/sakhalin.nix; };
- kerkouane = { pkgs = inputs.nixos; system = "x86_64-linux"; config = ./systems/kerkouane.nix; };
+ # FIXME remove .flake "suffix" once they all got migrated
+ naruhodo = { pkgs = inputs.nixos-unstable; system = "x86_64-linux"; config = ./systems/hosts/naruhodo.flake.nix; };
+ wakasu = { pkgs = inputs.nixos-unstable; system = "x86_64-linux"; config = ./systems/hosts/waksu.flake.nix; };
+ okinawa = { pkgs = inputs.nixos; system = "x86_64-linux"; config = ./systems/hosts/okinawa.flake.nix; };
+ sakhalin = { pkgs = inputs.nixos; system = "x86_64-linux"; config = ./systems/hosts/sakhalin.flake.nix; };
+ kerkouane = { pkgs = inputs.nixos; system = "x86_64-linux"; config = ./systems/hosts/kerkouane.flake.nix; };
# TODO raspberry pi 8G x 3 (name them too)
+ # TODO VMs
};
# Import the modules exported by this flake.
# containerd, buildkit are interesting module to export from here
nixosModules = {
- # FIXME move this to services
containerd = import ./systems/modules/virtualisation/containerd.nix;
buildkit = import ./systems/modules/virtualisation/buildkit.nix;
};
README.md
@@ -1,18 +1,26 @@
# Table of Contents
-1. [Highlights](#orge67da4f)
- 1. [Systems](#orgb628628)
- 2. [Tools](#orge70c52c)
- 3. [User(s)](#org913c553)
-2. [References](#org38a0a47)
-3. [Licensing](#org8632b90)
+1. [Highlights](#orge5f20f1)
+ 1. [`/systems`](#org25a7672)
+ 1. [`/hosts`](#orgbb234d3)
+ 2. [`/modules`](#org8f64aa6)
+ 3. [`/profiles`](#org46c952b)
+ 2. [`/home`](#orgf0bb072)
+ 1. [`/hosts`](#org65fb6a1)
+ 2. [`/modules`](#org2316502)
+ 3. [`/profiles`](#org48814c0)
+ 3. [`/nix`](#orgaf0439d)
+ 4. [`/tools`](#org6af22d2)
+ 5. [`/www`](#org1942cc5)
+2. [References](#orgc09a499)
+3. [Licensing](#orgfbd9526)
`home` is the monorepo containing my personal tools and infrastructure. Everything in here
should be built using [Nix](https://nixos.org/nix).
-<a id="orge67da4f"></a>
+<a id="orge5f20f1"></a>
# Highlights
@@ -24,30 +32,92 @@ This will be a all-time work-in-progress, so please beware that things might cha
dramatically or even not working anymore 😛.
-<a id="orgb628628"></a>
+<a id="org25a7672"></a>
-## Systems
+## `/systems`
This holds the configuration of my different systems. It is meant to be
position-independent, meaning there is no moving around of `configuration.nix`. For the
configurations' entry points see the individual [systems](systems), as well as [default.nix](default.nix).
-<a id="orge70c52c"></a>
+<a id="orgbb234d3"></a>
-## Tools
+### `/hosts`
+
+This is the configuration for each hosts. It should be as simple as enabling some profiles
+and some ad-hoc very specific configuration.
+
+
+<a id="org8f64aa6"></a>
+
+### `/modules`
+
+This is where all configuration that can be used across different system would lend. These
+are not system dependent and should be configurable.
+
+
+<a id="org46c952b"></a>
+
+### `/profiles`
+
+This is where profiles enable/disable and configure modules (defined in NixOS or in
+here). Examples are \`developement\`, …
+
+
+<a id="orgf0bb072"></a>
+
+## `/home`
+
+Users configuration, for [NixOS](https://nixos.org) or not and using home-manager.
+
+
+<a id="org65fb6a1"></a>
+
+### `/hosts`
+
+This is the configuration for each hosts. It should be as simple as enabling some profiles
+and some ad-hoc very specific configuration.
+
+
+<a id="org2316502"></a>
+
+### `/modules`
+
+This is where all configuration that can be used across different system would lend. These
+are not system dependent and should be configurable.
+
+
+<a id="org48814c0"></a>
+
+### `/profiles`
+
+This is where profiles enable/disable and configure modules (defined in NixOS or in
+here). Examples are \`developement\`, …
+
+
+<a id="orgaf0439d"></a>
+
+## `/nix`
+
+Nix configurations, packages definitions, overlays.
+
+
+<a id="org6af22d2"></a>
+
+## `/tools`
Those are tools I have written for my personal usage.
-<a id="org913c553"></a>
+<a id="org1942cc5"></a>
-## User(s)
+## `/www`
-Users configuration, for [NixOS](https://nixos.org) and using home-manager.
+Website sources and builders/deployers.
-<a id="org38a0a47"></a>
+<a id="orgc09a499"></a>
# References
@@ -105,7 +175,7 @@ Old
- <https://github.com/gvolpe/nix-config>
-<a id="org8632b90"></a>
+<a id="orgfbd9526"></a>
# Licensing
README.org
@@ -14,20 +14,59 @@
This will be a all-time work-in-progress, so please beware that things might change
dramatically or even not working anymore 😛.
-** Systems
+** =/systems=
This holds the configuration of my different systems. It is meant to be
position-independent, meaning there is no moving around of ~configuration.nix~. For the
configurations' entry points see the individual [[file:systems][systems]], as well as [[file:default.nix][default.nix]].
-** Tools
+*** =/hosts=
+
+This is the configuration for each hosts. It should be as simple as enabling some profiles
+and some ad-hoc very specific configuration.
+
+*** =/modules=
+
+This is where all configuration that can be used across different system would lend. These
+are not system dependent and should be configurable.
+
+*** =/profiles=
+
+This is where profiles enable/disable and configure modules (defined in NixOS or in
+here). Examples are `developement`, …
+
+** =/home=
+
+Users configuration, for [[https://nixos.org][NixOS]] or not and using home-manager.
+
+
+
+*** =/hosts=
+
+This is the configuration for each hosts. It should be as simple as enabling some profiles
+and some ad-hoc very specific configuration.
+
+*** =/modules=
+
+This is where all configuration that can be used across different system would lend. These
+are not system dependent and should be configurable.
+
+*** =/profiles=
+
+This is where profiles enable/disable and configure modules (defined in NixOS or in
+here). Examples are `developement`, …
+
+** =/nix=
+
+Nix configurations, packages definitions, overlays.
+
+** =/tools=
Those are tools I have written for my personal usage.
-** User(s)
-
-Users configuration, for [[https://nixos.org][NixOS]] and using home-manager.
+** =/www=
+Website sources and builders/deployers.
* References
systems.nix
@@ -7,19 +7,19 @@
with builtins; with lib;
let
/*
- mkNixOS: make a nixos system build with the given name and cfg.
+ mkNixOS: make a nixos system build with the given name and cfg.
- cfg is an attributeSet:
- - arch is architecture
- - type is weither we want to use nixos (stable) or nixos-unstable
+ cfg is an attributeSet:
+ - arch is architecture
+ - type is weither we want to use nixos (stable) or nixos-unstable
- Example:
- hokkaido = { arch = "x86_64-linux"; };
- honshu = { arch = "x86_64-linux"; type = "unstable"; };
- */
+ Example:
+ hokkaido = { arch = "x86_64-linux"; };
+ honshu = { arch = "x86_64-linux"; type = "unstable"; };
+ */
mkNixOS = name: cfg:
let
- configuration = ./systems + "/${name}.nix";
+ configuration = ./systems + "/hosts/${name}.nix";
system = cfg.arch;
# If type == unstable, use nixos-unstable (pkgs-unstable) otherwise use nixos (pkgs)
p =