pegasust
/
dotfiles
1
0
Fork 0
Code Issues 6 Pull Requests Projects Releases Wiki Activity

merge various changes

top-level-wip-bao
Pegasust 2023-01-12 10:50:46 -07:00
parent bd62ef48c2
commit 6501c80e8d
19 changed files with 155 additions and 298 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

232
flake.lock
View File

@ -1,232 +0,0 @@
{
"nodes": {
"agenix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1665870395,
"narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=",
"owner": "ryantm",
"repo": "agenix",
"rev": "a630400067c6d03c9b3e0455347dc8559db14288",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1672770368,
"narHash": "sha256-iO6Z9blIe8dcPh3VT2nkej9EimORCoskGQR6xNjICWI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "d01e7280ad7d13a5a0fae57355bd0dbfe5b81969",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"kpcli-py": {
"flake": false,
"locked": {
"lastModified": 1619087457,
"narHash": "sha256-iRNLq5s2WJJHwB4beP5xQDKrBPWS/42s/ozLoSa5gAE=",
"owner": "rebkwok",
"repo": "kpcli",
"rev": "e4d699e3b3d28887f74185f8fa69d0aade111d84",
"type": "github"
},
"original": {
"owner": "rebkwok",
"repo": "kpcli",
"type": "github"
}
},
"nixgl": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1,
"narHash": "sha256-KP+2qdZlhmRkrafuuEofg7YnNdVmGV95ipvpuqmJneI=",
"path": "out-of-tree/nixGL",
"type": "path"
},
"original": {
"path": "out-of-tree/nixGL",
"type": "path"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1660551188,
"narHash": "sha256-a1LARMMYQ8DPx1BgoI/UN4bXe12hhZkCNqdxNi6uS0g=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "441dc5d512153039f19ef198e662e4f3dbb9fd65",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1672617983,
"narHash": "sha256-68WDiCBs631mbDDk4UAKdGURKcsfW6hjb7wgudTAe5o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0fc9fca9c8d43edd79d33fea0dd8409d7c4580f4",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1665296151,
"narHash": "sha256-uOB0oxqxN9K7XGF1hcnY+PQnlQJ+3bP2vCn/+Ru/bbc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "14ccaaedd95a488dd7ae142757884d8e125b3363",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"kpcli-py": "kpcli-py",
"nixgl": "nixgl",
"nixpkgs": "nixpkgs_2",
"rust-overlay": "rust-overlay"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1672712534,
"narHash": "sha256-8S0DdMPcbITnlOu0uA81mTo3hgX84wK8S9wS34HEFY4=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "69fb7bf0a8c40e6c4c197fa1816773774c8ac59f",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

52
flake.nix
View File

@ -29,27 +29,13 @@
,...
}@_inputs: let
# Context/global stuffs to be passed down
# TODO: adapt to different platforms think about different systems later
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
overlays = import ./overlays.nix _inputs;
config = {
allowUnfree = true;
};
};
# inject nixpkgs.lib onto c_ (calculus)
_lib = pkgs.lib;
inputs = (_lib.recursiveUpdate {
inherit system;
# NOTE: this will only read files that are within git tree
# all secrets should go into secrets.nix and secrets/*.age
proj_root = let
path = builtins.toString ./.;
in {
inherit path;
configs.path = "${path}/native-configs";
configs.path = "${path}/native_configs";
scripts.path = "${path}/scripts";
secrets.path = "${path}/secrets";
testdata.path = "${path}/tests";
@ -57,12 +43,28 @@
hosts.path = "${path}/hosts";
users.path = "${path}/users";
};
} _inputs);
inputs_w_pkgs = (_lib.recursiveUpdate {inherit pkgs; lib = pkgs.lib;} inputs);
lib = _lib.recursiveUpdate (import ./lib inputs_w_pkgs) _lib;
# TODO: adapt to different platforms think about different systems later
system = "x86_64-linux";
overlays = [
rust-overlay.overlays.default
(self: pkgs@{lib,...}: {
lib = pkgs.lib // (import ./lib (_inputs // {inherit pkgs proj_root;}));
})
];
pkgs = import nixpkgs {
inherit system;
overlays = import ./overlays.nix _inputs;
config = {
allowUnfree = true;
};
};
# now, this lib is extremely powerful as it also engulfs nixpkgs.lib
# TODO: I really don't want to extend from nixpkgs.lib because it doesn't extend lib within nixosModule
lib = nixpkgs.lib.extend (self: nixpkgs_lib: (nixpkgs_lib // pkgs.lib));
inputs_w_lib = (pkgs.lib.recursiveUpdate _inputs {
inherit system proj_root pkgs lib;
});
# update inputs with our library and past onto our end configurations
inputs_w_lib = (lib.recursiveUpdate {inherit lib;} inputs_w_pkgs);
modules = (import ./modules inputs_w_lib);
hosts = (import ./hosts inputs_w_lib);
users = (import ./users inputs_w_lib);
@ -83,16 +85,22 @@
expected = "for sure";
};
};
secrets = import ./secrets final_inputs;
in {
inherit (hosts) nixosConfigurations;
# inherit (users) homeConfigurations;
inherit lib;
inherit lib proj_root;
devShell."${system}" = import ./dev-shell.nix final_inputs;
templates = import ./templates final_inputs;
unit_tests = lib.runTests unit_tests;
secrets = import ./secrets final_inputs;
secrets = {
pubKeys = {
hosts = hosts.pubKeys;
users = users.pubKeys;
};
};
debug = {
inherit final_inputs hosts users modules lib inputs_w_pkgs unit_tests pkgs;
};

1
hosts/bao/hardware-configuration.nix
View File

@ -8,6 +8,7 @@
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.loader.systemd-boot.enable = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
# boot.initrd.kernelModules = [ "amdgpu" ];
boot.initrd.kernelModules = [];

57
hosts/default.nix
View File

@ -10,14 +10,18 @@ config = {
system = "x86_64-linux";
preset = "base";
};
# TODO: add override so that we can add wsl config on top
bao.nixosConfig = {
modules = [
import ../modules/kde.sys.nix
import ../modules/pulseaudio.sys.nix
import ../modules/storage.perso.sys.nix
(import ../modules/nvgpu.sys.nix)
(import ../modules/kde.sys.nix)
(import ../modules/pulseaudio.sys.nix)
(import ../modules/storage.perso.sys.nix)
];
};
};
# This middle function propagates variables to be used by mkHostFromPropagated
# The purpose is to debug things
propagate = hostConfig@{metadata, nixosConfig}: let
# req
inherit (metadata) hostName;
@ -29,36 +33,61 @@ propagate = hostConfig@{metadata, nixosConfig}: let
preset = lib.attrByPath ["preset"] "base" metadata;
# infer
hardwareConfig = import "${proj_root.hosts.path}/${hostName}/hardware-configuration.nix";
# alias to prevent infinite recursion
_nixosConfig = nixosConfig;
# debug stuffs (removable)
debugModule = ({lib, proj_root, ...}: let debugAttrOpt = debugVar: lib.mkOption {
type = lib.types.attrs;
description = "Debug for info for ${debugVar}";
visible = false;
internal = true;
readOnly = true;
}; in {
options = {
debugLib = debugAttrOpt "lib";
debug_proj_root = debugAttrOpt "proj_root";
};
config.debugLib = lib;
config.debug_proj_root = proj_root;
});
in {
inherit hostName ssh_pubkey users nixosVersion system preset hardwareConfig;
nixosConfig = nixosConfig // {
debugLib = finalInputs.lib;
nixosConfig = _nixosConfig // {
inherit system;
lib = finalInputs.lib;
modules = [
{
config._module.args = {
inherit proj_root;
my-lib = finalInputs.lib;
};
}
hardwareConfig
{
system.stateVersion = nixosVersion;
networking.hostName = hostName;
users.users = users;
}
debugModule
{
_module.args = finalInputs;
imports = [agenix.nixosModule];
environment.systemPackages = [agenix.defaultPackage.x86_64-linux];
}
import "${proj_root.modules.path}/secrets.nix"
import "${proj_root.modules.path}/${preset}.sys.nix"
] ++ nixosConfig.modules;
(import "${proj_root.modules.path}/secrets.nix")
(import "${proj_root.modules.path}/${preset}.sys.nix")
] ++ _nixosConfig.modules;
};
};
# we are blessed by the fact that we engulfed nixpkgs.lib.* at top level
mkHostFromPropagated = propagatedHostConfig@{nixosConfig,...}: nixpkgs.lib.nixosSystem nixosConfig;
mkHost = hostConfig: (lib.pipe [propagate mkHostFromPropagated] hostConfig);
trimNull = lib.filterAttrsRecursive (name: value: value != null);
flattenPubkey = lib.mapAttrs (hostName: meta_config: meta_config.metadata.ssh_pubkey);
in {
inherit config;
# nixosConfigurations = lib.mapAttrs (name: hostConfig: mkHost hostConfig) config;
nixosConfigurations = {};
nixosConfigurations = lib.mapAttrs (name: hostConfig: mkHost hostConfig) config;
# {bao = "ssh-ed25519 ..."; another_host = "ssh-rsa ...";}
pubKeys = trimNull (flattenPubkey config);
debug = {
propagated = lib.mapAttrs (name: hostConfig: propagate hostConfig) config;
};
# {bao = "ssh-ed25519 ..."; another_host = "ssh-rsa ...";}
hostKeys = trimNull (flattenPubkey config);
}

6
lib/default.nix
View File

@ -1,12 +1,12 @@
{pkgs
,nixpkgs
# ,nixpkgs
,proj_root
,agenix
# ,agenix
,nixosDefaultVersion? "22.05"
,defaultSystem? "x86_64-linux"
,...}@inputs: let
lib = pkgs.lib;
serde = import ./serde.nix inputs // {inherit lib;};
serde = import ./serde.nix (inputs // {inherit lib;});
# procedure =
in {
# short-hand to create a shell derivation

6
modules/amdgpu.sys.nix Normal file
View File

@ -0,0 +1,6 @@
{
imports = [./gpu.sys.nix];
boot.initrd.kernelModules = [ "amdgpu" ];
services.xserver.enable = true;
services.xserver.videoDrivers = [ "amdgpu" ];
}

1
modules/base.sys.nix
View File

@ -1,6 +1,7 @@
{pkgs
,lib
,proj_root
,...
}:{
imports = [
./minimal.sys.nix

12
modules/gpu.sys.nix Normal file
View File

@ -0,0 +1,12 @@
{ pkgs, ... }: {
environment.systemPackages = [ pkgs.clinfo pkgs.lshw pkgs.glxinfo pkgs.pciutils pkgs.vulkan-tools ];
hardware.opengl = {
enable = true;
extraPackages = [ pkgs.rocm-opencl-icd pkgs.rocm-opencl-runtime ];
# Vulkan
driSupport = true;
driSupport32Bit = true;
package = pkgs.mesa.drivers;
package32 = pkgs.pkgsi686Linux.mesa.drivers;
};
}

5
modules/kde.sys.nix
View File

@ -1,7 +1,8 @@
{ pkgs
, lib
, my-lib
,...
}: {
environment.noXlibs = lib.mkForce false;
environment.noXlibs = my-lib.mkForce false;
# TODO: wireless networking
# Enable the X11 windowing system.

3
modules/minimal.sys.nix
View File

@ -1,6 +1,7 @@
{pkgs
,lib
,proj_root
,...
}:{
# prune old builds after a while
nix.settings.auto-optimize-store = true;
@ -22,6 +23,6 @@
];
users.users.root = {
# openssh runs in root, no? This is because port < 1024 requires root.
openssh.authorizedKeys.keys = lib.strings.splitString "\n" (builtins.readFile "${proj_root}/ssh/authorized_keys");
openssh.authorizedKeys.keys = lib.strings.splitString "\n" (builtins.readFile "${proj_root.configs.path}/ssh/authorized_keys");
};
}

1
modules/mosh.sys.nix
View File

@ -1,6 +1,7 @@
{pkgs
,lib
,config
,...
}: {
environment.systemPackages = [pkgs.mosh];
networking.firewall = lib.mkIf config.networking.firewall.enable {

7
modules/nvgpu.sys.nix Normal file
View File

@ -0,0 +1,7 @@
{config,...}: {
imports = [./gpu.sys.nix];
nixpkgs.config.allowUnfree = true;
services.xserver.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable;
}

12
modules/secrets.nix
View File

@ -1,8 +1,5 @@
{agenix
,proj_root}: {
imports = [
agenix.nixosModule
];
{proj_root
,...}: {
age.secrets.s3fs = {
file = "${proj_root.secrets.path}/s3fs.age";
# mode = "600"; # owner + group only
@ -15,5 +12,8 @@
age.secrets._nhitrl_cred = {
file = "${proj_root.secrets.path}/_nhitrl.age";
};
environment.systemPackages = [agenix.defaultPackage.x86_64-linux];
age.secrets."wifi.env" = {
file = "${proj_root.secrets.path}/wifi.env.age";
};
# environment.systemPackages = [agenix.defaultPackage.x86_64-linux];
}

2
modules/storage.perso.sys.nix
View File

@ -1,5 +1,5 @@
# Personal configuration on storage solution
{ pkgs, config, lib }: {
{ pkgs, config, lib,... }: {
environment.systemPackages = [
pkgs.s3fs
pkgs.cifs-utils

8
modules/wifi.sys.nix Normal file
View File

@ -0,0 +1,8 @@
{config,...}: {
networking.wireless.enable = true;
networking.wireless.environmentFile = config.age.secrets."wifi.env";
networking.wireless.networks = {
"Hoang Sa".psk = "@DESERT_PSK@";
"Truong Sa".psk = "@DESERT_PSK@";
};
}

2
nix-conf/system/flake.nix
View File

@ -230,7 +230,7 @@
};
amd_rx470 = {
# early amd gpu usage
# boot.initrd.kernelModules = ["amdgpu"];
boot.initrd.kernelModules = ["amdgpu"];
services.xserver.enable = true;
services.xserver.videoDrivers = ["amdgpu"];
};

4
scripts/config-sysnix.sh
View File

@ -19,10 +19,10 @@ fi
SCRIPT_DIR=$(realpath $(dirname $0))
echo "SCRIPT_DIR: ${SCRIPT_DIR}"
SYSNIX_DIR="${SCRIPT_DIR}/../nix-conf/system"
SYSNIX_DIR="${SCRIPT_DIR}/.."
# Copy hardware-configuration of existing machine onto our version control
SYSNIX_PROF="${SYSNIX_DIR}/profiles/${HOSTNAME}"
SYSNIX_PROF="${SYSNIX_DIR}/hosts/${HOSTNAME}"
HARDWARE_CONF="${SYSNIX_PROF}/hardware-configuration.nix"
if [ ! -f "${HARDWARE_CONF}" ]; then
mkdir "$SYSNIX_PROF"

15
secrets.nix
View File

@ -1,4 +1,5 @@
(import
let
inherit ((import
(
let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in
fetchTarball {
@ -7,4 +8,14 @@
}
)
{ src = ./.; }
).defaultNix.secrets
).defaultNix) secrets;
inherit (secrets) pubKeys;
inherit (pubKeys) users hosts;
all = users // hosts;
c_ = builtins;
in {
"secrets/s3fs.age".publicKeys = c_.attrValues (all);
"secrets/s3fs.digital-garden.age".publicKeys = c_.attrValues (all);
"secrets/_nhitrl.age".publicKeys = c_.attrValues (all);
"secrets/wifi.env.age".publicKeys = c_.attrValues (all);
}

3
users/default.nix Normal file
View File

@ -0,0 +1,3 @@
inputs: {
pubKeys = {};
}