chore: centralise folders

nix/hosts.nix

@@ -84,7 +84,7 @@
       homeConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "home") "home" lib.swarselsystems.pkgsFor.x86_64-linux;
       nixOnDroidConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "android") "android" lib.swarselsystems.pkgsFor.aarch64-linux;
 
-      diskoConfigurations.default = import "${self}/templates/hosts/nixos/disk-config.nix";
+      diskoConfigurations.default = import "${self}/files/templates/hosts/nixos/disk-config.nix";
 
       nodes = config.nixosConfigurations // config.darwinConfigurations;
 

nix/installer-config.nix

@@ -0,0 +1,111 @@
+{ pkgs, lib, ... }:
+{
+
+  config = {
+    home-manager.users.root.home = {
+      stateVersion = "23.05";
+      file = {
+        ".bash_history" = {
+          text = ''
+            swarsel-install -n chaostheatre
+          '';
+        };
+      };
+    };
+
+    nix.settings = {
+      experimental-features = [ "nix-command" "flakes" ];
+    };
+
+    boot = {
+      supportedFilesystems = lib.mkForce [ "brtfs" "vfat" ];
+      loader.systemd-boot = {
+        enable = true;
+      };
+    };
+
+    services = {
+      qemuGuest.enable = true;
+      openssh = {
+        enable = true;
+        settings.PermitRootLogin = "yes";
+        authorizedKeysFiles = lib.mkForce [
+          "/etc/ssh/authorized_keys.d/%u"
+        ];
+      };
+    };
+
+    environment.systemPackages = with pkgs; [
+      curl
+      git
+      gnupg
+      rsync
+      ssh-to-age
+      sops
+      vim
+      just
+      sbctl
+    ];
+
+    programs = {
+      git.enable = true;
+    };
+
+    fileSystems."/boot".options = [ "umask=0077" ];
+
+    environment.etc."issue".text = ''
+      ~SwarselSystems~
+                               IP of primary interface: \4
+                                                                   The Password for all users & root is 'setup'.
+                                                                   Install the system remotely by running 'bootstrap -n <CONFIGURATION_NAME> -d <IP_FROM_ABOVE> ' on a machine with deployed secrets.
+                                                                   Alternatively, run 'swarsel-install -n <CONFIGURATION_NAME>' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access).
+    '';
+
+    networking = {
+      hostName = "drugstore";
+      wireless.enable = false;
+      dhcpcd.runHook = "${pkgs.utillinux}/bin/agetty --reload";
+      networkmanager.enable = true;
+    };
+
+    services.getty.autologinUser = lib.mkForce "root";
+
+    users = {
+      allowNoPasswordLogin = true;
+      users = {
+        root = {
+          password = "setup"; # this is overwritten after install
+          initialHashedPassword = lib.mkForce null;
+          openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDd0XXoLfRE0AyasxscEBwMqOnLWPqwz+etGqzVNeSw/RcgnxOi903mlVjCH+jzWMSe2GVSgzgM20j/r9sfE2P1z+wq/RODFS04JM0ltUoFkkm/IDZXQ2piOk7AoVi5ajdx4EiBnXY87jvxh5cCgQltkj3ouPF7FVN/MaN21IgWYB8NgkaVGft//OplodlDQNot17c0sFMibY0HcquwmHhqKOtKM1gT98+jZl0rd1rCqXFOvkesW6FPC4nzirPai+Hizp5gncrkJOZmLLqrjVx6PfpQzqzIhoUn1YS5CpyfXnKZUgx2Oi8SENmWOZ9DxYvDklgEttob37E2bIXbUhOw/u4I3olGFgCsKL6jg0N+d5teEaCZFnzlOp0UMWiUo7lVqq7Bwl3rNka2pxEdZ9v/1+m9cJiP7h6pnKmccVGku57iGIDnsnoTrmo1qbAje+EsmPYbc+qMnTDvOdSHTOXnjsyTd+ADklvMHCUAuf6ku4ktQEhlZxU3PvYvKHa1cTCEXxLWjytIgHgTgab9M5IH29Q55LSRRQBzUdkwjOG6KhsqG+xEE6038EbXr0MGKTm01AFmeVZWewmkSLu2UdoOMiw8mTSQhQFfp2QruYHnh7oJCo7ttKT1sLoRX+TfgQm1ryn/orhReg2GFfmbiLGxaJGVNvjqCxqrIFQXx4ZDHw== cardno:22_412_399" ];
+        };
+      };
+    };
+
+    programs.bash.shellAliases = {
+      "swarsel-install" = "nix run github:Swarsel/.dotfiles#swarsel-install --";
+    };
+
+    system.activationScripts.cache = {
+      text = ''
+          mkdir -p -m=0777 /home/setup/.local/state/nix/profiles
+        mkdir -p -m=0777 /home/setup/.local/state/home-manager/gcroots
+        mkdir -p -m=0777 /home/setup/.local/share/nix/
+        printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /home/setup/.local/share/nix/trusted-settings.json > /dev/null
+        mkdir -p /root/.local/share/nix/
+        printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /root/.local/share/nix/trusted-settings.json > /dev/null
+      '';
+    };
+    systemd = {
+      services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
+      targets = {
+        sleep.enable = false;
+        suspend.enable = false;
+        hibernate.enable = false;
+        hybrid-sleep.enable = false;
+      };
+    };
+
+    system.stateVersion = lib.mkForce "23.05";
+
+  };
+}

nix/iso.nix

@@ -1,126 +1,19 @@
-{ self, pkgs, inputs, config, lib, modulesPath, ... }:
-let
-  pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh";
-in
+{ inputs, ... }:
 {
-
-  imports = [
-    "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
-    "${modulesPath}/installer/cd-dvd/channel.nix"
-
-    "${self}/modules/iso/minimal.nix"
-    "${self}/modules/nixos/common/sharedsetup.nix"
-    "${self}/modules/nixos/common/topology.nix"
-    "${self}/modules/home/common/sharedsetup.nix"
-
-    "${self}/modules/nixos/common/globals.nix"
-
-
-    inputs.home-manager.nixosModules.home-manager
+  perSystem = { pkgs, system, ... }:
     {
-      home-manager.users."setup".imports = [
-        "${self}/modules/home/common/settings.nix"
-        "${self}/modules/home/common/sharedsetup.nix"
-      ];
-    }
-  ];
-
-  config = {
-    swarselsystems = {
-      info = "~SwarselSystems~ installer ISO";
-    };
-    home-manager.users."setup" = {
-      home = {
-        stateVersion = "23.05";
-        file = {
-          ".bash_history" = {
-            source = self + /programs/bash/.bash_history;
-          };
-        };
-      };
-      swarselsystems = {
-        modules.general = lib.mkForce true;
+      # nix build --print-out-paths --no-link .#images.<target-system>.live-iso
+      packages.live-iso = inputs.nixos-generators.nixosGenerate {
+        inherit pkgs;
+        modules = [
+          inputs.home-manager.nixosModules.home-manager
+          ./installer-config.nix
+        ];
+        format =
+          {
+            x86_64-linux = "install-iso";
+            aarch64-linux = "sd-aarch64-installer";
+          }.${system};
       };
     };
-    home-manager.users.root.home = {
-      stateVersion = "23.05";
-      file = {
-        ".bash_history" = {
-          source = self + /programs/bash/.bash_history;
-        };
-      };
-    };
-
-    # environment.etc."issue".text = "\x1B[32m~SwarselSystems~\x1B[0m\nIP of primary interface: \x1B[31m\\4\x1B[0m\nThe Password for all users & root is '\x1B[31msetup\x1B[0m'.\nInstall the system remotely by running '\x1B[33mbootstrap -n <HOSTNAME> -d <IP_FROM_ABOVE> [--impermanence] [--encryption]\x1B[0m' on a machine with deployed secrets.\nAlternatively, run '\x1B[33mswarsel-install -d <DISK> -f <flake>\x1B[0m' for a local install.\n";
-    environment.etc."issue".source = "${self}/programs/etc/issue";
-    networking.dhcpcd.runHook = "${pkgs.utillinux}/bin/agetty --reload";
-
-    isoImage = {
-      makeEfiBootable = true;
-      makeUsbBootable = true;
-      squashfsCompression = "zstd -Xcompression-level 3";
-    };
-
-    nixpkgs = {
-      hostPlatform = lib.mkDefault "x86_64-linux";
-      config.allowUnfree = true;
-    };
-
-    services.getty.autologinUser = lib.mkForce "setup";
-
-    users = {
-      allowNoPasswordLogin = true;
-      groups.swarsel = { };
-      users = {
-        setup = {
-          name = "setup";
-          group = "setup";
-          isNormalUser = true;
-          password = "setup"; # this is overwritten after install
-          openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
-          extraGroups = [ "wheel" ];
-        };
-        root = {
-          # password = lib.mkForce config.users.users.swarsel.password; # this is overwritten after install
-          openssh.authorizedKeys.keys = config.users.users."setup".openssh.authorizedKeys.keys;
-        };
-      };
-    };
-
-    boot = {
-      loader.systemd-boot.enable = lib.mkForce true;
-      loader.efi.canTouchEfiVariables = true;
-    };
-
-    programs.bash.shellAliases = {
-      "swarsel-install" = "nix run github:Swarsel/.dotfiles#swarsel-install --";
-    };
-
-    system.activationScripts.cache = {
-      text = ''
-        mkdir -p -m=0777 /home/setup/.local/state/nix/profiles
-        mkdir -p -m=0777 /home/setup/.local/state/home-manager/gcroots
-        mkdir -p -m=0777 /home/setup/.local/share/nix/
-        printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /home/setup/.local/share/nix/trusted-settings.json > /dev/null
-        mkdir -p /root/.local/share/nix/
-        printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /root/.local/share/nix/trusted-settings.json > /dev/null
-      '';
-    };
-    systemd = {
-      services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
-      targets = {
-        sleep.enable = false;
-        suspend.enable = false;
-        hibernate.enable = false;
-        hybrid-sleep.enable = false;
-      };
-    };
-
-    system.stateVersion = lib.mkForce "23.05";
-
-    networking = {
-      hostName = "drugstore";
-      wireless.enable = false;
-    };
-  };
 }

nix/templates.nix

@@ -7,7 +7,7 @@
           (name: {
             inherit name;
             value = {
-              path = "${self}/templates/${name}";
+              path = "${self}/files/templates/${name}";
               description = "${name} project ";
             };
           })

nix/topology.nix

@@ -47,7 +47,7 @@
 
           pfsense = mkRouter "pfSense" {
             info = "HUNSN RM02";
-            image = "${self}/topology-images/hunsn.png";
+            image = "${self}/files/topology-images/hunsn.png";
             interfaceGroups = [
               [
                 "eth2"
@@ -96,7 +96,7 @@
 
           wifi-ap = mkSwitch "Wi-Fi AP" {
             info = "Huawei";
-            image = "${self}/topology-images/huawei.png";
+            image = "${self}/files/topology-images/huawei.png";
             interfaceGroups = [
               [
                 "eth1"
@@ -107,7 +107,7 @@
 
           switch-livingroom = mkSwitch "Switch Livingroom" {
             info = "TL-SG108";
-            image = "${self}/topology-images/TL-SG108.png";
+            image = "${self}/files/topology-images/TL-SG108.png";
             interfaceGroups = [
               [
                 "eth1"
@@ -129,13 +129,13 @@
 
           nswitch = mkDevice "Nintendo Switch" {
             info = "Nintendo Switch";
-            image = "${self}/topology-images/nintendo-switch.png";
+            image = "${self}/files/topology-images/nintendo-switch.png";
             interfaces.eth1 = { };
           };
 
           pc = mkDevice "Windows Gaming Server" {
             info = "i7-4790k, GTX970, 32GB RAM";
-            image = "${self}/topology-images/pc.png";
+            image = "${self}/files/topology-images/pc.png";
             interfaces.eth1 = { };
           };
 
@@ -143,7 +143,7 @@
 
           switch-bedroom = mkSwitch "Switch Bedroom" {
             info = "TL-SG1005D";
-            image = "${self}/topology-images/TL-SG1005D.png";
+            image = "${self}/files/topology-images/TL-SG1005D.png";
             interfaceGroups = [
               [
                 "eth1"
@@ -158,7 +158,7 @@
 
           printer = mkDevice "Printer" {
             info = "DELL C2665dnf";
-            image = "${self}/topology-images/DELL-C2665dnf.png";
+            image = "${self}/files/topology-images/DELL-C2665dnf.png";
             interfaces.eth1 = { };
           };