swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: adapt bootstrap script for new structure

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-07-05 03:07:08 +02:00
parent 49b557befa
commit de3d35a9b2
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
17 changed files with 391 additions and 272 deletions
Download patch file Download diff file Expand all files Collapse all files

3
modules/home/common/git.nix
View file

@ -1,4 +1,4 @@
{ lib, config, nixosConfig, globals, ... }:
{ lib, config, nixosConfig, globals, minimal, ... }:
let
inherit (nixosConfig.repo.secrets.common.mail) address1;
inherit (nixosConfig.repo.secrets.common) fullName;
@ -10,6 +10,7 @@ in
config = lib.mkIf config.swarselsystems.modules.git {
programs.git = {
enable = true;
} // lib.optionalAttrs (!minimal) {
aliases = {
a = "add";
c = "commit";

2
modules/home/common/sharedsetup.nix
View file

@ -9,7 +9,7 @@
isBtrfs = lib.mkEnableOption "use btrfs filesystem";
mainUser = lib.mkOption {
type = lib.types.str;
default = if (!minimal) then globals.user.name else "setup";
default = if (!minimal) then globals.user.name else "swarsel";
};
homeDir = lib.mkOption {
type = lib.types.str;

68
modules/iso/minimal.nix
View file

@ -1,68 +0,0 @@
{ lib, pkgs, ... }:
{
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
warn-dirty = false;
};
boot = {
# initrd.systemd.enable = true;
kernelPackages = pkgs.linuxPackages_latest;
supportedFilesystems = lib.mkForce [ "brtfs" "vfat" ];
loader = {
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
configurationLimit = lib.mkDefault 5;
consoleMode = lib.mkDefault "max";
};
};
};
services = {
qemuGuest.enable = true;
openssh = {
enable = true;
ports = lib.mkDefault [ 22 ];
settings.PermitRootLogin = "yes";
authorizedKeysFiles = lib.mkForce [
"/etc/ssh/authorized_keys.d/%u"
];
};
};
security.sudo.extraConfig = ''
Defaults env_keep+=SSH_AUTH_SOCK
Defaults lecture = never
'';
security.pam = {
sshAgentAuth.enable = true;
services = {
sudo.u2fAuth = true;
};
};
environment.systemPackages = with pkgs; [
curl
git
gnupg
rsync
ssh-to-age
sops
vim
just
sbctl
];
programs = {
git.enable = true;
};
fileSystems."/boot".options = [ "umask=0077" ];
networking.networkmanager.enable = true;
}

5
modules/nixos/common/pii.nix
View file

@ -1,7 +1,6 @@
# largely based on https://github.com/oddlama/nix-config/blob/main/modules/secrets.nix
{ config, inputs, lib, ... }:
{ config, inputs, lib, minimal, ... }:
let
# If the given expression is a bare set, it will be wrapped in a function,
# so that the imported file can always be applied to the inputs, similar to
# how modules can be functions or sets.
@ -66,7 +65,7 @@ in
let
local = config.node.secretsDir + "/pii.nix.enc";
in
(lib.optionalAttrs (lib.pathExists local) { inherit local; }) // {
(lib.optionalAttrs (lib.pathExists local && !minimal) { inherit local; }) // lib.optionalAttrs (!minimal) {
common = ../../../secrets/repo/pii.nix.enc;
};
};

130
modules/nixos/common/settings.nix
View file

@ -1,31 +1,62 @@
{ lib, pkgs, config, outputs, inputs, minimal, ... }:
{ self, lib, pkgs, config, outputs, inputs, minimal, ... }:
let
settings = if minimal then { } else {
environment.etc."nixos/configuration.nix".source = pkgs.writeText "configuration.nix" ''
assert builtins.trace "This location is not used. The config is found in ${config.swarselsystems.flakePath}!" false;
{ }
'';
nix =
let
flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
in
{
settings = {
connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ ";
fallback = true;
min-free = 128000000;
max-free = 1000000000;
flake-registry = "";
auto-optimise-store = true;
warn-dirty = false;
max-jobs = 1;
use-cgroups = lib.mkIf config.swarselsystems.isLinux true;
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 10d";
};
optimise = {
automatic = true;
dates = "weekly";
};
channel.enable = false;
registry = rec {
nixpkgs.flake = inputs.nixpkgs;
p = nixpkgs;
};
nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
};
services.dbus.implementation = "broker";
systemd.services.nix-daemon = {
environment.TMPDIR = "/var/tmp";
};
};
in
{
options.swarselsystems.modules.general = lib.mkEnableOption "general nix settings";
config = lib.mkIf config.swarselsystems.modules.general
({
(lib.recursiveUpdate
{
system.stateVersion = lib.mkDefault "23.05";
nixpkgs = {
overlays = [ outputs.overlays.default ];
config = {
allowUnfree = true;
};
};
}
// lib.optionalAttrs (!minimal) {
environment.etc."nixos/configuration.nix".source = pkgs.writeText "configuration.nix" ''
assert builtins.trace "This location is not used. The config is found in ${config.swarselsystems.flakePath}!" false;
{ }
'';
nix =
let
flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
in
{
nix = {
package = pkgs.nixVersions.nix_2_28;
settings = {
experimental-features = [
"nix-command"
@ -35,40 +66,29 @@
"pipe-operators"
];
trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ];
connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ ";
fallback = true;
min-free = 128000000;
max-free = 1000000000;
flake-registry = "";
auto-optimise-store = true;
warn-dirty = false;
max-jobs = 1;
use-cgroups = lib.mkIf config.swarselsystems.isLinux true;
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 10d";
};
optimise = {
automatic = true;
dates = "weekly";
};
channel.enable = false;
registry = rec {
nixpkgs.flake = inputs.nixpkgs;
p = nixpkgs;
};
nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
# extraOptions = ''
# plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins
# extra-builtins-file = ${self + /nix/extra-builtins.nix}
# '';
extraOptions = ''
plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
buildInputs = [pkgs.nixVersions.nix_2_28 pkgs.boost];
patches = (o.patches or []) ++ ["${self}/nix/nix-plugins.patch"];
})}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'';
};
services.dbus.implementation = "broker";
system.stateVersion = lib.mkDefault "23.05";
systemd.services.nix-daemon = {
environment.TMPDIR = "/var/tmp";
};
nixpkgs = {
overlays = [ outputs.overlays.default ];
config = {
allowUnfree = true;
};
};
});
}
settings);
}

2
modules/nixos/common/users.nix
View file

@ -14,7 +14,7 @@ in
description = "Leon S";
password = lib.mkIf (config.swarselsystems.initialSetup || minimal) "setup";
hashedPasswordFile = lib.mkIf (!config.swarselsystems.initialSetup && !minimal) config.sops.secrets.swarseluser.path;
extraGroups = lib.mkIf (!minimal) [ "networkmanager" "syncthing" "docker" "wheel" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ];
extraGroups = [ "wheel" ] ++ lib.optionals (!minimal) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ];
packages = with pkgs; [ ];
};
};