From a71aa5e81eecccfe15a6b9aaa2300a944172751b Mon Sep 17 00:00:00 2001 From: Mike Vink Date: Fri, 9 Feb 2024 12:01:42 +0100 Subject: better darwin handling --- flake.nix | 142 +++++++++++++++++++----------------- ivi/ivi.nix | 1 - machines/work.nix | 90 ++++++++++++++++------- profiles/core/configuration.nix | 13 +++- profiles/core/home.nix | 2 + profiles/core/syncthing.nix | 6 ++ profiles/station/mpv.nix | 7 +- profiles/station/music.nix | 4 +- profiles/station/newsboat.nix | 1 + profiles/station/nonfree.nix | 4 +- profiles/station/packages.nix | 32 +++----- profiles/station/suckless.nix | 10 +-- profiles/station/virtualisation.nix | 26 +++---- 13 files changed, 195 insertions(+), 143 deletions(-) create mode 100644 profiles/core/syncthing.nix diff --git a/flake.nix b/flake.nix index a0a8827..3802f26 100644 --- a/flake.nix +++ b/flake.nix @@ -21,97 +21,107 @@ nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = inputs@{ + outputs = inputs @ { self, nixpkgs, home-manager, sops-nix, deploy-rs, ... - }: - let + }: let system = "x86_64-linux"; pkgs = import nixpkgs {inherit system;}; lib = (nixpkgs.lib.extend (_: _: home-manager.lib)).extend (import ./ivi self); # Gets module from ./machines/ and uses the lib to define which other modules # the machine needs. - mkSystem = machine: machineConfig: with lib; - lib.nixosSystem { - inherit lib system; - specialArgs = {inherit self machine inputs;}; - modules = with lib; - machine.modules - ++ inputs.home-manager.nixosModules.default - ++ machineConfig - ++ [({ config, ... }: { - nixpkgs.overlays = with lib; [(composeManyExtensions [ - (import ./overlays/vimPlugins.nix {inherit pkgs;}) - inputs.neovim-nightly-overlay.overlay - ])];}) - ]; - }; - - in with lib; { - inherit lib; - nixosConfigurations = with lib; - mapAttrs + mkSystem = machine: machineConfig: + with lib; + lib.nixosSystem { + inherit lib system; + specialArgs = {inherit self machine inputs;}; + modules = with lib; + machine.modules + ++ inputs.home-manager.nixosModules.default + ++ machineConfig + ++ [ + ({config, ...}: { + nixpkgs.overlays = with lib; [ + (composeManyExtensions [ + (import ./overlays/vimPlugins.nix {inherit pkgs;}) + inputs.neovim-nightly-overlay.overlay + ]) + ]; + }) + ]; + }; + in + with lib; { + inherit lib; + nixosConfigurations = with lib; + mapAttrs (hostname: cfg: - mkSystem ivi.machines.${hostname} [cfg]) + mkSystem ivi.machines.${hostname} [cfg]) (modulesIn ./machines) - // { - windows = windowsModules: - let - wsl = recursiveUpdate ivi.machines.wsl {modules = ivi.machines.wsl.modules ++ windowsModules;}; - in - (mkSystem wsl []); - iso = (mkSystem { modules = [./iso.nix]; } []); - }; + // { + windows = windowsModules: let + wsl = recursiveUpdate ivi.machines.wsl {modules = ivi.machines.wsl.modules ++ windowsModules;}; + in (mkSystem wsl []); + iso = mkSystem {modules = [./iso.nix];} []; + }; - darwinConfigurations."work" = let + darwinConfigurations."work" = let machine = ivi.machines."work"; system = "aarch64-darwin"; pkgs = import nixpkgs {inherit system;}; lib = (nixpkgs.lib.extend (_: _: home-manager.lib)).extend (import ./ivi self); in inputs.nix-darwin.lib.darwinSystem - { - inherit lib system; - specialArgs = {inherit self machine inputs;}; - modules = [ - ./machines/work.nix - inputs.home-manager.darwinModules.default - ] ++ (attrValues (modulesIn ./profiles/core)) ++ (attrValues (modulesIn ./profiles/station)) - ++ [({ config, ... }: { - nixpkgs.overlays = with lib; [(composeManyExtensions [ - (import ./overlays/vimPlugins.nix {inherit pkgs;}) - inputs.neovim-nightly-overlay.overlay - ])];}) - ]; }; + { + inherit lib system; + specialArgs = {inherit self machine inputs;}; + modules = + [ + ./machines/work.nix + inputs.home-manager.darwinModules.default + ] + ++ (attrValues (modulesIn ./profiles/core)) + ++ (attrValues (modulesIn ./profiles/station)) + ++ [ + ({config, ...}: { + nixpkgs.overlays = with lib; [ + (composeManyExtensions [ + (import ./overlays/vimPlugins.nix {inherit pkgs;}) + inputs.neovim-nightly-overlay.overlay + ]) + ]; + }) + ]; + }; - deploy.nodes = - mapAttrs - (hostname: machine: { - hostname = hostname + "." + ivi.domain; - sshUser = "root"; - profiles.system.path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${hostname}; - }) - (filterAttrs (_: machine: machine.isServer) ivi.machines); + deploy.nodes = + mapAttrs + (hostname: machine: { + hostname = hostname + "." + ivi.domain; + sshUser = "root"; + profiles.system.path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${hostname}; + }) + (filterAttrs (_: machine: machine.isServer) ivi.machines); - devShells."${system}".hetzner = pkgs.mkShell { - name = "deploy"; - buildInputs = [ + devShells."${system}".hetzner = pkgs.mkShell { + name = "deploy"; + buildInputs = [ pkgs.bashInteractive deploy-rs.packages."${system}".default - ]; - shellHook = '' + ]; + shellHook = '' export HCLOUD_TOKEN="$(pass show personal/hetzner-token)" - ''; - }; + ''; + }; - templates = - mapAttrs - (name: type: {path = ./templates + "/${name}";}) - (builtins.readDir ./templates); - }; + templates = + mapAttrs + (name: type: {path = ./templates + "/${name}";}) + (builtins.readDir ./templates); + }; } diff --git a/ivi/ivi.nix b/ivi/ivi.nix index 973992d..4be5f03 100644 --- a/ivi/ivi.nix +++ b/ivi/ivi.nix @@ -98,7 +98,6 @@ self: lib: with lib; let machines = { work = { - isFake = true; isDarwin = true; profiles = [ "core" diff --git a/machines/work.nix b/machines/work.nix index 956d984..1e945b2 100644 --- a/machines/work.nix +++ b/machines/work.nix @@ -1,36 +1,72 @@ -{ self, pkgs, lib, ... }: with lib; { - # List packages installed in system profile. To search by name, run: - # $ nix-env -qaP | grep wget - environment.systemPackages = - [ pkgs.podman - pkgs.qemu - pkgs.kitty - ]; +{ self, config, pkgs, lib, ... }: with lib; { + options = { + virtualisation = mkSinkUndeclaredOptions {}; + programs = { + virt-manager = mkSinkUndeclaredOptions {}; + steam = mkSinkUndeclaredOptions {}; + hardware = mkSinkUndeclaredOptions {}; + }; + services = { + resolved = mkSinkUndeclaredOptions {}; + openssh.enable = mkOption { + type = types.bool; + default = false; + }; + }; + security = { + sudo = mkSinkUndeclaredOptions {}; + }; + users.users = mkOption { + type = types.attrsOf (types.submodule ({...}: { + options = { + extraGroups = mkSinkUndeclaredOptions {}; + isNormalUser = mkSinkUndeclaredOptions {}; + }; + config = { + home = "/Users/${ivi.username}"; + }; + })); + }; + }; + config = { + # List packages installed in system profile. To search by name, run: + # $ nix-env -qaP | grep wget + environment.systemPackages = + [ pkgs.qemu + pkgs.kitty + ]; - services.tailscale.enable = true; + sops.age.keyFile = "${config.hm.xdg.configHome}/sops/age/keys.txt"; + homebrew = { + enable = true; + masApps = { + tailscale = 1475387142; + }; + }; - # Auto upgrade nix package and the daemon service. - services.nix-daemon.enable = true; - # nix.package = pkgs.nix; + # Auto upgrade nix package and the daemon service. + services.nix-daemon.enable = true; + # nix.package = pkgs.nix; - # Necessary for using flakes on this system. - nix.settings.experimental-features = "nix-command flakes"; + # Necessary for using flakes on this system. + nix.settings.experimental-features = "nix-command flakes"; - nix.extraOptions = ''extra-platforms = x86_64-darwin aarch64-darwin ''; + nix.extraOptions = ''extra-platforms = x86_64-darwin aarch64-darwin ''; - # Create /etc/zshrc that loads the nix-darwin environment. - programs.zsh.enable = true; # default shell on catalina - # programs.fish.enable = true; + # Create /etc/zshrc that loads the nix-darwin environment. + programs.zsh.enable = true; # default shell on catalina + # programs.fish.enable = true; - # Set Git commit hash for darwin-version. - system.configurationRevision = self.rev or self.dirtyRev or null; + # Set Git commit hash for darwin-version. + system.configurationRevision = self.rev or self.dirtyRev or null; - # Used for backwards compatibility, please read the changelog before changing. - # $ darwin-rebuild changelog - system.stateVersion = 4; + # Used for backwards compatibility, please read the changelog before changing. + # $ darwin-rebuild changelog + system.stateVersion = 4; - # The platform the configuration will be used on. - nixpkgs.hostPlatform = "aarch64-darwin"; - users.users.${ivi.username}.shell = pkgs.bashInteractive; - environment.shells = [pkgs.bashInteractive]; + # The platform the configuration will be used on. + nixpkgs.hostPlatform = "aarch64-darwin"; + users.users.${ivi.username}.shell = pkgs.bashInteractive; + environment.shells = [pkgs.bashInteractive]; + }; } diff --git a/profiles/core/configuration.nix b/profiles/core/configuration.nix index b5f5262..8d113cb 100644 --- a/profiles/core/configuration.nix +++ b/profiles/core/configuration.nix @@ -6,7 +6,7 @@ }: with lib; { imports = [ (mkAliasOptionModule [ "ivi" ] [ "users" "users" ivi.username ]) ]; - services = optionalAttrs (builtins.hasAttr "resolved" config.services) { + services = { resolved.fallbackDns = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" @@ -14,7 +14,7 @@ "2606:4700:4700::1001#one.one.one.one" ]; }; - security = optionalAttrs (builtins.hasAttr "sudo" config.security) { + security = { sudo = { wheelNeedsPassword = false; extraConfig = '' @@ -28,11 +28,9 @@ time.timeZone = "Europe/Amsterdam"; users.users = { ${ivi.username} = { - home = mkIf pkgs.stdenv.isDarwin "/Users/ivi"; uid = 1000; description = ivi.realName; openssh.authorizedKeys.keys = ivi.sshKeys; - } // optionalAttrs (!pkgs.stdenv.isDarwin) { extraGroups = ["wheel" "networkmanager" "docker" "transmission"]; isNormalUser = true; }; @@ -62,7 +60,14 @@ zoxide binwalk unzip + gcc + gnumake + file + pstree + bc ] ++ optionals (!pkgs.stdenv.isDarwin) [ + pkgsi686Linux.glibc + gdb pciutils dnsutils iputils diff --git a/profiles/core/home.nix b/profiles/core/home.nix index fa2cd22..558c8e3 100644 --- a/profiles/core/home.nix +++ b/profiles/core/home.nix @@ -117,6 +117,8 @@ programs.bash = { enable = true; bashrcExtra = '' + (echo; echo 'eval "$(/opt/homebrew/bin/brew shellenv)"') >> /Users/ivi/.bash_profile + eval "$(/opt/homebrew/bin/brew shellenv)" export PATH=$PATH:$HOME/.local/bin [[ -f ~/.cache/wal/sequences ]] && (cat ~/.cache/wal/sequences &) unset LD_PRELOAD diff --git a/profiles/core/syncthing.nix b/profiles/core/syncthing.nix new file mode 100644 index 0000000..ecb633c --- /dev/null +++ b/profiles/core/syncthing.nix @@ -0,0 +1,6 @@ +{lib,...}: with lib; { + services.syncthing = { + enable = true; + user = ivi.username; + }; +} diff --git a/profiles/station/mpv.nix b/profiles/station/mpv.nix index 8271c2f..46baf96 100644 --- a/profiles/station/mpv.nix +++ b/profiles/station/mpv.nix @@ -1,11 +1,12 @@ - { + machine, pkgs, + lib, ... -}: { +}: lib.mkIf (!machine.isDarwin) { hm = { programs.mpv = { - enable = !pkgs.stdenv.isDarwin; + enable = true; scripts = [ (with pkgs; stdenv.mkDerivation { pname = "mpv-sockets"; diff --git a/profiles/station/music.nix b/profiles/station/music.nix index 7503ac4..78ed655 100644 --- a/profiles/station/music.nix +++ b/profiles/station/music.nix @@ -1,9 +1,9 @@ -{ config, pkgs, lib, ... }: { +{ machine, config, pkgs, lib, ... }: with lib; mkIf (!machine.isDarwin) { # TODO: what about secrets on nix-darwin... # secrets.mopidy.owner = lib.ivi.username; hm.home.packages = [pkgs.mpc-cli]; hm.services.mopidy = { - enable = !pkgs.stdenv.isDarwin; + enable = true; extensionPackages = with pkgs; [mopidy-spotify mopidy-mpd]; settings = { mpd = { diff --git a/profiles/station/newsboat.nix b/profiles/station/newsboat.nix index e9ae445..2def1d7 100644 --- a/profiles/station/newsboat.nix +++ b/profiles/station/newsboat.nix @@ -4,6 +4,7 @@ enable = true; autoReload = true; urls = [ + {url = "https://nginx.org/index.rss";} {url = "https://github.com/neovim/neovim/releases.atom";} {url = "https://github.com/rancher/rancher/releases.atom";} {url = "https://github.com/istio/istio/releases.atom";} diff --git a/profiles/station/nonfree.nix b/profiles/station/nonfree.nix index 4f0c83c..1dd91d1 100644 --- a/profiles/station/nonfree.nix +++ b/profiles/station/nonfree.nix @@ -7,7 +7,7 @@ nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ # Add additional package names here - "teams-1.6.00.4464" + "teams" "discord" "discord-ptb" "discord-canary" @@ -18,7 +18,7 @@ "steam-run" ]; - programs = optionalAttrs (!pkgs.stdenv.isDarwin) { + programs = { steam = { enable = true; remotePlay.openFirewall = true; diff --git a/profiles/station/packages.nix b/profiles/station/packages.nix index e823fb8..4116e70 100644 --- a/profiles/station/packages.nix +++ b/profiles/station/packages.nix @@ -1,35 +1,29 @@ { + machine, pkgs, lib, ... }: with lib; { hm = { home.packages = with pkgs; [ - (nerdfonts.override {fonts = ["FiraCode"];}) - noto-fonts - noto-fonts-emoji - k9s - krew - dasel + (nerdfonts.override {fonts = ["FiraCode" "JetBrainsMono"];}) python311Packages.editorconfig - gcc - gnumake calcurse - file - ueberzug - pstree - pywal bashInteractive powershell + + k9s + krew azure-cli - alejandra - statix github-cli - lazygit argocd - bc - nushell - ] ++ optionals (!pkgs.stdenv.isDarwin) [ + (google-cloud-sdk.withExtraComponents (with google-cloud-sdk.components; [ + gke-gcloud-auth-plugin + ])) + ] ++ optionals (!machine.isDarwin) [ + pywal + dasel + ueberzug inotify-tools raylib maim @@ -39,8 +33,6 @@ sxiv sent initool - pkgsi686Linux.glibc - gdb dmenu librewolf firefox-wayland diff --git a/profiles/station/suckless.nix b/profiles/station/suckless.nix index d3941d9..36a299f 100644 --- a/profiles/station/suckless.nix +++ b/profiles/station/suckless.nix @@ -3,12 +3,13 @@ config, pkgs, lib, + machine, ... -}: with lib; { +}: with lib; mkIf (!machine.isDarwin) { nixpkgs.overlays = [(import (self + "/overlays/suckless.nix") {inherit pkgs; home = config.ivi.home;})]; hm = { xsession = { - enable = !pkgs.stdenv.isDarwin; + enable = true; initExtra = '' ${pkgs.xorg.xmodmap}/bin/xmodmap -e "remove mod1 = Alt_R" ${pkgs.xorg.xmodmap}/bin/xmodmap -e "add mod3 = Alt_R" @@ -18,7 +19,7 @@ ''; }; services.picom = { - enable = !pkgs.stdenv.isDarwin; + enable = true; activeOpacity = 0.99; inactiveOpacity = 0.7; opacityRules = [ @@ -37,7 +38,7 @@ }; }; services.dunst = { - enable = !pkgs.stdenv.isDarwin; + enable = true; settings = { global = { monitor = 0; @@ -71,7 +72,6 @@ }; home.packages = with pkgs; [ libnotify - ] ++ optionals (!pkgs.stdenv.isDarwin) [ st dwm dwmblocks diff --git a/profiles/station/virtualisation.nix b/profiles/station/virtualisation.nix index 4e9425e..5646562 100644 --- a/profiles/station/virtualisation.nix +++ b/profiles/station/virtualisation.nix @@ -1,14 +1,14 @@ -{ pkgs, ... }: { - # environment.systemPackages = with pkgs; [ - # virt-viewer - # ]; - # virtualisation.libvirtd.enable = true; - # programs.virt-manager.enable = true; - # hm.dconf.settings = { - # "org/virt-manager/virt-manager/connections" = { - # autoconnect = ["qemu:///system"]; - # uris = ["qemu:///system"]; - # }; - # }; - # ivi.extraGroups = [ "libvirtd" ]; +{ pkgs, lib, ... }: with lib; { + environment.systemPackages = with pkgs; mkIf (!pkgs.stdenv.isDarwin) [ + virt-viewer + ]; + virtualisation.libvirtd.enable = true; + programs.virt-manager.enable = true; + hm.dconf.settings = { + "org/virt-manager/virt-manager/connections" = { + autoconnect = ["qemu:///system"]; + uris = ["qemu:///system"]; + }; + }; + ivi.extraGroups = [ "libvirtd" ]; } -- cgit v1.2.3