From da6a7d5c69aa3e8b70755e88be0f44b642422114 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 7 Dec 2023 20:32:45 +0100 Subject: bump --- flake.lock | 193 ++++++++++++++++++++++----- flake.nix | 79 +++++++---- hosts/eostre/default.nix | 2 +- hosts/sif/default.nix | 2 +- hosts/vidhar/network/dsl.nix | 2 +- hosts/vidhar/pgbackrest/default.nix | 2 +- installer/default.nix | 2 +- modules/envfs.nix | 8 ++ modules/openssh.nix | 12 +- modules/pgbackrest.nix | 2 + modules/tinc-networkmanager.nix | 1 + modules/uucp.nix | 5 + overlays/poetry2nix.nix | 3 + overlays/prometheus-systemd-exporter.nix | 11 -- system-profiles/core/default.nix | 80 +++++++++-- system-profiles/initrd-ssh/default.nix | 6 +- system-profiles/networkmanager.nix | 1 - system-profiles/openssh/default.nix | 5 +- system-profiles/rebuild-machines/default.nix | 1 + 19 files changed, 320 insertions(+), 97 deletions(-) create mode 100644 overlays/poetry2nix.nix delete mode 100644 overlays/prometheus-systemd-exporter.nix diff --git a/flake.lock b/flake.lock index 2cdcbd0f..39ab9c92 100644 --- a/flake.lock +++ b/flake.lock @@ -6,19 +6,22 @@ "nixpkgs": [ "nixpkgs" ], + "poetry2nix": [ + "poetry2nix" + ], "pre-commit-hooks-nix": "pre-commit-hooks-nix" }, "locked": { - "lastModified": 1678718217, - "narHash": "sha256-b08VXH9lGi8/3lIDQQ87Oy6bKi7A8SRFxLNM0I4xX5M=", + "lastModified": 1701974579, + "narHash": "sha256-Drydx4onJnz5AqjG1clABRHUF4cPmy75zH70AXvs3eQ=", "owner": "gkleen", "repo": "backup-utils", - "rev": "8c174281de2733e275c5c18fe9ecd97c6edab1d7", + "rev": "d094023745980f90828f0390441ff22b51107f3a", "type": "gitlab" }, "original": { "owner": "gkleen", - "ref": "v0.1.0", + "ref": "v0.1.2", "repo": "backup-utils", "type": "gitlab" } @@ -29,19 +32,22 @@ "nixpkgs": [ "nixpkgs" ], + "poetry2nix": [ + "poetry2nix" + ], "pre-commit-hooks-nix": "pre-commit-hooks-nix_2" }, "locked": { - "lastModified": 1691340067, - "narHash": "sha256-diC5x6yhZ02LtgjFySpwAbGpjLJi/PXjocCDs/w+XiU=", + "lastModified": 1701974982, + "narHash": "sha256-crVlSEyoox6g8dpndqCgts3i6otVoGfDUmPz2ltG3IY=", "owner": "gkleen", "repo": "ca", - "rev": "080e45af700bbd917a49124becd5fe5f275bfc9f", + "rev": "8cfabef934ee8219d12b9ba46e2b2f4d6dc61f8d", "type": "gitlab" }, "original": { "owner": "gkleen", - "ref": "v2.1.0", + "ref": "v2.3.3", "repo": "ca", "type": "gitlab" } @@ -59,11 +65,11 @@ ] }, "locked": { - "lastModified": 1695052866, - "narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=", + "lastModified": 1698921442, + "narHash": "sha256-7KmvhQ7FuXlT/wG4zjTssap6maVqeAMBdtel+VjClSM=", "owner": "serokell", "repo": "deploy-rs", - "rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9", + "rev": "660180bbbeae7d60dad5a92b30858306945fd427", "type": "github" }, "original": { @@ -108,11 +114,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -246,11 +252,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -362,6 +368,27 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1698974481, + "narHash": "sha256-yPncV9Ohdz1zPZxYHQf47S8S0VrnhV7nNhCawY46hDA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "4bb5e752616262457bc7ca5882192a564c0472d2", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -369,11 +396,11 @@ ] }, "locked": { - "lastModified": 1694921880, - "narHash": "sha256-yU36cs5UdzhTwsM9bUWUz43N//ELzQ1ro69C07pU/8E=", + "lastModified": 1701572887, + "narHash": "sha256-oCPwQZT0Inis4zcYhtFHUp7Rym1zglKPLDcRird35q8=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "9d2bcc47110b3b6217dfebd6761ba20bc78aedf2", + "rev": "41afa8d1c061beda68502bcc67f2788f3a77042b", "type": "github" }, "original": { @@ -399,6 +426,22 @@ "type": "github" } }, + "nixpkgs-eostre": { + "locked": { + "lastModified": 1701282334, + "narHash": "sha256-MxCVrXY6v4QmfTwIysjjaX0XUhqBbxTWWB4HXtDYsdk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "057f9aecfb71c4437d2b27d3323df7f93c010b7e", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "23.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-lib": { "locked": { "dir": "lib", @@ -453,6 +496,22 @@ "type": "github" } }, + "nixpkgs-pgbackrest": { + "locked": { + "lastModified": 1685566663, + "narHash": "sha256-btHN1czJ6rzteeCuE/PNrdssqYD2nIA4w48miQAFloM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4ecab3273592f27479a583fb6d975d4aba3486fe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "23.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1678614274, @@ -471,16 +530,16 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1685566663, - "narHash": "sha256-btHN1czJ6rzteeCuE/PNrdssqYD2nIA4w48miQAFloM=", + "lastModified": 1701282334, + "narHash": "sha256-MxCVrXY6v4QmfTwIysjjaX0XUhqBbxTWWB4HXtDYsdk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4ecab3273592f27479a583fb6d975d4aba3486fe", + "rev": "057f9aecfb71c4437d2b27d3323df7f93c010b7e", "type": "github" }, "original": { "owner": "NixOS", - "ref": "23.05", + "ref": "23.11", "repo": "nixpkgs", "type": "github" } @@ -503,11 +562,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1695232867, - "narHash": "sha256-XwNaS3JP2JOJHsgYqeTnMzjywGeFjo/G++otcckJLFw=", + "lastModified": 1701952487, + "narHash": "sha256-QDHd2AUiXnfFegFJuuCIPeAf109cY7jdAtkrDPA7MiM=", "owner": "gkleen", "repo": "nixpkgs", - "rev": "7c48f2b003d8d6ef98e7b29ccb888a877b806ab8", + "rev": "3fe71bc59b593b7757e8ecf4f5cbd25fb77cca5b", "type": "github" }, "original": { @@ -560,6 +619,33 @@ "type": "github" } }, + "poetry2nix": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems_3", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1701861752, + "narHash": "sha256-QfrE05P66856b1SMan69NPhjc9e82VtLxBKg3yiQGW8=", + "owner": "nix-community", + "repo": "poetry2nix", + "rev": "9fc487b32a68473da4bf9573f85b388043c5ecda", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "poetry2nix", + "type": "github" + } + }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": "flake-compat", @@ -638,14 +724,17 @@ "nixpkgs": [ "nixpkgs" ], + "poetry2nix": [ + "poetry2nix" + ], "pre-commit-hooks-nix": "pre-commit-hooks-nix_3" }, "locked": { - "lastModified": 1685389961, - "narHash": "sha256-D01xvx8trgelAM5D/1rZ9/s2Wqm3LDBfH29VWGeYu5o=", + "lastModified": 1701975574, + "narHash": "sha256-gN2I3VdtC4mpep+AmYxR2OpaY7uv14zXCOfEMdzh0q4=", "owner": "gkleen", "repo": "prometheus-borg-exporter", - "rev": "153c3864761d4741dc72e360f96de8c169834b81", + "rev": "5699a2c38a0d777d0580584136e0a27b33800864", "type": "gitlab" }, "original": { @@ -666,8 +755,11 @@ "home-manager": "home-manager", "nix-index-database": "nix-index-database", "nixpkgs": "nixpkgs_2", + "nixpkgs-eostre": "nixpkgs-eostre", + "nixpkgs-pgbackrest": "nixpkgs-pgbackrest", "nixpkgs-stable": "nixpkgs-stable_2", "nvfetcher": "nvfetcher", + "poetry2nix": "poetry2nix", "prometheus-borg-exporter": "prometheus-borg-exporter", "sops-nix": "sops-nix" } @@ -682,11 +774,11 @@ ] }, "locked": { - "lastModified": 1695284550, - "narHash": "sha256-z9fz/wz9qo9XePEvdduf+sBNeoI9QG8NJKl5ssA8Xl4=", + "lastModified": 1701728052, + "narHash": "sha256-7lOMc3PtW5a55vFReBJLLLOnopsoi1W7MkjJ93jPV4E=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2f375ed8702b0d8ee2430885059d5e7975e38f78", + "rev": "e91ece6d2cf5a0ae729796b8f0dedceab5107c3d", "type": "github" }, "original": { @@ -725,6 +817,41 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "id": "systems", + "type": "indirect" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1699786194, + "narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index b6de92f2..7ed56d44 100644 --- a/flake.nix +++ b/flake.nix @@ -19,12 +19,24 @@ # ref = "nixos-unstable"; ref = "ppp-systemd"; }; - nixpkgs-stable = { + nixpkgs-pgbackrest = { type = "github"; owner = "NixOS"; repo = "nixpkgs"; ref = "23.05"; }; + nixpkgs-stable = { + type = "github"; + owner = "NixOS"; + repo = "nixpkgs"; + ref = "23.11"; + }; + nixpkgs-eostre = { + type = "github"; + owner = "NixOS"; + repo = "nixpkgs"; + ref = "23.11"; + }; home-manager = { type = "github"; # owner = "nix-community"; @@ -97,23 +109,35 @@ nixpkgs.follows = "nixpkgs"; }; }; + poetry2nix = { + type = "github"; + owner = "nix-community"; + repo = "poetry2nix"; + ref = "master"; + inputs = { + flake-utils.follows = "flake-utils"; + nixpkgs.follows = "nixpkgs"; + }; + }; ca-util = { type = "gitlab"; owner = "gkleen"; repo = "ca"; - ref = "v2.1.0"; + ref = "v2.3.3"; inputs = { nixpkgs.follows = "nixpkgs"; + poetry2nix.follows = "poetry2nix"; }; }; backup-utils = { type = "gitlab"; owner = "gkleen"; repo = "backup-utils"; - ref = "v0.1.0"; + ref = "v0.1.2"; inputs = { nixpkgs.follows = "nixpkgs"; + poetry2nix.follows = "poetry2nix"; }; }; prometheus-borg-exporter = { @@ -123,6 +147,7 @@ ref = "main"; inputs = { nixpkgs.follows = "nixpkgs"; + poetry2nix.follows = "poetry2nix"; }; }; }; @@ -133,7 +158,7 @@ inherit (nixpkgs) lib; utils = import ./utils { inherit lib; }; inherit (utils) nixImport overrideModule; - inherit (lib) nixosSystem mkIf splitString filterAttrs listToAttrs mapAttrsToList nameValuePair concatMap composeManyExtensions mapAttrs mapAttrs' recursiveUpdate genAttrs unique elem optionalAttrs isDerivation concatLists concatStringsSep fix filter makeOverridable foldr; + inherit (lib) mkIf splitString filterAttrs listToAttrs mapAttrsToList nameValuePair concatMap composeManyExtensions mapAttrs mapAttrs' recursiveUpdate genAttrs unique elem optionalAttrs isDerivation concatLists concatStringsSep fix filter makeOverridable foldr; inherit (lib.strings) escapeNixString hasSuffix; accountUserName = accountName: @@ -149,29 +174,31 @@ mkOverlay = path: final: prev: import path ({ inherit final; inherit prev; flakeInputs = inputs; flake = self; } // mkSources prev); - mkNixosConfiguration = addProfiles: dir: path: hostName: nixosSystem rec { - specialArgs = { - flake = self; - flakeInputs = inputs; - path = ./.; + mkNixosConfiguration = addProfiles: dir: path: hostName: + let inherit ((inputs."nixpkgs-${hostName}" or inputs.nixpkgs).lib) nixosSystem; + in nixosSystem rec { + specialArgs = { + flake = self; + flakeInputs = inputs; + path = ./.; + }; + modules = + let + defaultProfiles = with self.nixosModules.systemProfiles; + [ core + ]; + + local = dir + "/${path}"; + argsModule = { pkgs, ... }: { + _module.args = { + customUtils = utils; + inherit hostName; + } // mkSources pkgs; + }; + accountModules = attrValues (filterAttrs accountMatchesHost self.nixosModules.accounts); + accountMatchesHost = n: _v: accountHostName n == hostName; + in attrValues (filterAttrs (n: _v: !(elem n ["systemProfiles" "users" "userProfiles" "accounts"])) self.nixosModules) ++ [ argsModule ] ++ defaultProfiles ++ addProfiles ++ [ local ] ++ accountModules; }; - modules = - let - defaultProfiles = with self.nixosModules.systemProfiles; - [ core - ]; - - local = dir + "/${path}"; - argsModule = { pkgs, ... }: { - _module.args = { - customUtils = utils; - inherit hostName; - } // mkSources pkgs; - }; - accountModules = attrValues (filterAttrs accountMatchesHost self.nixosModules.accounts); - accountMatchesHost = n: _v: accountHostName n == hostName; - in attrValues (filterAttrs (n: _v: !(elem n ["systemProfiles" "users" "userProfiles" "accounts"])) self.nixosModules) ++ [ argsModule ] ++ defaultProfiles ++ addProfiles ++ [ local ] ++ accountModules; - }; mkSystemProfile = dir: path: profileName: { imports = [ (dir + "/${path}") ]; diff --git a/hosts/eostre/default.nix b/hosts/eostre/default.nix index 40fb5f72..fd4b15f2 100644 --- a/hosts/eostre/default.nix +++ b/hosts/eostre/default.nix @@ -10,7 +10,7 @@ with lib; config = { nixpkgs = { system = "x86_64-linux"; - config = { + externalConfig = { allowUnfree = true; }; }; diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index 66dca378..d1a28920 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix @@ -20,7 +20,7 @@ in { config = { nixpkgs = { system = "x86_64-linux"; - config = { + externalConfig = { allowUnfree = true; pulseaudio = true; }; diff --git a/hosts/vidhar/network/dsl.nix b/hosts/vidhar/network/dsl.nix index ae874c25..a8a897f2 100644 --- a/hosts/vidhar/network/dsl.nix +++ b/hosts/vidhar/network/dsl.nix @@ -36,6 +36,7 @@ in { user 002576900250551137425220#0001@t-online.de telekom debug + +ipv6 ''; }; systemd.services."pppd-telekom" = { @@ -43,7 +44,6 @@ in { serviceConfig = lib.mkForce { PIDFile = "/run/pppd/${pppInterface}.pid"; - ExecStart = "${lib.getBin pkgs.ppp}/sbin/pppd call telekom up_sdnotify nolog +ipv6"; }; }; sops.secrets."pap-secrets" = { diff --git a/hosts/vidhar/pgbackrest/default.nix b/hosts/vidhar/pgbackrest/default.nix index 0f86ebe9..fec0c1fb 100644 --- a/hosts/vidhar/pgbackrest/default.nix +++ b/hosts/vidhar/pgbackrest/default.nix @@ -12,7 +12,7 @@ in { services.pgbackrest = { enable = true; - package = flakeInputs.nixpkgs-stable.legacyPackages.${config.nixpkgs.system}.pgbackrest; + package = flakeInputs.nixpkgs-pgbackrest.legacyPackages.${config.nixpkgs.system}.pgbackrest; tlsServer = { enable = true; diff --git a/installer/default.nix b/installer/default.nix index 912a0ce9..baaf2dc6 100644 --- a/installer/default.nix +++ b/installer/default.nix @@ -47,7 +47,7 @@ with lib; wantedBy = [ "multi-user.target" ]; serviceConfig.ExecStart = "${pkgs.linuxPackages.nvidia_x11.bin}/bin/nvidia-smi"; }; - nixpkgs.config.allowUnfree = true; + nixpkgs.externalConfig.allowUnfree = true; nix.settings.auto-allocate-uids = mkForce false; diff --git a/modules/envfs.nix b/modules/envfs.nix index 1463dce8..83cad8d0 100644 --- a/modules/envfs.nix +++ b/modules/envfs.nix @@ -50,6 +50,14 @@ in { ln -s ${config.environment.binsh} $out/sh '') ]; + defaultText = lib.literalExpression '' + [ (pkgs.runCommand "fallback-path-environment" {} ''' + mkdir -p $out + ln -s ''${config.environment.usrbinenv} $out/env + ln -s ''${config.environment.binsh} $out/sh + ''') + ] + ''; description = lib.mdDoc "Extra packages to join into collection of fallback executables in case not other executable is found"; }; }; diff --git a/modules/openssh.nix b/modules/openssh.nix index b5950610..78749869 100644 --- a/modules/openssh.nix +++ b/modules/openssh.nix @@ -6,8 +6,8 @@ with lib; options = { services.openssh = { settings.HostKeyAlgorithms = mkOption { - type = types.listOf types.str; - default = [ + type = types.str; + default = concatStringsSep "," [ "ssh-ed25519" "ssh-ed25519-cert-v01@openssh.com" "sk-ssh-ed25519@openssh.com" @@ -32,8 +32,8 @@ with lib; ]; }; settings.CASignatureAlgorithms = mkOption { - type = types.listOf types.str; - default = [ + type = types.str; + default = concatStringsSep "," [ "ssh-ed25519" "ecdsa-sha2-nistp256" "ecdsa-sha2-nistp384" @@ -45,8 +45,8 @@ with lib; ]; }; settings.PubkeyAcceptedAlgorithms = mkOption { - type = types.listOf types.str; - default = [ + type = types.str; + default = concatStringsSep "," [ "ssh-ed25519" "ssh-ed25519-cert-v01@openssh.com" "sk-ssh-ed25519@openssh.com" diff --git a/modules/pgbackrest.nix b/modules/pgbackrest.nix index ca319ccd..ac0f9a35 100644 --- a/modules/pgbackrest.nix +++ b/modules/pgbackrest.nix @@ -54,6 +54,7 @@ in { stanza = mkOption { type = types.str; default = config.networking.hostName; + defaultText = literalExpression "config.networking.hostName"; }; }; @@ -115,6 +116,7 @@ in { stanza = mkOption { type = types.str; default = cfg.configurePostgresql.stanza; + defaultText = literalExpression "config.services.pgbackrest.configurePostgresql.stanza"; }; repo = mkOption { type = types.nullOr (types.strMatching "^[0-9]+$"); diff --git a/modules/tinc-networkmanager.nix b/modules/tinc-networkmanager.nix index ff03abd2..4beba737 100644 --- a/modules/tinc-networkmanager.nix +++ b/modules/tinc-networkmanager.nix @@ -8,6 +8,7 @@ in { options.nmDispatch = lib.mkOption { type = lib.types.bool; default = config.networking.networkmanager.enable; + defaultText = lib.literalExpression "config.networking.networkmanager.enable"; description = '' Install a network-manager dispatcher script to automatically connect to all remotes when networking is available diff --git a/modules/uucp.nix b/modules/uucp.nix index 95b675a6..abca2acb 100644 --- a/modules/uucp.nix +++ b/modules/uucp.nix @@ -48,12 +48,14 @@ let commands = mkOption { type = types.listOf types.str; default = cfg.defaultCommands; + defaultText = literalExpression "config.services.uucp.defaultCommands"; description = "Commands to allow for this remote"; }; protocols = mkOption { type = types.separatedString ""; default = cfg.defaultProtocols; + defaultText = literalExpression "config.services.uucp.defaultProtocols"; description = "UUCP protocols to use for this remote"; }; @@ -119,6 +121,7 @@ in { commandPath = mkOption { type = types.listOf types.path; default = [ "${pkgs.rmail}/bin" ]; + defaultText = literalExpression ''[ "''${pkgs.rmail}/bin" ]''; description = '' Command search path for all systems ''; @@ -151,6 +154,7 @@ in { sshKeyDir = mkOption { type = types.path; default = "${cfg.homeDir}/.ssh/"; + defaultText = literalExpression ''''${config.services.uucp.homeDir}/.ssh/''; description = "Directory to store ssh keypairs"; }; @@ -202,6 +206,7 @@ in { nmDispatch = mkOption { type = types.bool; default = config.networking.networkmanager.enable; + defaultText = literalExpression "config.networking.networkmanager.enable"; description = '' Install a network-manager dispatcher script to automatically call all remotes when networking is available diff --git a/overlays/poetry2nix.nix b/overlays/poetry2nix.nix new file mode 100644 index 00000000..693022a0 --- /dev/null +++ b/overlays/poetry2nix.nix @@ -0,0 +1,3 @@ +{ final, prev, flakeInputs, ... }: + +flakeInputs.poetry2nix.overlays.default final prev diff --git a/overlays/prometheus-systemd-exporter.nix b/overlays/prometheus-systemd-exporter.nix deleted file mode 100644 index 84cddb8e..00000000 --- a/overlays/prometheus-systemd-exporter.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ final, prev, ... }: { - prometheus-systemd-exporter = prev.prometheus-systemd-exporter.overrideAttrs (oldAttrs: { - patches = (oldAttrs.patches or []) ++ [ - (final.fetchpatch { - name = "cpu_stat.patch"; - url = "https://github.com/prometheus-community/systemd_exporter/pull/74.patch"; - hash = "sha256-a4M9SPckwkvetxjWMamm0x2wcg2a+Rkicn1XRUHieuM="; - }) - ]; - }); -} diff --git a/system-profiles/core/default.nix b/system-profiles/core/default.nix index 46049e26..67d50606 100644 --- a/system-profiles/core/default.nix +++ b/system-profiles/core/default.nix @@ -1,7 +1,10 @@ { flake, flakeInputs, path, hostName, config, lib, pkgs, customUtils, ... }: + +with lib; + let profileSet = customUtils.types.attrNameSet flake.nixosModules.systemProfiles; - userProfileSet = customUtils.types.attrNameSet (lib.zipAttrs (lib.attrValues flake.nixosModules.userProfiles)); + userProfileSet = customUtils.types.attrNameSet (zipAttrs (attrValues flake.nixosModules.userProfiles)); hasSops = config.sops.secrets != {}; in { imports = with flakeInputs; @@ -11,7 +14,7 @@ in { options = { # See mkSystemProfile in ../flake.nix - system.profiles = lib.mkOption { + system.profiles = mkOption { type = profileSet; default = []; description = '' @@ -19,9 +22,9 @@ in { ''; }; - users.users = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule { - options.profiles = lib.mkOption { + users.users = mkOption { + type = types.attrsOf (types.submodule { + options.profiles = mkOption { type = userProfileSet; default = []; description = '' @@ -30,14 +33,71 @@ in { }; }); }; + + nixpkgs.externalConfig = mkOption { + default = {}; + example = literalExpression + '' + { allowBroken = true; allowUnfree = true; } + ''; + type = mkOptionType { + name = "nixpkgs-config"; + description = "nixpkgs config"; + check = x: + let traceXIfNot = c: + if c x then true + else traceSeqN 1 x false; + isConfig = x: + builtins.isAttrs x || isFunction x; + in traceXIfNot isConfig; + merge = args: + let + optCall = f: x: + if isFunction f + then f x + else f; + mergeConfig = lhs_: rhs_: + let + lhs = optCall lhs_ { inherit pkgs; }; + rhs = optCall rhs_ { inherit pkgs; }; + in + recursiveUpdate lhs rhs // + optionalAttrs (lhs ? packageOverrides) { + packageOverrides = pkgs: + optCall lhs.packageOverrides pkgs // + optCall (attrByPath [ "packageOverrides" ] { } rhs) pkgs; + } // + optionalAttrs (lhs ? perlPackageOverrides) { + perlPackageOverrides = pkgs: + optCall lhs.perlPackageOverrides pkgs // + optCall (attrByPath [ "perlPackageOverrides" ] { } rhs) pkgs; + }; + in foldr (def: mergeConfig def.value) {}; + }; + description = mdDoc '' + The configuration of the Nix Packages collection. (For + details, see the Nixpkgs documentation.) It allows you to set + package configuration options. + + Used to construct `nixpkgs.pkgs`. + ''; + }; + + nixpkgs.flakeInput = mkOption { + type = types.enum (attrNames flakeInputs); + default = if flakeInputs ? "nixpkgs-${hostName}" then "nixpkgs-${hostName}" else "nixpkgs"; + defaultText = literalExpression ''if flakeInputs ? "nixpkgs-''${hostName}" then "nixpkgs-''${hostName}" else "nixpkgs"''; + internal = true; + }; }; config = { networking.hostName = hostName; - system.configurationRevision = lib.mkIf (flake ? rev) flake.rev; + system.configurationRevision = mkIf (flake ? rev) flake.rev; - nixpkgs.pkgs = flake.legacyPackages.${config.nixpkgs.system}.override { - inherit (config.nixpkgs) config; + nixpkgs.pkgs = import (flakeInputs.${config.nixpkgs.flakeInput}.outPath + "/pkgs/top-level") { + overlays = attrValues flake.overlays; + config = config.nixpkgs.externalConfig; localSystem = config.nixpkgs.system; }; @@ -64,7 +124,7 @@ in { ]; registry = let override = { self = "nixos"; }; - in lib.mapAttrs' (inpName: inpFlake: lib.nameValuePair + in mapAttrs' (inpName: inpFlake: nameValuePair (override.${inpName} or inpName) { flake = inpFlake; } ) flakeInputs; }; @@ -97,7 +157,7 @@ in { backupFileExtension = "bak"; }; - sops = lib.mkIf hasSops { + sops = mkIf hasSops { age = { keyFile = "/var/lib/sops-nix/key.txt"; generateKey = false; diff --git a/system-profiles/initrd-ssh/default.nix b/system-profiles/initrd-ssh/default.nix index 5176234f..ef469343 100644 --- a/system-profiles/initrd-ssh/default.nix +++ b/system-profiles/initrd-ssh/default.nix @@ -3,8 +3,6 @@ with lib; { - imports = [ ./module.nix ]; - config = { boot.initrd = { network = { @@ -21,8 +19,8 @@ with lib; }; secrets = with config.sops.secrets; { - "/etc/ssh/ssh_host_ed25519_key" = initrd_ssh_host_ed25519_key.path; - "/etc/ssh/ssh_host_rsa_key" = initrd_ssh_host_rsa_key.path; + "/etc/ssh/ssh_host_ed25519_key" = mkForce initrd_ssh_host_ed25519_key.path; + "/etc/ssh/ssh_host_rsa_key" = mkForce initrd_ssh_host_rsa_key.path; }; extraFiles = let diff --git a/system-profiles/networkmanager.nix b/system-profiles/networkmanager.nix index d5c85999..0fc25619 100644 --- a/system-profiles/networkmanager.nix +++ b/system-profiles/networkmanager.nix @@ -9,7 +9,6 @@ with lib; enable = true; dhcp = "internal"; dns = mkForce "dnsmasq"; - firewallBackend = mkIf config.networking.nftables.enable "nftables"; logLevel = "INFO"; extraConfig = '' [connectivity] diff --git a/system-profiles/openssh/default.nix b/system-profiles/openssh/default.nix index 3e17e96c..098e2b25 100644 --- a/system-profiles/openssh/default.nix +++ b/system-profiles/openssh/default.nix @@ -66,7 +66,10 @@ in { services.openssh = mkIf cfg.enable { hostKeys = mkIf cfg.staticHostKeys (mkForce []); # done manually settings = { - inherit Ciphers Macs KexAlgorithms HostKeyAlgorithms CASignatureAlgorithms PubkeyAcceptedAlgorithms; + inherit Ciphers Macs KexAlgorithms; + HostKeyAlgorithms = concatStringsSep "," HostKeyAlgorithms; + PubkeyAcceptedAlgorithms = concatStringsSep "," PubkeyAcceptedAlgorithms; + CASignatureAlgorithms = concatStringsSep "," CASignatureAlgorithms; LogLevel = "VERBOSE"; RevokedKeys = toString ./ca/krl.bin; diff --git a/system-profiles/rebuild-machines/default.nix b/system-profiles/rebuild-machines/default.nix index 09832e73..cc01f66b 100644 --- a/system-profiles/rebuild-machines/default.nix +++ b/system-profiles/rebuild-machines/default.nix @@ -69,6 +69,7 @@ in { }; }; default = { flake = { type = "git"; url = "ssh://${cfg.repoHost}/nixos"; ref = "flakes"; }; flakeOutput = hostName; }; + defaultText = literalExpression ''{ flake = { type = "git"; url = "ssh://''${config.system.rebuild-machine.repoHost}/nixos"; ref = "flakes"; }; flakeOutput = hostName; }''; description = '' The Flake URI of the NixOS configuration to build. ''; -- cgit v1.2.3