From da6a7d5c69aa3e8b70755e88be0f44b642422114 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 7 Dec 2023 20:32:45 +0100 Subject: bump --- system-profiles/core/default.nix | 80 ++++++++++++++++++++++++---- system-profiles/initrd-ssh/default.nix | 6 +-- system-profiles/networkmanager.nix | 1 - system-profiles/openssh/default.nix | 5 +- system-profiles/rebuild-machines/default.nix | 1 + 5 files changed, 77 insertions(+), 16 deletions(-) (limited to 'system-profiles') diff --git a/system-profiles/core/default.nix b/system-profiles/core/default.nix index 46049e26..67d50606 100644 --- a/system-profiles/core/default.nix +++ b/system-profiles/core/default.nix @@ -1,7 +1,10 @@ { flake, flakeInputs, path, hostName, config, lib, pkgs, customUtils, ... }: + +with lib; + let profileSet = customUtils.types.attrNameSet flake.nixosModules.systemProfiles; - userProfileSet = customUtils.types.attrNameSet (lib.zipAttrs (lib.attrValues flake.nixosModules.userProfiles)); + userProfileSet = customUtils.types.attrNameSet (zipAttrs (attrValues flake.nixosModules.userProfiles)); hasSops = config.sops.secrets != {}; in { imports = with flakeInputs; @@ -11,7 +14,7 @@ in { options = { # See mkSystemProfile in ../flake.nix - system.profiles = lib.mkOption { + system.profiles = mkOption { type = profileSet; default = []; description = '' @@ -19,9 +22,9 @@ in { ''; }; - users.users = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule { - options.profiles = lib.mkOption { + users.users = mkOption { + type = types.attrsOf (types.submodule { + options.profiles = mkOption { type = userProfileSet; default = []; description = '' @@ -30,14 +33,71 @@ in { }; }); }; + + nixpkgs.externalConfig = mkOption { + default = {}; + example = literalExpression + '' + { allowBroken = true; allowUnfree = true; } + ''; + type = mkOptionType { + name = "nixpkgs-config"; + description = "nixpkgs config"; + check = x: + let traceXIfNot = c: + if c x then true + else traceSeqN 1 x false; + isConfig = x: + builtins.isAttrs x || isFunction x; + in traceXIfNot isConfig; + merge = args: + let + optCall = f: x: + if isFunction f + then f x + else f; + mergeConfig = lhs_: rhs_: + let + lhs = optCall lhs_ { inherit pkgs; }; + rhs = optCall rhs_ { inherit pkgs; }; + in + recursiveUpdate lhs rhs // + optionalAttrs (lhs ? packageOverrides) { + packageOverrides = pkgs: + optCall lhs.packageOverrides pkgs // + optCall (attrByPath [ "packageOverrides" ] { } rhs) pkgs; + } // + optionalAttrs (lhs ? perlPackageOverrides) { + perlPackageOverrides = pkgs: + optCall lhs.perlPackageOverrides pkgs // + optCall (attrByPath [ "perlPackageOverrides" ] { } rhs) pkgs; + }; + in foldr (def: mergeConfig def.value) {}; + }; + description = mdDoc '' + The configuration of the Nix Packages collection. (For + details, see the Nixpkgs documentation.) It allows you to set + package configuration options. + + Used to construct `nixpkgs.pkgs`. + ''; + }; + + nixpkgs.flakeInput = mkOption { + type = types.enum (attrNames flakeInputs); + default = if flakeInputs ? "nixpkgs-${hostName}" then "nixpkgs-${hostName}" else "nixpkgs"; + defaultText = literalExpression ''if flakeInputs ? "nixpkgs-''${hostName}" then "nixpkgs-''${hostName}" else "nixpkgs"''; + internal = true; + }; }; config = { networking.hostName = hostName; - system.configurationRevision = lib.mkIf (flake ? rev) flake.rev; + system.configurationRevision = mkIf (flake ? rev) flake.rev; - nixpkgs.pkgs = flake.legacyPackages.${config.nixpkgs.system}.override { - inherit (config.nixpkgs) config; + nixpkgs.pkgs = import (flakeInputs.${config.nixpkgs.flakeInput}.outPath + "/pkgs/top-level") { + overlays = attrValues flake.overlays; + config = config.nixpkgs.externalConfig; localSystem = config.nixpkgs.system; }; @@ -64,7 +124,7 @@ in { ]; registry = let override = { self = "nixos"; }; - in lib.mapAttrs' (inpName: inpFlake: lib.nameValuePair + in mapAttrs' (inpName: inpFlake: nameValuePair (override.${inpName} or inpName) { flake = inpFlake; } ) flakeInputs; }; @@ -97,7 +157,7 @@ in { backupFileExtension = "bak"; }; - sops = lib.mkIf hasSops { + sops = mkIf hasSops { age = { keyFile = "/var/lib/sops-nix/key.txt"; generateKey = false; diff --git a/system-profiles/initrd-ssh/default.nix b/system-profiles/initrd-ssh/default.nix index 5176234f..ef469343 100644 --- a/system-profiles/initrd-ssh/default.nix +++ b/system-profiles/initrd-ssh/default.nix @@ -3,8 +3,6 @@ with lib; { - imports = [ ./module.nix ]; - config = { boot.initrd = { network = { @@ -21,8 +19,8 @@ with lib; }; secrets = with config.sops.secrets; { - "/etc/ssh/ssh_host_ed25519_key" = initrd_ssh_host_ed25519_key.path; - "/etc/ssh/ssh_host_rsa_key" = initrd_ssh_host_rsa_key.path; + "/etc/ssh/ssh_host_ed25519_key" = mkForce initrd_ssh_host_ed25519_key.path; + "/etc/ssh/ssh_host_rsa_key" = mkForce initrd_ssh_host_rsa_key.path; }; extraFiles = let diff --git a/system-profiles/networkmanager.nix b/system-profiles/networkmanager.nix index d5c85999..0fc25619 100644 --- a/system-profiles/networkmanager.nix +++ b/system-profiles/networkmanager.nix @@ -9,7 +9,6 @@ with lib; enable = true; dhcp = "internal"; dns = mkForce "dnsmasq"; - firewallBackend = mkIf config.networking.nftables.enable "nftables"; logLevel = "INFO"; extraConfig = '' [connectivity] diff --git a/system-profiles/openssh/default.nix b/system-profiles/openssh/default.nix index 3e17e96c..098e2b25 100644 --- a/system-profiles/openssh/default.nix +++ b/system-profiles/openssh/default.nix @@ -66,7 +66,10 @@ in { services.openssh = mkIf cfg.enable { hostKeys = mkIf cfg.staticHostKeys (mkForce []); # done manually settings = { - inherit Ciphers Macs KexAlgorithms HostKeyAlgorithms CASignatureAlgorithms PubkeyAcceptedAlgorithms; + inherit Ciphers Macs KexAlgorithms; + HostKeyAlgorithms = concatStringsSep "," HostKeyAlgorithms; + PubkeyAcceptedAlgorithms = concatStringsSep "," PubkeyAcceptedAlgorithms; + CASignatureAlgorithms = concatStringsSep "," CASignatureAlgorithms; LogLevel = "VERBOSE"; RevokedKeys = toString ./ca/krl.bin; diff --git a/system-profiles/rebuild-machines/default.nix b/system-profiles/rebuild-machines/default.nix index 09832e73..cc01f66b 100644 --- a/system-profiles/rebuild-machines/default.nix +++ b/system-profiles/rebuild-machines/default.nix @@ -69,6 +69,7 @@ in { }; }; default = { flake = { type = "git"; url = "ssh://${cfg.repoHost}/nixos"; ref = "flakes"; }; flakeOutput = hostName; }; + defaultText = literalExpression ''{ flake = { type = "git"; url = "ssh://''${config.system.rebuild-machine.repoHost}/nixos"; ref = "flakes"; }; flakeOutput = hostName; }''; description = '' The Flake URI of the NixOS configuration to build. ''; -- cgit v1.2.3