From c4e6bcb664c965ae7b49dd49707fe8d238993105 Mon Sep 17 00:00:00 2001 From: Gerg-L Date: Fri, 28 Jul 2023 19:38:59 -0400 Subject: [PATCH] moved install iso from a package to a host made funnier functions gave more modules disable options updated lint command --- flake.nix | 32 ++--- hosts/gerg-desktop/main.nix | 7 +- installer/default.nix => hosts/iso/main.nix | 30 +++-- lib/default.nix | 14 ++- modules/boot/misc.nix | 130 ++++++++++---------- modules/boot/stage2patch.nix | 7 +- modules/hardware.nix | 14 +-- modules/misc.nix | 2 +- modules/sops.nix | 16 ++- 9 files changed, 132 insertions(+), 120 deletions(-) rename installer/default.nix => hosts/iso/main.nix (66%) diff --git a/flake.nix b/flake.nix index eb82d7f..807bcbb 100644 --- a/flake.nix +++ b/flake.nix @@ -39,17 +39,18 @@ inputs.nixpkgs.follows = "unstable"; }; }; - outputs = inputs @ { - unstable, - nixos-generators, - ... - }: let + + outputs = inputs: let lib = import ./lib inputs; in - lib.withSystem ( - system: let - pkgs = unstable.legacyPackages.${system}; - in { + lib.gerg-utils { + allowUnfree = true; + } ( + { + pkgs, + system, + ... + }: { inherit lib; nixosConfigurations = lib.mkHosts @@ -58,6 +59,7 @@ "gerg-desktop" "game-laptop" "moms-laptop" + "iso" ]; nixosModules = lib.mkModules ./modules; @@ -77,17 +79,7 @@ ]; }; - packages.${system} = - { - nixos-iso = nixos-generators.nixosGenerate { - inherit system; - format = "install-iso"; - modules = [ - (import ./installer inputs) - ]; - }; - } - // lib.mkPackages ./packages pkgs; + packages.${system} = lib.mkPackages ./packages pkgs; } ); } diff --git a/hosts/gerg-desktop/main.nix b/hosts/gerg-desktop/main.nix index 7991d05..2e56efa 100644 --- a/hosts/gerg-desktop/main.nix +++ b/hosts/gerg-desktop/main.nix @@ -1,7 +1,6 @@ {nvim-flake, ...}: { pkgs, config, - lib, ... }: { local = { @@ -64,9 +63,9 @@ ; inherit (nvim-flake.packages.${pkgs.system}) neovim; lint = pkgs.writeShellScriptBin "lint" '' - deadnix -e "$1" - statix fix "$1" - alejandra "$1" + deadnix -e "''${1:-.}" + statix fix -- "''${1:-.}" + alejandra "''${1:-.}" ''; }; etc = { diff --git a/installer/default.nix b/hosts/iso/main.nix similarity index 66% rename from installer/default.nix rename to hosts/iso/main.nix index 63c1e65..643aa18 100644 --- a/installer/default.nix +++ b/hosts/iso/main.nix @@ -1,25 +1,36 @@ -{disko, ...}: { +{ + disko, + nixos-generators, + ... +}: { lib, modulesPath, pkgs, ... }: { + ##Build wtih nix build .#nixosConfigurations.iso.config.formats.iso + local = { + hardware = { + gpuAcceleration.disable = true; + sound.disable = true; + }; + bootConfig = { + disable = true; + stage2patch.disable = true; + }; + }; imports = [ "${modulesPath}/profiles/minimal.nix" "${modulesPath}/installer/cd-dvd/installation-cd-base.nix" + nixos-generators.nixosModules.all-formats ]; environment = { noXlibs = lib.mkOverride 500 false; - defaultPackages = []; systemPackages = [ - pkgs.gitMinimal pkgs.neovim disko.packages.${pkgs.system}.default ]; - variables = { - EDITOR = "nvim"; - }; }; documentation = { man.enable = lib.mkOverride 500 false; @@ -32,12 +43,7 @@ edition = lib.mkForce "gerg-minimal"; isoName = lib.mkForce "NixOS.iso"; }; - nix = { - settings = { - experimental-features = ["nix-command" "flakes" "repl-flake"]; - auto-optimise-store = true; - }; - }; + sound.enable = false; _file = ./default.nix; } diff --git a/lib/default.nix b/lib/default.nix index a67cdda..616553c 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -31,9 +31,19 @@ inputs @ { in { inherit importAll mkModules listNixFilesRecursive; - withSystem = f: + gerg-utils = config: f: lib.fold lib.recursiveUpdate {} - (map f ["x86_64-linux"]); + (map (system: + f { + inherit system; + pkgs = + if config == {} + then unstable.legacyPackages.${system} + else + import unstable { + inherit system config; + }; + }) ["x86_64-linux"]); #"x86_64-darwin" "aarch64-linux" "aarch64-darwin" mkHosts = system: names: diff --git a/modules/boot/misc.nix b/modules/boot/misc.nix index 7dcd416..3a5fc2d 100644 --- a/modules/boot/misc.nix +++ b/modules/boot/misc.nix @@ -1,72 +1,78 @@ {self, ...}: { lib, pkgs, + config, ... }: { - environment.etc = { - "issue" = { - text = "[?12l[?25h"; - mode = "0444"; - }; - }; - boot = { - blacklistedKernelModules = ["pcspkr"]; - kernelParams = [ - "acpi_call" - "pti=auto" - "randomize_kstack_offset=on" - "vsyscall=none" - "slab_nomerge" - "module.sig_enforce=1" - "lockdown=confidentiality" - "page_poison=1" - "page_alloc.shuffle=1" - "sysrq_always_enabled=0" - "idle=nomwait" - "rootflags=noatime" - "iommu=pt" - "usbcore.autosuspend=-1" - "noresume" - "acpi_backlight=native" - "logo.nologo" - "fbcon=nodefer" - "bgrt_disable" - "quiet" - "systemd.show_status=false" - "rd.udev.log_level=3" - "vt.global_cursor_default=0" - ]; - consoleLogLevel = 3; - initrd.verbose = false; - plymouth = { - enable = lib.mkDefault true; - theme = "breeze"; - logo = "${self.packages.${pkgs.system}.images}/logo.png"; - }; - loader = { - grub = { - configurationLimit = 10; - extraConfig = '' - GRUB_TIMEOUT_STYLE=hidden + options.local.bootConfig.disable = lib.mkEnableOption ""; + config = + lib.mkIf (!config.local.bootConfig.disable) + { + environment.etc = { + "issue" = { + text = "[?12l[?25h"; + mode = "0444"; + }; + }; + boot = { + blacklistedKernelModules = ["pcspkr"]; + kernelParams = [ + "acpi_call" + "pti=auto" + "randomize_kstack_offset=on" + "vsyscall=none" + "slab_nomerge" + "module.sig_enforce=1" + "lockdown=confidentiality" + "page_poison=1" + "page_alloc.shuffle=1" + "sysrq_always_enabled=0" + "idle=nomwait" + "rootflags=noatime" + "iommu=pt" + "usbcore.autosuspend=-1" + "noresume" + "acpi_backlight=native" + "logo.nologo" + "fbcon=nodefer" + "bgrt_disable" + "quiet" + "systemd.show_status=false" + "rd.udev.log_level=3" + "vt.global_cursor_default=0" + ]; + consoleLogLevel = 3; + initrd.verbose = false; + plymouth = { + enable = lib.mkDefault true; + theme = "breeze"; + logo = "${self.packages.${pkgs.system}.images}/logo.png"; + }; + loader = { + grub = { + configurationLimit = 10; + extraConfig = '' + GRUB_TIMEOUT_STYLE=hidden + ''; + }; + systemd-boot = { + configurationLimit = 10; + enable = lib.mkDefault true; + consoleMode = "max"; + editor = false; + }; + efi.canTouchEfiVariables = lib.mkDefault true; + timeout = 0; + }; + }; + systemd.services.efibootmgr = { + serviceConfig.Type = "oneshot"; + path = [pkgs.efibootmgr]; + wantedBy = ["default.target"]; + script = '' + efibootmgr -t 0 ''; }; - systemd-boot = { - configurationLimit = 10; - enable = lib.mkDefault true; - consoleMode = "max"; - editor = false; - }; - efi.canTouchEfiVariables = lib.mkDefault true; - timeout = 0; }; - }; - systemd.services.efibootmgr = { - serviceConfig.Type = "oneshot"; - path = [pkgs.efibootmgr]; - wantedBy = ["default.target"]; - script = '' - efibootmgr -t 0 - ''; - }; _file = ./misc.nix; } diff --git a/modules/boot/stage2patch.nix b/modules/boot/stage2patch.nix index 21799cc..4965067 100644 --- a/modules/boot/stage2patch.nix +++ b/modules/boot/stage2patch.nix @@ -30,6 +30,11 @@ let ''; }; in { - system.build.bootStage2 = lib.mkForce bootStage2; + options.local.bootConfig.stage2patch.disable = lib.mkEnableOption ""; + config = + lib.mkIf (!config.local.bootConfig.stage2patch.disable) + { + system.build.bootStage2 = lib.mkForce bootStage2; + }; _file = ./stage2patch.nix; } diff --git a/modules/hardware.nix b/modules/hardware.nix index 940400e..329eb84 100644 --- a/modules/hardware.nix +++ b/modules/hardware.nix @@ -6,18 +6,8 @@ _: { cfg = config.local.hardware; in { options.local.hardware = { - gpuAcceleration = { - disable = lib.mkOption { - type = lib.types.bool; - default = false; - }; - }; - sound = { - disable = lib.mkOption { - type = lib.types.bool; - default = false; - }; - }; + gpuAcceleration.disable = lib.mkEnableOption ""; + sound.disable = lib.mkEnableOption ""; }; config = lib.mkMerge [ ( diff --git a/modules/misc.nix b/modules/misc.nix index 9925027..401ef9b 100644 --- a/modules/misc.nix +++ b/modules/misc.nix @@ -31,7 +31,7 @@ _: { enable = true; hostKeys = lib.mkForce []; settings = { - PermitRootLogin = "no"; + PermitRootLogin = lib.mkDefault "no"; PasswordAuthentication = false; KbdInteractiveAuthentication = false; }; diff --git a/modules/sops.nix b/modules/sops.nix index 0ebe918..dfdb169 100644 --- a/modules/sops.nix +++ b/modules/sops.nix @@ -5,17 +5,21 @@ }: { pkgs, config, + lib, ... }: { imports = [ sops-nix.nixosModules.sops ]; - environment.systemPackages = [ - pkgs.sops - ]; - sops = { - defaultSopsFile = "${self}/hosts/${config.networking.hostName}/secrets.yaml"; - age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + options.local.sops.disable = lib.mkEnableOption ""; + config = lib.mkIf (!config.local.sops.disable) { + environment.systemPackages = [ + pkgs.sops + ]; + sops = { + defaultSopsFile = "${self}/hosts/${config.networking.hostName}/secrets.yaml"; + age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + }; }; _file = ./sops.nix; }