Started migration towards flake-parts

Plus shit ton many changes I still had to commit
2023-03-12 17:05:03 +01:00 · 2023-03-12 17:05:03 +01:00 · f05ee0a658
commit f05ee0a658
parent 261b763848
18 changed files with 752 additions and 460 deletions
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -0,0 +1,132 @@
+{
+  self,
+  lib,
+  config,
+  inputs,
+  ...
+}: {
+  options.fleet = {
+    hosts = lib.mkOption {
+      description = "Host configuration";
+      type = lib.types.attrsOf (lib.types.submodule {
+        options = {
+          name = lib.mkOption {
+            description = "Host name";
+            type = lib.types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$";
+          };
+          system = lib.mkOption {
+            description = "NixOS architecture (a.k.a. system)";
+            type = lib.types.str;
+            default = "x86_64-linux";
+          };
+          secrets = lib.mkOption {
+            description = "List of secrets names in the `secrets` folder";
+            type = lib.types.listOf lib.types.str;
+            default = [];
+          };
+          enableHomeManager = lib.mkOption {
+            description = "Enable home-manager module";
+            type = lib.types.bool;
+            default = true;
+          };
+          overlays = lib.mkOption {
+            description = "Enabled Nixpkgs overlays";
+            type = lib.types.listOf (lib.mkOptionType {
+              name = "nixpkgs-overlay";
+              description = "nixpkgs overlay";
+              check = lib.isFunction;
+              merge = lib.mergeOneOption;
+            });
+            default = with inputs; [
+              agenix.overlays.default
+              comma.overlays.default
+              nur.overlay
+              nil.overlays.default
+            ];
+          };
+          extraModules = lib.mkOption {
+            description = "Extra NixOS modules";
+            type = lib.types.listOf lib.types.deferredModule;
+            default = [];
+          };
+          extraHmModules = lib.mkOption {
+            description = "Extra home-manager modules";
+            type = lib.types.listOf lib.types.deferredModule;
+            default = [];
+          };
+          extraHmModulesUser = lib.mkOption {
+            description = "User for which to import extraHmModulesUser";
+            type = lib.types.str;
+            default = "ccr";
+          };
+        };
+      });
+      default = {};
+    };
+    _mkNixosConfiguration = lib.mkOption {
+      description = "Function returning a proper NixOS configuration";
+      type = lib.types.functionTo (lib.types.functionTo lib.types.attrs); # TODO improve this type
+      internal = true;
+      default = hostname: config:
+        inputs.nixpkgsUnstable.lib.nixosSystem {
+          system = config.system;
+          modules =
+            [
+              ({lib, ...}: {
+                networking.hostName = lib.mkForce hostname;
+                nixpkgs.overlays = config.overlays;
+              })
+              "${self.outPath}/hosts/${hostname}"
+            ]
+            ++ (lib.optionals (config.secrets != []) [
+              inputs.agenix.nixosModules.default
+              ({lib, ...}: {
+                age.secrets =
+                  lib.filterAttrs
+                  (name: _: builtins.elem name config.secrets)
+                  (lib.mapAttrs' (name: _: {
+                    name = lib.removeSuffix ".age" (builtins.baseNameOf name);
+                    value.file = "${self.outPath}/${name}";
+                  }) (import "${self.outPath}/secrets"));
+              })
+            ])
+            ++ (lib.optionals config.enableHomeManager [
+              inputs.homeManager.nixosModule
+              {home-manager.users."${config.extraHmModulesUser}".imports = config.extraHmModules;}
+            ])
+            ++ config.extraModules;
+          specialArgs = {
+            fleetModules = builtins.map (moduleName: "${self.outPath}/modules/${moduleName}");
+            fleetHmModules = builtins.map (moduleName: "${self.outPath}/hmModules/${moduleName}");
+          };
+        };
+    };
+  };
+
+  # TODO Add per host:
+  # - apps to run as VMs
+  # - checks
+  # - deploy scripts (`nixos-rebuild`)
+
+  config = {
+    fleet.hosts = {
+      # TODO add `hs` and `pbp`
+      thinkpad = {
+        extraModules = [inputs.nixosHardware.nixosModules.lenovo-thinkpad-x1-7th-gen];
+        extraHmModules = [
+          inputs.ccrEmacs.hmModules.default
+        ];
+        secrets = ["cachix"];
+      };
+      rock5b = {
+        system = "aarch64-linux";
+        extraModules = [inputs.rock5b.nixosModules.default];
+      };
+    };
+
+    flake.nixosConfigurations =
+      lib.mapAttrs
+      config.fleet._mkNixosConfiguration
+      config.fleet.hosts;
+  };
+}
--- a/hosts/rock5b/default.nix
+++ b/hosts/rock5b/default.nix
@ -1,13 +1,72 @@
-{fleetModules, ...}: {
+{
+  fleetModules,
+  lib,
+  pkgs,
+  config,
+  ...
+}: {
  imports =
    [
      ./hardware-configuration.nix
    ]
-    ++ fleetModules [
+    ++ (fleetModules [
      "common"
      "ssh"
      "ccr"
-    ];
+    ]);

  ccr.enable = true;
+
+  services.rock5b-fan-control.enable = true;
+
+  nixpkgs.config.permittedInsecurePackages = [
+    "libav-11.12"
+  ];
+
+  fileSystems."/mnt/film" = {
+    device = "//ccr.ydns.eu/film";
+    fsType = "cifs";
+    options = let
+      credentials = pkgs.writeText "credentials" ''
+        username=guest
+        password=
+      '';
+    in ["credentials=${credentials},x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"];
+  };
+  fileSystems."/mnt/archivio" = {
+    device = "//ccr.ydns.eu/archivio";
+    fsType = "cifs";
+    options = let
+      credentials = pkgs.writeText "credentials" ''
+        username=guest
+        password=
+      '';
+    in ["credentials=${credentials},x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"];
+  };
+
+  environment.systemPackages = with pkgs; [
+    kodi-rock5b
+    cifs-utils
+  ];
+
+  users.extraUsers.kodi = {
+    isNormalUser = true;
+    uid = 1002;
+    extraGroups = ["video" "input"];
+  };
+
+  # Waiting for https://github.com/NixOS/nixpkgs/issues/140304
+  services.getty = let
+    script = pkgs.writeText "login-program.sh" ''
+      if [[ "$(tty)" == '/dev/tty1' ]]; then
+        ${pkgs.shadow}/bin/login -f kodi;
+      else
+        ${pkgs.shadow}/bin/login;
+      fi
+    '';
+  in {
+    loginProgram = "${pkgs.bash}/bin/sh";
+    loginOptions = toString script;
+    extraArgs = ["--skip-login"];
+  };
 }
--- a/hosts/rock5b/hardware-configuration.nix
+++ b/hosts/rock5b/hardware-configuration.nix
@ -6,6 +6,8 @@
    };
  };

+  nixpkgs.hostPlatform = "aarch64-linux";
+
  swapDevices = [];

  boot.loader = {
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@ -14,7 +14,7 @@
      "adb"
      "audio"
      "battery"
-      "binfmt"
+      # "binfmt"
      "bluetooth"
      "ccr"
      "common"
@ -29,6 +29,7 @@
      "udisks2"
      "xdg"
      "nix-development"
+      "clamav"
    ];

  ccr = {
@ -58,6 +59,7 @@
      "xdg"
      "zathura"
      "chrome"
+      "obs-studio"
    ];
    packages = with pkgs; [
      comma
@ -78,7 +80,7 @@
  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
  boot.initrd.kernelModules = [];
  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [];
+  boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
  boot.kernelPackages = pkgs.linuxPackages_zen;

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking