diff --git a/constants.nix b/constants.nix new file mode 100644 index 00000000..b50514f5 --- /dev/null +++ b/constants.nix @@ -0,0 +1,15 @@ +rec { + # user information + username = "ryan"; + userfullname = "Ryan Yin"; + useremail = "xiaoyin_c@qq.com"; + + # linux systems + x64_system = "x86_64-linux"; + riscv64_system = "riscv64-linux"; + aarch64_system = "aarch64-linux"; + # darwin systems + x64_darwin = "x86_64-darwin"; + aarch64_darwin = "aarch64-darwin"; + allSystems = [x64_system riscv64_system aarch64_system x64_darwin aarch64_darwin]; +} diff --git a/flake.nix b/flake.nix index 1c297434..c1f7eb8c 100644 --- a/flake.nix +++ b/flake.nix @@ -16,284 +16,73 @@ outputs = inputs @ { self, nixpkgs, - nixpkgs-unstable, - nixpkgs-darwin, pre-commit-hooks, - nix-darwin, - home-manager, - nixos-generators, - nixos-licheepi4a, - nixos-rk3588, ... }: let - username = "ryan"; - userfullname = "Ryan Yin"; - useremail = "xiaoyin_c@qq.com"; + constants = import ./constants.nix; - x64_system = "x86_64-linux"; - x64_darwin = "x86_64-darwin"; - riscv64_system = "riscv64-linux"; - aarch64_system = "aarch64-linux"; - allSystems = [x64_system x64_darwin riscv64_system aarch64_system]; + # FYI: `lib.genAttrs [ "foo" "bar" ] (name: "x_" + name)` => `{ foo = "x_foo"; bar = "x_bar"; }` + forEachSystem = func: (nixpkgs.lib.genAttrs constants.allSystems func); - nixosSystem = import ./lib/nixosSystem.nix; - macosSystem = import ./lib/macosSystem.nix; - colmenaSystem = import ./lib/colmenaSystem.nix; - - # 星野 アイ, Hoshino Ai - idol_ai_modules_i3 = { - nixos-modules = [ - ./hosts/idols/ai - ./modules/nixos/i3.nix - ]; - home-module = import ./home/linux/desktop-i3.nix; - }; - idol_ai_modules_hyprland = { - nixos-modules = [ - ./hosts/idols/ai - ./modules/nixos/hyprland.nix - ]; - home-module = import ./home/linux/desktop-hyprland.nix; - }; - - # 星野 愛久愛海, Hoshino Akuamarin - idol_aquamarine_modules = { - nixos-modules = [ - ./hosts/idols/aquamarine - ]; - home-module = import ./home/linux/server.nix; - }; - idol_aquamarine_tags = ["dist-build" "aqua"]; - - # 星野 瑠美衣, Hoshino Rubii - idol_ruby_modules = { - nixos-modules = [ - ./hosts/idols/ruby - ]; - home-module = import ./home/linux/server.nix; - }; - idol_ruby_tags = ["dist-build" "ruby"]; - - # 有馬 かな, Arima Kana - idol_kana_modules = { - nixos-modules = [ - ./hosts/idols/kana - ]; - home-module = import ./home/linux/server.nix; - }; - idol_kana_tags = ["dist-build" "kana"]; - - # 森友 望未, Moritomo Nozomi - rolling_nozomi_modules = { - nixos-modules = [ - ./hosts/rolling_girls/nozomi - ]; - # home-module = import ./home/linux/server-riscv64.nix; - }; - rolling_nozomi_tags = ["riscv" "nozomi"]; - - # 小坂 結季奈, Kosaka Yukina - rolling_yukina_modules = { - nixos-modules = [ - ./hosts/rolling_girls/yukina - ]; - # home-module = import ./home/linux/server-riscv64.nix; - }; - rolling_yukina_tags = ["riscv" "yukina"]; - - # 大木 鈴, Ōki Suzu - _12kingdoms_suzu_modules = { - nixos-modules = [ - ./hosts/12kingdoms/suzu - ]; - # home-module = import ./home/linux/server.nix; - }; - _12kingdoms_suzu_tags = ["aarch" "suzu"]; - - x64_specialArgs = - { - inherit username userfullname useremail; - # use unstable branch for some packages to get the latest updates - pkgs-unstable = import nixpkgs-unstable { - system = x64_system; # refer the `system` parameter form outer scope recursively - # To use chrome, we need to allow the installation of non-free software - config.allowUnfree = true; - }; - } - // inputs; - in { - nixosConfigurations = let - base_args = { - inherit home-manager nixos-generators; - inherit nixpkgs; # or nixpkgs-unstable - system = x64_system; - specialArgs = x64_specialArgs; - }; - in { - # ai with i3 window manager - ai_i3 = nixosSystem (idol_ai_modules_i3 // base_args); - # ai with hyprland compositor - ai_hyprland = nixosSystem (idol_ai_modules_hyprland // base_args); - - # three virtual machines without desktop environment. - aquamarine = nixosSystem (idol_aquamarine_modules // base_args); - ruby = nixosSystem (idol_ruby_modules // base_args); - kana = nixosSystem (idol_kana_modules // base_args); - }; - - # colmena - remote deployment via SSH - colmena = let - # x86_64 related - x64_base_args = { - inherit home-manager; - inherit nixpkgs; # or nixpkgs-unstable - specialArgs = x64_specialArgs; - }; - - # riscv64 related - # using the same nixpkgs as nixos-licheepi4a to utilize the cross-compilation cache. - lpi4a_pkgs = import nixos-licheepi4a.inputs.nixpkgs {system = x64_system;}; - lpi4a_specialArgs = - { - inherit username userfullname useremail; - pkgsKernel = nixos-licheepi4a.packages.${x64_system}.pkgsKernelCross; - } - // inputs; - lpi4a_base_args = { - inherit home-manager; - inherit (nixos-licheepi4a.inputs) nixpkgs; # or nixpkgs-unstable - specialArgs = lpi4a_specialArgs; - targetUser = "root"; - }; - - # aarch64 related - # using the same nixpkgs as nixos-rk3588 to utilize the cross-compilation cache. - rk3588_pkgs = import nixos-rk3588.inputs.nixpkgs {system = x64_system;}; - rk3588_specialArgs = - { - inherit username userfullname useremail; - } - // nixos-rk3588.inputs; - rk3588_base_args = { - inherit home-manager; - inherit (nixos-rk3588.inputs) nixpkgs; # or nixpkgs-unstable - specialArgs = rk3588_specialArgs; - targetUser = "root"; - }; - in { - meta = { - nixpkgs = import nixpkgs {system = x64_system;}; - specialArgs = x64_specialArgs; - - nodeSpecialArgs = { - # riscv64 SBCs - nozomi = lpi4a_specialArgs; - yukina = lpi4a_specialArgs; - - # aarch64 SBCs - suzu = rk3588_specialArgs; - }; - nodeNixpkgs = { - nozomi = lpi4a_pkgs; - yukina = lpi4a_pkgs; - - # aarch64 SBCs - suzu = rk3588_pkgs; - }; - }; - - # proxmox virtual machines(x86_64) - aquamarine = colmenaSystem (idol_aquamarine_modules // x64_base_args // {host_tags = idol_aquamarine_tags;}); - ruby = colmenaSystem (idol_ruby_modules // x64_base_args // {host_tags = idol_ruby_tags;}); - kana = colmenaSystem (idol_kana_modules // x64_base_args // {host_tags = idol_kana_tags;}); - - # riscv64 SBCs - nozomi = colmenaSystem (rolling_nozomi_modules // lpi4a_base_args // {host_tags = rolling_nozomi_tags;}); - yukina = colmenaSystem (rolling_yukina_modules // lpi4a_base_args // {host_tags = rolling_yukina_tags;}); - - # aarch64 SBCs - suzu = colmenaSystem (_12kingdoms_suzu_modules // rk3588_base_args // {host_tags = _12kingdoms_suzu_tags;}); - }; - - # take system images for idols - # https://github.com/nix-community/nixos-generators - packages."${x64_system}" = - # genAttrs returns an attribute set with the given keys and values(host => image). - nixpkgs.lib.genAttrs [ - "ai_i3" - "ai_hyprland" - ] - ( - # generate iso image for hosts with desktop environment - host: - self.nixosConfigurations.${host}.config.formats.iso - ) - // nixpkgs.lib.genAttrs [ - "aquamarine" - "ruby" - "kana" - ] - ( - # generate proxmox image for virtual machines without desktop environment - host: - self.nixosConfigurations.${host}.config.formats.proxmox + allSystemConfigurations = import ./systems {inherit self inputs constants;}; + in + allSystemConfigurations + // { + # format the nix code in this flake + # alejandra is a nix formatter with a beautiful output + formatter = forEachSystem ( + system: nixpkgs.legacyPackages.${system}.alejandra ); - # macOS's configuration, for work. - darwinConfigurations = let - system = x64_darwin; - specialArgs = - { - inherit username userfullname useremail; - # use unstable branch for some packages to get the latest updates - pkgs-unstable = import nixpkgs-unstable { - inherit system; # refer the `system` parameter form outer scope recursively - # To use chrome, we need to allow the installation of non-free software - config.allowUnfree = true; + # pre-commit hooks for nix code + checks = forEachSystem ( + system: { + pre-commit-check = pre-commit-hooks.lib.${system}.run { + src = ./.; + hooks = { + alejandra.enable = true; # formatter + # deadnix.enable = true; # detect unused variable bindings in `*.nix` + statix.enable = true; # lints and suggestions for Nix code(auto suggestions) + prettier = { + enable = true; + excludes = [".js" ".md" ".ts"]; + }; + }; }; } - // inputs; - base_args = { - inherit nix-darwin home-manager system specialArgs; - nixpkgs = nixpkgs-darwin; - }; - in { - harmonica = macosSystem (base_args - // { - darwin-modules = [ - ./hosts/harmonica - ]; - home-module = import ./home/darwin; - }); + ); + devShells = forEachSystem ( + system: { + default = nixpkgs.legacyPackages.${system}.mkShell { + name = "dots"; + shellHook = '' + ${self.checks.${system}.pre-commit-check.shellHook} + ''; + }; + } + ); }; - # format the nix code in this flake - # alejandra is a nix formatter with a beautiful output - formatter = nixpkgs.lib.genAttrs allSystems ( - system: - nixpkgs.legacyPackages.${system}.alejandra - ); - - # pre-commit hooks for nix code - checks = nixpkgs.lib.genAttrs allSystems ( - system: { - pre-commit-check = pre-commit-hooks.lib.${system}.run { - src = ./.; - hooks = { - alejandra.enable = true; # formatter - # deadnix.enable = true; # detect unused variable bindings in `*.nix` - statix.enable = true; # lints and suggestions for Nix code(auto suggestions) - }; - }; - } - ); - devShells = nixpkgs.lib.genAttrs allSystems ( - system: { - default = nixpkgs.legacyPackages.${system}.mkShell { - inherit (self.checks.${system}.pre-commit-check) shellHook; - }; - } - ); + # the nixConfig here only affects the flake itself, not the system configuration! + # for more information, see: + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/add-custom-cache-servers + nixConfig = { + # substituers will be appended to the default substituters when fetching packages + extra-substituters = [ + "https://nix-community.cachix.org" + # my own cache server + "https://ryan4yin.cachix.org" + "https://anyrun.cachix.org" + "https://hyprland.cachix.org" + # "https://nixpkgs-wayland.cachix.org" + ]; + extra-trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "ryan4yin.cachix.org-1:Gbk27ZU5AYpGS9i3ssoLlwdvMIh0NxG0w8it/cv9kbU=" + "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s=" + "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" + # "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA=" + ]; }; # This is the standard format for flake.nix. `inputs` are the dependencies of the flake, @@ -444,26 +233,4 @@ flake = false; }; }; - - # the nixConfig here only affects the flake itself, not the system configuration! - # for more information, see: - # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/add-custom-cache-servers - nixConfig = { - # substituers will be appended to the default substituters when fetching packages - extra-substituters = [ - "https://nix-community.cachix.org" - # my own cache server - "https://ryan4yin.cachix.org" - "https://anyrun.cachix.org" - "https://hyprland.cachix.org" - # "https://nixpkgs-wayland.cachix.org" - ]; - extra-trusted-public-keys = [ - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "ryan4yin.cachix.org-1:Gbk27ZU5AYpGS9i3ssoLlwdvMIh0NxG0w8it/cv9kbU=" - "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s=" - "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" - # "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA=" - ]; - }; } diff --git a/home/base/server/core.nix b/home/base/server/core.nix index 4552d5ca..b8763d40 100644 --- a/home/base/server/core.nix +++ b/home/base/server/core.nix @@ -61,7 +61,7 @@ # useful in bash/zsh prompt, not in nushell. eza = { enable = true; - enableAliases = false; # do not enable aliases in nushell! + enableAliases = false; # do not enable aliases in nushell! git = true; icons = true; }; diff --git a/hosts/12kingdoms/suzu/default.nix b/hosts/12kingdoms/suzu/default.nix index 01464f67..14e56db1 100644 --- a/hosts/12kingdoms/suzu/default.nix +++ b/hosts/12kingdoms/suzu/default.nix @@ -11,16 +11,9 @@ ############################################################# { imports = [ - { - nixpkgs.crossSystem = { - config = "aarch64-unknown-linux-gnu"; - }; - } # import the rk3588 module, which contains the configuration for bootloader/kernel/firmware (nixos-rk3588 + "/modules/boards/orangepi5.nix") - - ../../../modules/nixos/server-riscv64.nix ]; users.users.root.openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys; diff --git a/hosts/harmonica/default.nix b/hosts/harmonica/default.nix index 16f47964..ebc2c901 100644 --- a/hosts/harmonica/default.nix +++ b/hosts/harmonica/default.nix @@ -7,14 +7,6 @@ let hostname = "harmonica"; in { - imports = [ - ../../modules/darwin - - ../../secrets/darwin.nix - ]; - - nixpkgs.overlays = import ../../overlays args; - networking.hostName = hostname; networking.computerName = hostname; system.defaults.smb.NetBIOSName = hostname; diff --git a/hosts/idols/ai/cifs-mount.nix b/hosts/idols/ai/cifs-mount.nix index 645f67e8..ac344279 100644 --- a/hosts/idols/ai/cifs-mount.nix +++ b/hosts/idols/ai/cifs-mount.nix @@ -1,6 +1,5 @@ { config, - pkgs, username, ... }: { diff --git a/hosts/idols/ai/default.nix b/hosts/idols/ai/default.nix index debafccd..dc87071a 100644 --- a/hosts/idols/ai/default.nix +++ b/hosts/idols/ai/default.nix @@ -1,4 +1,3 @@ -{lanzaboote, ...} @ args: ############################################################# # # Ai - my main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use. @@ -12,12 +11,8 @@ ./impermanence.nix ./secureboot.nix - - ../../../secrets/nixos.nix ]; - nixpkgs.overlays = import ../../../overlays args; - networking = { hostName = "ai"; wireless.enable = false; # Enables wireless support via wpa_supplicant. diff --git a/hosts/idols/aquamarine/default.nix b/hosts/idols/aquamarine/default.nix index 2927b529..4b0d00cd 100644 --- a/hosts/idols/aquamarine/default.nix +++ b/hosts/idols/aquamarine/default.nix @@ -1,18 +1,9 @@ -args: ############################################################# # # Aquamarine - A NixOS VM running on Proxmox # ############################################################# { - imports = [ - ../../../modules/nixos/proxmox-hardware-configuration.nix - - ../../../modules/nixos/server.nix - ]; - - nixpkgs.overlays = import ../../../overlays args; - # Enable binfmt emulation of aarch64-linux, this is required for cross compilation. boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"]; # supported fil systems, so we can mount any removable disks with these filesystems diff --git a/hosts/idols/kana/default.nix b/hosts/idols/kana/default.nix index 772aec3a..22947f9d 100644 --- a/hosts/idols/kana/default.nix +++ b/hosts/idols/kana/default.nix @@ -1,18 +1,9 @@ -args: ############################################################# # # Kana - a NixOS VM running on Proxmox # ############################################################# { - imports = [ - ../../../modules/nixos/proxmox-hardware-configuration.nix - - ../../../modules/nixos/server.nix - ]; - - nixpkgs.overlays = import ../../../overlays args; - # Enable binfmt emulation of aarch64-linux, this is required for cross compilation. boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"]; # supported fil systems, so we can mount any removable disks with these filesystems diff --git a/hosts/idols/ruby/default.nix b/hosts/idols/ruby/default.nix index 71091253..9e330b47 100644 --- a/hosts/idols/ruby/default.nix +++ b/hosts/idols/ruby/default.nix @@ -1,18 +1,9 @@ -args: ############################################################# # # Ruby - a NixOS VM running on Proxmox # ############################################################# { - imports = [ - ../../../modules/nixos/proxmox-hardware-configuration.nix - - ../../../modules/nixos/server.nix - ]; - - nixpkgs.overlays = import ../../../overlays args; - # Enable binfmt emulation of aarch64-linux, this is required for cross compilation. boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"]; # supported fil systems, so we can mount any removable disks with these filesystems diff --git a/hosts/rolling_girls/chiaya/default.nix b/hosts/rolling_girls/chiaya/default.nix index 251ea633..ad35a160 100644 --- a/hosts/rolling_girls/chiaya/default.nix +++ b/hosts/rolling_girls/chiaya/default.nix @@ -1,9 +1,7 @@ { - config, - username, # nixos-jh7110, ... -} @ args: +}: ############################################################# # # Chiaya - NixOS Configuration for Milk-V Mars @@ -13,20 +11,8 @@ ############################################################# { imports = [ - { - # cross-compilation this flake. - nixpkgs.crossSystem = { - system = "riscv64-linux"; - }; - } - - # TODO - - ../../../modules/nixos/server-riscv64.nix ]; - users.users.root.openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys; - # Set static IP address / gateway / DNS servers. networking = { hostName = "chiaya"; # Define your hostname. @@ -64,5 +50,5 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.11"; # Did you read the comment? + system.stateVersion = "23.05"; # Did you read the comment? } diff --git a/hosts/rolling_girls/nozomi/default.nix b/hosts/rolling_girls/nozomi/default.nix index 62650cfb..8dce2913 100644 --- a/hosts/rolling_girls/nozomi/default.nix +++ b/hosts/rolling_girls/nozomi/default.nix @@ -1,9 +1,4 @@ -{ - config, - username, - nixos-licheepi4a, - ... -} @ args: +{nixos-licheepi4a, ...}: ############################################################# # # Nozomi - NixOS configuration for Lichee Pi 4A @@ -11,23 +6,12 @@ ############################################################# { imports = [ - { - # cross-compilation this flake. - nixpkgs.crossSystem = { - system = "riscv64-linux"; - }; - } - # import the licheepi4a module, which contains the configuration for bootloader/kernel/firmware (nixos-licheepi4a + "/modules/licheepi4a.nix") # import the sd-image module, which contains the fileSystems & kernel parameters for booting from sd card. (nixos-licheepi4a + "/modules/sd-image/sd-image-lp4a.nix") - - ../../../modules/nixos/server-riscv64.nix ]; - users.users.root.openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys; - # Set static IP address / gateway / DNS servers. networking = { hostName = "nozomi"; # Define your hostname. @@ -97,5 +81,5 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.11"; # Did you read the comment? + system.stateVersion = "23.05"; # Did you read the comment? } diff --git a/hosts/rolling_girls/yukina/default.nix b/hosts/rolling_girls/yukina/default.nix index 9249211b..0ff0098a 100644 --- a/hosts/rolling_girls/yukina/default.nix +++ b/hosts/rolling_girls/yukina/default.nix @@ -1,9 +1,4 @@ -{ - config, - username, - nixos-licheepi4a, - ... -} @ args: +{nixos-licheepi4a, ...}: ############################################################# # # Yukina - NixOS configuration for Lichee Pi 4A @@ -11,23 +6,12 @@ ############################################################# { imports = [ - { - # cross-compilation this flake. - nixpkgs.crossSystem = { - system = "riscv64-linux"; - }; - } - # import the licheepi4a module, which contains the configuration for bootloader/kernel/firmware (nixos-licheepi4a + "/modules/licheepi4a.nix") # import the sd-image module, which contains the fileSystems & kernel parameters for booting from sd card. (nixos-licheepi4a + "/modules/sd-image/sd-image-lp4a.nix") - - ../../../modules/nixos/server-riscv64.nix ]; - users.users.root.openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys; - # Set static IP address / gateway / DNS servers. networking = { hostName = "yukina"; # Define your hostname. @@ -97,5 +81,5 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.11"; # Did you read the comment? + system.stateVersion = "23.05"; # Did you read the comment? } diff --git a/lib/colmenaSystem.nix b/lib/colmenaSystem.nix index 3cf4b3b2..9da7b3be 100644 --- a/lib/colmenaSystem.nix +++ b/lib/colmenaSystem.nix @@ -10,10 +10,7 @@ }: let inherit (specialArgs) username; in - { - name, - ... - }: { + {name, ...}: { deployment = { inherit targetUser; targetHost = name; # hostName or IP address @@ -27,6 +24,8 @@ in # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake. nix.registry.nixpkgs.flake = nixpkgs; nix.channel.enable = false; # disable nix-channel, we use flakes instead. + + nixpkgs.overlays = import ../overlays specialArgs; } ] ++ ( diff --git a/lib/macosSystem.nix b/lib/macosSystem.nix index 44d581c4..966bd595 100644 --- a/lib/macosSystem.nix +++ b/lib/macosSystem.nix @@ -23,6 +23,8 @@ in # make `nix repl ''` use the same nixpkgs as the one used by this flake. # discard all the default paths, and only use the one from this flake. nix.nixPath = lib.mkForce ["/etc/nix/inputs"]; + + nixpkgs.overlays = import ../overlays specialArgs; }) home-manager.darwinModules.home-manager diff --git a/lib/nixosSystem.nix b/lib/nixosSystem.nix index 101bd404..6ab11a0e 100644 --- a/lib/nixosSystem.nix +++ b/lib/nixosSystem.nix @@ -18,6 +18,8 @@ in # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake. nix.registry.nixpkgs.flake = nixpkgs; nix.channel.enable = false; # disable nix-channel, we use flakes instead. + + nixpkgs.overlays = import ../overlays specialArgs; } nixos-generators.nixosModules.all-formats diff --git a/modules/darwin/nix-core.nix b/modules/darwin/nix-core.nix index 044af5a8..628c971a 100644 --- a/modules/darwin/nix-core.nix +++ b/modules/darwin/nix-core.nix @@ -1,7 +1,4 @@ -{ - pkgs, - ... -}: { +{pkgs, ...}: { ################################################################################### # # Core configuration for nix-darwin diff --git a/modules/nixos/base/misc.nix b/modules/nixos/base/misc.nix index cfba4d2f..d76bccbb 100644 --- a/modules/nixos/base/misc.nix +++ b/modules/nixos/base/misc.nix @@ -2,7 +2,8 @@ lib, pkgs, ... -}: { +}: +{ ################################################################################### # # NixOS's core configuration suitable for all my machines diff --git a/modules/nixos/base/networking.nix b/modules/nixos/base/networking.nix index 361e7348..0390a202 100644 --- a/modules/nixos/base/networking.nix +++ b/modules/nixos/base/networking.nix @@ -14,4 +14,6 @@ }; openFirewall = true; }; + + } diff --git a/modules/nixos/base/user-group.nix b/modules/nixos/base/user-group.nix index 2bdce2be..e105c1f1 100644 --- a/modules/nixos/base/user-group.nix +++ b/modules/nixos/base/user-group.nix @@ -1,4 +1,4 @@ -{username, ...}: { +{username, config, ...}: { # Don't allow mutation of users outside the config. users.mutableUsers = false; @@ -37,10 +37,10 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7PTkP3ixXTZlrJNSHnXgkmHNT+QslFi9wNYXOpVwGB ryan@harmonica" ]; }; - users.users.root.initialHashedPassword = "$7$CU..../....X6uvZYnFD.i1CqqFFNl4./$4vgqzIPyw5XBr0aCDFbY/UIRRJr7h5SMGoQ/ZvX3FP2"; - - # fix for `sudo xxx` in kitty/wezterm and other modern terminal emulators - security.sudo.keepTerminfo = true; + users.users.root = { + initialHashedPassword = "$7$CU..../....X6uvZYnFD.i1CqqFFNl4./$4vgqzIPyw5XBr0aCDFbY/UIRRJr7h5SMGoQ/ZvX3FP2"; + openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys; + }; # DO NOT promote the specified user to input password for `nix-store` and `nix-copy-closure` security.sudo.extraRules = [ diff --git a/modules/nixos/desktop/misc.nix b/modules/nixos/desktop/misc.nix index 3f7acda3..0b07aff7 100644 --- a/modules/nixos/desktop/misc.nix +++ b/modules/nixos/desktop/misc.nix @@ -12,6 +12,9 @@ # set user's default shell system-wide users.defaultUserShell = pkgs.nushell; + # fix for `sudo xxx` in kitty/wezterm and other modern terminal emulators + security.sudo.keepTerminfo = true; + environment.variables = { # fix https://github.com/NixOS/nixpkgs/issues/238025 TZ = "${config.time.timeZone}"; diff --git a/modules/nixos/server-riscv64.nix b/modules/nixos/server-riscv64.nix index 7b74b6db..3a1538fc 100644 --- a/modules/nixos/server-riscv64.nix +++ b/modules/nixos/server-riscv64.nix @@ -3,20 +3,13 @@ # Base NixOS Configuration # ========================================================================= - # Set your time zone. - time.timeZone = "Asia/Shanghai"; + imports = [ + ./base/i18n.nix + ./base/misc.nix + ./base/user-group.nix - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - nix.settings = { - # Manual optimise storage: nix-store --optimise - # https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-optimise-store - auto-optimise-store = true; - builders-use-substitutes = true; - # enable flakes globally - experimental-features = ["nix-command" "flakes"]; - }; + ../base.nix + ]; # List packages installed in system profile. To search, run: # $ nix search wget @@ -51,9 +44,6 @@ docker-compose ]; - # replace default editor with neovim - environment.variables.EDITOR = "nvim"; - virtualisation.docker = { enable = true; # start dockerd on boot. diff --git a/secrets/nixos.nix b/secrets/nixos.nix index ec4f7be1..d586f23c 100644 --- a/secrets/nixos.nix +++ b/secrets/nixos.nix @@ -58,11 +58,11 @@ # So we need to make then readable by the user "agenix/alias-for-work.nushell" = { source = config.age.secrets."alias-for-work.nushell".path; - mode = "0644"; # both the original file and the symlink should be readable and executable by the user + mode = "0644"; # both the original file and the symlink should be readable and executable by the user }; "agenix/alias-for-work.bash" = { source = config.age.secrets."alias-for-work.bash".path; - mode = "0644"; # both the original file and the symlink should be readable and executable by the user + mode = "0644"; # both the original file and the symlink should be readable and executable by the user }; }; } diff --git a/systems/colmena.nix b/systems/colmena.nix new file mode 100644 index 00000000..fc91a4aa --- /dev/null +++ b/systems/colmena.nix @@ -0,0 +1,102 @@ +args: +with args; let + lib = nixpkgs.lib; + colmenaSystem = import ../lib/colmenaSystem.nix; + # x86_64 related + x64_base_args = { + inherit home-manager; + inherit nixpkgs; # or nixpkgs-unstable + specialArgs = x64_system_specialArgs; + }; + + # riscv64 related + # using the same nixpkgs as nixos-licheepi4a to utilize the cross-compilation cache. + lpi4a_pkgs = import nixos-licheepi4a.inputs.nixpkgs {system = x64_system;}; + lpi4a_specialArgs = + { + inherit username userfullname useremail; + pkgsKernel = nixos-licheepi4a.packages.${x64_system}.pkgsKernelCross; + } + // args; + lpi4a_base_args = { + inherit home-manager; + inherit (nixos-licheepi4a.inputs) nixpkgs; # or nixpkgs-unstable + specialArgs = lpi4a_specialArgs; + targetUser = "root"; + }; + + # aarch64 related + # using the same nixpkgs as nixos-rk3588 to utilize the cross-compilation cache. + rk3588_pkgs = import nixos-rk3588.inputs.nixpkgs {system = x64_system;}; + rk3588_specialArgs = + { + inherit username userfullname useremail; + } + // nixos-rk3588.inputs; + rk3588_base_args = { + inherit home-manager; + inherit (nixos-rk3588.inputs) nixpkgs; # or nixpkgs-unstable + specialArgs = rk3588_specialArgs; + targetUser = "root"; + }; +in { + # colmena - remote deployment via SSH + colmena = { + meta = { + nixpkgs = import nixpkgs {system = x64_system;}; + specialArgs = x64_system_specialArgs; + + nodeSpecialArgs = { + # riscv64 SBCs + nozomi = lpi4a_specialArgs; + yukina = lpi4a_specialArgs; + + # aarch64 SBCs + suzu = rk3588_specialArgs; + }; + nodeNixpkgs = { + nozomi = lpi4a_pkgs; + yukina = lpi4a_pkgs; + + # aarch64 SBCs + suzu = rk3588_pkgs; + }; + }; + + # proxmox virtual machines(x86_64) + aquamarine = colmenaSystem (lib.attrsets.mergeAttrsList [ + x64_base_args + idol_aquamarine_modules + {host_tags = idol_aquamarine_tags;} + ]); + ruby = colmenaSystem (lib.attrsets.mergeAttrsList [ + x64_base_args + idol_ruby_modules + {host_tags = idol_ruby_tags;} + ]); + kana = colmenaSystem (lib.attrsets.mergeAttrsList [ + x64_base_args + idol_kana_modules + {host_tags = idol_kana_tags;} + ]); + + # riscv64 SBCs + nozomi = colmenaSystem (lib.attrsets.mergeAttrsList [ + lpi4a_base_args + rolling_nozomi_modules + {host_tags = rolling_nozomi_tags;} + ]); + yukina = colmenaSystem (lib.attrsets.mergeAttrsList [ + lpi4a_base_args + rolling_yukina_modules + {host_tags = rolling_yukina_tags;} + ]); + + # aarch64 SBCs + suzu = colmenaSystem (lib.attrsets.mergeAttrsList [ + rk3588_base_args + _12kingdoms_suzu_modules + {host_tags = _12kingdoms_suzu_tags;} + ]); + }; +} diff --git a/systems/darwin.nix b/systems/darwin.nix new file mode 100644 index 00000000..b1d33a94 --- /dev/null +++ b/systems/darwin.nix @@ -0,0 +1,17 @@ +args: +with args; let + macosSystem = import ../lib/macosSystem.nix; + system = x64_darwin; + base_args = { + inherit nix-darwin home-manager system; + specialArgs = x64_darwin_specialArgs; + nixpkgs = nixpkgs-darwin; + }; +in { + # macOS's configuration, for work. + darwinConfigurations = { + harmonica = + macosSystem (base_args + // darwin_harmonica_modules); + }; +} diff --git a/systems/default.nix b/systems/default.nix new file mode 100644 index 00000000..8f1dc31b --- /dev/null +++ b/systems/default.nix @@ -0,0 +1,42 @@ +{ + self, + inputs, + constants, +}: let + lib = inputs.nixpkgs.lib; + vars = import ./vars.nix; + + specialArgsForSystem = system: + { + inherit (constants) username userfullname useremail; + # use unstable branch for some packages to get the latest updates + pkgs-unstable = import inputs.nixpkgs-unstable { + inherit system; # refer the `system` parameter form outer scope recursively + # To use chrome, we need to allow the installation of non-free software + config.allowUnfree = true; + }; + } + // inputs; + + allSystemSpecialArgs = with constants; { + x64_system_specialArgs = specialArgsForSystem x64_system; + aarch64_system_specialArgs = specialArgsForSystem aarch64_system; + riscv64_system_specialArgs = specialArgsForSystem riscv64_system; + + x64_darwin_specialArgs = specialArgsForSystem x64_darwin; + aarch64_darwin_specialArgs = specialArgsForSystem aarch64_darwin; + }; + + args = lib.attrsets.mergeAttrsList [ + inputs + constants + vars + allSystemSpecialArgs + {inherit self;} + ]; +in + lib.attrsets.mergeAttrsList [ + (import ./nixos.nix args) + (import ./darwin.nix args) + (import ./colmena.nix args) + ] diff --git a/systems/nixos.nix b/systems/nixos.nix new file mode 100644 index 00000000..fb0b75ab --- /dev/null +++ b/systems/nixos.nix @@ -0,0 +1,47 @@ +args: +with args; let + nixosSystem = import ../lib/nixosSystem.nix; + + base_args = { + inherit home-manager nixos-generators; + inherit nixpkgs; # or nixpkgs-unstable + system = x64_system; + specialArgs = x64_system_specialArgs; + }; +in { + nixosConfigurations = { + # ai with i3 window manager + ai_i3 = nixosSystem (idol_ai_modules_i3 // base_args); + # ai with hyprland compositor + ai_hyprland = nixosSystem (idol_ai_modules_hyprland // base_args); + + # three virtual machines without desktop environment. + aquamarine = nixosSystem (idol_aquamarine_modules // base_args); + ruby = nixosSystem (idol_ruby_modules // base_args); + kana = nixosSystem (idol_kana_modules // base_args); + }; + + # take system images for idols + # https://github.com/nix-community/nixos-generators + packages."${x64_system}" = + # genAttrs returns an attribute set with the given keys and values(host => image). + nixpkgs.lib.genAttrs [ + "ai_i3" + "ai_hyprland" + ] + ( + # generate iso image for hosts with desktop environment + host: + self.nixosConfigurations.${host}.config.formats.iso + ) + // nixpkgs.lib.genAttrs [ + "aquamarine" + "ruby" + "kana" + ] + ( + # generate proxmox image for virtual machines without desktop environment + host: + self.nixosConfigurations.${host}.config.formats.proxmox + ); +} diff --git a/systems/vars.nix b/systems/vars.nix new file mode 100644 index 00000000..61fb1c6b --- /dev/null +++ b/systems/vars.nix @@ -0,0 +1,102 @@ +{ + # 星野 アイ, Hoshino Ai + idol_ai_modules_i3 = { + nixos-modules = [ + ../hosts/idols/ai + ../secrets/nixos.nix + ../modules/nixos/i3.nix + ]; + home-module = import ../home/linux/desktop-i3.nix; + }; + idol_ai_modules_hyprland = { + nixos-modules = [ + ../hosts/idols/ai + ../secrets/nixos.nix + ../modules/nixos/hyprland.nix + ]; + home-module = import ../home/linux/desktop-hyprland.nix; + }; + + # 星野 愛久愛海, Hoshino Akuamarin + idol_aquamarine_modules = { + nixos-modules = [ + ../hosts/idols/aquamarine + ../modules/nixos/server.nix + ../modules/nixos/proxmox-hardware-configuration.nix + ]; + home-module = import ../home/linux/server.nix; + }; + idol_aquamarine_tags = ["dist-build" "aqua"]; + + # 星野 瑠美衣, Hoshino Rubii + idol_ruby_modules = { + nixos-modules = [ + ../hosts/idols/ruby + ../modules/nixos/server.nix + ../modules/nixos/proxmox-hardware-configuration.nix + ]; + home-module = import ../home/linux/server.nix; + }; + idol_ruby_tags = ["dist-build" "ruby"]; + + # 有馬 かな, Arima Kana + idol_kana_modules = { + nixos-modules = [ + ../hosts/idols/kana + ../modules/nixos/server.nix + ../modules/nixos/proxmox-hardware-configuration.nix + ]; + home-module = import ../home/linux/server.nix; + }; + idol_kana_tags = ["dist-build" "kana"]; + + # 森友 望未, Moritomo Nozomi + rolling_nozomi_modules = { + nixos-modules = [ + ../hosts/rolling_girls/nozomi + ../modules/nixos/server-riscv64.nix + + # cross-compilation this flake. + {nixpkgs.crossSystem.system = "riscv64-linux";} + ]; + # home-module = import ../home/linux/server-riscv64.nix; + }; + rolling_nozomi_tags = ["riscv" "nozomi"]; + + # 小坂 結季奈, Kosaka Yukina + rolling_yukina_modules = { + nixos-modules = [ + ../hosts/rolling_girls/yukina + ../modules/nixos/server-riscv64.nix + + # cross-compilation this flake. + {nixpkgs.crossSystem.system = "riscv64-linux";} + ]; + # home-module = import ../home/linux/server-riscv64.nix; + }; + rolling_yukina_tags = ["riscv" "yukina"]; + + # 大木 鈴, Ōki Suzu + _12kingdoms_suzu_modules = { + nixos-modules = [ + ../hosts/12kingdoms/suzu + ../modules/nixos/server-riscv64.nix + + # cross-compilation this flake. + {nixpkgs.crossSystem.config = "aarch64-unknown-linux-gnu";} + ]; + # home-module = import ../home/linux/server.nix; + }; + _12kingdoms_suzu_tags = ["aarch" "suzu"]; + + # darwin systems + darwin_harmonica_modules = { + darwin-modules = [ + ../hosts/harmonica + + ../modules/darwin + ../secrets/darwin.nix + ]; + home-module = import ../home/darwin; + }; +}