Do some quick fixes to make sure everything builds
diff --git a/flake.lock b/flake.lock
index 87672f8..8f4acf6 100644
--- a/flake.lock
+++ b/flake.lock
@@ -15,6 +15,27 @@
"type": "github"
}
},
+ "home-manager": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1656169755,
+ "narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=",
+ "owner": "nix-community",
+ "repo": "home-manager",
+ "rev": "4a3d01fb53f52ac83194081272795aa4612c2381",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "ref": "release-22.05",
+ "repo": "home-manager",
+ "type": "github"
+ }
+ },
"impermanence": {
"locked": {
"lastModified": 1646131459,
@@ -46,6 +67,22 @@
"type": "github"
}
},
+ "nixpkgs-22_05": {
+ "locked": {
+ "lastModified": 1660410996,
+ "narHash": "sha256-arkfX1YYFmwMyDTCguzoOI4epABC41FGQU4J1/G3/9M=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "70b6236f3cbc815f2cae8d597418c714cf83d1c8",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "release-22.05",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
"registry": {
"flake": false,
"locked": {
@@ -65,9 +102,32 @@
"root": {
"inputs": {
"flake-utils": "flake-utils",
+ "home-manager": "home-manager",
"impermanence": "impermanence",
"nixpkgs": "nixpkgs",
- "registry": "registry"
+ "registry": "registry",
+ "sops-nix": "sops-nix"
+ }
+ },
+ "sops-nix": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs"
+ ],
+ "nixpkgs-22_05": "nixpkgs-22_05"
+ },
+ "locked": {
+ "lastModified": 1660540143,
+ "narHash": "sha256-oqeOdJH0ey/UyG1G31BV6Lk8qjI+VKboTpTJB317OhM=",
+ "owner": "Mic92",
+ "repo": "sops-nix",
+ "rev": "773365016f5202a199f5aff72cac75c64add4528",
+ "type": "github"
+ },
+ "original": {
+ "owner": "Mic92",
+ "repo": "sops-nix",
+ "type": "github"
}
}
},
diff --git a/flake.nix b/flake.nix
index 6725e32..b527b27 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,12 +1,20 @@
{
description = "Minion's NixOS configuration (since 2022-08-19)";
- inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
- inputs.flake-utils.url = "github:numtide/flake-utils";
- inputs.registry = {
- url = "github:nixos/flake-registry";
- flake = false;
+ inputs = {
+ nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+ flake-utils.url = "github:numtide/flake-utils";
+ registry = {
+ url = "github:nixos/flake-registry";
+ flake = false;
+ };
+ home-manager.url = "github:nix-community/home-manager/release-22.05";
+ sops-nix.url = "github:Mic92/sops-nix";
+ impermanence.url = "github:nix-community/impermanence";
+
+ home-manager.inputs.nixpkgs.follows = "nixpkgs";
+ sops-nix.inputs.nixpkgs.follows = "nixpkgs";
+ impermanence.inputs.nixpkgs.follows = "nixpkgs";
};
- inputs.impermanence.url = "github:nix-community/impermanence";
outputs = inputs: let
inherit (inputs) self nixpkgs flake-utils;
@@ -14,28 +22,27 @@
flake-utils.lib.eachDefaultSystem (system: let
pkgs = nixpkgs.legacyPackages.${system};
- utils = import ./utils/utils.nix pkgs.lib;
+ utils = import ./utils/utils.nix nixpkgs.lib;
username = "minion";
in {
- nixosConfigurations = {
- default = pkgs.lib.nixosSystem {
+ packages.nixosConfigurations = {
+ default = nixpkgs.lib.nixosSystem {
inherit system;
- home-manager.useGlobalPkgs = true;
-
- modules = pkgs.lib.pipe ./modules [
- utils.nixFilesIn
- utils.importAll
- (utils.interpretNonstandardModule (args:
- args
- // {
- home =
- args.config.home-manager."${username}";
- }))
+ modules = [
+ (nixpkgs.lib.pipe ./modules [
+ utils.nixFilesIn
+ utils.importAll
+ (utils.interpretNonstandardModule (args:
+ args
+ // {
+ home = args.config.home-manager."${username}";
+ }))
+ ])
];
- specialArgs = inputs // {inherit username;};
+ specialArgs = inputs // {inherit username pkgs;};
};
};
devShell = pkgs.mkShell {
diff --git a/modules/filesystems.nix b/modules/filesystems.nix
index bb2b28a..eaadfde 100644
--- a/modules/filesystems.nix
+++ b/modules/filesystems.nix
@@ -1,4 +1,4 @@
-{impermanence}: {
+{impermanence, ...}: {
imports = [
impermanence.nixosModules.impermanence
];
diff --git a/modules/home-manager.nix b/modules/home-manager.nix
new file mode 100644
index 0000000..1c1466e
--- /dev/null
+++ b/modules/home-manager.nix
@@ -0,0 +1,4 @@
+{home-manager, ...}: {
+ imports = [home-manager.nixosModules.home-manager];
+ config.home-manager.useGlobalPkgs = true;
+}
diff --git a/modules/neovim.nix b/modules/neovim.nix
index e3d753c..949fbd4 100644
--- a/modules/neovim.nix
+++ b/modules/neovim.nix
@@ -1,13 +1,13 @@
{pkgs, ...}: {
config = {
environment.variables = {
- EDITOR = "${pkgs.nvim}/bin/nvim";
+ EDITOR = "${pkgs.neovim}/bin/nvim";
};
environment.defaultPackages = [
pkgs.perl
pkgs.rsync
pkgs.strace
- pkgs.nvim # I'm installing vim here even though it isn't normally a default package, as I've removed nano
+ pkgs.neovim # I'm installing vim here even though it isn't normally a default package, as I've removed nano
]; # The basic default packages, although without nano
};
}
diff --git a/modules/secrets.nix b/modules/secrets.nix
index cb55e20..3435962 100644
--- a/modules/secrets.nix
+++ b/modules/secrets.nix
@@ -1,4 +1,12 @@
-{pkgs, ...}: {
+{
+ pkgs,
+ sops-nix,
+ ...
+}: {
+ imports = [
+ sops-nix.nixosModules.sops
+ ];
+
config = {
environment.systemPackages = with pkgs; [
sops
diff --git a/modules/ssh.nix b/modules/ssh.nix
index 862310a..2e5c3a4 100644
--- a/modules/ssh.nix
+++ b/modules/ssh.nix
@@ -5,19 +5,19 @@
environment.persistence."/nix/persist".files = [
{
file = "/etc/ssh_host_rsa_key";
- parentDirectory = {mode = 755;};
+ parentDirectory = {mode = "755";};
}
{
file = "/etc/ssh_host_rsa_key.pub";
- parentDirectory = {mode = 755;};
+ parentDirectory = {mode = "755";};
}
{
file = "/etc/ssh_host_ed25519_key";
- parentDirectory = {mode = 755;};
+ parentDirectory = {mode = "755";};
}
{
file = "/etc/ssh_host_ed25519_key.pub";
- parentDirectory = {mode = 755;};
+ parentDirectory = {mode = "755";};
}
];
};
diff --git a/modules/users.nix b/modules/users.nix
index 15f1e4f..11b2137 100644
--- a/modules/users.nix
+++ b/modules/users.nix
@@ -1,13 +1,25 @@
-{pkgs, ...}: {
- users.mutableUsers = false;
+{
+ pkgs,
+ config,
+ username,
+ ...
+}: {
+ config = {
+ users.mutableUsers = false;
- users.users.minion = {
- isNormalUser = true;
- extraGroups = ["wheel" "kvm" "docker" "containerd" "dialout" "libvirtd" "video" config.users.groups.keys.name];
- shell = pkgs.zsh;
+ users.users.${username} = {
+ isNormalUser = true;
+ extraGroups = ["wheel" "kvm" "docker" "containerd" "dialout" "libvirtd" "video" config.users.groups.keys.name];
+ shell = pkgs.zsh;
+ };
+
+ users.users.root.initialPassword = "hunter2";
+ # TODO: Change this as soon as we know the system boots properly and we make
+ # user passwords persist
};
- users.users.root.initialPassword = "hunter2";
- # TODO: Change this as soon as we know the system boots properly and we make
- # user passwords persist
+ home.home = {
+ inherit username;
+ homeDirectory = "/home/${username}";
+ };
}
diff --git a/utils/importAll.nix b/utils/importAll.nix
index b6130fb..c2343ee 100644
--- a/utils/importAll.nix
+++ b/utils/importAll.nix
@@ -1,3 +1,3 @@
# Pretty basic function to import all files in a list, because it looks nicer to
# do utils.importAll than this map operation
-nixFiles: map import nixFiles
+lib: nixFiles: map import nixFiles
diff --git a/utils/interpretNonstandardModule.nix b/utils/interpretNonstandardModule.nix
index edb4231..6d8de43 100644
--- a/utils/interpretNonstandardModule.nix
+++ b/utils/interpretNonstandardModule.nix
@@ -3,7 +3,7 @@
# This function takes a list of modules, as well as arguments to import them
# with, and returns a list of modules, each with the standard NixOS module
# properties as well as with custom properties as described in /README.md
-transformArgs: modules: args: let
+lib: transformArgs: modules: args: let
resolver = module: let
importedModule =
if builtins.typeOf module == "path"
@@ -12,19 +12,32 @@
resolvedModule =
if builtins.typeOf importedModule == "lambda"
then
- resolvedModule
+ importedModule
(transformArgs args)
- else resolvedModule;
- in {
- home = module.home or {};
- module = {
- config = module.config or {};
- imports = module.imports or {};
- options = module.options or {};
+ else importedModule;
+ in
+ lib.warnIfNot ((lib.pipe resolvedModule [
+ builtins.attrNames
+ (lib.subtractLists ["home" "config" "imports" "options"])
+ ])
+ == [])
+ "Module ${
+ if builtins.typeOf module == "lambda"
+ then "<AnonFunction>"
+ else builtins.toString module
+ } had attribute names ${builtins.toJSON (builtins.attrNames resolvedModule)} but only home, config, imports and options are resolved" {
+ config = lib.recursiveUpdate (resolvedModule.config or {}) {
+ home-manager.users."${args.username}".imports =
+ (resolvedModule.config.home-manager.users."${args.username}".imports or [])
+ ++ [resolvedModule.home or {}];
+ };
+ imports = resolvedModule.imports or [];
+ options = resolvedModule.options or {};
};
- };
-in (
- if modules.typeOf == "list"
- then builtins.map resolver modules
- else (resolver modules)
-)
+in {
+ imports = (
+ if builtins.typeOf modules == "list"
+ then builtins.map resolver modules
+ else [(resolver modules)]
+ );
+}
diff --git a/utils/nixFilesInWithName.nix b/utils/nixFilesInWithName.nix
new file mode 100644
index 0000000..41bd157
--- /dev/null
+++ b/utils/nixFilesInWithName.nix
@@ -0,0 +1,6 @@
+# Modified from http://chriswarbo.net/projects/nixos/useful_hacks.html
+lib: dir:
+map (name: {
+ inherit name;
+ path = dir + "/${name}";
+}) (lib.attrNames (lib.filterAttrs (name: _: lib.hasSuffix ".nix" name) (builtins.readDir dir)))
diff --git a/utils/utils.nix b/utils/utils.nix
index 8b1b731..67018fc 100644
--- a/utils/utils.nix
+++ b/utils/utils.nix
@@ -1,8 +1,12 @@
lib:
-builtins.listToAttrs builtins.map (path: {
- name = nixpkgs.lib.pipe path [
- (nixpkgs.lib.removeSuffix ".nix")
- (nixpkgs.lib.removePrefix ./.)
- ];
- value = import path;
-}) ((import ./nixFilesIn.nix) ./.)
+lib.pipe ./. [
+ (import ./nixFilesInWithName.nix lib)
+ (builtins.map ({
+ name,
+ path,
+ }: {
+ name = lib.removeSuffix ".nix" name;
+ value = import path lib;
+ }))
+ builtins.listToAttrs
+]