rrvsh/pantheon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(meta): use manifest to define system configurations

Browse source
This commit is contained in:
Mohammad Rafiq 2025-07-15 21:54:00 +08:00
parent 96321d4026
commit 084caa727b
No known key found for this signature in database
18 changed files with 125 additions and 131 deletions
Download patch file Download diff file Expand all files Collapse all files

6
nix/modules/cli/git.nix
View file

@ -1,6 +1,6 @@
{ config, ... }:
let
inherit (config.flake) manifest;
inherit (config.manifest) users;
in
{
flake.modules.homeManager.default =
@ -9,8 +9,8 @@ in
home.sessionVariables.GIT_CONFIG_GLOBAL = "$HOME/.config/git/config";
programs.git = {
enable = true;
userName = manifest.users.${config.home.username}.name;
userEmail = manifest.users.${config.home.username}.email;
userName = users.${config.home.username}.name;
userEmail = users.${config.home.username}.email;
signing.key = "~/.ssh/id_ed25519.pub";
};
};

7
nix/modules/cli/shell.nix
View file

@ -1,6 +1,7 @@
{ config, lib, ... }:
let
cfg = config.flake;
inherit (config.manifest) users;
inherit (cfg.lib.modules) forAllUsers';
inherit (lib.attrsets) mapAttrs';
in
@ -12,7 +13,7 @@ in
programs = mapAttrs' (name: value: {
name = value.shell;
value.enable = true;
}) cfg.manifest.users;
}) users;
users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; });
};
darwin.default =
@ -21,14 +22,14 @@ in
programs = mapAttrs' (name: value: {
name = value.shell;
value.enable = true;
}) cfg.manifest.users;
}) users;
users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; });
environment.shells = [ pkgs.fish ];
};
homeManager.default =
{ config, ... }:
{
programs.${cfg.manifest.users.${config.home.username}.shell}.enable = true;
programs.${users.${config.home.username}.shell}.enable = true;
home.shell.enableShellIntegration = true;
};
};

8
nix/modules/machine/gpu.nix
View file

@ -1,7 +1,3 @@
{ config, ... }:
let
cfg = config.flake;
in
{
allowedUnfreePackages = [
"nvidia-x11"
@ -11,11 +7,11 @@ in
{
config,
pkgs,
hostName,
hostConfig,
...
}:
let
gpu = cfg.manifest.hosts.nixos.${hostName}.machine.gpu or "";
inherit (hostConfig.machine) gpu;
in
if gpu == "nvidia" then
{

9
nix/modules/machine/platform.nix
View file

@ -1,9 +1,8 @@
{ config, ... }:
{
flake.modules.nixos.default =
{ hostName, ... }:
{ hostConfig, ... }:
let
inherit (config.flake.manifest.hosts.nixos.${hostName}.machine) platform;
inherit (hostConfig.machine) platform;
arch = if platform == "amd" || platform == "intel" then "x86_64" else "aarch64";
in
{
@ -13,9 +12,9 @@
};
flake.modules.darwin.default =
{ hostName, ... }:
{ hostConfig, ... }:
let
inherit (config.flake.manifest.hosts.darwin.${hostName}.machine) platform;
inherit (hostConfig.machine) platform;
arch = if platform == "intel" then "x86_64" else "aarch64";
in
{

13
nix/modules/machine/root.nix
View file

@ -1,17 +1,12 @@
{
config,
lib,
inputs,
...
}:
{ lib, inputs, ... }:
let
inherit (lib.modules) mkMerge mkIf mkAfter;
in
{
flake.modules.nixos.default =
{ hostName, ... }:
{ hostConfig, ... }:
let
inherit (config.flake.manifest.hosts.nixos.${hostName}.machine) root;
inherit (hostConfig.machine) root;
in
{
imports = [ inputs.disko.nixosModules.disko ];
@ -85,7 +80,7 @@ in
};
}
# Ephemeral by default - assumes btrfs
(mkIf (config.flake.manifest.hosts.nixos.${hostName}.machine.root.ephemeral or true) {
(mkIf root.ephemeral {
boot.initrd.postDeviceCommands = mkAfter ''
mkdir /btrfs_tmp
mount /dev/root_vg/root /btrfs_tmp

3
nix/modules/networking/ssh.nix
View file

@ -1,6 +1,7 @@
{ config, lib, ... }:
let
cfg = config.flake;
inherit (config.manifest) admin;
inherit (lib.modules) mkMerge;
inherit (cfg.lib.modules) forAllUsers';
in
@ -16,7 +17,7 @@ in
"/etc/ssh/ssh_host_rsa_key.pub"
];
}
{ users.users.root.openssh.authorizedKeys.keys = [ cfg.admin.pubkey ]; }
{ users.users.root.openssh.authorizedKeys.keys = [ admin.pubkey ]; }
];
flake.modules.homeManager.default = {
persistDirs = [ ".ssh" ];

2
nix/modules/server/web-servers.nix
View file

@ -4,7 +4,7 @@ let
inherit (config.flake.lib.options) mkStrOption mkPathOption;
inherit (config.flake.lib.services) mkRootDomain;
inherit (config.flake.paths) secrets;
inherit (config.flake.admin) email;
inherit (config.manifest.admin) email;
inherit (lib.types) listOf submodule attrs;
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkMerge mkIf;

4
nix/modules/system/secrets.nix
View file

@ -6,11 +6,11 @@
}:
let
cfg = config.flake;
inherit (cfg.paths) secrets;
inherit (builtins) readFile;
inherit (lib.meta) getExe;
inherit (lib.strings) trim;
inherit (cfg.admin) username pubkey;
inherit (cfg.paths) secrets;
inherit (config.manifest.admin) username pubkey;
in
{
flake.modules = {

4
nix/modules/system/sudo.nix
View file

@ -1,12 +1,12 @@
{ config, ... }:
let
cfg = config.flake;
inherit (config.manifest) admin;
in
{
flake.modules.nixos.default = {
security.sudo.wheelNeedsPassword = false;
nix.settings.trusted-users = [ "@wheel" ];
users.users.${cfg.admin.username}.extraGroups = [ "wheel" ];
users.users.${admin.username}.extraGroups = [ "wheel" ];
};
flake.modules.darwin.default.security = {
sudo.extraConfig = "%admin ALL = (ALL) NOPASSWD: ALL";

7
nix/modules/system/users.nix
View file

@ -1,6 +1,7 @@
{ config, lib, ... }:
let
cfg = config.flake;
inherit (config.manifest) users admin;
inherit (cfg.lib.modules) userListToAttrs forAllUsers';
inherit (lib.lists) findFirstIndex;
inherit (builtins) attrNames;
@ -36,12 +37,12 @@ in
flake.modules.darwin.default =
{ config, ... }:
{
system.primaryUser = cfg.admin.username;
users.knownUsers = attrNames cfg.manifest.users;
system.primaryUser = admin.username;
users.knownUsers = attrNames users;
users.users = forAllUsers' (
name: _: {
home = "/Users/${name}";
uid = 501 + (findFirstIndex (x: x == name) null (attrNames cfg.manifest.users));
uid = 501 + (findFirstIndex (x: x == name) null (attrNames users));
}
);
home-manager.users = forAllUsers' (