diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 87a3018..0000000 --- a/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -result -*.qcow2 diff --git a/README.md b/README.md index 264d47b..c3bf1f5 100644 --- a/README.md +++ b/README.md @@ -1,99 +1 @@ -# Pantheon - -This repository serves as a flake for storing nixos and nix-darwin configurations. - -## Planning - -### To-do - -- [ ] Copy over ~/.ssh/id_ed25519 and zellij status bar plugin confirmation -- [ ] Migrate immich to apollo, point to helios -- [x] Migrate LibreChat to apollo, maintain db -- [ ] Figure out wakapi -- [x] Add forgejo -- [ ] Add simple blog - -### Versions - -- 1.0.0 - - Setup desktop as hypervisor with nixos and win11 - - Spare drive as steam library - - GPU passthrough to either system - - Always running, VMs spun down except when in use - - Apollo as hypervisor - - VMs for docker host, home-assistant, bare metal or containerised services - - Automated backups for home and state directories - - Ability to build VMs of all systems and implement integration tests - - Staging VMs for ad-hoc testing - - All servers set up with following services: - - Git server - - Chat app - - Network shares - - Federation with ActivityPub - - Wakapi - - Add a way to define services per host and refer to them by hostname - - helios as file and db server, apollo as services and reverse proxy -- 0.3.0 - - Integration tests for all services - - Migrate services from helios - -## Structure - -- Each system configuration should be defined by a list of profiles, e.g. desktop, docker, server, etc. -- Each service should work with contracts e.g. reverse proxy provider and subscriber, databases, etc. -- Each system configuration should have an ephemeral root directory built from the nixosConfiguration at boot. -- Servers should be as minimal as possible (to reduce attack surface) -- All systems should be able to build as VMs -- CI should be set up for updating packages and testing in VMs -- Home configurations should work across darwin and nixos -- Home configurations should be dotfiles only, and packages should be configured from the system config (tentative) -- Packages should only be installed to the path if they are actively used. One use programs should be used via comma or scripts calling their packages. - -## Modules - -The nixosModules and homeModules exposed by this flake are slightly out of the norm. - -Option declarations for user specific configuration are kept to: - -- homeModules for CLI -- nixosModules for desktop - -System configurations, to this end, should include the window manager, lockscreen, terminal etc. for that system. - -These desktop programs will be **configured** in home-manager for each user, but those configurations consult the osConfig variable passed in by home-manager. - -## System Setup - -The following files are **required** for system activation: - -- /persist/home/${mainUser}/.ssh/id_ed25519 - -This private key will be used by sops-nix to decrypt the secrets in [this encrypted file](secrets/secrets.yaml). The secrets inside the yaml file should also be set, or otherwise removed alongside their declarations , found [here](modules/nixos/system/secrets.nix) and references. - -```bash -# On the target machine -# Boot into the NixOS installer - -sudo passwd - -# On the host machine -deploy --user "rafiq" --ip "10.10.0.102" --hostname "apollo" -``` - -### From a Local NixOS Installer - -The installation may run out of space when installing from an install ISO. In that case, use Disko to format the drives first, then create a `/mnt/tmp` directory and set it as TMPDIR for nixos-install. - -```bash -sudo su -nix --extra-experimental-features "nix-command flakes" run github:nix-community/disko/master -- --mode destroy,format,mount --flake github:rrvsh/pantheon# -# Copy SSH key to /persist/home/rafiq/.ssh -mkdir /mnt/tmp -TMPDIR=/mnt/tmp nixos-install --flake github:rrvsh/pantheon# --no-root-password -reboot -``` - -## Impermanence - -System and user state is stored under /persist. Anything not declared under -`{environment,home}.persistence` is deleted on system boot. +test README diff --git a/flake.lock b/flake.lock index 0dd329e..f447b8c 100644 --- a/flake.lock +++ b/flake.lock @@ -1,8 +1,40 @@ { "nodes": { + "dedupe_flake-compat": { + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "files": { + "locked": { + "lastModified": 1750263550, + "narHash": "sha256-EW/QJ8i/13GgiynBb6zOMxhLU1uEkRqmzbIDEP23yVA=", + "owner": "mightyiam", + "repo": "files", + "rev": "5f4ef1fd1f9012354a9748be093e277675d10f07", + "type": "github" + }, + "original": { + "owner": "mightyiam", + "repo": "files", + "type": "github" + } + }, "flake-parts": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib" + "nixpkgs-lib": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1751413152, @@ -18,6 +50,41 @@ "type": "github" } }, + "import-tree": { + "locked": { + "lastModified": 1751399845, + "narHash": "sha256-iun7//YHeEFgEOcG4KKKoy3d2GWOYqokLFVU/zIs79Y=", + "owner": "vic", + "repo": "import-tree", + "rev": "e24a50ff9b5871d4bdd8900679784812eeb120ea", + "type": "github" + }, + "original": { + "owner": "vic", + "repo": "import-tree", + "type": "github" + } + }, + "make-shell": { + "inputs": { + "flake-compat": [ + "dedupe_flake-compat" + ] + }, + "locked": { + "lastModified": 1733933815, + "narHash": "sha256-9JjM7eT66W4NJAXpGUsdyAFXhBxFWR2Z9LZwUa7Hli0=", + "owner": "nicknovitski", + "repo": "make-shell", + "rev": "ffeceae9956df03571ea8e96ef77c2924f13a63c", + "type": "github" + }, + "original": { + "owner": "nicknovitski", + "repo": "make-shell", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1751271578, @@ -34,24 +101,13 @@ "type": "github" } }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1751159883, - "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, "root": { "inputs": { + "dedupe_flake-compat": "dedupe_flake-compat", + "files": "files", "flake-parts": "flake-parts", + "import-tree": "import-tree", + "make-shell": "make-shell", "nixpkgs": "nixpkgs" } } diff --git a/flake.nix b/flake.nix index 9176110..6f86517 100644 --- a/flake.nix +++ b/flake.nix @@ -3,18 +3,23 @@ # nixos-unstable provides a binary cache for all packages. nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; # flake-parts lets us define flake modules. - flake-parts.url = "github:hercules-ci/flake-parts"; + flake-parts = { + url = "github:hercules-ci/flake-parts"; + inputs.nixpkgs-lib.follows = "nixpkgs"; + }; + # import-tree imports all nix files in a given directory. + import-tree.url = "github:vic/import-tree"; + # files lets us write text files and automatically add checks for them + files.url = "github:mightyiam/files"; + # make-shells. creates devShells and checks + make-shell = { + url = "github:nicknovitski/make-shell"; + inputs.flake-compat.follows = "dedupe_flake-compat"; + }; + + # The following are not used but are here for deduplication. + dedupe_flake-compat.url = "github:edolstra/flake-compat"; }; - outputs = - inputs@{ self, ... }: - inputs.flake-parts.lib.mkFlake { inherit inputs; } { - imports = [ inputs.flake-parts.flakeModules.modules ]; - systems = [ "x86_64-linux" ]; - perSystem = - { pkgs, ... }: - { - packages.default = pkgs.hello; - }; - }; + outputs = inputs: inputs.flake-parts.lib.mkFlake { inherit inputs; } (inputs.import-tree ./modules); } diff --git a/modules/docs/readme.nix b/modules/docs/readme.nix new file mode 100644 index 0000000..78319e3 --- /dev/null +++ b/modules/docs/readme.nix @@ -0,0 +1,21 @@ +{ config, ... }: +{ + # text.readme = { + # + # }; + + perSystem = + { pkgs, ... }: + { + files.files = [ + { + path_ = "README.md"; + drv = + pkgs.writeText "README.md" # config.text.readme + '' + test README + ''; + } + ]; + }; +} diff --git a/modules/meta/files.nix b/modules/meta/files.nix new file mode 100644 index 0000000..07da696 --- /dev/null +++ b/modules/meta/files.nix @@ -0,0 +1,7 @@ +{ inputs, ... }: +{ + imports = [ inputs.files.flakeModules.default ]; + perSystem = psArgs: { + make-shells.default.packages = [ psArgs.config.files.writer.drv ]; + }; +} diff --git a/modules/meta/make-shell.nix b/modules/meta/make-shell.nix new file mode 100644 index 0000000..9206c92 --- /dev/null +++ b/modules/meta/make-shell.nix @@ -0,0 +1,4 @@ +{ inputs, ... }: +{ + imports = [ inputs.make-shell.flakeModules.default ]; +} diff --git a/modules/systems.nix b/modules/systems.nix new file mode 100644 index 0000000..bed2497 --- /dev/null +++ b/modules/systems.nix @@ -0,0 +1,5 @@ +{ + systems = [ + "x86_64-linux" + ]; +}