feat: basic flake-parts structure, make-shell, files and readme

2025-07-02 23:12:04 +08:00 · 2025-07-02 23:12:04 +08:00 · dcd3a6fed7
commit dcd3a6fed7
parent 8b4bfb5e15
8 changed files with 127 additions and 129 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +0,0 @@
 result
 *.qcow2
--- a/README.md
+++ b/README.md
@ -1,99 +1 @@
-# Pantheon
+test README
 This repository serves as a flake for storing nixos and nix-darwin configurations.
 ## Planning
 ### To-do
 - [ ] Copy over ~/.ssh/id_ed25519 and zellij status bar plugin confirmation
 - [ ] Migrate immich to apollo, point to helios
 - [x] Migrate LibreChat to apollo, maintain db
 - [ ] Figure out wakapi
 - [x] Add forgejo
 - [ ] Add simple blog
 ### Versions
 - 1.0.0
  - Setup desktop as hypervisor with nixos and win11
    - Spare drive as steam library
    - GPU passthrough to either system
    - Always running, VMs spun down except when in use
  - Apollo as hypervisor
    - VMs for docker host, home-assistant, bare metal or containerised services
  - Automated backups for home and state directories
  - Ability to build VMs of all systems and implement integration tests
    - Staging VMs for ad-hoc testing
  - All servers set up with following services:
    - Git server
    - Chat app
    - Network shares
    - Federation with ActivityPub
    - Wakapi
  - Add a way to define services per host and refer to them by hostname
  - helios as file and db server, apollo as services and reverse proxy
 - 0.3.0
  - Integration tests for all services
  - Migrate services from helios
 ## Structure
 - Each system configuration should be defined by a list of profiles, e.g. desktop, docker, server, etc.
 - Each service should work with contracts e.g. reverse proxy provider and subscriber, databases, etc.
 - Each system configuration should have an ephemeral root directory built from the nixosConfiguration at boot.
 - Servers should be as minimal as possible (to reduce attack surface)
 - All systems should be able to build as VMs
 - CI should be set up for updating packages and testing in VMs
 - Home configurations should work across darwin and nixos
 - Home configurations should be dotfiles only, and packages should be configured from the system config (tentative)
 - Packages should only be installed to the path if they are actively used. One use programs should be used via comma or scripts calling their packages.
 ## Modules
 The nixosModules and homeModules exposed by this flake are slightly out of the norm.
 Option declarations for user specific configuration are kept to:
 - homeModules for CLI
 - nixosModules for desktop
 System configurations, to this end, should include the window manager, lockscreen, terminal etc. for that system.
 These desktop programs will be **configured** in home-manager for each user, but those configurations consult the osConfig variable passed in by home-manager.
 ## System Setup
 The following files are **required** for system activation:
 - /persist/home/${mainUser}/.ssh/id_ed25519
 This private key will be used by sops-nix to decrypt the secrets in [this encrypted file](secrets/secrets.yaml). The secrets inside the yaml file should also be set, or otherwise removed alongside their declarations , found [here](modules/nixos/system/secrets.nix) and references.
 ```bash
 # On the target machine
 # Boot into the NixOS installer
 sudo passwd
 # On the host machine
 deploy --user "rafiq" --ip "10.10.0.102" --hostname "apollo"
 ```
 ### From a Local NixOS Installer
 The installation may run out of space when installing from an install ISO. In that case, use Disko to format the drives first, then create a `/mnt/tmp` directory and set it as TMPDIR for nixos-install.
 ```bash
 sudo su
 nix --extra-experimental-features "nix-command flakes" run github:nix-community/disko/master -- --mode destroy,format,mount --flake github:rrvsh/pantheon#<HOSTNAME>
 # Copy SSH key to /persist/home/rafiq/.ssh
 mkdir /mnt/tmp
 TMPDIR=/mnt/tmp nixos-install --flake github:rrvsh/pantheon#<HOSTNAME> --no-root-password
 reboot
 ```
 ## Impermanence
 System and user state is stored under /persist. Anything not declared under
 `{environment,home}.persistence` is deleted on system boot.
--- a/flake.lock
+++ b/flake.lock
@ -1,8 +1,40 @@
 {
  "nodes": {
    "dedupe_flake-compat": {
      "locked": {
        "lastModified": 1747046372,
        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "files": {
      "locked": {
        "lastModified": 1750263550,
        "narHash": "sha256-EW/QJ8i/13GgiynBb6zOMxhLU1uEkRqmzbIDEP23yVA=",
        "owner": "mightyiam",
        "repo": "files",
        "rev": "5f4ef1fd1f9012354a9748be093e277675d10f07",
        "type": "github"
      },
      "original": {
        "owner": "mightyiam",
        "repo": "files",
        "type": "github"
      }
    },
    "flake-parts": {
      "inputs": {
-        "nixpkgs-lib": "nixpkgs-lib"
+        "nixpkgs-lib": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1751413152,
@ -18,6 +50,41 @@
        "type": "github"
      }
    },
    "import-tree": {
      "locked": {
        "lastModified": 1751399845,
        "narHash": "sha256-iun7//YHeEFgEOcG4KKKoy3d2GWOYqokLFVU/zIs79Y=",
        "owner": "vic",
        "repo": "import-tree",
        "rev": "e24a50ff9b5871d4bdd8900679784812eeb120ea",
        "type": "github"
      },
      "original": {
        "owner": "vic",
        "repo": "import-tree",
        "type": "github"
      }
    },
    "make-shell": {
      "inputs": {
        "flake-compat": [
          "dedupe_flake-compat"
        ]
      },
      "locked": {
        "lastModified": 1733933815,
        "narHash": "sha256-9JjM7eT66W4NJAXpGUsdyAFXhBxFWR2Z9LZwUa7Hli0=",
        "owner": "nicknovitski",
        "repo": "make-shell",
        "rev": "ffeceae9956df03571ea8e96ef77c2924f13a63c",
        "type": "github"
      },
      "original": {
        "owner": "nicknovitski",
        "repo": "make-shell",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1751271578,
@ -34,24 +101,13 @@
        "type": "github"
      }
    },
    "nixpkgs-lib": {
      "locked": {
        "lastModified": 1751159883,
        "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
        "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "dedupe_flake-compat": "dedupe_flake-compat",
        "files": "files",
        "flake-parts": "flake-parts",
        "import-tree": "import-tree",
        "make-shell": "make-shell",
        "nixpkgs": "nixpkgs"
      }
    }
--- a/flake.nix
+++ b/flake.nix
@ -3,18 +3,23 @@
    # nixos-unstable provides a binary cache for all packages.
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    # flake-parts lets us define flake modules.
-    flake-parts.url = "github:hercules-ci/flake-parts";
+    flake-parts = {
      url = "github:hercules-ci/flake-parts";
      inputs.nixpkgs-lib.follows = "nixpkgs";
    };
    # import-tree imports all nix files in a given directory.
    import-tree.url = "github:vic/import-tree";
    # files lets us write text files and automatically add checks for them
    files.url = "github:mightyiam/files";
    # make-shells.<name> creates devShells and checks
    make-shell = {
      url = "github:nicknovitski/make-shell";
      inputs.flake-compat.follows = "dedupe_flake-compat";
    };
    # The following are not used but are here for deduplication.
    dedupe_flake-compat.url = "github:edolstra/flake-compat";
  };
-  outputs =
+  outputs = inputs: inputs.flake-parts.lib.mkFlake { inherit inputs; } (inputs.import-tree ./modules);
    inputs@{ self, ... }:
    inputs.flake-parts.lib.mkFlake { inherit inputs; } {
      imports = [ inputs.flake-parts.flakeModules.modules ];
      systems = [ "x86_64-linux" ];
      perSystem =
        { pkgs, ... }:
        {
          packages.default = pkgs.hello;
        };
    };
 }
--- a/modules/docs/readme.nix
+++ b/modules/docs/readme.nix
@ -0,0 +1,21 @@
 { config, ... }:
 {
  # text.readme = {
  #
  # };
  perSystem =
    { pkgs, ... }:
    {
      files.files = [
        {
          path_ = "README.md";
          drv =
            pkgs.writeText "README.md" # config.text.readme
              ''
                test README
              '';
        }
      ];
    };
 }
--- a/modules/meta/files.nix
+++ b/modules/meta/files.nix
@ -0,0 +1,7 @@
 { inputs, ... }:
 {
  imports = [ inputs.files.flakeModules.default ];
  perSystem = psArgs: {
    make-shells.default.packages = [ psArgs.config.files.writer.drv ];
  };
 }
--- a/modules/meta/make-shell.nix
+++ b/modules/meta/make-shell.nix
@ -0,0 +1,4 @@
 { inputs, ... }:
 {
  imports = [ inputs.make-shell.flakeModules.default ];
 }
--- a/modules/systems.nix
+++ b/modules/systems.nix
@ -0,0 +1,5 @@
 {
  systems = [
    "x86_64-linux"
  ];
 }