feat: basic flake-parts structure, make-shell, files and readme

2025-07-02 23:12:04 +08:00 · 2025-07-02 23:12:04 +08:00 · dcd3a6fed7
commit dcd3a6fed7
parent 8b4bfb5e15
8 changed files with 127 additions and 129 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +0,0 @@
-result
-*.qcow2
--- a/README.md
+++ b/README.md
@ -1,99 +1 @@
-# Pantheon
-
-This repository serves as a flake for storing nixos and nix-darwin configurations.
-
-## Planning
-
-### To-do
-
- [ ] Copy over ~/.ssh/id_ed25519 and zellij status bar plugin confirmation
- [ ] Migrate immich to apollo, point to helios
- [x] Migrate LibreChat to apollo, maintain db
- [ ] Figure out wakapi
- [x] Add forgejo
- [ ] Add simple blog
-
-### Versions
-
- 1.0.0
-  - Setup desktop as hypervisor with nixos and win11
-    - Spare drive as steam library
-    - GPU passthrough to either system
-    - Always running, VMs spun down except when in use
-  - Apollo as hypervisor
-    - VMs for docker host, home-assistant, bare metal or containerised services
-  - Automated backups for home and state directories
-  - Ability to build VMs of all systems and implement integration tests
-    - Staging VMs for ad-hoc testing
-  - All servers set up with following services:
-    - Git server
-    - Chat app
-    - Network shares
-    - Federation with ActivityPub
-    - Wakapi
-  - Add a way to define services per host and refer to them by hostname
-  - helios as file and db server, apollo as services and reverse proxy
- 0.3.0
-  - Integration tests for all services
-  - Migrate services from helios
-
-## Structure
-
- Each system configuration should be defined by a list of profiles, e.g. desktop, docker, server, etc.
- Each service should work with contracts e.g. reverse proxy provider and subscriber, databases, etc.
- Each system configuration should have an ephemeral root directory built from the nixosConfiguration at boot.
- Servers should be as minimal as possible (to reduce attack surface)
- All systems should be able to build as VMs
- CI should be set up for updating packages and testing in VMs
- Home configurations should work across darwin and nixos
- Home configurations should be dotfiles only, and packages should be configured from the system config (tentative)
- Packages should only be installed to the path if they are actively used. One use programs should be used via comma or scripts calling their packages.
-
-## Modules
-
-The nixosModules and homeModules exposed by this flake are slightly out of the norm.
-
-Option declarations for user specific configuration are kept to:
-
- homeModules for CLI
- nixosModules for desktop
-
-System configurations, to this end, should include the window manager, lockscreen, terminal etc. for that system.
-
-These desktop programs will be **configured** in home-manager for each user, but those configurations consult the osConfig variable passed in by home-manager.
-
-## System Setup
-
-The following files are **required** for system activation:
-
- /persist/home/${mainUser}/.ssh/id_ed25519
-
-This private key will be used by sops-nix to decrypt the secrets in [this encrypted file](secrets/secrets.yaml). The secrets inside the yaml file should also be set, or otherwise removed alongside their declarations , found [here](modules/nixos/system/secrets.nix) and references.
-
-```bash
-# On the target machine
-# Boot into the NixOS installer
-
-sudo passwd
-
-# On the host machine
-deploy --user "rafiq" --ip "10.10.0.102" --hostname "apollo"
-```
-
-### From a Local NixOS Installer
-
-The installation may run out of space when installing from an install ISO. In that case, use Disko to format the drives first, then create a `/mnt/tmp` directory and set it as TMPDIR for nixos-install.
-
-```bash
-sudo su
-nix --extra-experimental-features "nix-command flakes" run github:nix-community/disko/master -- --mode destroy,format,mount --flake github:rrvsh/pantheon#<HOSTNAME>
-# Copy SSH key to /persist/home/rafiq/.ssh
-mkdir /mnt/tmp
-TMPDIR=/mnt/tmp nixos-install --flake github:rrvsh/pantheon#<HOSTNAME> --no-root-password
-reboot
-```
-
-## Impermanence
-
-System and user state is stored under /persist. Anything not declared under
-`{environment,home}.persistence` is deleted on system boot.
+test README
--- a/flake.lock
+++ b/flake.lock
@ -1,8 +1,40 @@
 {
  "nodes": {
+    "dedupe_flake-compat": {
+      "locked": {
+        "lastModified": 1747046372,
+        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "files": {
+      "locked": {
+        "lastModified": 1750263550,
+        "narHash": "sha256-EW/QJ8i/13GgiynBb6zOMxhLU1uEkRqmzbIDEP23yVA=",
+        "owner": "mightyiam",
+        "repo": "files",
+        "rev": "5f4ef1fd1f9012354a9748be093e277675d10f07",
+        "type": "github"
+      },
+      "original": {
+        "owner": "mightyiam",
+        "repo": "files",
+        "type": "github"
+      }
+    },
    "flake-parts": {
      "inputs": {
-        "nixpkgs-lib": "nixpkgs-lib"
+        "nixpkgs-lib": [
+          "nixpkgs"
+        ]
      },
      "locked": {
        "lastModified": 1751413152,
@ -18,6 +50,41 @@
        "type": "github"
      }
    },
+    "import-tree": {
+      "locked": {
+        "lastModified": 1751399845,
+        "narHash": "sha256-iun7//YHeEFgEOcG4KKKoy3d2GWOYqokLFVU/zIs79Y=",
+        "owner": "vic",
+        "repo": "import-tree",
+        "rev": "e24a50ff9b5871d4bdd8900679784812eeb120ea",
+        "type": "github"
+      },
+      "original": {
+        "owner": "vic",
+        "repo": "import-tree",
+        "type": "github"
+      }
+    },
+    "make-shell": {
+      "inputs": {
+        "flake-compat": [
+          "dedupe_flake-compat"
+        ]
+      },
+      "locked": {
+        "lastModified": 1733933815,
+        "narHash": "sha256-9JjM7eT66W4NJAXpGUsdyAFXhBxFWR2Z9LZwUa7Hli0=",
+        "owner": "nicknovitski",
+        "repo": "make-shell",
+        "rev": "ffeceae9956df03571ea8e96ef77c2924f13a63c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nicknovitski",
+        "repo": "make-shell",
+        "type": "github"
+      }
+    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1751271578,
@ -34,24 +101,13 @@
        "type": "github"
      }
    },
-    "nixpkgs-lib": {
-      "locked": {
-        "lastModified": 1751159883,
-        "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=",
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "type": "github"
-      }
-    },
    "root": {
      "inputs": {
+        "dedupe_flake-compat": "dedupe_flake-compat",
+        "files": "files",
        "flake-parts": "flake-parts",
+        "import-tree": "import-tree",
+        "make-shell": "make-shell",
        "nixpkgs": "nixpkgs"
      }
    }
--- a/flake.nix
+++ b/flake.nix
@ -3,18 +3,23 @@
    # nixos-unstable provides a binary cache for all packages.
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    # flake-parts lets us define flake modules.
-    flake-parts.url = "github:hercules-ci/flake-parts";
+    flake-parts = {
+      url = "github:hercules-ci/flake-parts";
+      inputs.nixpkgs-lib.follows = "nixpkgs";
+    };
+    # import-tree imports all nix files in a given directory.
+    import-tree.url = "github:vic/import-tree";
+    # files lets us write text files and automatically add checks for them
+    files.url = "github:mightyiam/files";
+    # make-shells.<name> creates devShells and checks
+    make-shell = {
+      url = "github:nicknovitski/make-shell";
+      inputs.flake-compat.follows = "dedupe_flake-compat";
+    };
+
+    # The following are not used but are here for deduplication.
+    dedupe_flake-compat.url = "github:edolstra/flake-compat";
  };

-  outputs =
-    inputs@{ self, ... }:
-    inputs.flake-parts.lib.mkFlake { inherit inputs; } {
-      imports = [ inputs.flake-parts.flakeModules.modules ];
-      systems = [ "x86_64-linux" ];
-      perSystem =
-        { pkgs, ... }:
-        {
-          packages.default = pkgs.hello;
-        };
-    };
+  outputs = inputs: inputs.flake-parts.lib.mkFlake { inherit inputs; } (inputs.import-tree ./modules);
 }
--- a/modules/docs/readme.nix
+++ b/modules/docs/readme.nix
@ -0,0 +1,21 @@
+{ config, ... }:
+{
+  # text.readme = {
+  #
+  # };
+
+  perSystem =
+    { pkgs, ... }:
+    {
+      files.files = [
+        {
+          path_ = "README.md";
+          drv =
+            pkgs.writeText "README.md" # config.text.readme
+              ''
+                test README
+              '';
+        }
+      ];
+    };
+}
--- a/modules/meta/files.nix
+++ b/modules/meta/files.nix
@ -0,0 +1,7 @@
+{ inputs, ... }:
+{
+  imports = [ inputs.files.flakeModules.default ];
+  perSystem = psArgs: {
+    make-shells.default.packages = [ psArgs.config.files.writer.drv ];
+  };
+}
--- a/modules/meta/make-shell.nix
+++ b/modules/meta/make-shell.nix
@ -0,0 +1,4 @@
+{ inputs, ... }:
+{
+  imports = [ inputs.make-shell.flakeModules.default ];
+}
--- a/modules/systems.nix
+++ b/modules/systems.nix
@ -0,0 +1,5 @@
+{
+  systems = [
+    "x86_64-linux"
+  ];
+}