feat: add configuration sv1

2024-12-16 19:48:24 +00:00 · 2024-12-16 19:48:24 +00:00 · e6e509d306
commit e6e509d306
20 changed files with 461 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+result
+*.qcow2
--- a/applications/default.nix
+++ b/applications/default.nix
@ -0,0 +1,2 @@
+{pkgs}: {
+}
--- a/configurations/default.nix
+++ b/configurations/default.nix
@ -0,0 +1,3 @@
+{lib}: {
+  sv1 = lib.callFragment ./sv1.nix {};
+}
--- a/configurations/sv1.nix
+++ b/configurations/sv1.nix
@ -0,0 +1,9 @@
+{
+  nixosSystem,
+  nixosSystems,
+  nixosModules,
+}:
+nixosSystem {
+  system = nixosSystems.x86_64-linux;
+  modules = [nixosModules.sv1];
+}
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,85 @@
+{
+  "nodes": {
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1733168902,
+        "narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "785c1e02c7e465375df971949b8dcbde9ec362e5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
+    "impermanence": {
+      "locked": {
+        "lastModified": 1731242966,
+        "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1733261153,
+        "narHash": "sha256-eq51hyiaIwtWo19fPEeE0Zr2s83DYMKJoukNLgGGpek=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "b681065d0919f7eb5309a93cea2cfa84dec9aa88",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-24.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "disko": "disko",
+        "impermanence": "impermanence",
+        "nixpkgs": "nixpkgs",
+        "sops-nix": "sops-nix"
+      }
+    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1733128155,
+        "narHash": "sha256-m6/qwJAJYcidGMEdLqjKzRIjapK4nUfMq7rDCTmZajc=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "c6134b6fff6bda95a1ac872a2a9d5f32e3c37856",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,40 @@
+{
+  description = "My NixOS configuration.";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    impermanence.url = "github:nix-community/impermanence";
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  outputs = {
+    self,
+    nixpkgs,
+    disko,
+    impermanence,
+    sops-nix,
+  }: let
+    lib = nixpkgs.lib.extend self.overlays.lib;
+    pkgs = nixpkgs.legacyPackages.x86_64-linux.extend self.overlays.pkgs;
+  in {
+    overlays = import ./overlays {
+      nixos-config = self;
+      inherit disko impermanence sops-nix;
+    };
+    library = import ./library {inherit lib;};
+    nixosConfigurations = import ./configurations {inherit lib;};
+    nixosModules = import ./modules;
+
+    formatter.x86_64-linux = pkgs.alejandra;
+    apps.x86_64-linux = import ./applications {inherit pkgs;};
+    devShells.x86_64-linux = import ./shells {inherit pkgs;};
+    packages.x86_64-linux = import ./packages {inherit pkgs;};
+  };
+}
--- a/library/callFragment.nix
+++ b/library/callFragment.nix
@ -0,0 +1,7 @@
+{lib}: path: attrs: let
+  fragment = import path;
+in
+  with builtins;
+    if isAttrs fragment
+    then fragment
+    else fragment ((intersectAttrs (functionArgs fragment) lib) // attrs)
--- a/library/default.nix
+++ b/library/default.nix
@ -0,0 +1,6 @@
+{lib}: {
+  callFragment = import ./callFragment.nix {inherit lib;};
+
+  nixosSystems = lib.callFragment ./nixosSystems.nix {};
+  sshKeys = lib.callFragment ./sshKeys.nix {};
+}
--- a/library/nixosSystems.nix
+++ b/library/nixosSystems.nix
@ -0,0 +1,4 @@
+{
+  aarch64-linux = "aarch64-linux";
+  x86_64-linux = "x86_64-linux";
+}
--- a/library/sshKeys.nix
+++ b/library/sshKeys.nix
@ -0,0 +1,6 @@
+let
+  header = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI";
+in {
+  lp1.user = header + "DIRyj2UXX2kmlx2zyzs0iW5LUt5oZCT/p5oJUXPvJNW";
+  lp2.user = header + "Emm0kmLocunk26a4j0TnYt6V2iyaBL9ctJJmp2lY8W9";
+}
--- a/modules/default.nix
+++ b/modules/default.nix
@ -0,0 +1,3 @@
+{
+  sv1 = import ./sv1.nix;
+}
--- a/modules/sv1.nix
+++ b/modules/sv1.nix
@ -0,0 +1,208 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = with lib.nixosModules; [
+    disko
+    impermanence
+  ];
+
+  disko.devices.disk.NixOS = {
+    device = "/dev/sda";
+    type = "disk";
+    content = {
+      type = "gpt";
+      partitions = {
+        BSP = {
+          type = "EF02";
+          size = "1M";
+        };
+        Crypt = {
+          size = "100%";
+          content = {
+            type = "luks";
+            name = "crypt";
+            extraFormatArgs = ["--type luks1"];
+            content = {
+              type = "btrfs";
+              postCreateHook = ''
+                btrfs="$(mktemp -d)"
+                mount -o subvol=/ /dev/mapper/crypt "$btrfs"
+                btrfs subvolume snapshot -r "$btrfs/root" "$btrfs/blank"
+                umount "$btrfs"
+                rm -rf "$btrfs"
+                boot="$(mktemp -d)"
+                mount -o subvol=/boot /dev/mapper/crypt "$boot"
+                dd if=/dev/urandom "of=$boot/luks.bin" bs=1024 count=4
+                cryptsetup luksAddKey                     \
+                  /dev/disk/by-partlabel/disk-NixOS-Crypt \
+                  "$boot/luks.bin"
+                umount "$boot"
+                rm -rf "$boot"
+              '';
+              subvolumes = {
+                "/root" = {
+                  mountpoint = "/";
+                  mountOptions = [
+                    "compress=zstd"
+                    "noatime"
+                  ];
+                };
+                "/boot" = {
+                  mountpoint = "/boot";
+                  mountOptions = [
+                    "compress=zstd"
+                    "noatime"
+                  ];
+                };
+                "/home" = {
+                  mountpoint = "/home";
+                  mountOptions = [
+                    "compress=zstd"
+                    "noatime"
+                  ];
+                };
+                "/nix" = {
+                  mountpoint = "/nix";
+                  mountOptions = [
+                    "compress=zstd"
+                    "noatime"
+                  ];
+                };
+                "/persist" = {
+                  mountpoint = "/persist";
+                  mountOptions = [
+                    "compress=zstd"
+                    "noatime"
+                  ];
+                };
+                "/log" = {
+                  mountpoint = "/var/log";
+                  mountOptions = [
+                    "compress=zstd"
+                    "noatime"
+                  ];
+                };
+                "/swap" = {
+                  mountpoint = "/.swap";
+                  swap.swapfile.size = "4G";
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+  fileSystems = {
+    "/persist".neededForBoot = true;
+    "/var/log".neededForBoot = true;
+  };
+
+  boot = {
+    loader = {
+      grub = {
+        enable = true;
+        enableCryptodisk = true;
+      };
+    };
+    initrd = {
+      availableKernelModules = [
+        "virtio_net"
+        "virtio_pci"
+        "virtio_mmio"
+        "virtio_blk"
+        "virtio_scsi"
+        "9p"
+        "9pnet_virtio"
+        "ahci"
+        "xhci_pci"
+        "virtio_pci"
+        "virtio_scsi"
+        "sd_mod"
+        "sr_mod"
+      ];
+      kernelModules = [
+        "virtio_balloon"
+        "virtio_console"
+        "virtio_rng"
+        "virtio_gpu"
+      ];
+      secrets."/luks.bin" = "/boot/luks.bin";
+      luks.devices.crypt = {
+        device = "/dev/disk/by-partlabel/disk-NixOS-Crypt";
+        keyFile = "/luks.bin";
+      };
+      postDeviceCommands = lib.mkBefore ''
+        btrfs="$(mktemp -d)"
+        mount -o subvol=/ /dev/mapper/crypt "$btrfs"
+        trap "umount $btrfs_root; rm -rf $btrfs" EXIT
+        btrfs subvolume list -o "$btrfs/root"           \
+          | cut -f9 -d' '                               \
+          | while read subvolume; do                    \
+            btrfs subvolume delete "$btrfs/$subvolume"
+          done                                          \
+          && btrfs subvolume delete "$btrfs/root"
+        btrfs subvolume snapshot "$btrfs/blank" "$btrfs/root"
+      '';
+    };
+  };
+
+  networking = {
+    hostName = "sv1";
+    networkmanager.enable = true;
+  };
+
+  time.timeZone = "Europe/London";
+  i18n.defaultLocale = "en_GB.UTF-8";
+  console.keyMap = "uk";
+
+  users = {
+    mutableUsers = false;
+    users = {
+      root = {
+        isSystemUser = true;
+        openssh.authorizedKeys.keys = with lib.sshKeys; [
+          lp1.user
+          lp2.user
+        ];
+      };
+      user = {
+        isNormalUser = true;
+        extraGroups = ["wheel"];
+        openssh.authorizedKeys.keys = with lib.sshKeys; [
+          lp1.user
+          lp2.user
+        ];
+      };
+    };
+  };
+
+  services.openssh = {
+    enable = true;
+    settings.PermitRootLogin = "without-password";
+  };
+
+  nixpkgs.overlays = [lib.overlays.pkgs];
+  environment = {
+    persistence."/persist" = {
+      hideMounts = true;
+      directories = ["/var/lib/nixos"];
+    };
+    systemPackages = with pkgs; [
+      git
+      my-vim
+    ];
+  };
+
+  nix.settings = {
+    trusted-users = ["root"];
+    experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+  };
+
+  system.stateVersion = "24.11";
+}
--- a/overlays/default.nix
+++ b/overlays/default.nix
@ -0,0 +1,9 @@
+{
+  nixos-config,
+  disko,
+  impermanence,
+  sops-nix,
+}: {
+  lib = import ./lib.nix {inherit nixos-config disko impermanence sops-nix;};
+  pkgs = import ./pkgs.nix {inherit nixos-config;};
+}
--- a/overlays/lib.nix
+++ b/overlays/lib.nix
@ -0,0 +1,17 @@
+{
+  nixos-config,
+  disko,
+  impermanence,
+  sops-nix,
+}: final: prev: let
+  inherit (nixos-config) overlays library;
+in
+  library
+  // {inherit overlays;}
+  // {
+    nixosModules =
+      nixos-config.nixosModules
+      // disko.nixosModules
+      // sops-nix.nixosModules
+      // impermanence.nixosModules;
+  }
--- a/overlays/pkgs.nix
+++ b/overlays/pkgs.nix
@ -0,0 +1,4 @@
+{nixos-config}: final: prev: let
+  inherit (nixos-config) overlays packages;
+in
+  packages.x86_64-linux // {lib = prev.lib.extend overlays.lib;}
--- a/packages/default.nix
+++ b/packages/default.nix
@ -0,0 +1,3 @@
+{pkgs}: {
+  my-vim = pkgs.callPackage ./my-vim {};
+}
--- a/packages/my-vim/default.nix
+++ b/packages/my-vim/default.nix
@ -0,0 +1,13 @@
+{vim-full}: let
+  vimNoGui = vim:
+    vim.override {config.vim.gui = "none";};
+  vimNoIcon = vim:
+    vim.overrideAttrs (prev: {
+      postFixup = prev.postFixup + "rm -r $out/share/{applications,icons}";
+    });
+  vimCustom = vim:
+    vim.customize {
+      vimrcConfig.customRC = builtins.readFile ./run-commands.vim;
+    };
+in
+  vimCustom (vimNoIcon (vimNoGui vim-full))
--- a/packages/my-vim/run-commands.vim
+++ b/packages/my-vim/run-commands.vim
@ -0,0 +1,27 @@
+" Allow backspacing.
+set backspace=indent,eol,start
+" Syntax highlighting.
+syntax on
+" Vertical rule highlighting.
+set colorcolumn=81
+hi ColorColumn ctermbg=245
+" Vertical line highlighting.
+set cursorcolumn
+hi CursorColumn ctermbg=238
+" Horizontal line highlighting.
+set cursorline
+hi clear CursorLine
+hi clear CursorLineNr
+hi link CursorLine CursorColumn
+hi link CursorLineNr CursorColumn
+" Numbering.
+set number
+set relativenumber
+" Indentation.
+set expandtab
+set shiftwidth=4
+set tabstop=4
+" Nix.
+autocmd BufRead,BufNewFile *.nix set filetype=nix
+autocmd Filetype nix set shiftwidth=2
+autocmd Filetype nix set tabstop=2
--- a/shells/default.nix
+++ b/shells/default.nix
@ -0,0 +1,3 @@
+{pkgs}: {
+  nixos-config = pkgs.callPackage ./nixos-config.nix {};
+}
--- a/shells/nixos-config.nix
+++ b/shells/nixos-config.nix
@ -0,0 +1,10 @@
+{
+  mkShell,
+  my-vim,
+}:
+mkShell {
+  packages = [my-vim];
+  shellHook = ''
+    PS1="\n\[\033[1;33m\][\[\e]0;\u@\h: \w\a\]\u@\h:\w]\$\[\033[0m\] "
+  '';
+}