mkDeploy

2025-08-11 14:23:54 +02:00 · 2025-08-11 14:23:54 +02:00 · 764d5dd68c
commit 764d5dd68c
parent a2c4f7385b
9 changed files with 4996 additions and 18 deletions
--- a/flake.nix
+++ b/flake.nix
@ -90,8 +90,21 @@
    };
  };

-  outputs = inputs:
-    inputs.snowfall-lib.mkFlake {
+  outputs = inputs: let
+    lib = inputs.snowfall-lib.mkLib {
+      inherit inputs;
+      src = ./.;
+
+      snowfall = {
+        namespace = "custom";
+        meta = {
+          name = "KyleKrein's awesome Nix Flake";
+          title = "KyleKrein's awesome Nix Flake";
+        };
+      };
+    };
+  in
+    lib.mkFlake {
      inherit inputs;
      src = ./.;

@ -128,13 +141,10 @@
      ];

      templates = import ./templates {};
-
-      deploy.nodes.server = {
-        hostname = "kylekrein.com";
-        interactiveSudo = true;
-        profiles.system = {
-          user = "root";
-          path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.kylekrein-server;
+      deploy = lib.mkDeploy {
+        inherit (inputs) self;
+        overrides = {
+          kylekrein-server.hostname = "kylekrein.com";
        };
      };

@ -143,13 +153,5 @@
      };

      #schemas = inputs.flake-schemas.schemas;
-
-      snowfall = {
-        namespace = "custom";
-        meta = {
-          name = "KyleKrein's awesome Nix Flake";
-          title = "KyleKrein's awesome Nix Flake";
-        };
-      };
    };
 }
--- a/lib/deploy/default.nix
+++ b/lib/deploy/default.nix
@ -0,0 +1,61 @@
+{
+  lib,
+  inputs,
+}: let
+  inherit (inputs) deploy-rs;
+in rec {
+  ## Create deployment configuration for use with deploy-rs.
+  ##
+  ## ```nix
+  ## mkDeploy {
+  ##   inherit self;
+  ##   overrides = {
+  ##     my-host.system.sudo = "doas -u";
+  ##   };
+  ## }
+  ## ```
+  ##
+  #@ { self: Flake, overrides: Attrs ? {} } -> Attrs
+  mkDeploy = {
+    self,
+    overrides ? {},
+  }: let
+    hosts = self.nixosConfigurations or {};
+    names = builtins.attrNames hosts;
+    nodes =
+      lib.foldl (
+        result: name: let
+          host = hosts.${name};
+          user = host.config.user.name or null;
+          inherit (host.pkgs) system;
+        in
+          result
+          // {
+            ${name} =
+              (overrides.${name} or {})
+              // {
+                hostname = overrides.${name}.hostname or "${name}";
+                profiles =
+                  (overrides.${name}.profiles or {})
+                  // {
+                    system =
+                      (overrides.${name}.profiles.system or {})
+                      // {
+                        user = "root";
+                        path = deploy-rs.lib.${system}.activate.nixos host;
+                      }
+                      // lib.optionalAttrs (user != null) {
+                        sshUser = user;
+                      }
+                      // lib.optionalAttrs (host.config.system.security.doas.enable or false) {
+                        sudo = "doas -u";
+                      };
+                  };
+              };
+          }
+      ) {}
+      names;
+  in {
+    inherit nodes;
+  };
+}
--- a/lib/users/default.nix
+++ b/lib/users/default.nix
@ -34,6 +34,7 @@ with lib; rec {
    sops.secrets."users/${username}" = mkIf enable {
      neededForUsers = true;
    };
+    users.users.root.openssh.authorizedKeys.keys = mkIf enable trustedSshKeys;
    systemd.tmpfiles.rules = optionals (impermanence.enable) ["d ${persist}/home/${username} 0700 ${username} users -"]; # /persist/home/<user> created, owned by that user

    nix.settings.trusted-users = optionals admin [
--- a/modules/nixos/presets/disko/ext4/default.nix
+++ b/modules/nixos/presets/disko/ext4/default.nix
@ -0,0 +1,47 @@
+{
+  lib,
+  pkgs,
+  inputs,
+  namespace,
+  system,
+  target,
+  format,
+  virtual,
+  systems,
+  config,
+  ...
+}:
+with lib;
+with lib.${namespace}; let
+  cfg = config.${namespace}.presets.disko.ext4;
+in {
+  options.${namespace}.presets.disko.ext4 = with types; {
+    enable = mkBoolOpt false "Enable preset";
+    device = mkOpt' str "/dev/nvme0n1";
+    mountpoint = mkOpt' path "/";
+  };
+
+  config = mkIf cfg.enable {
+    disko.devices = {
+      disk = {
+        "${cfg.device}" = {
+          inherit device;
+          type = "disk";
+          content = {
+            type = "gpt";
+            partitions = {
+              root = {
+                size = "100%";
+                content = {
+                  type = "filesystem";
+                  format = "ext4";
+                  inherit (cfg) mountpoint;
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/modules/nixos/presets/disko/ext4Swap/default.nix
+++ b/modules/nixos/presets/disko/ext4Swap/default.nix
@ -0,0 +1,85 @@
+{
+  lib,
+  pkgs,
+  inputs,
+  namespace,
+  system,
+  target,
+  format,
+  virtual,
+  systems,
+  config,
+  ...
+}:
+with lib;
+with lib.${namespace}; let
+  cfg = config.${namespace}.presets.disko.ext4Swap;
+in {
+  options.${namespace}.presets.disko.ext4Swap = with types; {
+    enable = mkBoolOpt false "Enable preset";
+    device = mkOpt' str "/dev/nvme0n1";
+    swapSize = mkOpt' int 32;
+    mountpoint = mkOpt' path "/";
+  };
+
+  config = mkIf cfg.enable {
+    disko.devices = {
+      disk.${cfg.device} = {
+        type = "disk";
+        inherit device;
+        content = {
+          type = "gpt"; # Initialize the disk with a GPT partition table
+          partitions = {
+            ESP = {
+              # Setup the EFI System Partition
+              type = "EF00"; # Set the partition type
+              size = "1000M"; # Make the partition a gig
+              content = {
+                type = "filesystem";
+                format = "vfat"; # Format it as a FAT32 filesystem
+                mountpoint = "/boot"; # Mount it to /boot
+              };
+            };
+            primary = {
+              # Setup the LVM partition
+              size = "100%"; # Fill up the rest of the drive with it
+              content = {
+                type = "lvm_pv"; # pvcreate
+                vg = "vg1";
+              };
+            };
+          };
+        };
+      };
+      lvm_vg = {
+        # vgcreate
+        vg1 = {
+          # /dev/vg1
+          type = "lvm_vg";
+          lvs = {
+            # lvcreate
+            swap = {
+              # Logical Volume = "swap", /dev/vg1/swap
+              size = "${builtins.toString cfg.swapSize}G";
+              content = {
+                type = "swap";
+              };
+            };
+            root = {
+              # Logical Volume = "root", /dev/vg1/root
+              size = "100%FREE"; # Use the remaining space in the Volume Group
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                inherit (cfg) mountpoint;
+                mountOptions = [
+                  "defaults"
+                ];
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/modules/nixos/users/andrej/default.nix
+++ b/modules/nixos/users/andrej/default.nix
@ -0,0 +1,37 @@
+{
+  lib,
+  pkgs,
+  inputs,
+  namespace,
+  system,
+  target,
+  format,
+  virtual,
+  systems,
+  config,
+  ...
+}:
+with lib;
+with lib.${namespace}; let
+  username = "andrej";
+  admin = false;
+  extraGroups = ["networkmanager"];
+  trustedSshKeys = [];
+
+  cfg = config.${namespace}.users.${username};
+in {
+  options.${namespace}.users.${username} = with types; {
+    enable = mkBoolOpt false "Enable ${username} user";
+    config = mkOpt types.attrs {} "Additional home manager config for ${username}";
+  };
+
+  config = mkUser {
+    inherit config;
+    inherit (cfg) enable;
+    homeConfig = cfg.config;
+    inherit username;
+    inherit admin;
+    inherit extraGroups;
+    inherit trustedSshKeys;
+  };
+}
--- a/nixos/homes/kylekrein/emacs.nix
+++ b/nixos/homes/kylekrein/emacs.nix
@ -5,7 +5,7 @@
  inputs,
  ...
 }: let
-  emacs = inputs.emacs-kylekrein.packages.${hwconfig.system}.with-lsps-native;
+  emacs = inputs.emacs-kylekrein.packages.${hwconfig.system}.with-lsps;
 in {
  programs.emacs = {
    enable = true;
--- a/systems/x86_64-linux/andrej-pc/default.nix
+++ b/systems/x86_64-linux/andrej-pc/default.nix
@ -0,0 +1,134 @@
+{
+  lib,
+  pkgs,
+  inputs,
+  namespace,
+  system,
+  target,
+  format,
+  virtual,
+  systems,
+  config,
+  ...
+}:
+with lib;
+with lib.custom; {
+  facter.reportPath = ./facter.json;
+  custom = {
+    presets.default = enabled;
+    presets.wayland = enabled;
+    presets.gaming = enabled;
+    hardware = {
+      nvidia = enabled;
+      bluetooth = enabled;
+      printing = enabled;
+    };
+
+    users = {
+      kylekrein = {
+        enable = true;
+      };
+      andrej = {
+        enable = true;
+      };
+    };
+
+    presets.disko = {
+      ext4Swap = {
+        enable = true;
+        device = "/dev/sda";
+        swapSize = 16;
+      };
+      ext4 = {
+        enable = true;
+        device = "/dev/sdb";
+        mountpoint = "/run/extraDrive";
+      };
+    };
+  };
+
+  services.flatpak = enabled;
+
+  services.xserver = {
+    enable = true;
+    displayManager.gdm.enable = true;
+    desktopManager.gnome.enable = true;
+  };
+
+  networking.firewall.allowedTCPPorts = [22 25565];
+  networking.firewall.allowedUDPPorts = [22 25565];
+
+  services.scx.enable = true; # by default uses scx_rustland scheduler
+  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_cachyos;
+
+  security.polkit.enable = true;
+
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
+  };
+
+  programs.kdeconnect.enable = true;
+  programs.kdeconnect.package = lib.mkDefault pkgs.kdePackages.kdeconnect-kde;
+
+  programs.nh = {
+    enable = true;
+    clean.enable = true;
+    clean.extraArgs = "--keep-since 4d --keep 3";
+    flake = "/etc/nixos-config";
+  };
+
+  environment.systemPackages = with pkgs; [
+    libreoffice
+    fzf
+    killall
+    eza
+    fd
+    gparted
+    exfatprogs
+    lazygit
+    fastfetch
+    telegram-desktop
+    vlc
+    wl-clipboard
+    git
+    git-credential-manager
+    egl-wayland
+    btop
+    obs-studio
+    blender
+    vscodium-fhs
+    discord
+    solaar
+    element-desktop
+    wasistlos
+
+    prismlauncher
+    mcpelauncher-ui-qt
+    jdk
+    teams-for-linux
+  ];
+
+  hardware.nvidia.open = lib.mkForce false;
+  #hardware.nvidia.package = lib.mkForce config.boot.kernelPackages.nvidiaPackages.latest;
+  systemd.network.wait-online.enable = lib.mkForce false;
+
+  services.udisks2.enable = true;
+
+  services.zerotierone = {
+    enable = true;
+    joinNetworks = [
+      "a09acf0233dccb4a"
+      "1d71939404962783"
+      "41d49af6c260338d"
+    ];
+  };
+
+  # ======================== DO NOT CHANGE THIS ========================
+  system.stateVersion = "24.11";
+  # ======================== DO NOT CHANGE THIS ========================
+}
--- a/systems/x86_64-linux/andrej-pc/facter.json
+++ b/systems/x86_64-linux/andrej-pc/facter.json