diff --git a/lib/build-clan/machineModules/forName.nix b/lib/build-clan/machineModules/forName.nix index 45e01fcfb..06dc4bf11 100644 --- a/lib/build-clan/machineModules/forName.nix +++ b/lib/build-clan/machineModules/forName.nix @@ -9,30 +9,24 @@ ... }: { - imports = [ - { - imports = builtins.filter builtins.pathExists ( - [ - "${directory}/machines/${name}/configuration.nix" - ] - ++ lib.optionals (_class == "nixos") [ - "${directory}/machines/${name}/hardware-configuration.nix" - "${directory}/machines/${name}/disko.nix" - ] - ); - } - (lib.optionalAttrs (_class == "nixos") { - clan.core.settings = { - inherit (meta) name icon; - inherit directory; - machine = { - inherit name; - }; - }; - }) - # TODO: move into nixos modules - ({ - networking.hostName = lib.mkDefault name; - }) - ]; + imports = builtins.filter builtins.pathExists ( + [ + "${directory}/machines/${name}/configuration.nix" + ] + ++ lib.optionals (_class == "nixos") [ + "${directory}/machines/${name}/hardware-configuration.nix" + "${directory}/machines/${name}/disko.nix" + ] + ); + + clan.core.settings = { + inherit (meta) name icon; + inherit directory; + machine = { + inherit name; + }; + }; + + # TODO: move into nixosModules + networking.hostName = lib.mkDefault name; } diff --git a/lib/build-clan/module.nix b/lib/build-clan/module.nix index 3d2a2f8bc..d8924868f 100644 --- a/lib/build-clan/module.nix +++ b/lib/build-clan/module.nix @@ -221,17 +221,11 @@ in # machine specifics machines = configsPerSystem; - all-machines-json = - if !lib.hasAttrByPath [ "darwinModules" "clanCore" ] clan-core then - lib.mapAttrs ( - system: configs: - nixpkgs.legacyPackages.${system}.writers.writeJSON "machines.json" ( - lib.mapAttrs (_: m: m.config.system.clan.deployment.data) ( - lib.filterAttrs (_n: v: v.class == "nixos") configs - ) - ) - ) configsPerSystem - else - throw "remove NixOS filter and support nix-darwin as well"; + all-machines-json = lib.mapAttrs ( + system: configs: + nixpkgs.legacyPackages.${system}.writers.writeJSON "machines.json" ( + lib.mapAttrs (_: m: m.config.system.clan.deployment.data) configs + ) + ) configsPerSystem; }; } diff --git a/nixosModules/clanCore/default.nix b/nixosModules/clanCore/default.nix index e5912c74c..d6e037ceb 100644 --- a/nixosModules/clanCore/default.nix +++ b/nixosModules/clanCore/default.nix @@ -1,23 +1,26 @@ +{ _class, lib, ... }: { - imports = [ - ./backups.nix - ./defaults.nix - ./facts - ./inventory - ./meta/interface.nix - ./metadata.nix - ./networking.nix - ./nixos-facter.nix - ./nix-settings.nix - ./options.nix - ./outputs.nix - ./schema.nix - ./sops.nix - ./vars - ./vm.nix - ./wayland-proxy-virtwl.nix - ./zerotier - ./zfs.nix - ]; - + imports = + [ + ./backups.nix + ./defaults.nix + ./facts + ./inventory + ./meta/interface.nix + ./metadata.nix + ./networking.nix + ./nix-settings.nix + ./options.nix + ./outputs.nix + ./schema.nix + ./sops.nix + ./vars + ] + ++ lib.optionals (_class == "nixos") [ + ./nixos-facter.nix + ./vm.nix + ./wayland-proxy-virtwl.nix + ./zerotier + ./zfs.nix + ]; } diff --git a/nixosModules/clanCore/defaults.nix b/nixosModules/clanCore/defaults.nix index 3472200ea..d382222ee 100644 --- a/nixosModules/clanCore/defaults.nix +++ b/nixosModules/clanCore/defaults.nix @@ -1,10 +1,27 @@ { + _class, lib, config, pkgs, ... }: { + imports = lib.optional (_class == "nixos") ( + lib.mkIf config.clan.core.enableRecommendedDefaults { + # Use systemd during boot as well except: + # - systems with raids as this currently require manual configuration: https://github.com/NixOS/nixpkgs/issues/210210 + # - for containers we currently rely on the `stage-2` init script that sets up our /etc + boot.initrd.systemd.enable = lib.mkDefault (!config.boot.swraid.enable && !config.boot.isContainer); + + # Don't install the /lib/ld-linux.so.2 stub. This saves one instance of nixpkgs. + environment.ldso32 = null; + + environment.systemPackages = [ + pkgs.nixos-facter # for `clan machines update-hardware-config --backend nixos-facter` + ]; + } + ); + options.clan.core.enableRecommendedDefaults = lib.mkOption { type = lib.types.bool; description = '' @@ -20,11 +37,6 @@ }; config = lib.mkIf config.clan.core.enableRecommendedDefaults { - # Use systemd during boot as well except: - # - systems with raids as this currently require manual configuration: https://github.com/NixOS/nixpkgs/issues/210210 - # - for containers we currently rely on the `stage-2` init script that sets up our /etc - boot.initrd.systemd.enable = lib.mkDefault (!config.boot.swraid.enable && !config.boot.isContainer); - # This disables the HTML manual and `nixos-help` command but leaves # `man configuration.nix` documentation.doc.enable = lib.mkDefault false; @@ -32,9 +44,6 @@ # Work around for https://github.com/NixOS/nixpkgs/issues/124215 documentation.info.enable = lib.mkDefault false; - # Don't install the /lib/ld-linux.so.2 stub. This saves one instance of nixpkgs. - environment.ldso32 = null; - environment.systemPackages = [ # essential debugging tools for networked services pkgs.dnsutils @@ -43,8 +52,6 @@ pkgs.jq pkgs.htop - pkgs.nixos-facter # for `clan machines update-hardware-config --backend nixos-facter` - pkgs.gitMinimal ]; }; diff --git a/nixosModules/clanCore/networking.nix b/nixosModules/clanCore/networking.nix index 4a9b14de9..bf85b57a6 100644 --- a/nixosModules/clanCore/networking.nix +++ b/nixosModules/clanCore/networking.nix @@ -1,4 +1,9 @@ -{ config, lib, ... }: +{ + _class, + config, + lib, + ... +}: { options.clan.core = { networking = { @@ -96,23 +101,25 @@ ] ) ]; - config = lib.mkIf config.clan.core.enableRecommendedDefaults { - # conflicts with systemd-resolved - networking.useHostResolvConf = false; + config = lib.optionalAttrs (_class == "nixos") ( + lib.mkIf config.clan.core.enableRecommendedDefaults { + # conflicts with systemd-resolved + networking.useHostResolvConf = false; - # Allow PMTU / DHCP - networking.firewall.allowPing = true; + # Allow PMTU / DHCP + networking.firewall.allowPing = true; - # The notion of "online" is a broken concept - # https://github.com/systemd/systemd/blob/e1b45a756f71deac8c1aa9a008bd0dab47f64777/NEWS#L13 - systemd.services.NetworkManager-wait-online.enable = false; - systemd.network.wait-online.enable = false; + # The notion of "online" is a broken concept + # https://github.com/systemd/systemd/blob/e1b45a756f71deac8c1aa9a008bd0dab47f64777/NEWS#L13 + systemd.services.NetworkManager-wait-online.enable = false; + systemd.network.wait-online.enable = false; - systemd.network.networks."99-ethernet-default-dhcp".networkConfig.MulticastDNS = lib.mkDefault true; - systemd.network.networks."99-wireless-client-dhcp".networkConfig.MulticastDNS = lib.mkDefault true; - networking.firewall.allowedUDPPorts = [ 5353 ]; # Multicast DNS + systemd.network.networks."99-ethernet-default-dhcp".networkConfig.MulticastDNS = lib.mkDefault true; + systemd.network.networks."99-wireless-client-dhcp".networkConfig.MulticastDNS = lib.mkDefault true; + networking.firewall.allowedUDPPorts = [ 5353 ]; # Multicast DNS - # Use networkd instead of the pile of shell scripts - networking.useNetworkd = lib.mkDefault true; - }; + # Use networkd instead of the pile of shell scripts + networking.useNetworkd = lib.mkDefault true; + } + ); } diff --git a/nixosModules/clanCore/nix-settings.nix b/nixosModules/clanCore/nix-settings.nix index 2cab5e8d3..caa290da5 100644 --- a/nixosModules/clanCore/nix-settings.nix +++ b/nixosModules/clanCore/nix-settings.nix @@ -1,27 +1,38 @@ -{ lib, config, ... }: +{ + _class, + lib, + config, + ... +}: # Taken from: # https://github.com/nix-community/srvos/blob/main/nixos/common/nix.nix -lib.mkIf config.clan.core.enableRecommendedDefaults { - # Fallback quickly if substituters are not available. - nix.settings.connect-timeout = 5; +{ + imports = lib.optional (_class == "nixos") ( + lib.mkIf config.clan.core.enableRecommendedDefaults { + nix.daemonCPUSchedPolicy = lib.mkDefault "batch"; + nix.daemonIOSchedClass = lib.mkDefault "idle"; + nix.daemonIOSchedPriority = lib.mkDefault 7; + } + ); - # Enable flakes - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; + config = lib.mkIf config.clan.core.enableRecommendedDefaults { + # Fallback quickly if substituters are not available. + nix.settings.connect-timeout = 5; - # The default at 10 is rarely enough. - nix.settings.log-lines = lib.mkDefault 25; + # Enable flakes + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; - # Avoid disk full issues - nix.settings.max-free = lib.mkDefault (3000 * 1024 * 1024); - nix.settings.min-free = lib.mkDefault (512 * 1024 * 1024); + # The default at 10 is rarely enough. + nix.settings.log-lines = lib.mkDefault 25; - nix.daemonCPUSchedPolicy = lib.mkDefault "batch"; - nix.daemonIOSchedClass = lib.mkDefault "idle"; - nix.daemonIOSchedPriority = lib.mkDefault 7; + # Avoid disk full issues + nix.settings.max-free = lib.mkDefault (3000 * 1024 * 1024); + nix.settings.min-free = lib.mkDefault (512 * 1024 * 1024); - # Avoid copying unnecessary stuff over SSH - nix.settings.builders-use-substitutes = true; + # Avoid copying unnecessary stuff over SSH + nix.settings.builders-use-substitutes = true; + }; } diff --git a/nixosModules/clanCore/nixos-facter.nix b/nixosModules/clanCore/nixos-facter.nix index 355d1be39..e07d63711 100644 --- a/nixosModules/clanCore/nixos-facter.nix +++ b/nixosModules/clanCore/nixos-facter.nix @@ -6,6 +6,7 @@ let hwConfig = "${directory}/machines/${machineName}/hardware-configuration.nix"; in { + _class = "nixos"; facter.reportPath = lib.mkIf (builtins.pathExists facterJson) facterJson; warnings = lib.optionals diff --git a/nixosModules/clanCore/vars/default.nix b/nixosModules/clanCore/vars/default.nix index 8d1a7a4ea..295f734df 100644 --- a/nixosModules/clanCore/vars/default.nix +++ b/nixosModules/clanCore/vars/default.nix @@ -1,4 +1,5 @@ { + _class, lib, config, pkgs, @@ -14,13 +15,16 @@ let }; in { - imports = [ - ./public/in_repo.nix - ./secret/fs.nix - ./secret/password-store.nix - ./secret/sops - ./secret/vm.nix - ]; + imports = + [ + ./public/in_repo.nix + ./secret/fs.nix + ./secret/sops + ./secret/vm.nix + ] + ++ lib.optionals (_class == "nixos") [ + ./secret/password-store.nix + ]; options.clan.core.vars = lib.mkOption { description = '' Generated Variables diff --git a/nixosModules/clanCore/vars/secret/password-store.nix b/nixosModules/clanCore/vars/secret/password-store.nix index dd9713108..50c4f9582 100644 --- a/nixosModules/clanCore/vars/secret/password-store.nix +++ b/nixosModules/clanCore/vars/secret/password-store.nix @@ -52,6 +52,8 @@ let in { + _class = "nixos"; + options.clan.vars.password-store = { secretLocation = lib.mkOption { type = lib.types.path; diff --git a/nixosModules/clanCore/vm.nix b/nixosModules/clanCore/vm.nix index b12277b64..c3c6c73ac 100644 --- a/nixosModules/clanCore/vm.nix +++ b/nixosModules/clanCore/vm.nix @@ -122,6 +122,8 @@ let vmConfig = extendModules { modules = [ vmModule ]; }; in { + _class = "nixos"; + options = { clan.virtualisation = { cores = lib.mkOption { diff --git a/nixosModules/clanCore/wayland-proxy-virtwl.nix b/nixosModules/clanCore/wayland-proxy-virtwl.nix index 0c52fa6a5..d503286a7 100644 --- a/nixosModules/clanCore/wayland-proxy-virtwl.nix +++ b/nixosModules/clanCore/wayland-proxy-virtwl.nix @@ -5,6 +5,7 @@ ... }: { + _class = "nixos"; options = { # maybe upstream this? services.wayland-proxy-virtwl = { diff --git a/nixosModules/clanCore/zfs.nix b/nixosModules/clanCore/zfs.nix index 01b69613b..6b60cb57c 100644 --- a/nixosModules/clanCore/zfs.nix +++ b/nixosModules/clanCore/zfs.nix @@ -1,5 +1,7 @@ { lib, config, ... }: { + _class = "nixos"; + # Use the same default hostID as the NixOS install ISO and nixos-anywhere. # This allows us to import zfs pool without using a force import. # ZFS has this as a safety mechanism for networked block storage (ISCSI), but diff --git a/nixosModules/flake-module.nix b/nixosModules/flake-module.nix index 13f4278d5..9dd963656 100644 --- a/nixosModules/flake-module.nix +++ b/nixosModules/flake-module.nix @@ -1,25 +1,37 @@ { inputs, self, ... }: +let + clanCore = + { + _class, + pkgs, + lib, + ... + }: + { + imports = + [ + ./clanCore + inputs.sops-nix."${_class}Modules".sops + ] + ++ lib.optionals (_class == "nixos") [ + inputs.nixos-facter-modules.nixosModules.facter + inputs.disko.nixosModules.default + inputs.data-mesher.nixosModules.data-mesher + ]; + config = { + clan.core.clanPkgs = lib.mkDefault self.packages.${pkgs.hostPlatform.system}; + }; + }; +in { - flake.nixosModules = { - hidden-ssh-announce.imports = [ ./hidden-ssh-announce.nix ]; - bcachefs.imports = [ ./bcachefs.nix ]; - installer.imports = [ - ./installer - self.nixosModules.hidden-ssh-announce - self.nixosModules.bcachefs - ]; - clanCore.imports = [ - inputs.sops-nix.nixosModules.sops - inputs.nixos-facter-modules.nixosModules.facter - inputs.disko.nixosModules.default - inputs.data-mesher.nixosModules.data-mesher - ./clanCore - ( - { pkgs, lib, ... }: - { - clan.core.clanPkgs = lib.mkDefault self.packages.${pkgs.hostPlatform.system}; - } - ) - ]; - }; + flake.nixosModules.hidden-ssh-announce = ./hidden-ssh-announce.nix; + flake.nixosModules.bcachefs = ./bcachefs.nix; + flake.nixosModules.installer.imports = [ + ./installer + self.nixosModules.hidden-ssh-announce + self.nixosModules.bcachefs + ]; + + flake.nixosModules.clanCore = clanCore; + flake.darwinModules.clanCore = clanCore; }