From a16d497ebb72c0c50e8bffb1b0b549f526941dd8 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Sat, 24 Jan 2026 22:40:40 +0100 Subject: [PATCH] profile/core: migrate to nixosModule --- images/base-config.nix | 6 +-- images/flake-module.nix | 25 ++++++----- profiles/core/core.nix | 46 --------------------- profiles/core/default.nix | 33 +++++++++------ profiles/core/kernel-modules.nix | 21 ++++++++++ profiles/core/modules.nix | 15 ------- profiles/core/network.nix | 26 ++++++++---- profiles/core/nix.nix | 71 +++++++++++++++++++------------- profiles/core/packages.nix | 55 +++++++++++++++++++++++++ profiles/core/users.nix | 67 ++++++++++++++++-------------- 10 files changed, 208 insertions(+), 157 deletions(-) delete mode 100644 profiles/core/core.nix create mode 100644 profiles/core/kernel-modules.nix delete mode 100644 profiles/core/modules.nix create mode 100644 profiles/core/packages.nix diff --git a/images/base-config.nix b/images/base-config.nix index afd4800..e8e24df 100644 --- a/images/base-config.nix +++ b/images/base-config.nix @@ -50,10 +50,8 @@ }; }; - imports = [ - ../profiles/core/core.nix - ../profiles/core/nix.nix - ]; + my.profiles.core.nix.enable = true; + my.profiles.core.packages.enable = true; documentation = { enable = lib.mkDefault false; diff --git a/images/flake-module.nix b/images/flake-module.nix index a8e7872..bf25a46 100644 --- a/images/flake-module.nix +++ b/images/flake-module.nix @@ -1,10 +1,16 @@ { self, ... }: let - inherit (self.inputs) nixos-generators; - defaultModule = { - imports = [ ./base-config.nix ]; - _module.args.inputs = self.inputs; - }; + inherit (self.inputs) nixos-generators sops-nix; + defaultModules = [ + { + imports = [ + ./base-config.nix + sops-nix.nixosModules.sops + ]; + _module.args.inputs = self.inputs; + } + ../profiles + ]; in { perSystem = @@ -14,16 +20,14 @@ in install-iso = nixos-generators.nixosGenerate { system = "x86_64-linux"; inherit pkgs; - modules = [ defaultModule ]; + modules = defaultModules; format = "install-iso"; }; # install-sd-aarch64 = nixos-generators.nixosGenerate { # system = "aarch64-linux"; # inherit pkgs; - # modules = [ - # defaultModule - # ]; + # modules = defaultModules; # format = "sd-aarch64-installer"; # }; }; @@ -35,8 +39,7 @@ in # { # nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; # } - # defaultModule - # ]; + # ] ++ defaultModules; # }; #}; } diff --git a/profiles/core/core.nix b/profiles/core/core.nix deleted file mode 100644 index b1c697b..0000000 --- a/profiles/core/core.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ pkgs, ... }: -{ - # Packages - environment.systemPackages = with pkgs; [ - bandwhich # bandwidth monitor - bind # dns tools (dig, etc) - borgbackup # backup tool - cryptsetup # luks volume management - delta # git diff viewer - fd # find replacement in rust - file # show file type - fzf # fuzzy finder - gettext # localization tools - git # version control - gptfdisk # disk partitioning tools - htop # process monitor - jq # json processor - killall # kill processes by name - lsof # list open files - mosh # mobile shell - mtr # network diagnostic tool - multipath-tools # disk multipathing tools (kpartx) - neovim # text editor - nmap # network scanner - nmon # performance monitor - ouch # de-/compression tool - pciutils # lspci - progress # show progress of coreutils commands - pv # pipe viewer - reptyr # reparent process to new terminal - rsync # remote file sync - screen # terminal multiplexer - sd # sed replacement - stress-ng # stress testing - tmux # terminal multiplexer - unzip # unzip tools - usbutils # lsusb - vim # text editor - wget # file downloader - whois # domain lookup - xcp # rust cp replacement - zip # zip tools - ]; - - time.timeZone = "Europe/Berlin"; -} diff --git a/profiles/core/default.nix b/profiles/core/default.nix index da72c2b..dda4799 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -1,23 +1,30 @@ { config, lib, - pkgs, - inputs, - ... -}@args: +}: let cfg = config.my.profiles.core; in { + imports = [ + ./kernel-modules.nix + ./network.nix + ./nix.nix + ./packages.nix + ./users.nix + ]; + options.my.profiles.core.enable = lib.mkEnableOption "core profile"; - config = lib.mkIf cfg.enable ( - lib.mkMerge [ - (import ./core.nix args) - (import ./modules.nix args) - (import ./network.nix args) - (import ./nix.nix args) - (import ./users.nix args) - ] - ); + config = lib.mkIf cfg.enable { + my.profiles.core = { + packages.enable = lib.mkDefault true; + kernel-modules.enable = lib.mkDefault true; + network.enable = lib.mkDefault true; + nix.enable = lib.mkDefault true; + users.enable = lib.mkDefault true; + }; + + time.timeZone = "Europe/Berlin"; + }; } diff --git a/profiles/core/kernel-modules.nix b/profiles/core/kernel-modules.nix new file mode 100644 index 0000000..04791f6 --- /dev/null +++ b/profiles/core/kernel-modules.nix @@ -0,0 +1,21 @@ +{ config, lib, ... }: +let + cfg = config.my.profiles.core.kernel-modules; +in +{ + options.my.profiles.core.kernel-modules.enable = lib.mkEnableOption "kernel module profile"; + + config = lib.mkIf cfg.enable { + boot.initrd.availableKernelModules = [ + "ahci" + "e1000e" + "ehci_pci" + "nvme" + "sd_mod" + "uas" + "usbhid" + "usb_storage" + "xhci_pci" + ]; + }; +} diff --git a/profiles/core/modules.nix b/profiles/core/modules.nix deleted file mode 100644 index 9d0faec..0000000 --- a/profiles/core/modules.nix +++ /dev/null @@ -1,15 +0,0 @@ -_: { - boot.initrd = { - availableKernelModules = [ - "ahci" - "e1000e" - "ehci_pci" - "nvme" - "sd_mod" - "uas" - "usbhid" - "usb_storage" - "xhci_pci" - ]; - }; -} diff --git a/profiles/core/network.nix b/profiles/core/network.nix index b620223..e5c2568 100644 --- a/profiles/core/network.nix +++ b/profiles/core/network.nix @@ -1,12 +1,20 @@ -_: { - networking.networkmanager = { - enable = true; +{ config, lib, ... }: +let + cfg = config.my.profiles.core.network; +in +{ + options.my.profiles.core.network.enable = lib.mkEnableOption "core network profile"; - unmanaged = [ - "interface-name:br-*" # docker compose bridges - "interface-name:docker?" # docker default bridge - "interface-name:veth*" # docker veth devices - "interface-name:virbr?" # libvirt default bridge - ]; + config = lib.mkIf cfg.enable { + networking.networkmanager = { + enable = true; + + unmanaged = [ + "interface-name:br-*" # docker compose bridges + "interface-name:docker?" # docker default bridge + "interface-name:veth*" # docker veth devices + "interface-name:virbr?" # libvirt default bridge + ]; + }; }; } diff --git a/profiles/core/nix.nix b/profiles/core/nix.nix index 05e2073..8442ecb 100644 --- a/profiles/core/nix.nix +++ b/profiles/core/nix.nix @@ -1,36 +1,49 @@ -{ inputs, ... }: { - nix = { - daemonCPUSchedPolicy = "idle"; - daemonIOSchedClass = "idle"; + config, + lib, + inputs, + ... +}: +let + cfg = config.my.profiles.core.nix; +in +{ + options.my.profiles.core.nix.enable = lib.mkEnableOption "core nix profile"; - settings = { - trusted-users = [ - "root" - "@wheel" - ]; - auto-optimise-store = true; - builders-use-substitutes = true; + config = lib.mkIf cfg.enable { + + nix = { + daemonCPUSchedPolicy = "idle"; + daemonIOSchedClass = "idle"; + + settings = { + trusted-users = [ + "root" + "@wheel" + ]; + auto-optimise-store = true; + builders-use-substitutes = true; + }; + + gc = { + automatic = true; + options = "--delete-older-than 30d"; + }; + + extraOptions = '' + experimental-features = nix-command flakes + ''; + + registry = { + nixpkgs.flake = inputs.nixpkgs; + unstable.flake = inputs.nixpkgs-unstable; + }; }; - gc = { - automatic = true; - options = "--delete-older-than 30d"; + # auto upgrade with own flakes + system.autoUpgrade = { + enable = true; + flake = "github:Stunkymonkey/nixos"; }; - - extraOptions = '' - experimental-features = nix-command flakes - ''; - - registry = { - nixpkgs.flake = inputs.nixpkgs; - unstable.flake = inputs.nixpkgs-unstable; - }; - }; - - # auto upgrade with own flakes - system.autoUpgrade = { - enable = true; - flake = "github:Stunkymonkey/nixos"; }; } diff --git a/profiles/core/packages.nix b/profiles/core/packages.nix new file mode 100644 index 0000000..aa02e80 --- /dev/null +++ b/profiles/core/packages.nix @@ -0,0 +1,55 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.my.profiles.core.packages; +in +{ + options.my.profiles.core.packages.enable = lib.mkEnableOption "core packages profile"; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + bandwhich # bandwidth monitor + bind # dns tools (dig, etc) + borgbackup # backup tool + cryptsetup # luks volume management + delta # git diff viewer + fd # find replacement in rust + file # show file type + fzf # fuzzy finder + gettext # localization tools + git # version control + gptfdisk # disk partitioning tools + htop # process monitor + jq # json processor + killall # kill processes by name + lsof # list open files + mosh # mobile shell + mtr # network diagnostic tool + multipath-tools # disk multipathing tools (kpartx) + neovim # text editor + nmap # network scanner + nmon # performance monitor + ouch # de-/compression tool + pciutils # lspci + progress # show progress of coreutils commands + pv # pipe viewer + reptyr # reparent process to new terminal + rsync # remote file sync + screen # terminal multiplexer + sd # sed replacement + stress-ng # stress testing + tmux # terminal multiplexer + unzip # unzip tools + usbutils # lsusb + vim # text editor + wget # file downloader + whois # domain lookup + xcp # rust cp replacement + zip # zip tools + ]; + }; +} diff --git a/profiles/core/users.nix b/profiles/core/users.nix index 0455088..c0301a4 100644 --- a/profiles/core/users.nix +++ b/profiles/core/users.nix @@ -1,35 +1,42 @@ -{ config, ... }: +{ config, lib, ... }: +let + cfg = config.my.profiles.core.users; +in { - sops.secrets."users/felix/password".neededForUsers = true; - sops.secrets."users/felix/password" = { }; + options.my.profiles.core.users.enable = lib.mkEnableOption "core users profile"; - users.users.felix = { - isNormalUser = true; - home = "/home/felix"; - group = "felix"; - extraGroups = [ - "adbusers" # adb control - "audio" # sound control - "cdrom" # emulate cds - "dialout" # serial-console - "docker" # usage of `docker` socket - "input" # mouse control - "libvirtd" # kvm control - "networkmanager" # wireless configuration - "podman" # usage of `podman` socket - "seat" # access to input devices - "video" # screen control - "wheel" # `sudo` for the user. - ]; - hashedPasswordFile = config.sops.secrets."users/felix/password".path; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@workman" - "no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHhjrfqyOS+M9ATSTVr9JXPERBXOow/ZmkWICjbtbEgXAAAAFHNzaDpmZWxpeC1wZXJzb25hbC0x ssh:felix-personal-1" - "no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMHExVOrEevQ+bwrrW3cXCO7Y/SyA+7wG+b6ZvAWY4MJAAAAFHNzaDpmZWxpeC1wZXJzb25hbC0y ssh:felix-personal-2" - ]; - }; + config = lib.mkIf cfg.enable { + sops.secrets."users/felix/password".neededForUsers = true; + sops.secrets."users/felix/password" = { }; - users.groups.felix = { - gid = 1000; + users.users.felix = { + isNormalUser = true; + home = "/home/felix"; + group = "felix"; + extraGroups = [ + "adbusers" # adb control + "audio" # sound control + "cdrom" # emulate cds + "dialout" # serial-console + "docker" # usage of `docker` socket + "input" # mouse control + "libvirtd" # kvm control + "networkmanager" # wireless configuration + "podman" # usage of `podman` socket + "seat" # access to input devices + "video" # screen control + "wheel" # `sudo` for the user. + ]; + hashedPasswordFile = config.sops.secrets."users/felix/password".path; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@workman" + "no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHhjrfqyOS+M9ATSTVr9JXPERBXOow/ZmkWICjbtbEgXAAAAFHNzaDpmZWxpeC1wZXJzb25hbC0x ssh:felix-personal-1" + "no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMHExVOrEevQ+bwrrW3cXCO7Y/SyA+7wG+b6ZvAWY4MJAAAAFHNzaDpmZWxpeC1wZXJzb25hbC0y ssh:felix-personal-2" + ]; + }; + + users.groups.felix = { + gid = 1000; + }; }; }