refactor(ops/nixos): Move my NixOS configurations to //users/tazjin

NixOS modules move one level up because it's unlikely that //ops/nixos
will contain actual systems at this point (they're user-specific).

This is the first users folder, so it is also added to the root
readTree invocation for the repository.

Change-Id: I546c701145fa204b7ba7518a8a56a783588629e0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/244
Reviewed-by: tazjin <mail@tazj.in>
This commit is contained in:
Vincent Ambo 2020-06-13 21:52:20 +01:00 committed by tazjin
parent 9658e96a87
commit 268729083e
24 changed files with 51 additions and 124 deletions

View file

@ -36,7 +36,7 @@ case "${TARGET_TOOL}" in
attr="third_party.age" attr="third_party.age"
;; ;;
rebuilder) rebuilder)
attr="ops.nixos.rebuilder" attr="users.tazjin.nixos.rebuilder"
;; ;;
meson) meson)
attr="third_party.meson" attr="third_party.meson"

View file

@ -19,8 +19,6 @@ with (import ./default.nix {}); [
ops.kms_pass ops.kms_pass
ops.kontemplate ops.kontemplate
ops.mq_cli ops.mq_cli
ops.nixos.camdenSystem
ops.nixos.frogSystem
third_party.cgit third_party.cgit
third_party.git third_party.git
third_party.lisp # will build all third-party libraries third_party.lisp # will build all third-party libraries
@ -31,8 +29,7 @@ with (import ./default.nix {}); [
web.cgit-taz web.cgit-taz
web.tvl web.tvl
# Nugget is not currently built because it depends on various things # tazjin's personal things
# (such as chromium-vaapi) that don't work in CI. users.tazjin.nixos.camdenSystem
# users.tazjin.nixos.frogSystem
# ops.nixos.nuggetSystem
] ]

View file

@ -41,6 +41,7 @@ let
presentations = readTree ./presentations; presentations = readTree ./presentations;
third_party = readTree ./third_party; third_party = readTree ./third_party;
tools = readTree ./tools; tools = readTree ./tools;
users = readTree ./users;
web = readTree ./web; web = readTree ./web;
}; };
in fix(self: { in fix(self: {

1
ops/nixos/.skip-subtree Normal file
View file

@ -0,0 +1 @@
NixOS modules are not readTree compatible.

View file

@ -1,20 +1,7 @@
NixOS configuration NixOS modules
=================== =============
My NixOS configuration! It configures most of the packages I require This folder contains various NixOS modules shared by our NixOS
on my systems, sets up Emacs the way I need and does a bunch of other configurations.
interesting things.
System configuration lives in folders for each machine and a custom It is not read by `readTree`.
fixed point evaluation (similar to standard NixOS module
configuration) is used to combine configuration together.
Building `ops.nixos.rebuilder` yields a script that will automatically
build and activate the newest configuration based on the current
hostname.
## Configured hosts:
* `frog` - weapon of mass computation at home
* `nugget` - desktop computer at home
* ~~`urdhva` - T470s~~ (currently with edef)

View file

@ -4,7 +4,7 @@
# It needs to be included and configured in each system like this: # It needs to be included and configured in each system like this:
# #
# { # {
# imports = [ ../modules/depot.nix ]; # imports = [ "${depot.depotPath}/ops/nixos/depot.nix" ];
# inherit depot; # inherit depot;
# } # }
{ lib, ... }: { lib, ... }:

View file

@ -1,77 +0,0 @@
# This file configures offlineimap, notmuch and MSMTP.
#
# Some manual configuration is required the first time this is
# applied:
#
# 1. Credential setup.
# 2. Linking of MSMTP config (ln -s /etc/msmtprc ~/.msmtprc)
# 3. Linking of notmuch config (ln -s /etc/notmuch-config ~/.notmuch-config)
{ config, lib, pkgs, ... }:
let offlineImapConfig = pkgs.writeText "offlineimaprc"
(builtins.readFile ./dotfiles/offlineimaprc);
msmtpConfig = pkgs.writeText "msmtprc"
(builtins.readFile ./dotfiles/msmtprc);
notmuchConfig = pkgs.writeText "notmuch-config"
(builtins.readFile ./dotfiles/notmuch-config);
tagConfig = pkgs.writeText "notmuch-tags" ''
# Tag emacs-devel mailing list:
-inbox +emacs-devel -- to:emacs-devel@gnu.org OR cc:emacs-devel@gnu.org
# Tag nix-devel mailing list & discourse:
-inbox +nix-devel -- to:nix-devel@googlegroups.com OR from:nixos1@discoursemail.com
# Tag my own mail (from other devices) as sent:
-inbox +sent -- from:mail@tazj.in
# Drafts are always read, duh.
-unread -- tag:draft
'';
notmuchIndex = pkgs.writeShellScriptBin "notmuch-index" ''
echo "Indexing new mails in notmuch"
# Index new mail
${pkgs.notmuch}/bin/notmuch new
# Apply tags
cat ${tagConfig} | ${pkgs.notmuch}/bin/notmuch tag --batch
echo "Done indexing new mails"
'';
in {
# Enable OfflineIMAP timer & service:
systemd.user.timers.offlineimap = {
description = "OfflineIMAP timer";
wantedBy = [ "timers.target" ];
timerConfig = {
Unit = "offlineimap.service";
OnCalendar = "*:0/2"; # every 2 minutes
Persistent = "true"; # persist timer state after reboots
};
};
systemd.user.services.offlineimap = {
description = "OfflineIMAP service";
path = with pkgs; [ pass notmuch ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.offlineimap}/bin/offlineimap -u syslog -o -c ${offlineImapConfig}";
ExecStartPost = "${notmuchIndex}/bin/notmuch-index";
TimeoutStartSec = "2min";
};
};
# Link configuration files to /etc/ (from where they will be linked
# further):
environment.etc = {
"msmtprc".source = msmtpConfig;
"notmuch-config".source = notmuchConfig;
};
}

View file

@ -1 +0,0 @@
The files in this folder are NixOS modules, not readTree-importables.

View file

@ -0,0 +1,20 @@
NixOS configuration
===================
My NixOS configuration! It configures most of the packages I require
on my systems, sets up Emacs the way I need and does a bunch of other
interesting things.
System configuration lives in folders for each machine and a custom
fixed point evaluation (similar to standard NixOS module
configuration) is used to combine configuration together.
Building `ops.nixos.rebuilder` yields a script that will automatically
build and activate the newest configuration based on the current
hostname.
## Configured hosts:
* `frog` - weapon of mass computation at home
* `nugget` - desktop computer at home
* ~~`urdhva` - T470s~~ (currently with edef)

View file

@ -15,11 +15,11 @@ config: let
}; };
in lib.fix(self: { in lib.fix(self: {
imports = [ imports = [
../modules/depot.nix "${depot.depotPath}/ops/nixos/depot.nix"
../modules/hound.nix "${depot.depotPath}/ops/nixos/hound.nix"
../modules/monorepo-gerrit.nix "${depot.depotPath}/ops/nixos/monorepo-gerrit.nix"
../modules/smtprelay.nix "${depot.depotPath}/ops/nixos/smtprelay.nix"
../modules/tvl-slapd/default.nix "${depot.depotPath}/ops/nixos/tvl-slapd/default.nix"
"${pkgs.nixpkgsSrc}/nixos/modules/services/web-apps/gerrit.nix" "${pkgs.nixpkgsSrc}/nixos/modules/services/web-apps/gerrit.nix"
]; ];
depot = depot; depot = depot;

View file

@ -1,3 +1,4 @@
# TODO(tazjin): Generalise this and move to //ops/nixos
{ depot, lib, ... }: { depot, lib, ... }:
let let
@ -9,6 +10,13 @@ let
); );
}).system; }).system;
caseFor = hostname: ''
${hostname})
echo "Rebuilding NixOS for //users/tazjin/nixos/${hostname}"
system=$(nix-build -E '(import <depot> {}).users.tazjin.nixos.${hostname}System' --no-out-link)
;;
'';
rebuilder = depot.third_party.writeShellScriptBin "rebuilder" '' rebuilder = depot.third_party.writeShellScriptBin "rebuilder" ''
set -ue set -ue
if [[ $EUID -ne 0 ]]; then if [[ $EUID -ne 0 ]]; then
@ -17,18 +25,9 @@ let
fi fi
case $HOSTNAME in case $HOSTNAME in
nugget) ${caseFor "nugget"}
echo "Rebuilding NixOS for //ops/nixos/nugget" ${caseFor "camden"}
system=$(nix-build -E '(import <depot> {}).ops.nixos.nuggetSystem' --no-out-link) ${caseFor "frog"}
;;
camden)
echo "Rebuilding NixOS for //ops/nixos/camden"
system=$(nix-build -E '(import <depot> {}).ops.nixos.camdenSystem' --no-out-link)
;;
frog)
echo "Rebuilding NixOS for //ops/nixos/frog"
system=$(nix-build -E '(import <depot> {}).ops.nixos.frogSystem' --no-out-link)
;;
*) *)
echo "$HOSTNAME is not a known NixOS host!" >&2 echo "$HOSTNAME is not a known NixOS host!" >&2
exit 1 exit 1
@ -41,7 +40,7 @@ let
in { in {
inherit rebuilder; inherit rebuilder;
nuggetSystem = systemFor [ depot.ops.nixos.nugget ]; nuggetSystem = systemFor [ depot.users.tazjin.nixos.nugget ];
camdenSystem = systemFor [ depot.ops.nixos.camden ]; camdenSystem = systemFor [ depot.users.tazjin.nixos.camden ];
frogSystem = systemFor [ depot.ops.nixos.frog ]; frogSystem = systemFor [ depot.users.tazjin.nixos.frog ];
} }