felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2026-02-20 17:07:51 +01:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: felixalb:dagali-heimdal-openldap-sasl-stack
Branches Tags
felixalb:main felixalb:errorpages felixalb:PVVtheme2026 felixalb:dagali-heimdal-openldap-sasl-stack felixalb:skrot-new-thing felixalb:shellcheck felixalb:loginpage felixalb:temmie-userweb felixalb:gitea-robots-txt felixalb:kommode-disko felixalb:skrott-cross-compile felixalb:nettsiden-postgresql felixalb:gitea-vaskepersonalet felixalb:create-flake-input-exporter felixalb:gitea-runners-secrets felixalb:nom felixalb:add-skrott felixalb:pvvvvv felixalb:gitea-show-license-in-list-view felixalb:backup-databases felixalb:openwebui felixalb:setup-openvpn-tunnel felixalb:gitea-gpg-signing felixalb:sleipner-authorised-keys felixalb:openstack-image-builder felixalb:elysium felixalb:smartd-notifs felixalb:systemd-journald-remote felixalb:skrot felixalb:deploy-doorbell felixalb:misc-gitea-fixes felixalb:spotifyd felixalb:remote felixalb:setup-bikkje-login felixalb:ozai-prod felixalb:add-bluemap felixalb:ozai felixalb:setup-postfix-for-service-machines felixalb:fix-gitea-ci-runner-network-issues felixalb:heimdal-openldap-sasl-testing-on-salsa-on-buskerud felixalb:gitea-metrics felixalb:misc1 felixalb:add-simple-saml-theme felixalb:misc-extra-gitea-setup felixalb:setup-kerberos felixalb:setup-home-areas felixalb:shark-kanidm felixalb:prometheusexim
...
compare: felixalb:8b16f8f6d487c69e448931423844be5adbee333d
Branches Tags
felixalb:errorpages felixalb:PVVtheme2026 felixalb:dagali-heimdal-openldap-sasl-stack felixalb:main felixalb:skrot-new-thing felixalb:shellcheck felixalb:loginpage felixalb:temmie-userweb felixalb:gitea-robots-txt felixalb:kommode-disko felixalb:skrott-cross-compile felixalb:nettsiden-postgresql felixalb:gitea-vaskepersonalet felixalb:create-flake-input-exporter felixalb:gitea-runners-secrets felixalb:nom felixalb:add-skrott felixalb:pvvvvv felixalb:gitea-show-license-in-list-view felixalb:backup-databases felixalb:openwebui felixalb:setup-openvpn-tunnel felixalb:gitea-gpg-signing felixalb:sleipner-authorised-keys felixalb:openstack-image-builder felixalb:elysium felixalb:smartd-notifs felixalb:systemd-journald-remote felixalb:skrot felixalb:deploy-doorbell felixalb:misc-gitea-fixes felixalb:spotifyd felixalb:remote felixalb:setup-bikkje-login felixalb:ozai-prod felixalb:add-bluemap felixalb:ozai felixalb:setup-postfix-for-service-machines felixalb:fix-gitea-ci-runner-network-issues felixalb:heimdal-openldap-sasl-testing-on-salsa-on-buskerud felixalb:gitea-metrics felixalb:misc1 felixalb:add-simple-saml-theme felixalb:misc-extra-gitea-setup felixalb:setup-kerberos felixalb:setup-home-areas felixalb:shark-kanidm felixalb:prometheusexim

2 Commits
dagali-hei ... 8b16f8f6d4

Author SHA1 Message Date
h7x4
8b16f8f6d4 Remove global packages from users, skrott: remove neovim properly 2026-01-26 12:10:23 +09:00
h7x4
ff926f83b5 skrott: cross compile and further minimize 2026-01-26 11:55:27 +09:00
9 changed files with 75 additions and 63 deletions
Expand all files Collapse all files

5
base/programs.nix
View File

@@ -13,6 +13,9 @@
# Debug and find files # Debug and find files
file file
# Process json data
jq
# Check computer specs # Check computer specs
lshw lshw
@@ -54,6 +57,8 @@
programs.nano.enable = true; programs.nano.enable = true;
# Same reasoning as nano # Same reasoning as nano
programs.vim.enable = true; programs.vim.enable = true;
# Same reasoning as vim
programs.neovim.enable = true;
# Some people like this shell for some reason # Some people like this shell for some reason
programs.zsh.enable = true; programs.zsh.enable = true;

8
flake.lock generated
View File

@@ -8,11 +8,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769362210, "lastModified": 1769395643,
"narHash": "sha256-QCQD7Ofin5UYL0i5Sv34gfJ0p5pv1hwZspE/Ufe84L8=", "narHash": "sha256-41eMQ9nbkHNYuZnGAlyGNc8K717pfnGKiADuiSOW29E=",
"ref": "main", "ref": "main",
"rev": "1d01e1b2cb8fb2adee96c0b4f065c43c45eae290", "rev": "a0a89c22a24f55b6b6738c95e361e1551895be29",
"revCount": 229, "revCount": 230,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Projects/dibbler.git" "url": "https://git.pvv.ntnu.no/Projects/dibbler.git"
}, },

74
flake.nix
View File

@@ -69,8 +69,7 @@
in { in {
inputs = lib.mapAttrs (_: src: src.outPath) inputs; inputs = lib.mapAttrs (_: src: src.outPath) inputs;
pkgs = forAllSystems (system: pkgs = forAllSystems (system: import nixpkgs {
import nixpkgs {
inherit system; inherit system;
config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg)
[ [
@@ -80,26 +79,44 @@
}); });
nixosConfigurations = let nixosConfigurations = let
unstablePkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
nixosConfig = nixosConfig =
nixpkgs: nixpkgs:
name: name:
configurationPath: configurationPath:
extraArgs@{ extraArgs@{
system ? "x86_64-linux", localSystem ? "x86_64-linux", # buildPlatform
crossSystem ? "x86_64-linux", # hostPlatform
specialArgs ? { }, specialArgs ? { },
modules ? [ ], modules ? [ ],
overlays ? [ ], overlays ? [ ],
enableDefaults ? true, enableDefaults ? true,
... ...
}: }:
let
commonPkgsConfig = {
inherit localSystem crossSystem;
config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg)
[
"nvidia-x11"
"nvidia-settings"
];
overlays = (lib.optionals enableDefaults [
# Global overlays go here
inputs.roowho2.overlays.default
]) ++ overlays;
};
pkgs = import nixpkgs commonPkgsConfig;
unstablePkgs = import nixpkgs-unstable commonPkgsConfig;
in
lib.nixosSystem (lib.recursiveUpdate lib.nixosSystem (lib.recursiveUpdate
{ {
inherit system; system = crossSystem;
inherit pkgs;
specialArgs = { specialArgs = {
inherit unstablePkgs inputs; inherit inputs unstablePkgs;
values = import ./values.nix; values = import ./values.nix;
fp = path: ./${path}; fp = path: ./${path};
} // specialArgs; } // specialArgs;
@@ -113,22 +130,10 @@
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
inputs.roowho2.nixosModules.default inputs.roowho2.nixosModules.default
]) ++ modules; ]) ++ modules;
pkgs = import nixpkgs {
inherit system;
config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg)
[
"nvidia-x11"
"nvidia-settings"
];
overlays = (lib.optionals enableDefaults [
# Global overlays go here
inputs.roowho2.overlays.default
]) ++ overlays;
};
} }
(builtins.removeAttrs extraArgs [ (builtins.removeAttrs extraArgs [
"system" "localSystem"
"crossSystem"
"modules" "modules"
"overlays" "overlays"
"specialArgs" "specialArgs"
@@ -163,7 +168,6 @@
bekkalokk = stableNixosConfig "bekkalokk" { bekkalokk = stableNixosConfig "bekkalokk" {
overlays = [ overlays = [
(final: prev: { (final: prev: {
heimdal = unstablePkgs.heimdal;
mediawiki-extensions = final.callPackage ./packages/mediawiki-extensions { }; mediawiki-extensions = final.callPackage ./packages/mediawiki-extensions { };
simplesamlphp = final.callPackage ./packages/simplesamlphp { }; simplesamlphp = final.callPackage ./packages/simplesamlphp { };
bluemap = final.callPackage ./packages/bluemap.nix { }; bluemap = final.callPackage ./packages/bluemap.nix { };
@@ -221,17 +225,36 @@
inputs.gergle.overlays.default inputs.gergle.overlays.default
]; ];
}; };
skrott = stableNixosConfig "skrott" { }
system = "aarch64-linux"; //
(let
skrottConfig = {
modules = [ modules = [
(nixpkgs + "/nixos/modules/installer/sd-card/sd-image-aarch64.nix") (nixpkgs + "/nixos/modules/installer/sd-card/sd-image-aarch64.nix")
inputs.dibbler.nixosModules.default inputs.dibbler.nixosModules.default
]; ];
overlays = [ overlays = [
inputs.dibbler.overlays.default inputs.dibbler.overlays.default
(final: prev: {
atool = prev.emptyDirectory;
micro = prev.vim;
})
]; ];
}; };
} in {
skrott = stableNixosConfig "skrott" (skrottConfig // {
localSystem = "x86_64-linux";
crossSystem = "aarch64-linux";
});
skrott-x86_64 = stableNixosConfig "skrott" (skrottConfig // {
localSystem = "x86_64-linux";
crossSystem = "x86_64-linux";
});
skrott-native = stableNixosConfig "skrott" (skrottConfig // {
localSystem = "aarch64-linux";
crossSystem = "aarch64-linux";
});
})
// //
(let (let
machineNames = map (i: "lupine-${toString i}") (lib.range 1 5); machineNames = map (i: "lupine-${toString i}") (lib.range 1 5);
@@ -295,6 +318,7 @@
# Skrott is exception # Skrott is exception
{ {
skrott = self.nixosConfigurations.skrott.config.system.build.sdImage; skrott = self.nixosConfigurations.skrott.config.system.build.sdImage;
skrott-native = self.nixosConfigurations.skrott-native.config.system.build.sdImage;
} }
// //
# Nix-topology # Nix-topology

14
hosts/skrott/configuration.nix
View File

@@ -1,10 +1,13 @@
{ config, pkgs, lib, fp, values, ... }: { { config, pkgs, lib, modulesPath, fp, values, ... }: {
imports = [ imports = [
# ./hardware-configuration.nix (modulesPath + "/profiles/perlless.nix")
(fp /base) (fp /base)
]; ];
# Disable import of a bunch of tools we don't need from nixpkgs.
disabledModules = [ "profiles/base.nix" ];
sops.defaultSopsFile = fp /secrets/skrott/skrott.yaml; sops.defaultSopsFile = fp /secrets/skrott/skrott.yaml;
boot = { boot = {
@@ -16,6 +19,8 @@
}; };
# Now turn off a bunch of stuff lol # Now turn off a bunch of stuff lol
# TODO: can we reduce further?
# See also https://nixcademy.com/posts/minimizing-nixos-images/
system.autoUpgrade.enable = lib.mkForce false; system.autoUpgrade.enable = lib.mkForce false;
services.irqbalance.enable = lib.mkForce false; services.irqbalance.enable = lib.mkForce false;
services.logrotate.enable = lib.mkForce false; services.logrotate.enable = lib.mkForce false;
@@ -25,10 +30,11 @@
services.udisks2.enable = lib.mkForce false; services.udisks2.enable = lib.mkForce false;
services.thermald.enable = lib.mkForce false; services.thermald.enable = lib.mkForce false;
services.promtail.enable = lib.mkForce false; services.promtail.enable = lib.mkForce false;
boot.supportedFilesystems.zfs = lib.mkForce false;
documentation.enable = lib.mkForce false; documentation.enable = lib.mkForce false;
# TODO: can we reduce further? programs.neovim.enable = lib.mkForce false;
programs.git.package = pkgs.gitMinimal;
sops.secrets = { sops.secrets = {
"dibbler/postgresql/password" = { "dibbler/postgresql/password" = {

8
users/adriangl.nix
View File

@@ -9,14 +9,6 @@
"nix-builder-users" "nix-builder-users"
]; ];
packages = with pkgs; [
neovim
htop
ripgrep
vim
foot.terminfo
];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFa5y7KyLn2tjxed1czMbyM5scnEpo9v/GfnhL/28ckM legolas" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFa5y7KyLn2tjxed1czMbyM5scnEpo9v/GfnhL/28ckM legolas"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICf7SlyHR6KgP7+IeFr/Iuiu2lL5vaSlzqPonaO8XU0J gunalx@aragon" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICf7SlyHR6KgP7+IeFr/Iuiu2lL5vaSlzqPonaO8XU0J gunalx@aragon"

4
users/albertba.nix
View File

@@ -5,11 +5,7 @@
extraGroups = [ "wheel" "drift" "nix-builder-users" ]; extraGroups = [ "wheel" "drift" "nix-builder-users" ];
packages = with pkgs; [ packages = with pkgs; [
htop
neovim
ripgrep
fd fd
tmux
]; ];
shell = pkgs.zsh; shell = pkgs.zsh;

3
users/oysteikt.nix
View File

@@ -12,9 +12,6 @@
packages = with pkgs; [ packages = with pkgs; [
bottom bottom
eza eza
neovim
ripgrep
tmux
]; ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [

5
users/pederbs.nix
View File

@@ -14,14 +14,9 @@
bat bat
edir edir
fd fd
htop
jq
micro micro
ncdu ncdu
ripgrep
sd sd
tmux
wget
xe xe
yq yq
]; ];

3
users/vegardbm.nix
View File

@@ -11,9 +11,6 @@
packages = with pkgs; [ packages = with pkgs; [
btop btop
eza eza
neovim
ripgrep
tmux
]; ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDVA3HqEx3je6L1AC+bP8sTxu3ZTKvTCR0npCyOVAYK5 vbm@arch-xeon" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDVA3HqEx3je6L1AC+bP8sTxu3ZTKvTCR0npCyOVAYK5 vbm@arch-xeon"