thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
86233cac27e15ab748b115d53d28fd78c2984df7
sp-config/flake.nix

158 lines
6.1 KiB
Nix
Raw Normal View History

test
2023-07-15 16:52:46 +04:00
{
nixosConfiguration-fun takes a set as an argument This set must contain: - hardware-configuration - userdata (parsed)
2023-11-06 11:40:32 +04:00
description = "SelfPrivacy NixOS configuration flake";
test
2023-07-15 16:52:46 +04:00
inputs = {
style: format tree
2025-06-18 19:53:44 +03:00
nixpkgs.url = "github:nixos/nixpkgs";
nixos-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
get rid of overlay for selfprivacy-graphql-api
2023-11-06 12:18:08 +04:00
style: format tree
2025-06-18 19:53:44 +03:00
selfprivacy-api.url = "git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git";
migrate selfprivacy-api NixOS module to selfprivacy API repository But do not treat it as a SP module.
2023-11-16 06:31:31 +04:00
# make selfprivacy-api use the same shared nixpkgs
selfprivacy-api.inputs.nixpkgs.follows = "nixpkgs";
test
2023-07-15 16:52:46 +04:00
};
style: format tree
2025-06-18 19:53:44 +03:00
outputs =
{
self,
nixpkgs,
nixos-unstable,
selfprivacy-api,
}:
{
nixosConfigurations-fun =
{
hardware-configuration,
deployment,
userdata,
top-level-flake,
sp-modules,
}:
{
default = nixpkgs.lib.nixosSystem {
modules =
[
hardware-configuration
deployment
./configuration.nix
./auth/auth.nix
{
nixpkgs.overlays = [
(_final: prev: {
auth: remove possibility to use kanidm 1.4.6
2025-04-22 17:34:30 +04:00
inherit (nixos-unstable.legacyPackages.${prev.system})
kanidm
kanidm-provision
;
style: format tree
2025-06-18 19:53:44 +03:00
})
];
disabledModules = [ "services/security/kanidm.nix" ];
imports = [ ./auth/kanidm.nix ];
}
selfprivacy-api.nixosModules.default
(
{ pkgs, lib, ... }:
{
environment.etc =
(lib.attrsets.mapAttrs' (name: sp-module: {
name = "sp-modules/${name}";
value.text = import ./lib/meta.nix { inherit pkgs sp-module; };
}) sp-modules)
// {
suggested-sp-modules.text = builtins.toJSON (builtins.attrNames (builtins.readDir ./sp-modules));
};
}
auth: selfprivacy.sso.useKanidm_1_4
2025-04-18 21:06:18 +04:00
)
style: format tree
2025-06-18 19:53:44 +03:00
(
let
deepFilter =
ref: attrset:
builtins.foldl' (
acc: key:
if builtins.hasAttr key ref then
let
value = attrset.${key};
refValue = ref.${key};
in
acc
// {
${key} =
if builtins.isAttrs value && builtins.isAttrs refValue then deepFilter refValue value else value;
}
else
acc
) { } (builtins.attrNames attrset);
in
{ options, ... }:
{
# pass userdata (parsed from JSON) options to selfprivacy module
selfprivacy = deepFilter options.selfprivacy userdata;
get rid of files.nix; ACME/credentialsFile and other cleanup
2023-12-16 09:39:22 +04:00
style: format tree
2025-06-18 19:53:44 +03:00
# embed top-level flake source folder into the build
environment.etc."selfprivacy/nixos-config-source".source = top-level-flake;
get rid of files.nix; ACME/credentialsFile and other cleanup
2023-12-16 09:39:22 +04:00
style: format tree
2025-06-18 19:53:44 +03:00
# for running "nix search nixpkgs", "nix shell nixpkgs#PKG... etc
nix.registry.nixpkgs.flake = nixpkgs;
get rid of files.nix; ACME/credentialsFile and other cleanup
2023-12-16 09:39:22 +04:00
style: format tree
2025-06-18 19:53:44 +03:00
# embed commit sha1 for `nixos-version --configuration-revision`
system.configurationRevision = self.rev or "@${self.lastModifiedDate}"; # for development
# TODO assertion to forbid dirty builds caused by top-level-flake
get rid of files.nix; ACME/credentialsFile and other cleanup
2023-12-16 09:39:22 +04:00
style: format tree
2025-06-18 19:53:44 +03:00
# reset contents of /etc/nixos to match running NixOS generation
system.activationScripts.selfprivacy-nixos-config-source = ''
rm -rf /etc/nixos/{*,.[!.]*}
cp -r --no-preserve=all ${top-level-flake}/ -T /etc/nixos/
'';
}
)
]
++
# add SP modules, but constrain available config attributes for each
# (TODO revise evaluation performance of the code below)
nixpkgs.lib.attrsets.mapAttrsToList (
name: sp-module:
args@{ config, pkgs, ... }:
let
lib = nixpkgs.lib;
configPathsNeeded =
sp-module.configPathsNeeded or (abort "allowed config paths not set for module \"${name}\"");
constrainConfigArgs =
args'@{ pkgs, ... }:
args'
// {
config =
# TODO use lib.attrsets.mergeAttrsList from nixpkgs 23.05
(
builtins.foldl' lib.attrsets.recursiveUpdate { } (
map (p: lib.attrsets.setAttrByPath p (lib.attrsets.getAttrFromPath p config)) configPathsNeeded
)
);
};
constrainImportsArgsRecursive = lib.attrsets.mapAttrsRecursive (
p: v:
TODO notes: flake: config contrain algorithm
2023-11-15 20:18:45 +04:00
# TODO traverse only imports and imports of imports, etc
# without traversing all attributes
style: format tree
2025-06-18 19:53:44 +03:00
if lib.lists.last p == "imports" then
map (
m:
(
args'@{ pkgs, ... }:
constrainImportsArgsRecursive (
if builtins.isPath m then
import m (constrainConfigArgs args')
else if builtins.isFunction m then
m (constrainConfigArgs args')
fix config attributes contrain mechanism for SP modules Now it should work for all nested imports too. `imports` are traversed recursively to redefine each imported module function with altered one, constraining its config attribute (respecting config-paths-needed.json).
2023-11-15 04:15:50 +04:00
else
style: format tree
2025-06-18 19:53:44 +03:00
m
)
fix config attributes contrain mechanism for SP modules Now it should work for all nested imports too. `imports` are traversed recursively to redefine each imported module function with altered one, constraining its config attribute (respecting config-paths-needed.json).
2023-11-15 04:15:50 +04:00
)
style: format tree
2025-06-18 19:53:44 +03:00
) v
else
v
);
in
constrainImportsArgsRecursive (sp-module.nixosModules.default (constrainConfigArgs args))
) sp-modules;
};
test
2023-07-15 16:52:46 +04:00
};
style: format tree
2025-06-18 19:53:44 +03:00
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
};
test
2023-07-15 16:52:46 +04:00
}
Reference in New Issue Copy Permalink