nixos conf examples, how to override them and embedded usecase

4 files changed, 225 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index 429e1c9..ec9d5bb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,5 @@
 *.sty
 /slides.pdf
+
+result
+result-*
diff --git a/res/cross-build-1.nix b/res/cross-build-1.nix
new file mode 100644
index 0000000..0598129
--- /dev/null
+++ b/res/cross-build-1.nix
@@ -0,0 +1,44 @@
+{ nixpkgs ? import <unstable>, ... }:
+
+let
+  pkgs = nixpkgs {
+    config = { };
+    # https://github.com/NixOS/nixpkgs/blob/master/lib/systems/examples.nix
+    crossSystem = {
+      config = "armv7l-unknown-linux-gnueabihf";
+    };
+    #overlays = [ (import ./overlay.nix) ];
+  };
+
+  config = { ... }:
+  {
+    environment.noXlibs = true;
+    documentation.enable = false;
+
+    # btrfs-progs fails to build
+    services.udisks2.enable = false;
+
+    fonts.fontconfig.enable = false;
+
+    nixpkgs.overlays = with pkgs.lib; singleton (const (super: {
+      polkit = super.polkit.override { withGnome = false; };
+
+      # pkcs11 needs opensc which depends on libXt? which fails to build and is X library
+      rng-tools = super.rng-tools.override { withPkcs11 = false; };
+
+      nix = super.nix.override { withAWS = false; };
+    }));
+
+    fileSystems."/".fsType = "tmpfs";
+
+    boot = {
+      loader.grub.enable = false;
+      enableContainers = false;
+      hardwareScan = false;
+    };
+
+    powerManagement.enable = false;
+  };
+
+in
+  pkgs.nixos config
diff --git a/res/cross-build-2.nix b/res/cross-build-2.nix
new file mode 100644
index 0000000..7225964
--- /dev/null
+++ b/res/cross-build-2.nix
@@ -0,0 +1,46 @@
+# This one is much better than the first
+#
+# TODO: get `nix build -f cross-build-2.nix vm` to work
+
+{ nixos ? import <unstable/nixos>, ... }:
+
+let
+  # https://github.com/NixOS/nixpkgs/blob/master/lib/systems/examples.nix
+  target = "armv7l-unknown-linux-gnueabihf";
+
+  configuration = { lib, ... }:
+  {
+    nixpkgs.crossSystem = lib.systems.elaborate { config = target; };
+    nixpkgs.overlays = with lib; singleton (const (super: {
+      polkit = super.polkit.override { withGnome = false; };
+
+      # pkcs11 needs opensc which depends on libXt? which fails to build and is X library
+      rng-tools = super.rng-tools.override { withPkcs11 = false; };
+
+      nix = super.nix.override { withAWS = false; };
+
+      gobject-introspection = super.callPackage /tmp/gobject-introspection.nix { inherit (darwin) cctools; };
+    }));
+
+
+    environment.noXlibs = true;
+    documentation.enable = false;
+
+    # btrfs-progs fails to build
+    services.udisks2.enable = false;
+
+    fonts.fontconfig.enable = false;
+
+    fileSystems."/".fsType = "tmpfs";
+
+    boot = {
+      loader.grub.enable = false;
+      enableContainers = false;
+      hardwareScan = false;
+    };
+
+    powerManagement.enable = false;
+  };
+
+in
+  nixos { inherit configuration; }
diff --git a/slides.md b/slides.md
index f190e85..9d8774b 100644
--- a/slides.md
+++ b/slides.md
@@ -517,6 +517,10 @@ echo 'Hello, World!'
 
 :::
 
+## Overlays
+
+TODO
+
 ## Using different versions of the same package---Generic
 
 ```bash
@@ -770,6 +774,114 @@ Introducing: the module system!
 
 :::
 
+## More examples
+
+```nix
+{ ... }:
+{
+  systemd.services.myService = {
+    description = "My really awesome service";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+    serviceConfig = {
+      ExecStart = "${myPackage}/bin/myExec";
+      DynamicUser = true;
+    };
+  };
+}
+```
+
+::: notes
+
+- In the previous example, the openssh module created a systemd service for us.
+  Now we create or own systemd service.
+- In fact the openssh module will (in part) "modify" the systemd module.
+- And in turn, the systemd module will "modify" the module that sets up `/etc`.
+- There is no defined "order" / "hierarchy" of modules, the laziness of the Nix
+  language permits that (this can theoretically lead to infinite loops).
+- So really, the Nix language does this in reverse (activation script -> `/etc`
+  -> systemd -> openssh -> maybe higher level concepts)
+
+
+:::
+
+## Moaaar examples
+
+```nix
+{ ... }:
+{
+  containers = {
+    myContainer = {
+      config = { ... }: { services.postgresql.enable = true; };
+    };
+    myOtherContainer = {
+      config = { ... }: { services.nginx.enable = true; };
+      forwardPorts = [
+        { containerPort = 80; hostPort = 8080; protocol = "tcp"; }
+      ];
+    };
+  };
+}
+```
+
+## Composition
+
+```nix
+{ ... }:
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./usecases/ssh-server.nix
+    ./usecases/web-interface.nix
+  ];
+}
+```
+
+## "Overridability"---Provided
+
+```nix
+{ ... }:
+{
+  hardware.bluetooth = {
+    enable = true;
+    package = myBluezFork;
+  };
+}
+```
+
+## "Overridability"---Forced
+
+```nix
+{ lib, ... }:
+{
+  services.unbound.enable = true;
+  # These tricks are done by "professionals".
+  # Don't try this at home
+  systemd.services.unbound.serviceConfig.ProtectSystem =
+    lib.mkForce false;
+}
+```
+
+## "Overridability"---Commando mode
+
+```nix
+{ ... }:
+{
+  nixpkgs.overlays = [ (self: super: {
+    bluez = myBluezFork;
+  } ) ];
+}
+```
+
+Otherwise, you can just copy and edit the official module file.
+
+::: notes
+
+- Changing things in overlays also changes packages dependencies, which in the
+  case of Bluez, there are quite a lot.
+
+:::
+
 ## Assertions
 
 ```
@@ -780,6 +892,26 @@ Failed assertions:
 
 # The embedded world
 
+## Proper project structure
+
+<https://github.com/illegalprime/nixos-on-arm>
+
+```nix
+{ ... }:
+{
+  imports = [
+    <machine>
+    <image>
+  ];
+}
+```
+
+```
+$ nix build -f default.nix \
+    -I machine=./machines/MY_BOARD \
+    -I image=./images/MY_CONFIGURATION
+```
+
 ## TODO
 
 - [x] Use good Markdown / Beamer template