From c31fb8b184df21662f6cae2dfe3e07167a32a799 Mon Sep 17 00:00:00 2001 From: Minijackson Date: Thu, 3 Oct 2019 17:56:17 +0200 Subject: nixos conf examples, how to override them and embedded usecase --- .gitignore | 3 ++ res/cross-build-1.nix | 44 +++++++++++++++++ res/cross-build-2.nix | 46 ++++++++++++++++++ slides.md | 132 ++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 225 insertions(+) create mode 100644 res/cross-build-1.nix create mode 100644 res/cross-build-2.nix diff --git a/.gitignore b/.gitignore index 429e1c9..ec9d5bb 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,5 @@ *.sty /slides.pdf + +result +result-* diff --git a/res/cross-build-1.nix b/res/cross-build-1.nix new file mode 100644 index 0000000..0598129 --- /dev/null +++ b/res/cross-build-1.nix @@ -0,0 +1,44 @@ +{ nixpkgs ? import , ... }: + +let + pkgs = nixpkgs { + config = { }; + # https://github.com/NixOS/nixpkgs/blob/master/lib/systems/examples.nix + crossSystem = { + config = "armv7l-unknown-linux-gnueabihf"; + }; + #overlays = [ (import ./overlay.nix) ]; + }; + + config = { ... }: + { + environment.noXlibs = true; + documentation.enable = false; + + # btrfs-progs fails to build + services.udisks2.enable = false; + + fonts.fontconfig.enable = false; + + nixpkgs.overlays = with pkgs.lib; singleton (const (super: { + polkit = super.polkit.override { withGnome = false; }; + + # pkcs11 needs opensc which depends on libXt? which fails to build and is X library + rng-tools = super.rng-tools.override { withPkcs11 = false; }; + + nix = super.nix.override { withAWS = false; }; + })); + + fileSystems."/".fsType = "tmpfs"; + + boot = { + loader.grub.enable = false; + enableContainers = false; + hardwareScan = false; + }; + + powerManagement.enable = false; + }; + +in + pkgs.nixos config diff --git a/res/cross-build-2.nix b/res/cross-build-2.nix new file mode 100644 index 0000000..7225964 --- /dev/null +++ b/res/cross-build-2.nix @@ -0,0 +1,46 @@ +# This one is much better than the first +# +# TODO: get `nix build -f cross-build-2.nix vm` to work + +{ nixos ? import , ... }: + +let + # https://github.com/NixOS/nixpkgs/blob/master/lib/systems/examples.nix + target = "armv7l-unknown-linux-gnueabihf"; + + configuration = { lib, ... }: + { + nixpkgs.crossSystem = lib.systems.elaborate { config = target; }; + nixpkgs.overlays = with lib; singleton (const (super: { + polkit = super.polkit.override { withGnome = false; }; + + # pkcs11 needs opensc which depends on libXt? which fails to build and is X library + rng-tools = super.rng-tools.override { withPkcs11 = false; }; + + nix = super.nix.override { withAWS = false; }; + + gobject-introspection = super.callPackage /tmp/gobject-introspection.nix { inherit (darwin) cctools; }; + })); + + + environment.noXlibs = true; + documentation.enable = false; + + # btrfs-progs fails to build + services.udisks2.enable = false; + + fonts.fontconfig.enable = false; + + fileSystems."/".fsType = "tmpfs"; + + boot = { + loader.grub.enable = false; + enableContainers = false; + hardwareScan = false; + }; + + powerManagement.enable = false; + }; + +in + nixos { inherit configuration; } diff --git a/slides.md b/slides.md index f190e85..9d8774b 100644 --- a/slides.md +++ b/slides.md @@ -517,6 +517,10 @@ echo 'Hello, World!' ::: +## Overlays + +TODO + ## Using different versions of the same package---Generic ```bash @@ -770,6 +774,114 @@ Introducing: the module system! ::: +## More examples + +```nix +{ ... }: +{ + systemd.services.myService = { + description = "My really awesome service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + ExecStart = "${myPackage}/bin/myExec"; + DynamicUser = true; + }; + }; +} +``` + +::: notes + +- In the previous example, the openssh module created a systemd service for us. + Now we create or own systemd service. +- In fact the openssh module will (in part) "modify" the systemd module. +- And in turn, the systemd module will "modify" the module that sets up `/etc`. +- There is no defined "order" / "hierarchy" of modules, the laziness of the Nix + language permits that (this can theoretically lead to infinite loops). +- So really, the Nix language does this in reverse (activation script -> `/etc` + -> systemd -> openssh -> maybe higher level concepts) + + +::: + +## Moaaar examples + +```nix +{ ... }: +{ + containers = { + myContainer = { + config = { ... }: { services.postgresql.enable = true; }; + }; + myOtherContainer = { + config = { ... }: { services.nginx.enable = true; }; + forwardPorts = [ + { containerPort = 80; hostPort = 8080; protocol = "tcp"; } + ]; + }; + }; +} +``` + +## Composition + +```nix +{ ... }: +{ + imports = [ + ./hardware-configuration.nix + ./usecases/ssh-server.nix + ./usecases/web-interface.nix + ]; +} +``` + +## "Overridability"---Provided + +```nix +{ ... }: +{ + hardware.bluetooth = { + enable = true; + package = myBluezFork; + }; +} +``` + +## "Overridability"---Forced + +```nix +{ lib, ... }: +{ + services.unbound.enable = true; + # These tricks are done by "professionals". + # Don't try this at home + systemd.services.unbound.serviceConfig.ProtectSystem = + lib.mkForce false; +} +``` + +## "Overridability"---Commando mode + +```nix +{ ... }: +{ + nixpkgs.overlays = [ (self: super: { + bluez = myBluezFork; + } ) ]; +} +``` + +Otherwise, you can just copy and edit the official module file. + +::: notes + +- Changing things in overlays also changes packages dependencies, which in the + case of Bluez, there are quite a lot. + +::: + ## Assertions ``` @@ -780,6 +892,26 @@ Failed assertions: # The embedded world +## Proper project structure + + + +```nix +{ ... }: +{ + imports = [ + + + ]; +} +``` + +``` +$ nix build -f default.nix \ + -I machine=./machines/MY_BOARD \ + -I image=./images/MY_CONFIGURATION +``` + ## TODO - [x] Use good Markdown / Beamer template -- cgit v1.2.3