nix-community · MagicRB · Dec 26, 2024 · Dec 26, 2024 · Dec 26, 2024 · Dec 26, 2024
diff --git a/examples/default.nix b/examples/default.nix
@@ -12,11 +12,36 @@
   nixng,
 }:
 let
+  modifiedMakeSystem =
+    {
+      config ? { },
+      specialArgs ? { },
+      ...
+    }@args:
+    nglib.makeSystem (
+      args
+      // {
+        config = {
+          nixos.acceptRisks = "I accept the risks";
+
+          imports = [ config ];
+        };
+        specialArgs = specialArgs // {
+          __enableExperimentalNixOSCompatibility = true;
+        };
+      }
+    );
+
+  modifiedNglib = nglib // {
+    makeSystem = modifiedMakeSystem;
+  };
+
   examples = {
     "gitea" = ./gitea;
     "gitea-sane" = ./gitea/sane.nix;
     "apache" = ./apache;
     "nginx" = ./nginx;
+    "nginx-nixos" = ./nginx-nixos;
     "crond" = ./crond;
     "nix" = ./nix;
     "hydra" = ./hydra;
@@ -33,4 +58,10 @@ let
     "ntfy-sh" = ./ntfy-sh;
   };
 in
-nixpkgs.lib.mapAttrs (_: v: import v { inherit nixpkgs nglib nixng; }) examples
+nixpkgs.lib.mapAttrs (
+  _: v:
+  import v {
+    inherit nixpkgs nixng;
+    nglib = modifiedNglib;
+  }
+) examples
diff --git a/examples/nginx-nixos/default.nix b/examples/nginx-nixos/default.nix
@@ -0,0 +1,41 @@
+# SPDX-FileCopyrightText:  2021 Richard Brežák and NixNG contributors
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+#   This Source Code Form is subject to the terms of the Mozilla Public
+#   License, v. 2.0. If a copy of the MPL was not distributed with this
+#   file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+{ nglib, nixpkgs, ... }:
+nglib.makeSystem {
+  inherit nixpkgs;
+  system = "x86_64-linux";
+  name = "nixng-nginx-nixos";
+  config = (
+    { pkgs, config, ... }:
+    {
+      config = {
+        dinit = {
+          enable = true;
+        };
+
+        init.services.nginx = {
+          shutdownOnExit = true;
+          ensureSomething.link."documentRoot" = {
+            src = "${pkgs.apacheHttpd}/htdocs";
+            dst = "/var/www";
+          };
+        };
+
+        nixos.services.nginx = {
+          enable = true;
+          virtualHosts."example.org" = {
+            locations."/" = {
+              proxyPass = "google.com";
+            };
+          };
+        };
+      };
+    }
+  );
+}
diff --git a/lib/dag.nix b/lib/dag.nix
@@ -6,7 +6,7 @@
 #   License, v. 2.0. If a copy of the MPL was not distributed with this
 #   file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-{ lib }:
+{ lib, ... }:
 import (builtins.fetchurl {
   url = "https://raw.githubusercontent.com/nix-community/home-manager/45abf3d38a2b51c00c347cab6950f3734e023bba/modules/lib/dag.nix";
   sha256 = "sha256-NN9iKanf86D1MH9Nx8nsQj9T2+Poy9XeW9pLcZIyFHU=";

diff --git a/lib/default.nix b/lib/default.nix
@@ -1,13 +1,15 @@
 lib:
-let
-  inherit (lib) types;
-  this = {
-    makeSystem = import ./make-system.nix {
-      nglib = this;
-      overlay = import ../overlay;
+lib.fix (
+  nglib:
+  let
+    overlay = import ../overlay;
+    args = {
+      inherit lib nglib overlay;
     };
-    dag = import ./dag.nix { inherit lib; };
-    generators = import ./generators.nix { inherit lib; };
+  in
+  {
+    dag = import ./dag.nix args;
+    generators = import ./generators.nix args;
     mkDefaultRec = lib.mapAttrsRecursive (_: v: lib.mkDefault v);
     mkApply = fun: x: {
       original = x;
@@ -18,31 +20,31 @@ let
       description:
       lib.mkOption {
         inherit description;
-        type = types.attrsOf (
-          types.submodule {
+        type = lib.types.attrsOf (
+          lib.types.submodule {
             options = {
               data = lib.mkOption {
                 description = ''
                   Script fragment which to run.
                 '';
-                type = types.str;
+                type = lib.types.str;
               };
               before = lib.mkOption {
                 description = ''
                   Script before dependencies. See <literal>/lib/dag.nix</literal>.
                 '';
-                type = with types; listOf str;
+                type = lib.types.listOf lib.types.str;
               };
               after = lib.mkOption {
                 description = ''
                   Script after dependencies. See <literal>/lib/dag.nix</literal>
                 '';
-                type = with types; listOf str;
+                type = lib.types.listOf lib.types.str;
               };
             };
           }
         );
-        apply = this.dag.dagTopoSort;
+        apply = nglib.dag.dagTopoSort;
         default = { };
       };
 
@@ -63,18 +65,34 @@ let
         '') fragments
       )}
     '';
-
-    nottmpfiles = import ./nottmpfiles {
-      inherit lib;
-      nglib = this;
-    };
+    nottmpfiles = import ./nottmpfiles args;
 
     maybeChangeUserAndGroup =
       user: group: script:
       if user != null then
         "chpst -u ${user}${lib.optionalString (group != null) ":${group}"} ${script}"
       else
         script;
-  };
-in
-this
+
+    errorExperimentalNixOS =
+      config:
+      lib.throwIfNot (config.nixos.acceptRisks == "I accept the risks") ''
+        NixOS module compatibility is highly experimental, severely unfinished and most definitely has
+        functional and security bugs. Unless you know what you're doing and are willing to accept the risks
+        reconsider it's usage. To signify you are aware of these risks, set the option
+        `config.nixos.acceptRisks` to `"I accept the risks"`.
+
+        If you run into any of the aforementioned deficiencies please reach out on Matrix at
+        `#nixng:matrix.redalder.org`.
+      '';
+
+    inherit (import ./options.nix args)
+      mkUserOption
+      mkGroupOption
+      mkOptionsEqual
+      getOptionFromPath
+      ;
+
+    makeSystem = import ./make-system.nix { inherit lib nglib overlay; };
+  }
+)
diff --git a/lib/generators.nix b/lib/generators.nix
@@ -6,7 +6,7 @@
 #   License, v. 2.0. If a copy of the MPL was not distributed with this
 #   file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-{ lib }:
+{ lib, ... }:
 let
   inherit (lib)
     isAttrs

diff --git a/lib/make-system.nix b/lib/make-system.nix
@@ -7,7 +7,7 @@
 #   file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 # These arguments are provided by the overarching NixNG repository and are not user confugurable.
-{ nglib, overlay }:
+{ nglib, overlay, ... }:
 # These arguments are user configurable
 {
   nixpkgs,
@@ -24,6 +24,8 @@ let
   evaledModules = evalModules {
     specialArgs = specialArgs // {
       inherit nglib;
+      __enableExperimentalNixOSCompatibility =
+        specialArgs.__enableExperimentalNixOSCompatibility or false;
     };
 
     modules =

diff --git a/lib/options.nix b/lib/options.nix
@@ -0,0 +1,56 @@
+{ lib, nglib, ... }:
+{
+  mkUserOption =
+    user: description:
+    lib.mkOption {
+      inherit description;
+      type = lib.types.str;
+      default = user;
+    };
+
+  mkGroupOption =
+    group: description:
+    lib.mkOption {
+      inherit description;
+      type = lib.types.str;
+      default = group;
+    };
+
+  getOptionFromPath =
+    path: options:
+    let
+      getOptionFromPath' =
+        pathLeft: pathRight: subtree:
+        if pathRight == [ ] then
+          subtree
+        else
+          let
+            newSubtree = (
+              subtree.${lib.head pathRight} or (lib.evalModules {
+                modules = subtree.type.getSubModules ++ subtree.definitions;
+                inherit (subtree.type.functor.payload) class specialArgs;
+              }).options.${lib.head pathRight}
+              or (abort ("cannot find option '" + lib.concatStringsSep "." path + "'"))
+            );
+          in
+          getOptionFromPath' (pathLeft ++ [ (lib.head pathRight) ]) (lib.tail pathRight) newSubtree;
+    in
+    getOptionFromPath' [ ] path options;
+
+  mkOptionsEqual =
+    to: from: mapper:
+    { config, options, ... }:
+    let
+      fromOpt = nglib.getOptionFromPath from options;
+      toOpt = nglib.getOptionFromPath to options;
+
+      prio = fromOpt.highestPrio or lib.defaultOverridePriority;
+      defsWithPrio = map (def: lib.mkOverride prio (mapper def)) fromOpt.definitions;
+    in
+    {
+      config = lib.attrsets.setAttrByPath to (lib.mkMerge defsWithPrio);
+      options = lib.attrsets.setAttrByPath from (
+        lib.mkOption { apply = x: lib.attrsets.getAttrFromPath to config; }
+      );
+    };
+}
diff --git a/modules/list.nix b/modules/list.nix
@@ -50,4 +50,6 @@
   ./services/dnsmasq.nix
   ./services/attic.nix
   ./services/ntfy-sh.nix
+
+  ./nixos
 ]
diff --git a/modules/nixos/assertions.nix b/modules/nixos/assertions.nix
@@ -0,0 +1,16 @@
+{
+  config,
+  lib,
+  nglib,
+  ...
+}:
+{
+  options.nixos = lib.mkOption { type = lib.types.submodule { imports = [ ../assertions.nix ]; }; };
+
+  imports = [
+    (nglib.mkOptionsEqual [ "assertions" ] [
+      "nixos"
+      "assertions"
+    ] lib.id)
+  ];
+}
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
@@ -0,0 +1,55 @@
+{
+  lib,
+  pkgs,
+  config,
+  __enableExperimentalNixOSCompatibility,
+  ...
+}:
+{
+  imports = lib.optionals __enableExperimentalNixOSCompatibility ([
+    ./systemd.nix
+    ./nginx.nix
+    ./users.nix
+    ./postgresql.nix
+    ./assertions.nix
+    ./oauth2-proxy.nix
+    ./nix.nix
+    ./meta.nix
+    ./networking.nix
+  ]);
+
+  options.nixos = lib.mkOption {
+    type = lib.types.submodule {
+      options = {
+        acceptRisks = lib.mkOption {
+          visible = false;
+          description = ''
+            This is an invisible option, intention is for the user to hit the scary warning first
+            and only then learn of this option and declare acceptance of the risks.
+          '';
+          type = lib.types.str;
+          default = "I don't know of the risks";
+        };
+      };
+      config._module.args = {
+        inherit pkgs;
+      };
+    };
+    default = { };
+  };
+
+  config.assertions = lib.optionals __enableExperimentalNixOSCompatibility [
+    {
+      assertion = (config.nixos.acceptRisks == "I accept the risks");
+      message = ''
+        NixOS module compatibility is highly experimental, severely unfinished and most definitely has
+        functional and security bugs. Unless you know what you're doing and are willing to accept the risks
+        reconsider it's usage. To signify you are aware of these risks, set the option
+        `config.nixos.acceptRisks` to `"I accept the risks"`.
+
+        If you run into any of the aforementioned deficiencies please reach out on Matrix at
+        `#nixng:matrix.redalder.org`.
+      '';
+    }
+  ];
+}
diff --git a/modules/nixos/meta.nix b/modules/nixos/meta.nix
@@ -0,0 +1,6 @@
+{ lib, ... }:
+{
+  options = {
+    nixos.meta = lib.mkOption { type = lib.types.unspecified; };
+  };
+}
diff --git a/modules/nixos/networking.nix b/modules/nixos/networking.nix
@@ -0,0 +1,13 @@
+{ lib, config, ... }:
+{
+  options = {
+    nixos.networking.hostName = lib.mkOption {
+      type = lib.types.str;
+      description = ''
+        Machine hostname, this has currently no effect on NixNG and is completely
+        local to the NixOS compatibility layer.
+      '';
+      default = "unnamed";
+    };
+  };
+}