forked from jan-leila/nix-config
moved modules into host-modules
This commit is contained in:
parent
755c7f0e3a
commit
a755b9ff48
10 changed files with 5 additions and 5 deletions
|
|
@ -1,9 +0,0 @@
|
|||
{...}: {
|
||||
imports = [
|
||||
./system.nix
|
||||
./hardware.nix
|
||||
./users.nix
|
||||
./desktop.nix
|
||||
./nix-development.nix
|
||||
];
|
||||
}
|
||||
|
|
@ -1,58 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
options.host.desktop.enable = lib.mkEnableOption "should desktop configuration be enabled";
|
||||
|
||||
config = lib.mkMerge [
|
||||
{
|
||||
host.desktop.enable = lib.mkDefault true;
|
||||
}
|
||||
(lib.mkIf config.host.desktop.enable {
|
||||
services = {
|
||||
# Enable CUPS to print documents.
|
||||
printing.enable = true;
|
||||
|
||||
xserver = {
|
||||
# Enable the X11 windowing system.
|
||||
enable = true;
|
||||
|
||||
# Enable the GNOME Desktop Environment.
|
||||
displayManager.gdm.enable = true;
|
||||
desktopManager = {
|
||||
gnome.enable = true;
|
||||
};
|
||||
|
||||
# Get rid of xTerm
|
||||
desktopManager.xterm.enable = false;
|
||||
excludePackages = [pkgs.xterm];
|
||||
};
|
||||
|
||||
pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
|
||||
# If you want to use JACK applications, uncomment this
|
||||
#jack.enable = true;
|
||||
|
||||
# use the example session manager (no others are packaged yet so this is enabled by default,
|
||||
# no need to redefine it in your config for now)
|
||||
#media-session.enable = true;
|
||||
};
|
||||
automatic-timezoned = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Enable sound with pipewire.
|
||||
hardware.pulseaudio.enable = false;
|
||||
|
||||
# enable RealtimeKit for pulse audio
|
||||
security.rtkit.enable = true;
|
||||
})
|
||||
];
|
||||
}
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
{lib, ...}: {
|
||||
options.host.hardware = {
|
||||
piperMouse = {
|
||||
enable = lib.mkEnableOption "host has a piper mouse";
|
||||
};
|
||||
viaKeyboard = {
|
||||
enable = lib.mkEnableOption "host has a via keyboard";
|
||||
};
|
||||
openRGB = {
|
||||
enable = lib.mkEnableOption "host has open rgb hardware";
|
||||
};
|
||||
graphicsAcceleration = {
|
||||
enable = lib.mkEnableOption "host has a gpu for graphical acceleration";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}: {
|
||||
options.host.nix-development.enable = lib.mkEnableOption "should desktop configuration be enabled";
|
||||
|
||||
config = lib.mkMerge [
|
||||
{
|
||||
host.nix-development.enable = lib.mkDefault true;
|
||||
}
|
||||
(lib.mkIf config.host.nix-development.enable {
|
||||
nix = {
|
||||
nixPath = ["nixpkgs=${inputs.nixpkgs}"];
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
# nix langauge server
|
||||
nixd
|
||||
];
|
||||
})
|
||||
];
|
||||
}
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
{...}: {
|
||||
nix = {
|
||||
settings = {
|
||||
experimental-features = ["nix-command" "flakes"];
|
||||
};
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 7d";
|
||||
};
|
||||
optimise = {
|
||||
automatic = true;
|
||||
dates = ["weekly"];
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
openssh = {
|
||||
enable = true;
|
||||
ports = [22];
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
UseDns = true;
|
||||
X11Forwarding = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1,340 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
inputs,
|
||||
...
|
||||
}: let
|
||||
SOPS_AGE_KEY_DIRECTORY = import ../const/sops_age_key_directory.nix;
|
||||
|
||||
host = config.host;
|
||||
|
||||
hostUsers = host.hostUsers;
|
||||
principleUsers = host.principleUsers;
|
||||
terminalUsers = host.terminalUsers;
|
||||
# normalUsers = host.normalUsers;
|
||||
|
||||
uids = {
|
||||
leyla = 1000;
|
||||
ester = 1001;
|
||||
eve = 1002;
|
||||
jellyfin = 2000;
|
||||
forgejo = 2002;
|
||||
pihole = 2003;
|
||||
hass = 2004;
|
||||
headscale = 2005;
|
||||
nextcloud = 2006;
|
||||
};
|
||||
|
||||
gids = {
|
||||
leyla = 1000;
|
||||
ester = 1001;
|
||||
eve = 1002;
|
||||
users = 100;
|
||||
jellyfin_media = 2001;
|
||||
jellyfin = 2000;
|
||||
forgejo = 2002;
|
||||
pihole = 2003;
|
||||
hass = 2004;
|
||||
headscale = 2005;
|
||||
nextcloud = 2006;
|
||||
};
|
||||
|
||||
users = config.users.users;
|
||||
leyla = users.leyla.name;
|
||||
ester = users.ester.name;
|
||||
eve = users.eve.name;
|
||||
in {
|
||||
options.host = {
|
||||
users = lib.mkOption {
|
||||
type = lib.types.attrsOf (lib.types.submodule ({
|
||||
config,
|
||||
name,
|
||||
...
|
||||
}: {
|
||||
options = {
|
||||
name = lib.mkOption {
|
||||
type = lib.types.string;
|
||||
default = name;
|
||||
description = ''
|
||||
What should this users name on the system be
|
||||
'';
|
||||
defaultText = lib.literalExpression "config.host.users.\${name}.name";
|
||||
};
|
||||
isPrincipleUser = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
User should be configured as root and have ssh access
|
||||
'';
|
||||
defaultText = lib.literalExpression "config.host.users.\${name}.isPrincipleUser";
|
||||
};
|
||||
isDesktopUser = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
User should install their desktop applications
|
||||
'';
|
||||
defaultText = lib.literalExpression "config.host.users.\${name}.isDesktopUser";
|
||||
};
|
||||
isTerminalUser = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
User should install their terminal applications
|
||||
'';
|
||||
defaultText = lib.literalExpression "config.host.users.\${name}.isTerminalUser";
|
||||
};
|
||||
isNormalUser = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.isDesktopUser || config.isTerminalUser;
|
||||
description = ''
|
||||
User should install their applications
|
||||
'';
|
||||
defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser";
|
||||
};
|
||||
};
|
||||
}));
|
||||
};
|
||||
hostUsers = lib.mkOption {
|
||||
default = lib.attrsets.mapAttrsToList (_: user: user) host.users;
|
||||
};
|
||||
principleUsers = lib.mkOption {
|
||||
default = lib.lists.filter (user: user.isPrincipleUser) hostUsers;
|
||||
};
|
||||
normalUsers = lib.mkOption {
|
||||
default = lib.lists.filter (user: user.isTerminalUser) hostUsers;
|
||||
};
|
||||
terminalUsers = lib.mkOption {
|
||||
default = lib.lists.filter (user: user.isNormalUser) hostUsers;
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
assertions =
|
||||
(
|
||||
builtins.map (user: {
|
||||
assertion = !(user.isPrincipleUser && !user.isNormalUser);
|
||||
message = ''
|
||||
Non normal user ${user.name} can not be a principle user.
|
||||
'';
|
||||
})
|
||||
hostUsers
|
||||
)
|
||||
++ [
|
||||
{
|
||||
assertion = (builtins.length principleUsers) > 0;
|
||||
message = ''
|
||||
At least one user must be a principle user.
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
# principle users are by definition trusted
|
||||
nix.settings.trusted-users = builtins.map (user: user.name) principleUsers;
|
||||
|
||||
# we should only be able to ssh into principle users of a computer who are also set up for terminal access
|
||||
services.openssh.settings.AllowUsers = builtins.map (user: user.name) (lib.lists.intersectLists terminalUsers principleUsers);
|
||||
|
||||
# we need to set up env variables to nix can find keys to decrypt passwords on rebuild
|
||||
environment = {
|
||||
sessionVariables = {
|
||||
SOPS_AGE_KEY_DIRECTORY = SOPS_AGE_KEY_DIRECTORY;
|
||||
SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt";
|
||||
};
|
||||
};
|
||||
|
||||
# set up user passwords
|
||||
sops = {
|
||||
defaultSopsFormat = "yaml";
|
||||
gnupg.sshKeyPaths = [];
|
||||
|
||||
age = {
|
||||
keyFile = "/var/lib/sops-nix/key.txt";
|
||||
sshKeyPaths = [];
|
||||
# generateKey = true;
|
||||
};
|
||||
|
||||
secrets = {
|
||||
"passwords/leyla" = {
|
||||
neededForUsers = true;
|
||||
sopsFile = "${inputs.secrets}/user-passwords.yaml";
|
||||
};
|
||||
"passwords/ester" = {
|
||||
neededForUsers = true;
|
||||
sopsFile = "${inputs.secrets}/user-passwords.yaml";
|
||||
};
|
||||
"passwords/eve" = {
|
||||
neededForUsers = true;
|
||||
sopsFile = "${inputs.secrets}/user-passwords.yaml";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
users = {
|
||||
mutableUsers = false;
|
||||
users = {
|
||||
leyla = {
|
||||
uid = lib.mkForce uids.leyla;
|
||||
name = lib.mkForce host.users.leyla.name;
|
||||
description = "Leyla";
|
||||
extraGroups =
|
||||
(lib.lists.optionals host.users.leyla.isNormalUser ["networkmanager"])
|
||||
++ (lib.lists.optionals host.users.leyla.isPrincipleUser ["wheel" "dialout"])
|
||||
++ (lib.lists.optionals host.users.leyla.isDesktopUser ["adbusers"]);
|
||||
hashedPasswordFile = config.sops.secrets."passwords/leyla".path;
|
||||
isNormalUser = host.users.leyla.isNormalUser;
|
||||
isSystemUser = !host.users.leyla.isNormalUser;
|
||||
group = config.users.users.leyla.name;
|
||||
};
|
||||
|
||||
ester = {
|
||||
uid = lib.mkForce uids.ester;
|
||||
name = lib.mkForce host.users.ester.name;
|
||||
description = "Ester";
|
||||
extraGroups = lib.optionals host.users.ester.isNormalUser ["networkmanager"];
|
||||
hashedPasswordFile = config.sops.secrets."passwords/ester".path;
|
||||
isNormalUser = host.users.ester.isNormalUser;
|
||||
isSystemUser = !host.users.ester.isNormalUser;
|
||||
group = config.users.users.ester.name;
|
||||
};
|
||||
|
||||
eve = {
|
||||
uid = lib.mkForce uids.eve;
|
||||
name = lib.mkForce host.users.eve.name;
|
||||
description = "Eve";
|
||||
extraGroups = lib.optionals host.users.eve.isNormalUser ["networkmanager"];
|
||||
hashedPasswordFile = config.sops.secrets."passwords/eve".path;
|
||||
isNormalUser = host.users.eve.isNormalUser;
|
||||
isSystemUser = !host.users.eve.isNormalUser;
|
||||
group = config.users.users.eve.name;
|
||||
};
|
||||
|
||||
jellyfin = {
|
||||
uid = lib.mkForce uids.jellyfin;
|
||||
isSystemUser = true;
|
||||
group = config.users.users.jellyfin.name;
|
||||
};
|
||||
|
||||
forgejo = {
|
||||
uid = lib.mkForce uids.forgejo;
|
||||
isSystemUser = true;
|
||||
group = config.users.users.forgejo.name;
|
||||
};
|
||||
|
||||
pihole = {
|
||||
uid = lib.mkForce uids.pihole;
|
||||
isSystemUser = true;
|
||||
group = config.users.users.pihole.name;
|
||||
};
|
||||
|
||||
hass = {
|
||||
uid = lib.mkForce uids.hass;
|
||||
isSystemUser = true;
|
||||
group = config.users.users.hass.name;
|
||||
};
|
||||
|
||||
headscale = {
|
||||
uid = lib.mkForce uids.headscale;
|
||||
isSystemUser = true;
|
||||
group = config.users.users.headscale.name;
|
||||
};
|
||||
|
||||
nextcloud = {
|
||||
uid = lib.mkForce uids.nextcloud;
|
||||
isSystemUser = true;
|
||||
group = config.users.users.nextcloud.name;
|
||||
};
|
||||
};
|
||||
|
||||
groups = {
|
||||
leyla = {
|
||||
gid = lib.mkForce gids.leyla;
|
||||
members = [
|
||||
leyla
|
||||
];
|
||||
};
|
||||
|
||||
ester = {
|
||||
gid = lib.mkForce gids.ester;
|
||||
members = [
|
||||
ester
|
||||
];
|
||||
};
|
||||
|
||||
eve = {
|
||||
gid = lib.mkForce gids.eve;
|
||||
members = [
|
||||
eve
|
||||
];
|
||||
};
|
||||
|
||||
users = {
|
||||
gid = lib.mkForce gids.users;
|
||||
members = [
|
||||
leyla
|
||||
ester
|
||||
eve
|
||||
];
|
||||
};
|
||||
|
||||
jellyfin_media = {
|
||||
gid = lib.mkForce gids.jellyfin_media;
|
||||
members = [
|
||||
users.jellyfin.name
|
||||
leyla
|
||||
ester
|
||||
eve
|
||||
];
|
||||
};
|
||||
|
||||
jellyfin = {
|
||||
gid = lib.mkForce gids.jellyfin;
|
||||
members = [
|
||||
users.jellyfin.name
|
||||
# leyla
|
||||
];
|
||||
};
|
||||
|
||||
forgejo = {
|
||||
gid = lib.mkForce gids.forgejo;
|
||||
members = [
|
||||
users.forgejo.name
|
||||
# leyla
|
||||
];
|
||||
};
|
||||
|
||||
pihole = {
|
||||
gid = lib.mkForce gids.pihole;
|
||||
members = [
|
||||
users.pihole.name
|
||||
# leyla
|
||||
];
|
||||
};
|
||||
|
||||
hass = {
|
||||
gid = lib.mkForce gids.hass;
|
||||
members = [
|
||||
users.hass.name
|
||||
# leyla
|
||||
];
|
||||
};
|
||||
|
||||
headscale = {
|
||||
gid = lib.mkForce gids.headscale;
|
||||
members = [
|
||||
users.headscale.name
|
||||
# leyla
|
||||
];
|
||||
};
|
||||
|
||||
nextcloud = {
|
||||
gid = lib.mkForce gids.nextcloud;
|
||||
members = [
|
||||
users.nextcloud.name
|
||||
# leyla
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue