diff --git a/configurations/darwin/hesperium/configuration.nix b/configurations/darwin/hesperium/configuration.nix new file mode 100644 index 0000000..08fc59f --- /dev/null +++ b/configurations/darwin/hesperium/configuration.nix @@ -0,0 +1,20 @@ +{...}: { + host = { + users = { + leyla = { + isDesktopUser = true; + isTerminalUser = true; + isPrincipleUser = true; + }; + ester = { + isPrincipleUser = true; + isNormalUser = true; + }; + eve.isNormalUser = false; + }; + }; + + system.stateVersion = 5; + + nixpkgs.hostPlatform = "aarch64-darwin"; +} diff --git a/configurations/darwin/hesperium/default.nix b/configurations/darwin/hesperium/default.nix index 6462967..220a6fb 100644 --- a/configurations/darwin/hesperium/default.nix +++ b/configurations/darwin/hesperium/default.nix @@ -1 +1,5 @@ -{...}: {} +{...}: { + imports = [ + ./configuration.nix + ]; +} diff --git a/modules/darwin-modules/default.nix b/modules/darwin-modules/default.nix index ddf2323..5f4447b 100644 --- a/modules/darwin-modules/default.nix +++ b/modules/darwin-modules/default.nix @@ -2,5 +2,7 @@ {...}: { imports = [ ./home-manager + ./users.nix + ./system.nix ]; } diff --git a/modules/darwin-modules/system.nix b/modules/darwin-modules/system.nix new file mode 100644 index 0000000..ee56162 --- /dev/null +++ b/modules/darwin-modules/system.nix @@ -0,0 +1,27 @@ +{self, ...}: { + system.configurationRevision = self.rev or self.dirtyRev or null; + + nix = { + gc = { + automatic = true; + interval = [ + { + Hour = 4; + Minute = 15; + Weekday = 7; + } + ]; + options = "--delete-older-than 7d"; + }; + optimise = { + automatic = true; + interval = [ + { + Hour = 4; + Minute = 15; + Weekday = 7; + } + ]; + }; + }; +} diff --git a/modules/darwin-modules/users.nix b/modules/darwin-modules/users.nix new file mode 100644 index 0000000..f0b55c0 --- /dev/null +++ b/modules/darwin-modules/users.nix @@ -0,0 +1,20 @@ +{ + lib, + config, + ... +}: let + host = config.host; +in { + users = { + users = { + leyla = { + name = lib.mkForce host.users.leyla.name; + home = lib.mkForce "/home/${host.users.leyla.name}"; + }; + ester = { + name = lib.mkForce host.users.ester.name; + home = lib.mkForce "/home/${host.users.ester.name}"; + }; + }; + }; +} diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 1414cf2..85e6c5a 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -6,7 +6,7 @@ ./hardware.nix ./users.nix ./desktop.nix - ./nix-development.nix + ./ssh.nix ./i18n.nix ]; } diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix new file mode 100644 index 0000000..0360cfc --- /dev/null +++ b/modules/nixos-modules/ssh.nix @@ -0,0 +1,13 @@ +{...}: { + services = { + openssh = { + enable = true; + ports = [22]; + settings = { + PasswordAuthentication = false; + UseDns = true; + X11Forwarding = false; + }; + }; + }; +} diff --git a/modules/nixos-modules/system.nix b/modules/nixos-modules/system.nix index 918c219..b839067 100644 --- a/modules/nixos-modules/system.nix +++ b/modules/nixos-modules/system.nix @@ -1,8 +1,5 @@ {...}: { nix = { - settings = { - experimental-features = ["nix-command" "flakes"]; - }; gc = { automatic = true; dates = "weekly"; @@ -13,16 +10,4 @@ dates = ["weekly"]; }; }; - - services = { - openssh = { - enable = true; - ports = [22]; - settings = { - PasswordAuthentication = false; - UseDns = true; - X11Forwarding = false; - }; - }; - }; } diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index e5a8a91..214ccd6 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -8,7 +8,6 @@ host = config.host; - hostUsers = host.hostUsers; principleUsers = host.principleUsers; terminalUsers = host.terminalUsers; # normalUsers = host.normalUsers; @@ -44,91 +43,7 @@ ester = users.ester.name; eve = users.eve.name; in { - options.host = { - users = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({ - config, - name, - ... - }: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - description = '' - What should this users name on the system be - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.name"; - }; - isPrincipleUser = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - User should be configured as root and have ssh access - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isPrincipleUser"; - }; - isDesktopUser = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - User should install their desktop applications - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isDesktopUser"; - }; - isTerminalUser = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - User should install their terminal applications - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isTerminalUser"; - }; - isNormalUser = lib.mkOption { - type = lib.types.bool; - default = config.isDesktopUser || config.isTerminalUser; - description = '' - User should install their applications and can log in - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser"; - }; - }; - })); - }; - hostUsers = lib.mkOption { - default = lib.attrsets.mapAttrsToList (_: user: user) host.users; - }; - principleUsers = lib.mkOption { - default = lib.lists.filter (user: user.isPrincipleUser) hostUsers; - }; - normalUsers = lib.mkOption { - default = lib.lists.filter (user: user.isTerminalUser) hostUsers; - }; - terminalUsers = lib.mkOption { - default = lib.lists.filter (user: user.isNormalUser) hostUsers; - }; - }; - config = { - assertions = - ( - builtins.map (user: { - assertion = !(user.isPrincipleUser && !user.isNormalUser); - message = '' - Non normal user ${user.name} can not be a principle user. - ''; - }) - hostUsers - ) - ++ [ - { - assertion = (builtins.length principleUsers) > 0; - message = '' - At least one user must be a principle user. - ''; - } - ]; - # principle users are by definition trusted nix.settings.trusted-users = builtins.map (user: user.name) principleUsers; diff --git a/modules/system-modules/default.nix b/modules/system-modules/default.nix index f6605ce..637b6b5 100644 --- a/modules/system-modules/default.nix +++ b/modules/system-modules/default.nix @@ -2,5 +2,8 @@ {...}: { imports = [ ./home-manager + ./system.nix + ./nix-development.nix + ./users.nix ]; } diff --git a/modules/nixos-modules/nix-development.nix b/modules/system-modules/nix-development.nix similarity index 100% rename from modules/nixos-modules/nix-development.nix rename to modules/system-modules/nix-development.nix diff --git a/modules/system-modules/system.nix b/modules/system-modules/system.nix new file mode 100644 index 0000000..f464835 --- /dev/null +++ b/modules/system-modules/system.nix @@ -0,0 +1,7 @@ +{...}: { + nix = { + settings = { + experimental-features = ["nix-command" "flakes"]; + }; + }; +} diff --git a/modules/system-modules/users.nix b/modules/system-modules/users.nix new file mode 100644 index 0000000..33df3d1 --- /dev/null +++ b/modules/system-modules/users.nix @@ -0,0 +1,97 @@ +{ + lib, + config, + ... +}: let + host = config.host; + + hostUsers = host.hostUsers; + principleUsers = host.principleUsers; +in { + options.host = { + users = lib.mkOption { + default = {}; + type = lib.types.attrsOf (lib.types.submodule ({ + config, + name, + ... + }: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + description = '' + What should this users name on the system be + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.name"; + }; + isPrincipleUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should be configured as root and have ssh access + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isPrincipleUser"; + }; + isDesktopUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should install their desktop applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isDesktopUser"; + }; + isTerminalUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should install their terminal applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isTerminalUser"; + }; + isNormalUser = lib.mkOption { + type = lib.types.bool; + default = config.isDesktopUser || config.isTerminalUser; + description = '' + User should install their applications and can log in + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser"; + }; + }; + })); + }; + hostUsers = lib.mkOption { + default = lib.attrsets.mapAttrsToList (_: user: user) host.users; + }; + principleUsers = lib.mkOption { + default = lib.lists.filter (user: user.isPrincipleUser) hostUsers; + }; + normalUsers = lib.mkOption { + default = lib.lists.filter (user: user.isTerminalUser) hostUsers; + }; + terminalUsers = lib.mkOption { + default = lib.lists.filter (user: user.isNormalUser) hostUsers; + }; + }; + + config = { + assertions = + ( + builtins.map (user: { + assertion = !(user.isPrincipleUser && !user.isNormalUser); + message = '' + Non normal user ${user.name} can not be a principle user. + ''; + }) + hostUsers + ) + ++ [ + { + assertion = (builtins.length principleUsers) > 0; + message = '' + At least one user must be a principle user. + ''; + } + ]; + }; +} diff --git a/util/default.nix b/util/default.nix index 32acca1..f04f9c9 100644 --- a/util/default.nix +++ b/util/default.nix @@ -26,6 +26,7 @@ home-manager-modules = common-modules ++ [ + sops-nix.homeManagerModules.sops ../modules/home-manager-modules ]; @@ -41,10 +42,8 @@ system-modules = common-modules ++ [ - ../modules/system-modules - sops-nix.nixosModules.sops - home-manager.nixosModules.home-manager home-manager-config + ../modules/system-modules ]; in { forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); @@ -62,6 +61,8 @@ in { modules = system-modules ++ [ + sops-nix.nixosModules.sops + home-manager.nixosModules.home-manager ../modules/nixos-modules ../configurations/nixos/${host} ]; @@ -73,6 +74,8 @@ in { modules = system-modules ++ [ + sops-nix.darwinModules.sops + home-manager.darwinModules.home-manager ../modules/darwin-modules ../configurations/darwin/${host} ];