From 2aafcc9b4985e1607c94647907bbe7b34b13ee98 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 18 Sep 2022 17:26:06 +0200 Subject: [PATCH] refactor configuration --- home/configurations.nix | 6 +- home/modules/default.nix | 7 +- home/modules/emacs/default.nix | 12 +-- nixos/configurations.nix | 142 +++++++++++++----------------- nixos/gorgon/configuration.nix | 2 +- nixos/modules/admin.nix | 9 +- nixos/modules/borg-server.nix | 9 +- nixos/modules/default.nix | 7 +- nixos/modules/homepage.nix | 6 +- nixos/modules/nix.nix | 61 +++++++------ nixos/modules/nixpkgs.nix | 3 + nixos/modules/packages.nix | 10 +++ nixos/modules/profiles/backup.nix | 5 +- nixos/modules/profiles/server.nix | 3 - nixos/modules/secrets.nix | 10 +++ nixos/pruflas/configuration.nix | 2 - outputs.nix | 9 +- 17 files changed, 154 insertions(+), 149 deletions(-) create mode 100644 nixos/modules/nixpkgs.nix create mode 100644 nixos/modules/packages.nix create mode 100644 nixos/modules/secrets.nix diff --git a/home/configurations.nix b/home/configurations.nix index d532d92..9e65949 100644 --- a/home/configurations.nix +++ b/home/configurations.nix @@ -1,6 +1,7 @@ { self , nixpkgs , home-manager +, nix-doom-emacs , ... } @ inputs: let @@ -10,15 +11,16 @@ let , system ? "x86_64-linux" , username ? "dadada" , stateVersion - , }: (home-manager.lib.homeManagerConfiguration { configuration = { ... }: { imports = (nixpkgs.lib.attrValues self.hmModules) ++ extraModules; + nixpkgs = { config = import ./nixpkgs-config.nix { pkgs = nixpkgs; }; }; + manual.manpages.enable = false; }; inherit system homeDirectory username stateVersion; @@ -26,7 +28,7 @@ let in { home = hmConfiguration { - extraModules = [ ./home ]; + extraModules = [ ./home nix-doom-emacs.hmModule ]; stateVersion = "20.09"; }; } diff --git a/home/modules/default.nix b/home/modules/default.nix index 5e29743..f4d841c 100644 --- a/home/modules/default.nix +++ b/home/modules/default.nix @@ -1,11 +1,8 @@ -{ self -, nix-doom-emacs -, ... -} @ inputs: { +{ alacritty = import ./alacritty; colors = import ./colors.nix; direnv = import ./direnv.nix; - emacs = import ./emacs { inherit nix-doom-emacs; }; + emacs = import ./emacs; fish = import ./fish.nix; git = import ./git.nix; gpg = import ./gpg.nix; diff --git a/home/modules/emacs/default.nix b/home/modules/emacs/default.nix index ded8f05..2fa0b0f 100644 --- a/home/modules/emacs/default.nix +++ b/home/modules/emacs/default.nix @@ -1,16 +1,16 @@ -{ nix-doom-emacs, ... }: { config - , pkgs - , lib - , ... - }: +{ config +, pkgs +, lib +, ... +}: with lib; let cfg = config.dadada.home.emacs; in { - imports = [ nix-doom-emacs.hmModule ]; options.dadada.home.emacs = { enable = mkEnableOption "Enable dadada emacs config"; }; + config = mkIf cfg.enable { programs.doom-emacs = { enable = true; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 6b9d3fb..7d0a307 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,6 +1,4 @@ -# TODO refactor adapterModule and redundant module config { self -, admins , agenix , nixpkgs , home-manager @@ -9,99 +7,79 @@ , nvd , scripts , recipemd -, secretsPath , ... -}: +}@inputs: let - nixosSystem = nixpkgs.lib.nixosSystem; - agenixModule = agenix.nixosModule; - adapterModule = system: { - nixpkgs.config.allowUnfreePredicate = pkg: true; - nixpkgs.overlays = - (nixpkgs.lib.attrValues self.overlays) - ++ [ - (final: prev: { homePage = homePage.defaultPackage.${system}; }) - (final: prev: { s = scripts; }) - (final: prev: { n = nvd; }) - (final: prev: { recipemd = recipemd.defaultPackage.${system}; }) - ]; + getDefaultPkgs = system: flakes: nixpkgs.lib.mapAttrs (_: value: nixpkgs.lib.getAttr system value.defaultPackage) flakes; + + nixosSystem = { system ? "x86_64-linux", extraModules ? [ ] }: nixpkgs.lib.nixosSystem { + inherit system; + + modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModule ] ++ extraModules; }; - lib = nixpkgs.lib; in { gorgon = nixosSystem rec { system = "x86_64-linux"; - specialArgs = { inherit admins secretsPath; }; - modules = - (nixpkgs.lib.attrValues self.nixosModules) - ++ [ - (adapterModule system) - agenixModule - nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.sharedModules = - (nixpkgs.lib.attrValues self.hmModules) - ++ [ - { manual.manpages.enable = false; } - ]; - home-manager.users.dadada = import ../home/home; - } - ./modules/profiles/laptop.nix - ./gorgon/configuration.nix - ]; + + extraModules = [ + { + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + dadada.pkgs = getDefaultPkgs system { + inherit scripts nvd recipemd; + }; + + # Add flakes to registry and nix path. + dadada.inputs = inputs // { dadada = self; }; + } + + nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 + + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ + { manual.manpages.enable = false; } + ]; + home-manager.users.dadada = import ../home/home; + } + + ./modules/profiles/laptop.nix + ./gorgon/configuration.nix + ]; }; - ifrit = nixosSystem rec { - system = "x86_64-linux"; - specialArgs = { inherit admins secretsPath; }; - modules = - (nixpkgs.lib.attrValues self.nixosModules) - ++ [ - agenixModule - (adapterModule system) - ./modules/profiles/server.nix - ./ifrit/configuration.nix - ./ifrit/hardware-configuration.nix - ]; + + ifrit = nixosSystem { + extraModules = [ + ./modules/profiles/server.nix + ./ifrit/configuration.nix + ./ifrit/hardware-configuration.nix + ]; }; surgat = nixosSystem rec { system = "x86_64-linux"; - specialArgs = { inherit admins secretsPath; }; - modules = - (nixpkgs.lib.attrValues self.nixosModules) - ++ [ - (adapterModule system) - agenixModule - ./modules/profiles/server.nix - ./surgat/configuration.nix - ]; - }; - pruflas = nixosSystem rec { - system = "x86_64-linux"; - specialArgs = { inherit admins secretsPath; }; - modules = - (nixpkgs.lib.attrValues self.nixosModules) - ++ [ - (adapterModule system) - agenixModule - ./modules/profiles/laptop.nix - ./pruflas/configuration.nix - ]; + extraModules = [ + { + dadada.homePage.package = homePage.defaultPackage.${system}; + } + ./modules/profiles/server.nix + ./surgat/configuration.nix + ]; }; - agares = nixosSystem rec { - system = "x86_64-linux"; - specialArgs = { inherit admins secretsPath; }; - modules = - (nixpkgs.lib.attrValues self.nixosModules) - ++ [ - (adapterModule system) - agenixModule - ./modules/profiles/server.nix - ./agares/configuration.nix - ]; + pruflas = nixosSystem { + extraModules = [ + ./modules/profiles/laptop.nix + ./pruflas/configuration.nix + ]; + }; + + agares = nixosSystem { + extraModules = [ + ./modules/profiles/server.nix + ./agares/configuration.nix + ]; }; } diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index fe65a95..c5ac787 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -83,7 +83,7 @@ in environment.systemPackages = with pkgs; [ chromium ghostscript - recipemd + config.dadada.pkgs.recipemd ]; networking.firewall = { diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index 7dd5eb0..fcdf9f8 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -49,7 +49,7 @@ in users = mkOption { type = with types; attrsOf (submodule adminOpts); - default = { }; + default = import ../../admins.nix; description = '' Admin users with root access machine. ''; @@ -67,6 +67,13 @@ in }; config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.users != [ ]; + message = "Must provide at least one admin, if the admin module is enabled."; + } + ]; + programs.zsh.enable = mkDefault true; services.sshd.enable = true; diff --git a/nixos/modules/borg-server.nix b/nixos/modules/borg-server.nix index 5da2280..b55cf63 100644 --- a/nixos/modules/borg-server.nix +++ b/nixos/modules/borg-server.nix @@ -1,4 +1,4 @@ -{ config, lib, admins, ... }: +{ config, lib, ... }: let inherit (lib) mkEnableOption mkIf mkOption types; cfg = config.dadada.borgServer; @@ -26,49 +26,42 @@ in "metis" = { allowSubRepos = false; authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" ]; - authorizedKeys = admins.dadada.keys; path = "${cfg.path}/metis"; quota = "1T"; }; "gorgon" = { allowSubRepos = false; authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" ]; - authorizedKeys = admins.dadada.keys; path = "${cfg.path}/gorgon"; quota = "1T"; }; "surgat" = { allowSubRepos = false; authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" ]; - authorizedKeys = admins.dadada.keys; path = "${cfg.path}/surgat"; quota = "50G"; }; "pruflas" = { allowSubRepos = false; authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas" ]; - authorizedKeys = admins.dadada.keys; path = "${cfg.path}/pruflas"; quota = "50G"; }; "wohnzimmerpi" = { allowSubRepos = false; authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" ]; - authorizedKeys = admins.dadada.keys; path = "${cfg.path}/wohnzimmerpi"; quota = "50G"; }; "fginfo" = { allowSubRepos = false; authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxsyJeZVlVix0FPE8S/Gx0DVutS1ZNESVdYvHBwo36wGlYpSsQoSy/2HSwbpxs88MOGw1QNboxvvpBxCWxZ5HyjxuO5SwYgtmpjPXvmqfVqNXXnLChhSnKgk9b+HesQJCbHyrF9ZAJXEFCOGhOL3YTgd6lTX3lQUXgh/LEDlrPrigUMDNPecPWxpPskP6Vvpe9u+duhL+ihyxXaV+CoPk8nkWrov5jCGPiM48pugbwAfqARyZDgFpmWwL7Xg2UKgVZ1ttHZCWwH+htgioVZMYpdkQW1aq6LLGwN34Hj2VKXzmJN5frh6vQoZr2AFGHNKyJwAMpqnoY//QwuREpZTrh root@fginfo.ibr.cs.tu-bs.de" ]; - authorizedKeys = admins.dadada.keys; path = "${cfg.path}/fginfo"; quota = "10G"; }; "fginfo-git" = { allowSubRepos = false; authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmI6cUv3j0T9ofFB286sDwXwwczqi41cp4MZyGH3VWQnqBPNjICqAdY3CLhgvGBCxSe6ZgKQ+5YLsGSSlU1uhrJXW2UiVKuIPd0kjMF/9e8hmNoTTh0pdk9THfz9LLAdI1vPin1EeVReuDXlZkCI7DFYuTO9yiyZ1uLZUfT1KBRoqiqyypZhut7zT3UaDs2L+Y5hho6WiTdm7INuz6HEB7qYXzrmx93hlcuLZA7fDfyMO9F4APZFUqefcUIEyDI2b+Q/8Q2/rliT2PoC69XLVlj7HyVhfgKsOnopwBDNF3rRcJ6zz4WICPM18i4ZCmfoDTL/cFr5c41Lan1X7wS5wR root@fginfo-git" ]; - authorizedKeys = admins.dadada.keys; path = "${cfg.path}/fginfo-git"; quota = "10G"; }; diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 7813a3a..3928d3a 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,4 +1,4 @@ -{ ... } @ inputs: { +{ admin = import ./admin.nix; backup = import ./backup.nix; borgServer = import ./borg-server.nix; @@ -11,7 +11,10 @@ homepage = import ./homepage.nix; kanboard = import ./kanboard; networking = import ./networking.nix; - nix = import ./nix.nix inputs; + nix = import ./nix.nix; + nixpkgs = import ./nixpkgs.nix; + packages = import ./packages.nix; + secrets = import ./secrets.nix; share = import ./share.nix; steam = import ./steam.nix; update = import ./update.nix; diff --git a/nixos/modules/homepage.nix b/nixos/modules/homepage.nix index ea0f8f9..32e166a 100644 --- a/nixos/modules/homepage.nix +++ b/nixos/modules/homepage.nix @@ -9,6 +9,10 @@ in with lib; { options.dadada.homePage = { enable = mkEnableOption "Enable home page"; + package = mkOption { + type = lib.types.package; + description = "Package containing the homepage"; + }; }; config = mkIf cfg.enable { services.nginx.enable = true; @@ -16,7 +20,7 @@ with lib; { services.nginx.virtualHosts."dadada.li" = { enableACME = true; forceSSL = true; - root = "${pkgs.homePage}"; + root = "${cfg.package}"; }; }; } diff --git a/nixos/modules/nix.nix b/nixos/modules/nix.nix index 2b2b655..85954b4 100644 --- a/nixos/modules/nix.nix +++ b/nixos/modules/nix.nix @@ -1,33 +1,36 @@ -{ self -, home-manager -, nixpkgs +{ config +, pkgs +, lib , ... -}: { config - , pkgs - , lib - , ... - }: -# Global settings for nix daemon +}: +let + cfg = config.dadada.inputs; +in { - nix.nixPath = [ - "home-manager=${home-manager}" - "nixpkgs=${nixpkgs}" - "dadada=${self}" - ]; - nix.registry = { - home-manager.flake = home-manager; - nixpkgs.flake = nixpkgs; - dadada.flake = self; + options = { + dadada.inputs = lib.mkOption { + type = lib.types.attrsOf lib.types.attrs; + description = "Flake inputs that should be available inside Nix modules"; + default = { }; + }; + }; + + config = { + nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value}") cfg; + nix.registry = lib.mapAttrs' (name: value: lib.nameValuePair name { flake = value; }) cfg; + + nix.settings.substituters = [ + https://cache.nixos.org/ + https://nix-community.cachix.org/ + ]; + + nix.settings.trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + + nix.settings.require-sigs = true; + nix.settings.sandbox = true; }; - nix.settings.substituters = [ - https://cache.nixos.org/ - https://nix-community.cachix.org/ - ]; - nix.settings.trusted-public-keys = [ - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - nix.settings.require-sigs = true; - nix.settings.sandbox = true; } diff --git a/nixos/modules/nixpkgs.nix b/nixos/modules/nixpkgs.nix new file mode 100644 index 0000000..2c5849f --- /dev/null +++ b/nixos/modules/nixpkgs.nix @@ -0,0 +1,3 @@ +{ + nixpkgs.config.allowUnfreePredicate = pkg: true; +} diff --git a/nixos/modules/packages.nix b/nixos/modules/packages.nix new file mode 100644 index 0000000..4db8af2 --- /dev/null +++ b/nixos/modules/packages.nix @@ -0,0 +1,10 @@ +{ config, lib, ... }: +{ + options = { + dadada.pkgs = lib.mkOption { + type = lib.types.attrsOf lib.types.package; + description = "Additional packages that are not sourced from nixpkgs"; + default = { }; + }; + }; +} diff --git a/nixos/modules/profiles/backup.nix b/nixos/modules/profiles/backup.nix index 49d6341..1f41b17 100644 --- a/nixos/modules/profiles/backup.nix +++ b/nixos/modules/profiles/backup.nix @@ -1,4 +1,7 @@ -{ config, secretsPath, ... }: +{ config, ... }: +let + secretsPath = config.dadada.secrets.path; +in { dadada.backupClient.bs = { enable = true; diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index d0032f8..2f34704 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -1,5 +1,4 @@ { config -, admins , pkgs , lib , ... @@ -9,8 +8,6 @@ with lib; { ./backup.nix ]; - dadada.admin.users = admins; - networking.domain = mkDefault "dadada.li"; networking.tempAddresses = "disabled"; diff --git a/nixos/modules/secrets.nix b/nixos/modules/secrets.nix new file mode 100644 index 0000000..5b74f5b --- /dev/null +++ b/nixos/modules/secrets.nix @@ -0,0 +1,10 @@ +{ config, lib, ... }: +{ + options = { + dadada.secrets.path = lib.mkOption { + type = lib.types.path; + description = "Path to encrypted secrets files"; + default = ../../secrets; + }; + }; +} diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index c04f20e..e98b5e6 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -1,7 +1,6 @@ { config , pkgs , lib -, admins , ... }: with lib; { @@ -42,7 +41,6 @@ with lib; { }; dadada.admin.enable = true; - dadada.admin.users = admins; dadada.backupClient = { bs.enable = true; diff --git a/outputs.nix b/outputs.nix index 54db6f2..46968d8 100644 --- a/outputs.nix +++ b/outputs.nix @@ -30,14 +30,11 @@ hmConfigurations = import ./home/configurations.nix inputs; - hmModules = import ./home/modules inputs; + hmModules = import ./home/modules; - nixosConfigurations = import ./nixos/configurations.nix (inputs // { - admins = import ./admins.nix; - secretsPath = ./secrets; - }); + nixosConfigurations = import ./nixos/configurations.nix inputs; - nixosModules = import ./nixos/modules inputs; + nixosModules = import ./nixos/modules; overlays = import ./overlays.nix;