refactor configuration

2022-09-18 17:26:06 +02:00 · 2022-09-18 17:26:06 +02:00 · 2aafcc9b49
commit 2aafcc9b49
parent d016cc67bc
17 changed files with 154 additions and 149 deletions
--- a/home/configurations.nix
+++ b/home/configurations.nix
@ -1,6 +1,7 @@
 { self
 , nixpkgs
 , home-manager
 , nix-doom-emacs
 , ...
 } @ inputs:
 let
@ -10,15 +11,16 @@ let
    , system ? "x86_64-linux"
    , username ? "dadada"
    , stateVersion
    ,
    }: (home-manager.lib.homeManagerConfiguration {
      configuration = { ... }: {
        imports = (nixpkgs.lib.attrValues self.hmModules) ++ extraModules;
        nixpkgs = {
          config = import ./nixpkgs-config.nix {
            pkgs = nixpkgs;
          };
        };
        manual.manpages.enable = false;
      };
      inherit system homeDirectory username stateVersion;
@ -26,7 +28,7 @@ let
 in
 {
  home = hmConfiguration {
-    extraModules = [ ./home ];
+    extraModules = [ ./home nix-doom-emacs.hmModule ];
    stateVersion = "20.09";
  };
 }
--- a/home/modules/default.nix
+++ b/home/modules/default.nix
@ -1,11 +1,8 @@
-{ self
+{
 , nix-doom-emacs
 , ...
 } @ inputs: {
  alacritty = import ./alacritty;
  colors = import ./colors.nix;
  direnv = import ./direnv.nix;
-  emacs = import ./emacs { inherit nix-doom-emacs; };
+  emacs = import ./emacs;
  fish = import ./fish.nix;
  git = import ./git.nix;
  gpg = import ./gpg.nix;
--- a/home/modules/emacs/default.nix
+++ b/home/modules/emacs/default.nix
@ -1,4 +1,4 @@
-{ nix-doom-emacs, ... }: { config
+{ config
 , pkgs
 , lib
 , ...
@ -7,10 +7,10 @@ with lib; let
  cfg = config.dadada.home.emacs;
 in
 {
  imports = [ nix-doom-emacs.hmModule ];
  options.dadada.home.emacs = {
    enable = mkEnableOption "Enable dadada emacs config";
  };
  config = mkIf cfg.enable {
    programs.doom-emacs = {
      enable = true;
--- a/nixos/configurations.nix
+++ b/nixos/configurations.nix
@ -1,6 +1,4 @@
 # TODO refactor adapterModule and redundant module config
 { self
 , admins
 , agenix
 , nixpkgs
 , home-manager
@ -9,58 +7,51 @@
 , nvd
 , scripts
 , recipemd
 , secretsPath
 , ...
-}:
+}@inputs:
 let
-  nixosSystem = nixpkgs.lib.nixosSystem;
+  getDefaultPkgs = system: flakes: nixpkgs.lib.mapAttrs (_: value: nixpkgs.lib.getAttr system value.defaultPackage) flakes;
-  agenixModule = agenix.nixosModule;
+
-  adapterModule = system: {
+  nixosSystem = { system ? "x86_64-linux", extraModules ? [ ] }: nixpkgs.lib.nixosSystem {
-    nixpkgs.config.allowUnfreePredicate = pkg: true;
+    inherit system;
-    nixpkgs.overlays =
+
-      (nixpkgs.lib.attrValues self.overlays)
+    modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModule ] ++ extraModules;
      ++ [
        (final: prev: { homePage = homePage.defaultPackage.${system}; })
        (final: prev: { s = scripts; })
        (final: prev: { n = nvd; })
        (final: prev: { recipemd = recipemd.defaultPackage.${system}; })
      ];
  };
  lib = nixpkgs.lib;
 in
 {
  gorgon = nixosSystem rec {
    system = "x86_64-linux";
-    specialArgs = { inherit admins secretsPath; };
+
-    modules =
+    extraModules = [
-      (nixpkgs.lib.attrValues self.nixosModules)
+      {
-      ++ [
+        nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays;
-        (adapterModule system)
+        dadada.pkgs = getDefaultPkgs system {
-        agenixModule
+          inherit scripts nvd recipemd;
        };
        # Add flakes to registry and nix path.
        dadada.inputs = inputs // { dadada = self; };
      }
      nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1
      home-manager.nixosModules.home-manager
      {
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
-          home-manager.sharedModules =
+        home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [
            (nixpkgs.lib.attrValues self.hmModules)
            ++ [
          { manual.manpages.enable = false; }
        ];
        home-manager.users.dadada = import ../home/home;
      }
      ./modules/profiles/laptop.nix
      ./gorgon/configuration.nix
    ];
  };
-  ifrit = nixosSystem rec {
+
-    system = "x86_64-linux";
+  ifrit = nixosSystem {
-    specialArgs = { inherit admins secretsPath; };
+    extraModules = [
    modules =
      (nixpkgs.lib.attrValues self.nixosModules)
      ++ [
        agenixModule
        (adapterModule system)
      ./modules/profiles/server.nix
      ./ifrit/configuration.nix
      ./ifrit/hardware-configuration.nix
@ -69,37 +60,24 @@ in
  surgat = nixosSystem rec {
    system = "x86_64-linux";
-    specialArgs = { inherit admins secretsPath; };
+    extraModules = [
-    modules =
+      {
-      (nixpkgs.lib.attrValues self.nixosModules)
+        dadada.homePage.package = homePage.defaultPackage.${system};
-      ++ [
+      }
        (adapterModule system)
        agenixModule
      ./modules/profiles/server.nix
      ./surgat/configuration.nix
    ];
  };
-  pruflas = nixosSystem rec {
+
-    system = "x86_64-linux";
+  pruflas = nixosSystem {
-    specialArgs = { inherit admins secretsPath; };
+    extraModules = [
    modules =
      (nixpkgs.lib.attrValues self.nixosModules)
      ++ [
        (adapterModule system)
        agenixModule
      ./modules/profiles/laptop.nix
      ./pruflas/configuration.nix
    ];
  };
-  agares = nixosSystem rec {
+  agares = nixosSystem {
-    system = "x86_64-linux";
+    extraModules = [
    specialArgs = { inherit admins secretsPath; };
    modules =
      (nixpkgs.lib.attrValues self.nixosModules)
      ++ [
        (adapterModule system)
        agenixModule
      ./modules/profiles/server.nix
      ./agares/configuration.nix
    ];
--- a/nixos/gorgon/configuration.nix
+++ b/nixos/gorgon/configuration.nix
@ -83,7 +83,7 @@ in
  environment.systemPackages = with pkgs; [
    chromium
    ghostscript
-    recipemd
+    config.dadada.pkgs.recipemd
  ];
  networking.firewall = {
--- a/nixos/modules/admin.nix
+++ b/nixos/modules/admin.nix
@ -49,7 +49,7 @@ in
      users = mkOption {
        type = with types; attrsOf (submodule adminOpts);
-        default = { };
+        default = import ../../admins.nix;
        description = ''
          Admin users with root access machine.
        '';
@ -67,6 +67,13 @@ in
  };
  config = mkIf cfg.enable {
    assertions = [
      {
        assertion = cfg.users != [ ];
        message = "Must provide at least one admin, if the admin module is enabled.";
      }
    ];
    programs.zsh.enable = mkDefault true;
    services.sshd.enable = true;
--- a/nixos/modules/borg-server.nix
+++ b/nixos/modules/borg-server.nix
@ -1,4 +1,4 @@
-{ config, lib, admins, ... }:
+{ config, lib, ... }:
 let
  inherit (lib) mkEnableOption mkIf mkOption types;
  cfg = config.dadada.borgServer;
@ -26,49 +26,42 @@ in
      "metis" = {
        allowSubRepos = false;
        authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" ];
        authorizedKeys = admins.dadada.keys;
        path = "${cfg.path}/metis";
        quota = "1T";
      };
      "gorgon" = {
        allowSubRepos = false;
        authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" ];
        authorizedKeys = admins.dadada.keys;
        path = "${cfg.path}/gorgon";
        quota = "1T";
      };
      "surgat" = {
        allowSubRepos = false;
        authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" ];
        authorizedKeys = admins.dadada.keys;
        path = "${cfg.path}/surgat";
        quota = "50G";
      };
      "pruflas" = {
        allowSubRepos = false;
        authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas" ];
        authorizedKeys = admins.dadada.keys;
        path = "${cfg.path}/pruflas";
        quota = "50G";
      };
      "wohnzimmerpi" = {
        allowSubRepos = false;
        authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" ];
        authorizedKeys = admins.dadada.keys;
        path = "${cfg.path}/wohnzimmerpi";
        quota = "50G";
      };
      "fginfo" = {
        allowSubRepos = false;
        authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxsyJeZVlVix0FPE8S/Gx0DVutS1ZNESVdYvHBwo36wGlYpSsQoSy/2HSwbpxs88MOGw1QNboxvvpBxCWxZ5HyjxuO5SwYgtmpjPXvmqfVqNXXnLChhSnKgk9b+HesQJCbHyrF9ZAJXEFCOGhOL3YTgd6lTX3lQUXgh/LEDlrPrigUMDNPecPWxpPskP6Vvpe9u+duhL+ihyxXaV+CoPk8nkWrov5jCGPiM48pugbwAfqARyZDgFpmWwL7Xg2UKgVZ1ttHZCWwH+htgioVZMYpdkQW1aq6LLGwN34Hj2VKXzmJN5frh6vQoZr2AFGHNKyJwAMpqnoY//QwuREpZTrh root@fginfo.ibr.cs.tu-bs.de" ];
        authorizedKeys = admins.dadada.keys;
        path = "${cfg.path}/fginfo";
        quota = "10G";
      };
      "fginfo-git" = {
        allowSubRepos = false;
        authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmI6cUv3j0T9ofFB286sDwXwwczqi41cp4MZyGH3VWQnqBPNjICqAdY3CLhgvGBCxSe6ZgKQ+5YLsGSSlU1uhrJXW2UiVKuIPd0kjMF/9e8hmNoTTh0pdk9THfz9LLAdI1vPin1EeVReuDXlZkCI7DFYuTO9yiyZ1uLZUfT1KBRoqiqyypZhut7zT3UaDs2L+Y5hho6WiTdm7INuz6HEB7qYXzrmx93hlcuLZA7fDfyMO9F4APZFUqefcUIEyDI2b+Q/8Q2/rliT2PoC69XLVlj7HyVhfgKsOnopwBDNF3rRcJ6zz4WICPM18i4ZCmfoDTL/cFr5c41Lan1X7wS5wR root@fginfo-git" ];
        authorizedKeys = admins.dadada.keys;
        path = "${cfg.path}/fginfo-git";
        quota = "10G";
      };
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@ -1,4 +1,4 @@
-{ ... } @ inputs: {
+{
  admin = import ./admin.nix;
  backup = import ./backup.nix;
  borgServer = import ./borg-server.nix;
@ -11,7 +11,10 @@
  homepage = import ./homepage.nix;
  kanboard = import ./kanboard;
  networking = import ./networking.nix;
-  nix = import ./nix.nix inputs;
+  nix = import ./nix.nix;
  nixpkgs = import ./nixpkgs.nix;
  packages = import ./packages.nix;
  secrets = import ./secrets.nix;
  share = import ./share.nix;
  steam = import ./steam.nix;
  update = import ./update.nix;
--- a/nixos/modules/homepage.nix
+++ b/nixos/modules/homepage.nix
@ -9,6 +9,10 @@ in
 with lib; {
  options.dadada.homePage = {
    enable = mkEnableOption "Enable home page";
    package = mkOption {
      type = lib.types.package;
      description = "Package containing the homepage";
    };
  };
  config = mkIf cfg.enable {
    services.nginx.enable = true;
@ -16,7 +20,7 @@ with lib; {
    services.nginx.virtualHosts."dadada.li" = {
      enableACME = true;
      forceSSL = true;
-      root = "${pkgs.homePage}";
+      root = "${cfg.package}";
    };
  };
 }
--- a/nixos/modules/nix.nix
+++ b/nixos/modules/nix.nix
@ -1,33 +1,36 @@
-{ self
+{ config
 , home-manager
 , nixpkgs
 , ...
 }: { config
 , pkgs
 , lib
 , ...
 }:
-# Global settings for nix daemon
+let
  cfg = config.dadada.inputs;
 in
 {
-  nix.nixPath = [
+  options = {
-    "home-manager=${home-manager}"
+    dadada.inputs = lib.mkOption {
-    "nixpkgs=${nixpkgs}"
+      type = lib.types.attrsOf lib.types.attrs;
-    "dadada=${self}"
+      description = "Flake inputs that should be available inside Nix modules";
-  ];
+      default = { };
  nix.registry = {
    home-manager.flake = home-manager;
    nixpkgs.flake = nixpkgs;
    dadada.flake = self;
    };
  };
  config = {
    nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value}") cfg;
    nix.registry = lib.mapAttrs' (name: value: lib.nameValuePair name { flake = value; }) cfg;
    nix.settings.substituters = [
      https://cache.nixos.org/
      https://nix-community.cachix.org/
    ];
    nix.settings.trusted-public-keys = [
      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
      "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q="
      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
    ];
    nix.settings.require-sigs = true;
    nix.settings.sandbox = true;
  };
 }
--- a/nixos/modules/nixpkgs.nix
+++ b/nixos/modules/nixpkgs.nix
@ -0,0 +1,3 @@
 {
  nixpkgs.config.allowUnfreePredicate = pkg: true;
 }
--- a/nixos/modules/packages.nix
+++ b/nixos/modules/packages.nix
@ -0,0 +1,10 @@
 { config, lib, ... }:
 {
  options = {
    dadada.pkgs = lib.mkOption {
      type = lib.types.attrsOf lib.types.package;
      description = "Additional packages that are not sourced from nixpkgs";
      default = { };
    };
  };
 }
--- a/nixos/modules/profiles/backup.nix
+++ b/nixos/modules/profiles/backup.nix
@ -1,4 +1,7 @@
-{ config, secretsPath, ... }:
+{ config, ... }:
 let
  secretsPath = config.dadada.secrets.path;
 in
 {
  dadada.backupClient.bs = {
    enable = true;
--- a/nixos/modules/profiles/server.nix
+++ b/nixos/modules/profiles/server.nix
@ -1,5 +1,4 @@
 { config
 , admins
 , pkgs
 , lib
 , ...
@ -9,8 +8,6 @@ with lib; {
    ./backup.nix
  ];
  dadada.admin.users = admins;
  networking.domain = mkDefault "dadada.li";
  networking.tempAddresses = "disabled";
--- a/nixos/modules/secrets.nix
+++ b/nixos/modules/secrets.nix
@ -0,0 +1,10 @@
 { config, lib, ... }:
 {
  options = {
    dadada.secrets.path = lib.mkOption {
      type = lib.types.path;
      description = "Path to encrypted secrets files";
      default = ../../secrets;
    };
  };
 }
--- a/nixos/pruflas/configuration.nix
+++ b/nixos/pruflas/configuration.nix
@ -1,7 +1,6 @@
 { config
 , pkgs
 , lib
 , admins
 , ...
 }:
 with lib; {
@ -42,7 +41,6 @@ with lib; {
  };
  dadada.admin.enable = true;
  dadada.admin.users = admins;
  dadada.backupClient = {
    bs.enable = true;
--- a/outputs.nix
+++ b/outputs.nix
@ -30,14 +30,11 @@
  hmConfigurations = import ./home/configurations.nix inputs;
-  hmModules = import ./home/modules inputs;
+  hmModules = import ./home/modules;
-  nixosConfigurations = import ./nixos/configurations.nix (inputs // {
+  nixosConfigurations = import ./nixos/configurations.nix inputs;
    admins = import ./admins.nix;
    secretsPath = ./secrets;
  });
-  nixosModules = import ./nixos/modules inputs;
+  nixosModules = import ./nixos/modules;
  overlays = import ./overlays.nix;