refactor profiles

2023-02-04 16:08:50 +01:00 · 2023-02-04 16:08:50 +01:00 · f252b99469
commit f252b99469
parent 738b86369a
14 changed files with 151 additions and 133 deletions
--- a/nixos/modules/admin.nix
+++ b/nixos/modules/admin.nix
@ -81,13 +81,6 @@ in
    security.sudo.wheelNeedsPassword = false;
    services.openssh.openFirewall = true;

-    system.autoUpgrade = {
-      enable = true;
-      flake = "github:dadada/nix-config#${config.networking.hostName}";
-      allowReboot = true;
-      randomizedDelaySec = "45min";
-    };
-
    users.users =
      mapAttrs
        (user: keys: {
@ -98,7 +91,7 @@ in
        })
        cfg.users;

-    nix.trustedUsers = builtins.attrNames cfg.users;
+    nix.settings.trusted-users = builtins.attrNames cfg.users;

    users.mutableUsers = mkDefault false;

--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@ -12,14 +12,13 @@
  kanboard = import ./kanboard;
  miniflux = import ./miniflux.nix;
  networking = import ./networking.nix;
-  nix = import ./nix.nix;
+  inputs = import ./inputs.nix;
  nixpkgs = import ./nixpkgs.nix;
  packages = import ./packages.nix;
  secrets = import ./secrets.nix;
  share = import ./share.nix;
  steam = import ./steam.nix;
  sway = import ./sway.nix;
-  update = import ./update.nix;
  vpnServer = import ./vpnServer.nix;
  weechat = import ./weechat.nix;
 }
--- a/nixos/modules/inputs.nix
+++ b/nixos/modules/inputs.nix
@ -0,0 +1,19 @@
+{ config
+, pkgs
+, lib
+, ...
+}:
+let
+  cfg = config.dadada.inputs;
+in
+{
+  options = {
+    dadada.inputs = lib.mkOption {
+      type = lib.types.attrsOf lib.types.attrs;
+      description = "Flake inputs that should be available inside Nix modules";
+      default = { };
+    };
+  };
+
+  config = { };
+}
--- a/nixos/modules/nix.nix
+++ b/nixos/modules/nix.nix
@ -1,36 +0,0 @@
-{ config
-, pkgs
-, lib
-, ...
-}:
-let
-  cfg = config.dadada.inputs;
-in
-{
-  options = {
-    dadada.inputs = lib.mkOption {
-      type = lib.types.attrsOf lib.types.attrs;
-      description = "Flake inputs that should be available inside Nix modules";
-      default = { };
-    };
-  };
-
-  config = {
-    nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value}") cfg;
-    nix.registry = lib.mapAttrs' (name: value: lib.nameValuePair name { flake = value; }) cfg;
-
-    nix.settings.substituters = [
-      https://cache.nixos.org/
-      https://nix-community.cachix.org/
-    ];
-
-    nix.settings.trusted-public-keys = [
-      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
-      "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q="
-      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-    ];
-
-    nix.settings.require-sigs = true;
-    nix.settings.sandbox = true;
-  };
-}
--- a/nixos/modules/profiles/base.nix
+++ b/nixos/modules/profiles/base.nix
@ -1,7 +1,56 @@
-{ config, ... }:
+{ config, lib, ... }:
+let
+  mkDefault = lib.mkDefault;
+  inputs = config.dadada.inputs;
+in
 {
-  security.acme = {
-    defaults.email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li";
-    acceptTerms = true;
+  i18n.defaultLocale = mkDefault "en_US.UTF-8";
+  console = mkDefault {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
  };
+
+  time.timeZone = mkDefault "Europe/Berlin";
+
+  nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value}") inputs;
+  nix.registry = lib.mapAttrs' (name: value: lib.nameValuePair name { flake = value; }) inputs;
+
+  nix.settings.substituters = [
+    https://cache.nixos.org/
+    https://nix-community.cachix.org/
+  ];
+
+  nix.settings.trusted-public-keys = [
+    "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+    "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q="
+    "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+  ];
+
+  nix.settings.require-sigs = true;
+
+  nix.settings.auto-optimise-store = true;
+
+  nix.gc = {
+    automatic = true;
+    dates = "daily";
+    options = "--delete-older-than 3d";
+  };
+
+  nix.extraOptions = ''
+    experimental-features = nix-command flakes
+  '';
+
+  programs.zsh = mkDefault {
+    enable = true;
+    autosuggestions.enable = true;
+    enableCompletion = true;
+    histSize = 100000;
+    vteIntegration = true;
+    syntaxHighlighting = {
+      enable = true;
+      highlighters = [ "main" "brackets" "pattern" "root" "line" ];
+    };
+  };
+
 }
+
--- a/nixos/modules/profiles/laptop.nix
+++ b/nixos/modules/profiles/laptop.nix
@ -5,7 +5,8 @@
 }:
 let
  secretsPath = config.dadada.secrets.path;
-in with lib; {
+in
+with lib; {
  imports = [
    ./backup.nix
    ./base.nix
@ -21,34 +22,8 @@ in with lib; {
    source-code-pro
  ]);

-  time.timeZone = mkDefault "Europe/Berlin";
-
-  i18n.defaultLocale = mkDefault "en_US.UTF-8";
-
-  console.keyMap = mkDefault "us";
-
  users.mutableUsers = mkDefault true;

-  programs.zsh = mkDefault {
-    enable = true;
-    autosuggestions.enable = true;
-    enableCompletion = true;
-    histSize = 100000;
-    vteIntegration = true;
-    syntaxHighlighting = {
-      enable = true;
-      highlighters = [ "main" "brackets" "pattern" "root" "line" ];
-    };
-  };
-
-  virtualisation = {
-    libvirtd.enable = mkDefault false;
-    docker.enable = mkDefault false;
-    docker.liveRestore = false;
-  };
-
-  virtualisation.docker.extraOptions = mkDefault "--bip=192.168.1.5/24";
-
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = mkDefault true;
  boot.loader.efi.canTouchEfiVariables = mkDefault true;
--- a/nixos/modules/profiles/server.nix
+++ b/nixos/modules/profiles/server.nix
@ -14,19 +14,25 @@ with lib; {

  dadada.admin.enable = true;
  dadada.networking.localResolver.enable = true;
-  dadada.autoUpgrade.enable = mkDefault true;

  environment.noXlibs = mkDefault true;
  documentation.enable = mkDefault false;
  documentation.nixos.enable = mkDefault false;

-  i18n.defaultLocale = mkDefault "en_US.UTF-8";
-  console = mkDefault {
-    font = "Lat2-Terminus16";
-    keyMap = "us";
-  };
-
  services.journald.extraConfig = ''
    SystemKeepFree = 2G
  '';
+
+  system.autoUpgrade = {
+    enable = true;
+    flake = "github:dadada/nix-config#${config.networking.hostName}";
+    allowReboot = true;
+    randomizedDelaySec = "45min";
+  };
+
+  security.acme = {
+    defaults.email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li";
+    acceptTerms = true;
+  };
+
 }
--- a/nixos/modules/update.nix
+++ b/nixos/modules/update.nix
@ -1,40 +0,0 @@
-{ config
-, pkgs
-, lib
-, ...
-}:
-with lib; let
-  cfg = config.dadada.autoUpgrade;
-in
-{
-  options.dadada.autoUpgrade = {
-    enable = mkEnableOption "Enable automatic upgrades";
-  };
-
-  config = mkIf cfg.enable {
-    nix = {
-      autoOptimiseStore = true;
-      gc = {
-        automatic = true;
-        dates = "daily";
-        options = "--delete-older-than 3d";
-      };
-
-      extraOptions = ''
-        experimental-features = nix-command flakes
-      '';
-
-      registry."dadada" = {
-        from = {
-          type = "indirect";
-          id = "dadada";
-        };
-        to = {
-          type = "github";
-          owner = "dadada";
-          repo = "nix-config";
-        };
-      };
-    };
-  };
-}