From 2f16de8f02e596142b56d97a94df3ad6366775bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Thu, 13 Jun 2024 14:58:32 +0200 Subject: [PATCH] treewide: fix darwin configs --- hosts/default.nix | 69 +++++++++++++----------- modules/system/settei/sane-defaults.nix | 70 ++++++++++++++----------- 2 files changed, 75 insertions(+), 64 deletions(-) diff --git a/hosts/default.nix b/hosts/default.nix index aef381e..2322655 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -16,7 +16,8 @@ ./kogata ]; - builders = let + builders = + let sharedOptions = { _file = ./default.nix; @@ -27,47 +28,51 @@ }; baseNixos = inputs.nixpkgs.lib.nixosSystem { - modules = [ - inputs.agenix.nixosModules.age - inputs.disko.nixosModules.disko - inputs.mailserver.nixosModules.default - inputs.home-manager.nixosModules.home-manager - inputs.nvidia-patch.nixosModules.nvidia-patch - inputs.attic.nixosModules.atticd - inputs.lix-module.nixosModules.default - self.nixosModules.settei - self.nixosModules.common - sharedOptions - ]; - specialArgs.configurationName = "base"; - }; + modules = [ + inputs.agenix.nixosModules.age + inputs.disko.nixosModules.disko + inputs.mailserver.nixosModules.default + inputs.home-manager.nixosModules.home-manager + inputs.nvidia-patch.nixosModules.nvidia-patch + inputs.attic.nixosModules.atticd + inputs.lix-module.nixosModules.default + self.nixosModules.settei + self.nixosModules.common + sharedOptions + ]; + specialArgs.configurationName = "base"; + }; baseDarwin = inputs.darwin.lib.darwinSystem { - modules = [ - inputs.agenix.darwinModules.age - inputs.home-manager.darwinModules.home-manager - inputs.lix-module.nixosModules.default - self.darwinModules.settei - self.darwinModules.common - sharedOptions - ]; - specialArgs.configurationName = "base"; - }; - in { + modules = [ + inputs.agenix.darwinModules.age + inputs.home-manager.darwinModules.home-manager + inputs.lix-module.nixosModules.default + self.darwinModules.settei + self.darwinModules.common + sharedOptions + ]; + specialArgs.configurationName = "base"; + }; + in + { nixos = name: module: baseNixos.extendModules { - modules = [ - module - ]; + modules = [ module ]; specialArgs.configurationName = name; }; darwin = name: module: - baseDarwin.extendModules { - modules = [module]; - specialArgs.configurationName = name; + let + eval = baseDarwin._module.args.extendModules { + modules = [ module ]; + specialArgs.configurationName = name; + }; + in + { + system = eval.config.system.build.toplevel; }; }; } diff --git a/modules/system/settei/sane-defaults.nix b/modules/system/settei/sane-defaults.nix index ba1ddb6..9e54dd3 100644 --- a/modules/system/settei/sane-defaults.nix +++ b/modules/system/settei/sane-defaults.nix @@ -29,7 +29,6 @@ let # FIXME: Move to common services.tailscale.enable = true; - networking.firewall.trustedInterfaces = [ "tailscale0" ]; networking.hostName = lib.mkDefault ( args.configurationName @@ -83,43 +82,50 @@ let linuxConfig = lib.optionalAttrs isLinux ( let nmEnabled = config.networking.networkmanager.enable; + tlEnabled = config.services.tailscale.enable; in - { - hardware.enableRedistributableFirmware = true; + lib.mkMerge [ + { + hardware.enableRedistributableFirmware = true; - services.openssh.enable = true; - programs.mosh.enable = lib.mkDefault true; - programs.git.enable = lib.mkDefault true; + # FIXME: Move to common + networking.firewall.trustedInterfaces = lib.mkIf tlEnabled [ "tailscale0" ]; - users = { - mutableUsers = false; - users.${username} = { - isNormalUser = true; - home = "/home/${username}"; - group = username; - extraGroups = [ "wheel" ]; + services.openssh.enable = true; + programs.mosh.enable = lib.mkDefault true; + programs.git.enable = lib.mkDefault true; + + users = { + mutableUsers = false; + users.${username} = { + isNormalUser = true; + home = "/home/${username}"; + group = username; + extraGroups = [ "wheel" ]; + }; + groups.${username} = { }; }; - groups.${username} = { }; - }; - # TODO: Actually this should be extraRules which makes wheel users without any password set - # be able to use sudo with no password - security.sudo.wheelNeedsPassword = false; + # TODO: Actually this should be extraRules which makes wheel users without any password set + # be able to use sudo with no password + security.sudo.wheelNeedsPassword = false; + } + { + # When NetworkManager isn't in use, add tailscale DNS address manually + # FIXME: Move to common + networking = lib.mkIf (!nmEnabled && tlEnabled && cfg.tailnet != null) { + nameservers = [ + "100.100.100.100" + "1.1.1.1" + "1.0.0.1" + ]; + search = [ cfg.tailnet ]; + }; - # When NetworkManager isn't in use, add tailscale DNS address manually - # FIXME: Move to common - networking = lib.mkIf (!nmEnabled && config.services.tailscale.enable && cfg.tailnet != null) { - nameservers = [ - "100.100.100.100" - "1.1.1.1" - "1.0.0.1" - ]; - search = [ cfg.tailnet ]; - }; - - # NetworkManager probably means desktop system so we don't want to slow down boot times - systemd.services = lib.mkIf nmEnabled { NetworkManager-wait-online.enable = false; }; - } + # NetworkManager probably means desktop system so we don't want to slow down boot times + systemd.services = lib.mkIf nmEnabled { NetworkManager-wait-online.enable = false; }; + } + ] ); darwinConfig = lib.optionalAttrs (!isLinux) {