nrabulinski/settei
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

treewide: alejandra -> nixfmt-rfc-style

Browse source
This commit is contained in:
Nikodem Rabuliński 2024-02-25 19:09:09 +01:00
parent d64c02e3da
commit 6558fdb739
51 changed files with 1108 additions and 928 deletions
Download patch file Download diff file Expand all files Collapse all files

21
modules/system/common/default.nix
View file

@ -1,4 +1,5 @@
{isLinux}: {
{ isLinux }:
{
config,
configurationName,
lib,
@ -7,7 +8,8 @@
inputs',
username,
...
}: let
}:
let
sharedConfig = {
settei = {
username = lib.mkDefault "niko";
@ -20,7 +22,7 @@
enable = lib.mkDefault true;
# TODO: Move to settei or leave here?
extraArgs.machineName = configurationName;
config.imports = [inputs.settei.homeModules.common];
config.imports = [ inputs.settei.homeModules.common ];
};
};
@ -31,7 +33,7 @@
# NixOS' fish module doesn't allow setting what package to use for fish,
# so I need to override the fish package.
nixpkgs.overlays = [(_: _: {inherit (inputs'.settei.packages) fish;})];
nixpkgs.overlays = [ (_: _: { inherit (inputs'.settei.packages) fish; }) ];
nix.settings.allow-import-from-derivation = false;
};
@ -53,15 +55,16 @@
system.stateVersion = 4;
# Every macOS ARM machine can emulate x86.
nix.settings.extra-platforms = lib.mkIf pkgs.stdenv.isAarch64 ["x86_64-darwin"];
nix.settings.extra-platforms = lib.mkIf pkgs.stdenv.isAarch64 [ "x86_64-darwin" ];
};
in {
in
{
_file = ./default.nix;
imports = [
(import ./hercules.nix {inherit isLinux;})
(import ./user.nix {inherit isLinux;})
(import ./github-runner.nix {inherit isLinux;})
(import ./hercules.nix { inherit isLinux; })
(import ./user.nix { inherit isLinux; })
(import ./github-runner.nix { inherit isLinux; })
];
config = lib.mkMerge [

72
modules/system/common/github-runner.nix
View file

@ -1,9 +1,11 @@
{isLinux}: {
{ isLinux }:
{
config,
lib,
pkgs,
...
}: let
}:
let
inherit (lib) mkOption types;
github-runner-user = "github-runner";
@ -20,10 +22,10 @@
services.github-runners = lib.pipe cfg.runners [
(lib.mapAttrsToList (
name: cfg:
lib.genList (i:
lib.nameValuePair
"${name}-${toString i}"
{
lib.genList
(
i:
lib.nameValuePair "${name}-${toString i}" {
enable = true;
tokenFile = config.age.secrets.github-token.path;
inherit (cfg) url;
@ -32,8 +34,9 @@
serviceOverrides = {
DynamicUser = false;
};
extraLabels = ["nix"];
})
extraLabels = [ "nix" ];
}
)
cfg.instances
))
lib.flatten
@ -45,41 +48,48 @@
isSystemUser = true;
group = github-runner-user;
};
groups.${github-runner-user} = {};
groups.${github-runner-user} = { };
};
};
darwinConfig = lib.optionalAttrs (!isLinux) {
warnings = lib.singleton "common.github-runner doesn't do anything on darwin yet";
};
in {
in
{
_file = ./github-runner.nix;
options.common.github-runner = {
enable = lib.mkEnableOption "using this machine as a self-hosted github runner";
runners = mkOption {
type = with types;
attrsOf (submodule ({name, ...}: {
options = {
name = mkOption {
type = types.str;
default = "${name}-${config.networking.hostName}";
};
url = mkOption {
type = types.str;
};
instances = mkOption {
type = types.int;
default = 1;
};
};
}));
type =
with types;
attrsOf (
submodule (
{ name, ... }:
{
options = {
name = mkOption {
type = types.str;
default = "${name}-${config.networking.hostName}";
};
url = mkOption { type = types.str; };
instances = mkOption {
type = types.int;
default = 1;
};
};
}
)
);
};
};
config = lib.mkIf cfg.enable (lib.mkMerge [
sharedConfig
linuxConfig
darwinConfig
]);
config = lib.mkIf cfg.enable (
lib.mkMerge [
sharedConfig
linuxConfig
darwinConfig
]
);
}

62
modules/system/common/hercules.nix
View file

@ -1,49 +1,51 @@
{isLinux}: {
{ isLinux }:
{
config,
pkgs,
lib,
...
}: let
}:
let
options = {
common.hercules.enable = lib.mkEnableOption "Enables hercules-ci-agent with my configuration";
};
herculesUser =
if isLinux
then config.systemd.services.hercules-ci-agent.serviceConfig.User
else config.launchd.daemons.hercules-ci-agent.serviceConfig.UserName;
in {
if isLinux then
config.systemd.services.hercules-ci-agent.serviceConfig.User
else
config.launchd.daemons.hercules-ci-agent.serviceConfig.UserName;
in
{
_file = ./hercules.nix;
inherit options;
config =
lib.mkIf false
/*
config.common.hercules.enable
*/
{
age.secrets.hercules-token = {
file = ../../../secrets/hercules-token.age;
owner = herculesUser;
};
age.secrets.hercules-cache = {
file = ../../../secrets/hercules-cache.age;
owner = herculesUser;
};
age.secrets.hercules-secrets = {
file = ../../../secrets/hercules-secrets.age;
owner = herculesUser;
};
# config.common.hercules.enable
{
age.secrets.hercules-token = {
file = ../../../secrets/hercules-token.age;
owner = herculesUser;
};
age.secrets.hercules-cache = {
file = ../../../secrets/hercules-cache.age;
owner = herculesUser;
};
age.secrets.hercules-secrets = {
file = ../../../secrets/hercules-secrets.age;
owner = herculesUser;
};
services.hercules-ci-agent = {
enable = true;
settings = {
clusterJoinTokenPath = config.age.secrets.hercules-token.path;
concurrentTasks = lib.mkDefault 4;
binaryCachesPath = config.age.secrets.hercules-cache.path;
secretsJsonPath = config.age.secrets.hercules-secrets.path;
services.hercules-ci-agent = {
enable = true;
settings = {
clusterJoinTokenPath = config.age.secrets.hercules-token.path;
concurrentTasks = lib.mkDefault 4;
binaryCachesPath = config.age.secrets.hercules-cache.path;
secretsJsonPath = config.age.secrets.hercules-secrets.path;
};
};
};
};
}

17
modules/system/common/user.nix
View file

@ -1,24 +1,21 @@
{isLinux}: {
config,
lib,
...
}: let
{ isLinux }:
{ config, lib, ... }:
let
sharedConfig = {
settei.programs.podman.enable = true;
};
linuxConfig = lib.optionalAttrs isLinux {
boot.kernel.sysctl."kernel.yama.ptrace_scope" = 0;
};
linuxConfig = lib.optionalAttrs isLinux { boot.kernel.sysctl."kernel.yama.ptrace_scope" = 0; };
darwinConfig = lib.optionalAttrs (!isLinux) {};
darwinConfig = lib.optionalAttrs (!isLinux) { };
finalConfig = lib.mkMerge [
sharedConfig
linuxConfig
darwinConfig
];
in {
in
{
_file = ./user.nix;
config = lib.mkIf config.settei.user.enable finalConfig;

35
modules/system/default.nix
View file

@ -1,17 +1,22 @@
{ config, lib, ... }:
{
config,
lib,
...
}: {
flake = lib.genAttrs ["nixosModules" "darwinModules"] (attr: let
isLinux = lib.hasPrefix "nixos" attr;
in {
settei = import ./settei {
inherit (config) perInput;
inherit isLinux;
};
common = import ./common {
inherit isLinux;
};
});
flake =
lib.genAttrs
[
"nixosModules"
"darwinModules"
]
(
attr:
let
isLinux = lib.hasPrefix "nixos" attr;
in
{
settei = import ./settei {
inherit (config) perInput;
inherit isLinux;
};
common = import ./common { inherit isLinux; };
}
);
}

16
modules/system/settei/default.nix
View file

@ -2,25 +2,25 @@
perInput,
# TODO: Figure out a nicer way of doing this without infrec?
isLinux,
}: {
}:
{
lib,
pkgs,
config,
options,
...
}: {
}:
{
_file = ./default.nix;
imports = [
(import ./sane-defaults.nix {inherit isLinux;})
(import ./flake-qol.nix {inherit perInput;})
(import ./sane-defaults.nix { inherit isLinux; })
(import ./flake-qol.nix { inherit perInput; })
./user.nix
(import ./programs {inherit isLinux;})
(import ./programs { inherit isLinux; })
];
options.settei = with lib; {
username = mkOption {
type = types.str;
};
username = mkOption { type = types.str; };
};
}

24
modules/system/settei/flake-qol.nix
View file

@ -1,11 +1,14 @@
{perInput}: {
{ perInput }:
{
config,
lib,
pkgs,
...
}: let
}:
let
cfg = config.settei.flake-qol;
in {
in
{
_file = ./flake-qol.nix;
options.settei.flake-qol = with lib; {
@ -14,9 +17,7 @@ in {
type = types.bool;
default = true;
};
inputs = mkOption {
type = types.unspecified;
};
inputs = mkOption { type = types.unspecified; };
inputs-flakes = mkOption {
type = types.attrs;
readOnly = true;
@ -27,11 +28,10 @@ in {
};
};
config = let
reexportedArgs = lib.mkIf cfg.reexportAsArgs {
inherit (cfg) inputs inputs-flakes inputs';
};
in
config =
let
reexportedArgs = lib.mkIf cfg.reexportAsArgs { inherit (cfg) inputs inputs-flakes inputs'; };
in
lib.mkIf cfg.enable {
settei.flake-qol = {
inputs-flakes = lib.filterAttrs (_: input: input ? flake -> input.flake) cfg.inputs;
@ -42,7 +42,7 @@ in {
settei.user.extraArgs = reexportedArgs;
nix = {
registry = lib.mapAttrs (_: flake: {inherit flake;}) cfg.inputs-flakes;
registry = lib.mapAttrs (_: flake: { inherit flake; }) cfg.inputs-flakes;
nixPath = lib.mapAttrsToList (name: _: "${name}=flake:${name}") cfg.inputs-flakes;
};
};

7
modules/system/settei/programs/default.nix
View file

@ -1,7 +1,6 @@
{isLinux}: {
{ isLinux }:
{
_file = ./default.nix;
imports = [
(import ./podman.nix {inherit isLinux;})
];
imports = [ (import ./podman.nix { inherit isLinux; }) ];
}

15
modules/system/settei/programs/podman.nix
View file

@ -1,11 +1,13 @@
{isLinux}: {
{ isLinux }:
{
config,
lib,
pkgs,
...
}: let
}:
let
sharedConfig = {
environment.systemPackages = [pkgs.podman-compose];
environment.systemPackages = [ pkgs.podman-compose ];
};
linuxConfig = lib.optionalAttrs isLinux {
@ -16,16 +18,15 @@
};
};
darwinConfig = lib.optionalAttrs (!isLinux) {
environment.systemPackages = [pkgs.podman];
};
darwinConfig = lib.optionalAttrs (!isLinux) { environment.systemPackages = [ pkgs.podman ]; };
finalConfig = lib.mkMerge [
sharedConfig
linuxConfig
darwinConfig
];
in {
in
{
_file = ./podman.nix;
options.settei.programs.podman.enable = lib.mkEnableOption "Podman";

197
modules/system/settei/sane-defaults.nix
View file

@ -1,8 +1,6 @@
{isLinux}: {
config,
lib,
...
} @ args: let
{ isLinux }:
{ config, lib, ... }@args:
let
cfg = config.settei.sane-defaults;
inherit (config.settei) username;
@ -11,7 +9,7 @@
enable = mkEnableOption "Personal sane defaults (but they should make sense for anyone)";
allSshKeys = mkOption {
type = types.attrsOf types.singleLineStr;
default = {};
default = { };
};
tailnet = mkOption {
type = types.nullOr types.str;
@ -20,98 +18,108 @@
};
};
sharedConfig = let
adminNeedsPassword = isLinux -> config.security.sudo.wheelNeedsPassword;
in {
_module.args = {
username = lib.mkDefault username;
};
# FIXME: Move to common
services.tailscale.enable = true;
networking.hostName = lib.mkDefault (
args.configurationName
or (throw "pass configurationName to module arguments or set networking.hostName yourself")
);
# Flakes are unusable without git present so pull it into the environment by default
settei.user.config.programs.git.enable = lib.mkDefault true;
# FIXME: Move to common
users.users.${username}.openssh.authorizedKeys.keys = let
configName' =
args.configurationName
or (throw "pass configurationName to module arguments or set users.users.${username}.openssh.authorizedKeys yourself");
filteredKeys = lib.filterAttrs (name: _: name != configName') cfg.allSshKeys;
sharedConfig =
let
adminNeedsPassword = isLinux -> config.security.sudo.wheelNeedsPassword;
in
lib.mkDefault (lib.attrValues filteredKeys);
{
_module.args = {
username = lib.mkDefault username;
};
nix = {
settings = {
experimental-features = ["nix-command" "flakes" "repl-flake" "auto-allocate-uids"];
trusted-users = lib.optionals (!adminNeedsPassword) [username];
auto-allocate-uids = true;
extra-substituters = [
"https://hyprland.cachix.org"
"https://cache.garnix.io"
"https://nix-community.cachix.org"
"https://hercules-ci.cachix.org"
"https://nrabulinski.cachix.org"
"https://cache.nrab.lol"
];
extra-trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0="
"nrabulinski.cachix.org-1:Q5FD7+1c68uH74CQK66UWNzxhanZW8xcg1LFXxGK8ic="
"cache.nrab.lol-1:CJl1TouOyuJ1Xh4tZSXLwm3Upt06HzUNZmeyuEB9EZg="
];
# FIXME: Move to common
services.tailscale.enable = true;
networking.hostName = lib.mkDefault (
args.configurationName
or (throw "pass configurationName to module arguments or set networking.hostName yourself")
);
# Flakes are unusable without git present so pull it into the environment by default
settei.user.config.programs.git.enable = lib.mkDefault true;
# FIXME: Move to common
users.users.${username}.openssh.authorizedKeys.keys =
let
configName' =
args.configurationName
or (throw "pass configurationName to module arguments or set users.users.${username}.openssh.authorizedKeys yourself"
);
filteredKeys = lib.filterAttrs (name: _: name != configName') cfg.allSshKeys;
in
lib.mkDefault (lib.attrValues filteredKeys);
nix = {
settings = {
experimental-features = [
"nix-command"
"flakes"
"repl-flake"
"auto-allocate-uids"
];
trusted-users = lib.optionals (!adminNeedsPassword) [ username ];
auto-allocate-uids = true;
extra-substituters = [
"https://hyprland.cachix.org"
"https://cache.garnix.io"
"https://nix-community.cachix.org"
"https://hercules-ci.cachix.org"
"https://nrabulinski.cachix.org"
"https://cache.nrab.lol"
];
extra-trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0="
"nrabulinski.cachix.org-1:Q5FD7+1c68uH74CQK66UWNzxhanZW8xcg1LFXxGK8ic="
"cache.nrab.lol-1:CJl1TouOyuJ1Xh4tZSXLwm3Upt06HzUNZmeyuEB9EZg="
];
};
};
};
};
linuxConfig = lib.optionalAttrs isLinux (let
nmEnabled = config.networking.networkmanager.enable;
in {
hardware.enableRedistributableFirmware = true;
linuxConfig = lib.optionalAttrs isLinux (
let
nmEnabled = config.networking.networkmanager.enable;
in
{
hardware.enableRedistributableFirmware = true;
services.openssh.enable = true;
programs.mosh.enable = lib.mkDefault true;
programs.git.enable = lib.mkDefault true;
services.openssh.enable = true;
programs.mosh.enable = lib.mkDefault true;
programs.git.enable = lib.mkDefault true;
users = {
mutableUsers = false;
users.${username} = {
isNormalUser = true;
home = "/home/${username}";
group = username;
extraGroups = ["wheel"];
users = {
mutableUsers = false;
users.${username} = {
isNormalUser = true;
home = "/home/${username}";
group = username;
extraGroups = [ "wheel" ];
};
groups.${username} = { };
};
groups.${username} = {};
};
# TODO: Actually this should be extraRules which makes wheel users without any password set
# be able to use sudo with no password
security.sudo.wheelNeedsPassword = false;
# TODO: Actually this should be extraRules which makes wheel users without any password set
# be able to use sudo with no password
security.sudo.wheelNeedsPassword = false;
# When NetworkManager isn't in use, add tailscale DNS address manually
# FIXME: Move to common
networking = lib.mkIf (!nmEnabled && config.services.tailscale.enable && cfg.tailnet != null) {
nameservers = [
"100.100.100.100"
"1.1.1.1"
"1.0.0.1"
];
search = [cfg.tailnet];
};
# When NetworkManager isn't in use, add tailscale DNS address manually
# FIXME: Move to common
networking = lib.mkIf (!nmEnabled && config.services.tailscale.enable && cfg.tailnet != null) {
nameservers = [
"100.100.100.100"
"1.1.1.1"
"1.0.0.1"
];
search = [ cfg.tailnet ];
};
# NetworkManager probably means desktop system so we don't want to slow down boot times
systemd.services = lib.mkIf nmEnabled {
NetworkManager-wait-online.enable = false;
};
});
# NetworkManager probably means desktop system so we don't want to slow down boot times
systemd.services = lib.mkIf nmEnabled { NetworkManager-wait-online.enable = false; };
}
);
darwinConfig = lib.optionalAttrs (!isLinux) {
services.nix-daemon.enable = true;
@ -120,14 +128,17 @@
users.users.${username}.home = "/Users/${username}";
};
in {
in
{
_file = ./sane-defaults.nix;
inherit options;
config = lib.mkIf config.settei.sane-defaults.enable (lib.mkMerge [
sharedConfig
linuxConfig
darwinConfig
]);
config = lib.mkIf config.settei.sane-defaults.enable (
lib.mkMerge [
sharedConfig
linuxConfig
darwinConfig
]
);
}

71
modules/system/settei/user.nix
View file

@ -3,59 +3,62 @@
options,
lib,
...
} @ args: let
}@args:
let
hasHomeManager = options ? home-manager;
cfg = config.settei.user;
inherit (config.settei) username;
in {
in
{
_file = ./user.nix;
options.settei.user = with lib; {
enable = mkEnableOption "User-specific configuration";
config = mkOption {
type = types.deferredModule;
default = {};
default = { };
};
extraArgs = mkOption {
type = types.attrs;
default = {};
default = { };
};
};
config = let
hmConfig = lib.optionalAttrs hasHomeManager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs =
{
config =
let
hmConfig = lib.optionalAttrs hasHomeManager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = {
inherit (args) inputs inputs';
}
// cfg.extraArgs;
} // cfg.extraArgs;
home-manager.users.${username} = {
_file = ./user.nix;
home-manager.users.${username} = {
_file = ./user.nix;
imports = [cfg.config];
imports = [ cfg.config ];
home = {
inherit username;
homeDirectory = config.users.users.${username}.home;
stateVersion = "22.05";
home = {
inherit username;
homeDirectory = config.users.users.${username}.home;
stateVersion = "22.05";
};
programs.home-manager.enable = true;
};
programs.home-manager.enable = true;
};
};
in
lib.mkIf cfg.enable (lib.mkMerge [
{
assertions = [
{
assertion = hasHomeManager;
message = "Home-manager module has to be imported before enabling settei.user";
}
];
}
hmConfig
]);
in
lib.mkIf cfg.enable (
lib.mkMerge [
{
assertions = [
{
assertion = hasHomeManager;
message = "Home-manager module has to be imported before enabling settei.user";
}
];
}
hmConfig
]
);
}