diff --git a/effects.nix b/effects.nix new file mode 100644 index 0000000..9ca8b80 --- /dev/null +++ b/effects.nix @@ -0,0 +1,5 @@ +{ + hercules-ci = { + flake-update.enable = true; + }; +} diff --git a/flake.lock b/flake.lock index 2c31434..a50c369 100644 --- a/flake.lock +++ b/flake.lock @@ -3,7 +3,7 @@ "agenix": { "inputs": { "darwin": [ - "darwin" + "darwin-old-for-agenix" ], "home-manager": [ "home-manager" @@ -13,11 +13,11 @@ ] }, "locked": { - "lastModified": 1690228878, - "narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=", + "lastModified": 1694793763, + "narHash": "sha256-y6gTE1C9mIoSkymRYyzCmv62PFgy+hbZ5j8fuiQK5KI=", "owner": "ryantm", "repo": "agenix", - "rev": "d8c973fd228949736dedf61b7f8cc1ece3236792", + "rev": "572baca9b0c592f71982fca0790db4ce311e3c75", "type": "github" }, "original": { @@ -26,24 +26,6 @@ "type": "github" } }, - "base16": { - "inputs": { - "fromYaml": "fromYaml" - }, - "locked": { - "lastModified": 1689633990, - "narHash": "sha256-iwvQg2Vx0IIDWZaKo8Xmzxlv1YPHg+Kp/QSv8dRv0RY=", - "owner": "SenchoPens", - "repo": "base16.nix", - "rev": "dddf2e1c04845d43c89a8e9e37d574519649a404", - "type": "github" - }, - "original": { - "owner": "SenchoPens", - "repo": "base16.nix", - "type": "github" - } - }, "blobs": { "flake": false, "locked": { @@ -67,11 +49,11 @@ ] }, "locked": { - "lastModified": 1692248770, - "narHash": "sha256-tZeFpETKQGbgnaSIO1AGWD27IyTcBm4D+A9d7ulQ4NM=", + "lastModified": 1694497842, + "narHash": "sha256-z03v/m0OwcLBok97KcUgMl8ZFw5Xwsi2z+n6nL7JdXY=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "511177ffe8226c78c9cf6a92a7b5f2df3684956b", + "rev": "4496ab26628c5f43d2a5c577a06683c753e32fe2", "type": "github" }, "original": { @@ -80,6 +62,25 @@ "type": "github" } }, + "darwin-old-for-agenix": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1689065945, + "narHash": "sha256-0LICmtzO3nkbeRCYdkzHCnEVjldSFiHMG56uA/W2BAE=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "22620845fee1cc16f4ea639509c50fd989ccc1ce", + "type": "github" + }, + "original": { + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "22620845fee1cc16f4ea639509c50fd989ccc1ce", + "type": "github" + } + }, "deploy-rs": { "inputs": { "flake-compat": "flake-compat", @@ -89,11 +90,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1686747123, - "narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=", + "lastModified": 1694513707, + "narHash": "sha256-wE5kHco3+FQjc+MwTPwLVqYz4hM7uno2CgXDXUFMCpc=", "owner": "serokell", "repo": "deploy-rs", - "rev": "724463b5a94daa810abfc64a4f87faef4e00f984", + "rev": "31c32fb2959103a796e07bbe47e0a5e287c343a8", "type": "github" }, "original": { @@ -109,11 +110,11 @@ ] }, "locked": { - "lastModified": 1693189188, - "narHash": "sha256-o6otfsB/ecudboYFwiCeL49BX3/8vRC/XUZTgkaDx54=", + "lastModified": 1694763556, + "narHash": "sha256-csMoysn8NrVAaPuhAB64nRd4CeH+yXEdFcYf04vFfw0=", "owner": "nix-community", "repo": "disko", - "rev": "00169fe4a6015a88c3799f0bf89689e06a4d4896", + "rev": "8aa6ec5ff220f1d9749d636dbeb46ec929f112dc", "type": "github" }, "original": { @@ -154,22 +155,6 @@ "type": "github" } }, - "flake-compat_3": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -177,11 +162,11 @@ ] }, "locked": { - "lastModified": 1690933134, - "narHash": "sha256-ab989mN63fQZBFrkk4Q8bYxQCktuHmBIBqUG1jl6/FQ=", + "lastModified": 1693611461, + "narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "59cf3f1447cfc75087e7273b04b31e689a8599fb", + "rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca", "type": "github" }, "original": { @@ -190,19 +175,84 @@ "type": "github" } }, - "fromYaml": { - "flake": false, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "hercules-ci-effects", + "hercules-ci-agent", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1689549921, - "narHash": "sha256-iX0pk/uB019TdBGlaJEWvBCfydT6sRq+eDcGPifVsCM=", - "owner": "SenchoPens", - "repo": "fromYaml", - "rev": "11fbbbfb32e3289d3c631e0134a23854e7865c84", + "lastModified": 1688466019, + "narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec", "type": "github" }, "original": { - "owner": "SenchoPens", - "repo": "fromYaml", + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "haskell-flake": { + "locked": { + "lastModified": 1684780604, + "narHash": "sha256-2uMZsewmRn7rRtAnnQNw1lj0uZBMh4m6Cs/7dV5YF08=", + "owner": "srid", + "repo": "haskell-flake", + "rev": "74210fa80a49f1b6f67223debdbf1494596ff9f2", + "type": "github" + }, + "original": { + "owner": "srid", + "ref": "0.3.0", + "repo": "haskell-flake", + "type": "github" + } + }, + "hercules-ci-agent": { + "inputs": { + "flake-parts": "flake-parts_2", + "haskell-flake": "haskell-flake", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1688568579, + "narHash": "sha256-ON0M56wtY/TIIGPkXDlJboAmuYwc73Hi8X9iJGtxOhM=", + "owner": "hercules-ci", + "repo": "hercules-ci-agent", + "rev": "367dd8cd649b57009a6502e878005a1e54ad78c5", + "type": "github" + }, + "original": { + "id": "hercules-ci-agent", + "type": "indirect" + } + }, + "hercules-ci-effects": { + "inputs": { + "flake-parts": [ + "flake-parts" + ], + "hercules-ci-agent": "hercules-ci-agent", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1689397210, + "narHash": "sha256-fVxZnqxMbsDkB4GzGAs/B41K0wt/e+B/fLxmTFF/S20=", + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "rev": "0a63bfa3f00a3775ea3a6722b247880f1ffe91ce", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "hercules-ci-effects", "type": "github" } }, @@ -213,11 +263,11 @@ ] }, "locked": { - "lastModified": 1693399033, - "narHash": "sha256-yXhiMo8MnE86sGtPIHAKaLHhmhe8v9tqGGotlUgKJvY=", + "lastModified": 1694643239, + "narHash": "sha256-pv2k/5FvyirDE8g4TNehzwZ0T4UOMMmqWSQnM/luRtE=", "owner": "nix-community", "repo": "home-manager", - "rev": "f5c15668f9842dd4d5430787d6aa8a28a07f7c10", + "rev": "d9b88b43524db1591fb3d9410a21428198d75d49", "type": "github" }, "original": { @@ -256,7 +306,7 @@ "flake-parts": [ "flake-parts" ], - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1690830552, @@ -274,18 +324,15 @@ }, "nixpkgs": { "locked": { - "lastModified": 1690753480, - "narHash": "sha256-GQgPs8fCh/LsyQoYMUZgT2p7jFVWyHu9p+1Nl/dp8GY=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "9e06dd56947c1dc3dc837c3149bfe02c71a6edd7", - "type": "github" + "lastModified": 1687274257, + "narHash": "sha256-TutzPriQcZ8FghDhEolnHcYU2oHIG5XWF+/SUBNnAOE=", + "path": "/nix/store/22qgs3skscd9bmrxv9xv4q5d4wwm5ppx-source", + "rev": "2c9ecd1f0400076a4d6b2193ad468ff0a7e7fdc5", + "type": "path" }, "original": { - "owner": "nixos", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" + "id": "nixpkgs", + "type": "indirect" } }, "nixpkgs-22_11": { @@ -320,11 +367,43 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1693355128, - "narHash": "sha256-+ZoAny3ZxLcfMaUoLVgL9Ywb/57wP+EtsdNGuXUJrwg=", + "lastModified": 1688322751, + "narHash": "sha256-eW62dC5f33oKZL7VWlomttbUnOTHrAbte9yNUNW8rbk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0fbe93c5a7cac99f90b60bdf5f149383daaa615f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1690753480, + "narHash": "sha256-GQgPs8fCh/LsyQoYMUZgT2p7jFVWyHu9p+1Nl/dp8GY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a63a64b593dcf2fe05f7c5d666eb395950f36bc9", + "rev": "9e06dd56947c1dc3dc837c3149bfe02c71a6edd7", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1694760568, + "narHash": "sha256-3G07BiXrp2YQKxdcdms22MUx6spc6A++MSePtatCYuI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "46688f8eb5cd6f1298d873d4d2b9cf245e09e88e", "type": "github" }, "original": { @@ -358,44 +437,20 @@ "inputs": { "agenix": "agenix", "darwin": "darwin", + "darwin-old-for-agenix": "darwin-old-for-agenix", "deploy-rs": "deploy-rs", "disko": "disko", "flake-parts": "flake-parts", + "hercules-ci-effects": "hercules-ci-effects", "home-manager": "home-manager", "mailserver": "mailserver", "niko-nur": "niko-nur", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_4", "racket": "racket", - "stylix": "stylix", "wrapper-manager": "wrapper-manager", "wrapper-manager-hm-compat": "wrapper-manager-hm-compat" } }, - "stylix": { - "inputs": { - "base16": "base16", - "flake-compat": "flake-compat_3", - "home-manager": [ - "home-manager" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1691942466, - "narHash": "sha256-bK6FFbsKtyLKJLwgHerWp/EMMoWqE0UJk0KEbgYICbY=", - "owner": "danth", - "repo": "stylix", - "rev": "beb35709c9a769a5f279d3177af778a15dcbda46", - "type": "github" - }, - "original": { - "owner": "danth", - "repo": "stylix", - "type": "github" - } - }, "utils": { "locked": { "lastModified": 1667395993, diff --git a/flake.nix b/flake.nix index f9c4388..36e4312 100644 --- a/flake.nix +++ b/flake.nix @@ -8,11 +8,14 @@ ]; imports = [ + inputs.hercules-ci-effects.flakeModule + ./assets ./hosts ./modules ./wrappers ./deploy.nix + ./effects.nix ]; perSystem = { @@ -21,7 +24,10 @@ ... }: { devShells.default = pkgs.mkShellNoCC { - packages = [inputs'.deploy-rs.packages.deploy-rs inputs'.agenix.packages.agenix]; + packages = [ + inputs'.deploy-rs.packages.deploy-rs + inputs'.agenix.packages.agenix + ]; }; formatter = pkgs.alejandra; @@ -58,11 +64,13 @@ url = "github:lnl7/nix-darwin"; inputs.nixpkgs.follows = "nixpkgs"; }; + # agenix checks fail because of https://github.com/LnL7/nix-darwin/pull/687 + darwin-old-for-agenix.url = "github:lnl7/nix-darwin/22620845fee1cc16f4ea639509c50fd989ccc1ce"; agenix = { url = "github:ryantm/agenix"; inputs = { nixpkgs.follows = "nixpkgs"; - darwin.follows = "darwin"; + darwin.follows = "darwin-old-for-agenix"; home-manager.follows = "home-manager"; }; }; @@ -81,17 +89,22 @@ home-manager.follows = "home-manager"; }; }; - stylix = { - url = "github:danth/stylix"; - inputs = { - nixpkgs.follows = "nixpkgs"; - home-manager.follows = "home-manager"; - }; - }; + # stylix = { + # url = "github:danth/stylix"; + # inputs = { + # nixpkgs.follows = "nixpkgs"; + # home-manager.follows = "home-manager"; + # }; + # }; racket = { url = "github:nrabulinski/racket.nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + hercules-ci-effects = { + url = "github:hercules-ci/hercules-ci-effects"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-parts.follows = "flake-parts"; + }; }; nixConfig = { diff --git a/hosts/default.nix b/hosts/default.nix index f4d1d4a..4dcf82e 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -7,50 +7,53 @@ }: { builders = { nixos = name: module: let - combinedInputs = inputs // {settei = self;}; - baseOptions = { - settei.flake-qol = { - enable = true; - inputs = combinedInputs; - }; - }; - base = inputs.nixpkgs.lib.nixosSystem { - modules = [ - inputs.agenix.nixosModules.age - inputs.disko.nixosModules.disko - inputs.mailserver.nixosModules.default - self.nixosModules.settei - baseOptions - ]; - }; defaultOptions = { username, inputs', lib, ... }: { + _file = ./default.nix; + settei = { username = lib.mkDefault "niko"; - sane-defaults.enable = lib.mkDefault true; + sane-defaults = { + enable = lib.mkDefault true; + allSshKeys = config.assets.sshKeys.user; + }; + flake-qol = { + enable = true; + inputs = inputs // {settei = self;}; + }; + user = { + enable = true; + config = { + home.packages = lib.attrValues inputs'.settei.packages; + }; + }; }; - users.users.${username}.packages = lib.attrValues inputs'.settei.packages; + time.timeZone = lib.mkDefault "Europe/Warsaw"; + i18n.defaultLocale = lib.mkDefault "en_US.UTF-8"; }; in - base.extendModules { + inputs.nixpkgs.lib.nixosSystem { modules = [ + inputs.agenix.nixosModules.age + inputs.disko.nixosModules.disko + inputs.mailserver.nixosModules.default + inputs.home-manager.nixosModules.home-manager + self.nixosModules.settei defaultOptions module ]; - specialArgs = { - prev = base; - configurationName = name; - }; + specialArgs.configurationName = name; }; }; imports = [ ./kazuki ./hijiri-vm + # ./legion ]; } diff --git a/hosts/hijiri-vm/default.nix b/hosts/hijiri-vm/default.nix index 7188af5..7a7681f 100644 --- a/hosts/hijiri-vm/default.nix +++ b/hosts/hijiri-vm/default.nix @@ -10,23 +10,17 @@ username, ... }: { - _file = ./default.nix; - imports = [ "${modulesPath}/profiles/qemu-guest.nix" ./disks.nix ]; - boot = { - supportedFilesystems = ["btrfs"]; - loader.systemd-boot.enable = true; - loader.systemd-boot.configurationLimit = 1; - loader.efi.canTouchEfiVariables = true; - }; nixpkgs.system = "aarch64-linux"; - users.users.${username} = { - openssh.authorizedKeys.keys = lib.attrValues config.assets.sshKeys.user; + boot = { + loader.systemd-boot.enable = true; + loader.systemd-boot.configurationLimit = 1; + loader.efi.canTouchEfiVariables = true; }; networking.domain = "hijiri"; diff --git a/hosts/kazuki/default.nix b/hosts/kazuki/default.nix index 46d8c8e..1b915f2 100644 --- a/hosts/kazuki/default.nix +++ b/hosts/kazuki/default.nix @@ -6,7 +6,6 @@ configurations.nixos.kazuki = { modulesPath, lib, - username, ... }: { imports = [ @@ -20,10 +19,7 @@ nixpkgs.system = "aarch64-linux"; - users.users.${username}.openssh.authorizedKeys.keys = lib.attrValues config.assets.sshKeys.user; - boot = { - supportedFilesystems = ["btrfs"]; loader.systemd-boot.enable = true; loader.systemd-boot.configurationLimit = 1; loader.efi.canTouchEfiVariables = true; diff --git a/hosts/legion/default.nix b/hosts/legion/default.nix new file mode 100644 index 0000000..bec2483 --- /dev/null +++ b/hosts/legion/default.nix @@ -0,0 +1,36 @@ +{config, ...}: let + inherit (config.assets) sshKeys; +in { + configurations.nixos.legion = { + config, + lib, + ... + }: { + imports = [ + ./hardware.nix + # ./disks.nix + ]; + + nixpkgs.system = "x86_64-linux"; + + specialisation = { + nas.configuration = ./nas; + }; + + boot = { + kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + }; + + networking = { + hostName = "legion"; + hostId = builtins.substring 0 8 (builtins.readFile ./machine-id); + networkmanager.enable = true; + useDHCP = true; + firewall.trustedInterfaces = ["tailscale0"]; + }; + + powerManagement.cpuFreqGovernor = "performance"; + }; +} diff --git a/hosts/legion/disks.nix b/hosts/legion/disks.nix new file mode 100644 index 0000000..1589606 --- /dev/null +++ b/hosts/legion/disks.nix @@ -0,0 +1,10 @@ +args: let + bootDevice = args.bootDevice or "/dev/nvme0n1"; +in { + assertions = [ + { + assertion = false; + message = "Disko config TODO"; + } + ]; +} diff --git a/hosts/legion/hardware.nix b/hosts/legion/hardware.nix new file mode 100644 index 0000000..756a876 --- /dev/null +++ b/hosts/legion/hardware.nix @@ -0,0 +1,58 @@ +{...}: { + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "uas"]; + boot.extraModulePackages = with config.boot.kernelPackages; [acpi_call]; + boot.kernelModules = ["kvm-intel" "i2c-dev" "acpi_call"]; + boot.blacklistedKernelModules = ["nouveau"]; + + hardware = { + enableAllFirmware = true; + cpu.intel.updateMicrocode = true; + }; + + services.smartd.enable = true; + + # TODO: Move to disko only + # TODO: Actually set up impermanence + boot.supportedFilesystems = ["btrfs"]; + boot.initrd.luks.devices."enc".device = "/dev/disk/by-label/LUKS"; + + fileSystems."/" = { + device = "/dev/disk/by-label/LINUX"; + fsType = "btrfs"; + options = ["subvol=root" "compress=zstd" "noatime"]; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-label/LINUX"; + fsType = "btrfs"; + options = ["subvol=home" "compress=zstd" "noatime"]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-label/LINUX"; + fsType = "btrfs"; + options = ["subvol=nix" "compress=zstd" "noatime"]; + }; + + fileSystems."/persist" = { + device = "/dev/disk/by-label/LINUX"; + fsType = "btrfs"; + options = ["subvol=persist" "compress=zstd" "noatime"]; + }; + + fileSystems."/var/log" = { + device = "/dev/disk/by-label/LINUX"; + fsType = "btrfs"; + options = ["subvol=log" "compress=zstd" "noatime"]; + neededForBoot = true; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-label/BOOT"; + fsType = "vfat"; + }; + + swapDevices = [ + {device = "/dev/disk/by-label/SWAP";} + ]; +} diff --git a/hosts/legion/nas/default.nix b/hosts/legion/nas/default.nix new file mode 100644 index 0000000..426b69a --- /dev/null +++ b/hosts/legion/nas/default.nix @@ -0,0 +1,33 @@ +{ + pkgs, + username, + ... +}: { + imports = [ + ./media.nix + ]; + + boot.supportedFilesystems = ["zfs"]; + + boot.zfs.extraPools = ["yottapool"]; + services.zfs = { + autoScrub.enable = true; + zed.settings = { + ZED_DEBUG_LOG = "/tmp/zed.debug.log"; + ZED_EMAIL_ADDR = [username]; + ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp"; + ZED_EMAIL_OPTS = "@ADDRESS@"; + + ZED_NOTIFY_INTERVAL_SECS = 3600; + ZED_NOTIFY_VERBOSE = true; + + ZED_USE_ENCLOSURE_LEDS = true; + ZED_SCRUB_AFTER_RESILVER = true; + }; + }; + + fileSystems."/nix-cache" = { + device = "/dev/disk/by-label/CACHE"; + fsType = "ext4"; + }; +} diff --git a/hosts/legion/nas/media.nix b/hosts/legion/nas/media.nix new file mode 100644 index 0000000..65c05ed --- /dev/null +++ b/hosts/legion/nas/media.nix @@ -0,0 +1,18 @@ +{ + services.jellyfin.enable = true; + services.radarr.enable = true; + services.sonarr.enable = true; + services.prowlarr.enable = true; + services.deluge = { + enable = true; + web.enable = true; + config.download_location = "/media/deluge"; + }; + + users.users = { + jellyfin.extraGroups = ["radarr" "sonarr"]; + radarr.extraGroups = ["deluge"]; + sonarr.extraGroups = ["deluge"]; + niko.extraGroups = ["deluge"]; + }; +} diff --git a/modules/nixos/settei/default.nix b/modules/nixos/settei/default.nix index c64aee7..7d6ee0f 100644 --- a/modules/nixos/settei/default.nix +++ b/modules/nixos/settei/default.nix @@ -3,9 +3,12 @@ config, ... }: { + _file = ./default.nix; + imports = [ ./sane-defaults.nix (import ./flake-qol.nix {inherit perInput;}) + ./user.nix ]; options.settei = with lib; { diff --git a/modules/nixos/settei/flake-qol.nix b/modules/nixos/settei/flake-qol.nix index 85f60d7..065dc89 100644 --- a/modules/nixos/settei/flake-qol.nix +++ b/modules/nixos/settei/flake-qol.nix @@ -9,7 +9,7 @@ in { _file = ./flake-qol.nix; options.settei.flake-qol = with lib; { - enable = lib.mkEnableOption "QoL defaults when using flakes"; + enable = mkEnableOption "QoL defaults when using flakes"; reexportAsArgs = mkOption { type = types.bool; default = true; @@ -27,19 +27,23 @@ in { }; }; - config = lib.mkIf cfg.enable { - settei.flake-qol = { - inputs-flakes = lib.filterAttrs (_: input: input ? flake -> input.flake) cfg.inputs; - inputs' = lib.mapAttrs (_: perInput pkgs.stdenv.system) cfg.inputs-flakes; - }; - - _module.args = lib.mkIf cfg.reexportAsArgs { + config = let + reexportedArgs = lib.mkIf cfg.reexportAsArgs { inherit (cfg) inputs inputs-flakes inputs'; }; + in + lib.mkIf cfg.enable { + settei.flake-qol = { + inputs-flakes = lib.filterAttrs (_: input: input ? flake -> input.flake) cfg.inputs; + inputs' = lib.mapAttrs (_: perInput pkgs.stdenv.system) cfg.inputs-flakes; + }; - nix = { - registry = lib.mapAttrs (_: flake: {inherit flake;}) cfg.inputs-flakes; - nixPath = map (name: "${name}=flake:${name}") (lib.attrNames cfg.inputs-flakes); + _module.args = reexportedArgs; + settei.user.extraArgs = reexportedArgs; + + nix = { + registry = lib.mapAttrs (_: flake: {inherit flake;}) cfg.inputs-flakes; + nixPath = map (name: "${name}=flake:${name}") (lib.attrNames cfg.inputs-flakes); + }; }; - }; } diff --git a/modules/nixos/settei/sane-defaults.nix b/modules/nixos/settei/sane-defaults.nix index 4d9f118..f3964c8 100644 --- a/modules/nixos/settei/sane-defaults.nix +++ b/modules/nixos/settei/sane-defaults.nix @@ -1,3 +1,6 @@ +# This module is supposed to be a reusable set of options you probably would want to set anyway +# +# Other default options which don't necessairly make sense for other people go into hosts/default.nix { lib, config, @@ -5,18 +8,28 @@ } @ args: { _file = ./sane-defaults.nix; - options.settei.sane-defaults = { - enable = lib.mkEnableOption "Personal sane defaults"; + options.settei.sane-defaults = with lib; { + enable = mkEnableOption "Personal sane defaults (but they should make sense for anyone)"; + allSshKeys = mkOption { + type = types.attrsOf types.singleLineStr; + default = {}; + }; }; config = lib.mkIf config.settei.sane-defaults.enable (let cfg = config.settei; inherit (cfg) username; + configName = optionName: + args.configurationName + or (throw "pass configurationName to module arguments or set ${optionName} yourself"); in { _module.args = { username = lib.mkDefault username; }; + # https://github.com/NixOS/nixpkgs/issues/254807 + boot.swraid.enable = false; + hardware.enableRedistributableFirmware = true; services.openssh.enable = true; @@ -30,20 +43,23 @@ home = "/home/${username}"; group = username; extraGroups = ["wheel"]; + openssh.authorizedKeys.keys = let + filteredKeys = let + configName' = configName "users.users.${username}.openssh.authorizedKeys"; + in + lib.filterAttrs (name: _: name != configName') cfg.sane-defaults.allSshKeys; + in + lib.mkDefault (lib.attrValues filteredKeys); }; groups.${username} = {}; }; - networking.hostName = lib.mkDefault ( - args.configurationName - or (throw "pass configurationName to module arguments or set networking.hostName yourself") - ); - time.timeZone = lib.mkDefault "Europe/Warsaw"; + networking.hostName = lib.mkDefault (configName "networking.hostName"); nix = { settings = { experimental-features = ["nix-command" "flakes" "repl-flake" "auto-allocate-uids"]; - trusted-users = [username]; + trusted-users = lib.optionals (!config.security.sudo.wheelNeedsPassword) [username]; auto-allocate-uids = true; extra-substituters = [ "https://hyprland.cachix.org" diff --git a/modules/nixos/settei/user.nix b/modules/nixos/settei/user.nix new file mode 100644 index 0000000..74850a0 --- /dev/null +++ b/modules/nixos/settei/user.nix @@ -0,0 +1,53 @@ +{ + config, + options, + lib, + ... +}: let + hasHomeManager = options ? home-manager; + cfg = config.settei.user; + inherit (config.settei) username; +in { + _file = ./user.nix; + + options.settei.user = with lib; { + enable = mkEnableOption "User-specific configuration"; + config = mkOption { + type = types.deferredModule; + default = {}; + }; + extraArgs = mkOption { + type = types.attrs; + default = {}; + }; + }; + + config = let + hmConfig = lib.optionalAttrs hasHomeManager { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.extraSpecialArgs = cfg.extraArgs; + + home-manager.users.${username} = { + imports = [cfg.config]; + + home = { + inherit username; + homeDirectory = config.users.users.${username}.home; + stateVersion = config.system.stateVersion; + }; + + programs.home-manager.enable = true; + }; + }; + in + lib.mkIf cfg.enable ({ + assertions = [ + { + assertion = hasHomeManager; + message = "Home-manager module has to be imported before enabling settei.user"; + } + ]; + } + // hmConfig); +}