Refactored modules, updated flake, added ci effects, and more.

Settei modules now should be reusable by others. Started migrating legion (home server) over to the new config. Added initial setup for hercules-ci. Updated all flake inputs.
2023-09-16 17:18:17 +02:00 · 2023-09-16 17:18:17 +02:00 · ef44ff6943
commit ef44ff6943
parent ee7223ca36
15 changed files with 466 additions and 169 deletions
--- a/modules/nixos/settei/default.nix
+++ b/modules/nixos/settei/default.nix
@ -3,9 +3,12 @@
  config,
  ...
 }: {
+  _file = ./default.nix;
+
  imports = [
    ./sane-defaults.nix
    (import ./flake-qol.nix {inherit perInput;})
+    ./user.nix
  ];

  options.settei = with lib; {
--- a/modules/nixos/settei/flake-qol.nix
+++ b/modules/nixos/settei/flake-qol.nix
@ -9,7 +9,7 @@ in {
  _file = ./flake-qol.nix;

  options.settei.flake-qol = with lib; {
-    enable = lib.mkEnableOption "QoL defaults when using flakes";
+    enable = mkEnableOption "QoL defaults when using flakes";
    reexportAsArgs = mkOption {
      type = types.bool;
      default = true;
@ -27,19 +27,23 @@ in {
    };
  };

-  config = lib.mkIf cfg.enable {
-    settei.flake-qol = {
-      inputs-flakes = lib.filterAttrs (_: input: input ? flake -> input.flake) cfg.inputs;
-      inputs' = lib.mapAttrs (_: perInput pkgs.stdenv.system) cfg.inputs-flakes;
-    };
-
-    _module.args = lib.mkIf cfg.reexportAsArgs {
+  config = let
+    reexportedArgs = lib.mkIf cfg.reexportAsArgs {
      inherit (cfg) inputs inputs-flakes inputs';
    };
+  in
+    lib.mkIf cfg.enable {
+      settei.flake-qol = {
+        inputs-flakes = lib.filterAttrs (_: input: input ? flake -> input.flake) cfg.inputs;
+        inputs' = lib.mapAttrs (_: perInput pkgs.stdenv.system) cfg.inputs-flakes;
+      };

-    nix = {
-      registry = lib.mapAttrs (_: flake: {inherit flake;}) cfg.inputs-flakes;
-      nixPath = map (name: "${name}=flake:${name}") (lib.attrNames cfg.inputs-flakes);
+      _module.args = reexportedArgs;
+      settei.user.extraArgs = reexportedArgs;
+
+      nix = {
+        registry = lib.mapAttrs (_: flake: {inherit flake;}) cfg.inputs-flakes;
+        nixPath = map (name: "${name}=flake:${name}") (lib.attrNames cfg.inputs-flakes);
+      };
    };
-  };
 }
--- a/modules/nixos/settei/sane-defaults.nix
+++ b/modules/nixos/settei/sane-defaults.nix
@ -1,3 +1,6 @@
+# This module is supposed to be a reusable set of options you probably would want to set anyway
+#
+# Other default options which don't necessairly make sense for other people go into hosts/default.nix
 {
  lib,
  config,
@ -5,18 +8,28 @@
 } @ args: {
  _file = ./sane-defaults.nix;

-  options.settei.sane-defaults = {
-    enable = lib.mkEnableOption "Personal sane defaults";
+  options.settei.sane-defaults = with lib; {
+    enable = mkEnableOption "Personal sane defaults (but they should make sense for anyone)";
+    allSshKeys = mkOption {
+      type = types.attrsOf types.singleLineStr;
+      default = {};
+    };
  };

  config = lib.mkIf config.settei.sane-defaults.enable (let
    cfg = config.settei;
    inherit (cfg) username;
+    configName = optionName:
+      args.configurationName
+      or (throw "pass configurationName to module arguments or set ${optionName} yourself");
  in {
    _module.args = {
      username = lib.mkDefault username;
    };

+    # https://github.com/NixOS/nixpkgs/issues/254807
+    boot.swraid.enable = false;
+
    hardware.enableRedistributableFirmware = true;

    services.openssh.enable = true;
@ -30,20 +43,23 @@
        home = "/home/${username}";
        group = username;
        extraGroups = ["wheel"];
+        openssh.authorizedKeys.keys = let
+          filteredKeys = let
+            configName' = configName "users.users.${username}.openssh.authorizedKeys";
+          in
+            lib.filterAttrs (name: _: name != configName') cfg.sane-defaults.allSshKeys;
+        in
+          lib.mkDefault (lib.attrValues filteredKeys);
      };
      groups.${username} = {};
    };

-    networking.hostName = lib.mkDefault (
-      args.configurationName
-      or (throw "pass configurationName to module arguments or set networking.hostName yourself")
-    );
-    time.timeZone = lib.mkDefault "Europe/Warsaw";
+    networking.hostName = lib.mkDefault (configName "networking.hostName");

    nix = {
      settings = {
        experimental-features = ["nix-command" "flakes" "repl-flake" "auto-allocate-uids"];
-        trusted-users = [username];
+        trusted-users = lib.optionals (!config.security.sudo.wheelNeedsPassword) [username];
        auto-allocate-uids = true;
        extra-substituters = [
          "https://hyprland.cachix.org"
--- a/modules/nixos/settei/user.nix
+++ b/modules/nixos/settei/user.nix
@ -0,0 +1,53 @@
+{
+  config,
+  options,
+  lib,
+  ...
+}: let
+  hasHomeManager = options ? home-manager;
+  cfg = config.settei.user;
+  inherit (config.settei) username;
+in {
+  _file = ./user.nix;
+
+  options.settei.user = with lib; {
+    enable = mkEnableOption "User-specific configuration";
+    config = mkOption {
+      type = types.deferredModule;
+      default = {};
+    };
+    extraArgs = mkOption {
+      type = types.attrs;
+      default = {};
+    };
+  };
+
+  config = let
+    hmConfig = lib.optionalAttrs hasHomeManager {
+      home-manager.useGlobalPkgs = true;
+      home-manager.useUserPackages = true;
+      home-manager.extraSpecialArgs = cfg.extraArgs;
+
+      home-manager.users.${username} = {
+        imports = [cfg.config];
+
+        home = {
+          inherit username;
+          homeDirectory = config.users.users.${username}.home;
+          stateVersion = config.system.stateVersion;
+        };
+
+        programs.home-manager.enable = true;
+      };
+    };
+  in
+    lib.mkIf cfg.enable ({
+        assertions = [
+          {
+            assertion = hasHomeManager;
+            message = "Home-manager module has to be imported before enabling settei.user";
+          }
+        ];
+      }
+      // hmConfig);
+}