nrabulinski/settei
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Migrated legion over. Started migrating hijiri

Browse source
This commit is contained in:
Nikodem Rabuliński 2023-09-20 09:47:17 +02:00
parent 31dd42d37d
commit f79b3d6ff7
No known key found for this signature in database
GPG key ID: FF629AA9E08138DB
40 changed files with 397 additions and 228 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/darwin/default.nix Normal file
View file

@ -0,0 +1,5 @@
{config, ...}: {
flake.darwinModules = {
settei = import ./settei {inherit (config) perInput;};
};
}

6
modules/darwin/settei/default.nix Normal file
View file

@ -0,0 +1,6 @@
{perInput}: {
imports = [
(import ../../shared/settei {inherit perInput;})
./sane-defaults.nix
];
}

17
modules/darwin/settei/sane-defaults.nix Normal file
View file

@ -0,0 +1,17 @@
# For sane-default options shared between NixOS and darwin, see modules/shared/settei/sane-defaults.nix
{
config,
lib,
username,
...
}: {
config = lib.mkIf config.settei.sane-defaults.enable {
services.nix-daemon.enable = true;
security.pam.enableSudoTouchIdAuth = true;
users.users.${username}.home = "/Users/${username}";
system.stateVersion = 4;
};
}

1
modules/default.nix
View file

@ -1,6 +1,7 @@
{
imports = [
./nixos
./darwin
./flake
];
}

21
modules/flake/configurations.nix
View file

@ -7,10 +7,8 @@
lib,
flake-parts-lib,
...
}: let
inherit (lib) mkOption mapAttrs;
inherit (flake-parts-lib) mkSubmoduleOptions;
in {
}:
with lib; {
_file = ./configurations.nix;
options = {
@ -18,37 +16,36 @@ in {
# Probably should hardly ever be overriden
builders = {
nixos = mkOption {
type = lib.types.functionTo lib.types.unspecified;
type = types.functionTo types.unspecified;
default = _name: nixpkgs.lib.nixosSystem;
};
darwin = mkOption {
type = lib.types.functionTo lib.types.unspecified;
type = types.functionTo types.unspecified;
default = _name: darwin.lib.darwinSystem;
};
home = mkOption {
type = lib.types.functionTo lib.types.unspecified;
type = types.functionTo types.unspecified;
default = _name: home-manager.lib.homeManagerConfiguration;
};
};
configurations = {
nixos = mkOption {
type = lib.types.unspecified;
type = types.attrsOf types.deferredModule;
default = {};
};
darwin = mkOption {
type = lib.types.unspecified;
type = types.attrsOf types.deferredModule;
default = {};
};
home = mkOption {
type = lib.types.unspecified;
type = types.attrsOf types.deferredModule;
default = {};
};
};
};
config.
flake = {
config.flake = {
nixosConfigurations =
mapAttrs
config.builders.nixos

32
modules/nixos/common/hercules.nix
View file

@ -1,6 +1,5 @@
{
config,
pkgs,
lib,
...
}: {
@ -8,19 +7,26 @@
options.common.hercules.enable = lib.mkEnableOption "Enables hercules-ci-agent with my configuration";
config = lib.mkIf config.common.hercules.enable {
age.secrets.hercules-token = {
file = ../../secrets/hercules-token.age;
owner = config.systemd.services.hercules-ci-agent.serviceConfig.User;
};
config = let
herculesUser = config.systemd.services.hercules-ci-agent.serviceConfig.User;
in
lib.mkIf config.common.hercules.enable {
age.secrets.hercules-token = {
file = ../../../secrets/hercules-token.age;
owner = herculesUser;
};
age.secrets.hercules-cache = {
file = ../../../secrets/hercules-cache.age;
owner = herculesUser;
};
services.hercules-ci-agent = {
enable = true;
settings = {
clusterJoinTokenPath = config.age.secrets.hercules-token.path;
concurrentTasks = lib.mkDefault 4;
binaryCachesPath = pkgs.writeText "empty-caches.json" "{}";
services.hercules-ci-agent = {
enable = true;
settings = {
clusterJoinTokenPath = config.age.secrets.hercules-token.path;
concurrentTasks = lib.mkDefault 4;
binaryCachesPath = config.age.secrets.hercules-cache.path;
};
};
};
};
}

15
modules/nixos/settei/default.nix
View file

@ -1,19 +1,6 @@
{perInput}: {
lib,
config,
...
}: {
_file = ./default.nix;
imports = [
(import ../../shared/settei {inherit perInput;})
./sane-defaults.nix
(import ./flake-qol.nix {inherit perInput;})
./user.nix
];
options.settei = with lib; {
username = mkOption {
type = types.str;
};
};
}

64
modules/nixos/settei/sane-defaults.nix
View file

@ -1,39 +1,19 @@
# This module is supposed to be a reusable set of options you probably would want to set anyway
#
# Other default options which don't necessairly make sense for other people go into hosts/default.nix
# For sane-default options shared between NixOS and darwin, see modules/shared/settei/sane-defaults.nix
{
lib,
config,
username,
lib,
...
} @ args: {
_file = ./sane-defaults.nix;
options.settei.sane-defaults = with lib; {
enable = mkEnableOption "Personal sane defaults (but they should make sense for anyone)";
allSshKeys = mkOption {
type = types.attrsOf types.singleLineStr;
default = {};
};
};
config = lib.mkIf config.settei.sane-defaults.enable (let
cfg = config.settei;
inherit (cfg) username;
configName = optionName:
args.configurationName
or (throw "pass configurationName to module arguments or set ${optionName} yourself");
in {
_module.args = {
username = lib.mkDefault username;
};
} @ args: let
cfg = config.settei.sane-defaults;
in {
config = lib.mkIf cfg.enable {
# https://github.com/NixOS/nixpkgs/issues/254807
boot.swraid.enable = false;
hardware.enableRedistributableFirmware = true;
services.openssh.enable = true;
services.tailscale.enable = true;
programs.mosh.enable = lib.mkDefault true;
users = {
@ -45,41 +25,21 @@
extraGroups = ["wheel"];
openssh.authorizedKeys.keys = let
filteredKeys = let
configName' = configName "users.users.${username}.openssh.authorizedKeys";
configName' =
args.configurationName
or (throw "pass configurationName to module arguments or set users.users.${username}.openssh.authorizedKeys yourself");
in
lib.filterAttrs (name: _: name != configName') cfg.sane-defaults.allSshKeys;
lib.filterAttrs (name: _: name != configName') cfg.allSshKeys;
in
lib.mkDefault (lib.attrValues filteredKeys);
};
groups.${username} = {};
};
networking.hostName = lib.mkDefault (configName "networking.hostName");
nix = {
settings = {
experimental-features = ["nix-command" "flakes" "repl-flake" "auto-allocate-uids"];
trusted-users = lib.optionals (!config.security.sudo.wheelNeedsPassword) [username];
auto-allocate-uids = true;
extra-substituters = [
"https://hyprland.cachix.org"
"https://cache.garnix.io"
"https://nix-community.cachix.org"
"https://hercules-ci.cachix.org"
];
trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0="
];
};
};
# TODO: Actually this should be extraRules which makes wheel users without any password set
# be able to use sudo with no password
security.sudo.wheelNeedsPassword = false;
system.stateVersion = "22.05";
});
};
}

19
modules/shared/settei/default.nix Normal file
View file

@ -0,0 +1,19 @@
{perInput}: {
lib,
config,
...
}: {
_file = ./default.nix;
imports = [
./sane-defaults.nix
(import ./flake-qol.nix {inherit perInput;})
./user.nix
];
options.settei = with lib; {
username = mkOption {
type = types.str;
};
};
}

2
modules/nixos/settei/flake-qol.nix → modules/shared/settei/flake-qol.nix
View file

@ -43,7 +43,7 @@ in {
nix = {
registry = lib.mapAttrs (_: flake: {inherit flake;}) cfg.inputs-flakes;
nixPath = map (name: "${name}=flake:${name}") (lib.attrNames cfg.inputs-flakes);
nixPath = lib.mapAttrsToList (name: _: "${name}=flake:${name}") cfg.inputs-flakes;
};
};
}

58
modules/shared/settei/sane-defaults.nix Normal file
View file

@ -0,0 +1,58 @@
# This module is supposed to be a reusable set of options you probably would want to set anyway
#
# Other default options which don't necessairly make sense for other people go into hosts/default.nix
{
config,
pkgs,
lib,
...
} @ args: {
_file = ./sane-defaults.nix;
options.settei.sane-defaults = with lib; {
enable = mkEnableOption "Personal sane defaults (but they should make sense for anyone)";
allSshKeys = mkOption {
type = types.attrsOf types.singleLineStr;
default = {};
};
};
config = lib.mkIf config.settei.sane-defaults.enable (let
cfg = config.settei;
inherit (cfg) username;
adminNeedsPassword = pkgs.stdenv.isLinux -> config.security.sudo.wheelNeedsPassword;
in {
_module.args = {
username = lib.mkDefault username;
};
services.tailscale.enable = true;
networking.hostName = lib.mkDefault (
args.configurationName
or (throw "pass configurationName to module arguments or set networking.hostName yourself")
);
nix = {
settings = {
experimental-features = ["nix-command" "flakes" "repl-flake" "auto-allocate-uids"];
trusted-users = lib.optionals (!adminNeedsPassword) [username];
auto-allocate-uids = true;
extra-substituters = [
"https://hyprland.cachix.org"
"https://cache.garnix.io"
"https://nix-community.cachix.org"
"https://hercules-ci.cachix.org"
"https://nrabulinski.cachix.org"
];
trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0="
"nrabulinski.cachix.org-1:Q5FD7+1c68uH74CQK66UWNzxhanZW8xcg1LFXxGK8ic="
];
};
};
});
}

2
modules/nixos/settei/user.nix → modules/shared/settei/user.nix
View file

@ -36,7 +36,7 @@ in {
home = {
inherit username;
homeDirectory = config.users.users.${username}.home;
stateVersion = config.system.stateVersion;
stateVersion = "22.05";
};
programs.home-manager.enable = true;