Commit a45f9dc0bfb9
Changed files (15)
systems
hosts
modules
core
dev
systems/hosts/sakhalin.nix
@@ -11,6 +11,8 @@ let
endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP;
endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0;
endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey;
+
+ metadata = importTOML ../../ops/hosts.toml;
in
{
imports = [
@@ -57,13 +59,21 @@ in
};
};
+ modules = {
+ services = {
+ syncthing = {
+ enable = true;
+ guiAddress = "${metadata.hosts.sakhalin.wireguard.addrs.v4}:8384";
+ };
+ avahi.enable = true;
+ ssh.enable = true;
+ };
+ };
+
profiles = {
bind.enable = true;
home = true;
- avahi.enable = true;
git.enable = true;
- ssh.enable = true;
- syncthing.enable = true;
virtualization = { enable = true; nested = true; listenTCP = true; };
};
@@ -109,7 +119,6 @@ in
listenAddress = "0.0.0.0";
enableGarbageCollect = true;
};
- syncthing.guiAddress = "0.0.0.0:8384";
wireguard = {
enable = true;
ips = ips;
systems/hosts/shikoku.nix
@@ -11,6 +11,8 @@ let
endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP;
endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0;
endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey;
+
+ metadata = importTOML ../../ops/hosts.toml;
in
{
imports = [
@@ -83,6 +85,14 @@ in
modules = {
core.binfmt.enable = true;
+ services = {
+ syncthing = {
+ enable = true;
+ guiAddress = "${metadata.hosts.shikoku.wireguard.addrs.v4}:8384";
+ };
+ avahi.enable = true;
+ ssh.enable = true;
+ };
};
programs.ssh.setXAuthLocation = true;
@@ -91,18 +101,11 @@ in
home = true;
dev.enable = lib.mkForce false;
desktop.enable = lib.mkForce false;
- avahi.enable = true;
- syncthing.enable = true;
- ssh = {
- enable = true;
- forwardX11 = true;
- };
docker.enable = true;
virtualization = { enable = true; nested = true; listenTCP = true; };
};
services = {
netdata.enable = true;
- syncthing.guiAddress = "${ip}:8384";
smartd = {
enable = true;
devices = [{ device = "/dev/nvme0n1"; }];
systems/modules/core/default.nix
@@ -1,3 +1,4 @@
+{ config, lib, pkgs, ... }:
{
imports = [
./boot.nix
@@ -12,4 +13,21 @@
};
# FIXME fix tmpOnTmpfs
systemd.additionalUpstreamSystemUnits = [ "tmp.mount" ];
+
+ security.sudo = {
+ extraConfig = ''
+ Defaults env_keep += SSH_AUTH_SOCK
+ '';
+ };
+ systemd.services."status-email-root@" = {
+ description = "status email for %i to vincent";
+ serviceConfig = {
+ Type = "oneshot";
+ ExecStart = ''
+ ${pkgs.my.systemd-email}/bin/systemd-email vincent@demeester.fr %i
+ '';
+ User = "root";
+ Environment = "PATH=/run/current-system/sw/bin";
+ };
+ };
}
systems/modules/dev/base.nix
@@ -13,11 +13,15 @@ in
config = mkIf cfg.enable {
# Dev means Emacs 🙃
modules.editors.emacs.enable = true;
+ modules.shell = {
+ direnv.enable = true;
+ git.enable = true;
+ gnupg.enable = true;
+ tmux.enable = true;
+ };
# Enable lorri (to handle nix shells)
services.lorri.enable = true;
environment.systemPackages = with pkgs; [
- git # will probably be enabled otherwise but still
- tig
grc
ripgrep
gnumake
systems/modules/profiles/avahi.nix
@@ -1,17 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.avahi;
-in
-{
- options = {
- profiles.avahi = {
- enable = mkEnableOption "Enable avahi profile";
- };
- };
- config = mkIf cfg.enable {
- warnings = [ "The option 'profiles.ahavi' is deprecated, use 'modules.services.avahi' instead." ];
- modules.services.avahi.enable = true;
- };
-}
systems/modules/profiles/base.nix
@@ -48,21 +48,5 @@ in
gnumake
];
};
- security.sudo = {
- extraConfig = ''
- Defaults env_keep += SSH_AUTH_SOCK
- '';
- };
- systemd.services."status-email-root@" = {
- description = "status email for %i to vincent";
- serviceConfig = {
- Type = "oneshot";
- ExecStart = ''
- ${pkgs.my.systemd-email}/bin/systemd-email vincent@demeester.fr %i
- '';
- User = "root";
- Environment = "PATH=/run/current-system/sw/bin";
- };
- };
};
}
systems/modules/profiles/default.nix
@@ -2,7 +2,6 @@
imports = [
./work.nix
# Move this "away"
- ./avahi.nix
./base.nix
./builder.nix
./desktop.nix
@@ -25,9 +24,6 @@
./qemu.nix
./redhat.nix
./scanning.nix
- ./ssh.nix
- ./syncthing.nix
- ./sway.nix
./virtualization.nix
./wireguard.server.nix
./yubikey.nix
systems/modules/profiles/desktop.nix
@@ -41,15 +41,18 @@ in
};
};
config = mkIf cfg.enable {
- profiles.avahi.enable = cfg.avahi;
profiles.printing.enable = cfg.printing;
- # profiles.pulseaudio.enable = cfg.pulseaudio;
profiles.scanning.enable = cfg.scanning;
- profiles.syncthing.enable = cfg.syncthing;
modules = {
- hardware.bluetooth.enable = true;
- hardware.audio.enable = cfg.audio;
+ hardware = {
+ bluetooth.enable = true;
+ audio.enable = cfg.audio;
+ };
+ services = {
+ avahi.enable = cfg.avahi;
+ syncthing.enable = cfg.syncthing;
+ };
};
networking.networkmanager = {
systems/modules/profiles/gnome.nix
@@ -11,9 +11,9 @@ in
};
};
config = mkIf cfg.enable {
+ modules.services.avahi.enable = true;
profiles = {
desktop.enable = true;
- avahi.enable = true;
};
services = {
gnome3 = {
systems/modules/profiles/ssh.nix
@@ -1,32 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.ssh;
-in
-{
- options = {
- profiles.ssh = {
- enable = mkEnableOption "Enable ssh profile";
- listenAddresses = mkOption {
- type = types.listOf types.str;
- default = [ ];
- };
- forwardX11 = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Whether to allow X11 connections to be forwarded.
- '';
- };
- };
- };
- config = mkIf cfg.enable {
- warnings = [ "The option 'profiles.ssh' is deprecated, use 'modules.services.ssh' instead" ];
- modules.services.ssh = {
- enable = cfg.enable;
- listenAddresses = cfg.listenAddresses;
- forwardX11 = cfg.forwardX11;
- };
- };
-}
systems/modules/profiles/sway.nix
@@ -1,95 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.desktop.sway;
-in
-{
- options = {
- profiles.desktop.sway = {
- enable = mkEnableOption "Enable sway desktop profile";
- };
- };
-
- config = mkIf cfg.enable {
- profiles.avahi.enable = true;
- profiles.printing.enable = true;
- profiles.scanning.enable = true;
- profiles.syncthing.enable = true;
-
- modules = {
- hardware.bluetooth.enable = true;
- hardware.audio.enable = true;
- };
-
- networking.networkmanager = {
- enable = true;
- unmanaged = [
- "interface-name:br-*"
- "interface-name:ve-*"
- "interface-name:veth*"
- "interface-name:wg0"
- "interface-name:docker0"
- "interface-name:virbr*"
- ]; # FIXME: add unmanaged depending on profiles (wg0, docker0, …)
- packages = with pkgs; [ networkmanager-openvpn ];
- };
-
- # configuring sway itself (assmung a display manager starts it)
- systemd.user.targets.sway-session = {
- description = "Sway compositor session";
- documentation = [ "man:systemd.special(7)" ];
- bindsTo = [ "graphical-session.target" ];
- wants = [ "graphical-session-pre.target" ];
- after = [ "graphical-session-pre.target" ];
- };
- programs.sway = {
- enable = true;
- wrapperFeatures.gtk = true;
- extraPackages = with pkgs; [
- alacritty
- swaylock
- swayidle
- dmenu
- wofi
- xwayland
- mako
- kanshi
- grim
- slurp
- wl-clipboard
- wf-recorder
- ];
- extraSessionCommands = ''
- export SDL_VIDEODRIVER=wayland
- export QT_QPA_PLATFORM=wayland
- export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
- export _JAVA_AWT_WM_NONREPARENTING=1
- export MOZ_ENABLE_WAYLAND=1
- '';
- };
- # configuring kanshi
- #systemd.user.services.kanshi = {
- # description = "Kanshi output autoconfig ";
- # wantedBy = [ "graphical-session.target" ];
- # partOf = [ "graphical-session.target" ];
- # environment = { XDG_CONFIG_HOME = "/home/vincent/.config"; };
- # serviceConfig = {
- # # kanshi doesn't have an option to specifiy config file yet, so it looks
- # # at .config/kanshi/config
- # ExecStart = ''
- # ${pkgs.kanshi}/bin/kanshi
- # '';
- # RestartSec = 5;
- # Restart = "always";
- # };
- #};
-
- services.xserver.enable = true;
- services.xserver.displayManager.defaultSession = "sway";
- services.xserver.layout = "fr";
- services.xserver.xkbVariant = "bepo";
- services.xserver.displayManager.sddm.enable = true;
- services.xserver.libinput.enable = true;
- };
-}
systems/modules/profiles/syncthing.nix
@@ -1,17 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.profiles.syncthing;
-in
-{
- options = {
- profiles.syncthing = {
- enable = mkEnableOption "Enable syncthing profile";
- };
- };
- config = mkIf cfg.enable {
- warnings = [ "The option 'profiles.syncthing' is deprecated, use 'modules.services.syncthing' instead" ];
- modules.services.syncthing.enable = cfg.enable;
- };
-}
systems/modules/shell/git.nix
@@ -16,6 +16,7 @@ in
gitAndTools.git-extras
(mkIf config.modules.shell.gnupg.enable
gitAndTools.git-crypt)
+ tig
];
# Default gitconfig
etc."gitconfig".source = ./git/config;
systems/modules/shell/zsh.nix
@@ -1,11 +1,15 @@
{ config, lib, pkgs, ... }:
let
- inherit (lib) mkEnableOption mkIf;
+ inherit (lib) mkOption mkIf types;
cfg = config.modules.shell.zsh;
in
{
options.modules.shell.zsh = {
- enable = mkEnableOption "enable zsh";
+ enable = mkOption {
+ default = true;
+ description = "Enable zsh profile";
+ type = types.bool;
+ };
};
config = mkIf cfg.enable {
programs.zsh = {
flake.nix
@@ -122,6 +122,7 @@
buildkit
# Common modules
./systems/modules/core/default.nix
+ ./systems/modules/shell/default.nix
./systems/modules/desktop/default.nix
./systems/modules/dev/default.nix
./systems/modules/editors/default.nix
@@ -132,7 +133,6 @@
# ./systems/modules/hardware/sane-extra-config.nixos.nix
# FIXME: migrate this to elsewhere, or at least split it
# Profiles probably need to go away
- ./systems/modules/profiles/avahi.nix
./systems/modules/profiles/base.nix
./systems/modules/profiles/builder.nix
./systems/modules/profiles/desktop.nix
@@ -151,9 +151,6 @@
./systems/modules/profiles/qemu.nix
./systems/modules/profiles/redhat.nix
./systems/modules/profiles/scanning.nix
- ./systems/modules/profiles/ssh.nix
- ./systems/modules/profiles/syncthing.nix
- ./systems/modules/profiles/sway.nix
./systems/modules/profiles/virtualization.nix
./systems/modules/profiles/wireguard.server.nix
./systems/modules/profiles/zsh.nix