From 305237c3eafee832041936efaeb6a0e1acf0cdf0 Mon Sep 17 00:00:00 2001 From: Sam Date: Sat, 25 May 2024 18:34:37 +0100 Subject: [PATCH] reorg hosts --- flake.lock | 6 ++--- hosts/common/core/default.nix | 33 +++++++++++++++++++++++++++- hosts/common/core/locale.nix | 2 ++ hosts/common/core/sops.nix | 2 +- hosts/common/optional/openssh.nix | 2 +- hosts/common/users/media/default.nix | 32 +++++++++++---------------- hosts/common/users/sam/default.nix | 9 ++++---- hosts/nixdev/default.nix | 28 ++++------------------- hosts/sparky/default.nix | 31 +++----------------------- 9 files changed, 63 insertions(+), 82 deletions(-) diff --git a/flake.lock b/flake.lock index a6b40a8..ca4a362 100644 --- a/flake.lock +++ b/flake.lock @@ -271,11 +271,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1716330097, - "narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=", + "lastModified": 1716509168, + "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2", + "rev": "bfb7a882678e518398ce9a31a881538679f6f092", "type": "github" }, "original": { diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix index 0da9641..56c622a 100644 --- a/hosts/common/core/default.nix +++ b/hosts/common/core/default.nix @@ -1,10 +1,41 @@ -{ pkgs, lib, inputs, config, ...}: +{ pkgs, lib, inputs, config, outputs, ...}: +let + sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path; +in { imports = [ ./sops.nix ./locale.nix + inputs.impermanence.nixosModules.impermanence ]; + nixpkgs = { + overlays = [ + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.unstable-packages + ]; + config = { + allowUnfree = true; + }; + }; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + users = { + mutableUsers = true; + extraUsers = { + root = { + hashedPasswordFile = sopsHashedPasswordFile; + }; + }; + }; + environment.systemPackages = [ pkgs.rsync pkgs.curl diff --git a/hosts/common/core/locale.nix b/hosts/common/core/locale.nix index 2b0b451..e7064a9 100644 --- a/hosts/common/core/locale.nix +++ b/hosts/common/core/locale.nix @@ -5,4 +5,6 @@ keyMap = "uk"; useXkbConfig = false; }; + time.timeZone = "Europe/London"; } + diff --git a/hosts/common/core/sops.nix b/hosts/common/core/sops.nix index 2ac8d48..0c10f6e 100644 --- a/hosts/common/core/sops.nix +++ b/hosts/common/core/sops.nix @@ -3,7 +3,7 @@ let secretsDirectory = builtins.toString inputs.nix-secrets; secretsFile = "${secretsDirectory}/secrets.yaml"; - hasOptinPersistence = environment.persistence ? "/persist"; + hasOptinPersistence = config.environment.persistence ? "/persist"; hostname = config.networking.hostName; in diff --git a/hosts/common/optional/openssh.nix b/hosts/common/optional/openssh.nix index a6a68f4..29fae74 100644 --- a/hosts/common/optional/openssh.nix +++ b/hosts/common/optional/openssh.nix @@ -1,7 +1,7 @@ { lib, config, ... }: let sshPort = 22; - hasOptinPersistence = environment.persistence ? "/persist"; + hasOptinPersistence = config.environment.persistence ? "/persist"; in diff --git a/hosts/common/users/media/default.nix b/hosts/common/users/media/default.nix index 358075b..aca15be 100644 --- a/hosts/common/users/media/default.nix +++ b/hosts/common/users/media/default.nix @@ -5,11 +5,11 @@ let sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/${user}".path; secretsDirectory = builtins.toString inputs.nix-secrets; secretsFile = "${secretsDirectory}/secrets.yaml"; - user = "media"; + username = "media"; in { - users.users.media = { + users.users.${username} = { isNormalUser = true; shell = pkgs.zsh; # default shell hashedPasswordFile = sopsHashedPasswordFile; @@ -32,39 +32,33 @@ in ".config/dconf" ".config/cinnamon" ".config/nemo" - ".mozilla" - ".local" + ".mozilla" + ".local" ]; files = [ ]; }; }; - sops.secrets."passwords/${user}" = { + sops.secrets."passwords/${username}" = { sopsFile = "${secretsFile}"; neededForUsers = true; }; - sops.secrets."ssh_keys/${user}/id_ed25519" = { - path = "/home/${user}/.ssh/id_ed25519"; + sops.secrets."ssh_keys/${username}/id_ed25519" = { + path = "/home/${username}/.ssh/id_ed25519"; mode = "0600"; - owner = config.users.users.media.name; + owner = config.users.users.${username}.name; }; - sops.secrets."ssh_keys/${user}/id_ed25519.pub" = { - path = "/home/${user}/.ssh/id_ed25519.pub"; + sops.secrets."ssh_keys/${username}/id_ed25519.pub" = { + path = "/home/${username}/.ssh/id_ed25519.pub"; mode = "0644"; - owner = config.users.users.media.name; + owner = config.users.users.${username}.name; }; -# # Need to change ownership of the secrets as they are created as root -# system.activationScripts.sopsSetAgeKeyOwnwership = '' -# mkdir -p /home/${user}/.config || true -# chown -R ${user}:users /home/${user}/.config -# ''; - services.flatpak.enable = true; - users.users.media = { + users.users.${username} = { packages = with pkgs; [ flatpak gnome.gnome-software @@ -77,7 +71,7 @@ in home-manager = { extraSpecialArgs = { inherit inputs; }; users = { - ${user} = import ../../../../home/${hostname}.nix; + ${username} = import ../../../../home/${hostname}.nix; }; }; } diff --git a/hosts/common/users/sam/default.nix b/hosts/common/users/sam/default.nix index c2a1dde..abba8ce 100644 --- a/hosts/common/users/sam/default.nix +++ b/hosts/common/users/sam/default.nix @@ -5,13 +5,12 @@ let sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/sam".path; secretsDirectory = builtins.toString inputs.nix-secrets; secretsFile = "${secretsDirectory}/secrets.yaml"; + username = "sam"; in { - users.users.sam = { - mutableUsers = true; + users.users.${username} = { isNormalUser = true; shell = pkgs.zsh; # default shell - initialPassword = "nixos"; hashedPasswordFile = sopsHashedPasswordFile; openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); @@ -24,7 +23,7 @@ in }; - sops.secrets."passwords/sam" = { + sops.secrets."passwords/${username}" = { sopsFile = "${secretsFile}"; neededForUsers = true; }; @@ -34,7 +33,7 @@ in home-manager = { extraSpecialArgs = { inherit inputs; }; users = { - sam = import ../../../../home/${hostname}.nix; + ${username} = import ../../../../home/${hostname}.nix; }; }; diff --git a/hosts/nixdev/default.nix b/hosts/nixdev/default.nix index 77b5f7d..7ca3b2d 100644 --- a/hosts/nixdev/default.nix +++ b/hosts/nixdev/default.nix @@ -1,5 +1,7 @@ { inputs, config, lib, pkgs, outputs,... }: - +let + dev = "/dev/vda"; +in { imports = [ @@ -17,22 +19,9 @@ ../common/users/sam ]; - - nixpkgs = { - overlays = [ - outputs.overlays.additions - outputs.overlays.modifications - outputs.overlays.unstable-packages - ]; - config = { - allowUnfree = true; - }; - }; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/vda"; + boot.loader.grub.device = "${dev}"; networking = { hostName = "nixdev"; @@ -40,17 +29,8 @@ enableIPv6 = false; }; - time.timeZone = "Europe/London"; - - services.printing.enable = true; - services.libinput.enable = true; - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - system.stateVersion = "23.11"; } diff --git a/hosts/sparky/default.nix b/hosts/sparky/default.nix index f0b80a6..a1fb0b6 100644 --- a/hosts/sparky/default.nix +++ b/hosts/sparky/default.nix @@ -1,15 +1,14 @@ { inputs, config, lib, pkgs, outputs,... }: let - sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path; -in + dev = "/dev/vda"; +in { imports = [ # Disk configuration inputs.disko.nixosModules.disko - (import ../common/disks/std-disk-config.nix { device = "/dev/vda"; }) + (import ../common/disks/std-disk-config.nix { device = ${dev}; }) ../common/optional/btrfs-impermanence.nix - inputs.impermanence.nixosModules.impermanence # Create users for this host ../common/users/media @@ -23,17 +22,6 @@ in ]; - nixpkgs = { - overlays = [ - outputs.overlays.additions - outputs.overlays.modifications - outputs.overlays.unstable-packages - ]; - config = { - allowUnfree = true; - }; - }; - fileSystems."/persist".neededForBoot = true; environment.persistence."/persist" = { hideMounts = true; @@ -51,15 +39,6 @@ in ]; }; - users = { - mutableUsers = true; - extraUsers = { - root = { - hashedPasswordFile = sopsHashedPasswordFile; - }; - }; - }; - boot = { loader = { systemd-boot.enable = true; @@ -74,9 +53,6 @@ in enableIPv6 = false; }; - services = { - qemuGuest.enable = true; - }; services.libinput.enable = true; services.displayManager.defaultSession = "cinnamon"; @@ -88,6 +64,5 @@ in }; }; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; system.stateVersion = "23.11"; }