nixos: remove root password

author: seth <[email protected]> 2024-02-28 07:31:21 -0500
committer: seth <[email protected]> 2024-02-28 07:31:21 -0500
commit: 4caa14d0416c8ac14e0ac617a1eec22b9df830f6 (patch)
tree: ab2a295461a046118841c046fc1d6a3b6bbf7c38 /modules/nixos/traits
parent: ed23d606f190aa20e620063ab65e78caf613b67c (diff)
4 files changed, 51 insertions, 85 deletions
diff --git a/modules/nixos/traits/containers.nix b/modules/nixos/traits/containers.nix
index e309a89..10824eb 100644
--- a/modules/nixos/traits/containers.nix
+++ b/modules/nixos/traits/containers.nix
@@ -11,28 +11,30 @@ in {
     enable = lib.mkEnableOption "containers support";
   };
 
-  config.virtualisation = lib.mkMerge [
-    (lib.mkIf cfg.enable {
-      podman = {
-        enable = true;
-        extraPackages = with pkgs; [podman-compose];
-        autoPrune.enable = true;
-      };
+  config.virtualisation = lib.mkIf cfg.enable (
+    lib.mkMerge [
+      {
+        podman = {
+          enable = true;
+          extraPackages = with pkgs; [podman-compose];
+          autoPrune.enable = true;
+        };
 
-      oci-containers.backend = "podman";
-    })
-
-    (let
-      enable = lib.mkDefault (
-        lib.elem "nvidia" (config.services.xserver.videoDrivers or [])
-      );
-    in
-      if (options.virtualisation.containers ? cdi)
-      then {
-        containers.cdi.dynamic.nvidia = {inherit enable;};
+        oci-containers.backend = "podman";
       }
-      else {
-        podman.enableNvidia = enable;
-      })
-  ];
+
+      (let
+        enable = lib.mkDefault (
+          lib.elem "nvidia" (config.services.xserver.videoDrivers or [])
+        );
+      in
+        if (options.virtualisation.containers ? cdi)
+        then {
+          containers.cdi.dynamic.nvidia = {inherit enable;};
+        }
+        else {
+          podman.enableNvidia = enable;
+        })
+    ]
+  );
 }
diff --git a/modules/nixos/traits/default.nix b/modules/nixos/traits/default.nix
index 983edce..51682a3 100644
--- a/modules/nixos/traits/default.nix
+++ b/modules/nixos/traits/default.nix
@@ -3,7 +3,6 @@
     ./auto-upgrade.nix
     ./containers.nix
     ./home-manager.nix
-    ./host-user.nix
     ./locale.nix
     ./secrets.nix
     ./tailscale.nix
diff --git a/modules/nixos/traits/host-user.nix b/modules/nixos/traits/host-user.nix
deleted file mode 100644
index 2da91d6..0000000
--- a/modules/nixos/traits/host-user.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  secretsDir,
-  ...
-}: let
-  cfg = config.traits.users.hostUser;
-  inherit (config.networking) hostName;
-in {
-  options.traits.users.hostUser = {
-    enable = lib.mkEnableOption "${hostName} user configuration";
-    manageSecrets =
-      lib.mkEnableOption "automatic secrets management"
-      // {
-        default = config.traits.secrets.enable;
-      };
-  };
-
-  config = lib.mkIf cfg.enable (
-    lib.mkMerge [
-      {
-        users.users.${hostName} = {
-          isNormalUser = true;
-          shell = pkgs.bash;
-        };
-      }
-
-      (lib.mkIf cfg.manageSecrets {
-        age.secrets = {
-          userPassword.file = secretsDir + "/userPassword.age";
-        };
-
-        users.users.${hostName} = {
-          hashedPasswordFile = config.age.secrets.userPassword.path;
-        };
-      })
-    ]
-  );
-}
diff --git a/modules/nixos/traits/tailscale.nix b/modules/nixos/traits/tailscale.nix
index b432ced..a7d8c06 100644
--- a/modules/nixos/traits/tailscale.nix
+++ b/modules/nixos/traits/tailscale.nix
@@ -16,33 +16,38 @@ in {
       };
   };
 
-  config = lib.mkIf cfg.enable (lib.mkMerge [
-    {
-      networking.firewall =
-        {
-          trustedInterfaces = ["tailscale0"];
-        }
-        // lib.optionalAttrs cfg.ssh.enable {
-          allowedTCPPorts = [22];
+  config = lib.mkIf cfg.enable (
+    lib.mkMerge [
+      {
+        networking.firewall = {
+          trustedInterfaces = [config.services.tailscale.interfaceName];
         };
 
-      services.tailscale =
-        {
+        services.tailscale = {
           enable = true;
           openFirewall = true;
-        }
-        // lib.optionalAttrs cfg.ssh.enable {
+        };
+      }
+
+      (lib.mkIf cfg.ssh.enable {
+        networking.firewall = {
+          allowedTCPPorts = [22];
+        };
+
+        services.tailscale = {
           extraUpFlags = ["--ssh"];
-        }
-        // lib.optionalAttrs cfg.manageSecrets {
-          authKeyFile = config.age.secrets.tailscaleAuthKey.path;
         };
-    }
+      })
 
-    (lib.mkIf cfg.manageSecrets {
-      age.secrets = lib.mkIf cfg.manageSecrets {
-        tailscaleAuthKey.file = "${secretsDir}/tailscaleAuthKey.age";
-      };
-    })
-  ]);
+      (lib.mkIf cfg.manageSecrets {
+        age.secrets = lib.mkIf cfg.manageSecrets {
+          tailscaleAuthKey.file = "${secretsDir}/tailscaleAuthKey.age";
+        };
+
+        services.tailscale = {
+          authKeyFile = config.age.secrets.tailscaleAuthKey.path;
+        };
+      })
+    ]
+  );
 }
author	seth <[email protected]>	2024-02-28 07:31:21 -0500
committer	seth <[email protected]>	2024-02-28 07:31:21 -0500
commit	4caa14d0416c8ac14e0ac617a1eec22b9df830f6 (patch)
tree	ab2a295461a046118841c046fc1d6a3b6bbf7c38 /modules/nixos/traits
parent	ed23d606f190aa20e620063ab65e78caf613b67c (diff)