diff options
Diffstat (limited to 'modules')
42 files changed, 0 insertions, 1095 deletions
diff --git a/modules/darwin/base/default.nix b/modules/darwin/base/default.nix deleted file mode 100644 index 42c0335..0000000 --- a/modules/darwin/base/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.base; - inherit (lib) mkDefault mkEnableOption mkIf; -in { - options.base.enable = mkEnableOption "base darwin module"; - - imports = [ - ../../shared - ./nix.nix - ./packages.nix - ]; - - config = mkIf cfg.enable { - base = { - defaultPackages.enable = mkDefault true; - defaultLocale.enable = mkDefault true; - documentation.enable = mkDefault true; - nix-settings.enable = mkDefault true; - }; - - programs = { - bash.enable = true; - zsh.enable = true; - }; - - services.nix-daemon.enable = true; - }; -} diff --git a/modules/darwin/base/nix.nix b/modules/darwin/base/nix.nix deleted file mode 100644 index c853650..0000000 --- a/modules/darwin/base/nix.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: let - inherit (builtins) attrNames map; - inherit (lib) mkIf; - cfg = config.base.nix-settings; - - channelPath = i: "${inputs.${i}.outPath}"; - - mapInputs = fn: map fn (attrNames inputs); -in { - config = mkIf cfg.enable { - nix.nixPath = mapInputs (i: "${i}=${channelPath i}"); - }; -} diff --git a/modules/darwin/base/packages.nix b/modules/darwin/base/packages.nix deleted file mode 100644 index 97fb77c..0000000 --- a/modules/darwin/base/packages.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.base.defaultPackages; - inherit (lib) mkIf; -in { - config = mkIf cfg.enable { - programs.vim.enable = true; - }; -} diff --git a/modules/darwin/default.nix b/modules/darwin/default.nix deleted file mode 100644 index ed9c7e1..0000000 --- a/modules/darwin/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -_: { - imports = [ - ./base - ./desktop - ]; -} diff --git a/modules/darwin/desktop/default.nix b/modules/darwin/desktop/default.nix deleted file mode 100644 index 1f71642..0000000 --- a/modules/darwin/desktop/default.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.desktop; - inherit (lib) mkDefault mkEnableOption mkIf; -in { - options.desktop = { - enable = mkEnableOption "enable desktop darwin support"; - gpg.enable = mkEnableOption "enable gpg"; - }; - - imports = [ - ./homebrew.nix - ]; - - config = mkIf cfg.enable { - fonts.fonts = with pkgs; - mkDefault [ - (nerdfonts.override {fonts = ["FiraCode"];}) - ]; - - programs.gnupg.agent.enable = cfg.gpg.enable; - }; -} diff --git a/modules/darwin/desktop/homebrew.nix b/modules/darwin/desktop/homebrew.nix deleted file mode 100644 index 4a58ae9..0000000 --- a/modules/darwin/desktop/homebrew.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.desktop.homebrew; - inherit (lib) mkDefault mkEnableOption mkIf; -in { - options.desktop.homebrew.enable = mkEnableOption "enable homebrew support"; - - config = mkIf cfg.enable { - homebrew = { - enable = mkDefault true; - caskArgs.require_sha = true; - onActivation = mkDefault { - autoUpdate = true; - cleanup = "uninstall"; - upgrade = true; - }; - - casks = let - # thanks @nekowinston :p - skipSha = name: { - inherit name; - args = {require_sha = false;}; - }; - noQuarantine = name: { - inherit name; - args = {no_quarantine = true;}; - }; - in [ - "firefox" - (lib.recursiveUpdate (noQuarantine "chromium") (skipSha "chromium")) - ]; - }; - }; -} diff --git a/modules/default.nix b/modules/default.nix deleted file mode 100644 index 4b3dddb..0000000 --- a/modules/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - flake = { - nixosModules.default = import ../modules/nixos; - darwinModules.default = import ../modules/darwin; - }; -} diff --git a/modules/nixos/base/default.nix b/modules/nixos/base/default.nix deleted file mode 100644 index ed0fb23..0000000 --- a/modules/nixos/base/default.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.base; - inherit (lib) mkDefault mkEnableOption mkIf; -in { - options.base.enable = mkEnableOption "base nixos module"; - - imports = [ - ../../shared - ./documentation.nix - ./locale.nix - ./network.nix - ./nix.nix - ./packages.nix - ./root.nix - ./security.nix - ./systemd.nix - ./upgrade-diff.nix - ]; - - config = mkIf cfg.enable { - base = { - defaultPackages.enable = mkDefault true; - defaultLocale.enable = mkDefault true; - defaultRoot.enable = mkDefault true; - documentation.enable = mkDefault true; - networking.enable = mkDefault true; - nix-settings.enable = mkDefault true; - }; - }; -} diff --git a/modules/nixos/base/documentation.nix b/modules/nixos/base/documentation.nix deleted file mode 100644 index 68a194f..0000000 --- a/modules/nixos/base/documentation.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.base.documentation; - inherit (lib) mkIf; -in { - config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [man-pages man-pages-posix]; - documentation = { - man = { - generateCaches = true; - man-db.enable = true; - }; - - dev.enable = true; - }; - }; -} diff --git a/modules/nixos/base/locale.nix b/modules/nixos/base/locale.nix deleted file mode 100644 index 7259ef2..0000000 --- a/modules/nixos/base/locale.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.base.defaultLocale; - inherit (lib) mkIf; -in { - config = mkIf cfg.enable { - i18n = { - supportedLocales = [ - "en_US.UTF-8/UTF-8" - ]; - - defaultLocale = "en_US.UTF-8"; - }; - }; -} diff --git a/modules/nixos/base/network.nix b/modules/nixos/base/network.nix deleted file mode 100644 index 5bc90d1..0000000 --- a/modules/nixos/base/network.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.base.networking; - inherit (lib) mkEnableOption mkIf; -in { - options.base.networking.enable = mkEnableOption "networking"; - - config = mkIf cfg.enable { - networking.networkmanager = { - enable = true; - dns = "systemd-resolved"; - }; - services.resolved = { - enable = lib.mkDefault true; - dnssec = "allow-downgrade"; - extraConfig = '' - [Resolve] - DNS=1.1.1.1 1.0.0.1 - DNSOverTLS=yes - ''; - }; - }; -} diff --git a/modules/nixos/base/nix.nix b/modules/nixos/base/nix.nix deleted file mode 100644 index 3dcac11..0000000 --- a/modules/nixos/base/nix.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: let - inherit (builtins) attrNames map; - inherit (lib) mkDefault mkIf; - cfg = config.base.nix-settings; - - channelPath = i: "/etc/nix/channels/${i}"; - - mapInputs = fn: map fn (attrNames inputs); -in { - config = mkIf cfg.enable { - nix = { - nixPath = mapInputs (i: "${i}=${channelPath i}"); - gc.dates = mkDefault "weekly"; - }; - - systemd.tmpfiles.rules = - mapInputs (i: "L+ ${channelPath i} - - - - ${inputs.${i}.outPath}"); - }; -} diff --git a/modules/nixos/base/packages.nix b/modules/nixos/base/packages.nix deleted file mode 100644 index 7390a40..0000000 --- a/modules/nixos/base/packages.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.base.defaultPackages; - inherit (lib) mkIf; -in { - config = mkIf cfg.enable { - programs = { - git.enable = true; - vim.defaultEditor = true; - }; - }; -} diff --git a/modules/nixos/base/root.nix b/modules/nixos/base/root.nix deleted file mode 100644 index ecc5203..0000000 --- a/modules/nixos/base/root.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.base.defaultRoot; - inherit (lib) mkDefault mkEnableOption mkIf; - - # yes this is a bad way to detect which option should be used (or exists) - # but i'm lazy. please do not copy this - passwordFile = - if lib.versionAtLeast config.system.stateVersion "23.11" - then "hashedPasswordFile" - else "passwordFile"; -in { - options.base.defaultRoot.enable = mkEnableOption "default root user"; - - config = mkIf cfg.enable { - users.users.root = { - home = mkDefault "/root"; - uid = mkDefault config.ids.uids.root; - group = mkDefault "root"; - "${passwordFile}" = mkDefault config.age.secrets.rootPassword.path; - }; - }; -} diff --git a/modules/nixos/base/security.nix b/modules/nixos/base/security.nix deleted file mode 100644 index e13d1c7..0000000 --- a/modules/nixos/base/security.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - pkgs, - ... -}: let - inherit (lib) mkDefault; -in { - security = { - apparmor.enable = mkDefault true; - audit.enable = mkDefault true; - auditd.enable = mkDefault true; - polkit.enable = mkDefault true; - rtkit.enable = mkDefault true; - sudo.execWheelOnly = true; - }; - - services.dbus.apparmor = mkDefault "enabled"; - - users = { - defaultUserShell = pkgs.bash; - mutableUsers = false; - }; - - nix.settings = { - trusted-users = ["root" "@wheel"]; - }; -} diff --git a/modules/nixos/base/systemd.nix b/modules/nixos/base/systemd.nix deleted file mode 100644 index 2888c0b..0000000 --- a/modules/nixos/base/systemd.nix +++ /dev/null @@ -1,7 +0,0 @@ -_: { - services = { - journald.extraConfig = '' - MaxRetentionSec=1w - ''; - }; -} diff --git a/modules/nixos/base/upgrade-diff.nix b/modules/nixos/base/upgrade-diff.nix deleted file mode 100644 index 68be9af..0000000 --- a/modules/nixos/base/upgrade-diff.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - config, - pkgs, - ... -}: { - system.activationScripts."upgrade-diff" = { - supportsDryActivation = true; - text = '' - ${pkgs.nvd}/bin/nvd --nix-bin-dir=${config.nix.package}/bin diff /run/current-system "$systemConfig" - ''; - }; -} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix deleted file mode 100644 index 3ae2f08..0000000 --- a/modules/nixos/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -_: { - imports = [ - ./base - ./desktop - ./hardware - ]; -} diff --git a/modules/nixos/desktop/audio.nix b/modules/nixos/desktop/audio.nix deleted file mode 100644 index c601563..0000000 --- a/modules/nixos/desktop/audio.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.desktop.audio; - inherit (lib) mkEnableOption mkIf; -in { - options.desktop.audio.enable = mkEnableOption "audio support"; - - config = mkIf cfg.enable { - services = { - pipewire = { - enable = true; - wireplumber.enable = true; - alsa.enable = true; - jack.enable = true; - pulse.enable = true; - }; - }; - hardware.pulseaudio.enable = false; - }; -} diff --git a/modules/nixos/desktop/budgie/default.nix b/modules/nixos/desktop/budgie/default.nix deleted file mode 100644 index 4605eb1..0000000 --- a/modules/nixos/desktop/budgie/default.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - cfg = config.desktop.budgie; - inherit (lib) mkEnableOption mkIf; -in { - options.desktop.budgie.enable = mkEnableOption "enable budgie"; - - config = mkIf cfg.enable { - desktop.enable = true; - - services.xserver = { - displayManager.lightdm.greeters.slick = { - theme = { - name = "Materia-dark"; - package = pkgs.materia-theme; - }; - iconTheme = { - name = "Papirus-Dark"; - package = pkgs.papirus-icon-theme; - }; - cursorTheme = { - name = "Breeze-gtk"; - package = pkgs.libsForQt5.breeze-gtk; - }; - }; - - desktopManager.budgie = { - enable = true; - extraGSettingsOverrides = '' - [org.gnome.desktop.interface:Budgie] - gtk-theme="Materia-dark" - icon-theme="Papirus-Dark" - cursor-theme="Breeze-gtk" - font-name="Noto Sans 10" - document-font-name="Noto Sans 10" - monospace-font-name="Fira Code 10" - enable-hot-corners=true - ''; - }; - }; - - environment.budgie.excludePackages = with pkgs; [ - qogir-theme - qogir-icon-theme - ]; - - environment.systemPackages = with pkgs; [ - alacritty - breeze-gtk - materia-theme - papirus-icon-theme - ]; - }; -} diff --git a/modules/nixos/desktop/default.nix b/modules/nixos/desktop/default.nix deleted file mode 100644 index f0ab74c..0000000 --- a/modules/nixos/desktop/default.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.desktop; - inherit (lib) mkDefault mkEnableOption mkIf; -in { - imports = [ - ./audio.nix - ./budgie - ./fonts.nix - ./gnome - ./plasma - ]; - - options.desktop.enable = mkEnableOption "desktop module"; - - config = mkIf cfg.enable { - base.enable = true; - desktop = { - audio.enable = mkDefault true; - fonts.enable = mkDefault true; - }; - - environment = { - noXlibs = lib.mkForce false; - systemPackages = with pkgs; [wl-clipboard xclip]; - }; - - programs = { - dconf.enable = true; - firefox.enable = true; - xwayland.enable = true; - }; - - services.xserver.enable = true; - xdg.portal.enable = true; - }; -} diff --git a/modules/nixos/desktop/fonts.nix b/modules/nixos/desktop/fonts.nix deleted file mode 100644 index feedf07..0000000 --- a/modules/nixos/desktop/fonts.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - cfg = config.desktop.fonts; - inherit (lib) mkEnableOption mkIf; -in { - options.desktop.fonts.enable = mkEnableOption "enable default fonts"; - - config = mkIf cfg.enable { - fonts = { - enableDefaultPackages = true; - - packages = with pkgs; [ - corefonts - fira-code - (nerdfonts.override {fonts = ["FiraCode"];}) - noto-fonts - noto-fonts-extra - noto-fonts-emoji - noto-fonts-cjk-sans - ]; - - fontconfig = { - enable = true; - defaultFonts = { - serif = ["Noto Serif"]; - sansSerif = ["Noto Sans"]; - emoji = ["Noto Color Emoji"]; - monospace = ["Fira Code"]; - }; - }; - }; - }; -} diff --git a/modules/nixos/desktop/gnome/default.nix b/modules/nixos/desktop/gnome/default.nix deleted file mode 100644 index bfe3d20..0000000 --- a/modules/nixos/desktop/gnome/default.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - cfg = config.desktop.gnome; - inherit (lib) mkEnableOption mkIf; -in { - options.desktop.gnome.enable = mkEnableOption "enable gnome"; - - config = mkIf cfg.enable { - desktop.enable = true; - - environment = { - gnome.excludePackages = with pkgs; [ - gnome-tour - ]; - - sessionVariables = { - NIXOS_OZONE_WL = "1"; - }; - - systemPackages = with pkgs; [ - adw-gtk3 - blackbox-terminal - ]; - }; - - services.xserver = { - displayManager.gdm = { - enable = true; - wayland = lib.mkForce true; - }; - desktopManager.gnome.enable = true; - }; - }; -} diff --git a/modules/nixos/desktop/plasma/default.nix b/modules/nixos/desktop/plasma/default.nix deleted file mode 100644 index 2034802..0000000 --- a/modules/nixos/desktop/plasma/default.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.desktop.plasma; - inherit (lib) mkEnableOption mkIf; -in { - options.desktop.plasma.enable = mkEnableOption "enable plasma"; - - config = mkIf cfg.enable { - desktop.enable = true; - - environment = { - plasma5.excludePackages = with pkgs.libsForQt5; [ - khelpcenter - plasma-browser-integration - print-manager - ]; - }; - - services.xserver = { - displayManager.sddm.enable = true; - desktopManager.plasma5 = { - enable = true; - useQtScaling = true; - }; - }; - }; -} diff --git a/modules/nixos/features/tailscale.nix b/modules/nixos/features/tailscale.nix deleted file mode 100644 index dc688f6..0000000 --- a/modules/nixos/features/tailscale.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ - config, - lib, - pkgs, - self, - ... -}: let - cfg = config.features.tailscale; - inherit (lib) mkDefault mkEnableOption mkIf optionalAttrs; -in { - options.features.tailscale = { - enable = mkEnableOption "enable support for tailscale"; - ssh.enable = mkEnableOption "enable support for tailscale ssh"; - }; - - config = mkIf cfg.enable { - age.secrets = let - baseDir = "${self}/secrets/hosts/${config.networking.hostName}"; - in - mkIf cfg.ssh.enable { - tailscaleAuthKey.file = "${baseDir}/tailscaleAuthKey.age"; - }; - - networking.firewall = - { - allowedUDPPorts = [config.services.tailscale.port]; - trustedInterfaces = ["tailscale0"]; - } - // optionalAttrs cfg.ssh.enable { - allowedTCPPorts = [22]; - }; - - services = { - tailscale.enable = mkDefault true; - }; - - # https://tailscale.com/kb/1096/nixos-minecraft/ - systemd.services = mkIf cfg.ssh.enable { - tailscale-autoconnect = { - description = "Automatic connection to Tailscale"; - - after = ["network-pre.target" "tailscale.service"]; - wants = ["network-pre.target" "tailscale.service"]; - wantedBy = ["multi-user.target"]; - - serviceConfig.Type = "oneshot"; - - script = let - inherit (pkgs) tailscale jq; - in '' - # wait for tailscaled to settle - sleep 2 - - # check if we are already authenticated to tailscale - status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" - if [ $status = "Running" ]; then # if so, then do nothing - exit 0 - fi - - # otherwise authenticate with tailscale - ${tailscale}/bin/tailscale up --ssh \ - --auth-key "file:${config.age.secrets.tailscaleAuthKey.path}" - ''; - }; - }; - }; -} diff --git a/modules/nixos/features/virtualisation.nix b/modules/nixos/features/virtualisation.nix deleted file mode 100644 index 206a98e..0000000 --- a/modules/nixos/features/virtualisation.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.features.virtualisation; - inherit (lib) mkEnableOption mkIf; -in { - options.features.virtualisation.enable = mkEnableOption "enable podman"; - - config.virtualisation = mkIf cfg.enable { - podman = { - enable = true; - enableNvidia = true; - extraPackages = with pkgs; [podman-compose]; - autoPrune.enable = true; - }; - oci-containers.backend = "podman"; - }; -} diff --git a/modules/nixos/hardware/default.nix b/modules/nixos/hardware/default.nix deleted file mode 100644 index 1217b5a..0000000 --- a/modules/nixos/hardware/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.hardware; - inherit (lib) mkEnableOption mkIf; -in { - options.hardware.enable = mkEnableOption "hardware module"; - - imports = [ - ./ssd.nix - ./nvidia.nix - ]; - - config = mkIf cfg.enable { - hardware.enableAllFirmware = true; - }; -} diff --git a/modules/nixos/hardware/nvidia.nix b/modules/nixos/hardware/nvidia.nix deleted file mode 100644 index dd371f2..0000000 --- a/modules/nixos/hardware/nvidia.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.hardware.nvidia; - inherit (lib) mkEnableOption mkIf; -in { - options.hardware.nvidia.enable = mkEnableOption "enable nvidia support"; - - config = mkIf cfg.enable { - environment.sessionVariables = { - LIBVA_DRIVER_NAME = "vdpau"; - VDPAU_DRIVER = "nvidia"; - }; - - hardware = { - enable = true; - - nvidia = { - package = config.boot.kernelPackages.nvidiaPackages.stable; - modesetting.enable = true; - }; - - opengl = { - enable = true; - # make steam work - driSupport32Bit = true; - extraPackages = [pkgs.vaapiVdpau]; - }; - }; - - services.xserver.videoDrivers = ["nvidia"]; - }; -} diff --git a/modules/nixos/hardware/ssd.nix b/modules/nixos/hardware/ssd.nix deleted file mode 100644 index 2995d93..0000000 --- a/modules/nixos/hardware/ssd.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.hardware.ssd; - inherit (lib) mkEnableOption mkIf; -in { - options.hardware.ssd.enable = mkEnableOption "ssd settings"; - - config = mkIf cfg.enable { - hardware.enable = true; - services.fstrim.enable = true; - }; -} diff --git a/modules/nixos/server/acme.nix b/modules/nixos/server/acme.nix deleted file mode 100644 index 56a81fa..0000000 --- a/modules/nixos/server/acme.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - config, - lib, - self, - ... -}: let - cfg = config.server.acme; - inherit (lib) mkEnableOption mkIf; -in { - options.server.acme = { - enable = mkEnableOption "acme"; - }; - - config = mkIf cfg.enable { - age.secrets.cloudflareApiKey.file = "${self}/secrets/hosts/${config.networking.hostName}/cloudflareApiKey.age"; - - security.acme = { - acceptTerms = true; - defaults = { - email = "[email protected]"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.cloudflareApiKey.path; - }; - }; - }; -} diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix deleted file mode 100644 index 9866cd0..0000000 --- a/modules/nixos/server/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - config, - lib, - pkgs, - nixpkgs, - ... -}: let - cfg = config.server; - inherit (lib) mkDefault mkEnableOption mkIf; -in { - options.server.enable = mkEnableOption "enable server configuration"; - - imports = [ - ./acme.nix - ./secrets.nix - ./services - ]; - - config = mkIf cfg.enable { - _module.args.unstable = nixpkgs.legacyPackages.${pkgs.system}; - - base = { - enable = true; - documentation.enable = false; - defaultPackages.enable = false; - networking.enable = false; - }; - - nix = { - gc = { - dates = "*-*-1,5,9,13,17,21,25,29 00:00:00"; - options = "-d --delete-older-than 2d"; - }; - - settings.allowed-users = [config.networking.hostName]; - }; - - programs = { - git.enable = mkDefault true; - vim.defaultEditor = mkDefault true; - }; - - security = { - pam.enableSSHAgentAuth = mkDefault true; - }; - }; -} diff --git a/modules/nixos/server/secrets.nix b/modules/nixos/server/secrets.nix deleted file mode 100644 index 62654f3..0000000 --- a/modules/nixos/server/secrets.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - config, - lib, - self, - ... -}: let - cfg = config.server.secrets; - inherit (lib) mkEnableOption mkIf; -in { - options.server.secrets = { - enable = mkEnableOption "enable secret management"; - }; - - config.age = let - baseDir = "${self}/secrets/hosts/${config.networking.hostName}"; - in - mkIf cfg.enable { - identityPaths = ["/etc/age/key"]; - - secrets = { - rootPassword.file = "${baseDir}/rootPassword.age"; - userPassword.file = "${baseDir}/userPassword.age"; - }; - }; -} diff --git a/modules/nixos/server/services/cloudflared.nix b/modules/nixos/server/services/cloudflared.nix deleted file mode 100644 index 803e7da..0000000 --- a/modules/nixos/server/services/cloudflared.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - config, - lib, - self, - ... -}: let - cfg = config.server.services.cloudflared; - inherit (lib) mkEnableOption mkIf; -in { - options.server.services.cloudflared = { - enable = mkEnableOption "cloudflared"; - }; - - config = mkIf cfg.enable { - age.secrets.cloudflaredCreds = { - file = "${self}/secrets/hosts/${config.networking.hostName}/cloudflaredCreds.age"; - mode = "400"; - owner = "cloudflared"; - group = "cloudflared"; - }; - - services.cloudflared = { - enable = true; - tunnels = { - "${config.networking.hostName}-nginx" = { - default = "http_status:404"; - - ingress = let - inherit (config.services) nginx; - in - lib.genAttrs - (builtins.attrNames nginx.virtualHosts) - (_: {service = "http://localhost:${builtins.toString nginx.defaultHTTPListenPort}";}); - - originRequest.noTLSVerify = true; - credentialsFile = config.age.secrets.cloudflaredCreds.path; - }; - }; - }; - }; -} diff --git a/modules/nixos/server/services/default.nix b/modules/nixos/server/services/default.nix deleted file mode 100644 index 23f2542..0000000 --- a/modules/nixos/server/services/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -_: { - imports = [ - ./cloudflared.nix - ./hercules.nix - ./promtail.nix - ]; -} diff --git a/modules/nixos/server/services/hercules.nix b/modules/nixos/server/services/hercules.nix deleted file mode 100644 index 4833791..0000000 --- a/modules/nixos/server/services/hercules.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ - config, - lib, - self, - unstable, - ... -}: let - cfg = config.server.services.hercules-ci; - inherit (lib) mkEnableOption mkIf; -in { - options.server.services.hercules-ci = { - enable = mkEnableOption "enable hercules-ci"; - secrets.enable = mkEnableOption "manage secrets for hercules-ci"; - }; - - config = mkIf cfg.enable { - age.secrets = let - baseDir = "${self}/secrets/hosts/${config.networking.hostName}"; - hercArgs = { - mode = "400"; - owner = "hercules-ci-agent"; - group = "hercules-ci-agent"; - }; - in - mkIf cfg.secrets.enable { - binaryCache = - { - file = "${baseDir}/binaryCache.age"; - } - // hercArgs; - - clusterToken = - { - file = "${baseDir}/clusterToken.age"; - } - // hercArgs; - - secretsJson = - { - file = "${baseDir}/secretsJson.age"; - } - // hercArgs; - }; - - services = { - hercules-ci-agent = { - enable = true; - package = unstable.hercules-ci-agent; - settings = { - binaryCachesPath = config.age.secrets.binaryCache.path; - clusterJoinTokenPath = config.age.secrets.clusterToken.path; - secretsJsonPath = config.age.secrets.secretsJson.path; - }; - }; - }; - }; -} diff --git a/modules/nixos/server/services/promtail.nix b/modules/nixos/server/services/promtail.nix deleted file mode 100644 index 63faf15..0000000 --- a/modules/nixos/server/services/promtail.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.server.services.promtail; - inherit (lib) mkEnableOption mkIf mkOption types; -in { - options.server.services.promtail = { - enable = mkEnableOption "enable promtail"; - - clients = mkOption { - type = types.listOf types.attrs; - default = [{}]; - description = "clients for promtail"; - }; - }; - - config.services.promtail = mkIf cfg.enable { - enable = true; - configuration = { - inherit (cfg) clients; - server.disable = true; - - scrape_configs = [ - { - job_name = "journal"; - - journal = { - max_age = "12h"; - labels = { - job = "systemd-journal"; - host = "${config.networking.hostName}"; - }; - }; - - relabel_configs = [ - { - source_labels = ["__journal__systemd_unit"]; - target_label = "unit"; - } - ]; - } - ]; - }; - }; -} diff --git a/modules/shared/base/default.nix b/modules/shared/base/default.nix deleted file mode 100644 index e18de58..0000000 --- a/modules/shared/base/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -_: { - imports = [ - ./documentation.nix - ./locale.nix - ./nix.nix - ./packages.nix - ]; -} diff --git a/modules/shared/base/documentation.nix b/modules/shared/base/documentation.nix deleted file mode 100644 index ecc5813..0000000 --- a/modules/shared/base/documentation.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.base.documentation; - inherit (lib) mkEnableOption mkIf; -in { - options.base.documentation.enable = mkEnableOption "base module documentation"; - - config = mkIf cfg.enable { - documentation.man.enable = true; - }; -} diff --git a/modules/shared/base/locale.nix b/modules/shared/base/locale.nix deleted file mode 100644 index ecae786..0000000 --- a/modules/shared/base/locale.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.base.defaultLocale; - inherit (lib) mkEnableOption mkIf; -in { - options.base.defaultLocale.enable = mkEnableOption "default locale"; - - config = mkIf cfg.enable { - time.timeZone = "America/New_York"; - }; -} diff --git a/modules/shared/base/nix.nix b/modules/shared/base/nix.nix deleted file mode 100644 index 2c95933..0000000 --- a/modules/shared/base/nix.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - ... -}: let - cfg = config.base.nix-settings; - inherit (lib) mkDefault mkEnableOption mkIf; - inherit (pkgs.stdenv) isLinux; -in { - options.base.nix-settings.enable = mkEnableOption "base nix settings"; - - config = mkIf cfg.enable { - nix = { - registry = - { - n.flake = mkDefault inputs.nixpkgs; - } - // (builtins.mapAttrs (_: flake: {inherit flake;}) - (inputs.nixpkgs.lib.filterAttrs (n: _: n != "nixpkgs") inputs)); - - settings = { - auto-optimise-store = isLinux; - experimental-features = ["nix-command" "flakes" "auto-allocate-uids" "repl-flake"]; - - trusted-substituters = ["https://cache.garnix.io"]; - trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="]; - }; - - gc = { - automatic = mkDefault true; - options = mkDefault "--delete-older-than 7d"; - }; - }; - - nixpkgs = { - overlays = with inputs; [nur.overlay getchoo.overlays.default self.overlays.default]; - config.allowUnfree = true; - }; - }; -} diff --git a/modules/shared/base/packages.nix b/modules/shared/base/packages.nix deleted file mode 100644 index 38cd6e7..0000000 --- a/modules/shared/base/packages.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.base.defaultPackages; - inherit (lib) mkEnableOption mkIf; -in { - options.base.defaultPackages.enable = mkEnableOption "base module default packages"; - - config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - python311 - ]; - - programs = { - gnupg.agent.enable = true; - }; - }; -} diff --git a/modules/shared/default.nix b/modules/shared/default.nix deleted file mode 100644 index 0199860..0000000 --- a/modules/shared/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -_: { - imports = [ - ./base - ]; -} |