From 9758b8236dcaafb958e6ef4f634d201af0bea80b Mon Sep 17 00:00:00 2001 From: seth Date: Fri, 2 Feb 2024 14:40:21 -0500 Subject: modules/nixos+darwin: make everything an actual module again --- modules/nixos/server/acme.nix | 27 +++++++++++++++---------- modules/nixos/server/default.nix | 43 ++++++++++++++++++++++------------------ modules/nixos/server/secrets.nix | 23 +++++++++++++++------ 3 files changed, 58 insertions(+), 35 deletions(-) (limited to 'modules/nixos/server') diff --git a/modules/nixos/server/acme.nix b/modules/nixos/server/acme.nix index edb499c..a08c8ae 100644 --- a/modules/nixos/server/acme.nix +++ b/modules/nixos/server/acme.nix @@ -1,18 +1,25 @@ { config, + lib, secretsDir, ... -}: { - age.secrets = { - cloudflareApiKey.file = secretsDir + "/cloudflareApiKey.age"; - }; +}: let + cfg = config.server.acme; +in { + options.server.acme.enable = lib.mkEnableOption "ACME support"; + + config = lib.mkIf cfg.enable { + age.secrets = { + cloudflareApiKey.file = secretsDir + "/cloudflareApiKey.age"; + }; - security.acme = { - acceptTerms = true; - defaults = { - email = "getchoo@tuta.io"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.cloudflareApiKey.path; + security.acme = { + acceptTerms = true; + defaults = { + email = "getchoo@tuta.io"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.cloudflareApiKey.path; + }; }; }; } diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix index d503eae..d412067 100644 --- a/modules/nixos/server/default.nix +++ b/modules/nixos/server/default.nix @@ -4,33 +4,38 @@ pkgs, inputs, ... -}: { +}: let + cfg = config.server; +in { + options.server.enable = lib.mkEnableOption "base server settings"; + imports = [ - # disabled since i use cloudflare tunnels - #./acme.nix + ./acme.nix ./secrets.nix ]; - _module.args.unstable = inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system}; + config = lib.mkIf cfg.enable { + _module.args.unstable = inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system}; - boot = { - tmp.cleanOnBoot = lib.mkDefault true; - kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened; - }; + boot = { + tmp.cleanOnBoot = lib.mkDefault true; + kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened; + }; - documentation = { - enable = false; - man.enable = false; - }; + documentation = { + enable = false; + man.enable = false; + }; - environment.defaultPackages = lib.mkForce []; + environment.defaultPackages = lib.mkForce []; - nix = { - gc = { - dates = "*-*-1,5,9,13,17,21,25,29 00:00:00"; - options = "-d --delete-older-than 2d"; - }; + nix = { + gc = { + dates = "*-*-1,5,9,13,17,21,25,29 00:00:00"; + options = "-d --delete-older-than 2d"; + }; - settings.allowed-users = [config.networking.hostName]; + settings.allowed-users = [config.networking.hostName]; + }; }; } diff --git a/modules/nixos/server/secrets.nix b/modules/nixos/server/secrets.nix index 1d572bd..0f38995 100644 --- a/modules/nixos/server/secrets.nix +++ b/modules/nixos/server/secrets.nix @@ -1,10 +1,21 @@ -{secretsDir, ...}: { - age = { - identityPaths = ["/etc/age/key"]; +{ + config, + lib, + secretsDir, + ... +}: let + cfg = config.server.secrets; +in { + options.server.secrets.enable = lib.mkEnableOption "secrets management"; - secrets = { - rootPassword.file = secretsDir + "/rootPassword.age"; - userPassword.file = secretsDir + "/userPassword.age"; + config = lib.mkIf cfg.enable { + age = { + identityPaths = ["/etc/age/key"]; + + secrets = { + rootPassword.file = secretsDir + "/rootPassword.age"; + userPassword.file = secretsDir + "/userPassword.age"; + }; }; }; } -- cgit v1.2.3