Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

reworking

Browse Source
This commit is contained in:
Nathan
2025-08-18 18:27:26 -05:00
parent fc7866349e
commit 04a831de7e
45 changed files with 384 additions and 1074 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
system-config/configuration/homebox/default.nix
View File

@@ -67,24 +67,6 @@
nixpkgs.config.allowUnfree = true;
# Set your time zone.
time.timeZone = "America/Chicago";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
services.displayManager.sddm.settings.AutoLogin = {
User = "nathan";
Session = "hyprland";
@@ -121,12 +103,6 @@
];
};
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
};
};
sops = {
age.keyFile = "/home/nathan/.config/sops/age/keys.txt";
@@ -140,7 +116,6 @@
};
};
programs.fuse.userAllowOther = true;
home-manager = {
backupFileExtension = "backup";

92
system-config/default.nix
View File

@@ -6,4 +6,96 @@
./programs
];
options.sysconfig = with lib; {
host = mkOption {
type = with types; nullOr str;
default = null;
};
graphical = mkOption {
type = with types; bool;
default = config.hardware.graphics.enable;
};
remoteBuildHost = mkOption {
type = with types; bool;
default = false;
};
remoteBuildClient = mkOption {
type = with types; bool;
default = false;
};
};
config = let
dirs = (builtins.partition
(x: ((builtins.readDir ./configuration).${x} == "directory" && (import x).config.sysconfig.host != config.sysconfig.host))
(builtins.attrNames (builtins.readDir ./configuration))
).right;
rbHosts = (builtins.listToAttrs
(builtins.map
(x: let
host = import x;
in {
name = x;
value = {
hostName = host.config.networking.hostName;
sshUser = "remote-builder";
sshKey = config.sops.secrets."remoteBuildSSHKey".path;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
system = pkgs.stdenv.hostPlatform.system;
};
})
dirs
)
);
in {
sops.secrets."remoteBuildSSHKey" = lib.mkIf config.sysconfig.remoteBuildClient {};
networking.hostName = lib.mkDefault config.sysconfig.host;
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
channel.enable = false;
settings = {
experimental-features = [ "nix-command" "flakes" ];
};
distributedBuilds = config.sysconfig.remoteBuildClient;
buildMachines = lib.mkIf config.sysconfig.remoteBuildClient {};
trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ config.users.users."remote-builder".name ];
};
environment.etc = lib.mkIf config.sysconfig.remoteBuildHost {};
users.users."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
isNormalUser = true;
createHome = false;
openssh.authorizedKeys.keyFiles = [];
};
time.timeZone = lib.mkDefault "America/Chicago";
i18n = lib.mkDefault {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
};
}

1
system-config/services/containers/gitea/default.nix
View File

@@ -23,7 +23,6 @@
networking.firewall.allowedTCPPorts = [
22
2222
];
containers.gitea = {

5
system-config/services/openssh/default.nix
View File

@@ -7,12 +7,11 @@
};
};
config = lib.mkIf config.sysconfig.services.openssh.enable {
config = lib.mkIf (config.sysconfig.services.openssh.enable || config.sysconfig.remoteBuildHost) {
networking.firewall.allowedTCPPorts = [ 22 ];
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PermitRootLogin = lib.mkForce "no";
PasswordAuthentication = false;

58
system-config/users/default.nix
View File

@@ -1,46 +1,62 @@
{ config, lib, inputs, ... }: {
{ config, lib, pkgs, inputs, ... }: {
options.sysconfig = {
options.sysconfig = with lib; {
users = let
userType = lib.types.submodule ({ username, ... }: {
userType = types.submodule ({ username, ... }: {
options = {
username = lib.mkOption {
type = lib.types.str;
type = with types; str;
default = username;
};
home-manager = {
enable = lib.mkOption {
type = lib.types.bool;
type = with types; bool;
default = false;
};
standalone = lib.mkOption {
type = with types; bool;
default = false;
description = "is this home-manager standalone?";
};
extraModules = lib.mkOption {
type = lib.types.listOf lib.types.raw;
type = with types; listOf raw;
default = [];
};
};
sshKeys = lib.mkOption {
type = lib.types.listOf lib.types.str;
type = with types; listOf str;
default = [];
};
uid = lib.mkOption {
type = with types; nullOr int;
default = null;
};
hashedPasswordFile = lib.mkOption {
type = lib.types.nullOr lib.types.str;
type = with types; nullOr str;
default = null;
};
extraGroups = lib.mkOption {
type = lib.types.listOf lib.types.str;
type = with types; listOf str;
default = [];
};
shell = lib.mkOption {
type = with types; package;
default = pkgs.shadow;
};
};
});
in lib.mkOption {
type = lib.types.attrsOf userType;
type = userType;
default = {};
};
};
@@ -50,26 +66,38 @@
users.users = builtins.mapAttrs (name: user: {
name = user.username;
isNormalUser = true;
uid = user.uid;
hashedPasswordFile = lib.mkIf (user.hashedPasswordFile != null) user.hashedPasswordFile;
shell = user.shell;
extraGroups = user.extraGroups;
openssh.authorizedKeys.keys = lib.mkIf config.sysconfig.services.openssh.enable config.sysconfig.users.${user.username}.sshKeys;
openssh.authorizedKeys.keys = lib.mkIf config.sysconfig.services.openssh.enable user.sshKeys;
packages = with pkgs; lib.mkIf (user.home-manager.enable && user.home-manager.standalone) [ home-manager ];
}) config.sysconfig.users;
programs.fuse.userAllowOther = true;
home-manager = {
backupFileExtension = "backup";
extraSpecialArgs = {inherit inputs;};
extraSpecialArgs = { inherit inputs; };
sharedModules = [
inputs.sops-nix.homeManagerModules.sops
inputs.home-manager-config
];
users = (builtins.mapAttrs
(name: user: (lib.mkMerge [
(inputs.${user.username} { config = config.home-manager.users.${user.username}; inherit lib; })
] ++ user.home-manager.extraModules))
{
homeconfig = {
host = config.sysconfig.host;
username = user.username;
graphical = config.sysconfig.graphical;
};
}
] ++ (if inputs ? ${user.username} then [ (inputs.${user.username} { config = config.home-manager.users.${user.username}; }) ] else [])
++ user.home-manager.extraModules))
(builtins.removeAttrs
config.sysconfig.users
(builtins.partition
(name: config.sysconfig.users.${name}.home-manager.enable == true)
(name: (config.sysconfig.users.${name}.home-manager.enable && !config.sysconfig.users.${name}.home-manager.standalone))
(builtins.attrNames config.sysconfig.users)
).wrong
)