From a844e2ff68b9479f84cab662ef348bc50bf44b85 Mon Sep 17 00:00:00 2001 From: Aly Raffauf Date: Tue, 16 Jul 2024 16:53:28 -0400 Subject: [PATCH] hosts: reorganize common config (#39) * hosts: mv common.nix -> common/default.nix * hosts/common: move wifi settings to wifi.nix * hosts/common: add locale.nix, nix.nix, samba.nix, and secrets.nix * hosts/common: move network and wifi settings to network.nix * hosts/common: org fixes --- hosts/common.nix | 177 ------------------------------------ hosts/common/default.nix | 11 +++ hosts/common/locale.nix | 28 ++++++ hosts/common/network.nix | 56 ++++++++++++ hosts/common/nix.nix | 35 +++++++ hosts/common/samba.nix | 50 ++++++++++ hosts/common/secrets.nix | 12 +++ hosts/fallarbor/default.nix | 2 +- hosts/lavaridge/default.nix | 2 +- hosts/mauville/default.nix | 2 +- hosts/petalburg/default.nix | 2 +- hosts/rustboro/default.nix | 2 +- 12 files changed, 197 insertions(+), 182 deletions(-) delete mode 100644 hosts/common.nix create mode 100644 hosts/common/default.nix create mode 100644 hosts/common/locale.nix create mode 100644 hosts/common/network.nix create mode 100644 hosts/common/nix.nix create mode 100644 hosts/common/samba.nix create mode 100644 hosts/common/secrets.nix diff --git a/hosts/common.nix b/hosts/common.nix deleted file mode 100644 index daa78ccb..00000000 --- a/hosts/common.nix +++ /dev/null @@ -1,177 +0,0 @@ -{ - config, - lib, - pkgs, - self, - ... -}: { - age.secrets = { - tailscaleAuthKey.file = ../secrets/tailscale/authKeyFile.age; - wifi.file = ../secrets/wifi.age; - }; - - environment = { - systemPackages = with pkgs; [ - self.inputs.agenix.packages.${pkgs.system}.default - inxi - ]; - - variables.FLAKE = "github:alyraffauf/nixcfg"; - }; - - i18n = { - defaultLocale = lib.mkDefault "en_US.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = config.i18n.defaultLocale; - LC_IDENTIFICATION = config.i18n.defaultLocale; - LC_MEASUREMENT = config.i18n.defaultLocale; - LC_MONETARY = config.i18n.defaultLocale; - LC_NAME = config.i18n.defaultLocale; - LC_NUMERIC = config.i18n.defaultLocale; - LC_PAPER = config.i18n.defaultLocale; - LC_TELEPHONE = config.i18n.defaultLocale; - LC_TIME = config.i18n.defaultLocale; - }; - }; - - fileSystems = lib.attrsets.optionalAttrs (config.networking.hostName != "mauville") { - "/mnt/Archive" = { - device = "//mauville/Archive"; - fsType = "cifs"; - options = [ - "gid=100" - "guest" - "nofail" - "uid=${toString config.users.users.aly.uid}" - "x-systemd.after=network.target" - "x-systemd.after=tailscaled.service" - "x-systemd.automount" - "x-systemd.device-timeout=5s" - "x-systemd.idle-timeout=60" - "x-systemd.mount-timeout=5s" - ]; - }; - - "/mnt/Media" = { - device = "//mauville/Media"; - fsType = "cifs"; - options = [ - "gid=100" - "guest" - "nofail" - "uid=${toString config.users.users.aly.uid}" - "x-systemd.after=network.target" - "x-systemd.after=tailscaled.service" - "x-systemd.automount" - "x-systemd.device-timeout=5s" - "x-systemd.idle-timeout=60" - "x-systemd.mount-timeout=5s" - ]; - }; - }; - - home-manager.sharedModules = [ - { - gtk.gtk3.bookmarks = lib.optionals (config.networking.hostName != "mauville") [ - "file:///mnt/Media" - "file:///mnt/Archive" - ]; - } - ]; - - nix.settings = { - substituters = [ - "https://alyraffauf.cachix.org" - "https://cache.nixos.org/" - "https://nix-community.cachix.org" - ]; - - trusted-public-keys = [ - "alyraffauf.cachix.org-1:GQVrRGfjTtkPGS8M6y7Ik0z4zLt77O0N25ynv2gWzDM=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - - trusted-users = ["aly"]; - }; - - nixpkgs.config.allowUnfree = true; # Allow unfree packages - - networking.networkmanager = { - enable = true; - - ensureProfiles = { - environmentFiles = [config.age.secrets.wifi.path]; - - profiles = let - mkOpenWiFi = ssid: { - connection.id = "${ssid}"; - connection.type = "wifi"; - ipv4.method = "auto"; - ipv6.addr-gen-mode = "default"; - ipv6.method = "auto"; - wifi.mode = "infrastructure"; - wifi.ssid = "${ssid}"; - }; - - mkWPA2WiFi = ssid: psk: ( - (mkOpenWiFi ssid) - // { - wifi-security.auth-alg = "open"; - wifi-security.key-mgmt = "wpa-psk"; - wifi-security.psk = "${psk}"; - } - ); - - mkEAPWiFi = ssid: identity: pass: auth: ( - (mkOpenWiFi ssid) - // { - "802-1x".eap = "peap;"; - "802-1x".identity = "${identity}"; - "802-1x".password = "${pass}"; - "802-1x".phase2-auth = "${auth}"; - wifi-security.auth-alg = "open"; - wifi-security.key-mgmt = "wpa-eap"; - } - ); - in { - "Dustin's A54" = mkWPA2WiFi "Dustin's A54" "$DustinsA54PSK"; - "FCS-WiFi2" = mkEAPWiFi "FCS-WiFi2" "$FCSIdentity" "$FCSPassword" "mschapv2"; - "javapatron" = mkOpenWiFi "javapatron"; - "Stargate-Discovery" = mkWPA2WiFi "Stargate-Discovery" "$StargateDiscoveryPSK"; - "Taproom Public WiFi" = mkOpenWiFi "Taproom Public WiFi"; - "wallace" = mkWPA2WiFi "wallace" "$wallacePSK"; - "WeWorkWiFi" = mkEAPWiFi "WeWorkWiFi" "$WeWorkWiFiIdentity" "$WeWorkWiFiPassword" "mschapv2"; - }; - }; - }; - - services = { - tailscale = { - enable = true; - openFirewall = true; - authKeyFile = config.age.secrets.tailscaleAuthKey.path; - }; - - xserver.xkb = { - layout = "us"; - variant = "altgr-intl"; - }; - }; - - system.autoUpgrade = { - enable = true; - allowReboot = true; - dates = "02:00"; - flake = "github:alyraffauf/nixcfg"; - operation = "switch"; - persistent = true; - randomizedDelaySec = "30min"; - - rebootWindow = { - lower = "04:00"; - upper = "06:00"; - }; - }; - - time.timeZone = "America/New_York"; -} diff --git a/hosts/common/default.nix b/hosts/common/default.nix new file mode 100644 index 00000000..4590ee21 --- /dev/null +++ b/hosts/common/default.nix @@ -0,0 +1,11 @@ +{pkgs, ...}: { + imports = [ + ./locale.nix + ./network.nix + ./nix.nix + ./samba.nix + ./secrets.nix + ]; + + environment.systemPackages = with pkgs; [inxi]; +} diff --git a/hosts/common/locale.nix b/hosts/common/locale.nix new file mode 100644 index 00000000..abdbb0b7 --- /dev/null +++ b/hosts/common/locale.nix @@ -0,0 +1,28 @@ +{ + config, + lib, + ... +}: { + i18n = { + defaultLocale = lib.mkDefault "en_US.UTF-8"; + + extraLocaleSettings = { + LC_ADDRESS = config.i18n.defaultLocale; + LC_IDENTIFICATION = config.i18n.defaultLocale; + LC_MEASUREMENT = config.i18n.defaultLocale; + LC_MONETARY = config.i18n.defaultLocale; + LC_NAME = config.i18n.defaultLocale; + LC_NUMERIC = config.i18n.defaultLocale; + LC_PAPER = config.i18n.defaultLocale; + LC_TELEPHONE = config.i18n.defaultLocale; + LC_TIME = config.i18n.defaultLocale; + }; + }; + + services.xserver.xkb = { + layout = "us"; + variant = "altgr-intl"; + }; + + time.timeZone = "America/New_York"; +} diff --git a/hosts/common/network.nix b/hosts/common/network.nix new file mode 100644 index 00000000..1da7ce37 --- /dev/null +++ b/hosts/common/network.nix @@ -0,0 +1,56 @@ +{config, ...}: { + networking.networkmanager = { + enable = true; + + ensureProfiles = { + environmentFiles = [config.age.secrets.wifi.path]; + + profiles = let + mkOpenWiFi = ssid: { + connection.id = "${ssid}"; + connection.type = "wifi"; + ipv4.method = "auto"; + ipv6.addr-gen-mode = "default"; + ipv6.method = "auto"; + wifi.mode = "infrastructure"; + wifi.ssid = "${ssid}"; + }; + + mkWPA2WiFi = ssid: psk: ( + (mkOpenWiFi ssid) + // { + wifi-security.auth-alg = "open"; + wifi-security.key-mgmt = "wpa-psk"; + wifi-security.psk = "${psk}"; + } + ); + + mkEAPWiFi = ssid: identity: pass: auth: ( + (mkOpenWiFi ssid) + // { + "802-1x".eap = "peap;"; + "802-1x".identity = "${identity}"; + "802-1x".password = "${pass}"; + "802-1x".phase2-auth = "${auth}"; + wifi-security.auth-alg = "open"; + wifi-security.key-mgmt = "wpa-eap"; + } + ); + in { + "Dustin's A54" = mkWPA2WiFi "Dustin's A54" "$DustinsA54PSK"; + "FCS-WiFi2" = mkEAPWiFi "FCS-WiFi2" "$FCSIdentity" "$FCSPassword" "mschapv2"; + "javapatron" = mkOpenWiFi "javapatron"; + "Stargate-Discovery" = mkWPA2WiFi "Stargate-Discovery" "$StargateDiscoveryPSK"; + "Taproom Public WiFi" = mkOpenWiFi "Taproom Public WiFi"; + "wallace" = mkWPA2WiFi "wallace" "$wallacePSK"; + "WeWorkWiFi" = mkEAPWiFi "WeWorkWiFi" "$WeWorkWiFiIdentity" "$WeWorkWiFiPassword" "mschapv2"; + }; + }; + }; + + services.tailscale = { + enable = true; + openFirewall = true; + authKeyFile = config.age.secrets.tailscaleAuthKey.path; + }; +} diff --git a/hosts/common/nix.nix b/hosts/common/nix.nix new file mode 100644 index 00000000..badfbf51 --- /dev/null +++ b/hosts/common/nix.nix @@ -0,0 +1,35 @@ +{config, ...}: { + environment.variables.FLAKE = "github:alyraffauf/nixcfg"; + + nix.settings = { + substituters = [ + "https://alyraffauf.cachix.org" + "https://cache.nixos.org/" + "https://nix-community.cachix.org" + ]; + + trusted-public-keys = [ + "alyraffauf.cachix.org-1:GQVrRGfjTtkPGS8M6y7Ik0z4zLt77O0N25ynv2gWzDM=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + + trusted-users = ["aly"]; + }; + + nixpkgs.config.allowUnfree = true; # Allow unfree packages + + system.autoUpgrade = { + enable = true; + allowReboot = true; + dates = "02:00"; + flake = config.environment.variables.FLAKE; + operation = "switch"; + persistent = true; + randomizedDelaySec = "30min"; + + rebootWindow = { + lower = "04:00"; + upper = "06:00"; + }; + }; +} diff --git a/hosts/common/samba.nix b/hosts/common/samba.nix new file mode 100644 index 00000000..44eb977c --- /dev/null +++ b/hosts/common/samba.nix @@ -0,0 +1,50 @@ +{ + config, + lib, + ... +}: { + fileSystems = lib.attrsets.optionalAttrs (config.networking.hostName != "mauville") { + "/mnt/Archive" = { + device = "//mauville/Archive"; + fsType = "cifs"; + options = [ + "gid=100" + "guest" + "nofail" + "uid=${toString config.users.users.aly.uid}" + "x-systemd.after=network.target" + "x-systemd.after=tailscaled.service" + "x-systemd.automount" + "x-systemd.device-timeout=5s" + "x-systemd.idle-timeout=60" + "x-systemd.mount-timeout=5s" + ]; + }; + + "/mnt/Media" = { + device = "//mauville/Media"; + fsType = "cifs"; + options = [ + "gid=100" + "guest" + "nofail" + "uid=${toString config.users.users.aly.uid}" + "x-systemd.after=network.target" + "x-systemd.after=tailscaled.service" + "x-systemd.automount" + "x-systemd.device-timeout=5s" + "x-systemd.idle-timeout=60" + "x-systemd.mount-timeout=5s" + ]; + }; + }; + + home-manager.sharedModules = [ + { + gtk.gtk3.bookmarks = lib.optionals (config.networking.hostName != "mauville") [ + "file:///mnt/Media" + "file:///mnt/Archive" + ]; + } + ]; +} diff --git a/hosts/common/secrets.nix b/hosts/common/secrets.nix new file mode 100644 index 00000000..fad264d8 --- /dev/null +++ b/hosts/common/secrets.nix @@ -0,0 +1,12 @@ +{ + pkgs, + self, + ... +}: { + age.secrets = { + tailscaleAuthKey.file = ../../secrets/tailscale/authKeyFile.age; + wifi.file = ../../secrets/wifi.age; + }; + + environment.systemPackages = [self.inputs.agenix.packages.${pkgs.system}.default]; +} diff --git a/hosts/fallarbor/default.nix b/hosts/fallarbor/default.nix index 5cca55fe..9f3b0ed9 100644 --- a/hosts/fallarbor/default.nix +++ b/hosts/fallarbor/default.nix @@ -7,7 +7,7 @@ ... }: { imports = [ - ../common.nix + ../common ./disko.nix ./home.nix self.inputs.nixhw.nixosModules.framework-13-intel-11th diff --git a/hosts/lavaridge/default.nix b/hosts/lavaridge/default.nix index ebb3ff13..830f425e 100644 --- a/hosts/lavaridge/default.nix +++ b/hosts/lavaridge/default.nix @@ -7,7 +7,7 @@ ... }: { imports = [ - ../common.nix + ../common ./disko.nix ./home.nix self.inputs.nixhw.nixosModules.framework-13-amd-7000 diff --git a/hosts/mauville/default.nix b/hosts/mauville/default.nix index c2c6e0f6..9db9cade 100644 --- a/hosts/mauville/default.nix +++ b/hosts/mauville/default.nix @@ -11,7 +11,7 @@ mediaDirectory = "/mnt/Media"; in { imports = [ - ../common.nix + ../common ./filesystems.nix ./home.nix self.inputs.nixhw.nixosModules.common-amd-cpu diff --git a/hosts/petalburg/default.nix b/hosts/petalburg/default.nix index 3f636b39..8948d5ec 100644 --- a/hosts/petalburg/default.nix +++ b/hosts/petalburg/default.nix @@ -7,7 +7,7 @@ ... }: { imports = [ - ../common.nix + ../common ./disko.nix ./home.nix self.inputs.nixhw.nixosModules.lenovo-yoga-9i-intel-13th diff --git a/hosts/rustboro/default.nix b/hosts/rustboro/default.nix index aadde056..29b0a594 100644 --- a/hosts/rustboro/default.nix +++ b/hosts/rustboro/default.nix @@ -7,7 +7,7 @@ ... }: { imports = [ - ../common.nix + ../common ./disko.nix ./home.nix self.inputs.nixhw.nixosModules.thinkpad-t440p