hosts: reorganize common config (#39)

* hosts: mv common.nix -> common/default.nix

* hosts/common: move wifi settings to wifi.nix

* hosts/common: add locale.nix, nix.nix, samba.nix, and secrets.nix

* hosts/common: move network and wifi settings to network.nix

* hosts/common: org fixes
This commit is contained in:
Aly Raffauf 2024-07-16 16:53:28 -04:00 committed by GitHub
parent 83e4f55604
commit a844e2ff68
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
12 changed files with 197 additions and 182 deletions

View file

@ -1,177 +0,0 @@
{
config,
lib,
pkgs,
self,
...
}: {
age.secrets = {
tailscaleAuthKey.file = ../secrets/tailscale/authKeyFile.age;
wifi.file = ../secrets/wifi.age;
};
environment = {
systemPackages = with pkgs; [
self.inputs.agenix.packages.${pkgs.system}.default
inxi
];
variables.FLAKE = "github:alyraffauf/nixcfg";
};
i18n = {
defaultLocale = lib.mkDefault "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = config.i18n.defaultLocale;
LC_IDENTIFICATION = config.i18n.defaultLocale;
LC_MEASUREMENT = config.i18n.defaultLocale;
LC_MONETARY = config.i18n.defaultLocale;
LC_NAME = config.i18n.defaultLocale;
LC_NUMERIC = config.i18n.defaultLocale;
LC_PAPER = config.i18n.defaultLocale;
LC_TELEPHONE = config.i18n.defaultLocale;
LC_TIME = config.i18n.defaultLocale;
};
};
fileSystems = lib.attrsets.optionalAttrs (config.networking.hostName != "mauville") {
"/mnt/Archive" = {
device = "//mauville/Archive";
fsType = "cifs";
options = [
"gid=100"
"guest"
"nofail"
"uid=${toString config.users.users.aly.uid}"
"x-systemd.after=network.target"
"x-systemd.after=tailscaled.service"
"x-systemd.automount"
"x-systemd.device-timeout=5s"
"x-systemd.idle-timeout=60"
"x-systemd.mount-timeout=5s"
];
};
"/mnt/Media" = {
device = "//mauville/Media";
fsType = "cifs";
options = [
"gid=100"
"guest"
"nofail"
"uid=${toString config.users.users.aly.uid}"
"x-systemd.after=network.target"
"x-systemd.after=tailscaled.service"
"x-systemd.automount"
"x-systemd.device-timeout=5s"
"x-systemd.idle-timeout=60"
"x-systemd.mount-timeout=5s"
];
};
};
home-manager.sharedModules = [
{
gtk.gtk3.bookmarks = lib.optionals (config.networking.hostName != "mauville") [
"file:///mnt/Media"
"file:///mnt/Archive"
];
}
];
nix.settings = {
substituters = [
"https://alyraffauf.cachix.org"
"https://cache.nixos.org/"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"alyraffauf.cachix.org-1:GQVrRGfjTtkPGS8M6y7Ik0z4zLt77O0N25ynv2gWzDM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
trusted-users = ["aly"];
};
nixpkgs.config.allowUnfree = true; # Allow unfree packages
networking.networkmanager = {
enable = true;
ensureProfiles = {
environmentFiles = [config.age.secrets.wifi.path];
profiles = let
mkOpenWiFi = ssid: {
connection.id = "${ssid}";
connection.type = "wifi";
ipv4.method = "auto";
ipv6.addr-gen-mode = "default";
ipv6.method = "auto";
wifi.mode = "infrastructure";
wifi.ssid = "${ssid}";
};
mkWPA2WiFi = ssid: psk: (
(mkOpenWiFi ssid)
// {
wifi-security.auth-alg = "open";
wifi-security.key-mgmt = "wpa-psk";
wifi-security.psk = "${psk}";
}
);
mkEAPWiFi = ssid: identity: pass: auth: (
(mkOpenWiFi ssid)
// {
"802-1x".eap = "peap;";
"802-1x".identity = "${identity}";
"802-1x".password = "${pass}";
"802-1x".phase2-auth = "${auth}";
wifi-security.auth-alg = "open";
wifi-security.key-mgmt = "wpa-eap";
}
);
in {
"Dustin's A54" = mkWPA2WiFi "Dustin's A54" "$DustinsA54PSK";
"FCS-WiFi2" = mkEAPWiFi "FCS-WiFi2" "$FCSIdentity" "$FCSPassword" "mschapv2";
"javapatron" = mkOpenWiFi "javapatron";
"Stargate-Discovery" = mkWPA2WiFi "Stargate-Discovery" "$StargateDiscoveryPSK";
"Taproom Public WiFi" = mkOpenWiFi "Taproom Public WiFi";
"wallace" = mkWPA2WiFi "wallace" "$wallacePSK";
"WeWorkWiFi" = mkEAPWiFi "WeWorkWiFi" "$WeWorkWiFiIdentity" "$WeWorkWiFiPassword" "mschapv2";
};
};
};
services = {
tailscale = {
enable = true;
openFirewall = true;
authKeyFile = config.age.secrets.tailscaleAuthKey.path;
};
xserver.xkb = {
layout = "us";
variant = "altgr-intl";
};
};
system.autoUpgrade = {
enable = true;
allowReboot = true;
dates = "02:00";
flake = "github:alyraffauf/nixcfg";
operation = "switch";
persistent = true;
randomizedDelaySec = "30min";
rebootWindow = {
lower = "04:00";
upper = "06:00";
};
};
time.timeZone = "America/New_York";
}

11
hosts/common/default.nix Normal file
View file

@ -0,0 +1,11 @@
{pkgs, ...}: {
imports = [
./locale.nix
./network.nix
./nix.nix
./samba.nix
./secrets.nix
];
environment.systemPackages = with pkgs; [inxi];
}

28
hosts/common/locale.nix Normal file
View file

@ -0,0 +1,28 @@
{
config,
lib,
...
}: {
i18n = {
defaultLocale = lib.mkDefault "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = config.i18n.defaultLocale;
LC_IDENTIFICATION = config.i18n.defaultLocale;
LC_MEASUREMENT = config.i18n.defaultLocale;
LC_MONETARY = config.i18n.defaultLocale;
LC_NAME = config.i18n.defaultLocale;
LC_NUMERIC = config.i18n.defaultLocale;
LC_PAPER = config.i18n.defaultLocale;
LC_TELEPHONE = config.i18n.defaultLocale;
LC_TIME = config.i18n.defaultLocale;
};
};
services.xserver.xkb = {
layout = "us";
variant = "altgr-intl";
};
time.timeZone = "America/New_York";
}

56
hosts/common/network.nix Normal file
View file

@ -0,0 +1,56 @@
{config, ...}: {
networking.networkmanager = {
enable = true;
ensureProfiles = {
environmentFiles = [config.age.secrets.wifi.path];
profiles = let
mkOpenWiFi = ssid: {
connection.id = "${ssid}";
connection.type = "wifi";
ipv4.method = "auto";
ipv6.addr-gen-mode = "default";
ipv6.method = "auto";
wifi.mode = "infrastructure";
wifi.ssid = "${ssid}";
};
mkWPA2WiFi = ssid: psk: (
(mkOpenWiFi ssid)
// {
wifi-security.auth-alg = "open";
wifi-security.key-mgmt = "wpa-psk";
wifi-security.psk = "${psk}";
}
);
mkEAPWiFi = ssid: identity: pass: auth: (
(mkOpenWiFi ssid)
// {
"802-1x".eap = "peap;";
"802-1x".identity = "${identity}";
"802-1x".password = "${pass}";
"802-1x".phase2-auth = "${auth}";
wifi-security.auth-alg = "open";
wifi-security.key-mgmt = "wpa-eap";
}
);
in {
"Dustin's A54" = mkWPA2WiFi "Dustin's A54" "$DustinsA54PSK";
"FCS-WiFi2" = mkEAPWiFi "FCS-WiFi2" "$FCSIdentity" "$FCSPassword" "mschapv2";
"javapatron" = mkOpenWiFi "javapatron";
"Stargate-Discovery" = mkWPA2WiFi "Stargate-Discovery" "$StargateDiscoveryPSK";
"Taproom Public WiFi" = mkOpenWiFi "Taproom Public WiFi";
"wallace" = mkWPA2WiFi "wallace" "$wallacePSK";
"WeWorkWiFi" = mkEAPWiFi "WeWorkWiFi" "$WeWorkWiFiIdentity" "$WeWorkWiFiPassword" "mschapv2";
};
};
};
services.tailscale = {
enable = true;
openFirewall = true;
authKeyFile = config.age.secrets.tailscaleAuthKey.path;
};
}

35
hosts/common/nix.nix Normal file
View file

@ -0,0 +1,35 @@
{config, ...}: {
environment.variables.FLAKE = "github:alyraffauf/nixcfg";
nix.settings = {
substituters = [
"https://alyraffauf.cachix.org"
"https://cache.nixos.org/"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"alyraffauf.cachix.org-1:GQVrRGfjTtkPGS8M6y7Ik0z4zLt77O0N25ynv2gWzDM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
trusted-users = ["aly"];
};
nixpkgs.config.allowUnfree = true; # Allow unfree packages
system.autoUpgrade = {
enable = true;
allowReboot = true;
dates = "02:00";
flake = config.environment.variables.FLAKE;
operation = "switch";
persistent = true;
randomizedDelaySec = "30min";
rebootWindow = {
lower = "04:00";
upper = "06:00";
};
};
}

50
hosts/common/samba.nix Normal file
View file

@ -0,0 +1,50 @@
{
config,
lib,
...
}: {
fileSystems = lib.attrsets.optionalAttrs (config.networking.hostName != "mauville") {
"/mnt/Archive" = {
device = "//mauville/Archive";
fsType = "cifs";
options = [
"gid=100"
"guest"
"nofail"
"uid=${toString config.users.users.aly.uid}"
"x-systemd.after=network.target"
"x-systemd.after=tailscaled.service"
"x-systemd.automount"
"x-systemd.device-timeout=5s"
"x-systemd.idle-timeout=60"
"x-systemd.mount-timeout=5s"
];
};
"/mnt/Media" = {
device = "//mauville/Media";
fsType = "cifs";
options = [
"gid=100"
"guest"
"nofail"
"uid=${toString config.users.users.aly.uid}"
"x-systemd.after=network.target"
"x-systemd.after=tailscaled.service"
"x-systemd.automount"
"x-systemd.device-timeout=5s"
"x-systemd.idle-timeout=60"
"x-systemd.mount-timeout=5s"
];
};
};
home-manager.sharedModules = [
{
gtk.gtk3.bookmarks = lib.optionals (config.networking.hostName != "mauville") [
"file:///mnt/Media"
"file:///mnt/Archive"
];
}
];
}

12
hosts/common/secrets.nix Normal file
View file

@ -0,0 +1,12 @@
{
pkgs,
self,
...
}: {
age.secrets = {
tailscaleAuthKey.file = ../../secrets/tailscale/authKeyFile.age;
wifi.file = ../../secrets/wifi.age;
};
environment.systemPackages = [self.inputs.agenix.packages.${pkgs.system}.default];
}

View file

@ -7,7 +7,7 @@
... ...
}: { }: {
imports = [ imports = [
../common.nix ../common
./disko.nix ./disko.nix
./home.nix ./home.nix
self.inputs.nixhw.nixosModules.framework-13-intel-11th self.inputs.nixhw.nixosModules.framework-13-intel-11th

View file

@ -7,7 +7,7 @@
... ...
}: { }: {
imports = [ imports = [
../common.nix ../common
./disko.nix ./disko.nix
./home.nix ./home.nix
self.inputs.nixhw.nixosModules.framework-13-amd-7000 self.inputs.nixhw.nixosModules.framework-13-amd-7000

View file

@ -11,7 +11,7 @@
mediaDirectory = "/mnt/Media"; mediaDirectory = "/mnt/Media";
in { in {
imports = [ imports = [
../common.nix ../common
./filesystems.nix ./filesystems.nix
./home.nix ./home.nix
self.inputs.nixhw.nixosModules.common-amd-cpu self.inputs.nixhw.nixosModules.common-amd-cpu

View file

@ -7,7 +7,7 @@
... ...
}: { }: {
imports = [ imports = [
../common.nix ../common
./disko.nix ./disko.nix
./home.nix ./home.nix
self.inputs.nixhw.nixosModules.lenovo-yoga-9i-intel-13th self.inputs.nixhw.nixosModules.lenovo-yoga-9i-intel-13th

View file

@ -7,7 +7,7 @@
... ...
}: { }: {
imports = [ imports = [
../common.nix ../common
./disko.nix ./disko.nix
./home.nix ./home.nix
self.inputs.nixhw.nixosModules.thinkpad-t440p self.inputs.nixhw.nixosModules.thinkpad-t440p