diff --git a/default.nix b/default.nix index d55d620..02273dc 100644 --- a/default.nix +++ b/default.nix @@ -7,10 +7,12 @@ let version = "nixos-unstable"; }; }; - lib = (import "${inputs.nixpkgs}/lib").extend (import ./lib inputs_final); + lib = (import "${inputs.nixpkgs}/lib").extend (import ./lib inputs_final self.profiles); mkLibForMachine = machine: - (import "${lib.snowfield.${machine}.nixpkgs_version}/lib").extend (import ./lib inputs_final); + (import "${lib.snowfield.${machine}.nixpkgs_version}/lib").extend ( + import ./lib inputs_final self.profiles + ); machines_plats = lib.lists.unique ( lib.mapAttrsToList (_name: value: value.arch) ( lib.filterAttrs (_n: v: builtins.hasAttr "arch" v) lib.snowfield @@ -33,12 +35,19 @@ let }) (builtins.attrNames (builtins.readDir ./modules)) ); + profiles = builtins.listToAttrs ( + map (x: { + name = lib.strings.removeSuffix ".nix" x; + value = import (./profiles + "/${x}"); + }) (builtins.attrNames (builtins.readDir ./profiles)) + ); + nixosConfigurations = builtins.mapAttrs ( name: value: (mkMachine { inherit name self; host-config = value; - modules = nixosModules; + modules = builtins.attrValues nixosModules ++ lib.snowfield.${name}.profiles; nixpkgs = lib.snowfield.${name}.nixpkgs_version; system = lib.snowfield.${name}.arch; home-manager = lib.snowfield.${name}.hm_version; diff --git a/lib/default.nix b/lib/default.nix index 96932b5..a69fa64 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,4 +1,4 @@ -inputs: final: _prev: +inputs: profiles: final: _prev: with builtins; let @@ -9,6 +9,9 @@ let (import ../modules/meta/default.nix) { machine.meta = raw; } ]; + specialArgs = { + inherit profiles; + }; }).config.machine.meta; non_local_machines = (import ./snowfield.nix).machines; diff --git a/lib/mkmachine.nix b/lib/mkmachine.nix index 63f9952..3860ae9 100644 --- a/lib/mkmachine.nix +++ b/lib/mkmachine.nix @@ -21,13 +21,12 @@ let in import "${nixpkgs}/nixos/lib/eval-config.nix" { inherit system; - lib = pkgs.lib.extend (import ./default.nix inputs); + lib = pkgs.lib.extend (import ./default.nix inputs self.profiles); specialArgs = { inherit inputs; - inherit (self) nixosConfigurations; + inherit (self) nixosConfigurations profiles; }; - modules = builtins.attrValues modules ++ [ - ../machines/base.nix + modules = modules ++ [ host-config (import "${home-manager}/nixos") (import "${inputs.nixos-mailserver}") diff --git a/modules/meta/default.nix b/modules/meta/default.nix index 417e545..b1bd347 100644 --- a/modules/meta/default.nix +++ b/modules/meta/default.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ lib, profiles, ... }: { options.machine.meta = lib.mkOption { description = "Machine metadata"; @@ -33,6 +33,10 @@ description = "tld for local addressing of the machine"; default = "luj"; }; + profiles = mkOption { + description = "profiles applied to the machine"; + default = with profiles; [ base ]; + }; }; } diff --git a/profiles/base.nix b/profiles/base.nix new file mode 100644 index 0000000..f275fbc --- /dev/null +++ b/profiles/base.nix @@ -0,0 +1,105 @@ +{ + pkgs, + lib, + config, + ... +}: + +{ + + imports = [ + ../users/default.nix + ../users/julien.nix + ]; + + luj.nix.enable = true; + luj.secrets.enable = true; + luj.ssh-server.enable = true; + luj.programs.mosh.enable = true; + luj.deployment.enable = true; + + time.timeZone = "Europe/Paris"; + i18n.defaultLocale = "en_US.UTF-8"; + i18n.extraLocaleSettings = { + LC_ADDRESS = "fr_FR.UTF-8"; + LC_IDENTIFICATION = "fr_FR.UTF-8"; + LC_MEASUREMENT = "fr_FR.UTF-8"; + LC_MONETARY = "fr_FR.UTF-8"; + LC_NAME = "fr_FR.UTF-8"; + LC_NUMERIC = "fr_FR.UTF-8"; + LC_PAPER = "fr_FR.UTF-8"; + LC_TELEPHONE = "fr_FR.UTF-8"; + LC_TIME = "fr_FR.UTF-8"; + }; + + console = { + keyMap = lib.mkForce "fr"; + font = null; + useXkbConfig = true; + }; + + services.xserver.xkb = { + layout = "fr"; + variant = ""; + }; + + programs.gnupg.agent.enable = true; + networking.firewall.enable = true; + + environment.systemPackages = with pkgs; [ + neovim + attic-client + kitty + tailscale + step-cli + ]; + + environment.variables.EDITOR = "nvim"; + + networking.networkmanager.dns = "systemd-resolved"; + services.resolved.enable = true; + + networking.firewall.checkReversePath = "loose"; + + services.tailscale.enable = true; + + age.identityPaths = [ + "/etc/ssh/ssh_host_ed25519_key" + "/persistent/etc/ssh/ssh_host_ed25519_key" + ]; + + system.nixos.label = "${config.system.nixos.release}-${ + let + repo = builtins.fetchGit ../.; + in + repo.dirtyShortRev or repo.shortRev + }"; + + security.pki.certificates = [ + '' + -----BEGIN CERTIFICATE----- + MIIByzCCAXKgAwIBAgIQAcJCOR+99m5v3dHWQw5m9jAKBggqhkjOPQQDAjAwMRIw + EAYDVQQKEwlTYXVtb25OZXQxGjAYBgNVBAMTEVNhdW1vbk5ldCBSb290IENBMB4X + DTIyMDQyNDIwMDE1MFoXDTMyMDQyMTIwMDE1MFowODESMBAGA1UEChMJU2F1bW9u + TmV0MSIwIAYDVQQDExlTYXVtb25OZXQgSW50ZXJtZWRpYXRlIENBMFkwEwYHKoZI + zj0CAQYIKoZIzj0DAQcDQgAE5Sk6vYJcYlh4aW0vAN84MWr84TTVTTdsM2s8skH6 + 7fDsqNMb7FMwUMEAFwQRiADjYy3saU2Dogh2ESuB1dDFFqNmMGQwDgYDVR0PAQH/ + BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFO5iTfZiutpsM7ja + mP3yuMIy6iNTMB8GA1UdIwQYMBaAFBWOQHe4eAeothQTmTNKiG/pAowGMAoGCCqG + SM49BAMCA0cAMEQCICu8u19I7RMfnQ7t3QXHP5fdUm/fX/puqF+jYSf9SZEoAiBc + oVcd0OfuAExWHhOMUZ0OV4bws9WCax333I+Pg4nDNw== + -----END CERTIFICATE-----'' + '' + -----BEGIN CERTIFICATE----- + MIIBpTCCAUqgAwIBAgIRALevKnnElllot/cRNGjnUqUwCgYIKoZIzj0EAwIwMDES + MBAGA1UEChMJU2F1bW9uTmV0MRowGAYDVQQDExFTYXVtb25OZXQgUm9vdCBDQTAe + Fw0yMjA0MjQyMDAxNDlaFw0zMjA0MjEyMDAxNDlaMDAxEjAQBgNVBAoTCVNhdW1v + bk5ldDEaMBgGA1UEAxMRU2F1bW9uTmV0IFJvb3QgQ0EwWTATBgcqhkjOPQIBBggq + hkjOPQMBBwNCAAQG356Ui437dBTSOiJILKjVkwrJMsXN3eba/T1N+IJeqRBfigo7 + BW9YZfs1xIbMZ5wL0Zc/DsSEo5xCC7j4YaXro0UwQzAOBgNVHQ8BAf8EBAMCAQYw + EgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUFY5Ad7h4B6i2FBOZM0qIb+kC + jAYwCgYIKoZIzj0EAwIDSQAwRgIhALdsEqiRa4ak5Cnin6Tjnel5uOiHSjoC6LKf + VfXtULncAiEA2gmqdr+ugFz5tvPdKwanroTiMTUMhhCRYVlQlyTApyQ= + -----END CERTIFICATE-----'' + ]; +}