diff --git a/.sops.yaml b/.sops.yaml index 9b660a3..98aeed8 100755 --- a/.sops.yaml +++ b/.sops.yaml @@ -4,38 +4,39 @@ keys: - &sora 4E241635F8EDD2919D2FB44CA362EA0491E2EEA0 # Hosts - &hosts: + - &ci age13qv9dn9806paqgpjwmmkwtdzvv4qpv0ulksq0epnn8ufaxeug5zskyas3z - &iriy age1ms8f0ysv6vakxepvt69fejczs6tddexepesdv4rkgtheehj3nu4sc6290s - &avalon age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg - &valinor age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg - &asgard age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg creation_rules: - - path_regex: modules/nixos/system/security/sops/iriy.ya?ml$ + - path_regex: modules/shared/sops/iriy.ya?ml key_groups: - age: - *iriy pgp: - *sora - - path_regex: modules/nixos/system/security/sops/avalon.ya?ml$ + - path_regex: modules/shared/sops/avalon.ya?ml key_groups: - age: - *avalon pgp: - *sora - - path_regex: modules/nixos/system/security/sops/valinor.ya?ml$ + - path_regex: modules/shared/sops/valinor.ya?ml key_groups: - age: - *valinor pgp: - *sora - - path_regex: modules/nixos/system/security/sops/asgard.ya?ml$ + - path_regex: modules/shared/sops/asgard.ya?ml key_groups: - age: - *asgard pgp: - *sora - - path_regex: modules/nixos/system/security/sops/common.yaml$ + - path_regex: modules/shared/sops/common.yaml key_groups: - age: - *valinor @@ -43,4 +44,9 @@ creation_rules: - *avalon - *asgard pgp: - - *sora \ No newline at end of file + - *sora + + - path_regex: modules/shared/sops/mock.yaml + key_groups: + - age: + - *ci \ No newline at end of file diff --git a/generator.nix b/generator.nix index 6d91f03..1155d70 100755 --- a/generator.nix +++ b/generator.nix @@ -1,25 +1,35 @@ { inputs, ... }: { generate = { type, system, host }: - ({ + let + nameValuePair = name: value: { inherit name value; }; + syscfg = import ./systems/${host}/cfg.nix; + in ({ "nixos" = inputs.nixpkgs.lib.nixosSystem { system = system; modules = [ inputs.sops-nix.nixosModules.sops + ./modules/shared/syscfg + ./modules/shared/sops ./modules/nixos + syscfg ./systems/${host} inputs.home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.extraSpecialArgs = { inherit inputs; }; - home-manager.users.sora = { - imports = [ - ./modules/home - inputs.nix-colors.homeManagerModule - inputs.hyprland.homeManagerModules.default - ./systems/${host}/home.nix - ]; - }; + home-manager.users = builtins.listToAttrs (map (userConfig: + nameValuePair userConfig.username { + imports = [ + inputs.nix-colors.homeManagerModule + inputs.hyprland.homeManagerModules.default + ./modules/shared/syscfg + ./modules/shared/colors + ./modules/home + syscfg + { usercfg = userConfig; } + ]; + }) syscfg.syscfg.users); } ]; }; diff --git a/modules/home/base/default.nix b/modules/home/base/default.nix index fd58df8..035b839 100644 --- a/modules/home/base/default.nix +++ b/modules/home/base/default.nix @@ -4,8 +4,8 @@ programs.home-manager.enable = true; home = { - username = "${config.homecfg.username}"; - homeDirectory = "/home/${config.homecfg.username}"; + username = "${config.usercfg.username}"; + homeDirectory = "/home/${config.usercfg.username}"; stateVersion = "23.11"; }; diff --git a/modules/home/cli/git/default.nix b/modules/home/cli/git/default.nix index c6567a9..52ae230 100755 --- a/modules/home/cli/git/default.nix +++ b/modules/home/cli/git/default.nix @@ -2,10 +2,10 @@ programs.git = { enable = true; - userEmail = "${config.homecfg.git.email}"; - userName = "${config.homecfg.git.username}"; + userEmail = "${config.usercfg.git.email}"; + userName = "${config.usercfg.git.username}"; signing = { - key = "${config.homecfg.git.key}"; + key = "${config.usercfg.git.key}"; signByDefault = true; }; ignores = [ "*result*" ".direnv" "node_modules" ]; diff --git a/modules/home/default.nix b/modules/home/default.nix index 8c8564a..c1478f0 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -1 +1 @@ -{ ... }: { imports = [ ./base ./cli ./gui ./homecfg ./wayland ./xdg ./xorg ]; } +{ ... }: { imports = [ ./base ./cli ./gui ./wayland ./xdg ./xorg ]; } diff --git a/modules/home/gui/apps/develop/default.nix b/modules/home/gui/apps/develop/default.nix index 0a96e96..384f3c9 100644 --- a/modules/home/gui/apps/develop/default.nix +++ b/modules/home/gui/apps/develop/default.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { imports = [ ./vscodium ]; - config = lib.mkIf (config.homecfg.make.develop) { + config = lib.mkIf (config.syscfg.make.develop) { home.packages = with pkgs; [ blender godot_4 ]; }; } diff --git a/modules/home/gui/apps/develop/vscodium/default.nix b/modules/home/gui/apps/develop/vscodium/default.nix index 4db7759..dd1c74b 100644 --- a/modules/home/gui/apps/develop/vscodium/default.nix +++ b/modules/home/gui/apps/develop/vscodium/default.nix @@ -1,6 +1,6 @@ { lib, config, pkgs, ... }: { - config = lib.mkIf (config.homecfg.make.develop) { + config = lib.mkIf (config.syscfg.make.develop) { programs.vscode = { enable = true; package = pkgs.vscodium; diff --git a/modules/home/gui/apps/firefox/default.nix b/modules/home/gui/apps/firefox/default.nix index eab3754..ccc2279 100755 --- a/modules/home/gui/apps/firefox/default.nix +++ b/modules/home/gui/apps/firefox/default.nix @@ -1,5 +1,5 @@ { lib, config, ... }: { - config = lib.mkIf (config.homecfg.make.gui) { + config = lib.mkIf (config.syscfg.make.gui) { programs.firefox = { enable = true; profiles = { diff --git a/modules/home/gui/apps/images/default.nix b/modules/home/gui/apps/images/default.nix index 5ee2e31..3bc1e39 100644 --- a/modules/home/gui/apps/images/default.nix +++ b/modules/home/gui/apps/images/default.nix @@ -1,6 +1,6 @@ { lib, config, pkgs, ... }: { - config = lib.mkIf (config.homecfg.make.gui) { + config = lib.mkIf (config.syscfg.make.gui) { programs.imv.enable = true; programs.obs-studio.enable = true; diff --git a/modules/home/gui/apps/mpv/default.nix b/modules/home/gui/apps/mpv/default.nix index cee994e..8677b22 100755 --- a/modules/home/gui/apps/mpv/default.nix +++ b/modules/home/gui/apps/mpv/default.nix @@ -1,6 +1,6 @@ { lib, config, pkgs, ... }: { - config = lib.mkIf (config.homecfg.make.gui) { + config = lib.mkIf (config.syscfg.make.gui) { programs.mpv = { enable = true; scripts = with pkgs; [ mpvScripts.mpris ]; diff --git a/modules/home/gui/apps/pipewire/default.nix b/modules/home/gui/apps/pipewire/default.nix index e544aea..aeb7978 100755 --- a/modules/home/gui/apps/pipewire/default.nix +++ b/modules/home/gui/apps/pipewire/default.nix @@ -1,6 +1,6 @@ { lib, config, ... }: { - config = lib.mkIf (config.homecfg.make.gui) { + config = lib.mkIf (config.syscfg.make.gui) { xdg.configFile."pipewire/pipewire-pulse.conf.d/desktop.conf".text = '' context.modules = [ { name = libpipewire-module-loopback diff --git a/modules/home/gui/apps/vosk/default.nix b/modules/home/gui/apps/vosk/default.nix index 98514ed..857b23c 100644 --- a/modules/home/gui/apps/vosk/default.nix +++ b/modules/home/gui/apps/vosk/default.nix @@ -1,6 +1,6 @@ { lib, config, pkgs, ... }: { - config = lib.mkIf (config.homecfg.make.gui) { + config = lib.mkIf (config.syscfg.make.gui) { home.packages = with pkgs; [ custom.vosk.base jq diff --git a/modules/home/gui/apps/zathura/default.nix b/modules/home/gui/apps/zathura/default.nix index 0cc258d..a9a6735 100755 --- a/modules/home/gui/apps/zathura/default.nix +++ b/modules/home/gui/apps/zathura/default.nix @@ -1,6 +1,6 @@ { lib, config, ... }: { - config = lib.mkIf (config.homecfg.make.gui) { + config = lib.mkIf (config.syscfg.make.gui) { programs.zathura = { enable = true; extraConfig = '' diff --git a/modules/home/gui/base/default.nix b/modules/home/gui/base/default.nix index 8791ff7..a60533a 100644 --- a/modules/home/gui/base/default.nix +++ b/modules/home/gui/base/default.nix @@ -1,6 +1,6 @@ { lib, config, pkgs, ... }: { - config = lib.mkIf (config.homecfg.make.gui) { + config = lib.mkIf (config.syscfg.make.gui) { services.nextcloud-client.enable = true; home.packages = with pkgs; [ diff --git a/modules/home/gui/games/default.nix b/modules/home/gui/games/default.nix index 8bfc7e3..c7c278e 100644 --- a/modules/home/gui/games/default.nix +++ b/modules/home/gui/games/default.nix @@ -2,7 +2,7 @@ imports = [ ./openttd.nix ]; - config = lib.mkIf (config.homecfg.make.game) { + config = lib.mkIf (config.syscfg.make.game) { home.packages = with pkgs; [ # custom.simc diff --git a/modules/home/gui/games/openttd.nix b/modules/home/gui/games/openttd.nix index b70f2a1..7beb4d0 100755 --- a/modules/home/gui/games/openttd.nix +++ b/modules/home/gui/games/openttd.nix @@ -1,6 +1,6 @@ { lib, config, ... }: { - config = lib.mkIf (config.homecfg.make.game) { + config = lib.mkIf (config.syscfg.make.game) { xdg.configFile."openttd/openttd.cfg".text = '' [misc] display_opt = SHOW_TOWN_NAMES|SHOW_STATION_NAMES|SHOW_SIGNS|FULL_ANIMATION|FULL_DETAIL|WAYPOINTS|SHOW_COMPETITOR_SIGNS diff --git a/modules/home/gui/theme/default.nix b/modules/home/gui/theme/default.nix index efb0ed6..6299660 100755 --- a/modules/home/gui/theme/default.nix +++ b/modules/home/gui/theme/default.nix @@ -5,7 +5,7 @@ let wallpaperGen = import ./wallpaper-gen.nix { inherit pkgs config; }; in { - config = lib.mkIf (config.homecfg.make.gui) { + config = lib.mkIf (config.syscfg.make.gui) { home.pointerCursor = { package = pkgs.bibata-cursors; name = "Bibata-Modern-Classic"; diff --git a/modules/home/homecfg/default.nix b/modules/home/homecfg/default.nix deleted file mode 100644 index bec358e..0000000 --- a/modules/home/homecfg/default.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ inputs, lib, config, ... }: -with lib; { - options.homecfg = { - username = mkOption { type = types.str; }; - wm = mkOption { - type = types.enum [ "Wayland" "X11" ]; - default = "Wayland"; - }; - make = { - cli = mkOption { - type = types.bool; - default = true; - }; - gui = mkOption { - type = types.bool; - default = false; - }; - develop = mkOption { - type = types.bool; - default = false; - }; - game = mkOption { - type = types.bool; - default = false; - }; - power = mkOption { - type = types.bool; - default = false; - }; - }; - git = { - username = mkOption { type = types.str; }; - email = mkOption { type = types.str; }; - key = mkOption { type = types.str; }; - }; - }; - - imports = with inputs; [ - nix-colors.homeManagerModules.default - ../../shared/colors - ]; - -} diff --git a/modules/home/wayland/apps/dunst/default.nix b/modules/home/wayland/apps/dunst/default.nix index be6b83d..5547256 100755 --- a/modules/home/wayland/apps/dunst/default.nix +++ b/modules/home/wayland/apps/dunst/default.nix @@ -1,6 +1,6 @@ { lib, config, pkgs, ... }: { - config = lib.mkIf (config.homecfg.wm == "Wayland") { + config = lib.mkIf (config.usercfg.wm == "Wayland") { home.packages = with pkgs; [ libnotify ]; services.dunst = { enable = true; diff --git a/modules/home/wayland/apps/eww/default.nix b/modules/home/wayland/apps/eww/default.nix index 11aa231..0367b47 100755 --- a/modules/home/wayland/apps/eww/default.nix +++ b/modules/home/wayland/apps/eww/default.nix @@ -1,6 +1,6 @@ { lib, config, pkgs, ... }: { - config = lib.mkIf (config.homecfg.wm == "Wayland") { + config = lib.mkIf (config.usercfg.wm == "Wayland") { home.packages = with pkgs; [ eww jq jaq custom.amdgpu_top ]; xdg.configFile."eww" = { diff --git a/modules/home/wayland/apps/waybar/default.nix b/modules/home/wayland/apps/waybar/default.nix index 9c88a16..0b3ec1c 100644 --- a/modules/home/wayland/apps/waybar/default.nix +++ b/modules/home/wayland/apps/waybar/default.nix @@ -17,7 +17,7 @@ let '' }/bin/waybar-${name}"; in { - config = lib.mkIf (config.homecfg.wm == "Wayland") { + config = lib.mkIf (config.usercfg.wm == "Wayland") { home.packages = [ pkgs.custom.amdgpu_top pkgs.jq ]; diff --git a/modules/home/wayland/apps/waylock/default.nix b/modules/home/wayland/apps/waylock/default.nix index a0f5479..5342ab8 100755 --- a/modules/home/wayland/apps/waylock/default.nix +++ b/modules/home/wayland/apps/waylock/default.nix @@ -1,5 +1,5 @@ { lib, pkgs, config, ... }: { - config = lib.mkIf (config.homecfg.wm == "Wayland") { + config = lib.mkIf (config.usercfg.wm == "Wayland") { home.packages = with pkgs; [ swayidle swaylock-effects ]; diff --git a/modules/home/wayland/apps/wofi/default.nix b/modules/home/wayland/apps/wofi/default.nix index 381d4a4..02a77d6 100755 --- a/modules/home/wayland/apps/wofi/default.nix +++ b/modules/home/wayland/apps/wofi/default.nix @@ -1,6 +1,6 @@ { lib, config, pkgs, ... }: { - config = lib.mkIf (config.homecfg.wm == "Wayland") { + config = lib.mkIf (config.usercfg.wm == "Wayland") { home.packages = with pkgs; [ wofi ]; xdg.configFile."wofi/config".text = '' width=280 diff --git a/modules/home/wayland/base/default.nix b/modules/home/wayland/base/default.nix index 81e7a39..736a0fe 100644 --- a/modules/home/wayland/base/default.nix +++ b/modules/home/wayland/base/default.nix @@ -11,7 +11,7 @@ let ''; }; in { - config = lib.mkIf (config.homecfg.wm == "Wayland") { + config = lib.mkIf (config.usercfg.wm == "Wayland") { home.packages = with pkgs; [ dbus-hyprland-environment diff --git a/modules/home/wayland/hyprland/config.nix b/modules/home/wayland/hyprland/config.nix index 170dbec..a590271 100755 --- a/modules/home/wayland/hyprland/config.nix +++ b/modules/home/wayland/hyprland/config.nix @@ -1,5 +1,5 @@ { lib, config, pkgs, ... }: { - config = lib.mkIf (config.homecfg.wm == "Wayland") { + config = lib.mkIf (config.usercfg.wm == "Wayland") { wayland.windowManager.hyprland = { enable = true; xwayland.enable = true; diff --git a/modules/home/wayland/hyprland/default.nix b/modules/home/wayland/hyprland/default.nix index cc12be1..6cab4d5 100755 --- a/modules/home/wayland/hyprland/default.nix +++ b/modules/home/wayland/hyprland/default.nix @@ -1,6 +1,6 @@ { lib, config, pkgs, ... }: { imports = [ ./config.nix ]; - config = lib.mkIf (config.homecfg.wm == "Wayland") { + config = lib.mkIf (config.usercfg.wm == "Wayland") { wayland.windowManager.hyprland = { enable = true; }; }; } diff --git a/modules/home/xorg/bspwm/config.nix b/modules/home/xorg/bspwm/config.nix index 00756fa..c4a92f5 100755 --- a/modules/home/xorg/bspwm/config.nix +++ b/modules/home/xorg/bspwm/config.nix @@ -1,5 +1,5 @@ { lib, config, ... }: { - config = lib.mkIf (config.homecfg.wm == "X11") { + config = lib.mkIf (config.usercfg.wm == "X11") { xsession.windowManager.bspwm.extraConfig = '' #! /bin/bash diff --git a/modules/home/xorg/bspwm/default.nix b/modules/home/xorg/bspwm/default.nix index 7d1e0be..999b076 100755 --- a/modules/home/xorg/bspwm/default.nix +++ b/modules/home/xorg/bspwm/default.nix @@ -2,7 +2,7 @@ imports = [ ./config.nix ./script.nix ./xressources.nix ]; - config = lib.mkIf (config.homecfg.wm == "X11") { + config = lib.mkIf (config.usercfg.wm == "X11") { xsession.windowManager.bspwm = { enable = true; }; services.sxhkd = { enable = true; }; home.packages = with pkgs; [ xrandr arandr flameshot xtrlock i3lock ]; diff --git a/modules/home/xorg/bspwm/script.nix b/modules/home/xorg/bspwm/script.nix index f089d7e..a72148a 100755 --- a/modules/home/xorg/bspwm/script.nix +++ b/modules/home/xorg/bspwm/script.nix @@ -1,5 +1,5 @@ { lib, config, ... }: { - config = lib.mkIf (config.homecfg.wm == "X11") { + config = lib.mkIf (config.usercfg.wm == "X11") { xdg.configFile."script/lock.sh".text = '' #!/bin/bash TMPBG=/tmp/screen.png diff --git a/modules/home/xorg/bspwm/xressources.nix b/modules/home/xorg/bspwm/xressources.nix index dd3c2bf..fc1223a 100755 --- a/modules/home/xorg/bspwm/xressources.nix +++ b/modules/home/xorg/bspwm/xressources.nix @@ -1,5 +1,5 @@ { lib, config, ... }: { - config = lib.mkIf (config.homecfg.wm == "X11") { + config = lib.mkIf (config.usercfg.wm == "X11") { xresources.extraConfig = '' #define white #ffffff diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index d556353..95316e8 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -1 +1 @@ -{ ... }: { imports = [ ./cli ./gui ./hostcfg ./system ./tools ./users ]; } +{ ... }: { imports = [ ./cli ./gui ./system ./tools ./users ]; } diff --git a/modules/nixos/gui/audio/default.nix b/modules/nixos/gui/audio/default.nix index fe70f70..8a6d8c7 100644 --- a/modules/nixos/gui/audio/default.nix +++ b/modules/nixos/gui/audio/default.nix @@ -1,5 +1,5 @@ { lib, config, pkgs, ... }: -let cfg = config.hostcfg.make.gui; +let cfg = config.syscfg.make.gui; in { config = lib.mkIf cfg { sound.enable = true; diff --git a/modules/nixos/gui/games/default.nix b/modules/nixos/gui/games/default.nix index 8c51a99..8d59de5 100644 --- a/modules/nixos/gui/games/default.nix +++ b/modules/nixos/gui/games/default.nix @@ -1,5 +1,5 @@ { lib, config, pkgs, ... }: -let cfg = config.hostcfg.make.game; +let cfg = config.syscfg.make.game; in { config = lib.mkIf cfg { programs.steam = { diff --git a/modules/nixos/gui/greet/default.nix b/modules/nixos/gui/greet/default.nix index ee527ad..ec1e3cc 100644 --- a/modules/nixos/gui/greet/default.nix +++ b/modules/nixos/gui/greet/default.nix @@ -1,5 +1,5 @@ { lib, config, pkgs, ... }: -let cfg = config.hostcfg.make.gui; +let cfg = config.syscfg.make.gui; in { config = lib.mkIf cfg { @@ -8,7 +8,7 @@ in { settings = rec { initial_session = { command = "zsh"; - user = "${config.hostcfg.username}"; + user = "${config.syscfg.defaultUser}"; }; default_session = initial_session; }; diff --git a/modules/nixos/gui/xserver/default.nix b/modules/nixos/gui/xserver/default.nix index 9a42e61..aa28461 100644 --- a/modules/nixos/gui/xserver/default.nix +++ b/modules/nixos/gui/xserver/default.nix @@ -1,5 +1,5 @@ { lib, config, pkgs, ... }: -let cfg = config.hostcfg.make.gui; +let cfg = config.syscfg.make.gui; in { config = lib.mkIf cfg { services.xserver = { diff --git a/modules/nixos/system/hw/power/default.nix b/modules/nixos/system/hw/power/default.nix index 53eda18..a0a4dfc 100644 --- a/modules/nixos/system/hw/power/default.nix +++ b/modules/nixos/system/hw/power/default.nix @@ -1,5 +1,5 @@ { lib, config, pkgs, ... }: -let cfg = config.hostcfg.make.power; +let cfg = config.syscfg.make.power; in { config = lib.mkIf cfg { services.tlp = { diff --git a/modules/nixos/system/hw/virt/default.nix b/modules/nixos/system/hw/virt/default.nix index a64f0a9..42bcdc2 100644 --- a/modules/nixos/system/hw/virt/default.nix +++ b/modules/nixos/system/hw/virt/default.nix @@ -1,5 +1,5 @@ { lib, config, pkgs, ... }: -let cfg = config.hostcfg.make.virt; +let cfg = config.syscfg.make.virt; in { config = lib.mkIf cfg { diff --git a/modules/nixos/system/network/base/default.nix b/modules/nixos/system/network/base/default.nix index 596998c..05da746 100644 --- a/modules/nixos/system/network/base/default.nix +++ b/modules/nixos/system/network/base/default.nix @@ -1,6 +1,6 @@ { config, ... }: { networking = { - hostName = config.hostcfg.hostname; + hostName = config.syscfg.hostname; useDHCP = true; nameservers = [ "1.1.1.1" "9.9.9.9" ]; diff --git a/modules/nixos/system/network/wifi/default.nix b/modules/nixos/system/network/wifi/default.nix index 300055e..ceda69d 100644 --- a/modules/nixos/system/network/wifi/default.nix +++ b/modules/nixos/system/network/wifi/default.nix @@ -1,5 +1,5 @@ { lib, config, ... }: -let cfg = config.hostcfg.net.wlp; +let cfg = config.syscfg.net.wlp; in { config = lib.mkIf cfg.enable { networking.supplicant = { diff --git a/modules/nixos/system/network/wireguard/default.nix b/modules/nixos/system/network/wireguard/default.nix index 549fe11..e4ee3cf 100644 --- a/modules/nixos/system/network/wireguard/default.nix +++ b/modules/nixos/system/network/wireguard/default.nix @@ -3,8 +3,9 @@ enable = true; interfaces = { wg0 = { - ips = [ config.hostcfg.net.wg.ip4 config.hostcfg.net.wg.ip6 ]; - privateKeyFile = config.hostcfg.net.wg.pk; + ips = [ config.syscfg.net.wg.ip4 config.syscfg.net.wg.ip6 ]; + privateKeyFile = + config.sops.secrets."${config.syscfg.hostname}_wg_priv".path; listenPort = 1515; mtu = 1340; peers = [{ diff --git a/modules/nixos/system/security/default.nix b/modules/nixos/system/security/default.nix index 003301a..fee3d91 100644 --- a/modules/nixos/system/security/default.nix +++ b/modules/nixos/system/security/default.nix @@ -1 +1 @@ -{ ... }: { imports = [ ./gpg ./polkit ./sops ./ssh ]; } +{ ... }: { imports = [ ./gpg ./polkit ./ssh ]; } diff --git a/modules/nixos/system/security/sops/default.nix b/modules/nixos/system/security/sops/default.nix deleted file mode 100755 index 2f44df1..0000000 --- a/modules/nixos/system/security/sops/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, pkgs, ... }: -let - keyFilePath = "/var/lib/sops-nix/age-key.txt"; - isCI = builtins.elem config.hostcfg.hostname [ "ci" ]; - sopsSettings = { - sops.defaultSopsFile = ./common.yaml; - sops.age.keyFile = keyFilePath; - sops.age.generateKey = true; - - sops.secrets.wifi = { }; - - sops.secrets."${config.hostcfg.hostname}_ssh_priv" = { - mode = "0400"; - owner = config.users.users.sora.name; - group = config.users.users.sora.group; - }; - sops.secrets."${config.hostcfg.hostname}_ssh_pub" = { - mode = "0400"; - owner = config.users.users.sora.name; - group = config.users.users.sora.group; - }; - sops.secrets."${config.hostcfg.hostname}_wg_priv" = { }; - sops.secrets."${config.hostcfg.hostname}_wg_pub" = { }; - }; -in { - environment.systemPackages = with pkgs; [ sops ]; - environment.sessionVariables.OPS_AGE_KEY_FILE = keyFilePath; - inherit (if isCI then { } else sopsSettings) sops; - -} diff --git a/modules/nixos/system/security/ssh/default.nix b/modules/nixos/system/security/ssh/default.nix index 5fca906..8d5402b 100644 --- a/modules/nixos/system/security/ssh/default.nix +++ b/modules/nixos/system/security/ssh/default.nix @@ -2,7 +2,7 @@ programs.ssh = { extraConfig = '' IdentityFile ${ - config.sops.secrets."${config.hostcfg.hostname}_ssh_priv".path + config.sops.secrets."${config.syscfg.hostname}_ssh_priv".path } ''; }; diff --git a/modules/nixos/tools/develop/default.nix b/modules/nixos/tools/develop/default.nix index 699f261..5850e8a 100644 --- a/modules/nixos/tools/develop/default.nix +++ b/modules/nixos/tools/develop/default.nix @@ -6,7 +6,7 @@ let includeEmulator = false; }; in { - config = lib.mkIf (config.hostcfg.make.develop) { + config = lib.mkIf (config.syscfg.make.develop) { environment.systemPackages = with pkgs; [ android-tools androidStudioPackages.canary diff --git a/modules/nixos/users/default.nix b/modules/nixos/users/default.nix index 8e214c9..391d781 100644 --- a/modules/nixos/users/default.nix +++ b/modules/nixos/users/default.nix @@ -1,23 +1,26 @@ -{ config, pkgs, ... }: { +{ config, pkgs, lib, ... }: +let nameValuePair = name: value: { inherit name value; }; +in { programs.zsh.enable = true; users = { defaultUserShell = pkgs.zsh; - users.${config.hostcfg.username} = { - isNormalUser = true; - description = "${config.hostcfg.username}"; - extraGroups = [ - "networkmanager" - "wheel" - "vboxsf" - "adbusers" - "libvirtd" - "kvm" - "lp" - "audio" - "video" - "docker" - "wireshark" - ]; - }; + users = builtins.listToAttrs (map (userConfig: + nameValuePair userConfig.username { + isNormalUser = true; + description = "${userConfig.username}"; + extraGroups = [ + "networkmanager" + "wheel" + "vboxsf" + "adbusers" + "libvirtd" + "kvm" + "lp" + "audio" + "video" + "docker" + "wireshark" + ]; + }) config.syscfg.users); }; } diff --git a/modules/nixos/system/security/sops/common.yaml b/modules/shared/sops/common.yaml similarity index 100% rename from modules/nixos/system/security/sops/common.yaml rename to modules/shared/sops/common.yaml diff --git a/modules/shared/sops/default.nix b/modules/shared/sops/default.nix new file mode 100755 index 0000000..97dbb72 --- /dev/null +++ b/modules/shared/sops/default.nix @@ -0,0 +1,30 @@ +{ config, pkgs, ... }: +let + isCI = builtins.elem config.syscfg.hostname [ "ci" ]; + keyFilePath = + (if isCI then ./mock-key.txt else "/var/lib/sops-nix/age-key.txt"); + sopsFilePath = (if isCI then ./mock.yaml else ./common.yaml); +in { + environment.systemPackages = with pkgs; [ sops ]; + environment.sessionVariables.OPS_AGE_KEY_FILE = keyFilePath; + + sops.defaultSopsFile = sopsFilePath; + sops.age.keyFile = keyFilePath; + sops.age.generateKey = true; + + sops.secrets.wifi = { }; + + sops.secrets."${config.syscfg.hostname}_ssh_priv" = { + mode = "0400"; + owner = config.users.users.${config.syscfg.defaultUser}.name; + group = config.users.users.${config.syscfg.defaultUser}.group; + }; + sops.secrets."${config.syscfg.hostname}_ssh_pub" = { + mode = "0400"; + owner = config.users.users.${config.syscfg.defaultUser}.name; + group = config.users.users.${config.syscfg.defaultUser}.group; + }; + sops.secrets."${config.syscfg.hostname}_wg_priv" = { }; + sops.secrets."${config.syscfg.hostname}_wg_pub" = { }; + +} diff --git a/modules/shared/sops/mock-key.txt b/modules/shared/sops/mock-key.txt new file mode 100644 index 0000000..45f94ba --- /dev/null +++ b/modules/shared/sops/mock-key.txt @@ -0,0 +1,3 @@ +# created: 2024-04-14T10:26:26+02:00 +# public key: age13qv9dn9806paqgpjwmmkwtdzvv4qpv0ulksq0epnn8ufaxeug5zskyas3z +AGE-SECRET-KEY-19S8CC56JLVRDNAUR9TVXEDWAV7MLVPDY3JMQUEAZSQNUGE53VJMS6EET89 diff --git a/modules/shared/sops/mock.yaml b/modules/shared/sops/mock.yaml new file mode 100644 index 0000000..eefa999 --- /dev/null +++ b/modules/shared/sops/mock.yaml @@ -0,0 +1,26 @@ +ci_ssh_priv: ENC[AES256_GCM,data:3Fd7HtFzD+0Pm0qnmaNeivSrEJnH6A3CzLrSyYD4J1rpdHCYdFB2hbZAB5HF3yeCMlyqnApGHxi+9jN8FI54SzwqJQAgSZvKrkBhrs4JIQxPU0ZhOQHvneWYnA==,iv:NbLyzilDIH5cT3SC0SLaOn0alxXSIyZ/4Tr1zSBjIjI=,tag:xGfI8QRlkj4OZDVuV21Kcg==,type:str] +ci_ssh_pub: ENC[AES256_GCM,data:6BVY3GS9lMLR/dYNxyldcBJe1DrjG/yHjqfCIw==,iv:VZOA/Q9zmbMnf9DsXN90er+tSnJ+syg3QabDuDal92Q=,tag:+xwHADgq22cV5ai9xd6ceQ==,type:str] +ci_wg_priv: ENC[AES256_GCM,data:uA4eiEhQbbhLkrTyhRX4Tg==,iv:uHbrAq/mSQ6TtMqGhJez3d13u9ZK1S92w49ntXvbA3g=,tag:KwjiYrnuQxrydVKKV4xN4A==,type:str] +ci_wg_pub: ENC[AES256_GCM,data:MBIdTEkyJBvbTtYrQYS8,iv:GD3xmJEyD9yZaV72GubGCBi8BW74zmSr2hOl123g0mM=,tag:ekUniuYPCSxwlmB1yUbo4w==,type:str] +PGP_KEY: ENC[AES256_GCM,data:IVhL/l0JSPcefX1z,iv:/tOEukP7LiNhhdSw870vPeUGhN2lse2v1pZ5fJQglc0=,tag:++NUJeRhsDE9eRsbKu8Ldw==,type:str] +wifi: ENC[AES256_GCM,data:SV3yNB/0dBqggh0kOKU98Nodd0VS4K8kTqg7aLyeAg==,iv:w4nspNxswHl2CZ7diPUzupzotfjskzp91NIq4f0v0UM=,tag:7nUHijRlEgyliWn2ZuZo/Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age13qv9dn9806paqgpjwmmkwtdzvv4qpv0ulksq0epnn8ufaxeug5zskyas3z + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZd0c5ZjZCb0Z6ZXlKaFph + S25LcnFaM3NueUdxOEkwQWRVYjZwNEx1TnpVCkJ1RnJsV2IwNWd5RVJBU2pOUnRa + UEcrdDVHUnZ3Zng4UVNWZjNhSzRmRGcKLS0tIEpMMGJCZmkrcnFwWjM4ZVF6VmJN + aFplU05pYXpPQWZRY202bVhFd3pHdHcKfauUQhzuUwpoaSlky+PlsOTrVQjyCSxi + NYlJ7ScbxzJsqTqJbZnD+lbSdWK2XVKXy1Vn4hR0C0WF7g2Y7CU7tg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-04-14T08:36:43Z" + mac: ENC[AES256_GCM,data:zWO5IETnr3clHvoNABNSA6izfTHNxPXEXcjh9FQhnSVKtzlY3UHHRhfSOPI2eGJ36TQ7xNEM8Fbe23WBTxI8TDb8ZCgB2njej1XQ72b8XM4JzevxlPEaolNo9SKXncVchNWTtKqeUhx07koRNogYKOKT8vlO57WmnrqoZqPy9N4=,iv:tjt9iNFnx/4TAQfF3wdVFw+qzU18cbEiJtu9NhyujZY=,tag:9M67OPo/3JEOlXJ4nBRMiQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/modules/nixos/hostcfg/default.nix b/modules/shared/syscfg/default.nix old mode 100755 new mode 100644 similarity index 64% rename from modules/nixos/hostcfg/default.nix rename to modules/shared/syscfg/default.nix index 414c460..207c58a --- a/modules/nixos/hostcfg/default.nix +++ b/modules/shared/syscfg/default.nix @@ -1,8 +1,22 @@ -{ lib, config, ... }: -with lib; { - options.hostcfg = { - hostname = mkOption { type = types.str; }; +{ inputs, lib, ... }: +let + userOpt = with lib; { username = mkOption { type = types.str; }; + wm = mkOption { + type = types.enum [ "Wayland" "X11" ]; + default = "Wayland"; + }; + git = { + username = mkOption { type = types.str; }; + email = mkOption { type = types.str; }; + key = mkOption { type = types.str; }; + }; + }; +in with lib; { + options.usercfg = userOpt; + options.syscfg = { + hostname = mkOption { type = types.str; }; + defaultUser = mkOption { type = types.str; }; make = { cli = mkOption { type = types.bool; @@ -41,8 +55,11 @@ with lib; { }; ip4 = mkOption { type = types.str; }; ip6 = mkOption { type = types.str; }; - pk = mkOption { type = types.str; }; }; }; + users = mkOption { + type = types.listOf (types.submodule { options = userOpt; }); + default = [ ]; + }; }; } diff --git a/systems/avalon/cfg.nix b/systems/avalon/cfg.nix new file mode 100644 index 0000000..82de28f --- /dev/null +++ b/systems/avalon/cfg.nix @@ -0,0 +1,42 @@ +{ + syscfg = { + hostname = "avalon"; + defaultUser = "sora"; + users = [ + { + username = "sora"; + git = { + email = "soraefir+git@helcel"; + username = "soraefir"; + key = "4E241635F8EDD2919D2FB44CA362EA0491E2EEA0"; + }; + } + { + username = "git"; + git = { + email = "git+git@helcel"; + username = "git"; + key = ""; + }; + } + ]; + make = { + gui = false; + cli = true; + virt = true; + power = false; + game = false; + develop = false; + }; + wlp = { + enable = false; + nif = ""; + }; + wg = { + enable = true; + ip4 = "10.10.1.2/32"; + ip6 = "fd10:10:10::2/128"; + pk = config.sops.secrets.avalon_wg_priv.path; + }; + }; +} diff --git a/systems/avalon/default.nix b/systems/avalon/default.nix index 18273fb..13226cf 100644 --- a/systems/avalon/default.nix +++ b/systems/avalon/default.nix @@ -1,32 +1,9 @@ { config, inputs, ... }: { - imports = with inputs.hardware.nixosModules; [ - ./hardware-configuration.nix - common-cpu-intel - common-gpu-intel - ]; - - hostcfg = { - hostname = "avalon"; - username = "sora"; - make = { - gui = false; - cli = true; - virt = true; - power = false; - game = false; - }; - net = { - wlp = { - enable = false; - nif = ""; - }; - wg = { - enable = true; - ip4 = "10.10.1.2/32"; - ip6 = "fd10:10:10::2/128"; - pk = config.sops.secrets.avalon_wg_priv.path; - }; - }; - }; + imports = with inputs.hardware.nixosModules; + [ + ./hardware.nix + # common-cpu-intel + # common-gpu-intel + ]; } diff --git a/systems/avalon/home.nix b/systems/avalon/home.nix deleted file mode 100644 index 39a06bc..0000000 --- a/systems/avalon/home.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ ... }: { - config.homecfg = { - username = "sora"; - make = { - gui = false; - cli = true; - game = false; - }; - git = { - email = "soraefir+git@pm.me"; - username = "soraefir"; - key = "4E241635F8EDD2919D2FB44CA362EA0491E2EEA0"; - }; - }; -} diff --git a/systems/ci/cfg.nix b/systems/ci/cfg.nix new file mode 100644 index 0000000..205dd27 --- /dev/null +++ b/systems/ci/cfg.nix @@ -0,0 +1,33 @@ +{ + syscfg = { + hostname = "ci"; + defaultUser = "ci"; + users = [{ + username = "ci"; + git = { + email = "ci@ci"; + username = "CI"; + key = ""; + }; + }]; + make = { + gui = true; + cli = true; + virt = true; + power = true; + game = true; + develop = true; + }; + net = { + wlp = { + enable = false; + nif = "NA"; + }; + wg = { + enable = false; + ip4 = ""; + ip6 = ""; + }; + }; + }; +} diff --git a/systems/ci/default.nix b/systems/ci/default.nix index c79a786..a9cdf05 100644 --- a/systems/ci/default.nix +++ b/systems/ci/default.nix @@ -1,29 +1,2 @@ -{ config, inputs, ... }: { - imports = [ ./hardware.nix ]; - - hostcfg = { - hostname = "valinor"; - username = "sora"; - make = { - gui = true; - cli = true; - virt = true; - power = true; - game = true; - develop = true; - }; - net = { - wlp = { - enable = false; - nif = "NA"; - }; - wg = { - enable = false; - ip4 = ""; - ip6 = ""; - pk = ""; - }; - }; - }; -} +{ config, inputs, ... }: { imports = [ ./hardware.nix ]; } diff --git a/systems/ci/hardware.nix b/systems/ci/hardware.nix index aa830be..bb8a14a 100644 --- a/systems/ci/hardware.nix +++ b/systems/ci/hardware.nix @@ -16,6 +16,5 @@ }; networking.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } diff --git a/systems/ci/home.nix b/systems/ci/home.nix deleted file mode 100644 index e3a0d68..0000000 --- a/systems/ci/home.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, ... }: { - - config.homecfg = { - username = "sora"; - make = { - gui = true; - cli = true; - game = true; - develop = true; - power = true; - }; - git = { - email = "ci@nonet"; - username = "CI"; - key = ""; - }; - }; -} diff --git a/systems/iriy/cfg.nix b/systems/iriy/cfg.nix new file mode 100644 index 0000000..5f3f52c --- /dev/null +++ b/systems/iriy/cfg.nix @@ -0,0 +1,33 @@ +{ + syscfg = { + hostname = "iriy"; + defaultUser = "sora"; + users = [{ + username = "sora"; + git = { + email = "soraefir+git@helcel"; + username = "soraefir"; + key = "4E241635F8EDD2919D2FB44CA362EA0491E2EEA0"; + }; + }]; + make = { + gui = true; + cli = true; + virt = true; + power = false; + game = true; + develop = true; + }; + net = { + wlp = { + enable = true; + nif = "wlp11s0"; + }; + wg = { + enable = true; + ip4 = "10.10.1.7/32"; + ip6 = "fd10:10:10::7/128"; + }; + }; + }; +} diff --git a/systems/iriy/default.nix b/systems/iriy/default.nix index 367a7f6..302964c 100644 --- a/systems/iriy/default.nix +++ b/systems/iriy/default.nix @@ -1,33 +1,8 @@ { config, inputs, ... }: { imports = [ - ./hardware-configuration.nix + ./hardware.nix # inputs.hardware.common-cpu-amd # inputs.hardware.common-gpu-amd ]; - - hostcfg = { - hostname = "iriy"; - username = "sora"; - make = { - gui = true; - cli = true; - virt = true; - power = false; - game = true; - develop = true; - }; - net = { - wlp = { - enable = true; - nif = "wlp11s0"; - }; - wg = { - enable = true; - ip4 = "10.10.1.7/32"; - ip6 = "fd10:10:10::7/128"; - pk = config.sops.secrets.iriy_wg_priv.path; - }; - }; - }; } diff --git a/systems/iriy/hardware-configuration.nix b/systems/iriy/hardware.nix similarity index 96% rename from systems/iriy/hardware-configuration.nix rename to systems/iriy/hardware.nix index a301322..73049e6 100755 --- a/systems/iriy/hardware-configuration.nix +++ b/systems/iriy/hardware.nix @@ -1,6 +1,4 @@ -{ config, lib, pkgs, modulesPath, ... }: - -{ +{ config, lib, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot.initrd.availableKernelModules = diff --git a/systems/iriy/home.nix b/systems/iriy/home.nix deleted file mode 100644 index 8bd106a..0000000 --- a/systems/iriy/home.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ ... }: { - config.homecfg = { - username = "sora"; - make = { - gui = true; - cli = true; - game = true; - }; - git = { - email = "soraefir+git@pm.me"; - username = "soraefir"; - key = "4E241635F8EDD2919D2FB44CA362EA0491E2EEA0"; - }; - }; -} diff --git a/systems/valinor/cfg.nix b/systems/valinor/cfg.nix new file mode 100644 index 0000000..75faf3c --- /dev/null +++ b/systems/valinor/cfg.nix @@ -0,0 +1,33 @@ +{ + syscfg = { + hostname = "valinor"; + defaultUser = "sora"; + users = [{ + username = "sora"; + git = { + email = "soraefir+git@helcel"; + username = "soraefir"; + key = "4E241635F8EDD2919D2FB44CA362EA0491E2EEA0"; + }; + }]; + make = { + gui = true; + cli = true; + virt = true; + power = true; + game = true; + develop = true; + }; + net = { + wlp = { + enable = true; + nif = "wlp3s0"; + }; + wg = { + enable = true; + ip4 = "10.10.1.5/32"; + ip6 = "fd10:10:10::5/128"; + }; + }; + }; +} diff --git a/systems/valinor/default.nix b/systems/valinor/default.nix index 6adb102..a20aff4 100644 --- a/systems/valinor/default.nix +++ b/systems/valinor/default.nix @@ -1,33 +1,8 @@ { config, inputs, ... }: { imports = [ - ./hardware-configuration.nix + ./hardware.nix #common-cpu-amd #common-gpu-amd ]; - - hostcfg = { - hostname = "valinor"; - username = "sora"; - make = { - gui = true; - cli = true; - virt = true; - power = true; - game = true; - develop = true; - }; - net = { - wlp = { - enable = true; - nif = "wlp3s0"; - }; - wg = { - enable = true; - ip4 = "10.10.1.5/32"; - ip6 = "fd10:10:10::5/128"; - pk = config.sops.secrets.valinor_wg_priv.path; - }; - }; - }; } diff --git a/systems/valinor/hardware-configuration.nix b/systems/valinor/hardware.nix similarity index 95% rename from systems/valinor/hardware-configuration.nix rename to systems/valinor/hardware.nix index dbd0beb..a575931 100755 --- a/systems/valinor/hardware-configuration.nix +++ b/systems/valinor/hardware.nix @@ -1,6 +1,4 @@ -{ config, lib, pkgs, modulesPath, ... }: - -{ +{ config, lib, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot.initrd.availableKernelModules = diff --git a/systems/valinor/home.nix b/systems/valinor/home.nix deleted file mode 100644 index de840e3..0000000 --- a/systems/valinor/home.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, ... }: { - - config.homecfg = { - username = "sora"; - make = { - gui = true; - cli = true; - game = true; - develop = true; - power = true; - }; - git = { - email = "soraefir+git@pm.me"; - username = "soraefir"; - key = "4E241635F8EDD2919D2FB44CA362EA0491E2EEA0"; - }; - }; -}