diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-09-12 13:11:20 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-09-12 13:55:09 -0700 |
| commit | 2fea36c19eb904125e2db5ba230b28d72dc881db (patch) | |
| tree | 4233e16f0d50aec1cd5e4d3e5f5ed1b8728e380c | |
| parent | move common modules together and simplify imports (diff) | |
| download | infra-2fea36c19eb904125e2db5ba230b28d72dc881db.tar.gz | |
start to refactor nixos modules
| -rw-r--r-- | flake/hosts.nix | 1 | ||||
| -rw-r--r-- | machines/nixos/x86_64-linux/do-rproxy/default.nix | 1 | ||||
| -rw-r--r-- | machines/nixos/x86_64-linux/synology-vm/default.nix | 1 | ||||
| -rw-r--r-- | modules/nixos/base.nix | 65 | ||||
| -rw-r--r-- | modules/nixos/cgroups.nix (renamed from profiles/core/cgroups.nix) | 0 | ||||
| -rw-r--r-- | modules/nixos/default.nix | 8 | ||||
| -rw-r--r-- | modules/nixos/ssh.nix (renamed from profiles/core/ssh.nix) | 0 | ||||
| -rw-r--r-- | profiles/core/base-server.nix | 14 | ||||
| -rw-r--r-- | profiles/core/boot.nix | 11 | ||||
| -rw-r--r-- | profiles/core/docs.nix | 5 | ||||
| -rw-r--r-- | profiles/core/locale.nix | 11 | ||||
| -rw-r--r-- | profiles/core/motd.nix | 9 | ||||
| -rw-r--r-- | profiles/core/security.nix | 4 | ||||
| -rw-r--r-- | profiles/core/tools.nix | 20 | ||||
| -rw-r--r-- | profiles/core/users.nix | 8 |
15 files changed, 74 insertions, 84 deletions
diff --git a/flake/hosts.nix b/flake/hosts.nix index c194440..fe23cdd 100644 --- a/flake/hosts.nix +++ b/flake/hosts.nix @@ -59,6 +59,7 @@ let inputs.disko.nixosModules.disko inputs.home-manager.nixosModules.home-manager "${self}/modules/common" + "${self}/modules/nixos" "${self}/modules/nas-client.nix" "${self}/modules/backups.nix" ]; diff --git a/machines/nixos/x86_64-linux/do-rproxy/default.nix b/machines/nixos/x86_64-linux/do-rproxy/default.nix index e187bd2..fe8e367 100644 --- a/machines/nixos/x86_64-linux/do-rproxy/default.nix +++ b/machines/nixos/x86_64-linux/do-rproxy/default.nix @@ -25,7 +25,6 @@ "${self}/profiles/programs/home-manager.nix" "${self}/profiles/admin-user/user.nix" "${self}/profiles/admin-user/home-manager.nix" - "${self}/profiles/core/base-server.nix" "${self}/profiles/nix/nix.nix" "${self}/profiles/nix/gc.nix" "${self}/profiles/network/networkd.nix" diff --git a/machines/nixos/x86_64-linux/synology-vm/default.nix b/machines/nixos/x86_64-linux/synology-vm/default.nix index 9316432..dbf7bf9 100644 --- a/machines/nixos/x86_64-linux/synology-vm/default.nix +++ b/machines/nixos/x86_64-linux/synology-vm/default.nix @@ -21,7 +21,6 @@ "${self}/profiles/programs/home-manager.nix" "${self}/profiles/admin-user/user.nix" "${self}/profiles/admin-user/home-manager.nix" - "${self}/profiles/core/base-server.nix" "${self}/profiles/nix/nix.nix" "${self}/profiles/nix/gc.nix" "${self}/profiles/network/networkd.nix" diff --git a/modules/nixos/base.nix b/modules/nixos/base.nix new file mode 100644 index 0000000..f3dece1 --- /dev/null +++ b/modules/nixos/base.nix @@ -0,0 +1,65 @@ +{ + self, + config, + pkgs, + lib, + ... +}: +{ + boot = { + kernelPackages = pkgs.linuxPackages_latest; + kernel.sysctl = { + "net.ipv4.tcp_congestion_control" = "bbr"; + "net.ipv4.tcp_ecn" = 1; + "net.ipv4.tcp_fastopen" = 3; + "net.ipv4.tcp_tw_reuse" = 1; + }; + }; + + i18n = { + defaultLocale = "en_US.UTF-8"; + supportedLocales = [ + "en_US.UTF-8/UTF-8" + ]; + }; + + time.timeZone = "America/Los_Angeles"; + + users.motdFile = "/etc/motd"; + + environment.etc.motd.text = '' + Machine ${config.networking.hostName} + NixOS ${config.system.nixos.release} + @ ${self.shortRev or self.dirtyShortRev} + ''; + + ## disable that slow "building man-cache" step + documentation.man.generateCaches = lib.mkForce false; + + users = { + mutableUsers = false; + users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" + ]; + }; + + security.sudo.wheelNeedsPassword = false; + + environment.systemPackages = with pkgs; [ + curl + dysk + fd + fish + git + htop + jq + mtr + pciutils + powertop + ripgrep + tcpdump + traceroute + vim + wireguard-tools + ]; +} diff --git a/profiles/core/cgroups.nix b/modules/nixos/cgroups.nix index 07dc964..07dc964 100644 --- a/profiles/core/cgroups.nix +++ b/modules/nixos/cgroups.nix diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..669cd75 --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + imports = [ + ./base.nix + ./cgroups.nix + ./ssh.nix + ]; +} diff --git a/profiles/core/ssh.nix b/modules/nixos/ssh.nix index b4c8772..b4c8772 100644 --- a/profiles/core/ssh.nix +++ b/modules/nixos/ssh.nix diff --git a/profiles/core/base-server.nix b/profiles/core/base-server.nix deleted file mode 100644 index 2a13f96..0000000 --- a/profiles/core/base-server.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ ... }: -{ - imports = [ - ./boot.nix - ./cgroups.nix - ./docs.nix - ./locale.nix - ./motd.nix - ./security.nix - ./ssh.nix - ./tools.nix - ./users.nix - ]; -} diff --git a/profiles/core/boot.nix b/profiles/core/boot.nix deleted file mode 100644 index 8aacfbf..0000000 --- a/profiles/core/boot.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, ... }: -{ - boot.kernelPackages = pkgs.linuxPackages_latest; - - boot.kernel.sysctl = { - "net.ipv4.tcp_congestion_control" = "bbr"; - "net.ipv4.tcp_ecn" = 1; - "net.ipv4.tcp_fastopen" = 3; - "net.ipv4.tcp_tw_reuse" = 1; - }; -} diff --git a/profiles/core/docs.nix b/profiles/core/docs.nix deleted file mode 100644 index dcf38e6..0000000 --- a/profiles/core/docs.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ lib, ... }: -{ - ## disable that slow "building man-cache" step - documentation.man.generateCaches = lib.mkForce false; -} diff --git a/profiles/core/locale.nix b/profiles/core/locale.nix deleted file mode 100644 index 73eece0..0000000 --- a/profiles/core/locale.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: -{ - i18n = { - defaultLocale = "en_US.UTF-8"; - supportedLocales = [ - "en_US.UTF-8/UTF-8" - ]; - }; - - time.timeZone = "America/Los_Angeles"; -} diff --git a/profiles/core/motd.nix b/profiles/core/motd.nix deleted file mode 100644 index 01575e1..0000000 --- a/profiles/core/motd.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ self, config, ... }: -{ - users.motdFile = "/etc/motd"; - environment.etc.motd.text = '' - Machine ${config.networking.hostName} - NixOS ${config.system.nixos.release} - @ ${self.shortRev or self.dirtyShortRev} - ''; -} diff --git a/profiles/core/security.nix b/profiles/core/security.nix deleted file mode 100644 index 146012f..0000000 --- a/profiles/core/security.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ ... }: -{ - security.sudo.wheelNeedsPassword = false; -} diff --git a/profiles/core/tools.nix b/profiles/core/tools.nix deleted file mode 100644 index 74f90cc..0000000 --- a/profiles/core/tools.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, ... }: -{ - environment.systemPackages = with pkgs; [ - curl - dysk - fd - fish - git - htop - jq - mtr - pciutils - powertop - ripgrep - tcpdump - traceroute - vim - wireguard-tools - ]; -} diff --git a/profiles/core/users.nix b/profiles/core/users.nix deleted file mode 100644 index da2c8ff..0000000 --- a/profiles/core/users.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: -{ - users.mutableUsers = false; - - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" - ]; -} |