diff options
Diffstat (limited to 'modules')
37 files changed, 137 insertions, 92 deletions
diff --git a/modules/hardware/amd/default.nix b/modules/hardware/amd/default.nix index 05362db..e8b80b0 100644 --- a/modules/hardware/amd/default.nix +++ b/modules/hardware/amd/default.nix @@ -1,6 +1,7 @@ { config, lib, ... }: let cfg = config.my.hardware.amd; -in { +in +{ options.my.hardware.amd = with lib; { enable = mkEnableOption "AMD related configuration"; }; diff --git a/modules/hardware/bluetooth/default.nix b/modules/hardware/bluetooth/default.nix index 0ac2cf8..b48c51c 100644 --- a/modules/hardware/bluetooth/default.nix +++ b/modules/hardware/bluetooth/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.my.hardware.bluetooth; -in { +in +{ options.my.hardware.bluetooth = with lib; { enable = mkEnableOption "bluetooth configuration"; }; diff --git a/modules/hardware/intel/default.nix b/modules/hardware/intel/default.nix index 9a53f35..26d9877 100644 --- a/modules/hardware/intel/default.nix +++ b/modules/hardware/intel/default.nix @@ -1,6 +1,7 @@ { config, lib, ... }: let cfg = config.my.hardware.intel; -in { +in +{ options.my.hardware.intel = with lib; { enable = mkEnableOption "intel related configuration"; }; diff --git a/modules/hardware/networking/default.nix b/modules/hardware/networking/default.nix index d19388b..fac6c30 100644 --- a/modules/hardware/networking/default.nix +++ b/modules/hardware/networking/default.nix @@ -1,6 +1,7 @@ { config, lib, ... }: let cfg = config.my.hardware.networking; -in { +in +{ options.my.hardware.networking = with lib; { wireless = { enable = mkEnableOption "wireless configuration"; }; }; diff --git a/modules/hardware/sound/default.nix b/modules/hardware/sound/default.nix index dc9f079..edb937e 100644 --- a/modules/hardware/sound/default.nix +++ b/modules/hardware/sound/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.my.hardware.sound; -in { +in +{ options.my.hardware.sound = with lib; { pipewire = { enable = mkEnableOption "pipewire configuration"; }; }; diff --git a/modules/home/default.nix b/modules/home/default.nix index 0261128..d90e6d2 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -4,7 +4,8 @@ let aliasPath = [ "my" "home" ]; cfg = config.my.user.home; -in { +in +{ imports = [ inputs.home-manager.nixosModule # enable home-manager options (lib.mkAliasOptionModule aliasPath diff --git a/modules/programs/sway/default.nix b/modules/programs/sway/default.nix index 1fb4c00..afb3204 100644 --- a/modules/programs/sway/default.nix +++ b/modules/programs/sway/default.nix @@ -1,6 +1,7 @@ { pkgs, config, lib, ... }: let cfg = config.my.programs.sway; -in { +in +{ options.my.programs.sway = with lib; { enable = mkEnableOption "sway configuration"; }; diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix index 04d1bfe..912d556 100644 --- a/modules/secrets/default.nix +++ b/modules/secrets/default.nix @@ -4,31 +4,34 @@ with lib; let secretsDir = "${toString ../../hosts}/${config.networking.hostName}/secrets"; secretsFile = "${secretsDir}/secrets.nix"; -in { +in +{ imports = [ inputs.agenix.nixosModules.age ]; config.age = { - secrets = let - toName = lib.removeSuffix ".age"; - userExists = u: builtins.hasAttr u config.users.users; - groupExists = g: builtins.hasAttr g config.users.groups; + secrets = + let + toName = lib.removeSuffix ".age"; + userExists = u: builtins.hasAttr u config.users.users; + groupExists = g: builtins.hasAttr g config.users.groups; - # Only set the user and/or group if they exist, to avoid warnings - userIfExists = u: if userExists u then u else "root"; - groupIfExists = g: if groupExists g then g else "root"; + # Only set the user and/or group if they exist, to avoid warnings + userIfExists = u: if userExists u then u else "root"; + groupIfExists = g: if groupExists g then g else "root"; - toSecret = name: - { owner ? "root", group ? "root", mode ? "0400", ... }: { - file = "${secretsDir}/${name}"; - owner = lib.mkDefault (userIfExists owner); - group = lib.mkDefault (groupIfExists group); - mode = mode; - }; - in if pathExists secretsFile then - mapAttrs' (n: v: nameValuePair (toName n) (toSecret n v)) - (import secretsFile) - else - { }; + toSecret = name: + { owner ? "root", group ? "root", mode ? "0400", ... }: { + file = "${secretsDir}/${name}"; + owner = lib.mkDefault (userIfExists owner); + group = lib.mkDefault (groupIfExists group); + mode = mode; + }; + in + if pathExists secretsFile then + mapAttrs' (n: v: nameValuePair (toName n) (toSecret n v)) + (import secretsFile) + else + { }; identityPaths = options.age.identityPaths.default ++ (filter pathExists [ "${config.users.users.fcuny.home}/.ssh/id_ed25519" ]); }; diff --git a/modules/services/avahi/default.nix b/modules/services/avahi/default.nix index bef6b17..8275f02 100644 --- a/modules/services/avahi/default.nix +++ b/modules/services/avahi/default.nix @@ -1,6 +1,7 @@ { config, pkgs, lib, ... }: let cfg = config.my.services.avahi; -in { +in +{ options.my.services.avahi = with lib; { enable = mkEnableOption "avahi service"; }; diff --git a/modules/services/backup/default.nix b/modules/services/backup/default.nix index e935b64..04b4e1f 100644 --- a/modules/services/backup/default.nix +++ b/modules/services/backup/default.nix @@ -5,7 +5,8 @@ let with pkgs; "--exclude-file=" + (writeText "excludes.txt" (concatStringsSep "\n" cfg.exclude)); -in { +in +{ options.my.services.backup = with lib; { enable = mkEnableOption "Enable backups for this host"; diff --git a/modules/services/buildkite/default.nix b/modules/services/buildkite/default.nix index 72d5e08..45c7e4f 100644 --- a/modules/services/buildkite/default.nix +++ b/modules/services/buildkite/default.nix @@ -14,7 +14,8 @@ let ln -s ${my-gerrit-hook "post-command"} $out/bin/post-command ''; -in { +in +{ options.my.services.buildkite = with lib; { enable = mkEnableOption "buildkite agent"; }; @@ -22,37 +23,41 @@ in { config = lib.mkIf cfg.enable { # see https://buildkite.com/docs/agent/v3 # and https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/continuous-integration/buildkite-agents.nix - services.buildkite-agents = lib.listToAttrs (map (n: rec { - name = "builder-${toString n}"; - value = { - inherit name; - enable = true; - tokenPath = secrets."buildkite/agent".path; - hooks.post-command = "${buildkiteHooks}/bin/post-command"; - runtimePackages = with pkgs; [ - bash - coreutils - curl - git - gnutar - gzip - jq - nix - ]; - }; - }) agents); + services.buildkite-agents = lib.listToAttrs (map + (n: rec { + name = "builder-${toString n}"; + value = { + inherit name; + enable = true; + tokenPath = secrets."buildkite/agent".path; + hooks.post-command = "${buildkiteHooks}/bin/post-command"; + runtimePackages = with pkgs; [ + bash + coreutils + curl + git + gnutar + gzip + jq + nix + ]; + }; + }) + agents); # Set up a group for all Buildkite agent users users = { groups.buildkite-agents = { }; - users = builtins.listToAttrs (map (n: rec { - name = "buildkite-agent-builder-${toString n}"; - value = { - isSystemUser = true; - group = lib.mkForce "buildkite-agents"; - extraGroups = [ name "docker" ]; - }; - }) agents); + users = builtins.listToAttrs (map + (n: rec { + name = "buildkite-agent-builder-${toString n}"; + value = { + isSystemUser = true; + group = lib.mkForce "buildkite-agents"; + extraGroups = [ name "docker" ]; + }; + }) + agents); }; }; } diff --git a/modules/services/cgit/default.nix b/modules/services/cgit/default.nix index 84f8e01..26e5296 100644 --- a/modules/services/cgit/default.nix +++ b/modules/services/cgit/default.nix @@ -49,7 +49,8 @@ let project-list=/var/lib/cgit/cache/projects.list scan-path=/var/lib/gerrit/git ''; -in { +in +{ options.my.services.cgit = with lib; { enable = mkEnableOption "git web viewer"; }; diff --git a/modules/services/drone/runner-docker/default.nix b/modules/services/drone/runner-docker/default.nix index d701c18..428a8d6 100644 --- a/modules/services/drone/runner-docker/default.nix +++ b/modules/services/drone/runner-docker/default.nix @@ -3,7 +3,8 @@ let cfg = config.my.services.drone; hasRunner = (name: builtins.elem name cfg.runners); dockerPkg = pkgs.drone-runner-docker; -in { +in +{ config = lib.mkIf (cfg.enable && hasRunner "docker") { systemd.services.drone-runner-docker = { wantedBy = [ "multi-user.target" ]; diff --git a/modules/services/drone/runner-exec/default.nix b/modules/services/drone/runner-exec/default.nix index 9222200..01cc11b 100644 --- a/modules/services/drone/runner-exec/default.nix +++ b/modules/services/drone/runner-exec/default.nix @@ -3,7 +3,8 @@ let cfg = config.my.services.drone; hasRunner = (name: builtins.elem name cfg.runners); execPkg = pkgs.drone-runner-exec; -in { +in +{ config = lib.mkIf (cfg.enable && hasRunner "exec") { systemd.services.drone-runner-exec = { wantedBy = [ "multi-user.target" ]; diff --git a/modules/services/drone/server/default.nix b/modules/services/drone/server/default.nix index abd323f..97e20a3 100644 --- a/modules/services/drone/server/default.nix +++ b/modules/services/drone/server/default.nix @@ -2,7 +2,8 @@ let cfg = config.my.services.drone; secrets = config.age.secrets; -in { +in +{ config = lib.mkIf cfg.enable { systemd.services.drone-server = { wantedBy = [ "multi-user.target" ]; diff --git a/modules/services/gerrit/default.nix b/modules/services/gerrit/default.nix index 81a30e7..a55bdda 100644 --- a/modules/services/gerrit/default.nix +++ b/modules/services/gerrit/default.nix @@ -17,7 +17,8 @@ let "https://github.com/davido/gerrit-oauth-provider/releases/download/v3.5.1/gerrit-oauth-provider.jar"; sha256 = "312dc494c454ac15f89a289f95ea4c11344add26804aaa6a3b79d49fd92adc69"; }; -in { +in +{ options.my.services.gerrit = with lib; { enable = mkEnableOption "gerrit git server"; vhostName = mkOption { diff --git a/modules/services/gitea/default.nix b/modules/services/gitea/default.nix index e5a3db7..ece75de 100644 --- a/modules/services/gitea/default.nix +++ b/modules/services/gitea/default.nix @@ -1,6 +1,7 @@ { config, pkgs, lib, ... }: let cfg = config.my.services.gitea; -in { +in +{ options.my.services.gitea = with lib; { enable = mkEnableOption "gitea git server"; stateDir = mkOption { diff --git a/modules/services/gnome/default.nix b/modules/services/gnome/default.nix index 0fc91e5..0ea32d2 100644 --- a/modules/services/gnome/default.nix +++ b/modules/services/gnome/default.nix @@ -1,6 +1,7 @@ { config, pkgs, lib, ... }: let cfg = config.my.services.gnome; -in { +in +{ options.my.services.gnome = with lib; { enable = mkEnableOption "gnome"; }; config = lib.mkIf cfg.enable { diff --git a/modules/services/grafana/default.nix b/modules/services/grafana/default.nix index fd80263..063a1c9 100644 --- a/modules/services/grafana/default.nix +++ b/modules/services/grafana/default.nix @@ -2,7 +2,8 @@ let cfg = config.my.services.grafana; secrets = config.age.secrets; -in { +in +{ options.my.services.grafana = with lib; { enable = mkEnableOption "grafana observability stack"; vhostName = mkOption { diff --git a/modules/services/metrics-exporter/default.nix b/modules/services/metrics-exporter/default.nix index b461bd2..f489f78 100644 --- a/modules/services/metrics-exporter/default.nix +++ b/modules/services/metrics-exporter/default.nix @@ -1,6 +1,7 @@ { config, pkgs, lib, ... }: let cfg = config.my.services.metrics-exporter; -in { +in +{ options.my.services.metrics-exporter = with lib; { enable = mkEnableOption "Prometheus metrics exporter"; }; diff --git a/modules/services/navidrome/default.nix b/modules/services/navidrome/default.nix index 55c7345..280da90 100644 --- a/modules/services/navidrome/default.nix +++ b/modules/services/navidrome/default.nix @@ -2,7 +2,8 @@ let cfg = config.my.services.navidrome; secrets = config.age.secrets; -in { +in +{ options.my.services.navidrome = with lib; { enable = mkEnableOption "Navidrome Music Server"; vhostName = mkOption { diff --git a/modules/services/nginx/default.nix b/modules/services/nginx/default.nix index ad15f33..d93da7a 100644 --- a/modules/services/nginx/default.nix +++ b/modules/services/nginx/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.my.services.nginx; -in { +in +{ options.my.services.nginx = with lib; { enable = mkEnableOption "Nginx"; }; config = lib.mkIf cfg.enable { services.nginx = { diff --git a/modules/services/nginx/sso/default.nix b/modules/services/nginx/sso/default.nix index 27ed7d6..d7a6c7f 100644 --- a/modules/services/nginx/sso/default.nix +++ b/modules/services/nginx/sso/default.nix @@ -4,7 +4,8 @@ let cfg = config.services.nginx.sso; pkg = lib.getBin cfg.package; confPath = "/var/lib/nginx-sso/config.json"; -in { +in +{ disabledModules = [ "services/security/nginx-sso.nix" ]; options.services.nginx.sso = with lib; { enable = mkEnableOption "nginx-sso service"; diff --git a/modules/services/prometheus/default.nix b/modules/services/prometheus/default.nix index 0c66f47..5228083 100644 --- a/modules/services/prometheus/default.nix +++ b/modules/services/prometheus/default.nix @@ -46,7 +46,8 @@ let regex = "192.168.6.20:(.*)"; } ]; -in { +in +{ options.my.services.prometheus = with lib; { enable = mkEnableOption "Prometheus monitoring solution"; }; diff --git a/modules/services/rclone/default.nix b/modules/services/rclone/default.nix index afba321..cbef0c3 100644 --- a/modules/services/rclone/default.nix +++ b/modules/services/rclone/default.nix @@ -2,7 +2,8 @@ let cfg = config.my.services.rclone; secrets = config.age.secrets; -in { +in +{ options.my.services.rclone = with lib; { enable = mkEnableOption "rclone backup service"; }; @@ -18,19 +19,21 @@ in { }; services.rclone-sync = { description = "synchronize restic repository to GCS"; - serviceConfig = let - rcloneOptions = "--config=${ + serviceConfig = + let + rcloneOptions = "--config=${ secrets."rclone/config.ini".path } --gcs-service-account-file=${ secrets."rclone/gcs_service_account.json".path } --fast-list --verbose"; - in { - Type = "oneshot"; - ExecStart = [ - "${pkgs.rclone}/bin/rclone ${rcloneOptions} sync /data/slow/backups/systems gbackup:fcuny-backups-systems" - "${pkgs.rclone}/bin/rclone ${rcloneOptions} sync /data/slow/backups/users gbackup:fcuny-backups-users" - ]; - }; + in + { + Type = "oneshot"; + ExecStart = [ + "${pkgs.rclone}/bin/rclone ${rcloneOptions} sync /data/slow/backups/systems gbackup:fcuny-backups-systems" + "${pkgs.rclone}/bin/rclone ${rcloneOptions} sync /data/slow/backups/users gbackup:fcuny-backups-users" + ]; + }; }; }; }; diff --git a/modules/services/samba/default.nix b/modules/services/samba/default.nix index b5d150d..6dc6671 100644 --- a/modules/services/samba/default.nix +++ b/modules/services/samba/default.nix @@ -12,7 +12,8 @@ let "force user" = "nobody"; }; }; -in { +in +{ options.my.services.samba = with lib; { enable = mkEnableOption "Samba"; publicShares = mkOption { diff --git a/modules/services/sourcegraph/default.nix b/modules/services/sourcegraph/default.nix index e533b9d..10c1880 100644 --- a/modules/services/sourcegraph/default.nix +++ b/modules/services/sourcegraph/default.nix @@ -2,7 +2,8 @@ let cfg = config.my.services.sourcegraph; secrets = config.age.secrets; -in { +in +{ options.my.services.sourcegraph = with lib; { enable = mkEnableOption "sourcegraph server"; vhostName = mkOption { diff --git a/modules/services/syncthing/default.nix b/modules/services/syncthing/default.nix index 7f7ed3a..7f795bf 100644 --- a/modules/services/syncthing/default.nix +++ b/modules/services/syncthing/default.nix @@ -2,7 +2,8 @@ let cfg = config.my.services.syncthing; secrets = config.age.secrets; -in { +in +{ options.my.services.syncthing = with lib; { enable = mkEnableOption "syncthing service"; }; diff --git a/modules/services/tailscale/default.nix b/modules/services/tailscale/default.nix index 73cf06b..14753f4 100644 --- a/modules/services/tailscale/default.nix +++ b/modules/services/tailscale/default.nix @@ -1,6 +1,7 @@ { config, lib, ... }: let cfg = config.my.services.tailscale; -in { +in +{ options.my.services.tailscale = with lib; { enable = mkEnableOption "tailscale configuration"; diff --git a/modules/services/thermald/default.nix b/modules/services/thermald/default.nix index 8325b86..78a1ac4 100644 --- a/modules/services/thermald/default.nix +++ b/modules/services/thermald/default.nix @@ -1,7 +1,8 @@ # thermal control management { config, lib, ... }: let cfg = config.my.services.thermald; -in { +in +{ options.my.services.thermald = { enable = lib.mkEnableOption "thermald configuration"; }; diff --git a/modules/services/tlp/default.nix b/modules/services/tlp/default.nix index 2f818e5..dc640f7 100644 --- a/modules/services/tlp/default.nix +++ b/modules/services/tlp/default.nix @@ -1,7 +1,8 @@ # TLP power management { config, lib, ... }: let cfg = config.my.services.tlp; -in { +in +{ options.my.services.tlp = { enable = lib.mkEnableOption "TLP power management configuration"; }; diff --git a/modules/services/transmission/default.nix b/modules/services/transmission/default.nix index 57bea77..c44034b 100644 --- a/modules/services/transmission/default.nix +++ b/modules/services/transmission/default.nix @@ -2,7 +2,8 @@ let cfg = config.my.services.transmission; secrets = config.age.secrets; -in { +in +{ options.my.services.transmission = with lib; { enable = mkEnableOption "transmission torrent server"; vhostName = mkOption { diff --git a/modules/services/unifi/default.nix b/modules/services/unifi/default.nix index 3c70238..a311755 100644 --- a/modules/services/unifi/default.nix +++ b/modules/services/unifi/default.nix @@ -17,7 +17,8 @@ let 10001 # UDP port used for device discovery. ]; }; -in { +in +{ options.my.services.unifi = with lib; { enable = mkEnableOption "Unifi controller"; vhostName = mkOption { diff --git a/modules/system/boot/default.nix b/modules/system/boot/default.nix index b037f63..cac1cec 100644 --- a/modules/system/boot/default.nix +++ b/modules/system/boot/default.nix @@ -1,6 +1,7 @@ { pkgs, config, lib, ... }: let cfg = config.my.system.boot; -in { +in +{ options.my.system.boot = with lib; { tmp = { clean = mkEnableOption "clean `/tmp` on boot."; }; initrd = { diff --git a/modules/system/fonts/default.nix b/modules/system/fonts/default.nix index df01140..71a7fdb 100644 --- a/modules/system/fonts/default.nix +++ b/modules/system/fonts/default.nix @@ -1,6 +1,7 @@ { pkgs, config, lib, ... }: let cfg = config.my.systems.fonts; -in { +in +{ options.my.systems.fonts = with lib; { enable = mkEnableOption "fonts configuration"; }; diff --git a/modules/system/packages/default.nix b/modules/system/packages/default.nix index d260f20..84cfac2 100644 --- a/modules/system/packages/default.nix +++ b/modules/system/packages/default.nix @@ -2,7 +2,8 @@ { config, lib, pkgs, ... }: with lib; let linuxpkgs = config.boot.kernelPackages; -in { +in +{ # It's always useful to have bash around environment.shells = with pkgs; [ bashInteractive ]; diff --git a/modules/system/users/default.nix b/modules/system/users/default.nix index 3086f18..98e9801 100644 --- a/modules/system/users/default.nix +++ b/modules/system/users/default.nix @@ -2,7 +2,8 @@ let groupExists = grp: builtins.hasAttr grp config.users.groups; groupsIfExist = builtins.filter groupExists; -in { +in +{ # Users are managed through this configuration. If a user is added # manually, it will be removed on system activation. users.mutableUsers = false; |