Modularized configuration now kind of works. (still need to do some refactoring)

2019-03-20 02:57:59 +01:00 · 2019-03-20 02:57:59 +01:00 · 14332b2c7b
commit 14332b2c7b
parent a0f361425a
24 changed files with 144 additions and 85 deletions
--- a/services/cups.nix
+++ b/services/cups.nix
@ -1,6 +1,8 @@
 { config, lib, pkgs, ... }:

-{
+with lib;
+
+mkIf (elem "cups" config.machine.services) {
  services.printing = {
    enable = true;
    startWhenNeeded = true;
--- a/services/default.nix
+++ b/services/default.nix
@ -1,7 +1,19 @@
 { config, lib, pkgs, ... }:

-with lib;
-
 {
-  imports = config.machine.services;
+  imports = [
+    ./cups.nix
+    ./docker.nix
+    ./fail2ban.nix
+    ./gitea.nix
+    ./hydra.nix
+    ./mailserver/default.nix
+    ./mailserver.nix
+    ./mariaDB.nix
+    ./nextcloud.nix
+    ./nginx.nix
+    ./openssh.nix
+    ./udev.nix
+    ./xserver.nix
+  ];
 }
--- a/services/docker.nix
+++ b/services/docker.nix
@ -1,7 +1,9 @@
 { config, lib, pkgs, ... }:

 # Note: add privileged users to docker group for access
-{
+with lib;
+
+mkIf (elem "docker" config.machine.services) {
  virtualisation.docker.enable = true;
  environment.systemPackages = with pkgs; [ docker-compose docker-machine ];
  ### Docker Image stuff will probably follow here
--- a/services/fail2ban.nix
+++ b/services/fail2ban.nix
@ -1,7 +1,9 @@
 { config, lib, pkgs, ... }:

 # mostly taken from https://github.com/davidak/nixos-config/blob/master/services/fail2ban.nix
-{
+with lib;
+
+mkIf (elem "fail2ban" config.machine.services) {
  services.fail2ban = {
    enable = true;
    jails = { 
@ -50,7 +52,7 @@
        action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp]
        findtime = 600
        bantime = 7200
-      ''
+      '';
    };
  }; 

--- a/services/gitea.nix
+++ b/services/gitea.nix
@ -1,6 +1,8 @@
-{ stdenv, conf, pkgs, ... }:
+{ config, lib, pkgs, ... }:

-{
+with lib;
+
+mkIf (elem "gitea" config.machine.services) {
  services.gitea = {
    enable = true;
    user = "git";
--- a/services/hydra.nix
+++ b/services/hydra.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:

 # hydra user needs to be manually crated
 # sudo -u hydra -s
@ -8,7 +8,9 @@
 # https://github.com/NixOS/nixos-org-configurations/blob/master/delft/hydra.nix
 # https://gist.github.com/LnL7/fcd5c0bf772f2165a1ac40be6617d2f4

-{
+with lib;
+
+mkIf (elem "hydra" config.machine.services) {
  # also take a look at ../conf/nix.nix
  nix.buildMachines = [
    {
--- a/services/mailserver.nix
+++ b/services/mailserver.nix
@ -1,17 +1,15 @@
-{ lib, config, pkgs, ... }:
+{ config, lib, pkgs, ... }:

-{
-  imports = [
-    ./mailserver/default.nix
-  ];
+with lib;

+mkIf (elem "mailserver" config.machine.services) {
  mailserver = rec {
    enable = true;
    fqdn = "mail.ophanim.de";
    domains = [ "ophanim.de" ];
    loginAccounts = {
        "derped@ophanim.de" = {
-            hashedPassword = (builtins.replaceStrings ["\n"] [""] (builtins.readFile /secret/derped.mail));
+            hashedPassword = (builtins.readFile /secret/derped.mail);
        };
    };
    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
@ -24,9 +22,9 @@

    # Enable IMAP and POP3
    enableImap = true;
-    enablePop3 = true;
+    enablePop3 = false;
    enableImapSsl = true;
-    enablePop3Ssl = true;
+    enablePop3Ssl = false;

    # Enable the ManageSieve protocol
    enableManageSieve = true;
--- a/services/mariaDB.nix
+++ b/services/mariaDB.nix
@ -1,12 +1,14 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+with lib;

 let
-  giteapwd = (builtins.replaceStrings ["\n"] [""] (builtins.readFile /secret/gitea));
-in {
+  giteapwd = if config.services.gitea.enable then (builtins.readFile /secret/gitea) else "";
+in mkIf (elem "mariaDB" config.machine.services) {
  services.mysql = {
    enable = true;
    package = pkgs.mariadb;
-    initialDatabases = [ {
+    initialDatabases = [ mkIf config.services.gitea.enable {
      name = "gitea";
      schema = pkgs.writeText "gitea.sql"
      ''
@ -16,3 +18,4 @@ in {
    } ];
  };
 }
+
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@ -1,6 +1,8 @@
-{ conf, pkgs, ... }:
+{ config, lib, pkgs, ... }:

-{
+with lib;
+
+mkIf (elem "nextcloud" config.machine.services) {
  services.nextcloud = {
    enable = true;
    home = "/var/lib/nextcloud";
--- a/services/nginx.nix
+++ b/services/nginx.nix
@ -8,9 +8,9 @@

 { config, lib, pkgs, ... }:

-let
-  gitpkgs = import /nixpkgs/default.nix {};
-in {
+with lib;
+
+mkIf (elem "nginx" config.machine.services) {
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
--- a/services/openssh.nix
+++ b/services/openssh.nix
@ -3,7 +3,10 @@
 # For reference:
 # https://infosec.mozilla.org/guidelines/openssh.html
 # https://stribika.github.io/2015/01/04/secure-secure-shell.html
-{
+
+with lib;
+
+mkIf (elem "openssh" config.machine.services) {
  services.openssh = {
    enable = true;
    sftpFlags = [ "-f AUTHPRIV" "-l INFO" ];
--- a/services/udev.nix
+++ b/services/udev.nix
@ -1,6 +1,8 @@
 { config, lib, pkgs, ... }:

-{
+with lib;
+
+mkIf (elem "udev" config.machine.services) {
  services.udev.extraRules = ''
 Valve USB devices
 SUBSYSTEM=="usb", ATTRS{idVendor}=="28de", TAG+="uaccess", TAG+="udev-acl"