diff --git a/config/default.nix b/config/default.nix index 331fe6c..898f9d7 100644 --- a/config/default.nix +++ b/config/default.nix @@ -1,8 +1,6 @@ { config, lib, pkgs, ... }: -let - cfg = import ("/etc/nixos/machines/" + (builtins.replaceStrings ["\n"] [""] (builtins.readFile /etc/hostname)) + "/configuration.nix"); -in { +{ imports = [ ./etc.nix ./locale.nix @@ -10,5 +8,5 @@ in { ./nix.nix ./users.nix ./zsh.nix - ] ++ (if cfg.conf.networking.hostName != "Ophanim" then [./fonts.nix] else [./security.nix]); + ] ++ (if (config.machine.hostName != "Ophanim") then [./fonts.nix] else [./security.nix]); } diff --git a/config/networking.nix b/config/networking.nix index 47ff177..1cb0053 100644 --- a/config/networking.nix +++ b/config/networking.nix @@ -1,18 +1,18 @@ { config, lib, pkgs, ... }: let - cfg = import ("/etc/nixos/machines/" + (builtins.replaceStrings ["\n"] [""] (builtins.readFile /etc/hostname)) + "/configuration.nix"); + firewallcfg = config.machine.networking.firewall; in { networking = { - hostName = cfg.conf.networking.hostName; - # should probably add some etc file for this.... + hostName = config.machine.hostName; + firewall = { enable = true; - allowPing = cfg.conf.networking.firewall.allowPing; - allowedUDPPorts = cfg.conf.networking.firewall.allowedUDPPorts; - allowedTCPPorts = cfg.conf.networking.firewall.allowedTCPPorts; - allowedUDPPortRanges = cfg.conf.networking.firewall.allowedUDPPortRanges; - allowedTCPPortRanges = cfg.conf.networking.firewall.allowedTCPPortRanges; + allowPing = firewallcfg.allowPing; + allowedUDPPorts = firewallcfg.allowedUDPPorts; + allowedTCPPorts = firewallcfg.allowedTCPPorts; + allowedUDPPortRanges = firewallcfg.allowedUDPPortRanges; + allowedTCPPortRanges = firewallcfg.allowedTCPPortRanges; }; }; } diff --git a/config/users.nix b/config/users.nix index 2db311c..20365dc 100644 --- a/config/users.nix +++ b/config/users.nix @@ -1,8 +1,6 @@ { config, lib, pkgs, ... }: -let - cfg = with lib; import ("/etc/nixos/machines/" + (replaceStrings ["\n"] [""] (readFile /etc/hostname)) + "/configuration.nix"); -in { +{ users = { mutableUsers = false; users.derped = { @@ -11,11 +9,11 @@ in { createHome = true; description = ""; group = "derped"; - extraGroups = [ "audio" "wheel" "network" ] ++ (if cfg.conf.networking.hostName != "Ophanim" then ["input" "cups" "lp"] else []); + extraGroups = [ "audio" "wheel" "network" ] ++ (if config.machine.hostName != "Ophanim" then ["input" "cups" "lp" "docker"] else []); uid = 1337; shell = "/run/current-system/sw/bin/zsh"; passwordFile = "/secret/derped"; - openssh.authorizedKeys.keyFiles = (if cfg.conf.networking.hostName != "Ophanim" then [] else [ "/secret/derped.pub" ]); + openssh.authorizedKeys.keyFiles = (if config.machine.hostName != "Ophanim" then [] else [ "/secret/derped.pub" ]); }; groups.derped = { diff --git a/configuration.nix b/configuration.nix index fa8fc01..3435336 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,13 +1,24 @@ { config, lib, pkgs, ... }: +with lib; + let - cfg = import ("/etc/nixos/machines/" + (builtins.replaceStrings ["\n"] [""] (builtins.readFile /etc/hostname)) + "/configuration.nix"); -in { + # hint: use 'echo -n' so there is no newline char in the hostName file + cfgPath = (builtins.toPath ("/etc/nixos/machines/" + (builtins.readFile /secret/hostName) + "/configuration.nix")); +in rec { imports = [ - cfg.confPath - ./config/default.nix + cfgPath + + + # use +# config.machine.confPath + # instead of + ./machines/Lilim/Lilim.nix + + +# ./config/default.nix # same problem as above ./pkgs/nixpkgs.nix ./pkgs/pkgsets.nix - ./services/default.nix +# ./services/default.nix # same problem as above ]; } diff --git a/machines/Lilim/configuration.nix b/machines/Lilim/configuration.nix index 9476706..fabd8d9 100644 --- a/machines/Lilim/configuration.nix +++ b/machines/Lilim/configuration.nix @@ -1,32 +1,38 @@ +{ config, lib, pkgs, ... }: + +with lib; + { - confPath = ./Lilim.nix; - pkgs = [ - "base" - "emacs" - "extra" - "cpp" - "haskell" - "mailutils" - "python3" - "rustpkgs" - "xpkgs" - ]; - services = [ - ../../services/xserver.nix - ../../services/udev.nix - ../../services/cups.nix - ]; - conf = { + imports = [ ../../options/machine.nix ]; + + config.machine = { + confPath = ./Lilim.nix; + pkgs = [ + "base" + "dict" + "emacs" + "extra" + "cpp" + "haskell" + "mailutils" + "python3" + "rustpkgs" + "xpkgs" + ]; + services = [ + ../../services/xserver.nix + ../../services/docker.nix + ../../services/udev.nix + ../../services/cups.nix + ]; allowUnfree = true; - networking = { - hostName = "Lilim"; - firewall = { - allowPing = true; - allowedUDPPorts = []; - allowedTCPPorts = []; - allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; - allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; - }; + hostName = "Lilim"; + firewall = { + allowPing = true; + allowedUDPPorts = []; + allowedTCPPorts = []; + allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; + allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; }; }; } diff --git a/machines/Ophanim/hardware-configuration.nix b/machines/Ophanim/hardware-configuration.nix index 83fc558..3430419 100644 --- a/machines/Ophanim/hardware-configuration.nix +++ b/machines/Ophanim/hardware-configuration.nix @@ -7,7 +7,7 @@ boot = { initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; - kernelPackages = pkgs.linuxPackages_latest; + kernelPackages = pkgs.linuxPackages_latest_hardened; kernelModules = [ ]; extraModulePackages = [ ]; loader.grub = { diff --git a/options/machine.nix b/options/machine.nix new file mode 100644 index 0000000..739eed1 --- /dev/null +++ b/options/machine.nix @@ -0,0 +1,70 @@ +{ config, pkgs, lib, ... }: + +with lib; + +{ + options.machine = { + confPath = mkOption { + type = types.path; + description = '' + Path to the machines configuration.nix + ''; + }; + allowUnfree = mkOption { + type = types.bool; + description = '' + Wether to allow the installation of unfree packages. + ''; + }; + pkgs = mkOption { + type = types.listOf types.string; + description = '' + The list of metapackages to be installed. + ''; + }; + services = mkOption { + type = types.listOf types.path; + description = '' + List of services to be enabled. + ''; + }; + hostName = mkOption { + type = types.str; + description = '' + The Machines HostName + ''; + }; + firewall = { + allowPing = mkOption { + type = types.bool; + description = '' + See networking.firewall.allowPing. + ''; + }; + allowedUDPPorts = mkOption { + type = types.listOf types.int; + description = '' + See networking.firewall.allowerdUDPPorts. + ''; + }; + allowedTCPPorts = mkOption { + type = types.listOf types.int; + description = '' + See networking.firewall.allowedTCPPorts. + ''; + }; + allowedUDPPortRanges = mkOption { + type = types.listOf (types.attrsOf types.int); + description = '' + See networking.firewall.allowerdUDPPortRanges. + ''; + }; + allowedTCPPortRanges = mkOption { + type = types.listOf (types.attrsOf types.int); + description = '' + See networking.firewall.allowedTCPPortRanges. + ''; + }; + }; + }; +} diff --git a/pkgs/pkgsets.nix b/pkgs/pkgsets.nix index c0c401e..c89dbcf 100644 --- a/pkgs/pkgsets.nix +++ b/pkgs/pkgsets.nix @@ -3,9 +3,10 @@ gitpkgs ? import /nixpkgs/default.nix, config, lib, pkgs, ... }: +with lib; + let - cfg = with lib; import ("/etc/nixos/machines/" + (replaceStrings ["\n"] [""] (readFile /etc/hostname)) + "/configuration.nix"); - optPkgs = with lib; package: pkgstring: if elem pkgstring cfg.pkgs then package else []; + optPkgs = package: pkgstring: if elem pkgstring config.machine.pkgs then package else []; gitpkgs = import /nixpkgs/default.nix {}; # Programms I'm likely to want on every machine and/or may execute as root @@ -36,7 +37,7 @@ let nix-update-source nix-zsh-completions nixbang -# nixops + nixops nmap nox ntfs3g @@ -66,6 +67,12 @@ let zsh ]; + dict = with pkgs; [ + translate-shell + ( hunspellWithDicts (with pkgs.hunspellDicts; [ de-de en-us ] )) + ( aspellWithDicts (d: [ d.de d.en d.en-computers d.en-science ] )) + ]; + emacs = gitpkgs.emacsWithPackages (epkgs: with epkgs; [ /* Theming */ solarized-theme color-theme-sanityinc-tomorrow moe-theme powerline moody minions @@ -80,6 +87,7 @@ let wsd-mode plantuml-mode /* Other Stuff, not yet sorted */ + google-translate transmission org-plus-contrib orgit ox-gfm ox-rst eclim @@ -152,7 +160,7 @@ let }) ]; - python3 = gitpkgs.python3Full.withPackages(ps: with ps; [ + python3 = gitpkgs.python3Full.withPackages(ps: with ps; [ GitPython bpython configparser @@ -160,6 +168,7 @@ let elpy emoji epc + genanki numpy opencv3 paho-mqtt @@ -168,7 +177,6 @@ let pip plotly pyflakes - pygame_sdl2 pylama pylint pyopengl @@ -201,10 +209,9 @@ let # flask_sqlalchemy # flask_testing # flask_wtf -# flaskbabel +# flaskbabel /* temporarily fix python stuff */ py3status pytz tzlocal - ]); rustpkgs = with pkgs; [ @@ -243,6 +250,7 @@ let in { environment.systemPackages = base + ++ (optPkgs dict "dict") ++ (optPkgs [emacs] "emacs") ++ (optPkgs extra "extra") ++ (optPkgs mailutils "mailutils") @@ -256,8 +264,8 @@ in { ++ (optPkgs xpkgs "xpkgs"); services.emacs = { - enable = (lib.elem "emacs" cfg.pkgs); - install = (lib.elem "emacs" cfg.pkgs); + enable = (elem "emacs" config.machine.pkgs); + install = (elem "emacs" config.machine.pkgs); package = emacs; }; } diff --git a/services/default.nix b/services/default.nix index 11c88fd..54c12fa 100644 --- a/services/default.nix +++ b/services/default.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: -let - cfg = import ("/etc/nixos/machines/" + (builtins.replaceStrings ["\n"] [""] (builtins.readFile /etc/hostname)) + "/configuration.nix"); -in { - imports = cfg.services; +with lib; + +{ + imports = config.machine.services; } diff --git a/services/docker.nix b/services/docker.nix new file mode 100644 index 0000000..9752c51 --- /dev/null +++ b/services/docker.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: + +# Note: add privileged users to docker group for access +{ + virtualisation.docker.enable = true; + environment.systemPackages = with pkgs; [ docker-compose docker-machine ]; + ### Docker Image stuff will probably follow here +}