-
Notifications
You must be signed in to change notification settings - Fork 1
/
default.nix
120 lines (118 loc) · 2.58 KB
/
default.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
{
config,
lib,
isDarwin,
isServer,
hostName,
...
}: let
cfg = config.vyxos;
inherit (lib) types mkOption mkMerge;
inherit (lib) optionals optionalAttrs;
hostData = (lib.importTOML ../hosts.toml).${hostName};
in {
imports =
[
./secrets
./fish
./nix
./cowsay
]
++ optionals (!hostData.server) [
# Desktops
./ghostty
]
++ optionals (!isDarwin) [
# Linux
./borg
]
++ optionals (!isDarwin && !hostData.server) [
# Linux desktops
./desktop
]
++ optionals (hostData.server) [
# Servers
./fxsync
./nginx
./net
];
options.vyxos =
{
vyxUser = mkOption {
type = types.str;
example = "kivikakk";
default = hostData.user;
readOnly = true;
};
vyxUserId = mkOption {
type = types.int;
example = 1000;
default = hostData.uid or 1000;
readOnly = true;
};
hostName = mkOption {
type = types.str;
example = "exampleHost";
default = hostName;
readOnly = true;
};
isServer = mkOption {
type = types.bool;
default = hostData.server;
readOnly = true;
};
}
// optionalAttrs (!isDarwin) {
timeZone = mkOption {
type = types.str;
default = "Australia/Melbourne";
};
hostId = mkOption {
type = types.str;
default = hostData.hostId;
readOnly = true;
};
};
config = mkMerge [
{
networking.hostName = cfg.hostName;
}
(optionalAttrs (!isDarwin) {
time.timeZone = cfg.timeZone;
security = {
doas = {
enable = true;
extraRules = [
{
groups = ["wheel"];
noPass = true;
keepEnv = true;
}
];
};
acme = {
acceptTerms = true;
defaults = {email = "[email protected]";};
};
};
users.users = {
root = {
initialHashedPassword = builtins.readFile ../private/secrets/hashedpassword-root;
};
${cfg.vyxUser} = {
uid = cfg.vyxUserId;
isNormalUser = true;
hashedPassword = builtins.readFile ../private/secrets/hashedpassword-vyxuser;
description = cfg.vyxUser;
extraGroups = ["wheel"];
};
};
services.openssh = {
enable = true;
openFirewall = false;
settings = {PasswordAuthentication = false;};
};
nix.settings.trusted-users = [config.vyxos.vyxUser];
})
];
}