diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b2be92b --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +result diff --git a/flake.nix b/flake.nix index a496ee0..3de9a85 100644 --- a/flake.nix +++ b/flake.nix @@ -111,7 +111,21 @@ "c2" "fw" ] - ); + ) + // { + "test-vm" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + inherit specialArgs; + modules = [ + { + imports = [ + ./mod + ./host/test-vm + ]; + } + ]; + }; + }; colmenaHive = colmena.lib.makeHive { meta = { diff --git a/host/test-vm/default.nix b/host/test-vm/default.nix new file mode 100644 index 0000000..43a7de8 --- /dev/null +++ b/host/test-vm/default.nix @@ -0,0 +1,38 @@ +{ pkgs, ... }: +{ + networking.hostName = "test-vm"; + services.syncthing.enable = false; + hd.common.users.enable = false; # default user depends on age + + users = { + mutableUsers = false; + users."hd" = { + description = "Henri"; + isNormalUser = true; + createHome = true; + home = "/home/hd"; + extraGroups = [ "wheel" ]; + shell = pkgs.fish; + packages = [ ]; + password = ""; + }; + users.root.hashedPassword = "!"; + }; + + boot = { + loader = { + efi.canTouchEfiVariables = true; + grub = { + enable = true; + efiSupport = true; + device = "nodev"; + }; + }; + + kernelPackages = pkgs.linuxPackages_6_12; + initrd.systemd.network.wait-online.enable = false; + }; + + # ====== DON'T CHANGE ====== + system.stateVersion = "24.11"; +} diff --git a/mod/common/default.nix b/mod/common/default.nix index 72c6d87..699162f 100644 --- a/mod/common/default.nix +++ b/mod/common/default.nix @@ -6,6 +6,15 @@ ... }: with lib; +let + mkCommonOption = + name: + mkOption { + type = types.bool; + default = config.hd.common.enable; + description = "Enables" ++ name; + }; +in { options.hd.common.enable = mkOption { type = types.bool; @@ -14,45 +23,12 @@ with lib; }; options.hd.common = { - locale = { - enable = mkOption { - type = types.bool; - default = config.hd.common.enable; - description = "Enable locale settings"; - }; - }; - - nix = { - enable = mkOption { - type = types.bool; - default = config.hd.common.enable; - description = "Enable Nix-related configuration"; - }; - }; - - security = { - enable = mkOption { - type = types.bool; - default = config.hd.common.enable; - description = "Enable security-related configuration"; - }; - }; - - shell = { - enable = mkOption { - type = types.bool; - default = config.hd.common.enable; - description = "Enable basic shell utilities"; - }; - }; - - users = { - enable = mkOption { - type = types.bool; - default = config.hd.common.enable; - description = "Enable default user accounts"; - }; - }; + locale.enable = mkCommonOption "locale settings"; + nix.enable = mkCommonOption "nix settings"; + security.enable = mkCommonOption "security settings"; + shell.enable = mkCommonOption "shell utilities"; + users.enable = mkCommonOption "default users"; + secrets.enable = mkCommonOption "agenix secrets"; }; imports = [ diff --git a/mod/syncthing.nix b/mod/syncthing.nix index ced8615..2422907 100644 --- a/mod/syncthing.nix +++ b/mod/syncthing.nix @@ -55,16 +55,12 @@ in group = config.services.syncthing.group; }; - services.syncthing = lib.mkIf cfg.enable ( - assert lib.assertMsg (builtins.elem this var.syncthing.device-names.all) - "${this} is not in devices in mod/syncthing.nix"; - { - settings = { - inherit folders; - devices = var.syncthing.devices; - }; - key = lib.optionalAttrs is-managed config.age.secrets.syncthing-key.path; - cert = lib.optionalAttrs is-managed "${../pki/syncthing + "/${this}.cert"}"; - } - ); + services.syncthing = lib.mkIf cfg.enable ({ + settings = { + inherit folders; + devices = var.syncthing.devices; + }; + key = lib.optionalAttrs is-managed config.age.secrets.syncthing-key.path; + cert = lib.optionalAttrs is-managed "${../pki/syncthing + "/${this}.cert"}"; + }); }