diff --git a/flake.nix b/flake.nix index 508729b..53e35f5 100644 --- a/flake.nix +++ b/flake.nix @@ -21,7 +21,15 @@ lib = nixpkgs.lib; lib' = import ./lib.nix { inherit lib; }; mod = lib'.walk-dir ./mod; - specialArgs = { inherit inputs lib' mod; }; + var = lib'.walk-dir ./var; + specialArgs = { + inherit + inputs + lib' + mod + var + ; + }; in { nixosConfigurations = { @@ -30,7 +38,8 @@ inherit specialArgs; modules = [ ./host/solo - mod.shared.pc + mod.common._nixos_mod + mod.pc-common._nixos_mod ]; }; @@ -39,7 +48,8 @@ inherit specialArgs; modules = [ ./host/c2 - mod.shared.pc + mod.common._nixos_mod + mod.pc-common._nixos_mod ]; }; }; @@ -58,7 +68,7 @@ }; imports = [ ./host/roam - mod.shared.all + mod.common._nixos_mod ]; }; }; diff --git a/host/roam/services/networking.nix b/host/roam/modules/networking.nix similarity index 74% rename from host/roam/services/networking.nix rename to host/roam/modules/networking.nix index 05a80f3..dc4603a 100644 --- a/host/roam/services/networking.nix +++ b/host/roam/modules/networking.nix @@ -16,13 +16,10 @@ address = "fe80::1"; interface = "ens3"; }; + }; - firewall = { - enable = true; - allowedTCPPorts = [ - 80 - 443 - ]; - }; + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; }; } diff --git a/host/roam/services/security.nix b/host/roam/modules/security.nix similarity index 100% rename from host/roam/services/security.nix rename to host/roam/modules/security.nix diff --git a/host/roam/modules/services.nix b/host/roam/modules/services.nix new file mode 100644 index 0000000..fc11a89 --- /dev/null +++ b/host/roam/modules/services.nix @@ -0,0 +1,47 @@ +{ config, ... }: +let + headscale-domain = "headscale.hdohmen.de"; +in +{ + services = { + # TODO: maybe just use wireguard... + /* + headscale = { + enable = true; + address = "127.0.0.1"; + port = 8080; + settings = { + server_url = "https://${headscale-domain}"; + prefixes.v4 = "100.10.11.0/24"; + prefixes.v6 = "fd7a:115c:1011::/48"; + dns = { + magic_dns = true; + base_domain = "net.hdohmen.de"; + }; + }; + }; + */ + + nginx = { + enable = true; + /* + virtualHosts.${headscale-domain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.headscale.port}"; + proxyWebsockets = true; + }; + }; + */ + }; + }; + + networking.firewall = { + enable = true; + allowedTCPPorts = [ + 80 + 443 + ]; + }; +} diff --git a/host/roam/modules/wireguard.nix b/host/roam/modules/wireguard.nix new file mode 100644 index 0000000..80f30f6 --- /dev/null +++ b/host/roam/modules/wireguard.nix @@ -0,0 +1,25 @@ +{ ... }: +let + wireguard-port = 51820; + wireguard-subnet = "100.10.11.0/24"; +in +{ + networking = { + nat = { + enable = true; + externalInterface = "ens3"; + internalInterfaces = [ "wg0" ]; + }; + + firewall.allowedUDPPorts = [ wireguard-port ]; + + wireguard = { + enable = true; + interfaces."wg0" = { + ips = [ wireguard-subnet ]; + listenPort = wireguard-port; + privateKeyFile = "/var/secrets/wg0.key"; + }; + }; + }; +} diff --git a/host/roam/services/services.nix b/host/roam/services/services.nix deleted file mode 100644 index 5d0eb59..0000000 --- a/host/roam/services/services.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, ... }: -let - headscale-domain = "headscale.hdohmen.de"; -in -{ - services = { - # TODO: maybe just use wireguard... - headscale = { - enable = true; - address = "127.0.0.1"; - port = 8080; - settings = { - server_url = "https://${headscale-domain}"; - prefixes.v4 = "100.10.11.0/24"; - prefixes.v6 = "fd7a:115c:1011::/48"; - dns = { - magic_dns = true; - base_domain = "net.hdohmen.de"; - }; - }; - }; - - nginx = { - enable = true; - virtualHosts.${headscale-domain} = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.headscale.port}"; - proxyWebsockets = true; - }; - }; - }; - - openssh = { - enable = true; - settings.PasswordAuthentication = false; - }; - }; -} diff --git a/host/solo/default.nix b/host/solo/default.nix index e29bf18..be09b34 100644 --- a/host/solo/default.nix +++ b/host/solo/default.nix @@ -1,12 +1,8 @@ -{ mod, ... }: +{ lib', ... }: { networking.hostName = "solo"; - imports = with mod; [ - software.keyboard - nvidia-gpu - ./hardware-configuration.nix - ]; + imports = lib'.import-recursive ./.; powerManagement = { enable = true; diff --git a/mod/software/keyboard.nix b/host/solo/keyboard.nix similarity index 100% rename from mod/software/keyboard.nix rename to host/solo/keyboard.nix diff --git a/mod/nvidia-gpu.nix b/host/solo/nvidia-gpu.nix similarity index 100% rename from mod/nvidia-gpu.nix rename to host/solo/nvidia-gpu.nix diff --git a/lib.nix b/lib.nix index 89b3619..21e21f3 100644 --- a/lib.nix +++ b/lib.nix @@ -1,23 +1,33 @@ { lib, ... }: rec { - # TODO make a version that only includes nix paths. walk-dir = path: let dir = builtins.readDir path; - in - lib.mapAttrs' (name: value: { - name = lib.removeSuffix ".nix" name; - value = - if value == "regular" then - path + "/${name}" - else if value == "directory" then - walk-dir (path + "/${name}") - else - builtins.throw "Items of type ${value} are unsupported."; - }) dir; - # Takes a path `p` and returns a flattened lists of all files in that - # directory, ignoring `p/default.nix`. - import-recursive = path: lib.attrsets.collect builtins.isPath (walk-dir path // { default = { }; }); + subpaths = lib.mapAttrs' (filename: value: { + name = lib.removeSuffix ".nix" filename; + value = + if value == "regular" then + path + "/${filename}" + else if value == "directory" then + walk-dir (path + "/${filename}") + else + builtins.throw "Items of type ${value} are unsupported."; + }) dir; + in + subpaths + // rec { + _files = lib.collect builtins.isPath (subpaths // { default = { }; }); + _nix_files = builtins.filter (lib.hasSuffix ".nix") _files; + _nixos_mod = + { ... }: + { + imports = _nix_files; + }; + }; + + # Takes a path `p` and returns a list of all files in that + # directory recursively, ignoring `p/default.nix`. + import-recursive = path: (walk-dir path)._files; } diff --git a/mod/boot.nix b/mod/common/boot.nix similarity index 100% rename from mod/boot.nix rename to mod/common/boot.nix diff --git a/mod/locale.nix b/mod/common/locale.nix similarity index 100% rename from mod/locale.nix rename to mod/common/locale.nix diff --git a/mod/nix-configuration.nix b/mod/common/nix.nix similarity index 100% rename from mod/nix-configuration.nix rename to mod/common/nix.nix diff --git a/mod/shell.nix b/mod/common/shell.nix similarity index 100% rename from mod/shell.nix rename to mod/common/shell.nix diff --git a/mod/users.nix b/mod/common/users.nix similarity index 100% rename from mod/users.nix rename to mod/common/users.nix diff --git a/mod/audio.nix b/mod/pc-common/audio.nix similarity index 100% rename from mod/audio.nix rename to mod/pc-common/audio.nix diff --git a/mod/fonts.nix b/mod/pc-common/fonts.nix similarity index 100% rename from mod/fonts.nix rename to mod/pc-common/fonts.nix diff --git a/mod/gpg.nix b/mod/pc-common/gpg.nix similarity index 100% rename from mod/gpg.nix rename to mod/pc-common/gpg.nix diff --git a/mod/home-manager.nix b/mod/pc-common/home-manager.nix similarity index 100% rename from mod/home-manager.nix rename to mod/pc-common/home-manager.nix diff --git a/mod/network.nix b/mod/pc-common/network.nix similarity index 100% rename from mod/network.nix rename to mod/pc-common/network.nix diff --git a/mod/shared/pc.nix b/mod/pc-common/nix.nix similarity index 53% rename from mod/shared/pc.nix rename to mod/pc-common/nix.nix index 119ece8..29847dc 100644 --- a/mod/shared/pc.nix +++ b/mod/pc-common/nix.nix @@ -1,22 +1,5 @@ -{ mod, lib, ... }: +{ lib, ... }: { - imports = with mod; [ - shared.all - - audio - fonts - gpg - home-manager - network - nix-configuration - security - services - software.development - software.editors - software.programs - software.window-manager - ]; - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ @@ -32,5 +15,4 @@ ]; programs.nix-ld.enable = true; - } diff --git a/mod/security.nix b/mod/pc-common/security.nix similarity index 100% rename from mod/security.nix rename to mod/pc-common/security.nix diff --git a/mod/services.nix b/mod/pc-common/services.nix similarity index 100% rename from mod/services.nix rename to mod/pc-common/services.nix diff --git a/mod/software/development.nix b/mod/pc-common/software/development.nix similarity index 100% rename from mod/software/development.nix rename to mod/pc-common/software/development.nix diff --git a/mod/software/editors.nix b/mod/pc-common/software/editors.nix similarity index 100% rename from mod/software/editors.nix rename to mod/pc-common/software/editors.nix diff --git a/mod/software/programs.nix b/mod/pc-common/software/programs.nix similarity index 100% rename from mod/software/programs.nix rename to mod/pc-common/software/programs.nix diff --git a/mod/software/window-manager.nix b/mod/pc-common/software/window-manager.nix similarity index 100% rename from mod/software/window-manager.nix rename to mod/pc-common/software/window-manager.nix diff --git a/mod/shared/all.nix b/mod/shared/all.nix deleted file mode 100644 index 8571a8b..0000000 --- a/mod/shared/all.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ mod, ... }: -{ - imports = with mod; [ - boot - locale - nix-configuration - shell - users - ]; -} diff --git a/var/wireguard-network.nix b/var/wireguard-network.nix new file mode 100644 index 0000000..6736b88 --- /dev/null +++ b/var/wireguard-network.nix @@ -0,0 +1,12 @@ +rec { + peers = { + "roam" = { + publicKey = "yUbdRfRFFVe4FPUaD7pVByLRhpF9Yl1kethxRUHpVgs="; + }; + "solo" = { + publicKey = "SRDguh0aN/RH8q/uB09w/OZTbP9JZZy0ABowbWIfkTk="; + }; + }; + + peersFor = host: { }; # TODO: return peers. +}