nixfiles/nixos/modules/common.nix

{ lib, pkgs, pkgs', inputs, options, config, ... }:
let
  inherit (builtins) attrValues;
  inherit (lib) flatten optional mkIf mkDefault mkMerge mkAliasDefinitions;
  inherit (lib.my) mkOpt' mkBoolOpt' dummyOption;

  defaultUsername = "dev";
  uname = config.my.user.name;
in
{
  options = with lib.types; {
    my = {
      # Pretty hacky but too lazy to figure out if there's a better way to alias the options
      user = mkOpt' (attrsOf anything) { } "User definition (as `users.users.*`).";
      homeConfig = mkOpt' anything { } "Home configuration (as `home-manager.users.*`)";

      ssh = {
        # If enabled, we can't set `authorized_keys` from home-manager because SSH won't like the file being owned by
        # root.
        strictModes = mkBoolOpt' false
          ("Specifies whether sshd(8) should check file modes and ownership of the user's files and home directory "+
          "before accepting login.");
      };
    };

    # Only present in >=22.05, so forward declare
    documentation.nixos.options.warningsAreErrors = dummyOption;
  };

  config = mkMerge [
    {
      my = {
        user = {
          name = mkDefault defaultUsername;
          isNormalUser = true;
          uid = mkDefault 1000;
          extraGroups = mkDefault [ "wheel" ];
          password = mkDefault "hunter2"; # TODO: secrets...
        };
      };

      home-manager = {
        # Installs packages in the system config instead of in the local profile on activation
        useUserPackages = mkDefault true;
      };

      users = {
        mutableUsers = false;
        users.${uname} = mkAliasDefinitions options.my.user;
      };

      # NOTE: As the "outermost" module is still being evaluated in NixOS land, special params (e.g. pkgs) won't be
      # passed to it
      home-manager.users.${uname} = config.my.homeConfig;

      security = {
        sudo.enable = mkDefault false;
        doas = {
          enable = mkDefault true;
          wheelNeedsPassword = mkDefault false;
        };
      };

      nix = {
        package = pkgs'.unstable.nixVersions.stable;
        extraOptions =
          ''
            experimental-features = nix-command flakes ca-derivations
          '';
      };
      nixpkgs = {
        overlays = [
          # TODO: Wait for https://github.com/NixOS/nixpkgs/pull/159074 to arrive to nixos-unstable
          (final: prev: { remarshal = pkgs'.master.remarshal; })
        ];
        config = {
          allowUnfree = true;
        };
      };

      documentation = {
        nixos = {
          enable = mkDefault true;
          options.warningsAreErrors = mkDefault false;
        };
      };

      time.timeZone = mkDefault "Europe/Dublin";

      boot = {
        # Use latest LTS release by default
        kernelPackages = mkDefault pkgs.linuxKernel.packages.linux_5_15;
        loader = {
          efi = {
            efiSysMountPoint = mkDefault "/boot";
            canTouchEfiVariables = mkDefault false;
          };
          grub = {
            memtest86.enable = mkDefault true;
          };
          systemd-boot = {
            enable = mkDefault true;
            editor = mkDefault true;
            consoleMode = mkDefault "max";
            configurationLimit = mkDefault 10;
            memtest86.enable = mkDefault true;
          };
        };
      };

      networking = {
        useDHCP = mkDefault false;
        enableIPv6 = mkDefault true;
      };
      virtualisation = {
        forwardPorts = flatten [
          (optional config.services.openssh.openFirewall { from = "host"; host.port = 2222; guest.port = 22; })
        ];
      };

      environment.systemPackages = with pkgs; [
        bash-completion
        vim
      ];

      services = {
        kmscon = {
          enable = mkDefault true;
          hwRender = mkDefault true;
          extraOptions = "--verbose";
          extraConfig =
            ''
              font-name=SauceCodePro Nerd Font Mono
            '';
        };

        openssh = {
          enable = mkDefault true;
          extraConfig = ''StrictModes ${if config.my.ssh.strictModes then "yes" else "no"}'';
        };
      };

      system = {
        stateVersion = "21.11";
        configurationRevision = with inputs; mkIf (self ? rev) self.rev;
      };
    }
    (mkIf config.services.kmscon.enable {
      fonts.fonts = with pkgs; [
        (nerdfonts.override {
          fonts = [ "SourceCodePro" ];
        })
      ];
    })
    (mkIf config.my.build.isDevVM {
      networking.interfaces.eth0.useDHCP = mkDefault true;
    })
  ];

  meta.buildDocsInSandbox = false;
}
Add initial installer 2022-02-17 15:47:24 +00:00			`{ lib, pkgs, pkgs', inputs, options, config, ... }:`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`let`
Implement home-manager support 2022-02-13 23:06:31 +00:00			`inherit (builtins) attrValues;`
Fix dev VM networking 2022-02-17 19:14:10 +00:00			`inherit (lib) flatten optional mkIf mkDefault mkMerge mkAliasDefinitions;`
			`inherit (lib.my) mkOpt' mkBoolOpt' dummyOption;`
Add kmscon 2022-02-16 01:38:17 +00:00
			`defaultUsername = "dev";`
			`uname = config.my.user.name;`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`in`
			`{`
Add capability to choose home-manager branch 2022-02-15 20:50:27 +00:00			`options = with lib.types; {`
			`my = {`
			`# Pretty hacky but too lazy to figure out if there's a better way to alias the options`
			user = mkOpt' (attrsOf anything) { } "User definition (as `users.users.*`).";
			homeConfig = mkOpt' anything { } "Home configuration (as `home-manager.users.*`)";
Fix dev VM networking 2022-02-17 19:14:10 +00:00
			`ssh = {`
			# If enabled, we can't set `authorized_keys` from home-manager because SSH won't like the file being owned by
			`# root.`
			`strictModes = mkBoolOpt' false`
			`("Specifies whether sshd(8) should check file modes and ownership of the user's files and home directory "+`
			`"before accepting login.");`
			`};`
Add capability to choose home-manager branch 2022-02-15 20:50:27 +00:00			`};`

			`# Only present in >=22.05, so forward declare`
			`documentation.nixos.options.warningsAreErrors = dummyOption;`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`};`
Initial basic setup 2022-02-06 00:06:26 +00:00
Add kmscon 2022-02-16 01:38:17 +00:00			`config = mkMerge [`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`{`
			`my = {`
			`user = {`
			`name = mkDefault defaultUsername;`
			`isNormalUser = true;`
			`uid = mkDefault 1000;`
			`extraGroups = mkDefault [ "wheel" ];`
			`password = mkDefault "hunter2"; # TODO: secrets...`
Initial basic setup 2022-02-06 00:06:26 +00:00			`};`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`};`
Initial basic setup 2022-02-06 00:06:26 +00:00
Implement home-manager support 2022-02-13 23:06:31 +00:00			`home-manager = {`
Add capability to choose home-manager branch 2022-02-15 20:50:27 +00:00			`# Installs packages in the system config instead of in the local profile on activation`
Implement home-manager support 2022-02-13 23:06:31 +00:00			`useUserPackages = mkDefault true;`
			`};`
Initial basic setup 2022-02-06 00:06:26 +00:00
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`users = {`
			`mutableUsers = false;`
			`users.${uname} = mkAliasDefinitions options.my.user;`
			`};`
Initial basic setup 2022-02-06 00:06:26 +00:00
Implement home-manager support 2022-02-13 23:06:31 +00:00			`# NOTE: As the "outermost" module is still being evaluated in NixOS land, special params (e.g. pkgs) won't be`
			`# passed to it`
			`home-manager.users.${uname} = config.my.homeConfig;`

Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`security = {`
			`sudo.enable = mkDefault false;`
			`doas = {`
			`enable = mkDefault true;`
			`wheelNeedsPassword = mkDefault false;`
Initial basic setup 2022-02-06 00:06:26 +00:00			`};`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`};`
Initial basic setup 2022-02-06 00:06:26 +00:00
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`nix = {`
Use nixos-unstable nixVersions.stable as nix package 2022-02-17 15:59:00 +00:00			`package = pkgs'.unstable.nixVersions.stable;`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`extraOptions =`
			`''`
			`experimental-features = nix-command flakes ca-derivations`
			`'';`
			`};`
			`nixpkgs = {`
Add custom module documentation 2022-02-13 17:44:14 +00:00			`overlays = [`
Add initial installer 2022-02-17 15:47:24 +00:00			`# TODO: Wait for https://github.com/NixOS/nixpkgs/pull/159074 to arrive to nixos-unstable`
			`(final: prev: { remarshal = pkgs'.master.remarshal; })`
Add custom module documentation 2022-02-13 17:44:14 +00:00			`];`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`config = {`
			`allowUnfree = true;`
Actually working (probably) root on tmpfs 2022-02-11 01:15:24 +00:00			`};`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`};`
Actually working (probably) root on tmpfs 2022-02-11 01:15:24 +00:00
Add capability to choose home-manager branch 2022-02-15 20:50:27 +00:00			`documentation = {`
			`nixos = {`
			`enable = mkDefault true;`
			`options.warningsAreErrors = mkDefault false;`
			`};`
			`};`

Implement home-manager support 2022-02-13 23:06:31 +00:00			`time.timeZone = mkDefault "Europe/Dublin";`

Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`boot = {`
			`# Use latest LTS release by default`
			`kernelPackages = mkDefault pkgs.linuxKernel.packages.linux_5_15;`
			`loader = {`
			`efi = {`
			`efiSysMountPoint = mkDefault "/boot";`
			`canTouchEfiVariables = mkDefault false;`
			`};`
Add initial installer 2022-02-17 15:47:24 +00:00			`grub = {`
			`memtest86.enable = mkDefault true;`
			`};`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`systemd-boot = {`
			`enable = mkDefault true;`
			`editor = mkDefault true;`
			`consoleMode = mkDefault "max";`
			`configurationLimit = mkDefault 10;`
			`memtest86.enable = mkDefault true;`
Actually working (probably) root on tmpfs 2022-02-11 01:15:24 +00:00			`};`
			`};`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`};`
Use custom nix package 2022-02-06 00:19:29 +00:00
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`networking = {`
			`useDHCP = mkDefault false;`
			`enableIPv6 = mkDefault true;`
			`};`
Fix dev VM networking 2022-02-17 19:14:10 +00:00			`virtualisation = {`
			`forwardPorts = flatten [`
			`(optional config.services.openssh.openFirewall { from = "host"; host.port = 2222; guest.port = 22; })`
			`];`
			`};`
Add firewall module Also: tmproot tweaks 2022-02-12 01:53:57 +00:00
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`environment.systemPackages = with pkgs; [`
			`bash-completion`
			`vim`
			`];`
Initial basic setup 2022-02-06 00:06:26 +00:00
Add kmscon 2022-02-16 01:38:17 +00:00			`services = {`
			`kmscon = {`
			`enable = mkDefault true;`
			`hwRender = mkDefault true;`
			`extraOptions = "--verbose";`
			`extraConfig =`
			`''`
			`font-name=SauceCodePro Nerd Font Mono`
			`'';`
			`};`

			`openssh = {`
nixos/modules/firewall: Inherit `networking.firewall.allowed*Ports` 2022-02-17 17:08:25 +00:00			`enable = mkDefault true;`
Fix dev VM networking 2022-02-17 19:14:10 +00:00			`extraConfig = ''StrictModes ${if config.my.ssh.strictModes then "yes" else "no"}'';`
Add kmscon 2022-02-16 01:38:17 +00:00			`};`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`};`
Add firewall module Also: tmproot tweaks 2022-02-12 01:53:57 +00:00
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`system = {`
			`stateVersion = "21.11";`
			`configurationRevision = with inputs; mkIf (self ? rev) self.rev;`
Initial basic setup 2022-02-06 00:06:26 +00:00			`};`
Add kmscon 2022-02-16 01:38:17 +00:00			`}`
			`(mkIf config.services.kmscon.enable {`
			`fonts.fonts = with pkgs; [`
			`(nerdfonts.override {`
			`fonts = [ "SourceCodePro" ];`
			`})`
			`];`
			`})`
Fix dev VM networking 2022-02-17 19:14:10 +00:00			`(mkIf config.my.build.isDevVM {`
			`networking.interfaces.eth0.useDHCP = mkDefault true;`
			`})`
Add kmscon 2022-02-16 01:38:17 +00:00			`];`
Add capability to choose home-manager branch 2022-02-15 20:50:27 +00:00
			`meta.buildDocsInSandbox = false;`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`}`