nixfiles/nixos/modules/common.nix

{ lib, pkgs, pkgs', inputs, config, ... }:
let
  inherit (lib) mkIf mkDefault mkMerge;
  inherit (lib.my) mkBoolOpt' dummyOption;
in
{
  options = with lib.types; {
    my = {
      ssh = {
        strictModes = mkBoolOpt' true
          ("Specifies whether sshd(8) should check file modes and ownership of the user's files and home directory "+
          "before accepting login.");
      };
    };
  };

  imports = [
    inputs.impermanence.nixosModule
    inputs.agenix.nixosModules.age
  ];

  config = mkMerge [
    {
      system = {
        stateVersion = "22.05";
        configurationRevision = with inputs; mkIf (self ? rev) self.rev;
      };

      home-manager = {
        # Installs packages in the system config instead of in the local profile on activation
        useUserPackages = mkDefault true;
      };

      users = {
        mutableUsers = false;
      };

      security = {
        sudo.enable = mkDefault false;
        doas = {
          enable = mkDefault true;
          wheelNeedsPassword = mkDefault false;
        };
      };

      nix = {
        package = pkgs'.mine.nix;
        settings = {
          trusted-users = [ "@wheel" ];
          experimental-features = [ "nix-command" "flakes" "ca-derivations" ];
        };
        gc = {
          options = mkDefault "--max-freed $((8 * 1024**3))";
          automatic = mkDefault true;
        };
      };
      nixpkgs = {
        overlays = [
          inputs.deploy-rs.overlay
        ];
        config = {
          allowUnfree = true;
        };
      };

      documentation = {
        enable = mkDefault true;
        nixos = {
          enable = mkDefault true;
          options.warningsAreErrors = mkDefault false;
        };
      };

      time.timeZone = mkDefault "Europe/Dublin";

      boot = {
        # Use latest LTS release by default
        kernelPackages = mkDefault pkgs.linuxKernel.packages.linux_5_15;
        kernel = {
          sysctl = {
            "net.ipv6.route.max_size" = mkDefault 16384;
          };
        };
        loader = {
          efi = {
            efiSysMountPoint = mkDefault "/boot";
            canTouchEfiVariables = mkDefault false;
          };
          grub = {
            memtest86.enable = mkDefault true;
          };
          systemd-boot = {
            enable = mkDefault true;
            editor = mkDefault true;
            consoleMode = mkDefault "max";
            configurationLimit = mkDefault 10;
            memtest86.enable = mkDefault true;
          };
        };
      };

      environment.systemPackages = with pkgs; [
        bash-completion
        vim
      ];

      programs = {
        # This will enable generating completions at build time and prevent home-manager fish from generating them
        # locally
        fish.enable = mkDefault true;
      };

      services = {
        kmscon = {
          # As it turns out, kmscon hasn't been updated in years and has some bugs...
          enable = mkDefault false;
          hwRender = mkDefault true;
          extraOptions = "--verbose";
          extraConfig =
            ''
              font-name=SauceCodePro Nerd Font Mono
            '';
        };

        openssh = {
          enable = mkDefault true;
          extraConfig = ''StrictModes ${if config.my.ssh.strictModes then "yes" else "no"}'';
          permitRootLogin = mkDefault "no";
          passwordAuthentication = mkDefault false;
        };
      };
    }
    (mkIf config.services.kmscon.enable {
      fonts.fonts = with pkgs; [
        (nerdfonts.override {
          fonts = [ "SourceCodePro" ];
        })
      ];
    })
  ];

  meta.buildDocsInSandbox = false;
}
Extract default user to separate module 2022-02-19 23:03:59 +00:00			`{ lib, pkgs, pkgs', inputs, config, ... }:`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`let`
Initial networking VM Also general improvements around VMs 2022-05-16 00:05:02 +01:00			`inherit (lib) mkIf mkDefault mkMerge;`
Extract default user to separate module 2022-02-19 23:03:59 +00:00			`inherit (lib.my) mkBoolOpt' dummyOption;`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`in`
			`{`
Add capability to choose home-manager branch 2022-02-15 20:50:27 +00:00			`options = with lib.types; {`
			`my = {`
Fix dev VM networking 2022-02-17 19:14:10 +00:00			`ssh = {`
Functioning installation 2022-02-19 22:55:53 +00:00			`strictModes = mkBoolOpt' true`
Fix dev VM networking 2022-02-17 19:14:10 +00:00			`("Specifies whether sshd(8) should check file modes and ownership of the user's files and home directory "+`
			`"before accepting login.");`
			`};`
Add capability to choose home-manager branch 2022-02-15 20:50:27 +00:00			`};`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`};`
Initial basic setup 2022-02-06 00:06:26 +00:00
Modularise NixOS and home-manager configs 2022-02-20 15:59:07 +00:00			`imports = [`
			`inputs.impermanence.nixosModule`
			`inputs.agenix.nixosModules.age`
			`];`

Add kmscon 2022-02-16 01:38:17 +00:00			`config = mkMerge [`
Functioning installation 2022-02-19 22:55:53 +00:00			`{`
Use fish instead of bash as default shell 2022-02-20 23:55:51 +00:00			`system = {`
Move NixOS and home-manager stable to 22.05 2022-05-28 18:38:03 +01:00			`stateVersion = "22.05";`
Use fish instead of bash as default shell 2022-02-20 23:55:51 +00:00			`configurationRevision = with inputs; mkIf (self ? rev) self.rev;`
			`};`

Implement home-manager support 2022-02-13 23:06:31 +00:00			`home-manager = {`
Add capability to choose home-manager branch 2022-02-15 20:50:27 +00:00			`# Installs packages in the system config instead of in the local profile on activation`
Implement home-manager support 2022-02-13 23:06:31 +00:00			`useUserPackages = mkDefault true;`
			`};`
Initial basic setup 2022-02-06 00:06:26 +00:00
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`users = {`
			`mutableUsers = false;`
			`};`
Initial basic setup 2022-02-06 00:06:26 +00:00
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`security = {`
			`sudo.enable = mkDefault false;`
			`doas = {`
			`enable = mkDefault true;`
			`wheelNeedsPassword = mkDefault false;`
Initial basic setup 2022-02-06 00:06:26 +00:00			`};`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`};`
Initial basic setup 2022-02-06 00:06:26 +00:00
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`nix = {`
Update nixpkgs and home-manager And fix weird nixpkgs config behaviour 2022-05-07 15:12:29 +01:00			`package = pkgs'.mine.nix;`
Move NixOS and home-manager stable to 22.05 2022-05-28 18:38:03 +01:00			`settings = {`
			`trusted-users = [ "@wheel" ];`
			`experimental-features = [ "nix-command" "flakes" "ca-derivations" ];`
			`};`
nixos/common: Add automatic Nix store GC 2022-06-06 13:24:46 +01:00			`gc = {`
			`options = mkDefault "--max-freed $((8 * 1024**3))";`
			`automatic = mkDefault true;`
			`};`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`};`
			`nixpkgs = {`
Add custom module documentation 2022-02-13 17:44:14 +00:00			`overlays = [`
Functioning installation 2022-02-19 22:55:53 +00:00			`inputs.deploy-rs.overlay`
Add custom module documentation 2022-02-13 17:44:14 +00:00			`];`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`config = {`
			`allowUnfree = true;`
Actually working (probably) root on tmpfs 2022-02-11 01:15:24 +00:00			`};`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`};`
Actually working (probably) root on tmpfs 2022-02-11 01:15:24 +00:00
Add capability to choose home-manager branch 2022-02-15 20:50:27 +00:00			`documentation = {`
Re-enable installer documentation 2022-02-21 01:15:27 +00:00			`enable = mkDefault true;`
Add capability to choose home-manager branch 2022-02-15 20:50:27 +00:00			`nixos = {`
			`enable = mkDefault true;`
			`options.warningsAreErrors = mkDefault false;`
			`};`
			`};`

Implement home-manager support 2022-02-13 23:06:31 +00:00			`time.timeZone = mkDefault "Europe/Dublin";`

Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`boot = {`
			`# Use latest LTS release by default`
			`kernelPackages = mkDefault pkgs.linuxKernel.packages.linux_5_15;`
nixos/estuary: Implement recursive DNS 2022-05-23 00:57:25 +01:00			`kernel = {`
			`sysctl = {`
			`"net.ipv6.route.max_size" = mkDefault 16384;`
			`};`
			`};`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`loader = {`
			`efi = {`
			`efiSysMountPoint = mkDefault "/boot";`
			`canTouchEfiVariables = mkDefault false;`
			`};`
Add initial installer 2022-02-17 15:47:24 +00:00			`grub = {`
			`memtest86.enable = mkDefault true;`
			`};`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`systemd-boot = {`
			`enable = mkDefault true;`
			`editor = mkDefault true;`
			`consoleMode = mkDefault "max";`
			`configurationLimit = mkDefault 10;`
			`memtest86.enable = mkDefault true;`
Actually working (probably) root on tmpfs 2022-02-11 01:15:24 +00:00			`};`
			`};`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`};`
Use custom nix package 2022-02-06 00:19:29 +00:00
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`environment.systemPackages = with pkgs; [`
			`bash-completion`
			`vim`
			`];`
Initial basic setup 2022-02-06 00:06:26 +00:00
Use fish instead of bash as default shell 2022-02-20 23:55:51 +00:00			`programs = {`
			`# This will enable generating completions at build time and prevent home-manager fish from generating them`
			`# locally`
			`fish.enable = mkDefault true;`
			`};`

Add kmscon 2022-02-16 01:38:17 +00:00			`services = {`
			`kmscon = {`
Update inputs and disable kmscon 2022-02-20 16:10:57 +00:00			`# As it turns out, kmscon hasn't been updated in years and has some bugs...`
			`enable = mkDefault false;`
Add kmscon 2022-02-16 01:38:17 +00:00			`hwRender = mkDefault true;`
			`extraOptions = "--verbose";`
			`extraConfig =`
			`''`
			`font-name=SauceCodePro Nerd Font Mono`
			`'';`
			`};`

			`openssh = {`
nixos/modules/firewall: Inherit `networking.firewall.allowed*Ports` 2022-02-17 17:08:25 +00:00			`enable = mkDefault true;`
Fix dev VM networking 2022-02-17 19:14:10 +00:00			`extraConfig = ''StrictModes ${if config.my.ssh.strictModes then "yes" else "no"}'';`
Functioning installation 2022-02-19 22:55:53 +00:00			`permitRootLogin = mkDefault "no";`
			`passwordAuthentication = mkDefault false;`
Add kmscon 2022-02-16 01:38:17 +00:00			`};`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`};`
Add kmscon 2022-02-16 01:38:17 +00:00			`}`
			`(mkIf config.services.kmscon.enable {`
			`fonts.fonts = with pkgs; [`
			`(nerdfonts.override {`
			`fonts = [ "SourceCodePro" ];`
			`})`
			`];`
			`})`
			`];`
Add capability to choose home-manager branch 2022-02-15 20:50:27 +00:00
			`meta.buildDocsInSandbox = false;`
Apply nixpkgs-fmt 2022-02-13 13:10:21 +00:00			`}`