♻️ [shared] Moved files to base shared directory

2025-05-22 19:36:29 +02:00
parent 7455299dd7
commit 21d07edcf1
18 changed files with 43 additions and 58 deletions
--- a/shared/base/modules/default.nix
+++ b/shared/base/modules/default.nix
@ -1,3 +1,10 @@
 {
-  imports = [ ./networking.nix ];
+  imports = [
+    ./development
+    ./networking.nix
+    ./nix-helper.nix
+    ./nixos.nix
+    ./security
+    ./shell.nix
+  ];
 }
--- a/shared/base/modules/development/default.nix
+++ b/shared/base/modules/development/default.nix
@ -0,0 +1,13 @@
+{ pkgs, ... }:
+
+{
+  imports = [
+    ./formatters.nix
+    ./nix.nix
+  ];
+
+  environment.systemPackages = with pkgs; [
+    git
+    just
+  ];
+}
--- a/shared/base/modules/development/formatters.nix
+++ b/shared/base/modules/development/formatters.nix
@ -0,0 +1,10 @@
+{ pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    nodePackages.prettier
+    nixfmt-rfc-style
+    treefmt
+    shfmt
+  ];
+}
--- a/shared/base/modules/development/nix.nix
+++ b/shared/base/modules/development/nix.nix
@ -0,0 +1,8 @@
+{ pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    nixd
+    nil
+  ];
+}
--- a/shared/base/modules/networking.nix
+++ b/shared/base/modules/networking.nix
@ -8,19 +8,12 @@
  networking = {
    networkmanager.enable = true;
    hostName = systemConfig.hostName;
-    # wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  };

-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
  programs.ssh.enableAskPassword = false;

-  services.tailscale.enable = true;
+  services = {
+    openssh.enable = true;
+    tailscale.enable = true;
+  };
 }
--- a/shared/base/modules/nix-helper.nix
+++ b/shared/base/modules/nix-helper.nix
@ -0,0 +1,14 @@
+# Nix-Helper: github.com/viperML/nh
+{ common, ... }:
+
+{
+  programs.nh = {
+    enable = true;
+    flake = common.root;
+    clean = {
+      enable = true;
+      dates = "weekly";
+      extraArgs = "--keep-since 30d";
+    };
+  };
+}
--- a/shared/base/modules/nixos.nix
+++ b/shared/base/modules/nixos.nix
@ -0,0 +1,25 @@
+{
+  pkgs,
+  outputs,
+  systemConfig,
+  ...
+}:
+
+{
+  environment.systemPackages = with pkgs; [
+    nix-prefetch-github # Cmd to get rev and hash from GitHub
+  ];
+
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+
+  nixpkgs = {
+    # Allow unfree packages
+    config.allowUnfree = true;
+    overlays = [ outputs.overlays.unstable-packages ];
+  };
+
+  system.stateVersion = systemConfig.version;
+}
--- a/shared/base/modules/security/default.nix
+++ b/shared/base/modules/security/default.nix
@ -0,0 +1,8 @@
+{
+  imports = [
+    ./sops.nix
+    ./ssh.nix
+  ];
+
+  programs.gnupg.agent.enable = true;
+}
--- a/shared/base/modules/security/sops.nix
+++ b/shared/base/modules/security/sops.nix
@ -0,0 +1,20 @@
+{
+  inputs,
+  lib,
+  systemConfig,
+  ...
+}:
+
+{
+  imports = [
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  sops = {
+    defaultSopsFile = lib.custom.relativeToRoot "shared/secrets/secrets.yaml";
+    defaultSopsFormat = "yaml";
+
+    age.keyFile = "/home/${systemConfig.username}/.config/sops/age/keys.txt";
+    secrets.password-hash.neededForUsers = true;
+  };
+}
--- a/shared/base/modules/security/ssh.nix
+++ b/shared/base/modules/security/ssh.nix
@ -0,0 +1,27 @@
+# /nix/store/<hash>/etc/ssh/ssh_config & /nix/store/<hash>/etc/ssh/authorized_keys
+{
+  systemConfig,
+  systems,
+  common,
+  ...
+}:
+with builtins;
+let
+  domain = "dns.${common.domain}";
+in
+{
+  programs.ssh.knownHosts = listToAttrs (
+    map (system: {
+      name = system.hostName;
+      value = {
+        extraHostNames = [
+          "${system.hostName}.${domain}"
+        ];
+        publicKey = system.ssh.publicKey;
+      };
+    }) systems
+  );
+  users.users.${systemConfig.username}.openssh.authorizedKeys.keys = (
+    map (system: system.ssh.publicKey) systems
+  );
+}
--- a/shared/base/modules/shell.nix
+++ b/shared/base/modules/shell.nix
@ -0,0 +1,19 @@
+# For Fish dotfiles, see: /home-manager/fish.nix
+{ pkgs, ... }:
+
+{
+  programs = {
+    bash = {
+      # Starts the OS using Bash, then starts fish if it's not running
+      interactiveShellInit = ''
+        if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
+        then
+          shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
+          exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
+        fi
+      '';
+    };
+
+    fish.enable = true;
+  };
+}