diff --git a/flake.nix b/flake.nix index 2e0b626..7f09984 100644 --- a/flake.nix +++ b/flake.nix @@ -66,60 +66,20 @@ lib = nixpkgs.lib.extend customLib; libHm = home-manager.lib.extend customLib; - systems = builtins.map (config: defaultAttrs // config) [ - { - hostName = "desktop"; - nvidia.enable = true; - ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSzXyTuQyTrWsfORQbvgrqt/33+hfSUDXeMg6D1T2wz"; - } - { - hostName = "thinkpad"; - ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNlHKE/BD8kKfhJD7GBk1A3whZf3gTjk9VEgGAj3qsH"; - } - { - hostName = "pi4"; - system = "aarch64-linux"; - wayland.enable = false; - ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJE9m7YiITe1sDqSZ7Pa8luIw3WToLsypixZEqE4wCQE"; - address.private = common.localIpAddr 188; - } - { - hostName = "homelab"; - wayland.enable = false; - ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARDv5nRlfPDXdV+Db4FaqeSJZ3/3MO0frYGzuVeqYAl"; - address.private = common.localIpAddr 231; - address.tailnet = common.tailnetAddr "admin"; - } - { - hostName = "nidaros"; - wayland.enable = false; - ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILw1iNuPnX9NGt+UAvBDzkk26d1e4nF+XX2FMm+IRWtt"; - address.private = common.localIpAddr 228; - } - - ]; - - defaultAttrs = { - hostName = builtins.abort "hostName is required"; - system = "x86_64-linux"; - username = common.username; - version = common.system.version; - wayland.enable = true; - nvidia.enable = false; + systems = import ./systems.nix { + inherit common; }; - knownSystems = [ - { - # Samsung S23 FE - hostName = "localhost-y4maoyqm"; + knownSystems = { + # Samsung S23 FE + localhost-y4maoyqm = { ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7SSjiqnjif1Kko60iXVTKJ7a1/lRlR8TFNtoclNcnQ"; - } - { - # OnePlus 8 - hostName = "localhost-4izgka9k"; + }; + # OnePlus 8 + localhost-4izgka9k = { ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALtulVgLrUEpKnpfPFQTHjaEXTxs2Q818NC18eLx0bj"; - } - ]; + }; + }; in { @@ -132,75 +92,71 @@ # # ========= Host Configurations ========= # - nixosConfigurations = builtins.listToAttrs ( - builtins.map ( - { - hostName, - system, - username, - ... - }@systemConfig: + nixosConfigurations = builtins.mapAttrs ( + hostName: + { + system, + username, + ... + }@systemConfig: - { - name = hostName; - value = nixpkgs.lib.nixosSystem { - inherit system; - specialArgs = { - inherit - outputs - inputs - common - theme - lib - systemConfig - systems - knownSystems - ; - isDarwin = false; + nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { + inherit + outputs + inputs + common + theme + lib + hostName + systemConfig + systems + knownSystems + ; + isDarwin = false; + }; + modules = [ + ./hosts/${hostName} + home-manager.nixosModules.home-manager + { + home-manager = { + # Backups conflicting files in case of error + backupFileExtension = "bkp"; + useGlobalPkgs = true; + useUserPackages = true; + extraSpecialArgs = { + inherit + inputs + common + theme + libHm + systemConfig + systems + ; + }; + users.${username} = import ./hosts/${hostName}/home-manager; }; - modules = [ - ./hosts/${hostName} - home-manager.nixosModules.home-manager - { - home-manager = { - # Backups conflicting files in case of error - backupFileExtension = "bkp"; - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = { - inherit - inputs - common - theme - libHm - systemConfig - systems - ; - }; - users.${username} = import ./hosts/${hostName}/home-manager; - }; - } - { - nixpkgs.overlays = [ - # TODO temp fix for tailscale: https://github.com/tailscale/tailscale/issues/16966#issuecomment-3239543750 - (_: prev: { - tailscale = prev.tailscale.overrideAttrs (old: { - checkFlags = builtins.map ( - flag: - if prev.lib.hasPrefix "-skip=" flag then - flag + "|^TestGetList$|^TestIgnoreLocallyBoundPorts$|^TestPoller$" - else - flag - ) old.checkFlags; - }); - }) - ]; - } + } + { + nixpkgs.overlays = [ + # TODO temp fix for tailscale: https://github.com/tailscale/tailscale/issues/16966#issuecomment-3239543750 + (_: prev: { + tailscale = prev.tailscale.overrideAttrs (old: { + checkFlags = builtins.map ( + flag: + if prev.lib.hasPrefix "-skip=" flag then + flag + "|^TestGetList$|^TestIgnoreLocallyBoundPorts$|^TestPoller$" + else + flag + ) old.checkFlags; + }); + }) ]; - }; - } - ) systems - ); + } + ]; + } + ) systems; # # ========= Formatting ========= diff --git a/shared/base/home-manager/ssh.nix b/shared/base/home-manager/ssh.nix index 861ac78..12daf46 100644 --- a/shared/base/home-manager/ssh.nix +++ b/shared/base/home-manager/ssh.nix @@ -5,28 +5,24 @@ common, ... }: -with builtins; { programs.ssh = { enable = true; - matchBlocks = listToAttrs ( - map (system: { - name = system.hostName; - value = - let - hostName = - if (system ? address && system.address ? tailnet) then - system.address.tailnet - else - common.tailnetAddr system.hostName; - in - { - port = 22; - user = systemConfig.username; - hostname = hostName; - }; - }) systems - ); + matchBlocks = builtins.mapAttrs ( + hostName: system: + let + _hostName = + if (system ? address && system.address ? tailnet) then + system.address.tailnet + else + common.tailnetAddr hostName; + in + { + port = 22; + user = systemConfig.username; + hostname = _hostName; + } + ) systems; }; } diff --git a/shared/base/modules/networking.nix b/shared/base/modules/networking.nix index 2b76ab5..21039e8 100644 --- a/shared/base/modules/networking.nix +++ b/shared/base/modules/networking.nix @@ -1,4 +1,4 @@ -{ pkgs, systemConfig, ... }: +{ pkgs, hostName, ... }: { environment.systemPackages = with pkgs; [ @@ -7,7 +7,7 @@ networking = { networkmanager.enable = true; - hostName = systemConfig.hostName; + hostName = hostName; }; programs.ssh.enableAskPassword = false; diff --git a/shared/base/modules/security/ssh.nix b/shared/base/modules/security/ssh.nix index a9f501e..d321a4b 100644 --- a/shared/base/modules/security/ssh.nix +++ b/shared/base/modules/security/ssh.nix @@ -1,33 +1,28 @@ # /nix/store//etc/ssh/ssh_config & /nix/store//etc/ssh/authorized_keys { + lib, systemConfig, systems, knownSystems, common, ... }: -with builtins; let - allSystems = knownSystems ++ systems; + allSystems = knownSystems // systems; in { - programs.ssh.knownHosts = listToAttrs ( - map (system: { - name = system.hostName; - value = { - extraHostNames = [ - ( - if (system ? address && system.address ? tailnet) then - system.address.tailnet - else - common.tailnetAddr system.hostName - ) - ]; - publicKey = system.ssh.publicKey; - }; - }) allSystems - ); + programs.ssh.knownHosts = builtins.mapAttrs (hostName: system: { + extraHostNames = [ + ( + if (system ? address && system.address ? tailnet) then + system.address.tailnet + else + common.tailnetAddr hostName + ) + ]; + publicKey = system.ssh.publicKey; + }) allSystems; users.users.${systemConfig.username}.openssh.authorizedKeys.keys = ( - map (system: system.ssh.publicKey) allSystems + lib.mapAttrsToList (_hostName: system: system.ssh.publicKey) allSystems ); } diff --git a/systems.nix b/systems.nix new file mode 100644 index 0000000..60b12db --- /dev/null +++ b/systems.nix @@ -0,0 +1,38 @@ +{ common, ... }: +let + defaultConfig = { + system = "x86_64-linux"; + username = common.username; + version = common.system.version; + wayland.enable = true; + nvidia.enable = false; + }; +in +builtins.mapAttrs (_hostName: systemConfig: defaultConfig // systemConfig) { + desktop = { + nvidia.enable = true; + ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSzXyTuQyTrWsfORQbvgrqt/33+hfSUDXeMg6D1T2wz"; + git.signing.key = "706F53DD087A91DE"; + }; + thinkpad = { + ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNlHKE/BD8kKfhJD7GBk1A3whZf3gTjk9VEgGAj3qsH"; + git.signing.key = "848D71DE0590C199"; + }; + pi4 = { + system = "aarch64-linux"; + wayland.enable = false; + ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJE9m7YiITe1sDqSZ7Pa8luIw3WToLsypixZEqE4wCQE"; + address.private = common.localIpAddr 188; + git.signing.key = "E3FA0E995C0D0E5E"; + }; + homelab = { + ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARDv5nRlfPDXdV+Db4FaqeSJZ3/3MO0frYGzuVeqYAl"; + address.private = common.localIpAddr 231; + address.tailnet = common.tailnetAddr "admin"; + }; + nidaros = { + wayland.enable = false; + ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILw1iNuPnX9NGt+UAvBDzkk26d1e4nF+XX2FMm+IRWtt"; + address.private = common.localIpAddr 228; + }; +}