martials/nixos-configuration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[shared] Refactor systems

Browse Source
This commit is contained in:
Martin Berg Alstad
2025-10-14 20:03:28 +02:00
parent 7cbab15cc9
commit af54dea18a
5 changed files with 141 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
flake.nix
View File

@@ -66,60 +66,20 @@
lib = nixpkgs.lib.extend customLib; lib = nixpkgs.lib.extend customLib;
libHm = home-manager.lib.extend customLib; libHm = home-manager.lib.extend customLib;
systems = builtins.map (config: defaultAttrs // config) [ systems = import ./systems.nix {
{ inherit common;
hostName = "desktop";
nvidia.enable = true;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSzXyTuQyTrWsfORQbvgrqt/33+hfSUDXeMg6D1T2wz";
}
{
hostName = "thinkpad";
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNlHKE/BD8kKfhJD7GBk1A3whZf3gTjk9VEgGAj3qsH";
}
{
hostName = "pi4";
system = "aarch64-linux";
wayland.enable = false;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJE9m7YiITe1sDqSZ7Pa8luIw3WToLsypixZEqE4wCQE";
address.private = common.localIpAddr 188;
}
{
hostName = "homelab";
wayland.enable = false;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARDv5nRlfPDXdV+Db4FaqeSJZ3/3MO0frYGzuVeqYAl";
address.private = common.localIpAddr 231;
address.tailnet = common.tailnetAddr "admin";
}
{
hostName = "nidaros";
wayland.enable = false;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILw1iNuPnX9NGt+UAvBDzkk26d1e4nF+XX2FMm+IRWtt";
address.private = common.localIpAddr 228;
}
];
defaultAttrs = {
hostName = builtins.abort "hostName is required";
system = "x86_64-linux";
username = common.username;
version = common.system.version;
wayland.enable = true;
nvidia.enable = false;
}; };
knownSystems = [ knownSystems = {
{
# Samsung S23 FE # Samsung S23 FE
hostName = "localhost-y4maoyqm"; localhost-y4maoyqm = {
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7SSjiqnjif1Kko60iXVTKJ7a1/lRlR8TFNtoclNcnQ"; ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7SSjiqnjif1Kko60iXVTKJ7a1/lRlR8TFNtoclNcnQ";
} };
{
# OnePlus 8 # OnePlus 8
hostName = "localhost-4izgka9k"; localhost-4izgka9k = {
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALtulVgLrUEpKnpfPFQTHjaEXTxs2Q818NC18eLx0bj"; ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALtulVgLrUEpKnpfPFQTHjaEXTxs2Q818NC18eLx0bj";
} };
]; };
in in
{ {
@@ -132,18 +92,15 @@
# #
# ========= Host Configurations ========= # ========= Host Configurations =========
# #
nixosConfigurations = builtins.listToAttrs ( nixosConfigurations = builtins.mapAttrs (
builtins.map ( hostName:
{ {
hostName,
system, system,
username, username,
... ...
}@systemConfig: }@systemConfig:
{ nixpkgs.lib.nixosSystem {
name = hostName;
value = nixpkgs.lib.nixosSystem {
inherit system; inherit system;
specialArgs = { specialArgs = {
inherit inherit
@@ -152,6 +109,7 @@
common common
theme theme
lib lib
hostName
systemConfig systemConfig
systems systems
knownSystems knownSystems
@@ -197,10 +155,8 @@
]; ];
} }
]; ];
};
} }
) systems ) systems;
);
# #
# ========= Formatting ========= # ========= Formatting =========

18
shared/base/home-manager/ssh.nix
View File

@@ -5,28 +5,24 @@
common, common,
... ...
}: }:
with builtins;
{ {
programs.ssh = { programs.ssh = {
enable = true; enable = true;
matchBlocks = listToAttrs ( matchBlocks = builtins.mapAttrs (
map (system: { hostName: system:
name = system.hostName;
value =
let let
hostName = _hostName =
if (system ? address && system.address ? tailnet) then if (system ? address && system.address ? tailnet) then
system.address.tailnet system.address.tailnet
else else
common.tailnetAddr system.hostName; common.tailnetAddr hostName;
in in
{ {
port = 22; port = 22;
user = systemConfig.username; user = systemConfig.username;
hostname = hostName; hostname = _hostName;
}; }
}) systems ) systems;
);
}; };
} }

4
shared/base/modules/networking.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, systemConfig, ... }: { pkgs, hostName, ... }:
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@@ -7,7 +7,7 @@
networking = { networking = {
networkmanager.enable = true; networkmanager.enable = true;
hostName = systemConfig.hostName; hostName = hostName;
}; };
programs.ssh.enableAskPassword = false; programs.ssh.enableAskPassword = false;

17
shared/base/modules/security/ssh.nix
View File

@@ -1,33 +1,28 @@
# /nix/store/<hash>/etc/ssh/ssh_config & /nix/store/<hash>/etc/ssh/authorized_keys # /nix/store/<hash>/etc/ssh/ssh_config & /nix/store/<hash>/etc/ssh/authorized_keys
{ {
lib,
systemConfig, systemConfig,
systems, systems,
knownSystems, knownSystems,
common, common,
... ...
}: }:
with builtins;
let let
allSystems = knownSystems ++ systems; allSystems = knownSystems // systems;
in in
{ {
programs.ssh.knownHosts = listToAttrs ( programs.ssh.knownHosts = builtins.mapAttrs (hostName: system: {
map (system: {
name = system.hostName;
value = {
extraHostNames = [ extraHostNames = [
( (
if (system ? address && system.address ? tailnet) then if (system ? address && system.address ? tailnet) then
system.address.tailnet system.address.tailnet
else else
common.tailnetAddr system.hostName common.tailnetAddr hostName
) )
]; ];
publicKey = system.ssh.publicKey; publicKey = system.ssh.publicKey;
}; }) allSystems;
}) allSystems
);
users.users.${systemConfig.username}.openssh.authorizedKeys.keys = ( users.users.${systemConfig.username}.openssh.authorizedKeys.keys = (
map (system: system.ssh.publicKey) allSystems lib.mapAttrsToList (_hostName: system: system.ssh.publicKey) allSystems
); );
} }

38
systems.nix Normal file
View File

@@ -0,0 +1,38 @@
{ common, ... }:
let
defaultConfig = {
system = "x86_64-linux";
username = common.username;
version = common.system.version;
wayland.enable = true;
nvidia.enable = false;
};
in
builtins.mapAttrs (_hostName: systemConfig: defaultConfig // systemConfig) {
desktop = {
nvidia.enable = true;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSzXyTuQyTrWsfORQbvgrqt/33+hfSUDXeMg6D1T2wz";
git.signing.key = "706F53DD087A91DE";
};
thinkpad = {
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNlHKE/BD8kKfhJD7GBk1A3whZf3gTjk9VEgGAj3qsH";
git.signing.key = "848D71DE0590C199";
};
pi4 = {
system = "aarch64-linux";
wayland.enable = false;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJE9m7YiITe1sDqSZ7Pa8luIw3WToLsypixZEqE4wCQE";
address.private = common.localIpAddr 188;
git.signing.key = "E3FA0E995C0D0E5E";
};
homelab = {
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARDv5nRlfPDXdV+Db4FaqeSJZ3/3MO0frYGzuVeqYAl";
address.private = common.localIpAddr 231;
address.tailnet = common.tailnetAddr "admin";
};
nidaros = {
wayland.enable = false;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILw1iNuPnX9NGt+UAvBDzkk26d1e4nF+XX2FMm+IRWtt";
address.private = common.localIpAddr 228;
};
}