martials/nixos-configuration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[shared] Refactor systems

Browse Source
This commit is contained in:
Martin Berg Alstad
2025-10-14 20:03:28 +02:00
parent 7cbab15cc9
commit af54dea18a
5 changed files with 141 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

188
flake.nix
View File

@@ -66,60 +66,20 @@
lib = nixpkgs.lib.extend customLib; lib = nixpkgs.lib.extend customLib;
libHm = home-manager.lib.extend customLib; libHm = home-manager.lib.extend customLib;
systems = builtins.map (config: defaultAttrs // config) [ systems = import ./systems.nix {
{ inherit common;
hostName = "desktop";
nvidia.enable = true;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSzXyTuQyTrWsfORQbvgrqt/33+hfSUDXeMg6D1T2wz";
}
{
hostName = "thinkpad";
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNlHKE/BD8kKfhJD7GBk1A3whZf3gTjk9VEgGAj3qsH";
}
{
hostName = "pi4";
system = "aarch64-linux";
wayland.enable = false;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJE9m7YiITe1sDqSZ7Pa8luIw3WToLsypixZEqE4wCQE";
address.private = common.localIpAddr 188;
}
{
hostName = "homelab";
wayland.enable = false;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARDv5nRlfPDXdV+Db4FaqeSJZ3/3MO0frYGzuVeqYAl";
address.private = common.localIpAddr 231;
address.tailnet = common.tailnetAddr "admin";
}
{
hostName = "nidaros";
wayland.enable = false;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILw1iNuPnX9NGt+UAvBDzkk26d1e4nF+XX2FMm+IRWtt";
address.private = common.localIpAddr 228;
}
];
defaultAttrs = {
hostName = builtins.abort "hostName is required";
system = "x86_64-linux";
username = common.username;
version = common.system.version;
wayland.enable = true;
nvidia.enable = false;
}; };
knownSystems = [ knownSystems = {
{ # Samsung S23 FE
# Samsung S23 FE localhost-y4maoyqm = {
hostName = "localhost-y4maoyqm";
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7SSjiqnjif1Kko60iXVTKJ7a1/lRlR8TFNtoclNcnQ"; ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7SSjiqnjif1Kko60iXVTKJ7a1/lRlR8TFNtoclNcnQ";
} };
{ # OnePlus 8
# OnePlus 8 localhost-4izgka9k = {
hostName = "localhost-4izgka9k";
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALtulVgLrUEpKnpfPFQTHjaEXTxs2Q818NC18eLx0bj"; ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALtulVgLrUEpKnpfPFQTHjaEXTxs2Q818NC18eLx0bj";
} };
]; };
in in
{ {
@@ -132,75 +92,71 @@
# #
# ========= Host Configurations ========= # ========= Host Configurations =========
# #
nixosConfigurations = builtins.listToAttrs ( nixosConfigurations = builtins.mapAttrs (
builtins.map ( hostName:
{ {
hostName, system,
system, username,
username, ...
... }@systemConfig:
}@systemConfig:
{ nixpkgs.lib.nixosSystem {
name = hostName; inherit system;
value = nixpkgs.lib.nixosSystem { specialArgs = {
inherit system; inherit
specialArgs = { outputs
inherit inputs
outputs common
inputs theme
common lib
theme hostName
lib systemConfig
systemConfig systems
systems knownSystems
knownSystems ;
; isDarwin = false;
isDarwin = false; };
modules = [
./hosts/${hostName}
home-manager.nixosModules.home-manager
{
home-manager = {
# Backups conflicting files in case of error
backupFileExtension = "bkp";
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {
inherit
inputs
common
theme
libHm
systemConfig
systems
;
};
users.${username} = import ./hosts/${hostName}/home-manager;
}; };
modules = [ }
./hosts/${hostName} {
home-manager.nixosModules.home-manager nixpkgs.overlays = [
{ # TODO temp fix for tailscale: https://github.com/tailscale/tailscale/issues/16966#issuecomment-3239543750
home-manager = { (_: prev: {
# Backups conflicting files in case of error tailscale = prev.tailscale.overrideAttrs (old: {
backupFileExtension = "bkp"; checkFlags = builtins.map (
useGlobalPkgs = true; flag:
useUserPackages = true; if prev.lib.hasPrefix "-skip=" flag then
extraSpecialArgs = { flag + "|^TestGetList$|^TestIgnoreLocallyBoundPorts$|^TestPoller$"
inherit else
inputs flag
common ) old.checkFlags;
theme });
libHm })
systemConfig
systems
;
};
users.${username} = import ./hosts/${hostName}/home-manager;
};
}
{
nixpkgs.overlays = [
# TODO temp fix for tailscale: https://github.com/tailscale/tailscale/issues/16966#issuecomment-3239543750
(_: prev: {
tailscale = prev.tailscale.overrideAttrs (old: {
checkFlags = builtins.map (
flag:
if prev.lib.hasPrefix "-skip=" flag then
flag + "|^TestGetList$|^TestIgnoreLocallyBoundPorts$|^TestPoller$"
else
flag
) old.checkFlags;
});
})
];
}
]; ];
}; }
} ];
) systems }
); ) systems;
# #
# ========= Formatting ========= # ========= Formatting =========

34
shared/base/home-manager/ssh.nix
View File

@@ -5,28 +5,24 @@
common, common,
... ...
}: }:
with builtins;
{ {
programs.ssh = { programs.ssh = {
enable = true; enable = true;
matchBlocks = listToAttrs ( matchBlocks = builtins.mapAttrs (
map (system: { hostName: system:
name = system.hostName; let
value = _hostName =
let if (system ? address && system.address ? tailnet) then
hostName = system.address.tailnet
if (system ? address && system.address ? tailnet) then else
system.address.tailnet common.tailnetAddr hostName;
else in
common.tailnetAddr system.hostName; {
in port = 22;
{ user = systemConfig.username;
port = 22; hostname = _hostName;
user = systemConfig.username; }
hostname = hostName; ) systems;
};
}) systems
);
}; };
} }

4
shared/base/modules/networking.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, systemConfig, ... }: { pkgs, hostName, ... }:
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@@ -7,7 +7,7 @@
networking = { networking = {
networkmanager.enable = true; networkmanager.enable = true;
hostName = systemConfig.hostName; hostName = hostName;
}; };
programs.ssh.enableAskPassword = false; programs.ssh.enableAskPassword = false;

33
shared/base/modules/security/ssh.nix
View File

@@ -1,33 +1,28 @@
# /nix/store/<hash>/etc/ssh/ssh_config & /nix/store/<hash>/etc/ssh/authorized_keys # /nix/store/<hash>/etc/ssh/ssh_config & /nix/store/<hash>/etc/ssh/authorized_keys
{ {
lib,
systemConfig, systemConfig,
systems, systems,
knownSystems, knownSystems,
common, common,
... ...
}: }:
with builtins;
let let
allSystems = knownSystems ++ systems; allSystems = knownSystems // systems;
in in
{ {
programs.ssh.knownHosts = listToAttrs ( programs.ssh.knownHosts = builtins.mapAttrs (hostName: system: {
map (system: { extraHostNames = [
name = system.hostName; (
value = { if (system ? address && system.address ? tailnet) then
extraHostNames = [ system.address.tailnet
( else
if (system ? address && system.address ? tailnet) then common.tailnetAddr hostName
system.address.tailnet )
else ];
common.tailnetAddr system.hostName publicKey = system.ssh.publicKey;
) }) allSystems;
];
publicKey = system.ssh.publicKey;
};
}) allSystems
);
users.users.${systemConfig.username}.openssh.authorizedKeys.keys = ( users.users.${systemConfig.username}.openssh.authorizedKeys.keys = (
map (system: system.ssh.publicKey) allSystems lib.mapAttrsToList (_hostName: system: system.ssh.publicKey) allSystems
); );
} }

38
systems.nix Normal file
View File

@@ -0,0 +1,38 @@
{ common, ... }:
let
defaultConfig = {
system = "x86_64-linux";
username = common.username;
version = common.system.version;
wayland.enable = true;
nvidia.enable = false;
};
in
builtins.mapAttrs (_hostName: systemConfig: defaultConfig // systemConfig) {
desktop = {
nvidia.enable = true;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSzXyTuQyTrWsfORQbvgrqt/33+hfSUDXeMg6D1T2wz";
git.signing.key = "706F53DD087A91DE";
};
thinkpad = {
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNlHKE/BD8kKfhJD7GBk1A3whZf3gTjk9VEgGAj3qsH";
git.signing.key = "848D71DE0590C199";
};
pi4 = {
system = "aarch64-linux";
wayland.enable = false;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJE9m7YiITe1sDqSZ7Pa8luIw3WToLsypixZEqE4wCQE";
address.private = common.localIpAddr 188;
git.signing.key = "E3FA0E995C0D0E5E";
};
homelab = {
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARDv5nRlfPDXdV+Db4FaqeSJZ3/3MO0frYGzuVeqYAl";
address.private = common.localIpAddr 231;
address.tailnet = common.tailnetAddr "admin";
};
nidaros = {
wayland.enable = false;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILw1iNuPnX9NGt+UAvBDzkk26d1e4nF+XX2FMm+IRWtt";
address.private = common.localIpAddr 228;
};
}