martials/nixos-configuration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[shared] Refactor systems

Browse Source
This commit is contained in:
Martin Berg Alstad
2025-10-14 20:03:28 +02:00
parent 7cbab15cc9
commit af54dea18a
5 changed files with 141 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

188
flake.nix
View File

@@ -66,60 +66,20 @@
lib = nixpkgs.lib.extend customLib;
libHm = home-manager.lib.extend customLib;
systems = builtins.map (config: defaultAttrs // config) [
{
hostName = "desktop";
nvidia.enable = true;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSzXyTuQyTrWsfORQbvgrqt/33+hfSUDXeMg6D1T2wz";
}
{
hostName = "thinkpad";
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNlHKE/BD8kKfhJD7GBk1A3whZf3gTjk9VEgGAj3qsH";
}
{
hostName = "pi4";
system = "aarch64-linux";
wayland.enable = false;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJE9m7YiITe1sDqSZ7Pa8luIw3WToLsypixZEqE4wCQE";
address.private = common.localIpAddr 188;
}
{
hostName = "homelab";
wayland.enable = false;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARDv5nRlfPDXdV+Db4FaqeSJZ3/3MO0frYGzuVeqYAl";
address.private = common.localIpAddr 231;
address.tailnet = common.tailnetAddr "admin";
}
{
hostName = "nidaros";
wayland.enable = false;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILw1iNuPnX9NGt+UAvBDzkk26d1e4nF+XX2FMm+IRWtt";
address.private = common.localIpAddr 228;
}
];
defaultAttrs = {
hostName = builtins.abort "hostName is required";
system = "x86_64-linux";
username = common.username;
version = common.system.version;
wayland.enable = true;
nvidia.enable = false;
systems = import ./systems.nix {
inherit common;
};
knownSystems = [
{
# Samsung S23 FE
hostName = "localhost-y4maoyqm";
knownSystems = {
# Samsung S23 FE
localhost-y4maoyqm = {
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7SSjiqnjif1Kko60iXVTKJ7a1/lRlR8TFNtoclNcnQ";
}
{
# OnePlus 8
hostName = "localhost-4izgka9k";
};
# OnePlus 8
localhost-4izgka9k = {
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALtulVgLrUEpKnpfPFQTHjaEXTxs2Q818NC18eLx0bj";
}
];
};
};
in
{
@@ -132,75 +92,71 @@
#
# ========= Host Configurations =========
#
nixosConfigurations = builtins.listToAttrs (
builtins.map (
{
hostName,
system,
username,
...
}@systemConfig:
nixosConfigurations = builtins.mapAttrs (
hostName:
{
system,
username,
...
}@systemConfig:
{
name = hostName;
value = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
outputs
inputs
common
theme
lib
systemConfig
systems
knownSystems
;
isDarwin = false;
nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit
outputs
inputs
common
theme
lib
hostName
systemConfig
systems
knownSystems
;
isDarwin = false;
};
modules = [
./hosts/${hostName}
home-manager.nixosModules.home-manager
{
home-manager = {
# Backups conflicting files in case of error
backupFileExtension = "bkp";
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {
inherit
inputs
common
theme
libHm
systemConfig
systems
;
};
users.${username} = import ./hosts/${hostName}/home-manager;
};
modules = [
./hosts/${hostName}
home-manager.nixosModules.home-manager
{
home-manager = {
# Backups conflicting files in case of error
backupFileExtension = "bkp";
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {
inherit
inputs
common
theme
libHm
systemConfig
systems
;
};
users.${username} = import ./hosts/${hostName}/home-manager;
};
}
{
nixpkgs.overlays = [
# TODO temp fix for tailscale: https://github.com/tailscale/tailscale/issues/16966#issuecomment-3239543750
(_: prev: {
tailscale = prev.tailscale.overrideAttrs (old: {
checkFlags = builtins.map (
flag:
if prev.lib.hasPrefix "-skip=" flag then
flag + "|^TestGetList$|^TestIgnoreLocallyBoundPorts$|^TestPoller$"
else
flag
) old.checkFlags;
});
})
];
}
}
{
nixpkgs.overlays = [
# TODO temp fix for tailscale: https://github.com/tailscale/tailscale/issues/16966#issuecomment-3239543750
(_: prev: {
tailscale = prev.tailscale.overrideAttrs (old: {
checkFlags = builtins.map (
flag:
if prev.lib.hasPrefix "-skip=" flag then
flag + "|^TestGetList$|^TestIgnoreLocallyBoundPorts$|^TestPoller$"
else
flag
) old.checkFlags;
});
})
];
};
}
) systems
);
}
];
}
) systems;
#
# ========= Formatting =========

34
shared/base/home-manager/ssh.nix
View File

@@ -5,28 +5,24 @@
common,
...
}:
with builtins;
{
programs.ssh = {
enable = true;
matchBlocks = listToAttrs (
map (system: {
name = system.hostName;
value =
let
hostName =
if (system ? address && system.address ? tailnet) then
system.address.tailnet
else
common.tailnetAddr system.hostName;
in
{
port = 22;
user = systemConfig.username;
hostname = hostName;
};
}) systems
);
matchBlocks = builtins.mapAttrs (
hostName: system:
let
_hostName =
if (system ? address && system.address ? tailnet) then
system.address.tailnet
else
common.tailnetAddr hostName;
in
{
port = 22;
user = systemConfig.username;
hostname = _hostName;
}
) systems;
};
}

4
shared/base/modules/networking.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, systemConfig, ... }:
{ pkgs, hostName, ... }:
{
environment.systemPackages = with pkgs; [
@@ -7,7 +7,7 @@
networking = {
networkmanager.enable = true;
hostName = systemConfig.hostName;
hostName = hostName;
};
programs.ssh.enableAskPassword = false;

33
shared/base/modules/security/ssh.nix
View File

@@ -1,33 +1,28 @@
# /nix/store/<hash>/etc/ssh/ssh_config & /nix/store/<hash>/etc/ssh/authorized_keys
{
lib,
systemConfig,
systems,
knownSystems,
common,
...
}:
with builtins;
let
allSystems = knownSystems ++ systems;
allSystems = knownSystems // systems;
in
{
programs.ssh.knownHosts = listToAttrs (
map (system: {
name = system.hostName;
value = {
extraHostNames = [
(
if (system ? address && system.address ? tailnet) then
system.address.tailnet
else
common.tailnetAddr system.hostName
)
];
publicKey = system.ssh.publicKey;
};
}) allSystems
);
programs.ssh.knownHosts = builtins.mapAttrs (hostName: system: {
extraHostNames = [
(
if (system ? address && system.address ? tailnet) then
system.address.tailnet
else
common.tailnetAddr hostName
)
];
publicKey = system.ssh.publicKey;
}) allSystems;
users.users.${systemConfig.username}.openssh.authorizedKeys.keys = (
map (system: system.ssh.publicKey) allSystems
lib.mapAttrsToList (_hostName: system: system.ssh.publicKey) allSystems
);
}

38
systems.nix Normal file
View File

@@ -0,0 +1,38 @@
{ common, ... }:
let
defaultConfig = {
system = "x86_64-linux";
username = common.username;
version = common.system.version;
wayland.enable = true;
nvidia.enable = false;
};
in
builtins.mapAttrs (_hostName: systemConfig: defaultConfig // systemConfig) {
desktop = {
nvidia.enable = true;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSzXyTuQyTrWsfORQbvgrqt/33+hfSUDXeMg6D1T2wz";
git.signing.key = "706F53DD087A91DE";
};
thinkpad = {
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNlHKE/BD8kKfhJD7GBk1A3whZf3gTjk9VEgGAj3qsH";
git.signing.key = "848D71DE0590C199";
};
pi4 = {
system = "aarch64-linux";
wayland.enable = false;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJE9m7YiITe1sDqSZ7Pa8luIw3WToLsypixZEqE4wCQE";
address.private = common.localIpAddr 188;
git.signing.key = "E3FA0E995C0D0E5E";
};
homelab = {
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARDv5nRlfPDXdV+Db4FaqeSJZ3/3MO0frYGzuVeqYAl";
address.private = common.localIpAddr 231;
address.tailnet = common.tailnetAddr "admin";
};
nidaros = {
wayland.enable = false;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILw1iNuPnX9NGt+UAvBDzkk26d1e4nF+XX2FMm+IRWtt";
address.private = common.localIpAddr 228;
};
}