From cc5ba78ddb0059856641aecf318b3e24aafa31da Mon Sep 17 00:00:00 2001 From: Jo Date: Sun, 25 May 2025 22:38:12 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Tons=20of=20type=20and=20bug=20f?= =?UTF-8?q?ixes=20(thanks=20language=20server=20for=20not=20working)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- flake.nix | 7 --- modules/flake/systems.nix | 1 - modules/nixos/services/atticd/default.nix | 8 +-- modules/nixos/services/default.nix | 1 + modules/nixos/services/duckdns/default.nix | 4 +- modules/nixos/services/homepage/default.nix | 8 +-- modules/nixos/services/traefik/default.nix | 7 ++- .../nixos/services/vaultwarden/default.nix | 6 +- modules/nixos/system/nix/default.nix | 5 +- .../x86_64-nixos/absolutesolver/default.nix | 10 ++++ .../x86_64-nixos/absolutesolver/hardware.nix | 55 +++++++++++++++++++ 11 files changed, 87 insertions(+), 25 deletions(-) create mode 100644 systems/x86_64-nixos/absolutesolver/hardware.nix diff --git a/flake.nix b/flake.nix index d0ae4f4..7a3df8c 100644 --- a/flake.nix +++ b/flake.nix @@ -44,17 +44,10 @@ url = "github:h-banii/youtube-music-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; - - attic = { - url = "github:zhaofengli/attic"; - inputs.nixpkgs.follows = "nixpkgs"; - }; }; outputs = {flake-parts, ...} @ inputs: flake-parts.lib.mkFlake {inherit inputs;} { - debug = true; - imports = [ ./modules/flake ]; diff --git a/modules/flake/systems.nix b/modules/flake/systems.nix index 2538911..97be68f 100644 --- a/modules/flake/systems.nix +++ b/modules/flake/systems.nix @@ -17,7 +17,6 @@ (lib.optionals (class == "nixos") [ inputs.home-manager.nixosModules.default inputs.sops-nix.nixosModules.sops - inputs.attic.nixosModules.atticd ]) ++ (self.lib.dirToModuleList ../${class}); # Import modules based on current classname. }; diff --git a/modules/nixos/services/atticd/default.nix b/modules/nixos/services/atticd/default.nix index 1f60aa8..6e7f6ea 100644 --- a/modules/nixos/services/atticd/default.nix +++ b/modules/nixos/services/atticd/default.nix @@ -4,7 +4,7 @@ config, ... }: let - inherit (lib) mkEnableOption mkIf; + inherit (lib) mkEnableOption mkIf types; inherit (self) namespace; inherit (self.lib) mkOpt; @@ -12,13 +12,13 @@ in { options.${namespace}.services.atticd = { enable = mkEnableOption "the attic service, a multi-tenant nix binary cache."; - sopsFile = mkOpt types.str null "The location of the sops secret file for the Atticd service."; + sopsFile = mkOpt types.path null "The location of the sops secret file for the Atticd service."; sopsFormat = mkOpt types.str null "The format of the sops secret file for the Atticd service."; subdomain = mkOpt types.str "cache" "The subdomain, of the system domain, the service should be exposed on."; }; config = mkIf cfg.enable { - config.sops.secrets."services/atticd" = { + sops.secrets."services/atticd" = { sopsFile = cfg.sopsFile; format = cfg.sopsFormat; }; @@ -46,7 +46,7 @@ in { services.atticd.loadBalancer.server.url = "http://localhost:3900"; routers.atticd = { entrypoints = ["websecure"]; - rule = "Host(`${cfg.subdomain}.${config.services.domain}`)"; + rule = "Host(`${cfg.subdomain}.${config.${namespace}.services.domain}`)"; }; }; }; diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 6c1ec3c..9aa339a 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -9,5 +9,6 @@ in { options.${namespace}.services = { domain = mkOpt types.str "thevoid.cafe" "The main system domain, used for exposing services."; + mail = mkOpt types.str "system@thevoid.cafe" "The main system administration E-Mail, used for logs and services."; }; } diff --git a/modules/nixos/services/duckdns/default.nix b/modules/nixos/services/duckdns/default.nix index f40fca5..c419804 100644 --- a/modules/nixos/services/duckdns/default.nix +++ b/modules/nixos/services/duckdns/default.nix @@ -12,7 +12,7 @@ in { options.${namespace}.services.duckdns = { enable = mkEnableOption "DuckDNS, the dynamic dns service. Will periodically refresh your IP."; - sopsFile = mkOpt types.str null "The location of the sops secret file for the DuckDNS service."; + sopsFile = mkOpt types.path null "The location of the sops secret file for the DuckDNS service."; sopsFormat = mkOpt types.str null "The format of the sops secret file for the DuckDNS service."; }; @@ -25,7 +25,7 @@ in { virtualisation.oci-containers.containers.duckdns = { image = "lscr.io/linuxserver/duckdns:latest"; autoStart = true; - hostname = config.networking.hostname; + hostname = config.networking.hostName; environmentFiles = [ config.sops.secrets.duckdns.path ]; diff --git a/modules/nixos/services/homepage/default.nix b/modules/nixos/services/homepage/default.nix index 1ce24dc..b51a220 100644 --- a/modules/nixos/services/homepage/default.nix +++ b/modules/nixos/services/homepage/default.nix @@ -13,7 +13,7 @@ in { options.${namespace}.services.homepage = { enable = mkEnableOption "Homepage, an intuitive dashboard for your services."; subdomain = mkOpt types.str "home" "The subdomain, of the system domain, the service should be exposed on."; - configDir = mkOpt types.str null "The config directory, which will be copied to the Homepage directory during compilation."; + configDir = mkOpt types.path null "The config directory, which will be copied to the Homepage directory during compilation."; }; config = mkIf cfg.enable { @@ -31,11 +31,11 @@ in { virtualisation.oci-containers.containers.homepage = { image = "ghcr.io/gethomepage/homepage:latest"; autoStart = true; - hostname = config.networking.hostname; + hostname = config.networking.hostName; labels = { "traefik.enable" = "true"; "traefik.http.routers.homepage.entrypoints" = "websecure"; - "traefik.http.routers.homepage.rule" = "Host(`${cfg.subdomain}.${config.services.domain}`)"; + "traefik.http.routers.homepage.rule" = "Host(`${cfg.subdomain}.${config.${namespace}.services.domain}`)"; "traefik.http.services.homepage.loadbalancer.server.port" = "3000"; }; volumes = [ @@ -46,7 +46,7 @@ in { "/var/run/docker.sock:/var/run/docker.sock:ro" ]; environment = { - "HOMEPAGE_ALLOWED_HOSTS" = "${cfg.subdomain}.${config.services.domain}"; + "HOMEPAGE_ALLOWED_HOSTS" = "${cfg.subdomain}.${config.${namespace}.services.domain}"; }; extraOptions = ["--network=proxy"]; }; diff --git a/modules/nixos/services/traefik/default.nix b/modules/nixos/services/traefik/default.nix index 7d00513..454751e 100644 --- a/modules/nixos/services/traefik/default.nix +++ b/modules/nixos/services/traefik/default.nix @@ -4,14 +4,15 @@ config, ... }: let - inherit (lib) mkEnableOption mkIf; + inherit (lib) mkEnableOption mkIf types; inherit (self) namespace; + inherit (self.lib) mkOpt; cfg = config.${namespace}.services.traefik; in { options.${namespace}.services.traefik = { enable = mkEnableOption "the Traefik service."; - sopsFile = mkOpt types.str null "The location of the sops secret file for the Traefik service."; + sopsFile = mkOpt types.path null "The location of the sops secret file for the Traefik service."; sopsFormat = mkOpt types.str null "The format of the sops secret file for the Traefik service."; }; @@ -57,7 +58,7 @@ in { certificatesResolvers = { letsencrypt = { acme = { - email = cfg.cloudflareEmail; + email = config.${namespace}.services.mail; storage = "/var/lib/traefik/acme.json"; #caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"; # Uncomment this when testing stuff! dnsChallenge = { diff --git a/modules/nixos/services/vaultwarden/default.nix b/modules/nixos/services/vaultwarden/default.nix index be7e0b1..1725ade 100644 --- a/modules/nixos/services/vaultwarden/default.nix +++ b/modules/nixos/services/vaultwarden/default.nix @@ -12,7 +12,7 @@ in { options.${namespace}.services.vaultwarden = { enable = mkEnableOption "Vaultwarden, a self-hostable password manager."; - sopsFile = mkOpt types.str null "The location of the sops secret file for the Vaultwarden service."; + sopsFile = mkOpt types.path null "The location of the sops secret file for the Vaultwarden service."; sopsFormat = mkOpt types.str null "The format of the sops secret file for the Vaultwarden service."; subdomain = mkOpt types.str "vault" "The subdomain, of the system domain, the service should be exposed on."; }; @@ -31,11 +31,11 @@ in { virtualisation.oci-containers.containers.vaultwarden = { image = "vaultwarden/server"; autoStart = true; - hostname = config.networking.hostname; + hostname = config.networking.hostName; labels = { "traefik.enable" = "true"; "traefik.http.routers.vaultwarden.entrypoints" = "websecure"; - "traefik.http.routers.vaultwarden.rule" = "Host(`${cfg.subdomain}.${config.services.domain}`)"; + "traefik.http.routers.vaultwarden.rule" = "Host(`${cfg.subdomain}.${config.${namespace}.services.domain}`)"; }; volumes = [ "/var/lib/containers/vaultwarden/data:/data:rw" diff --git a/modules/nixos/system/nix/default.nix b/modules/nixos/system/nix/default.nix index f11ff4b..d1205b5 100644 --- a/modules/nixos/system/nix/default.nix +++ b/modules/nixos/system/nix/default.nix @@ -5,8 +5,9 @@ config, ... }: let - inherit (lib) mkEnableOption mkIf; + inherit (lib) mkEnableOption mkIf types; inherit (self) namespace; + inherit (self.lib) mkOpt; cfg = config.${namespace}.system.nix; in { @@ -14,6 +15,7 @@ in { enable = mkEnableOption "Nix configuration overrides."; use-lix = mkEnableOption "Lix as an alternative to CppNix."; use-nixld = mkEnableOption "the use of dynamically linked executables on nix based systems."; + trusted-users = mkOpt (types.listOf types.str) ["@wheel"] "List of trusted users for this NixOS system."; }; config = mkIf cfg.enable { @@ -26,6 +28,7 @@ in { keep-outputs = true; max-jobs = "auto"; warn-dirty = false; + trusted-users = cfg.trusted-users; }; # Garbage collection configuration. diff --git a/systems/x86_64-nixos/absolutesolver/default.nix b/systems/x86_64-nixos/absolutesolver/default.nix index 26c5186..77dcc0d 100644 --- a/systems/x86_64-nixos/absolutesolver/default.nix +++ b/systems/x86_64-nixos/absolutesolver/default.nix @@ -1,4 +1,8 @@ {pkgs, ...}: { + imports = [ + ./hardware.nix + ]; + # Setup Sops sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; sops.age.keyFile = "/var/lib/sops-nix/key.txt"; @@ -36,6 +40,12 @@ enable = true; configDir = ./resources/homepage-config; }; + + atticd = { + enable = true; + sopsFile = ./secrets/atticd.env; + sopsFormat = "dotenv"; + }; }; }; diff --git a/systems/x86_64-nixos/absolutesolver/hardware.nix b/systems/x86_64-nixos/absolutesolver/hardware.nix new file mode 100644 index 0000000..82651b8 --- /dev/null +++ b/systems/x86_64-nixos/absolutesolver/hardware.nix @@ -0,0 +1,55 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "uas" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/5d4f9f57-085f-44a0-b987-bad24ff58769"; + fsType = "btrfs"; + options = ["subvol=@"]; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/8D0F-2821"; + fsType = "vfat"; + options = ["fmask=0077" "dmask=0077"]; + }; + + fileSystems."/mnt/storage" = { + device = "/dev/disk/by-uuid/237eb43e-1e4e-4cb1-873e-6b07f1368f4f"; + fsType = "ext4"; + }; + + swapDevices = [ + {device = "/dev/disk/by-uuid/42fc926f-f066-48e8-8c07-3627b2ba3cd4";} + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.br-32acd0b5b342.useDHCP = lib.mkDefault true; + # networking.interfaces.docker0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + # networking.interfaces.veth0b3552e.useDHCP = lib.mkDefault true; + # networking.interfaces.veth3873910.useDHCP = lib.mkDefault true; + # networking.interfaces.veth9323c9b.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +}