WIP refactor

2025-03-17 22:44:10 -05:00 · 2025-03-17 22:44:10 -05:00 · 2087ee1015
commit 2087ee1015
parent c10446db21
16 changed files with 342 additions and 144 deletions
--- a/common/flake.nix
+++ b/common/flake.nix
@ -22,9 +22,10 @@
          {
            imports = [
              ./options.nix
+              ./general
              ./boot
              ./users
-              ./general
+              ./programs
            ];
          };
      };
--- a/common/programs/default.nix
+++ b/common/programs/default.nix
@ -0,0 +1,11 @@
+{ ... }:
+{
+  imports = [
+    ./qFlipper.nix
+    ./rustDev.nix
+    ./uhkAgent.nix
+    ./tailnet.nix
+    ./ssh.nix
+    ./docker.nix
+  ];
+}
--- a/common/programs/docker.nix
+++ b/common/programs/docker.nix
@ -0,0 +1,38 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  ccfg = import ../config.nix;
+  cfg_path = [
+    ccfg.custom_config_key
+    "programs"
+    "docker"
+  ];
+  cfg = lib.attrsets.getAttrFromPath cfg_path config;
+
+  users_cfg = config.${ccfg.custom_config_key}.users;
+in
+{
+  options =
+    { }
+    // lib.attrsets.setAttrByPath cfg_path {
+      enable = lib.mkEnableOption "docker";
+    };
+
+  config = lib.mkIf cfg.enable {
+    virtualisation.docker = {
+      enable = true;
+      autoPrune.enable = true;
+    };
+    # TODO add admins?
+    users.extraGroups.docker.members = lib.mkIf (users_cfg.primary != null) [ users_cfg.primary ];
+    environment.shellAliases = {
+      dockerv = "docker volume";
+      dockeri = "docker image";
+      dockerc = "docker container";
+    };
+  };
+}
--- a/common/programs/qFlipper.nix
+++ b/common/programs/qFlipper.nix
@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  ccfg = import ../config.nix;
+  cfg_path = [
+    ccfg.custom_config_key
+    "programs"
+    "qFlipper"
+  ];
+  cfg = lib.attrsets.getAttrFromPath cfg_path config;
+in
+{
+  options =
+    { }
+    // lib.attrsets.setAttrByPath cfg_path {
+      enable = lib.mkEnableOption "qFlipper";
+    };
+
+  config = lib.mkIf cfg.enable {
+    hardware.flipperzero.enable = true;
+    environment.systemPackages = with pkgs; [ qFlipper ];
+    services.udev.extraRules = ''
+      #Flipper Zero serial port
+      SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="5740", ATTRS{manufacturer}=="Flipper Devices Inc.", GROUP="users", TAG+="uaccess"
+      #Flipper Zero DFU
+      SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", ATTRS{manufacturer}=="STMicroelectronics", GROUP="users", TAG+="uaccess"
+    '';
+  };
+}
--- a/common/programs/rustDev.nix
+++ b/common/programs/rustDev.nix
@ -0,0 +1,53 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  ccfg = import ../config.nix;
+  cfg_path = [
+    ccfg.custom_config_key
+    "programs"
+    "rustDev"
+  ];
+  cfg = lib.attrsets.getAttrFromPath cfg_path config;
+in
+{
+  options =
+    { }
+    // lib.attrsets.setAttrByPath cfg_path {
+      enable = lib.mkEnableOption "rust development tools";
+      repl = lib.mkOption {
+        type = lib.types.bool;
+        default = true;
+        description = "Enable the evcxr repl for `rust` command.";
+      };
+      # TODO?
+      # channel = lib.mkOption {
+      #   type = lib.types.str;
+      #   default = "stable";
+      #   description = "The Rust release channel to use (e.g., stable, beta, nightly).";
+      # };
+      # version = lib.mkOption {
+      #   type = lib.types.str;
+      #   default = "latest";
+      #   description = "The specific version of Rust to use. Use 'latest' for the latest stable release.";
+      # };
+    };
+
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages =
+      with pkgs;
+      [
+        rustup
+        gcc
+      ]
+      ++ (if cfg.repl then [ pkgs.evcxr ] else [ ]);
+
+    environment.shellAliases = lib.mkIf cfg.repl {
+      rust = "evcxr";
+    };
+  };
+
+}
--- a/common/programs/ssh.nix
+++ b/common/programs/ssh.nix
@ -0,0 +1,94 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  ccfg = import ../config.nix;
+  cfg_path = [
+    ccfg.custom_config_key
+    "programs"
+    "ssh"
+  ];
+  cfg = lib.attrsets.getAttrFromPath cfg_path config;
+in
+{
+  options =
+    { }
+    // lib.attrsets.setAttrByPath cfg_path {
+      enable = lib.mkEnableOption "ssh";
+      sshPortOpen = lib.mkOption {
+        type = lib.types.bool;
+        default = true;
+        description = "Open the ssh port.";
+      };
+      fail2Ban = lib.mkOption {
+        type = lib.types.bool;
+        default = true;
+        description = "Enable fail2ban.";
+      };
+      allowRootPasswordLogin = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = "Allow root password login.";
+      };
+    };
+
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      openssh
+      autossh
+    ];
+
+    # Use fail2ban
+    services.fail2ban = lib.mkIf cfg.fail2Ban {
+      enable = true;
+    };
+
+    # Open ports in the firewall if enabled.
+    networking.firewall.allowedTCPPorts = lib.mkIf cfg.sshPortOpen [
+      22 # sshd
+    ];
+
+    # Enable the OpenSSH daemon.
+    services.openssh = {
+      enable = true;
+      settings = {
+        LogLevel = "VERBOSE";
+        PermitRootLogin = "yes";
+        PasswordAuthentication = if cfg.allowRootPasswordLogin then true else false;
+      };
+    };
+
+    # Ensure SSH key pair generation for non-root users
+    systemd.services = lib.mapAttrs' (name: _: {
+      name = "generate_ssh_key_${name}";
+      value = {
+        description = "Generate SSH key pair for ${name}";
+        wantedBy = [ "multi-user.target" ];
+        serviceConfig = {
+          User = name;
+          Type = "oneshot";
+        };
+        script = ''
+          #!/run/current-system/sw/bin/bash
+          if [ ! -f /home/${name}/.ssh/id_ed25519 ]; then
+            if [ -v DRY_RUN ]; then
+              echo "DRY_RUN is set. Would generate SSH key for ${name}.";
+            else
+              echo "Generating SSH key for ${name}.";
+              mkdir -p /home/${name}/.ssh;
+              chmod 700 /home/${name}/.ssh;
+              /run/current-system/sw/bin/ssh-keygen -t ed25519 -f /home/${name}/.ssh/id_ed25519 -N "";
+            fi
+          else
+            echo "SSH key already exists for ${name}.";
+          fi
+        '';
+      };
+    }) config.mods.common.users;
+
+  };
+
+}
--- a/common/programs/tailnet.nix
+++ b/common/programs/tailnet.nix
@ -0,0 +1,51 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  ccfg = import ../config.nix;
+  cfg_path = [
+    ccfg.custom_config_key
+    "programs"
+    "tailnet"
+  ];
+  cfg = lib.attrsets.getAttrFromPath cfg_path config;
+in
+{
+  options =
+    { }
+    // lib.attrsets.setAttrByPath cfg_path {
+      enable = lib.mkEnableOption "rust development tools";
+      useSecretsAuth = lib.mkOption {
+        type = lib.types.bool;
+        default = true;
+        description = "Whether to use secrets authentication for Tailscale";
+      };
+      useHeadscale = lib.mkOption {
+        type = lib.types.bool;
+        default = true;
+        description = "Whether to use headscale login server.";
+      };
+
+    };
+
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [ tailscale ];
+    services.tailscale = {
+      enable = true;
+      openFirewall = true;
+      useRoutingFeatures = "client";
+      authKeyFile = lib.mkIf cfg.useSecretsAuth config.age.secrets.headscale_auth.path;
+      # https://tailscale.com/kb/1241/tailscale-up
+      extraUpFlags = lib.mkIf cfg.useHeadscale [
+        "--login-server=https://headscale.joshuabell.xyz"
+        "--no-logs-support"
+      ];
+    };
+    networking.firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ];
+    networking.firewall.checkReversePath = "loose";
+  };
+
+}
--- a/common/programs/uhkAgent.nix
+++ b/common/programs/uhkAgent.nix
@ -0,0 +1,31 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  ccfg = import ../config.nix;
+  cfg_path = [
+    ccfg.custom_config_key
+    "programs"
+    "uhkAgent"
+  ];
+  cfg = lib.attrsets.getAttrFromPath cfg_path config;
+in
+{
+  options =
+    { }
+    // lib.attrsets.setAttrByPath cfg_path {
+      enable = lib.mkEnableOption "uhk agent (ultimate hacking keyboard)";
+    };
+
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      uhk-agent
+      uhk-udev-rules
+    ];
+    services.udev.packages = [ pkgs.uhk-udev-rules ];
+  };
+
+}
--- a/components/nix/qflipper.nix
+++ b/components/nix/qflipper.nix
@ -1,12 +0,0 @@
-{ pkgs, ... }:
-{
-  hardware.flipperzero.enable = true;
-  environment.systemPackages = with pkgs; [ qFlipper ];
-  
-  services.udev.extraRules = ''
-    #Flipper Zero serial port
-    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="5740", ATTRS{manufacturer}=="Flipper Devices Inc.", GROUP="users", TAG+="uaccess"
-    #Flipper Zero DFU
-    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", ATTRS{manufacturer}=="STMicroelectronics", GROUP="users", TAG+="uaccess"
-  '';
-}
--- a/components/nix/rust-dev.nix
+++ b/components/nix/rust-dev.nix
@ -1,50 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-
-with lib;
-
-let
-  rustChannel = config.programs.rust.channel;
-  rustVersion = config.programs.rust.version;
-in
-{
-  options.components.rust = {
-    enable = mkOption {
-      type = types.bool;
-      default = true;
-      description = "Enable Rust programming language support.";
-    };
-
-    repl = mkOption {
-      type = types.bool;
-      default = true;
-      description = "Enable the evcxr repl for `rust` command.";
-    };
-
-    channel = mkOption {
-      type = types.str;
-      default = "stable";
-      description = "The Rust release channel to use (e.g., stable, beta, nightly).";
-    };
-
-    version = mkOption {
-      type = types.str;
-      default = "latest";
-      description = "The specific version of Rust to use. Use 'latest' for the latest stable release.";
-    };
-  };
-
-  config = mkIf config.components.rust.enable {
-    environment.systemPackages = with pkgs; [
-      rustup gcc
-    ] ++ (if config.components.rust.repl then [ pkgs.evcxr ] else [ ]);
-
-    environment.shellAliases = mkIf config.components.rust.repl {
-      rust = "evcxr";
-    };
-  };
-}
--- a/components/nix/rust-repl.nix
+++ b/components/nix/rust-repl.nix
@ -1,7 +0,0 @@
-{ pkgs, ... }:
-{
-  environment.systemPackages = with pkgs; [ evcxr rustc ];
-  environment.shellAliases = {
-    rust = "evcxr";
-  };
-}
--- a/components/nix/steam.nix
+++ b/components/nix/steam.nix
@ -1,4 +0,0 @@
-{ ... }:
-{
-  programs.steam.enable = true;
-}
--- a/components/nix/tailscale.nix
+++ b/components/nix/tailscale.nix
@ -1,37 +0,0 @@
-{
-  lib,
-  pkgs,
-  config,
-  ...
-}:
-{
-  options.components.tailscale = {
-    useSecretsAuth = lib.mkOption {
-      type = lib.types.bool;
-      default = true;
-      description = "Whether to use secrets authentication for Tailscale";
-    };
-    useHeadscale = lib.mkOption {
-      type = lib.types.bool;
-      default = true;
-      description = "Whether to use headscale login server.";
-    };
-  };
-
-  config = {
-    environment.systemPackages = with pkgs; [ tailscale ];
-    services.tailscale = {
-      enable = true;
-      openFirewall = true;
-      useRoutingFeatures = "client";
-      authKeyFile = lib.mkIf config.components.tailscale.useSecretsAuth config.age.secrets.headscale_auth.path;
-      # https://tailscale.com/kb/1241/tailscale-up
-      extraUpFlags = lib.mkIf config.components.tailscale.useHeadscale [
-        "--login-server=https://headscale.joshuabell.xyz"
-        "--no-logs-support"
-      ];
-    };
-    networking.firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ];
-    networking.firewall.checkReversePath = "loose";
-  };
-}
--- a/components/nix/uhk-agent.nix
+++ b/components/nix/uhk-agent.nix
@ -1,6 +0,0 @@
-{ pkgs, ... }:
-{
-  environment.systemPackages = with pkgs; [ uhk-agent uhk-udev-rules ];
-  
-  services.udev.packages = [ pkgs.uhk-udev-rules ];
-}
--- a/hosts/lio/flake.lock
+++ b/hosts/lio/flake.lock
@ -96,7 +96,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-anAVUUAUV6r9kepJRMPQX9bUNZfkXgsWwZ4/pDlvuWM=",
+        "narHash": "sha256-m8fxD1m9NkoFI10VdK3Mc/dd4ECFs5IApuIor9Yr+FI=",
        "path": "../../common",
        "type": "path"
      },
@ -299,11 +299,11 @@
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1739757849,
-        "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=",
+        "lastModified": 1742234739,
+        "narHash": "sha256-zFL6zsf/5OztR1NSNQF33dvS1fL/BzVUjabZq4qrtY4=",
        "owner": "rycee",
        "repo": "home-manager",
-        "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe",
+        "rev": "f6af7280a3390e65c2ad8fd059cdc303426cbd59",
        "type": "github"
      },
      "original": {
@ -461,11 +461,11 @@
        "xdph": "xdph"
      },
      "locked": {
-        "lastModified": 1742223160,
-        "narHash": "sha256-lExsJAtqhTITVBRuRoWklddFekm5CO+nrS2sxG4rsIA=",
+        "lastModified": 1742261820,
+        "narHash": "sha256-KYriCbjqEh+NWJOuRFEut4hIdIVtqPIhYWSGRKRooOU=",
        "owner": "hyprwm",
        "repo": "Hyprland",
-        "rev": "011d7ccb91081ff99f184564ea38d1b9e543a99c",
+        "rev": "ec4bea7901bdb1f36d33354c02e36d7e03b1ac1e",
        "type": "github"
      },
      "original": {
@ -664,11 +664,11 @@
    },
    "mod_common": {
      "locked": {
-        "lastModified": 1742225898,
-        "narHash": "sha256-c4dLwf8WhC5Qc7Z+jjPFcLFNvEFI0aBrkNhKWnuSg3E=",
+        "lastModified": 1742269254,
+        "narHash": "sha256-G+ZJAzU5gqXib98pb7Vhq56IVknxqhFScC3kARS3Qgk=",
        "ref": "mod_common",
-        "rev": "75cbb43b5341f60fa9453b0167684573d727261d",
-        "revCount": 21,
+        "rev": "e3e6d8473dbd3d5ef98c421b6b7f203f1cbff6f3",
+        "revCount": 22,
        "type": "git",
        "url": "https://git.joshuabell.xyz/dotfiles"
      },
--- a/hosts/lio/flake.nix
+++ b/hosts/lio/flake.nix
@ -20,6 +20,7 @@
  outputs =
    {
      nixpkgs,
+      common,
      ...
    }@inputs:
    let
@ -47,18 +48,19 @@
              (
                { config, pkgs, ... }:
                {
-                  imports = [
-                    ../../components/nix/rust-dev.nix
-                    ../../components/nix/qflipper.nix
-                    ../../components/nix/steam.nix
-                    ../../components/nix/tailscale.nix
-                  ];
-
                  ringofstorms_common = {
                    systemName = configuration_name;
                    boot.systemd.enable = true;
                    general = {
-                      # NOTE bunch of defaults in here I dont need to change
+                      disableRemoteBuildsOnLio = true;
+                    };
+                    programs = {
+                      qFlipper.enable = true;
+                      rustDev.enable = true;
+                      uhkAgent.enable = true;
+                      tailnet.enable = true;
+                      ssh.enable = true;
+                      docker.enable = true;
                    };
                    users = {
                      # Users are all normal users and default password is password1
@ -92,10 +94,14 @@
                    };
                  };

+                  programs = {
+                    steam.enable = true;
+                  };
+
                  environment.systemPackages = with pkgs; [
                    lua
                    qdirstat
-                    qflipper
+                    # qflipper
                    steam
                  ];

@ -108,14 +114,10 @@

                  mods = {
                    common = {
-                      disableRemoteBuildsOnLio = true;
-                      systemName = configuration_name;
-                      allowUnfree = true;
-                      primaryUser = "josh";
-                      docker = true;
                      zsh = true;
-                      users = {
-                      };
+                      # still used somewhere...
+                      systemName = configuration_name;
+                      primaryUser = "josh";
                    };
                    home_manager = {
                      users = {