diff --git a/config/common.nix b/config/common.nix new file mode 100644 index 0000000..b37a938 --- /dev/null +++ b/config/common.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: + +# Config common to all hosts, which don't belong anywhere else +{ + config = { + home-manager.users.root = import ../home-manager/root.nix { inherit config lib pkgs; }; + }; +} \ No newline at end of file diff --git a/config/default.nix b/config/default.nix index 139b538..b6bafaf 100644 --- a/config/default.nix +++ b/config/default.nix @@ -1,15 +1,14 @@ { config, lib, pkgs, ... }: { - config = { - imports = [ - ./bash.nix - ./domains.nix - ./groups.nix - ./hosts.nix - ./sites.nix - ./users.nix - ./wireless-networks.nix - ]; - }; + imports = [ + ./bash.nix + ./common.nix + ./domains.nix + ./groups.nix + ./hosts.nix + ./sites.nix + ./users.nix + ./wireless-networks.nix + ]; } diff --git a/config/domains.nix b/config/domains.nix index d700ec5..3308d16 100644 --- a/config/domains.nix +++ b/config/domains.nix @@ -2,27 +2,27 @@ { config.fudo.domains = { - fudo.org = { + "fudo.org" = { local-networks = [ "208.81.1.128/28" "208.81.3.112/28" ]; local-users = [ "niten" "reaper" ]; + local-groups = [ "fudo" "selby" "admin" ]; admin-users = [ "niten" "reaper" ]; admin-email = "admin@fudo.org"; gssapi-realm = "FUDO.ORG"; }; - sea.fudo.org = { + "sea.fudo.org" = { local-networks = [ "10.0.0.0/24" ]; local-users = [ "niten" "reaper" "xiaoxuan" "ken" ]; + local-groups = [ "fudo" "selby" "admin" ]; admin-users = [ "niten" ]; admin-email = "niten@fudo.org"; gssapi-realm = "FUDO.ORG"; - - local-dns = import ./networks/sea.fudo.org.nix { }; }; - rus.selby.ca = { + "rus.selby.ca" = { local-networks = [ "10.0.0.0/24" ]; local-users = [ @@ -37,17 +37,17 @@ "jess" "andrew" ]; + local-groups = [ "fudo" "selby" "admin" ]; local-admins = [ "niten" ]; admin-email = "niten@fudo.org"; gssapi-realm = "FUDO.ORG"; - - local-dns = import ./networks/rus.selby.ca.nix { }; }; - informis.land = { + "informis.land" = { local-networks = [ ]; local-users = [ "niten" "viator" ]; + local-groups = [ "admin" ]; admin-users = [ "niten" ]; admin-email = "viator@informis.land"; gssapi-realm = "INFORMIS.LAND"; diff --git a/config/domains/fudo.org.nix b/config/domains/fudo.org.nix new file mode 100644 index 0000000..cace10e --- /dev/null +++ b/config/domains/fudo.org.nix @@ -0,0 +1,4 @@ +{ config, lib, pkgs, ... }: + +{ +} \ No newline at end of file diff --git a/config/domains/informis.land.nix b/config/domains/informis.land.nix new file mode 100644 index 0000000..cace10e --- /dev/null +++ b/config/domains/informis.land.nix @@ -0,0 +1,4 @@ +{ config, lib, pkgs, ... }: + +{ +} \ No newline at end of file diff --git a/config/domains/rus.selby.ca.nix b/config/domains/rus.selby.ca.nix new file mode 100644 index 0000000..3c2a8b4 --- /dev/null +++ b/config/domains/rus.selby.ca.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs, ... }: + +{ + +} \ No newline at end of file diff --git a/config/domains/sea.fudo.org.nix b/config/domains/sea.fudo.org.nix new file mode 100644 index 0000000..3c2a8b4 --- /dev/null +++ b/config/domains/sea.fudo.org.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs, ... }: + +{ + +} \ No newline at end of file diff --git a/config/groups.nix b/config/groups.nix new file mode 100644 index 0000000..0333c2f --- /dev/null +++ b/config/groups.nix @@ -0,0 +1,79 @@ +{ config, lib, pkgs, ... }: + +{ + config.fudo.groups = { + admin = { + gid = 1000; + description = "Admin User Group"; + members = [ + "niten" + "reaper" + "swaff" + ]; + }; + + fudo = { + gid = 1001; + description = "Fudo User Group"; + members = [ + "andrew" + "animus" + "anorthe" + "ark" + "ben" + "brian" + "chad" + "ckoo" + "dabar" + "dana" + "darryl" + "debo" + "flowchart" + "gaijin" + "gubbs" + "helen" + "jess" + "jill" + "jinny" + "joker4ever" + "jun" + "kevin" + "kevinyinjunjie" + "kris" + "laura" + "leefolio" + "niten" + "r3d3" + "reaper" + "rob" + "saphira" + "slickoil" + "splat1" + "stewartd" + "swaff" + "theblacksun" + "xiaoxuan" + "zimm" + ]; + }; + + selby = { + gid = 1002; + description = "Selby User Group"; + members = [ + "andrew" + "brian" + "darryl" + "helen" + "jess" + "ken" + "kevin" + "laura" + "niten" + "rob" + "vee" + "xiaoxuan" + ]; + }; + }; +} \ No newline at end of file diff --git a/config/hardware/plato.nix b/config/hardware/plato.nix index 4bc6f07..c068835 100644 --- a/config/hardware/plato.nix +++ b/config/hardware/plato.nix @@ -1,5 +1,6 @@ { config, lib, pkgs, ... }: +with lib; { imports = [ ]; @@ -53,7 +54,7 @@ }; }; - services.autoScrub.enable = true; + services.zfs.autoScrub.enable = true; swapDevices = [{ device = "/dev/disk/by-label/plato-swap"; }]; @@ -61,7 +62,9 @@ hardware.bluetooth.enable = false; - network = { + networking = { + hostId = substring 0 8 (fileContents /etc/machine-id); + macvlans = { intif0 = { interface = "enp1s0"; diff --git a/config/hosts.nix b/config/hosts.nix index 12b481f..e586b2a 100644 --- a/config/hosts.nix +++ b/config/hosts.nix @@ -4,87 +4,44 @@ config.fudo.hosts = { atom = { description = "Niten's toy laptop."; - domain = "sea.fudo.org"; - site = "seattle"; - profile = "laptop"; enable-gui = false; - hardware-config = ./hardware/atom.nix; }; - clunk = let - primary-ip = "10.0.0.1"; - internal-interfaces = [ "intif0" ]; - external-interface = "extif0"; - dns-over-https-port = 5353; - - in { + clunk = { description = "rus.selby.ca gateway box."; - domain = "rus.selby.ca"; - site = "russell"; - profile = "gateway-server"; docker-server = true; - hardware-config = ./hardware/clunk.nix; - extra-config = import ./hosts/clunk.nix { }; }; france = { description = "Primary fudo.org server."; - domain = "fudo.org"; - site = "portage"; - profile = "server"; docker-server = true; - hardware-config = ./hardware/france.nix; }; lambda = { - description = "Niten's experiment server."; - domain = "sea.fudo.org"; - site = "seattle"; - profile = "server"; + description = "sea.fudo.org experiment server."; docker-server = true; - hardware-config = ./hardware/lambda.nix; }; nostromo = { description = "sea.fudo.org gateway box and primary server."; - domain = "sea.fudo.org"; - site = "seattle"; - profile = "gateway-server"; docker-server = true; - hardware-config = ./hardware/nostromo.nix; }; plato = { description = "Niten's toy server."; - domain = "rus.selby.ca"; - site = "russell"; - profile = "server"; - hardware-config = ./hardware/plato.nix; }; procul = { description = "informis.land server."; - domain = "informis.land"; - site = "joes-datacenter-0"; - profile = "server"; docker-server = true; - hardware-config = ./hardware/procul.nix; }; spark = { description = "Niten's backup desktop."; - domain = "sea.fudo.org"; - site = "seattle"; - profile = "desktop"; - hardware-config = ./hardware/spark.nix; }; zbox = { description = "Niten's primary desktop."; - domain = "sea.fudo.org"; - site = "seattle"; - profile = "desktop"; - hardware-config = ./hardware/zbox.nix; }; }; } diff --git a/config/hosts/plato.nix b/config/hosts/plato.nix index 09de5ae..958e38d 100644 --- a/config/hosts/plato.nix +++ b/config/hosts/plato.nix @@ -15,6 +15,11 @@ with lib; { ${pkgs.zfs}/bin/zfs rollback -r zroot/transient/root@blank ''; + security.sudo.extraConfig = '' + # rollback results in sudo lectures after each reboot + Defaults lecture = never + ''; + services = { openssh = { hostKeys = [ diff --git a/config/profiles/common-ui.nix b/config/profiles/common-ui.nix index 9e01d1e..83794cb 100644 --- a/config/profiles/common-ui.nix +++ b/config/profiles/common-ui.nix @@ -21,6 +21,13 @@ in { windowManager.stumpwm.enable = true; + emacs = { + enable = true; + install = true; + package = pkgs.emacs; + defaultEditor = true; + }; + # windowManager.session = pkgs.lib.singleton { # name = "stumpwm"; # start = '' diff --git a/config/profiles/common.nix b/config/profiles/common.nix index a630f00..96b4469 100644 --- a/config/profiles/common.nix +++ b/config/profiles/common.nix @@ -3,7 +3,7 @@ with lib; let # Available to all users on the system. Keep it minimal. - global-packages = with pkgs; [ emacs openssh_gssapi vim wget ]; + global-packages = with pkgs; [ openssh_gssapi vim wget ]; in { environment = { @@ -11,7 +11,7 @@ in { systemPackages = global-packages; - environment.shellInit = '' + shellInit = '' ${pkgs.gnupg}/bin/gpg-connect-agent /bye export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket) ''; @@ -23,11 +23,6 @@ in { system.autoUpgrade.enable = true; services = { - emacs = { - enable = true; - defaultEditor = true; - }; - openssh = { enable = true; startWhenNeeded = true; diff --git a/config/profiles/server.nix b/config/profiles/server.nix index d7a29ee..9d1eb6f 100644 --- a/config/profiles/server.nix +++ b/config/profiles/server.nix @@ -48,13 +48,13 @@ in { emacs-nox ldns ldns.examples - jdk12_headless + jdk14_headless racket-minimal reboot-if-necessary test-config ]; - noXlibs = true; + # noXlibs = lib.mkForce true; }; security = { hideProcessInformation = true; }; @@ -63,7 +63,16 @@ in { boot.tmpOnTmpfs = true; - services.xserver.enable = false; + services = { + xserver.enable = false; + + emacs = { + enable = true; + install = true; + package = pkgs.emacs; + defaultEditor = true; + }; + }; sound.enable = false; hardware.pulseaudio.enable = false; diff --git a/config/sites/joes-datacenter-0.nix b/config/sites/joes-datacenter-0.nix new file mode 100644 index 0000000..3c2a8b4 --- /dev/null +++ b/config/sites/joes-datacenter-0.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs, ... }: + +{ + +} \ No newline at end of file diff --git a/config/sites/portage.nix b/config/sites/portage.nix new file mode 100644 index 0000000..3c2a8b4 --- /dev/null +++ b/config/sites/portage.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs, ... }: + +{ + +} \ No newline at end of file diff --git a/config/sites/russell.nix b/config/sites/russell.nix new file mode 100644 index 0000000..3c2a8b4 --- /dev/null +++ b/config/sites/russell.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs, ... }: + +{ + +} \ No newline at end of file diff --git a/config/sites/seattle.nix b/config/sites/seattle.nix new file mode 100644 index 0000000..3c2a8b4 --- /dev/null +++ b/config/sites/seattle.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs, ... }: + +{ + +} \ No newline at end of file diff --git a/config/users.nix b/config/users.nix index 949597a..53a24d2 100644 --- a/config/users.nix +++ b/config/users.nix @@ -6,84 +6,85 @@ uid = 10000; primary-group = "admin"; common-name = "Peter Selby"; - ldap-hashed-password = "{SSHA}dF/5NGkafL8M1kpa3LYZKdh0Pc7a02gA"; - login-hashed-password = + ldap-hashed-passwd = "{SSHA}dF/5NGkafL8M1kpa3LYZKdh0Pc7a02gA"; + login-hashed-passwd = "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/"; ssh-authorized-keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDoWkjyeIfgwm0b78weToVYOQSD0RQ0qbNzpsN5NokbIFv2/980kLtnYrQEgIJ/JwMLlT3uJYacbCT5/a6Fb8oLxNpj0AF1EKaWZ3Rrlg72Sq+9SEwJwWWmZizX83sovMwUBMaUp6jWLhAhPpzBW5pfc5YWoc89wxGbELSwzgt5EgHbSJgvDnaHSp3fVaY01wfDXbL/oO160iNe7wv2HLMZu/FkWBkIjz6HmoGJJzYM89bUpHbyYG28lmCHB/8UPog5/BsjOn3/qupgf4zh6mMdMsXLvbR2jVwVjxcEMj9N5nCvc+Y3oi7Mij6VNrWbhkaAJMEzeMhWYrF3/pFQxUqG37aK3d0gw9kp5tMDLIlAPX4y1lfA87pIzoa0+Alql0CJQA1IJvp9SFG7lBmSthWQLmZvwwfoGg/ZjF6rOgsVoZ8TizpQnydWJDr6NboU9LL9Oa64OM5Rs0AU3cR2UbOF4QIcWFJ/7oDe3dOnfZ8QYqx9eXJyxoAUpDanaaTHYBiAKkeOBwQU+MVLKCcONKw9FZclf/1TpDB5b3/JeUFANjHQTv0UXA4YYU7iCx6H7XB4qwwtU9O19CGQYYfCfULX12/fRpYJw6VJaQWyyU4Bn5dk/dcB2nGI36jwbLMfhbUTIApujioAnd/GQIMakHEZ1+syPhMx9BxMkZb99B0A1Q== openpgp:0x4EC95B64" ]; - home = "/home/niten"; + home-directory = "/home/niten"; + home-manager-config = import ../home-manager/niten.nix { inherit config lib pkgs; }; }; andrew = { uid = 10001; primary-group = "selby"; common-name = "Andrew Selby"; - ldap-hashed-password = ""; + ldap-hashed-passwd = ""; }; animus = { uid = 10002; primary-group = "fudo"; common-name = "James Frazer"; - ldap-hashed-password = ""; + ldap-hashed-passwd = ""; }; ark = { uid = 10005; primary-group = "fudo"; common-name = "Roger Wong"; - ldap-hashed-password = ""; + ldap-hashed-passwd = ""; }; ben = { uid = 10007; primary-group = "fudo"; common-name = "Ben"; - ldap-hashed-password = "{MD5}v0jY5bADu30cAR1Uu/eWYQ=="; + ldap-hashed-passwd = "{MD5}v0jY5bADu30cAR1Uu/eWYQ=="; }; chad = { uid = 10011; primary-group = "fudo"; common-name = "Chad Isbister"; - ldap-hashed-password = "{MD5}fQ309GUF2DvHlJ3R+5wNuA=="; + ldap-hashed-passwd = "{MD5}fQ309GUF2DvHlJ3R+5wNuA=="; }; ckoo = { uid = 10014; primary-group = "fudo"; common-name = "Jason Bush"; - ldap-hashed-password = "{MD5}KMFeaBc7e/gVzL/QUT0mYw=="; + ldap-hashed-passwd = "{MD5}KMFeaBc7e/gVzL/QUT0mYw=="; }; dana = { uid = 10015; primary-group = "fudo"; common-name = "Dana Eftodie"; - ldap-hashed-password = "{MD5}+ijTylKau4uot2kGMqKSTA=="; + ldap-hashed-passwd = "{MD5}+ijTylKau4uot2kGMqKSTA=="; }; jill = { uid = 10030; primary-group = "fudo"; common-name = "Jill Isbister"; - ldap-hashed-password = "{MD5}fQ309GUF2DvHlJ3R+5wNuA=="; + ldap-hashed-passwd = "{MD5}fQ309GUF2DvHlJ3R+5wNuA=="; }; joker4ever = { uid = 10033; primary-group = "fudo"; common-name = "Jack Clarke"; - ldap-hashed-password = "{SSHA}w78XwSax9WywIDujMxEoO7o87d2LDJRo"; + ldap-hashed-passwd = "{SSHA}w78XwSax9WywIDujMxEoO7o87d2LDJRo"; }; ken = { uid = 10035; primary-group = "selby"; common-name = "Ken Selby"; - ldap-hashed-password = "{SSHA}YvtkEpqsReXcMdrzlui/ZmhIUKN42YO1"; - login-hashed-password = + ldap-hashed-passwd = "{SSHA}YvtkEpqsReXcMdrzlui/ZmhIUKN42YO1"; + login-hashed-passwd = "$6$EwK9fpbH8$gYVzYY1IYw2/G0wCeUxXrZZqvjWCkCZbBqCOhxowbMuYtC5G0vp.AoYhVKWOJcHJM2c7TdPmAdnhLIe2KYStf."; }; @@ -91,88 +92,88 @@ uid = 10049; primary-group = "admin"; common-name = "Jonathan Stewart"; - ldap-hashed-password = "{MD5}EBvifhJ6z9dIDx0KWkAPoQ=="; - login-hashed-password = + ldap-hashed-passwd = "{MD5}EBvifhJ6z9dIDx0KWkAPoQ=="; + login-hashed-passwd = "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/"; - home = "/home/reaper"; + home-directory = "/home/reaper"; }; slickoil = { uid = 10052; primary-group = "fudo"; common-name = "Connor Cooley"; - ldap-hashed-password = "{MD5}8Qrpagi8TYnZQdFoYe02rA=="; + ldap-hashed-passwd = "{MD5}8Qrpagi8TYnZQdFoYe02rA=="; }; splat1 = { uid = 10053; primary-group = "fudo"; common-name = "Matt Evans"; - ldap-hashed-password = "{MD5}JeHNutGTBMHOqFgVlYjfpw=="; + ldap-hashed-passwd = "{MD5}JeHNutGTBMHOqFgVlYjfpw=="; }; swaff = { uid = 10055; primary-group = "fudo"; common-name = "Mark Swaffer"; - ldap-hashed-password = "{MD5}C5gIsLsaKSvIPydu4uzhNg=="; + ldap-hashed-passwd = "{MD5}C5gIsLsaKSvIPydu4uzhNg=="; }; brian = { uid = 10056; primary-group = "selby"; common-name = "Brian Selby"; - ldap-hashed-password = "{crypt}$1$npZLTPEO$p2bTx8TTlCg7XNiivTJsC1"; + ldap-hashed-passwd = "{crypt}$1$npZLTPEO$p2bTx8TTlCg7XNiivTJsC1"; }; rob = { uid = 10057; primary-group = "selby"; common-name = "Robert Selby"; - ldap-hashed-password = "{crypt}HD1ESf1hAGdks"; + ldap-hashed-passwd = "{crypt}HD1ESf1hAGdks"; }; tarbash = { uid = 10059; primary-group = "fudo"; common-name = "Neville"; - ldap-hashed-password = "{crypt}$1$cE6lVNbC$PLjlE9vK77SKNKwJBKiT//"; + ldap-hashed-passwd = "{crypt}$1$cE6lVNbC$PLjlE9vK77SKNKwJBKiT//"; }; darryl = { uid = 10060; primary-group = "selby"; common-name = "Darryl Kissick"; - ldap-hashed-password = "{crypt}$1$oUNTMyKU$oUs6JqBRTPKE9A/sEzlSY0"; + ldap-hashed-passwd = "{crypt}$1$oUNTMyKU$oUs6JqBRTPKE9A/sEzlSY0"; }; ayumi = { uid = 10061; primary-group = "fudo"; common-name = "Ayumi Kira"; - ldap-hashed-password = "{MD5}5OkpooOLxw94nF1lOfn/ZQ=="; + ldap-hashed-passwd = "{MD5}5OkpooOLxw94nF1lOfn/ZQ=="; }; saphira = { uid = 10063; primary-group = "fudo"; common-name = "Elizabeth Stewart"; - ldap-hashed-password = "{crypt}$1$cQ/Zq25x$fUQfUtpMB.f3rBWzttPns."; + ldap-hashed-passwd = "{crypt}$1$cQ/Zq25x$fUQfUtpMB.f3rBWzttPns."; }; banen = { uid = 10064; primary-group = "fudo"; common-name = "Travis Neis"; - ldap-hashed-password = "{crypt}$1$cyfM/Vni$vIuirRln.MnWActOR6t8S."; + ldap-hashed-passwd = "{crypt}$1$cyfM/Vni$vIuirRln.MnWActOR6t8S."; }; xiaoxuan = { uid = 10065; primary-group = "fudo"; common-name = "Xiaoxuan Jin"; - ldap-hashed-password = "{MD5}iecbyMpyVkmOaMBzSFy58Q=="; - login-hashed-password = + ldap-hashed-passwd = "{MD5}iecbyMpyVkmOaMBzSFy58Q=="; + login-hashed-passwd = "$6$C8lYHrK7KvdKm/RE$cHZ2hg5gEOEjTV8Zoayik8sz5h.Vh0.ClCgOlQn8l/2Qx/qdxqZ7xCsAZ1GZ.IEyESfhJeJbjLpykXDwPpfVF0"; }; @@ -180,232 +181,232 @@ uid = 10066; primary-group = "fudo"; common-name = ""; - ldap-hashed-password = "{crypt}$1$HzQOn3zV$ogkeS5ByWrFstYo0FhXB/."; + ldap-hashed-passwd = "{crypt}$1$HzQOn3zV$ogkeS5ByWrFstYo0FhXB/."; }; flowchart = { uid = 10067; primary-group = "fudo"; common-name = "BH Bieterse"; - ldap-hashed-password = "{crypt}$1$lQMZ42RZ$aAOsLHP0i.yfvD1a1EVsA/"; + ldap-hashed-passwd = "{crypt}$1$lQMZ42RZ$aAOsLHP0i.yfvD1a1EVsA/"; }; gubbs = { uid = 10068; primary-group = "fudo"; common-name = "Lorcan Gavin"; - ldap-hashed-password = "{MD5}AIf4bJZyHCnvJVL3YHRnIg=="; + ldap-hashed-passwd = "{MD5}AIf4bJZyHCnvJVL3YHRnIg=="; }; debo = { uid = 10069; primary-group = "fudo"; common-name = "Deborah Osti"; - ldap-hashed-password = "{crypt}$1$5wEBGh/8$Ggp2JAI/rQiBXxJ89G0iq1"; + ldap-hashed-passwd = "{crypt}$1$5wEBGh/8$Ggp2JAI/rQiBXxJ89G0iq1"; }; leefolio = { uid = 10070; primary-group = "fudo"; common-name = "Ze Artiste"; - ldap-hashed-password = "{crypt}$1$LRlAYBst$sS1bPu8yEPrdYkQhoZhAq1"; + ldap-hashed-passwd = "{crypt}$1$LRlAYBst$sS1bPu8yEPrdYkQhoZhAq1"; }; zimm = { uid = 10071; primary-group = "fudo"; common-name = "Ross Drinkwater"; - ldap-hashed-password = "{SSHA}er1cgYDNPJsfLwtqYLopKMGMxiZZRGdY"; + ldap-hashed-passwd = "{SSHA}er1cgYDNPJsfLwtqYLopKMGMxiZZRGdY"; }; gaijin = { uid = 10072; primary-group = "fudo"; common-name = "Tetsuo Torigai"; - ldap-hashed-password = "{crypt}$1$bw8hyDXm$pMLLUtlDlVLwBTZiC0Lzf0"; + ldap-hashed-passwd = "{crypt}$1$bw8hyDXm$pMLLUtlDlVLwBTZiC0Lzf0"; }; anorthe = { uid = 10073; primary-group = "fudo"; common-name = "Bonnie Wong"; - ldap-hashed-password = "{crypt}$1$DORfHzbp$nJkk0OXd7WzYDxx8LbdMK."; + ldap-hashed-passwd = "{crypt}$1$DORfHzbp$nJkk0OXd7WzYDxx8LbdMK."; }; stewartd = { uid = 10076; primary-group = "fudo"; common-name = "Dwight Stewart"; - ldap-hashed-password = "{MD5}e2GSmH+l4ZZ808snWsFNYw=="; + ldap-hashed-passwd = "{MD5}e2GSmH+l4ZZ808snWsFNYw=="; }; jess = { uid = 10078; primary-group = "selby"; common-name = "Jessica Selby"; - ldap-hashed-password = "{MD5}2tbtZre16apUTNtRIK98nQ=="; + ldap-hashed-passwd = "{MD5}2tbtZre16apUTNtRIK98nQ=="; }; kevin = { uid = 10079; primary-group = "selby"; common-name = "Kevin Selby"; - ldap-hashed-password = "{crypt}$1$UYKrkMEe$SAABgc1pCBYgPFIMepNrM."; + ldap-hashed-passwd = "{crypt}$1$UYKrkMEe$SAABgc1pCBYgPFIMepNrM."; }; theblacksun = { uid = 10080; primary-group = "fudo"; common-name = "Brendan Goodfellow"; - ldap-hashed-password = "{MD5}Hmw6pFYYT87nmpLp0QxcQw=="; + ldap-hashed-passwd = "{MD5}Hmw6pFYYT87nmpLp0QxcQw=="; }; kris = { uid = 10082; primary-group = "selby"; common-name = "Kris Huberdeau"; - ldap-hashed-password = "{SSHA}RUYeAEUyblnCWa9uBzY9nwsmoksy8P3Y"; + ldap-hashed-passwd = "{SSHA}RUYeAEUyblnCWa9uBzY9nwsmoksy8P3Y"; }; jun = { uid = 10083; primary-group = "fudo"; common-name = "Junichi Suzuki"; - ldap-hashed-password = "{crypt}$1$ExfgQXb8$b1ihvMRbG2dWbnlmzzI/h."; + ldap-hashed-passwd = "{crypt}$1$ExfgQXb8$b1ihvMRbG2dWbnlmzzI/h."; }; jinny = { uid = 10084; primary-group = "fudo"; common-name = "Hye-jin Kim"; - ldap-hashed-password = "{crypt}$1$6cld82N8$5a9ovCPXSacDmK3TWDaF30"; + ldap-hashed-passwd = "{crypt}$1$6cld82N8$5a9ovCPXSacDmK3TWDaF30"; }; helen = { uid = 10086; primary-group = "selby"; common-name = "Helen Selby"; - ldap-hashed-password = "{SSHA}uckUXX09MjYq9++sF3f9b2IY8a9UBIxm"; + ldap-hashed-passwd = "{SSHA}uckUXX09MjYq9++sF3f9b2IY8a9UBIxm"; }; vee = { uid = 10087; primary-group = "selby"; common-name = "Vee Selby"; - ldap-hashed-password = "snoinuer"; + ldap-hashed-passwd = "snoinuer"; }; dabar = { uid = 10088; primary-group = "fudo"; common-name = "Dan Bernardic"; - ldap-hashed-password = "{MD5}ULrk46YUeUZQrl0+wAQiWA=="; + ldap-hashed-passwd = "{MD5}ULrk46YUeUZQrl0+wAQiWA=="; }; r3d3 = { uid = 10089; primary-group = "fudo"; common-name = "Derek Veroni"; - ldap-hashed-password = "{SHA}2XyijGDovUhA1/Z/XR+9h9Ia4fY="; + ldap-hashed-passwd = "{SHA}2XyijGDovUhA1/Z/XR+9h9Ia4fY="; }; laura = { uid = 10090; primary-group = "selby"; common-name = "Laura Selby"; - ldap-hashed-password = "{MD5}MI65czN0duIudMhYH+BU9Q=="; + ldap-hashed-passwd = "{MD5}MI65czN0duIudMhYH+BU9Q=="; }; tuk = { uid = 10091; primary-group = "fudo"; common-name = "Taku Koba"; - ldap-hashed-password = "{MD5}DQuoQluy50128r8MxAmFkQ=="; + ldap-hashed-passwd = "{MD5}DQuoQluy50128r8MxAmFkQ=="; }; aki = { uid = 10092; primary-group = "fudo"; common-name = "Akihito Mori"; - ldap-hashed-password = "{MD5}oGAt2kJGKMqX+CmfV1w/GA=="; + ldap-hashed-passwd = "{MD5}oGAt2kJGKMqX+CmfV1w/GA=="; }; ansyg = { uid = 10095; primary-group = "fudo"; common-name = "Anseok Joo"; - ldap-hashed-password = "{MD5}AHhHl02D3uDmWhPJZ6QPOw=="; + ldap-hashed-passwd = "{MD5}AHhHl02D3uDmWhPJZ6QPOw=="; }; jackie = { uid = 10097; primary-group = "selby"; common-name = "Jackie Selby"; - ldap-hashed-password = "{MD5}fa6JfWySlH63sITsxrTt0Q=="; + ldap-hashed-passwd = "{MD5}fa6JfWySlH63sITsxrTt0Q=="; }; mtopf = { uid = 10100; primary-group = "fudo"; common-name = "Michael Topf"; - ldap-hashed-password = "{MD5}/pleD8SiLhmnRr1RVspNcA=="; + ldap-hashed-passwd = "{MD5}/pleD8SiLhmnRr1RVspNcA=="; }; tat = { uid = 10101; primary-group = "fudo"; common-name = "Tatsuro Akano"; - ldap-hashed-password = "{MD5}fAV5GX8UdjsXIFjU0Ex4SA=="; + ldap-hashed-passwd = "{MD5}fAV5GX8UdjsXIFjU0Ex4SA=="; }; blatzkrieg = { uid = 10102; primary-group = "fudo"; common-name = "Brendan Blatz"; - ldap-hashed-password = "{MD5}1nE/ndFwGbfH/wLagxvt8w=="; + ldap-hashed-passwd = "{MD5}1nE/ndFwGbfH/wLagxvt8w=="; }; ellie = { uid = 10103; primary-group = "fudo"; common-name = "Ellie Lee"; - ldap-hashed-password = "{MD5}gzjwt+kw2nmvJ1FKFTpSZA=="; + ldap-hashed-passwd = "{MD5}gzjwt+kw2nmvJ1FKFTpSZA=="; }; alan = { uid = 10104; primary-group = "fudo"; common-name = "Alan Wong"; - ldap-hashed-password = "{MD5}WhohVE4xfo9RIOw1kG3s1Q=="; + ldap-hashed-passwd = "{MD5}WhohVE4xfo9RIOw1kG3s1Q=="; }; omefire = { uid = 10105; primary-group = "fudo"; common-name = "Omar Mefire"; - ldap-hashed-password = "{SSHA}W6KWo26wl/nawpV++wMqsKdwrIwrait5"; + ldap-hashed-passwd = "{SSHA}W6KWo26wl/nawpV++wMqsKdwrIwrait5"; }; gordon = { uid = 10106; primary-group = "fudo"; common-name = "Gordon Stewart"; - ldap-hashed-password = "{SSHA}jaCOc1ZjCI9klVR+v676lIBOidEg7/u0"; + ldap-hashed-passwd = "{SSHA}jaCOc1ZjCI9klVR+v676lIBOidEg7/u0"; }; jeramy = { uid = 10107; primary-group = "selby"; common-name = "Jeramy Ewbank"; - ldap-hashed-password = "{MD5}8j8vTniyRzylmeTNUoRwWA=="; + ldap-hashed-passwd = "{MD5}8j8vTniyRzylmeTNUoRwWA=="; }; lauren = { uid = 10108; primary-group = "selby"; common-name = "Lauren Hotel"; - ldap-hashed-password = "{SSHA}1q/MC5LKROlIT1nDrKrMvcFAXFtcQXIR"; - # ldap-hashed-password = "{SSHA}DKnhrycmXSu4HKWFPeBXA9xvZ0ytgXIpZA10tg=="; + ldap-hashed-passwd = "{SSHA}1q/MC5LKROlIT1nDrKrMvcFAXFtcQXIR"; + # ldap-hashed-passwd = "{SSHA}DKnhrycmXSu4HKWFPeBXA9xvZ0ytgXIpZA10tg=="; }; # Used to send alerts from grafana @@ -413,14 +414,14 @@ uid = 10109; primary-group = "fudo"; common-name = "Fudo Metrics"; - ldap-hashed-password = "{SSHA}FveEVy6kljQZey0xp0nF62SMlO5nATJ1"; + ldap-hashed-passwd = "{SSHA}FveEVy6kljQZey0xp0nF62SMlO5nATJ1"; }; testuser = { uid = 10110; primary-group = "fudo"; common-name = "Test User"; - ldap-hashed-password = "{SSHA}LSz1WjWfjRwAM3xm+QZ71vFj997dnZC6"; + ldap-hashed-passwd = "{SSHA}LSz1WjWfjRwAM3xm+QZ71vFj997dnZC6"; }; # Used to send messages from the chat server @@ -428,28 +429,28 @@ uid = 10111; primary-group = "fudo"; common-name = "Fudo Chat"; - ldap-hashed-password = "{SSHA}XDYAM2JE4PXssywRzO4tVSbn5lUZOgg7"; + ldap-hashed-passwd = "{SSHA}XDYAM2JE4PXssywRzO4tVSbn5lUZOgg7"; }; kevinyinjunjie = { uid = 10112; primary-group = "fudo"; common-name = "Kevin"; - ldap-hashed-password = "{SSHA}1onx6HPMKCJvmLnRf1tiWFJ1D92DEtnl"; + ldap-hashed-passwd = "{SSHA}1onx6HPMKCJvmLnRf1tiWFJ1D92DEtnl"; }; netinfo = { uid = 10113; primary-group = "fudo"; common-name = "Network Info Mailer"; - ldap-hashed-password = "{SSHA}UQHfW0IzjIbRU6VV+DraxvZFWt0to3oc"; + ldap-hashed-passwd = "{SSHA}UQHfW0IzjIbRU6VV+DraxvZFWt0to3oc"; }; selby-forum = { uid = 10114; primary-group = "selby"; common-name = "Selby Forum"; - ldap-hashed-password = "{SSHA}f7eDNuwFXRhvants5cJJ/FGtkCKheY2Q"; + ldap-hashed-passwd = "{SSHA}f7eDNuwFXRhvants5cJJ/FGtkCKheY2Q"; }; }; } diff --git a/default.nix b/default.nix deleted file mode 100644 index 3585049..0000000 --- a/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, lib, pkgs, local-hostname ? builtins.readFile ./instance-hostname.txt -, ... }: - -let local-hostname = builtins.readFile ./instance-hostname.txt; - -in { - lib = lib // { fudo = import ./lib/fudolib.nix { }; }; - instance.hostname = local-hostname; - imports = [ ./lib ./config ./hardware.nix ]; -} diff --git a/hardware.nix b/hardware.nix index 38da2f0..d3870ce 100644 --- a/hardware.nix +++ b/hardware.nix @@ -1,6 +1,14 @@ { config, ... }: -{ +let + current-hostname = config.instance.hostname; + + hardware-config = config.fudo.hosts.${current-hostname}.hardware-config; + + import-hardware-config = hostname: { + imports = [ hardware-config ]; + }; +in { imports = - [ config.fudo.hosts."${config.fudo.instance.hostname}".hardware-config ]; + [ (import-hardware-config current-hostname) ]; } diff --git a/initialize.nix b/initialize.nix new file mode 100644 index 0000000..caa6fc8 --- /dev/null +++ b/initialize.nix @@ -0,0 +1,30 @@ +{ hostname, profile, domain, site, home-manager-package, ... }: + +{ + imports = [ + ./lib + ./config + ./packages + + (import "${home-manager-package}/nixos") + + (./. + "/config/hardware/${hostname}.nix") + (./. + "/config/hosts/${hostname}.nix") + (./. + "/config/profiles/${profile}.nix") + (./. + "/config/domains/${domain}.nix") + (./. + "/config/sites/${site}.nix") + ]; + + config = { + instance = { + hostname = hostname; + }; + + fudo.hosts."${hostname}" = { + domain = domain; + hostname = hostname; + site = site; + profile = profile; + }; + }; +} \ No newline at end of file diff --git a/lib/default.nix b/lib/default.nix index 770da01..1c17c37 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,6 +1,8 @@ { lib, config, pkgs, ... }: with lib; { + lib = lib // { fudo = import ./lib/fudolib.nix { }; }; + imports = [ ./instance.nix @@ -10,9 +12,11 @@ with lib; { ./fudo/chat.nix ./fudo/client/dns.nix ./fudo/dns.nix + ./fudo/domains.nix ./fudo/garbage-collector.nix ./fudo/git.nix ./fudo/grafana.nix + ./fudo/hosts.nix ./fudo/ipfs.nix ./fudo/kdc.nix ./fudo/ldap.nix @@ -26,10 +30,13 @@ with lib; { ./fudo/postgres.nix ./fudo/prometheus.nix ./fudo/secure-dns-proxy.nix + ./fudo/sites.nix ./fudo/slynk.nix ./fudo/system.nix + ./fudo/users.nix ./fudo/vpn.nix ./fudo/webmail.nix + ./fudo/wireless-networks.nix ./informis/cl-gemini.nix ]; diff --git a/lib/fudo/domains.nix b/lib/fudo/domains.nix index 0d9a674..08ef16e 100644 --- a/lib/fudo/domains.nix +++ b/lib/fudo/domains.nix @@ -1,5 +1,6 @@ { config, lib, pkgs, ... }: +with lib; let domainOpts = { domain, ... }: { options = { @@ -30,6 +31,12 @@ let default = [ ]; }; + local-groups = mkOption { + type = with types; listOf str; + description = "List of groups which should exist within this domain."; + default = [ ]; + }; + admin-email = mkOption { type = types.str; description = "Email for the administrator of this domain."; diff --git a/lib/fudo/hosts.nix b/lib/fudo/hosts.nix index 82a2a1c..998e59b 100644 --- a/lib/fudo/hosts.nix +++ b/lib/fudo/hosts.nix @@ -17,6 +17,11 @@ let default = "fudo.org"; }; + site = mkOption { + type = types.str; + description = "Site at which the host is located."; + }; + local-networks = mkOption { type = with types; listof str; description = @@ -51,6 +56,12 @@ let default = [ ]; }; + description = mkOption { + type = types.str; + description = "Description of this host."; + default = "Another Fudo Host."; + }; + local-admins = mkOption { type = with types; listOf str; description = @@ -58,6 +69,17 @@ let default = [ ]; }; + local-groups = mkOption { + type = with types; listOf str; + description = "List of groups which should exist on this host."; + default = [ ]; + }; + + hardware-config = mkOption { + type = types.str; + description = "Path to the hardware configuration for this host."; + }; + enable-gui = mkEnableOption "Install desktop GUI software."; docker-server = mkEnableOption "Enable Docker on the current host."; @@ -75,7 +97,7 @@ in { hostname = config.instance.hostname; host-cfg = config.fudo.hosts.${hostname}; site-name = host-cfg.site; - site = config.fudo.site.${site-name}; + site = config.fudo.sites.${site-name}; domain-name = host-cfg.domain; domain = config.fudo.domain.${domain-name}; @@ -96,12 +118,12 @@ in { services.cron.mailto = domain.admin-email; environment.systemPackages = with pkgs; - mkIf (cfg.docker-server) [ docker nix-prefetch-docker ]; + mkIf (host-cfg.docker-server) [ docker nix-prefetch-docker ]; - virtualisation.docker = mkIf (cfg.docker-server) { + virtualisation.docker = mkIf (host-cfg.docker-server) { enable = true; enableOnBoot = true; - autoprune.enable = true; + autoPrune.enable = true; }; }; } diff --git a/lib/fudo/ldap.nix b/lib/fudo/ldap.nix index 2dc4fba..fb43ea5 100644 --- a/lib/fudo/ldap.nix +++ b/lib/fudo/ldap.nix @@ -3,7 +3,7 @@ with lib; let - cfg = config.fudo.auth.server; + cfg = config.fudo.auth.ldap-server; ldapSystemUserOpts = { name, ... }: { options = { @@ -172,7 +172,7 @@ in { options = { fudo = { auth = { - server = { + ldap-server = { enable = mkEnableOption "Fudo Authentication"; kerberos-host = mkOption { @@ -297,6 +297,7 @@ in { mode = "0400"; user = "openldap"; group = "openldap"; + # FIXME: take arguments! text = '' mech_list: gssapi external keytab: /etc/ldap/ldap.keytab diff --git a/lib/fudo/sites.nix b/lib/fudo/sites.nix index 1eddf53..98d342a 100644 --- a/lib/fudo/sites.nix +++ b/lib/fudo/sites.nix @@ -1,5 +1,6 @@ { config, lib, pkgs, ... }: +with lib; let siteOpts = { site, ... }: { options = { @@ -27,6 +28,24 @@ let default = null; }; + local-groups = mkOption { + type = with types; listOf str; + description = "List of groups which should exist at this site."; + default = [ ]; + }; + + local-users = mkOption { + type = with types; listOf str; + description = "List of users which should exist on all hosts at this site."; + default = [ ]; + }; + + local-admins = mkOption { + type = with types; listOf str; + description = "List of admin users which should exist on all hosts at this site."; + default = [ ]; + }; + enable-monitoring = mkEnableOption "Enable site-wide monitoring with prometheus."; @@ -35,12 +54,18 @@ let description = "List of nameservers to be used by hosts at this site."; default = [ ]; }; + + timezone = mkOption { + type = types.str; + description = "Timezone of the site."; + example = "America/Winnipeg"; + }; }; }; in { options.fudo.sites = mkOption { - type = with types; attrsOf (submodule domainOpts); + type = with types; attrsOf (submodule siteOpts); description = "Site configurations for all sites known to the system."; default = { }; }; diff --git a/lib/fudo/users.nix b/lib/fudo/users.nix index 47b7ad8..d12160d 100644 --- a/lib/fudo/users.nix +++ b/lib/fudo/users.nix @@ -2,8 +2,6 @@ with lib; let - cfg = config.fudo.users; - systemUserOpts = { username, ... }: { options = { username = mkOption { @@ -33,7 +31,7 @@ let default = username; }; - uidNumber = mkOption { + uid = mkOption { type = types.int; description = "Unique UID number for the user."; }; @@ -86,8 +84,9 @@ let }; home-directory = mkOption { - type = types.str; + type = with types; nullOr str; description = "Default home directory for the given user."; + default = null; }; }; }; @@ -111,13 +110,19 @@ let description = "A list of users who are members of the current group."; }; - gidNumber = mkOption { + gid = mkOption { type = types.int; description = "GID number of the group."; }; }; }; + list-includes = list: el: isNull (findFirst (this: this == el) null list); + + filterExistingUsers = users: group-members: + let user-list = attrNames users; + in filter (username: list-includes user-list username) group-members; + in { options.fudo = { users = mkOption { @@ -140,27 +145,28 @@ in { }; config = let - local-host = config.fudo.common.hostname; - local-domain = config.fudo.common.domain; + local-host = config.instance.hostname; + local-domain = config.fudo.hosts.${local-host}.domain; + local-site = config.fudo.hosts.${local-host}.site; - local-user-list = config.fudo.hosts."${local-host}".local-users; + host-user-list = config.fudo.hosts."${local-host}".local-users; domain-user-list = config.fudo.domains."${local-domain}".local-users; - local-users = getAttrs (local-user-list ++ domain-user-list) cfg.users; + local-users = getAttrs (host-user-list ++ domain-user-list) config.fudo.users; - local-group-list = config.fudo.hosts."${local-host}".local-groups; + host-admin-list = config.fudo.hosts."${local-host}".local-admins; + domain-admin-list = config.fudo.domains."${local-domain}".local-admins; + site-admin-list = config.fudo.sites."${local-site}".local-admins; + local-admins = host-admin-list ++ domain-admin-list ++ site-admin-list; + + host-group-list = config.fudo.hosts."${local-host}".local-groups; domain-group-list = config.fudo.domains."${local-domain}".local-groups; - local-groups = getAttrs (local-group-list ++ domain-group-list) cfg.groups; + site-group-list = config.fudo.sites."${local-site}".local-groups; + local-groups = getAttrs (host-group-list ++ domain-group-list ++ site-group-list) config.fudo.groups; in { - fudo.auth.ldap = let + fudo.auth.ldap-server = let ldapUsers = (filterAttrs - (username: userOpts: userOpts.ldap-hashed-password != null)) cfg.users; - - list-includes = list: el: isNull (findFirst (this: this == el) list null); - - filterExistingUsers = users: group-members: - let user-list = attrNames users; - in filter (username: list-includes user-list username) users; + (username: userOpts: userOpts.ldap-hashed-password != null)) config.fudo.users; in { users = mapAttrs (username: userOpts: { @@ -174,31 +180,35 @@ in { gid = groupOpts.gid-number; description = groupOpts.description; members = filterExistingUsers ldapUsers groupOpts.members; - }) cfg.groups; + }) config.fudo.groups; system-users = mapAttrs (username: userOpts: { description = userOpts.description; hashed-password = userOpts.ldap-hashed-passwd; - }) cfg.system-users; + }) config.fudo.system-users; }; users = { users = mapAttrs (username: userOpts: { isNormalUser = true; - uid = userOpts.uidNumber; + uid = userOpts.uid; createHome = true; description = userOpts.common-name; group = userOpts.primary-group; - home = userOpts.home; + home = if (userOpts.home-directory != null) then userOpts.home-directory else "/home/${userOpts.primary-group}/${username}"; hashedPassword = userOpts.login-hashed-passwd; openssh.authorizedKeys.keys = userOpts.ssh-authorized-keys; }) local-users; - groups = mapAttrs (groupname: groupOpts: { - gid = groupOpts.gidNumber; - description = groupOpts.description; - members = filterExistingUsers localUsers groupOpts.members; - }) local-groups; + groups = (mapAttrs (groupname: groupOpts: { + gid = groupOpts.gid; + members = filterExistingUsers local-users groupOpts.members; + }) local-groups) // + { + wheel = { + members = local-admins; + }; + }; }; home-manager.users = let diff --git a/lib/fudo/wireless-networks.nix b/lib/fudo/wireless-networks.nix index 48fd55c..23cf650 100644 --- a/lib/fudo/wireless-networks.nix +++ b/lib/fudo/wireless-networks.nix @@ -18,14 +18,14 @@ let }; in { - option.fudo.wireless-networks = mkOption { + options.fudo.wireless-networks = mkOption { type = with types; listOf (submodule networkOpts); description = "A map of wireless networks to attributes (including key)."; default = { }; }; config = { - wireless.networks = + networking.wireless.networks = mapAttrs (network: networkOpts: { psk = networkOpts.key; }) config.fudo.wireless-networks; }; diff --git a/lib/instance.nix b/lib/instance.nix index f3f0195..1aa504d 100644 --- a/lib/instance.nix +++ b/lib/instance.nix @@ -1,5 +1,6 @@ { config, lib, pkgs, ... }: +with lib; { options.instance = { hostname = mkOption { diff --git a/packages/local.nix b/packages/default.nix similarity index 97% rename from packages/local.nix rename to packages/default.nix index 78af48f..a5af867 100644 --- a/packages/local.nix +++ b/packages/default.nix @@ -66,6 +66,10 @@ in { buildInputs = oldAttrs.buildInputs ++ [ pkgs.krb5 ]; }); + gtk3-x11 = pkgs.gtk3.overrideAttrs (oldAttrs: rec { + buildInputs = oldAttrs.buildInputs ++ [ pkgs.cmake ]; + }); + hll2380dw-cups = import ./hll2380dw-cups.nix { inherit (pkgs) stdenv fetchurl makeWrapper cups dpkg a2ps ghostscript gnugrep gnused