Merge branch 'master' of ssh://git.fudo.org:2222/fudosys/NixOS

2021-01-14 14:35:55 -08:00 · 2021-01-14 14:35:55 -08:00 · 81fa83834b
parent 5d7eefbbd3 2f05810946
commit 81fa83834b
5 changed files with 148 additions and 74 deletions
--- a/config/fudo/ipfs.nix
+++ b/config/fudo/ipfs.nix
@ -0,0 +1,71 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  cfg = config.fudo.ipfs;
  user-group-entry = group: user:
    nameValuePair user { extraGroups = [ group ]; };
  user-home-entry = ipfs-path: user:
    nameValuePair user { home.sessionVariables = { IPFS_PATH = ipfs-path; }; };
 in {
  options.fudo.ipfs = with types; {
    enable = mkEnableOption "Fudo IPFS";
    users = mkOption {
      type = listOf str;
      description = "List of users with IPFS access.";
      default = [ ];
    };
    user = mkOption {
      type = str;
      description = "User as which to run IPFS user.";
      default = "ipfs";
    };
    group = mkOption {
      type = str;
      description = "Group as which to run IPFS user.";
      default = "ipfs";
    };
    api-address = mkOption {
      type = str;
      description = "Address on which to listen for requests.";
      default = "/ip4/127.0.0.1/tcp/5001";
    };
    automount = mkOption {
      type = bool;
      description = "Whether to automount /ipfs and /ipns on boot.";
      default = true;
    };
    data-dir = mkOption {
      type = str;
      description = "Path to store data for IPFS.";
      default = "/var/lib/ipfs";
    };
  };
  config = mkIf cfg.enable {
    users.users = listToAttrs (map (user-group-entry cfg.group) cfg.users);
    services.ipfs = {
      enable = true;
      apiAddress = cfg.api-address;
      autoMount = cfg.automount;
      enableGC = true;
      user = cfg.user;
      group = cfg.group;
      dataDir = cfg.data-dir;
    };
    home-manager.users =
      listToAttrs (map (user-home-entry cfg.data-dir) cfg.users);
  };
 }
--- a/config/local.nix
+++ b/config/local.nix
@ -1,7 +1,6 @@
 { lib, config, pkgs, ... }:
-with lib;
+with lib; {
 {
  imports = [
    ./fudo/acme-for-hostname.nix
    ./fudo/authentication.nix
@ -13,6 +12,7 @@ with lib;
    ./fudo/garbage-collector.nix
    ./fudo/git.nix
    ./fudo/grafana.nix
    ./fudo/ipfs.nix
    ./fudo/kdc.nix
    ./fudo/ldap.nix
    ./fudo/local-network.nix
--- a/defaults.nix
+++ b/defaults.nix
@ -2,8 +2,7 @@
 { config, pkgs, lib, ... }:
-let
+let state-version = "20.03";
  state-version = "20.03";
 in {
  imports = [
@ -109,13 +108,9 @@ in {
    xkbOptions = "ctrl:nocaps";
  };
-  console = {
+  console = { useXkbConfig = true; };
    useXkbConfig = true;
  };
-  i18n = {
+  i18n = { defaultLocale = "en_US.UTF-8"; };
    defaultLocale = "en_US.UTF-8";
  };
  programs = {
    mosh.enable = true;
@ -137,9 +132,7 @@ in {
      enableSSHSupport = true;
    };
-    fish = {
+    fish = { enable = true; };
      enable = true;
    };
  };
  services = {
@ -148,9 +141,7 @@ in {
      enable = true;
    };
-    cron = {
+    cron = { enable = true; };
      enable = true;
    };
    openssh = {
      enable = true;
      startWhenNeeded = true;
@ -158,16 +149,12 @@ in {
      extraConfig = ''
        GSSAPIAuthentication yes
        GSSAPICleanupCredentials yes
-    '';
+      '';
    };
-    pcscd = {
+    pcscd = { enable = true; };
      enable = true;
    };
-    udev.packages = with pkgs; [
+    udev.packages = with pkgs; [ yubikey-personalization ];
      yubikey-personalization
    ];
  };
  environment.shellInit = ''
@ -194,11 +181,7 @@ in {
    };
  };
-  users.groups = {
+  users.groups = { fudosys = { gid = 888; }; };
    fudosys = {
      gid = 888;
    };
  };
  users.extraUsers = {
    niten = {
@ -206,11 +189,26 @@ in {
      uid = 10000;
      createHome = true;
      description = "Niten";
-      shell = pkgs.fish;
+      extraGroups = [
-      extraGroups = ["wheel" "audio" "video" "disk" "floppy" "lp" "cdrom" "tape" "dialout" "adm" "input" "systemd-journal" "fudosys" "libvirtd"];
+        "wheel"
        "audio"
        "video"
        "disk"
        "floppy"
        "lp"
        "cdrom"
        "tape"
        "dialout"
        "adm"
        "input"
        "systemd-journal"
        "fudosys"
        "libvirtd"
      ];
      group = "users";
      home = "/home/niten";
-      hashedPassword = "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/";
+      hashedPassword =
        "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/";
      openssh.authorizedKeys.keys = [
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDoWkjyeIfgwm0b78weToVYOQSD0RQ0qbNzpsN5NokbIFv2/980kLtnYrQEgIJ/JwMLlT3uJYacbCT5/a6Fb8oLxNpj0AF1EKaWZ3Rrlg72Sq+9SEwJwWWmZizX83sovMwUBMaUp6jWLhAhPpzBW5pfc5YWoc89wxGbELSwzgt5EgHbSJgvDnaHSp3fVaY01wfDXbL/oO160iNe7wv2HLMZu/FkWBkIjz6HmoGJJzYM89bUpHbyYG28lmCHB/8UPog5/BsjOn3/qupgf4zh6mMdMsXLvbR2jVwVjxcEMj9N5nCvc+Y3oi7Mij6VNrWbhkaAJMEzeMhWYrF3/pFQxUqG37aK3d0gw9kp5tMDLIlAPX4y1lfA87pIzoa0+Alql0CJQA1IJvp9SFG7lBmSthWQLmZvwwfoGg/ZjF6rOgsVoZ8TizpQnydWJDr6NboU9LL9Oa64OM5Rs0AU3cR2UbOF4QIcWFJ/7oDe3dOnfZ8QYqx9eXJyxoAUpDanaaTHYBiAKkeOBwQU+MVLKCcONKw9FZclf/1TpDB5b3/JeUFANjHQTv0UXA4YYU7iCx6H7XB4qwwtU9O19CGQYYfCfULX12/fRpYJw6VJaQWyyU4Bn5dk/dcB2nGI36jwbLMfhbUTIApujioAnd/GQIMakHEZ1+syPhMx9BxMkZb99B0A1Q== openpgp:0x4EC95B64"
      ];
@ -220,10 +218,26 @@ in {
      uid = 10049;
      createHome = true;
      description = "Reaper";
-      extraGroups = ["wheel" "audio" "video" "disk" "floppy" "lp" "cdrom" "tape" "dialout" "adm" "input" "systemd-journal" "fudosys" "libvirtd"];
+      extraGroups = [
        "wheel"
        "audio"
        "video"
        "disk"
        "floppy"
        "lp"
        "cdrom"
        "tape"
        "dialout"
        "adm"
        "input"
        "systemd-journal"
        "fudosys"
        "libvirtd"
      ];
      group = "users";
      home = "/home/reaper";
-      hashedPassword = "$6$YVCI6kiGcG5EVMT$t9lYEXjAhbnh7YkvJJPAbrzL8XE/AASsKFlWWeS.fDjBi/8S7zwXTHF0j41nDUfC//3viysn0tIOQKyZTHhzG.";
+      hashedPassword =
        "$6$YVCI6kiGcG5EVMT$t9lYEXjAhbnh7YkvJJPAbrzL8XE/AASsKFlWWeS.fDjBi/8S7zwXTHF0j41nDUfC//3viysn0tIOQKyZTHhzG.";
    };
    fudo = {
      isSystemUser = true;
--- a/hosts/nostromo.nix
+++ b/hosts/nostromo.nix
@ -24,10 +24,7 @@ in {
  hardware.bluetooth.enable = false;
-  imports = [
+  imports = [ ../defaults.nix ../hardware-configuration.nix ];
    ../defaults.nix
    ../hardware-configuration.nix
  ];
  fudo.common = {
    profile = "server";
@ -74,7 +71,7 @@ in {
      interface eno2
        ia_na 1
        ia_pd 2 eno2/0
-      '';
+    '';
    # Create a bridge for VMs to use
    macvlans = {
@ -93,9 +90,7 @@ in {
      enp9s0f0.useDHCP = false;
      enp9s0f1.useDHCP = false;
-      eno2 = {
+      eno2 = { useDHCP = true; };
        useDHCP = true;
      };
      intif0 = {
        useDHCP = false;
@ -121,19 +116,11 @@ in {
  };
  users = {
-    users = {
+    users = { fudo-client = { isSystemUser = true; }; };
      fudo-client = {
        isSystemUser = true;
      };
    };
    groups = {
-      backplane-powerdns = {
+      backplane-powerdns = { members = [ "backplane-powerdns" ]; };
-        members = [ "backplane-powerdns" ];
+      backplane-dns = { members = [ "backplane-dns" ]; };
      };
      backplane-dns = {
        members = [ "backplane-dns" ];
      };
    };
  };
@ -180,11 +167,7 @@ in {
  docker-containers = {
    pihole = {
      image = "pihole/pihole:4.3.2-1";
-      ports = [
+      ports = [ "5353:53/tcp" "5353:53/udp" "3080:80/tcp" ];
        "5353:53/tcp"
        "5353:53/udp"
        "3080:80/tcp"
      ];
      environment = {
        ServerIP = host-internal-ip;
        VIRTUAL_HOST = "dns-hole.sea.fudo.org";
@ -202,16 +185,19 @@ in {
    };
  };
  fudo.ipfs = {
    enable = true;
    users = [ "niten" ];
    api-address = "/ip4/${host-internal-ip}/tcp/5001";
  };
  services = {
    nginx = {
      enable = true;
      virtualHosts = {
        "pihole.sea.fudo.org" = {
-          serverAliases = [
+          serverAliases = [ "dns-hole.sea.fudo.org" "hole.sea.fudo.org" ];
            "dns-hole.sea.fudo.org"
            "hole.sea.fudo.org"
          ];
          locations."/" = {
            proxyPass = "http://127.0.0.1:3080";
--- a/users/niten.nix
+++ b/users/niten.nix
@ -11,6 +11,7 @@ in {
      userName = name;
      userEmail = email;
    };
  };
  xresources.properties = {
@ -33,20 +34,22 @@ in {
  #   tray = true;
  # };
-  home.file = {
+  home = {
-    ".doom.d" = {
+    file = {
-      source = pkgs.doom-emacs-config;
+      ".doom.d" = {
-      recursive = true;
+        source = pkgs.doom-emacs-config;
-      onChange = "${pkgs.doomEmacsInit}/bin/doom-emacs-init.sh";
+        recursive = true;
-    };
+        onChange = "${pkgs.doomEmacsInit}/bin/doom-emacs-init.sh";
      };
-    ".k5login" = {
+      ".k5login" = {
-      source = pkgs.writeText "niten-k5login" ''
+        source = pkgs.writeText "niten-k5login" ''
-        niten@FUDO.ORG
+          niten@FUDO.ORG
-        niten/root@FUDO.ORG
+          niten/root@FUDO.ORG
-        niten@INFORMIS.LAND
+          niten@INFORMIS.LAND
-        niten/root@INFORMIS.LAND
+          niten/root@INFORMIS.LAND
-      '';
+        '';
      };
    };
  };
 }