Add fudo-pkgs submodule

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "fudo-pkgs"]
+	path = fudo-pkgs
+	url = https://git.fudo.org/fudo-public/fudo-pkgs.git

config/common.nix

@@ -2,7 +2,14 @@
 
 # Config common to all hosts, which don't belong anywhere else
 {
-  config = {
-    home-manager.users.root = import ../home-manager/root.nix { inherit config lib pkgs; };
+  config = let
+    home-generator = pkgs.callPackage ../niten-home-generator.nix {};
+    host-domain = config.fudo.hosts.${config.instance.hostname}.domain;
+  in {
+    home-manager.users.root = home-generator.generate-config {
+      username = "root";
+      home-dir = "/root";
+      user-email = "root@${config.instance.hostname}.${host-domain}";
+    } { };
   };
-}
+}

config/hardware/plato.nix

@@ -17,7 +17,6 @@ with lib; {
     };
 
     supportedFilesystems = [ "zfs" ];
-    # kernelPackages = pkgs.linuxPackages.zfs;
   };
 
   fileSystems = {

config/hardware/system3.nix

@@ -22,7 +22,7 @@ in {
 
     kernelModules = [ "kvm-amd" ];
     supportedFilesystems = [ "zfs" ];
-    kernelPackages = pkgs.linuxPackages_latest;
+    # kernelPackages = pkgs.linuxPackages_latest;
 
     zfs.enableUnstable = true;
 

config/host-config/limina.nix

@@ -199,20 +199,19 @@ in {
             forceSSL = true;
 
             locations."/" = {
-              proxyPass = "http://cargo.sea.fudo.org:5000/webman/3rdparty/SurveillanceStation/";
+              # proxyPass = "http://cargo.sea.fudo.org:5000/webman/3rdparty/SurveillanceStation/";
+              proxyPass = "http://cargo.sea.fudo.org:5000/";
 
               extraConfig = ''
                 proxy_http_version 1.1;
                 proxy_set_header Upgrade $http_upgrade;
                 proxy_set_header Connection "Upgrade";
 
-                resolver 10.0.0.1;
-
                 proxy_set_header Host $host;
-                proxy_set_header X-Real-IP $remote_addr;
-                proxy_set_header X-Forwarded-By $server_addr:$server_port;
-                proxy_set_header X-Forwarded-For $remote_addr;
-                proxy_set_header X-Forwarded-Proto $scheme;
+                # proxy_set_header X-Real-IP $remote_addr;
+                # proxy_set_header X-Forwarded-By $server_addr:$server_port;
+                # proxy_set_header X-Forwarded-For $remote_addr;
+                # proxy_set_header X-Forwarded-Proto $scheme;
               '';
             };
           };

home-manager/niten.nix

@@ -1,220 +0,0 @@
-{ config, lib, pkgs, homedir, enable-gui ? true, ... }:
-
-with lib;
-let
-  name = "Niten";
-  email = "niten@fudo.org";
-
-  doom-emacs-config = pkgs.fetchgit {
-    url = "https://git.fudo.org/niten/doom-emacs.git";
-    rev = "0ab1532c856ccdb6ce46c5948054279f439eb1f2";
-    sha256 = "06mh74i5hmb15xid7w31wjc4v339cgddd667bpaphqnw666sm08h";
-  };
-
-  doom-emacs = pkgs.callPackage (pkgs.fetchgit {
-    url = "https://github.com/vlaci/nix-doom-emacs.git";
-    rev = "fee14d217b7a911aad507679dafbeaa8c1ebf5ff";
-    sha256 = "1g0izscjh5nv4n0n1m58jc6z27i9pkbxs17mnb05a83ffdbmmva6";
-  }) {
-    doomPrivateDir = "${pkgs.doom-emacs-config}";
-    extraPackages = with pkgs.emacsPackages; [ elpher use-package ];
-    emacsPackagesOverlay = self: super: {
-      irony = super.irony.overrideAttrs (esuper: {
-        buildInputs = esuper.buildInputs
-          ++ [ pkgs.cmake pkgs.libclang pkgs.clang ];
-      });
-      spinner = let version = "1.7.4";
-      in pkgs.emacsPackages.trivialBuild {
-        inherit version;
-        pname = "spinner";
-        src = builtins.fetchTarball {
-          url = "https://elpa.gnu.org/packages/spinner-${version}.tar";
-          sha256 = "1jj40d68lmz91ynzwqg0jqdjpa9cn5md1hmvjfhy0cr3l16qpfw5";
-        };
-        buildPhase = ":";
-      };
-    };
-  };
-
-  gui-packages = with pkgs;
-    let
-      steam-with-pipewire =
-        (steam.override { extraLibraries = pkgs: [ pkgs.pipewire ]; });
-    in [
-      adapta-backgrounds
-      exodus
-      firefox
-      gnome.gnome-backgrounds
-      jq
-      mate.mate-backgrounds
-      nyxt
-      openttd
-      redshift
-      signal-desktop
-      spotify
-      # steam-with-pipewire
-      # steam-with-pipewire.run
-      # steamPackages.steamcmd
-      # steamPackages.steam-fonts
-      # steamPackages.steam-runtime
-      xclip
-    ];
-
-  common-packages = with pkgs; [
-    ant
-    asdf
-    atop
-    binutils
-    btrfs-progs
-    bundix
-    byobu
-    cdrtools
-    cargo
-    clojure
-    clj2nix
-    cmake
-    curl
-    doom-emacs
-    # doom-emacs-config
-    # doomEmacsInit
-    enca
-    file
-    fortune
-    git
-    gnome.gnome-tweaks
-    gnutls
-    gnupg
-    google-chrome
-    guile
-    imagemagick
-    ipfs
-    iptables
-    jdk
-    leiningen
-    libisofs
-    lispPackages.quicklisp
-    lsof
-    lshw
-    minecraft
-    mkpasswd
-    mplayer
-    mtr
-    nixfmt
-    nix-index
-    nixops
-    nix-prefetch-scripts
-    nyxt
-    nmap
-    opencv-java
-    openldap
-    openssl
-    pciutils
-    pipewire
-    pv
-    pwgen
-    python
-    ruby
-    rustc
-    sbcl
-    stdenv
-    telnet
-    texlive.combined.scheme-basic
-    tmux
-    unzip
-    youtube-dl
-    yubikey-manager
-    yubikey-personalization
-
-    # Check and pick a favorite
-    molly-brown
-    ncgopher
-    amfora
-    asuka
-    kristall
-    castor
-  ];
-
-  ensure-directories = [ ".emacs.d/.local/etc/eshell" ];
-
-in {
-  programs = {
-    bash = { enable = true; };
-
-    git = {
-      enable = true;
-      userName = name;
-      userEmail = email;
-      ignores = [ "*~" ];
-      extraConfig = { pull = { rebase = false; }; };
-    };
-  };
-
-  xresources.properties = mkIf enable-gui {
-    "Xft.antialias" = 1;
-    "Xft.autohint" = 0;
-    "Xft.dpi" = 192;
-    "Xft.hinting" = 1;
-    "Xft.hintstyle" = "hintfull";
-    "Xft.lcdfilter" = "lcddefault";
-  };
-
-  services = {
-    emacs = {
-      enable = true;
-      package = doom-emacs;
-      client = {
-        enable = true;
-        arguments = [ "-t" ];
-      };
-    };
-    gpg-agent.enable = true;
-  };
-
-  home = {
-    packages =
-      if enable-gui then common-packages ++ gui-packages else common-packages;
-
-    file = {
-      ".local/share/openttd/baseset" =
-        mkIf enable-gui { source = "${pkgs.openttd-data}/data"; };
-
-      # For nixified emacs
-      ".emacs.d/init.el".text = ''
-        (load "default.el")
-
-        (setq package-archives nil)
-        ;; (add-to-list 'package-directory-list "~/.nix-profile/share/emacs/site-lisp/elpa")
-        (package-initialize)
-      '';
-
-      ".xsessions" = {
-        executable = true;
-        text = ''
-          # -*-bash-*-
-          gdmauth=$XAUTHORITY
-          unset  XAUTHORITY
-          export XAUTHORITY
-          xauth merge "$gdmauth"
-
-          if [ -f $HOME/.xinitrc ]; then
-            bash --login -i $HOME/.xinitrc
-          fi
-        '';
-      };
-
-      # ".fonts.conf" = { source = ../static/fonts.conf; };
-    };
-
-    sessionVariables = {
-      # EDITOR = "${doom-emacs}/bin/emacsclient -t";
-      ALTERNATE_EDITOR = "";
-
-      DOOM_EMACS_SITE_PATH = "${doom-emacs-config}/site.d";
-
-      HISTCONTROL = "ignoredups:ignorespace";
-    };
-  };
-
-  systemd.user.tmpfiles.rules =
-    map (dir: "d ${homedir}/${dir} 700 niten - - -") ensure-directories;
-}

home-manager/root.nix

@@ -1,41 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-  name = "Root";
-  email = "root@fudo.org";
-
-in {
-  programs = {
-    git = {
-      enable = true;
-      userName = name;
-      userEmail = email;
-      ignores = [ "*~" ];
-      extraConfig = { pull = { rebase = false; }; };
-    };
-  };
-
-  home = {
-    file = {
-      ".doom.d" = {
-        source = pkgs.doom-emacs-config;
-        recursive = true;
-      };
-
-      ".k5login" = {
-        source = pkgs.writeText "niten-k5login" ''
-          niten/root@FUDO.ORG
-          niten/root@INFORMIS.LAND
-          reaper/root@FUDO.ORG
-        '';
-      };
-    };
-
-    sessionVariables = {
-      EDITOR = "emacsclient -t";
-      ALTERNATE_EDITOR = "";
-
-      HISTCONTROL = "ignoredups:ignorespace";
-    };
-  };
-}

initialize.nix

@@ -1,18 +1,16 @@
-{ hostname, home-manager-package, pkgs, fudo-pkgs, include-secrets ? true, ... }:
+{ hostname, home-manager-module, pkgs, include-secrets ? true, ... }:
 
 let
+  # Get info on this host so we know what to load
   host-config = import (./. + "/config/hosts/${hostname}.nix");
   
-in {
+in {  
   imports = [
     ./lib
     ./config
-    
-    # Without turning this into a path, there's a "lastModified missing" error
-    "${fudo-pkgs}/"
       
-    "${home-manager-package}/nixos"
-  ] ++ [
+    home-manager-module
+
     (./. + "/config/hardware/${hostname}.nix")
     (./. + "/config/host-config/${hostname}.nix")
     (./. + "/config/profile-config/${host-config.profile}.nix")
@@ -23,6 +21,8 @@ in {
   config = {
     instance = { hostname = hostname; };
 
+    nixpkgs.pkgs = pkgs;
+
     fudo.secrets.enable = include-secrets;
   };
 }

lib/fudo/hosts.nix

@@ -185,11 +185,11 @@ in {
 
       # Necessary to ensure that Kerberos and Avahi both work. Kerberos needs
       # the fqdn of the host, whereas Avahi wants just the simple hostname.`
-      hosts = {
-        "127.0.0.2" = [ "${hostname}.${domain-name}" "${hostname}" ];
-        "127.0.0.1" = [ "${hostname}.${domain-name}" "${hostname}" ];
-        "::1" = [ "${hostname}.${domain-name}" "${hostname}" ];
-      };
+      # hosts = {
+      #   "127.0.0.2" = mkForce [ "${hostname}.${domain-name}" "${hostname}" ];
+      #   "127.0.0.1" = mkForce [ "${hostname}.${domain-name}" "${hostname}" ];
+      #   "::1" = mkForce [ "${hostname}.${domain-name}" "${hostname}" ];
+      # };
 
       firewall = {
         enable = (length host-cfg.external-interfaces) > 0;
@@ -197,11 +197,17 @@ in {
       };
     };
 
-    environment.etc.hosts = mkForce {
+    # NixOS generates a stupid hosts file, just force it
+    environment.etc.hosts = let
+      host-entries = mapAttrsToList
+        (ip: hostnames: "${ip} ${concatStringsSep " " hostnames}")
+        config.fudo.system.hostfile-entries;
+    in mkForce {
       text = ''
         127.0.0.1 ${hostname}.${domain-name} ${hostname} localhost
         127.0.0.2 ${hostname} localhost
         ::1 ${hostname}.${domain-name} ${hostname} localhost
+        ${concatStringsSep "\n" host-entries}
       '';
       user = "root";
       group = "root";

lib/fudo/local-network.nix

@@ -1,7 +1,6 @@
 { lib, config, pkgs, ... }:
 
 with lib;
-
 let
   cfg = config.fudo.local-network;
 
@@ -88,12 +87,12 @@ in {
 
   config = mkIf cfg.enable {
 
-    networking.hosts = let
+    fudo.system.hostfile-entries = let 
       other-hosts = filterAttrs
         (hostname: hostOpts: hostname != config.instance.hostname)
         cfg.network-definition.hosts;
-    in mapAttrs'
-      (hostname: hostOpts: nameValuePair hostOpts.ipv4-address ["${hostname}.${cfg.domain}" hostname])
+    in mapAttrs' (hostname: hostOpts:
+      nameValuePair hostOpts.ipv4-address ["${hostname}.${cfg.domain}" hostname])
       other-hosts;
     
     services.dhcpd4 = let network = cfg.network-definition;

lib/fudo/system-networking.nix

@@ -38,6 +38,16 @@ in {
         };
       };
     };
+
+    # DO THIS MANUALLY since NixOS sux at making a reasonable /etc/hosts
+    hostfile-entries = mkOption {
+        type = attrsOf (listOf str);
+        description = "Map of extra IP addresses to hostnames for /etc/hosts";
+        default = {};
+        example = {
+            "10.0.0.3" = [ "my-host" "my-host.my.domain" ];
+        };
+    };
   };
 
   config = mkIf (cfg.internal-port-map != { }) {

lib/system.nix

@@ -25,6 +25,9 @@ let
       config.fudo.groups;
 
 in {
+  local-host = local-host;
+  local-domain = local-domain;
+  local-site = local-site;
   local-users = local-users;
   local-admins = local-admins;
   local-groups = local-groups;

nixops/lib/hosts.nix

@@ -1,30 +1,13 @@
-{ nixos-version, ... }:
+{ pkgs, home-manager-module, ... }:
 
 let
-  pkgs = import (builtins.prefetchGit {
-    url = "https://github.com/NixOS/nixpkgs.git";
-    ref = "release-${nixos-version}";
-  }) {};
-  
-  home-manager-package = builtins.fetchGit {
-    url = "https://github.com/nix-community/home-manager.git";
-    ref = "release-${nixos-version}";
-  };
-
-  fudo-pkgs = builtins.fetchGit {
-    url = "https://git.fudo.org/fudo-public/fudo-pkgs.git";
-  };
-
   initialize = import ../../initialize.nix;
 
   host-config = ip: hostname:
     { ... }: {
       imports = [
         (initialize {
-          hostname = hostname;
-          home-manager-package = home-manager-package;
-          pkgs = pkgs;
-          fudo-pkgs = fudo-pkgs;
+          inherit hostname home-manager-module pkgs;
         })
       ];
 

nixops/seattle.nix

@@ -1,7 +1,25 @@
 let
-  nixos-version = "21.05";
+  # fudo-pkgs = builtins.fetchGit {
+  #   url = "https://git.fudo.org/fudo-public/fudo-pkgs.git";
+  # };
+  
+  pkgs = import <nixpkgs> {
+    config = {
+      allowUnfree = true;
+      permittedInsecurePackages = [
+        "openssh-with-gssapi-8.4p1"
+      ];
+    };
+    overlays = [
+      (import ../fudo-pkgs/overlay.nix)
+    ];
+  };
 
-  hostlib = import ./lib/hosts.nix { inherit nixos-version; };
+  home-manager-module = import <home-manager/nixos>;
+  
+  hostlib = import ./lib/hosts.nix {
+    inherit pkgs home-manager-module;
+  };
 
   define-host = hostlib.host-config;