Move none condition settings to config/default.nix

2023-12-20 23:05:43 +01:00 · 2023-12-20 23:05:43 +01:00 · 9e2296a05a
parent 1f49c2cf17
commit 9e2296a05a
2 changed files with 53 additions and 54 deletions
--- a/config/default.nix
+++ b/config/default.nix
@ -1,4 +1,4 @@
-{ config, lib, nixos, pkgs, ssh-public-keys, zentralwerk, ... }:
+{ config, hostRegistry, lib, nixos, pkgs, ssh-public-keys, zentralwerk, ... }:

 # this file contains default configuration that may be turned on depending on other config settings.
 # options should go to modules.
@ -35,6 +35,12 @@
  documentation.enable = false;

  environment = {
+    etc."resolv.conf" = lib.mkIf (!config.services.resolved.enable) {
+      text = lib.concatMapStrings (ns: ''
+        nameserver ${ns}
+      '') config.networking.nameservers;
+    };
+
    gnome.excludePackages = with pkgs; with gnome; [
      baobab
      cheese
@ -51,11 +57,14 @@
      totem
      yelp # less webkitgtk's
    ];
+
    interactiveShellInit = /* sh */ ''
      # raise some awareness torwards failed services
      systemctl --no-pager --failed || true
    '';
+
    noXlibs = !config.services.xserver.enable;
+
    systemPackages = with pkgs; [
      bmon
      curl
@ -89,11 +98,19 @@
    ];
  };

-  networking.firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [
-    # proxy protocol used by public-access-proxy
-    8080
-    8443
-  ];
+  networking = {
+    firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [
+      # proxy protocol used by public-access-proxy
+      8080
+      8443
+    ];
+    nameservers = with hostRegistry.dnscache; [
+      ip4
+      ip6
+      "9.9.9.9"
+    ];
+    useHostResolvConf = lib.mkIf (!config.services.resolved.enable) true;
+  };

  nix = {
    deleteChannels = true;
@ -287,5 +304,15 @@

  time.timeZone = lib.mkDefault "Europe/Berlin";

-  users.motdFile = ./motd;
+  users = {
+    motdFile = ./motd;
+    users = let
+      adminKeys = with builtins; lib.lists.flatten (attrValues cfg.sshKeys);
+    in {
+      # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/installation-device.nix#L23
+      nixos = lib.mkIf (config.system.nixos.variant_id == "installer") { openssh.authorizedKeys.keys = adminKeys; };
+
+      root.openssh.authorizedKeys.keys = adminKeys;
+    };
+  };
 }
--- a/modules/c3d2.nix
+++ b/modules/c3d2.nix
@ -1,4 +1,4 @@
-{ zentralwerk, hostRegistry, config, options, lib, pkgs, ... }:
+{ zentralwerk, config, lib, pkgs, ... }:

 let
  cfg = config.c3d2;
@ -89,29 +89,18 @@ in
        adminKeys = with builtins; lib.lists.flatten (attrValues cfg.sshKeys);
      in
      {
-        users = {
-          k-ot = lib.mkIf cfg.k-ot.enable {
-            createHome = true;
-            isNormalUser = true;
-            uid = 1000;
-            extraGroups = [
-              "audio"
-              "video"
-              "wheel"
-            ];
-            # get by running mkpasswd logged in as the user
-            hashedPassword = "$y$j9T$AoK/PRviZS4BDJ6jX/Qt6/$FDM/JfANEU7H0RAIuN0DL2hjYujVAVDdI0jgN5wGwB5";
-            openssh.authorizedKeys.keys = adminKeys;
-          };
-
-          # TODO: change when on 23.05
-          # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/installation-device.nix#L23
-          # nixos = lib.mkIf (config.system.nixos.variant_id == "installer") { openssh.authorizedKeys.keys = adminKeys; };
-          # using proxy option to detect iso
-          # https://github.com/NixOS/nixpkgs/blob/nixos-22.11/nixos/modules/profiles/installation-device.nix#L48
-          nixos = lib.mkIf (config.services.getty.autologinUser == "nixos") { openssh.authorizedKeys.keys = adminKeys; };
-
-          root.openssh.authorizedKeys.keys = adminKeys;
+        users.k-ot = lib.mkIf cfg.k-ot.enable {
+          createHome = true;
+          isNormalUser = true;
+          uid = 1000;
+          extraGroups = [
+            "audio"
+            "video"
+            "wheel"
+          ];
+          # get by running mkpasswd logged in as the user
+          hashedPassword = "$y$j9T$AoK/PRviZS4BDJ6jX/Qt6/$FDM/JfANEU7H0RAIuN0DL2hjYujVAVDdI0jgN5wGwB5";
+          openssh.authorizedKeys.keys = adminKeys;
        };
      };

@ -138,7 +127,7 @@ in
        };
        secret.mqtt =
          let
-            catSecrets = pkgs.writeScript "cat-vector-secrets" ''
+            catSecrets = pkgs.writeScript "cat-vector-secrets" /* bash */ ''
              #!${pkgs.runtimeShell} -e
              echo '{'
              COMMA=n
@ -185,28 +174,11 @@ in
      }];
    };

-    networking = {
-      interfaces = lib.mkIf (cfg.hq.interface != null) {
-        "${cfg.hq.interface}".ipv6.addresses = [{
-          address = toHqPrivateAddress config.networking.hostName;
-          prefixLength = 64;
-        }];
-      };
-
-      nameservers = with hostRegistry.dnscache; [
-        ip4
-        ip6
-        "9.9.9.9"
-      ];
-      useHostResolvConf = lib.mkIf (!config.services.resolved.enable) true;
-    };
-
-    environment.etc."resolv.conf" = lib.mkIf (!config.services.resolved.enable) {
-      text = lib.concatMapStrings
-        (ns: ''
-          nameserver ${ns}
-        '')
-        config.networking.nameservers;
+    networking.interfaces = lib.mkIf (cfg.hq.interface != null) {
+      "${cfg.hq.interface}".ipv6.addresses = [{
+        address = toHqPrivateAddress config.networking.hostName;
+        prefixLength = 64;
+      }];
    };
  };
 }