Move none condition settings to config/default.nix
This commit is contained in:
parent
1f49c2cf17
commit
9e2296a05a
|
@ -1,4 +1,4 @@
|
||||||
{ config, lib, nixos, pkgs, ssh-public-keys, zentralwerk, ... }:
|
{ config, hostRegistry, lib, nixos, pkgs, ssh-public-keys, zentralwerk, ... }:
|
||||||
|
|
||||||
# this file contains default configuration that may be turned on depending on other config settings.
|
# this file contains default configuration that may be turned on depending on other config settings.
|
||||||
# options should go to modules.
|
# options should go to modules.
|
||||||
|
@ -35,6 +35,12 @@
|
||||||
documentation.enable = false;
|
documentation.enable = false;
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
|
etc."resolv.conf" = lib.mkIf (!config.services.resolved.enable) {
|
||||||
|
text = lib.concatMapStrings (ns: ''
|
||||||
|
nameserver ${ns}
|
||||||
|
'') config.networking.nameservers;
|
||||||
|
};
|
||||||
|
|
||||||
gnome.excludePackages = with pkgs; with gnome; [
|
gnome.excludePackages = with pkgs; with gnome; [
|
||||||
baobab
|
baobab
|
||||||
cheese
|
cheese
|
||||||
|
@ -51,11 +57,14 @@
|
||||||
totem
|
totem
|
||||||
yelp # less webkitgtk's
|
yelp # less webkitgtk's
|
||||||
];
|
];
|
||||||
|
|
||||||
interactiveShellInit = /* sh */ ''
|
interactiveShellInit = /* sh */ ''
|
||||||
# raise some awareness torwards failed services
|
# raise some awareness torwards failed services
|
||||||
systemctl --no-pager --failed || true
|
systemctl --no-pager --failed || true
|
||||||
'';
|
'';
|
||||||
|
|
||||||
noXlibs = !config.services.xserver.enable;
|
noXlibs = !config.services.xserver.enable;
|
||||||
|
|
||||||
systemPackages = with pkgs; [
|
systemPackages = with pkgs; [
|
||||||
bmon
|
bmon
|
||||||
curl
|
curl
|
||||||
|
@ -89,11 +98,19 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [
|
networking = {
|
||||||
# proxy protocol used by public-access-proxy
|
firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [
|
||||||
8080
|
# proxy protocol used by public-access-proxy
|
||||||
8443
|
8080
|
||||||
];
|
8443
|
||||||
|
];
|
||||||
|
nameservers = with hostRegistry.dnscache; [
|
||||||
|
ip4
|
||||||
|
ip6
|
||||||
|
"9.9.9.9"
|
||||||
|
];
|
||||||
|
useHostResolvConf = lib.mkIf (!config.services.resolved.enable) true;
|
||||||
|
};
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
deleteChannels = true;
|
deleteChannels = true;
|
||||||
|
@ -287,5 +304,15 @@
|
||||||
|
|
||||||
time.timeZone = lib.mkDefault "Europe/Berlin";
|
time.timeZone = lib.mkDefault "Europe/Berlin";
|
||||||
|
|
||||||
users.motdFile = ./motd;
|
users = {
|
||||||
|
motdFile = ./motd;
|
||||||
|
users = let
|
||||||
|
adminKeys = with builtins; lib.lists.flatten (attrValues cfg.sshKeys);
|
||||||
|
in {
|
||||||
|
# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/installation-device.nix#L23
|
||||||
|
nixos = lib.mkIf (config.system.nixos.variant_id == "installer") { openssh.authorizedKeys.keys = adminKeys; };
|
||||||
|
|
||||||
|
root.openssh.authorizedKeys.keys = adminKeys;
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, hostRegistry, config, options, lib, pkgs, ... }:
|
{ zentralwerk, config, lib, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.c3d2;
|
cfg = config.c3d2;
|
||||||
|
@ -89,29 +89,18 @@ in
|
||||||
adminKeys = with builtins; lib.lists.flatten (attrValues cfg.sshKeys);
|
adminKeys = with builtins; lib.lists.flatten (attrValues cfg.sshKeys);
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
users = {
|
users.k-ot = lib.mkIf cfg.k-ot.enable {
|
||||||
k-ot = lib.mkIf cfg.k-ot.enable {
|
createHome = true;
|
||||||
createHome = true;
|
isNormalUser = true;
|
||||||
isNormalUser = true;
|
uid = 1000;
|
||||||
uid = 1000;
|
extraGroups = [
|
||||||
extraGroups = [
|
"audio"
|
||||||
"audio"
|
"video"
|
||||||
"video"
|
"wheel"
|
||||||
"wheel"
|
];
|
||||||
];
|
# get by running mkpasswd logged in as the user
|
||||||
# get by running mkpasswd logged in as the user
|
hashedPassword = "$y$j9T$AoK/PRviZS4BDJ6jX/Qt6/$FDM/JfANEU7H0RAIuN0DL2hjYujVAVDdI0jgN5wGwB5";
|
||||||
hashedPassword = "$y$j9T$AoK/PRviZS4BDJ6jX/Qt6/$FDM/JfANEU7H0RAIuN0DL2hjYujVAVDdI0jgN5wGwB5";
|
openssh.authorizedKeys.keys = adminKeys;
|
||||||
openssh.authorizedKeys.keys = adminKeys;
|
|
||||||
};
|
|
||||||
|
|
||||||
# TODO: change when on 23.05
|
|
||||||
# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/installation-device.nix#L23
|
|
||||||
# nixos = lib.mkIf (config.system.nixos.variant_id == "installer") { openssh.authorizedKeys.keys = adminKeys; };
|
|
||||||
# using proxy option to detect iso
|
|
||||||
# https://github.com/NixOS/nixpkgs/blob/nixos-22.11/nixos/modules/profiles/installation-device.nix#L48
|
|
||||||
nixos = lib.mkIf (config.services.getty.autologinUser == "nixos") { openssh.authorizedKeys.keys = adminKeys; };
|
|
||||||
|
|
||||||
root.openssh.authorizedKeys.keys = adminKeys;
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -138,7 +127,7 @@ in
|
||||||
};
|
};
|
||||||
secret.mqtt =
|
secret.mqtt =
|
||||||
let
|
let
|
||||||
catSecrets = pkgs.writeScript "cat-vector-secrets" ''
|
catSecrets = pkgs.writeScript "cat-vector-secrets" /* bash */ ''
|
||||||
#!${pkgs.runtimeShell} -e
|
#!${pkgs.runtimeShell} -e
|
||||||
echo '{'
|
echo '{'
|
||||||
COMMA=n
|
COMMA=n
|
||||||
|
@ -185,28 +174,11 @@ in
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking.interfaces = lib.mkIf (cfg.hq.interface != null) {
|
||||||
interfaces = lib.mkIf (cfg.hq.interface != null) {
|
"${cfg.hq.interface}".ipv6.addresses = [{
|
||||||
"${cfg.hq.interface}".ipv6.addresses = [{
|
address = toHqPrivateAddress config.networking.hostName;
|
||||||
address = toHqPrivateAddress config.networking.hostName;
|
prefixLength = 64;
|
||||||
prefixLength = 64;
|
}];
|
||||||
}];
|
|
||||||
};
|
|
||||||
|
|
||||||
nameservers = with hostRegistry.dnscache; [
|
|
||||||
ip4
|
|
||||||
ip6
|
|
||||||
"9.9.9.9"
|
|
||||||
];
|
|
||||||
useHostResolvConf = lib.mkIf (!config.services.resolved.enable) true;
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.etc."resolv.conf" = lib.mkIf (!config.services.resolved.enable) {
|
|
||||||
text = lib.concatMapStrings
|
|
||||||
(ns: ''
|
|
||||||
nameserver ${ns}
|
|
||||||
'')
|
|
||||||
config.networking.nameservers;
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue