forked from c3d2/nix-config
Move none condition settings to config/default.nix
This commit is contained in:
parent
1f49c2cf17
commit
9e2296a05a
|
@ -1,4 +1,4 @@
|
|||
{ config, lib, nixos, pkgs, ssh-public-keys, zentralwerk, ... }:
|
||||
{ config, hostRegistry, lib, nixos, pkgs, ssh-public-keys, zentralwerk, ... }:
|
||||
|
||||
# this file contains default configuration that may be turned on depending on other config settings.
|
||||
# options should go to modules.
|
||||
|
@ -35,6 +35,12 @@
|
|||
documentation.enable = false;
|
||||
|
||||
environment = {
|
||||
etc."resolv.conf" = lib.mkIf (!config.services.resolved.enable) {
|
||||
text = lib.concatMapStrings (ns: ''
|
||||
nameserver ${ns}
|
||||
'') config.networking.nameservers;
|
||||
};
|
||||
|
||||
gnome.excludePackages = with pkgs; with gnome; [
|
||||
baobab
|
||||
cheese
|
||||
|
@ -51,11 +57,14 @@
|
|||
totem
|
||||
yelp # less webkitgtk's
|
||||
];
|
||||
|
||||
interactiveShellInit = /* sh */ ''
|
||||
# raise some awareness torwards failed services
|
||||
systemctl --no-pager --failed || true
|
||||
'';
|
||||
|
||||
noXlibs = !config.services.xserver.enable;
|
||||
|
||||
systemPackages = with pkgs; [
|
||||
bmon
|
||||
curl
|
||||
|
@ -89,11 +98,19 @@
|
|||
];
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [
|
||||
networking = {
|
||||
firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [
|
||||
# proxy protocol used by public-access-proxy
|
||||
8080
|
||||
8443
|
||||
];
|
||||
nameservers = with hostRegistry.dnscache; [
|
||||
ip4
|
||||
ip6
|
||||
"9.9.9.9"
|
||||
];
|
||||
useHostResolvConf = lib.mkIf (!config.services.resolved.enable) true;
|
||||
};
|
||||
|
||||
nix = {
|
||||
deleteChannels = true;
|
||||
|
@ -287,5 +304,15 @@
|
|||
|
||||
time.timeZone = lib.mkDefault "Europe/Berlin";
|
||||
|
||||
users.motdFile = ./motd;
|
||||
users = {
|
||||
motdFile = ./motd;
|
||||
users = let
|
||||
adminKeys = with builtins; lib.lists.flatten (attrValues cfg.sshKeys);
|
||||
in {
|
||||
# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/installation-device.nix#L23
|
||||
nixos = lib.mkIf (config.system.nixos.variant_id == "installer") { openssh.authorizedKeys.keys = adminKeys; };
|
||||
|
||||
root.openssh.authorizedKeys.keys = adminKeys;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ zentralwerk, hostRegistry, config, options, lib, pkgs, ... }:
|
||||
{ zentralwerk, config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.c3d2;
|
||||
|
@ -89,8 +89,7 @@ in
|
|||
adminKeys = with builtins; lib.lists.flatten (attrValues cfg.sshKeys);
|
||||
in
|
||||
{
|
||||
users = {
|
||||
k-ot = lib.mkIf cfg.k-ot.enable {
|
||||
users.k-ot = lib.mkIf cfg.k-ot.enable {
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
|
@ -103,16 +102,6 @@ in
|
|||
hashedPassword = "$y$j9T$AoK/PRviZS4BDJ6jX/Qt6/$FDM/JfANEU7H0RAIuN0DL2hjYujVAVDdI0jgN5wGwB5";
|
||||
openssh.authorizedKeys.keys = adminKeys;
|
||||
};
|
||||
|
||||
# TODO: change when on 23.05
|
||||
# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/installation-device.nix#L23
|
||||
# nixos = lib.mkIf (config.system.nixos.variant_id == "installer") { openssh.authorizedKeys.keys = adminKeys; };
|
||||
# using proxy option to detect iso
|
||||
# https://github.com/NixOS/nixpkgs/blob/nixos-22.11/nixos/modules/profiles/installation-device.nix#L48
|
||||
nixos = lib.mkIf (config.services.getty.autologinUser == "nixos") { openssh.authorizedKeys.keys = adminKeys; };
|
||||
|
||||
root.openssh.authorizedKeys.keys = adminKeys;
|
||||
};
|
||||
};
|
||||
|
||||
services.vector = lib.mkIf config.c3d2.hq.journalToMqtt {
|
||||
|
@ -138,7 +127,7 @@ in
|
|||
};
|
||||
secret.mqtt =
|
||||
let
|
||||
catSecrets = pkgs.writeScript "cat-vector-secrets" ''
|
||||
catSecrets = pkgs.writeScript "cat-vector-secrets" /* bash */ ''
|
||||
#!${pkgs.runtimeShell} -e
|
||||
echo '{'
|
||||
COMMA=n
|
||||
|
@ -185,28 +174,11 @@ in
|
|||
}];
|
||||
};
|
||||
|
||||
networking = {
|
||||
interfaces = lib.mkIf (cfg.hq.interface != null) {
|
||||
networking.interfaces = lib.mkIf (cfg.hq.interface != null) {
|
||||
"${cfg.hq.interface}".ipv6.addresses = [{
|
||||
address = toHqPrivateAddress config.networking.hostName;
|
||||
prefixLength = 64;
|
||||
}];
|
||||
};
|
||||
|
||||
nameservers = with hostRegistry.dnscache; [
|
||||
ip4
|
||||
ip6
|
||||
"9.9.9.9"
|
||||
];
|
||||
useHostResolvConf = lib.mkIf (!config.services.resolved.enable) true;
|
||||
};
|
||||
|
||||
environment.etc."resolv.conf" = lib.mkIf (!config.services.resolved.enable) {
|
||||
text = lib.concatMapStrings
|
||||
(ns: ''
|
||||
nameserver ${ns}
|
||||
'')
|
||||
config.networking.nameservers;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user