From 585dd9f50d814cdca83b806739337b0e24f277ca Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 02:22:19 -0400 Subject: [PATCH] Refactor linux specific configuration --- modules/linux/default.nix | 173 ++++++++++++++++++++++++++++++++++++++ modules/options.nix | 164 +----------------------------------- 2 files changed, 175 insertions(+), 162 deletions(-) diff --git a/modules/linux/default.nix b/modules/linux/default.nix index 85f3869..2966452 100644 --- a/modules/linux/default.nix +++ b/modules/linux/default.nix @@ -23,6 +23,179 @@ in ./linux/base.nix ]; + options = with lib; with nLib; { + nathan = { + # Control enabling of services + # Services are system specific so they go here + services = { + # Use zramSwap, enabled by default + zramSwap = mkDefaultOption "zram memory compression" config.nathan.config.isDesktop; + # Enable ssh and configure firewall + # On by default + ssh = mkEnableOptionT "ssh"; + # Enable tailscale, on by default on linux + tailscale = { + enable = mkDefaultOption "tailscale" pkgs.stdenv.isLinux; + }; + # Borg backup + # Disabled by default as it requires configuration, but a really good idea to turn on + borg = { + enable = mkEnableOption "borg"; + extraExcludes = mkOption { + default = [ ]; + description = "List of extra paths to exclude"; + }; + extraIncludes = mkOption { + default = [ ]; + description = "List of extra paths to include"; + }; + location = mkOption { + default = "de1955@de1955.rsync.net:computers"; + description = "Location to backup to"; + type = lib.types.str; + }; + passwordFile = mkOption { + description = "Path to the password file"; + type = lib.types.str; + }; + sshKey = mkOption { + description = "Path to the ssh key"; + type = lib.types.str; + }; + startAt = mkOption { + description = "How often to run backups"; + default = "hourly"; + }; + }; + # Nginx + nginx = { + enable = mkEnableOption "nginx"; + acme = mkEnableOption "ACME Integration"; + }; + # Matrix + matrix = { + enable = mkEnableOption "matrix"; + baseDomain = mkOption { + description = "Base domain to use for the matrix services"; + example = "mccarty.io"; + type = lib.types.str; + }; + element = mkDefaultOption "element" config.nathan.services.matrix.enable; + enableRegistration = mkEnableOption "synapse registration"; + }; + }; + # Linux (desktop/server, not android) specific programs + programs = { + # Install games + games = mkEnableOption "games"; + # Install gpg with yubikey support + # Enabled by default if the system is a desktop + gpg = mkDefaultOption "gpg" config.nathan.config.isDesktop; + utils = { + # Enable multi system emulation + # Enabled by default on desktop + binfmt = mkDefaultOption "binfmt" config.nathan.config.isDesktop; + }; + }; + # Control enabling of hardware support + hardware = { + # Logitech hardware support + # On by default if the system is a desktop + logitech = mkDefaultOption "logitech" config.nathan.config.isDesktop; + }; + # Linux specific configuration + config = { + # Wether or not to install the main user + installUser = mkOption { + default = pkgs.stdenv.isLinux; + example = true; + description = "Whether to install the 'nathan' user"; + type = lib.types.bool; + }; + # Name of the user to install + user = mkOption { + default = "nathan"; + example = "nathan"; + description = "Username to use for common configuration"; + type = lib.types.str; + }; + # Name of the user to install + email = mkOption { + default = "nathan@mccarty.io"; + example = "nathan@mccarty.io"; + description = "Email to use for common configuration"; + type = lib.types.str; + }; + # Is this system a desktop? + # Off by default + isDesktop = mkEnableOption "Desktop specific settings"; + # Should we harden this system? + # On by default + harden = mkEnableOptionT "Apply system hardening"; + # Enable audio subsystem + # On by default if the system is a desktop + audio = mkDefaultOption "audio" config.nathan.config.isDesktop; + # Basic grub configuration + # Off by default + setupGrub = mkEnableOption "Setup grub"; + # Install fonts + # On by default if the system is a desktop + fonts = mkDefaultOption "fonts" config.nathan.config.isDesktop; + # Enable unfree software + # On by default + enableUnfree = mkEnableOptionT "unfree software"; + # Nix configuration + nix = { + # Automatic GC and optimization of the nix store + # On by default + autoGC = mkEnableOptionT "Nix store optimization and auto gc"; + # Automatic updating of the system + # On by default + autoUpdate = mkEnableOptionT "Nix autoupdating"; + }; + # Swaywm configuration + # On by default if the system is a desktop + swaywm = { + enable = mkOption { + default = config.nathan.config.isDesktop; + example = true; + description = "Whether to setup swaywm"; + type = lib.types.bool; + }; + }; + # Virtualization configuration + # All on by default if the system is a desktop + virtualization = { + qemu = mkDefaultOption "qemu" config.nathan.config.isDesktop; + docker = mkDefaultOption "docker" config.nathan.config.isDesktop; + lxc = mkDefaultOption "lxc" config.nathan.config.isDesktop; + nixos = mkDefaultOption "nixos containers" config.nathan.config.isDesktop; + }; + # Support for interacting with a dual booted windows system + windows = { + enable = mkEnableOption "Windows Integration"; + mount = { + enable = mkDefaultOption "Mount a bitlockered windows partition" config.nathan.config.windows.enable; + device = mkOption { + description = "Device to mount"; + example = "/dev/sda2"; + type = types.str; + }; + mountPoint = mkOption { + description = "Location to mount the device to"; + example = "/dev/sda2"; + type = types.str; + }; + keyFile = mkOption { + description = "File containing the recovery key for the partition"; + type = types.str; + }; + }; + }; + }; + }; + }; + config = { # Enable the firewall networking.firewall.enable = true; diff --git a/modules/options.nix b/modules/options.nix index e1ec302..d47dcb2 100644 --- a/modules/options.nix +++ b/modules/options.nix @@ -6,179 +6,19 @@ in { options = with lib; with nLib; { nathan = { - # Control enabling of services - services = { - # Use zramSwap, enabled by default - zramSwap = mkDefaultOption "zram memory compression" config.nathan.config.isDesktop; - # Enable ssh and configure firewall - # On by default - ssh = mkEnableOptionT "ssh"; - # Enable tailscale, on by default on linux - tailscale = { - enable = mkDefaultOption "tailscale" pkgs.stdenv.isLinux; - }; - # Borg backup - # Disabled by default as it requires configuration, but a really good idea to turn on - borg = { - enable = mkEnableOption "borg"; - extraExcludes = mkOption { - default = [ ]; - description = "List of extra paths to exclude"; - }; - extraIncludes = mkOption { - default = [ ]; - description = "List of extra paths to include"; - }; - location = mkOption { - default = "de1955@de1955.rsync.net:computers"; - description = "Location to backup to"; - type = lib.types.str; - }; - passwordFile = mkOption { - description = "Path to the password file"; - type = lib.types.str; - }; - sshKey = mkOption { - description = "Path to the ssh key"; - type = lib.types.str; - }; - startAt = mkOption { - description = "How often to run backups"; - default = "hourly"; - }; - }; - # Nginx - nginx = { - enable = mkEnableOption "nginx"; - acme = mkEnableOption "ACME Integration"; - }; - # Matrix - matrix = { - enable = mkEnableOption "matrix"; - baseDomain = mkOption { - description = "Base domain to use for the matrix services"; - example = "mccarty.io"; - type = lib.types.str; - }; - element = mkDefaultOption "element" config.nathan.services.matrix.enable; - enableRegistration = mkEnableOption "synapse registration"; - }; - }; - # Control enabling/configuratin of services + # Programs, many of these will be generic programs = { - # Install games - games = mkEnableOption "games"; - # Install gpg with yubikey support - # Enabled by default if the system is a desktop - gpg = mkDefaultOption "gpg" config.nathan.config.isDesktop; # Utility modules utils = { # Core utililtes I want on every system # Enabled by default core = mkEnableOptionT "utils-core"; - # Enable multi system emulation - # Enabled by default on desktop - binfmt = mkDefaultOption "binfmt" config.nathan.config.isDesktop; # Development utilities that can't be installed through home manager due to collisions devel = mkDefaultOption "devel" config.nathan.config.isDesktop; }; }; - # Control enabling of hardware support - hardware = { - # Logitech hardware support - # On by default if the system is a desktop - logitech = mkDefaultOption "logitech" config.nathan.config.isDesktop; - }; # General system configuration - config = { - # Wether or not to install the main user - installUser = mkOption { - default = pkgs.stdenv.isLinux; - example = true; - description = "Whether to install the 'nathan' user"; - type = lib.types.bool; - }; - # Name of the user to install - user = mkOption { - default = "nathan"; - example = "nathan"; - description = "Username to use for common configuration"; - type = lib.types.str; - }; - # Name of the user to install - email = mkOption { - default = "nathan@mccarty.io"; - example = "nathan@mccarty.io"; - description = "Email to use for common configuration"; - type = lib.types.str; - }; - # Is this system a desktop? - # Off by default - isDesktop = mkEnableOption "Desktop specific settings"; - # Should we harden this system? - # On by default - harden = mkEnableOptionT "Apply system hardening"; - # Enable audio subsystem - # On by default if the system is a desktop - audio = mkDefaultOption "audio" config.nathan.config.isDesktop; - # Basic grub configuration - # Off by default - setupGrub = mkEnableOption "Setup grub"; - # Install fonts - # On by default if the system is a desktop - fonts = mkDefaultOption "fonts" config.nathan.config.isDesktop; - # Enable unfree software - # On by default - enableUnfree = mkEnableOptionT "unfree software"; - # Nix configuration - nix = { - # Automatic GC and optimization of the nix store - # On by default - autoGC = mkEnableOptionT "Nix store optimization and auto gc"; - # Automatic updating of the system - # On by default - autoUpdate = mkEnableOptionT "Nix autoupdating"; - }; - # Swaywm configuration - # On by default if the system is a desktop - swaywm = { - enable = mkOption { - default = config.nathan.config.isDesktop; - example = true; - description = "Whether to setup swaywm"; - type = lib.types.bool; - }; - }; - # Virtualization configuration - # All on by default if the system is a desktop - virtualization = { - qemu = mkDefaultOption "qemu" config.nathan.config.isDesktop; - docker = mkDefaultOption "docker" config.nathan.config.isDesktop; - lxc = mkDefaultOption "lxc" config.nathan.config.isDesktop; - nixos = mkDefaultOption "nixos containers" config.nathan.config.isDesktop; - }; - # Support for interacting with a dual booted windows system - windows = { - enable = mkEnableOption "Windows Integration"; - mount = { - enable = mkDefaultOption "Mount a bitlockered windows partition" config.nathan.config.windows.enable; - device = mkOption { - description = "Device to mount"; - example = "/dev/sda2"; - type = types.str; - }; - mountPoint = mkOption { - description = "Location to mount the device to"; - example = "/dev/sda2"; - type = types.str; - }; - keyFile = mkOption { - description = "File containing the recovery key for the partition"; - type = types.str; - }; - }; - }; - }; + config = { }; }; }; }