modularized stuff

2025-03-02 22:56:40 +01:00 · 2025-03-02 22:56:40 +01:00 · 046aa3d168
parent 95de139644
commit 046aa3d168
9 changed files with 113 additions and 76 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -1,11 +1,16 @@
+{ pkgs
+, ...
+}:
 {
-  pkgs,
-  inputs,
-  modulesPath,
-  lib,
-  ...
-}: {
  imports = [
+    ./services/openssh.nix
+    ./services/misc.nix
+    ./modules/git.nix
+    ./modules/nix-settings.nix
+    ./modules/zfs.nix
+
+    (import ./modules/networking.nix { hostname = "server"; })
+    (import ./modules/users.nix { main-user = "baritone"; })
  ];

  boot.loader = {
@ -14,56 +19,6 @@
    timeout = 0;
  };

-  boot.zfs.devNodes = "/dev/disk/by-path";
-
-  nix.settings.experimental-features = ["nix-command" "flakes"];
-  nix.gc = {
-    automatic = true;
-    options = "--delete-older-than 30d";
-  };
-  nix.optimise = {
-    automatic = true;
-    dates = ["05:00"];
-  };
-
-  networking.hostName = "enis";
-  networking.hostId = "2ead098f";
-  networking.networkmanager.enable = true;
-  networking.firewall = {
-    enable = true;
-    allowedTCPPorts = [];
-    allowedUDPPorts = [];
-  };
-
-  home-manager = {
-    extraSpecialArgs = {inherit inputs;};
-    users = {
-      "enis" = import ./home.nix;
-    };
-  };
-
-  users.users."enis" = {
-    isNormalUser = true;
-    hashedPassword = import ./password.nix;
-    extraGroups = [
-      "networkmanager"
-      "audio"
-      "wheel"
-    ];
-
-    shell = pkgs.zsh;
-  };
-
-  users.users."nixos" = {
-    isNormalUser = true;
-    initialPassword = "1234";
-    extraGroups = ["wheel"];
-  };
-
-  users.users.root = {
-    initialPassword = "1234";
-  };
-
  programs.zsh = {
    enable = true;
    enableGlobalCompInit = true;
@ -77,8 +32,6 @@
    curl
    git
    vim
-
-    zfs
  ];

  environment.variables = {
@ -97,20 +50,5 @@
  programs.mtr.enable = true;
  programs.gnupg.agent.enable = true;

-  services.udev.enable = true;
-  services.thermald.enable = true;
-
-  services.openssh = {
-    enable = true;
-    settings = {
-      PasswordAuthentication = false;
-      KbdInteractiveAuthentication = false;
-      AllowUsers = null;
-      PermitRootLogin = "no";
-    };
-  };
-
-  nix.settings.trusted-users = ["@wheel"];
-
  system.stateVersion = "24.11";
 }
--- a/home.nix
+++ b/home.nix
@ -1,8 +1,8 @@
-{...}: {
+{username ? throw "no username provided" }: {...}: {
  imports = [];

-  home.username = "enis";
-  home.homeDirectory = "/home/enis";
+  home.username = username;
+  home.homeDirectory = "/home/${username}";

  programs.home-manager.enable = true;

--- a/modules/git.nix
+++ b/modules/git.nix
@ -0,0 +1,6 @@
+{config, ...}:
+{
+  programs.git.config = {
+    safe.directory = [ "/etc/nixos" ];
+  };
+}
--- a/modules/networking.nix
+++ b/modules/networking.nix
@ -0,0 +1,11 @@
+{ hostname ? "server" }: {...}:
+{
+  networking.hostName = hostname;
+  networking.hostId = "2ead098f";
+  networking.networkmanager.enable = true;
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ ];
+    allowedUDPPorts = [ ];
+  };
+}
--- a/modules/nix-settings.nix
+++ b/modules/nix-settings.nix
@ -0,0 +1,12 @@
+{ ... }: {
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  nix.gc = {
+    automatic = true;
+    options = "--delete-older-than 30d";
+  };
+  nix.optimise = {
+    automatic = true;
+    dates = [ "05:00" ];
+  };
+  nix.settings.trusted-users = [ "@wheel" ];
+}
--- a/modules/users.nix
+++ b/modules/users.nix
@ -0,0 +1,32 @@
+{ main-user ? throw "No main user" }: { pkgs, inputs, ... }: {
+  home-manager = {
+    extraSpecialArgs = { inherit inputs; };
+    users = {
+      ${main-user} = (import ../home.nix { username = main-user; });
+    };
+  };
+
+  users.users.${main-user} = {
+    isNormalUser = true;
+    hashedPassword = import ../password.nix;
+    extraGroups = [
+      "networkmanager"
+      "audio"
+      "wheel"
+    ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFhTExbc9m4dCK6676wGiA8zPjE0l/9Fz2yf0IKvUvg snorre@archlinux"
+    ];
+
+    shell = pkgs.zsh;
+  };
+
+  users.users."nixos" = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFhTExbc9m4dCK6676wGiA8zPjE0l/9Fz2yf0IKvUvg snorre@archlinux"
+    ];
+  };
+
+}
--- a/modules/zfs.nix
+++ b/modules/zfs.nix
@ -0,0 +1,7 @@
+{ pkgs, ... }: {
+  boot.zfs.devNodes = "/dev/disk/by-path";
+
+  environment.systemPackages = with pkgs; [
+    zfs
+  ];
+}
--- a/services/misc.nix
+++ b/services/misc.nix
@ -0,0 +1,4 @@
+{ ... }: {
+  services.udev.enable = true;
+  services.thermald.enable = true;
+}
--- a/services/openssh.nix
+++ b/services/openssh.nix
@ -0,0 +1,27 @@
+{ ... }: {
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+      AllowUsers = null;
+      PermitRootLogin = "no";
+    };
+    banner = ''
+      OI! THIS IS A REALLY PRIVATE SERVER
+      IF YOU'RE NOT WHO I THINK YOU ARE THEN FOCK OFF!
+    '';
+
+    hostKeys = [
+      {
+        bits = 4096;
+        path = "/etc/ssh/ssh_host_rsa_key";
+        type = "rsa";
+      }
+      {
+        path = "/etc/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+    ];
+  };
+}