From 897ee4ad26113cd386789f336038d6601aa6d7cb Mon Sep 17 00:00:00 2001 From: sterni Date: Fri, 24 Nov 2023 16:55:46 +0100 Subject: [PATCH] refactor(sterni/edwin): move generic settings into module These settings would also be applied to a machine that'd replace edwin, so it's useful to have them outside edwin's default.nix. Change-Id: I4e8f464118a103645e53909a87c6ee4446022fa3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10125 Reviewed-by: sterni Autosubmit: sterni Tested-by: BuildkiteCI --- users/sterni/machines/edwin/default.nix | 66 +-------------------- users/sterni/modules/common.nix | 79 +++++++++++++++++++++++++ 2 files changed, 81 insertions(+), 64 deletions(-) create mode 100644 users/sterni/modules/common.nix diff --git a/users/sterni/machines/edwin/default.nix b/users/sterni/machines/edwin/default.nix index c1b267526..0204cc463 100644 --- a/users/sterni/machines/edwin/default.nix +++ b/users/sterni/machines/edwin/default.nix @@ -4,6 +4,8 @@ imports = [ # Third party modules we use "${depot.third_party.agenix.src}/modules/age.nix" + # Basic settings + ../../modules/common.nix # These modules touch things related to booting (filesystems, initrd network…) ./hardware.nix ./network.nix @@ -18,70 +20,6 @@ ]; config = { - time.timeZone = "Europe/Berlin"; - - nix = { - package = pkgs.nix_2_3; - settings = { - trusted-public-keys = lib.mkAfter [ - "headcounter.org:/7YANMvnQnyvcVB6rgFTdb8p5LG1OTXaO+21CaOSBzg=" - ]; - substituters = lib.mkAfter [ - "https://hydra.build" - ]; - }; - }; - tvl.cache.enable = true; - - services = { - journald.extraConfig = '' - SystemMaxUse=1024M - ''; - - openssh.enable = true; - }; - - security.acme = { - defaults.email = builtins.getAttr "email" ( - builtins.head ( - builtins.filter (attrs: attrs.username == "sterni") depot.ops.users - ) - ); - acceptTerms = true; - }; - - programs = { - fish.enable = true; - mosh.enable = true; - tmux.enable = true; - }; - - environment.systemPackages = [ - pkgs.weechat - pkgs.wget - pkgs.git - pkgs.stow - pkgs.htop - pkgs.foot.terminfo - pkgs.vim - ]; - - users = { - users = { - root.openssh.authorizedKeys.keys = depot.users.sterni.keys.all; - lukas = { - isNormalUser = true; - extraGroups = [ "wheel" "http" "git" ]; - openssh.authorizedKeys.keys = depot.users.sterni.keys.all; - shell = "${pkgs.fish}/bin/fish"; - }; - }; - }; - - nix.settings.trusted-users = [ - "lukas" - ]; - system.stateVersion = "20.09"; }; } diff --git a/users/sterni/modules/common.nix b/users/sterni/modules/common.nix new file mode 100644 index 000000000..db5b264e6 --- /dev/null +++ b/users/sterni/modules/common.nix @@ -0,0 +1,79 @@ +# This module is common in the weakest sense, i.e. contains common settings to +# all my machines contained in depot—as opposed to common to all my potential +# machines. Consequently, this module is currently very server-centric. +{ pkgs, lib, depot, config, ... }: + +let + me = "lukas"; +in + +{ + config = { + + # More common + + time.timeZone = "Europe/Berlin"; + + nix = { + package = pkgs.nix_2_3; + settings = { + trusted-public-keys = lib.mkAfter [ + "headcounter.org:/7YANMvnQnyvcVB6rgFTdb8p5LG1OTXaO+21CaOSBzg=" + ]; + substituters = lib.mkAfter [ + "https://hydra.build" + ]; + trusted-users = [ me ]; + }; + }; + tvl.cache.enable = true; + + programs.fish.enable = true; + + users = { + users = { + root.openssh.authorizedKeys.keys = depot.users.sterni.keys.all; + ${me} = { + isNormalUser = true; + extraGroups = [ "wheel" "http" "git" ]; + openssh.authorizedKeys.keys = depot.users.sterni.keys.all; + shell = pkgs.fish; + }; + }; + }; + + # Less common + + services = { + journald.extraConfig = '' + SystemMaxUse=1024M + ''; + + openssh.enable = true; + }; + + programs = { + mosh.enable = true; + tmux.enable = true; + }; + + environment.systemPackages = [ + pkgs.weechat + pkgs.wget + pkgs.git + pkgs.stow + pkgs.htop + pkgs.foot.terminfo + pkgs.vim + ]; + + security.acme = { + defaults.email = builtins.getAttr "email" ( + builtins.head ( + builtins.filter (attrs: attrs.username == "sterni") depot.ops.users + ) + ); + acceptTerms = true; + }; + }; +}