refactor: make sshd module and some code refactor

2023-12-27 11:39:38 -05:00 · 2023-12-27 11:39:38 -05:00 · ed92a42266
parent f8442fc37e
commit ed92a42266
15 changed files with 89 additions and 97 deletions
--- a/common/home/neovim/default.nix
+++ b/common/home/neovim/default.nix
@ -161,11 +161,6 @@ in {
              type = "viml";
              config = fileContents ./plugins/dracula.vim;
            }
            {
              plugin = lualine-nvim;
              type = "lua";
              config = fileContents ./plugins/lualine.lua;
            }
            {
              plugin = todo-comments-nvim;
              type = "lua";
@ -176,11 +171,6 @@ in {
              type = "lua";
              config = fileContents ./plugins/gitsigns.lua;
            }
            {
              plugin = nvim-autopairs;
              type = "lua";
              config = fileContents ./plugins/autopairs.lua;
            }
            {
              plugin = indent-blankline-nvim;
              type = "lua";
@ -221,6 +211,16 @@ in {
            coc-markdownlint
            coc-tsserver
            {
              plugin = nvim-autopairs;
              type = "lua";
              config = fileContents ./plugins/autopairs.lua;
            }
            {
              plugin = lualine-nvim;
              type = "lua";
              config = fileContents ./plugins/lualine.lua;
            }
            {
              plugin = neo-tree-nvim;
              type = "viml";
--- a/common/nix-on-droid.nix
+++ b/common/nix-on-droid.nix
@ -22,10 +22,14 @@
    substituters = [
      # Neovim and stuff
      "https://nix-community.cachix.org"
      # Personal config cache
      "https://cache.nelim.org"
    ];
    trustedPublicKeys = [
      # Neovim and stuff
      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      # Personal config cache
      "cache.nelim.org:JmFqkUdH11EA9EZOFAGVHuRYp7EbsdJDHvTQzG2pPyY="
    ];
  };
--- a/common/pkgs/default.nix
+++ b/common/pkgs/default.nix
@ -2,7 +2,8 @@
  lib,
  pkgs,
  ...
-}: let
+}:
 with lib; let
  mkPackage = name: v: {
    ${name} = pkgs.callPackage ./${name} {};
  };
@ -10,19 +11,15 @@
  rmNotPackage = name: value:
    value
    == "directory"
-    && builtins.pathExists ./${name}/default.nix;
+    && pathExists ./${name}/default.nix;
-  packages = lib.attrsets.filterAttrs rmNotPackage (builtins.readDir ./.);
+  packages = filterAttrs rmNotPackage (builtins.readDir ./.);
-  pkgSet = lib.attrsets.concatMapAttrs mkPackage packages;
+  pkgSet = concatMapAttrs mkPackage packages;
 in {
-  imports = [
+  options.customPkgs = mkOption {
-    {
+    type = types.attrs;
-      options.customPkgs = lib.mkOption {
+  };
        type = lib.types.attrs;
      };
    }
  ];
-  customPkgs = pkgSet;
+  config.customPkgs = pkgSet;
 }
--- a/devices/binto/default.nix
+++ b/devices/binto/default.nix
@ -8,6 +8,7 @@
    ../../modules/kmscon.nix
    ../../modules/printer.nix
    ../../modules/proton-bridge.nix
    ../../modules/sshd.nix
    ../../modules/tailscale.nix
    ./modules/gpu-replay.nix
@ -56,16 +57,6 @@
    firewall.enable = false;
  };
  services = {
    openssh = {
      enable = true;
      settings = {
        PasswordAuthentication = false;
        PermitRootLogin = "no";
      };
    };
  };
  # Set your time zone.
  time.timeZone = "America/Montreal";
--- a/devices/oksys/default.nix
+++ b/devices/oksys/default.nix
@ -2,6 +2,7 @@
  imports = [
    ./hardware-configuration.nix
    ../../modules/sshd.nix
    ../../modules/tailscale.nix
    ./modules/blocky.nix
@ -47,16 +48,6 @@
    firewall.enable = false;
  };
  services = {
    openssh = {
      enable = true;
      settings = {
        PasswordAuthentication = false;
        PermitRootLogin = "no";
      };
    };
  };
  # Set your time zone.
  time.timeZone = "America/Montreal";
--- a/devices/oksys/modules/blocky.nix
+++ b/devices/oksys/modules/blocky.nix
@ -2,6 +2,7 @@
  services = {
    blocky = {
      enable = true;
      settings = {
        upstream = {
          default = [
--- a/devices/servivi/default.nix
+++ b/devices/servivi/default.nix
@ -3,6 +3,7 @@
    ./hardware-configuration.nix
    ../../modules/kmscon.nix
    ../../modules/sshd.nix
    ../../modules/tailscale.nix
    ./modules/binary-cache.nix
@ -41,16 +42,6 @@
    firewall.enable = false;
  };
  services = {
    openssh = {
      enable = true;
      settings = {
        PasswordAuthentication = false;
        PermitRootLogin = "no";
      };
    };
  };
  # Set your time zone.
  time.timeZone = "America/Montreal";
--- a/devices/servivi/modules/binary-cache.nix
+++ b/devices/servivi/modules/binary-cache.nix
@ -1,7 +1,6 @@
 {
  config,
  pkgs,
  nixpkgs,
  ...
 }: let
  secrets = config.sops.secrets;
@ -12,6 +11,7 @@ in {
    secretKeyFile = secrets.binary-cache-key.path;
  };
  # Populate cache
  systemd = {
    services.buildAll = {
      serviceConfig = {
@ -19,25 +19,28 @@ in {
        User = vars.user;
        Group = config.users.users.${vars.user}.group;
      };
      path = with pkgs; [
        git
        nix
        nixci
        openssh
      ];
      script = ''
        cd /tmp
-        ${pkgs.nix}/bin/nix-shell \
+        git clone https://git.nelim.org/matt1432/nixos-configs.git nix-clone
-          -I "nixpkgs=${nixpkgs}" \
+        cd nix-clone
-          -p openssh nix git nixci --run \
+        nix flake update
-        "${builtins.concatStringsSep "; " [
+        nixci .
-          "git clone https://git.nelim.org/matt1432/nixos-configs.git nix-clone"
+        cd ..
-          "cd nix-clone"
+        rm -r nix-clone
          "nix flake update"
          "nixci ."
          "cd .."
          "rm -r nix-clone"
        ]}"
      '';
    };
    timers.buildAll = {
      wantedBy = ["timers.target"];
      partOf = ["buildAll.service"];
-      timerConfig.OnCalendar = ["*-*-* 0:00:00"];
+      timerConfig.OnCalendar = ["0:00:00"];
    };
  };
 }
--- a/devices/servivi/modules/borgbackup.nix
+++ b/devices/servivi/modules/borgbackup.nix
@ -3,18 +3,27 @@
  lib,
  pkgs,
  ...
-}: {
+}:
 with lib; let
  cfg = config.services.borgbackup;
  secrets = config.sops.secrets;
 in {
  # Make this file declare default settings
-  options.services.borgbackup = with lib; {
+  options.services.borgbackup = {
    #
    defaults = mkOption {
      type = types.attrs;
    };
    configs = mkOption {
      type = types.attrs;
    };
  };
  config = {
    users.groups.borg = {};
    users.users.borg = {
      isSystemUser = true;
      # https://mynixos.com/nixpkgs/option/services.borgbackup.jobs.%3Cname%3E.readWritePaths
      createHome = true;
      home = "/var/lib/borg";
      group = "borg";
@ -28,17 +37,14 @@
    services.borgbackup = {
      defaults = {
        user = "borg";
-        environment = {
+        environment = {BORG_RSH = "ssh -i ${secrets.borg-ssh.path}";};
          # TODO: use secrets
          BORG_RSH = "ssh -i ${config.users.users.borg.home}/.ssh/id_ed25519";
        };
        repo = "ssh://matt@pve/data/backups/borg";
        encryption = {
          mode = "repokey";
          passCommand = let
            cat = "${pkgs.coreutils}/bin/cat";
-            key = config.sops.secrets.borg-repo.path;
+            key = secrets.borg-repo.path;
          in "${cat} ${key}";
        };
@ -46,6 +52,8 @@
        startAt = "00/3:00";
        compression = "auto,lzma";
      };
      jobs = mapAttrs (_: v: v // cfg.defaults) cfg.configs;
    };
  };
 }
--- a/devices/servivi/modules/minecraft.nix
+++ b/devices/servivi/modules/minecraft.nix
@ -88,12 +88,10 @@
      };
    };
-    borgbackup.jobs.mc =
+    borgbackup.configs.mc = {
-      config.services.borgbackup.defaults
+      paths = [
-      // {
+        "/var/lib/minecraft"
-        paths = [
+      ];
-          "/var/lib/minecraft"
+    };
        ];
      };
  };
 }
--- a/flake.lock
+++ b/flake.lock
@ -898,11 +898,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1703684713,
+        "lastModified": 1703685203,
-        "narHash": "sha256-fcT+86f6nzP3U0fNaLmU2zjU0OBknHkvuhfKCOmUbYo=",
+        "narHash": "sha256-S6O1gyPlMdWwPAdt/fyMbAY2dkN7c2OSdXQ33B0XUNs=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "363ffe2170c5ff1bb78ee7c156cfd26fb587e383",
+        "rev": "37316d96a2d37c8d399922483dac769ffd5dbf38",
        "type": "github"
      },
      "original": {
@ -961,11 +961,11 @@
        "sops-nix": "sops-nix"
      },
      "locked": {
-        "lastModified": 1703659676,
+        "lastModified": 1703687968,
-        "narHash": "sha256-GV7aDQygrPSXwR6auRHpanMzvXvKBbw1F2o78BA/ZeM=",
+        "narHash": "sha256-wkdaj8F/uD8Rm3HmNcy7IVRguzWeCd4svuVPILIWbq4=",
        "ref": "refs/heads/main",
-        "rev": "792df10f43731b75e4d11ce76e0cde911381869e",
+        "rev": "77c68ba0cbc6da18531dedfcf864038a6e4aaf9f",
-        "revCount": 18,
+        "revCount": 19,
        "type": "git",
        "url": "ssh://git@git.nelim.org/matt1432/nixos-secrets"
      },
--- a/home/alacritty.nix
+++ b/home/alacritty.nix
@ -3,8 +3,6 @@
    enable = true;
    settings = {
      env = {
        POKE = "true";
        # fix wrong colors in tmux
        TERM = "xterm-256color";
      };
--- a/modules/greetd/default.nix
+++ b/modules/greetd/default.nix
@ -3,9 +3,8 @@
  pkgs,
  config,
  ...
-}: let
+}: with lib; let
  # Nix stuff
  optionals = lib.lists.optionals;
  isNvidia = config.hardware.nvidia.modesetting.enable;
  isTouchscreen = config.hardware.sensor.iio.enable;
@ -20,7 +19,7 @@
    .finalPackage;
  # Executables' paths
  hyprBin = "${hyprland}/bin";
-  regreetBin = "${lib.getExe config.programs.regreet.package}";
+  regreetBin = "${getExe config.programs.regreet.package}";
  # Show Regreet on all monitors
  dupeMonitors = pkgs.writeShellScriptBin "dupeMonitors" ''
@ -49,7 +48,7 @@
    else "${dupeMonitors}/bin/dupeMonitors";
  # Get css for regreet
-  style = pkgs.writeText "style.css" ''${builtins.readFile ./style.css}'';
+  style = pkgs.writeText "style.css" ''${readFile ./style.css}'';
  # Setup Hyprland as regreet's compositor
  hyprConf =
@ -66,7 +65,7 @@
        "    sleep 1; swww init --no-cache &&"
        "    swww img -t none ${pkgs.dracula-theme}/wallpapers/waves.png\n"
-        "${builtins.readFile ./hyprland.conf}\n"
+        "${readFile ./hyprland.conf}\n"
        "exec-once = ${regreetBin} -s ${style};"
        "    ${hyprBin}/hyprctl dispatch exit"
--- a/modules/hyprland/default.nix
+++ b/modules/hyprland/default.nix
@ -82,22 +82,22 @@ in {
        xwayland.force_zero_scaling = true;
        monitor = [
-          (builtins.concatStringsSep "," [
+          (concatStringsSep "," [
            "desc:Acer Technologies Acer K212HQL T3EAA0014201"
            "1920x1080@60"
            "840x1000, 1, transform, 3"
          ])
-          (builtins.concatStringsSep "," [
+          (concatStringsSep "," [
            "desc:BOE 0x0964"
            "1920x1200@60"
            "0x2920, 1"
          ])
-          (builtins.concatStringsSep "," [
+          (concatStringsSep "," [
            "desc:Samsung Electric Company C27JG5x HTOM100586"
            "2560x1440@60"
            "1920x120, 1"
          ])
-          (builtins.concatStringsSep "," [
+          (concatStringsSep "," [
            "desc:GIGA-BYTE TECHNOLOGY CO. LTD. G27QC 0x00000B1D"
            "2560x1440@165"
            "1920x1560, 1"
--- a/modules/sshd.nix
+++ b/modules/sshd.nix
@ -0,0 +1,11 @@
 {...}: {
  services = {
    openssh = {
      enable = true;
      settings = {
        PasswordAuthentication = false;
        PermitRootLogin = "no";
      };
    };
  };
 }