home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

commit 99d3979c0da4d3c9197194763a920800f1120c28
parent 678d87949127673578bf149e98dbc88ee709f648
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Tue, 20 Feb 2024 17:22:57 +0100

systems: clean even more profiles.*

Remove all unused files

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Mflake.nix | 10----------
Dsystems/modules/profiles/docker.nix | 77-----------------------------------------------------------------------------
Dsystems/modules/profiles/gaming.nix | 26--------------------------
Dsystems/modules/profiles/i18n.nix | 24------------------------
Dsystems/modules/profiles/ipfs.nix | 39---------------------------------------
Dsystems/modules/profiles/kubernetes.nix | 60------------------------------------------------------------
Dsystems/modules/profiles/laptop.nix | 18------------------
Dsystems/modules/profiles/mail.nix | 23-----------------------
Dsystems/modules/profiles/nix-auto-update.nix | 79-------------------------------------------------------------------------------
Dsystems/modules/profiles/printing.nix | 21---------------------
Dsystems/modules/profiles/qemu.nix | 50--------------------------------------------------
Dsystems/modules/profiles/scanning.nix | 24------------------------
Dsystems/modules/profiles/zsh.nix | 22----------------------
Musers/vincent/default.nix | 12++++++------
14 files changed, 6 insertions(+), 479 deletions(-)

diff --git a/flake.nix b/flake.nix @@ -61,19 +61,9 @@ ./systems/modules/profiles/base.nix ./systems/modules/profiles/builder.nix ./systems/modules/profiles/dns.nix - ./systems/modules/profiles/docker.nix ./systems/modules/profiles/home.nix - ./systems/modules/profiles/i18n.nix - ./systems/modules/profiles/ipfs.nix - ./systems/modules/profiles/kubernetes.nix - ./systems/modules/profiles/laptop.nix - ./systems/modules/profiles/mail.nix - ./systems/modules/profiles/printing.nix - ./systems/modules/profiles/qemu.nix ./systems/modules/profiles/redhat.nix - ./systems/modules/profiles/scanning.nix ./systems/modules/profiles/wireguard.server.nix - ./systems/modules/profiles/zsh.nix inputs.sops-nix.nixosModules.sops # inputs.envfs.nixosModules.envfs { diff --git a/systems/modules/profiles/docker.nix b/systems/modules/profiles/docker.nix @@ -1,77 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.docker; -in -{ - options = { - profiles.docker = { - enable = mkEnableOption "Enable docker profile"; - package = mkOption { - default = pkgs.docker; - description = "docker package to be used"; - type = types.package; - }; - runcPackage = mkOption { - default = pkgs.runc; - description = "runc package to be used"; - type = types.package; - }; - }; - }; - config = mkIf cfg.enable { - virtualisation = { - containerd = { - enable = true; - }; - buildkitd = { - enable = true; - settings = { - worker.oci = { - enabled = false; - }; - worker.containerd = { - enabled = true; - platforms = [ "linux/amd64" "linux/arm64" ]; - namespace = "buildkit"; - }; - registry = { - "r.svc.home:5000" = { - http = true; - insecure = true; - }; - "r.svc.home" = { - http = true; - insecure = true; - }; - }; - }; - }; - docker = { - enable = true; - package = cfg.package; - liveRestore = false; - storageDriver = "overlay2"; - daemon.settings = { - experimental = true; - bip = "172.26.0.1/16"; - runtimes = { - "docker-runc" = { - path = "${cfg.runcPackage}/bin/runc"; - }; - }; - default-runtime = "docker-runc"; - containerd = "/run/containerd/containerd.sock"; - features = { buildkit = true; }; - insecure-registries = [ "172.30.0.0/16" "192.168.12.0/16" "shikoku.home:5000" "r.svc.home:5000" "r.svc.home" ]; - seccomp-profile = ./docker/my-seccomp.json; - }; - }; - }; - environment.systemPackages = with pkgs; [ - docker-buildx - ]; - networking.firewall.trustedInterfaces = [ "docker0" ]; - }; -} diff --git a/systems/modules/profiles/gaming.nix b/systems/modules/profiles/gaming.nix @@ -1,26 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.gaming; -in -{ - options = { - profiles.gaming = { - enable = mkEnableOption "Enable gaming profile"; - }; - }; - config = mkIf cfg.enable { - hardware = { - opengl = { - driSupport32Bit = true; - }; - }; - services.udev.extraRules = '' - # Steam controller - SUBSYSTEM=="usb", ATTRS{idVendor}=="28de", MODE="0666" - KERNEL=="uinput", MODE="0660", GROUP="users", OPTIONS+="static_node=uinput" - ''; - environment.systemPackages = with pkgs; [ steam ]; - }; -} diff --git a/systems/modules/profiles/i18n.nix b/systems/modules/profiles/i18n.nix @@ -1,24 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.i18n; -in -{ - options = { - profiles.i18n = { - enable = mkOption { - default = true; - description = "Enable i18n profile"; - type = types.bool; - }; - }; - }; - config = mkIf cfg.enable { - console.keyMap = "fr-bepo"; - console.font = "Lat2-Terminus16"; - i18n = { - defaultLocale = "en_US.UTF-8"; - }; - }; -} diff --git a/systems/modules/profiles/ipfs.nix b/systems/modules/profiles/ipfs.nix @@ -1,39 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.ipfs; -in -{ - options = { - profiles.ipfs = { - enable = mkEnableOption "Enable ipfs profile"; - autoMount = mkOption { - default = true; - description = "Automount /ipfs and /ipns"; - type = types.bool; - }; - localDiscovery = mkOption { - default = true; - description = "Enable local discovery, switch profile to server if disable"; - type = types.bool; - }; - extraConfig = mkOption { - default = { - Datastore.StorageMax = "40GB"; - }; - description = "Extra ipfs daemon configuration"; - type = types.attrs; - }; - }; - }; - config = mkIf cfg.enable { - services.ipfs = { - enable = true; - enableGC = true; - localDiscovery = cfg.localDiscovery; - autoMount = cfg.autoMount; - extraConfig = cfg.extraConfig; - }; - }; -} diff --git a/systems/modules/profiles/kubernetes.nix b/systems/modules/profiles/kubernetes.nix @@ -1,60 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) mkEnableOption mkOption mkIf mkDefault mkOverride types optionals; - cfg = config.profiles.kubernetes; -in -{ - options.profiles.kubernetes = { - master = { - enable = mkEnableOption "Make this node a master node"; - ip = mkOption { - description = "master node address"; - type = types.str; - }; - hostname = mkOption { - default = "api.kube"; - description = "master node hostname"; - type = types.str; - }; - port = mkOption { - default = 6443; - description = "port the apiserver will expose"; - type = types.int; - }; - }; - }; - config = mkIf cfg.enable { - networking = { - firewall.allowedTCPPorts = [ 80 443 6443 ]; - extraHosts = "${cfg.master.ip} ${cfg.master.hostname}"; - }; - - boot.kernelModules = [ "ceph" ]; - - # packages for administration tasks - environment.systemPackages = with pkgs; [ - kubectl - kubernetes - ]; - - services.kubernetes = { - roles = [ "node" ] ++ optionals cfg.master.enable [ "master" ]; - masterAddress = cfg.master.hostname; - apiserverAddress = "https://${cfg.master.hostname}:${toString cfg.master.port}"; - kubeconfig.server = "https://${cfg.master.hostname}:${toString cfg.master.port}"; - easyCerts = true; - apiserver = mkIf cfg.master.enable { - securePort = cfg.master.port; - advertiseAddress = cfg.master.ip; - }; - # TODO: Remove this when switching to 21.11 - controllerManager.extraOpts = "--horizontal-pod-autoscaler-use-rest-clients=false"; - # use coredns - addons.dns.enable = true; - - # needed if you use swap - kubelet.extraOpts = "--fail-swap-on=false --root-dir=/var/lib/kubelet"; - }; - }; -} diff --git a/systems/modules/profiles/laptop.nix b/systems/modules/profiles/laptop.nix @@ -1,18 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.laptop; -in -{ - options = { - profiles.laptop = { - enable = mkEnableOption "Enable laptop profile"; - }; - }; - config = mkIf cfg.enable { - warnings = [ "The option 'profiles.laptop' is deprecated, use 'modules.hardware.laptop' instead" ]; - # Use modules.hardware.enable instead - modules.hardware.laptop.enable = true; - }; -} diff --git a/systems/modules/profiles/mail.nix b/systems/modules/profiles/mail.nix @@ -1,23 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.mail; -in -{ - options = { - profiles.mail = { - enable = mkOption { - default = true; - description = "Enable mail profile"; - type = types.bool; - }; - }; - }; - config = mkIf (cfg.enable) { - sops.secrets.msmtprc = { - path = "/etc/msmtprc"; - }; - environment.systemPackages = with pkgs; [ msmtp ]; - }; -} diff --git a/systems/modules/profiles/nix-auto-update.nix b/systems/modules/profiles/nix-auto-update.nix @@ -1,79 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.nix-auto-update; -in -{ - options = { - profiles.nix-auto-update = { - enable = mkOption { - default = false; - description = "Enable nix-auto-update profile"; - type = types.bool; - }; - autoUpgrade = mkOption { - default = true; - description = "Automatically try to upgrade the system"; - type = types.bool; - }; - dates = mkOption { - default = "weekly"; - description = "Specification (in the format described by systemd.time(7)) of the time at which the auto-update will run. "; - type = types.str; - }; - version = mkOption { - default = "20.03"; - description = "System version (NixOS)"; - type = types.str; - }; - }; - }; - config = mkIf cfg.enable (mkMerge [ - { - system = { - stateVersion = cfg.version; - }; - } - ( - mkIf cfg.autoUpgrade { - systemd.services.nixos-update = { - description = "NixOS Upgrade"; - unitConfig.X-StopOnRemoval = false; - restartIfChanged = false; - serviceConfig.Type = "oneshot"; - environment = config.nix.envVars - // { - inherit (config.environment.sessionVariables) NIX_PATH; - HOME = "/root"; - }; - script = '' - export PATH=/run/current-system/sw/bin - cd /etc/nixos/ - make switch - ''; - startAt = cfg.dates; - onFailure = [ "status-email-root@%n.service" ]; - }; - systemd.services.etc-nixos-git-update = { - description = "Update NixOS source git repository"; - unitConfig.X-StopOnRemoval = false; - restartIfChanged = false; - serviceConfig.Type = "oneshot"; - serviceConfig.User = "vincent"; - environment = config.nix.envVars - // { - inherit (config.environment.sessionVariables) NIX_PATH; - }; - script = '' - export PATH=/run/current-system/sw/bin - cd /etc/nixos/ - git pull --rebase --autostash --recurse-submodules - ''; - startAt = "daily"; - onFailure = [ "status-email-root@%n.service" ]; - }; - } - ) - ]); -} diff --git a/systems/modules/profiles/printing.nix b/systems/modules/profiles/printing.nix @@ -1,21 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.printing; -in -{ - options = { - profiles.printing = { - enable = mkEnableOption "Enable printing profile"; - }; - }; - config = mkIf cfg.enable { - services = { - printing = { - enable = true; - drivers = [ pkgs.gutenprint ]; - }; - }; - }; -} diff --git a/systems/modules/profiles/qemu.nix b/systems/modules/profiles/qemu.nix @@ -1,50 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; -let - cfg = config.profiles.qemu-user; - arm = { - interpreter = "${pkgs.qemu-user-arm}/bin/qemu-arm"; - magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00''; - mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff''; - }; - aarch64 = { - interpreter = "${pkgs.qemu-user-arm64}/bin/qemu-aarch64"; - magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00''; - mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff''; - }; - riscv64 = { - interpreter = "${pkgs.qemu-riscv64}/bin/qemu-riscv64"; - magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00''; - mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff''; - }; -in -{ - options = { - profiles.qemu-user = { - arm = mkEnableOption "enable 32bit arm emulation"; - aarch64 = mkEnableOption "enable 64bit arm emulation"; - riscv64 = mkEnableOption "enable 64bit riscv emulation"; - }; - nix.supportedPlatforms = mkOption { - type = types.listOf types.str; - description = "extra platforms that nix will run binaries for"; - default = [ ]; - }; - }; - config = mkIf (cfg.arm || cfg.aarch64) { - nixpkgs = { - overlays = [ (import ../../../overlays/qemu/default.nix) ]; - }; - boot.binfmt.registrations = - optionalAttrs cfg.arm { inherit arm; } - // optionalAttrs cfg.aarch64 { inherit aarch64; } - // optionalAttrs cfg.riscv64 { inherit riscv64; }; - nix.supportedPlatforms = (optionals cfg.arm [ "armv6l-linux" "armv7l-linux" ]) - ++ (optional cfg.aarch64 "aarch64-linux"); - nix.extraOptions = '' - extra-platforms = ${toString config.nix.supportedPlatforms} i686-linux - ''; - nix.sandboxPaths = [ "/run/binfmt" ] ++ (optional cfg.arm "${pkgs.qemu-user-arm}") ++ (optional cfg.aarch64 "${pkgs.qemu-user-arm64}"); - }; -} diff --git a/systems/modules/profiles/scanning.nix b/systems/modules/profiles/scanning.nix @@ -1,24 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.scanning; -in -{ - options = { - profiles.scanning = { - enable = mkEnableOption "Enable scanning profile"; - }; - }; - config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - sane-frontends - sane-backends - simple-scan - ]; - hardware.sane = { - enable = true; - extraConfig = { "pixma" = "bjnp://192.168.1.16"; }; - }; - }; -} diff --git a/systems/modules/profiles/zsh.nix b/systems/modules/profiles/zsh.nix @@ -1,22 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.zsh; -in -{ - options = { - profiles.zsh = { - enable = mkOption { - default = true; - description = "Enable zsh profile"; - type = types.bool; - }; - }; - }; - config = mkIf cfg.enable { - programs.zsh = { - enable = true; - }; - }; -} diff --git a/users/vincent/default.nix b/users/vincent/default.nix @@ -24,7 +24,7 @@ in extraGroups = [ "wheel" "input" ] ++ optionals config.networking.networkmanager.enable [ "networkmanager" ] ++ optionals config.modules.desktop.enable [ "audio" "video" ] - ++ optionals config.profiles.scanning.enable [ "lp" "scanner" ] + # ++ optionals config.profiles.scanning.enable [ "lp" "scanner" ] ++ optionals config.networking.networkmanager.enable [ "networkmanager" ] ++ optionals config.virtualisation.docker.enable [ "docker" ] ++ optionals config.virtualisation.buildkitd.enable [ "buildkit" ] @@ -99,11 +99,11 @@ in ]; } ] - ++ optionals config.profiles.docker.enable [ - { - home.packages = with pkgs; [ docker docker-compose dive ]; - } - ] + # ++ optionals config.virtualisation.docker.enable [ + # { + # home.packages = with pkgs; [ docker docker-compose dive ]; + # } + # ] #++ optionals config.profiles.redhat.enable [{ # home.file.".local/share/applications/redhat-vpn.desktop".source = ./redhat/redhat-vpn.desktop; # home.packages = with pkgs; [ gnome3.zenity oathToolkit ];