fix template + minor refactor

2022-10-31 10:41:17 +01:00 · 2022-10-31 10:41:17 +01:00 · cb011f8b4a
commit cb011f8b4a
parent 64b15ce4e0
6 changed files with 108 additions and 86 deletions
--- a/nixos/common/common.nix
+++ b/nixos/common/common.nix
@ -0,0 +1,78 @@
+{ config, lib, pkgs, ... }: {
+  imports = [
+    ./users
+    ./modules
+  ];
+
+  # Clean /tmp on boot.
+  boot.cleanTmpDir = true;
+
+  # Set your time zone.
+  time.timeZone = lib.mkDefault "Europe/Amsterdam";
+
+  # Systemd OOMd
+  # Fedora enables these options by default. See the 10-oomd-* files here:
+  # https://src.fedoraproject.org/rpms/systemd/tree/acb90c49c42276b06375a66c73673ac3510255
+  systemd.oomd = {
+    enableRootSlice = true;
+    enableUserServices = true;
+  };
+
+  # Nix Settings
+  nix = {
+    package = pkgs.nixUnstable;
+    settings = {
+      auto-optimise-store = true;
+      trusted-users = [ "root" "victor" ];
+      substituters = [
+        "https://cachix.cachix.org"
+        "https://nix-community.cachix.org"
+        "https://nixpkgs-review-bot.cachix.org"
+        "https://colmena.cachix.org"
+        "https://hyprland.cachix.org"
+        "https://cache.garnix.io"
+        "https://0x76-infra.cachix.org"
+        "https://webcord.cachix.org"
+      ];
+      trusted-public-keys = [
+        "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+        "nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
+        "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
+        "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+        "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
+        "0x76-infra.cachix.org-1:dC1qp+VEN3jj5pdK4URlXR9hf3atT+MnpKGu6PZjMc8="
+        "webcord.cachix.org-1:l555jqOZGHd2C9+vS8ccdh8FhqnGe8L78QrHNn+EFEs="
+      ];
+    };
+    optimise = {
+      automatic = true;
+      dates = [ "weekly" ];
+    };
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      randomizedDelaySec = "3h";
+      options = "--delete-older-than 7d";
+    };
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+  };
+
+  nixpkgs.config.allowUnfree = true;
+
+  # Limit the systemd journal to 100 MB of disk or the
+  # last 7 days of logs, whichever happens first.
+  services.journald.extraConfig = ''
+    SystemMaxUse=100M
+    MaxFileSec=7day
+  '';
+
+  # Enable SSH
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false;
+    permitRootLogin = lib.mkDefault "no";
+  };
+}
--- a/nixos/common/default.nix
+++ b/nixos/common/default.nix
@ -1,85 +1,14 @@
-{ config, lib, pkgs, inputs, ... }: {
-  imports = [
+{ inputs, lib, config, ... }: {
+  # This file deals with everything requiring `inputs`, the rest being delagated to `common.nix`
+  # this is because we can't import inputs from all contexts as that can lead to infinite recursion.
+  import = [
+    ./common.nix
    inputs.vault-secrets.nixosModules.vault-secrets
-    ./users
-    ./modules
  ];

-  # Clean /tmp on boot.
-  boot.cleanTmpDir = true;
+  nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
+  nix.registry.nixpkgs.flake =  inputs.nixpkgs;

-  # Set your time zone.
-  time.timeZone = lib.mkDefault "Europe/Amsterdam";
-
-  # Systemd OOMd
-  # Fedora enables these options by default. See the 10-oomd-* files here:
-  # https://src.fedoraproject.org/rpms/systemd/tree/acb90c49c42276b06375a66c73673ac3510255
-  systemd.oomd = {
-    enableRootSlice = true;
-    enableUserServices = true;
-  };
-
-  # Nix Settings
-  nix = {
-    nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
-    package = pkgs.nixUnstable;
-    registry.nixpkgs.flake = inputs.nixpkgs;
-    settings = {
-      auto-optimise-store = true;
-      trusted-users = [ "root" "victor" ];
-      substituters = [
-        "https://cachix.cachix.org"
-        "https://nix-community.cachix.org"
-        "https://nixpkgs-review-bot.cachix.org"
-        "https://colmena.cachix.org"
-        "https://hyprland.cachix.org"
-        "https://cache.garnix.io"
-        "https://0x76-infra.cachix.org"
-        "https://webcord.cachix.org"
-      ];
-      trusted-public-keys = [
-        "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
-        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-        "nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
-        "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
-        "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
-        "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
-        "0x76-infra.cachix.org-1:dC1qp+VEN3jj5pdK4URlXR9hf3atT+MnpKGu6PZjMc8="
-        "webcord.cachix.org-1:l555jqOZGHd2C9+vS8ccdh8FhqnGe8L78QrHNn+EFEs="
-      ];
-    };
-    optimise = {
-      automatic = true;
-      dates = [ "weekly" ];
-    };
-    gc = {
-      automatic = true;
-      dates = "weekly";
-      randomizedDelaySec = "3h";
-      options = "--delete-older-than 7d";
-    };
-    extraOptions = ''
-      experimental-features = nix-command flakes
-    '';
-  };
-
-  nixpkgs.config.allowUnfree = true;
-
-  # Limit the systemd journal to 100 MB of disk or the
-  # last 7 days of logs, whichever happens first.
-  services.journald.extraConfig = ''
-    SystemMaxUse=100M
-    MaxFileSec=7day
-  '';
-
-  # Enable SSH
-  services.openssh = {
-    enable = true;
-    passwordAuthentication = false;
-    permitRootLogin = "no";
-  };
-
-  # Configure vault-secrets based on domain
  vault-secrets = let
    inherit (config.networking) domain hostName;
    server = if domain == "olympus" then "vault" else "vault-0";
@ -88,4 +17,4 @@
    vaultAddress = "http://${server}.${domain}:8200/";
    approlePrefix = "${domain}-${hostName}";
  };
-}
+}