Commit 4d81961
Changed files (6)
hosts
chaser-kevin
modules
nixos
desktop
vars
hosts/chaser-kevin/default.nix
@@ -23,13 +23,11 @@ in {
./boot.nix
];
- networking = {
- inherit hostName;
- inherit (myvars.networking) nameservers;
-
- # desktop need its cli for status bar
- networkmanager.enable = true;
- };
+ networking =
+ {
+ inherit hostName;
+ }
+ // myvars.networking.generateHostNetworking hostName;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
hosts/chaser-kevin/hardware-configuration.nix
@@ -51,13 +51,6 @@
{device = "/dev/disk/by-uuid/39640e68-8296-4cdb-ab16-b9dfcd4ae743";}
];
- # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
- # (the default) this is the recommended approach. When using systemd-networkd it's
- # still possible to use this option, but it's recommended to use it in conjunction
- # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
- networking.useDHCP = lib.mkDefault true;
- # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
-
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}
modules/base/system-packages.nix
@@ -1,4 +1,8 @@
-{pkgs, ...}: {
+{
+ pkgs,
+ config,
+ ...
+}: {
environment.variables.EDITOR = "hx";
environment.systemPackages = with pkgs; [
fastfetch
@@ -31,5 +35,12 @@
findutils
];
- services.aria2.enable = true;
+ services.aria2 = {
+ enable = true;
+ rpcSecretFile = config.sops.secrets.aria2-rpc-secret.path;
+ settings = {
+ enable-rpc = true;
+ rpc-listen-port = 6800;
+ };
+ };
}
modules/base/users.nix
@@ -1,4 +1,6 @@
{myvars, ...}: {
+ programs.ssh = myvars.networking.ssh;
+
users.users.${myvars.username} = {
description = myvars.userfullname;
openssh.authorizedKeys.keys = myvars.sshAuthorizedKeys;
modules/nixos/desktop/misc.nix
@@ -22,12 +22,5 @@
services = {
gvfs.enable = true; # Mount, trash, and other functionalities
tumbler.enable = true; # Thumbnail support for images
- aria2 = {
- rpcSecretFile = config.sops.secrets.aria2-rpc-secret.path;
- settings = {
- enable-rpc = true;
- rpc-listen-port = 6800;
- };
- };
};
}
vars/networking.nix
@@ -1,6 +1,79 @@
-{lib}: rec {
- nameservers = [
+{lib}: let
+ defaultNameservers = [
+ # IPv4
"119.29.29.29" # DNSPod
"223.5.5.5" # AliDNS
+ # IPv6
+ "2400:3200::1" # Alidns
+ "2606:4700:4700::1111" # Cloudflare
];
+in rec {
+ hosts = {
+ kevin = {
+ environment = {
+ nameservers = defaultNameservers;
+ };
+ useNetworkManager = true;
+ iface = "wlp0s20f3";
+ };
+ };
+
+ generateHostNetworking = hostName: let
+ hostData = hosts.${hostName};
+ env = hostData.environment;
+ in {
+ inherit (env) nameservers;
+ defaultGateway = lib.mkIf (env ? "defaultGateway6") env.defaultGateway;
+ defaultGateway6 = lib.mkIf (env ? "defaultGateway6") env.defaultGateway6;
+ search = lib.mkIf (env ? "search") env.search;
+
+ useNetworkd = lib.mkDefault (hostData.useNetworkd or false);
+ networkmanager.enable = lib.mkDefault (hostData.useNetworkManager or false);
+ useDHCP = lib.mkDefault (hostData.useNetworkManager or false);
+
+ interfaces."${hostData.iface}" = {
+ ipv4.addresses = lib.mkIf (hostData ? "ipv4" && hostData.useNetworkd or false) [
+ {
+ address = hostData.ipv4;
+ prefixLength = env.prefixLength or env.prefixLength4;
+ }
+ ];
+ ipv6.addresses = lib.mkIf (hostData ? "ipv6" && hostData.useNetworkd or false) [
+ {
+ address = hostData.ipv6;
+ prefixLength = env.prefixLength6;
+ }
+ ];
+ };
+ };
+
+ ssh = {
+ extraConfig = let
+ sshTargetHosts = lib.attrsets.filterAttrs (name: value: value ? "ipv4") hosts;
+ in
+ lib.attrsets.foldlAttrs
+ (acc: host: val:
+ acc
+ + ''
+ Host ${host}
+ HostName ${val.ipv4}
+ Port ${val.port or "22"}
+ '')
+ ""
+ sshTargetHosts;
+ knownHosts =
+ lib.attrsets.mapAttrs'
+ (
+ host: value:
+ lib.attrsets.nameValuePair
+ (value.ipv4)
+ {
+ inherit (value) publicKey;
+ hostNames = [host];
+ }
+ )
+ (
+ lib.attrsets.filterAttrs (n: v: v ? "publicKey") hosts
+ );
+ };
}