about summary refs log tree commit diff
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2022-12-17 20:35:36 +0300
committerAzat Bahawi <azat@bahawi.net>2022-12-17 20:35:36 +0300
commit313e18cb6119d4b03580d8d34fbec0c78bca872c (patch)
tree7d3f9583af9422c80fe20ae1dd1747e6b2c9b9a5
parent2022-12-17 (diff)
2022-12-17
-rw-r--r--darwinConfigurations/mairon/default.nix2
-rw-r--r--flake.nix16
-rw-r--r--lib/my.nix6
-rw-r--r--modules/nixos/openssh.nix21
-rw-r--r--modules/nixos/profiles/headful.nix1
-rw-r--r--nixosConfigurations/default.nix61
-rw-r--r--nixosConfigurations/iso/default.nix27
7 files changed, 97 insertions, 37 deletions
diff --git a/darwinConfigurations/mairon/default.nix b/darwinConfigurations/mairon/default.nix
index d574a08..86021c1 100644
--- a/darwinConfigurations/mairon/default.nix
+++ b/darwinConfigurations/mairon/default.nix
@@ -17,6 +17,6 @@ with lib; {
 
   networking = {
     computerName = mkForce this.hostname;
-    hostName = mkForce null;
+    hostName = mkForce null; # We don't want to override this.
   };
 }
diff --git a/flake.nix b/flake.nix
index 46d1252..e5c1e17 100644
--- a/flake.nix
+++ b/flake.nix
@@ -251,11 +251,23 @@
           overlays = [self.overlays.default];
         };
       in {
-        packages.default = pkgs.nixfiles;
+        # TODO Add packages from `self.overlay.default`.
+        packages = with lib;
+          (mapAttrs (_: c: c.config.system.build.toplevel)
+            (builtins.removeAttrs self.nixosConfigurations ["iso-arm" "iso-x86"]))
+          // (let
+            buildIsoImage = name: self.nixosConfigurations.${name}.config.system.build.isoImage;
+          in {
+            iso-arm = buildIsoImage "iso-arm";
+            iso-x86 = buildIsoImage "iso-x86";
+          })
+          // {
+            default = pkgs.nixfiles;
+          };
 
         apps.${system}.default = {
           type = "app";
-          package = "${self.packages.${system}.nixfiles}/bin/nixfiles";
+          package = "${self.packages.${system}.default}/bin/nixfiles";
         };
 
         devShells.default = pkgs.mkShell {
diff --git a/lib/my.nix b/lib/my.nix
index 9b999a5..08db155 100644
--- a/lib/my.nix
+++ b/lib/my.nix
@@ -148,6 +148,7 @@ with lib;
 
           configurations = {
             manwe = {
+              system = "x86_64-linux";
               isHeadless = true;
               ipv4 = {
                 gatewayAddress = "@IPV4_ADDRESS@";
@@ -252,6 +253,11 @@ with lib;
             mairon = {
               system = "aarch64-darwin";
               isHeadful = true;
+              wireguard = {
+                ipv4.address = "10.69.4.2";
+                ipv6.address = "fd69::4:2";
+                publicKey = "@PUBLIC_KEY@";
+              };
             };
 
             gothmog = {
diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix
index 00d2852..36b85f8 100644
--- a/modules/nixos/openssh.nix
+++ b/modules/nixos/openssh.nix
@@ -7,27 +7,32 @@
 with lib; let
   cfg = config.nixfiles.modules.openssh;
 in {
-  options.nixfiles.modules.openssh.server.enable =
-    mkEnableOption "OpenSSH server";
+  options.nixfiles.modules.openssh.server = {
+    enable = mkEnableOption "OpenSSH server";
+
+    port = mkOption {
+      description = "OpenSSH server port.";
+      type = types.port;
+      default = 22022; # Port 22 should be occupied by a tarpit.
+    };
+  };
 
   config = mkIf cfg.server.enable {
     programs.mosh.enable = true;
 
-    services = let
-      port = 22022; # Port 22 should be occupied by a tarpit.
-    in {
+    services = {
       openssh = {
         enable = true;
-        ports = [port];
+        ports = [cfg.server.port];
         logLevel = "VERBOSE"; # Required by fail2ban.
-        permitRootLogin = "no";
+        permitRootLogin = mkForce "no";
         passwordAuthentication = false;
       };
 
       fail2ban.jails.sshd = ''
         enabled = true
         mode = aggressive
-        port = ${toString port}
+        port = ${toString cfg.server.port}
       '';
     };
   };
diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix
index 01c442e..d15f004 100644
--- a/modules/nixos/profiles/headful.nix
+++ b/modules/nixos/profiles/headful.nix
@@ -68,7 +68,6 @@ in {
     programs = {
       iftop.enable = true;
       mtr.enable = true;
-      traceroute.enable = true;
     };
 
     services = {
diff --git a/nixosConfigurations/default.nix b/nixosConfigurations/default.nix
index 8ebeda4..1ca634a 100644
--- a/nixosConfigurations/default.nix
+++ b/nixosConfigurations/default.nix
@@ -25,34 +25,45 @@ with lib; let
         }
         // extraSpecialArgs;
     });
+
+  mkIso = system: {
+    this = {
+      hostname = "iso";
+      inherit system;
+      isHeadless = false;
+      isHeadful = false;
+    };
+    configuration = ./iso;
+    modules = with inputs; [
+      "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix"
+    ];
+  };
+
+  mkTest = this: {
+    modules = with inputs; [
+      "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
+      nixpkgs.nixosModules.notDetected
+    ];
+    inherit this;
+  };
 in
   mapAttrs' mkConfiguration {
-    # A dummy configuration to test the "headless" profile.
-    test-headless = {
-      modules = with inputs; [
-        "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
-        nixpkgs.nixosModules.notDetected
-      ];
-      this = {
-        hostname = "test-headless";
-        system = "x86_64-linux";
-        isHeadless = true;
-        isHeadful = false;
-      };
-    };
+    # ISO images.
+    iso-arm = mkIso "aarch64-linux";
+    iso-x86 = mkIso "x86_64-linux";
 
-    # A dummy configuration to test the "headful" profile.
-    test-headful = {
-      modules = with inputs; [
-        "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
-        nixpkgs.nixosModules.notDetected
-      ];
-      this = {
-        hostname = "test-headful";
-        system = "x86_64-linux";
-        isHeadless = false;
-        isHeadful = true;
-      };
+    # Dummy configuration test profiles.
+    test-headless = mkTest {
+      hostname = "test-headless";
+      system = "x86_64-linux";
+      isHeadless = true;
+      isHeadful = false;
+    };
+    test-headful = mkTest {
+      hostname = "test-headful";
+      system = "x86_64-linux";
+      isHeadless = false;
+      isHeadful = true;
     };
 
     # A beefy desktop: 7950x/rx6750xt/128GB.
diff --git a/nixosConfigurations/iso/default.nix b/nixosConfigurations/iso/default.nix
new file mode 100644
index 0000000..e435d0b
--- /dev/null
+++ b/nixosConfigurations/iso/default.nix
@@ -0,0 +1,27 @@
+{
+  lib,
+  pkgs,
+  ...
+}:
+with lib; {
+  secrets = mkForce {};
+
+  nixfiles.modules = {
+    git.client.enable = true;
+    openssh = {
+      client.enable = true;
+      server = {
+        enable = true;
+        port = 22;
+      };
+    };
+  };
+
+  programs.mtr.enable = true;
+
+  services.getty.autologinUser = mkForce my.username;
+
+  environment.noXlibs = false;
+
+  nixpkgs.config.allowBroken = true;
+}

Consider giving Nix/NixOS a try! <3