From 313e18cb6119d4b03580d8d34fbec0c78bca872c Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Sat, 17 Dec 2022 20:35:36 +0300 Subject: 2022-12-17 --- darwinConfigurations/mairon/default.nix | 2 +- flake.nix | 16 +++++++-- lib/my.nix | 6 ++++ modules/nixos/openssh.nix | 21 +++++++----- modules/nixos/profiles/headful.nix | 1 - nixosConfigurations/default.nix | 61 +++++++++++++++++++-------------- nixosConfigurations/iso/default.nix | 27 +++++++++++++++ 7 files changed, 97 insertions(+), 37 deletions(-) create mode 100644 nixosConfigurations/iso/default.nix diff --git a/darwinConfigurations/mairon/default.nix b/darwinConfigurations/mairon/default.nix index d574a08..86021c1 100644 --- a/darwinConfigurations/mairon/default.nix +++ b/darwinConfigurations/mairon/default.nix @@ -17,6 +17,6 @@ with lib; { networking = { computerName = mkForce this.hostname; - hostName = mkForce null; + hostName = mkForce null; # We don't want to override this. }; } diff --git a/flake.nix b/flake.nix index 46d1252..e5c1e17 100644 --- a/flake.nix +++ b/flake.nix @@ -251,11 +251,23 @@ overlays = [self.overlays.default]; }; in { - packages.default = pkgs.nixfiles; + # TODO Add packages from `self.overlay.default`. + packages = with lib; + (mapAttrs (_: c: c.config.system.build.toplevel) + (builtins.removeAttrs self.nixosConfigurations ["iso-arm" "iso-x86"])) + // (let + buildIsoImage = name: self.nixosConfigurations.${name}.config.system.build.isoImage; + in { + iso-arm = buildIsoImage "iso-arm"; + iso-x86 = buildIsoImage "iso-x86"; + }) + // { + default = pkgs.nixfiles; + }; apps.${system}.default = { type = "app"; - package = "${self.packages.${system}.nixfiles}/bin/nixfiles"; + package = "${self.packages.${system}.default}/bin/nixfiles"; }; devShells.default = pkgs.mkShell { diff --git a/lib/my.nix b/lib/my.nix index 9b999a5..08db155 100644 --- a/lib/my.nix +++ b/lib/my.nix @@ -148,6 +148,7 @@ with lib; configurations = { manwe = { + system = "x86_64-linux"; isHeadless = true; ipv4 = { gatewayAddress = "@IPV4_ADDRESS@"; @@ -252,6 +253,11 @@ with lib; mairon = { system = "aarch64-darwin"; isHeadful = true; + wireguard = { + ipv4.address = "10.69.4.2"; + ipv6.address = "fd69::4:2"; + publicKey = "@PUBLIC_KEY@"; + }; }; gothmog = { diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix index 00d2852..36b85f8 100644 --- a/modules/nixos/openssh.nix +++ b/modules/nixos/openssh.nix @@ -7,27 +7,32 @@ with lib; let cfg = config.nixfiles.modules.openssh; in { - options.nixfiles.modules.openssh.server.enable = - mkEnableOption "OpenSSH server"; + options.nixfiles.modules.openssh.server = { + enable = mkEnableOption "OpenSSH server"; + + port = mkOption { + description = "OpenSSH server port."; + type = types.port; + default = 22022; # Port 22 should be occupied by a tarpit. + }; + }; config = mkIf cfg.server.enable { programs.mosh.enable = true; - services = let - port = 22022; # Port 22 should be occupied by a tarpit. - in { + services = { openssh = { enable = true; - ports = [port]; + ports = [cfg.server.port]; logLevel = "VERBOSE"; # Required by fail2ban. - permitRootLogin = "no"; + permitRootLogin = mkForce "no"; passwordAuthentication = false; }; fail2ban.jails.sshd = '' enabled = true mode = aggressive - port = ${toString port} + port = ${toString cfg.server.port} ''; }; }; diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix index 01c442e..d15f004 100644 --- a/modules/nixos/profiles/headful.nix +++ b/modules/nixos/profiles/headful.nix @@ -68,7 +68,6 @@ in { programs = { iftop.enable = true; mtr.enable = true; - traceroute.enable = true; }; services = { diff --git a/nixosConfigurations/default.nix b/nixosConfigurations/default.nix index 8ebeda4..1ca634a 100644 --- a/nixosConfigurations/default.nix +++ b/nixosConfigurations/default.nix @@ -25,34 +25,45 @@ with lib; let } // extraSpecialArgs; }); + + mkIso = system: { + this = { + hostname = "iso"; + inherit system; + isHeadless = false; + isHeadful = false; + }; + configuration = ./iso; + modules = with inputs; [ + "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix" + ]; + }; + + mkTest = this: { + modules = with inputs; [ + "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" + nixpkgs.nixosModules.notDetected + ]; + inherit this; + }; in mapAttrs' mkConfiguration { - # A dummy configuration to test the "headless" profile. - test-headless = { - modules = with inputs; [ - "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" - nixpkgs.nixosModules.notDetected - ]; - this = { - hostname = "test-headless"; - system = "x86_64-linux"; - isHeadless = true; - isHeadful = false; - }; - }; + # ISO images. + iso-arm = mkIso "aarch64-linux"; + iso-x86 = mkIso "x86_64-linux"; - # A dummy configuration to test the "headful" profile. - test-headful = { - modules = with inputs; [ - "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" - nixpkgs.nixosModules.notDetected - ]; - this = { - hostname = "test-headful"; - system = "x86_64-linux"; - isHeadless = false; - isHeadful = true; - }; + # Dummy configuration test profiles. + test-headless = mkTest { + hostname = "test-headless"; + system = "x86_64-linux"; + isHeadless = true; + isHeadful = false; + }; + test-headful = mkTest { + hostname = "test-headful"; + system = "x86_64-linux"; + isHeadless = false; + isHeadful = true; }; # A beefy desktop: 7950x/rx6750xt/128GB. diff --git a/nixosConfigurations/iso/default.nix b/nixosConfigurations/iso/default.nix new file mode 100644 index 0000000..e435d0b --- /dev/null +++ b/nixosConfigurations/iso/default.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + ... +}: +with lib; { + secrets = mkForce {}; + + nixfiles.modules = { + git.client.enable = true; + openssh = { + client.enable = true; + server = { + enable = true; + port = 22; + }; + }; + }; + + programs.mtr.enable = true; + + services.getty.autologinUser = mkForce my.username; + + environment.noXlibs = false; + + nixpkgs.config.allowBroken = true; +} -- cgit v1.2.3