diff options
| author | Ethel Morgan <eth@ethulhu.co.uk> | 2020-05-29 21:45:44 +0100 |
|---|---|---|
| committer | Ethel Morgan <eth@ethulhu.co.uk> | 2020-05-29 21:45:44 +0100 |
| commit | 433a9ffcbddda74b0449eba251246a60221ae7cd (patch) | |
| tree | 94792eabcb1e30b1f452ea18fd9c70e267aa4180 /modules | |
| parent | 1d6f6c4c6f4823d1b969c6309ad2d472441b7b16 (diff) | |
better mirror upstream nixpkgs layout
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/keyboard.nix | 24 | ||||
| -rw-r--r-- | modules/linode.nix | 38 | ||||
| -rw-r--r-- | modules/overlays.nix | 22 | ||||
| -rw-r--r-- | modules/programs/dwm.nix | 22 | ||||
| -rw-r--r-- | modules/services/catbus-bridge-snapcast.nix | 93 | ||||
| -rw-r--r-- | modules/services/dlnatoad.nix | 49 | ||||
| -rw-r--r-- | modules/services/helix-player.nix | 54 | ||||
| -rw-r--r-- | modules/services/mosquitto.nix | 90 | ||||
| -rw-r--r-- | modules/services/snapclient.nix | 44 | ||||
| -rw-r--r-- | modules/services/ssh.nix | 29 | ||||
| -rw-r--r-- | modules/services/upmpdcli.nix | 82 | ||||
| -rw-r--r-- | modules/users.nix | 42 | ||||
| -rw-r--r-- | modules/yubikey.nix | 47 |
13 files changed, 0 insertions, 636 deletions
diff --git a/modules/keyboard.nix b/modules/keyboard.nix deleted file mode 100644 index 69ab14a..0000000 --- a/modules/keyboard.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; - -let - cfg = config.eth.keyboard; - -in { - - options.eth.keyboard = { - enable = mkEnableOption "Eth's keyboard preferences"; - }; - - config = mkIf cfg.enable { - - console.useXkbConfig = true; - - services.xserver = { - layout = "us"; - xkbVariant = "colemak"; - xkbOptions = "caps:escape"; - }; - - }; -} diff --git a/modules/linode.nix b/modules/linode.nix deleted file mode 100644 index d70c929..0000000 --- a/modules/linode.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, pkgs, lib, ... }: -with lib; - -# from https://www.linode.com/docs/tools-reference/custom-kernels-distros/install-nixos-on-linode/. - -let - cfg = config.eth.linode; - -in { - - options.eth.linode = { - enable = mkEnableOption "good defaults for Linodes"; - }; - - config = mkIf cfg.enable { - - # Enable LISH serial console. - boot.kernelParams = [ "console=ttyS0,19200n8" ]; - boot.loader.grub.extraConfig = '' - serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1; - terminal_input serial; - terminal_output serial; - ''; - - # GRUB has issues with Linode, - # so this ignores the warnings. - boot.loader.grub.forceInstall = true; - - # A long timeout to cope with LISH delays. - boot.loader.timeout = 10; - - boot.loader.grub = { - enable = true; - version = 2; - device = "nodev"; # "nodev" for EFI. - }; - }; -} diff --git a/modules/overlays.nix b/modules/overlays.nix deleted file mode 100644 index 423275c..0000000 --- a/modules/overlays.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; - -let - cfg = config.eth.overlays; - - mozilla = import (builtins.fetchTarball - "https://github.com/mozilla/nixpkgs-mozilla/archive/master.tar.gz"); - - eth = import ../pkgs; - -in { - options.eth.overlays = { - eth = mkEnableOption "Eth (yours truly)"; - mozilla = mkEnableOption "Mozilla (Rust, Firefox, etc)"; - }; - - config.nixpkgs.overlays = builtins.concatLists [ - ( if cfg.eth then [ eth ] else [] ) - ( if cfg.mozilla then [ mozilla ] else [] ) - ]; -} diff --git a/modules/programs/dwm.nix b/modules/programs/dwm.nix deleted file mode 100644 index c158a5e..0000000 --- a/modules/programs/dwm.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; - -let - cfg = config.eth.programs.dwm; - -in { - options.eth.programs.dwm = { - enable = mkEnableOption "Whether to enable dwm"; - }; - - config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.eth.dwm ]; - services.xserver.windowManager.session = singleton { - name = "dwm"; - start = '' - ${pkgs.eth.dwm}/bin/dwm & - waitPID=$! - ''; - }; - }; -} diff --git a/modules/services/catbus-bridge-snapcast.nix b/modules/services/catbus-bridge-snapcast.nix deleted file mode 100644 index 6e7badf..0000000 --- a/modules/services/catbus-bridge-snapcast.nix +++ /dev/null @@ -1,93 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; - -let - - cfg = config.eth.services.catbus-bridge-snapcast; - - configJSON = pkgs.writeText "config.json" '' - { - "broker_host": "${cfg.mqttBroker.host}", - "broker_port": ${toString cfg.mqttBroker.port}, - - "snapserver_host": "${cfg.snapserver.host}", - "snapserver_port": ${toString cfg.snapserver.port}, - - "topic_input": "${cfg.topics.input}", - - "snapcast_group_id": "${cfg.snapcastGroupID}" - } - ''; - -in { - - options.eth.services.catbus-bridge-snapcast = { - - enable = mkEnableOption "Whether to enable the Catbus Snapcast bridge"; - - mqttBroker = { - host = mkOption { - type = types.str; - description = "Host of the MQTT broker."; - example = "localhost"; - }; - port = mkOption { - type = types.int; - description = "Port of the MQTT broker."; - default = 1883; - }; - }; - - snapserver = { - host = mkOption { - type = types.str; - description = "Host of the Snapserver."; - example = "localhost"; - }; - port = mkOption { - type = types.int; - description = "Port of the Snapserver."; - default = 1705; - }; - }; - - topics = { - input = mkOption { - type = types.str; - description = "MQTT topic for controlling the Snapcast group input"; - example = "home/house/speakers/input_enum"; - }; - }; - - snapcastGroupID = mkOption { - type = types.str; - description = "The ID of the Snapcast group to control"; - example = "352aba34-0ba8-8a4e-9f46-cb634b1c800a"; - }; - }; - - - config = mkIf cfg.enable { - systemd.services.catbus-bridge-snapcast = { - enable = true; - description = "Control Snapcast via Catbus"; - wants = [ "network.target" ]; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - DynamicUser = true; - - ExecStart = "${pkgs.eth.catbus-snapcast}/bin/catbus-bridge-snapcast --config-path ${configJSON}"; - - NoNewPrivileges = true; - ProtectKernelTunables = true; - ProtectControlGroups = true; - ProtectKernelModules = true; - RestrictAddressFamilies = "AF_INET AF_INET6"; - RestrictNamespaces = true; - }; - }; - }; - -} - diff --git a/modules/services/dlnatoad.nix b/modules/services/dlnatoad.nix deleted file mode 100644 index 8f50c72..0000000 --- a/modules/services/dlnatoad.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; - -let - cfg = config.eth.services.dlnatoad; - - systemdDirectoryName = "dlnatoad"; - cacheDirectory = "/var/cache/${systemdDirectoryName}"; - -in { - - options.eth.services.dlnatoad = { - enable = mkEnableOption "Whether to enable DLNAtoad"; - - directories = mkOption { - type = types.listOf types.str; - default = []; - description = "A list of paths to index & serve."; - example = [ "/mnt/md0/media" ]; - }; - }; - - - config = mkIf cfg.enable { - systemd.services.dlnatoad = { - enable = true; - description = "DLNAtoad UPnP ContentDirectory service"; - wants = [ "network.target" ]; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.ffmpeg ]; - serviceConfig = { - DynamicUser = true; - - CacheDirectory = systemdDirectoryName; - - ExecStart = "${pkgs.eth.dlnatoad}/bin/dlnatoad ${concatStringsSep " " cfg.directories} --db ${cacheDirectory}/db --thumbs ${cacheDirectory} --verbose"; - - NoNewPrivileges = true; - ProtectHome = true; - ProtectKernelTunables = true; - ProtectControlGroups = true; - ProtectKernelModules = true; - }; - }; - }; - -} - diff --git a/modules/services/helix-player.nix b/modules/services/helix-player.nix deleted file mode 100644 index 977e263..0000000 --- a/modules/services/helix-player.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; - -let - - cfg = config.eth.services.helix-player; - - systemdDirectoryName = "helix-player"; - runtimeDirectory = "/run/${systemdDirectoryName}"; - socket = "${runtimeDirectory}/listen.sock"; - -in { - - options.eth.services.helix-player = { - - enable = mkEnableOption "Whether to enable helix-player"; - - socket = mkOption { - type = types.str; - readOnly = true; - description = "Path of the UNIX socket to listen on."; - example = socket; - }; - }; - - - config = mkIf cfg.enable { - - eth.services.helix-player.socket = socket; - - systemd.services.helix-player = { - enable = true; - description = "Helix UPnP player & controller"; - wants = [ "network.target" ]; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - DynamicUser = true; - Group = config.services.nginx.group; - - RuntimeDirectory = systemdDirectoryName; - - ExecStart = "${pkgs.eth.helix}/bin/helix-player -socket ${socket}"; - - NoNewPrivileges = true; - ProtectHome = true; - ProtectKernelTunables = true; - ProtectControlGroups = true; - ProtectKernelModules = true; - }; - }; - }; - -} diff --git a/modules/services/mosquitto.nix b/modules/services/mosquitto.nix deleted file mode 100644 index fecf8a4..0000000 --- a/modules/services/mosquitto.nix +++ /dev/null @@ -1,90 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; - -let - - cfg = config.eth.services.mosquitto; - - systemdDirectoryName = "mosquitto"; - stateDirectory = "/var/lib/${systemdDirectoryName}"; - runtimeDirectory = "/run/${systemdDirectoryName}"; - - mosquittoConf = pkgs.writeText "mosquitto.conf" '' - ${optionalString cfg.mqtt.enable '' - listener ${toString cfg.mqtt.port} ${optionalString (cfg.mqtt.host != "") cfg.mqtt.host} - ''} - - ${optionalString cfg.websockets.enable '' - listener ${toString cfg.websockets.port} ${optionalString (cfg.websockets.host != "") cfg.websockets.host} - protocol websockets - ''} - - ${optionalString cfg.persistence '' - persistence true - persistence_location ${stateDirectory}/ - ''} - ''; - -in { - - options.eth.services.mosquitto = { - - enable = mkEnableOption "Whether to enable mosquitto."; - - persistence = mkOption { - type = types.bool; - default = true; - }; - - mqtt = { - enable = mkEnableOption "Whether to listen on unencrypted MQTT."; - host = mkOption { - type = types.str; - default = ""; - example = "10.11.12.14"; - }; - port = mkOption { - type = types.int; - default = 1883; - }; - }; - - websockets = { - enable = mkEnableOption "Whether to listen on unencrypted Websockets."; - host = mkOption { - type = types.str; - default = ""; - example = "10.11.12.14"; - }; - port = mkOption { - type = types.int; - default = 1884; - }; - }; - - }; - - config = mkIf cfg.enable { - - systemd.services.mosquitto = { - enable = true; - description = "Mosquitto MQTT broker"; - wants = [ "network.target" ]; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - DynamicUser = true; - RuntimeDirectory = systemdDirectoryName; - StateDirectory = systemdDirectoryName; - ExecStart = "${pkgs.mosquitto}/bin/mosquitto -c ${mosquittoConf}"; - NoNewPrivileges = true; - ProtectHome = true; - ProtectKernelTunables = true; - ProtectControlGroups = true; - ProtectKernelModules = true; - RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX"; - RestrictNamespaces = true; - }; - }; - }; -} diff --git a/modules/services/snapclient.nix b/modules/services/snapclient.nix deleted file mode 100644 index 9f93131..0000000 --- a/modules/services/snapclient.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; - -let - - cfg = config.eth.services.snapclient; - -in { - - options.eth.services.snapclient = { - - enable = mkEnableOption "Whether to enable snapclient."; - - hostID = mkOption { - type = types.str; - default = config.networking.hostName; - description = "The name to give to the snapserver."; - example = "Living Room"; - }; - }; - - config = mkIf cfg.enable { - - systemd.services.snapclient = { - enable = true; - description = "Snapcast client"; - wants = [ "network.target" "sound.target" ]; - after = [ "network.target" "sound.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - DynamicUser = "yes"; - Group = "audio"; - ExecStart = "${pkgs.snapcast}/bin/snapclient --hostID ${escapeShellArg cfg.hostID}"; - NoNewPrivileges = true; - ProtectHome = true; - ProtectKernelTunables = true; - ProtectControlGroups = true; - ProtectKernelModules = true; - RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX"; - RestrictNamespaces = true; - }; - }; - }; -} diff --git a/modules/services/ssh.nix b/modules/services/ssh.nix deleted file mode 100644 index d965472..0000000 --- a/modules/services/ssh.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; - -let - cfg = config.eth.services.ssh; - -in { - options.eth.services.ssh = { - enable = mkEnableOption "Whether to enable SSHd with Eth's defaults."; - - passwordAuthentication = mkOption { - type = types.bool; - default = false; - description = "Whether to allow password authentication. Occasionally useful, used sparingly."; - }; - }; - - config = mkIf cfg.enable { - - security.pam.enableSSHAgentAuth = true; - security.pam.services.sudo.sshAgentAuth = true; - - services.openssh = { - enable = true; - permitRootLogin = "no"; - passwordAuthentication = cfg.passwordAuthentication; - }; - }; -} diff --git a/modules/services/upmpdcli.nix b/modules/services/upmpdcli.nix deleted file mode 100644 index d301a49..0000000 --- a/modules/services/upmpdcli.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; - -let - cfg = config.eth.services.upmpdcli; - - cacheDir = "upmpdcli"; - - upmpdConf = pkgs.writeText "upmpd.conf" '' - cachedir = /var/cache/${cacheDir} - - friendlyname = ${cfg.friendlyName} - - mpdhost = ${cfg.mpd.host} - mpdport = ${toString cfg.mpd.port} - - ${optionalString (cfg.mpd.password != "") "${cfg.mpd.password}"} - - ${cfg.extraConfig} - ''; - -in { - options.eth.services.upmpdcli = { - enable = mkEnableOption "Run upmpdcli server"; - - friendlyName = mkOption { - type = types.str; - default = "UpMpd (${config.networking.hostName})"; - description = "Friendly Name used for UPnP discovery."; - }; - - mpd = { - host = mkOption { - type = types.str; - default = config.services.mpd.network.listenAddress; - description = "Host of the MPD server."; - }; - port = mkOption { - type = types.int; - default = config.services.mpd.network.port; - description = "Port of the MPD server."; - }; - password = mkOption { - type = types.str; - default = ""; - description = "Password of the MPD server."; - }; - }; - - extraConfig = mkOption { - type = types.lines; - default = ""; - }; - }; - - config = mkIf cfg.enable { - systemd.services.upmpdcli = { - enable = true; - description = ""; - wants = [ "network.target" ]; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.openssl pkgs.python3 ]; - serviceConfig = { - DynamicUser = true; - - CacheDirectory = cacheDir; - - Type = "simple"; - ExecStart="${pkgs.eth.upmpdcli}/bin/upmpdcli -c ${upmpdConf}"; - Restart = "always"; - RestartSec = "1min"; - - NoNewPrivileges = true; - ProtectHome = true; - ProtectKernelTunables = true; - ProtectControlGroups = true; - ProtectKernelModules = true; - }; - }; - }; -} diff --git a/modules/users.nix b/modules/users.nix deleted file mode 100644 index ea08cf5..0000000 --- a/modules/users.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; - -let - cfg = config.eth.users; - - defaultPackages = with pkgs; [ - direnv - dnsutils - killall - tmux - vim - wget - ]; - -in { - - options.eth.users = { - eth = { - enable = mkEnableOption "Create the user eth"; - - extraPackages = mkOption { - type = types.listOf types.package; - default = []; - }; - }; - }; - - config = { - - users.users.eth = mkIf cfg.eth.enable { - isNormalUser = true; - extraGroups = [ "wheel" ]; - shell = pkgs.fish; - packages = defaultPackages ++ cfg.eth.extraPackages; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqcW3HzqQxPUjZteAs5HmDbCEAtHcThnj7qfJacEXBmpO5srinU3mhV/EhrqcAMkEoEIS2az2uQQEsF13nEqDD1uZh/Q7qwEnZepzElgBOIToQ+Np2qziRExV3ROBddJfmD3XBTPc7wA5BohYku+eCsfR37ZrRTgKUIALhZ4MSRxgQqnhtgaxHpL2Nk6ZdxRHO1ISlcmiWhOETP0fj76zN4+CgSv4rkPdYxKYpWVT8XTdKgu6ENbAPbOBzplui9MmrdS17ZaWy0KrKCiyMjhA5qSsOxWLXKL9P8lRuuXkWAl5cpt3vWWKAOzlLV1UCUbtlBblyH2KkeIKfO8AC45wX keychain@eth.moe" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGf+geluXR5/hxK2OthfS+bG+7QbUVqV25bslT4KgMid+zkOVeWfA49n8/iuXUjYZmB0hP9oiFkM1wjFfC5JtET1OX3V8r0nuexXfhvG4gtWIk6Yw5HfPLv1qYYti4SrPKgQlP+C2i6WjHO6Y4VWSpJkgXgO+XvEa57fGSsjcy3rV6l/B56tpIhNchvwVxm1gHJnb4eZAKtQYcz8Pven2TFNFGLMMzQ7Y7JWAH80TDrdUywxfktaKmswo4rQ6i3zUKXrzaPuaH+egoNLqfZqM3+Q92PWs8bU2Y7uxXUQJXD32KuStRUwEz32A+O55nVVGTrnwKUUqnx9H04KCYBOVP backup@eth.moe" - ]; - }; - }; -} diff --git a/modules/yubikey.nix b/modules/yubikey.nix deleted file mode 100644 index 0c16807..0000000 --- a/modules/yubikey.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; - -let - cfg = config.eth.yubikey; - -in { - - options.eth.yubikey = { - enable = mkEnableOption "Set up Yubikey"; - }; - - config = mkIf cfg.enable { - - hardware.u2f.enable = true; - - programs.ssh.startAgent = false; - - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - pinentryFlavor = "curses"; - }; - - services.pcscd.enable = true; - - services.udev.packages = with pkgs; [ - libu2f-host - yubikey-personalization - ]; - - environment.systemPackages = with pkgs; [ - gnupg - pinentry-curses - ]; - - environment.shellInit = '' - gpg-connect-agent /bye - export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) - ''; - programs.fish.shellInit = '' - gpg-connect-agent /bye - set -Ux SSH_AUTH_SOCK (gpgconf --list-dirs agent-ssh-socket) - ''; - - }; -} |