diff --git a/modules/nixos/apps/yubikey/default.nix b/modules/nixos/apps/yubikey/default.nix index f8af252..5480251 100644 --- a/modules/nixos/apps/yubikey/default.nix +++ b/modules/nixos/apps/yubikey/default.nix @@ -1,14 +1,14 @@ { - options, config, pkgs, lib, ... -}: -with lib; let +}: let + inherit (lib) mkEnableOption mkIf; + cfg = config.aa.apps.yubikey; in { - options.aa.apps.yubikey = with types; { + options.aa.apps.yubikey = { enable = mkEnableOption "yubikey"; }; @@ -25,7 +25,6 @@ in { security.pam.yubico = { enable = true; - #debug = true; mode = "challenge-response"; # Uncomment below for 2FA #control = "required"; diff --git a/modules/nixos/archetypes/workstation/default.nix b/modules/nixos/archetypes/workstation/default.nix index ab90ce7..1b4c8be 100644 --- a/modules/nixos/archetypes/workstation/default.nix +++ b/modules/nixos/archetypes/workstation/default.nix @@ -1,14 +1,13 @@ { - options, config, - pkgs, lib, ... -}: -with lib; let +}: let + inherit (lib) mkIf mkEnableOption; + cfg = config.aa.archetypes.workstation; in { - options.aa.archetypes.workstation = with types; { + options.aa.archetypes.workstation = { enable = mkEnableOption "workstation archetype"; }; diff --git a/modules/nixos/hardware/audio/default.nix b/modules/nixos/hardware/audio/default.nix index bc8a8a4..793659c 100644 --- a/modules/nixos/hardware/audio/default.nix +++ b/modules/nixos/hardware/audio/default.nix @@ -1,14 +1,14 @@ { - options, config, lib, pkgs, ... -}: -with lib; let +}: let + inherit (lib) mkEnableOption mkIf; + cfg = config.aa.hardware.audio; in { - options.aa.hardware.audio = with types; { + options.aa.hardware.audio = { enable = mkEnableOption "audio"; }; diff --git a/modules/nixos/hardware/bluetooth/default.nix b/modules/nixos/hardware/bluetooth/default.nix index 69bc0c7..543cc2f 100644 --- a/modules/nixos/hardware/bluetooth/default.nix +++ b/modules/nixos/hardware/bluetooth/default.nix @@ -1,14 +1,13 @@ { - options, config, lib, - pkgs, ... -}: -with lib; let +}: let + inherit (lib) mkIf mkEnableOption; + cfg = config.aa.hardware.bluetooth; in { - options.aa.hardware.bluetooth = with types; { + options.aa.hardware.bluetooth = { enable = mkEnableOption "bluetooth"; }; @@ -17,4 +16,3 @@ in { services.blueman.enable = true; }; } - diff --git a/modules/nixos/hardware/tlp/default.nix b/modules/nixos/hardware/tlp/default.nix index f45d3e6..e0aa95d 100644 --- a/modules/nixos/hardware/tlp/default.nix +++ b/modules/nixos/hardware/tlp/default.nix @@ -1,14 +1,13 @@ { - options, config, - pkgs, lib, ... -}: -with lib; let +}: let + inherit (lib) mkEnableOption mkIf; + cfg = config.aa.hardware.tlp; in { - options.aa.hardware.tlp = with types; { + options.aa.hardware.tlp = { enable = mkEnableOption "tlp"; }; diff --git a/modules/nixos/nix/default.nix b/modules/nixos/nix/default.nix index fbad572..6afd7e0 100644 --- a/modules/nixos/nix/default.nix +++ b/modules/nixos/nix/default.nix @@ -1,18 +1,18 @@ { - options, config, pkgs, lib, ... -}: -with lib; let +}: let + inherit (lib) mkIf mkEnableOption mkOption types; + cfg = config.aa.nix; selfHostedCacheHost = "https://cache.kilonull.com/"; in { - options.aa.nix = with types; { + options.aa.nix = { enable = mkEnableOption "manage nix configuration."; package = mkOption { - type = package; + type = types.package; default = pkgs.nixVersions.git; description = "Which nix package to use."; }; @@ -46,9 +46,8 @@ in { ] else []; trusted-public-keys = - if cfg.useSelfhostedCache - then ["gospelCache:9cbn8Wm54BbwpPS0TXw+15wrYZBpfOJt4Fzfbfcq/pc="] - else []; + mkIf cfg.useSelfhostedCache + ["gospelCache:9cbn8Wm54BbwpPS0TXw+15wrYZBpfOJt4Fzfbfcq/pc="]; }; # TODO: Configure distributedBuilds and buildMachines? @@ -58,12 +57,6 @@ in { dates = "weekly"; options = "--delete-older-than 30d"; }; - - # TODO: Not sure if I want this - # flake-utils-plus - # generateRegistryFromInputs = true; - # generateNixPathFromInputs = true; - # linkInputs = true; }; }; } diff --git a/modules/nixos/security/acme/default.nix b/modules/nixos/security/acme/default.nix index ff54ce1..8af3e96 100644 --- a/modules/nixos/security/acme/default.nix +++ b/modules/nixos/security/acme/default.nix @@ -1,18 +1,17 @@ { - options, config, lib, - pkgs, - format, + namespace, ... -}: -with lib; let +}: let + inherit (lib) mkOption mkEnableOption mkIf types; + cfg = config.aa.security.acme; in { - options.aa.security.acme = with types; { + options.aa.security.acme = { enable = mkEnableOption "Automatic Certificate Management Environment (ACME)"; useStaging = mkOption { - type = bool; + type = types.bool; description = '' Use the staging environment (use when configuring for the first time to avoid being locked out). @@ -20,16 +19,16 @@ in { default = false; }; domainName = mkOption { - type = str; + type = types.str; description = "The domain to request a wildcard cert for."; }; isWildcard = mkOption { - type = bool; + type = types.bool; default = true; description = "Whether or not to request a wildcard cert."; }; dnsCredentialsFile = mkOption { - type = path; + type = types.path; description = "The path to the credentials file for the DNS provider."; }; }; diff --git a/modules/nixos/services/adguardhome/default.nix b/modules/nixos/services/adguardhome/default.nix index 850f069..256ed72 100644 --- a/modules/nixos/services/adguardhome/default.nix +++ b/modules/nixos/services/adguardhome/default.nix @@ -1,18 +1,17 @@ { - options, config, lib, - pkgs, - format, + namespace, ... -}: -with lib; let - cfg = config.aa.services.adguardhome; +}: let + inherit (lib) mkIf mkEnableOption mkOption types; + + cfg = config.${namespace}.services.adguardhome; in { - options.aa.services.adguardhome = with types; { + options.${namespace}.services.adguardhome = { enable = mkEnableOption "adguardhome"; acmeCertName = mkOption { - type = str; + type = types.str; default = ""; description = '' If set to a non-empty string, forces SSL with the supplied acme diff --git a/modules/nixos/services/gitea/default.nix b/modules/nixos/services/gitea/default.nix index 986f73a..69c8ec4 100644 --- a/modules/nixos/services/gitea/default.nix +++ b/modules/nixos/services/gitea/default.nix @@ -1,19 +1,18 @@ { - options, config, lib, - pkgs, - format, + namespace, ... -}: -with lib; let - cfg = config.aa.services.gitea; +}: let + inherit (lib) mkIf mkEnableOption mkOption types; + + cfg = config.${namespace}.services.gitea; gitea_cfg = config.services.gitea; in { - options.aa.services.gitea = with types; { + options.${namespace}.services.gitea = { enable = mkEnableOption "gitea"; acmeCertName = mkOption { - type = str; + type = types.str; default = ""; description = '' If set to a non-empty string, forces SSL with the supplied acme diff --git a/modules/nixos/services/grafana/default.nix b/modules/nixos/services/grafana/default.nix index 1c74db3..a7ddad2 100644 --- a/modules/nixos/services/grafana/default.nix +++ b/modules/nixos/services/grafana/default.nix @@ -1,18 +1,20 @@ { - options, config, lib, pkgs, + namespace, ... -}: -with lib; let - cfg = config.aa.services.grafana; +}: let + inherit (lib) mkIf mkEnableOption mkOption types; + + cfg = config.${namespace}.services.grafana; server_settings = config.services.grafana.settings.server; + grafana_dashboards = pkgs.${namespace}.teslamate-grafana-dashboards; in { - options.aa.services.grafana = with types; { + options.${namespace}.services.grafana = { enable = mkEnableOption "grafana"; acmeCertName = mkOption { - type = str; + type = types.str; default = ""; description = '' If set to a non-empty string, forces SSL with the supplied acme @@ -84,7 +86,7 @@ in { disableDeletion = false; editable = true; updateIntervalSeconds = 86400; - options.path = "${pkgs.aa.teslamate-grafana-dashboards}/dashboards"; + options.path = "${grafana_dashboards}/dashboards"; } { name = "teslamate_internal"; @@ -95,7 +97,7 @@ in { disableDeletion = false; editable = true; updateIntervalSeconds = 86400; - options.path = "${pkgs.aa.teslamate-grafana-dashboards}/dashboards/internal"; + options.path = "${grafana_dashboards}/dashboards/internal"; } ]; }; diff --git a/modules/nixos/services/homeassistant/default.nix b/modules/nixos/services/homeassistant/default.nix index bc9425a..ae16b5d 100644 --- a/modules/nixos/services/homeassistant/default.nix +++ b/modules/nixos/services/homeassistant/default.nix @@ -1,19 +1,19 @@ { - options, config, lib, pkgs, - format, + namespace, ... -}: -with lib; let - cfg = config.aa.services.homeassistant; +}: let + inherit (lib) mkIf mkEnableOption mkOption types; + + cfg = config.${namespace}.services.homeassistant; hass_cfg = config.services.home-assistant; in { - options.aa.services.homeassistant = with types; { + options.${namespace}.services.homeassistant = { enable = mkEnableOption "home assistant"; acmeCertName = mkOption { - type = str; + type = types.str; default = ""; description = '' If set to a non-empty string, forces SSL with the supplied acme diff --git a/modules/nixos/services/hydra/default.nix b/modules/nixos/services/hydra/default.nix index 848a04c..fc0ac03 100644 --- a/modules/nixos/services/hydra/default.nix +++ b/modules/nixos/services/hydra/default.nix @@ -1,11 +1,12 @@ { config, lib, + namespace, ... }: let - cfg = config.aa.services.hydra; + cfg = config.${namespace}.services.hydra; in { - options.aa.services.hydra = with lib; { + options.${namespace}.services.hydra = with lib; { enable = mkEnableOption "hydra"; hostname = mkOption { type = types.str; diff --git a/modules/nixos/services/loki/default.nix b/modules/nixos/services/loki/default.nix index 9118542..ccb9691 100644 --- a/modules/nixos/services/loki/default.nix +++ b/modules/nixos/services/loki/default.nix @@ -1,17 +1,17 @@ { config, lib, + namespace, ... -}: -with lib; let - cfg = config.aa.services.loki; +}: let + cfg = config.${namespace}.services.loki; loki = config.services.loki; in { - options.aa.services.loki = with types; { + options.${namespace}.services.loki = with lib; { enable = mkEnableOption "loki"; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.loki = { enable = true; configuration = { diff --git a/modules/nixos/services/minio/default.nix b/modules/nixos/services/minio/default.nix index c203115..ae2455a 100644 --- a/modules/nixos/services/minio/default.nix +++ b/modules/nixos/services/minio/default.nix @@ -1,18 +1,15 @@ { - options, config, lib, - pkgs, + namespace, ... -}: -with lib; let - cfg = config.aa.services.minio; - minio_cfg = config.services.minio; +}: let + cfg = config.${namespace}.services.minio; in { - options.aa.services.minio = with types; { + options.${namespace}.services.minio = with lib; { enable = mkEnableOption "minio"; acmeCertName = mkOption { - type = str; + type = types.str; default = ""; description = '' If set to a non-empty string, forces SSL with the supplied acme @@ -21,7 +18,7 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.minio = { enable = true; }; diff --git a/modules/nixos/services/mosquitto/default.nix b/modules/nixos/services/mosquitto/default.nix index dfc16b9..7db6646 100644 --- a/modules/nixos/services/mosquitto/default.nix +++ b/modules/nixos/services/mosquitto/default.nix @@ -1,19 +1,14 @@ { - options, config, lib, - pkgs, - format, ... -}: -with lib; let +}: let cfg = config.aa.services.mosquitto; - mosquitto_cfg = config.services.mosquitto; in { - options.aa.services.mosquitto = with types; { + options.aa.services.mosquitto = with lib; { enable = mkEnableOption "home assistant"; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { age.secrets = { hass_mqtt.file = ../../../../secrets/hass_mqtt.age; theengs_ble_mqtt.file = ../../../../secrets/theengs_ble_mqtt.age; diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index 2167ca5..d635b13 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -3,14 +3,13 @@ lib, pkgs, ... -}: -with lib; let +}: let cfg = config.aa.services.nextcloud; in { - options.aa.services.nextcloud = with types; { + options.aa.services.nextcloud = with lib; { enable = mkEnableOption "nextcloud"; acmeCertName = mkOption { - type = str; + type = types.str; default = ""; description = '' If set to a non-empty string, forces SSL with the supplied acme @@ -19,7 +18,7 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { age.secrets.nextcloud_admin = { file = ../../../../secrets/nextcloud_admin.age; owner = "nextcloud"; @@ -53,7 +52,7 @@ in { }; # nextcloud module configures nginx, just need to specify SSL stuffs here - services.nginx.virtualHosts.${config.services.nextcloud.hostName} = mkIf (cfg.acmeCertName != "") { + services.nginx.virtualHosts.${config.services.nextcloud.hostName} = lib.mkIf (cfg.acmeCertName != "") { forceSSL = true; useACMEHost = cfg.acmeCertName; }; diff --git a/modules/nixos/services/nix-serve/default.nix b/modules/nixos/services/nix-serve/default.nix index 894ef18..37eda6e 100644 --- a/modules/nixos/services/nix-serve/default.nix +++ b/modules/nixos/services/nix-serve/default.nix @@ -1,26 +1,23 @@ { - options, config, lib, pkgs, - format, ... -}: -with lib; let +}: let cfg = config.aa.services.nix-serve; in { - options.aa.services.nix-serve = with types; { + options.aa.services.nix-serve = with lib; { enable = mkEnableOption "nix-serve"; domain_name = mkOption { - type = str; + type = types.str; description = "The domain to use."; }; subdomain_name = mkOption { - type = str; + type = types.str; description = "The subdomain to use."; }; acmeCertName = mkOption { - type = str; + type = types.str; default = ""; description = '' If set to a non-empty string, forces SSL with the supplied acme @@ -29,7 +26,7 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { nix.settings = { allowed-users = ["nix-serve"]; trusted-users = ["nix-serve"]; diff --git a/modules/nixos/services/octoprint/default.nix b/modules/nixos/services/octoprint/default.nix index 5ad49f3..e9ecc22 100644 --- a/modules/nixos/services/octoprint/default.nix +++ b/modules/nixos/services/octoprint/default.nix @@ -1,17 +1,14 @@ { - options, config, lib, - pkgs, ... -}: -with lib; let +}: let cfg = config.aa.services.octoprint; in { - options.aa.services.octoprint = with types; { + options.aa.services.octoprint = with lib; { enable = mkEnableOption "octoprint"; acmeCertName = mkOption { - type = str; + type = types.str; default = ""; description = '' If set to a non-empty string, foces SSL with the supplied acme @@ -20,7 +17,7 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.octoprint.enable = true; services.nginx = { diff --git a/modules/nixos/services/openssh/default.nix b/modules/nixos/services/openssh/default.nix index b510c91..c1d2463 100644 --- a/modules/nixos/services/openssh/default.nix +++ b/modules/nixos/services/openssh/default.nix @@ -1,23 +1,18 @@ { - options, config, lib, - pkgs, format, ... -}: -with lib; let +}: let + inherit (lib) mkIf mkEnableOption mkOption mkDefault types; + cfg = config.aa.services.openssh; - - user = config.users.users.${config.aa.user.name}; - user-id = builtins.toString user.uid; - default-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmPdQcM0KCQ3YunF1gwN+B+i1Q8KrIfiUvNtgFQjTy2"; in { - options.aa.services.openssh = with types; { + options.aa.services.openssh = { enable = mkEnableOption "ssh"; authorizedKeys = mkOption { - type = listOf str; + type = types.listOf types.str; default = [default-key]; description = "The public keys to authorize"; }; diff --git a/modules/nixos/services/printing/default.nix b/modules/nixos/services/printing/default.nix index d5c80e4..e716904 100644 --- a/modules/nixos/services/printing/default.nix +++ b/modules/nixos/services/printing/default.nix @@ -1,18 +1,15 @@ { - options, config, lib, - pkgs, ... -}: -with lib; let +}: let cfg = config.aa.apps.steam; in { - options.aa.services.printing = with types; { + options.aa.services.printing = with lib; { enable = mkEnableOption "printing"; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # Setup printing over the network services.printing.enable = true; services.avahi = { diff --git a/modules/nixos/services/prometheus/default.nix b/modules/nixos/services/prometheus/default.nix index 6dece68..25eb0a5 100644 --- a/modules/nixos/services/prometheus/default.nix +++ b/modules/nixos/services/prometheus/default.nix @@ -1,23 +1,22 @@ { - options, config, lib, - pkgs, ... -}: -with lib; let +}: let + inherit (lib) mkIf; + cfg = config.aa.services.prometheus; exporters = config.services.prometheus.exporters; in { - options.aa.services.prometheus = with types; { + options.aa.services.prometheus = with lib; { enable = mkEnableOption "prometheus"; enableServer = mkOption { - type = bool; + type = types.bool; default = false; description = "Whether or not to enable the prometheus server"; }; enableNodeExporter = mkOption { - type = bool; + type = types.bool; default = true; description = "Whether or not to enable the node exporter"; }; diff --git a/modules/nixos/services/promtail/default.nix b/modules/nixos/services/promtail/default.nix index e939345..b4ffddf 100644 --- a/modules/nixos/services/promtail/default.nix +++ b/modules/nixos/services/promtail/default.nix @@ -1,19 +1,15 @@ { - options, config, lib, - pkgs, ... -}: -with lib; let +}: let cfg = config.aa.services.promtail; - loki = config.services.loki; in { - options.aa.services.promtail = with types; { + options.aa.services.promtail = with lib; { enable = mkEnableOption "promtail"; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.promtail = { enable = true; configuration = { diff --git a/modules/nixos/services/syncoid/default.nix b/modules/nixos/services/syncoid/default.nix index 8fb0e00..01052ff 100644 --- a/modules/nixos/services/syncoid/default.nix +++ b/modules/nixos/services/syncoid/default.nix @@ -4,29 +4,30 @@ pkgs, lib, ... -}: -with lib; let +}: let + inherit (lib) mkIf; + cfg = config.aa.services.syncoid; in { - options.aa.services.syncoid = with types; { + options.aa.services.syncoid = with lib; { enable = mkEnableOption "syncoid (ZFS snap replication)"; commands = mkOption { - type = attrs; + type = types.attrs; default = {}; description = "Commands to pass directly to syncoid, see `services.syncoid.commands`"; }; remoteTargetUser = mkOption { - type = str; + type = types.str; default = ""; description = "The user to use on the target machine."; }; remoteTargetDatasets = mkOption { - type = listOf str; + type = types.listOf types.str; default = []; description = "Datasets to be used as a remote target (e.g. a NAS's backups dataset)"; }; remoteTargetPublicKeys = mkOption { - type = listOf str; + type = types.listOf types.str; default = []; description = "SSH public keys that the syncoid service's user should trust"; }; @@ -45,7 +46,7 @@ in { ++ [ "destroy" ]; - commands = mkAliasDefinitions options.aa.services.syncoid.commands; + commands = lib.mkAliasDefinitions options.aa.services.syncoid.commands; }; environment.systemPackages = mkIf (cfg.remoteTargetUser != "") (with pkgs; [ diff --git a/modules/nixos/services/tailscale/default.nix b/modules/nixos/services/tailscale/default.nix index 5fba613..9510931 100644 --- a/modules/nixos/services/tailscale/default.nix +++ b/modules/nixos/services/tailscale/default.nix @@ -1,17 +1,17 @@ { - options, config, pkgs, lib, ... -}: -with lib; let +}: let + inherit (lib) mkIf; + cfg = config.aa.services.tailscale; in { - options.aa.services.tailscale = with types; { + options.aa.services.tailscale = with lib; { enable = mkEnableOption "tailscale"; configureClientRouting = mkOption { - type = bool; + type = types.bool; default = false; description = mdDoc '' Configures tailscale as a client. @@ -20,7 +20,7 @@ in { ''; }; configureServerRouting = mkOption { - type = bool; + type = types.bool; default = false; description = mdDoc '' Configures tailscale as a server. diff --git a/modules/nixos/services/teslamate/default.nix b/modules/nixos/services/teslamate/default.nix index 6d464a6..53efc36 100644 --- a/modules/nixos/services/teslamate/default.nix +++ b/modules/nixos/services/teslamate/default.nix @@ -1,18 +1,15 @@ { - options, config, lib, - pkgs, ... -}: -with lib; let +}: let cfg = config.aa.services.teslamate; in { - options.aa.services.teslamate = with types; { + options.aa.services.teslamate = with lib; { enable = mkEnableOption "teslamate"; acmeCertName = mkOption { - type = str; + type = types.str; default = ""; description = '' If set to a non-empty string, forces SSL with the supplied acme @@ -21,7 +18,7 @@ in { }; user = mkOption { - type = str; + type = types.str; default = "teslamate"; description = '' The user that should run teslamate @@ -29,7 +26,7 @@ in { }; group = mkOption { - type = str; + type = types.str; default = "teslamate"; description = '' The group that should be assigned to the user running teslamate @@ -38,7 +35,7 @@ in { database = { host = mkOption { - type = str; + type = types.str; default = "127.0.0.1"; description = '' Database host address @@ -46,7 +43,7 @@ in { }; name = mkOption { - type = str; + type = types.str; default = "teslamate"; description = '' The database name @@ -54,7 +51,7 @@ in { }; user = mkOption { - type = str; + type = types.str; default = "teslamate"; description = '' The user that should have access to the database @@ -62,15 +59,15 @@ in { }; passwordFile = mkOption { - type = path; - description = lib.mdDoc '' + type = types.path; + description = mdDoc '' A file containing the password corresponding to {option}`database.user` ''; }; createDatabase = mkOption { - type = bool; + type = types.bool; default = false; description = '' Whether to create a local database automatically. @@ -79,7 +76,7 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { age.secrets = { teslamate_encryption.file = ../../../../secrets/teslamate_encryption.age; teslamate_mqtt.file = ../../../../secrets/teslamate_mqtt.age; @@ -131,8 +128,8 @@ in { }; users.groups.${cfg.group} = {}; - services.postgresql = optionalAttrs cfg.database.createDatabase { - enable = mkDefault true; + services.postgresql = lib.optionalAttrs cfg.database.createDatabase { + enable = lib.mkDefault true; ensureDatabases = [cfg.database.name]; ensureUsers = [