rrvsh/pantheon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(modules): clean up folder structure

Browse source
This commit is contained in:
Mohammad Rafiq 2025-07-07 19:24:36 +08:00
parent d8aa7f62b4
commit 03fca8b28b
No known key found for this signature in database
12 changed files with 32 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

63
nix/modules/system/persist.nix Normal file
View file

@ -0,0 +1,63 @@
{
lib,
inputs,
config,
...
}:
let
inherit (lib.options) mkOption;
inherit (config.flake.lib.options) mkStrOption;
inherit (lib.types)
listOf
str
coercedTo
submodule
;
permOpts = {
user = mkStrOption "root";
group = mkStrOption "root";
mode = mkStrOption "0755";
};
mkOpts =
type: opts:
mkOption {
default = [ ];
type = listOf (
coercedTo str (d: { ${type} = d; }) (submodule {
options = {
${type} = mkStrOption "";
} // opts;
})
);
};
in
{
flake.modules.nixos.default =
{ config, ... }:
{
imports = [ inputs.impermanence.nixosModules.impermanence ];
options.persistDirs = mkOpts "directory" permOpts;
options.persistFiles = mkOpts "file" { parentDirectory = permOpts; };
config = {
programs.fuse.userAllowOther = true;
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
hideMounts = true;
directories = config.persistDirs;
files = config.persistFiles;
};
};
};
flake.modules.homeManager.default =
{ config, ... }:
{
imports = [ inputs.impermanence.homeManagerModules.impermanence ];
options.persistDirs = mkOpts "directory" { };
options.persistFiles = mkOpts "file" { };
config.home.persistence."/persist${config.home.homeDirectory}" = {
allowOther = true;
directories = config.persistDirs;
files = config.persistFiles;
};
};
}

50
nix/modules/system/secrets.nix Normal file
View file

@ -0,0 +1,50 @@
{
config,
inputs,
lib,
...
}:
let
cfg = config.flake;
inherit (builtins) readFile;
inherit (lib.meta) getExe;
inherit (lib.strings) trim;
inherit (cfg.admin) username pubkey;
in
{
flake.modules.nixos.default =
{ config, ... }:
{
imports = [ inputs.sops-nix.nixosModules.sops ];
config.sops.age.sshKeyPaths = [
"/persist${config.users.defaultUserHome}/${username}/.ssh/id_ed25519"
];
};
flake.modules.homeManager.default.persistDirs = [ ".config/sops/age" ];
perSystem =
{ pkgs, ... }:
{
files.files = [
{
path_ = ".sops.yaml";
drv =
pkgs.writeText ".sops.yaml" # yaml
''
keys:
- &${username} ${trim (
readFile "${
pkgs.runCommand "" { } ''
mkdir $out; echo ${pubkey} | ${getExe pkgs.ssh-to-age} > $out/agepubkey
''
}/agepubkey"
)}
creation_rules:
- path_regex: \.(yaml)$
key_groups:
- age:
- *${username}
'';
}
];
};
}

14
nix/modules/system/system.nix Normal file
View file

@ -0,0 +1,14 @@
{
flake.modules.nixos.default = {
persistFiles = [ "/etc/machine-id" ];
persistDirs = [ "/var/lib/systemd" ];
time.timeZone = "Asia/Singapore";
i18n.defaultLocale = "en_US.UTF-8";
system.stateVersion = "25.11";
};
flake.modules.homeManager.default =
{ osConfig, ... }:
{
home.stateVersion = osConfig.system.stateVersion;
};
}

40
nix/modules/system/users.nix Normal file
View file

@ -0,0 +1,40 @@
{ config, lib, ... }:
let
cfg = config.flake;
inherit (cfg.lib.modules) userListToAttrs forAllUsers';
inherit (lib.lists) optional;
in
{
flake.modules.nixos.default =
{ config, ... }:
{
#TODO: move sudo/security options elsewhere
# security.sudo.wheelNeedsPassword = false;
# nix.settings.trusted-users = [ "@wheel" ];
# persist uids and gids
persistDirs = [ "/var/lib/nixos" ];
users = {
mutableUsers = false;
groups.users.gid = 100;
users = forAllUsers' (
name: value: {
isNormalUser = true;
hashedPasswordFile = config.sops.secrets."${name}/hashedPassword".path;
extraGroups = optional (value.primary or false) "wheel";
}
);
};
sops.secrets = userListToAttrs (name: {
"${name}/hashedPassword" = {
neededForUsers = true;
sopsFile = cfg.paths.secrets + "/users.yaml";
};
});
home-manager.users = forAllUsers' (
name: _: {
home.username = name;
home.homeDirectory = config.users.users.${name}.home;
}
);
};
}