From 3360e7f8c337a408d54415194799894240ef5e0f Mon Sep 17 00:00:00 2001 From: Nikolaos Karaolidis Date: Sat, 22 Feb 2025 23:46:19 +0000 Subject: [PATCH] Refactor some modules Signed-off-by: Nikolaos Karaolidis --- .../common/configs/system/podman/default.nix | 5 +++- .../configs/system/ssh-agent/default.nix | 4 ++++ hosts/common/configs/system/ssh/default.nix | 12 ++++------ hosts/common/configs/system/sshd/default.nix | 15 ++++++++++++ hosts/common/configs/system/wget/default.nix | 4 ---- .../configs/user/console/dive/default.nix | 23 +++++++++++++++++++ .../configs/user/console/docker/default.nix | 6 +---- .../configs/user/console/podman/default.nix | 5 ---- .../user/console/ssh-agent/default.nix | 11 +++++++++ .../configs/user/console/ssh/default.nix | 14 ++--------- hosts/eirene/default.nix | 2 +- .../nick/configs/console/git/default.nix | 1 + hosts/eirene/users/nick/default.nix | 2 ++ hosts/elara/default.nix | 2 +- hosts/elara/users/nikara/default.nix | 2 ++ hosts/installer/default.nix | 2 +- hosts/installer/users/nick/default.nix | 1 + lib/scripts/add-host.sh | 2 +- 18 files changed, 74 insertions(+), 39 deletions(-) create mode 100644 hosts/common/configs/system/ssh-agent/default.nix create mode 100644 hosts/common/configs/system/sshd/default.nix delete mode 100644 hosts/common/configs/system/wget/default.nix create mode 100644 hosts/common/configs/user/console/dive/default.nix create mode 100644 hosts/common/configs/user/console/ssh-agent/default.nix diff --git a/hosts/common/configs/system/podman/default.nix b/hosts/common/configs/system/podman/default.nix index 4dff74b..57fe5f2 100644 --- a/hosts/common/configs/system/podman/default.nix +++ b/hosts/common/configs/system/podman/default.nix @@ -16,6 +16,9 @@ environment = { persistence."/persist"."/var/lib/containers" = { }; - systemPackages = with pkgs; [ podman-compose ]; + systemPackages = with pkgs; [ + podman-compose + kompose + ]; }; } diff --git a/hosts/common/configs/system/ssh-agent/default.nix b/hosts/common/configs/system/ssh-agent/default.nix new file mode 100644 index 0000000..5991ef1 --- /dev/null +++ b/hosts/common/configs/system/ssh-agent/default.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + programs.ssh.startAgent = true; +} diff --git a/hosts/common/configs/system/ssh/default.nix b/hosts/common/configs/system/ssh/default.nix index cc3ac4c..7a75724 100644 --- a/hosts/common/configs/system/ssh/default.nix +++ b/hosts/common/configs/system/ssh/default.nix @@ -1,12 +1,8 @@ { ... }: { - programs.ssh = { - startAgent = true; - - knownHosts = { - installer.publicKeyFile = ../../../../installer/secrets/ssh_host_ed25519_key.pub; - eirene.publicKeyFile = ../../../../eirene/secrets/ssh_host_ed25519_key.pub; - elara.publicKeyFile = ../../../../elara/secrets/ssh_host_ed25519_key.pub; - }; + programs.ssh.knownHosts = { + installer.publicKeyFile = ../../../../installer/secrets/ssh_host_ed25519_key.pub; + eirene.publicKeyFile = ../../../../eirene/secrets/ssh_host_ed25519_key.pub; + elara.publicKeyFile = ../../../../elara/secrets/ssh_host_ed25519_key.pub; }; } diff --git a/hosts/common/configs/system/sshd/default.nix b/hosts/common/configs/system/sshd/default.nix new file mode 100644 index 0000000..e195489 --- /dev/null +++ b/hosts/common/configs/system/sshd/default.nix @@ -0,0 +1,15 @@ +{ ... }: +{ + services.openssh = { + enable = true; + ports = [ 22 ]; + openFirewall = true; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "no"; + PrintMotd = false; + }; + }; + + environment.enableAllTerminfo = true; +} diff --git a/hosts/common/configs/system/wget/default.nix b/hosts/common/configs/system/wget/default.nix deleted file mode 100644 index 9df3fef..0000000 --- a/hosts/common/configs/system/wget/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs, ... }: -{ - environment.systemPackages = with pkgs; [ wget ]; -} diff --git a/hosts/common/configs/user/console/dive/default.nix b/hosts/common/configs/user/console/dive/default.nix new file mode 100644 index 0000000..52899b1 --- /dev/null +++ b/hosts/common/configs/user/console/dive/default.nix @@ -0,0 +1,23 @@ +{ + user ? throw "user argument is required", + home ? throw "home argument is required", +}: +{ + config, + lib, + pkgs, + ... +}: +let + hmConfig = config.home-manager.users.${user}; +in +{ + home-manager.users.${user} = { + home.packages = with pkgs; [ dive ]; + + xdg.configFile."dive/config.yaml" = lib.mkIf ( + (config.virtualisation.podman.enable || hmConfig.services.podman.enable) + && !(config.virtualisation.docker.enable || config.virtualisation.docker.rootless.enable) + ) { source = (pkgs.formats.yaml { }).generate "config.yaml" { container-engine = "podman"; }; }; + }; +} diff --git a/hosts/common/configs/user/console/docker/default.nix b/hosts/common/configs/user/console/docker/default.nix index f4f2acb..e65eaeb 100644 --- a/hosts/common/configs/user/console/docker/default.nix +++ b/hosts/common/configs/user/console/docker/default.nix @@ -31,11 +31,7 @@ lib.mkMerge [ home-manager.users.${user} = { home = { - packages = with pkgs; [ - docker-compose - dive - ]; - + packages = with pkgs; [ docker-compose ]; sessionVariables.DOCKER_CONFIG = "${home}/.config/docker"; }; }; diff --git a/hosts/common/configs/user/console/podman/default.nix b/hosts/common/configs/user/console/podman/default.nix index 3538393..690ceb2 100644 --- a/hosts/common/configs/user/console/podman/default.nix +++ b/hosts/common/configs/user/console/podman/default.nix @@ -23,14 +23,9 @@ packages = with pkgs; [ podman-compose kompose - dive ]; sessionVariables.REGISTRY_AUTH_FILE = "${home}/.config/containers/auth.json"; }; - - xdg.configFile."dive/config.yaml".source = (pkgs.formats.yaml { }).generate "config.yaml" { - container-engine = "podman"; - }; }; } diff --git a/hosts/common/configs/user/console/ssh-agent/default.nix b/hosts/common/configs/user/console/ssh-agent/default.nix new file mode 100644 index 0000000..7346616 --- /dev/null +++ b/hosts/common/configs/user/console/ssh-agent/default.nix @@ -0,0 +1,11 @@ +{ + user ? throw "user argument is required", + home ? throw "home argument is required", +}: +{ ... }: +{ + home-manager.users.${user} = { + services.ssh-agent.enable = true; + programs.ssh.addKeysToAgent = "yes"; + }; +} diff --git a/hosts/common/configs/user/console/ssh/default.nix b/hosts/common/configs/user/console/ssh/default.nix index bfc8a0c..d40ead2 100644 --- a/hosts/common/configs/user/console/ssh/default.nix +++ b/hosts/common/configs/user/console/ssh/default.nix @@ -2,26 +2,16 @@ user ? throw "user argument is required", home ? throw "home argument is required", }: -{ - config, - lib, - pkgs, - ... -}: +{ ... }: { environment.persistence."/persist"."${home}/.ssh/known_hosts" = { }; home-manager.users.${user} = { programs.ssh = { enable = true; - addKeysToAgent = "yes"; userKnownHostsFile = "${home}/.ssh/known_hosts/default"; }; - services.ssh-agent.enable = true; - - systemd.user.tmpfiles.rules = [ - "d ${home}/.ssh/known_hosts 0755 ${user} users" - ]; + systemd.user.tmpfiles.rules = [ "d ${home}/.ssh/known_hosts 0755 ${user} users" ]; }; } diff --git a/hosts/eirene/default.nix b/hosts/eirene/default.nix index 8cc5438..ad53d06 100644 --- a/hosts/eirene/default.nix +++ b/hosts/eirene/default.nix @@ -35,6 +35,7 @@ ../common/configs/system/printing ../common/configs/system/sops ../common/configs/system/ssh + ../common/configs/system/ssh-agent ../common/configs/system/sudo ../common/configs/system/system ../common/configs/system/timezone @@ -42,7 +43,6 @@ ../common/configs/system/tmux ../common/configs/system/tree ../common/configs/system/users - ../common/configs/system/wget ../common/configs/system/zsh ./users/nick diff --git a/hosts/eirene/users/nick/configs/console/git/default.nix b/hosts/eirene/users/nick/configs/console/git/default.nix index 93e742f..052a8b0 100644 --- a/hosts/eirene/users/nick/configs/console/git/default.nix +++ b/hosts/eirene/users/nick/configs/console/git/default.nix @@ -10,6 +10,7 @@ sopsFile = ../../../../../../../secrets/personal/secrets.yaml; path = "${home}/.config/git/credentials"; }; + "git/cookies" = { sopsFile = ../../../../../../../secrets/personal/secrets.yaml; path = "${home}/.config/git/cookies"; diff --git a/hosts/eirene/users/nick/default.nix b/hosts/eirene/users/nick/default.nix index 8cce778..5f14d6b 100644 --- a/hosts/eirene/users/nick/default.nix +++ b/hosts/eirene/users/nick/default.nix @@ -15,6 +15,7 @@ in (import ../../../common/configs/user/console/bashmount { inherit user home; }) (import ../../../common/configs/user/console/brightnessctl { inherit user home; }) (import ../../../common/configs/user/console/btop { inherit user home; }) + (import ../../../common/configs/user/console/dive { inherit user home; }) (import ../../../common/configs/user/console/fastfetch { inherit user home; }) (import ../../../common/configs/user/console/ffmpeg { inherit user home; }) (import ../../../common/configs/user/console/git { inherit user home; }) @@ -36,6 +37,7 @@ in (import ../../../common/configs/user/console/ranger { inherit user home; }) (import ../../../common/configs/user/console/sops { inherit user home; }) (import ../../../common/configs/user/console/ssh { inherit user home; }) + (import ../../../common/configs/user/console/ssh-agent { inherit user home; }) (import ../../../common/configs/user/console/syncthing { inherit user home; }) (import ../../../common/configs/user/console/tmux { inherit user home; }) (import ../../../common/configs/user/console/tree { inherit user home; }) diff --git a/hosts/elara/default.nix b/hosts/elara/default.nix index e03b97a..c1caa3d 100644 --- a/hosts/elara/default.nix +++ b/hosts/elara/default.nix @@ -35,6 +35,7 @@ ../common/configs/system/printing ../common/configs/system/sops ../common/configs/system/ssh + ../common/configs/system/ssh-agent ../common/configs/system/sudo ../common/configs/system/system ../common/configs/system/timezone @@ -42,7 +43,6 @@ ../common/configs/system/tmux ../common/configs/system/tree ../common/configs/system/users - ../common/configs/system/wget ../common/configs/system/zsh ./configs/git diff --git a/hosts/elara/users/nikara/default.nix b/hosts/elara/users/nikara/default.nix index e9326f5..9ce1462 100644 --- a/hosts/elara/users/nikara/default.nix +++ b/hosts/elara/users/nikara/default.nix @@ -14,6 +14,7 @@ in (import ../../../common/configs/user/console/bashmount { inherit user home; }) (import ../../../common/configs/user/console/brightnessctl { inherit user home; }) (import ../../../common/configs/user/console/btop { inherit user home; }) + (import ../../../common/configs/user/console/dive { inherit user home; }) (import ../../../common/configs/user/console/fastfetch { inherit user home; }) (import ../../../common/configs/user/console/git { inherit user home; }) (import ../../../common/configs/user/console/gpg-agent { inherit user home; }) @@ -35,6 +36,7 @@ in (import ../../../common/configs/user/console/ranger { inherit user home; }) (import ../../../common/configs/user/console/sops { inherit user home; }) (import ../../../common/configs/user/console/ssh { inherit user home; }) + (import ../../../common/configs/user/console/ssh-agent { inherit user home; }) (import ../../../common/configs/user/console/tmux { inherit user home; }) (import ../../../common/configs/user/console/tree { inherit user home; }) (import ../../../common/configs/user/console/unzip { inherit user home; }) diff --git a/hosts/installer/default.nix b/hosts/installer/default.nix index dfe0530..0a63c14 100644 --- a/hosts/installer/default.nix +++ b/hosts/installer/default.nix @@ -25,13 +25,13 @@ ../common/configs/system/ntp ../common/configs/system/sops ../common/configs/system/ssh + ../common/configs/system/ssh-agent ../common/configs/system/sudo ../common/configs/system/system ../common/configs/system/timezone ../common/configs/system/tmux ../common/configs/system/tree ../common/configs/system/users - ../common/configs/system/wget ../common/configs/system/zsh ./users/nick diff --git a/hosts/installer/users/nick/default.nix b/hosts/installer/users/nick/default.nix index a2bba7c..cec159e 100644 --- a/hosts/installer/users/nick/default.nix +++ b/hosts/installer/users/nick/default.nix @@ -25,6 +25,7 @@ in (import ../../../common/configs/user/console/ranger { inherit user home; }) (import ../../../common/configs/user/console/sops { inherit user home; }) (import ../../../common/configs/user/console/ssh { inherit user home; }) + (import ../../../common/configs/user/console/ssh-agent { inherit user home; }) (import ../../../common/configs/user/console/tmux { inherit user home; }) (import ../../../common/configs/user/console/tree { inherit user home; }) (import ../../../common/configs/user/console/wget { inherit user home; }) diff --git a/lib/scripts/add-host.sh b/lib/scripts/add-host.sh index 2692b4a..03a89eb 100755 --- a/lib/scripts/add-host.sh +++ b/lib/scripts/add-host.sh @@ -186,7 +186,7 @@ new_entry="| \`$host\` | [hosts/$host/README.md](./hosts/$host/README.md) |" last_table_line=$(grep -n "^| " README.md | tail -n 1 | cut -d: -f1) sed -i "${last_table_line}a$new_entry" README.md -sed -i "/knownHosts = {/a\\ $host.publicKeyFile = ../../../../$host/secrets/ssh_host_ed25519_key.pub;" ./hosts/common/configs/system/ssh/default.nix +sed -i "/knownHosts = {/a\\ $host.publicKeyFile = ../../../../$host/secrets/ssh_host_ed25519_key.pub;" ./hosts/common/configs/system/ssh/default.nix nix fmt