kiri/lux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: kiri/lux:5bed1336c05796d2335c7bebedd038591483f105
Branches Tags
kiri/lux:main
...
compare: kiri/lux:5cfd4d01c865e1ab3b9ec9efe939d438319b3558
Branches Tags
kiri/lux:main

4 Commits
5bed1336c0 ... 5cfd4d01c8

Author SHA1 Message Date
kiri 5cfd4d01c8 feat: remove openrgb 2026-04-21 01:58:59 +02:00
kiri 4bb3f44a37 refactor: extract shared user-base home-manager module 2026-04-21 01:57:14 +02:00
kiri 2572022349 feat: add host device type metadata 2026-04-21 01:42:32 +02:00
kiri 4008fde198 fix: disable password login on servers 2026-04-21 01:37:03 +02:00
7 changed files with 59 additions and 67 deletions
Expand all files Collapse all files
modules/features/services/openssh.nix
+3 -4
View File
@@ -3,13 +3,12 @@
flake.modules.nixos.openssh = flake.modules.nixos.openssh =
{ {
config, config,
hostType ? "desktop",
lib, lib,
host ? {
isServer = false;
},
... ...
}: }:
let let
isServer = hostType == "server";
hostUserNames = builtins.attrNames ( hostUserNames = builtins.attrNames (
lib.filterAttrs (_: user: user.isNormalUser or false) config.users.users lib.filterAttrs (_: user: user.isNormalUser or false) config.users.users
); );
@@ -17,7 +16,7 @@
{ {
services.openssh = { services.openssh = {
enable = true; enable = true;
openFirewall = host.isServer; openFirewall = isServer;
settings = { settings = {
PermitRootLogin = "no"; PermitRootLogin = "no";
PasswordAuthentication = false; PasswordAuthentication = false;
modules/features/user-base.nix
+19
View File
@@ -0,0 +1,19 @@
{ config, ... }:
let
homeModules = config.flake.modules.homeManager;
in
{
flake.modules.homeManager.userBase = {
imports = with homeModules; [
terminal
shell
neovim
sshClient
sopsAdmin
git
devTools
podman
gemini
];
};
}
modules/hosts/orion/default.nix
+1 -6
View File
@@ -9,13 +9,8 @@ in
{ {
flake.modules.nixos.orion = flake.modules.nixos.orion =
{ pkgs, ... }: { pkgs, ... }:
let
host = {
isServer = true;
};
in
{ {
_module.args.host = host; _module.args.hostType = "server";
imports = [ imports = [
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
modules/hosts/polaris/default.nix
+1 -8
View File
@@ -14,13 +14,8 @@ in
pkgs, pkgs,
... ...
}: }:
let
host = {
isServer = false;
};
in
{ {
_module.args.host = host; _module.args.hostType = "desktop";
imports = [ imports = [
nixosModules.desktopBase nixosModules.desktopBase
@@ -73,8 +68,6 @@ in
}; };
}; };
services.hardware.openrgb.enable = true;
boot.loader.systemd-boot.extraInstallCommands = '' boot.loader.systemd-boot.extraInstallCommands = ''
ENTRIES="${config.boot.loader.efi.efiSysMountPoint}/loader/entries" ENTRIES="${config.boot.loader.efi.efiSysMountPoint}/loader/entries"
PROFILES="/nix/var/nix/profiles" PROFILES="/nix/var/nix/profiles"
modules/hosts/zenith/default.nix
+1 -6
View File
@@ -10,13 +10,8 @@ in
{ {
flake.modules.nixos.zenith = flake.modules.nixos.zenith =
{ ... }: { ... }:
let
host = {
isServer = false;
};
in
{ {
_module.args.host = host; _module.args.hostType = "laptop";
imports = [ imports = [
nixosModules.desktopBase nixosModules.desktopBase
modules/secrets/sops.nix
+3 -5
View File
@@ -8,15 +8,13 @@ in
{ {
flake.modules.nixos.sopsHost = flake.modules.nixos.sopsHost =
{ {
hostType ? "desktop",
lib, lib,
host ? {
isServer = false;
},
... ...
}: }:
let let
useHostSshKey = host.isServer; useHostSshKey = hostType == "server";
useAdminKeyFile = !host.isServer; useAdminKeyFile = hostType != "server";
adminKeyDir = builtins.dirOf sopsAdminKeyPath; adminKeyDir = builtins.dirOf sopsAdminKeyPath;
in in
{ {
modules/users.nix
+20 -27
View File
@@ -4,8 +4,8 @@ let
realName = "Jelle Spreeuwenberg"; realName = "Jelle Spreeuwenberg";
accounts = {
kiri = { kiri = {
name = "kiri";
homeDirectory = "/home/kiri"; homeDirectory = "/home/kiri";
gitEmail = "mail@jelles.net"; gitEmail = "mail@jelles.net";
vaultEmail = "mail@jelles.net"; vaultEmail = "mail@jelles.net";
@@ -13,61 +13,55 @@ let
}; };
ergon = { ergon = {
name = "ergon";
homeDirectory = "/home/ergon"; homeDirectory = "/home/ergon";
gitEmail = "jelle.spreeuwenberg@yookr.org"; gitEmail = "jelle.spreeuwenberg@yookr.org";
vaultEmail = "jelle.spreeuwenberg@yookr.org"; vaultEmail = "jelle.spreeuwenberg@yookr.org";
extraHomeImports = with homeModules; [ nix ]; extraHomeImports = with homeModules; [ nix ];
}; };
};
mkUser = mkUser =
{ accountName }: account:
{ {
config, config,
hostType ? "desktop",
lib,
pkgs, pkgs,
... ...
}: }:
let let
account = accounts.${accountName}; username = account.name;
isServer = hostType == "server";
in in
{ {
sops.secrets."hashed-password-${accountName}".neededForUsers = true; sops.secrets = lib.optionalAttrs (!isServer) {
"hashed-password-${username}".neededForUsers = true;
};
programs.zsh.enable = true; programs.zsh.enable = true;
users.users.${accountName} = { users.users.${username} = {
name = accountName; name = username;
home = account.homeDirectory; home = account.homeDirectory;
hashedPasswordFile = config.sops.secrets."hashed-password-${accountName}".path;
isNormalUser = true; isNormalUser = true;
shell = pkgs.zsh; shell = pkgs.zsh;
extraGroups = [ extraGroups = [
"wheel" "wheel"
"networkmanager" "networkmanager"
]; ];
}
// lib.optionalAttrs (!isServer) {
hashedPasswordFile = config.sops.secrets."hashed-password-${username}".path;
}; };
home-manager.users.${accountName} = { home-manager.users.${username} = {
home = { home = {
username = accountName; inherit username;
homeDirectory = account.homeDirectory; homeDirectory = account.homeDirectory;
stateVersion = "24.05"; stateVersion = "24.05";
}; };
imports = imports = [ homeModules.userBase ] ++ account.extraHomeImports;
with homeModules;
[
terminal
shell
neovim
sshClient
sopsAdmin
git
devTools
podman
gemini
]
++ account.extraHomeImports;
programs.git.settings.user = { programs.git.settings.user = {
name = realName; name = realName;
@@ -79,7 +73,6 @@ let
}; };
in in
{ {
flake.modules.nixos.kiri = mkUser { accountName = "kiri"; }; flake.modules.nixos.kiri = mkUser kiri;
flake.modules.nixos.ergon = mkUser ergon;
flake.modules.nixos.ergon = mkUser { accountName = "ergon"; };
} }