create custom module system

This commit is contained in:
Pim Kunis 2023-11-22 18:28:55 +01:00
parent 74bcda2c80
commit e19e738b04
8 changed files with 86 additions and 19 deletions

View file

@ -1,10 +0,0 @@
{ machine, ... }: {
age = {
identityPaths = [ "/root/age_ed25519" ];
secrets = {
"host_ed25519".file = ./secrets/${machine.name}_host_ed25519.age;
"user_ed25519".file = ./secrets/${machine.name}_user_ed25519.age;
};
};
}

View file

@ -1,5 +1,10 @@
{ pkgs, config, machine, ... }: {
imports = [ ./hardware-configuration.nix ./disk-config.nix ./agenix.nix ];
{ pkgs, config, ... }: {
imports = [
./hardware-configuration.nix
./modules/disk-config.nix
./modules/agenix.nix
./modules/custom.nix
];
boot.loader = {
systemd-boot.enable = true;
@ -33,7 +38,7 @@
};
extraConfig = ''
HostCertificate ${
builtins.toFile "host_ed25519-cert.pub" machine.host-cert
builtins.toFile "host_ed25519-cert.pub" config.custom.ssh.hostCert
}
HostKey ${config.age.secrets.host_ed25519.path}
'';
@ -70,7 +75,7 @@
extraConfig = ''
CertificateFile ${
builtins.toFile "user_ed25519-cert.pub" machine.user-cert
builtins.toFile "user_ed25519-cert.pub" config.custom.ssh.userCert
}
HostKey ${config.age.secrets.user_ed25519.path}
'';

View file

@ -46,11 +46,14 @@
nixosConfigurations = mkNixosSystems (machine: {
inherit system;
specialArgs = { inherit machine; };
modules = [
machine.specificConfig
disko.nixosModules.disko
agenix.nixosModules.default
./configuration.nix
{
networking.hostName = machine.name;
}
];
});

View file

@ -1,4 +1,5 @@
{ config, lib, modulesPath, machine, ... }: {
# TODO: merge with configuration.nix
{ config, lib, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
@ -8,7 +9,6 @@
boot.extraModulePackages = [ ];
networking.useDHCP = false;
networking.hostName = machine.name;
nixpkgs.hostPlatform = "x86_64-linux";
hardware.cpu.intel.updateMicrocode =

View file

@ -2,7 +2,16 @@
jefke = {
name = "jefke";
hostname = "jefke.hyp";
user-cert = builtins.readFile ./jefke_user_ed25519-cert.pub;
host-cert = builtins.readFile ./jefke_host_ed25519-cert.pub;
specificConfig = {
custom = {
dataDisk.enable = true;
ssh = {
hostCert = builtins.readFile ./jefke_host_ed25519-cert.pub;
userCert = builtins.readFile ./jefke_user_ed25519-cert.pub;
};
};
};
};
}

10
modules/agenix.nix Normal file
View file

@ -0,0 +1,10 @@
{ config, ... }: {
age = {
identityPaths = [ "/root/age_ed25519" ];
secrets = {
"host_ed25519".file = config.custom.ssh.hostKey;
"user_ed25519".file = config.custom.ssh.userKey;
};
};
}

50
modules/custom.nix Normal file
View file

@ -0,0 +1,50 @@
{ lib, config, ... }: {
options = {
custom = {
dataDisk.enable = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Whether to automatically mount /dev/sda1 on /mnt/data
'';
};
ssh = {
hostCert = lib.mkOption {
type = lib.types.str;
description = ''
SSH host certificate
'';
};
userCert = lib.mkOption {
type = lib.types.str;
description = ''
SSH user certificate
'';
};
hostKey = lib.mkOption {
default = ../secrets/${config.networking.hostName}_host_ed25519.age;
type = lib.types.path;
description = ''
SSH host key
'';
};
userKey = lib.mkOption {
default = ../secrets/${config.networking.hostName}_user_ed25519.age;
type = lib.types.path;
description = ''
SSH user key
'';
};
};
};
};
config = {
fileSystems."/dev/data" =
lib.mkIf config.custom.dataDisk.enable { device = "/dev/sda1"; };
};
}