diff --git a/README.md b/README.md index 7c1a178..0c01954 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # NixOS Configuration -A full set of configuration files managed via NixOS. This project is an **unofficial** extension of the [Auxolotl system template](https://git.auxolotl.org/auxolotl/templates). +A full set of configuration files managed via NixOS. This project uses the [Snowfall library](https://snowfall.org/guides/lib/quickstart). > [!WARNING] > DO NOT DOWNLOAD AND RUN `nixos-rebuild` ON THIS REPOSITORY! These are my personal configuration files. I invite you to look through them, modify them, and take inspiration from them, but if you run `nixos-rebuild`, it _will completely overwrite your current system_! @@ -9,7 +9,7 @@ A full set of configuration files managed via NixOS. This project is an **unoffi ### Note on secrets management -Secrets are managed using [git-crypt](https://github.com/AGWA/git-crypt). To unlock the repo, use `git-crypt unlock [path to key file]`. git-crypt will transparently encrypt/decrypt files stored in `modules/nixos/secrets` going forward, but you'll need this key file on all hosts that are using secrets. +Secrets are managed using [transcrypt](https://github.com/elasticdog/transcrypt). To unlock the repo, use `transcrypt -c [cipher] -p '[password]'`. Transcrypt will transparently encrypt/decrypt files stored in `modules/nixos/secrets` going forward. You can get the cipher and password from a host with transcrypt already configured by running `transcrypt --display`. > [!NOTE] > This is a poor man's secret management solution. If you use this, your secrets will be world-readable in the `/nix/store/`. @@ -22,9 +22,9 @@ When installing on a brand new system, partition the main drive into two partiti ./bin/format-drives.sh --boot /dev/nvme0n1p1 --luks /dev/nvme0n1p2 ``` -Next, set up the host's config under in the `hosts` folder by copying `configuration.nix.template` and `hardware-configuration.nix.template` into a new folder. Running `format-drives.sh` also generates a `hardware-configuration.nix` file you can use. +Next, set up the host's config in the `systems/[architecture]` folder by copying `default.nix.template` and `hardware-configuration.nix.template` into a new folder named after the hostname. Running `format-drives.sh` also generates a `hardware-configuration.nix` file you can use. -Then, add the host to `flake.nix` under the `nixosConfigurations` section. +If necessary, import modules by adding the host to `flake.nix` under the `outputs.systems.hosts` section. Finally, run the NixOS installer, replacing `host` with your actual hostname: @@ -41,10 +41,10 @@ To update a system, run `nixos-operations-script` (or just `nos`). To commit upd #### Automatic updates -To enable automatic updates for a host, set `aux.system.services.autoUpgrade = true;`. You can configure the autoUpgrade module with additional settings, e.g.: +To enable automatic updates for a host, set `config.${namespace}.services.autoUpgrade = true;`. You can configure the autoUpgrade module with additional settings, e.g.: ```nix -aux.system.services.autoUpgrade = { +services.autoUpgrade = { enable = true; configDir = config.secrets.nixConfigFolder; onCalendar = "daily"; @@ -52,7 +52,7 @@ aux.system.services.autoUpgrade = { }; ``` -Automatic updates work by running `nos`. There's an additional `pushUpdates` option that, when enabled, updates the `flake.lock` file and pushes it back up to the Git repository. Only one host needs to do this (in this case, it's [Hevana](./hosts/Hevana), but you can safely enable it on multiple hosts as long as they use the same repository and update at different times. +Automatic updates work by running `nos`. There's an additional `pushUpdates` option that, when enabled, updates the `flake.lock` file and pushes it back up to the Git repository. Only one host needs to do this (in this case, it's [Hevana](./systems/x86_64-linux/Hevana)), but you can safely enable it on multiple hosts as long as they use the same repository and update at different times. #### Manually updating @@ -127,19 +127,7 @@ nixos-rebuild build-vm --flake . ## About this repository -### Layout - -This config uses a custom templating system built off of the [Auxolotl system templates](https://git.auxolotl.org/auxolotl/templates). - -- Flakes are the entrypoint, via `flake.nix`. This is where Flake inputs and Flake-specific options get defined. -- Hosts are defined in the `hosts` folder. -- Modules are defined in `modules`. All of these files are automatically imported (except home-manager modules). You simply enable the ones you want to use, and disable the ones you don't. For example, to install Flatpak support, set `aux.system.ui.flatpak.enable = true;`. - - After adding a new module, make sure to `git add` it before running `nixos-rebuild`. -- Home-manager configs live in the `users/` folders. - -### Features - -This Nix config features: +This config uses the [Snowfall lib](https://snowfall.org/), along with some default options and settings for common software. It features: - Flakes - Home Manager diff --git a/flake.lock b/flake.lock index 88ac6ed..024736e 100644 --- a/flake.lock +++ b/flake.lock @@ -228,11 +228,11 @@ ] }, "locked": { - "lastModified": 1733050161, - "narHash": "sha256-lYnT+EYE47f5yY3KS/Kd4pJ6CO9fhCqumkYYkQ3TK20=", + "lastModified": 1733482664, + "narHash": "sha256-ZD+h1fwvZs+Xvg46lzTWveAqyDe18h9m7wZnTIJfFZ4=", "owner": "nix-community", "repo": "home-manager", - "rev": "62d536255879be574ebfe9b87c4ac194febf47c5", + "rev": "e38d3dd1d355a003cc63e8fe6ff66ef2257509ed", "type": "github" }, "original": { @@ -307,11 +307,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1733217105, - "narHash": "sha256-fc6jTzIwCIVWTX50FtW6AZpuukuQWSEbPiyg6ZRGWFY=", + "lastModified": 1733481457, + "narHash": "sha256-IS3bxa4N1VMSh3/P6vhEAHQZecQ3oAlKCDvzCQSO5Is=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cceee0a31d2f01bcc98b2fbd591327c06a4ea4f9", + "rev": "e563803af3526852b6b1d77107a81908c66a9fcf", "type": "github" }, "original": { @@ -355,11 +355,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1733212471, - "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", + "lastModified": 1733392399, + "narHash": "sha256-kEsTJTUQfQFIJOcLYFt/RvNxIK653ZkTBIs4DG+cBns=", "owner": "nixos", "repo": "nixpkgs", - "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", + "rev": "d0797a04b81caeae77bcff10a9dde78bc17f5661", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index c82a933..d664144 100644 --- a/flake.nix +++ b/flake.nix @@ -1,4 +1,4 @@ -# Based on the Auxolotl template: https://github.com/auxolotl/templates +# Uses Snowfall: https://snowfall.org/ # For info on Flakes, see: https://nixos-and-flakes.thiscute.world/nixos-with-flakes/nixos-with-flakes-enabled { description = "Aires' system Flake"; @@ -39,8 +39,7 @@ # NixOS hardware quirks nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - # Snowfall - a unified configuration manager for NixOS - # Quickstart guide: https://snowfall.org/guides/lib/quickstart/ + # Snowfall lib: https://snowfall.org/guides/lib/quickstart/ # Jake's reference config: https://github.com/jakehamilton/config snowfall-lib = { url = "github:snowfallorg/lib"; diff --git a/modules/nixos/apps/development/default.nix b/modules/nixos/apps/development/default.nix index 45f2c05..30d9ce4 100644 --- a/modules/nixos/apps/development/default.nix +++ b/modules/nixos/apps/development/default.nix @@ -2,15 +2,16 @@ config, lib, pkgs, + namespace, ... }: let - cfg = config.aux.system.apps.development; + cfg = config.${namespace}.apps.development; in { options = { - aux.system.apps.development = { + ${namespace}.apps.development = { enable = lib.mkEnableOption "Enables development tools"; kubernetes.enable = lib.mkEnableOption "Enables kubectl, virtctl, and similar tools."; }; @@ -18,7 +19,7 @@ in config = lib.mkMerge [ (lib.mkIf cfg.enable { - aux.system = { + ${namespace} = { packages = with pkgs; [ nil # Nix Language server: https://github.com/oxalica/nil nix-prefetch-scripts diff --git a/modules/nixos/apps/gaming/default.nix b/modules/nixos/apps/gaming/default.nix index 838bc40..9b824a5 100644 --- a/modules/nixos/apps/gaming/default.nix +++ b/modules/nixos/apps/gaming/default.nix @@ -2,12 +2,13 @@ config, lib, pkgs, + namespace, ... }: # Gaming-related settings let - cfg = config.aux.system.apps.gaming; + cfg = config.${namespace}.apps.gaming; reset-controllers-script = pkgs.writeShellScriptBin "reset-controllers" '' #!/usr/bin/env bash sudo rmmod hid_xpadneo && sudo modprobe hid_xpadneo @@ -16,25 +17,27 @@ let in { options = { - aux.system.apps.gaming.enable = lib.mkEnableOption "Enables gaming features"; + ${namespace}.apps.gaming.enable = lib.mkEnableOption "Enables gaming features"; }; config = lib.mkIf cfg.enable { - aux.system.ui.flatpak = { - enable = true; - packages = [ - "gg.minion.Minion" - "com.valvesoftware.Steam" - "org.firestormviewer.FirestormViewer" - ]; + ${namespace} = { + # Add script to restart xpadneo in case of issues + packages = [ reset-controllers-script ]; + + ui.flatpak = { + enable = true; + packages = [ + "gg.minion.Minion" + "com.valvesoftware.Steam" + "org.firestormviewer.FirestormViewer" + ]; + }; }; # Enable Xbox controller driver (XPadNeo) hardware.xpadneo.enable = true; - # Add script to restart xpadneo in case of issues - aux.system.packages = [ reset-controllers-script ]; - # Enable GameMode programs.gamemode.enable = true; }; diff --git a/modules/nixos/apps/media/default.nix b/modules/nixos/apps/media/default.nix index 91416c6..5980b6b 100644 --- a/modules/nixos/apps/media/default.nix +++ b/modules/nixos/apps/media/default.nix @@ -1,18 +1,23 @@ -{ config, lib, ... }: +{ + config, + lib, + namespace, + ... +}: let - cfg = config.aux.system.apps.media; + cfg = config.${namespace}.apps.media; in { options = { - aux.system.apps.media = { + ${namespace}.apps.media = { enable = lib.mkEnableOption "Enables media playback and editing apps."; mixxx.enable = lib.mkEnableOption "Installs the Mixxx DJing software."; }; }; config = lib.mkIf cfg.enable { - aux.system.ui.flatpak = { + ${namespace}.ui.flatpak = { enable = true; packages = [ "app.drey.EarTag" diff --git a/modules/nixos/apps/office/default.nix b/modules/nixos/apps/office/default.nix index d941b48..5c34dbe 100644 --- a/modules/nixos/apps/office/default.nix +++ b/modules/nixos/apps/office/default.nix @@ -1,15 +1,20 @@ -{ config, lib, ... }: +{ + config, + lib, + namespace, + ... +}: let - cfg = config.aux.system.apps.office; + cfg = config.${namespace}.apps.office; in { options = { - aux.system.apps.office.enable = lib.mkEnableOption "Enables office and workstation apps"; + ${namespace}.apps.office.enable = lib.mkEnableOption "Enables office and workstation apps"; }; config = lib.mkIf cfg.enable { - aux.system.ui.flatpak = { + ${namespace}.ui.flatpak = { enable = true; packages = [ "org.onlyoffice.desktopeditors" diff --git a/modules/nixos/apps/recording/default.nix b/modules/nixos/apps/recording/default.nix index 4f8e446..19054b3 100644 --- a/modules/nixos/apps/recording/default.nix +++ b/modules/nixos/apps/recording/default.nix @@ -2,19 +2,20 @@ config, lib, pkgs, + namespace, ... }: let - cfg = config.aux.system.apps.recording; + cfg = config.${namespace}.apps.recording; in { options = { - aux.system.apps.recording.enable = lib.mkEnableOption "Enables video editing tools"; + ${namespace}.apps.recording.enable = lib.mkEnableOption "Enables video editing tools"; }; config = lib.mkIf cfg.enable { - aux.system.ui.flatpak.enable = true; + ${namespace}.ui.flatpak.enable = true; services.flatpak.packages = [ "com.obsproject.Studio" diff --git a/modules/nixos/apps/social/default.nix b/modules/nixos/apps/social/default.nix index 3863344..e549426 100644 --- a/modules/nixos/apps/social/default.nix +++ b/modules/nixos/apps/social/default.nix @@ -2,19 +2,20 @@ config, lib, pkgs, + namespace, ... }: let - cfg = config.aux.system.apps.social; + cfg = config.${namespace}.apps.social; in { options = { - aux.system.apps.social.enable = lib.mkEnableOption "Enables chat apps"; + ${namespace}.apps.social.enable = lib.mkEnableOption "Enables chat apps"; }; config = lib.mkIf cfg.enable { - aux.system = { + ${namespace} = { packages = [ pkgs.beeper ]; ui.flatpak = { enable = true; diff --git a/modules/nixos/apps/writing/default.nix b/modules/nixos/apps/writing/default.nix index a8b1a8d..60df3f0 100644 --- a/modules/nixos/apps/writing/default.nix +++ b/modules/nixos/apps/writing/default.nix @@ -2,11 +2,12 @@ pkgs, config, lib, + namespace, ... }: let - cfg = config.aux.system.apps.writing; + cfg = config.${namespace}.apps.writing; compile-manuscript = pkgs.writeShellScriptBin "compile-manuscript" ( builtins.readFile ../../../../bin/compile-manuscript.sh @@ -14,7 +15,7 @@ let in { options = { - aux.system.apps.writing.enable = lib.mkEnableOption "Enables writing and editing tools"; + ${namespace}.apps.writing.enable = lib.mkEnableOption "Enables writing and editing tools"; }; config = lib.mkIf cfg.enable { diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 823f4d0..dcd427f 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -1,11 +1,12 @@ # Modules common to all systems { pkgs, + namespace, ... }: { - aux.system = { + ${namespace} = { # Install base packages packages = with pkgs; [ fastfetch # Show a neat system statistics screen when opening a terminal diff --git a/modules/nixos/module.nix.template b/modules/nixos/module.nix.template index 43546c9..196573e 100644 --- a/modules/nixos/module.nix.template +++ b/modules/nixos/module.nix.template @@ -2,11 +2,11 @@ { config, lib, ... }: let - cfg = config.aux.system.services.myModule; + cfg = config.${namespace}.services.myModule; in { options = { - aux.system.services.myModule = { + ${namespace}.services.myModule = { enable = lib.mkEnableOption "Enables this example module."; attributes = lib.mkOption { default = { }; diff --git a/modules/nixos/secrets/default.nix b/modules/nixos/secrets/default.nix index cf06cd0..8808cfd 100644 --- a/modules/nixos/secrets/default.nix +++ b/modules/nixos/secrets/default.nix @@ -1,111 +1,109 @@ -U2FsdGVkX18XLcC6KPfRaGSo5Qz34PSSmgpl/qnz5d5TxlKG+pMhtUt0t/iGnyQV -guWUZIvUrnTfP0LSZym1eDEFJqsnGX4mMdf7vjFv17lco2FogP3/1WeneMvS1Q5s -383TGpr78ufpizc5L1D9U8fWNePzHYxfT9F7AiviwjuoJJR0jxHEHLvPwKPxib6b -zPLpX+XbBzmGMt9fOVv6WJLGHU8s3eaq4bGNiTsGX2WAzDx72u2eNqiYhom/Cqnr -OSxWrC4rtICZ1qi3/duWzeCcJOjKPuZ/w92ENYYAPc9OiJWbmejaEddu6vcu+ZDV -6Xn2hdZRGJzh/Tuuzq/w0vBQ3We9ODW8YI+S2HDvYRprBmuoitZp/NWwfewxbOz0 -R7fZgeNeiOtFHiSUxawh/kwqVSytmh/YX7Go3f6EGiN+dng62mxqwp5GGD0WsLf/ -JvvzD9qhAqhswRNZBBRNb+iTUw78Y5rGFtHlMRVZ3N4JKE72jq70x52gFaOq5T6w -OykZNJVqx7/Okw53Dbfrss5/W8parx0XmvKC689WvQZLWM8uj4mXXMik6myVDY77 -hu4K7Sqahw/GYnnJMvH+9ljaVg+Tjeoz+XdceFn+5eCogTuU51hFpmB0+MqfUWfX -ppPJxchb53+d0Dp+I5dnSKpQFfb9lnuA5DqA1S3T5VjA+XnKNC6vktpruFOu4UEP -+m0OB7UgVEcaSM1DJyOVoEUUqMCVNhY/0BkMlYueL7TnaeEbiK+PyJyr2D1a2Lgg -dcgzczEyOscGlFq2aOxOk9qmDFuIHhYx1zjBxk/PDCTpmuiFZ7QkRVobposjGvoW -JI3Oa3pyGQOOHHTnUafrT0cTTcnYtjtq1JYBUt8BYGUvvReCwFsw2CIJ24RezLBY -vDmyP/YWs12naxLKW9PJPnKLio2Q1mQB6UtWuloHligob3XKaxiD6SwijoHE6q9G -2eSN+1MYE2lDJnL8taXzUTPomXF0r3r9vVqePjmU/uaFFwibWiZP8wAFwtpQLI0P -VmeDAXYD3mtfMvDAQkiqxZ1Nsd2qfl0CKJvIbjUfP4IXbj9oqdnHUm6/uD8dnGcf -IFCaar7wFqIwfGk1vT8a3TQs4yIaFCz6yv169TsF/fYjmre0OF3PoTI88xov6mI7 -QBLNnpRZvSrpuUxRbNbNsgsGmS0i6IbAB2TdK9tT5L9pZ80/HWOtxEYa4GsLIXcL -qBlm45ZQUhDjYKIQC/s9kuaaugl0WeFxqRXiOlgTtGIEl2T7CTbgXqSyppzyacKy -Cgw7jxyINeAksClWzg6jNzfrPR7WOhZU/Tlis0TqkCNx61w8V2NcAWziaPp+krRm -SC7G/ii2dPKGY+zJJqKeL8AcNWGhRw1MzHvT4SqZ6ww8G52sflEgjUOA2Zw27onu -hEzJYTuPURv3zw+c0A7Hv3/nCrFTjjzME3+wfpzdQsqFa9uWhWsbGxXk+xKZAOkm -wzBDjjWtFSLoKqozeRpNymQrvujUHo79sRe2X7XikY52GJnOkukbxnIXKyYeDWpd -6RwkuZoU/X4sRYL7YdVAC/HJjPXGBmO60tPzVVOhRYhN3qMMNczdTnHZSfxkWncI -p1poeDI9ux1JIIOZDNqTI2ZKfVozK5kse3oxTMz0WSc8eMHe/DwgMfXiGBQAStta -JVpuBEODQ1bL6DoBaZsSDLHxEqrnUSbzoVVjGxPxOA7R1oBwYLjdBCOxdPpktnHs -Id4rhlYyQRrAIYG5djQINkiHLW+2rVG1KyBQh85lDgnQ4G2vlJ9hC6c6q5OTP7eC -+MzHzI+JKxPEIEXk9rQeYcgW3r7KL3EnDaaiKoRFGlZTpQBzxlp/+ETLNVsVPx8c -R5ZcdgoL/SOlKzOfwxhRjUnxqFstwSf7zVhTTRZjVLuho7Q/QrD3pdn26vkhyGki -LUunBO567gRZ5IY/qEjIV2VXu3cO02z9N5YzS96sNuy9lA5ELMKxdA/q+MCfeazj -XoJ9PKYrnKOVTNeDOeXp/0lmxw4qfJMvTrM4p6AfCRHzID4qOktBDUI0fAbF2M7j -pHo6w2Gy9JqAog7wq+XwOoMqz60B5GQeWrU9AzOciy4fUC02Ntva8oMH30hJ5/6L -4hsdCtb53wUX9BTV7oTSNx0mCJGFZPYEEYoNxPGk8diShHOjttAU1xiuIgyEdf4s -BUau9HvnZhVVDNFUGFShmiWs6bgTUqWu3bZLbLdDT3CgP+CzQdvm7PcnYgJT7nL6 -0iuY7RWRRi3JpPQ2tGAZK0iL0e5ESjlBDTeJv+8mB+oUcPNKgMihYgIvUcnl1FFw -J19Z4jhe7L9bsIHnslJENkX5mKJ+O/QwgNQxZdb69Rcy/ZOOMqpD4d34+uY7He6I -neTd1nGXXJbiC2XWB/h242qnMO3ytWinhWoDOKa5jPvYhFE2pxvLCrDEyTdBaVcE -DhZyiLpcBV+WRf9ihr5MIOxSIaEPtY4oqVHcxP10zWzC2sWwArpeD06P4gl0bHbn -9XI2Ke5pknmrmze5KpxBt9WHi6R6HDTOkhrfmueeG39R2P9xjMG8mnlKoYFa8Om8 -hBHmKjdE+svo5p/KGv+Zs/W186NmQgfFfGvQ1U4MJkJZmTqrSvNYWCU4aC8+ySSs -dlNZCRPGC2lzWQLrRc/gWwWi6wAnF4c1eNEgZxCFudkxdD6ZGFaxIULAoaxjCZ2p -QFAzLTW4TercQOkx9trlEcspW0ALK5cUbQuy1oEUCCiTWuq2fXim/wySO1K5bA60 -Vhre/IK8/voGrN+jGhgjqyfGw49scZwVn2kdVH4zWl29sy/A5RVaonpktmSuApKg -1vJmbqCYLvUMvz465i2Nq6py2wOU1v+R7n1TT74afZri5iO39UrFak76Cg8JAA5l -NMycqojMMGf8Kbqf8BXiRtAwubkeRg4fZSGLEfscz9F9Wtw9uc7a+He9JGEezwKM -CK6xCx8OPs+dWB5MQbjapbFKKpHD0f5DnppmxwwtFRG/OzJWDFAxtHSwLktf5PjN -9Yv+rIOFvkdrzqil8J7d+uIZgVh696j0n7+b09RaC8kDsV2wQtgJrTf/ujJfaohk -yE+1686S0yMfrjft8Thcw2/WY1xSY1m3nEHyh8TQWz6bRCDRGOb0+UeDqX8Uk4T0 -8TMI520sRQ4eqesZYcr46Tq0NlEA3IMnOiglC+gDkMPXGkteHxtqxvf/ZpjuUIYF -Os33urJmEoPUCa3u/qYIOZdm16InYCgMYvGKTclaPJBk8u0gcW5I+TbGiOHvBO6K -B0/AL8HD8L5/SG8FvrVfQkPQpM1IOsJZYKG/HA3dI9YzF4m4jFkcknTN20zND3zT -nfj0Ext2sjdYovcUrSSTLQGOUhH9iNgLIAiMZ5awDCvFoqDUaacRbbCyTepb4OpZ -gp5T3kmedHI4g69xRxaVleUuOR9qy51kuk1r9dOF71j6xm3g7GAdrq1hzecQ0Zbj -h3RvxBb7mXM6lqfDyX04xaGYpAIhWVi+LvWx/ZHeVJfKFlEbW2Fhp7vMA/NAgeDx -RloTIKX2lBKGrvrP6Fxyvf58O1WDZhLyl3ZxYQzE79Bd5udmEMql63Rv8mTvJh9M -Jm2PL6czl0mtwzfzUtcXV+pnvocm6NFe9JcxPTbFjDG2XJitL9tWTDJ0At+O/dfo -IK6cAQHkJdzhdXUS67SI0fg3tHFnh2gTcneK9WvOHdgzt+usBRZ/8sObd/TZHjNR -BkRzypPV+7IUyFG2KnWL4p+JytvS9NFCj9NqQreL27OHGAyXrGMBhCE2zSo4uQy6 -mUHPOTGyMxtWFAKo7kUVV0gcx2gvO9RHnUgbdOgKHW18tSJmJr9V539eqtM5DOxo -aYvSpQFtAbT3BLnexkIA62cQfjf3w9Q/elMu+kFHZSE8Z5jVLBk7fAtj/kzp+XPn -5oAHyjsea2X4ru02Le5k0HMrOuKD1DCuApCj1QT9AwL6g2nrJYGbxK+wPtvxVHxy -s4vrHk+xZn+vGWiOcQsAW3YCszJabs1gILTYmHr+XaF3tmYU66732c6psL+jjvz7 -AZr4zOxKT1RsflmSV4G/lpTfBwhwigGW5GGqOLK3TdrBstBiCnPKzy/RwVuLhx0K -WztB5iPv7wgvinw+baZQcB4zf13NmJaxhVGSPXUObg6pa+Ba9fRJn9hNqvY7VsWQ -9xy2mggE6Bae9XpSMwQlcXa24gciUAQFXqQ5iq9U8V5aCI0jiNV9prqXdOVn92O9 -nytobRqZpKewycNKjr7DpC/BsYf31e9WTaUtHx6BaDOzHAfrEw9LLDr4Qm3+i6F4 -p3vQNkPci2rQ3bj0ho4+t3k5fxx6KdU72317GHlSDQvb6IRmm+kvpbpoasDpY0Ar -w14HENAiWAO1Wo9NvfguhF6EgNcC9fBQlOY/M4vLuqdjXSSMOTgcazhymE4cw21K -BBHrnjX0ij52skI1AO7eoQChKDlnUrFI6D+GYqjduBN8V0F2Hf3EFgAPHXJ+OfL7 -oaRZ2NflgdR1SFuOuqJKy2+Y2ZuY6t1nxscbFEokIArBxugYQqw0RX6Ai8hpkvaC -1T0wXrynGAtjaVStPMIW+skU6PymTEvWiuBSQ8tdhB8XF7Sll0XB8T7Zr/zQ7++o -jRC6BcN+jZNOG5RKyM/QvNZ01OjEwpSX5hx5ehJ7YA6wA57KfvXVAJ0xXT/qukyS -omI7gWf84F1KO+akK1K+cytSAQSm3wKP84KlrW4IxEIxHQ/zJDY1nStvA25fSyXI -fTVCCih38JGb+6303Z3zbRqkyNGoZvGbwVP5DOs5yT2q2ftjtCrrcg6vIxl+9Eh5 -e70ERdNXu61E6VzWVHC5npAHvMT8FUmgpZuVYLIVekQhrID/BcGaxJ6R931tZBo+ -lVqBQlQKGepfRamIXrBfE2MbT7f1gdqODqtASZ9bIWKSeHGQZ3cCHv1E7mDxJk60 -4nQKrnVT2Uv+kE0ErQ0l5y8fausaQbJ7ex7NeY3PZBsRME8Om0NpkjVFcVyhNFx2 -kArBXpFIafPVZ405qWE8uEQIBBm+MiwYLAP8aTItvNMF8WVzhx/9Jym+UKOvVlCE -qc+CPMhNLQaTlr7FLUFuY+dvnVIhP327mQFjKfxrmAi7+AsCWoY7tn+uAkAXY8np -xDv8pedqIhDMH3O2As/Y9WlPQsQ4qaMpclm1ChJ26qur9upjq4BRLSsWwpBxhtuB -iAez9t1KQPYkVxSAqQ+8ZDt3qmtk2jOPd+0ixstGNMWc4orbbFomGqT/xR7SAelc -YEjxYkiq1QQwVyc1GWSIPuaMvwUPOj3FXJuaVZy0OGDCAdoH1nWVf/eHkI6LlsZ/ -VDO7JUb4FBuFYuJiR6rYA91plQcO6pZ+Z6yLKQKnvzt0pR1Va5DeY+9Z+4tKsiMb -fWNWcXVbAqDquIY/bRJQVBfbv6Ybgo07qnhX5rYUlB1PD29u1NGF7Mq+0jOmTOap -ljRsMeF2IHNUIkEkROg8EpKuaK7VzBpj6JSfr38rrUeRaC6mOTeHR7HcGqyMrdhw -U101tf2lq9JBQ7/UA8Bmytn+u6hkkpblX9m3qIAwlGYeUuVsvxDO+iHvS/VYmYxc -w3lhL3s8MxIl0NF60V86A/y9cHG/1sP01zQg0C8/fm+S17XRK4yBZnh3aHEfYL7B -VjzLdq+CyYh10D4BGSTbgpmm5FdOOHkrH/dVgKK4gVd7oiqfpGG4HSJAHuozlsPb -uaGXWC4OyIJegzXrEuRjyTtmkyVHMZy/zMegVm3/bsd8LNifJln5tQpearcRQQYR -ZyW6o5uPfo9fgtFUVE11TrxhBTg5HTTgxHK/Ln8flMNthjiZtt/cxZNJrvi0n35U -mHJJTPe8njTcZpX/hMim6AfcIRbWAZpqNQG7J1eKh54aaLmpwu59ZcXwwm7xoy0c -mwcmdI816R/OjJd+od23/2AKe0lM6WzRiSq0xpzL/JSEuGUok6VJGva2Uy6lgUFt -Sn7imaBwRiztK/lG8SFhhkKe+GAKxIG/OI3tSQVoDtSYKs9+uTUyjLZ1I1AMHBPd -Cr467p2R0twYhAfoNyrXvvqpj+hrNkqMzM9wmwyztcHaafjZ8xKLZUo7zpHzAa6Y -69yD5QOBai3EQbjjw1a1YfkuaIbva5AR7x95A180jbCBRXMgwYgYncJdZbeOC3BH -mWh0vnYZ11GIm1QAXpt8BogKlyA2JzDnUwKNPAwVPJ/BJ9PpAhR2QCnlm/DxFHvX -CvWLUlUTDQe6MTtYQA8eVsjWaaccQmsmMtG4TwHQ1DoV3kqElocATFI+In+nk0Xc -crJwIAJ4v8pWquibYAx2kVCWGaFz8fO2oHtlK9szgiDtP/qhlQ4cPwQ/UYff1rYi -0nXLfCXyaNRRBS1yw9C8Xx8lnitMqqeSQ73Bp6gc5DjCMf8a3ACd8tCVinahAyLU -09E4iBIb0OlK76OfDW7C1IHoehtZ/uP6xjnsHBj4EdEfsyIR22BvLBuMc2dyVHT1 -H2aWmaXwKULoavwdRpFCzORYiizQ/UJUT3Lly8+oz+EgtZZlC4+cerQDgqC9T2Yy -ic6iH5swKxZCkqmHmk+QauMEaqI09xrm988zPLDv1mn/Pj49fCkrxiS4nbuM7m0s -OWOmcZHgbY5osBgnlnGpknwawF1EKMnrXOa88snWRq3flXuuTiv/UTLD8B5Wv24t -aNeyBbDEbJaioOaQhDKuSdDrTHNtbuneW2+6bZGE+aRlAktzyIqUK3TncDFpvhIC -X4RaTGrqMmTupaSUCbTRlVYm8W5ZnmsgNdCp/b9ECQFNHMVAnX0Nfhnc1drkhwXX -ajaFbhyiX/rfGsWxD+Od4f+UbdSkTvwTcakzOQGEupJM0t0nk+h1Ug0wA5/bjEDN -17cHZIfdw5zp0Y6A8Cfh141zfECgcNp4Zzl+b6HLiNac2aY1dIOwlOJyK1CLeiSF -cuXRIG4ZhidP2hQ1ac9KDPlCewh2NP2bNXMaUD1BN0wqaGRfjz+cj272rkJqN3qo -Wg/ptizrlMmp7F3A3SrSBNIS+8wRcf7Ds30z8WwN3R5slV8s2X8ZCM9x1HlsIoU7 -Ntk2JjG+hW64Yy9pCUR9c5bMHMXJMST1v535hS+WWv0= +U2FsdGVkX1/RQfGVP76sNDrjrnhTIFoeGKoRj1M66ltbkzqEVZrSGke1jDZA9e0Q +cwUIfzRo+k2bhNi6VbG4OvteEFeABGn6aoL38owyEgKDlGEti2m6/MPfIrTOYpWS +UArXOKkSCgPi+mzD6ez6ZKXRdaVgn230Iipg4ZacUXkFzUf1YqybTMyp3xVuPaID +AKCdEa9YiL0R5cOMBIKyN3zaj509R9ocauKeJ9w/pVPzgqMoeFNgkeUBh42Z+QFg +/0vy9jX2yoNQrWlOJNfkq50UeivWF90RJzf30gm1uAPX5102Pt0dvUOdfouunFIE +OxYwnBrqJAq2bnoCMCEJkogspVeBVWY/RdJZEhr6Fj6R8Dd/K1rPhvL1UzrrwMo4 +3vcXy6AcvEGVA+i7nfSj7J4EfDJnNfsQl0hOV8tm2o/rlOqGiRwPLdi3PxUrAm5I +jZdcNWeendXtBuXZwZSpVFDvi85taasgE7IaPdYj5VfKMwZmdmm7vpmVe3wKtxJf +D1Z2kW34dtUkAAA5LXAnEYpM0jJo1hLQyOSm8KUcOOmLHHRa3vNHzUxLdSSZluCY +DqLfRdx/3Krio8WoypopgG4mW0/nI1jUl5aRVgM2tuBVUjz2meDtTZk4dnTx8ys4 +bEmEn+BIzmMHzVK7PlNLAQWBGFj4e2rdLUsy3846YB2tRo/IUxQSv32gF/RYW5Py +ToOjRpoaVDSJPT26w25/rwMYoqvtYDakoRXmSFOLg9k1WIlEhCJFSZRts9DuFU23 +XxXmhxC+R0I9InY/+JGBHqkmKcTpILZItjL0jLrIggXwE5wJ3emNBJsh8zwoKlWY +6mUhG0xiiVrNWXlOOc9mw8ElRzxqhUDMd5mBiGQoZuBzXt8z05s8DA1ZDbrx9sQZ +LVapZlUiYPcO/C29Bk2elK10IeQrzdqSSiF504afudaMPUcHSDWpG7Ew70R9wPHU +h3I/q/YPoyYC2txrC9lJGfnJnylXf6eXoJNNgUIsqFMViTVYDBRbZ/4er1tB8bZl +TjOgyRxgheUT0y/FodKznOEFtGSOsiO+ErQ04G6LAp59iJu5XJr3QVTyj4bvZa/S +SjAOh1FMcg79p3ZWIFvfqupsStnKPHkDWawlM/var1xBSKcJ47YfgnPycxCdIm3x +eSDP4BziKhAIBo0bX/9TGfrcectQedMSxFV+4+EhwKVKR+01rA7SfT9pNcBG+yS8 +Z6kJ+cNQzGtAveD9TwvajpGAIWQQz3QXtoXJvOYrpxKSl89VWcAhVAZD5f/J0xr3 +nHdJmIiefGCC9uV6ztLolxgjgRw76SydgewgRnuAXS6RF1nR4cgN1/2nVA7okm16 +JFvE+G7xxqbGgaNJNAzWIGn0JknSbrW+ymI08ig5FN49heOPW3+CNyPhhM/8Z1wM +4/vhfUSMFQxx+XZYAImCk3d9u1RW38I6MHMu4S9jwH1tBk4z66l8UfFixxf222n8 +tMIoXMWVZJPEEFJhRW4uGoebDdmjtkgAASy70T414QKPdWy24sNr8E7bxpIemS5u +4K8aO7UpKiiroXDdXBJJH3nYXBNeHNq/UASV5Ye2e2tNKGyepaIpFw4xr0qLXvAf +QHL19XzKhpmeAhbxgvkF/R9N6lnRTAUdk9bmx+02ZVrDHqB0J/TWi6rwPoh7B92F +0tbk3J8BOvdlJg74/96HBy4HQby7BxPKIFMkBVXNY4sACcWOGc+RbJf2KQRDUJ+y +2S3UDcc3pIowA8SgRPQiW8HPgwxKNSONQOqN7+EitKT0OBxgD2UiVSL8WPEXyn3O +IARI5N99Go9h29NkDxl0RH1rZpZMTtpJfW/0VKb2KIT1ctO57mYMBDrZsTYD8OLZ +KQY57J5E6n+j60aowVxRpIXDQBaiMb0gOSVg1VASLkIforfJ7Du+8mS7vtatyO/G +W02ddqdjqOBtYWsbN7Qo/pjSwWRbzKyhML7QRimG076p4jM0Md/oQMrzvGzZ5TXR +MkqeK5la0425VwOeoLETmoaohzEwQ3Pdj4wum2bmHJnUUwDWSUI/HWVTSEiIyiih +7XgHYHxfJZO774FaFBuXDNP1fSXdQMVF/eJomqKAPXdkMsj2Z8fo8dDDEGiVP6s0 +DY5Imp5foGQIXxo0OqwX60dlgAWNjs27sd6j2qD+IRHDooOvseqMP1t+Ap7Cie19 +duFEkBk7mthWwqjQb+i2GN+Cp3d+kRaN3fL4xFkEeE0ozn32dr07U0ZaZPLUoO5N +JtpqpQ/m+F2OEGHmIQblyXzcgvBVVfewhABzdLdWFv5aG9MGL7hVDM73kbB6119G +7YcvS1nRxsVZXGpS24814tmgJfTAhMJxD5e6lK1892NgFqfYMF8srtywZ6DJHL7N +X4FvjLZFQAhTCLUzHutYT2xmvqwVvwfdsIAd58F7LWJuhQuJkQS4i7yISvBqG0t2 +tSEjJQ44hPhxGqvWgVaG9AHOQuZSYfRCQWBcfmBfq9T+I0qINkrnwLUgAGgKMsZG +9qf1pEpyBjdV86nBK8JTmsIZGxPh+D3Y07E3g6bV99eZDjSuPMMN+Dv2ABB6ZZLN +gglFVktPINZ27TY7k20sGBHfv9C70+tkYBkp2YwmxRMOsLVv+3fxUKQwf7SH9zYr +Y9Aojrn6xtddP9PbxQUukc7H/jxDmgYeq6fQJ67T1SaFARO+qmf2dKESUCaf+JhV +S7Bjbqut+FxqS4S1ru6UqOXCZc6pwTpZsopqgwrBczGKQ8g7f5xLZN0+g9N+Dy3R +sLdOVofOeEhvFE6NGY5K50aXsMRaR2bJAVg6+ppqAE1BJWvsuqQ6TqYjefrhb3Az +wGI/Cr51x8ncVapKw2Fsu/XjPuefaaT+7rWOBGLr1NKxWGT9Jyj9f2PhphPMLbT9 +f9B0Gn63tY6tyPJIJjelCTkkE13euGDnTfkJ6FcNs7C4QWj6PwD1QL4rbgmmSAuk +6ThnwDhvPICgVnfLwl8B5YqQsC/TqOOwECitJgltehjKPA2BqWQ4mXqt6AT0VMNd +cC/lxYq6YRPtsFlHE5py/4pBXaAXtYFq7Ow15Dp4BF5C1ahQc5JoIw2eedzl3gy3 +sViHBA4O1tk3VJSNX7OPf8+N9wA4XTlYt3he58mdh0X6+3ppIVOwdcTKiBLXm5WR +UEdMfQUgwYLGBoYbK2sLxSH2Wff+fWVJadMSHM1HaNv1vbkJBF5qi4BzxuRb3fw2 +T7Uo3fdy7atYq0Fp2hbWhbdN7/JVa+ZxM/HscORlPv2GiB6IVnfjrhuFXKZJ7uxw +ZVSGkEVDZWTWZkLlO+rGS6QwR8MHIBqhsnVWG830XkdWt+BtRN9XO2wpV8Wig1H8 +vLiFcoeftauk7alz3GU7C+/6j0tnjWTEG21tuuq7N2nflgCHcFxQWl4S/+s07/cS +INpyi3eDvuadd2JB1jFRXssI8kss1OEVdJHUXwx64nKsKAX01AA/Li2scjzqq7h6 +zntoISGSD1XuDuxu9rZmF57w9kO+EAxJnXLZRbHDMwWllaTzWK+/KJt7iBE59cuj +9Tr/DF6uji/ggGvrjUfXQ+MT1JMeEGYI9RPE2p1qQNYR7MBfrdkiu3ZnPEqPD7cy +YLPeBLwPuAG73Td5fBROJmNFiC/KGa11/35xKL44XE9tNiGfVrWOyn5qXkSmEHSA +2dpbRrKfaOWTufFfd5Ssfq+3bM47Nvmg0NmoY91iLwuuhc1NHHHevibPwniprjx1 +DrAHiJ2iYifl0P8MLRZixYEoexmJ/Wr8wzw74k2F3YY0UeD5tCGX4HsF/ojoqS2q +9JZhh4o/OaO9JioZA6FUDWDzUOHw8xi4OpELlr5+k+4jBXZDwKycz30/xemfObx/ +wngRA7yJY3rJ7l1ED6sjVNPGgv8u0yzRE8m6/jCQwXKJVQi659q/iVDoU3IkEdc1 +5PsGHTMpCBQyZxFfCzehfvfVPAkPI8Xl+GSNB4Y0kAXnM6Xb6Axd/utjE3Hcrvvu +D/yG+F+8q58OMxU5QBpr/HEyKLPBSXHCv37cJzG1M9qPbfwpANZ4zKWisbvEAO5z +pz6Ddk7rhxZ+xTWiB/iXwya3JSp+Vr/HT8n27GAGuKuRqwkhWI8Qh7n1rA1s8y/N +ozgA3FAAUS5ztb8UR8yLLRRNPpzR/j6hoYR2l4nrrFjv+hEpBXomBLXOkO03b9v/ +3QQMFTj2AXWiykafqzCXQ0Kj64g8U3D6AtCiABDCSPjUdSxzUK+H7YXoyAZai6cX +fTKbQl4oX2JCw0yic2J1umFnTdlnLaHVc/PzeZP8w8MLXlvlGEvQx7m7mOLCkcQB +nIDn9tMOkiZ5hyzMS5PvWWsPQM1kx0vE4fym1JJZNbZ2YMirus8t/PgC7IV1bu8b +3XIO3GorcQk4VuaeWsNYMvm9zHawpBwnR1zECeAppp5/52ivQqfsGiC/HQ3baYSI +PqEOxAprd1sYNEjVlg1T/fD89Uhi2QZdzR0wuvikchOnSXtqwOXYxdOOwwkANnaO +wLhqB+VLBLpiM0juL4FYTrk1wKThhy87wG1kRgWClfVRYNp7kpT4MF6J9VDMh0B8 +pxRE5ODMq8hjIEF+7h0W2RkWUdAfrupFRnvpTJP7uelNVr73ue83BfYCpV/uPxu5 +pxSIPDP+nEGqwGCp9pjhxuRGr/Dc5g+lgSOj+8PehEqdGEKfmn+xFXuaVFq2fucG +Myx2Fu05LVSAfDsbprzUz5vM1GJ2PEo9XcMvAo7CaLrxgukA63hg3i7Mwjd6lmQl +EvkvTMkcZvojxqHJh/rfGon2nmXMep6YgKGKdKZpzRgZ6twj22NrchzDxw3RQk4X +pM0SjT49ZyhJmtoREN669Htyy40mvNck0CrqVY8OUka/qsJ/f7r7HaNt53eed1rj +osGjUtUPOlqmi7e1TV3v+H6WPGq+uW6hNWbZwifiNkTH6AJCjDw5kutfQr8oBU/P +5BGNWMvy+f1YCikZNW6chOI+08E24O/Ny1PscUirDR6adVNBjO3Xjqq0y2tfPvN5 +8d1PSyoh5f6qlRH4ky6SjL4BbLCzzHwQ6ke/IAHmm/s8Ge4XEroznOQXW3qKDqYy +mTok86TkezZb9NfCB/4X0Tndfxk/x1T+00r2eLortyAO5YOwEo/HvANbdsRM9JJ0 +0p0JCZWFEcArwthaUGDkLHVtBbT+wPYmWtyhMgSiTJrx9EpeqB6FWIZJlUts1W4G +r/srbRe2h5OTPN43//NS/7p6OYDuJcVbAVGGxy4PES8WrhujFfSmBw8BL188sjx/ +Kh43guhzTC8moAp+a9IM0kGXtAajHppZ7BUyncTAXsRUdOhlS7Q2fdLPOV48MyWT +11UhvH2fuXKJhaXequ1PE2CePSXI2x5S4anJFNoUWEw5TgRF3rkQ3p/cZm1VAy2y +Z+VxQud0iVE15J9jGkGGa89D4m8ng16oGrSMKZAr1Gt4ZFJ5L1dP+WyPzecvzJMY +xq75CrFXuWXdpGrYRGhjGa7B2fhzylSpVfLUyWA+HZq64ZNJOqzeioyamG1OkF6e +6dHgjPmQUZeYckFEimIkXP9zHQPJfB8gX6gSyC+GSFIsitu9A3HEX5zS1uFDasdI +CZ5Upc20BZiybfGcwd8+allHYScidzpWei78LfcpuPfnMOf6hVdhlsfuvwV9F/ua +Gv0kw0+zxoDNxWhN4SqKHgYX0A1CyW/Olwb5l3s69PyUlLHTBKwf2Kth8ZCxoKpY +kiiEKQQLHEa7mRX8d0U2bDmkx9EKJc7Cfz3JoDHB5aRZ4sbbJO447Fhn9fnuzaTi +j7bDticnZymvjG13foBAJi16Pf431NsFdDYAfnmYYBFEJj/oIa5DtvidrRb+fRZv +rkQuJ59tvEGD5hymQPEe3zqiUktPl1G6Q2jYctBjmFSM9m1eIJrfD8qNCrDlKd4Y +uZJwt7XRWXirURBRk+aw0P0ZCLaWmWAKmfr+rZ8Dm8V9dO2PgjLxHRI0aEDSh/Jm +Noc2ba8YhjNwQbLTMWe3WjacbyUC9m9YqhMx5ZV6EUK+jPR7FEw158wCaV2+qFNY +ZKvILBoZywEqZkkeGp6zy7UJFzlVNzh7U0YyE6l0GxNFJ2fp2ViQ930TZt28wuTT +If34N/+h1TGc4MqWcI9/4HeXZ5UV5v+gLa/sb6i0RuTrhNM50JinC1Bkqy5GrQLK +wUOFb9PNNTNz3M6pl1HEmwbiAUAhrbUhcVQPcmneLQYpzW5/sv+s+vfx8xRujZtv +kknt2ftLE7YedA1KvfjRis0d9J/EbzhLdIBg3mA0OBA1cIy7GKq9EIyg2FFiok3y +T7taZPr0BuaZqFq4UaL1Se5okrBO/gwHcNj6isnQBlIDV/m858dMMYedajIHLnWb +bgsNOXjj+FxdmappOqUJKjLseFx91NBuix5d92oUM8LvWQ9iHXVk9y7KVgFxFpc/ +lCw+UTzzBPnC0GcmJzOT8AaWkMYrnikoL4lYn9mr8wwLpJFkUOmyF/EUSiCj72Gb +v1GmsjbgAECIjEgIMXRAC5Vx1L9zjzHhxyHOk2f6/kfbsjSl0kKUIWTlNz9JWi4/ +MuzXdleauhHYjE5zjaJ9Mp3KNhYNH2y8xUliSPLeX0TXyAJVKSYTtxq1JVyKTHBL +yVEBUFcOtAkF5Mo7nTyjUGMcHVq7+3udXz8PSmxwDUSsWbwcOAvhqyW4d/tnCHk7 +wc3pMAIJUrsG/mAjy9Jc4jUsHOlzNu09w6YpDk7PyJBdm6pibyKdFbWhHxspZCwx +Ikg5iH751ka7WzT7Bnthy2Ekj7d/0R8ZeOozFZFeGscy86SiPBxT+UyhvCgwGyNQ +9YQnrKuIzxKV76nrbD/29yBzBTQAeeYJ9IgosIdqlWXqaJJNWvVeglSYdcEFpLNV +hKbHj0pS6OtGopX4RAl2Gybi7ZXBPR2af1HywMp4FkRi4AVYcP0CWtp6TcnkBoPy +603JF3Jfoyhg1vGhCipoGx6pCa+RD2gw5VSefhZtOeukDf3BhooMQB+ya1DUCp/T diff --git a/modules/nixos/services/acme/default.nix b/modules/nixos/services/acme/default.nix index 4c3649f..0b7884a 100644 --- a/modules/nixos/services/acme/default.nix +++ b/modules/nixos/services/acme/default.nix @@ -1,11 +1,16 @@ -{ config, lib, ... }: +{ + config, + lib, + namespace, + ... +}: let - cfg = config.aux.system.services.acme; + cfg = config.${namespace}.services.acme; in { options = { - aux.system.services.acme = { + ${namespace}.services.acme = { enable = lib.mkEnableOption "Enable the ACME client (for Let's Encrypt TLS certificates)."; certs = lib.mkOption { default = { }; @@ -30,6 +35,6 @@ in # /var/lib/acme/.challenges must be writable by the ACME user # and readable by the Nginx user. The easiest way to achieve # this is to add the Nginx user to the ACME group. - users.users.nginx.extraGroups = lib.mkIf config.aux.system.services.nginx.enable [ "acme" ]; + users.users.nginx.extraGroups = lib.mkIf config.${namespace}.services.nginx.enable [ "acme" ]; }; } diff --git a/modules/nixos/services/apcupsd/default.nix b/modules/nixos/services/apcupsd/default.nix index 93e5041..2b56cf3 100644 --- a/modules/nixos/services/apcupsd/default.nix +++ b/modules/nixos/services/apcupsd/default.nix @@ -1,10 +1,15 @@ -{ config, lib, ... }: +{ + config, + lib, + namespace, + ... +}: let - cfg = config.aux.system.services.apcupsd; + cfg = config.${namespace}.services.apcupsd; in { options = { - aux.system.services.apcupsd = { + ${namespace}.services.apcupsd = { enable = lib.mkEnableOption "Enables apcupsd"; configText = lib.mkOption { type = lib.types.str; diff --git a/modules/nixos/services/autoupgrade/default.nix b/modules/nixos/services/autoupgrade/default.nix index d2788fd..4b0cf54 100644 --- a/modules/nixos/services/autoupgrade/default.nix +++ b/modules/nixos/services/autoupgrade/default.nix @@ -1,12 +1,17 @@ # Run automatic updates. Replaces system.autoUpgrade. -{ config, lib, ... }: +{ + config, + lib, + namespace, + ... +}: let - cfg = config.aux.system.services.autoUpgrade; + cfg = config.${namespace}.services.autoUpgrade; in { options = { - aux.system.services.autoUpgrade = { + ${namespace}.services.autoUpgrade = { enable = lib.mkEnableOption "Enables automatic system updates."; configDir = lib.mkOption { type = lib.types.str; @@ -54,7 +59,7 @@ in ]; # Deploy update script - aux.system.nixos-operations-script.enable = true; + ${namespace}.nixos-operations-script.enable = true; # Pull and apply updates. systemd = { @@ -63,7 +68,7 @@ in Type = "oneshot"; User = "root"; }; - path = config.aux.system.corePackages; + path = config.${namespace}.corePackages; unitConfig.RequiresMountsFor = cfg.configDir; script = "/run/current-system/sw/bin/nixos-operations-script --operation ${cfg.operation} " diff --git a/modules/nixos/services/binary-cache/default.nix b/modules/nixos/services/binary-cache/default.nix index f29def7..fdc5295 100644 --- a/modules/nixos/services/binary-cache/default.nix +++ b/modules/nixos/services/binary-cache/default.nix @@ -1,16 +1,16 @@ { config, lib, - pkgs, + namespace, ... }: let - cfg = config.aux.system.services.binary-cache; + cfg = config.${namespace}.services.binary-cache; in { options = { - aux.system.services.binary-cache = { + ${namespace}.services.binary-cache = { enable = lib.mkEnableOption "Enable a binary cache hosting service."; secretKeyFile = lib.mkOption { default = "/var/lib/nix-binary-cache/privkey.pem"; diff --git a/modules/nixos/services/boinc/default.nix b/modules/nixos/services/boinc/default.nix index acc2d81..22933d2 100644 --- a/modules/nixos/services/boinc/default.nix +++ b/modules/nixos/services/boinc/default.nix @@ -2,15 +2,16 @@ config, lib, pkgs, + namespace, ... }: let - cfg = config.aux.system.services.boinc; + cfg = config.${namespace}.services.boinc; in { options = { - aux.system.services.boinc = { + ${namespace}.services.boinc = { enable = lib.mkEnableOption "Enables BOINC distributed computing service."; home = lib.mkOption { default = "/var/lib/boinc"; @@ -27,7 +28,7 @@ in dataDir = cfg.home; extraEnvPackages = [ pkgs.ocl-icd - ] ++ lib.optionals config.aux.system.gpu.nvidia.enable [ pkgs.linuxPackages.nvidia_x11 ]; + ] ++ lib.optionals config.${namespace}.gpu.nvidia.enable [ pkgs.linuxPackages.nvidia_x11 ]; allowRemoteGuiRpc = true; }; diff --git a/modules/nixos/services/duplicacy-web/default.nix b/modules/nixos/services/duplicacy-web/default.nix index fd7a3cc..ffb7dd7 100644 --- a/modules/nixos/services/duplicacy-web/default.nix +++ b/modules/nixos/services/duplicacy-web/default.nix @@ -2,15 +2,16 @@ pkgs, config, lib, + namespace, ... }: let - cfg = config.aux.system.services.duplicacy-web; + cfg = config.${namespace}.services.duplicacy-web; in { options = { - aux.system.services.duplicacy-web = { + ${namespace}.services.duplicacy-web = { enable = lib.mkEnableOption "Enables duplicacy-web"; home = lib.mkOption { default = "/var/lib/duplicacy-web"; diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix index 10b8bb3..79c4823 100644 --- a/modules/nixos/services/forgejo/default.nix +++ b/modules/nixos/services/forgejo/default.nix @@ -1,14 +1,15 @@ { config, lib, + namespace, ... }: let - cfg = config.aux.system.services.forgejo; + cfg = config.${namespace}.services.forgejo; in { options = { - aux.system.services.forgejo = { + ${namespace}.services.forgejo = { enable = lib.mkEnableOption "Enables Forgejo Git hosting service."; home = lib.mkOption { default = ""; diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix index d980bfb..4eab7d1 100644 --- a/modules/nixos/services/jellyfin/default.nix +++ b/modules/nixos/services/jellyfin/default.nix @@ -2,10 +2,11 @@ pkgs, config, lib, + namespace, ... }: let - cfg = config.aux.system.services.jellyfin; + cfg = config.${namespace}.services.jellyfin; jellyfin-audio-save = pkgs.unstable.jellyfin.overrideAttrs ( finalAttrs: prevAttrs: { patches = [ ./jellyfin-audio-save-position.patch ]; } @@ -13,7 +14,7 @@ let in { options = { - aux.system.services.jellyfin = { + ${namespace}.services.jellyfin = { enable = lib.mkEnableOption "Enables the Jellyfin media streaming service."; home = lib.mkOption { default = "/var/lib/jellyfin"; @@ -30,7 +31,7 @@ in }; config = lib.mkIf cfg.enable { - aux.system.users.media.enable = true; + ${namespace}.users.media.enable = true; services = { nginx.virtualHosts."${cfg.url}" = { diff --git a/modules/nixos/services/languagetool/default.nix b/modules/nixos/services/languagetool/default.nix index 040bdaa..ea01038 100644 --- a/modules/nixos/services/languagetool/default.nix +++ b/modules/nixos/services/languagetool/default.nix @@ -2,14 +2,15 @@ pkgs, config, lib, + namespace, ... }: let - cfg = config.aux.system.services.languagetool; + cfg = config.${namespace}.services.languagetool; in { options = { - aux.system.services.languagetool = { + ${namespace}.services.languagetool = { enable = lib.mkEnableOption (lib.mdDoc "Enables LanguageTool server."); auth = { password = lib.mkOption { diff --git a/modules/nixos/services/msmtp/default.nix b/modules/nixos/services/msmtp/default.nix index 5e352e3..83df799 100644 --- a/modules/nixos/services/msmtp/default.nix +++ b/modules/nixos/services/msmtp/default.nix @@ -1,12 +1,17 @@ # See https://wiki.nixos.org/wiki/Msmtp -{ config, lib, ... }: +{ + config, + lib, + namespace, + ... +}: let - cfg = config.aux.system.services.msmtp; + cfg = config.${namespace}.services.msmtp; in { options = { - aux.system.services.msmtp = { + ${namespace}.services.msmtp = { enable = lib.mkEnableOption "Enables mail server"; accounts = lib.mkOption { type = lib.types.attrs; diff --git a/modules/nixos/services/netdata/default.nix b/modules/nixos/services/netdata/default.nix index ab77511..3ba2635 100644 --- a/modules/nixos/services/netdata/default.nix +++ b/modules/nixos/services/netdata/default.nix @@ -2,14 +2,15 @@ pkgs, config, lib, + namespace, ... }: let - cfg = config.aux.system.services.netdata; + cfg = config.${namespace}.services.netdata; in { options = { - aux.system.services.netdata = { + ${namespace}.services.netdata = { enable = lib.mkEnableOption "Enables Netdata monitoring."; auth = { user = lib.mkOption { diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index 42f9d44..9a61e99 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -1,11 +1,16 @@ -{ config, lib, ... }: +{ + config, + lib, + namespace, + ... +}: let - cfg = config.aux.system.services.nginx; + cfg = config.${namespace}.services.nginx; in { options = { - aux.system.services.nginx = { + ${namespace}.services.nginx = { enable = lib.mkEnableOption "Enable the Nginx web server."; virtualHosts = lib.mkOption { diff --git a/modules/nixos/services/qbittorrent/default.nix b/modules/nixos/services/qbittorrent/default.nix index 59130bc..319a20a 100644 --- a/modules/nixos/services/qbittorrent/default.nix +++ b/modules/nixos/services/qbittorrent/default.nix @@ -2,17 +2,18 @@ config, lib, pkgs, + namespace, ... }: let - cfg = config.aux.system.services.qbittorrent; + cfg = config.${namespace}.services.qbittorrent; UID = 850; GID = 850; in { options = { - aux.system.services.qbittorrent = { + ${namespace}.services.qbittorrent = { enable = lib.mkEnableOption "Enables qBittorrent."; home = lib.mkOption { default = "/var/lib/qbittorrent"; diff --git a/modules/nixos/services/rss/default.nix b/modules/nixos/services/rss/default.nix index b6c645f..4b91102 100644 --- a/modules/nixos/services/rss/default.nix +++ b/modules/nixos/services/rss/default.nix @@ -2,14 +2,15 @@ pkgs, config, lib, + namespace, ... }: let - cfg = config.aux.system.services.rss; + cfg = config.${namespace}.services.rss; in { options = { - aux.system.services.rss = { + ${namespace}.services.rss = { enable = lib.mkEnableOption "Enables RSS hosting service via FreshRSS."; auth = { password = lib.mkOption { diff --git a/modules/nixos/services/ssh/default.nix b/modules/nixos/services/ssh/default.nix index a9487ee..a124fb3 100644 --- a/modules/nixos/services/ssh/default.nix +++ b/modules/nixos/services/ssh/default.nix @@ -1,11 +1,16 @@ -{ config, lib, ... }: +{ + config, + lib, + namespace, + ... +}: let - cfg = config.aux.system.services.ssh; + cfg = config.${namespace}.services.ssh; in { options = { - aux.system.services.ssh = { + ${namespace}.services.ssh = { enable = lib.mkEnableOption "Enables SSH server."; ports = lib.mkOption { default = [ 22 ]; diff --git a/modules/nixos/services/syncthing/default.nix b/modules/nixos/services/syncthing/default.nix index 4e865d8..fdf1c6a 100644 --- a/modules/nixos/services/syncthing/default.nix +++ b/modules/nixos/services/syncthing/default.nix @@ -1,12 +1,17 @@ # See https://wiki.nixos.org/wiki/Syncthing -{ config, lib, ... }: +{ + config, + lib, + namespace, + ... +}: let - cfg = config.aux.system.services.syncthing; + cfg = config.${namespace}.services.syncthing; in { options = { - aux.system.services.syncthing = { + ${namespace}.services.syncthing = { enable = lib.mkEnableOption "Enables Syncthing."; enableTray = lib.mkEnableOption "Enables the Syncthing Tray applet."; home = lib.mkOption { @@ -36,7 +41,7 @@ in networking.firewall.allowedTCPPorts = with cfg.web; lib.mkIf (enable && public) [ port ]; services = { - flatpak.packages = lib.mkIf (config.aux.system.ui.flatpak.enable && cfg.enableTray) [ + flatpak.packages = lib.mkIf (config.${namespace}.ui.flatpak.enable && cfg.enableTray) [ "io.github.martchus.syncthingtray" ]; diff --git a/modules/nixos/services/virtualization/default.nix b/modules/nixos/services/virtualization/default.nix index cd34e5c..f990a3a 100644 --- a/modules/nixos/services/virtualization/default.nix +++ b/modules/nixos/services/virtualization/default.nix @@ -3,15 +3,16 @@ config, lib, pkgs, + namespace, ... }: let - cfg = config.aux.system.services.virtualization; + cfg = config.${namespace}.services.virtualization; in { options = { - aux.system.services.virtualization = { + ${namespace}.services.virtualization = { enable = lib.mkEnableOption "Enables virtualization tools on this host."; host = { enable = lib.mkEnableOption "Enables virtual machine hosting."; diff --git a/modules/nixos/system/bluetooth/default.nix b/modules/nixos/system/bluetooth/default.nix index 6d17790..30b4a95 100644 --- a/modules/nixos/system/bluetooth/default.nix +++ b/modules/nixos/system/bluetooth/default.nix @@ -3,16 +3,17 @@ lib, config, pkgs, + namespace, ... }: let - cfg = config.aux.system.bluetooth; + cfg = config.${namespace}.bluetooth; in { options = { - aux.system.bluetooth = { + ${namespace}.bluetooth = { enable = lib.mkEnableOption "Enables bluetooth."; experimental.enable = lib.mkEnableOption "Enables experimental features, like device power reporting."; }; diff --git a/modules/nixos/system/bootloader/default.nix b/modules/nixos/system/bootloader/default.nix index 67967c0..d07c8e0 100644 --- a/modules/nixos/system/bootloader/default.nix +++ b/modules/nixos/system/bootloader/default.nix @@ -4,17 +4,18 @@ config, lib, pkgs, + namespace, ... }: # Bootloader let - cfg = config.aux.system.bootloader; + cfg = config.${namespace}.bootloader; in { options = { - aux.system.bootloader = { + ${namespace}.bootloader = { enable = lib.mkOption { description = "Automatically configures the bootloader. Set to false to configure manually."; type = lib.types.bool; diff --git a/modules/nixos/system/default.nix b/modules/nixos/system/default.nix index 31c5610..c0a134c 100644 --- a/modules/nixos/system/default.nix +++ b/modules/nixos/system/default.nix @@ -3,16 +3,17 @@ pkgs, config, lib, + namespace, ... }: let - cfg = config.aux.system; + cfg = config.${namespace}; gitWithLibsecret = pkgs.git.override { withLibsecret = true; }; in { options = { - aux.system = { + ${namespace} = { packages = lib.mkOption { description = "Additional system packages to install. This is just a wrapper for environment.systemPackages."; type = lib.types.listOf lib.types.package; @@ -71,7 +72,7 @@ in autodetect = true; notifications = { wall.enable = true; - mail = lib.mkIf config.aux.system.services.msmtp.enable { + mail = lib.mkIf config.${namespace}.services.msmtp.enable { enable = true; mailer = "/run/wrappers/bin/sendmail"; sender = "${config.networking.hostName}@${config.secrets.networking.domains.primary}"; diff --git a/modules/nixos/system/editor/default.nix b/modules/nixos/system/editor/default.nix index a646ab3..9cc68e3 100644 --- a/modules/nixos/system/editor/default.nix +++ b/modules/nixos/system/editor/default.nix @@ -1,12 +1,17 @@ # Basic system-wide text editor configuration. -{ config, lib, ... }: +{ + config, + lib, + namespace, + ... +}: let - cfg = config.aux.system.editor; + cfg = config.${namespace}.editor; in { options = { - aux.system.editor = lib.mkOption { + ${namespace}.editor = lib.mkOption { description = "Selects the default text editor."; default = "nano"; type = lib.types.enum [ diff --git a/modules/nixos/system/filesystem/default.nix b/modules/nixos/system/filesystem/default.nix index 47e8782..0faee78 100644 --- a/modules/nixos/system/filesystem/default.nix +++ b/modules/nixos/system/filesystem/default.nix @@ -1,6 +1,11 @@ -{ lib, config, ... }: +{ + lib, + config, + namespace, + ... +}: let - cfg = config.aux.system.filesystem; + cfg = config.${namespace}.filesystem; # LUKS partition will decrypt to /dev/mapper/nixos-root decryptPart = "nixos-root"; @@ -14,7 +19,7 @@ let in { options = { - aux.system.filesystem = { + ${namespace}.filesystem = { enable = lib.mkEnableOption "Enables standard BTRFS subvolumes and parameters."; partitions = { boot = lib.mkOption { @@ -60,7 +65,7 @@ in boot.initrd.luks.devices.${decryptPart} = { device = cfg.partitions.luks; # Enable TPM auto-unlocking if configured - crypttabExtraOpts = lib.mkIf config.aux.system.bootloader.tpm2.enable [ "tpm2-device=auto" ]; + crypttabExtraOpts = lib.mkIf config.${namespace}.bootloader.tpm2.enable [ "tpm2-device=auto" ]; }; fileSystems = { "/" = { diff --git a/modules/nixos/system/gpu/default.nix b/modules/nixos/system/gpu/default.nix index 131855f..42bb974 100644 --- a/modules/nixos/system/gpu/default.nix +++ b/modules/nixos/system/gpu/default.nix @@ -3,14 +3,15 @@ pkgs, config, lib, + namespace, ... }: let - cfg = config.aux.system.gpu; + cfg = config.${namespace}.gpu; in { options = { - aux.system.gpu = { + ${namespace}.gpu = { amd.enable = lib.mkEnableOption "Enables AMD GPU support."; intel.enable = lib.mkEnableOption "Enables Intel GPU support."; nvidia = { @@ -87,7 +88,7 @@ in opengl.extraPackages = with pkgs; [ vaapiVdpau ]; nvidia = { modesetting.enable = true; - nvidiaSettings = config.aux.system.ui.desktops.enable; + nvidiaSettings = config.${namespace}.ui.desktops.enable; package = config.boot.kernelPackages.nvidiaPackages.stable; prime = lib.mkIf cfg.nvidia.hybrid.enable { diff --git a/modules/nixos/system/networking/default.nix b/modules/nixos/system/networking/default.nix index 821a62d..f257d78 100644 --- a/modules/nixos/system/networking/default.nix +++ b/modules/nixos/system/networking/default.nix @@ -1,5 +1,5 @@ # Configure basic networking options. -{ lib, ... }: +{ lib, namespace, ... }: { networking = { # Default to DHCP. Set to false to use static IPs. diff --git a/modules/nixos/system/nix/default.nix b/modules/nixos/system/nix/default.nix index be6080c..6e8318c 100644 --- a/modules/nixos/system/nix/default.nix +++ b/modules/nixos/system/nix/default.nix @@ -4,11 +4,12 @@ inputs, lib, pkgs, + namespace, ... }: let - cfg = config.aux.system; + cfg = config.${namespace}; nixos-operations-script = pkgs.writeShellScriptBin "nixos-operations-script" ( builtins.readFile ../../../../bin/nixos-operations-script.sh @@ -16,7 +17,7 @@ let in { options = { - aux.system = { + ${namespace} = { retentionPeriod = lib.mkOption { description = "How long to retain NixOS generations. Defaults to one month."; type = lib.types.str; @@ -28,8 +29,11 @@ in config = lib.mkMerge [ { nix = { + # Use Lix in place of Nix + package = pkgs.lix; + + # Ensure we can still build when secondary caches are unavailable extraOptions = '' - # Ensure we can still build when secondary caches are unavailable fallback = true ''; @@ -60,14 +64,14 @@ in # Only allow these users to use Nix allowed-users = with config.users.users; [ root.name - (lib.mkIf config.aux.system.users.aires.enable aires.name) - (lib.mkIf config.aux.system.users.gremlin.enable gremlin.name) + (lib.mkIf config.${namespace}.users.aires.enable aires.name) + (lib.mkIf config.${namespace}.users.gremlin.enable gremlin.name) ]; # Avoid signature verification messages when doing remote builds trusted-users = with config.users.users; [ root.name - (lib.mkIf config.aux.system.users.aires.enable aires.name) + (lib.mkIf config.${namespace}.users.aires.enable aires.name) ]; }; @@ -92,7 +96,7 @@ in } (lib.mkIf cfg.nixos-operations-script.enable { # Enable and configure NOS - aux.system.packages = [ nixos-operations-script ]; + ${namespace}.packages = [ nixos-operations-script ]; environment.variables."FLAKE_DIR" = config.secrets.nixConfigFolder; }) ]; diff --git a/modules/nixos/system/raid/default.nix b/modules/nixos/system/raid/default.nix index bdd95f5..25a8cb7 100644 --- a/modules/nixos/system/raid/default.nix +++ b/modules/nixos/system/raid/default.nix @@ -1,11 +1,16 @@ -{ lib, config, ... }: +{ + lib, + config, + namespace, + ... +}: let - cfg = config.aux.system.raid; + cfg = config.${namespace}.raid; in { options = { - aux.system.raid = { + ${namespace}.raid = { enable = lib.mkEnableOption "Enables RAID support."; storage = { enable = lib.mkEnableOption "Enables support for the storage array."; @@ -28,7 +33,7 @@ in config = lib.mkMerge [ (lib.mkIf cfg.enable { boot.swraid.enable = true; }) (lib.mkIf cfg.storage.enable { - aux.system.raid.enable = true; + ${namespace}.raid.enable = true; boot.swraid.mdadmConf = '' ARRAY /dev/md/Sapana metadata=1.2 UUID=51076daf:efdb34dd:bce48342:3b549fcb MAILADDR ${cfg.storage.mailAddr} diff --git a/modules/nixos/ui/audio/default.nix b/modules/nixos/ui/audio/default.nix index 6479958..ee59c89 100644 --- a/modules/nixos/ui/audio/default.nix +++ b/modules/nixos/ui/audio/default.nix @@ -3,15 +3,16 @@ pkgs, lib, config, + namespace, ... }: let - cfg = config.aux.system.ui.audio; + cfg = config.${namespace}.ui.audio; in { options = { - aux.system.ui.audio = { + ${namespace}.ui.audio = { enable = lib.mkEnableOption "Enables audio."; enableLowLatency = lib.mkEnableOption "Enables low-latency audio (may cause crackling) per https://wiki.nixos.org/wiki/PipeWire#Low-latency_setup."; }; diff --git a/modules/nixos/ui/desktops/budgie/default.nix b/modules/nixos/ui/desktops/budgie/default.nix index ce1bbb4..80de435 100644 --- a/modules/nixos/ui/desktops/budgie/default.nix +++ b/modules/nixos/ui/desktops/budgie/default.nix @@ -1,15 +1,20 @@ # Enables the Budgie desktop environment. -{ config, lib, ... }: +{ + config, + lib, + namespace, + ... +}: let - cfg = config.aux.system.ui.desktops.budgie; + cfg = config.${namespace}.ui.desktops.budgie; in { options = { - aux.system.ui.desktops.budgie.enable = lib.mkEnableOption "Enables the Budgie desktop environment."; + ${namespace}.ui.desktops.budgie.enable = lib.mkEnableOption "Enables the Budgie desktop environment."; }; config = lib.mkIf cfg.enable { - aux.system.ui.desktops.enable = true; + ${namespace}.ui.desktops.enable = true; services.xserver = { enable = true; diff --git a/modules/nixos/ui/desktops/default.nix b/modules/nixos/ui/desktops/default.nix index 8219257..120d357 100644 --- a/modules/nixos/ui/desktops/default.nix +++ b/modules/nixos/ui/desktops/default.nix @@ -3,15 +3,16 @@ pkgs, config, lib, + namespace, ... }: let - cfg = config.aux.system.ui.desktops; + cfg = config.${namespace}.ui.desktops; in { options = { - aux.system.ui.desktops = { + ${namespace}.ui.desktops = { enable = lib.mkEnableOption "Enables base desktop environment support."; xkb = lib.mkOption { description = "The keyboard layout to use by default. Defaults to us."; @@ -25,7 +26,7 @@ in }; config = lib.mkIf cfg.enable { - aux.system = { + ${namespace} = { bluetooth = { enable = true; experimental.enable = true; @@ -79,7 +80,7 @@ in enable = true; # Configure keymap in X11 - xkb = config.aux.system.ui.desktops.xkb; + xkb = config.${namespace}.ui.desktops.xkb; }; # Enable touchpad support (enabled by default in most desktop managers, buuuut just in case). diff --git a/modules/nixos/ui/desktops/gnome/default.nix b/modules/nixos/ui/desktops/gnome/default.nix index 1508db8..51bf97d 100644 --- a/modules/nixos/ui/desktops/gnome/default.nix +++ b/modules/nixos/ui/desktops/gnome/default.nix @@ -4,22 +4,23 @@ pkgs, config, lib, + namespace, ... }: let - cfg = config.aux.system.ui.desktops.gnome; + cfg = config.${namespace}.ui.desktops.gnome; in { options = { - aux.system.ui.desktops.gnome = { + ${namespace}.ui.desktops.gnome = { enable = lib.mkEnableOption "Enables the Gnome Desktop Environment."; }; }; config = lib.mkIf cfg.enable { - aux.system.ui.desktops.enable = true; + ${namespace}.ui.desktops.enable = true; # Enable Gnome services = { diff --git a/modules/nixos/ui/desktops/hyprland/default.nix b/modules/nixos/ui/desktops/hyprland/default.nix index f3f7c45..d029098 100644 --- a/modules/nixos/ui/desktops/hyprland/default.nix +++ b/modules/nixos/ui/desktops/hyprland/default.nix @@ -1,15 +1,20 @@ # Enables the Hyprland desktop environment. -{ config, lib, ... }: +{ + config, + lib, + namespace, + ... +}: let - cfg = config.aux.system.ui.desktops.hyprland; + cfg = config.${namespace}.ui.desktops.hyprland; in { options = { - aux.system.ui.desktops.hyprland.enable = lib.mkEnableOption "Enables the Hyprland desktop environment."; + ${namespace}.ui.desktops.hyprland.enable = lib.mkEnableOption "Enables the Hyprland desktop environment."; }; config = lib.mkIf cfg.enable { - aux.system.ui.desktops.enable = true; + ${namespace}.ui.desktops.enable = true; programs.hyprland = { enable = true; diff --git a/modules/nixos/ui/desktops/kde/default.nix b/modules/nixos/ui/desktops/kde/default.nix index ffe46a3..fc63581 100644 --- a/modules/nixos/ui/desktops/kde/default.nix +++ b/modules/nixos/ui/desktops/kde/default.nix @@ -3,22 +3,23 @@ pkgs, config, lib, + namespace, ... }: let - cfg = config.aux.system.ui.desktops.kde; + cfg = config.${namespace}.ui.desktops.kde; in { options = { - aux.system.ui.desktops.kde = { + ${namespace}.ui.desktops.kde = { enable = lib.mkEnableOption "Enables the KDE Desktop Environment."; useX11 = lib.mkEnableOption "Uses X11 instead of Wayland."; }; }; config = lib.mkIf cfg.enable { - aux.system.ui.desktops.enable = true; + ${namespace}.ui.desktops.enable = true; programs.dconf.enable = true; diff --git a/modules/nixos/ui/desktops/xfce/default.nix b/modules/nixos/ui/desktops/xfce/default.nix index 5eb3071..b2b2816 100644 --- a/modules/nixos/ui/desktops/xfce/default.nix +++ b/modules/nixos/ui/desktops/xfce/default.nix @@ -1,15 +1,20 @@ # Enables the XFCE desktop environment. -{ config, lib, ... }: +{ + config, + lib, + namespace, + ... +}: let - cfg = config.aux.system.ui.desktops.xfce; + cfg = config.${namespace}.ui.desktops.xfce; in { options = { - aux.system.ui.desktops.xfce.enable = lib.mkEnableOption "Enables the XFCE desktop environment."; + ${namespace}.ui.desktops.xfce.enable = lib.mkEnableOption "Enables the XFCE desktop environment."; }; config = lib.mkIf cfg.enable { - aux.system.ui.desktops.enable = true; + ${namespace}.ui.desktops.enable = true; services.xserver = { enable = true; diff --git a/modules/nixos/ui/flatpak/default.nix b/modules/nixos/ui/flatpak/default.nix index 48c0c76..9d86c82 100644 --- a/modules/nixos/ui/flatpak/default.nix +++ b/modules/nixos/ui/flatpak/default.nix @@ -2,16 +2,17 @@ pkgs, config, lib, + namespace, ... }: # Flatpak support and options let - cfg = config.aux.system.ui.flatpak; + cfg = config.${namespace}.ui.flatpak; in { options = { - aux.system.ui.flatpak = { + ${namespace}.ui.flatpak = { enable = lib.mkEnableOption { description = "Enables Flatpak support."; }; packages = lib.mkOption { description = "Flatpak packages to install."; @@ -72,8 +73,8 @@ in aggregatedIcons = pkgs.buildEnv { name = "system-icons"; paths = with pkgs; [ - (lib.mkIf config.aux.system.ui.desktops.gnome.enable gnome-themes-extra) - (lib.mkIf config.aux.system.ui.desktops.kde.enable kdePackages.breeze-icons) + (lib.mkIf config.${namespace}.ui.desktops.gnome.enable gnome-themes-extra) + (lib.mkIf config.${namespace}.ui.desktops.kde.enable kdePackages.breeze-icons) papirus-icon-theme qogir-icon-theme ]; diff --git a/modules/nixos/users/aires/default.nix b/modules/nixos/users/aires/default.nix index f11baf4..d93669d 100644 --- a/modules/nixos/users/aires/default.nix +++ b/modules/nixos/users/aires/default.nix @@ -1,16 +1,17 @@ { lib, config, + namespace, ... }: # Define 'aires' let - cfg = config.aux.system.users.aires; + cfg = config.${namespace}.users.aires; in { options = { - aux.system.users.aires = { + ${namespace}.users.aires = { enable = lib.mkEnableOption "Enables aires user account"; autologin = lib.mkEnableOption "Automatically logs aires in on boot"; }; @@ -66,7 +67,7 @@ in userName = config.secrets.users.aires.firstName; userEmail = config.secrets.users.aires.email; extraConfig = { - core.editor = config.aux.system.editor; + core.editor = config.${namespace}.editor; merge.conflictStyle = "zdiff3"; pull.ff = "only"; push.autoSetupRemote = "true"; diff --git a/modules/nixos/users/common/home-manager/gnome.nix b/modules/nixos/users/common/home-manager/gnome.nix index 0c002ea..76b3b47 100644 --- a/modules/nixos/users/common/home-manager/gnome.nix +++ b/modules/nixos/users/common/home-manager/gnome.nix @@ -1,5 +1,4 @@ -{ lib, osConfig, ... }: -{ +_: { # NOTE: Allegedly prevents random Gnome crashes. But really, it just prevents me from logging in. # See https://www.reddit.com/r/archlinux/comments/1erbika/fyi_if_you_experience_crashes_on_gnome_on_amd/ /* @@ -9,7 +8,7 @@ */ # Additional Gnome configurations via home-manager. - dconf.settings = lib.mkIf osConfig.aux.system.ui.desktops.gnome.enable { + dconf.settings = { "org/gnome/mutter" = { edge-tiling = true; workspaces-only-on-primary = false; diff --git a/modules/nixos/users/gremlin/default.nix b/modules/nixos/users/gremlin/default.nix index d48359d..d9a10d9 100644 --- a/modules/nixos/users/gremlin/default.nix +++ b/modules/nixos/users/gremlin/default.nix @@ -2,16 +2,17 @@ pkgs, lib, config, + namespace, ... }: # Define 'gremlin' user let - cfg = config.aux.system.users.gremlin; + cfg = config.${namespace}.users.gremlin; in { options = { - aux.system.users.gremlin = { + ${namespace}.users.gremlin = { enable = lib.mkEnableOption "Enables gremlin user account"; }; }; @@ -35,7 +36,7 @@ in }; # Install gremlin-specific flatpaks - aux.system.ui.flatpak.packages = [ + ${namespace}.ui.flatpak.packages = [ "com.google.Chrome" "com.slack.Slack" ]; diff --git a/modules/nixos/users/media/default.nix b/modules/nixos/users/media/default.nix index 5429e3a..74dd439 100644 --- a/modules/nixos/users/media/default.nix +++ b/modules/nixos/users/media/default.nix @@ -1,13 +1,18 @@ -{ lib, config, ... }: +{ + lib, + config, + namespace, + ... +}: # Define user for managing media files let - cfg = config.aux.system.users.media; + cfg = config.${namespace}.users.media; in { options = { - aux.system.users.media = { + ${namespace}.users.media = { enable = lib.mkEnableOption "Enables media user account"; }; }; diff --git a/modules/nixos/users/root/default.nix b/modules/nixos/users/root/default.nix index b974d3e..ab9b503 100644 --- a/modules/nixos/users/root/default.nix +++ b/modules/nixos/users/root/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{ namespace, ... }: { home-manager.users.root = { imports = [ ../common/home-manager/zsh.nix ]; diff --git a/systems/aarch64-linux/Pihole/default.nix b/systems/aarch64-linux/Pihole/default.nix index 7bdde1c..8bd8a22 100644 --- a/systems/aarch64-linux/Pihole/default.nix +++ b/systems/aarch64-linux/Pihole/default.nix @@ -2,6 +2,7 @@ config, pkgs, lib, + namespace, ... }: let @@ -24,7 +25,7 @@ in }; }; - aux.system = { + ${namespace} = { bootloader.enable = false; # Bootloader configured in hardware-configuration.nix packages = with pkgs; [ libraspberrypi diff --git a/systems/aarch64-linux/Pihole/hardware-configuration.nix b/systems/aarch64-linux/Pihole/hardware-configuration.nix index 49e2ce6..25c5000 100644 --- a/systems/aarch64-linux/Pihole/hardware-configuration.nix +++ b/systems/aarch64-linux/Pihole/hardware-configuration.nix @@ -1,6 +1,11 @@ # Raspberry Pi 4B # See https://wiki.nixos.org/wiki/NixOS_on_ARM/Raspberry_Pi_4 -{ lib, modulesPath, ... }: +{ + lib, + modulesPath, + namespace, + ... +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; diff --git a/systems/configuration.nix.template b/systems/default.nix.template similarity index 95% rename from systems/configuration.nix.template rename to systems/default.nix.template index b281de4..84933f7 100644 --- a/systems/configuration.nix.template +++ b/systems/default.nix.template @@ -4,6 +4,7 @@ home-manager, lib, config, + namespace, ... }: let @@ -22,8 +23,7 @@ in networking.hostName = hostName; # Configure the system here. - aux.system = { - role = "workstation"; + config.${namespace} = { apps = { # Define applications here }; diff --git a/systems/hardware-configuration.nix.template b/systems/hardware-configuration.nix.template index 1c78c81..b57548f 100644 --- a/systems/hardware-configuration.nix.template +++ b/systems/hardware-configuration.nix.template @@ -29,7 +29,7 @@ in }; # Configure the main filesystem. - aux.system.filesystem = { + ${namespace}.filesystem = { enable = true; partitions = { boot = "/dev/disk/by-uuid/${bootUUID}"; diff --git a/systems/x86_64-linux/Hevana/default.nix b/systems/x86_64-linux/Hevana/default.nix index 71d9605..d5a3c06 100644 --- a/systems/x86_64-linux/Hevana/default.nix +++ b/systems/x86_64-linux/Hevana/default.nix @@ -2,6 +2,7 @@ config, lib, pkgs, + namespace, ... }: @@ -32,7 +33,7 @@ let */ serviceList = lib.attrsets.collect ( x: x != "acme" && (lib.attrsets.matchAttrs { enable = true; } x) - ) config.aux.system.services; + ) config.${namespace}.services; subdomains = builtins.catAttrs "url" serviceList; in @@ -75,7 +76,7 @@ in Type = "oneshot"; User = "aires"; }; - path = config.aux.system.corePackages; + path = config.${namespace}.corePackages; script = '' /run/current-system/sw/bin/nixos-operations-script --operation build --hostname Khanda --flake ${config.secrets.nixConfigFolder} ''; @@ -92,7 +93,7 @@ in }; # Configure the system. - aux.system = { + ${namespace} = { # Enable Secure Boot support. bootloader = { enable = true; diff --git a/systems/x86_64-linux/Hevana/hardware-configuration.nix b/systems/x86_64-linux/Hevana/hardware-configuration.nix index 3f29c60..f83839f 100644 --- a/systems/x86_64-linux/Hevana/hardware-configuration.nix +++ b/systems/x86_64-linux/Hevana/hardware-configuration.nix @@ -1,5 +1,5 @@ # Minisforum UM340 -{ modulesPath, ... }: +{ modulesPath, namespace, ... }: let bootUUID = "D2E7-FE8F"; # The UUID of the boot partition. luksUUID = "7b9c756c-ba9d-43fc-b935-7c77a70f5f1b"; # The UUID of the locked LUKS partition. @@ -30,7 +30,7 @@ in }; # Configure the main filesystem. - aux.system.filesystem = { + ${namespace}.filesystem = { enable = true; partitions = { boot = "/dev/disk/by-uuid/${bootUUID}"; diff --git a/systems/x86_64-linux/Khanda/default.nix b/systems/x86_64-linux/Khanda/default.nix index e0a91ff..2cc6312 100644 --- a/systems/x86_64-linux/Khanda/default.nix +++ b/systems/x86_64-linux/Khanda/default.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, namespace, ... }: let # Do not change this value! This tracks when NixOS was installed on your system. @@ -13,7 +13,7 @@ in ###*** Configure your system below this line. ***### # Configure the system. - aux.system = { + ${namespace} = { apps = { development.enable = true; media.enable = true; diff --git a/systems/x86_64-linux/Khanda/hardware-configuration.nix b/systems/x86_64-linux/Khanda/hardware-configuration.nix index 04f1edd..87df43c 100644 --- a/systems/x86_64-linux/Khanda/hardware-configuration.nix +++ b/systems/x86_64-linux/Khanda/hardware-configuration.nix @@ -4,6 +4,7 @@ lib, pkgs, modulesPath, + namespace, ... }: let @@ -56,7 +57,7 @@ in }; # Configure the main filesystem. - aux.system.filesystem = { + ${namespace}.filesystem = { enable = true; partitions = { boot = "/dev/disk/by-uuid/${bootUUID}"; diff --git a/systems/x86_64-linux/Shura/default.nix b/systems/x86_64-linux/Shura/default.nix index 208d4df..b7e3ca1 100644 --- a/systems/x86_64-linux/Shura/default.nix +++ b/systems/x86_64-linux/Shura/default.nix @@ -1,4 +1,9 @@ -{ config, pkgs, ... }: +{ + config, + pkgs, + namespace, + ... +}: let # Do not change this value! This tracks when NixOS was installed on your system. stateVersion = "24.05"; @@ -14,9 +19,9 @@ in system.stateVersion = stateVersion; networking.hostName = hostName; - custom-fonts.Freight-Pro.enable = config.aux.system.users.gremlin.enable; + custom-fonts.Freight-Pro.enable = config.${namespace}.users.gremlin.enable; - aux.system = { + ${namespace} = { apps = { development.enable = true; gaming.enable = true; diff --git a/systems/x86_64-linux/Shura/hardware-configuration.nix b/systems/x86_64-linux/Shura/hardware-configuration.nix index 2d7bd25..ff20cdf 100644 --- a/systems/x86_64-linux/Shura/hardware-configuration.nix +++ b/systems/x86_64-linux/Shura/hardware-configuration.nix @@ -1,5 +1,10 @@ # Lenovo Legion Slim 7 Gen 7 AMD (16ARHA7) -{ pkgs, modulesPath, ... }: +{ + pkgs, + modulesPath, + namespace, + ... +}: let bootUUID = "AFCB-D880"; # The UUID of the boot partition. luksUUID = "bcf67e34-339e-40b9-8ffd-bec8f7f55248"; # The UUID of the locked LUKS partition. @@ -28,7 +33,7 @@ in }; # Configure the main filesystem. - aux.system.filesystem = { + ${namespace}.filesystem = { enable = true; partitions = { boot = "/dev/disk/by-uuid/${bootUUID}";