Add Colmena to manage systems, use better pathing for smallfetch, use better mountpoints and hostnames from Colema

2025-06-01 06:17:48 -04:00 · 2025-06-01 06:17:48 -04:00 · 1f7d01bb4d
commit 1f7d01bb4d
parent 215ad6b1a7
53 changed files with 254 additions and 166 deletions
--- a/modules/home/programs/misc/headless/default.nix
+++ b/modules/home/programs/misc/headless/default.nix
@ -2,6 +2,7 @@
 {
  home.packages = with pkgs; [
    bc
+    colmena
    ncdu
    p7zip
    vimv
--- a/modules/home/programs/terminal/default.nix
+++ b/modules/home/programs/terminal/default.nix
@ -11,7 +11,6 @@
    ./lazygit
    ./ncmpcpp
    ./neovim
-    ./nh
    ./nix-index
    ./ranger
    ./ssh
--- a/modules/home/programs/terminal/fastfetch/smallfetch/default.nix
+++ b/modules/home/programs/terminal/fastfetch/smallfetch/default.nix
@ -1,9 +1,11 @@
-{ pkgs, ... }:
+{ config, pkgs, ... }:
 {
-  home.packages = with pkgs; [
+  home.packages = with pkgs; with lib; with config.home; with config.xdg; [
    (writeScriptBin "smallfetch" ''
      #!/bin/sh
-      fastfetch --config ${builtins.toString ./config.jsonc}
+      fastfetch --config ${removePrefix "${homeDirectory}/" configHome}/fastfetch/small.jsonc
    '')
  ];
+
+  xdg.configFile."fastfetch/small.jsonc".source = ./small.jsonc;
 }
--- a/modules/home/programs/terminal/fastfetch/smallfetch/config.jsonc
+++ b/modules/home/programs/terminal/fastfetch/smallfetch/config.jsonc
--- a/modules/home/programs/terminal/nh/default.nix
+++ b/modules/home/programs/terminal/nh/default.nix
@ -1,12 +0,0 @@
-{ config, ... }:
-{
-  programs.nh = {
-    enable = true;
-    flake = "${config.xdg.userDirs.extraConfig.XDG_PROJECTS_DIR}/nixos-config";
-  };
-
-  home.shellAliases = {
-    nhs = "nh os switch";
-    nht = "nh os test";
-  };
-}
--- a/modules/home/wms/programs/default.nix
+++ b/modules/home/wms/programs/default.nix
@ -8,9 +8,9 @@
    ./rofi
    ./swayidle
    ./swaylock
+    ./wallpapers
    ./waybar
    ./wlsunset
-    ./wpaperd
  ];

  home.packages = with pkgs; lib.mkIf config.home.desktop.enable [
--- a/modules/home/wms/programs/swaylock/default.nix
+++ b/modules/home/wms/programs/swaylock/default.nix
@ -12,7 +12,7 @@ in {
    package = pkgs.swaylock-effects;
    settings = {
      clock = true;
-      image = builtins.toString ./lock.png;
+      image = ".wallpapers/lock.png";
      font = config.look.fonts.main;
      font-size = 30;
      timestr = "%I:%M%p";
--- a/modules/home/wms/programs/wallpapers/default.nix
+++ b/modules/home/wms/programs/wallpapers/default.nix
@ -0,0 +1,8 @@
+{ config, lib, ... }:
+{
+  imports = [ ./wpaperd ];
+
+  config = lib.mkIf config.home.desktop.enable {
+    home.file.".wallpapers".source = ./photos;
+  };
+}
--- a/modules/home/wms/programs/wpaperd/wallpapers/1.png
+++ b/modules/home/wms/programs/wpaperd/wallpapers/1.png
--- a/modules/home/wms/programs/wpaperd/wallpapers/2.png
+++ b/modules/home/wms/programs/wpaperd/wallpapers/2.png
--- a/modules/home/wms/programs/wpaperd/wallpapers/3.png
+++ b/modules/home/wms/programs/wpaperd/wallpapers/3.png
--- a/modules/home/wms/programs/wallpapers/photos/lock.png
+++ b/modules/home/wms/programs/wallpapers/photos/lock.png
--- a/modules/home/wms/programs/wallpapers/wpaperd/default.nix
+++ b/modules/home/wms/programs/wallpapers/wpaperd/default.nix
@ -0,0 +1,12 @@
+{ config, ... }:
+{
+  services.wpaperd = {
+    enable = config.home.desktop.enable;
+    settings = {
+      default.mode = "center";
+      any.path = ".wallpapers/1.png";
+      "${config.displays.tower2}".path = ".wallpapers/2.png";
+      "${config.displays.tower3}".path = ".wallpapers/3.png";
+    };
+  };
+}
--- a/modules/home/wms/programs/wpaperd/default.nix
+++ b/modules/home/wms/programs/wpaperd/default.nix
@ -1,12 +0,0 @@
-{ config, ... }:
-{
-  services.wpaperd = {
-    enable = config.home.desktop.enable;
-    settings = {
-      default.mode = "center";
-      any.path = builtins.toString ./wallpapers/1.png;
-      "${config.displays.tower2}".path = builtins.toString ./wallpapers/2.png;
-      "${config.displays.tower3}".path = builtins.toString ./wallpapers/3.png;
-    };
-  };
-}
--- a/modules/system/default.nix
+++ b/modules/system/default.nix
@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, name, ... }:
 {
  imports = [
    ./devices
@ -13,4 +13,6 @@
    desktop.enable = mkEnableOption "Desktop apps and services";
    server.enable = mkEnableOption "Server apps and services";
  };
+
+  config.networking.hostName = name;
 }
--- a/modules/system/devices/networking/mycelium/default.nix
+++ b/modules/system/devices/networking/mycelium/default.nix
@ -1,7 +1,5 @@
 { ... }:
 {
-  imports = [ ./ips ];
-
  services.mycelium = {
    enable = true;
    openFirewall = true;
--- a/modules/system/devices/networking/mycelium/ips/default.nix
+++ b/modules/system/devices/networking/mycelium/ips/default.nix
@ -1,15 +0,0 @@
-{ config, lib, ... }:
-{
-  options.services.mycelium.ips = lib.mkOption {
-    type = lib.types.attrs;
-  };
-
-  config.services.mycelium.ips = {
-    tower = "4e4:535:9d47:f367:becd:6557:458d:5b1b";
-    intuos = "40e:404:a427:da33:163e:97b3:a2a3:9ed4";
-    jupiter = "5ce:969c:40d1:9575:f5e:591d:c377:a20b";
-    midas = "538:e163:87ba:f847:3646:18b6:6b01:d8f8";
-    kitty = "53f:dc2d:80c9:3ca2:4b15:ef4d:38a0:c868";
-    prophet = "42f:2737:2aed:4dee:cbe4:3c73:1918:ad9b";
-  };
-}
--- a/modules/system/programs/colmena/default.nix
+++ b/modules/system/programs/colmena/default.nix
@ -0,0 +1,4 @@
+{ ... }:
+{
+  deployment.targetUser = "sudo";
+}
--- a/modules/system/programs/default.nix
+++ b/modules/system/programs/default.nix
@ -1,6 +1,7 @@
 { ... }:
 {
  imports = [
+    ./colmena
    ./desktops
    ./gaming
    ./git
--- a/modules/system/services/general/ssh/default.nix
+++ b/modules/system/services/general/ssh/default.nix
@ -12,6 +12,8 @@
    };
  };

+  programs.ssh.startAgent = true;
+
  security.pam.services.sshd.allowNullPassword = true;

  environment.persistence."/persist".files = [
--- a/modules/system/services/server/nfs/default.nix
+++ b/modules/system/services/server/nfs/default.nix
@ -1,11 +1,13 @@
-{ config, lib, ... }:
+{ config, lib, nodes, ... }:
 {
  imports = [ ./user ];

  config = lib.mkIf config.services.nfs.server.enable {
    services.nfs.server.exports = "/storage *(rw)";
-    networking.firewall.extraInputRules = with lib; ''
-      ip6 saddr { ${concatStringsSep ", " (attrValues config.services.mycelium.ips)} } tcp dport 2049 accept
+    networking.firewall.extraInputRules = let
+      targetHosts = lib.attrValues (lib.mapAttrs (_: node: node.config.deployment.targetHost) nodes);
+    in ''
+      ip6 saddr { ${lib.concatStringsSep ", " targetHosts} } tcp dport 2049 accept
    '';
  };
 }
--- a/modules/system/services/server/nginx/rtmp/default.nix
+++ b/modules/system/services/server/nginx/rtmp/default.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, nodes, ... }:
 {
  config = lib.mkIf config.services.webserver.enable {
    services.nginx = {
@ -23,8 +23,10 @@
        }
      '';
    };
-    networking.firewall.extraInputRules = with config.services.mycelium.ips; ''
-      ip6 saddr { ${tower}, ${intuos}, ${jupiter} } tcp dport 1935 accept
+    networking.firewall.extraInputRules = let
+      targetHosts = lib.attrValues (lib.mapAttrs (_: node: node.config.deployment.targetHost) nodes);
+    in ''
+      ip6 saddr { ${lib.concatStringsSep ", " targetHosts} } tcp dport 1935 accept
      ip saddr { ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport 1935 accept
    '';
    systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www/landing-page/streams/hls/" ];
--- a/modules/system/services/server/owncast/default.nix
+++ b/modules/system/services/server/owncast/default.nix
@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, nodes, ... }:
 {
  imports = [ ./nginx ];

@ -7,8 +7,10 @@
      port = 8060;
      rtmp-port = 1945;
    };
-    networking.firewall.extraInputRules = with config.services.mycelium.ips; ''
-      ip6 saddr { ${tower}, ${intuos}, ${jupiter} } tcp dport 1935 accept
+    networking.firewall.extraInputRules = let
+      targetHosts = lib.attrValues (lib.mapAttrs (_: node: node.config.deployment.targetHost) nodes);
+    in ''
+      ip6 saddr { ${lib.concatStringsSep ", " targetHosts} } tcp dport ${toString config.services.owncast.rtmp-port} accept
    '';
    environment.persistence."/persist".directories = [ "/var/lib/owncast" ];
  };
--- a/modules/system/settings/security/privilege/default.nix
+++ b/modules/system/settings/security/privilege/default.nix
@ -3,5 +3,25 @@
  security.sudo-rs = {
    enable = true;
    execWheelOnly = true;
+    extraRules = [
+      {
+        users = [ "sudo" ];
+        commands = [
+          {
+            command = "ALL";
+            options = [ "NOPASSWD" ];
+          }
+        ];
+      }
+    ];
+  };
+
+  # Create a user that has admin non-interactively
+  users.users.sudo = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3B9Uf3h5JiD2HjF/vQ5Zx9pibMgRrlf7ZoBktev9eB Warden"
+    ];
  };
 }
--- a/modules/system/users/main/default.nix
+++ b/modules/system/users/main/default.nix
@ -23,7 +23,7 @@
        ../../../../hosts/prophet/id_ed25519.pub
      ];
      openssh.authorizedKeys.keys = [ 
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKn+61Hd+nQ5tQgt4219+h/zsnej1j2dHU5uvC3k3Bnw Warden"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3B9Uf3h5JiD2HjF/vQ5Zx9pibMgRrlf7ZoBktev9eB Warden"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"
      ];
      extraGroups = [