commit 8fae0ac6047948fe7e7bdd7989ec53c8ccff7fb6
parent 69a898239bbdee060a8dbe2b610465b5bd0a10f3
Author: Francesco Saccone <francesco@francescosaccone.com>
Date: Sat, 17 May 2025 18:41:55 +0200
refactor: prefix every nixos module in 'fs' attribute set
This avoids possible conflicts with options from Nixpkgs.
Signed-off-by: Francesco Saccone <francesco@francescosaccone.com>
Diffstat:
14 files changed, 234 insertions(+), 225 deletions(-)
diff --git a/hosts/git-server/default.nix b/hosts/git-server/default.nix
@@ -13,120 +13,125 @@ let
scripts = import ./scripts.nix { inherit config pkgs inputs; };
stagit = {
- destDir = config.services.quark.directory;
- reposDir = config.services.git.directory;
+ destDir = config.fs.services.quark.directory;
+ reposDir = config.fs.services.git.directory;
};
in
{
imports = [ ./disk-config.nix ];
- services = {
- dns = {
- enable = true;
- domain = rootDomain;
- records = import "${mainServer}/dns.nix" rootDomain;
- };
- quark = {
- enable = true;
- user = "git";
- preStart = {
- scripts =
- let
- stagitCreate = scripts.stagitCreate {
- inherit (stagit) destDir reposDir;
- httpBaseUrl = "https://${gitDomain}";
- };
-
- stagitCreateAndChown =
- let
- script = pkgs.writeShellScriptBin "stagit-create-and-chown" ''
- ${stagitCreate}
- ${pkgs.sbase}/bin/chown -R git:git ${stagit.destDir}
- ${pkgs.sbase}/bin/chmod -R u+rw ${stagit.destDir}
- '';
- in
- "${script}/bin/stagit-create-and-chown";
-
- copyRepositories = pkgs.writeShellScript "copy-repositories" ''
- ${pkgs.sbase}/bin/cp -R \
- ${config.services.git.directory}/* \
- ${config.services.quark.directory}
- '';
+ fs = {
+ services = {
- fullScript = ''
- ${copyRepositories}
- ${stagitCreateAndChown}
- '';
- in
- [ fullScript ];
- };
- acme = {
+ dns = {
enable = true;
- email = "admin@${rootDomain}";
- domain = gitDomain;
+ domain = rootDomain;
+ records = import "${mainServer}/dns.nix" rootDomain;
};
- tls = {
+
+ quark = {
enable = true;
- pemFiles =
- let
- inherit (config.services.quark.acme) directory;
- in
- [
- "${directory}/${gitDomain}/fullchain.pem"
- "${directory}/${gitDomain}/privkey.pem"
- ];
+ user = "git";
+ preStart = {
+ scripts =
+ let
+ stagitCreate = scripts.stagitCreate {
+ inherit (stagit) destDir reposDir;
+ httpBaseUrl = "https://${gitDomain}";
+ };
+
+ stagitCreateAndChown =
+ let
+ script = pkgs.writeShellScriptBin "stagit-create-and-chown" ''
+ ${stagitCreate}
+ ${pkgs.sbase}/bin/chown -R git:git ${stagit.destDir}
+ ${pkgs.sbase}/bin/chmod -R u+rw ${stagit.destDir}
+ '';
+ in
+ "${script}/bin/stagit-create-and-chown";
+
+ copyRepositories = pkgs.writeShellScript "copy-repositories" ''
+ ${pkgs.sbase}/bin/cp -R \
+ ${config.fs.services.git.directory}/* \
+ ${config.fs.services.quark.directory}
+ '';
+
+ fullScript = ''
+ ${copyRepositories}
+ ${stagitCreateAndChown}
+ '';
+ in
+ [ fullScript ];
+ };
+ acme = {
+ enable = true;
+ email = "admin@${rootDomain}";
+ domain = gitDomain;
+ };
+ tls = {
+ enable = true;
+ pemFiles =
+ let
+ inherit (config.fs.services.quark.acme) directory;
+ in
+ [
+ "${directory}/${gitDomain}/fullchain.pem"
+ "${directory}/${gitDomain}/privkey.pem"
+ ];
+ };
};
- };
- git = {
- enable = true;
- repositories =
- {
- flake = {
- description = "Francesco Saccone's Nix flake.";
- };
- hermes = {
- description = "HTTP GET/HEAD-only web server for static content.";
- };
- password-store = {
- description = "Francesco Saccone's password store.";
- };
- site = {
- description = "Francesco Saccone's site content.";
- };
- }
- |> builtins.mapAttrs (
- name:
- { description }:
+
+ git = {
+ enable = true;
+ repositories =
{
- additionalFiles = {
- inherit description;
- owner = "Francesco Saccone";
- url = "https://${gitDomain}/${name}";
+ flake = {
+ description = "Francesco Saccone's Nix flake.";
+ };
+ hermes = {
+ description = "HTTP GET/HEAD-only web server for static content.";
+ };
+ password-store = {
+ description = "Francesco Saccone's password store.";
+ };
+ site = {
+ description = "Francesco Saccone's site content.";
};
- hooks.postReceive =
- builtins.concatStringsSep "\n" [
- (scripts.stagitPostReceive {
- inherit (stagit) destDir reposDir;
- inherit name;
- httpBaseUrl = "https://${gitDomain}";
- })
- "git update-server-info" # Dumb HTTP protocol
- ]
- |> pkgs.writeShellScript "post-receive";
}
- );
- daemon = {
- enable = true;
+ |> builtins.mapAttrs (
+ name:
+ { description }:
+ {
+ additionalFiles = {
+ inherit description;
+ owner = "Francesco Saccone";
+ url = "https://${gitDomain}/${name}";
+ };
+ hooks.postReceive =
+ builtins.concatStringsSep "\n" [
+ (scripts.stagitPostReceive {
+ inherit (stagit) destDir reposDir;
+ inherit name;
+ httpBaseUrl = "https://${gitDomain}";
+ })
+ "git update-server-info" # Dumb HTTP protocol
+ ]
+ |> pkgs.writeShellScript "post-receive";
+ }
+ );
+ daemon = {
+ enable = true;
+ };
};
};
- };
- security.openssh.listen = {
- enable = true;
- port = 22;
- authorizedKeyFiles = rec {
- root = [ "${mainServer}/ssh/francescosaccone.pub" ];
- git = root;
+ security.openssh.listen = {
+ enable = true;
+ port = 22;
+ authorizedKeyFiles = rec {
+ root = [ "${mainServer}/ssh/francescosaccone.pub" ];
+ git = root;
+ };
};
};
diff --git a/hosts/git-server/scripts.nix b/hosts/git-server/scripts.nix
@@ -77,7 +77,7 @@ in
let
createIndex = stagit.createIndex { inherit destDir reposDir; };
createRepositories =
- config.services.git.repositories
+ config.fs.services.git.repositories
|> builtins.attrNames
|> builtins.map (
name:
diff --git a/hosts/laptop/default.nix b/hosts/laptop/default.nix
@@ -6,37 +6,37 @@
...
}:
{
- programs.monero = {
- enable = true;
- mining = {
+ fs = {
+ programs.monero = {
enable = true;
- address = builtins.concatStringsSep "" [
- "47y5LAtYdpZ4GAE7CMx1soEHjUKzpVQFYM5Pv836FcsZd6k3TFcdvHMAHDpwZgnx"
- "4DdG2zkZkSewLgguU23FYJP7HacSVcx"
- ];
+ mining = {
+ enable = true;
+ address = builtins.concatStringsSep "" [
+ "47y5LAtYdpZ4GAE7CMx1soEHjUKzpVQFYM5Pv836FcsZd6k3TFcdvHMAHDpwZgnx"
+ "4DdG2zkZkSewLgguU23FYJP7HacSVcx"
+ ];
+ };
};
- };
- services = {
- ly = {
- enable = true;
- };
- sway = {
- enable = true;
+ services = {
+ ly = {
+ enable = true;
+ };
+ sway = {
+ enable = true;
+ };
};
- tlp = {
- enable = true;
+
+ security = {
+ openssh.agent = {
+ enable = true;
+ };
};
};
- security = {
- doas = {
- enable = true;
- wheelNeedsPassword = true;
- };
- openssh.agent = {
- enable = true;
- };
+ security.doas = {
+ enable = true;
+ wheelNeedsPassword = true;
};
networking.networkmanager = {
@@ -52,6 +52,8 @@
jack.enable = true;
};
+ services.tlp.enable = true;
+
fonts.packages = [ pkgs.ibm-plex ];
users.users."francesco" = {
diff --git a/hosts/main-server/default.nix b/hosts/main-server/default.nix
@@ -10,78 +10,80 @@ in
rec {
imports = [ ./disk-config.nix ];
- services = {
- dns = {
- enable = true;
- inherit (networking) domain;
- records = import ./dns.nix domain;
- };
- quark = {
- enable = true;
- preStart = {
- scripts =
- let
- generateAtom = builtins.concatStringsSep " " [
- "${inputs.site}/scripts/generate-atom.sh"
- config.services.quark.directory
- "\"Francesco Saccone's blog\""
- "https://${domain}"
- ];
- generateSitemap = builtins.concatStringsSep " " [
- "${inputs.site}/scripts/generate-sitemap.sh"
- config.services.quark.directory
- "https://${domain}"
- ];
- generateHtml = builtins.concatStringsSep " " [
- "${inputs.site}/scripts/generate-html.sh"
- config.services.quark.directory
- ];
- copyStaticContent = pkgs.writeShellScript "copy-static-content" ''
- ${pkgs.sbase}/bin/cp -r \
- ${inputs.site}/public \
- ${inputs.site}/favicon.ico \
- ${inputs.site}/robots.txt \
- ${config.services.quark.directory}
- '';
- in
- [
- generateAtom
- generateSitemap
- generateHtml
- copyStaticContent
- ];
- packages = [
- pkgs.coreutils
- pkgs.findutils
- pkgs.gnused
- pkgs.lowdown
- ];
- };
- acme = {
+ fs = {
+ services = {
+ dns = {
enable = true;
- email = "admin@${domain}";
- inherit domain;
- extraDomains = [ "www.${domain}" ];
+ inherit (networking) domain;
+ records = import ./dns.nix domain;
};
- tls = {
+ quark = {
enable = true;
- pemFiles =
- let
- inherit (config.services.quark.acme) directory;
- in
- [
- "${directory}/${domain}/fullchain.pem"
- "${directory}/${domain}/privkey.pem"
+ preStart = {
+ scripts =
+ let
+ generateAtom = builtins.concatStringsSep " " [
+ "${inputs.site}/scripts/generate-atom.sh"
+ config.fs.services.quark.directory
+ "\"Francesco Saccone's blog\""
+ "https://${domain}"
+ ];
+ generateSitemap = builtins.concatStringsSep " " [
+ "${inputs.site}/scripts/generate-sitemap.sh"
+ config.fs.services.quark.directory
+ "https://${domain}"
+ ];
+ generateHtml = builtins.concatStringsSep " " [
+ "${inputs.site}/scripts/generate-html.sh"
+ config.fs.services.quark.directory
+ ];
+ copyStaticContent = pkgs.writeShellScript "copy-static-content" ''
+ ${pkgs.sbase}/bin/cp -r \
+ ${inputs.site}/public \
+ ${inputs.site}/favicon.ico \
+ ${inputs.site}/robots.txt \
+ ${config.fs.services.quark.directory}
+ '';
+ in
+ [
+ generateAtom
+ generateSitemap
+ generateHtml
+ copyStaticContent
+ ];
+ packages = [
+ pkgs.coreutils
+ pkgs.findutils
+ pkgs.gnused
+ pkgs.lowdown
];
+ };
+ acme = {
+ enable = true;
+ email = "admin@${domain}";
+ inherit domain;
+ extraDomains = [ "www.${domain}" ];
+ };
+ tls = {
+ enable = true;
+ pemFiles =
+ let
+ inherit (config.fs.services.quark.acme) directory;
+ in
+ [
+ "${directory}/${domain}/fullchain.pem"
+ "${directory}/${domain}/privkey.pem"
+ ];
+ };
};
};
- };
- security.openssh.listen = {
- enable = true;
- port = 22;
- authorizedKeyFiles = rec {
- root = [ ./ssh/francescosaccone.pub ];
+ security.openssh.listen = {
+ enable = true;
+ port = 22;
+ authorizedKeyFiles = rec {
+ root = [ ./ssh/francescosaccone.pub ];
+ };
};
};
diff --git a/modules/nixos/programs/monero/default.nix b/modules/nixos/programs/monero/default.nix
@@ -6,7 +6,7 @@
...
}:
{
- options.programs.monero = {
+ options.fs.programs.monero = {
enable = lib.mkOption {
description = "Whether to enable Monero.";
default = false;
@@ -25,7 +25,7 @@
};
};
- config = lib.mkIf config.programs.monero.enable {
+ config = lib.mkIf config.fs.programs.monero.enable {
users = {
users = {
monero = {
@@ -51,7 +51,7 @@
port = 18081;
};
mining = {
- inherit (config.programs.monero.mining) enable address;
+ inherit (config.fs.programs.monero.mining) enable address;
threads = 0;
};
};
diff --git a/modules/nixos/security/openssh/default.nix b/modules/nixos/security/openssh/default.nix
@@ -6,7 +6,7 @@
...
}:
{
- options.security.openssh = {
+ options.fs.security.openssh = {
agent = {
enable = lib.mkOption {
description = "Whether to enable the OpenSSH agent.";
@@ -40,7 +40,7 @@
config =
let
- inherit (config.security.openssh) agent listen;
+ inherit (config.fs.security.openssh) agent listen;
in
{
programs.ssh = lib.mkIf agent.enable {
diff --git a/modules/nixos/services/bind/default.nix b/modules/nixos/services/bind/default.nix
@@ -6,7 +6,7 @@
...
}:
{
- options.services.dns = {
+ options.fs.services.dns = {
enable = lib.mkOption {
description = "Whether to enable BIND DNS server.";
default = false;
@@ -48,15 +48,15 @@
};
};
- config = lib.mkIf config.services.dns.enable {
+ config = lib.mkIf config.fs.services.dns.enable {
services.bind = {
enable = true;
package = pkgs.bind;
- zones.${config.services.dns.domain} = {
+ zones.${config.fs.services.dns.domain} = {
master = true;
file =
- config.services.dns.records
+ config.fs.services.dns.records
|> builtins.map (
{
name,
@@ -66,7 +66,7 @@
data,
}:
let
- inherit (config.services.dns) domain;
+ inherit (config.fs.services.dns) domain;
subdomain = if name != "@" then "${name}." else "";
in
[
@@ -79,7 +79,7 @@
|> builtins.concatStringsSep " "
)
|> builtins.concatStringsSep "\n"
- |> pkgs.writeText "${config.services.dns.domain}";
+ |> pkgs.writeText "${config.fs.services.dns.domain}";
};
};
diff --git a/modules/nixos/services/git/daemon/default.nix b/modules/nixos/services/git/daemon/default.nix
@@ -6,7 +6,7 @@
...
}:
{
- options.services.git.daemon = {
+ options.fs.services.git.daemon = {
enable = lib.mkOption {
description = "Whether to enable the Git daemon.";
default = false;
@@ -16,9 +16,9 @@
config =
let
- inherit (config.services.git) daemon;
+ inherit (config.fs.services.git) daemon;
in
- lib.mkIf (config.services.git.enable && daemon.enable) {
+ lib.mkIf (config.fs.services.git.enable && daemon.enable) {
systemd = {
services = {
git-daemon = {
@@ -31,10 +31,10 @@
${pkgs.git}/bin/git daemon \
--verbose \
--syslog \
- --base-path=${config.services.git.directory} \
+ --base-path=${config.fs.services.git.directory} \
--port=9418 \
--export-all \
- ${config.services.git.directory}
+ ${config.fs.services.git.directory}
'';
in
{
diff --git a/modules/nixos/services/git/default.nix b/modules/nixos/services/git/default.nix
@@ -8,7 +8,7 @@
{
imports = [ ./daemon ];
- options.services.git = {
+ options.fs.services.git = {
enable = lib.mkOption {
description = "Whether to set up a Git server.";
default = false;
@@ -59,7 +59,7 @@
};
};
- config = lib.mkIf config.services.git.enable {
+ config = lib.mkIf config.fs.services.git.enable {
users = {
users = {
git = {
@@ -67,7 +67,7 @@
isSystemUser = true;
group = "git";
createHome = true;
- home = config.services.git.directory;
+ home = config.fs.services.git.directory;
shell = "${pkgs.git}/bin/git-shell";
};
};
@@ -88,7 +88,7 @@
wantedBy = [ "multi-user.target" ];
serviceConfig =
let
- inherit (config.services.git) repositories directory;
+ inherit (config.fs.services.git) repositories directory;
script =
repositories
|> builtins.mapAttrs (
diff --git a/modules/nixos/services/ly/default.nix b/modules/nixos/services/ly/default.nix
@@ -6,7 +6,7 @@
...
}:
{
- options.services.ly = {
+ options.fs.services.ly = {
enable = lib.mkOption {
description = "Whether to enable Ly display manager.";
default = false;
@@ -14,7 +14,7 @@
};
};
- config = lib.mkIf config.services.ly.enable {
+ config = lib.mkIf config.fs.services.ly.enable {
services.displayManager = {
ly = {
enable = true;
diff --git a/modules/nixos/services/quark/acme/default.nix b/modules/nixos/services/quark/acme/default.nix
@@ -6,7 +6,7 @@
...
}:
{
- options.services.quark.acme = {
+ options.fs.services.quark.acme = {
enable = lib.mkOption {
description = "Whether to enable the Certbot ACME client.";
default = false;
@@ -37,9 +37,9 @@
config =
let
- inherit (config.services.quark) acme;
+ inherit (config.fs.services.quark) acme;
in
- lib.mkIf (acme.enable && config.services.quark.enable) {
+ lib.mkIf (acme.enable && config.fs.services.quark.enable) {
systemd = {
services = {
acme = {
@@ -54,7 +54,7 @@
| ${pkgs.gnugrep}/bin/grep -q "No certificates"; then
${pkgs.certbot}/bin/certbot certonly --quiet --webroot \
--agree-tos --email ${acme.email} \
- -w ${config.services.quark.directory} \
+ -w ${config.fs.services.quark.directory} \
-d ${builtins.concatStringsSep " -d " domains}
else
${pkgs.certbot}/bin/certbot renew --quiet
diff --git a/modules/nixos/services/quark/default.nix b/modules/nixos/services/quark/default.nix
@@ -11,7 +11,7 @@
./tls
];
- options.services.quark = {
+ options.fs.services.quark = {
enable = lib.mkOption {
description = "Whether to enable Quark web server.";
default = false;
@@ -43,7 +43,7 @@
};
};
- config = lib.mkIf config.services.quark.enable {
+ config = lib.mkIf config.fs.services.quark.enable {
users = {
users = {
quark = {
@@ -63,7 +63,7 @@
services = {
quark =
let
- inherit (config.services.quark) preStart;
+ inherit (config.fs.services.quark) preStart;
in
rec {
enable = true;
@@ -77,8 +77,8 @@
${pkgs.quark}/bin/quark \
-p 80 \
- -d ${config.services.quark.directory} \
- -u ${config.services.quark.user} \
+ -d ${config.fs.services.quark.directory} \
+ -u ${config.fs.services.quark.user} \
-g quark \
-i index.html
'';
@@ -97,7 +97,7 @@
enable = true;
wantedBy = [ "multi-user.target" ];
pathConfig = {
- PathModified = [ config.services.quark.directory ];
+ PathModified = [ config.fs.services.quark.directory ];
};
};
};
diff --git a/modules/nixos/services/quark/tls/default.nix b/modules/nixos/services/quark/tls/default.nix
@@ -6,7 +6,7 @@
...
}:
{
- options.services.quark.tls = {
+ options.fs.services.quark.tls = {
enable = lib.mkOption {
description = "Whether to enable the Hitch reverse proxy.";
default = false;
@@ -20,9 +20,9 @@
config =
let
- inherit (config.services.quark) tls;
+ inherit (config.fs.services.quark) tls;
in
- lib.mkIf (tls.enable && config.services.quark.enable) {
+ lib.mkIf (tls.enable && config.fs.services.quark.enable) {
users = {
users = {
hitch = {
diff --git a/modules/nixos/services/sway/default.nix b/modules/nixos/services/sway/default.nix
@@ -6,7 +6,7 @@
...
}:
{
- options.services.sway = {
+ options.fs.services.sway = {
enable = lib.mkOption {
description = "Whether to enable Sway.";
default = false;
@@ -14,7 +14,7 @@
};
};
- config = lib.mkIf config.services.sway.enable {
+ config = lib.mkIf config.fs.services.sway.enable {
services.displayManager = {
defaultSession = "Sway";
};
