helvetica/puter
1
0
Fork 0
Code Activity

whatever

Browse source
This commit is contained in:
Lukas Wurzinger 2025-05-11 22:49:04 +02:00
parent be9fb9278e
commit b8af0e9761
No known key found for this signature in database
165 changed files with 1815 additions and 1431 deletions
Download patch file Download diff file Expand all files Collapse all files

27
modules/gcadapter.nix Normal file
View file

@ -0,0 +1,27 @@
{
config,
lib,
...
}:
let
cfg = config.hardware.gcadapter;
in
{
options.hardware.gcadapter.enable = lib.mkEnableOption "GameCube Adapter support";
config = lib.mkIf cfg.enable {
services.udev.extraRules = ''
ATTRS{idVendor}=="057e", ATTRS{idProduct}=="0337", MODE="666", SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device" TAG+="uaccess"
'';
boot = {
extraModulePackages = [
config.boot.kernelPackages.gcadapter-oc-kmod
];
kernelModules = [
"gcadapter_oc"
];
};
};
}

6
modules/main-user.nix
View file

@ -1,6 +1,8 @@
{lib, ...}: let
{ lib, ... }:
let
inherit (lib) types;
in {
in
{
options = {
users.mainUser = lib.mkOption {
type = types.passwdEntry types.str;

208
modules/rsync.nix Normal file
View file

@ -0,0 +1,208 @@
{
config,
lib,
pkgs,
utils,
...
}:
let
cfg = config.services.rsync;
inherit (lib) types;
inherit (utils.systemdUtils.unitOptions) unitOption;
settingsToShell = lib.cli.toGNUCommandLineShell {
mkOptionName = k: "--${k}";
};
settingsType =
let
simples = [
types.bool
types.str
types.int
types.float
];
in
types.attrsOf (
types.oneOf (
simples
++ [
(types.listOf (types.oneOf simples))
]
)
);
in
{
options.services.rsync = {
enable = lib.mkEnableOption "periodic directory syncing via rsync";
package = lib.mkPackageOption pkgs "rsync" { };
# commonSettings = lib.mkOption {
# type = settingsType;
# default = { };
# example = {
# archive = true;
# update = true;
# delete = true;
# mkpath = true;
# };
# description = ''
# Common arguments to pass to the rsync command.
# '';
# };
jobs = lib.mkOption {
description = ''
Synchronization jobs to run.
'';
default = { };
type = types.attrsOf (
types.submodule {
options = {
sources = lib.mkOption {
type = types.listOf types.str;
example = [
"/srv/src1/"
"/srv/src2/"
];
description = ''
Source directories.
'';
};
destination = lib.mkOption {
type = types.str;
example = "/srv/dst/";
description = ''
Destination directory.
'';
};
settings = lib.mkOption {
type = settingsType;
default = { };
example = {
verbose = true;
};
description = ''
Extra arguments to pass to the rsync command.
'';
};
user = lib.mkOption {
type = types.str;
default = "root";
description = ''
The name of an existing user account under which the rsync process should run.
'';
};
group = lib.mkOption {
type = types.str;
default = "root";
description = ''
The name of an existing user group under which the rsync process should run.
'';
};
timerConfig = lib.mkOption {
type = lib.types.nullOr (lib.types.attrsOf unitOption);
default = {
OnCalendar = "daily";
Persistent = true;
};
description = ''
When to run the job.
'';
};
inhibit = lib.mkOption {
default = [ ];
type = types.listOf types.str;
example = [
"sleep"
];
description = ''
Run the rsync process with an inhibition lock taken;
see {manpage}`systemd-inhibit(1)` for a list of possible operations.
'';
};
};
}
);
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = lib.all (job: job.sources != [ ]) (lib.attrValues cfg.jobs);
message = ''
At least one source directory must be provided to rsync.
'';
}
];
systemd = lib.mkMerge (
lib.mapAttrsToList (
jobName: job:
let
systemdName = "rsync-job-${jobName}";
description = "Directory syncing via rsync job ${jobName}";
in
{
timers.${systemdName} = {
wantedBy = [
"timers.target"
];
inherit description;
inherit (job) timerConfig;
};
services.${systemdName} = {
inherit description;
serviceConfig = {
Type = "oneshot";
User = job.user;
Group = job.group;
NoNewPrivileges = true;
PrivateDevices = true;
ProtectSystem = "full";
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
MemoryDenyWriteExecute = true;
LockPersonality = true;
};
script =
let
settingsShell = settingsToShell job.settings;
inhibitString = lib.concatStringsSep ":" job.inhibit;
in
''
${
lib.optionalString (job.inhibit != [ ]) ''
${lib.getExe' config.systemd.package "systemd-inhibit"} \
--mode block \
--who ${lib.escapeShellArg description} \
--what ${lib.escapeShellArg inhibitString} \
--why ${lib.escapeShellArg "Scheduled rsync job ${jobName}"} \
-- \
''
} \
${lib.getExe cfg.package} ${settingsShell} -- \
${lib.escapeShellArgs job.sources} \
${lib.escapeShellArg job.destination}
'';
};
}
) cfg.jobs
);
};
meta.maintainers = [
lib.maintainers.lukaswrz
];
}

28
modules/secure-boot.nix
View file

@ -1,28 +0,0 @@
{
config,
lib,
# inputs,
# pkgs,
...
}: let
cfg = config.setups.secureBoot;
in {
# imports = [
# inputs.lanzaboote.nixosModules.lanzaboote
# ];
options.setups.secureBoot.enable = lib.mkEnableOption "Secure Boot";
config = lib.mkIf cfg.enable {
# environment.systemPackages = [
# pkgs.sbctl
# ];
# boot.loader.systemd-boot.enable = lib.mkForce false;
# boot.lanzaboote = {
# enable = lib.mkForce true;
# pkiBundle = lib.mkDefault "/var/lib/sbctl";
# };
};
}

25
modules/user-types.nix
View file

@ -2,15 +2,24 @@
config,
lib,
...
}: {
options.users = let
inherit (lib) types;
in {
}:
let
inherit (lib) types;
filterUsers =
predicate:
(lib.pipe config.users.users [
(lib.filterAttrs (_: predicate))
builtins.attrNames
]);
in
{
options.users = {
normalUsers = lib.mkOption {
type = types.listOf (types.passwdEntry types.str);
description = ''
List of normal users.
'';
readOnly = true;
};
systemUsers = lib.mkOption {
@ -18,15 +27,11 @@
description = ''
List of system users.
'';
readOnly = true;
};
};
config.users = let
filterUsers = pred: (lib.pipe config.users.users [
(lib.filterAttrs (_: pred))
builtins.attrNames
]);
in {
config.users = {
normalUsers = filterUsers (user: user.isNormalUser);
systemUsers = filterUsers (user: user.isSystemUser);
};