WIP on master: 089ce7e ssh: lester:nix-system-nix failed

2022-11-25 22:39:32 -07:00 · 2022-11-25 22:39:32 -07:00 · b6440c0573
parent 089ce7e6a3 46d0f926f3
commit b6440c0573
3 changed files with 42 additions and 36 deletions
--- a/.luarc.json
+++ b/.luarc.json
@ -0,0 +1,4 @@
+{
+    "$schema": "https://raw.githubusercontent.com/sumneko/vscode-lua/master/setting/schema.json",
+    "Lua.workspace.checkThirdParty": false
+}
--- a/system-nix/configuration.nix
+++ b/system-nix/configuration.nix
@ -2,9 +2,9 @@
 let
  hostname = specialArgs.hostname;
  enableSSH = specialArgs.enableSSH or true;
-  networking = { hostName = hostname; } // (specialArgs.networking or { });
-  boot = specialArgs.boot or { };
-  services = specialArgs.services or { };
+  _networking = { hostName = hostname; } // (specialArgs._networking or { });
+  _boot = specialArgs._boot or { };
+  _services = specialArgs._services or { };
  includeHardware = specialArgs.includeHardware or true;
 in
 with lib;
@ -14,7 +14,7 @@ with lib;
  ] else [ ]) ++ [
    "${modulesPath}/profiles/minimal.nix"
  ];
-  inherit boot;
+  boot = _boot;

  system.stateVersion = "22.05";
  # users.users.<defaultUser>.uid = 1000;
@ -56,7 +56,7 @@ with lib;
  ];
  # tailscale is mandatory : ^)
  # inherit services;
-  services = services // {
+  services = _services // {
    tailscale.enable = true;
  };
  # create a oneshot job to authenticate to Tailscale
@ -89,23 +89,25 @@ with lib;
  };
  # Don't touch networking.firewall.enable, just configure everything else.
  # inherit networking;
-  networking = networking // {
-    firewall = (networking.firewall.enable and {
-      trustedInterfaces = networking.firewall.trustedInterfaces or [ ] ++ [
-        "tailscale0"
-      ];
-      allowedUDPPorts = networking.firewall.allowedUDPPorts or [ ] ++ [
-        config.services.tailscale.port
-      ];
-      allowedTCPPorts = networking.firewall.allowedTCPPorts or [ ] ++ [
-        22
-      ];
-      allowedUDPPortRanges = networking.firewall.allowedUDPPortRanges or [ ] ++ [
-        { from = 60000; to = 61000; } # mosh
+  # inherit _networking;
+  networking = _networking // {
+    firewall =
+      if _networking.firewall.enable ? false then {
+        trustedInterfaces = _networking.firewall.trustedInterfaces or [ ] ++ [
+          "tailscale0"
+        ];
+        allowedUDPPorts = _networking.firewall.allowedUDPPorts or [ ] ++ [
+          config.services.tailscale.port
+        ];
+        allowedTCPPorts = _networking.firewall.allowedTCPPorts or [ ] ++ [
+          22
+        ];
+        allowedUDPPortRanges = _networking.firewall.allowedUDPPortRanges or [ ] ++ [
+          { from = 60000; to = 61000; } # mosh

-      ];
-      checkReversePath = "loose";
-    }) or {};
+        ];
+        checkReversePath = "loose";
+      } else { enable = false; };
  };

 }
--- a/system-nix/flake.nix
+++ b/system-nix/flake.nix
@ -17,7 +17,7 @@
        specialArgs = {
          # includeHardware = false;
          hostname = "Felia";
-          services.openssh = {
+          _services.openssh = {
            permitRootLogin = "no";
            enable = true;
          };
@ -31,7 +31,7 @@
        ];
        specialArgs = {
          hostname = "lizzi";
-          networking = {
+          _networking = {
            interfaces.eth1.ipv4.addresses = [{
              address = "71.0.0.1";
              prefixLength = 24;
@ -54,13 +54,13 @@
            useDHCP = false;
            interfaces.eth0.useDHCP = true;
          };
-          boot.loader.grub.enable = true;
-          boot.loader.grub.version = 2;
-          services.openssh = {
+          _boot.loader.grub.enable = true;
+          _boot.loader.grub.version = 2;
+          _services.openssh = {
            permitRootLogin = "no";
            enable = true;
          };
-          services.gitea = {
+          _services.gitea = {
            enable = true;
            stateDir = "/gitea";
            rootUrl = "https://git.pegasust.com";
@ -71,7 +71,7 @@
              };
            };
          };
-          services.nginx = {
+          _services.nginx = {
            enable = true;
            clientMaxBodySize = "100m"; # Allow big file transfers over git :^)
            recommendedGzipSettings = true;
@ -95,14 +95,14 @@
        ];
        specialArgs = {
          hostname = "lester";
-          networking = {
+          _networking = {
            firewall.enable = true;
            useDHCP = false;
            interfaces.eth0.useDHCP = true;
          };
-          boot.loader.grub.enable = true;
-          boot.loader.grub.version = 2;
-          services.openssh = {
+          _boot.loader.grub.enable = true;
+          _boot.loader.grub.version = 2;
+          _services.openssh = {
            permitRootLogin = "no";
            enable = true;
          };
@ -115,7 +115,7 @@
        ];
        specialArgs = {
          hostname = "nyx";
-          networking = {
+          _networking = {
            interfaces.eth1.ipv4.addresses = [{
              address = "71.0.0.2";
              prefixLength = 24;
@ -124,9 +124,9 @@
            useDHCP = false;
            interfaces.eth0.useDHCP = true;
          };
-          boot.loader.grub.enable = true;
-          boot.loader.grub.version = 2;
-          services.openssh = {
+          _boot.loader.grub.enable = true;
+          _boot.loader.grub.version = 2;
+          _services.openssh = {
            permitRootLogin = "no";
            enable = true;
          };