Clean up base role

defaults/base/applications.nix

@@ -0,0 +1,74 @@
+{ config, lib, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs;
+    [
+      vim
+      tmux
+      fwupd
+      pciutils
+      dmidecode
+      smartmontools
+      borgbackup
+      iw
+      killall
+      bc
+      efibootmgr
+      efitools
+      efivar
+      mkpasswd
+      rename
+      wipe
+      gnupg
+      pass
+      pwgen
+      units
+      powertop
+      lm_sensors
+    ] ++ [ nixfmt nix-index nix-diff nixpkgs-review ]
+    ++ [ autojump powerline-go ] ++ [ # File Utilities
+      ack
+      unzip
+      unrar
+      perl530Packages.DigestSHA3
+      borgbackup
+      iotop
+      cabextract
+      tree # p7zip
+      vim
+      vimPlugins.pathogen
+      vimPlugins.airline
+      git
+      git-lfs
+    ] ++ [ # Filesystem & Disk Utilities
+      fuse_exfat
+      cifs-utils
+      keyutils # required for cifs kerberos auth
+      smbclient
+      exfat-utils
+      sshfs-fuse
+      hdparm
+      mtpfs
+      ntfs3g
+      smartmontools
+      parted
+    ] ++ [ # Networking Utilities
+      nmap
+      bind
+      curl
+      wget
+      ncat
+      tor
+      tor-arm
+      mosh
+      whois
+      wol
+      rsync
+      sshuttle
+      iftop
+      mailutils # hash-slinger #TODO: hash-slinger has broken dependency pyunbound
+      imapsync
+      bluez-tools
+    ];
+
+}

defaults/base/default.nix

@@ -1,13 +1,8 @@
-# Default configuration for hosts
 { config, lib, pkgs, ... }:
 
-{
-  imports = [ ../../modules ./unfree.nix ];
-
-  nixpkgs.overlays = [ (import ../../overlays) ];
-
-  system.autoUpgrade.enable = true;
-  system.autoUpgrade.allowReboot = false;
+let metausers = (import ../../meta).users;
+in {
+  imports = [ ../../modules ./unfree.nix ./applications.nix ./overlays.nix ];
 
   boot.loader.timeout = 2;
   boot.tmpOnTmpfs = true;
@@ -16,162 +11,55 @@
     font = "Lat2-Terminus16";
     keyMap = "de_CH-latin1";
   };
-
   i18n.defaultLocale = "en_US.UTF-8";
 
-  environment.systemPackages = with pkgs;
-    [
-      vim
-      tmux
-      fwupd
-      pciutils
-      dmidecode
-      smartmontools
-      borgbackup
-      iw
-      killall
-      bc
-      efibootmgr
-      efitools
-      efivar
-      mkpasswd
-      rename
-      wipe
-      gnupg
-      pass
-      pwgen
-      units
-      powertop
-      lm_sensors
-    ] ++ [ nixfmt nix-index nix-diff nixpkgs-review ]
-    ++ [ autojump powerline-go ] ++ [ # File Utilities
-      ack
-      unzip
-      unrar
-      perl530Packages.DigestSHA3
-      borgbackup
-      iotop
-      cabextract
-      tree # p7zip
-      vim
-      vimPlugins.pathogen
-      vimPlugins.airline
-      git
-      git-lfs
-    ] ++ [ # Filesystem & Disk Utilities
-      fuse_exfat
-      cifs-utils
-      keyutils # required for cifs kerberos auth
-      smbclient
-      exfat-utils
-      sshfs-fuse
-      hdparm
-      mtpfs
-      ntfs3g
-      smartmontools
-      parted
-    ] ++ [ # Networking Utilities
-      nmap
-      bind
-      curl
-      wget
-      ncat
-      tor
-      tor-arm
-      mosh
-      whois
-      wol
-      rsync
-      sshuttle
-      iftop
-      mailutils # hash-slinger #TODO: hash-slinger has broken dependency pyunbound
-      imapsync
-      bluez-tools
-    ];
-
-  services.fwupd.enable = true;
-
-  # Networking
-  networking.firewall = {
-    allowPing = true;
-    allowedTCPPorts = [ 22 ];
-  };
-
-  # Enable the OpenSSH daemon.
-  services.openssh = {
-    enable = true;
-    passwordAuthentication = false;
-  };
-
-  nix.trustedUsers = [ "root" "@wheel" ];
-
-  users.groups = {
-    fhauser.gid = 1000;
-    das-g.gid = 1001;
-    empty0.gid = 1002;
-  };
-
   users.mutableUsers = false;
-  users.users = rec { # TODO: Migrate to meta
-    root.openssh.authorizedKeys.keys =
-      lib.flatten (map (u: u.openssh.authorizedKeys.keys) [ fhauser das-g ]);
-
-    fhauser = {
-      uid = 1000;
-      isNormalUser = true;
-      description = "Fabian Hauser";
-      group = "fhauser";
-      extraGroups = [ "wheel" "video" ]
-        ++ (if config.virtualisation.docker.enable then [ "docker" ] else [ ]);
-      hashedPassword =
-        "$6$rounds=20000$TYZ8CojfBLwejcwn$smEJe6/anL9NGf.Ytfny14nBfhr4TRPv2XK1lgHz7yg.zQow1HACePirEjsjxzFC6vTHGaT8t2NxobUsHbWLg1";
-      openssh.authorizedKeys.keys = [
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIPF8ZV7vhpbVvLxiKq8ANVusNUHMbtii5MuvjxCbVz7vSNVPo9OOLvYyDqhbRAWMTdQeGZVAaALBufKKmprDTRFMpnA7Ut4TFrdz/5DTaR2KEjJ7P75moH+0xooR/GsbzFGsNBSQSXK3u1igndPYEC/PqCHN++32kDo2wLqTB4VLrEovU3iq8BMckn329Bu1fGbXKTgDpEvUEEwFO2brQZLMmzILGF/v4B9ImEGtinAUNgDSfEpgPN23sdWQH9rwEClGv95JmWNf05tuVomhZzOBtCFoAno3XB1nj16avjsqJ3aGFY2CCcfsNrwKzhIotmm82bcI4BJuJIVRIKbZ1 cardno:000603507108"
-      ];
-    };
-
-    das-g = {
-      uid = 1001;
-      isNormalUser = true;
-      description = "Raphael Das Gupta";
-      group = "das-g";
-      extraGroups = [ "wheel" ];
-      hashedPassword =
-        "$6$rounds=37000$omA92cfwup$Ri9FXHbeOUIIDKf83D6UNa5NWGac.G9A3voJmrivwkVtaDGVMGLIa5qdgkaDeCKoMkl8YRjJ7smEyrMwTnuRD0";
-      openssh.authorizedKeys.keys = [
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRWDaUzbDyCNee/K8iCcXtoLrR0fZoGpXAV4f/CjB8kKb42lWKWXc67Juy0RnRVCZQc21ooApuQPJZ08Cawj9Okgz0j3vYdMnDBY1Ox9Ik12hzbpdLDHhOrIj3BOJuAKfFy5OM9Z2ZLwdvjXFk+1RQK1Qadd3PwtGjxLAgp5eBHj8TgUP8DXKGQQElphjfVLua4ufqoTldT1mrmDn/+GDgNY5HUTQb+YZ6AwjcemG+eAdG30Al1JRkOogke83hIXBVNCD9ObPtRv/KiAZv3TV8bgP2mzeeG2aDDb9qz8HXKvBlbN2ouz0cWTA5D5+Ua+wkOggEfhfPKBauF9sbQ8bRuknWm8VnuVXkikzdYZVGKdzvoHRdOfoTCL4JHzpGW6H3jVqdQuGTv5r28y/jxbDY95w6KmxLS+2u8SHVBh6hVAxf5i3P8aIHkOTEN//SyS/fa1uXHSQt0sVya2+4pTsCQfwWjE3TrQg6W6bmguVMjaICze5wWwckap+57jKbK9sPCuLFfYPwOvQ3nfb6wwNBhvNxmD9xGfk8/UzXsoq6OgPvF7GE5UWA04GHCnF4H0tEAQBK0vsjKxqC2lM8nK9msbqkSxadIFYqiG1+DAZyju3uZgkkInev8dh02yNsVJKYoCm60PWaMTLeVsrYZuvNDWXsXm7+nD02wWI0lxnkVw== das-g@x1carbon"
-      ];
-    };
-
-    empty0 = {
-      uid = 1002;
-      isNormalUser = true;
-      description = "Testuser empty0";
-      group = "empty0";
-      extraGroups = [ "video" ];
-      hashedPassword =
-        "$6$mlI7Au.EzmrL9uJj$vz8ujechSkx83tsFcRA8D04vh5.3ZwPlPmE.wsf2CTKvLio48a1eXtRxUHkkDfPlLAjqyJ55bSSw2lLazH9Ip/";
-    };
+  users.groups = metausers.groups;
+  users.users = metausers.users // {
+    root.openssh.authorizedKeys.keys = with lib;
+      concatLists (mapAttrsToList (name: user:
+        if elem "wheel" user.extraGroups then
+          user.openssh.authorizedKeys.keys
+        else
+          [ ]) metausers.users);
   };
 
+  # Package management
+  nix.trustedUsers = [ "root" "@wheel" ];
   nix.gc = {
     automatic = true;
     dates = "weekly";
     options = "--delete-older-than 30d";
   };
 
-  services.btrfs.autoScrub.enable = true;
+  system.autoUpgrade.enable = true;
+  system.autoUpgrade.allowReboot = false;
 
-  environment.etc = {
-    gitconfig.source = ./etc/gitconfig;
-    vimrc.source = ./etc/vimrc;
+  # System Services
+  services.btrfs.autoScrub.enable = true;
+  services.fwupd.enable = true;
+
+  # Network services
+  networking.firewall = {
+    allowPing = true;
+    allowedTCPPorts = [ 22 ];
+  };
+
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false;
   };
-  programs.autojump.enable = true;
-  programs.vim.defaultEditor = true;
 
   security.acme = {
     acceptTerms = true;
     email = "sysadmin@qo.is";
   };
 
+  # Default Settings
+  environment.etc = {
+    gitconfig.source = ./etc/gitconfig;
+    vimrc.source = ./etc/vimrc;
+  };
+  programs.autojump.enable = true;
+  programs.vim.defaultEditor = true;
 }

defaults/base/overlays.nix

@@ -0,0 +1,7 @@
+{ config, lib, pkgs, options, ... }:
+
+{
+  nixpkgs.overlays = [ (import ../../overlays) ];
+  nix.nixPath = options.nix.nixPath.default
+    ++ [ "nixpkgs-overlays=/etc/nixos/overlays/_nix-path/" ];
+}

defaults/games/default.nix

@@ -1,7 +1,8 @@
 { config, lib, pkgs, ... }:
 
 {
-  environment.systemPackages = with pkgs; [
+  environment.systemPackages = with pkgs;
+    [
       neverball
       wesnoth
       pingus

meta/default.nix

@@ -1 +1,4 @@
-{ network = import ./network.nix; }
+{
+  network = import ./network.nix;
+  users = import ./users.nix;
+}

meta/users.nix

@@ -0,0 +1,45 @@
+{
+  groups = {
+    fhauser.gid = 1000;
+    das-g.gid = 1001;
+    empty0.gid = 1002;
+  };
+
+  users = rec {
+    fhauser = {
+      uid = 1000;
+      isNormalUser = true;
+      description = "Fabian Hauser";
+      group = "fhauser";
+      extraGroups = [ "wheel" "video" "docker" ];
+      hashedPassword =
+        "$6$rounds=20000$TYZ8CojfBLwejcwn$smEJe6/anL9NGf.Ytfny14nBfhr4TRPv2XK1lgHz7yg.zQow1HACePirEjsjxzFC6vTHGaT8t2NxobUsHbWLg1";
+      openssh.authorizedKeys.keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIPF8ZV7vhpbVvLxiKq8ANVusNUHMbtii5MuvjxCbVz7vSNVPo9OOLvYyDqhbRAWMTdQeGZVAaALBufKKmprDTRFMpnA7Ut4TFrdz/5DTaR2KEjJ7P75moH+0xooR/GsbzFGsNBSQSXK3u1igndPYEC/PqCHN++32kDo2wLqTB4VLrEovU3iq8BMckn329Bu1fGbXKTgDpEvUEEwFO2brQZLMmzILGF/v4B9ImEGtinAUNgDSfEpgPN23sdWQH9rwEClGv95JmWNf05tuVomhZzOBtCFoAno3XB1nj16avjsqJ3aGFY2CCcfsNrwKzhIotmm82bcI4BJuJIVRIKbZ1 cardno:000603507108"
+      ];
+    };
+
+    das-g = {
+      uid = 1001;
+      isNormalUser = true;
+      description = "Raphael Das Gupta";
+      group = "das-g";
+      extraGroups = [ "wheel" ];
+      hashedPassword =
+        "$6$rounds=37000$omA92cfwup$Ri9FXHbeOUIIDKf83D6UNa5NWGac.G9A3voJmrivwkVtaDGVMGLIa5qdgkaDeCKoMkl8YRjJ7smEyrMwTnuRD0";
+      openssh.authorizedKeys.keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRWDaUzbDyCNee/K8iCcXtoLrR0fZoGpXAV4f/CjB8kKb42lWKWXc67Juy0RnRVCZQc21ooApuQPJZ08Cawj9Okgz0j3vYdMnDBY1Ox9Ik12hzbpdLDHhOrIj3BOJuAKfFy5OM9Z2ZLwdvjXFk+1RQK1Qadd3PwtGjxLAgp5eBHj8TgUP8DXKGQQElphjfVLua4ufqoTldT1mrmDn/+GDgNY5HUTQb+YZ6AwjcemG+eAdG30Al1JRkOogke83hIXBVNCD9ObPtRv/KiAZv3TV8bgP2mzeeG2aDDb9qz8HXKvBlbN2ouz0cWTA5D5+Ua+wkOggEfhfPKBauF9sbQ8bRuknWm8VnuVXkikzdYZVGKdzvoHRdOfoTCL4JHzpGW6H3jVqdQuGTv5r28y/jxbDY95w6KmxLS+2u8SHVBh6hVAxf5i3P8aIHkOTEN//SyS/fa1uXHSQt0sVya2+4pTsCQfwWjE3TrQg6W6bmguVMjaICze5wWwckap+57jKbK9sPCuLFfYPwOvQ3nfb6wwNBhvNxmD9xGfk8/UzXsoq6OgPvF7GE5UWA04GHCnF4H0tEAQBK0vsjKxqC2lM8nK9msbqkSxadIFYqiG1+DAZyju3uZgkkInev8dh02yNsVJKYoCm60PWaMTLeVsrYZuvNDWXsXm7+nD02wWI0lxnkVw== das-g@x1carbon"
+      ];
+    };
+
+    empty0 = {
+      uid = 1002;
+      isNormalUser = true;
+      description = "Testuser empty0";
+      group = "empty0";
+      extraGroups = [ "video" ];
+      hashedPassword =
+        "$6$mlI7Au.EzmrL9uJj$vz8ujechSkx83tsFcRA8D04vh5.3ZwPlPmE.wsf2CTKvLio48a1eXtRxUHkkDfPlLAjqyJ55bSSw2lLazH9Ip/";
+    };
+  };
+}

overlays/_nix-path/overlays.nix

@@ -0,0 +1,7 @@
+self: super:
+with super.lib;
+let
+  # Load the system wide overlays
+  overlays = (import <nixpkgs/nixos> { }).config.nixpkgs.overlays;
+  # Apply all overlays to the input of the current "main" overlay
+in foldl' (flip extends) (_: super) overlays self

overlays/applications/networking/remote/vmware-horizon-client/default.nix

@@ -1,24 +1,26 @@
 { stdenv, buildFHSUserEnv, fetchurl, makeWrapper, makeDesktopItem, libxslt, atk
-, fontconfig, freetype, gdk-pixbuf, glib, gtk2, libudev0-shim, libxml2
-, pango, pixman, libX11, libXext, libXinerama, libXrandr , libXrender
-, libXtst, libXcursor, libXi, libxkbfile , libXScrnSaver, zlib, liberation_ttf
-, libtiff, dbus, at-spi2-atk, harfbuzz, gtk3-x11, libuuid, pcsclite
-}:
+, fontconfig, freetype, gdk-pixbuf, glib, gtk2, libudev0-shim, libxml2, pango
+, pixman, libX11, libXext, libXinerama, libXrandr, libXrender, libXtst
+, libXcursor, libXi, libxkbfile, libXScrnSaver, zlib, liberation_ttf, libtiff
+, dbus, at-spi2-atk, harfbuzz, gtk3-x11, libuuid, pcsclite }:
 
 let
   version = "2006";
 
-  sysArch =
-    if stdenv.hostPlatform.system == "x86_64-linux" then "x64"
-    else throw "Unsupported system: ${stdenv.hostPlatform.system}";
+  sysArch = if stdenv.hostPlatform.system == "x86_64-linux" then
+    "x64"
+  else
+    throw "Unsupported system: ${stdenv.hostPlatform.system}";
   # The downloaded archive also contains i386 and ARM binaries, but these have not been tested.
 
   vmwareHorizonClientFiles = stdenv.mkDerivation {
     name = "vmwareHorizonClientFiles";
     inherit version;
     src = fetchurl {
-      url = https://download3.vmware.com/software/view/viewclients/CART21FQ2/vmware-view-client-linux-2006-8.0.0-16522670.tar.gz;
-      sha256 = "8c46d49fea42f8c1f7cf32a5f038f5a47d2b304743b1e4f4c68c658621b0e79c";
+      url =
+        "https://download3.vmware.com/software/view/viewclients/CART21FQ2/vmware-view-client-linux-2006-8.0.0-16522670.tar.gz";
+      sha256 =
+        "8c46d49fea42f8c1f7cf32a5f038f5a47d2b304743b1e4f4c68c658621b0e79c";
     };
     buildInputs = [ makeWrapper ];
     installPhase = ''
@@ -46,10 +48,36 @@ let
     runScript = "${vmwareHorizonClientFiles}/bin/vmware-view_wrapper";
 
     targetPkgs = pkgs: [
-      pcsclite dbus vmwareHorizonClientFiles atk fontconfig freetype gdk-pixbuf glib gtk2
-      libudev0-shim libxml2 pango pixman liberation_ttf libX11 libXext libXinerama
-      libXrandr libXrender libXtst libXcursor libXi libxkbfile at-spi2-atk libXScrnSaver
-      zlib libtiff harfbuzz gtk3-x11 libuuid
+      pcsclite
+      dbus
+      vmwareHorizonClientFiles
+      atk
+      fontconfig
+      freetype
+      gdk-pixbuf
+      glib
+      gtk2
+      libudev0-shim
+      libxml2
+      pango
+      pixman
+      liberation_ttf
+      libX11
+      libXext
+      libXinerama
+      libXrandr
+      libXrender
+      libXtst
+      libXcursor
+      libXi
+      libxkbfile
+      at-spi2-atk
+      libXScrnSaver
+      zlib
+      libtiff
+      harfbuzz
+      gtk3-x11
+      libuuid
     ];
   };
 
@@ -71,7 +99,8 @@ in stdenv.mkDerivation {
   '';
 
   meta = with stdenv.lib; {
-    description = "Allows you to connect to your VMware Horizon virtual desktop";
+    description =
+      "Allows you to connect to your VMware Horizon virtual desktop";
     homepage = "https://www.vmware.com/go/viewclients";
     license = licenses.unfree;
     platforms = platforms.linux;

overlays/default.nix

@@ -1,4 +1,6 @@
 self: super: {
   lib = (super.lib or { }) // { qois = import ../lib { lib = self.lib; }; };
-  vmware-horizon-client = super.callPackage ./applications/networking/remote/vmware-horizon-client { }; # TODO: Should be included in 21.03
+  vmware-horizon-client =
+    super.callPackage ./applications/networking/remote/vmware-horizon-client
+    { }; # TODO: Should be included in 21.03
 }