chore(deps): lock file maintenance

.gitignore

@@ -5,3 +5,4 @@ result*
 /.direnv
 /book
 /.sops.yaml
+/.nixos-test-history

SUMMARY.md

@@ -1,6 +1,7 @@
 # Summary
 
 - [Repository README](README.md)
+- [Testing](checks/README.md)
 - [Deployment](deploy/README.md)
 
 ---
@@ -15,12 +16,12 @@
 # Services
 
 - [E-mail](email.md)
-- [Git CI Runner](nixos-modules/qois/git-ci-runner/README.md)
-- [Git Hosting](nixos-modules/qois/git/README.md)
-- [Nextcloud](defaults/nextcloud/README.md)
+- [Git CI Runner](nixos-modules/git-ci-runner/README.md)
+- [Git Hosting](nixos-modules/git/README.md)
+- [Nextcloud](nixos-modules/cloud/README.md)
 - [Nix Caches](nixos-configurations/lindberg-build/applications/README.md)
-- [Static Pages](nixos-modules/qois/static-page/README.md)
-- [VPN](defaults/vpn/README.md)
+- [Static Pages](nixos-modules/static-page/README.md)
+- [VPN](nixos-modules/vpn-server/README.md)
 - [Vaultwarden](nixos-modules/vault/README.md)
 
 # Nixos Configurations
@@ -29,4 +30,3 @@
 - [cyprianspitz](nixos-configurations/cyprianspitz/README.md)
 - [lindberg](nixos-configurations/lindberg/README.md)
 - [stompert](nixos-configurations/stompert/README.md)
-

checks/README.md

@@ -0,0 +1,17 @@
+#  Tests
+
+## Module Tests
+
+We test our nixos modules with [NixOS tests](https://nixos.org/manual/nixos/stable/index.html#sec-nixos-tests).
+Running nixos tests requires QEMU virtualisation, so make sure you have KVM virtualisation support enabled.
+
+Run all: `nix build .#checks.x86_64-linux.nixos-modules`  
+Run single test: `nix build .#checks.x86_64-linux.nixos-modules.entries.vm-test-run-testNameAsInDerivationName`
+
+### Run Test Interactively
+
+```bash
+nix run .#checks.x86_64-linux.nixos-modules.entries.vm-test-run-testNameAsInDerivationName.driverInteractive
+```
+
+See [upstream documentation](https://nixos.org/manual/nixos/stable/#sec-running-nixos-tests-interactively) for more details.

checks/default.nix

@@ -4,7 +4,7 @@
   pkgs,
   deployPkgs,
   ...
-}@inputs:
+}:
 {
   ${system} = {
 
@@ -16,6 +16,10 @@
       mkdir $out
     '';
 
+    nixos-modules = pkgs.callPackage ./nixos-modules {
+      inherit (self.lib) getSubDirs isFolderWithFile;
+    };
+
     #TODO(#29): Integration/System tests
 
     # Import deploy-rs tests

checks/nixos-modules/default.nix

@@ -0,0 +1,60 @@
+{
+  linkFarmFromDrvs,
+  isFolderWithFile,
+  getSubDirs,
+  lib,
+  testers,
+}:
+let
+  inherit (lib)
+    filter
+    path
+    mkDefault
+    readFile
+    attrNames
+    concatStringsSep
+    pipe
+    ;
+  modulesBaseDir = ../../nixos-modules;
+  mkTest =
+    name:
+    let
+      getFilePath = file: path.append modulesBaseDir "./${name}/${file}";
+    in
+    testers.runNixOSTest {
+      inherit name;
+      imports = [
+        (import (getFilePath "test.nix") {
+          inherit name;
+          inherit lib;
+        })
+      ];
+
+      defaults.imports = [ (getFilePath "default.nix") ];
+
+      # Calls a `test(...)` python function in the test's python file with the list of nodes and helper functions.
+      # Helper symbols may be added as function args when needed and can be found in:
+      #   https://github.com/NixOS/nixpkgs/blob/master/nixos/lib/test-driver/src/test_driver/driver.py#L121
+      testScript = mkDefault (
+        { nodes, ... }:
+        let
+          script = readFile (getFilePath "test.py");
+          nodeArgs = pipe nodes [
+            attrNames
+            (map (val: "${val}=${val}"))
+            (concatStringsSep ", ")
+          ];
+        in
+        ''
+          ${script}
+          test(${nodeArgs}, subtest=subtest)
+        ''
+      );
+    };
+in
+pipe modulesBaseDir [
+  getSubDirs
+  (filter (isFolderWithFile "test.nix" modulesBaseDir))
+  (map mkTest)
+  (linkFarmFromDrvs "nixos-modules")
+]

defaults/base-vm/default.nix

@@ -1,39 +0,0 @@
-{
-  config,
-  lib,
-  modulesPath,
-  pkgs,
-  ...
-}:
-
-{
-
-  imports = [
-    ../base-minimal
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
-
-  boot.loader.grub.enable = true;
-
-  system.autoUpgrade.allowReboot = true;
-
-  services.qemuGuest.enable = true;
-
-  boot.initrd.availableKernelModules = [
-    "ahci"
-    "xhci_pci"
-    "sr_mod"
-  ];
-
-  # Taken from https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/minimal.nix
-  documentation.enable = lib.mkDefault false;
-
-  documentation.doc.enable = lib.mkDefault false;
-
-  documentation.info.enable = lib.mkDefault false;
-
-  documentation.man.enable = lib.mkDefault false;
-
-  documentation.nixos.enable = lib.mkDefault false;
-
-}

defaults/base/applications.nix

@@ -1,32 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-
-{
-  environment.systemPackages =
-    with pkgs;
-    [
-      pciutils
-      dmidecode
-      smartmontools
-      iw
-      efibootmgr
-      efitools
-      efivar
-      pwgen
-      powertop
-      lm_sensors
-    ]
-    ++ [
-      # Filesystem & Disk Utilities
-      hdparm
-      smartmontools
-    ]
-    ++ [
-      # Networking Utilities
-      tcpdump
-    ];
-}

defaults/base/default.nix

@@ -1,25 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-{
-  imports = [
-    ../base-minimal
-    ./applications.nix
-  ];
-
-  # System Services
-  services.fwupd.enable = true;
-
-  services.smartd = {
-    enable = true;
-    notifications.mail = {
-      enable = true;
-      mailer = "${pkgs.msmtp}/bin/sendmail";
-      sender = "system@qo.is";
-      recipient = "sysadmin@qo.is";
-    };
-  };
-}

defaults/hardware/README.md

@@ -9,7 +9,3 @@ To boot the nixos installer with the console port, add `console=ttyS0,115200n8`
 
 `F2`: Boot into BIOS  
 `F11`: Select boot device
-
-# NUC
-
-- [Boot Keybindings](https://www.intel.com/content/www/us/en/support/articles/000005672/boards-and-kits/desktop-boards.html)

defaults/hardware/nuc.nix

@@ -1,33 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
-
-{
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
-  boot.initrd.availableKernelModules = [
-    "xhci_pci"
-    "ahci"
-    "usbhid"
-    "usb_storage"
-    "sd_mod"
-    "e1000e"
-    "virtio-pci"
-  ];
-  boot.initrd.kernelModules = [ ];
-  #  boot.kernelModules = [ "kvm-intel" "virtio" "tun" ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-  #  boot.kernelParams = [ "console=ttyS0,115200n8" ];
-
-  hardware.cpu.intel.updateMicrocode = true;
-  powerManagement.cpuFreqGovernor = "ondemand";
-  nix.settings.max-jobs = lib.mkDefault 8;
-}

defaults/hardware/wle-regulatory-domain/ath10k-override-eeprom-regulatory-domain.patch

@@ -1,40 +0,0 @@
-diff --unified --recursive --text archlinux-linux/drivers/net/wireless/ath/regd.c archlinux-linux-patched/drivers/net/wireless/ath/regd.c
---- a/drivers/net/wireless/ath/regd.c	2019-08-29 18:31:52.749909030 +0200
-+++ b/drivers/net/wireless/ath/regd.c	2019-08-29 18:33:33.318773763 +0200
-@@ -345,6 +345,8 @@
- 	struct ieee80211_channel *ch;
- 	unsigned int i;
- 
-+  return;
-+
- 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
- 		if (!wiphy->bands[band])
- 			continue;
-@@ -378,6 +380,8 @@
- {
- 	struct ieee80211_supported_band *sband;
- 
-+  return;
-+
- 	sband = wiphy->bands[NL80211_BAND_2GHZ];
- 	if (!sband)
- 		return;
-@@ -407,6 +411,8 @@
- 	struct ieee80211_channel *ch;
- 	unsigned int i;
- 
-+  return;
-+
- 	if (!wiphy->bands[NL80211_BAND_5GHZ])
- 		return;
- 
-@@ -639,6 +645,9 @@
- 	const struct ieee80211_regdomain *regd;
- 
- 	wiphy->reg_notifier = reg_notifier;
-+
-+  return 0;
-+
- 	wiphy->regulatory_flags |= REGULATORY_STRICT_REG |
- 				   REGULATORY_CUSTOM_REG;
- 

defaults/hardware/wle-regulatory-domain/default.nix

@@ -1,23 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-{
-  boot.kernelPatches = [
-    {
-      name = "ath10k-override-eeprom-regulatory-domain";
-      patch = ./ath10k-override-eeprom-regulatory-domain.patch;
-      extraConfig = ''
-        EXPERT y
-        CFG80211_CERTIFICATION_ONUS y
-        ATH_REG_DYNAMIC_USER_REG_HINTS y
-        ATH_REG_DYNAMIC_USER_CERT_TESTING y
-        ATH_REG_DYNAMIC_USER_CERT_TESTING y
-        ATH9K_DFS_CERTIFIED y
-        ATH10K_DFS_CERTIFIED y
-      '';
-    }
-  ];
-}

defaults/hardware/wle200nx.nix

@@ -1,11 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-{
-  services.hostapd.extraConfig = ''
-    ht_capab=[HT40-][HT40+][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]
-  '';
-}

defaults/nextcloud/default.nix

@@ -1,99 +0,0 @@
-# Default configuration for hosts
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-
-{
-
-  sops.secrets."nextcloud/admin" = with config.users.users.nextcloud; {
-    inherit group;
-    owner = name;
-  };
-
-  services.postgresql.enable = true;
-  qois.backup-client.includePaths = [ config.services.nextcloud.home ];
-
-  services.nextcloud = {
-    enable = true;
-    https = true;
-    webfinger = true;
-    maxUploadSize = "10G";
-
-    database.createLocally = true;
-
-    config = {
-      adminpassFile = config.sops.secrets."nextcloud/admin".path;
-      adminuser = "root";
-      dbtype = "pgsql";
-    };
-
-    appstoreEnable = false;
-    extraApps = {
-      inherit (config.services.nextcloud.package.passthru.packages.apps)
-        calendar
-        contacts
-        deck
-        groupfolders
-        maps
-        memories
-        music
-        news
-        notes
-        notify_push
-        tasks
-        twofactor_webauthn
-        ;
-    };
-
-    phpOptions = {
-      "opcache.interned_strings_buffer" = "23";
-    };
-
-    poolSettings = {
-      "pm" = "dynamic";
-      "pm.max_children" = "256";
-      "pm.max_requests" = "500";
-      "pm.max_spare_servers" = "16";
-      "pm.min_spare_servers" = "2";
-      "pm.start_servers" = "8";
-    };
-
-    configureRedis = true;
-    caching.redis = true;
-
-    notify_push = {
-      enable = true;
-      bendDomainToLocalhost = true;
-    };
-
-    settings = {
-      log_type = "syslog";
-      syslog_tag = "nextcloud";
-      "memories.exiftool" = "${lib.getExe pkgs.exiftool}";
-      "memories.vod.ffmpeg" = "${lib.getExe pkgs.ffmpeg-headless}";
-      "memories.vod.ffprobe" = "${pkgs.ffmpeg-headless}/bin/ffprobe";
-      preview_ffmpeg_path = "${lib.getExe pkgs.ffmpeg-headless}";
-      mail_smtpmode = "sendmail";
-      mail_domain = "qo.is";
-    };
-  };
-
-  services.phpfpm.pools.nextcloud.settings = {
-    "pm.max_children" = lib.mkForce "256";
-    "pm.max_spare_servers" = lib.mkForce "16";
-    "pm.start_servers" = lib.mkForce "8";
-  };
-
-  users.users.nextcloud.extraGroups = [ "postdrop" ];
-
-  systemd.services.nextcloud-cron = {
-    path = [ pkgs.perl ];
-  };
-
-  environment.systemPackages = with pkgs; [
-    nodejs # required for Recognize
-  ];
-}

lib/default.nix

@@ -1,18 +1,26 @@
 { pkgs, ... }:
 let
-  lib = pkgs.lib;
-  foldersWithNix =
-    path:
-    let
-      folders = lib.attrNames (lib.filterAttrs (n: t: t == "directory") (builtins.readDir path));
-      isFolderWithDefaultNix = folder: lib.pathExists (lib.path.append path "./${folder}/default.nix");
-    in
-    lib.filter isFolderWithDefaultNix folders;
+  inherit (pkgs.lib)
+    attrNames
+    filterAttrs
+    filter
+    pathExists
+    path
+    ;
+  # Get a list of all subdirectories of a directory.
+  getSubDirs = base: attrNames (filterAttrs (n: t: t == "directory") (builtins.readDir base));
+  # Check if a folder with a base path and folder name contains a file with a specific name
+  isFolderWithFile =
+    fileName: basePath: folderName:
+    (pathExists (path.append basePath "./${folderName}/${fileName}"));
+  # Get a list of subfolders that contain a default.nix file.
+  foldersWithNix = base: filter (isFolderWithFile "default.nix" base) (getSubDirs base);
 
 in
 {
-  inherit foldersWithNix;
+  inherit getSubDirs isFolderWithFile foldersWithNix;
 
+  # Get a list of default.nix files that are nix submodules of the current folder.
   loadSubmodulesFrom =
-    path: map (folder: lib.path.append path "./${folder}/default.nix") (foldersWithNix path);
+    basePath: map (folder: path.append basePath "./${folder}/default.nix") (foldersWithNix basePath);
 }

nixos-configurations/calanda/default.nix

@@ -7,10 +7,11 @@
 
     ../../defaults/hardware/apu.nix
 
-    ../../defaults/base
     ../../defaults/meta
   ];
 
+  qois.system.physical.enable = true;
+
   # This value determines the NixOS release from which the default
   # settings for stateful data, like fi:le locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave

nixos-configurations/calanda/networking.nix

@@ -32,7 +32,7 @@ in
   qois.backplane-net.enable = true;
 
   # TODO: Metaize ips
-  services.qois.router = {
+  qois.router = {
     enable = true;
     wanInterface = "enp4s0";
     wirelessInterfaces = [ "wlp5s0" ];

nixos-configurations/cyprianspitz/default.nix

@@ -11,10 +11,11 @@
 
     ../../defaults/hardware/asrock-z790m.nix
 
-    ../../defaults/base
     ../../defaults/meta
   ];
 
+  qois.system.physical.enable = true;
+
   # Set your time zone.
   time.timeZone = "Europe/Amsterdam";
 

nixos-configurations/cyprianspitz/networking.nix

@@ -73,7 +73,7 @@ in
   };
 
   # Boot
-  services.qois.luks-ssh = {
+  qois.luks-ssh = {
     enable = true;
     interface = "eth0";
 

nixos-configurations/lindberg-build/default.nix

@@ -2,7 +2,6 @@
 
 {
   imports = [
-    ../../defaults/base-vm
     ../../defaults/meta
 
     ./applications
@@ -10,6 +9,7 @@
     ./networking.nix
     ./secrets.nix
   ];
+  qois.system.virtual-machine.enable = true;
 
   # Set your time zone.
   time.timeZone = "Europe/Amsterdam";

nixos-configurations/lindberg-nextcloud/applications/cloud.nix

@@ -1,21 +0,0 @@
-{ config, pkgs, ... }:
-let
-  host = "cloud.qo.is";
-in
-{
-
-  imports = [ ../../../defaults/nextcloud ];
-
-  services.postgresql.enable = true;
-
-  services.nextcloud = {
-    hostName = host;
-    package = pkgs.nextcloud30;
-    settings.default_phone_region = "CH";
-  };
-  services.nginx.virtualHosts."${host}" = {
-    forceSSL = true;
-    enableACME = true;
-    kTLS = true;
-  };
-}

nixos-configurations/lindberg-nextcloud/applications/default.nix

@@ -1,7 +1,9 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 {
-
-  imports = [ ./cloud.nix ];
-
   qois.postgresql.package = pkgs.postgresql_14;
+
+  qois.cloud = {
+    enable = true;
+    package = pkgs.nextcloud30;
+  };
 }

nixos-configurations/lindberg-nextcloud/default.nix

@@ -2,13 +2,14 @@
 
 {
   imports = [
-    ../../defaults/base-vm
     ../../defaults/meta
     ./applications
     ./backup.nix
     ./secrets.nix
   ];
 
+  qois.system.virtual-machine.enable = true;
+
   boot.loader.grub.device = "/dev/vda";
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/5b6823ec-921f-400a-a7c0-3fe34d56ae12";

nixos-configurations/lindberg-webapps/default.nix

@@ -2,7 +2,6 @@
 
 {
   imports = [
-    ../../defaults/base-vm
     ../../defaults/meta
 
     ./applications
@@ -11,6 +10,8 @@
     ./secrets.nix
   ];
 
+  qois.system.virtual-machine.enable = true;
+
   # Set your time zone.
   time.timeZone = "Europe/Amsterdam";
 

nixos-configurations/lindberg/default.nix

@@ -12,10 +12,11 @@
 
     ../../defaults/hardware/asrock.nix
 
-    ../../defaults/base
     ../../defaults/meta
   ];
 
+  qois.system.physical.enable = true;
+
   # Set your time zone.
   time.timeZone = "Europe/Amsterdam";
 

nixos-configurations/lindberg/networking.nix

@@ -73,7 +73,7 @@ in
   # Boot
   boot.initrd.network.udhcpc.enable = true;
 
-  services.qois.luks-ssh = {
+  qois.luks-ssh = {
     enable = true;
     interface = "eth0";
     sshPort = 2222;

nixos-configurations/stompert/default.nix

@@ -7,10 +7,12 @@
 {
   imports = [
     ../../defaults/hardware/apu.nix
-    ../../defaults/base
+
     ../../defaults/meta
   ];
 
+  qois.system.physical.enable = true;
+
   boot.initrd.luks.devices."systems".device =
     "/dev/disk/by-uuid/5718bd19-cb7a-4728-9ec4-6b2be48215fc";
 
@@ -35,7 +37,7 @@
   # Define on which hard drive you want to install Grub.
   boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
 
-  services.qois.luks-ssh = {
+  qois.luks-ssh = {
     enable = true;
     interface = "eth1";
     sshPort = 2222;

nixos-modules/cloud/default.nix

@@ -0,0 +1,135 @@
+# Default configuration for hosts
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  cfg = config.qois.cloud;
+in
+with lib;
+{
+
+  options.qois.cloud = {
+    enable = mkEnableOption "Enable qois cloud service";
+
+    domain = mkOption {
+      type = types.str;
+      default = "cloud.qo.is";
+      description = "Domain, under which the service is served.";
+    };
+
+    package = mkOption {
+      type = types.package;
+      description = "Which package to use for the Nextcloud instance.";
+      relatedPackages = [
+        "nextcloud28"
+        "nextcloud29"
+        "nextcloud30"
+      ];
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    services.nginx.virtualHosts."${cfg.domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      kTLS = true;
+    };
+
+    sops.secrets."nextcloud/admin" = with config.users.users.nextcloud; {
+      inherit group;
+      owner = name;
+    };
+
+    services.postgresql.enable = true;
+    qois.backup-client.includePaths = [ config.services.nextcloud.home ];
+
+    services.nextcloud = {
+      inherit (cfg) package;
+      enable = true;
+      hostName = cfg.domain;
+      https = true;
+      webfinger = true;
+      maxUploadSize = "10G";
+
+      database.createLocally = true;
+
+      config = {
+        adminpassFile = config.sops.secrets."nextcloud/admin".path;
+        adminuser = "root";
+        dbtype = "pgsql";
+      };
+
+      appstoreEnable = false;
+      extraApps = {
+        inherit (config.services.nextcloud.package.passthru.packages.apps)
+          calendar
+          contacts
+          deck
+          groupfolders
+          maps
+          memories
+          music
+          news
+          notes
+          notify_push
+          tasks
+          twofactor_webauthn
+          ;
+      };
+
+      phpOptions = {
+        "opcache.interned_strings_buffer" = "23";
+      };
+
+      poolSettings = {
+        "pm" = "dynamic";
+        "pm.max_children" = "256";
+        "pm.max_requests" = "500";
+        "pm.max_spare_servers" = "16";
+        "pm.min_spare_servers" = "2";
+        "pm.start_servers" = "8";
+      };
+
+      configureRedis = true;
+      caching.redis = true;
+
+      notify_push = {
+        enable = true;
+        bendDomainToLocalhost = true;
+      };
+
+      settings = {
+        log_type = "syslog";
+        syslog_tag = "nextcloud";
+        "memories.exiftool" = "${lib.getExe pkgs.exiftool}";
+        "memories.vod.ffmpeg" = "${lib.getExe pkgs.ffmpeg-headless}";
+        "memories.vod.ffprobe" = "${pkgs.ffmpeg-headless}/bin/ffprobe";
+        preview_ffmpeg_path = "${lib.getExe pkgs.ffmpeg-headless}";
+        mail_smtpmode = "sendmail";
+        mail_domain = "qo.is";
+        default_phone_region = "CH";
+      };
+    };
+
+    services.phpfpm.pools.nextcloud.settings = {
+      "pm.max_children" = lib.mkForce "256";
+      "pm.max_spare_servers" = lib.mkForce "16";
+      "pm.start_servers" = lib.mkForce "8";
+    };
+
+    users.users.nextcloud.extraGroups = [ "postdrop" ];
+
+    systemd.services.nextcloud-cron = {
+      path = [ pkgs.perl ];
+    };
+
+    environment.systemPackages = with pkgs; [
+      nodejs # required for Recognize
+    ];
+  };
+}

nixos-modules/luks-ssh/default.nix

@@ -8,10 +8,10 @@
 with lib;
 
 let
-  cfg = config.services.qois.luks-ssh;
+  cfg = config.qois.luks-ssh;
 in
 {
-  options.services.qois.luks-ssh = {
+  options.qois.luks-ssh = {
     enable = mkEnableOption "luks-ssh service";
 
     interface = mkOption {

nixos-modules/qois/default.nix

@@ -1,10 +0,0 @@
-{
-  config,
-  pkgs,
-  inputs,
-  ...
-}:
-{
-
-  imports = inputs.self.lib.loadSubmodulesFrom ./.;
-}

nixos-modules/router-dhcp/default.nix

@@ -8,11 +8,11 @@
 with lib;
 
 let
-  routerCfg = config.services.qois.router;
-  cfg = config.services.qois.router.dhcp;
+  routerCfg = config.qois.router;
+  cfg = config.qois.router.dhcp;
 in
 {
-  options.services.qois.router.dhcp = {
+  options.qois.router.dhcp = {
     enable = mkEnableOption "router dhcp service";
 
     localDomain = mkOption {

nixos-modules/router-dns/default.nix

@@ -8,12 +8,12 @@
 with lib;
 
 let
-  routerCfg = config.services.qois.router;
-  dhcpCfg = config.services.qois.router.dhcp;
-  cfg = config.services.qois.router.recursiveDns;
+  routerCfg = config.qois.router;
+  dhcpCfg = config.qois.router.dhcp;
+  cfg = config.qois.router.recursiveDns;
 in
 {
-  options.services.qois.router.recursiveDns = {
+  options.qois.router.recursiveDns = {
     enable = mkEnableOption "router recursive dns service";
 
     networkIdIp = mkOption {

nixos-modules/router-wireless-ap/default.nix

@@ -8,11 +8,11 @@
 with lib;
 
 let
-  routerCfg = config.services.qois.router;
-  cfg = config.services.qois.router.wireless;
+  routerCfg = config.qois.router;
+  cfg = config.qois.router.wireless;
 in
 {
-  options.services.qois.router.wireless = {
+  options.qois.router.wireless = {
     enable = mkEnableOption "router wireless service";
 
     wleInterface24Ghz = mkOption {

nixos-modules/router/default.nix

@@ -8,10 +8,10 @@
 with lib;
 
 let
-  cfg = config.services.qois.router;
+  cfg = config.qois.router;
 in
 {
-  options.services.qois.router = {
+  options.qois.router = {
     enable = mkEnableOption "router service";
 
     wanInterface = mkOption {
@@ -51,7 +51,7 @@ in
       type = types.str;
       example = "192.168.0.1";
       description = ''
-        Internal IP of router. 
+        Internal IP of router.
       '';
     };
 

nixos-modules/static-page/default-pages.nix

@@ -1,12 +1,10 @@
 {
-  config,
-  pkgs,
   lib,
   ...
 }:
 {
 
-  qois.static-page.pages = {
+  qois.static-page.pages = lib.mkDefault {
     "fabianhauser.ch" = {
       domainAliases = [
         "www.fabianhauser.ch"

nixos-modules/static-page/default.nix

@@ -1,6 +1,5 @@
 {
   config,
-  pkgs,
   lib,
   ...
 }:

nixos-modules/static-page/test.nix

@@ -0,0 +1,31 @@
+{
+  ...
+}:
+{
+  # Note: This extends the default configuration from ${self}/checks/nixos-modules
+  nodes.webserver =
+    { pkgs, lib, ... }:
+    let
+      inherit (pkgs) curl gnugrep;
+      inherit (lib) mkForce genAttrs const;
+    in
+    {
+      # Setup simple localhost page with an example.com redirect
+      qois.static-page = {
+        enable = true;
+        pages."localhost".domainAliases = [ "example.com" ];
+      };
+
+      # Disable TLS services
+      services.nginx.virtualHosts = genAttrs [ "localhost" "example.com" ] (const {
+        forceSSL = mkForce false;
+        enableACME = mkForce false;
+      });
+
+      # Test environment
+      environment.systemPackages = [
+        curl
+        gnugrep
+      ];
+    };
+}

nixos-modules/static-page/test.py

@@ -0,0 +1,46 @@
+def test(subtest, webserver):
+    webserver.wait_for_unit("nginx")
+    webserver.wait_for_open_port(80)
+
+    # Preparations
+    webserverRoot = "/var/lib/nginx-localhost/root"
+    indexContent = "It works!"
+    webserver.succeed(f"mkdir {webserverRoot}")
+    webserver.succeed(f"echo '{indexContent}' > {webserverRoot}/index.html")
+    webserver.succeed(f"chown -R nginx-localhost\: {webserverRoot}")
+
+    # Helpers
+    def curl_variable_test(node, variable, expected, url):
+        value = node.succeed(
+            f"curl -s --no-location -o /dev/null -w '%{{{variable}}}' '{url}'")
+        assert value == expected, \
+            f"expected {variable} to be '{expected}' but got '{value}'"
+
+    def expect_http_code(node, code, url):
+        curl_variable_test(node, "http_code", code, url)
+
+    def expect_http_location(node, location, url):
+        curl_variable_test(node, "redirect_url", location, url)
+
+    def expect_http_content(node, expectedContent, url):
+        content = node.succeed(f"curl --no-location --silent '{url}'")
+        assert content.strip() == expectedContent.strip(), f'''
+                expected content:
+                  {expectedContent}
+                at {url} but got following content:
+                  {content}
+            '''
+
+    # Tests
+    with subtest("website is successfully served on localhost"):
+        expect_http_code(webserver, "200", "http://localhost/index.html")
+        expect_http_content(webserver, indexContent,
+                            "http://localhost/index.html")
+
+    with subtest("example.com is in hosts file and a redirect to localhost"):
+        webserver.succeed("grep example.com /etc/hosts")
+
+        url = "http://example.com/index.html"
+        expect_http_code(webserver, "301", url)
+        expect_http_location(
+            webserver, "http://localhost/index.html", url)

nixos-modules/system/default.nix

@@ -7,10 +7,12 @@
 }:
 {
   imports = [
-    ./unfree.nix
     ./applications.nix
     ./overlays.nix
+    ./physical.nix
     ./security.nix
+    ./unfree.nix
+    ./virtual-machine.nix
   ];
 
   boot.loader.timeout = 2;

nixos-modules/system/physical.nix

@@ -0,0 +1,52 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.qois.system.physical;
+in
+with lib;
+{
+  options.qois.system.physical.enable = mkEnableOption "Enable qois physical system configuration";
+
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages =
+      with pkgs;
+      [
+        pciutils
+        dmidecode
+        smartmontools
+        iw
+        efibootmgr
+        efitools
+        efivar
+        pwgen
+        powertop
+        lm_sensors
+      ]
+      ++ [
+        # Filesystem & Disk Utilities
+        hdparm
+        smartmontools
+      ]
+      ++ [
+        # Networking Utilities
+        tcpdump
+      ];
+
+    # System Services
+    services.fwupd.enable = true;
+
+    services.smartd = {
+      enable = true;
+      notifications.mail = {
+        enable = true;
+        mailer = "${pkgs.msmtp}/bin/sendmail";
+        sender = "system@qo.is";
+        recipient = "sysadmin@qo.is";
+      };
+    };
+  };
+}

nixos-modules/system/virtual-machine.nix

@@ -0,0 +1,58 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.qois.system.virtual-machine;
+in
+with lib;
+{
+  options.qois.system.virtual-machine.enable =
+    mkEnableOption "Enable qois system vm default configuration";
+
+  config = lib.mkIf cfg.enable {
+
+    boot.loader.grub.enable = true;
+
+    system.autoUpgrade.allowReboot = true;
+
+    services.qemuGuest.enable = true;
+
+    boot.initrd.availableKernelModules =
+      [
+        "ahci"
+        "xhci_pci"
+        "sr_mod"
+      ]
+      ++
+      # Taken from https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/qemu-guest.nix
+      [
+        "virtio_net"
+        "virtio_pci"
+        "virtio_mmio"
+        "virtio_blk"
+        "virtio_scsi"
+        "9p"
+        "9pnet_virtio"
+      ];
+    boot.initrd.kernelModules = [
+      "virtio_balloon"
+      "virtio_console"
+      "virtio_rng"
+      "virtio_gpu"
+    ];
+
+    # Taken from https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/minimal.nix
+    documentation.enable = lib.mkDefault false;
+
+    documentation.doc.enable = lib.mkDefault false;
+
+    documentation.info.enable = lib.mkDefault false;
+
+    documentation.man.enable = lib.mkDefault false;
+
+    documentation.nixos.enable = lib.mkDefault false;
+
+  };
+}

nixos-modules/wwan/default.nix

@@ -10,7 +10,7 @@
 with lib;
 
 let
-  cfg = config.services.qois.wwan;
+  cfg = config.qois.wwan;
 
   mbim-ip-configured = pkgs.writeScriptBin "mbim-ip-configured" (
     ''
@@ -34,7 +34,7 @@ let
   '';
 in
 {
-  options.services.qois.wwan = {
+  options.qois.wwan = {
     enable = mkEnableOption "wwan client service";
 
     apn = mkOption {