SUMMARY.md

@@ -15,12 +15,12 @@
 # Services
 
 - [E-mail](email.md)
-- [Git CI Runner](nixos-modules/qois/git-ci-runner/README.md)
-- [Git Hosting](nixos-modules/qois/git/README.md)
-- [Nextcloud](defaults/nextcloud/README.md)
+- [Git CI Runner](nixos-modules/git-ci-runner/README.md)
+- [Git Hosting](nixos-modules/git/README.md)
+- [Nextcloud](nixos-modules/cloud/README.md)
 - [Nix Caches](nixos-configurations/lindberg-build/applications/README.md)
-- [Static Pages](nixos-modules/qois/static-page/README.md)
-- [VPN](defaults/vpn/README.md)
+- [Static Pages](nixos-modules/static-page/README.md)
+- [VPN](nixos-modules/vpn-server/README.md)
 - [Vaultwarden](nixos-modules/vault/README.md)
 
 # Nixos Configurations
@@ -29,4 +29,3 @@
 - [cyprianspitz](nixos-configurations/cyprianspitz/README.md)
 - [lindberg](nixos-configurations/lindberg/README.md)
 - [stompert](nixos-configurations/stompert/README.md)
-

defaults/base-vm/default.nix

@@ -1,39 +0,0 @@
-{
-  config,
-  lib,
-  modulesPath,
-  pkgs,
-  ...
-}:
-
-{
-
-  imports = [
-    ../base-minimal
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
-
-  boot.loader.grub.enable = true;
-
-  system.autoUpgrade.allowReboot = true;
-
-  services.qemuGuest.enable = true;
-
-  boot.initrd.availableKernelModules = [
-    "ahci"
-    "xhci_pci"
-    "sr_mod"
-  ];
-
-  # Taken from https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/minimal.nix
-  documentation.enable = lib.mkDefault false;
-
-  documentation.doc.enable = lib.mkDefault false;
-
-  documentation.info.enable = lib.mkDefault false;
-
-  documentation.man.enable = lib.mkDefault false;
-
-  documentation.nixos.enable = lib.mkDefault false;
-
-}

defaults/base/applications.nix

@@ -1,32 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-
-{
-  environment.systemPackages =
-    with pkgs;
-    [
-      pciutils
-      dmidecode
-      smartmontools
-      iw
-      efibootmgr
-      efitools
-      efivar
-      pwgen
-      powertop
-      lm_sensors
-    ]
-    ++ [
-      # Filesystem & Disk Utilities
-      hdparm
-      smartmontools
-    ]
-    ++ [
-      # Networking Utilities
-      tcpdump
-    ];
-}

defaults/base/default.nix

@@ -1,25 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-{
-  imports = [
-    ../base-minimal
-    ./applications.nix
-  ];
-
-  # System Services
-  services.fwupd.enable = true;
-
-  services.smartd = {
-    enable = true;
-    notifications.mail = {
-      enable = true;
-      mailer = "${pkgs.msmtp}/bin/sendmail";
-      sender = "system@qo.is";
-      recipient = "sysadmin@qo.is";
-    };
-  };
-}

defaults/hardware/README.md

@@ -9,7 +9,3 @@ To boot the nixos installer with the console port, add `console=ttyS0,115200n8`
 
 `F2`: Boot into BIOS  
 `F11`: Select boot device
-
-# NUC
-
-- [Boot Keybindings](https://www.intel.com/content/www/us/en/support/articles/000005672/boards-and-kits/desktop-boards.html)

defaults/hardware/nuc.nix

@@ -1,33 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
-
-{
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
-  boot.initrd.availableKernelModules = [
-    "xhci_pci"
-    "ahci"
-    "usbhid"
-    "usb_storage"
-    "sd_mod"
-    "e1000e"
-    "virtio-pci"
-  ];
-  boot.initrd.kernelModules = [ ];
-  #  boot.kernelModules = [ "kvm-intel" "virtio" "tun" ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-  #  boot.kernelParams = [ "console=ttyS0,115200n8" ];
-
-  hardware.cpu.intel.updateMicrocode = true;
-  powerManagement.cpuFreqGovernor = "ondemand";
-  nix.settings.max-jobs = lib.mkDefault 8;
-}

defaults/hardware/wle-regulatory-domain/ath10k-override-eeprom-regulatory-domain.patch

@@ -1,40 +0,0 @@
-diff --unified --recursive --text archlinux-linux/drivers/net/wireless/ath/regd.c archlinux-linux-patched/drivers/net/wireless/ath/regd.c
---- a/drivers/net/wireless/ath/regd.c	2019-08-29 18:31:52.749909030 +0200
-+++ b/drivers/net/wireless/ath/regd.c	2019-08-29 18:33:33.318773763 +0200
-@@ -345,6 +345,8 @@
- 	struct ieee80211_channel *ch;
- 	unsigned int i;
- 
-+  return;
-+
- 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
- 		if (!wiphy->bands[band])
- 			continue;
-@@ -378,6 +380,8 @@
- {
- 	struct ieee80211_supported_band *sband;
- 
-+  return;
-+
- 	sband = wiphy->bands[NL80211_BAND_2GHZ];
- 	if (!sband)
- 		return;
-@@ -407,6 +411,8 @@
- 	struct ieee80211_channel *ch;
- 	unsigned int i;
- 
-+  return;
-+
- 	if (!wiphy->bands[NL80211_BAND_5GHZ])
- 		return;
- 
-@@ -639,6 +645,9 @@
- 	const struct ieee80211_regdomain *regd;
- 
- 	wiphy->reg_notifier = reg_notifier;
-+
-+  return 0;
-+
- 	wiphy->regulatory_flags |= REGULATORY_STRICT_REG |
- 				   REGULATORY_CUSTOM_REG;
- 

defaults/hardware/wle-regulatory-domain/default.nix

@@ -1,23 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-{
-  boot.kernelPatches = [
-    {
-      name = "ath10k-override-eeprom-regulatory-domain";
-      patch = ./ath10k-override-eeprom-regulatory-domain.patch;
-      extraConfig = ''
-        EXPERT y
-        CFG80211_CERTIFICATION_ONUS y
-        ATH_REG_DYNAMIC_USER_REG_HINTS y
-        ATH_REG_DYNAMIC_USER_CERT_TESTING y
-        ATH_REG_DYNAMIC_USER_CERT_TESTING y
-        ATH9K_DFS_CERTIFIED y
-        ATH10K_DFS_CERTIFIED y
-      '';
-    }
-  ];
-}

defaults/hardware/wle200nx.nix

@@ -1,11 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-{
-  services.hostapd.extraConfig = ''
-    ht_capab=[HT40-][HT40+][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]
-  '';
-}

defaults/nextcloud/default.nix

@@ -1,99 +0,0 @@
-# Default configuration for hosts
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-
-{
-
-  sops.secrets."nextcloud/admin" = with config.users.users.nextcloud; {
-    inherit group;
-    owner = name;
-  };
-
-  services.postgresql.enable = true;
-  qois.backup-client.includePaths = [ config.services.nextcloud.home ];
-
-  services.nextcloud = {
-    enable = true;
-    https = true;
-    webfinger = true;
-    maxUploadSize = "10G";
-
-    database.createLocally = true;
-
-    config = {
-      adminpassFile = config.sops.secrets."nextcloud/admin".path;
-      adminuser = "root";
-      dbtype = "pgsql";
-    };
-
-    appstoreEnable = false;
-    extraApps = {
-      inherit (config.services.nextcloud.package.passthru.packages.apps)
-        calendar
-        contacts
-        deck
-        groupfolders
-        maps
-        memories
-        music
-        news
-        notes
-        notify_push
-        tasks
-        twofactor_webauthn
-        ;
-    };
-
-    phpOptions = {
-      "opcache.interned_strings_buffer" = "23";
-    };
-
-    poolSettings = {
-      "pm" = "dynamic";
-      "pm.max_children" = "256";
-      "pm.max_requests" = "500";
-      "pm.max_spare_servers" = "16";
-      "pm.min_spare_servers" = "2";
-      "pm.start_servers" = "8";
-    };
-
-    configureRedis = true;
-    caching.redis = true;
-
-    notify_push = {
-      enable = true;
-      bendDomainToLocalhost = true;
-    };
-
-    settings = {
-      log_type = "syslog";
-      syslog_tag = "nextcloud";
-      "memories.exiftool" = "${lib.getExe pkgs.exiftool}";
-      "memories.vod.ffmpeg" = "${lib.getExe pkgs.ffmpeg-headless}";
-      "memories.vod.ffprobe" = "${pkgs.ffmpeg-headless}/bin/ffprobe";
-      preview_ffmpeg_path = "${lib.getExe pkgs.ffmpeg-headless}";
-      mail_smtpmode = "sendmail";
-      mail_domain = "qo.is";
-    };
-  };
-
-  services.phpfpm.pools.nextcloud.settings = {
-    "pm.max_children" = lib.mkForce "256";
-    "pm.max_spare_servers" = lib.mkForce "16";
-    "pm.start_servers" = lib.mkForce "8";
-  };
-
-  users.users.nextcloud.extraGroups = [ "postdrop" ];
-
-  systemd.services.nextcloud-cron = {
-    path = [ pkgs.perl ];
-  };
-
-  environment.systemPackages = with pkgs; [
-    nodejs # required for Recognize
-  ];
-}

nixos-configurations/calanda/default.nix

@@ -7,10 +7,11 @@
 
     ../../defaults/hardware/apu.nix
 
-    ../../defaults/base
     ../../defaults/meta
   ];
 
+  qois.system.physical.enable = true;
+
   # This value determines the NixOS release from which the default
   # settings for stateful data, like fi:le locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave

nixos-configurations/calanda/networking.nix

@@ -32,7 +32,7 @@ in
   qois.backplane-net.enable = true;
 
   # TODO: Metaize ips
-  services.qois.router = {
+  qois.router = {
     enable = true;
     wanInterface = "enp4s0";
     wirelessInterfaces = [ "wlp5s0" ];

nixos-configurations/cyprianspitz/default.nix

@@ -11,10 +11,11 @@
 
     ../../defaults/hardware/asrock-z790m.nix
 
-    ../../defaults/base
     ../../defaults/meta
   ];
 
+  qois.system.physical.enable = true;
+
   # Set your time zone.
   time.timeZone = "Europe/Amsterdam";
 

nixos-configurations/cyprianspitz/networking.nix

@@ -73,7 +73,7 @@ in
   };
 
   # Boot
-  services.qois.luks-ssh = {
+  qois.luks-ssh = {
     enable = true;
     interface = "eth0";
 

nixos-configurations/lindberg-build/default.nix

@@ -2,7 +2,6 @@
 
 {
   imports = [
-    ../../defaults/base-vm
     ../../defaults/meta
 
     ./applications
@@ -10,6 +9,7 @@
     ./networking.nix
     ./secrets.nix
   ];
+  qois.system.virtual-machine.enable = true;
 
   # Set your time zone.
   time.timeZone = "Europe/Amsterdam";

nixos-configurations/lindberg-nextcloud/applications/cloud.nix

@@ -1,21 +0,0 @@
-{ config, pkgs, ... }:
-let
-  host = "cloud.qo.is";
-in
-{
-
-  imports = [ ../../../defaults/nextcloud ];
-
-  services.postgresql.enable = true;
-
-  services.nextcloud = {
-    hostName = host;
-    package = pkgs.nextcloud30;
-    settings.default_phone_region = "CH";
-  };
-  services.nginx.virtualHosts."${host}" = {
-    forceSSL = true;
-    enableACME = true;
-    kTLS = true;
-  };
-}

nixos-configurations/lindberg-nextcloud/applications/default.nix

@@ -1,7 +1,9 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 {
-
-  imports = [ ./cloud.nix ];
-
   qois.postgresql.package = pkgs.postgresql_14;
+
+  qois.cloud = {
+    enable = true;
+    package = pkgs.nextcloud30;
+  };
 }

nixos-configurations/lindberg-nextcloud/default.nix

@@ -2,13 +2,14 @@
 
 {
   imports = [
-    ../../defaults/base-vm
     ../../defaults/meta
     ./applications
     ./backup.nix
     ./secrets.nix
   ];
 
+  qois.system.virtual-machine.enable = true;
+
   boot.loader.grub.device = "/dev/vda";
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/5b6823ec-921f-400a-a7c0-3fe34d56ae12";

nixos-configurations/lindberg-webapps/default.nix

@@ -2,7 +2,6 @@
 
 {
   imports = [
-    ../../defaults/base-vm
     ../../defaults/meta
 
     ./applications
@@ -11,6 +10,8 @@
     ./secrets.nix
   ];
 
+  qois.system.virtual-machine.enable = true;
+
   # Set your time zone.
   time.timeZone = "Europe/Amsterdam";
 

nixos-configurations/lindberg/default.nix

@@ -12,10 +12,11 @@
 
     ../../defaults/hardware/asrock.nix
 
-    ../../defaults/base
     ../../defaults/meta
   ];
 
+  qois.system.physical.enable = true;
+
   # Set your time zone.
   time.timeZone = "Europe/Amsterdam";
 

nixos-configurations/lindberg/networking.nix

@@ -73,7 +73,7 @@ in
   # Boot
   boot.initrd.network.udhcpc.enable = true;
 
-  services.qois.luks-ssh = {
+  qois.luks-ssh = {
     enable = true;
     interface = "eth0";
     sshPort = 2222;

nixos-configurations/stompert/default.nix

@@ -7,10 +7,12 @@
 {
   imports = [
     ../../defaults/hardware/apu.nix
-    ../../defaults/base
+
     ../../defaults/meta
   ];
 
+  qois.system.physical.enable = true;
+
   boot.initrd.luks.devices."systems".device =
     "/dev/disk/by-uuid/5718bd19-cb7a-4728-9ec4-6b2be48215fc";
 
@@ -35,7 +37,7 @@
   # Define on which hard drive you want to install Grub.
   boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
 
-  services.qois.luks-ssh = {
+  qois.luks-ssh = {
     enable = true;
     interface = "eth1";
     sshPort = 2222;

nixos-modules/cloud/default.nix

@@ -0,0 +1,135 @@
+# Default configuration for hosts
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  cfg = config.qois.cloud;
+in
+with lib;
+{
+
+  options.qois.cloud = {
+    enable = mkEnableOption "Enable qois cloud service";
+
+    domain = mkOption {
+      type = types.str;
+      default = "cloud.qo.is";
+      description = "Domain, under which the service is served.";
+    };
+
+    package = mkOption {
+      type = types.package;
+      description = "Which package to use for the Nextcloud instance.";
+      relatedPackages = [
+        "nextcloud28"
+        "nextcloud29"
+        "nextcloud30"
+      ];
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    services.nginx.virtualHosts."${cfg.domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      kTLS = true;
+    };
+
+    sops.secrets."nextcloud/admin" = with config.users.users.nextcloud; {
+      inherit group;
+      owner = name;
+    };
+
+    services.postgresql.enable = true;
+    qois.backup-client.includePaths = [ config.services.nextcloud.home ];
+
+    services.nextcloud = {
+      inherit (cfg) package;
+      enable = true;
+      hostName = cfg.domain;
+      https = true;
+      webfinger = true;
+      maxUploadSize = "10G";
+
+      database.createLocally = true;
+
+      config = {
+        adminpassFile = config.sops.secrets."nextcloud/admin".path;
+        adminuser = "root";
+        dbtype = "pgsql";
+      };
+
+      appstoreEnable = false;
+      extraApps = {
+        inherit (config.services.nextcloud.package.passthru.packages.apps)
+          calendar
+          contacts
+          deck
+          groupfolders
+          maps
+          memories
+          music
+          news
+          notes
+          notify_push
+          tasks
+          twofactor_webauthn
+          ;
+      };
+
+      phpOptions = {
+        "opcache.interned_strings_buffer" = "23";
+      };
+
+      poolSettings = {
+        "pm" = "dynamic";
+        "pm.max_children" = "256";
+        "pm.max_requests" = "500";
+        "pm.max_spare_servers" = "16";
+        "pm.min_spare_servers" = "2";
+        "pm.start_servers" = "8";
+      };
+
+      configureRedis = true;
+      caching.redis = true;
+
+      notify_push = {
+        enable = true;
+        bendDomainToLocalhost = true;
+      };
+
+      settings = {
+        log_type = "syslog";
+        syslog_tag = "nextcloud";
+        "memories.exiftool" = "${lib.getExe pkgs.exiftool}";
+        "memories.vod.ffmpeg" = "${lib.getExe pkgs.ffmpeg-headless}";
+        "memories.vod.ffprobe" = "${pkgs.ffmpeg-headless}/bin/ffprobe";
+        preview_ffmpeg_path = "${lib.getExe pkgs.ffmpeg-headless}";
+        mail_smtpmode = "sendmail";
+        mail_domain = "qo.is";
+        default_phone_region = "CH";
+      };
+    };
+
+    services.phpfpm.pools.nextcloud.settings = {
+      "pm.max_children" = lib.mkForce "256";
+      "pm.max_spare_servers" = lib.mkForce "16";
+      "pm.start_servers" = lib.mkForce "8";
+    };
+
+    users.users.nextcloud.extraGroups = [ "postdrop" ];
+
+    systemd.services.nextcloud-cron = {
+      path = [ pkgs.perl ];
+    };
+
+    environment.systemPackages = with pkgs; [
+      nodejs # required for Recognize
+    ];
+  };
+}

nixos-modules/luks-ssh/default.nix

@@ -8,10 +8,10 @@
 with lib;
 
 let
-  cfg = config.services.qois.luks-ssh;
+  cfg = config.qois.luks-ssh;
 in
 {
-  options.services.qois.luks-ssh = {
+  options.qois.luks-ssh = {
     enable = mkEnableOption "luks-ssh service";
 
     interface = mkOption {

nixos-modules/qois/default.nix

@@ -1,10 +0,0 @@
-{
-  config,
-  pkgs,
-  inputs,
-  ...
-}:
-{
-
-  imports = inputs.self.lib.loadSubmodulesFrom ./.;
-}

nixos-modules/router-dhcp/default.nix

@@ -8,11 +8,11 @@
 with lib;
 
 let
-  routerCfg = config.services.qois.router;
-  cfg = config.services.qois.router.dhcp;
+  routerCfg = config.qois.router;
+  cfg = config.qois.router.dhcp;
 in
 {
-  options.services.qois.router.dhcp = {
+  options.qois.router.dhcp = {
     enable = mkEnableOption "router dhcp service";
 
     localDomain = mkOption {

nixos-modules/router-dns/default.nix

@@ -8,12 +8,12 @@
 with lib;
 
 let
-  routerCfg = config.services.qois.router;
-  dhcpCfg = config.services.qois.router.dhcp;
-  cfg = config.services.qois.router.recursiveDns;
+  routerCfg = config.qois.router;
+  dhcpCfg = config.qois.router.dhcp;
+  cfg = config.qois.router.recursiveDns;
 in
 {
-  options.services.qois.router.recursiveDns = {
+  options.qois.router.recursiveDns = {
     enable = mkEnableOption "router recursive dns service";
 
     networkIdIp = mkOption {

nixos-modules/router-wireless-ap/default.nix

@@ -8,11 +8,11 @@
 with lib;
 
 let
-  routerCfg = config.services.qois.router;
-  cfg = config.services.qois.router.wireless;
+  routerCfg = config.qois.router;
+  cfg = config.qois.router.wireless;
 in
 {
-  options.services.qois.router.wireless = {
+  options.qois.router.wireless = {
     enable = mkEnableOption "router wireless service";
 
     wleInterface24Ghz = mkOption {

nixos-modules/router/default.nix

@@ -8,10 +8,10 @@
 with lib;
 
 let
-  cfg = config.services.qois.router;
+  cfg = config.qois.router;
 in
 {
-  options.services.qois.router = {
+  options.qois.router = {
     enable = mkEnableOption "router service";
 
     wanInterface = mkOption {
@@ -51,7 +51,7 @@ in
       type = types.str;
       example = "192.168.0.1";
       description = ''
-        Internal IP of router. 
+        Internal IP of router.
       '';
     };
 

nixos-modules/system/default.nix

@@ -7,10 +7,12 @@
 }:
 {
   imports = [
-    ./unfree.nix
     ./applications.nix
     ./overlays.nix
+    ./physical.nix
     ./security.nix
+    ./unfree.nix
+    ./virtual-machine.nix
   ];
 
   boot.loader.timeout = 2;

nixos-modules/system/physical.nix

@@ -0,0 +1,52 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.qois.system.physical;
+in
+with lib;
+{
+  options.qois.system.physical.enable = mkEnableOption "Enable qois physical system configuration";
+
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages =
+      with pkgs;
+      [
+        pciutils
+        dmidecode
+        smartmontools
+        iw
+        efibootmgr
+        efitools
+        efivar
+        pwgen
+        powertop
+        lm_sensors
+      ]
+      ++ [
+        # Filesystem & Disk Utilities
+        hdparm
+        smartmontools
+      ]
+      ++ [
+        # Networking Utilities
+        tcpdump
+      ];
+
+    # System Services
+    services.fwupd.enable = true;
+
+    services.smartd = {
+      enable = true;
+      notifications.mail = {
+        enable = true;
+        mailer = "${pkgs.msmtp}/bin/sendmail";
+        sender = "system@qo.is";
+        recipient = "sysadmin@qo.is";
+      };
+    };
+  };
+}

nixos-modules/system/virtual-machine.nix

@@ -0,0 +1,58 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.qois.system.virtual-machine;
+in
+with lib;
+{
+  options.qois.system.virtual-machine.enable =
+    mkEnableOption "Enable qois system vm default configuration";
+
+  config = lib.mkIf cfg.enable {
+
+    boot.loader.grub.enable = true;
+
+    system.autoUpgrade.allowReboot = true;
+
+    services.qemuGuest.enable = true;
+
+    boot.initrd.availableKernelModules =
+      [
+        "ahci"
+        "xhci_pci"
+        "sr_mod"
+      ]
+      ++
+      # Taken from https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/qemu-guest.nix
+      [
+        "virtio_net"
+        "virtio_pci"
+        "virtio_mmio"
+        "virtio_blk"
+        "virtio_scsi"
+        "9p"
+        "9pnet_virtio"
+      ];
+    boot.initrd.kernelModules = [
+      "virtio_balloon"
+      "virtio_console"
+      "virtio_rng"
+      "virtio_gpu"
+    ];
+
+    # Taken from https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/minimal.nix
+    documentation.enable = lib.mkDefault false;
+
+    documentation.doc.enable = lib.mkDefault false;
+
+    documentation.info.enable = lib.mkDefault false;
+
+    documentation.man.enable = lib.mkDefault false;
+
+    documentation.nixos.enable = lib.mkDefault false;
+
+  };
+}

nixos-modules/wwan/default.nix

@@ -10,7 +10,7 @@
 with lib;
 
 let
-  cfg = config.services.qois.wwan;
+  cfg = config.qois.wwan;
 
   mbim-ip-configured = pkgs.writeScriptBin "mbim-ip-configured" (
     ''
@@ -34,7 +34,7 @@ let
   '';
 in
 {
-  options.services.qois.wwan = {
+  options.qois.wwan = {
     enable = mkEnableOption "wwan client service";
 
     apn = mkOption {