Add 'old-conf/' from commit '62a64a79a8'

git-subtree-dir: old-conf git-subtree-mainline: 4667974392 git-subtree-split: 62a64a79a8
2025-11-21 13:33:06 +01:00 · 2025-11-21 13:33:06 +01:00 · 83de52d5db
commit 83de52d5db
parent 4667974392 62a64a79a8
195 changed files with 13408 additions and 0 deletions
--- a/old-conf/nixos-modules/system/agenix.nix
+++ b/old-conf/nixos-modules/system/agenix.nix
@ -0,0 +1,37 @@
+{ options, config, inputs, lib, pkgs, ... }:
+
+with builtins;
+with lib;
+with lib.my;
+let
+  secretsDir = "${toString ../../secrets}";
+  secretsFile = "${secretsDir}/secrets.nix";
+  cfg = config.ragon.agenix;
+in
+{
+  options.ragon.agenix = {
+    enable = mkBoolOpt true;
+    secrets = mkOption {
+      type = types.attrs;
+      default = { };
+    };
+  };
+  config = mkIf cfg.enable {
+    environment.systemPackages = [ inputs.agenix.packages.${pkgs.system}.default ];
+    # Set passwords
+    users.users.root.hashedPasswordFile = config.age.secrets.rootPasswd.path;
+    age.identityPaths =
+      [
+        "/persistent/etc/ssh/ssh_host_ed25519_key"
+      ];
+    age.secrets = mapAttrs (name: obj: ({ file = "${secretsDir}/${name}.age"; } // obj))
+      (cfg.secrets //
+        {
+          rootPasswd = { };
+        }
+      );
+    assertions = [
+      { assertion = (pathExists secretsFile); message = "${secretsFile} does not exist"; }
+    ];
+  };
+}
--- a/old-conf/nixos-modules/system/fs.nix
+++ b/old-conf/nixos-modules/system/fs.nix
@ -0,0 +1,80 @@
+{ config, lib, pkgs, ... }:
+with lib;
+with lib.my;
+let
+  cfg = config.ragon.system.fs;
+  nix = cfg.nix;
+  varlog = cfg.varlog;
+  persistent = cfg.persistent;
+  persistentSnapshot = cfg.persistentSnapshot;
+  arcSize = cfg.arcSize;
+  hostName = config.networking.hostName;
+in
+{
+  options.ragon.system.fs = {
+    enable = lib.mkEnableOption "Enables ragons fs stuff, (tmpfs,zfs,backups,...)";
+    mediadata = mkBoolOpt true;
+    swap = mkBoolOpt true;
+    persistentSnapshot = mkBoolOpt true;
+    nix = lib.mkOption {
+      type = lib.types.str;
+      default = "pool/nix";
+    };
+    varlog = lib.mkOption {
+      type = lib.types.str;
+      default = "pool/varlog";
+    };
+    persistent = lib.mkOption {
+      type = lib.types.str;
+      default = "pool/persist";
+    };
+    arcSize = lib.mkOption {
+      type = lib.types.int;
+      default = 2;
+      description = "Sets the ZFS Arc Size (in GB)";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    services.zfs.autoScrub.enable = true;
+    services.sanoid = {
+      enable = mkDefault persistentSnapshot;
+    } // (if persistentSnapshot then { datasets."${persistent}" = { }; } else { });
+    boot.kernelParams = [ "zfs.zfs_arc_max=${toString (arcSize * 1024 * 1024 * 1024)}" ];
+    fileSystems."/" =
+      {
+        device = "none";
+        fsType = "tmpfs";
+        options = [ "size=8G" "defaults" "mode=755" ];
+      };
+    fileSystems."/nix" =
+      {
+        device = "${nix}";
+        fsType = "zfs";
+        neededForBoot = true;
+      };
+
+    fileSystems."/persistent" =
+      {
+        device = "${persistent}";
+        fsType = "zfs";
+        neededForBoot = true;
+      };
+
+    fileSystems."/var/log" =
+      {
+        device = "${varlog}";
+        fsType = "zfs";
+      };
+
+    fileSystems."/boot" =
+      {
+        device = mkDefault "/dev/disk/by-label/boot";
+        fsType = "vfat";
+        options = [ "noauto" "x-systemd.automount" ];
+      };
+    swapDevices = mkIf cfg.swap [
+      { device = "/persistent/pagefile.sys"; }
+    ];
+
+  };
+}
--- a/old-conf/nixos-modules/system/persist.nix
+++ b/old-conf/nixos-modules/system/persist.nix
@ -0,0 +1,39 @@
+{ config, lib, pkgs, inputs, ... }:
+let
+  cfg = config.ragon.persist;
+in
+{
+  options.ragon.persist.enable = lib.mkEnableOption "Enables persistence";
+  options.ragon.persist.extraFiles = lib.mkOption {
+    type = lib.types.listOf lib.types.str;
+    default = [ ];
+  };
+  options.ragon.persist.extraDirectories = lib.mkOption {
+    type = lib.types.listOf lib.types.anything;
+    default = [ ];
+  };
+  options.ragon.persist.baseDir = lib.mkOption {
+    type = lib.types.str;
+    default = "/persistent";
+  };
+  config = lib.mkIf cfg.enable {
+
+    environment.persistence.${cfg.baseDir} = {
+      directories = [
+        "/etc/nixos"
+        "/etc/NetworkManager/system-connections"
+        "/var/lib/nixos"
+        "/root/.ssh"
+      ] ++ (lib.unique cfg.extraDirectories);
+      files = [
+        "/etc/machine-id"
+        "/etc/ssh/ssh_host_rsa_key"
+        "/etc/ssh/ssh_host_rsa_key.pub"
+        "/etc/ssh/ssh_host_ed25519_key"
+        "/etc/ssh/ssh_host_ed25519_key.pub"
+      ] ++ cfg.extraFiles;
+    };
+
+  };
+
+}
--- a/old-conf/nixos-modules/system/security.nix
+++ b/old-conf/nixos-modules/system/security.nix
@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+with lib;
+with lib.my;
+let
+  cfg = config.ragon.system.security;
+in
+{
+  options.ragon.system.security = {
+    enable = mkBoolOpt true;
+  };
+  config = mkIf cfg.enable {
+    security.sudo.execWheelOnly = true;
+    services.openssh = {
+      settings.PasswordAuthentication = false;
+      allowSFTP = true; # just use rsync, lol
+      settings.KbdInteractiveAuthentication = false;
+      extraConfig = ''
+        AllowTcpForwarding yes
+        X11Forwarding no
+        AllowAgentForwarding no
+        AllowStreamLocalForwarding no
+        AuthenticationMethods publickey
+      '';
+    };
+
+  };
+}