nixos: cleanup

2023-11-23 14:23:03 +08:00 · 2023-11-23 14:23:03 +08:00 · 0044b9eed1
commit 0044b9eed1
parent 65a4e1e46a
6 changed files with 29 additions and 19 deletions
--- a/nixos/flake-modules/impermanence.nix
+++ b/nixos/flake-modules/impermanence.nix
@ -1,5 +1,15 @@
-{inputs, ...}: {
+{
-  imports = [inputs.impermanence.nixosModules.impermanence];
+  inputs,
  lib,
  ...
 }: {
  imports = [
    inputs.impermanence.nixosModules.impermanence
    ./sops-nix.nix
  ];
  ### sops-nix
  sops.age.sshKeyPaths = lib.mkForce ["/nix/persist/system/etc/ssh/ssh_host_ed25519_key"];
  # this folder is where the files will be stored (don't put it in tmpfs)
  environment.persistence."/nix/persist/system" = {
--- a/users/guanranwang/nixos/profiles/core/default.nix
+++ b/users/guanranwang/nixos/profiles/core/default.nix
@ -30,6 +30,7 @@
  ### Flakes
  imports = [
    ../../../../../nixos/flake-modules/sops-nix.nix
    ../../../../../nixos/flake-modules/home-manager.nix
  ];
  ### sops-nix
@ -37,11 +38,10 @@
  users.groups."nix-access-tokens" = {};
  sops = {
    defaultSopsFile = ../../../secrets/secrets.yaml;
-    age.sshKeyPaths = ["/nix/persist/system/etc/ssh/ssh_host_ed25519_key"];
+    age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
    gnupg.sshKeyPaths = [];
    secrets = {
      "hashed-passwd".neededForUsers = true; # Hashed user password
      "wireless/home".path = "/var/lib/iwd/wangxiaobo.psk"; # Home wifi password
      "nix-access-tokens" = {
        group = config.users.groups."nix-access-tokens".name;
        mode = "0440";
--- a/users/guanranwang/nixos/profiles/device-type/desktop/default.nix
+++ b/users/guanranwang/nixos/profiles/device-type/desktop/default.nix
@ -5,6 +5,7 @@
 }: {
  imports = [
    ### Flakes
    ../../../../../../nixos/flake-modules/sops-nix.nix
    ../../../../../../nixos/flake-modules/home-manager.nix
    ../../../../../../nixos/flake-modules/berberman.nix
  ];
@ -12,6 +13,9 @@
  ### Options
  myFlake.nixos.boot.noLoaderMenu = lib.mkDefault true;
  ### sops-nix
  sops.secrets."wireless/home".path = "/var/lib/iwd/wangxiaobo.psk"; # Home wifi password
  ### home-manager
  home-manager.users.guanranwang.imports = map (n: ../../../../home-manager/${n}) [
    "profiles/command-line/nixos/fancy-stuff.nix"
--- a/users/guanranwang/nixos/profiles/use-cases/clash-meta-client.nix
+++ b/users/guanranwang/nixos/profiles/use-cases/clash-meta-client.nix
@ -3,9 +3,7 @@
  config,
  inputs,
  ...
-}: let
+}: {
  etcDirectory = "clash-meta";
 in {
  imports = [
    ../../../../../nixos/flake-modules/sops-nix.nix
  ];
@ -15,7 +13,7 @@ in {
    owner = config.users.users."clash-meta".name;
    group = config.users.groups."clash-meta".name;
    restartUnits = ["clash-meta.service"];
-    path = "/etc/${etcDirectory}/config.yaml";
+    path = "/etc/clash-meta/config.yaml";
  };
  ### System proxy settings
@ -37,10 +35,10 @@ in {
    serviceConfig = {
      Type = "simple";
-      WorkingDirectory = "/etc/${etcDirectory}";
+      WorkingDirectory = "/etc/clash-meta";
      User = [config.users.users."clash-meta".name];
      Group = [config.users.groups."clash-meta".name];
-      ExecStart = "${pkgs.clash-meta}/bin/clash-meta -d /etc/${etcDirectory}";
+      ExecStart = "${pkgs.clash-meta}/bin/clash-meta -d /etc/clash-meta";
      Restart = "on-failure";
      CapabilityBoundingSet = [
        "CAP_NET_ADMIN"
@ -65,5 +63,5 @@ in {
  #   - https://yacd.haishan.me
  # - clash-dashboard (buggy):
  #   - https://clash.razord.top
-  environment.etc."${etcDirectory}/metacubexd".source = inputs.metacubexd;
+  environment.etc."clash-meta/metacubexd".source = inputs.metacubexd;
 }
--- a/users/guanranwang/nixos/profiles/use-cases/hysteria2-server.nix
+++ b/users/guanranwang/nixos/profiles/use-cases/hysteria2-server.nix
@ -3,7 +3,6 @@
  config,
  ...
 }: let
  etcDirectory = "hysteria";
  port = 43956;
 in {
  imports = [
@ -21,7 +20,7 @@ in {
    owner = config.users.users."hysteria".name;
    group = config.users.groups."hysteria".name;
    restartUnits = ["hysteria-server.service"];
-    path = "/etc/${etcDirectory}/config.yaml";
+    path = "/etc/hysteria/config.yaml";
  };
  ### User running proxy service
@ -40,10 +39,10 @@ in {
    serviceConfig = {
      Type = "simple";
-      WorkingDirectory = "/etc/${etcDirectory}";
+      WorkingDirectory = "/etc/hysteria";
      User = [config.users.users."hysteria".name];
      Group = [config.users.groups."hysteria".name];
-      ExecStart = "${pkgs.hysteria}/bin/hysteria server --config /etc/${etcDirectory}/config.yaml";
+      ExecStart = "${pkgs.hysteria}/bin/hysteria server --config /etc/hysteria/config.yaml";
      Restart = "on-failure";
      CapabilityBoundingSet = [
        "CAP_NET_ADMIN"
--- a/users/guanranwang/nixos/profiles/use-cases/juicity-server.nix
+++ b/users/guanranwang/nixos/profiles/use-cases/juicity-server.nix
@ -3,7 +3,6 @@
  config,
  ...
 }: let
  etcDirectory = "juicity";
  port = "33829";
 in {
  imports = [
@ -21,7 +20,7 @@ in {
    owner = config.users.users."juicity".name;
    group = config.users.groups."juicity".name;
    restartUnits = ["juicity-server.service"];
-    path = "/etc/${etcDirectory}/config.yaml";
+    path = "/etc/juicity/config.yaml";
  };
  ### User running proxy service
@ -40,10 +39,10 @@ in {
    serviceConfig = {
      Type = "simple";
-      WorkingDirectory = "/etc/${etcDirectory}";
+      WorkingDirectory = "/etc/juicity";
      User = [config.users.users."juicity".name];
      Group = [config.users.groups."juicity".name];
-      ExecStart = "${pkgs.juicity}/bin/juicity-server run -c /etc/${etcDirectory}/config.json";
+      ExecStart = "${pkgs.juicity}/bin/juicity-server run -c /etc/juicity/config.json";
      Restart = "on-failure";
      CapabilityBoundingSet = [
        "CAP_NET_ADMIN"