init commit

modules/flake/deploy.nix

@@ -0,0 +1,55 @@
+{ inputs, ... }:
+let
+  inherit (inputs)
+    self
+    deploy-rs
+    nixpkgs
+    nixos-anywhere
+    agenix
+    ;
+  inherit (nixpkgs) lib;
+
+  genNode =
+    hostName: nixosCfg:
+    let
+      # inherit (self.hosts.${hostName}) address hostPlatform remoteBuild;
+      # inherit (deploy-rs.lib.${hostPlatform}) activate;
+      system = self.nixosConfigurations."${hostName}".pkgs.system;
+    in
+    {
+      hostname = hostName;
+      profiles.system.path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.${hostName};
+    };
+in
+{
+  perSystem =
+    {
+      system,
+      ...
+    }:
+    {
+      apps = rec {
+        default = deploy;
+        secrets = {
+          type = "app";
+          program = "${agenix.packages.${system}.agenix}/bin/agenix";
+          meta.description = "";
+        };
+        install = {
+          type = "app";
+          program = "${nixos-anywhere.packages.${system}.nixos-anywhere}/bin/nixos-anywhere";
+          meta.description = "";
+        };
+        deploy = deploy-rs.apps.${system}.deploy-rs;
+      };
+    };
+  flake = {
+    deploy = {
+      autoRollback = false;
+      magicRollback = true;
+      user = "root";
+      remoteBuild = true;
+      nodes = lib.mapAttrs genNode (self.nixosConfigurations or { });
+    };
+  };
+}

modules/flake/devshell.nix

@@ -0,0 +1,12 @@
+{
+  perSystem = { pkgs, ... }: {
+    devShells.default = pkgs.mkShell {
+      name = "nixos-unified-template-shell";
+      meta.description = "Shell environment for modifying this Nix configuration";
+      packages = with pkgs; [
+        just
+        nixd
+      ];
+    };
+  };
+}

modules/flake/toplevel.nix

@@ -0,0 +1,16 @@
+# Top-level flake glue to get our configuration working
+{ inputs, ... }:
+
+{
+  imports = [
+    inputs.nixos-unified.flakeModules.default
+    inputs.nixos-unified.flakeModules.autoWire
+  ];
+  perSystem = { self', pkgs, ... }: {
+    # For 'nix fmt'
+    formatter = pkgs.nixpkgs-fmt;
+
+    # Enables 'nix run' to activate.
+    packages.default = self'.packages.activate;
+  };
+}

modules/nixos/common/avahi.nix

@@ -0,0 +1,12 @@
+_: {
+  services.avahi = {
+    enable = true;
+    nssmdns4 = true;
+    nssmdns6 = true;
+    publish = {
+      addresses = true;
+      enable = true;
+      userServices = true;
+    };
+  };
+}

modules/nixos/common/default.nix

@@ -0,0 +1,9 @@
+{ flake, ... }:
+{
+  imports =
+    with builtins;
+    map (fn: ./${fn}) (filter (fn: fn != "default.nix") (attrNames (readDir ./.)))
+    ++ [
+      flake.inputs.disko.nixosModules.default
+    ];
+}

modules/nixos/common/discovery.nix

@@ -0,0 +1,49 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  inherit (lib) mkOption mkIf types;
+in
+{
+  options.services.tty-ips = {
+    enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Show interface IPs in TTY login using a dynamic issue file.";
+    };
+  };
+
+  config = mkIf config.services.tty-ips.enable {
+    systemd.services.tty-ips = {
+      description = "Generate /run/issue.dynamic with interface IPs";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network-online.target" ];
+      requires = [ "network-online.target" ];
+      before = [ "getty@tty1.service" ];
+
+      serviceConfig =
+        let
+          sw = "/run/current-system/sw/bin";
+        in
+        {
+          Type = "oneshot";
+          ExecStart = pkgs.writeShellScript "tty-ips-generate" ''
+            echo "Welcome to NixOS!" > /run/issue.dynamic
+            echo "" >> /run/issue.dynamic
+            echo "IP Addresses:" >> /run/issue.dynamic
+            ${sw}/ip -brief addr show ygg0 | ${sw}/awk '{print "  " $3}v' | ${pkgs.qrencode}/bin/qrencode -t ANSIUTF8 >> /run/issue.dynamic
+            echo "" >> /run/issue.dynamic
+          '';
+        };
+    };
+
+    services.getty.extraArgs = [
+      "--issue-file"
+      "/run/issue.dynamic"
+    ];
+  };
+}

modules/nixos/common/nixos-generators.nix

@@ -0,0 +1,6 @@
+{ flake, ... }:
+{
+  imports = [
+    flake.inputs.nixos-generators.nixosModules.all-formats
+  ];
+}

modules/nixos/common/ssh.nix

@@ -0,0 +1,9 @@
+_: {
+  security = {
+    sudo.execWheelOnly = true;
+    pam = {
+      sshAgentAuth.enable = true;
+      services.sudo.sshAgentAuth = true;
+    };
+  };
+}

modules/nixos/common/yggdrasil.nix

@@ -0,0 +1,68 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  inherit (lib)
+    mkOption
+    mkEnableOption
+    mkIf
+    types
+    ;
+  cfg = config.networking.yggdrasil;
+in
+{
+  options.networking.yggdrasil = {
+    enable = mkEnableOption "enables yggdrasil a sdwan solution";
+    AllowedPublicKeys = mkOption {
+      type = with types; listOf str;
+      default = [ "" ];
+    };
+  };
+  config = mkIf cfg.enable {
+    users = {
+      users.yggdrasil = {
+        isSystemUser = true;
+        description = "Yggdrasil";
+        group = "yggdrasil";
+        uid = 728;
+      };
+      groups.yggdrasil.gid = 728;
+    };
+
+    systemd.services.yggdrasil = {
+      serviceConfig = {
+        DynamicUser = lib.mkForce false;
+        User = "yggdrasil";
+        RestrictNamespaces = lib.mkForce "no";
+      };
+    };
+    services.yggdrasil = {
+      enable = true;
+      persistentKeys = true;
+      openMulticastPort = true;
+      settings = {
+        inherit (cfg) AllowedPublicKeys;
+        Peers = [
+          "tls://ygg.yt:443"
+          "tls://ygg.jjolly.dev:3443"
+          "quic://ygg-kcmo.incognet.io:8885"
+        ];
+        MulticastInterfaces = [
+          {
+            Regex = "w.*";
+            Beacon = true;
+            Listen = true;
+            Port = 9001;
+            Priority = 0;
+          }
+        ];
+        IfName = "ygg0";
+        IfMTU = 65535;
+        NodeInfoPrivacy = false;
+        NodeInfo = null;
+      };
+    };
+  };
+}

modules/nixos/default.nix

@@ -0,0 +1,10 @@
+# This is your nixos configuration.
+# For home configuration, see /modules/home/*
+{ flake, ... }:
+{
+  imports = [
+    flake.inputs.self.nixosModules.common
+  ];
+  services.openssh.enable = true;
+  nixpkgs.overlays = [ flake.inputs.self.overlays.default ];
+}