nixos: create 'modules/nixos' folder

Let's consolidate all modules under one path, so that NixOS,
home-manager, and nix-darwin (if I ever end up using it down the line)
would go under the same folder.

modules/nixos/system/boot/default.nix

@@ -0,0 +1,23 @@
+{ config, lib, ... }:
+let
+  cfg = config.my.system.boot;
+in
+{
+  options.my.system.boot = with lib; {
+    tmp = {
+      clean = mkEnableOption "clean `/tmp` on boot.";
+
+      tmpfs = my.mkDisableOption "mount `/tmp` as a tmpfs on boot.";
+    };
+  };
+
+  config = {
+    boot = {
+      tmp = {
+        cleanOnBoot = cfg.tmp.clean;
+
+        useTmpfs = cfg.tmp.tmpfs;
+      };
+    };
+  };
+}

modules/nixos/system/default.nix

@@ -0,0 +1,16 @@
+# System-related modules
+{ ... }:
+
+{
+  imports = [
+    ./boot
+    ./docker
+    ./documentation
+    ./language
+    ./nix
+    ./packages
+    ./podman
+    ./printing
+    ./users
+  ];
+}

modules/nixos/system/docker/default.nix

@@ -0,0 +1,27 @@
+# Podman related settings
+{ config, lib, ... }:
+let
+  cfg = config.my.system.docker;
+in
+{
+  options.my.system.docker = with lib; {
+    enable = mkEnableOption "docker configuration";
+  };
+
+  config = lib.mkIf cfg.enable {
+    virtualisation.docker = {
+      enable = true;
+
+      # Remove unused data on a weekly basis
+      autoPrune = {
+        enable = true;
+
+        dates = "weekly";
+
+        flags = [
+          "--all"
+        ];
+      };
+    };
+  };
+}

modules/nixos/system/documentation/default.nix

@@ -0,0 +1,43 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.my.system.documentation;
+in
+{
+  options.my.system.documentation = with lib; {
+    enable = my.mkDisableOption "Documentation integration";
+
+    dev.enable = my.mkDisableOption "Documentation aimed at developers";
+
+    info.enable = my.mkDisableOption "Documentation aimed at developers";
+
+    man = {
+      enable = my.mkDisableOption "Documentation aimed at developers";
+
+      linux = my.mkDisableOption "Linux man pages (section 2 & 3)";
+    };
+
+    nixos.enable = my.mkDisableOption "NixOS documentation";
+  };
+
+  config = lib.mkIf cfg.enable {
+    documentation = {
+      enable = true;
+
+      dev.enable = cfg.dev.enable;
+
+      info.enable = cfg.info.enable;
+
+      man = {
+        enable = cfg.man.enable;
+        generateCaches = true;
+      };
+
+      nixos.enable = cfg.nixos.enable;
+    };
+
+    environment.systemPackages = with pkgs; lib.optionals cfg.man.linux [
+      man-pages
+      man-pages-posix
+    ];
+  };
+}

modules/nixos/system/language/default.nix

@@ -0,0 +1,22 @@
+# Language settings
+{ config, lib, ... }:
+let
+  cfg = config.my.system.language;
+in
+{
+  options.my.system.language = with lib; {
+    enable = my.mkDisableOption "language configuration";
+
+    locale = mkOption {
+      type = types.str;
+      default = "en_US.UTF-8";
+      example = "fr_FR.UTF-8";
+      description = "Which locale to use for the system";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    # Select internationalisation properties.
+    i18n.defaultLocale = cfg.locale;
+  };
+}

modules/nixos/system/nix/default.nix

@@ -0,0 +1,107 @@
+# Nix related settings
+{ config, inputs, lib, options, pkgs, ... }:
+let
+  cfg = config.my.system.nix;
+
+  channels = lib.my.merge [
+    {
+      # Allow me to use my custom package using `nix run self#pkg`
+      self = inputs.self;
+      # Add NUR to run some packages that are only present there
+      nur = inputs.nur;
+      # Use pinned nixpkgs when using `nix run pkgs#<whatever>`
+      pkgs = inputs.nixpkgs;
+    }
+    (lib.optionalAttrs cfg.inputs.overrideNixpkgs {
+      # ... And with `nix run nixpkgs#<whatever>`
+      nixpkgs = inputs.nixpkgs;
+    })
+  ];
+in
+{
+  options.my.system.nix = with lib; {
+    enable = my.mkDisableOption "nix configuration";
+
+    cache = {
+      selfHosted = my.mkDisableOption "self-hosted cache";
+    };
+
+    inputs = {
+      link = my.mkDisableOption "link inputs to `/etc/nix/inputs/`";
+
+      addToRegistry = my.mkDisableOption "add inputs and self to registry";
+
+      addToNixPath = my.mkDisableOption "add inputs and self to nix path";
+
+      overrideNixpkgs = my.mkDisableOption "point nixpkgs to pinned system version";
+    };
+  };
+
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    {
+      assertions = [
+        {
+          assertion = cfg.inputs.addToNixPath -> cfg.inputs.link;
+          message = ''
+            enabling `my.system.nix.inputs.addToNixPath` needs to have
+            `my.system.nix.inputs.link = true`
+          '';
+        }
+      ];
+    }
+
+    {
+      nix = {
+        package = pkgs.nix;
+
+        settings = {
+          experimental-features = [ "nix-command" "flakes" ];
+        };
+      };
+    }
+
+    (lib.mkIf cfg.cache.selfHosted {
+      nix = {
+        settings = {
+          # The NixOS module adds the official Hydra cache by default
+          # No need to use `extra-*` options.
+          substituters = [
+            "https://cache.belanyi.fr/"
+          ];
+
+          trusted-public-keys = [
+            "cache.belanyi.fr:LPhrTqufwfxTceg1nRWueDWf7/2zSVY9K00pq2UI7tw="
+          ];
+        };
+      };
+    })
+
+    (lib.mkIf cfg.inputs.addToRegistry {
+      nix.registry =
+        let
+          makeEntry = v: { flake = v; };
+          makeEntries = lib.mapAttrs (lib.const makeEntry);
+        in
+        makeEntries channels;
+    })
+
+    (lib.mkIf cfg.inputs.link {
+      environment.etc =
+        let
+          makeLink = n: v: {
+            name = "nix/inputs/${n}";
+            value = { source = v.outPath; };
+          };
+          makeLinks = lib.mapAttrs' makeLink;
+        in
+        makeLinks channels;
+    })
+
+    (lib.mkIf cfg.inputs.addToNixPath {
+      nix.nixPath = [
+        "/etc/nix/inputs"
+      ]
+      ++ options.nix.nixPath.default;
+    })
+  ]);
+}

modules/nixos/system/packages/default.nix

@@ -0,0 +1,35 @@
+# Common packages
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.my.system.packages;
+in
+{
+  options.my.system.packages = with lib; {
+    enable = my.mkDisableOption "packages configuration";
+
+    allowAliases = mkEnableOption "allow package aliases";
+
+    allowUnfree = my.mkDisableOption "allow unfree packages";
+  };
+
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      vim
+      wget
+    ];
+
+    programs = {
+      vim.defaultEditor = true; # Modal editing is life
+
+      zsh = {
+        enable = true; # Use integrations
+        # Disable global compinit when a user config exists
+        enableGlobalCompInit = !config.my.home.zsh.enable;
+      };
+    };
+
+    nixpkgs.config = {
+      inherit (cfg) allowAliases allowUnfree;
+    };
+  };
+}

modules/nixos/system/podman/default.nix

@@ -0,0 +1,48 @@
+# Podman related settings
+{ config, lib, ... }:
+let
+  cfg = config.my.system.podman;
+in
+{
+  options.my.system.podman = with lib; {
+    enable = mkEnableOption "podman configuration";
+  };
+
+  config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.enable -> !config.my.system.docker.enable;
+        message = ''
+          `config.my.system.podman` is incompatible with
+          `config.my.system.docker`.
+        '';
+      }
+    ];
+
+    virtualisation.podman = {
+      enable = true;
+
+      # Use fake `docker` command to redirect to `podman`
+      dockerCompat = true;
+
+      # Expose a docker-like socket
+      dockerSocket.enable = true;
+
+      # Allow DNS resolution in the default network
+      defaultNetwork.settings = {
+        dns_enabled = true;
+      };
+
+      # Remove unused data on a weekly basis
+      autoPrune = {
+        enable = true;
+
+        dates = "weekly";
+
+        flags = [
+          "--all"
+        ];
+      };
+    };
+  };
+}

modules/nixos/system/printing/default.nix

@@ -0,0 +1,69 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.my.system.printing;
+in
+{
+  options.my.system.printing = with lib; {
+    enable = mkEnableOption "printing configuration";
+
+    papersize = mkOption {
+      type = with types; either str (enum [
+        "a3"
+        "a4"
+        "a5"
+        "b5"
+        "letter"
+        "legal"
+        "executive"
+        "note"
+        "11x17"
+      ]);
+      default = "a4";
+      example = "paper";
+      description = "preferred paper size";
+    };
+
+    usb = {
+      enable = my.mkDisableOption "USB printers";
+    };
+
+    network = {
+      enable = my.mkDisableOption "network printers";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    # Setup CUPS
+    services.printing = {
+      enable = true;
+
+      # Drivers are deprecated, but just in case
+      drivers = with pkgs; [
+        gutenprint # Base set of drivers
+        brlaser # Brother drivers
+
+        # Brother MFC-L3770CDW
+        mfcl3770cdwlpr
+        mfcl3770cdwcupswrapper
+      ];
+    };
+
+    # Setup paper size
+    systemd.services.cups.serviceConfig.Environment = [
+      "PAPERSIZE=${cfg.papersize}"
+    ];
+
+    # Allow using USB printers
+    services.ipp-usb = lib.mkIf cfg.usb.enable {
+      enable = true;
+    };
+
+    # Allow using WiFi printers
+    services.avahi = lib.mkIf cfg.network.enable {
+      enable = true;
+      openFirewall = true;
+      # Allow resolution of '.local' addresses
+      nssmdns = true;
+    };
+  };
+}

modules/nixos/system/users/default.nix

@@ -0,0 +1,51 @@
+# User setup
+{ config, lib, pkgs, ... }:
+let
+  secrets = config.age.secrets;
+  cfg = config.my.system.users;
+  groupExists = grp: builtins.hasAttr grp config.users.groups;
+  groupsIfExist = builtins.filter groupExists;
+in
+{
+  options.my.system.users = with lib; {
+    enable = my.mkDisableOption "user configuration";
+  };
+
+  config = lib.mkIf cfg.enable {
+    users = {
+      mutableUsers = false; # I want it to be declarative.
+
+      users = {
+        root = {
+          hashedPasswordFile = secrets."users/root/hashed-password".path;
+        };
+
+        ${config.my.user.name} = {
+          hashedPasswordFile = secrets."users/ambroisie/hashed-password".path;
+          description = "Bruno BELANYI";
+          isNormalUser = true;
+          shell = pkgs.zsh;
+          extraGroups = groupsIfExist [
+            "audio" # sound control
+            "docker" # usage of `docker` socket
+            "media" # access to media files
+            "networkmanager" # wireless configuration
+            "plugdev" # usage of ZSA keyboard tools
+            "podman" # usage of `podman` socket
+            "video" # screen control
+            "wheel" # `sudo` for the user.
+          ];
+          openssh.authorizedKeys.keys = with builtins;
+            let
+              keyDir = ./ssh;
+              contents = readDir keyDir;
+              names = attrNames contents;
+              files = filter (name: contents.${name} == "regular") names;
+              keys = map (basename: readFile (keyDir + "/${basename}")) files;
+            in
+            keys;
+        };
+      };
+    };
+  };
+}

modules/nixos/system/users/ssh/aramis.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+lrntygUjRA7X6AXRXoV0BMbmZI9bzxR7M++temU1N1WQ7sEGu4zHNIeWaqCKtVbdjvuN5nC8IqC5iV+8KBdT2d+iH165yeEh9mYqSOS9wn0oPr6cSvOZOGqWi7twl0/lrkUxuFl3Qr4gr3Y04PDBK/7JM6+KAS00OOaxhlD9M57TO1lE2Wk6KQWsiyCZe3lczz6MNWUSSRfHOXCCMoiN588hBfdCikNy7Js7+Uz0R/8c86Yn8iu4EpRGpGMJi06KOJi8EPyUvolaeUFpn51IeoD2QcW7Hc3MDyZ+DJj5GV4NQPq46RkMZ7vqEMT+Ix5dJi5kFvnQH3KhJuvNuiXHNbWYqd/o/MbANMRoS2IfRN2jA/NtcFXYXBsRYpKpHhCgzTacY8YxqSJepFOx3vLMVKTXjTrO2IDIjie1y2nhicnzBzglEa3TP2S1FJZdwJzeBfIOWZiMcoIBrxYXdufOpHPjEfQiGETchHJHUxMPX64LxU2bCYfOK36zX8MKCYE1eyt0lRuZZ8s44aQHSIvyYTSnuvgPSAG6Il32J+vnumeTu16ory+WrONO4x395T+OFp0EGXZ4SovVP0mF2ZCxpJX1Vdw0GWkIwsz64E01kGLcYn0bPo+ltAF1tCJ77DvjQS+X92dXIGYKohueT/+A+rfpcB4sW4x57RZZv+gQww== ambroisie@aramis

modules/nixos/system/users/ssh/shared.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8Zns4/86+oz1tdM5E+GKUHcxPuShqcxCrqxCGJ9qgeVkefvnEsRFCbTysjYYUz5d1wPHgazjzyTWQYFrKUOEFbqFhs5vnxEezokGrCPhE61sZ7wIM3gx2S/aCxk7hPmBtdBi624qxa0QdrrKF04ZGDGBvO/bEAuJLqBs9xagS7e0jzwcuOKZVTB9VA15n8aLvC/HuaHTG7SWfMYlD+HfbCBSo8UNjsrTWOFyakHP8zEJEzXD83SBp5q5V7JNiCyYxlTmNLKzCdSBFjoUaqxuiGb4O8YaUh9ttsrhj3CaJUrCqNyY6mvIAXIcyLow+o3h9iWApI1LBEQgP3A9nBTktdOJlv2UUFIb4tjiu6as1dLVJ/iQuym885irIVYHcUaWFVCtIREUU3NMwXGxnAm9E6S/zk2O8hY6QT+YU+03Ll+ctrLLMHrw0Ow/6ryi63trBMN5xl97SHkl2K0XkC2rNgaSiVoziVBi8CKgc2FENkprpJTlHwTQeXAP09m8+bhqpwjhKG1dI/t1y4adr+yvChnOAaAFrMAIP7uXaX8xt/LjYNeZ7+w6O7+kwA2XOE3Ucus+a8AUt+bS8JXmh3Vpwg2SfCmn/AmLsNXrwynelVpYO/t0cZIp1uS3OcUQYxuSO++DI6SiKazE47yP0qxK0qIi9Pm9gX1w6SnE0oQcQ6w== ambroisie@shared-key