Skip to content

Commit

Permalink
add basic darwinModules
Browse files Browse the repository at this point in the history
enable nix-daemon
  • Loading branch information
Mic92 committed Jun 13, 2024
1 parent 925ad60 commit a2761f0
Show file tree
Hide file tree
Showing 7 changed files with 124 additions and 0 deletions.
8 changes: 8 additions & 0 deletions darwin/common/default.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{

imports = [
./flake.nix
./nix.nix
./openssh.nix
];
}
42 changes: 42 additions & 0 deletions darwin/common/flake.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
{ config, lib, pkgs, ... }:

let
cfg = config.srvos;
in
{
options.srvos = {
flake = lib.mkOption {
# FIXME what is the type of a flake?
type = lib.types.nullOr lib.types.raw;
default = null;
description = lib.mdDoc ''
Flake that contains the nixos configuration.
'';
};
};
config = lib.mkIf (cfg.flake != null) {
services.telegraf.extraConfig.inputs.file =
let
inputsWithDate = lib.filterAttrs (_: input: input ? lastModified) cfg.flake.inputs;
flakeAttrs = input: (lib.mapAttrsToList (n: v: ''${n}="${v}"'')
(lib.filterAttrs (_: v: (builtins.typeOf v) == "string") input));
lastModified = name: input: ''
flake_input_last_modified{input="${name}",${lib.concatStringsSep "," (flakeAttrs input)}} ${toString input.lastModified}'';

# avoid adding store path references on flakes which me not need at runtime.
promText = builtins.unsafeDiscardStringContext ''
# HELP flake_registry_last_modified Last modification date of flake input in unixtime
# TYPE flake_input_last_modified gauge
${lib.concatStringsSep "\n" (lib.mapAttrsToList lastModified inputsWithDate)}
'';
in
[
{
data_format = "prometheus";
files = [
(pkgs.writeText "flake-inputs.prom" promText)
];
}
];
};
}
26 changes: 26 additions & 0 deletions darwin/common/nix.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
{ lib, config, ... }:
{
services.nix-daemon.enable = true;

# Fallback quickly if substituters are not available.
nix.settings.connect-timeout = 5;

# Enable flakes
nix.settings.experimental-features = [
"nix-command"
"flakes"
] ++ lib.optional (lib.versionOlder (lib.versions.majorMinor config.nix.package.version) "2.22")
"repl-flake";

# The default at 10 is rarely enough.
nix.settings.log-lines = lib.mkDefault 25;

# Avoid disk full issues
nix.settings.max-free = lib.mkDefault (3000 * 1024 * 1024);
nix.settings.min-free = lib.mkDefault (512 * 1024 * 1024);

# Avoid copying unnecessary stuff over SSH
nix.settings.builders-use-substitutes = true;

nix.daemonIOLowPriority = lib.mkDefault true;
}
17 changes: 17 additions & 0 deletions darwin/common/openssh.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# Better defaults for OpenSSH
{ lib, ... }:
{
environment.etc."ssh/sshd_config.d/102-srvos.conf".text = ''
X11Forwarding no
KbdInteractiveAuthentication no
PasswordAuthentication no
UseDns no
# unbind gnupg sockets if they exists
StreamLocalBindUnlink yes
# Use key exchange algorithms recommended by `nixpkgs#ssh-audit`
KexAlgorithms "curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","sntrup761x25519-sha512@openssh.com"
▏ '';
# Only allow system-level authorized_keys to avoid injections.
services.openssh.authorizedKeysFiles = lib.mkForce [ "/etc/ssh/authorized_keys.d/%u" ];
}
7 changes: 7 additions & 0 deletions darwin/default.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
let
exposeModules = import ../lib/exposeModules.nix;
in
exposeModules ./. [
./common
./mixins/telegraf.nix
]
22 changes: 22 additions & 0 deletions darwin/mixins/telegraf.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{ lib, inputs, pkgs, ... }:
{
services.telegraf = {
enable = true;
extraConfig = {
agent.interval = "60s";
inputs = {
smart.path_smartctl = "${pkgs.smartmontools}/bin/smartctl";
system = { };
mem = { };
swap = { };
disk.tagdrop.fstype = [ "ramfs" ];
diskio = { };
internal = { };
};
outputs.prometheus_client = {
listen = ":9273";
metric_version = 2;
};
};
};
}
2 changes: 2 additions & 0 deletions flake.nix
Original file line number Diff line number Diff line change
Expand Up @@ -94,8 +94,10 @@

# generates future flake outputs: `modules.<kind>.<module-name>`
flake.modules.nixos = import ./nixos;
flake.modules.darwin = import ./darwin;

# compat to current schema: `nixosModules` / `darwinModules`
flake.nixosModules = self.modules.nixos;
flake.darwinModules = self.modules.darwin;
};
}

0 comments on commit a2761f0

Please sign in to comment.