Refactors, konawall-py for darwin, sumireko update to Sonoma

2026-02-09 12:29:19 -08:00 · 2023-11-15 11:10:44 -08:00 · 2023-11-15 11:10:44 -08:00 · bc61d82487
commit bc61d82487
parent 091ddb5b91
151 changed files with 691 additions and 792 deletions
--- a/nixos/common/access.nix
+++ b/nixos/common/access.nix
@ -13,20 +13,6 @@
      config.users.users);
  };
 in {
-  security.sudo.extraRules = [
-    {
-      users = ["deploy"];
-      commands = [
-        {
-          command = "ALL";
-          options = [
-            "NOPASSWD"
-            "SETENV"
-          ];
-        }
-      ];
-    }
-  ];
  users.users = {
    root = commonUser;
    deploy =
--- a/nixos/common/autoupgrade.nix
+++ b/nixos/common/autoupgrade.nix
@ -1,6 +0,0 @@
-{config, ...}: {
-  system.autoUpgrade = {
-    enable = false;
-    flake = "github:kittywitch/infrastructure#${config.networking.hostName}";
-  };
-}
--- a/nixos/common/console.nix
+++ b/nixos/common/console.nix
--- a/nixos/common/disable-documentation.nix
+++ b/nixos/common/disable-documentation.nix
--- a/nixos/common/mutable-users.nix
+++ b/nixos/common/mutable-users.nix
--- a/nixos/common/nftables.nix
+++ b/nixos/common/nftables.nix
@ -1,4 +1,3 @@
 _: {
  networking.nftables.enable = true;
-  services.tailscale.enable = true;
 }
--- a/nixos/common/nix-deploy-trusted-user.nix
+++ b/nixos/common/nix-deploy-trusted-user.nix
@ -0,0 +1,9 @@
+_: {
+  nix = {
+    settings = {
+      trusted-users = [
+        "deploy"
+      ];
+    };
+  };
+}
--- a/nixos/common/nix.nix
+++ b/nixos/common/nix.nix
@ -1,21 +0,0 @@
-{lib, ...}: let
-  inherit (lib.modules) mkDefault;
-in {
-  boot.loader = {
-    grub.configurationLimit = 8;
-    systemd-boot.configurationLimit = 8;
-  };
-
-  nix = {
-    settings = {
-      trusted-users = [
-        "deploy"
-      ];
-    };
-    gc = {
-      automatic = mkDefault false;
-      dates = mkDefault "weekly";
-      options = mkDefault "--delete-older-than 7d";
-    };
-  };
-}
--- a/nixos/common/ssh.nix
+++ b/nixos/common/ssh.nix
@ -9,22 +9,10 @@
 in {
  networking.firewall = {
    allowedTCPPorts = [(list.unsafeHead config.services.openssh.ports)];
-    allowedUDPPortRanges = [
-      {
-        from = 60000;
-        to = 61000;
-      }
-    ];
  };

  services.openssh = {
    enable = true;
-    /*
-      knownHosts.katca = {
-      certAuthority = true;
-      publicKey = builtins.readFile ./ca-pubkey.pem;
-    };
-    */
    settings = {
      KexAlgorithms = ["curve25519-sha256@libssh.org"];
      PasswordAuthentication = false;
@ -37,6 +25,4 @@ in {
      LogLevel VERBOSE
    '';
  };
-
-  programs.mosh.enable = true;
 }
--- a/nixos/common/sudo-nopasswd.nix
+++ b/nixos/common/sudo-nopasswd.nix
@ -0,0 +1,16 @@
+_: {
+  security.sudo.extraRules = [
+    {
+      users = ["deploy"];
+      commands = [
+        {
+          command = "ALL";
+          options = [
+            "NOPASSWD"
+            "SETENV"
+          ];
+        }
+      ];
+    }
+  ];
+}
--- a/nixos/common/tailscale.nix
+++ b/nixos/common/tailscale.nix
@ -0,0 +1,3 @@
+_: {
+  services.tailscale.enable = true;
+}
--- a/nixos/common/tzupdate.nix
+++ b/nixos/common/tzupdate.nix
--- a/nixos/common/shell.nix
+++ b/nixos/common/shell.nix