added stuff

2024-04-09 23:11:33 +02:00 · 2024-04-09 23:11:33 +02:00 · 7d4f626b7d
commit 7d4f626b7d
parent 6d31f5b5a1
907 changed files with 70990 additions and 0 deletions
--- a/nyx/modules/core/roles/headless/default.nix
+++ b/nyx/modules/core/roles/headless/default.nix
@ -0,0 +1,7 @@
+{
+  imports = [
+    ./system
+  ];
+
+  system.nixos.tags = ["headless"];
+}
--- a/nyx/modules/core/roles/headless/system/default.nix
+++ b/nyx/modules/core/roles/headless/system/default.nix
@ -0,0 +1,9 @@
+{
+  imports = [
+    ./environment.nix
+    ./systemd.nix
+    ./documentation.nix
+    ./fonts.nix
+    ./xdg.nix
+  ];
+}
--- a/nyx/modules/core/roles/headless/system/documentation.nix
+++ b/nyx/modules/core/roles/headless/system/documentation.nix
@ -0,0 +1,17 @@
+{lib, ...}: let
+  inherit (lib) mkForce mapAttrs;
+in {
+  documentation = mapAttrs (_: mkForce) {
+    enable = false;
+    dev.enable = false;
+    doc.enable = false;
+    info.enable = false;
+    nixos.enable = false;
+    man = {
+      enable = false;
+      generateCaches = false;
+      man-db.enable = false;
+      mandoc.enable = false;
+    };
+  };
+}
--- a/nyx/modules/core/roles/headless/system/environment.nix
+++ b/nyx/modules/core/roles/headless/system/environment.nix
@ -0,0 +1,45 @@
+{
+  self,
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  environment = {
+    # normally we wouldn't need any Xlibs on a headless server but for whatever reason
+    # this affects whether or not some programs can build - such as pipewire
+    # noXlibs = true;
+
+    # print the URL instead on servers
+    variables.BROWSER = "echo";
+
+    interactiveShellInit = let
+      exec = package: program: "${package}/bin/${program}";
+      util = exec pkgs.coreutils;
+      uptime = exec pkgs.procps "uptime";
+      grep = exec pkgs.gnugrep "grep";
+      countUsers = ''${util "who"} -q | ${util "head"} -n1 | ${util "tr"} ' ' \\n | ${util "uniq"} | ${util "wc"} -l'';
+      countSessions = ''${util "who"} -q | ${util "head"} -n1 | ${util "wc"} -w'';
+    in ''
+      (
+
+      # Get the common color codes from lib
+      ${toString lib.common.shellColors}
+
+      # Color accent to use in any primary text
+      CA=$PURPLE
+      CAB=$BPURPLE
+
+      echo
+      echo -e " █ ''${BWHITE}Welcome back''${CO}"
+      echo    " █"
+      echo -e " █ ''${BWHITE}Hostname......:''${CAB} ${config.networking.hostName}''${CO}"
+      echo -e " █ ''${BWHITE}OS Version....:''${CO} NixOS ''${CAB}${config.system.nixos.version}''${CO}"
+      echo -e " █ ''${BWHITE}Configuration.:''${CO} ''${CAB}${self.rev or "\${BRED}(✘)\${CO}\${BWHITE} Dirty"}''${CO}"
+      echo -e " █ ''${BWHITE}Uptime........:''${CO} $(${uptime} -p | ${util "cut"} -d ' ' -f2- | GREP_COLORS='mt=01;35' ${grep} --color=always '[0-9]*')"
+      echo -e " █ ''${BWHITE}SSH Logins....:''${CO} There are currently ''${CAB}$(${countUsers})''${CO} users logged in on ''${CAB}$(${countSessions})''${CO} sessions"
+      echo
+      )
+    '';
+  };
+}
--- a/nyx/modules/core/roles/headless/system/fonts.nix
+++ b/nyx/modules/core/roles/headless/system/fonts.nix
@ -0,0 +1,5 @@
+{lib, ...}: {
+  # we don't need fontconfig on a server
+  # since there are no fonts to be configured outside the console
+  fonts.fontconfig.enable = lib.mkDefault false;
+}
--- a/nyx/modules/core/roles/headless/system/services.nix
+++ b/nyx/modules/core/roles/headless/system/services.nix
@ -0,0 +1,5 @@
+{
+  # a headless system shoudld not mount any removable media
+  # without explicit user action
+  services.udisks2.enable = false;
+}
--- a/nyx/modules/core/roles/headless/system/systemd.nix
+++ b/nyx/modules/core/roles/headless/system/systemd.nix
@ -0,0 +1,29 @@
+{
+  # https://github.com/numtide/srvos/blob/main/nixos/server/default.nix
+  systemd = {
+    # given that our systems are headless, emergency mode is useless.
+    # we prefer the system to attempt to continue booting so
+    # that we can hopefully still access it remotely.
+    enableEmergencyMode = false;
+
+    # For more detail, see:
+    #   https://0pointer.de/blog/projects/watchdog.html
+    watchdog = {
+      # systemd will send a signal to the hardware watchdog at half
+      # the interval defined here, so every 10s.
+      # If the hardware watchdog does not get a signal for 20s,
+      # it will forcefully reboot the system.
+      runtimeTime = "20s";
+      # Forcefully reboot if the final stage of the reboot
+      # hangs without progress for more than 30s.
+      # For more info, see:
+      #   https://utcc.utoronto.ca/~cks/space/blog/linux/SystemdShutdownWatchdog
+      rebootTime = "30s";
+    };
+
+    sleep.extraConfig = ''
+      AllowSuspend=no
+      AllowHibernation=no
+    '';
+  };
+}
--- a/nyx/modules/core/roles/headless/system/xdg.nix
+++ b/nyx/modules/core/roles/headless/system/xdg.nix
@ -0,0 +1,11 @@
+{lib, ...}: let
+  inherit (lib) mkForce mapAttrs;
+in {
+  xdg = mapAttrs (_: mkForce) {
+    sounds.enable = false;
+    mime.enable = false;
+    menus.enable = false;
+    icons.enable = false;
+    autostart.enable = false;
+  };
+}