First dnf test

dnf/modules/nix/mixin/host/desktop.nix

@@ -0,0 +1,44 @@
+# A full desktop configuration with gnome, multimedia and office tools.
+
+{ lib, config, ... }:
+let
+  cfg = config.darkone.host.desktop;
+in
+{
+  options = {
+    darkone.host.desktop.enable = lib.mkEnableOption "Desktop optimized host configuration";
+  };
+
+  config = lib.mkIf cfg.enable {
+
+    # Load minimal configuration
+    darkone.host.minimal.enable = lib.mkDefault true;
+
+    # System additional features
+    darkone.system.core = {
+      enableFstrim = lib.mkDefault true;
+      enableBoost = lib.mkDefault false;
+    };
+
+    # Daemons
+    darkone.service = {
+      audio.enable = lib.mkDefault true;
+      printing.enable = lib.mkDefault true;
+    };
+
+    # Graphical applications
+    darkone.graphic = {
+      gnome = {
+        enable = lib.mkDefault true;
+        enableMoreGnomeApps = lib.mkDefault true;
+      };
+      obsidian.enable = lib.mkDefault true;
+      office = {
+        enable = lib.mkDefault true;
+        enableEmail = lib.mkDefault true;
+        enableLibreOffice = lib.mkDefault true;
+        enableInternet = lib.mkDefault true;
+      };
+    };
+  };
+}

dnf/modules/nix/mixin/host/gateway.nix

@@ -0,0 +1,60 @@
+# The main gateway / router of local network.
+#
+# :::tip[A ready-to-use gateway!]
+# The gateway is configured in `usr/config.yaml` file.
+# Additional enabled services (homepage, adguardhome, forgejo, ncps...)
+# are automatically configured with consistent network plumbing on the
+# gateway and all machines on the local network.
+# :::
+
+{
+  lib,
+  config,
+  host,
+  ...
+}:
+let
+  cfg = config.darkone.host.gateway;
+in
+{
+  options = {
+    darkone.host.gateway.enable = lib.mkEnableOption "Enable gateway features for the current host (dhcp, dns, proxy, etc.)";
+    darkone.host.gateway.enableFail2ban = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Enable fail2ban service";
+    };
+    darkone.host.gateway.enableAdguardhome = lib.mkOption {
+      type = lib.types.bool;
+      default = builtins.hasAttr "adguardhome" host.services;
+      description = "Enable pre-configured Aguard Home service";
+    };
+    darkone.host.gateway.enableNcps = lib.mkOption {
+      type = lib.types.bool;
+      default = builtins.hasAttr "ncps" host.services;
+      description = "Enable the proxy cache for packages";
+    };
+    darkone.host.gateway.enableLldap = lib.mkOption {
+      type = lib.types.bool;
+      default = builtins.hasAttr "lldap" host.services;
+      description = "Enable pre-configured lldap service (additional users & groups)";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+
+    # Is a server
+    darkone.host.server.enable = true;
+
+    # Enabled services
+    darkone.service = {
+      dnsmasq.enable = true;
+      adguardhome.enable = cfg.enableAdguardhome;
+      ncps.enable = cfg.enableNcps;
+      lldap.enable = cfg.enableLldap;
+    };
+
+    # Fail2ban
+    services.fail2ban.enable = cfg.enableFail2ban;
+  };
+}

dnf/modules/nix/mixin/host/laptop.nix

@@ -0,0 +1,43 @@
+# Desktop config + laptop specific tools & configuration.
+
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+let
+  cfg = config.darkone.host.laptop;
+in
+{
+  options = {
+    darkone.host.laptop.enable = lib.mkEnableOption "Laptop optimized host configuration";
+  };
+
+  config = lib.mkIf cfg.enable {
+
+    # Based on desktop configuration
+    darkone.host.desktop.enable = lib.mkDefault true;
+
+    # Several printing drivers
+    darkone.service.printing.loadAll = lib.mkDefault false;
+
+    # Sensors management (WIP)
+    boot.kernelModules = [ "coretemp" ];
+    environment.systemPackages = with pkgs; [ lm_sensors ];
+
+    # suspend, sleep, hibernates are deactivated by default, we force activation
+    systemd.targets = {
+      sleep.enable = true;
+      suspend.enable = true;
+      hibernate.enable = true;
+      hybrid-sleep.enable = false;
+    };
+    darkone.graphic.gnome = lib.mkIf config.darkone.graphic.gnome.enable {
+      enableSuspend = lib.mkDefault true;
+    };
+
+    # Temperature management daemon
+    services.thermald.enable = true;
+  };
+}

dnf/modules/nix/mixin/host/minimal.nix

@@ -0,0 +1,94 @@
+# Every host configuration is based on this minimal config.
+#
+# :::caution[Services declaration]
+# A number of services (immich, nextcloud, forgejo, etc.) can be declared in the configuration `usr/config.yaml`
+# of each host, regardless of its type (server, laptop, desktop, etc.). **It is advisable to declare them in the
+# yaml file so that the service is visible across the entire network!**
+# :::
+
+{
+  lib,
+  config,
+  host,
+  ...
+}:
+with lib;
+let
+  cfg = config.darkone.host.minimal;
+in
+{
+  options = {
+    darkone.host.minimal.enable = mkEnableOption "Minimal host configuration";
+    darkone.host.minimal.secure = mkEnableOption "Prefer more secure options (disable mutable users...)";
+    darkone.host.minimal.enableHomepage = mkOption {
+      type = types.bool;
+      default = attrsets.hasAttrByPath [ "services" "homepage" ] host;
+      description = "Enable the auto-configured homepage service";
+    };
+    darkone.host.minimal.enableForgejo = mkOption {
+      type = types.bool;
+      default = attrsets.hasAttrByPath [ "services" "forgejo" ] host;
+      description = "Enable pre-configured forgejo git forge service";
+    };
+    darkone.host.minimal.enableImmich = mkOption {
+      type = types.bool;
+      default = attrsets.hasAttrByPath [ "services" "immich" ] host;
+      description = "Enable pre-configured immich service";
+    };
+    darkone.host.minimal.enableNextcloud = mkOption {
+      type = types.bool;
+      default = attrsets.hasAttrByPath [ "services" "nextcloud" ] host;
+      description = "Enable pre-configured nextcloud service";
+    };
+    darkone.host.minimal.enableNetdata = mkOption {
+      type = types.bool;
+      default = attrsets.hasAttrByPath [ "services" "netdata" ] host;
+      description = "Enable pre-configured Netdata service";
+    };
+    darkone.host.minimal.enableMonitoring = mkOption {
+      type = types.bool;
+      default = attrsets.hasAttrByPath [ "services" "monitoring" ] host;
+      description = "Enable pre-configured monitoring service (prometheus, grafana)";
+    };
+    darkone.host.minimal.enableVaultwarden = mkOption {
+      type = types.bool;
+      default = attrsets.hasAttrByPath [ "services" "vaultwarden" ] host;
+      description = "Enable pre-configured Vaultwarden service";
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    # Darkone main modules
+    darkone.system = {
+      hardware.enable = true; # firmwares
+      core.enableFirewall = mkDefault true;
+      i18n.enable = mkDefault true;
+    };
+
+    # Minimum console features
+    darkone.console = {
+      packages.enable = mkDefault true;
+      zsh.enable = mkDefault true;
+      zsh.enableForRoot = mkDefault true;
+    };
+
+    # No password for sudoers
+    security.sudo.wheelNeedsPassword = mkDefault false;
+
+    # Can manage users with useradd, usermod...
+    # Note: sops module force mutable users.
+    users.mutableUsers = mkDefault (!cfg.secure);
+
+    # Enabled services
+    darkone.service = {
+      homepage.enable = cfg.enableHomepage;
+      forgejo.enable = cfg.enableForgejo;
+      immich.enable = cfg.enableImmich;
+      nextcloud.enable = cfg.enableNextcloud;
+      netdata.enable = cfg.enableNetdata;
+      monitoring.enable = cfg.enableMonitoring;
+      vaultwarden.enable = cfg.enableVaultwarden;
+    };
+  };
+}

dnf/modules/nix/mixin/host/portable.nix

@@ -0,0 +1,26 @@
+# Portable configuration for a bootable USB drive containing a NixOS machine from the local network.
+
+{ lib, config, ... }:
+let
+  cfg = config.darkone.host.portable;
+in
+{
+  options = {
+    darkone.host.portable.enable = lib.mkEnableOption "Portable host configuration for usb keys";
+  };
+
+  # TODO: specific boot options for usb keys
+  config = lib.mkIf cfg.enable {
+
+    # Based on laptop configuration
+    darkone.host.laptop.enable = lib.mkForce true;
+
+    # More hardware drivers
+    darkone.system.hardware = {
+      enable = true;
+      enableIntel = true;
+      enableAmd = true;
+    };
+    hardware.enableAllHardware = true;
+  };
+}

dnf/modules/nix/mixin/host/server.nix

@@ -0,0 +1,99 @@
+# Improved configuration for servers (minimal, no sleep, watchdog...).
+#
+# :::caution[Emergency mode is disabled]
+# We prefer the system to attempt to continue booting so
+# that we can hopefully still access it remotely. (cf. srvos)
+# :::
+
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.darkone.host.server;
+  cfgLimit = 10;
+in
+{
+  options = {
+    darkone.host.server.enable = lib.mkEnableOption "Server host minimal configuration";
+    darkone.host.server.enableWatchdog = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Enable systemd watchdog";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+
+    # Load minimal configuration
+    darkone.host.minimal.enable = lib.mkForce true;
+
+    # Darkone modules (very low priority)
+    darkone.system.documentation.enable = lib.mkOverride 2000 false;
+
+    # Default apps
+    environment.systemPackages = map lib.lowPrio [
+      pkgs.curl
+      pkgs.wget
+      pkgs.htop
+      pkgs.vim
+    ];
+
+    # Restrict the number of boot entries to prevent full /boot partition.
+    # Servers don't need too many generations.
+    boot.loader.grub.configurationLimit = lib.mkDefault cfgLimit;
+    boot.loader.systemd-boot.configurationLimit = lib.mkDefault cfgLimit;
+
+    # Firewall is enabled
+    darkone.system.core.enableFirewall = lib.mkDefault true;
+
+    # Delegate the hostname setting to dhcp/cloud-init by default.
+    # TODO: enable this feature if useful
+    #networking.hostName = lib.mkOverride 1337 ""; # lower prio than lib.mkDefault
+
+    # Given that our systems are headless, emergency mode is useless.
+    # We prefer the system to attempt to continue booting so
+    # that we can hopefully still access it remotely.
+    boot.initrd.systemd.suppressedUnits = lib.mkIf config.systemd.enableEmergencyMode [
+      "emergency.service"
+      "emergency.target"
+    ];
+
+    systemd = {
+
+      # Given that our systems are headless, emergency mode is useless.
+      # We prefer the system to attempt to continue booting so
+      # that we can hopefully still access it remotely.
+      enableEmergencyMode = false;
+
+      # https://0pointer.de/blog/projects/watchdog.html
+      settings.Manager = lib.mkIf cfg.enableWatchdog {
+
+        # systemd will send a signal to the hardware watchdog at half
+        # the interval defined here, so every 15s.
+        # If the hardware watchdog does not get a signal for 30s,
+        # it will forcefully reboot the system.
+        RuntimeWatchdogSec = "30s";
+
+        # Forcefully reboot if the final stage of the reboot
+        # hangs without progress for more than 60s.
+        # https://utcc.utoronto.ca/~cks/space/blog/linux/SystemdShutdownWatchdog
+        RebootWatchdogSec = "60s";
+
+        # Forcefully reboot when a host hangs after kexec.
+        # This may be the case when the firmware does not support kexec.
+        KExecWatchdogSec = "1m";
+      };
+
+      # No sleep
+      sleep.extraConfig = ''
+        AllowSuspend=no
+        AllowHibernation=no
+      '';
+    };
+  };
+}
+
+# src: https://github.com/nix-community/srvos/blob/main/nixos/server/default.nix

dnf/modules/nix/mixin/host/vm.nix

@@ -0,0 +1,33 @@
+# Virtual machines guest tools.
+
+{ lib, config, ... }:
+let
+  cfg = config.darkone.host.vm;
+in
+{
+  options = {
+    darkone.host.vm = {
+      enableVirtualbox = lib.mkEnableOption "Virtualbox client";
+      enableXen = lib.mkEnableOption "Xen client";
+    };
+  };
+
+  config = lib.mkIf (cfg.enableVirtualbox || cfg.enableXen) {
+
+    # Based on server configuration
+    darkone.host.server.enable = lib.mkDefault true;
+
+    # VM parameters
+    virtualisation.virtualbox = lib.mkIf cfg.enableVirtualbox { guest.enable = true; };
+    services.xe-guest-utilities = lib.mkIf cfg.enableXen { enable = true; };
+    boot.initrd.kernelModules = lib.mkIf cfg.enableXen [
+      "xen-blkfront"
+      "xen-tpmfront"
+      "xen-kbdfront"
+      "xen-fbfront"
+      "xen-netfront"
+      "xen-pcifront"
+      "xen-scsifront"
+    ];
+  };
+}