- Nix 95.8%
- Python 4.2%
| config | ||
| hosts | ||
| lib | ||
| modules | ||
| pkgs | ||
| default.nix | ||
| README.md | ||
| STUFF.md | ||
NixOS configuration facilities for CCC Bremen infrastructure
Structure
The top-level directories modules, hosts, and config differentiate
between three types, namely NixOS modules, host modules, and
configuration modules, respectively.
A NixOS module is an ordinary module used for parametrizable
configuration tasks much like upstream NixOS modules. The only
difference is that the NixOS modules provided in this repository are
namespaced under ccchb, i.e. options are located under the ccchb
hierarchy. For instance, the option ccchb.common.enable enables the
NixOS module ccchb.common, which is located in modules/common.nix.
A host module declares the system configuration of a single
host, up to hardware-dependent settings usually defined in the local
hardware-configuration.nix. Instructive examples are hosts/mail.nix
and hosts/doord-pi-1.nix. In order to build, for example, an image
for the host doord-pi-1.nix, one may use
nixos-rebuild build-image -I nixos-config=./hosts/doord-pi-1.nix \
--image-variant sd-card
The more common alternative is to checkout this repository to a host,
which is configured by a host module, and import the host module in
/etc/nixos/configuration.nix:
{ config, lib, pkgs, ... }: {
imports = [
./hardware-configuration.nix
./nixos-configuration/hosts/mail.nix
];
}
Lastly, a configuration module contains commonly used configuration options. See below in the section Configuration modules for more details.
Deployment
A host ingesting a configuration from this repository should set-up a Nix channel pointing to this repository. For instance,
# nix-channel --list
config https://dev.ccchb.de/ccchb/nixos-configurations/archive/main.tar.gz
nixos https://nixos.org/channels/nixos-25.11
is a sensible configuration of Nix channels. Under this prerequisite, deployment of the content of this repository, or of the corresponding branch, tag, etc., can be carried out by updating the Nix channel by running
# nix-channel --tarball-ttl 0 --update config
and building and switching the NixOS configuration in the usual manner.
Configuration modules
Users
Users may be declared globally in the config/users.nix module, and
instantiated on a per-host basis by setting users.users accordingly.
For example,
{ local, ... }: { {
users.users = local.lib.callUsers {
inherit (local.config.users) fritz genofire crest humm;
} { };
}
instantiates the users fritz, genofire, crest, and humm.
Technically, a user under local.config.users is a module, which
can be instantiated by the local.lib.callUser library function.
Each user module currently receives the following, well-known arguments:
adminGroups: A list of common admin groups for NixOSdesktopGroups: A list of common desktop groups for NixOS
Mail accounts and forwardings
Mail accounts and forwardings are declared globally in the
config/mail-accounts.nix module. Each mail account is represented by
an attribute set, with the following keys:
forwardTo(optional): Email address for forwardinghashedPassword(optional): Password hash for Dovecotaliases(optional): List of email addresses that alias the declared account
Mail accounts can be transformed by using the local.lib.callMailAccount
library function to a attribute set consisting of a passwd line for
Dovecot, a vmailbox line for virtual_mailbox_maps in Postfix, and
virtual lines for virtual_alias_maps in Postfix. The library function
callMailAccount receives the canonical mail address for the account
as its first argument, and the attribute set describing the mail account
as its second argument. For example,
local.lib.callMailAccount "test@ccchb.de" {
aliases = [
"test2@ccchb.de"
];
forwardTo = "test3@ccchb.de";
hashedPassword = "...";
}
creates the required map entries for the mail account "test@ccchb.de", which has the alias "test2@ccchb.de", forwards mail to "test3@ccchb.de", and has a hashedPassword declared for authentication purposes (e.g. SMTP and IMAP).