Cleaned up (#4)

Author: spietras

src/src/hosts/dummy/modules/boot/default.nix

@@ -6,10 +6,10 @@
       availableKernelModules = [
         # These were autodetected by nixos-generate-config
         "ahci"
-        "xhci_pci"
-        "virtio_pci"
         "sr_mod"
+        "virtio_pci"
         "virtio_blk"
+        "xhci_pci"
       ];
     };
 

src/src/hosts/dummy/modules/constants/default.nix

@@ -24,6 +24,18 @@
         type = lib.types.str;
       };
 
+      secrets = {
+        sops = {
+          age = {
+            file = lib.mkOption {
+              default = "/var/lib/sops/age/keys.txt";
+              description = "Path to the file with private age keys";
+              type = lib.types.str;
+            };
+          };
+        };
+      };
+
       storage = {
         disks = {
           main = {

src/src/hosts/dummy/modules/install/default.nix

@@ -1,35 +1,37 @@
 # Install script
 {
-  inputs,
   config,
+  inputs,
   lib,
   pkgs,
   ...
-}: {
-  options = {
-    installScript = lib.mkOption {
-      # Create shell script
-      default = pkgs.writeShellApplication {
-        # Name of the script
-        name = "install";
+}: let
+  script = pkgs.writeShellApplication {
+    # Name of the script
+    name = "install";
 
-        # Packages available in the script
-        runtimeInputs = [pkgs.coreutils pkgs.disko];
+    # Packages available in the script
+    runtimeInputs = [pkgs.coreutils pkgs.disko];
 
-        # Load the script with substituted values
-        text = builtins.readFile (
-          # Substitute values in the script
-          pkgs.substituteAll {
-            # Use this file as source
-            src = ./install.sh;
+    # Load the script with substituted values
+    text = builtins.readFile (
+      # Substitute values in the script
+      pkgs.substituteAll {
+        # Use this file as source
+        src = ./install.sh;
 
-            # Provide values to substitute
-            flake = inputs.self;
-            host = config.constants.name;
-            main = config.constants.storage.disks.main.device;
-          }
-        );
-      };
+        # Provide values to substitute
+        flake = inputs.self;
+        host = config.constants.name;
+        keysFile = config.constants.secrets.sops.age.file;
+        mainDiskDevice = config.constants.storage.disks.main.device;
+      }
+    );
+  };
+in {
+  options = {
+    installScript = lib.mkOption {
+      default = script;
     };
   };
 }

src/src/hosts/dummy/modules/install/install.sh

@@ -4,31 +4,32 @@
 
 FLAKE='@flake@'
 HOST='@host@'
-MAIN='@main@'
+KEYS_FILE='@keysFile@'
+MAIN_DISK_DEVICE='@mainDiskDevice@'
 
 ### HELPER FUNCTIONS ###
 
 print_usage() {
 	# Print script usage
 
 	cat <<EOF
-Usage: $0 [-k KEYFILE] [OPTIONS]
+Usage: $0 [-k KEYSFILE] [OPTIONS]
 Install the system on this machine.
 
-	-k, --keyfile           path to the age key file
+	-k, --keysfile           path to the age keys file
 EOF
 }
 
 ### PARSE ARGUMENTS ###
 
-keyfile="${SOPS_AGE_KEY_FILE:-${SOPS_AGE_KEY_DIR:-${XDG_CONFIG_HOME:-${HOME}/.config}/sops/age}/keys.txt}"
+keysfile="${SOPS_AGE_KEY_FILE:-${SOPS_AGE_KEY_DIR:-${XDG_CONFIG_HOME:-${HOME}/.config/}/sops/age/}/keys.txt}"
 unparsed=''
 
 while [[ -n ${1:-} ]]; do
 	case "$1" in
-	-k | --keyfile)
+	-k | --keysfile)
 		shift
-		keyfile="$1"
+		keysfile="$1"
 		;;
 	-h | --help)
 		print_usage >&2
@@ -47,8 +48,8 @@ done
 # shellcheck disable=SC2086
 set -- ${unparsed}
 
-if [[ ! -e ${keyfile} ]]; then
-	printf '%s\n' "Error: Key file ${keyfile} does not exist." >&2
+if [[ ! -e ${keysfile} ]]; then
+	printf '%s\n' "Error: Keys file ${keysfile} does not exist." >&2
 	print_usage >&2
 	exit 1
 fi
@@ -57,7 +58,7 @@ fi
 
 disko-install \
 	--flake "${FLAKE}#${HOST}" \
-	--disk main "${MAIN}" \
-	--extra-files "${keyfile}" /var/lib/sops/age/keys.txt \
+	--disk main "${MAIN_DISK_DEVICE}" \
+	--extra-files "${keysfile}" "${KEYS_FILE}" \
 	--write-efi-boot-entries \
 	"$@"

src/src/hosts/dummy/modules/nix/default.nix

@@ -3,11 +3,11 @@
   nix = {
     settings = {
       experimental-features = [
-        # Enable commands
-        "nix-command"
-
         # Enable flakes
         "flakes"
+
+        # Enable commands
+        "nix-command"
       ];
     };
   };

src/src/hosts/dummy/modules/secrets/default.nix

@@ -1,5 +1,9 @@
 # Secrets configuration
-{inputs, ...}: {
+{
+  config,
+  inputs,
+  ...
+}: {
   imports = [
     # Import sops modules
     inputs.sops-nix.nixosModules.sops
@@ -8,7 +12,7 @@
   sops = {
     age = {
       # age private keys should be stored at this path on the host
-      keyFile = "/var/lib/sops/age/keys.txt";
+      keyFile = config.constants.secrets.sops.age.file;
 
       # This is needed so that ssh keys are not unnecessarily picked up
       sshKeyPaths = [];

src/src/hosts/dummy/modules/vm/default.nix

@@ -27,13 +27,13 @@
 
         # Shared directories between the virtual machine and your development machine
         sharedDirectories = {
-          # This is needed to transmit your age private key to the virtual machine
-          age-key = {
-            # The private key should be stored at this path on your development machine
-            source = "\${SOPS_AGE_KEY_DIR:-\${XDG_CONFIG_HOME:-$HOME/.config}/sops/age}";
+          # This is needed to transmit your age private keys to the virtual machine
+          sops-age-keys = {
+            # The private keys should be stored at this path on your development machine
+            source = "\${SOPS_AGE_KEY_DIR:-\${XDG_CONFIG_HOME:-$HOME/.config/}/sops/age/}";
 
             # And will be mounted in the virtual machine at this path
-            target = "/var/lib/sops/age";
+            target = builtins.dirOf config.constants.secrets.sops.age.file;
           };
         };
       };