Several changes

hosts/common.nix

@@ -2,8 +2,8 @@
 let
   inherit (pkgs) lib;
   # inherit (specialArgs) machineVars;
-  inherit (config) machineVars;
+  # inherit (config) machineVars;
-  has_graphics = !config.machineVars.headless;
+  # has_graphics = !config.machineVars.headless;
 in {
   time.timeZone = "Europe/Oslo";
 
@@ -63,7 +63,7 @@ in {
 
     systemPackages = with pkgs; ([
       wget
-    ] ++ (lib.optionals (!machineVars.headless) [
+    ] ++ (lib.optionals (!config.machineVars.headless) [
       haskellPackages.xmobar
     ]));
 
@@ -199,7 +199,7 @@ in {
       #       makes it so that other software can not be activated at the same time
       #       and that those asserts triggers some kind of evaluation chain that
       #       recurses infinitely.
-      # enable = !config.machineVars.headless;
+      # enable = true;
       layout = "us";
       xkbOptions = "caps:escape";
 
@@ -220,7 +220,7 @@ in {
 
       # displayManager.startx.enable = true;
       # displayManager.gdm.enable = true;
-      # displayManager.lightdm.enable = !config.machineVars.headless;
+      # displayManager.lightdm.enable = true;
       displayManager.defaultSession = "none+xmonad";
     };
 

hosts/kasei/configuration.nix

@@ -8,6 +8,25 @@
   services.xserver.enable = true; 
   services.xserver.displayManager.lightdm.enable = true;
 
+  machineVars = {
+    headless = false;
+    gaming = true;
+    development = true;
+    creative = true;
+
+    dataDrives = let 
+      main = "/data";
+    in {
+      drives = { inherit main; };
+      default = main;
+    };
+
+    screens = {
+      "DP-1" = {};
+      "HDMI-1" = {};
+    };
+  };
+
   systemd.targets = {
     sleep.enable = false;
     suspend.enable = false;

hosts/tsuki/configuration.nix

@@ -1,27 +1,27 @@
-{ config, lib, pkgs, ... }:
 {
   imports = [
-      ./hardware-configuration.nix
+    ./hardware-configuration.nix
 
     # ./services/calibre.nix
-      # ./services/dokuwiki.nix
+    # ./services/dokuwiki.nix
     ./services/gitea
-      # ./services/gitlab
+    # ./services/gitlab
     ./services/grafana.nix
     ./services/hydra.nix
-      ./services/jitsi.nix
+    ./services/jitsi.nix
     # ./services/keycloak.nix
     # ./services/libvirt.nix
-    ./services/matrix.nix
+    ./services/matrix
     ./services/nginx.nix
-      # ./services/openldap.nix
+    # ./services/openldap.nix
-      ./services/openvpn.nix
+    # ./services/openvpn.nix
     ./services/plex.nix
-      # ./services/samba.nix
+    ./services/postgres.nix
-      ./services/searx.nix
+    ./services/samba.nix
-      # ./services/syncthing.nix
+    ./services/searx.nix
+    # ./services/syncthing.nix
     ./services/vscode-server.nix
-    ];
+  ];
 
   # TODO: See ../common.nix
   services.xserver.enable = false;
@@ -29,6 +29,15 @@
 
   machineVars = {
     headless = true;
+    dataDrives = let 
+      momiji = "/data2";
+    in {
+      drives = {
+        cirno = "/data";
+        inherit momiji;
+      };
+      default = momiji;
+    };
   };
 
   systemd.targets = {
@@ -74,6 +83,7 @@
   users.groups.media = {};
 
   users.users = {
+    h7x4.extraGroups = [ "media" ];
     media = {
       isSystemUser = true;
       group = "media";

hosts/tsuki/services/hydra.nix

@@ -1,9 +1,12 @@
 { secrets, ... }:
 {
+  # Follow instructions for setup:
+  # https://gist.github.com/joepie91/c26f01a787af87a96f967219234a8723
   services.hydra = {
     enable = true;
     hydraURL = "http://hydra.nani.wtf";
     notificationSender = "hydra@nani.wtf";
+    useSubstitutes = true;
     port = secrets.ports.hydra;
   };
 }

hosts/tsuki/services/nginx.nix

@@ -111,10 +111,10 @@
       (makeClientCertProxy ["log"] "http://localhost:${s ports.grafana}" {
         locations."/".proxyWebsockets = true;
       })
-      (makeClientCertProxy ["pg"] "http://localhost:${s ports.postgres}" {})
+      (makeClientCertProxy ["pg"] "http://localhost:${s ports.pgadmin}" {})
       # (makeProxy ["wiki"] "" {})
       # (makeHost ["vpn"] "" {})
-      (makeClientCertProxy ["hydra"] "http://localhost:${s ports.hydra}" {})
+      (makeACMEProxy ["hydra"] "http://localhost:${s ports.hydra}" {})
       (makeClientCertProxy ["air"] "https://${ips.kansei}:${s ports.kansei}" {})
 
       # (makePassProxy ["sync" "drive"] "" {})

hosts/tsuki/services/openldap.todo.nix

@@ -2,7 +2,7 @@
 {
   services.openldap = {
     enable = true;
-    # dataDir = "/data/var/openldap";
+    # dataDir = "${config.machineVars.dataDrives.default}/var/openldap";
     urlList = [ "ldap:///" "ldapi:///" ]; # Add ldaps to this list to listen with SSL (requires configured certificates)
     # suffix = "dc=nixos,dc=org";
     # rootdn = "cn=admin,dc=nixos,dc=org";

hosts/tsuki/services/plex.nix

@@ -1,21 +1,10 @@
-{ secrets, ... }:
+{ config, secrets, ... }:
 {
   services.plex = {
     enable = true;
     openFirewall = true;
-    dataDir = "/data/var/plex";
+    dataDir = "${config.machineVars.dataDrives.default}/var/plex";
   };
 
-  # TODO: make default directories.
+  # networking.firewall.allowedTCPPorts = [ secrets.ports.plex ];
-  services.samba.shares.plex = {
-    path = "/data/media";
-    browseable = "yes";
-    "read only" = "no";
-    "guest ok" = "no";
-    "create mode" = 0664;
-    "directory mode" = 2775;
-    comment = "Movies, Series and other stuff for Plex";
-  };
-
-  networking.firewall.allowedTCPPorts = [ secrets.ports.plex ];
 }

hosts/tsuki/services/postgres.nix

@@ -2,16 +2,26 @@
 
   services.postgresql = {
     enable = true;
-    # port = secrets.ports.postgres
+    enableTCPIP = true;
-    # dataDir = 
+    authentication = pkgs.lib.mkOverride 10 ''
+      local all all trust
+      local hydra all ident map=hydra-users
+      host all all 127.0.0.1/32 trust
+      host all all ::1/128 trust
+    '';
+    port = secrets.ports.postgres;
+    dataDir = "${config.machineVars.dataDrives.default}/db/postgres/${config.services.postgresql.package.psqlSchema}";
     # settings = {};
   };
 
   services.pgadmin = {
     enable = true;
     openFirewall = true;
-    # port = secrets.ports.pgadmin
+    initialEmail = "h7x4abk3g@protonmail.com";
-    # settings = {
+    initialPasswordFile = "${config.machineVars.dataDrives.default}/var/pgadmin_pass";
-    # };
+    port = secrets.ports.pgadmin;
+    settings = {
+      DATA_DIR = "${config.machineVars.dataDrives.default}/var/pgadmin";
+    };
   };
 }

modules/machineVars.nix

@@ -46,6 +46,31 @@ t tools preinstalled.";
       type = types.nullOr types.str;
       default = null;
     };
+
+    dataDrives = let 
+      driveType =
+        types.addCheck types.path (path: builtins.elem path (builtins.attrNames config.fileSystems));
+    in {
+      drives = mkOption {
+        type = types.attrsOf driveType;
+        default = { };
+        example = {
+          dataDrive1 = "/data/data1";
+          dataDrive2 = "/another/location";
+        };
+        description = ''
+          Drives that should act as data drives.
+          These need to be registered in `fileSystems`
+        '';
+      };
+
+      default = mkOption {
+        type = types.nullOr driveType;
+        description = ''
+          Data drive that should be used for most purposes.
+        '';
+      };
+    };
   };
 
   config = {

programs/xmobar/default.nix

@@ -4,10 +4,11 @@ in {
   programs.xmobar = let
     networkCard = "wlp2s0f0u7u4";
 
+    # TODO: loop over dataDrives
     disks = [
       "/"
-      "/data"
+      "${config.machineVars.dataDrives.default}"
-      "/data/disks/data2"
+      "${config.machineVars.dataDrives.default}/disks/data2"
     ];
 
     mpd_status_script = pkgs.writeShellScript "mpd-status" ''