From de236e371e9c162bd3d684b5d298f3dd2fbd41fc Mon Sep 17 00:00:00 2001 From: Jan-Henrik Bruhn Date: Sat, 4 Apr 2026 16:45:00 +0200 Subject: [PATCH] fix: nix config optimizations --- flake.nix | 51 ++++++++++++++++------------------ hosts/telefonmann/default.nix | 3 -- hosts/telefonmann/hardware.nix | 9 ++++-- modules/common.nix | 2 +- modules/vm-guest.nix | 7 ----- modules/voip/asterisk.nix | 7 +++-- modules/voip/default.nix | 9 +++--- modules/voip/directory.nix | 8 ------ 8 files changed, 39 insertions(+), 57 deletions(-) delete mode 100644 modules/vm-guest.nix diff --git a/flake.nix b/flake.nix index 8370871..9230fd9 100644 --- a/flake.nix +++ b/flake.nix @@ -13,54 +13,51 @@ outputs = { self, nixpkgs, disko, agenix, ... }: let - pkgs = import nixpkgs { system = "x86_64-linux"; }; + # Shared module list for both nixosConfigurations and colmena + hostModules = name: system: [ + { nixpkgs.hostPlatform = system; } + disko.nixosModules.disko + agenix.nixosModules.default + ./modules/common.nix + ./hosts/${name} + ]; - # Helper to build a NixOS host config from hosts// mkHost = name: system: nixpkgs.lib.nixosSystem { - modules = [ - { nixpkgs.hostPlatform = system; } - disko.nixosModules.disko - agenix.nixosModules.default - ./modules/common.nix - ./hosts/${name} - ]; + modules = hostModules name system; }; hosts = { - telefonmann = { system = "x86_64-linux"; }; + telefonmann = { system = "x86_64-linux"; targetHost = "telefonmann"; }; }; + + systems = nixpkgs.lib.unique (nixpkgs.lib.mapAttrsToList (_: cfg: cfg.system) hosts); in { # nixosConfigurations is used by nixos-anywhere for initial install nixosConfigurations = nixpkgs.lib.mapAttrs (name: cfg: mkHost name cfg.system) hosts; - devShells.x86_64-linux.default = pkgs.mkShell { - packages = [ - pkgs.colmena - agenix.packages.x86_64-linux.default - ]; - }; + devShells = nixpkgs.lib.genAttrs systems (system: + let pkgs = import nixpkgs { inherit system; }; in { + default = pkgs.mkShell { + packages = [ + pkgs.colmena + agenix.packages.${system}.default + ]; + }; + }); # colmena hive for ongoing deployments colmena = { meta = { - nixpkgs = pkgs; - specialArgs = { inherit disko; }; + nixpkgs = import nixpkgs { system = (nixpkgs.lib.head systems); }; }; } // nixpkgs.lib.mapAttrs (name: cfg: { deployment = { - # Set targetHost per host in hosts//default.nix or override here - # targetHost = "telefonmann.example.com"; + targetHost = cfg.targetHost; targetUser = "root"; }; - imports = [ - { nixpkgs.hostPlatform = cfg.system; } - disko.nixosModules.disko - agenix.nixosModules.default - ./modules/common.nix - ./hosts/${name} - ]; + imports = hostModules name cfg.system; }) hosts; }; } diff --git a/hosts/telefonmann/default.nix b/hosts/telefonmann/default.nix index 8006dcc..1ac9b93 100644 --- a/hosts/telefonmann/default.nix +++ b/hosts/telefonmann/default.nix @@ -2,7 +2,6 @@ imports = [ ./hardware.nix ./disko.nix - ../../modules/vm-guest.nix ../../modules/voip ]; @@ -153,8 +152,6 @@ }; }; - deployment.targetHost = "telefonmann"; - # Age-encrypted secrets (decrypted on the host at activation time). age.secrets = let asteriskSecret = file: { inherit file; owner = "asterisk"; group = "voip-keys"; mode = "0640"; }; diff --git a/hosts/telefonmann/hardware.nix b/hosts/telefonmann/hardware.nix index 75eafc4..5ab4352 100644 --- a/hosts/telefonmann/hardware.nix +++ b/hosts/telefonmann/hardware.nix @@ -1,6 +1,9 @@ -{ modulesPath, ... }: { - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - +{ ... }: { + services.qemuGuest.enable = true; + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" # use "virtio_blk" instead if disk is /dev/vda diff --git a/modules/common.nix b/modules/common.nix index 3f7c36b..142bad5 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: { +{ ... }: { time.timeZone = "Europe/Berlin"; nix.settings = { diff --git a/modules/vm-guest.nix b/modules/vm-guest.nix deleted file mode 100644 index 108913f..0000000 --- a/modules/vm-guest.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: { - services.qemuGuest.enable = true; - boot.loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; -} diff --git a/modules/voip/asterisk.nix b/modules/voip/asterisk.nix index 0060c45..c310c03 100644 --- a/modules/voip/asterisk.nix +++ b/modules/voip/asterisk.nix @@ -172,7 +172,8 @@ let context = internal transport = transport-tcp disallow = all - ${lib.concatMapStrings (c: "allow = ${c}\n ") cfg.codecs.hardwarePhones}direct_media = no + ${lib.concatMapStrings (c: "allow = ${c}\n ") cfg.codecs.hardwarePhones} + direct_media = no trust_id_inbound = yes send_pai = yes @@ -181,7 +182,8 @@ let context = internal transport = transport-tcp disallow = all - ${lib.concatMapStrings (c: "allow = ${c}\n ") cfg.codecs.softClients}direct_media = no + ${lib.concatMapStrings (c: "allow = ${c}\n ") cfg.codecs.softClients} + direct_media = no send_pai = yes [auth-userpass](!) @@ -245,7 +247,6 @@ let type = endpoint context = from-external transport = transport-${t.transport} - disallow = all outbound_auth = trunk-${name}-auth aors = trunk-${name}-aor trust_id_inbound = yes diff --git a/modules/voip/default.nix b/modules/voip/default.nix index 9d9a3e9..0bef781 100644 --- a/modules/voip/default.nix +++ b/modules/voip/default.nix @@ -57,6 +57,10 @@ let greetingDirs = import ./greetings.nix { inherit lib pkgs cfg; }; intercomEntries = import ./intercom.nix { inherit lib cfg models allPhones; }; confFiles = import ./asterisk.nix { inherit lib cfg models allPhones intercomEntries mohDirs greetingDirs; }; + directory = import ./directory.nix { inherit lib pkgs cfg allPhones intercomEntries; }; + backgroundEntries = import ./backgrounds.nix { inherit lib pkgs cfg models allPhones; }; + provisioningRoot = import ./provisioning.nix { inherit lib pkgs cfg models allPhones backgroundEntries; }; + diagram = import ./diagram.nix { inherit lib pkgs cfg models allPhones intercomEntries; }; # True when any *File option is set — Asterisk's execincludes=yes is required in that case. hasRuntimeSecrets = @@ -81,11 +85,6 @@ let ngx.header.content_type = "text/html; charset=utf-8" ngx.print(html) ''; - directory = import ./directory.nix { inherit lib pkgs cfg allPhones intercomEntries; }; - backgroundEntries = import ./backgrounds.nix { inherit lib pkgs cfg models allPhones; }; - provisioningRoot = import ./provisioning.nix { inherit lib pkgs cfg models allPhones backgroundEntries; }; - diagram = import ./diagram.nix { inherit lib pkgs cfg models allPhones intercomEntries; }; - # Shared option set for a physical phone device. # isPersonPhone = true → no extension/displayName fields (inherited from person) # isPersonPhone = false → includes extension and displayName diff --git a/modules/voip/directory.nix b/modules/voip/directory.nix index 58cfbf6..c5d7c4d 100644 --- a/modules/voip/directory.nix +++ b/modules/voip/directory.nix @@ -68,16 +68,8 @@ let ''; - voicemailMenuXml = '' - - - - - ''; - in { menuFile = pkgs.writeText "directory.xml" menuXml; listFile = pkgs.writeText "directory-list.xml" listXml; intercomFile = pkgs.writeText "intercom.xml" intercomXml; - voicemailFile = pkgs.writeText "voicemail.xml" voicemailMenuXml; }