From e8257c15df97bf0b978bb2801a40ab555e135ce2 Mon Sep 17 00:00:00 2001
From: Dict Xiong <me@beardic.cn>
Date: Sat, 1 Jun 2024 12:18:51 +0800
Subject: [PATCH] build(nasp): refactor&modulize ->nvidia,docker,nginx,registry

---
 hosts/modules/nasp.nix | 191 +++++++++++++++++++++++------------------
 1 file changed, 107 insertions(+), 84 deletions(-)

diff --git a/hosts/modules/nasp.nix b/hosts/modules/nasp.nix
index 2571c75..407e269 100644
--- a/hosts/modules/nasp.nix
+++ b/hosts/modules/nasp.nix
@@ -2,12 +2,29 @@
 
 let
   mainCfg = config.nasp;
+  nvidiaCfg = mainCfg.nvidia;
+  dockerCfg = mainCfg.docker;
+  nginxCfg = mainCfg.nginx;
+  registryCfg = mainCfg.registry;
   gCfg = mainCfg.gSeries;
   dnew = (pkgs.writeShellScriptBin "dnew" (builtins.readFile ./scripts/dnew));
 in
 {
   options.nasp = {
     enable = lib.mkEnableOption "the nasp server configurations";
+    nvidia = {
+      enable = lib.mkEnableOption "nvidia gpu support";
+    };
+    docker = {
+      enable = lib.mkEnableOption "docker runtime";
+    };
+    nginx = {
+      enable = lib.mkEnableOption "nginx web server";
+      enableCodeServer = lib.mkEnableOption "proxy code server in docker";
+    };
+    registry = {
+      enable = lib.mkEnableOption "the nasp registry";
+    };
     gSeries = {
       enable = lib.mkEnableOption "the g-series server configurations";
       serial = lib.mkOption {
@@ -108,11 +125,16 @@ in
         hashedPassword = "$y$j9T$Ei67I7VhQD6gF20/lNBUx0$jnrLqLNSJVCS959deKCamoOi4Q76nNeQ7/kDQCCABl1";
       };
       users.groups.nasp = {};
+      ## desktop
+      services.xserver = {
+        enable = true;
+        displayManager.gdm.enable = true;
+        desktopManager.gnome.enable = true;
+        xkb.layout = "us";
+      };
     }
-    # g series
-    (lib.mkIf (gCfg.enable) (let
-      ipSuffix = (builtins.toString (gCfg.serial + 100)); in {
-      ## hardware
+    # nvidia
+    (lib.mkIf (nvidiaCfg.enable) {
       nixpkgs.config.nvidia.acceptLicense = true;
       hardware.nvidia = {
         package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
@@ -127,6 +149,82 @@ in
         driSupport = true;
         driSupport32Bit = true;
       };
+      virtualisation.docker.enableNvidia = true;
+      services.xserver.videoDrivers = [ "nvidia" ];
+    })
+    # docker
+    (lib.mkIf (dockerCfg.enable) {
+      virtualisation.docker = {
+        enable = true;
+        daemon.settings = {
+          ipv6 = true;
+          fixed-cidr-v6 = "fddd:d0c1:1::/64";
+          experimental = true;
+          ip6tables = true;
+          live-restore = false;
+        };
+      };
+      environment.systemPackages = with pkgs; [
+        dnew
+      ];
+    })
+    # nginx
+    (lib.mkIf (nginxCfg.enable) {
+      services.nginx = {
+        enable = true;
+        virtualHosts."default" = {
+          serverName = "_";
+          default = true;
+          locations."/" = {
+            return = "404";
+          };
+        };
+      };
+    })
+    (lib.mkIf (nginxCfg.enable && nginxCfg.enableCodeServer) {
+      services.nginx.virtualHosts."code-server" = {
+        serverName = "proxy.nasp.fit";
+        locations."~ ^/${config.networking.hostName}/([A-Za-z0-9]+)/(.*)"  = {
+          extraConfig = ''
+            rewrite "^/${config.networking.hostName}/([A-Za-z0-9]+)/(.*)" /$2 break;
+            proxy_pass "http://unix:/home2/run/$1.sock";
+            proxy_set_header Host $host;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection upgrade;
+            proxy_set_header Accept-Encoding gzip;
+          '';
+        };
+      };
+    })
+    # registry
+    (lib.mkIf (registryCfg.enable) {
+      systemd.timers."registry" = {
+        wantedBy = [ "timers.target" ];
+        timerConfig = {
+          OnCalendar = "*:0/5:0";
+          Unit = "registry.service";
+        };
+      };
+      systemd.services."registry" = {
+        serviceConfig = {
+          Type = "oneshot";
+          User = "root";
+        };
+        script = builtins.readFile ./scripts/registry.sh;
+        path = with pkgs; [ git bash su ];
+      };
+      security.sudo.extraConfig = ''
+        %nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/docker
+        %nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/reboot
+        %nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/whoami
+        %nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/nvidia-smi
+        %nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/shutdown
+        %nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/ip
+      '';
+    })
+    # g series
+    (lib.mkIf (gCfg.enable) (let
+      ipSuffix = (builtins.toString (gCfg.serial + 100)); in {
       ## network
       networking.hostName = assert (gCfg.serial > 0); "g" + (builtins.toString gCfg.serial);
       networking.search = [ "nasp" ];
@@ -198,86 +296,11 @@ in
         interfaces = [ "${gCfg.eth2Name}" ];
       };
       ## packages and services
-      environment.systemPackages = with pkgs; [
-        # custom
-        dnew
-      ];
-      systemd.timers."registry" = {
-        wantedBy = [ "timers.target" ];
-        timerConfig = {
-          OnCalendar = "*:0/5:0";
-          Unit = "registry.service";
-        };
-      };
-      systemd.services."registry" = {
-        serviceConfig = {
-          Type = "oneshot";
-          User = "root";
-        };
-        script = builtins.readFile ./scripts/registry.sh;
-        path = with pkgs; [ git bash su ];
-      };
-      ## desktop
-      services.xserver = {
-        enable = true;
-        videoDrivers = [ "nvidia" ];
-        displayManager.gdm.enable = true;
-        desktopManager.gnome = {
-          enable = true;
-          extraGSettingsOverridePackages = [ pkgs.gnome.mutter ];
-          extraGSettingsOverrides = ''
-            [org.gnome.mutter]
-            experimental-features=['scale-monitor-framebuffer']
-          '';
-        };
-        layout = "us";
-        xkbVariant = "";
-      };
-      ## docker
-      virtualisation.docker = {
-        enable = true;
-        enableNvidia = true;
-        daemon.settings = {
-          ipv6 = true;
-          fixed-cidr-v6 = "fddd:d0c1:1::/64";
-          experimental = true;
-          ip6tables = true;
-          live-restore = false;
-        };
-      };
-      ## users
-      security.sudo.extraConfig = ''
-        %nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/docker
-        %nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/reboot
-        %nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/whoami
-        %nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/nvidia-smi
-        %nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/shutdown
-        %nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/ip
-      '';
-      ## nginx
-      services.nginx = {
-        enable = true;
-        virtualHosts."default" = {
-          serverName = "_";
-          default = true;
-          locations."/" = {
-            return = "404";
-          };
-        };
-        virtualHosts."code-server" = {
-          serverName = "proxy.nasp.fit";
-          locations."~ ^/${config.networking.hostName}/([A-Za-z0-9]+)/(.*)"  = {
-            extraConfig = ''
-              rewrite "^/${config.networking.hostName}/([A-Za-z0-9]+)/(.*)" /$2 break;
-              proxy_pass "http://unix:/home2/run/$1.sock";
-              proxy_set_header Host $host;
-              proxy_set_header Upgrade $http_upgrade;
-              proxy_set_header Connection upgrade;
-              proxy_set_header Accept-Encoding gzip;
-            '';
-          };
-        };
-      };
+      nasp.docker.enable = true;
+      nasp.nvidia.enable = true;
+      nasp.registry.enable = true;
+      nasp.nginx.enable = true;
+      nasp.nginx.enableCodeServer = true;
     }))
   ]);
 }