nomad/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'vps-host' of https://github.com/nomadics9/nixcfg into vps-host

Browse source
This commit is contained in:
nomadics9 2024-10-18 18:36:10 +03:00
commit dd243a1e63
12 changed files with 312 additions and 183 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
.sops.yaml Normal file
View file

@ -0,0 +1,10 @@
keys:
- &primary age16yxxp5lqg63zzh3s0f82lpslgc3phy6ugcqdnhh8y7fak65zrqkshjxt25
- &ssh_key ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICqA7j8hk3+k0b04eDxuoUakldqKrP0aatLm+CREjFJe
creation_rules:
- path_regex: secrets/secrets.yaml$
key_groups:
- age:
- *primary
- pgp:
- *ssh_key

199
flake.lock
View file

@ -1,5 +1,46 @@
{
"nodes": {
"arion": {
"inputs": {
"flake-parts": "flake-parts",
"haskell-flake": "haskell-flake",
"hercules-ci-effects": "hercules-ci-effects",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1722825873,
"narHash": "sha256-bFNXkD+s9NuidZePiJAjjFUnsMOwXb7hEZ4JEDdSALw=",
"owner": "hercules-ci",
"repo": "arion",
"rev": "90bc85532767c785245f5c1e29ebfecb941cf8c9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "arion",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1729099656,
"narHash": "sha256-VftVIg7UXTy1bq+tzi1aVYOWl7PQ35IpjW88yMYjjpc=",
"owner": "nix-community",
"repo": "disko",
"rev": "d7d57edb72e54891fa67a6f058a46b2bb405663b",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"dotfiles": {
"flake": false,
"locked": {
@ -16,6 +57,86 @@
"url": "https://github.com/nomadics9/dotfiles.git"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"arion",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"arion",
"hercules-ci-effects",
"nixpkgs"
]
},
"locked": {
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github"
},
"original": {
"id": "flake-parts",
"type": "indirect"
}
},
"haskell-flake": {
"locked": {
"lastModified": 1675296942,
"narHash": "sha256-u1X1sblozi5qYEcLp1hxcyo8FfDHnRUVX3dJ/tW19jY=",
"owner": "srid",
"repo": "haskell-flake",
"rev": "c2cafce9d57bfca41794dc3b99c593155006c71e",
"type": "github"
},
"original": {
"owner": "srid",
"ref": "0.1.0",
"repo": "haskell-flake",
"type": "github"
}
},
"hercules-ci-effects": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": [
"arion",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719226092,
"narHash": "sha256-YNkUMcCUCpnULp40g+svYsaH1RbSEj6s4WdZY/SHe38=",
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"rev": "11e4b8dc112e2f485d7c97e1cee77f9958f498f5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -23,11 +144,11 @@
]
},
"locked": {
"lastModified": 1728903686,
"narHash": "sha256-ZHFrGNWDDriZ4m8CA/5kDa250SG1LiiLPApv1p/JF0o=",
"lastModified": 1729165983,
"narHash": "sha256-gtcodl79t5ZbbX4TSx4RNyggasEvLdVnc/IM+RyxqJw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e1aec543f5caf643ca0d94b6a633101942fd065f",
"rev": "78a7a070bbcc3b37cc36080c2a3514207d427b3b",
"type": "github"
},
"original": {
@ -38,16 +159,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1728492678,
"narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
"owner": "nixos",
"lastModified": 1725194671,
"narHash": "sha256-tLGCFEFTB5TaOKkpfw3iYT9dnk4awTP/q4w+ROpMfuw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
"rev": "b833ff01a0d694b910daca6e2ff4a3f26dee478c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
@ -68,12 +189,68 @@
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1728156290,
"narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "17ae88b569bb15590549ff478bab6494dde4a907",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1728888510,
"narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"arion": "arion",
"disko": "disko",
"dotfiles": "dotfiles",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable"
"nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1728345710,
"narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
}
},

48
flake.nix
View file

@ -8,6 +8,16 @@
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs"; # Pin sops-nix to follow nixpkgs
};
arion = {
url = "github:hercules-ci/arion";
inputs.nixpkgs.follows = "nixpkgs";
};
disko.url = "github:nix-community/disko";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-23.11";
@ -19,7 +29,7 @@
outputs = { self, home-manager, nixpkgs, dotfiles, ... }@inputs:
outputs = { self, home-manager, nixpkgs, dotfiles, sops-nix, arion, disko, ... }@inputs:
let
inherit (self) outputs;
systems = [
@ -31,23 +41,51 @@
];
forAllSystems = nixpkgs.lib.genAttrs systems;
user = "nomad";
hostname = "unkown";
hostname = "vps";
in
{
packages =
forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
overlays = import ./overlays { inherit inputs; };
nixosConfigurations = {
${hostname} = nixpkgs.lib.nixosSystem {
unkown = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs outputs user hostname; };
modules = [ ./hosts/${hostname} ];
modules = [
./hosts/${hostname}
sops-nix.nixosModules.sops
arion.nixosModules.arion
];
};
homelab = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs outputs user; };
modules = [
./hosts/homelab
arion.nixosModules.arion
disko.nixosModules.disko
sops-nix.nixosModules.sops
];
};
vps = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs outputs user; };
modules = [
./hosts/vps
arion.nixosModules.arion
disko.nixosModules.disko
sops-nix.nixosModules.sops
];
};
};
homeConfigurations = {
"${user}@${hostname}" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages."x86_64-linux";
extraSpecialArgs = { inherit inputs outputs user; };
modules = [ ./home/${user}/${hostname}.nix ];
modules = [
./home/${user}/${hostname}.nix
];
};
};
};

6
home/common/default.nix
View file

@ -29,7 +29,11 @@
nix = {
package = lib.mkDefault pkgs.nix;
settings = {
experimental-features = [ "nix-command" "flakes" "repl-flake" ];
experimental-features = [
"nix-command"
"flakes"
#"repl-flake"
];
warn-dirty = false;
};
};

1
home/features/cli/default.nix
View file

@ -22,6 +22,5 @@
zip
exiftool
nvtopPackages.full
cava
];
}

141
home/nomad/home.nix
View file

@ -1,141 +0,0 @@
# This is a default home.nix generated by the follwing hone-manager command
#
# home-manager init ./
{ config, lib, pkgs, user, ... }:
{
home.username = lib.mkDefault user;
home.homeDirectory = lib.mkDefault "/home/${config.home.username}";
# This value determines the Home Manager release that your configuration is
# compatible with. This helps avoid breakage when a new Home Manager release
# introduces backwards incompatible changes.
#
# You should not change this value, even if you update Home Manager. If you do
# want to update the value, then make sure to first check the Home Manager
# release notes.
home.stateVersion = "24.05"; # Please read the comment before changing.
# The home.packages option allows you to install Nix packages into your
# environment.
home.packages = with pkgs; [
# Essentials
kitty
firefox
# Apps
vlc
amberol
webcord
bottles
cava
ryujinx
mullvad-vpn
transmission_4-gtk
obsidian
tailscale
syncthing
qsyncthingtray
htop
nvtopPackages.full
exiftool
moonlight-qt
kdePackages.kdeconnect-kde
# Dev
go
python3
nim
bun
pocketbase
edgedb
bruno
ripgrep
zip
#zed-fhs
# android-studio
# android-tools
jre17_minimal
# Nvim-Lua
lua-language-server
cowsay
# # Adds the 'hello' command to your environment. It prints a friendly
# # "Hello, world!" when run.
# pkgs.hello
# # It is sometimes useful to fine-tune packages, for example, by applying
# # overrides. You can do that directly here, just don't forget the
# # parentheses. Maybe you want to install Nerd Fonts with a limited number of
# # fonts?
# (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; })
# # You can also create simple shell scripts directly inside your
# # configuration. For example, this adds a command 'my-hello' to your
# # environment:
# (pkgs.writeShellScriptBin "my-hello" ''
# echo "Hello, ${config.home.username}!"
# '')
];
# Home Manager is pretty good at managing dotfiles. The primary way to manage
# plain files is through 'home.file'.
home.file = {
# # Building this configuration will create a copy of 'dotfiles/screenrc' in
# # the Nix store. Activating the configuration will then make '~/.screenrc' a
# # symlink to the Nix store copy.
# ".screenrc".source = dotfiles/screenrc;
# # You can also set the file content immediately.
# ".gradle/gradle.properties".text = ''
# org.gradle.console=verbose
# org.gradle.daemon.idletimeout=3600000
# '';
};
# Home Manager can also manage your environment variables through
# 'home.sessionVariables'. If you don't want to manage your shell through Home
# Manager then you have to manually source 'hm-session-vars.sh' located at
# either
#
# ~/.nix-profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# /etc/profiles/per-user/m3tam3re/etc/profile.d/hm-session-vars.sh
#
home.sessionVariables = {
BROWSER = "firefox";
EDITOR = "nvim";
TERMINAL = "kitty";
NIXOS_OZONE_WL = "1";
MOZ_ENABLE_WAYLAND = "1";
SDL_VIDEODRIVER = "wayland";
_JAVA_AWT_WM_NONREPARENTING = "1";
MOZ_DRM_DEVICE = "/dev/dri/card0:/dev/dri/card1";
WLR_DRM_DEVICES = "/dev/dri/card0:/dev/dri/card1";
#WLR_NO_HARDWARE_CURSORS = "1"; # if no cursor,uncomment this line
GBM_BACKEND = "nvidia-drm";
CLUTTER_BACKEND = "wayland";
LIBVA_DRIVER_NAME = "iHD";
WLR_RENDERER = "vulkan";
VK_DRIVER_FILES = "/run/opengl-driver/share/vulkan/icd.d/nvidia_icd.x86_64.json";
__GLX_VENDOR_LIBRARY_NAME = "nvidia";
__NV_PRIME_RENDER_OFFLOAD = "1";
XDG_CURRENT_DESKTOP = "Hyprland";
XDG_SESSION_DESKTOP = "Hyprland";
XDG_SESSION_TYPE = "wayland";
GTK_USE_PORTAL = "1";
GTK_THEME = "Nightfox-dark";
XDG_CACHE_HOME = "${config.home.homeDirectory}/.cache";
XDG_CONFIG_HOME = "${config.home.homeDirectory}/.config";
XDG_BIN_HOME = "${config.home.homeDirectory}/.nix-profile/bin";
XDG_DATA_HOME = "${config.home.homeDirectory}/.local/share";
};
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
}

2
home/nomad/unkown.nix
View file

@ -5,7 +5,7 @@
../features/cli
../features/desktop
../features/themes
./home.nix
./unkown/home.nix
];
features = {

2
hosts/common/default.nix
View file

@ -4,6 +4,8 @@
imports = [
./users
./services
./homelab
./vps
inputs.home-manager.nixosModules.home-manager
];

1
hosts/common/services/default.nix
View file

@ -1,7 +1,6 @@
{
imports = [
./vm.nix
./vfio.nix
./steam.nix
./polkit.nix
./appimage.nix

38
hosts/common/users/nomad.nix
View file

@ -4,7 +4,8 @@
, user
, ...
}: {
users.users.${user} = {
users.users = {
${user} = {
initialPassword = "4321";
isNormalUser = true;
shell = pkgs.zsh;
@ -21,9 +22,44 @@
"kvm"
"qemu-libvirtd"
"docker"
"key"
];
packages = [ inputs.home-manager.packages.${pkgs.system}.default ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICqA7j8hk3+k0b04eDxuoUakldqKrP0aatLm+CREjFJe"
];
};
root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICqA7j8hk3+k0b04eDxuoUakldqKrP0aatLm+CREjFJe"
];
extraGroups = [ "key" ];
};
};
# Decrypt the secrets file using sops-nix with age
sops.secrets = {
DUFS_USERNAME = { };
DUFS_PASSWORD = { };
NEXTCLOUD_DB_USERNAME = { };
NEXTCLOUD_DB_PASSWORD = { };
NEXTCLOUD_DB = { };
};
sops.templates."my-env.env".content = ''
DUFS_USERNAME = "${config.sops.placeholder.DUFS_USERNAME}"
DUFS_PASSWORD = "${config.sops.placeholder.DUFS_PASSWORD}"
NEXTCLOUD_DB_USERNAME = "${config.sops.placeholder.NEXTCLOUD_DB_USERNAME}"
NEXTCLOUD_DB_PASSWORD = "${config.sops.placeholder.NEXTCLOUD_DB_PASSWORD}"
NEXTCLOUD_DB = "${config.sops.placeholder.NEXTCLOUD_DB}"
'';
users.users = { };
programs.zsh.enable = true;
home-manager.users.${user} =
import ../../../home/${user}/${config.networking.hostName}.nix;

10
hosts/unkown/configuration.nix
View file

@ -1,4 +1,4 @@
{ pkgs, hostname, ... }: {
{ pkgs, hostname, inputs, user, ... }: {
imports = [
# Include the results of the hardware scan.
@ -21,7 +21,7 @@
common.services.nautilus.enable = true;
# Virtual Box (Virt-Manager) and GPU Passthru. you have to configure hosts/services/vfio.nix for passthrough to work!
common.services.vm.enable = true;
common.services.vfio.enable = false;
#common.services.vfio.enable = false;
# AppStores
common.services.appimage.enable = true;
common.services.steam.enable = true;
@ -37,6 +37,12 @@
# Ntfs support
boot.supportedFilesystems = [ "ntfs" ];
sops = {
age.keyFile = "/etc/nixos/sops/age/keys.txt";
defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
};
# Enable GDM Login Manager

1
hosts/unkown/hardware-configuration.nix
View file

@ -12,7 +12,6 @@
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{