summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Vink <ivi@vinkies.net>2023-12-02 20:40:21 +0100
committerMike Vink <ivi@vinkies.net>2023-12-02 20:42:56 +0100
commit41ebf219c1f715fd597a9ec70f57887094ff3241 (patch)
treebb4ff1135508271ae1c5b43e6e2fb94e5a6327f2
parentcf0591eef668852bece4285514b4ad64837ee9df (diff)
box
Diffstat
-rw-r--r--.sops.yaml2
-rw-r--r--flake.nix30
-rw-r--r--iso.nix21
-rw-r--r--ivi/ivi.nix6
-rw-r--r--machines/cal.nix16
-rw-r--r--profiles/core/configuration.nix4
-rw-r--r--profiles/station/nonfree.nix10
-rw-r--r--profiles/station/suckless.nix2
-rw-r--r--secrets/root.yaml34
-rw-r--r--templates/rust/flake.nix8
10 files changed, 95 insertions, 38 deletions
diff --git a/.sops.yaml b/.sops.yaml
index 1d68f48..3526bf0 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,12 +1,14 @@
keys:
- &ivi age10q9wse8dh0749ffj576q775q496pycucxlla9rjdq5rd7f4csyhqqrmkk0
- &serber age1vvr5amtuf7cyhsmc8ge8ujlzpuwvwhleqafrjg2e8mcevnq2zs3qzzqq5m
+ - &cal age1t8trmc0lpfgqg6cvt5f2prjc77tgqyw4ux8lf67xmuk2tsyjyvlsskalwc
creation_rules:
- path_regex: secrets/[^/]+\.?(yaml|json|env|ini)?$
key_groups:
- age:
- *ivi
- *serber
+ - *cal
- path_regex: secrets/lemptop/[^/]+\.?(yaml|json|env|ini)?$
key_groups:
- age:
diff --git a/flake.nix b/flake.nix
index 4c3c392..cbbdac7 100644
--- a/flake.nix
+++ b/flake.nix
@@ -23,23 +23,24 @@
let
system = "x86_64-linux";
pkgs = import nixpkgs {inherit system;};
- lib = (nixpkgs.lib.extend (_: _: home-manager.lib)).extend (import ./ivi self);
+ lib = (nixpkgs.lib.extend (_: _: home-manager.lib)).extend (import ./lib self);
# Gets module from ./machines/ and uses the lib to define which other modules
# the machine needs.
- mkSystem = name: machineConfig: with lib;
- let
- machine = ivi.machines.${name};
- in
- nixosSystem {
+ # let
+ # machine = ivi.machines.${name};
+ # in
+ mkSystem = machine: machineConfig: with lib;
+ lib.nixosSystem {
inherit lib system;
specialArgs = {inherit machine inputs;};
modules = with lib;
machine.modules
- ++ [machineConfig]
+ ++ machineConfig
++ [({ config, ... }: {
nixpkgs.overlays = with lib; [(composeManyExtensions [
(import ./overlays/vimPlugins.nix {inherit pkgs;})
+ (import ./overlays/suckless.nix {inherit pkgs; home = config.ivi.home;})
])];})
];
};
@@ -47,12 +48,11 @@
in with lib; {
inherit lib;
nixosConfigurations = with lib;
- (mapAttrs mkSystem (modulesIn ./machines)) // {
- windows = modules:
- mkSystem "wsl" ({...}: {
- imports = modules;
- });
- };
+ mapAttrs
+ (hostname: cfg:
+ mkSystem ivi.machines.${hostname} [cfg])
+ (modulesIn ./machines)
+ // { iso = (mkSystem { modules = [./iso.nix]; } []); };
deploy.nodes =
mapAttrs
@@ -76,7 +76,7 @@
templates =
mapAttrs
- (templateName: path: {inherit path;})
- (modulesIn ./templates);
+ (name: type: {path = ./templates + "/${name}";})
+ (builtins.readDir ./templates);
};
}
diff --git a/iso.nix b/iso.nix
new file mode 100644
index 0000000..c9082d0
--- /dev/null
+++ b/iso.nix
@@ -0,0 +1,21 @@
+{ lib, modulesPath, ... }: with lib; {
+ imports = [
+ "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
+ ./profiles/core/configuration.nix
+ ./profiles/core/hm.nix
+ ./profiles/core/home.nix
+ ./profiles/core/git.nix
+ ./profiles/core/meta.nix
+ ./profiles/core/neovim.nix
+ ];
+ options = {
+ secrets = mkSinkUndeclaredOptions {};
+ };
+ config = {
+ nix.settings = {
+ experimental-features = [ "nix-command" "flakes" "ca-derivations" ];
+ warn-dirty = false;
+ };
+ services.getty.autologinUser = mkForce ivi.username;
+ };
+}
diff --git a/ivi/ivi.nix b/ivi/ivi.nix
index e3a0938..542624a 100644
--- a/ivi/ivi.nix
+++ b/ivi/ivi.nix
@@ -87,6 +87,12 @@ self: lib: with lib; let
"server"
];
};
+ cal = {
+ isDeployed = true;
+ profiles = [
+ "core"
+ ];
+ };
};
};
}
diff --git a/machines/cal.nix b/machines/cal.nix
new file mode 100644
index 0000000..99b114e
--- /dev/null
+++ b/machines/cal.nix
@@ -0,0 +1,16 @@
+{ modulesPath, config, pkgs, lib, ... }: with lib; {
+ imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+
+ boot.loader.grub.device = "/dev/sda";
+ boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+ boot.initrd.kernelModules = [ "nvme" ];
+ fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
+
+ sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
+ system.stateVersion = "23.11";
+ boot.tmp.cleanOnBoot = true;
+ zramSwap.enable = true;
+ networking.hostName = "vinkies";
+ networking.domain = "net";
+ services.openssh.enable = true;
+}
diff --git a/profiles/core/configuration.nix b/profiles/core/configuration.nix
index fe7297a..e447d76 100644
--- a/profiles/core/configuration.nix
+++ b/profiles/core/configuration.nix
@@ -1,5 +1,4 @@
{
- machine,
config,
pkgs,
lib,
@@ -16,8 +15,7 @@
extraGroups = ["wheel" "networkmanager" "docker" "transmission"];
openssh.authorizedKeys.keys = ivi.sshKeys;
};
- root = mkIf machine.addroot {
- hashedPasswordFile = config.secrets.root.path;
+ root = {
openssh.authorizedKeys.keys = config.ivi.openssh.authorizedKeys.keys;
};
};
diff --git a/profiles/station/nonfree.nix b/profiles/station/nonfree.nix
index 8ea2f98..0623765 100644
--- a/profiles/station/nonfree.nix
+++ b/profiles/station/nonfree.nix
@@ -16,5 +16,15 @@
"discord-canary"
"slack"
"citrix-workspace"
+ "steam"
+ "steam-original"
+ "steam-run"
];
+
+ programs.steam = {
+ enable = true;
+ remotePlay.openFirewall = true;
+ dedicatedServer.openFirewall = true;
+ };
+ hardware.opengl.driSupport32Bit = true;
}
diff --git a/profiles/station/suckless.nix b/profiles/station/suckless.nix
index 9fb78d2..abdaf54 100644
--- a/profiles/station/suckless.nix
+++ b/profiles/station/suckless.nix
@@ -28,6 +28,8 @@
"100:name *= 'Firefox'"
"100:name *= 'mpv'"
"100:name *= 'LibreWolf'"
+ "100:name *= 'Steam'"
+ "100:name *= 'Risk of Rain'"
];
settings = {
inactive-opacity-override = false;
diff --git a/secrets/root.yaml b/secrets/root.yaml
index d708ac8..ece2386 100644
--- a/secrets/root.yaml
+++ b/secrets/root.yaml
@@ -1,5 +1,6 @@
serber: ENC[AES256_GCM,data:YJLm1K1eW7QPFN5t3j1ni+J5m9hZemDBMHy/1X8CcMfoMPn/OJDpN4Hyz0CvdblxDNrHHCYGhDPJjZIt,iv:5j1/9sthguwv7a6JD/7OwbKB+jaj+E+ezA0/TiHHsSw=,tag:x690F9djFbnvtGbXeOFytQ==,type:str]
lemptop: ENC[AES256_GCM,data:Ga7/9T9r2yPui30iGDN0XJ8kGYkBz4AILHMHpTo0kuT2DQiMoW0cVypABZK84hnVZcooATWpNHNoiFGs,iv:YcZEmRGeHg6RZmPpJueLlf2VznAenP5e40D7DHsKiOc=,tag:I57ssbo2CBIGLfnLlG25Ig==,type:str]
+cal: ENC[AES256_GCM,data:FV9wdQ4IXvQe+KaqdVyaWkrhQu5lpeWkH5Zcz2isY/nrxWF/yAj8hNdXbzwvyzxQ7P3nd90kxSh5+BU5,iv:/bs7ERZucexZff/VJoDj5S3ANrVHwsDA9uO/Jr+NsmA=,tag:Y7OtAiflkpM3kLnKye2Wjw==,type:str]
sops:
kms: []
gcp_kms: []
@@ -9,23 +10,32 @@ sops:
- recipient: age10q9wse8dh0749ffj576q775q496pycucxlla9rjdq5rd7f4csyhqqrmkk0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYd1p1c3B2aVZTOS85em9q
- TmxSemF3SUV1d2g4U0JzakdFZ1NHL09DZlh3ClpFbm1vNTBiRzF0dm9ZSVRYdXlE
- M0VlZEMzS1B6b0ZhOFFHV3dkYXBPMmMKLS0tIHFNY0JVNnZSQ205RHFldTFDYjl0
- cWJqempFUmczdXYvR3ZHUWVncjhKWUkKu/iUfUPhX/aUF7vgSv854B9rLW8PBw09
- ZltQOfC8WeNENIdeSeZA7WyjJlqVyGosfGHHbW0f5XCcIvqVTkJDOw==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1UzY4ZGU2T25acERnaDB2
+ UXh4eU1nbEg5Z0JYMXlLcms4OG9ZQXJrM2lVCnJ2WTAvcVFHdk50U00vV1loQUJz
+ YWEvN09UYXVpOE52RERFc1RlWXZsdmsKLS0tIFliMkwzaGUwNmt0ZVJNRFdKUkN2
+ bHNvSW5ZbXBLeG1HWWtFcmNLUjN1SlEKThAwYUzXW3uht56zrAhfBQ4YYRK3JJN1
+ IF165Ndn0LvxH6jh8ag8RcgO7HnMVzlcVW1Jkmygw6uj8q0K1WQ/TA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vvr5amtuf7cyhsmc8ge8ujlzpuwvwhleqafrjg2e8mcevnq2zs3qzzqq5m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzL0pIZllnWXJqdDNUbDlq
- NWJqcmdHNWUySm1pRDJGNDhiSVN1WjRON0I4CktibnNJQ3ZaUW5jVnlkZG9kMEYr
- NWRkYXlaWkJRckJvMGlRRTYvSmZzaGcKLS0tIEFpY0VJVkFpcGRTK3JpV2lNSkdr
- K0FPbllRQTMzR3pSSFVzTCtxeVJ0NFUKr6T8u0oSunUM6RuAd1J5KWqP4xW39e8T
- uUzgaPM2pSnAC402o/uyCMuybpO+30YWQ+h0Pp44JPIpnTc+6HfIwg==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArdlNYM2xkSnl5RVlLS2ZN
+ V04yN2piOWFTSWRNS2JDblROcCtLTTZEZVhNCnFqWHRscjZjMEhHcmhlNG1xTFMr
+ Z29tdFcrYkVWUkhUcmR3TElFa2lvSTgKLS0tIDh5SUtmclN0WnM2MWhKMjRxNElI
+ dTMvTGNxVFBlRy9nMlU1OGxPc29MVlUKWUPvkdAlKPtlKqrMlPQda2Y15m9etRyp
+ BlG585AtfYJ9JxLGbe91tTs8/rvBGAgRWvPgj+2aM3PwSZJ/MzRv4Q==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2023-10-19T19:56:05Z"
- mac: ENC[AES256_GCM,data:7baNI4pP8p2yW+FtvN9XVp3qmj3bgFzwLHYCSA7MzEOIG1hZu66+NUhktGHMfKv8bbpP5KcKckcK4BlDdmjPl24LJPkaKUoE1xGgTmv5gKIfB+oTtGHgkwGs72A7VY2DawORrBfS6vKEVu72p//9XRiOlOCuMZqnXIwQZcQLWsw=,iv:xlQ7Ganm/XV18gNJjNao8OxeUmN70EyNZpmeo6RCfts=,tag:UrIl7XpxiePpvn7CqA47Zg==,type:str]
+ - recipient: age1t8trmc0lpfgqg6cvt5f2prjc77tgqyw4ux8lf67xmuk2tsyjyvlsskalwc
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNWlBiQ3N6bkFLM2M2d2dZ
+ b0J1Q2lPakJkT0x0QTg0U25Ld0prYmtDc0d3CmZqY1ZNaHVZNzhrZ0FVQmwwdjJr
+ ZTRqRGxSaGNibVBVSjlWS0NyU3E2VmMKLS0tIDBqcVl4cGoxc2FiZlRLc3JFdmxK
+ ZGFRN0dOTjZldlEvRFF0VWg4QWl1eDgKjoVYWCnteTH7bN1AMoyZA885u4eG7OCu
+ VwV0Nue13e5GRP6C7Ot6DEBlOzj0xJqE8ll9yAAUwyfn4/GzEagzyQ==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2023-11-09T21:52:07Z"
+ mac: ENC[AES256_GCM,data:/EtDIoCPQqwDJDfBh6/UqlMVrXcWgk7BUNiNZHoCkIY8ZAIQlU1NQIFKvQ9sV/K/gqheV3Pw73Tv533Z2BGKFIY3sNUGW05XdEDvv+QAq4kAZWbPtYPDNI8AFXfyTSFv8q4sa284gWiOtGJ4rHJ7kbzaEpyqxVWMqpfwCLEQ0lU=,iv:ykZ5yswTRRmZIPs86jvaq+bD846qPUJjsTSqwRdL4N4=,tag:kVlJmNNfL+69JroGQJua5A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.0
diff --git a/templates/rust/flake.nix b/templates/rust/flake.nix
index 8a75f83..4196ad9 100644
--- a/templates/rust/flake.nix
+++ b/templates/rust/flake.nix
@@ -24,14 +24,6 @@
inputsFrom = [
config.treefmt.build.devShell
];
- shellHook = ''
- # For rust-analyzer 'hover' tooltips to work.
- export RUST_SRC_PATH=${pkgs.rustPlatform.rustLibSrc}
-
- echo
- echo "🍎🍎 Run 'just <recipe>' to get started"
- just
- '';
buildInputs = nonRustDeps;
nativeBuildInputs = with pkgs; [
just
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-12 18:09:10 +0000