diff options
34 files changed, 754 insertions, 685 deletions
@@ -105,6 +105,22 @@ "type": "github" } }, + "flake-compat_4": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -113,11 +129,11 @@ ] }, "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", "type": "github" }, "original": { @@ -135,11 +151,11 @@ ] }, "locked": { - "lastModified": 1709336216, - "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", + "lastModified": 1712014858, + "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", + "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", "type": "github" }, "original": { @@ -162,87 +178,94 @@ "type": "github" } }, - "flake-utils_2": { + "git-hooks": { "inputs": { - "systems": "systems_2" + "flake-compat": "flake-compat_3", + "gitignore": "gitignore", + "nixpkgs": [ + "neovim-nightly-overlay", + "nixpkgs" + ], + "nixpkgs-stable": [ + "neovim-nightly-overlay", + "nixpkgs" + ] }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "lastModified": 1720524665, + "narHash": "sha256-ni/87oHPZm6Gv0ECYxr1f6uxB0UKBWJ6HvS7lwLU6oY=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "8d6a17d0cdf411c55f12602624df6368ad86fac1", "type": "github" }, "original": { - "owner": "numtide", - "repo": "flake-utils", + "owner": "cachix", + "repo": "git-hooks.nix", "type": "github" } }, - "hercules-ci-effects": { + "gitignore": { "inputs": { - "flake-parts": "flake-parts_2", "nixpkgs": [ "neovim-nightly-overlay", + "git-hooks", "nixpkgs" ] }, "locked": { - "lastModified": 1710478346, - "narHash": "sha256-Xjf8BdnQG0tLhPMlqQdwCIjOp7Teox0DP3N/jjyiGM4=", + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", "owner": "hercules-ci", - "repo": "hercules-ci-effects", - "rev": "64e7763d72c1e4c1e5e6472640615b6ae2d40fbf", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", "type": "github" }, "original": { "owner": "hercules-ci", - "repo": "hercules-ci-effects", + "repo": "gitignore.nix", "type": "github" } }, - "home-manager": { + "hercules-ci-effects": { "inputs": { + "flake-parts": "flake-parts_2", "nixpkgs": [ + "neovim-nightly-overlay", "nixpkgs" ] }, "locked": { - "lastModified": 1713539802, - "narHash": "sha256-aub7mcsDv5J6PcYNxcLUCIaNGNlInPCAYYoCA1x76oY=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "1f305c363ecd7c6505f03fc7baba15505f3aa630", + "lastModified": 1719226092, + "narHash": "sha256-YNkUMcCUCpnULp40g+svYsaH1RbSEj6s4WdZY/SHe38=", + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "rev": "11e4b8dc112e2f485d7c97e1cee77f9958f498f5", "type": "github" }, "original": { - "owner": "nix-community", - "repo": "home-manager", + "owner": "hercules-ci", + "repo": "hercules-ci-effects", "type": "github" } }, - "neovim-flake": { + "home-manager": { "inputs": { - "flake-utils": "flake-utils_2", "nixpkgs": [ - "neovim-nightly-overlay", "nixpkgs" ] }, "locked": { - "dir": "contrib", - "lastModified": 1713476725, - "narHash": "sha256-OBDeB3+2hgWqABtqg+PwfjbWzL49dmJeG32qOEzhtUY=", - "owner": "neovim", - "repo": "neovim", - "rev": "13ebfafc958c6feb4d908eed913c6dc3c6f05b4e", + "lastModified": 1720734513, + "narHash": "sha256-neWQ8eNtLTd+YMesb7WjKl1SVCbDyCm46LUgP/g/hdo=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "90ae324e2c56af10f20549ab72014804a3064c7f", "type": "github" }, "original": { - "dir": "contrib", - "owner": "neovim", - "repo": "neovim", + "owner": "nix-community", + "repo": "home-manager", "type": "github" } }, @@ -250,16 +273,17 @@ "inputs": { "flake-compat": "flake-compat_2", "flake-parts": "flake-parts", + "git-hooks": "git-hooks", "hercules-ci-effects": "hercules-ci-effects", - "neovim-flake": "neovim-flake", + "neovim-src": "neovim-src", "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1713485028, - "narHash": "sha256-bl1EURik5le68rLBcHsfLKyPtEPlumhcA5kKOx88zkQ=", + "lastModified": 1720861673, + "narHash": "sha256-gh34LtCLvXCd/Xyk33mgQU3QqNyJ7ZwJj59c4Qdad78=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "403633f6af2703c057707b31b1ca6bec00bdaaca", + "rev": "34b8101a10dfb4cb38832a17ef33281d59e2b2b3", "type": "github" }, "original": { @@ -268,6 +292,22 @@ "type": "github" } }, + "neovim-src": { + "flake": false, + "locked": { + "lastModified": 1720816717, + "narHash": "sha256-C8bdG2wrI29afHI1705W37M7CPudz5117YafiBlW0Y4=", + "owner": "neovim", + "repo": "neovim", + "rev": "10256bb760fcab0dc25f7eb5b0b45966cb771939", + "type": "github" + }, + "original": { + "owner": "neovim", + "repo": "neovim", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -319,11 +359,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1713349283, - "narHash": "sha256-2bjFu3+1zPWZPPGqF+7rumTvEwmdBHBhjPva/AMSruQ=", + "lastModified": 1720750130, + "narHash": "sha256-y2wc7CdK0vVSIbx7MdVoZzuMcUoLvZXm+pQf2RIr1OU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2e359fb3162c85095409071d131e08252d91a14f", + "rev": "6794d064edc69918bb0fc0e0eda33ece324be17a", "type": "github" }, "original": { @@ -335,11 +375,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1717196966, - "narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=", + "lastModified": 1720768451, + "narHash": "sha256-EYekUHJE2gxeo2pM/zM9Wlqw1Uw2XTJXOSAO79ksc4Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "57610d2f8f0937f39dbd72251e9614b1561942d8", + "rev": "7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9", "type": "github" }, "original": { @@ -395,7 +435,7 @@ "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "nixpkgs": "nixpkgs_4", "utils": "utils_2" }, @@ -462,21 +502,6 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "utils": { "inputs": { "systems": "systems" @@ -497,7 +522,7 @@ }, "utils_2": { "inputs": { - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1709126324, @@ -29,90 +29,123 @@ deploy-rs, ... }: let - system = "x86_64-linux"; - pkgs = import nixpkgs {inherit system;}; - lib = (nixpkgs.lib.extend (_: _: home-manager.lib)).extend (import ./ivi self); - - # Gets module from ./machines/ and uses the lib to define which other modules - # the machine needs. - mkSystem = machine: machineConfig: - with lib; - lib.nixosSystem { - inherit lib system; - specialArgs = {inherit self machine inputs;}; - modules = with lib; - machine.modules - ++ [inputs.home-manager.nixosModules.default] - ++ machineConfig + lib = + (nixpkgs.lib.extend + (_: _: home-manager.lib)).extend + (import ./lib inputs); + in + with lib; rec { + inherit lib; + nixosConfigurations = mkSystems { + lemptop = { + system = "x86_64-linux"; + modules = + [ + ./machines/lemptop.nix + ] + ++ modulesIn ./profiles/core + ++ modulesIn ./profiles/graphical + ++ modulesIn ./profiles/station + ++ modulesIn ./profiles/email ++ [ - ({config, ...}: { - nixpkgs.overlays = with lib; [ - (composeManyExtensions [ - (import ./overlays/vimPlugins.nix {inherit pkgs;}) - (import ./overlays/openpomodoro-cli.nix {inherit pkgs lib;}) - (import ./overlays/fzf.nix {inherit pkgs lib;}) - inputs.neovim-nightly-overlay.overlay - ]) - ]; - }) + (import ./profiles/netboot/system.nix nixosConfigurations.pump) ]; + opts = { + isStation = true; + syncthing = { + enable = true; + id = "TGRWV6Z-5CJ4KRI-4VDTIUE-UA5LQYS-3ARZGNK-KL7HGXP-352PB5Q-ADTV6Q2"; + }; + }; + }; + + pump = { + system = "x86_64-linux"; + modules = + [ + ./machines/pump-netboot.nix + ./profiles/core/configuration.nix + ./profiles/core/syncthing.nix + ./profiles/core/secrets.nix + ./profiles/core/hm.nix + ] + ++ modulesIn ./profiles/homeserver; + opts = { + isServer = true; + ipv4 = [ "192.168.2.13" ]; + ipv6 = [ "2a02:a46b:ee73:1:c240:4bcb:9fc3:71ab" ]; + tailnet = { + ipv4 = "100.90.145.95"; + ipv6 = "fd7a:115c:a1e0::e2da:915f"; + nodeKey = "nodekey:dcd737aab30c21eb4f44a40193f3b16a8535ffe2fb5008904b39bb54e2da915e"; + }; + syncthing = { + enable = false; + # id = "7USTCMT-QZTLGPL-5FCRKJW-BZUGMOS-H7D2TTK-F4COYPG-5D7VUO2-QFME2AS"; + }; + }; + }; + + serber = { + system = "x86_64-linux"; + modules = + [ + ./machines/serber.nix + ] + ++ modulesIn ./profiles/core + ++ modulesIn ./profiles/server; + opts = { + isServer = true; + ipv4 = [ "65.109.143.65" ]; + ipv6 = [ "2a01:4f9:c012:ccc2::1" ]; + }; }; - in - with lib; { - inherit lib; - nixosConfigurations = with lib; - mapAttrs - (hostname: cfg: - mkSystem ivi.machines.${hostname} [cfg]) - (modulesIn ./machines); - # // { - # windows = windowsModules: let - # wsl = recursiveUpdate ivi.machines.wsl {modules = ivi.machines.wsl.modules ++ windowsModules;}; - # in (mkSystem wsl []); - # iso = mkSystem {modules = [./iso.nix];} []; - # }; - darwinConfigurations."work" = let - machine = ivi.machines."work"; - system = "aarch64-darwin"; - pkgs = import nixpkgs {inherit system;}; - lib = (nixpkgs.lib.extend (_: _: home-manager.lib)).extend (import ./ivi self); - in - inputs.nix-darwin.lib.darwinSystem - { - inherit lib system; - specialArgs = {inherit self machine inputs;}; + work = { + system = "aarch64-darwin"; modules = [ ./machines/work.nix - inputs.home-manager.darwinModules.default ] - ++ (attrValues (modulesIn ./profiles/core)) - ++ (attrValues (modulesIn ./profiles/station)) - ++ [ - ({config, ...}: { - nixpkgs.overlays = with lib; [ - (composeManyExtensions [ - (import ./overlays/vimPlugins.nix {inherit pkgs;}) - (import ./overlays/openpomodoro-cli.nix {inherit pkgs lib;}) - (import ./overlays/fzf.nix {inherit pkgs lib;}) - inputs.neovim-nightly-overlay.overlay - ]) - ]; - }) - ]; + ++ modulesIn ./profiles/core; + opts = { + isDarwin = true; + syncthing = { + enable = true; + id = "GR5MHK2-HDCFX4I-Y7JYKDN-EFTQFG6-24CXSHB-M5C6R3G-2GWX5ED-VEPAQA7"; + }; + }; + }; + + vm-aarch64 = { + system = "aarch64-linux"; + modules = + [ + ./machines/vm-aarch64.nix + ] + ++ modulesIn ./profiles/core + ++ modulesIn ./profiles/graphical; + opts = { + isStation = true; + syncthing = { + enable = true; + id = "LDZVZ6H-KO3BKC6-FMLZOND-MKXI4DF-SNT27OT-Q5KMN2M-A2DYFNQ-3BWUYA6"; + }; + }; }; + }; - deploy.nodes = - mapAttrs - (hostname: machine: { - hostname = hostname + "." + ivi.domain; + deploy.nodes = { + pump = { + hostname = "192.168.2.13"; # hostname + "." + my.domain; sshUser = "root"; - profiles.system.path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${hostname}; - }) - (filterAttrs (_: machine: machine.isServer) ivi.machines); + profiles.system.path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.pump; + }; + }; - devShells."${system}".hetzner = pkgs.mkShell { + devShells.x86_64-linux.hetzner = let + pkgs = (import nixpkgs {system = "x86_64-linux";}); + in with pkgs; mkShell { name = "deploy"; buildInputs = [ pkgs.bashInteractive @@ -123,9 +156,9 @@ ''; }; - templates = - mapAttrs - (name: type: {path = ./templates + "/${name}";}) - (builtins.readDir ./templates); + # templates = + # mapAttrs + # (name: type: {path = ./templates + "/${name}";}) + # (builtins.readDir ./templates); }; } diff --git a/ivi/default.nix b/ivi/default.nix deleted file mode 100644 index 7b80611..0000000 --- a/ivi/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -self: lib: prev: with lib; { - modulesIn = dir: pipe dir [ - builtins.readDir - (mapAttrsToList (name: type: - if type == "regular" && hasSuffix ".nix" name && name != "default.nix" then - [ { name = removeSuffix ".nix" name; value = dir + "/${name}"; } ] - else if type == "directory" && pathExists (dir + "/${name}/default.nix") then - [ { inherit name; value = dir + "/${name}"; } ] - else - [] - )) - concatLists - listToAttrs - ]; - - # Collects the inputs of a flake recursively (with possible duplicates). - collectFlakeInputs = input: - [ input ] ++ concatMap collectFlakeInputs (builtins.attrValues (input.inputs or {})); - - ivi = import ./ivi.nix self lib; -} diff --git a/ivi/ivi.nix b/ivi/ivi.nix deleted file mode 100644 index 76af405..0000000 --- a/ivi/ivi.nix +++ /dev/null @@ -1,206 +0,0 @@ -self: lib: with lib; let - modules = [ - { - options.machines = mkOption { - description = "Lookup for static info needed to configure machines"; - default = {}; - type = with types; attrsOf (submodule ({ name, config, ... }: { - freeformType = attrs; - options = { - modules = mkOption { - description = "Final list of modules to import"; - type = listOf str; - default = []; - }; - profiles = mkOption { - description = "List of profiles to use"; - type = listOf str; - default = []; - }; - hostname = mkOption { - description = "The machine's hostname"; - type = str; - readOnly = true; - default = name; - }; - ipv4 = mkOption { - description = "The machines public IPv4 addresses"; - type = listOf str; - default = []; - }; - ipv6 = mkOption { - description = "The machines public IPv6 addresses"; - type = listOf str; - default = []; - }; - isStation = mkOption { - description = "The machine is a desktop station"; - type = bool; - default = false; - }; - isServer = mkOption { - description = "The machine is a server"; - type = bool; - default = false; - }; - isFake = mkOption { - description = "The machine is a fake machine"; - type = bool; - default = false; - }; - isDarwin = mkOption { - description = "The machine is a fake machine"; - type = bool; - default = false; - }; - tailnet = mkOption { - default = {}; - type = with types; attrsOf (submodule ({ name, config, ... }: { - options = { - ipv4 = mkOption { - description = "The machine's tailnet IPv4 address"; - type = str; - default = null; - }; - ipv6 = mkOption { - description = "The machine's tailnet IPv6 address"; - type = str; - default = null; - }; - nodeKey = mkOption { - description = "The machine's tailnet public key"; - type = str; - default = null; - }; - }; - })); - }; - syncthing = mkOption { - default = {}; - type = with types; submodule { - freeformType = attrs; - options = { - id = mkOption { - description = "The machine's syncting public id"; - type = str; - default = ""; - }; - enable = mkEnableOption "Add to syncthing cluster"; - }; - }; - }; - }; - config = { - modules = - (concatMap - (p: (attrValues (modulesIn (self + "/profiles/" + p)))) - ivi.machines.${name}.profiles - ); - }; - })); - }; - config = { - _module.freeformType = with types; attrs; - - username = "ivi"; - githubUsername = "ivi-vink"; - realName = "Mike Vink"; - domain = "vinkies.net"; - email = "ivi@vinkies.net"; - sshKeys = [ - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPZHOBNQdo5oBnQ8f147QtelhLmYItiruoNfoHF89qrJAAAABHNzaDo= ivi@lemptop" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDqsfYS7sOLfLWvGTmxT2QYGkbXJ5kREFl42n3jtte5sLps76KECgKqEjA4OLhNZ51lKFBDzcn1QOUl3RN4+qHsBtkr+02a7hhf1bBLeb1sx6+FVXdsarln5lUF/NMcpj6stUi8mqY4aQ21jQKxZsGip9fI8fx3HtXYCVhIarRbshQlwDqTplJBLDtrnmWTprxVnz1xSZRr3euXsIh1FFQZI6klPPBa6qFJtWWtGNBCRr8Sruo6I4on7QjNyW/s1OgiNAR0N2IO9wCdjlXrjNnFEAaMrpDpZde7eULbiFP2pHYVVy/InwNhhePYkeBh/4BzlaUZVv6gXsX7wOC5OyWaXbbMzWEopbnqeXXLwNyOZ88YpN/c+kZk2/1CHl+xmlVGAr9TnZ9VST5Y4ZAEqq8OKoP3ZcchAWxWjzTgPogSfiIAP/n5xrgB+8uRZb/gkN+I7RTQKGrS2Ex7gfkj39beDeevQj3XVQ1U2kp3n+jUBHItCCpZyHISgTYW2Ct6lrziJpD0kPlAOrN3BGQtkStHYK+4EE1PrrwWGkG7Ue+tlETe8FTg+AMv1VjLV9b3pHZJCrao5/cY2MxkfGzf4HTfeueqSLSsrYuiogHAPvvzfvOV5un+dWX8HyeBjmKTBwDBFuhdca/wzk0ArHSgEYUmh2NXj/G4gaSF3EX5ZSxmMQ== ${ivi.email}" - ]; - - machines = { - wsl = { - isFake = true; - profiles = [ - "core" - ]; - }; - vm-aarch64 = { - isStation = true; - profiles = [ - "core" - "graphical" - ]; - syncthing = { - enable = true; - id = "LDZVZ6H-KO3BKC6-FMLZOND-MKXI4DF-SNT27OT-Q5KMN2M-A2DYFNQ-3BWUYA6"; - }; - }; - persephone = { - isFake = true; - tailnet = { - ipv4 = "100.72.127.82"; - ipv6 = "fd7a:115c:a1e0::9c08:7f52"; - nodeKey = "nodekey:2ffbb54277ba6c29337807b74f69438eba4d3802bffbe9c7df4093139c087f51"; - }; - }; - bellerophone = { - isFake = true; - tailnet = { - ipv4 = "100.123.235.65"; - ipv6 = "fd7a:115c:a1e0::bafb:eb41"; - nodeKey = "nodekey:e2a9f948a1252a4b1f1932bb99e73981fa0b7173825b54ba968f9cc0bafbeb40"; - }; - syncthing = { - enable = true; - id = "75U7B2F-SZOJRY2-UKAADJD-NI3R5SJ-K4J35IN-D2NJJFJ-JG5TCJA-AUERDAA"; - }; - }; - serber = { - isServer = true; - profiles = [ - "core" - "server" - ]; - ipv4 = [ "65.109.143.65" ]; - ipv6 = [ "2a01:4f9:c012:ccc2::1" ]; - }; - work = { - isDarwin = true; - profiles = [ - "core" - ]; - syncthing = { - enable = true; - id = "GR5MHK2-HDCFX4I-Y7JYKDN-EFTQFG6-24CXSHB-M5C6R3G-2GWX5ED-VEPAQA7"; - }; - }; - lemptop = { - isStation = true; - profiles = [ - "core" - "station" - "email" - ]; - syncthing = { - enable = true; - id = "TGRWV6Z-5CJ4KRI-4VDTIUE-UA5LQYS-3ARZGNK-KL7HGXP-352PB5Q-ADTV6Q2"; - }; - }; - pump = { - isServer = true; - profiles = [ - "core" - "homeserver" - ]; - ipv4 = [ "192.168.2.13" ]; - ipv6 = [ "2a02:a46b:ee73:1:c240:4bcb:9fc3:71ab" ]; - tailnet = { - ipv4 = "100.90.145.95"; - ipv6 = "fd7a:115c:a1e0::e2da:915f"; - nodeKey = "nodekey:dcd737aab30c21eb4f44a40193f3b16a8535ffe2fb5008904b39bb54e2da915e"; - }; - syncthing = { - enable = true; - id = "7USTCMT-QZTLGPL-5FCRKJW-BZUGMOS-H7D2TTK-F4COYPG-5D7VUO2-QFME2AS"; - }; - }; - }; - }; - } - ]; -in (evalModules { inherit modules; }).config diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..960a7a4 --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,69 @@ +inputs: lib: prev: with lib; rec { + modulesAttrsIn = dir: pipe dir [ + builtins.readDir + (mapAttrsToList (name: type: + if type == "regular" && hasSuffix ".nix" name && name != "default.nix" then + [ { name = removeSuffix ".nix" name; value = dir + "/${name}"; } ] + else if type == "directory" && pathExists (dir + "/${name}/default.nix") then + [ { inherit name; value = dir + "/${name}"; } ] + else + [] + )) + concatLists + listToAttrs + ]; + + modulesIn = dir: attrValues (modulesAttrsIn dir); + + # Collects the inputs of a flake recursively (with possible duplicates). + collectFlakeInputs = input: + [ input ] ++ concatMap collectFlakeInputs (builtins.attrValues (input.inputs or {})); + + my = import ./my.nix inputs.self lib; + + mkMachines = import ./machine.nix lib; + + # Gets module from ./machines/ and uses the lib to define which other modules + # the machine needs. + mkSystem = machines: name: systemInputs @ { + system, + modules, + opts, + ... + }: + let + machine = machines.${name}; + in + lib.nixosSystem { + inherit lib system; + specialArgs = { + inherit (inputs) self; + inherit machines machine inputs; + }; + modules = + modules + ++ + (if lib.hasInfix "darwin" system then + [inputs.home-manager.darwinModules.default] + else + [inputs.home-manager.nixosModules.default]) + ++ [ + ({pkgs, ...}: { + nixpkgs.overlays = with lib; [ + (composeManyExtensions [ + (import ../overlays/vimPlugins.nix {inherit pkgs;}) + (import ../overlays/openpomodoro-cli.nix {inherit pkgs lib;}) + inputs.neovim-nightly-overlay.overlays.default + ]) + ]; + }) + ]; + }; + + mkSystems = systems: + let + machines = mkMachines (mapAttrs (name: value: value.opts) systems); + in + (mapAttrs (mkSystem machines) systems); + +} diff --git a/lib/machine.nix b/lib/machine.nix new file mode 100644 index 0000000..10e766f --- /dev/null +++ b/lib/machine.nix @@ -0,0 +1,98 @@ +lib: systemOptions: with lib; let + modules = [ + { + options.machines = mkOption { + description = "Machine options"; + default = {}; + type = with types; attrsOf (submodule ({ name, config, ... }: { + freeformType = attrs; + options = { + modules = mkOption { + description = "Final list of modules to import"; + type = listOf str; + default = []; + }; + profiles = mkOption { + description = "List of profiles to use"; + type = listOf str; + default = []; + }; + hostname = mkOption { + description = "The machine's hostname"; + type = str; + readOnly = true; + default = name; + }; + ipv4 = mkOption { + description = "The machines public IPv4 addresses"; + type = listOf str; + default = []; + }; + ipv6 = mkOption { + description = "The machines public IPv6 addresses"; + type = listOf str; + default = []; + }; + isStation = mkOption { + description = "The machine is a desktop station"; + type = bool; + default = false; + }; + isServer = mkOption { + description = "The machine is a server"; + type = bool; + default = false; + }; + isFake = mkOption { + description = "The machine is a fake machine"; + type = bool; + default = false; + }; + isDarwin = mkOption { + description = "The machine is a fake machine"; + type = bool; + default = false; + }; + tailnet = mkOption { + default = {}; + type = with types; attrsOf (submodule ({ name, config, ... }: { + options = { + ipv4 = mkOption { + description = "The machine's tailnet IPv4 address"; + type = str; + default = null; + }; + ipv6 = mkOption { + description = "The machine's tailnet IPv6 address"; + type = str; + default = null; + }; + nodeKey = mkOption { + description = "The machine's tailnet public key"; + type = str; + default = null; + }; + }; + })); + }; + syncthing = mkOption { + default = {}; + type = with types; submodule { + freeformType = attrs; + options = { + id = mkOption { + description = "The machine's syncting public id"; + type = str; + default = ""; + }; + enable = mkEnableOption "Add to syncthing cluster"; + }; + }; + }; + }; + })); + }; + config.machines = systemOptions; + } + ]; +in (evalModules { inherit modules; }).config.machines diff --git a/lib/my.nix b/lib/my.nix new file mode 100644 index 0000000..5033ae9 --- /dev/null +++ b/lib/my.nix @@ -0,0 +1,110 @@ +self: lib: with lib; let + modules = [ + { + config = { + _module.freeformType = with types; attrs; + + username = "ivi"; + githubUsername = "ivi-vink"; + realName = "Mike Vink"; + domain = "vinkies.net"; + email = "ivi@vinkies.net"; + sshKeys = [ + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPZHOBNQdo5oBnQ8f147QtelhLmYItiruoNfoHF89qrJAAAABHNzaDo= ivi@lemptop" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDqsfYS7sOLfLWvGTmxT2QYGkbXJ5kREFl42n3jtte5sLps76KECgKqEjA4OLhNZ51lKFBDzcn1QOUl3RN4+qHsBtkr+02a7hhf1bBLeb1sx6+FVXdsarln5lUF/NMcpj6stUi8mqY4aQ21jQKxZsGip9fI8fx3HtXYCVhIarRbshQlwDqTplJBLDtrnmWTprxVnz1xSZRr3euXsIh1FFQZI6klPPBa6qFJtWWtGNBCRr8Sruo6I4on7QjNyW/s1OgiNAR0N2IO9wCdjlXrjNnFEAaMrpDpZde7eULbiFP2pHYVVy/InwNhhePYkeBh/4BzlaUZVv6gXsX7wOC5OyWaXbbMzWEopbnqeXXLwNyOZ88YpN/c+kZk2/1CHl+xmlVGAr9TnZ9VST5Y4ZAEqq8OKoP3ZcchAWxWjzTgPogSfiIAP/n5xrgB+8uRZb/gkN+I7RTQKGrS2Ex7gfkj39beDeevQj3XVQ1U2kp3n+jUBHItCCpZyHISgTYW2Ct6lrziJpD0kPlAOrN3BGQtkStHYK+4EE1PrrwWGkG7Ue+tlETe8FTg+AMv1VjLV9b3pHZJCrao5/cY2MxkfGzf4HTfeueqSLSsrYuiogHAPvvzfvOV5un+dWX8HyeBjmKTBwDBFuhdca/wzk0ArHSgEYUmh2NXj/G4gaSF3EX5ZSxmMQ== ${my.email}" + ]; + + # machines = { + # wsl = { + # isFake = true; + # profiles = [ + # "core" + # ]; + # }; + # vm-aarch64 = { + # isStation = true; + # profiles = [ + # "core" + # "graphical" + # ]; + # syncthing = { + # enable = true; + # id = "LDZVZ6H-KO3BKC6-FMLZOND-MKXI4DF-SNT27OT-Q5KMN2M-A2DYFNQ-3BWUYA6"; + # }; + # }; + # persephone = { + # isFake = true; + # tailnet = { + # ipv4 = "100.72.127.82"; + # ipv6 = "fd7a:115c:a1e0::9c08:7f52"; + # nodeKey = "nodekey:2ffbb54277ba6c29337807b74f69438eba4d3802bffbe9c7df4093139c087f51"; + # }; + # }; + # bellerophone = { + # isFake = true; + # tailnet = { + # ipv4 = "100.123.235.65"; + # ipv6 = "fd7a:115c:a1e0::bafb:eb41"; + # nodeKey = "nodekey:e2a9f948a1252a4b1f1932bb99e73981fa0b7173825b54ba968f9cc0bafbeb40"; + # }; + # syncthing = { + # enable = true; + # id = "75U7B2F-SZOJRY2-UKAADJD-NI3R5SJ-K4J35IN-D2NJJFJ-JG5TCJA-AUERDAA"; + # }; + # }; + # serber = { + # isServer = true; + # profiles = [ + # "core" + # "server" + # ]; + # ipv4 = [ "65.109.143.65" ]; + # ipv6 = [ "2a01:4f9:c012:ccc2::1" ]; + # }; + # work = { + # isDarwin = true; + # profiles = [ + # "core" + # ]; + # syncthing = { + # enable = true; + # id = "GR5MHK2-HDCFX4I-Y7JYKDN-EFTQFG6-24CXSHB-M5C6R3G-2GWX5ED-VEPAQA7"; + # }; + # }; + # lemptop = { + # isStation = true; + # profiles = [ + # "core" + # "graphical" + # "station" + # "email" + # "netboot" + # ]; + # syncthing = { + # enable = true; + # id = "TGRWV6Z-5CJ4KRI-4VDTIUE-UA5LQYS-3ARZGNK-KL7HGXP-352PB5Q-ADTV6Q2"; + # }; + # }; + # pump = { + # isServer = true; + # profiles = [ + # "core" + # "homeserver" + # ]; + # ipv4 = [ "192.168.2.13" ]; + # ipv6 = [ "2a02:a46b:ee73:1:c240:4bcb:9fc3:71ab" ]; + # tailnet = { + # ipv4 = "100.90.145.95"; + # ipv6 = "fd7a:115c:a1e0::e2da:915f"; + # nodeKey = "nodekey:dcd737aab30c21eb4f44a40193f3b16a8535ffe2fb5008904b39bb54e2da915e"; + # }; + # syncthing = { + # enable = true; + # id = "7USTCMT-QZTLGPL-5FCRKJW-BZUGMOS-H7D2TTK-F4COYPG-5D7VUO2-QFME2AS"; + # }; + # }; + # }; + }; + } + ]; +in (evalModules { inherit modules; }).config diff --git a/machines/lemptop.nix b/machines/lemptop.nix index a3e0781..ee362a1 100644 --- a/machines/lemptop.nix +++ b/machines/lemptop.nix @@ -4,7 +4,13 @@ with lib; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - networking.nameservers = ["192.168.2.13"]; + # networking.nameservers = ["192.168.2.13"]; + hm.xsession.initExtra = '' + ${pkgs.xorg.xset}/bin/xset r rate 230 30 + [ -z "$(lsusb | grep microdox)" ] && ${pkgs.xorg.setxkbmap}/bin/setxkbmap -option "ctrl:swapcaps" + wal -R + dwm + ''; sops.age.keyFile = "${config.hm.xdg.configHome}/sops/age/keys.txt"; services.tailscale.enable = true; @@ -30,9 +36,7 @@ with lib; -----END CERTIFICATE----- ''; }; - users.users.${ivi.username} = { - shell = pkgs.zsh; - }; + my.shell = pkgs.zsh; environment.shells = [pkgs.bashInteractive pkgs.zsh]; environment.pathsToLink = [ "/share/zsh" ]; programs.zsh.enable = true; diff --git a/machines/pump-netboot.nix b/machines/pump-netboot.nix new file mode 100644 index 0000000..ce6b877 --- /dev/null +++ b/machines/pump-netboot.nix @@ -0,0 +1,63 @@ +{ config, pkgs, lib, modulesPath, ... }: with lib; { + imports = [ + (modulesPath + "/installer/netboot/netboot-minimal.nix") + ]; + services.getty.autologinUser = lib.mkForce "root"; + users.users.root.openssh.authorizedKeys.keys = my.sshKeys; + + services.openssh.enable = true; + sops.age.keyFile = "${config.my.home}/sops/age/keys.txt"; + services.syncthing = { + cert = builtins.toFile "syncthing-cert" '' + -----BEGIN CERTIFICATE----- + MIICGzCCAaKgAwIBAgIIRGieK4FEhD0wCgYIKoZIzj0EAwIwSjESMBAGA1UEChMJ + U3luY3RoaW5nMSAwHgYDVQQLExdBdXRvbWF0aWNhbGx5IEdlbmVyYXRlZDESMBAG + A1UEAxMJc3luY3RoaW5nMB4XDTI0MDIxMTAwMDAwMFoXDTQ0MDIwNjAwMDAwMFow + SjESMBAGA1UEChMJU3luY3RoaW5nMSAwHgYDVQQLExdBdXRvbWF0aWNhbGx5IEdl + bmVyYXRlZDESMBAGA1UEAxMJc3luY3RoaW5nMHYwEAYHKoZIzj0CAQYFK4EEACID + YgAEH/4taBY2lcNBXZCxNOklTahIlhN+ypYMOqw7LNlKZVdv7JzRR67akp/F99mF + PA+IB1CQoPOTXUjnhm84Tob/8MoUA1jM5uspclxXG95eMw2J7E7svBEGJA2RsEQE + dsU3o1UwUzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG + AQUFBwMCMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJc3luY3RoaW5nMAoGCCqG + SM49BAMCA2cAMGQCMCP0Ro0ZjGfQf9R3x3neKZzrJxkD11ZK9NBNTaeWAKbrhkjp + qqW9uTONfIOXZmgtrQIwf6Ykr934UA5I6Rk8qNV8d082n3FNMw1NgK9GmUv2XMZ5 + eOpDAYJrhLx5jb7d3L4/ + -----END CERTIFICATE----- + ''; + }; + + networking.hostName = "pump"; + networking.domain = "vinkies.net"; + + boot.supportedFilesystems = [ "zfs" ]; + boot.zfs.forceImportRoot = false; + networking.hostId = "7da046cb"; + + boot.initrd.network = { + enable = true; + ssh = { + enable = true; # Use a different port than your usual SSH port! + port = 2222; + hostKeys = [ + (/. + "${config.my.home}" + "/.ssh/initrd/key") + ]; + authorizedKeys = my.sshKeys; + }; + postCommands = '' + echo "zfs load-key -a; killall zfs" >> /root/.profile + ''; + }; + + fileSystems."/data" = + { device = "zpool/data"; + fsType = "zfs"; + neededForBoot = true; + }; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + system.stateVersion = "24.05"; + nix.extraOptions = mkForce '' + experimental-features = nix-command flakes + ''; + nix.package = mkForce pkgs.nixVersions.stable; +} diff --git a/machines/pump.nix b/machines/pump.nix deleted file mode 100644 index 87198db..0000000 --- a/machines/pump.nix +++ /dev/null @@ -1,74 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - services.openssh = { - enable = true; - settings.X11Forwarding = true; - }; - sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; - services.syncthing = { - cert = builtins.toFile "syncthing-cert" '' - -----BEGIN CERTIFICATE----- - MIICGzCCAaKgAwIBAgIIRGieK4FEhD0wCgYIKoZIzj0EAwIwSjESMBAGA1UEChMJ - U3luY3RoaW5nMSAwHgYDVQQLExdBdXRvbWF0aWNhbGx5IEdlbmVyYXRlZDESMBAG - A1UEAxMJc3luY3RoaW5nMB4XDTI0MDIxMTAwMDAwMFoXDTQ0MDIwNjAwMDAwMFow - SjESMBAGA1UEChMJU3luY3RoaW5nMSAwHgYDVQQLExdBdXRvbWF0aWNhbGx5IEdl - bmVyYXRlZDESMBAGA1UEAxMJc3luY3RoaW5nMHYwEAYHKoZIzj0CAQYFK4EEACID - YgAEH/4taBY2lcNBXZCxNOklTahIlhN+ypYMOqw7LNlKZVdv7JzRR67akp/F99mF - PA+IB1CQoPOTXUjnhm84Tob/8MoUA1jM5uspclxXG95eMw2J7E7svBEGJA2RsEQE - dsU3o1UwUzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG - AQUFBwMCMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJc3luY3RoaW5nMAoGCCqG - SM49BAMCA2cAMGQCMCP0Ro0ZjGfQf9R3x3neKZzrJxkD11ZK9NBNTaeWAKbrhkjp - qqW9uTONfIOXZmgtrQIwf6Ykr934UA5I6Rk8qNV8d082n3FNMw1NgK9GmUv2XMZ5 - eOpDAYJrhLx5jb7d3L4/ - -----END CERTIFICATE----- - ''; - }; - - networking.hostName = "pump"; - networking.domain = "vinkies.net"; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.supportedFilesystems = [ "zfs" ]; - boot.zfs.forceImportRoot = false; - networking.hostId = "7da046cb"; - - fileSystems."/data" = - { device = "zpool/data"; - fsType = "zfs"; - neededForBoot = true; - }; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/fc8829a4-d9d5-4001-a3b2-8dae8b85acd7"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/C7FB-25D8"; - fsType = "vfat"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/2c11292d-3110-482d-abde-08e0fc493555"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/profiles/core/configuration.nix b/profiles/core/configuration.nix index 87b3d97..31a622b 100644 --- a/profiles/core/configuration.nix +++ b/profiles/core/configuration.nix @@ -5,7 +5,7 @@ lib, ... }: with lib; { - imports = [ (mkAliasOptionModule [ "ivi" ] [ "users" "users" ivi.username ]) ]; + imports = [ (mkAliasOptionModule [ "my" ] [ "users" "users" my.username ]) ]; services = { resolved.fallbackDns = [ @@ -28,60 +28,18 @@ time.timeZone = "Europe/Amsterdam"; users.users = { - ${ivi.username} = { + ${my.username} = { uid = mkIf (!machine.isDarwin) 1000; - description = ivi.realName; - openssh.authorizedKeys.keys = ivi.sshKeys; + description = my.realName; + openssh.authorizedKeys.keys = my.sshKeys; extraGroups = ["wheel" "networkmanager" "docker" "transmission" "dialout" "test"]; isNormalUser = true; }; root = { - openssh.authorizedKeys.keys = config.ivi.openssh.authorizedKeys.keys; + openssh.authorizedKeys.keys = config.my.openssh.authorizedKeys.keys; }; }; - environment.systemPackages = with pkgs; [ - vim - wget - git - subversion - htop - jq - yq-go - curl - fd - lf - fzf - ripgrep - parallel - pinentry-curses - gnused - gnutls - zoxide - binwalk - unzip - gcc - gnumake - file - pstree - bc - mediainfo - bat - openpomodoro-cli - coreutils - killall - ] ++ (optionals (!machine.isDarwin) [ - man-pages - man-pages-posix - # pkgsi686Linux.glibc - gdb - pciutils - dnsutils - iputils - inetutils - usbutils - ]); - nix.package = pkgs.nixVersions.latest; nix.extraOptions = '' experimental-features = nix-command flakes configurable-impure-env diff --git a/profiles/core/git.nix b/profiles/core/git.nix index b1d3ea6..44cadf7 100644 --- a/profiles/core/git.nix +++ b/profiles/core/git.nix @@ -3,14 +3,14 @@ hm = { programs.git = { enable = true; - userName = ivi.realName; - userEmail = if config.networking.hostName == "work" then "mike@pionative.com" else ivi.email; + userName = my.realName; + userEmail = if config.networking.hostName == "work" then "mike@pionative.com" else my.email; extraConfig = { worktree.guessRemote = true; mergetool.fugitive.cmd = "vim -f -c \"Gdiff\" \"$MERGED\""; merge.tool = "fugitive"; gpg.format = "ssh"; - user.signingKey = "${config.ivi.home}/.ssh/id_ed25519_sk.pub"; + user.signingKey = "${config.my.home}/.ssh/id_ed25519_sk.pub"; commit.gpgsign = true; }; diff --git a/profiles/core/hm.nix b/profiles/core/hm.nix index efa83af..57c7d0f 100644 --- a/profiles/core/hm.nix +++ b/profiles/core/hm.nix @@ -1,6 +1,6 @@ {inputs, config, lib, pkgs, ...}: with lib; { imports = [ - (mkAliasOptionModule [ "hm" ] [ "home-manager" "users" ivi.username ]) + (mkAliasOptionModule [ "hm" ] [ "home-manager" "users" my.username ]) ]; home-manager = { diff --git a/profiles/core/home.nix b/profiles/core/home.nix index ed86a55..032d954 100644 --- a/profiles/core/home.nix +++ b/profiles/core/home.nix @@ -8,7 +8,7 @@ programs.tmux = { enable = true; extraConfig = '' - set-option -g default-shell ${config.ivi.shell}/bin/zsh + set-option -g default-shell ${config.my.shell}/bin/zsh set -g status off set -s set-clipboard on setw -g mouse on @@ -42,7 +42,14 @@ }; hm = { - fonts.fontconfig.enable = true; + programs.password-store = { + enable = true; + settings = { + PASSWORD_STORE_DIR = config.synced.password-store.path; + }; + }; + + # fonts.fontconfig.enable = true; # https://github.com/nix-community/home-manager/issues/4692 # home.file.".local/bin".source = config.lib.meta.mkMutableSymlink /mut/bin; xdg = { @@ -86,7 +93,7 @@ # enable = true; # matchBlocks = { # "*" = { - # identityFile = "${config.ivi.home}/.ssh/id_ed25519_sk"; + # identityFile = "${config.my.home}/.ssh/id_ed25519_sk"; # }; # }; # }; @@ -114,8 +121,6 @@ ''; }; - programs.alacritty.enable = true; - programs = { zsh = { enable = true; @@ -226,7 +231,7 @@ k = "kubectl "; d = "docker "; ls = "ls --color=auto"; - s = "${if machine.isDarwin then "darwin-rebuild" else "sudo nixos-rebuild"} switch --flake ${config.ivi.home}/flake#${config.networking.hostName}"; + s = "${if machine.isDarwin then "darwin-rebuild" else "sudo nixos-rebuild"} switch --flake ${config.my.home}/flake#${config.networking.hostName}"; b = "/run/current-system/bin/switch-to-configuration boot"; v = "vremote"; lf = "lfub"; @@ -252,7 +257,7 @@ ( command -v docker ) &>/dev/null && eval "$(docker completion bash)" ( command -v kubectl ) &>/dev/null && eval "$(kubectl completion bash)" ( command -v zoxide ) &>/dev/null && eval "$(zoxide init bash)" - export PATH="$PATH:$HOME/.local/bin:/opt/homebrew/bin:${config.ivi.home}/.krew/bin:${config.ivi.home}/.cargo/bin:${pkgs.ncurses}/bin" + export PATH="$PATH:$HOME/.local/bin:/opt/homebrew/bin:${config.my.home}/.krew/bin:${config.my.home}/.cargo/bin:${pkgs.ncurses}/bin" [[ -f ~/.cache/wal/sequences ]] && (cat ~/.cache/wal/sequences &) unset LD_PRELOAD # include nix.sh if it exists @@ -273,7 +278,7 @@ k = "kubectl "; d = "docker "; ls = "ls --color=auto"; - s = "${if machine.isDarwin then "darwin-rebuild" else "sudo nixos-rebuild"} switch --flake ${config.ivi.home}/flake#${config.networking.hostName}"; + s = "${if machine.isDarwin then "darwin-rebuild" else "sudo nixos-rebuild"} switch --flake ${config.my.home}/flake#${config.networking.hostName}"; b = "/run/current-system/bin/switch-to-configuration boot"; v = "nvim"; M = "xrandr --output HDMI1 --auto --output eDP1 --off"; diff --git a/profiles/core/meta.nix b/profiles/core/meta.nix index f813b56..add9b34 100644 --- a/profiles/core/meta.nix +++ b/profiles/core/meta.nix @@ -1,6 +1,6 @@ {inputs,lib,config, ...}: with lib; { lib.meta = { - configPath = "${config.ivi.home}/flake"; + configPath = "${config.my.home}/flake"; mkMutableSymlink = path: config.hm.lib.file.mkOutOfStoreSymlink (config.lib.meta.configPath + removePrefix (toString inputs.self) (toString path)); diff --git a/profiles/core/packages.nix b/profiles/core/packages.nix new file mode 100644 index 0000000..1d8e737 --- /dev/null +++ b/profiles/core/packages.nix @@ -0,0 +1,53 @@ +{ + machine, + config, + pkgs, + lib, + ... +}: + +with lib; + +{ + environment.systemPackages = with pkgs; [ + vim + wget + git + subversion + htop + jq + yq-go + curl + fd + lf + fzf + ripgrep + parallel + pinentry-curses + gnused + gnutls + zoxide + binwalk + unzip + # gcc + gnumake + file + pstree + bc + mediainfo + bat + openpomodoro-cli + coreutils + killall + ] ++ (optionals (!machine.isDarwin) [ + man-pages + man-pages-posix + # pkgsi686Linux.glibc + gdb + pciutils + dnsutils + iputils + inetutils + usbutils + ]); +} diff --git a/profiles/core/secrets.nix b/profiles/core/secrets.nix index 7361123..192bacf 100644 --- a/profiles/core/secrets.nix +++ b/profiles/core/secrets.nix @@ -35,13 +35,5 @@ in ]; }; - hm = { - programs.password-store = { - enable = true; - settings = { - PASSWORD_STORE_DIR = config.synced.password-store.path; - }; - }; - }; }; } diff --git a/profiles/core/syncthing.nix b/profiles/core/syncthing.nix index f8d6ee2..796a3d7 100644 --- a/profiles/core/syncthing.nix +++ b/profiles/core/syncthing.nix @@ -1,5 +1,5 @@ -{machine, config, lib,...}: with lib; let - group = if machine.isDarwin then (builtins.toString config.ivi.gid) else config.ivi.group; +{machines, machine, config, lib,...}: with lib; let + group = if machine.isDarwin then (builtins.toString config.my.gid) else config.my.group; in { imports = [ (mkAliasOptionModule [ "synced" ] [ "services" "syncthing" "settings" "folders" ]) @@ -7,16 +7,16 @@ in { services.syncthing = { enable = machine.syncthing.enable; - user = ivi.username; + user = my.username; inherit group; - dataDir = config.ivi.home; + dataDir = config.my.home; overrideDevices = true; overrideFolders = true; key = config.secrets.syncthing.path; settings = let - allDevices = (filterAttrs (_: m: m.syncthing.id != "") ivi.machines); + allDevices = (filterAttrs (_: m: m.syncthing.id != "") machines); in { gui = { theme = "default"; @@ -43,17 +43,17 @@ in { allNames = attrNames allDevices; in { my = { - path = "${config.ivi.home}/sync/my"; + path = "${config.my.home}/sync/my"; devices = allNames; versioning = simple; }; pictures = { - path = "${config.ivi.home}/sync/pictures"; + path = "${config.my.home}/sync/pictures"; devices = allNames; versioning = trashcan; }; password-store = { - path = "${config.ivi.home}/sync/password-store"; + path = "${config.my.home}/sync/password-store"; devices = allNames; versioning = trashcan; }; diff --git a/profiles/email/mailsync.nix b/profiles/email/mailsync.nix index 8e81c89..42620d6 100644 --- a/profiles/email/mailsync.nix +++ b/profiles/email/mailsync.nix @@ -26,7 +26,7 @@ Service = { Type = "oneshot"; RemainAfterExit = "no"; - ExecSearchPath = "${config.ivi.home}/.local/bin:${config.hm.home.profileDirectory}/bin:/run/current-system/sw/bin"; + ExecSearchPath = "${config.my.home}/.local/bin:${config.hm.home.profileDirectory}/bin:/run/current-system/sw/bin"; ExecStart = "mailsync"; }; }; diff --git a/profiles/email/server.nix b/profiles/email/server.nix index 29996cd..f95828f 100644 --- a/profiles/email/server.nix +++ b/profiles/email/server.nix @@ -6,20 +6,20 @@ hm = { accounts.email = { accounts = { - ${ivi.username} = { - realName = "${ivi.realName}"; - userName = "${ivi.email}"; - address = "${ivi.email}"; + ${my.username} = { + realName = "${my.realName}"; + userName = "${my.email}"; + address = "${my.email}"; passwordCommand = ["${pkgs.pass}/bin/pass" "personal/mailserver"]; - imap = { host = "${ivi.domain}"; port = 993; tls = { enable = true; }; }; - smtp = { host = "${ivi.domain}"; port = 587; tls = { enable = true; useStartTls = true; }; }; + imap = { host = "${my.domain}"; port = 993; tls = { enable = true; }; }; + smtp = { host = "${my.domain}"; port = 587; tls = { enable = true; useStartTls = true; }; }; msmtp = { enable = true; }; neomutt = { enable = true; - sendMailCommand = "msmtp -a ${ivi.username}"; - mailboxName = "=== ${ivi.username} ==="; + sendMailCommand = "msmtp -a ${my.username}"; + mailboxName = "=== ${my.username} ==="; extraConfig = '' set spoolfile='Inbox' unvirtual-mailboxes * @@ -29,7 +29,7 @@ enable = true; create = "both"; remove = "both"; expunge = "both"; groups = { - ${ivi.username} = { + ${my.username} = { channels = { All = { patterns = ["*"]; extraConfig = { Create = "Both"; Expunge = "Both"; Remove = "Both"; }; }; }; @@ -41,12 +41,12 @@ neomutt = { enable = true; virtualMailboxes = [ - { name = "Inbox"; query = "folder:/${ivi.username}/ tag:inbox"; } - { name = "Sent"; query = "folder:/${ivi.username}/ tag:sent"; } - { name = "Archive"; query = "folder:/${ivi.username}/ tag:archive"; } - { name = "Drafts"; query = "folder:/${ivi.username}/ tag:drafts"; } - { name = "Junk"; query = "folder:/${ivi.username}/ tag:spam"; } - { name = "Trash"; query = "folder:/${ivi.username}/ tag:trash"; } + { name = "Inbox"; query = "folder:/${my.username}/ tag:inbox"; } + { name = "Sent"; query = "folder:/${my.username}/ tag:sent"; } + { name = "Archive"; query = "folder:/${my.username}/ tag:archive"; } + { name = "Drafts"; query = "folder:/${my.username}/ tag:drafts"; } + { name = "Junk"; query = "folder:/${my.username}/ tag:spam"; } + { name = "Trash"; query = "folder:/${my.username}/ tag:trash"; } ]; }; }; diff --git a/profiles/graphical/suckless.nix b/profiles/graphical/suckless.nix index b6bb011..061734d 100644 --- a/profiles/graphical/suckless.nix +++ b/profiles/graphical/suckless.nix @@ -1,6 +1,5 @@ { self, - config, pkgs, lib, machine, @@ -80,7 +79,6 @@ dmenu librewolf xclip - mpv maim ]; }; diff --git a/profiles/homeserver/acme.nix b/profiles/homeserver/acme.nix index 1880db2..e72e8fe 100644 --- a/profiles/homeserver/acme.nix +++ b/profiles/homeserver/acme.nix @@ -4,13 +4,13 @@ defaults = { extraLegoFlags = [ "--dns.disable-cp" ]; extraLegoRunFlags = ["--preferred-chain" "ISRG Root X1"]; - email = ivi.email; + email = my.email; dnsProvider = "porkbun"; environmentFile = config.secrets.porkbun.path; }; - certs."${ivi.domain}" = { + certs."${my.domain}" = { # NOTE(ivi): use dns wildcard certs for local services - domain = "*.${ivi.domain}"; + domain = "*.${my.domain}"; }; }; } diff --git a/profiles/homeserver/dns.nix b/profiles/homeserver/dns.nix index 917c8bb..21ccf7e 100644 --- a/profiles/homeserver/dns.nix +++ b/profiles/homeserver/dns.nix @@ -1,4 +1,4 @@ -{ config, machine, inputs, lib, ... }: with lib; let +{ config, machines, machine, inputs, lib, ... }: with lib; let dns = inputs.dns.lib; in { system.extraDependencies = collectFlakeInputs inputs.dns; @@ -20,12 +20,12 @@ ]; }; stub-zone = [ { - name = ivi.domain; + name = my.domain; stub-addr = "127.0.0.1@10053"; } ]; forward-zone = [ { - name = "_acme-challenge.${ivi.domain}"; + name = "_acme-challenge.${my.domain}"; forward-addr = config.services.resolved.fallbackDns; forward-tls-upstream = true; } @@ -45,15 +45,15 @@ zones = with dns.combinators; let here = { - A = map a ivi.machines.serber.ipv4; - AAAA = map a ivi.machines.serber.ipv6; + A = map a machines.serber.ipv4; + AAAA = map a machines.serber.ipv6; }; in { - ${ivi.domain}.data = dns.toString ivi.domain (here // { + ${my.domain}.data = dns.toString my.domain (here // { TTL = 60 * 60; SOA = { nameServer = "@"; - adminEmail = "dns@${ivi.domain}"; + adminEmail = "dns@${my.domain}"; serial = 0; }; NS = [ "@" ]; diff --git a/profiles/homeserver/nginx.nix b/profiles/homeserver/nginx.nix index f869d3b..22fd74e 100644 --- a/profiles/homeserver/nginx.nix +++ b/profiles/homeserver/nginx.nix @@ -4,8 +4,8 @@ type = types.attrsOf (types.submodule ({ name, ... }: { config = mkIf (name != "default") { forceSSL = mkDefault true; - sslCertificateKey = "/var/lib/acme/${ivi.domain}/key.pem"; - sslCertificate = "/var/lib/acme/${ivi.domain}/fullchain.pem"; + sslCertificateKey = "/var/lib/acme/${my.domain}/key.pem"; + sslCertificate = "/var/lib/acme/${my.domain}/fullchain.pem"; }; })); }; diff --git a/profiles/homeserver/radicale.nix b/profiles/homeserver/radicale.nix index f04a4a4..6f07245 100644 --- a/profiles/homeserver/radicale.nix +++ b/profiles/homeserver/radicale.nix @@ -1,6 +1,6 @@ { lib, ... }: with lib; { services.nginx = { - virtualHosts."cal.${ivi.domain}" = { + virtualHosts."cal.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:5232"; }; diff --git a/profiles/homeserver/transmission.nix b/profiles/homeserver/transmission.nix index 8b7b4fa..d871e96 100644 --- a/profiles/homeserver/transmission.nix +++ b/profiles/homeserver/transmission.nix @@ -1,53 +1,83 @@ -{ config, lib, pkgs, ... }: with lib; { +{ config, lib, ... }: with lib; { virtualisation.docker.rootless = { enable = true; setSocketVariable = true; }; users.groups.multimedia = { }; - users.users.${ivi.username}.extraGroups = [ "multimedia" ]; + users.users.${my.username}.extraGroups = [ "multimedia" ]; systemd.tmpfiles.rules = [ "d /data 0770 - multimedia - -" ]; - nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) [ - "plexmediaserver" - ]; - - environment.systemPackages = [ - pkgs.jellyfin-ffmpeg - ]; - services.nginx = { virtualHosts = { - "sonarr.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:8989"; }; }; - "radarr.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:7878"; }; }; - "bazarr.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:${toString config.services.bazarr.listenPort}"; }; }; - "readarr.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:8787"; }; }; - "prowlarr.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:9696"; }; }; - "transmission.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:9091"; }; }; - "jellyfin.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:8096"; }; }; + "sonarr.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:8989"; }; }; + "radarr.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:7878"; }; }; + "bazarr.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:${toString config.services.bazarr.listenPort}"; }; }; + # "readarr.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:8787"; }; }; + "prowlarr.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:9696"; }; }; + "transmission.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:9091"; }; }; + "jellyfin.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:8096"; }; }; }; }; - services = { - jellyfin = { enable = true; group = "multimedia"; }; - sonarr = { enable = true; group = "multimedia"; }; - radarr = { enable = true; group = "multimedia"; }; - bazarr = { enable = true; group = "multimedia"; }; - readarr = { enable = true; group = "multimedia"; }; - prowlarr = { enable = true; }; - }; + # services = { + # jellyfin = { enable = true; group = "multimedia"; }; + # sonarr = { enable = true; group = "multimedia"; }; + # radarr = { enable = true; group = "multimedia"; }; + # bazarr = { enable = true; group = "multimedia"; }; + # readarr = { enable = true; group = "multimedia"; }; + # prowlarr = { enable = true; }; + # }; virtualisation.oci-containers = { backend = "docker"; containers = { + prowlarr = { + image = "linuxserver/prowlarr"; + extraOptions = ["--net=host"]; + volumes = [ + "/data/config/prowlarr/data:/config" + ]; + }; + bazarr = { + image = "linuxserver/bazarr"; + extraOptions = ["--net=host"]; + volumes = [ + "/data/media:/data" + "/data/config/prowlarr/data:/config" + ]; + }; + radarr = { + image = "linuxserver/radarr"; + extraOptions = ["--net=host"]; + volumes = [ + "/data/media:/data" + "/data/config/radarr/data:/config" + ]; + }; + sonarr = { + image = "linuxserver/sonarr"; + extraOptions = ["--net=host"]; + volumes = [ + "/data/media:/data" + "/data/config/sonarr/data:/config" + ]; + }; + jellyfin = { + image = "jellyfin/jellyfin"; + extraOptions = ["--net=host"]; + volumes = [ + "/data/config/jellyfin/config:/config" + "/data/config/jellyfin/cache:/config" + ]; + }; transmission = { image = "haugene/transmission-openvpn"; extraOptions = ["--cap-add=NET_ADMIN"]; volumes = [ - "/config/ovpn:/etc/openvpn/custom" - "/config/transmission:/config" + "/data/config/ovpn:/etc/openvpn/custom" + "/data/config/transmission:/config" "/data/torrents:/data/torrents" ]; ports = [ @@ -59,13 +89,6 @@ config.secrets.transmission.path ]; }; - # ytdl-sub = { - # image = "ghcr.io/jmbannon/ytdl-sub:latest"; - # environment = { - # TZ=""; - # DOCKER_MODS="linuxserver/mods:universal-cron"; - # }; - # }; }; }; } diff --git a/profiles/netboot/system.nix b/profiles/netboot/system.nix new file mode 100644 index 0000000..528b547 --- /dev/null +++ b/profiles/netboot/system.nix @@ -0,0 +1,20 @@ +sys: { pkgs, lib, ... }: let + run-pixiecore = let + build = sys.config.system.build; + in pkgs.writeShellApplication { + name = "run-pixiecore"; + text = '' + exec ${pkgs.pixiecore}/bin/pixiecore \ + boot ${build.kernel}/bzImage ${build.netbootRamdisk}/initrd \ + --cmdline "init=${build.toplevel}/init loglevel=4" \ + --debug --dhcp-no-bind \ + --port 64172 --status-port 64172 "$@" + ''; + }; +in { + networking.firewall.allowedUDPPorts = [ 67 69 4011 ]; + networking.firewall.allowedTCPPorts = [ 64172 ]; + environment.systemPackages = [ + run-pixiecore + ]; +} diff --git a/profiles/server/acme.nix b/profiles/server/acme.nix index 25303a6..a9fc594 100644 --- a/profiles/server/acme.nix +++ b/profiles/server/acme.nix @@ -3,7 +3,7 @@ acceptTerms = true; defaults = { extraLegoRunFlags = ["--preferred-chain" "ISRG Root X1"]; - email = ivi.email; + email = my.email; dnsProvider = "porkbun"; credentialsFile = config.secrets.porkbun.path; }; diff --git a/profiles/server/mail.nix b/profiles/server/mail.nix index 291e764..7bf0a88 100644 --- a/profiles/server/mail.nix +++ b/profiles/server/mail.nix @@ -11,12 +11,12 @@ enableSubmissionSsl = true; # TODO: configurate a local dns server? - fqdn = ivi.domain; - domains = [ ivi.domain ]; + fqdn = my.domain; + domains = [ my.domain ]; loginAccounts = { - ${ivi.email} = { - hashedPasswordFile = config.secrets.ivi.path; - aliases = [ "@${ivi.domain}" ]; + ${my.email} = { + hashedPasswordFile = config.secrets.my.path; + aliases = [ "@${my.domain}" ]; }; }; certificateScheme = "acme"; diff --git a/profiles/server/nginx.nix b/profiles/server/nginx.nix index d497833..dbabebd 100644 --- a/profiles/server/nginx.nix +++ b/profiles/server/nginx.nix @@ -17,7 +17,7 @@ recommendedGzipSettings = true; recommendedOptimisation = true; - virtualHosts."${ivi.domain}" = { + virtualHosts."${my.domain}" = { }; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; diff --git a/profiles/station/caldav.nix b/profiles/station/caldav.nix index dc157c4..98674e4 100644 --- a/profiles/station/caldav.nix +++ b/profiles/station/caldav.nix @@ -25,7 +25,7 @@ }; remote = { type = "caldav"; - url = "https://cal.${ivi.domain}"; + url = "https://cal.${my.domain}"; userName = "mike"; passwordCommand = ["echo" "''"]; }; @@ -50,7 +50,7 @@ }; remote = { type = "carddav"; - url = "https://cal.${ivi.domain}"; + url = "https://cal.${my.domain}"; userName = "mike"; passwordCommand = ["echo" "''"]; }; diff --git a/profiles/station/music.nix b/profiles/station/music.nix index d991e5c..fbb316a 100644 --- a/profiles/station/music.nix +++ b/profiles/station/music.nix @@ -8,7 +8,7 @@ with lib; mkIf (!machine.isDarwin) { # TODO: what about secrets on nix-darwin... - # secrets.mopidy.owner = lib.ivi.username; + # secrets.mopidy.owner = lib.my.username; hm.home.packages = [pkgs.mpc-cli]; hm.services.mopidy = { enable = true; @@ -30,7 +30,7 @@ with lib; config.secrets.mopidy.path ]; }; - secrets.mopidy.owner = ivi.username; + secrets.mopidy.owner = my.username; hm.programs.ncmpcpp = { enable = true; diff --git a/profiles/station/suckless.nix b/profiles/station/suckless.nix deleted file mode 100644 index 5d1b8c0..0000000 --- a/profiles/station/suckless.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ - self, - config, - pkgs, - lib, - machine, - ... -}: with lib; mkIf (!machine.isDarwin) { - nixpkgs.overlays = [(import (self + "/overlays/suckless.nix") {inherit pkgs; home = config.ivi.home;})]; - hm = { - xsession = { - enable = true; - initExtra = '' - ${pkgs.xorg.xset}/bin/xset r rate 230 30 - [ -z "$(lsusb | grep microdox)" ] && ${pkgs.xorg.setxkbmap}/bin/setxkbmap -option "ctrl:swapcaps" - wal -R - dwm - ''; - }; - services.picom = { - enable = true; - activeOpacity = 0.99; - inactiveOpacity = 0.7; - opacityRules = [ - "100:class_g = 'Wfica'" - "100:class_g = 'dwm'" - "100:class_g = 'Zathura'" - "100:name *= 'Firefox'" - "100:name *= 'mpv'" - "100:name *= 'LibreWolf'" - "100:name *= 'Steam'" - "100:name *= 'Risk of Rain'" - "100:name *= 'KVM'" - ]; - settings = { - inactive-opacity-override = false; - frame-opacity = 1; - }; - }; - services.dunst = { - enable = true; - settings = { - global = { - monitor = 0; - follow = "keyboard"; - width = 370; - height = 350; - offset = "0x19"; - padding = 2; - horizontal_padding = 2; - transparency = 0; - font = "Monospace 12"; - format = "<b>%s</b>\\n%b"; - }; - urgency_low = { - background = "#1d2021"; - foreground = "#928374"; - timeout = 3; - }; - urgency_normal = { - foreground = "#ebdbb2"; - background = "#458588"; - timeout = 5; - }; - urgency_critical = { - background = "#1cc24d"; - foreground = "#ebdbb2"; - frame_color = "#fabd2f"; - timeout = 10; - }; - }; - }; - home.packages = with pkgs; [ - libnotify - sxiv - st - dwm - dwmblocks - ]; - }; -} diff --git a/profiles/station/virtualisation.nix b/profiles/station/virtualisation.nix index 5646562..440dc6e 100644 --- a/profiles/station/virtualisation.nix +++ b/profiles/station/virtualisation.nix @@ -10,5 +10,5 @@ uris = ["qemu:///system"]; }; }; - ivi.extraGroups = [ "libvirtd" ]; + my.extraGroups = [ "libvirtd" ]; } |