diff --git a/flake.lock b/flake.lock index f341007..a543c0c 100644 --- a/flake.lock +++ b/flake.lock @@ -5,7 +5,7 @@ "adblockStevenBlack": "adblockStevenBlack", "flake-utils": "flake-utils", "nixpkgs": [ - "nixos" + "nixpkgs" ] }, "locked": { @@ -41,10 +41,10 @@ "agenix": { "inputs": { "darwin": [ - "darwin" + "nix-darwin" ], "nixpkgs": [ - "nixos" + "nixpkgs" ] }, "locked": { @@ -61,32 +61,12 @@ "type": "github" } }, - "darwin": { - "inputs": { - "nixpkgs": [ - "nixos" - ] - }, - "locked": { - "lastModified": 1688307440, - "narHash": "sha256-7PTjbN+/+b799YN7Tk2SS5Vh8A0L3gBo8hmB7Y0VXug=", - "owner": "LnL7", - "repo": "nix-darwin", - "rev": "b06bab83bdf285ea0ae3c8e145a081eb95959047", - "type": "github" - }, - "original": { - "owner": "LnL7", - "repo": "nix-darwin", - "type": "github" - } - }, "deno2nix": { "inputs": { - "devshell": "devshell_3", + "devshell": "devshell_2", "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_5", - "nixpkgs": "nixpkgs_2" + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1686513235, @@ -102,22 +82,22 @@ "url": "https://git.pub.solar/b12f/deno2.nix.git" } }, - "deploy": { + "deploy-rs": { "inputs": { "flake-compat": [ "flake-compat" ], "nixpkgs": [ - "nixos" + "nixpkgs" ], "utils": "utils" }, "locked": { - "lastModified": 1686747123, - "narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=", + "lastModified": 1695052866, + "narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=", "owner": "serokell", "repo": "deploy-rs", - "rev": "724463b5a94daa810abfc64a4f87faef4e00f984", + "rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9", "type": "github" }, "original": { @@ -127,28 +107,6 @@ } }, "devshell": { - "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": [ - "digga", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1671489820, - "narHash": "sha256-qoei5HDJ8psd1YUPD7DhbHdhLIT9L2nadscp4Qk37uk=", - "owner": "numtide", - "repo": "devshell", - "rev": "5aa3a8039c68b4bf869327446590f4cdf90bb634", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, - "devshell_2": { "inputs": { "nixpkgs": [ "keycloak-theme-pub-solar", @@ -170,7 +128,7 @@ "type": "github" } }, - "devshell_3": { + "devshell_2": { "inputs": { "nixpkgs": [ "scan2paperless", @@ -193,7 +151,7 @@ "type": "github" } }, - "devshell_4": { + "devshell_3": { "inputs": { "nixpkgs": [ "scan2paperless", @@ -215,46 +173,6 @@ "type": "github" } }, - "digga": { - "inputs": { - "darwin": [ - "darwin" - ], - "deploy": [ - "deploy" - ], - "devshell": "devshell", - "flake-compat": [ - "flake-compat" - ], - "flake-utils": "flake-utils_3", - "flake-utils-plus": "flake-utils-plus", - "home-manager": [ - "home" - ], - "nixlib": [ - "nixos" - ], - "nixpkgs": [ - "nixos" - ], - "nixpkgs-unstable": "nixpkgs-unstable" - }, - "locked": { - "lastModified": 1674947971, - "narHash": "sha256-6gKqegJHs72jnfFP9g2sihl4fIZgtKgKuqU2rCkIdGY=", - "owner": "pub-solar", - "repo": "digga", - "rev": "2da608bd8afb48afef82c6b1b6d852a36094a497", - "type": "github" - }, - "original": { - "owner": "pub-solar", - "ref": "fix/bootstrap-iso", - "repo": "digga", - "type": "github" - } - }, "fix-atomic-container-restarts": { "locked": { "lastModified": 1688325567, @@ -319,6 +237,24 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1693611461, + "narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1659877975, @@ -334,59 +270,7 @@ "type": "github" } }, - "flake-utils-plus": { - "inputs": { - "flake-utils": [ - "digga", - "flake-utils" - ] - }, - "locked": { - "lastModified": 1654029967, - "narHash": "sha256-my3GQ3mQIw/1f6GPV1IhUZrcYQSWh0YJAMPNBjhXJDw=", - "owner": "gytis-ivaskevicius", - "repo": "flake-utils-plus", - "rev": "6271cf3842ff9c8a9af9e3508c547f86bc77d199", - "type": "github" - }, - "original": { - "owner": "gytis-ivaskevicius", - "ref": "refs/pull/120/head", - "repo": "flake-utils-plus", - "type": "github" - } - }, "flake-utils_2": { - "locked": { - "lastModified": 1642700792, - "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_4": { "inputs": { "systems": "systems_2" }, @@ -404,7 +288,7 @@ "type": "github" } }, - "flake-utils_5": { + "flake-utils_3": { "inputs": { "systems": "systems_4" }, @@ -422,7 +306,7 @@ "type": "github" } }, - "flake-utils_6": { + "flake-utils_4": { "inputs": { "systems": "systems_6" }, @@ -440,18 +324,18 @@ "type": "github" } }, - "home": { + "home-manager": { "inputs": { "nixpkgs": [ - "nixos" + "nixpkgs" ] }, "locked": { - "lastModified": 1687871164, - "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=", + "lastModified": 1695108154, + "narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=", "owner": "nix-community", "repo": "home-manager", - "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38", + "rev": "07682fff75d41f18327a871088d20af2710d4744", "type": "github" }, "original": { @@ -463,10 +347,10 @@ }, "keycloak-theme-pub-solar": { "inputs": { - "devshell": "devshell_2", - "flake-utils": "flake-utils_4", + "devshell": "devshell", + "flake-utils": "flake-utils_2", "nixpkgs": [ - "nixos" + "nixpkgs" ] }, "locked": { @@ -484,22 +368,6 @@ "url": "https://git.pub.solar/pub-solar/keycloak-theme" } }, - "latest": { - "locked": { - "lastModified": 1693663421, - "narHash": "sha256-ImMIlWE/idjcZAfxKK8sQA7A1Gi/O58u5/CJA+mxvl8=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "e56990880811a451abd32515698c712788be5720", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "master": { "locked": { "lastModified": 1693817516, @@ -534,19 +402,39 @@ "type": "github" } }, - "nixos": { + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, "locked": { - "lastModified": 1693636127, - "narHash": "sha256-ZlS/lFGzK7BJXX2YVGnP3yZi3T9OLOEtBCyMJsb91U8=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "9075cba53e86dc318d159aee55dc9a7c9a4829c1", + "lastModified": 1695686713, + "narHash": "sha256-rJATx5B/nwlBpt7CJUf85LV27qWPbul5UVV8fu6ABPg=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "e236a1e598a9a59265897948ac9874c364b9555f", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-23.05", - "repo": "nixpkgs", + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "nixos-flake": { + "locked": { + "lastModified": 1692742948, + "narHash": "sha256-19LQQFGshuQNrrXZYVt+mWY0O3NbhEXeMy3MZwzYZGo=", + "owner": "srid", + "repo": "nixos-flake", + "rev": "2c25190ceacdaaae7e8afbecfa87096bb499a431", + "type": "github" + }, + "original": { + "owner": "srid", + "repo": "nixos-flake", "type": "github" } }, @@ -581,23 +469,41 @@ "type": "github" } }, - "nixpkgs-unstable": { + "nixpkgs-lib": { "locked": { - "lastModified": 1672791794, - "narHash": "sha256-mqGPpGmwap0Wfsf3o2b6qHJW1w2kk/I6cGCGIU+3t6o=", - "owner": "nixos", + "dir": "lib", + "lastModified": 1693471703, + "narHash": "sha256-0l03ZBL8P1P6z8MaSDS/MvuU8E75rVxe5eE1N6gxeTo=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "9813adc7f7c0edd738c6bdd8431439688bb0cb3d", + "rev": "3e52e76b70d5508f3cec70b882a29199f4d1ee85", "type": "github" }, "original": { - "owner": "nixos", + "dir": "lib", + "owner": "NixOS", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { + "locked": { + "lastModified": 1696039360, + "narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "32dcb45f66c0487e92db8303a798ebc548cadedc", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1686412476, "narHash": "sha256-inl9SVk6o5h75XKC79qrDCAobTD1Jxh6kVYTZKHzewA=", @@ -613,7 +519,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1693158576, "narHash": "sha256-aRTTXkYvhXosGx535iAFUaoFboUrZSYb1Ooih/auGp0=", @@ -633,28 +539,29 @@ "inputs": { "adblock-unbound": "adblock-unbound", "agenix": "agenix", - "darwin": "darwin", - "deploy": "deploy", - "digga": "digga", + "deploy-rs": "deploy-rs", "fix-atomic-container-restarts": "fix-atomic-container-restarts", "fix-yubikey-agent": "fix-yubikey-agent", "flake-compat": "flake-compat", - "home": "home", + "flake-parts": "flake-parts", + "home-manager": "home-manager", "keycloak-theme-pub-solar": "keycloak-theme-pub-solar", - "latest": "latest", "master": "master", "musnix": "musnix", - "nixos": "nixos", + "nix-darwin": "nix-darwin", + "nixos-flake": "nixos-flake", "nixos-hardware": "nixos-hardware", - "scan2paperless": "scan2paperless" + "nixpkgs": "nixpkgs_2", + "scan2paperless": "scan2paperless", + "unstable": "unstable" } }, "scan2paperless": { "inputs": { "deno2nix": "deno2nix", - "devshell": "devshell_4", - "flake-utils": "flake-utils_6", - "nixpkgs": "nixpkgs_3" + "devshell": "devshell_3", + "flake-utils": "flake-utils_4", + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1693298356, @@ -760,6 +667,22 @@ "type": "github" } }, + "unstable": { + "locked": { + "lastModified": 1696019113, + "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "utils": { "locked": { "lastModified": 1667395993, diff --git a/flake.nix b/flake.nix index c71c581..dfd218d 100644 --- a/flake.nix +++ b/flake.nix @@ -1,42 +1,36 @@ { - description = "A highly structured configuration database."; + description = "b12f hosts"; nixConfig.extra-experimental-features = "nix-command flakes"; inputs = { # Track channels with commits tested and built by hydra - nixos.url = "github:nixos/nixpkgs/nixos-23.05"; - latest.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; + unstable.url = "github:nixos/nixpkgs/nixos-unstable"; flake-compat.url = "github:edolstra/flake-compat"; flake-compat.flake = false; - digga.url = "github:pub-solar/digga/fix/bootstrap-iso"; - digga.inputs.nixpkgs.follows = "nixos"; - digga.inputs.nixlib.follows = "nixos"; - digga.inputs.home-manager.follows = "home"; - digga.inputs.deploy.follows = "deploy"; - digga.inputs.darwin.follows = "darwin"; - digga.inputs.flake-compat.follows = "flake-compat"; + nix-darwin.url = "github:lnl7/nix-darwin/master"; + nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; + home-manager.url = "github:nix-community/home-manager/release-23.05"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; - home.url = "github:nix-community/home-manager/release-23.05"; - home.inputs.nixpkgs.follows = "nixos"; + flake-parts.url = "github:hercules-ci/flake-parts"; + nixos-flake.url = "github:srid/nixos-flake"; - darwin.url = "github:LnL7/nix-darwin"; - darwin.inputs.nixpkgs.follows = "nixos"; - - deploy.url = "github:serokell/deploy-rs"; - deploy.inputs.nixpkgs.follows = "nixos"; - deploy.inputs.flake-compat.follows = "flake-compat"; + deploy-rs.url = "github:serokell/deploy-rs"; + deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; + deploy-rs.inputs.flake-compat.follows = "flake-compat"; agenix.url = "github:ryantm/agenix"; - agenix.inputs.nixpkgs.follows = "nixos"; - agenix.inputs.darwin.follows = "darwin"; + agenix.inputs.nixpkgs.follows = "nixpkgs"; + agenix.inputs.darwin.follows = "nix-darwin"; nixos-hardware.url = "github:nixos/nixos-hardware"; keycloak-theme-pub-solar.url = "git+https://git.pub.solar/pub-solar/keycloak-theme?ref=main"; - keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixos"; + keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixpkgs"; master.url = "github:nixos/nixpkgs/master"; fix-yubikey-agent.url = "github:pub-solar/nixpkgs/fix/use-latest-unstable-yubikey-agent"; @@ -45,177 +39,114 @@ musnix.url = "github:musnix/musnix"; adblock-unbound.url = "github:MayNiklas/nixos-adblock-unbound"; - adblock-unbound.inputs.nixpkgs.follows = "nixos"; + adblock-unbound.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { - self, - digga, - nixos, - home, - nixos-hardware, - agenix, - deploy, - scan2paperless, - musnix, - ... - } @ inputs: - digga.lib.mkFlake - { - inherit self inputs; - - channelsConfig = { - allowUnfree = true; - }; - - supportedSystems = ["x86_64-linux" "aarch64-linux" "aarch64-darwin"]; - - channels = { - nixos = { - imports = [(digga.lib.importOverlays ./overlays)]; - overlays = [ - (self: super: { - deploy-rs = { - inherit (inputs.nixos.legacyPackages.x86_64-linux) deploy-rs; - lib = inputs.deploy.lib.x86_64-linux; - }; - }) - ]; - }; - latest = {}; - }; - - lib = import ./lib {lib = digga.lib // nixos.lib;}; - - sharedOverlays = [ - (final: prev: { - __dontExport = true; - lib = prev.lib.extend (lfinal: lprev: { - our = self.lib; - }); - }) - agenix.overlays.default - - (import ./pkgs) + outputs = inputs@{ self, ... }: + inputs.flake-parts.lib.mkFlake { inherit inputs; } { + systems = [ + "x86_64-linux" + "aarch64-linux" + "x86_64-darwin" + "aarch64-darwin" ]; - nixos = { - hostDefaults = { - system = "x86_64-linux"; - channelName = "nixos"; - imports = [(digga.lib.importExportableModules ./modules)]; - modules = [ - {lib.our = self.lib;} - # FIXME: upstream module causes a huge number of unnecessary - # dependencies to be pulled in for all systems -- many of them are - # graphical. should only be imported as needed. - # digga.nixosModules.bootstrapIso - digga.nixosModules.nixConfig - home.nixosModules.home-manager - agenix.nixosModules.age - musnix.nixosModules.musnix + imports = [ + inputs.nixos-flake.flakeModule + ./modules + ./hosts + ./users + ]; + + perSystem = args@{ system, pkgs, config, ... }: { + _module.args = { + inherit inputs; + pkgs = import inputs.nixpkgs { + inherit system; + overlays = [ + inputs.agenix.overlays.default + ]; + }; + unstable = import inputs.unstable { inherit system; }; + master = import inputs.master { inherit system; }; + fix-yubikey-agent = import inputs.fix-yubikey-agent { inherit system; }; + }; + + devShells.default = pkgs.mkShell { + buildInputs = [ + pkgs.nixpkgs-fmt + pkgs.agenix + pkgs.ssh-to-age ]; }; - - imports = [(digga.lib.importHosts ./hosts)]; - hosts = { - # Set host-specific properties here - bootstrap = { - modules = [ - digga.nixosModules.bootstrapIso - ]; - }; - PubSolarOS = { - tests = [ - #(import ./tests/first-test.nix { - # pkgs = nixos.legacyPackages.x86_64-linux; - # lib = nixos.lib; - #}) - ]; - }; - - pie = { - system = "aarch64-linux"; - modules = [nixos-hardware.nixosModules.raspberry-pi-4]; - }; - - maoam = { - system = "aarch64-linux"; - }; - }; - importables = rec { - profiles = - digga.lib.rakeLeaves ./profiles - // { - users = digga.lib.rakeLeaves ./users; - }; - - suites = with profiles; rec { - base = [users.pub-solar users.root]; - iso = base ++ [base-user graphical pub-solar-iso]; - pubsolaros = [full-install base-user users.root]; - anonymous = [pubsolaros users.pub-solar]; - - b12f = pubsolaros ++ [users.b12f social gaming mobile]; - biolimo = b12f ++ [graphical]; - chocolatebar = b12f ++ [graphical virtualisation]; - - yule = pubsolaros ++ [users.yule]; - droppie = yule ++ []; - pie = yule ++ []; - maoam = b12f ++ []; - }; - }; }; - home = { - imports = [(digga.lib.importExportableModules ./users/modules)]; - modules = []; - importables = rec { - profiles = digga.lib.rakeLeaves ./users/profiles; - suites = with profiles; rec { - base = [direnv git]; - }; - }; - users = let - default = {suites, ...}: { - imports = suites.base; - home.stateVersion = "21.03"; - }; - in { - pub-solar = default; - b12f = default; - yule = default; - }; - }; + flake = { + nixosModules = rec { + base.imports = [ + self.nixosModules.home-manager + inputs.agenix.nixosModules.default + inputs.musnix.nixosModules.musnix - devshell = ./shell; + ({ + flake, + pkgs, + lib, + unstable, + master, + fix-yubikey-agent, + ... + }: { + nixpkgs.overlays = (import ./overlays) ++ [ + (prev: next: { + scan2paperless = inputs.scan2paperless.legacyPackages.${prev.system}.scan2paperless; + nixd = inputs.unstable.legacyPackages.${prev.system}.nixd; + yubikey-agent = inputs.fix-yubikey-agent.legacyPackages.${prev.system}.yubikey-agent; - homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations; + factorio-headless = inputs.master.legacyPackages.${prev.system}.factorio-headless; + paperless-ngx = inputs.master.legacyPackages.${prev.system}.paperless-ngx; + waybar = inputs.master.legacyPackages.${prev.system}.waybar; + element-desktop = inputs.master.legacyPackages.${prev.system}.element-desktop; - deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { - droppie = { - hostname = "backup.b12f.io"; - sshUser = "yule"; + adlist = inputs.adblock-unbound.packages.${prev.system}; + }) + ]; + + nix.nixPath = [ + "nixpkgs=${inputs.nixpkgs}" + "nixos-config=${./lib/compat/nixos}" + "home-manager=${inputs.home-manager}" + ]; + }) + + self.nixosModules.arduino + self.nixosModules.audio + self.nixosModules.ci-runner + self.nixosModules.core + self.nixosModules.crypto + self.nixosModules.devops + self.nixosModules.docker + self.nixosModules.docker-ci-runner + self.nixosModules.email + self.nixosModules.gaming + self.nixosModules.graphical + self.nixosModules.mobile + self.nixosModules.nix + self.nixosModules.nextcloud + self.nixosModules.office + self.nixosModules.paperless + self.nixosModules.paranoia + self.nixosModules.printing + self.nixosModules.social + self.nixosModules.sway + self.nixosModules.terminal-life + self.nixosModules.uhk + self.nixosModules.user + self.nixosModules.virtualisation + + self.nixosModules.root + ]; }; - - pie = { - sshUser = "yule"; - }; - - maoam = { - sshUser = "b12f"; - }; - #example = { - # hostname = "example.com:22"; - # sshUser = "bartender"; - # fastConnect = true; - # profilesOrder = ["system" "direnv"]; - # profiles.direnv = { - # user = "bartender"; - # path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.bartender; - # }; - #}; }; }; } diff --git a/hosts/PubSolarOS.nix b/hosts/PubSolarOS.nix deleted file mode 100644 index da0375c..0000000 --- a/hosts/PubSolarOS.nix +++ /dev/null @@ -1,21 +0,0 @@ -{suites, ...}: { - ### root password is empty by default ### - ### default password: pub-solar, optional: add your SSH keys - imports = - suites.iso; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.networkmanager.enable = true; - - fileSystems."/" = {device = "/dev/disk/by-label/nixos";}; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.05"; # Did you read the comment? -} diff --git a/hosts/biolimo/biolimo.nix b/hosts/biolimo/biolimo.nix deleted file mode 100644 index 97051de..0000000 --- a/hosts/biolimo/biolimo.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -with lib; let - psCfg = config.pub-solar; - xdg = config.home-manager.users."${psCfg.user.name}".xdg; -in { - imports = [ - ./configuration.nix - ]; - - config = { - pub-solar.paranoia.enable = true; - pub-solar.core.hibernation.resumeDevice = "/dev/dm-0"; - pub-solar.core.hibernation.resumeOffset = 15296512; - - hardware.cpu.intel.updateMicrocode = true; - - networking.networkmanager.wifi.backend = mkForce "wpa_supplicant"; - - services.printing.drivers = [ - pkgs.cups-brother-hl3140cw - ]; - - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - xdg.configFile = mkIf psCfg.sway.enable { - "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; - "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; - "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; - "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf; - }; - - home.packages = [ - inkscape - ]; - }; - - # For OpenProject development with https - security.pki.certificates = [ - (builtins.readFile ./step-roots.pem) - ]; - }; -} diff --git a/hosts/biolimo/configuration.nix b/hosts/biolimo/configuration.nix index d5c70a1..6b28152 100644 --- a/hosts/biolimo/configuration.nix +++ b/hosts/biolimo/configuration.nix @@ -1,20 +1,51 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). { config, + lib, pkgs, ... -}: { - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; +}: +with lib; let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in { + pub-solar.graphical.enable = true; + pub-solar.sway.enable = true; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + pub-solar.paranoia.enable = true; + pub-solar.core.hibernation.resumeDevice = "/dev/dm-0"; + pub-solar.core.hibernation.resumeOffset = 15296512; + + hardware.cpu.intel.updateMicrocode = true; + + networking.networkmanager.wifi.backend = mkForce "wpa_supplicant"; + + services.printing.drivers = [ + pkgs.cups-brother-hl3140cw + ]; + + home-manager = with pkgs; + pkgs.lib.setAttrByPath ["users" psCfg.user.name] { + xdg.configFile = mkIf psCfg.sway.enable { + "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; + "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; + "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; + "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf; + }; + + home.packages = [ + inkscape + ]; + }; + + # For OpenProject development with https + security.pki.certificates = [ + (builtins.readFile ./step-roots.pem) + ]; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/biolimo/default.nix b/hosts/biolimo/default.nix index cbf61ab..187a110 100644 --- a/hosts/biolimo/default.nix +++ b/hosts/biolimo/default.nix @@ -1,7 +1,6 @@ -{suites, ...}: { - imports = - [ - ./biolimo.nix - ] - ++ suites.biolimo; +{...}: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + ]; } diff --git a/hosts/bootstrap.nix b/hosts/bootstrap.nix deleted file mode 100644 index c71f03c..0000000 --- a/hosts/bootstrap.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ - config, - lib, - pkgs, - profiles, - ... -}: -with lib; let - # Gets hostname of host to be bundled inside iso - # Copied from https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L3-L11 - getFqdn = config: let - net = config.networking; - fqdn = - if (net ? domain) && (net.domain != null) - then "${net.hostName}.${net.domain}" - else net.hostName; - in - fqdn; -in { - # build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"` - imports = [ - # profiles.networking - profiles.users.root # make sure to configure ssh keys - profiles.users.pub-solar - profiles.base-user - profiles.graphical - profiles.pub-solar-iso - ]; - - config = { - boot.loader.systemd-boot.enable = true; - - # will be overridden by the bootstrapIso instrumentation - fileSystems."/" = {device = "/dev/disk/by-label/nixos";}; - - system.nixos.label = "PubSolarOS-" + config.system.nixos.version; - - # mkForce because a similar transformation gets double applied otherwise - # https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L17 - # https://github.com/NixOS/nixpkgs/blob/aecd4d8349b94f9bd5718c74a5b789f233f67326/nixos/modules/installer/cd-dvd/installation-cd-base.nix#L21-L22 - isoImage = { - isoBaseName = mkForce (getFqdn config); - isoName = mkForce "${config.system.nixos.label}-${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso"; - }; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.05"; # Did you read the comment? - }; -} diff --git a/hosts/chocolatebar/chocolatebar.nix b/hosts/chocolatebar/chocolatebar.nix deleted file mode 100644 index 6de9a7c..0000000 --- a/hosts/chocolatebar/chocolatebar.nix +++ /dev/null @@ -1,109 +0,0 @@ -{ - config, - pkgs, - lib, - self, - inputs, - ... -}: -with lib; let - psCfg = config.pub-solar; - xdg = config.home-manager.users."${psCfg.user.name}".xdg; -in { - imports = [ - ./configuration.nix - ./virtualisation - ./factorio - ]; - - config = { - hardware.cpu.amd.updateMicrocode = true; - - hardware.opengl.extraPackages = with pkgs; [ - rocm-opencl-icd - rocm-opencl-runtime - ]; - - pub-solar.core.hibernation.resumeDevice = "/dev/dm-0"; - pub-solar.core.hibernation.resumeOffset = 115075072; - - pub-solar.paperless.sync.masterNode = true; - - age.secrets."drone-runner-exec-config" = { - file = "${self}/secrets/drone-runner-exec-config"; - mode = "400"; - owner = psCfg.user.name; - }; - - pub-solar.docker-ci-runner = { - enable = true; - runnerVarsFile = config.age.secrets.drone-runner-exec-config.path; - }; - - pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004"; - - services.openssh.openFirewall = true; - networking.firewall.allowedTCPPorts = - [443] - ++ ( - if psCfg.sway.vnc.enable - then [5901] - else [] - ); - networking.firewall.allowedUDPPorts = [43050]; - - environment.systemPackages = with pkgs; [ - wayvnc - drone-docker-runner - stdenv.cc.cc.lib - pkgs.hplip - ]; - - age.secrets."vnc-key.pem" = { - file = "${self}/secrets/vnc-key-chocolatebar.pem"; - mode = "400"; - owner = psCfg.user.name; - }; - age.secrets."vnc-cert.pem" = { - file = "${self}/secrets/vnc-cert-chocolatebar.pem"; - mode = "400"; - owner = psCfg.user.name; - }; - pub-solar.sway.vnc.enable = true; - - services.printing.drivers = [ - pkgs.cups-brother-hl3140cw - ]; - - services.udev.extraRules = '' - SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0" - ''; - - home-manager.users."${psCfg.user.name}" = { - xdg.configFile = mkIf psCfg.sway.enable { - "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; - "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; - "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; - }; - - home.sessionVariables = { - NIX_CC = "${pkgs.stdenv.cc}"; - }; - - home.packages = with pkgs; [ - lmms - audacity - ]; - }; - - musnix = { - enable = true; - kernel.realtime = true; - }; - - # For OpenProject development with https - security.pki.certificates = [ - (builtins.readFile ./step-roots.pem) - ]; - }; -} diff --git a/hosts/chocolatebar/configuration.nix b/hosts/chocolatebar/configuration.nix index d5c70a1..5582e91 100644 --- a/hosts/chocolatebar/configuration.nix +++ b/hosts/chocolatebar/configuration.nix @@ -1,20 +1,112 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, + flake, + lib, ... -}: { - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix +}: +with lib; let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in { + pub-solar.graphical.enable = true; + pub-solar.sway.enable = true; + pub-solar.virtualisation.enable = true; + + hardware.cpu.amd.updateMicrocode = true; + + hardware.opengl.extraPackages = with pkgs; [ + rocm-opencl-icd + rocm-opencl-runtime ]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + pub-solar.paranoia.enable = true; + pub-solar.core.hibernation.resumeDevice = "/dev/dm-0"; + pub-solar.core.hibernation.resumeOffset = 115075072; + + pub-solar.paperless.sync.masterNode = true; + + age.secrets."drone-runner-exec-config" = { + file = "${flake.self}/secrets/drone-runner-exec-config"; + mode = "400"; + owner = psCfg.user.name; + }; + + pub-solar.docker-ci-runner = { + enable = true; + runnerVarsFile = config.age.secrets.drone-runner-exec-config.path; + }; + + pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004"; + + services.openssh.openFirewall = true; + networking.firewall.allowedTCPPorts = + [443] + ++ ( + if psCfg.sway.vnc.enable + then [5901] + else [] + ); + networking.firewall.allowedUDPPorts = [43050]; + + environment.systemPackages = with pkgs; [ + wayvnc + drone-docker-runner + stdenv.cc.cc.lib + pkgs.hplip + ]; + + age.secrets."vnc-key.pem" = { + file = "${flake.self}/secrets/vnc-key-chocolatebar.pem"; + mode = "400"; + owner = psCfg.user.name; + }; + age.secrets."vnc-cert.pem" = { + file = "${flake.self}/secrets/vnc-cert-chocolatebar.pem"; + mode = "400"; + owner = psCfg.user.name; + }; + pub-solar.sway.vnc.enable = true; + + services.printing.drivers = [ + pkgs.cups-brother-hl3140cw + ]; + + services.udev.extraRules = '' + SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0" + ''; + + home-manager.users."${psCfg.user.name}" = { + xdg.configFile = mkIf psCfg.sway.enable { + "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; + "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; + "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; + }; + + home.sessionVariables = { + NIX_CC = "${pkgs.stdenv.cc}"; + }; + + home.packages = with pkgs; [ + lmms + audacity + ]; + }; + + musnix = { + enable = true; + kernel.realtime = true; + }; + + # For OpenProject development with https + security.pki.certificates = [ + (builtins.readFile ./step-roots.pem) + ]; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/chocolatebar/default.nix b/hosts/chocolatebar/default.nix index a39b3ec..f05e641 100644 --- a/hosts/chocolatebar/default.nix +++ b/hosts/chocolatebar/default.nix @@ -1,7 +1,9 @@ -{suites, ...}: { - imports = - [ - ./chocolatebar.nix - ] - ++ suites.chocolatebar; +{...}: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + + ./virtualisation + # ./factorio + ]; } diff --git a/hosts/chocolatebar/factorio/default.nix b/hosts/chocolatebar/factorio/default.nix index 50cd530..533f739 100644 --- a/hosts/chocolatebar/factorio/default.nix +++ b/hosts/chocolatebar/factorio/default.nix @@ -2,7 +2,6 @@ config, pkgs, lib, - self, ... }: with lib; let diff --git a/hosts/default.nix b/hosts/default.nix new file mode 100644 index 0000000..42ad12a --- /dev/null +++ b/hosts/default.nix @@ -0,0 +1,43 @@ +{ withSystem, self, inputs, ...}: +{ + flake = { + nixosConfigurations = { + biolimo = self.nixos-flake.lib.mkLinuxSystem { + nixpkgs.hostPlatform = "x86_64-linux"; + imports = [ + self.nixosModules.base + ./biolimo + self.nixosModules.b12f + ]; + }; + + chocolatebar = self.nixos-flake.lib.mkLinuxSystem { + nixpkgs.hostPlatform = "x86_64-linux"; + imports = [ + self.nixosModules.base + ./chocolatebar + self.nixosModules.b12f + ]; + }; + + pie = self.nixos-flake.lib.mkLinuxSystem { + nixpkgs.hostPlatform = "aarch64-linux"; + imports = [ + self.nixosModules.base + inputs.nixos-hardware.nixosModules.raspberry-pi-4 + ./pie + self.nixosModules.yule + ]; + }; + + maoam = self.nixos-flake.lib.mkLinuxSystem { + nixpkgs.hostPlatform = "aarch64-linux"; + imports = [ + self.nixosModules.base + ./maoam + self.nixosModules.yule + ]; + }; + }; + }; +} diff --git a/hosts/droppie/configuration.nix b/hosts/droppie/configuration.nix index 5d58058..5937a8d 100644 --- a/hosts/droppie/configuration.nix +++ b/hosts/droppie/configuration.nix @@ -1,17 +1,14 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, lib, + flake, ... -}: { - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - +}: +with lib; let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in { boot.loader.systemd-boot.enable = lib.mkForce false; boot.loader.grub = { enable = true; @@ -20,6 +17,47 @@ }; boot.loader.efi.canTouchEfiVariables = true; + hardware.cpu.intel.updateMicrocode = true; + + pub-solar.core.disk-encryption-active = false; + pub-solar.core.lite = true; + + security.sudo.extraRules = [ + { + users = ["${psCfg.user.name}"]; + commands = [ + { + command = "ALL"; + options = ["NOPASSWD"]; + } + ]; + } + ]; + + services.ddclient = { + enable = false; + ipv6 = true; + domains = ["backup.b12f.io"]; + server = "ddns.hosting.de"; + username = "b12f"; + use = "web, web=https://ipcheck-ds.wieistmeineip.de/callback/, web-skip='ip\":\"'"; + passwordFile = "/run/agenix/dyndns-droppie.key"; + }; + + age.secrets."dyndns-droppie.key" = { + file = "${flake.self}/secrets/dyndns-droppie.key"; + mode = "400"; + owner = "root"; + }; + + # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQSephFJU0NMbVbhwvVJ2/m6jcPYo1IsWCsoarqKin root@droppie + age.secrets."droppie-ssh-root.key" = { + file = "${flake.self}/secrets/droppie-ssh-root.key"; + path = "/home/${psCfg.user.name}/.ssh/id_ed25519"; + mode = "400"; + owner = psCfg.user.name; + }; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/droppie/default.nix b/hosts/droppie/default.nix index 2b44a0d..9fd7261 100644 --- a/hosts/droppie/default.nix +++ b/hosts/droppie/default.nix @@ -1,7 +1,9 @@ -{suites, ...}: { - imports = - [ - ./droppie.nix - ] - ++ suites.droppie; +{...}: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + + ./nextcloud-web-tunnel.nix + ./restic-backup.nix + ]; } diff --git a/hosts/droppie/droppie.nix b/hosts/droppie/droppie.nix deleted file mode 100644 index cb3fe60..0000000 --- a/hosts/droppie/droppie.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ - config, - pkgs, - lib, - self, - ... -}: -with lib; let - psCfg = config.pub-solar; - xdg = config.home-manager.users."${psCfg.user.name}".xdg; -in { - imports = [ - ./configuration.nix - ./nextcloud-web-tunnel.nix - ./restic-backup.nix - ]; - - config = { - hardware.cpu.intel.updateMicrocode = true; - - pub-solar.core.disk-encryption-active = false; - pub-solar.core.lite = true; - - security.sudo.extraRules = [ - { - users = ["${psCfg.user.name}"]; - commands = [ - { - command = "ALL"; - options = ["NOPASSWD"]; - } - ]; - } - ]; - - services.ddclient = { - enable = false; - ipv6 = true; - domains = ["backup.b12f.io"]; - server = "ddns.hosting.de"; - username = "b12f"; - use = "web, web=https://ipcheck-ds.wieistmeineip.de/callback/, web-skip='ip\":\"'"; - passwordFile = "/run/agenix/dyndns-droppie.key"; - }; - - age.secrets."dyndns-droppie.key" = { - file = "${self}/secrets/dyndns-droppie.key"; - mode = "400"; - owner = "root"; - }; - - # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQSephFJU0NMbVbhwvVJ2/m6jcPYo1IsWCsoarqKin root@droppie - age.secrets."droppie-ssh-root.key" = { - file = "${self}/secrets/droppie-ssh-root.key"; - path = "/home/${psCfg.user.name}/.ssh/id_ed25519"; - mode = "400"; - owner = psCfg.user.name; - }; - }; -} diff --git a/hosts/maoam/maoam.nix b/hosts/maoam/maoam.nix index e90fa65..3daa77a 100644 --- a/hosts/maoam/maoam.nix +++ b/hosts/maoam/maoam.nix @@ -2,7 +2,6 @@ config, pkgs, lib, - self, ... }: with lib; let diff --git a/hosts/pie/configuration.nix b/hosts/pie/configuration.nix index fdc5b95..86bac57 100644 --- a/hosts/pie/configuration.nix +++ b/hosts/pie/configuration.nix @@ -5,13 +5,12 @@ config, pkgs, lib, - inputs, ... -}: { - imports = [ - ./hardware-configuration.nix - ]; - +}: +with lib; let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in { boot.loader.grub.enable = true; boot.loader.grub.efiSupport = true; boot.loader.grub.efiInstallAsRemovable = true; @@ -27,6 +26,33 @@ boot.kernelPackages = pkgs.linuxPackages_6_1; + pub-solar.core.disk-encryption-active = false; + pub-solar.core.lite = true; + + networking.defaultGateway = { + address = "192.168.178.1"; + interface = "enabcm6e4ei0"; + }; + + networking.interfaces.enabcm6e4ei0.ipv4.addresses = [ + { + address = "192.168.178.2"; + prefixLength = 24; + } + ]; + + security.sudo.extraRules = [ + { + users = ["${psCfg.user.name}"]; + commands = [ + { + command = "ALL"; + options = ["NOPASSWD"]; + } + ]; + } + ]; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/pie/default.nix b/hosts/pie/default.nix index 12cc94b..541edac 100644 --- a/hosts/pie/default.nix +++ b/hosts/pie/default.nix @@ -1,7 +1,10 @@ -{suites, ...}: { - imports = - [ - ./pie.nix - ] - ++ suites.pie; +{...}: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + + ./unbound.nix + ./dhcpd.nix + ./wake-droppie.nix + ]; } diff --git a/hosts/pie/pie.nix b/hosts/pie/pie.nix deleted file mode 100644 index 1aa3062..0000000 --- a/hosts/pie/pie.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - config, - pkgs, - lib, - self, - ... -}: -with lib; let - psCfg = config.pub-solar; - xdg = config.home-manager.users."${psCfg.user.name}".xdg; -in { - imports = [ - ./configuration.nix - ./unbound.nix - ./dhcpd.nix - ./wake-droppie.nix - ]; - - config = { - pub-solar.core.disk-encryption-active = false; - pub-solar.core.lite = true; - - networking.defaultGateway = { - address = "192.168.178.1"; - interface = "enabcm6e4ei0"; - }; - - networking.interfaces.enabcm6e4ei0.ipv4.addresses = [ - { - address = "192.168.178.2"; - prefixLength = 24; - } - ]; - - security.sudo.extraRules = [ - { - users = ["${psCfg.user.name}"]; - commands = [ - { - command = "ALL"; - options = ["NOPASSWD"]; - } - ]; - } - ]; - }; -} diff --git a/hosts/pie/unbound.nix b/hosts/pie/unbound.nix index 6408824..3636edd 100644 --- a/hosts/pie/unbound.nix +++ b/hosts/pie/unbound.nix @@ -1,7 +1,4 @@ -{ pkgs, inputs, ... }: -let - adlist = inputs.adblock-unbound.packages.${pkgs.system}; -in { +{ pkgs, lib, ... }: { networking.firewall.allowedUDPPorts = [ 53 ]; networking.firewall.allowedTCPPorts = [ 53 ]; @@ -10,7 +7,7 @@ in { settings = { server = { include = [ - "\"${adlist.unbound-adblockStevenBlack}\"" + "\"${pkgs.adlist.unbound-adblockStevenBlack}\"" ]; interface = [ "0.0.0.0" ]; access-control = [ "192.168.178.0/24 allow" ]; diff --git a/modules/arduino/default.nix b/modules/arduino/default.nix index 4011735..489f9c6 100644 --- a/modules/arduino/default.nix +++ b/modules/arduino/default.nix @@ -6,7 +6,7 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.devops; + cfg = config.pub-solar.arduino; in { options.pub-solar.arduino = { enable = mkEnableOption "Life with home automation"; diff --git a/modules/ci-runner/default.nix b/modules/ci-runner/default.nix index 95c5897..869777f 100644 --- a/modules/ci-runner/default.nix +++ b/modules/ci-runner/default.nix @@ -2,7 +2,7 @@ lib, config, pkgs, - self, + flake, ... }: with lib; let @@ -37,7 +37,7 @@ in { }; age.secrets."drone-runner-exec-config" = { - file = "${self}/secrets/drone-runner-exec-config"; + file = "${flake.self}/secrets/drone-runner-exec-config"; mode = "700"; owner = psCfg.user.name; }; diff --git a/modules/core/default.nix b/modules/core/default.nix index 5f6161d..6b85b9d 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -12,7 +12,6 @@ in { ./fonts.nix ./i18n.nix ./networking.nix - ./nix.nix ./packages.nix ./services.nix ]; diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..c0dddc6 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,31 @@ +{ + # Configuration common to all Linux systems + flake = { + nixosModules = { + arduino = import ./arduino; + audio = import ./audio; + ci-runner = import ./ci-runner; + core = import ./core; + crypto = import ./crypto; + devops = import ./devops; + docker = import ./docker; + docker-ci-runner = import ./docker-ci-runner; + email = import ./email; + gaming = import ./gaming; + graphical = import ./graphical; + mobile = import ./mobile; + nix = import ./nix; + nextcloud = import ./nextcloud; + office = import ./office; + paperless = import ./paperless; + paranoia = import ./paranoia; + printing = import ./printing; + social = import ./social; + sway = import ./sway; + terminal-life = import ./terminal-life; + uhk = import ./uhk; + user = import ./user; + virtualisation = import ./virtualisation; + }; + }; +} diff --git a/modules/docker-ci-runner/default.nix b/modules/docker-ci-runner/default.nix index 6a15f92..9d24bf0 100644 --- a/modules/docker-ci-runner/default.nix +++ b/modules/docker-ci-runner/default.nix @@ -2,7 +2,6 @@ lib, config, pkgs, - self, ... }: with lib; let diff --git a/modules/nix-path.nix b/modules/nix-path.nix deleted file mode 100644 index 5967fd2..0000000 --- a/modules/nix-path.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - channel, - inputs, - ... -}: { - nix.nixPath = [ - "nixpkgs=${channel.input}" - "nixos-config=${../lib/compat/nixos}" - "home-manager=${inputs.home}" - ]; -} diff --git a/modules/core/nix.nix b/modules/nix/default.nix similarity index 81% rename from modules/core/nix.nix rename to modules/nix/default.nix index 1551ffc..92af6ac 100644 --- a/modules/core/nix.nix +++ b/modules/nix/default.nix @@ -2,7 +2,7 @@ config, pkgs, lib, - inputs, + flake, ... }: { nix = { @@ -10,6 +10,7 @@ package = pkgs.nix; gc.automatic = true; optimise.automatic = true; + settings = { # Improve nix store disk usage auto-optimise-store = true; @@ -20,6 +21,7 @@ # Allow only group wheel to connect to the nix daemon allowed-users = ["@wheel"]; }; + # Generally useful nix option defaults extraOptions = lib.mkForce '' experimental-features = flakes nix-command @@ -28,5 +30,11 @@ keep-derivations = true fallback = true ''; + + nixPath = [ + "nixpkgs=${flake.inputs.nixpkgs}" + "nixos-config=${../../lib/compat/nixos}" + "home-manager=${flake.inputs.home-manager}" + ]; }; } diff --git a/modules/paperless/default.nix b/modules/paperless/default.nix index b11939f..c6f94b9 100644 --- a/modules/paperless/default.nix +++ b/modules/paperless/default.nix @@ -2,8 +2,6 @@ lib, config, pkgs, - masterModulesPath, - inputs, ... }: with lib; let @@ -11,14 +9,6 @@ with lib; let cfg = config.pub-solar.paperless; xdg = config.home-manager.users."${psCfg.user.name}".xdg; in { - imports = [ - "${masterModulesPath}/services/misc/paperless.nix" - ]; - - disabledModules = [ - "services/misc/paperless.nix" - ]; - options.pub-solar.paperless = { enable = mkEnableOption "All you need to go paperless"; ocrLanguage = mkOption { @@ -95,7 +85,7 @@ in { home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] { home.packages = with pkgs; [ - inputs.scan2paperless.legacyPackages.x86_64-linux.scan2paperless + scan2paperless sane-backends python310Packages.img2pdf ]; diff --git a/modules/paranoia/default.nix b/modules/paranoia/default.nix index 56c64a1..0b2537c 100644 --- a/modules/paranoia/default.nix +++ b/modules/paranoia/default.nix @@ -32,7 +32,7 @@ in { # Don't set this if you need sftp services.openssh.allowSFTP = false; - services.openssh.openFirewall = false; # Lock yourself out + # services.openssh.openFirewall = false; # Lock yourself out # Limit the use of sudo to the group wheel security.sudo.execWheelOnly = true; diff --git a/modules/terminal-life/bash/default.nix b/modules/terminal-life/bash/default.nix index 1fd8bc3..17cc41e 100644 --- a/modules/terminal-life/bash/default.nix +++ b/modules/terminal-life/bash/default.nix @@ -1,7 +1,6 @@ { config, pkgs, - self, ... }: let psCfg = config.pub-solar; @@ -106,8 +105,6 @@ in { irssi = "irssi --config=$XDG_CONFIG_HOME/irssi/config --home=$XDG_DATA_HOME/irssi"; drone = "DRONE_TOKEN=$(secret-tool lookup drone token) drone"; no = "manix \"\" | grep '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | fzf --preview=\"manix '{}'\" | xargs manix"; - # fix nixos-option - nixos-option = "nixos-option -I nixpkgs=${self}/lib/compat"; myip = "dig +short myip.opendns.com @208.67.222.222 2>&1"; nnn = "nnn -d -e -H -r"; }; diff --git a/modules/terminal-life/default.nix b/modules/terminal-life/default.nix index c137f58..148d662 100644 --- a/modules/terminal-life/default.nix +++ b/modules/terminal-life/default.nix @@ -2,7 +2,6 @@ lib, config, pkgs, - self, ... }: with lib; let @@ -24,17 +23,6 @@ in { config = mkIf cfg.enable { programs.command-not-found.enable = false; - environment.systemPackages = with pkgs; [ - screen - ]; - - # Starship is a fast and featureful shell prompt - # starship.toml has sane defaults that can be changed there - programs.starship = { - enable = true; - settings = import ./starship.toml.nix; - }; - home-manager = with pkgs; pkgs.lib.setAttrByPath ["users" psCfg.user.name] { home.packages = [ @@ -55,25 +43,34 @@ in { ]; })) powerline + screen silver-searcher watson ]; + # Starship is a fast and featureful shell prompt + # starship.toml has sane defaults that can be changed there + programs.starship = { + enable = true; + settings = import ./starship.toml.nix; + }; + programs.bash = import ./bash { inherit config; inherit pkgs; - inherit self; inherit lib; }; + programs.fzf = import ./fzf { inherit config; inherit pkgs; }; + programs.neovim = import ./nvim { inherit config; inherit pkgs; inherit lib; }; }; - }; + }; } diff --git a/profiles/base-user/.config/dircolors b/modules/user/.config/dircolors similarity index 100% rename from profiles/base-user/.config/dircolors rename to modules/user/.config/dircolors diff --git a/profiles/base-user/.config/git/config.nix b/modules/user/.config/git/config.nix similarity index 100% rename from profiles/base-user/.config/git/config.nix rename to modules/user/.config/git/config.nix diff --git a/profiles/base-user/.config/git/gitmessage.nix b/modules/user/.config/git/gitmessage.nix similarity index 100% rename from profiles/base-user/.config/git/gitmessage.nix rename to modules/user/.config/git/gitmessage.nix diff --git a/profiles/base-user/.config/git/global_gitignore.nix b/modules/user/.config/git/global_gitignore.nix similarity index 100% rename from profiles/base-user/.config/git/global_gitignore.nix rename to modules/user/.config/git/global_gitignore.nix diff --git a/profiles/base-user/.config/libinput-gestures.conf b/modules/user/.config/libinput-gestures.conf similarity index 100% rename from profiles/base-user/.config/libinput-gestures.conf rename to modules/user/.config/libinput-gestures.conf diff --git a/profiles/base-user/.config/mako/config b/modules/user/.config/mako/config similarity index 100% rename from profiles/base-user/.config/mako/config rename to modules/user/.config/mako/config diff --git a/profiles/base-user/.config/mimeapps.list b/modules/user/.config/mimeapps.list similarity index 100% rename from profiles/base-user/.config/mimeapps.list rename to modules/user/.config/mimeapps.list diff --git a/profiles/base-user/.config/mutt/base16.muttrc b/modules/user/.config/mutt/base16.muttrc similarity index 100% rename from profiles/base-user/.config/mutt/base16.muttrc rename to modules/user/.config/mutt/base16.muttrc diff --git a/profiles/base-user/.config/mutt/mailcap b/modules/user/.config/mutt/mailcap similarity index 100% rename from profiles/base-user/.config/mutt/mailcap rename to modules/user/.config/mutt/mailcap diff --git a/profiles/base-user/.config/mutt/muttrc b/modules/user/.config/mutt/muttrc similarity index 100% rename from profiles/base-user/.config/mutt/muttrc rename to modules/user/.config/mutt/muttrc diff --git a/profiles/base-user/.config/offlineimap/functions.py b/modules/user/.config/offlineimap/functions.py similarity index 100% rename from profiles/base-user/.config/offlineimap/functions.py rename to modules/user/.config/offlineimap/functions.py diff --git a/profiles/base-user/.config/user-dirs.dirs b/modules/user/.config/user-dirs.dirs similarity index 100% rename from profiles/base-user/.config/user-dirs.dirs rename to modules/user/.config/user-dirs.dirs diff --git a/profiles/base-user/.config/user-dirs.locale b/modules/user/.config/user-dirs.locale similarity index 100% rename from profiles/base-user/.config/user-dirs.locale rename to modules/user/.config/user-dirs.locale diff --git a/profiles/base-user/.config/waybar/colorscheme.css b/modules/user/.config/waybar/colorscheme.css similarity index 100% rename from profiles/base-user/.config/waybar/colorscheme.css rename to modules/user/.config/waybar/colorscheme.css diff --git a/profiles/base-user/.config/waybar/config b/modules/user/.config/waybar/config similarity index 100% rename from profiles/base-user/.config/waybar/config rename to modules/user/.config/waybar/config diff --git a/profiles/base-user/.config/waybar/style.css b/modules/user/.config/waybar/style.css similarity index 100% rename from profiles/base-user/.config/waybar/style.css rename to modules/user/.config/waybar/style.css diff --git a/profiles/base-user/.config/xmodmap b/modules/user/.config/xmodmap similarity index 100% rename from profiles/base-user/.config/xmodmap rename to modules/user/.config/xmodmap diff --git a/profiles/base-user/.config/xsettingsd/xsettingsd.conf b/modules/user/.config/xsettingsd/xsettingsd.conf similarity index 100% rename from profiles/base-user/.config/xsettingsd/xsettingsd.conf rename to modules/user/.config/xsettingsd/xsettingsd.conf diff --git a/profiles/base-user/.local/share/nvim/json-schemas/caddy_schema.json b/modules/user/.local/share/nvim/json-schemas/caddy_schema.json similarity index 100% rename from profiles/base-user/.local/share/nvim/json-schemas/caddy_schema.json rename to modules/user/.local/share/nvim/json-schemas/caddy_schema.json diff --git a/profiles/base-user/.local/share/scripts/base16.sh b/modules/user/.local/share/scripts/base16.sh similarity index 100% rename from profiles/base-user/.local/share/scripts/base16.sh rename to modules/user/.local/share/scripts/base16.sh diff --git a/profiles/base-user/.xinitrc b/modules/user/.xinitrc similarity index 100% rename from profiles/base-user/.xinitrc rename to modules/user/.xinitrc diff --git a/profiles/base-user/assets/wallpaper.jpg b/modules/user/assets/wallpaper.jpg similarity index 100% rename from profiles/base-user/assets/wallpaper.jpg rename to modules/user/assets/wallpaper.jpg diff --git a/modules/user/default.nix b/modules/user/default.nix index 516346e..83e2824 100644 --- a/modules/user/default.nix +++ b/modules/user/default.nix @@ -1,12 +1,16 @@ { - lib, config, pkgs, + lib, ... -}: -with lib; let - cfg = config.pub-solar; -in { +}: let + psCfg = config.pub-solar; +in +with lib; { + imports = [ + ./home.nix + ]; + options.pub-solar = { user = { name = mkOption { @@ -46,4 +50,37 @@ in { }; }; }; + + config = { + users = { + mutableUsers = false; + + users = with pkgs; + pkgs.lib.setAttrByPath [psCfg.user.name] { + # Indicates whether this is an account for a “real” user. + # This automatically sets group to users, createHome to true, + # home to /home/username, useDefaultShell to true, and isSystemUser to false. + isNormalUser = true; + description = psCfg.user.description; + extraGroups = [ + "input" + "lp" + "networkmanager" + "scanner" + "video" + "dialout" + "wheel" + ]; + shell = pkgs.bash; + initialHashedPassword = + if psCfg.user.password != null + then psCfg.user.password + else ""; + openssh.authorizedKeys.keys = + if psCfg.user.publicKeys != null + then psCfg.user.publicKeys + else []; + }; + }; + }; } diff --git a/profiles/base-user/home.nix b/modules/user/home.nix similarity index 99% rename from profiles/base-user/home.nix rename to modules/user/home.nix index 324fd4e..04476e0 100644 --- a/profiles/base-user/home.nix +++ b/modules/user/home.nix @@ -20,6 +20,7 @@ in { # paths it should manage. home.username = psCfg.user.name; home.homeDirectory = "/home/${psCfg.user.name}"; + home.stateVersion = "22.11"; home.packages = with pkgs; []; diff --git a/profiles/base-user/mimeapps.nix b/modules/user/mimeapps.nix similarity index 100% rename from profiles/base-user/mimeapps.nix rename to modules/user/mimeapps.nix diff --git a/profiles/base-user/session-variables.nix b/modules/user/session-variables.nix similarity index 100% rename from profiles/base-user/session-variables.nix rename to modules/user/session-variables.nix diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 0000000..aa0d0ea --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,8 @@ +[ + (import ../pkgs) + (import ./blesh.nix) + (import ./manix.nix) + (import ./rnix-lsp.nix) + (import ./neovim-plugins.nix) + (import ./signal-desktop.nix) +] diff --git a/profiles/audio/default.nix b/profiles/audio/default.nix deleted file mode 100644 index 10e186d..0000000 --- a/profiles/audio/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - pub-solar.audio.enable = true; -} diff --git a/profiles/base-user/default.nix b/profiles/base-user/default.nix deleted file mode 100644 index 578b35b..0000000 --- a/profiles/base-user/default.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - psCfg = config.pub-solar; -in { - imports = [ - ./home.nix - ]; - - users = { - mutableUsers = false; - - users = with pkgs; - pkgs.lib.setAttrByPath [psCfg.user.name] { - # Indicates whether this is an account for a “real” user. - # This automatically sets group to users, createHome to true, - # home to /home/username, useDefaultShell to true, and isSystemUser to false. - isNormalUser = true; - description = psCfg.user.description; - extraGroups = [ - "input" - "lp" - "networkmanager" - "scanner" - "video" - "dialout" - "wheel" - ]; - shell = pkgs.bash; - initialHashedPassword = - if psCfg.user.password != null - then psCfg.user.password - else ""; - openssh.authorizedKeys.keys = - if psCfg.user.publicKeys != null - then psCfg.user.publicKeys - else []; - }; - }; -} diff --git a/profiles/core/default.nix b/profiles/core/default.nix deleted file mode 100644 index b26f172..0000000 --- a/profiles/core/default.nix +++ /dev/null @@ -1,109 +0,0 @@ -{ - self, - config, - lib, - pkgs, - inputs, - ... -}: let - inherit (lib) fileContents; -in { - # Sets nrdxp.cachix.org binary cache which just speeds up some builds - imports = [../cachix]; - - config = { - pub-solar.terminal-life.enable = true; - pub-solar.audio.enable = true; - pub-solar.crypto.enable = true; - pub-solar.devops.enable = true; - - # This is just a representation of the nix default - nix.systemFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"]; - - environment = { - systemPackages = with pkgs; [ - # Core unix utility packages - coreutils-full - progress - dnsutils - inetutils - mtr - pciutils - usbutils - gitFull - git-lfs - git-bug - wget - openssl - openssh - curl - htop - lsof - psmisc - xdg-utils - sysfsutils - renameutils - nfs-utils - moreutils - mailutils - keyutils - input-utils - elfutils - binutils - dateutils - diffutils - findutils - exfat - file - - # zippit - zip - unzip - - # Modern modern utilities - p7zip - croc - jq - - # Nix specific utilities - niv - manix - nix-index - nix-tree - nixpkgs-review - # Build broken, python2.7-PyJWT-2.0.1.drv' failed - #nixops - psos - nvd - - # Fun - neofetch - ]; - }; - - fonts = { - fonts = with pkgs; [powerline-fonts dejavu_fonts]; - - fontconfig.defaultFonts = { - monospace = ["DejaVu Sans Mono for Powerline"]; - - sansSerif = ["DejaVu Sans"]; - }; - }; - - # For rage encryption, all hosts need a ssh key pair - services.openssh = { - enable = true; - openFirewall = lib.mkDefault true; - passwordAuthentication = false; - }; - - # Service that makes Out of Memory Killer more effective - services.earlyoom.enable = true; - - # Use latest LTS linux kernel by default - boot.kernelPackages = pkgs.linuxPackages_5_15; - - boot.supportedFilesystems = ["ntfs"]; - }; -} diff --git a/profiles/full-install/default.nix b/profiles/full-install/default.nix deleted file mode 100644 index 908b499..0000000 --- a/profiles/full-install/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - config = { - pub-solar.audio.bluetooth.enable = true; - pub-solar.docker.enable = true; - pub-solar.nextcloud.enable = true; - pub-solar.office.enable = true; - # pub-solar.printing.enable = true; # this is enabled automatically if office is enabled - }; -} diff --git a/profiles/gaming/default.nix b/profiles/gaming/default.nix deleted file mode 100644 index 48c7f6f..0000000 --- a/profiles/gaming/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - pub-solar.gaming.enable = true; -} diff --git a/profiles/graphical/default.nix b/profiles/graphical/default.nix deleted file mode 100644 index c4937b3..0000000 --- a/profiles/graphical/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - pub-solar.graphical.enable = true; - pub-solar.sway.enable = true; -} diff --git a/profiles/iot/default.nix b/profiles/iot/default.nix deleted file mode 100644 index eb37aab..0000000 --- a/profiles/iot/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - pub-solar.graphical.enable = false; - pub-solar.x-os.localProxyService.enable = false; - pub-solar.sway.enable = false; -} diff --git a/profiles/mobile/default.nix b/profiles/mobile/default.nix deleted file mode 100644 index ce35e38..0000000 --- a/profiles/mobile/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - pub-solar.mobile.enable = true; -} diff --git a/profiles/pub-solar-iso/default.nix b/profiles/pub-solar-iso/default.nix deleted file mode 100644 index fa97328..0000000 --- a/profiles/pub-solar-iso/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - config = { - pub-solar.graphical.wayland.software-renderer.enable = true; - pub-solar.sway.terminal = "foot"; - pub-solar.core.iso-options.enable = true; - }; -} diff --git a/profiles/social/default.nix b/profiles/social/default.nix deleted file mode 100644 index fb04d9e..0000000 --- a/profiles/social/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - pub-solar.social.enable = true; -} diff --git a/profiles/virtualisation/default.nix b/profiles/virtualisation/default.nix deleted file mode 100644 index 2dd2c4f..0000000 --- a/profiles/virtualisation/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - pub-solar.virtualisation.enable = true; -} diff --git a/users/b12f/concepts-and-training.nix b/users/b12f/concepts-and-training.nix index 4382d8b..f009424 100644 --- a/users/b12f/concepts-and-training.nix +++ b/users/b12f/concepts-and-training.nix @@ -2,7 +2,7 @@ config, pkgs, lib, - self, + flake, ... }: with lib; let @@ -10,13 +10,13 @@ with lib; let xdg = config.home-manager.users."${psCfg.user.name}".xdg; in { age.secrets."cat-test.ovpn" = { - file = "${self}/secrets/cat-test.ovpn"; + file = "${flake.self}/secrets/cat-test.ovpn"; mode = "700"; owner = psCfg.user.name; }; age.secrets.".fwknoprc" = { - file = "${self}/secrets/.fwknoprc"; + file = "${flake.self}/secrets/.fwknoprc"; mode = "600"; }; diff --git a/users/b12f/default.nix b/users/b12f/default.nix index c83bacd..6e8e06a 100644 --- a/users/b12f/default.nix +++ b/users/b12f/default.nix @@ -1,9 +1,8 @@ { - self, config, - hmUsers, pkgs, lib, + flake, ... }: let psCfg = config.pub-solar; @@ -14,12 +13,10 @@ in { ]; config = { - home-manager.users = {inherit (hmUsers) b12f;}; - services.yubikey-agent.enable = true; age.secrets.b12f-env-secrets = { - file = "${self}/secrets/b12f-env-secrets"; + file = "${flake.self}/secrets/b12f-env-secrets"; mode = "400"; owner = psCfg.user.name; }; @@ -57,8 +54,12 @@ in { arduino.enable = true; email.enable = true; uhk.enable = true; + social.enable = false; + gaming.enable = false; + mobile.enable = false; audio.spotify.enable = true; audio.spotify.username = "spotify@benjaminbaedorf.eu"; + audio.mopidy.enable = false; }; # Needed for the udev rules for solaar diff --git a/users/b12f/home.nix b/users/b12f/home.nix index f0351a3..78ddd2f 100644 --- a/users/b12f/home.nix +++ b/users/b12f/home.nix @@ -2,7 +2,7 @@ config, pkgs, lib, - self, + flake, ... }: with lib; let @@ -14,8 +14,6 @@ in { ./concepts-and-training.nix ]; - pub-solar.audio.mopidy.enable = false; - home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] { home.packages = with pkgs; [ present-md @@ -119,7 +117,7 @@ in { }; age.secrets."mopidy.conf" = { - file = "${self}/secrets/mopidy.conf"; + file = "${flake.self}/secrets/mopidy.conf"; mode = "700"; owner = "b12f"; }; diff --git a/users/default.nix b/users/default.nix new file mode 100644 index 0000000..856549b --- /dev/null +++ b/users/default.nix @@ -0,0 +1,9 @@ +{ + flake = { + nixosModules = rec { + root = import ./root; + b12f = import ./b12f; + yule = import ./yule; + }; + }; +} diff --git a/users/pub-solar/default.nix b/users/pub-solar/default.nix index ce4b74b..93138fc 100644 --- a/users/pub-solar/default.nix +++ b/users/pub-solar/default.nix @@ -1,6 +1,4 @@ -{hmUsers, ...}: { - home-manager.users = {inherit (hmUsers) pub-solar;}; - +{config, ...}: { pub-solar = { # These are your personal settings # The only required settings are `name` and `password`, diff --git a/users/yule/default.nix b/users/yule/default.nix index 3ac3b75..0aa3545 100644 --- a/users/yule/default.nix +++ b/users/yule/default.nix @@ -1,6 +1,5 @@ { config, - hmUsers, pkgs, lib, ... @@ -8,8 +7,6 @@ psCfg = config.pub-solar; in { config = { - home-manager.users = {inherit (hmUsers) yule;}; - pub-solar = { # These are your personal settings # The only required settings are `name` and `password`,