refactor: Remove digga
Some checks failed
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is failing

This commit is contained in:
Benjamin Bädorf 2023-09-12 22:07:05 +02:00
parent 3fcb1e3c4e
commit 13ad9a26f3
No known key found for this signature in database
GPG key ID: 4406E80E13CD656C
75 changed files with 653 additions and 1111 deletions

View file

@ -5,7 +5,7 @@
"adblockStevenBlack": "adblockStevenBlack", "adblockStevenBlack": "adblockStevenBlack",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixos" "nixpkgs"
] ]
}, },
"locked": { "locked": {
@ -41,10 +41,10 @@
"agenix": { "agenix": {
"inputs": { "inputs": {
"darwin": [ "darwin": [
"darwin" "nix-darwin"
], ],
"nixpkgs": [ "nixpkgs": [
"nixos" "nixpkgs"
] ]
}, },
"locked": { "locked": {
@ -61,32 +61,12 @@
"type": "github" "type": "github"
} }
}, },
"darwin": {
"inputs": {
"nixpkgs": [
"nixos"
]
},
"locked": {
"lastModified": 1688307440,
"narHash": "sha256-7PTjbN+/+b799YN7Tk2SS5Vh8A0L3gBo8hmB7Y0VXug=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "b06bab83bdf285ea0ae3c8e145a081eb95959047",
"type": "github"
},
"original": {
"owner": "LnL7",
"repo": "nix-darwin",
"type": "github"
}
},
"deno2nix": { "deno2nix": {
"inputs": { "inputs": {
"devshell": "devshell_3", "devshell": "devshell_2",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_5", "flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1686513235, "lastModified": 1686513235,
@ -102,22 +82,22 @@
"url": "https://git.pub.solar/b12f/deno2.nix.git" "url": "https://git.pub.solar/b12f/deno2.nix.git"
} }
}, },
"deploy": { "deploy-rs": {
"inputs": { "inputs": {
"flake-compat": [ "flake-compat": [
"flake-compat" "flake-compat"
], ],
"nixpkgs": [ "nixpkgs": [
"nixos" "nixpkgs"
], ],
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1686747123, "lastModified": 1695052866,
"narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=", "narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=",
"owner": "serokell", "owner": "serokell",
"repo": "deploy-rs", "repo": "deploy-rs",
"rev": "724463b5a94daa810abfc64a4f87faef4e00f984", "rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -127,28 +107,6 @@
} }
}, },
"devshell": { "devshell": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"digga",
"nixpkgs"
]
},
"locked": {
"lastModified": 1671489820,
"narHash": "sha256-qoei5HDJ8psd1YUPD7DhbHdhLIT9L2nadscp4Qk37uk=",
"owner": "numtide",
"repo": "devshell",
"rev": "5aa3a8039c68b4bf869327446590f4cdf90bb634",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"devshell_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"keycloak-theme-pub-solar", "keycloak-theme-pub-solar",
@ -170,7 +128,7 @@
"type": "github" "type": "github"
} }
}, },
"devshell_3": { "devshell_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"scan2paperless", "scan2paperless",
@ -193,7 +151,7 @@
"type": "github" "type": "github"
} }
}, },
"devshell_4": { "devshell_3": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"scan2paperless", "scan2paperless",
@ -215,46 +173,6 @@
"type": "github" "type": "github"
} }
}, },
"digga": {
"inputs": {
"darwin": [
"darwin"
],
"deploy": [
"deploy"
],
"devshell": "devshell",
"flake-compat": [
"flake-compat"
],
"flake-utils": "flake-utils_3",
"flake-utils-plus": "flake-utils-plus",
"home-manager": [
"home"
],
"nixlib": [
"nixos"
],
"nixpkgs": [
"nixos"
],
"nixpkgs-unstable": "nixpkgs-unstable"
},
"locked": {
"lastModified": 1674947971,
"narHash": "sha256-6gKqegJHs72jnfFP9g2sihl4fIZgtKgKuqU2rCkIdGY=",
"owner": "pub-solar",
"repo": "digga",
"rev": "2da608bd8afb48afef82c6b1b6d852a36094a497",
"type": "github"
},
"original": {
"owner": "pub-solar",
"ref": "fix/bootstrap-iso",
"repo": "digga",
"type": "github"
}
},
"fix-atomic-container-restarts": { "fix-atomic-container-restarts": {
"locked": { "locked": {
"lastModified": 1688325567, "lastModified": 1688325567,
@ -319,6 +237,24 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1693611461,
"narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1659877975, "lastModified": 1659877975,
@ -334,59 +270,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils-plus": {
"inputs": {
"flake-utils": [
"digga",
"flake-utils"
]
},
"locked": {
"lastModified": 1654029967,
"narHash": "sha256-my3GQ3mQIw/1f6GPV1IhUZrcYQSWh0YJAMPNBjhXJDw=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "6271cf3842ff9c8a9af9e3508c547f86bc77d199",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"ref": "refs/pull/120/head",
"repo": "flake-utils-plus",
"type": "github"
}
},
"flake-utils_2": { "flake-utils_2": {
"locked": {
"lastModified": 1642700792,
"narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_2"
}, },
@ -404,7 +288,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_5": { "flake-utils_3": {
"inputs": { "inputs": {
"systems": "systems_4" "systems": "systems_4"
}, },
@ -422,7 +306,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_6": { "flake-utils_4": {
"inputs": { "inputs": {
"systems": "systems_6" "systems": "systems_6"
}, },
@ -440,18 +324,18 @@
"type": "github" "type": "github"
} }
}, },
"home": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixos" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1687871164, "lastModified": 1695108154,
"narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=", "narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38", "rev": "07682fff75d41f18327a871088d20af2710d4744",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -463,10 +347,10 @@
}, },
"keycloak-theme-pub-solar": { "keycloak-theme-pub-solar": {
"inputs": { "inputs": {
"devshell": "devshell_2", "devshell": "devshell",
"flake-utils": "flake-utils_4", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"nixos" "nixpkgs"
] ]
}, },
"locked": { "locked": {
@ -484,22 +368,6 @@
"url": "https://git.pub.solar/pub-solar/keycloak-theme" "url": "https://git.pub.solar/pub-solar/keycloak-theme"
} }
}, },
"latest": {
"locked": {
"lastModified": 1693663421,
"narHash": "sha256-ImMIlWE/idjcZAfxKK8sQA7A1Gi/O58u5/CJA+mxvl8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e56990880811a451abd32515698c712788be5720",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"master": { "master": {
"locked": { "locked": {
"lastModified": 1693817516, "lastModified": 1693817516,
@ -534,19 +402,39 @@
"type": "github" "type": "github"
} }
}, },
"nixos": { "nix-darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1693636127, "lastModified": 1695686713,
"narHash": "sha256-ZlS/lFGzK7BJXX2YVGnP3yZi3T9OLOEtBCyMJsb91U8=", "narHash": "sha256-rJATx5B/nwlBpt7CJUf85LV27qWPbul5UVV8fu6ABPg=",
"owner": "nixos", "owner": "lnl7",
"repo": "nixpkgs", "repo": "nix-darwin",
"rev": "9075cba53e86dc318d159aee55dc9a7c9a4829c1", "rev": "e236a1e598a9a59265897948ac9874c364b9555f",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "lnl7",
"ref": "nixos-23.05", "ref": "master",
"repo": "nixpkgs", "repo": "nix-darwin",
"type": "github"
}
},
"nixos-flake": {
"locked": {
"lastModified": 1692742948,
"narHash": "sha256-19LQQFGshuQNrrXZYVt+mWY0O3NbhEXeMy3MZwzYZGo=",
"owner": "srid",
"repo": "nixos-flake",
"rev": "2c25190ceacdaaae7e8afbecfa87096bb499a431",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "nixos-flake",
"type": "github" "type": "github"
} }
}, },
@ -581,23 +469,41 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1672791794, "dir": "lib",
"narHash": "sha256-mqGPpGmwap0Wfsf3o2b6qHJW1w2kk/I6cGCGIU+3t6o=", "lastModified": 1693471703,
"owner": "nixos", "narHash": "sha256-0l03ZBL8P1P6z8MaSDS/MvuU8E75rVxe5eE1N6gxeTo=",
"owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9813adc7f7c0edd738c6bdd8431439688bb0cb3d", "rev": "3e52e76b70d5508f3cec70b882a29199f4d1ee85",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1696039360,
"narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "32dcb45f66c0487e92db8303a798ebc548cadedc",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1686412476, "lastModified": 1686412476,
"narHash": "sha256-inl9SVk6o5h75XKC79qrDCAobTD1Jxh6kVYTZKHzewA=", "narHash": "sha256-inl9SVk6o5h75XKC79qrDCAobTD1Jxh6kVYTZKHzewA=",
@ -613,7 +519,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1693158576, "lastModified": 1693158576,
"narHash": "sha256-aRTTXkYvhXosGx535iAFUaoFboUrZSYb1Ooih/auGp0=", "narHash": "sha256-aRTTXkYvhXosGx535iAFUaoFboUrZSYb1Ooih/auGp0=",
@ -633,28 +539,29 @@
"inputs": { "inputs": {
"adblock-unbound": "adblock-unbound", "adblock-unbound": "adblock-unbound",
"agenix": "agenix", "agenix": "agenix",
"darwin": "darwin", "deploy-rs": "deploy-rs",
"deploy": "deploy",
"digga": "digga",
"fix-atomic-container-restarts": "fix-atomic-container-restarts", "fix-atomic-container-restarts": "fix-atomic-container-restarts",
"fix-yubikey-agent": "fix-yubikey-agent", "fix-yubikey-agent": "fix-yubikey-agent",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"home": "home", "flake-parts": "flake-parts",
"home-manager": "home-manager",
"keycloak-theme-pub-solar": "keycloak-theme-pub-solar", "keycloak-theme-pub-solar": "keycloak-theme-pub-solar",
"latest": "latest",
"master": "master", "master": "master",
"musnix": "musnix", "musnix": "musnix",
"nixos": "nixos", "nix-darwin": "nix-darwin",
"nixos-flake": "nixos-flake",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"scan2paperless": "scan2paperless" "nixpkgs": "nixpkgs_2",
"scan2paperless": "scan2paperless",
"unstable": "unstable"
} }
}, },
"scan2paperless": { "scan2paperless": {
"inputs": { "inputs": {
"deno2nix": "deno2nix", "deno2nix": "deno2nix",
"devshell": "devshell_4", "devshell": "devshell_3",
"flake-utils": "flake-utils_6", "flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
"lastModified": 1693298356, "lastModified": 1693298356,
@ -760,6 +667,22 @@
"type": "github" "type": "github"
} }
}, },
"unstable": {
"locked": {
"lastModified": 1696019113,
"narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"utils": { "utils": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1667395993,

291
flake.nix
View file

@ -1,42 +1,36 @@
{ {
description = "A highly structured configuration database."; description = "b12f hosts";
nixConfig.extra-experimental-features = "nix-command flakes"; nixConfig.extra-experimental-features = "nix-command flakes";
inputs = { inputs = {
# Track channels with commits tested and built by hydra # Track channels with commits tested and built by hydra
nixos.url = "github:nixos/nixpkgs/nixos-23.05"; nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
latest.url = "github:nixos/nixpkgs/nixos-unstable"; unstable.url = "github:nixos/nixpkgs/nixos-unstable";
flake-compat.url = "github:edolstra/flake-compat"; flake-compat.url = "github:edolstra/flake-compat";
flake-compat.flake = false; flake-compat.flake = false;
digga.url = "github:pub-solar/digga/fix/bootstrap-iso"; nix-darwin.url = "github:lnl7/nix-darwin/master";
digga.inputs.nixpkgs.follows = "nixos"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
digga.inputs.nixlib.follows = "nixos"; home-manager.url = "github:nix-community/home-manager/release-23.05";
digga.inputs.home-manager.follows = "home"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
digga.inputs.deploy.follows = "deploy";
digga.inputs.darwin.follows = "darwin";
digga.inputs.flake-compat.follows = "flake-compat";
home.url = "github:nix-community/home-manager/release-23.05"; flake-parts.url = "github:hercules-ci/flake-parts";
home.inputs.nixpkgs.follows = "nixos"; nixos-flake.url = "github:srid/nixos-flake";
darwin.url = "github:LnL7/nix-darwin"; deploy-rs.url = "github:serokell/deploy-rs";
darwin.inputs.nixpkgs.follows = "nixos"; deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
deploy-rs.inputs.flake-compat.follows = "flake-compat";
deploy.url = "github:serokell/deploy-rs";
deploy.inputs.nixpkgs.follows = "nixos";
deploy.inputs.flake-compat.follows = "flake-compat";
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixos"; agenix.inputs.nixpkgs.follows = "nixpkgs";
agenix.inputs.darwin.follows = "darwin"; agenix.inputs.darwin.follows = "nix-darwin";
nixos-hardware.url = "github:nixos/nixos-hardware"; nixos-hardware.url = "github:nixos/nixos-hardware";
keycloak-theme-pub-solar.url = "git+https://git.pub.solar/pub-solar/keycloak-theme?ref=main"; keycloak-theme-pub-solar.url = "git+https://git.pub.solar/pub-solar/keycloak-theme?ref=main";
keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixos"; keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixpkgs";
master.url = "github:nixos/nixpkgs/master"; master.url = "github:nixos/nixpkgs/master";
fix-yubikey-agent.url = "github:pub-solar/nixpkgs/fix/use-latest-unstable-yubikey-agent"; fix-yubikey-agent.url = "github:pub-solar/nixpkgs/fix/use-latest-unstable-yubikey-agent";
@ -45,177 +39,114 @@
musnix.url = "github:musnix/musnix"; musnix.url = "github:musnix/musnix";
adblock-unbound.url = "github:MayNiklas/nixos-adblock-unbound"; adblock-unbound.url = "github:MayNiklas/nixos-adblock-unbound";
adblock-unbound.inputs.nixpkgs.follows = "nixos"; adblock-unbound.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { outputs = inputs@{ self, ... }:
self, inputs.flake-parts.lib.mkFlake { inherit inputs; } {
digga, systems = [
nixos, "x86_64-linux"
home, "aarch64-linux"
nixos-hardware, "x86_64-darwin"
agenix, "aarch64-darwin"
deploy,
scan2paperless,
musnix,
...
} @ inputs:
digga.lib.mkFlake
{
inherit self inputs;
channelsConfig = {
allowUnfree = true;
};
supportedSystems = ["x86_64-linux" "aarch64-linux" "aarch64-darwin"];
channels = {
nixos = {
imports = [(digga.lib.importOverlays ./overlays)];
overlays = [
(self: super: {
deploy-rs = {
inherit (inputs.nixos.legacyPackages.x86_64-linux) deploy-rs;
lib = inputs.deploy.lib.x86_64-linux;
};
})
];
};
latest = {};
};
lib = import ./lib {lib = digga.lib // nixos.lib;};
sharedOverlays = [
(final: prev: {
__dontExport = true;
lib = prev.lib.extend (lfinal: lprev: {
our = self.lib;
});
})
agenix.overlays.default
(import ./pkgs)
]; ];
nixos = { imports = [
hostDefaults = { inputs.nixos-flake.flakeModule
system = "x86_64-linux"; ./modules
channelName = "nixos"; ./hosts
imports = [(digga.lib.importExportableModules ./modules)]; ./users
modules = [ ];
{lib.our = self.lib;}
# FIXME: upstream module causes a huge number of unnecessary perSystem = args@{ system, pkgs, config, ... }: {
# dependencies to be pulled in for all systems -- many of them are _module.args = {
# graphical. should only be imported as needed. inherit inputs;
# digga.nixosModules.bootstrapIso pkgs = import inputs.nixpkgs {
digga.nixosModules.nixConfig inherit system;
home.nixosModules.home-manager overlays = [
agenix.nixosModules.age inputs.agenix.overlays.default
musnix.nixosModules.musnix ];
};
unstable = import inputs.unstable { inherit system; };
master = import inputs.master { inherit system; };
fix-yubikey-agent = import inputs.fix-yubikey-agent { inherit system; };
};
devShells.default = pkgs.mkShell {
buildInputs = [
pkgs.nixpkgs-fmt
pkgs.agenix
pkgs.ssh-to-age
]; ];
}; };
imports = [(digga.lib.importHosts ./hosts)];
hosts = {
# Set host-specific properties here
bootstrap = {
modules = [
digga.nixosModules.bootstrapIso
];
};
PubSolarOS = {
tests = [
#(import ./tests/first-test.nix {
# pkgs = nixos.legacyPackages.x86_64-linux;
# lib = nixos.lib;
#})
];
};
pie = {
system = "aarch64-linux";
modules = [nixos-hardware.nixosModules.raspberry-pi-4];
};
maoam = {
system = "aarch64-linux";
};
};
importables = rec {
profiles =
digga.lib.rakeLeaves ./profiles
// {
users = digga.lib.rakeLeaves ./users;
};
suites = with profiles; rec {
base = [users.pub-solar users.root];
iso = base ++ [base-user graphical pub-solar-iso];
pubsolaros = [full-install base-user users.root];
anonymous = [pubsolaros users.pub-solar];
b12f = pubsolaros ++ [users.b12f social gaming mobile];
biolimo = b12f ++ [graphical];
chocolatebar = b12f ++ [graphical virtualisation];
yule = pubsolaros ++ [users.yule];
droppie = yule ++ [];
pie = yule ++ [];
maoam = b12f ++ [];
};
};
}; };
home = { flake = {
imports = [(digga.lib.importExportableModules ./users/modules)]; nixosModules = rec {
modules = []; base.imports = [
importables = rec { self.nixosModules.home-manager
profiles = digga.lib.rakeLeaves ./users/profiles; inputs.agenix.nixosModules.default
suites = with profiles; rec { inputs.musnix.nixosModules.musnix
base = [direnv git];
};
};
users = let
default = {suites, ...}: {
imports = suites.base;
home.stateVersion = "21.03";
};
in {
pub-solar = default;
b12f = default;
yule = default;
};
};
devshell = ./shell; ({
flake,
pkgs,
lib,
unstable,
master,
fix-yubikey-agent,
...
}: {
nixpkgs.overlays = (import ./overlays) ++ [
(prev: next: {
scan2paperless = inputs.scan2paperless.legacyPackages.${prev.system}.scan2paperless;
nixd = inputs.unstable.legacyPackages.${prev.system}.nixd;
yubikey-agent = inputs.fix-yubikey-agent.legacyPackages.${prev.system}.yubikey-agent;
homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations; factorio-headless = inputs.master.legacyPackages.${prev.system}.factorio-headless;
paperless-ngx = inputs.master.legacyPackages.${prev.system}.paperless-ngx;
waybar = inputs.master.legacyPackages.${prev.system}.waybar;
element-desktop = inputs.master.legacyPackages.${prev.system}.element-desktop;
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { adlist = inputs.adblock-unbound.packages.${prev.system};
droppie = { })
hostname = "backup.b12f.io"; ];
sshUser = "yule";
nix.nixPath = [
"nixpkgs=${inputs.nixpkgs}"
"nixos-config=${./lib/compat/nixos}"
"home-manager=${inputs.home-manager}"
];
})
self.nixosModules.arduino
self.nixosModules.audio
self.nixosModules.ci-runner
self.nixosModules.core
self.nixosModules.crypto
self.nixosModules.devops
self.nixosModules.docker
self.nixosModules.docker-ci-runner
self.nixosModules.email
self.nixosModules.gaming
self.nixosModules.graphical
self.nixosModules.mobile
self.nixosModules.nix
self.nixosModules.nextcloud
self.nixosModules.office
self.nixosModules.paperless
self.nixosModules.paranoia
self.nixosModules.printing
self.nixosModules.social
self.nixosModules.sway
self.nixosModules.terminal-life
self.nixosModules.uhk
self.nixosModules.user
self.nixosModules.virtualisation
self.nixosModules.root
];
}; };
pie = {
sshUser = "yule";
};
maoam = {
sshUser = "b12f";
};
#example = {
# hostname = "example.com:22";
# sshUser = "bartender";
# fastConnect = true;
# profilesOrder = ["system" "direnv"];
# profiles.direnv = {
# user = "bartender";
# path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.bartender;
# };
#};
}; };
}; };
} }

View file

@ -1,21 +0,0 @@
{suites, ...}: {
### root password is empty by default ###
### default password: pub-solar, optional: add your SSH keys
imports =
suites.iso;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.networkmanager.enable = true;
fileSystems."/" = {device = "/dev/disk/by-label/nixos";};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
}

View file

@ -1,47 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib; let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
imports = [
./configuration.nix
];
config = {
pub-solar.paranoia.enable = true;
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
pub-solar.core.hibernation.resumeOffset = 15296512;
hardware.cpu.intel.updateMicrocode = true;
networking.networkmanager.wifi.backend = mkForce "wpa_supplicant";
services.printing.drivers = [
pkgs.cups-brother-hl3140cw
];
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
xdg.configFile = mkIf psCfg.sway.enable {
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
};
home.packages = [
inkscape
];
};
# For OpenProject development with https
security.pki.certificates = [
(builtins.readFile ./step-roots.pem)
];
};
}

View file

@ -1,20 +1,51 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ {
config, config,
lib,
pkgs, pkgs,
... ...
}: { }:
imports = [ with lib; let
# Include the results of the hardware scan. psCfg = config.pub-solar;
./hardware-configuration.nix xdg = config.home-manager.users."${psCfg.user.name}".xdg;
]; in {
pub-solar.graphical.enable = true;
pub-solar.sway.enable = true;
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
pub-solar.paranoia.enable = true;
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
pub-solar.core.hibernation.resumeOffset = 15296512;
hardware.cpu.intel.updateMicrocode = true;
networking.networkmanager.wifi.backend = mkForce "wpa_supplicant";
services.printing.drivers = [
pkgs.cups-brother-hl3140cw
];
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
xdg.configFile = mkIf psCfg.sway.enable {
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
};
home.packages = [
inkscape
];
};
# For OpenProject development with https
security.pki.certificates = [
(builtins.readFile ./step-roots.pem)
];
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave

View file

@ -1,7 +1,6 @@
{suites, ...}: { {...}: {
imports = imports = [
[ ./configuration.nix
./biolimo.nix ./hardware-configuration.nix
] ];
++ suites.biolimo;
} }

View file

@ -1,54 +0,0 @@
{
config,
lib,
pkgs,
profiles,
...
}:
with lib; let
# Gets hostname of host to be bundled inside iso
# Copied from https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L3-L11
getFqdn = config: let
net = config.networking;
fqdn =
if (net ? domain) && (net.domain != null)
then "${net.hostName}.${net.domain}"
else net.hostName;
in
fqdn;
in {
# build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"`
imports = [
# profiles.networking
profiles.users.root # make sure to configure ssh keys
profiles.users.pub-solar
profiles.base-user
profiles.graphical
profiles.pub-solar-iso
];
config = {
boot.loader.systemd-boot.enable = true;
# will be overridden by the bootstrapIso instrumentation
fileSystems."/" = {device = "/dev/disk/by-label/nixos";};
system.nixos.label = "PubSolarOS-" + config.system.nixos.version;
# mkForce because a similar transformation gets double applied otherwise
# https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L17
# https://github.com/NixOS/nixpkgs/blob/aecd4d8349b94f9bd5718c74a5b789f233f67326/nixos/modules/installer/cd-dvd/installation-cd-base.nix#L21-L22
isoImage = {
isoBaseName = mkForce (getFqdn config);
isoName = mkForce "${config.system.nixos.label}-${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso";
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
};
}

View file

@ -1,109 +0,0 @@
{
config,
pkgs,
lib,
self,
inputs,
...
}:
with lib; let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
imports = [
./configuration.nix
./virtualisation
./factorio
];
config = {
hardware.cpu.amd.updateMicrocode = true;
hardware.opengl.extraPackages = with pkgs; [
rocm-opencl-icd
rocm-opencl-runtime
];
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
pub-solar.core.hibernation.resumeOffset = 115075072;
pub-solar.paperless.sync.masterNode = true;
age.secrets."drone-runner-exec-config" = {
file = "${self}/secrets/drone-runner-exec-config";
mode = "400";
owner = psCfg.user.name;
};
pub-solar.docker-ci-runner = {
enable = true;
runnerVarsFile = config.age.secrets.drone-runner-exec-config.path;
};
pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004";
services.openssh.openFirewall = true;
networking.firewall.allowedTCPPorts =
[443]
++ (
if psCfg.sway.vnc.enable
then [5901]
else []
);
networking.firewall.allowedUDPPorts = [43050];
environment.systemPackages = with pkgs; [
wayvnc
drone-docker-runner
stdenv.cc.cc.lib
pkgs.hplip
];
age.secrets."vnc-key.pem" = {
file = "${self}/secrets/vnc-key-chocolatebar.pem";
mode = "400";
owner = psCfg.user.name;
};
age.secrets."vnc-cert.pem" = {
file = "${self}/secrets/vnc-cert-chocolatebar.pem";
mode = "400";
owner = psCfg.user.name;
};
pub-solar.sway.vnc.enable = true;
services.printing.drivers = [
pkgs.cups-brother-hl3140cw
];
services.udev.extraRules = ''
SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0"
'';
home-manager.users."${psCfg.user.name}" = {
xdg.configFile = mkIf psCfg.sway.enable {
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
};
home.sessionVariables = {
NIX_CC = "${pkgs.stdenv.cc}";
};
home.packages = with pkgs; [
lmms
audacity
];
};
musnix = {
enable = true;
kernel.realtime = true;
};
# For OpenProject development with https
security.pki.certificates = [
(builtins.readFile ./step-roots.pem)
];
};
}

View file

@ -1,20 +1,112 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ {
config, config,
pkgs, pkgs,
flake,
lib,
... ...
}: { }:
imports = [ with lib; let
# Include the results of the hardware scan. psCfg = config.pub-solar;
./hardware-configuration.nix xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
pub-solar.graphical.enable = true;
pub-solar.sway.enable = true;
pub-solar.virtualisation.enable = true;
hardware.cpu.amd.updateMicrocode = true;
hardware.opengl.extraPackages = with pkgs; [
rocm-opencl-icd
rocm-opencl-runtime
]; ];
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
pub-solar.paranoia.enable = true;
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
pub-solar.core.hibernation.resumeOffset = 115075072;
pub-solar.paperless.sync.masterNode = true;
age.secrets."drone-runner-exec-config" = {
file = "${flake.self}/secrets/drone-runner-exec-config";
mode = "400";
owner = psCfg.user.name;
};
pub-solar.docker-ci-runner = {
enable = true;
runnerVarsFile = config.age.secrets.drone-runner-exec-config.path;
};
pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004";
services.openssh.openFirewall = true;
networking.firewall.allowedTCPPorts =
[443]
++ (
if psCfg.sway.vnc.enable
then [5901]
else []
);
networking.firewall.allowedUDPPorts = [43050];
environment.systemPackages = with pkgs; [
wayvnc
drone-docker-runner
stdenv.cc.cc.lib
pkgs.hplip
];
age.secrets."vnc-key.pem" = {
file = "${flake.self}/secrets/vnc-key-chocolatebar.pem";
mode = "400";
owner = psCfg.user.name;
};
age.secrets."vnc-cert.pem" = {
file = "${flake.self}/secrets/vnc-cert-chocolatebar.pem";
mode = "400";
owner = psCfg.user.name;
};
pub-solar.sway.vnc.enable = true;
services.printing.drivers = [
pkgs.cups-brother-hl3140cw
];
services.udev.extraRules = ''
SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0"
'';
home-manager.users."${psCfg.user.name}" = {
xdg.configFile = mkIf psCfg.sway.enable {
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
};
home.sessionVariables = {
NIX_CC = "${pkgs.stdenv.cc}";
};
home.packages = with pkgs; [
lmms
audacity
];
};
musnix = {
enable = true;
kernel.realtime = true;
};
# For OpenProject development with https
security.pki.certificates = [
(builtins.readFile ./step-roots.pem)
];
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave

View file

@ -1,7 +1,9 @@
{suites, ...}: { {...}: {
imports = imports = [
[ ./configuration.nix
./chocolatebar.nix ./hardware-configuration.nix
]
++ suites.chocolatebar; ./virtualisation
# ./factorio
];
} }

View file

@ -2,7 +2,6 @@
config, config,
pkgs, pkgs,
lib, lib,
self,
... ...
}: }:
with lib; let with lib; let

43
hosts/default.nix Normal file
View file

@ -0,0 +1,43 @@
{ withSystem, self, inputs, ...}:
{
flake = {
nixosConfigurations = {
biolimo = self.nixos-flake.lib.mkLinuxSystem {
nixpkgs.hostPlatform = "x86_64-linux";
imports = [
self.nixosModules.base
./biolimo
self.nixosModules.b12f
];
};
chocolatebar = self.nixos-flake.lib.mkLinuxSystem {
nixpkgs.hostPlatform = "x86_64-linux";
imports = [
self.nixosModules.base
./chocolatebar
self.nixosModules.b12f
];
};
pie = self.nixos-flake.lib.mkLinuxSystem {
nixpkgs.hostPlatform = "aarch64-linux";
imports = [
self.nixosModules.base
inputs.nixos-hardware.nixosModules.raspberry-pi-4
./pie
self.nixosModules.yule
];
};
maoam = self.nixos-flake.lib.mkLinuxSystem {
nixpkgs.hostPlatform = "aarch64-linux";
imports = [
self.nixosModules.base
./maoam
self.nixosModules.yule
];
};
};
};
}

View file

@ -1,17 +1,14 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ {
config, config,
pkgs, pkgs,
lib, lib,
flake,
... ...
}: { }:
imports = [ with lib; let
# Include the results of the hardware scan. psCfg = config.pub-solar;
./hardware-configuration.nix xdg = config.home-manager.users."${psCfg.user.name}".xdg;
]; in {
boot.loader.systemd-boot.enable = lib.mkForce false; boot.loader.systemd-boot.enable = lib.mkForce false;
boot.loader.grub = { boot.loader.grub = {
enable = true; enable = true;
@ -20,6 +17,47 @@
}; };
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
hardware.cpu.intel.updateMicrocode = true;
pub-solar.core.disk-encryption-active = false;
pub-solar.core.lite = true;
security.sudo.extraRules = [
{
users = ["${psCfg.user.name}"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
services.ddclient = {
enable = false;
ipv6 = true;
domains = ["backup.b12f.io"];
server = "ddns.hosting.de";
username = "b12f";
use = "web, web=https://ipcheck-ds.wieistmeineip.de/callback/, web-skip='ip\":\"'";
passwordFile = "/run/agenix/dyndns-droppie.key";
};
age.secrets."dyndns-droppie.key" = {
file = "${flake.self}/secrets/dyndns-droppie.key";
mode = "400";
owner = "root";
};
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQSephFJU0NMbVbhwvVJ2/m6jcPYo1IsWCsoarqKin root@droppie
age.secrets."droppie-ssh-root.key" = {
file = "${flake.self}/secrets/droppie-ssh-root.key";
path = "/home/${psCfg.user.name}/.ssh/id_ed25519";
mode = "400";
owner = psCfg.user.name;
};
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave

View file

@ -1,7 +1,9 @@
{suites, ...}: { {...}: {
imports = imports = [
[ ./configuration.nix
./droppie.nix ./hardware-configuration.nix
]
++ suites.droppie; ./nextcloud-web-tunnel.nix
./restic-backup.nix
];
} }

View file

@ -1,60 +0,0 @@
{
config,
pkgs,
lib,
self,
...
}:
with lib; let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
imports = [
./configuration.nix
./nextcloud-web-tunnel.nix
./restic-backup.nix
];
config = {
hardware.cpu.intel.updateMicrocode = true;
pub-solar.core.disk-encryption-active = false;
pub-solar.core.lite = true;
security.sudo.extraRules = [
{
users = ["${psCfg.user.name}"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
services.ddclient = {
enable = false;
ipv6 = true;
domains = ["backup.b12f.io"];
server = "ddns.hosting.de";
username = "b12f";
use = "web, web=https://ipcheck-ds.wieistmeineip.de/callback/, web-skip='ip\":\"'";
passwordFile = "/run/agenix/dyndns-droppie.key";
};
age.secrets."dyndns-droppie.key" = {
file = "${self}/secrets/dyndns-droppie.key";
mode = "400";
owner = "root";
};
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQSephFJU0NMbVbhwvVJ2/m6jcPYo1IsWCsoarqKin root@droppie
age.secrets."droppie-ssh-root.key" = {
file = "${self}/secrets/droppie-ssh-root.key";
path = "/home/${psCfg.user.name}/.ssh/id_ed25519";
mode = "400";
owner = psCfg.user.name;
};
};
}

View file

@ -2,7 +2,6 @@
config, config,
pkgs, pkgs,
lib, lib,
self,
... ...
}: }:
with lib; let with lib; let

View file

@ -5,13 +5,12 @@
config, config,
pkgs, pkgs,
lib, lib,
inputs,
... ...
}: { }:
imports = [ with lib; let
./hardware-configuration.nix psCfg = config.pub-solar;
]; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.efiSupport = true; boot.loader.grub.efiSupport = true;
boot.loader.grub.efiInstallAsRemovable = true; boot.loader.grub.efiInstallAsRemovable = true;
@ -27,6 +26,33 @@
boot.kernelPackages = pkgs.linuxPackages_6_1; boot.kernelPackages = pkgs.linuxPackages_6_1;
pub-solar.core.disk-encryption-active = false;
pub-solar.core.lite = true;
networking.defaultGateway = {
address = "192.168.178.1";
interface = "enabcm6e4ei0";
};
networking.interfaces.enabcm6e4ei0.ipv4.addresses = [
{
address = "192.168.178.2";
prefixLength = 24;
}
];
security.sudo.extraRules = [
{
users = ["${psCfg.user.name}"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave

View file

@ -1,7 +1,10 @@
{suites, ...}: { {...}: {
imports = imports = [
[ ./configuration.nix
./pie.nix ./hardware-configuration.nix
]
++ suites.pie; ./unbound.nix
./dhcpd.nix
./wake-droppie.nix
];
} }

View file

@ -1,47 +0,0 @@
{
config,
pkgs,
lib,
self,
...
}:
with lib; let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
imports = [
./configuration.nix
./unbound.nix
./dhcpd.nix
./wake-droppie.nix
];
config = {
pub-solar.core.disk-encryption-active = false;
pub-solar.core.lite = true;
networking.defaultGateway = {
address = "192.168.178.1";
interface = "enabcm6e4ei0";
};
networking.interfaces.enabcm6e4ei0.ipv4.addresses = [
{
address = "192.168.178.2";
prefixLength = 24;
}
];
security.sudo.extraRules = [
{
users = ["${psCfg.user.name}"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
};
}

View file

@ -1,7 +1,4 @@
{ pkgs, inputs, ... }: { pkgs, lib, ... }: {
let
adlist = inputs.adblock-unbound.packages.${pkgs.system};
in {
networking.firewall.allowedUDPPorts = [ 53 ]; networking.firewall.allowedUDPPorts = [ 53 ];
networking.firewall.allowedTCPPorts = [ 53 ]; networking.firewall.allowedTCPPorts = [ 53 ];
@ -10,7 +7,7 @@ in {
settings = { settings = {
server = { server = {
include = [ include = [
"\"${adlist.unbound-adblockStevenBlack}\"" "\"${pkgs.adlist.unbound-adblockStevenBlack}\""
]; ];
interface = [ "0.0.0.0" ]; interface = [ "0.0.0.0" ];
access-control = [ "192.168.178.0/24 allow" ]; access-control = [ "192.168.178.0/24 allow" ];

View file

@ -6,7 +6,7 @@
}: }:
with lib; let with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
cfg = config.pub-solar.devops; cfg = config.pub-solar.arduino;
in { in {
options.pub-solar.arduino = { options.pub-solar.arduino = {
enable = mkEnableOption "Life with home automation"; enable = mkEnableOption "Life with home automation";

View file

@ -2,7 +2,7 @@
lib, lib,
config, config,
pkgs, pkgs,
self, flake,
... ...
}: }:
with lib; let with lib; let
@ -37,7 +37,7 @@ in {
}; };
age.secrets."drone-runner-exec-config" = { age.secrets."drone-runner-exec-config" = {
file = "${self}/secrets/drone-runner-exec-config"; file = "${flake.self}/secrets/drone-runner-exec-config";
mode = "700"; mode = "700";
owner = psCfg.user.name; owner = psCfg.user.name;
}; };

View file

@ -12,7 +12,6 @@ in {
./fonts.nix ./fonts.nix
./i18n.nix ./i18n.nix
./networking.nix ./networking.nix
./nix.nix
./packages.nix ./packages.nix
./services.nix ./services.nix
]; ];

31
modules/default.nix Normal file
View file

@ -0,0 +1,31 @@
{
# Configuration common to all Linux systems
flake = {
nixosModules = {
arduino = import ./arduino;
audio = import ./audio;
ci-runner = import ./ci-runner;
core = import ./core;
crypto = import ./crypto;
devops = import ./devops;
docker = import ./docker;
docker-ci-runner = import ./docker-ci-runner;
email = import ./email;
gaming = import ./gaming;
graphical = import ./graphical;
mobile = import ./mobile;
nix = import ./nix;
nextcloud = import ./nextcloud;
office = import ./office;
paperless = import ./paperless;
paranoia = import ./paranoia;
printing = import ./printing;
social = import ./social;
sway = import ./sway;
terminal-life = import ./terminal-life;
uhk = import ./uhk;
user = import ./user;
virtualisation = import ./virtualisation;
};
};
}

View file

@ -2,7 +2,6 @@
lib, lib,
config, config,
pkgs, pkgs,
self,
... ...
}: }:
with lib; let with lib; let

View file

@ -1,11 +0,0 @@
{
channel,
inputs,
...
}: {
nix.nixPath = [
"nixpkgs=${channel.input}"
"nixos-config=${../lib/compat/nixos}"
"home-manager=${inputs.home}"
];
}

View file

@ -2,7 +2,7 @@
config, config,
pkgs, pkgs,
lib, lib,
inputs, flake,
... ...
}: { }: {
nix = { nix = {
@ -10,6 +10,7 @@
package = pkgs.nix; package = pkgs.nix;
gc.automatic = true; gc.automatic = true;
optimise.automatic = true; optimise.automatic = true;
settings = { settings = {
# Improve nix store disk usage # Improve nix store disk usage
auto-optimise-store = true; auto-optimise-store = true;
@ -20,6 +21,7 @@
# Allow only group wheel to connect to the nix daemon # Allow only group wheel to connect to the nix daemon
allowed-users = ["@wheel"]; allowed-users = ["@wheel"];
}; };
# Generally useful nix option defaults # Generally useful nix option defaults
extraOptions = lib.mkForce '' extraOptions = lib.mkForce ''
experimental-features = flakes nix-command experimental-features = flakes nix-command
@ -28,5 +30,11 @@
keep-derivations = true keep-derivations = true
fallback = true fallback = true
''; '';
nixPath = [
"nixpkgs=${flake.inputs.nixpkgs}"
"nixos-config=${../../lib/compat/nixos}"
"home-manager=${flake.inputs.home-manager}"
];
}; };
} }

View file

@ -2,8 +2,6 @@
lib, lib,
config, config,
pkgs, pkgs,
masterModulesPath,
inputs,
... ...
}: }:
with lib; let with lib; let
@ -11,14 +9,6 @@ with lib; let
cfg = config.pub-solar.paperless; cfg = config.pub-solar.paperless;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in { in {
imports = [
"${masterModulesPath}/services/misc/paperless.nix"
];
disabledModules = [
"services/misc/paperless.nix"
];
options.pub-solar.paperless = { options.pub-solar.paperless = {
enable = mkEnableOption "All you need to go paperless"; enable = mkEnableOption "All you need to go paperless";
ocrLanguage = mkOption { ocrLanguage = mkOption {
@ -95,7 +85,7 @@ in {
home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] { home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home.packages = with pkgs; [ home.packages = with pkgs; [
inputs.scan2paperless.legacyPackages.x86_64-linux.scan2paperless scan2paperless
sane-backends sane-backends
python310Packages.img2pdf python310Packages.img2pdf
]; ];

View file

@ -32,7 +32,7 @@ in {
# Don't set this if you need sftp # Don't set this if you need sftp
services.openssh.allowSFTP = false; services.openssh.allowSFTP = false;
services.openssh.openFirewall = false; # Lock yourself out # services.openssh.openFirewall = false; # Lock yourself out
# Limit the use of sudo to the group wheel # Limit the use of sudo to the group wheel
security.sudo.execWheelOnly = true; security.sudo.execWheelOnly = true;

View file

@ -1,7 +1,6 @@
{ {
config, config,
pkgs, pkgs,
self,
... ...
}: let }: let
psCfg = config.pub-solar; psCfg = config.pub-solar;
@ -106,8 +105,6 @@ in {
irssi = "irssi --config=$XDG_CONFIG_HOME/irssi/config --home=$XDG_DATA_HOME/irssi"; irssi = "irssi --config=$XDG_CONFIG_HOME/irssi/config --home=$XDG_DATA_HOME/irssi";
drone = "DRONE_TOKEN=$(secret-tool lookup drone token) drone"; drone = "DRONE_TOKEN=$(secret-tool lookup drone token) drone";
no = "manix \"\" | grep '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | fzf --preview=\"manix '{}'\" | xargs manix"; no = "manix \"\" | grep '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | fzf --preview=\"manix '{}'\" | xargs manix";
# fix nixos-option
nixos-option = "nixos-option -I nixpkgs=${self}/lib/compat";
myip = "dig +short myip.opendns.com @208.67.222.222 2>&1"; myip = "dig +short myip.opendns.com @208.67.222.222 2>&1";
nnn = "nnn -d -e -H -r"; nnn = "nnn -d -e -H -r";
}; };

View file

@ -2,7 +2,6 @@
lib, lib,
config, config,
pkgs, pkgs,
self,
... ...
}: }:
with lib; let with lib; let
@ -24,17 +23,6 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
programs.command-not-found.enable = false; programs.command-not-found.enable = false;
environment.systemPackages = with pkgs; [
screen
];
# Starship is a fast and featureful shell prompt
# starship.toml has sane defaults that can be changed there
programs.starship = {
enable = true;
settings = import ./starship.toml.nix;
};
home-manager = with pkgs; home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] { pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home.packages = [ home.packages = [
@ -55,25 +43,34 @@ in {
]; ];
})) }))
powerline powerline
screen
silver-searcher silver-searcher
watson watson
]; ];
# Starship is a fast and featureful shell prompt
# starship.toml has sane defaults that can be changed there
programs.starship = {
enable = true;
settings = import ./starship.toml.nix;
};
programs.bash = import ./bash { programs.bash = import ./bash {
inherit config; inherit config;
inherit pkgs; inherit pkgs;
inherit self;
inherit lib; inherit lib;
}; };
programs.fzf = import ./fzf { programs.fzf = import ./fzf {
inherit config; inherit config;
inherit pkgs; inherit pkgs;
}; };
programs.neovim = import ./nvim { programs.neovim = import ./nvim {
inherit config; inherit config;
inherit pkgs; inherit pkgs;
inherit lib; inherit lib;
}; };
}; };
}; };
} }

View file

Before

Width:  |  Height:  |  Size: 513 KiB

After

Width:  |  Height:  |  Size: 513 KiB

View file

@ -1,12 +1,16 @@
{ {
lib,
config, config,
pkgs, pkgs,
lib,
... ...
}: }: let
with lib; let psCfg = config.pub-solar;
cfg = config.pub-solar; in
in { with lib; {
imports = [
./home.nix
];
options.pub-solar = { options.pub-solar = {
user = { user = {
name = mkOption { name = mkOption {
@ -46,4 +50,37 @@ in {
}; };
}; };
}; };
config = {
users = {
mutableUsers = false;
users = with pkgs;
pkgs.lib.setAttrByPath [psCfg.user.name] {
# Indicates whether this is an account for a “real” user.
# This automatically sets group to users, createHome to true,
# home to /home/username, useDefaultShell to true, and isSystemUser to false.
isNormalUser = true;
description = psCfg.user.description;
extraGroups = [
"input"
"lp"
"networkmanager"
"scanner"
"video"
"dialout"
"wheel"
];
shell = pkgs.bash;
initialHashedPassword =
if psCfg.user.password != null
then psCfg.user.password
else "";
openssh.authorizedKeys.keys =
if psCfg.user.publicKeys != null
then psCfg.user.publicKeys
else [];
};
};
};
} }

View file

@ -20,6 +20,7 @@ in {
# paths it should manage. # paths it should manage.
home.username = psCfg.user.name; home.username = psCfg.user.name;
home.homeDirectory = "/home/${psCfg.user.name}"; home.homeDirectory = "/home/${psCfg.user.name}";
home.stateVersion = "22.11";
home.packages = with pkgs; []; home.packages = with pkgs; [];

8
overlays/default.nix Normal file
View file

@ -0,0 +1,8 @@
[
(import ../pkgs)
(import ./blesh.nix)
(import ./manix.nix)
(import ./rnix-lsp.nix)
(import ./neovim-plugins.nix)
(import ./signal-desktop.nix)
]

View file

@ -1,11 +0,0 @@
{
self,
config,
lib,
pkgs,
...
}: let
inherit (lib) fileContents;
in {
pub-solar.audio.enable = true;
}

View file

@ -1,43 +0,0 @@
{
config,
pkgs,
lib,
...
}: let
psCfg = config.pub-solar;
in {
imports = [
./home.nix
];
users = {
mutableUsers = false;
users = with pkgs;
pkgs.lib.setAttrByPath [psCfg.user.name] {
# Indicates whether this is an account for a “real” user.
# This automatically sets group to users, createHome to true,
# home to /home/username, useDefaultShell to true, and isSystemUser to false.
isNormalUser = true;
description = psCfg.user.description;
extraGroups = [
"input"
"lp"
"networkmanager"
"scanner"
"video"
"dialout"
"wheel"
];
shell = pkgs.bash;
initialHashedPassword =
if psCfg.user.password != null
then psCfg.user.password
else "";
openssh.authorizedKeys.keys =
if psCfg.user.publicKeys != null
then psCfg.user.publicKeys
else [];
};
};
}

View file

@ -1,109 +0,0 @@
{
self,
config,
lib,
pkgs,
inputs,
...
}: let
inherit (lib) fileContents;
in {
# Sets nrdxp.cachix.org binary cache which just speeds up some builds
imports = [../cachix];
config = {
pub-solar.terminal-life.enable = true;
pub-solar.audio.enable = true;
pub-solar.crypto.enable = true;
pub-solar.devops.enable = true;
# This is just a representation of the nix default
nix.systemFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
environment = {
systemPackages = with pkgs; [
# Core unix utility packages
coreutils-full
progress
dnsutils
inetutils
mtr
pciutils
usbutils
gitFull
git-lfs
git-bug
wget
openssl
openssh
curl
htop
lsof
psmisc
xdg-utils
sysfsutils
renameutils
nfs-utils
moreutils
mailutils
keyutils
input-utils
elfutils
binutils
dateutils
diffutils
findutils
exfat
file
# zippit
zip
unzip
# Modern modern utilities
p7zip
croc
jq
# Nix specific utilities
niv
manix
nix-index
nix-tree
nixpkgs-review
# Build broken, python2.7-PyJWT-2.0.1.drv' failed
#nixops
psos
nvd
# Fun
neofetch
];
};
fonts = {
fonts = with pkgs; [powerline-fonts dejavu_fonts];
fontconfig.defaultFonts = {
monospace = ["DejaVu Sans Mono for Powerline"];
sansSerif = ["DejaVu Sans"];
};
};
# For rage encryption, all hosts need a ssh key pair
services.openssh = {
enable = true;
openFirewall = lib.mkDefault true;
passwordAuthentication = false;
};
# Service that makes Out of Memory Killer more effective
services.earlyoom.enable = true;
# Use latest LTS linux kernel by default
boot.kernelPackages = pkgs.linuxPackages_5_15;
boot.supportedFilesystems = ["ntfs"];
};
}

View file

@ -1,17 +0,0 @@
{
self,
config,
lib,
pkgs,
...
}: let
inherit (lib) fileContents;
in {
config = {
pub-solar.audio.bluetooth.enable = true;
pub-solar.docker.enable = true;
pub-solar.nextcloud.enable = true;
pub-solar.office.enable = true;
# pub-solar.printing.enable = true; # this is enabled automatically if office is enabled
};
}

View file

@ -1,11 +0,0 @@
{
self,
config,
lib,
pkgs,
...
}: let
inherit (lib) fileContents;
in {
pub-solar.gaming.enable = true;
}

View file

@ -1,12 +0,0 @@
{
self,
config,
lib,
pkgs,
...
}: let
inherit (lib) fileContents;
in {
pub-solar.graphical.enable = true;
pub-solar.sway.enable = true;
}

View file

@ -1,13 +0,0 @@
{
self,
config,
lib,
pkgs,
...
}: let
inherit (lib) fileContents;
in {
pub-solar.graphical.enable = false;
pub-solar.x-os.localProxyService.enable = false;
pub-solar.sway.enable = false;
}

View file

@ -1,11 +0,0 @@
{
self,
config,
lib,
pkgs,
...
}: let
inherit (lib) fileContents;
in {
pub-solar.mobile.enable = true;
}

View file

@ -1,15 +0,0 @@
{
self,
config,
lib,
pkgs,
...
}: let
inherit (lib) fileContents;
in {
config = {
pub-solar.graphical.wayland.software-renderer.enable = true;
pub-solar.sway.terminal = "foot";
pub-solar.core.iso-options.enable = true;
};
}

View file

@ -1,11 +0,0 @@
{
self,
config,
lib,
pkgs,
...
}: let
inherit (lib) fileContents;
in {
pub-solar.social.enable = true;
}

View file

@ -1,11 +0,0 @@
{
self,
config,
lib,
pkgs,
...
}: let
inherit (lib) fileContents;
in {
pub-solar.virtualisation.enable = true;
}

View file

@ -2,7 +2,7 @@
config, config,
pkgs, pkgs,
lib, lib,
self, flake,
... ...
}: }:
with lib; let with lib; let
@ -10,13 +10,13 @@ with lib; let
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in { in {
age.secrets."cat-test.ovpn" = { age.secrets."cat-test.ovpn" = {
file = "${self}/secrets/cat-test.ovpn"; file = "${flake.self}/secrets/cat-test.ovpn";
mode = "700"; mode = "700";
owner = psCfg.user.name; owner = psCfg.user.name;
}; };
age.secrets.".fwknoprc" = { age.secrets.".fwknoprc" = {
file = "${self}/secrets/.fwknoprc"; file = "${flake.self}/secrets/.fwknoprc";
mode = "600"; mode = "600";
}; };

View file

@ -1,9 +1,8 @@
{ {
self,
config, config,
hmUsers,
pkgs, pkgs,
lib, lib,
flake,
... ...
}: let }: let
psCfg = config.pub-solar; psCfg = config.pub-solar;
@ -14,12 +13,10 @@ in {
]; ];
config = { config = {
home-manager.users = {inherit (hmUsers) b12f;};
services.yubikey-agent.enable = true; services.yubikey-agent.enable = true;
age.secrets.b12f-env-secrets = { age.secrets.b12f-env-secrets = {
file = "${self}/secrets/b12f-env-secrets"; file = "${flake.self}/secrets/b12f-env-secrets";
mode = "400"; mode = "400";
owner = psCfg.user.name; owner = psCfg.user.name;
}; };
@ -57,8 +54,12 @@ in {
arduino.enable = true; arduino.enable = true;
email.enable = true; email.enable = true;
uhk.enable = true; uhk.enable = true;
social.enable = false;
gaming.enable = false;
mobile.enable = false;
audio.spotify.enable = true; audio.spotify.enable = true;
audio.spotify.username = "spotify@benjaminbaedorf.eu"; audio.spotify.username = "spotify@benjaminbaedorf.eu";
audio.mopidy.enable = false;
}; };
# Needed for the udev rules for solaar # Needed for the udev rules for solaar

View file

@ -2,7 +2,7 @@
config, config,
pkgs, pkgs,
lib, lib,
self, flake,
... ...
}: }:
with lib; let with lib; let
@ -14,8 +14,6 @@ in {
./concepts-and-training.nix ./concepts-and-training.nix
]; ];
pub-solar.audio.mopidy.enable = false;
home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] { home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home.packages = with pkgs; [ home.packages = with pkgs; [
present-md present-md
@ -119,7 +117,7 @@ in {
}; };
age.secrets."mopidy.conf" = { age.secrets."mopidy.conf" = {
file = "${self}/secrets/mopidy.conf"; file = "${flake.self}/secrets/mopidy.conf";
mode = "700"; mode = "700";
owner = "b12f"; owner = "b12f";
}; };

9
users/default.nix Normal file
View file

@ -0,0 +1,9 @@
{
flake = {
nixosModules = rec {
root = import ./root;
b12f = import ./b12f;
yule = import ./yule;
};
};
}

View file

@ -1,6 +1,4 @@
{hmUsers, ...}: { {config, ...}: {
home-manager.users = {inherit (hmUsers) pub-solar;};
pub-solar = { pub-solar = {
# These are your personal settings # These are your personal settings
# The only required settings are `name` and `password`, # The only required settings are `name` and `password`,

View file

@ -1,6 +1,5 @@
{ {
config, config,
hmUsers,
pkgs, pkgs,
lib, lib,
... ...
@ -8,8 +7,6 @@
psCfg = config.pub-solar; psCfg = config.pub-solar;
in { in {
config = { config = {
home-manager.users = {inherit (hmUsers) yule;};
pub-solar = { pub-solar = {
# These are your personal settings # These are your personal settings
# The only required settings are `name` and `password`, # The only required settings are `name` and `password`,