From c0305a7ed899661fcce2ce324d705f144c344408 Mon Sep 17 00:00:00 2001 From: sstent Date: Sat, 25 Feb 2023 04:46:28 +0000 Subject: [PATCH] sync --- README.md | 19 -- configurations.nix | 47 ---- deploy.nix | 25 -- flake.lock | 227 ++---------------- flake.nix | 90 ++++++- home-manager/home.nix | 63 +++++ .../home-manager => home-manager}/sstent.nix | 41 ++-- hosts/common/configuration.nix | 100 ++++++++ hosts/common/default.nix | 32 +++ hosts/common/mnt-public.nix | 10 + hosts/common/secrets.yaml | 57 +++++ hosts/common/sops.nix | 17 ++ hosts/common/user-sstent.nix | 18 ++ hosts/wsl2/default.nix | 38 +-- mods-old/base.nix | 22 ++ {modules => mods-old}/default.nix | 0 {modules => mods-old}/gnome/default.nix | 0 {modules => mods-old}/home-manager/beets.nix | 24 +- .../home-manager/configs/mrconfig | 0 .../home-manager/configs/nicotine | 0 mods-old/home-manager/default.nix | 9 + .../home-manager/nicotine.nix | 0 .../home-manager/packages/python-packages.nix | 0 {modules => mods-old}/homemanager_hyperv.nix | 0 {modules => mods-old}/modules-list.nix | 0 {modules => mods-old}/ssh.nix | 0 modules/base.nix | 10 - modules/home-manager/default.nix | 13 +- modules/nixos/default.nix | 7 + nixpkgs.nix | 8 + outputs.nix | 30 --- overlays/default.nix | 24 ++ {pkgs => pkgs-old}/npiperelay/default.nix | 0 .../wsl-ssh-agent-relay/default.nix | 0 .../wsl-ssh-agent-relay/wsl-ssh-agent-relay | 0 pkgs/default.nix | 6 + shell.nix | 25 +- utils/default.nix | 25 -- 38 files changed, 536 insertions(+), 451 deletions(-) delete mode 100644 README.md delete mode 100644 configurations.nix delete mode 100644 deploy.nix create mode 100644 home-manager/home.nix rename {modules/home-manager => home-manager}/sstent.nix (85%) create mode 100644 hosts/common/configuration.nix create mode 100644 hosts/common/default.nix create mode 100644 hosts/common/mnt-public.nix create mode 100644 hosts/common/secrets.yaml create mode 100644 hosts/common/sops.nix create mode 100644 hosts/common/user-sstent.nix create mode 100644 mods-old/base.nix rename {modules => mods-old}/default.nix (100%) rename {modules => mods-old}/gnome/default.nix (100%) rename {modules => mods-old}/home-manager/beets.nix (93%) rename {modules => mods-old}/home-manager/configs/mrconfig (100%) rename {modules => mods-old}/home-manager/configs/nicotine (100%) create mode 100644 mods-old/home-manager/default.nix rename {modules => mods-old}/home-manager/nicotine.nix (100%) rename {modules => mods-old}/home-manager/packages/python-packages.nix (100%) rename {modules => mods-old}/homemanager_hyperv.nix (100%) rename {modules => mods-old}/modules-list.nix (100%) rename {modules => mods-old}/ssh.nix (100%) delete mode 100644 modules/base.nix create mode 100644 modules/nixos/default.nix create mode 100644 nixpkgs.nix delete mode 100644 outputs.nix create mode 100644 overlays/default.nix rename {pkgs => pkgs-old}/npiperelay/default.nix (100%) rename {pkgs => pkgs-old}/wsl-ssh-agent-relay/default.nix (100%) rename {pkgs => pkgs-old}/wsl-ssh-agent-relay/wsl-ssh-agent-relay (100%) create mode 100644 pkgs/default.nix delete mode 100644 utils/default.nix diff --git a/README.md b/README.md deleted file mode 100644 index beda7a1..0000000 --- a/README.md +++ /dev/null @@ -1,19 +0,0 @@ -# vmimages -based on https://samleathers.com/posts/2022-02-11-my-new-network-and-sops.html - -## Create new SSH HOST KEYS - -sudo ssh-keygen -q -N "" -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -sudo ssh-keygen -q -N "" -t ed25519 -f /etc/ssh/ssh_host_ed25519_key - -## Local -`nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'` -or in nix develop -`cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'` - -## Add key to .sops.yaml - -## rekey a file -`sops updatekeys hosts/wsl2/secrets.yaml` - - diff --git a/configurations.nix b/configurations.nix deleted file mode 100644 index 5a6fb2b..0000000 --- a/configurations.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ self -, nixpkgs -, sops-nix -, inputs -, nixos-hardware -, home-manager -, vscode-server -, nix -, ... -}: -let - nixosSystem = nixpkgs.lib.makeOverridable nixpkgs.lib.nixosSystem; - customModules = import ./modules/modules-list.nix; - baseModules = [ - # make flake inputs accessiable in NixOS - { _module.args.inputs = inputs; } - { - imports = [ - ({ pkgs, ... }: { - nix.nixPath = [ - "nixpkgs=${pkgs.path}" - ]; - # TODO: remove when switching to 22.05 - nix.package = nixpkgs.lib.mkForce nix.packages.x86_64-linux.nix; - nix.extraOptions = '' - experimental-features = nix-command flakes - ''; - documentation.info.enable = false; - }) - sops-nix.nixosModules.sops - home-manager.nixosModules.home-manager - vscode-server.nixosModule - ]; - } - ]; - defaultModules = baseModules ++ customModules; -in -{ - nixos = nixosSystem { - system = "x86_64-linux"; - modules = defaultModules ++ [ - ./hosts/wsl2 - inputs.nixos-wsl.nixosModules.wsl - ]; - }; - -} diff --git a/deploy.nix b/deploy.nix deleted file mode 100644 index 8ec6432..0000000 --- a/deploy.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ self -, deploy -, ... -}: -let - mkNode = server: ip: fast: { - hostname = "${ip}:22"; - fastConnection = fast; - profiles.system.path = - deploy.lib.x86_64-linux.activate.nixos - self.nixosConfigurations."${server}"; - }; -in -{ - user = "root"; - sshUser = "root"; - nodes = { - optina = mkNode "optina" "10.40.33.20" true; - portal = mkNode "portal" "10.40.33.1" true; - sarov = mkNode "sarov" "10.40.33.183" true; - valaam = mkNode "valaam" "10.40.33.21" true; - prod01 = mkNode "prod01" "45.76.4.212" false; - prod03 = mkNode "prod03" "45.63.23.13" false; - }; -} diff --git a/flake.lock b/flake.lock index e468564..112856b 100644 --- a/flake.lock +++ b/flake.lock @@ -1,44 +1,6 @@ { "nodes": { - "deploy": { - "inputs": { - "flake-compat": "flake-compat", - "nixpkgs": [ - "nixpkgs" - ], - "utils": "utils" - }, - "locked": { - "lastModified": 1674127017, - "narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=", - "owner": "serokell", - "repo": "deploy-rs", - "rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77", - "type": "github" - }, - "original": { - "owner": "serokell", - "repo": "deploy-rs", - "type": "github" - } - }, "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1668681692, - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "009399224d5e398d03b22badca40a37ac85412a1", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "flake": false, "locked": { "lastModified": 1673956053, @@ -89,14 +51,14 @@ "nixpkgs": [ "nixpkgs" ], - "utils": "utils_2" + "utils": "utils" }, "locked": { - "lastModified": 1676367705, - "narHash": "sha256-un5UbRat9TwruyImtwUGcKF823rCEp4fQxnsaLFL7CM=", + "lastModified": 1676892629, + "narHash": "sha256-rlvsqoSBO5dCwfnn7xvImYREidIPJaiFS3b54TZF4pU=", "owner": "nix-community", "repo": "home-manager", - "rev": "da72e6fc6b7dc0c3f94edbd310aae7cd95c678b5", + "rev": "72ce74d3eae78a6b31538ea7ebe0c1fcf4a10f7a", "type": "github" }, "original": { @@ -105,86 +67,13 @@ "type": "github" } }, - "lowdown-src": { - "flake": false, - "locked": { - "lastModified": 1633514407, - "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=", - "owner": "kristapsdz", - "repo": "lowdown", - "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8", - "type": "github" - }, - "original": { - "owner": "kristapsdz", - "repo": "lowdown", - "type": "github" - } - }, - "nix": { - "inputs": { - "lowdown-src": "lowdown-src", - "nixpkgs": "nixpkgs", - "nixpkgs-regression": "nixpkgs-regression" - }, - "locked": { - "lastModified": 1670334625, - "narHash": "sha256-sQ9C101CL/eVN5JgH91ozHFWU4+bXr8/Fi/8NQk6xRI=", - "owner": "NixOS", - "repo": "nix", - "rev": "ef800f1e73602c0f10951dd789b97e750f37afc0", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "2.12.0", - "repo": "nix", - "type": "github" - } - }, - "nixlib": { - "locked": { - "lastModified": 1636849918, - "narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixos-generators": { - "inputs": { - "nixlib": "nixlib", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1676297861, - "narHash": "sha256-YECUmK34xzg0IERpnbCnaO6z6YgfecJlstMWX7dqOZ8=", - "owner": "nix-community", - "repo": "nixos-generators", - "rev": "1e0a05219f2a557d4622bc38f542abb360518795", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-generators", - "type": "github" - } - }, "nixos-hardware": { "locked": { - "lastModified": 1676924492, - "narHash": "sha256-78278eyP55JRFe7UCpmFwdkrTY6H2arzTpVeteWo8kM=", + "lastModified": 1677232326, + "narHash": "sha256-rAk2/80kLvA3yIMmSV86T1B4kNvwCFMSQ1FxXndaUB0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d24ea777c57b69c6b143cf11d83184ef71b0dbbf", + "rev": "2d44015779cced4eec9df5b8dab238b9f6312cb2", "type": "github" }, "original": { @@ -195,7 +84,7 @@ }, "nixos-wsl": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" @@ -217,36 +106,20 @@ }, "nixpkgs": { "locked": { - "lastModified": 1657693803, - "narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=", - "owner": "NixOS", + "lastModified": 1676817468, + "narHash": "sha256-ovuJ1jQOC2/EEibufBkXmSN/O9mLx80Wh7aDmHmHAhA=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "365e1b3a859281cf11b94f87231adeabbdd878a2", + "rev": "0cf4274b5d06325bd16dbf879a30981bc283e58a", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixos-22.05-small", + "owner": "nixos", + "ref": "nixos-22.11", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs-regression": { - "locked": { - "lastModified": 1643052045, - "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - } - }, "nixpkgs-stable": { "locked": { "lastModified": 1676771332, @@ -263,23 +136,23 @@ "type": "github" } }, - "nixpkgs_2": { + "nixpkgs-unstable": { "locked": { - "lastModified": 1676569297, - "narHash": "sha256-2n4C4H3/U+3YbDrQB6xIw7AaLdFISCCFwOkcETAigqU=", - "owner": "NixOS", + "lastModified": 1676721149, + "narHash": "sha256-mN2EpTGxxVNnFZLoLWRwh6f7UWhXy4qE+wO2CZyrXps=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "ac1f5b72a9e95873d1de0233fddcb56f99884b37", + "rev": "5f4e07deb7c44f27d498f8df9c5f34750acf52d2", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_2": { "locked": { "lastModified": 1676549890, "narHash": "sha256-sq/WcOEAl7gWrrfGkWdnyYazRyTf+enEim/o6LOQzI8=", @@ -295,37 +168,20 @@ "type": "github" } }, - "nixpkgs_4": { - "locked": { - "lastModified": 1672441588, - "narHash": "sha256-jx5kxOyeObnVD44HRebKYL3cjWrcKhhcDmEYm0/naDY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "6a0d2701705c3cf6f42c15aa92b7885f1f8a477f", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, "root": { "inputs": { - "deploy": "deploy", "flake-utils": "flake-utils", "home-manager": "home-manager", - "nix": "nix", - "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixos-wsl": "nixos-wsl", - "nixpkgs": "nixpkgs_2", - "sops-nix": "sops-nix", - "vscode-server": "vscode-server" + "nixpkgs": "nixpkgs", + "nixpkgs-unstable": "nixpkgs-unstable", + "sops-nix": "sops-nix" } }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "nixpkgs-stable": "nixpkgs-stable" }, "locked": { @@ -356,39 +212,6 @@ "repo": "flake-utils", "type": "github" } - }, - "utils_2": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "vscode-server": { - "inputs": { - "nixpkgs": "nixpkgs_4" - }, - "locked": { - "lastModified": 1676501444, - "narHash": "sha256-H+uQetkzd5GIga56HmCDwl5eihdQgeN2jVdNrkXzDyo=", - "owner": "msteen", - "repo": "nixos-vscode-server", - "rev": "57f1716bc625d2892579294cc207956679e3d94c", - "type": "github" - }, - "original": { - "owner": "msteen", - "repo": "nixos-vscode-server", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index fb74250..068540f 100644 --- a/flake.nix +++ b/flake.nix @@ -1,20 +1,92 @@ { - description = "NixOS configuration"; + description = "Your new nix config"; inputs = { - nixpkgs = {url ="github:NixOS/nixpkgs/nixos-unstable";}; # Main nixpkgs channel - home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs";}; - deploy = { url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs";}; # Import deploy-rs for deployments + # Nixpkgs + nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11"; + # You can access packages and modules from different nixpkgs revs + # at the same time. Here's an working example: + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + # Also see the 'unstable-packages' overlay at 'overlays/default.nix'. + + # Home manager + home-manager.url = "github:nix-community/home-manager"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + + # TODO: Add any other flake you might need + # hardware.url = "github:nixos/nixos-hardware"; + + # Shameless plug: looking for a way to nixify your themes and make + # everything match nicely? Try nix-colors! + # nix-colors.url = "github:misterio77/nix-colors"; nixos-hardware.url = "github:NixOS/nixos-hardware"; # Import nixos hardware quirks settings - nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs";}; #import nixos-generators for building images + # nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs";}; #import nixos-generators for building images nixos-wsl = {url = "github:nix-community/NixOS-WSL"; inputs.nixpkgs.follows = "nixpkgs";}; sops-nix.url = github:Mic92/sops-nix; flake-utils.url = "github:numtide/flake-utils"; - nix.url = "github:NixOS/nix/2.12.0"; - vscode-server.url = "github:msteen/nixos-vscode-server"; + # nix.url = "github:NixOS/nix/2.12.0"; + # vscode-server.url = "github:msteen/nixos-vscode-server"; + + }; - outputs = { ... } @ args: import ./outputs.nix args; -} \ No newline at end of file + outputs = { self, nixpkgs, home-manager, ... }@inputs: + let + inherit (self) outputs; + forAllSystems = nixpkgs.lib.genAttrs [ + "aarch64-linux" + "i686-linux" + "x86_64-linux" + ]; + in + rec { + # Your custom packages + # Acessible through 'nix build', 'nix shell', etc + packages = forAllSystems (system: + let pkgs = nixpkgs.legacyPackages.${system}; + in import ./pkgs { inherit pkgs; } + ); + # Devshell for bootstrapping + # Acessible through 'nix develop' or 'nix-shell' (legacy) + devShells = forAllSystems (system: + let pkgs = nixpkgs.legacyPackages.${system}; + in import ./shell.nix { inherit pkgs; } + ); + + # Your custom packages and modifications, exported as overlays + overlays = import ./overlays { inherit inputs; }; + # Reusable nixos modules you might want to export + # These are usually stuff you would upstream into nixpkgs + nixosModules = import ./modules/nixos; + # Reusable home-manager modules you might want to export + # These are usually stuff you would upstream into home-manager + homeManagerModules = import ./modules/home-manager; + + # NixOS configuration entrypoint + # Available through 'nixos-rebuild --flake .#your-hostname' + nixosConfigurations = { + nixos = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs outputs; }; + modules = [ + ./hosts/wsl2 + ]; + }; + }; + + # Standalone home-manager configuration entrypoint + # Available through 'home-manager --flake .#your-username@your-hostname' + homeConfigurations = { + # FIXME replace with your username@hostname + "sstent@nixos" = home-manager.lib.homeManagerConfiguration { + pkgs = nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance + extraSpecialArgs = { inherit inputs outputs; }; + modules = [ + # > Our main home-manager configuration file < + ./home-manager/sstent.nix + ]; + }; + }; + }; +} diff --git a/home-manager/home.nix b/home-manager/home.nix new file mode 100644 index 0000000..1b03689 --- /dev/null +++ b/home-manager/home.nix @@ -0,0 +1,63 @@ +# This is your home-manager configuration file +# Use this to configure your home environment (it replaces ~/.config/nixpkgs/home.nix) + +{ inputs, outputs, lib, config, pkgs, ... }: { + # You can import other home-manager modules here + imports = [ + # If you want to use modules your own flake exports (from modules/home-manager): + # outputs.homeManagerModules.example + + # Or modules exported from other flakes (such as nix-colors): + # inputs.nix-colors.homeManagerModules.default + + # You can also split up your configuration and import pieces of it here: + # ./nvim.nix + ]; + + nixpkgs = { + # You can add overlays here + overlays = [ + # Add overlays your own flake exports (from overlays and pkgs dir): + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.unstable-packages + + # You can also add overlays exported from other flakes: + # neovim-nightly-overlay.overlays.default + + # Or define it inline, for example: + # (final: prev: { + # hi = final.hello.overrideAttrs (oldAttrs: { + # patches = [ ./change-hello-to-hi.patch ]; + # }); + # }) + ]; + # Configure your nixpkgs instance + config = { + # Disable if you don't want unfree packages + allowUnfree = true; + # Workaround for https://github.com/nix-community/home-manager/issues/2942 + allowUnfreePredicate = (_: true); + }; + }; + + # TODO: Set your username + home = { + username = "your-username"; + homeDirectory = "/home/your-username"; + }; + + # Add stuff for your user as you see fit: + # programs.neovim.enable = true; + # home.packages = with pkgs; [ steam ]; + + # Enable home-manager and git + programs.home-manager.enable = true; + programs.git.enable = true; + + # Nicely reload system units when changing configs + systemd.user.startServices = "sd-switch"; + + # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion + home.stateVersion = "22.11"; +} diff --git a/modules/home-manager/sstent.nix b/home-manager/sstent.nix similarity index 85% rename from modules/home-manager/sstent.nix rename to home-manager/sstent.nix index 4ce1724..65eb4cd 100644 --- a/modules/home-manager/sstent.nix +++ b/home-manager/sstent.nix @@ -1,20 +1,5 @@ { lib, config, pkgs, ... }: { - options.mymods.user_sstent.enable = lib.mkEnableOption "Create sstent user"; - - config = lib.mkIf config.mymods.user_sstent.enable { - users.users = { - sstent = { - initialPassword = "farscape5"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC" - ]; - extraGroups = [ "wheel" "video" ]; - }; - }; - security.sudo.wheelNeedsPassword = false; - home-manager.users."sstent" = { home.username = "sstent"; home.homeDirectory = "/home/sstent"; @@ -50,6 +35,8 @@ services.keybase.enable = true; services.kbfs.enable = true; + programs.home-manager.enable = true; + home.file.".mrconfig".source = configs/mrconfig; # xdg.configFile."beets/config.yaml".source = ./beets_config.yaml; programs = { @@ -132,13 +119,29 @@ programs = { }; }; + # homeage = { + # # Absolute path to identity (created not through home-manager) + # identityPaths = [ "~/.ssh/id_ed25519" ]; + + # # "activation" if system doesn't support systemd + # installationType = "systemd"; + + # file."pijulsecretkey" = { + # # Path to encrypted file tracked by the git repository + # source = ./secretkey.json.age; + # symlinks = [ "${config.xdg.configHome}/pijul/secretkey.json" ]; + # copies = [ "${config.xdg.configHome}/no-symlink-support/secretkey.json" ]; + # }; + # }; + + # imports = [ homeage.homeManagerModules.homeage ]; + + + + }; ### endf home-manager - - - - }; #######If Gnome # config = lib.mkIf config.mymods.gnome.enable { # programs.bash.enable = true; diff --git a/hosts/common/configuration.nix b/hosts/common/configuration.nix new file mode 100644 index 0000000..265a010 --- /dev/null +++ b/hosts/common/configuration.nix @@ -0,0 +1,100 @@ +# This is your system's configuration file. +# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) + +{ inputs, outputs, lib, config, pkgs, ... }: { + # You can import other NixOS modules here + imports = [ + # If you want to use modules your own flake exports (from modules/nixos): + # outputs.nixosModules.example + + # Or modules from other flakes (such as nixos-hardware): + # inputs.hardware.nixosModules.common-cpu-amd + # inputs.hardware.nixosModules.common-ssd + + # You can also split up your configuration and import pieces of it here: + # ./users.nix + + # Import your generated (nixos-generate-config) hardware configuration + ./hardware-configuration.nix + ]; + + nixpkgs = { + # You can add overlays here + overlays = [ + # Add overlays your own flake exports (from overlays and pkgs dir): + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.unstable-packages + + # You can also add overlays exported from other flakes: + # neovim-nightly-overlay.overlays.default + + # Or define it inline, for example: + # (final: prev: { + # hi = final.hello.overrideAttrs (oldAttrs: { + # patches = [ ./change-hello-to-hi.patch ]; + # }); + # }) + ]; + # Configure your nixpkgs instance + config = { + # Disable if you don't want unfree packages + allowUnfree = true; + }; + }; + + nix = { + # This will add each flake input as a registry + # To make nix3 commands consistent with your flake + registry = lib.mapAttrs (_: value: { flake = value; }) inputs; + + # This will additionally add your inputs to the system's legacy channels + # Making legacy nix commands consistent as well, awesome! + nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; + + settings = { + # Enable flakes and new 'nix' command + experimental-features = "nix-command flakes"; + # Deduplicate and optimize nix store + auto-optimise-store = true; + }; + }; + + # FIXME: Add the rest of your current configuration + + # TODO: Set your hostname + networking.hostName = "your-hostname"; + + # TODO: This is just an example, be sure to use whatever bootloader you prefer + boot.loader.systemd-boot.enable = true; + + # TODO: Configure your system-wide user settings (groups, etc), add more users as needed. + users.users = { + # FIXME: Replace with your username + your-username = { + # TODO: You can set an initial password for your user. + # If you do, you can skip setting a root password by passing '--no-root-passwd' to nixos-install. + # Be sure to change it (using passwd) after rebooting! + initialPassword = "correcthorsebatterystaple"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + # TODO: Add your SSH public key(s) here, if you plan on using SSH to connect + ]; + # TODO: Be sure to add any other groups you need (such as networkmanager, audio, docker, etc) + extraGroups = [ "wheel" ]; + }; + }; + + # This setups a SSH server. Very important if you're setting up a headless system. + # Feel free to remove if you don't need it. + services.openssh = { + enable = true; + # Forbid root login through SSH. + permitRootLogin = "no"; + # Use keys only. Remove if you want to SSH using password (not recommended) + passwordAuthentication = false; + }; + + # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion + system.stateVersion = "22.11"; +} diff --git a/hosts/common/default.nix b/hosts/common/default.nix new file mode 100644 index 0000000..e1f58e3 --- /dev/null +++ b/hosts/common/default.nix @@ -0,0 +1,32 @@ +# This file (and the global directory) holds config that i use on all hosts +{ lib, inputs, outputs, pkgs, ... }: +{ + imports = [ + inputs.home-manager.nixosModules.home-manager + ./sops.nix + ] ++ (builtins.attrValues outputs.nixosModules); + + system.stateVersion = "22.11"; + + home-manager = { + useUserPackages = true; + extraSpecialArgs = { inherit inputs outputs; }; + }; + + nixpkgs = { + #overlays = builtins.attrValues outputs.overlays; + config = { + allowUnfree = true; + }; + }; + + programs.fuse.userAllowOther = true; + + # nixpkgs.overlays = overlays; + # Enable nix flakes + nix.package = pkgs.nixFlakes; + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + +} \ No newline at end of file diff --git a/hosts/common/mnt-public.nix b/hosts/common/mnt-public.nix new file mode 100644 index 0000000..a82c53c --- /dev/null +++ b/hosts/common/mnt-public.nix @@ -0,0 +1,10 @@ +{ lib, inputs, outputs, ... }: +{ + + fileSystems."/mnt/Public" = { + device = "//192.168.1.109/Public"; + fsType = "cifs"; + # options = ["uid=0,gid=1000"]; + options = ["guest" "uid=1000"]; + }; +} \ No newline at end of file diff --git a/hosts/common/secrets.yaml b/hosts/common/secrets.yaml new file mode 100644 index 0000000..85e3a3d --- /dev/null +++ b/hosts/common/secrets.yaml @@ -0,0 +1,57 @@ +hello: ENC[AES256_GCM,data:YCv2DmmbLK0J/bfIETFAigdBYNA4ngz/hjxurUenY+8X0k/nFfPFMYo2T2SJgek=,iv:EwMz6ZkRZrPkGLUmTEkAVaqFXpBLP3Ur4A7buPOlmyE=,tag:9mKTqjVawZBXDxx1iUx65Q==,type:str] +example_key: ENC[AES256_GCM,data:nFMTN2mxDyCuWTB3CQ==,iv:1C2I7tSW15sGOdfiL1GvIOmCUeH5QgNI3zUWUBiqz3U=,tag:M3jaoS71WOTRe7JH2IFoow==,type:str] +#ENC[AES256_GCM,data:kmiX4PQr6LCSeIAnaWg5Vg==,iv:bYDdcMQyfKWgw6nqMaVTRPdKaukinOVifRcissdN7EI=,tag:An6CITxn5+g2DH2yxRKnnw==,type:comment] +example_array: + - ENC[AES256_GCM,data:ZvYNnG3Eth6u2INUF9A=,iv:iBhi9av/b2XrgEElTttgsr4GEsyprJ1/3DN18dDpvW8=,tag:mEeilFezrMWVJ8zFsIRTaA==,type:str] + - ENC[AES256_GCM,data:BA3E0wZv2TD1nJ4QoTY=,iv:mK2500yAbmmviq2/HuGPS71Adqxk/dZbyZvIH9bREhY=,tag:J2nVJSO5SNlg0LbupzyzkQ==,type:str] +example_number: ENC[AES256_GCM,data:ovijNr8tbyQ8Ww==,iv:02UHA0FDiYsM1WiostcpNjhp8Fz6zvVgq2ccfrSicI0=,tag:1a2flzhBtFUaohl8CTUCRQ==,type:float] +example_booleans: + - ENC[AES256_GCM,data:4Jnx+Q==,iv:jRAv486sWUtSXaDGQhUNq6ol/9Sjj71g1a9oemYbCT4=,tag:QSk3a0psmzdIKSDppvHLlg==,type:bool] + - ENC[AES256_GCM,data:kRIyTMI=,iv:57H3OtVIROJVfSRu+eLY1BEYmTWAcnRJqMn5ewYii+4=,tag:RzUieLUjdkK8r9qXwgozgg==,type:bool] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1jvqe2j70h97844nkz34z9k4epx3uahx50cx75ss8mty2dnxlrf7qqv9a0g + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVFoyWHJ5bURYSlRPenhw + dUxBcUJFQW15L25xSmdIVFNjNGMvQlNhSkFZCmFXWGIyUVBhT2ZPRUVOcWF5WWlC + Sm5ra1ZxMWVrcllPQWFBbEhPOTNoOWMKLS0tIHgyaFd1NU9jMHVRRHZLaHlUZFpV + c1VPdzhyOElhdnNWNGJtQVYwdGlzSDQKVKEr5ZPTUS3VPY+ywsmJaqGtQs/vH+ll + w0dyVelfdqaaZixBqZi+3D5IkL3g4Tx88R498YhgS1GJZDchf33itg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1jvf8rd8krchw3ph0w2let8clvyuzcdhq2ug6sm7tx86refc2z5vq4w6lxr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NUlOVHhzVEU4L0RVeTM4 + RzJXRGxRSkFIbXlHRkZhY2xOV0sxVmNIOENVCm5zUVRJRG9HaU1qMlkxcDVpM29t + ZGczOE4yeTdubjU1TzFyZlRLLysvMFkKLS0tIDlIajVwcktRNHl5YlVNeVBpVTlB + TEQzZ1dqc3crNFcyK3RMSGtJN2ZTQzQKPX5QRpyq+snJq7BFeIuibls0JT87DxSM + dfWALls+0GJ3p+iRGxCZvPEsD+1b21V1Ky9nPGsD3yr+IURJOkw/4g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1e0g0rrfdmp5f8f4xgkyp8zgxw2v5t3ldlm2t822xekdz0z6qj49q6aesuw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcXFMajNoVHY3YlowQmtN + eEt4QWMrUE9reTJhYmRrKzFkNDRqenM5TVNzCjh1bUR1K1FVaDF0Q1FLbHV4RWs4 + bmhwdGtGazRIK3c4b3hjcnQyMlJIRGMKLS0tIEhqSXdrZEg5Q3BiUHl2b1JOTVZK + OU50RmdKY0w5OVI1akFHR0N6OUlScTgKSqYdXlXoLaOZLTVC83qXydvGBxOHctzf + Cdfmj674Ih4kqzFcM+0yFtOb574fAkaeU9fH58uoZ97Y8HNlLUHSAA== + -----END AGE ENCRYPTED FILE----- + - recipient: age187fdx6pc2559tjh03jrcwp6yj8whd70h666g8a0ptyr0z49tfcsssdx6au + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSZ2VIQXV3RndKUDNhZEVY + RlNNWnkyUFYyd01TYVR2UXR2QS9OeWkwVEdNCkhwakdXYkhkZlc2TXNtQ1pvYUFY + UUZMSUlNWXZxN21DQVhzTXNqTSthcE0KLS0tIEdsRHVQV0RudUppNXdEb1lyRDVQ + NVRURnUyUFA4OC80K2NqWDNlcW1nSVkKJDwadryzf4gpv+Ije54EL4XCiJh8DCVa + Kw9VPkU6WbpT8DMEUkvaydVhJm9QkT7XVAPd8xNh/INsCWhMHZsD2g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-02-25T04:46:09Z" + mac: ENC[AES256_GCM,data:J/BYh7T+5uXVE3BHj6uQ/o1c3p9B+M5oqBD6v8qxirEAlfCtMcciE93nXF0Gx9fln4rD3tt6YU24oT6/546F2TrWViAamRTDiyACs0gCbE+W7kp0AdcpjlBj4rL4pyYUGwDXZfLXKLpVWztx2O0XwIwoRX+FhjEpvkVvmy/6Acg=,iv:A5xEdkvuD9IO7QL7ZMtdSsxXP6NThgmBwquF14T/HGg=,tag:SzrscVaBPIg+gbMuwMcROA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/hosts/common/sops.nix b/hosts/common/sops.nix new file mode 100644 index 0000000..f22f275 --- /dev/null +++ b/hosts/common/sops.nix @@ -0,0 +1,17 @@ +{ inputs, lib, config, ... }: +{ + imports = [ + inputs.sops-nix.nixosModules.sops + ]; + + sops = { + defaultSopsFile = ./secrets.yaml; + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + secrets.discogs_json = { + mode = "0440"; + owner = config.users.users.sstent.name; + group = config.users.users.sstent.group; +}; +}; + +} \ No newline at end of file diff --git a/hosts/common/user-sstent.nix b/hosts/common/user-sstent.nix new file mode 100644 index 0000000..f5a034a --- /dev/null +++ b/hosts/common/user-sstent.nix @@ -0,0 +1,18 @@ +{ inputs, lib, config, ... }: +{ + + + users.users = { + sstent = { + initialPassword = "farscape5"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC" + ]; + extraGroups = [ "wheel" "video" ]; + }; + }; + +# home-manager.users.misterio = import home/${config.networking.hostName}.nix; + +} \ No newline at end of file diff --git a/hosts/wsl2/default.nix b/hosts/wsl2/default.nix index 1bcaa27..cdcab5f 100644 --- a/hosts/wsl2/default.nix +++ b/hosts/wsl2/default.nix @@ -1,12 +1,13 @@ -{ lib, pkgs, config, modulesPath, ... }: { +{ lib, pkgs, config, inputs, ... }: { - # nixpkgs.overlays = overlays; - # Enable nix flakes - nix.package = pkgs.nixFlakes; - nix.extraOptions = '' - experimental-features = nix-command flakes - ''; - system.stateVersion = "22.11"; + imports = [ + ../common + ../common/mnt-public.nix + inputs.nixos-wsl.nixosModules.wsl + ]; + + # system.stateVersion = "22.11"; + nixpkgs.hostPlatform.system = "x86_64-linux"; wsl = { enable = true; @@ -17,22 +18,10 @@ nativeSystemd = true; # Enable native Docker support docker-native.enable = true; - # Enable integration with Docker Desktop (needs to be installed) # docker-desktop.enable = true; }; - services.vscode-server.enable = true; - - mymods = { user_sstent.enable = true; beets.enable = true;}; - sops.defaultSopsFile = ./secrets.yaml; - sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - sops.secrets.discogs_json = { }; - sops.secrets.discogs_json.mode = "0440"; - sops.secrets.discogs_json.owner = config.users.users.sstent.name; - sops.secrets.discogs_json.group = config.users.users.sstent.group; - - - + environment.systemPackages = [ pkgs.socat pkgs.npiperelay @@ -44,13 +33,8 @@ npiperelay = callPackage ../../pkgs/npiperelay { }; #wsl-ssh-agent-relay = callPackage ../../pkgs/wsl-ssh-agent-relay { }; }; - fileSystems."/mnt/Public" = { - device = "//192.168.1.109/Public"; - fsType = "cifs"; - options = ["uid=0,gid=1000"]; - }; - systemd.services.nixs-wsl-systemd-fix = { + systemd.services.nixs-wsl-systemd-fix = { description = "Fix the /dev/shm symlink to be a mount"; unitConfig = { DefaultDependencies = "no"; diff --git a/mods-old/base.nix b/mods-old/base.nix new file mode 100644 index 0000000..bfb0558 --- /dev/null +++ b/mods-old/base.nix @@ -0,0 +1,22 @@ +# This is your system's configuration file. +# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) + +{ lib, config, pkgs, inputs, ... }: { + security.sudo.wheelNeedsPassword = false; + + environment.systemPackages = + [ pkgs.cifs-utils]; + + users.users = { + sstent = { + initialPassword = "farscape5"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC" + ]; + extraGroups = [ "wheel" "video" ]; + }; + }; + + +} diff --git a/modules/default.nix b/mods-old/default.nix similarity index 100% rename from modules/default.nix rename to mods-old/default.nix diff --git a/modules/gnome/default.nix b/mods-old/gnome/default.nix similarity index 100% rename from modules/gnome/default.nix rename to mods-old/gnome/default.nix diff --git a/modules/home-manager/beets.nix b/mods-old/home-manager/beets.nix similarity index 93% rename from modules/home-manager/beets.nix rename to mods-old/home-manager/beets.nix index 9eee477..4013da2 100644 --- a/modules/home-manager/beets.nix +++ b/mods-old/home-manager/beets.nix @@ -1,23 +1,20 @@ { config, pkgs, lib, ... }: { - options.mymods.beets.enable = lib.mkEnableOption "Beets music manager"; - config = lib.mkIf config.mymods.beets.enable { - home-manager.users."sstent" = { # xdg.configFile."beets/discogs_token.test".source = "/run/secrets/discogs_json"; # xdg.configFile."beets/discogs_token.test".source = config.sops.secrets.discogs_json.path; # xdg.configFile."beets/discogs_token.test".source = config.lib.file.mkOutOfStoreSymlink "${config.sops.secrets.discogs_json.path}"; - home.activation.afterWriteBoundary = { - after = [ "writeBoundary" ]; - before = []; - data = '' -if [ ! -L "~/.config/beets/t3" ]; then - echo "=> File doesn't exist" - ln -s /run/secrets/discogs_json ~/.config/beets/discogs_token.json -fi - ''; - }; +# home.activation.afterWriteBoundary = { +# after = [ "writeBoundary" ]; +# before = []; +# data = '' +# if [ ! -L "~/.config/beets/t3" ]; then +# echo "=> File doesn't exist" +# ln -s /run/secrets/discogs_json ~/.config/beets/discogs_token.json +# fi +# ''; +# }; programs.beets = { enable = true; @@ -166,6 +163,5 @@ fi }; }; - }; } diff --git a/modules/home-manager/configs/mrconfig b/mods-old/home-manager/configs/mrconfig similarity index 100% rename from modules/home-manager/configs/mrconfig rename to mods-old/home-manager/configs/mrconfig diff --git a/modules/home-manager/configs/nicotine b/mods-old/home-manager/configs/nicotine similarity index 100% rename from modules/home-manager/configs/nicotine rename to mods-old/home-manager/configs/nicotine diff --git a/mods-old/home-manager/default.nix b/mods-old/home-manager/default.nix new file mode 100644 index 0000000..00acb92 --- /dev/null +++ b/mods-old/home-manager/default.nix @@ -0,0 +1,9 @@ +{...}: { + imports = [ + # New module organization + ./sstent.nix + ./beets.nix + # homeage.homeManagerModules.homeage + + ]; +} \ No newline at end of file diff --git a/modules/home-manager/nicotine.nix b/mods-old/home-manager/nicotine.nix similarity index 100% rename from modules/home-manager/nicotine.nix rename to mods-old/home-manager/nicotine.nix diff --git a/modules/home-manager/packages/python-packages.nix b/mods-old/home-manager/packages/python-packages.nix similarity index 100% rename from modules/home-manager/packages/python-packages.nix rename to mods-old/home-manager/packages/python-packages.nix diff --git a/modules/homemanager_hyperv.nix b/mods-old/homemanager_hyperv.nix similarity index 100% rename from modules/homemanager_hyperv.nix rename to mods-old/homemanager_hyperv.nix diff --git a/modules/modules-list.nix b/mods-old/modules-list.nix similarity index 100% rename from modules/modules-list.nix rename to mods-old/modules-list.nix diff --git a/modules/ssh.nix b/mods-old/ssh.nix similarity index 100% rename from modules/ssh.nix rename to mods-old/ssh.nix diff --git a/modules/base.nix b/modules/base.nix deleted file mode 100644 index 27b39ba..0000000 --- a/modules/base.nix +++ /dev/null @@ -1,10 +0,0 @@ -# This is your system's configuration file. -# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) - -{ lib, config, pkgs, inputs, ... }: { - security.sudo.wheelNeedsPassword = false; - - - environment.systemPackages = - [ pkgs.cifs-utils]; -} diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix index cfe7da0..e41f7d9 100644 --- a/modules/home-manager/default.nix +++ b/modules/home-manager/default.nix @@ -1,8 +1,7 @@ -{...}: { - imports = [ - # New module organization - ./sstent.nix - ./beets.nix +# Add your reusable home-manager modules to this directory, on their own file (https://nixos.wiki/wiki/Module). +# These should be stuff you would like to share with others, not your personal configurations. - ]; -} \ No newline at end of file +{ + # List your module files here + # my-module = import ./my-module.nix; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..bec6184 --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,7 @@ +# Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module). +# These should be stuff you would like to share with others, not your personal configurations. + +{ + # List your module files here + # my-module = import ./my-module.nix; +} diff --git a/nixpkgs.nix b/nixpkgs.nix new file mode 100644 index 0000000..041de40 --- /dev/null +++ b/nixpkgs.nix @@ -0,0 +1,8 @@ +# A nixpkgs instance that is grabbed from the pinned nixpkgs commit in the lock file +# This is useful to avoid using channels when using legacy nix commands +let lock = (builtins.fromJSON (builtins.readFile ./flake.lock)).nodes.nixpkgs.locked; +in +import (fetchTarball { + url = "https://github.com/nixos/nixpkgs/archive/${lock.rev}.tar.gz"; + sha256 = lock.narHash; +}) diff --git a/outputs.nix b/outputs.nix deleted file mode 100644 index 9641c93..0000000 --- a/outputs.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ self -, flake-utils -, nixpkgs -, sops-nix -, deploy -, home-manager -, vscode-server -, ... -} @ inputs: -(flake-utils.lib.eachDefaultSystem (system: - let - pkgs = nixpkgs.legacyPackages."${system}"; - in - { - devShell = pkgs.callPackage ./shell.nix { - inherit (sops-nix.packages."${pkgs.system}"); - inherit (deploy.packages."${pkgs.system}") deploy-rs; - inherit pkgs; - }; - })) // { - nixosConfigurations = import ./configurations.nix (inputs // { - inherit inputs; - }); - deploy = import ./deploy.nix (inputs // { - inherit inputs; - }); - - hydraJobs = nixpkgs.lib.mapAttrs' (name: config: nixpkgs.lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel) self.nixosConfigurations; - checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy.lib; -} diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 0000000..9a03471 --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,24 @@ +# This file defines overlays +{ inputs, ... }: +{ + # This one brings our custom packages from the 'pkgs' directory + additions = final: _prev: import ../pkgs { pkgs = final; }; + + # This one contains whatever you want to overlay + # You can change versions, add patches, set compilation flags, anything really. + # https://nixos.wiki/wiki/Overlays + modifications = final: prev: { + # example = prev.example.overrideAttrs (oldAttrs: rec { + # ... + # }); + }; + + # When applied, the unstable nixpkgs set (declared in the flake inputs) will + # be accessible through 'pkgs.unstable' + unstable-packages = final: _prev: { + unstable = import inputs.nixpkgs-unstable { + system = final.system; + config.allowUnfree = true; + }; + }; +} diff --git a/pkgs/npiperelay/default.nix b/pkgs-old/npiperelay/default.nix similarity index 100% rename from pkgs/npiperelay/default.nix rename to pkgs-old/npiperelay/default.nix diff --git a/pkgs/wsl-ssh-agent-relay/default.nix b/pkgs-old/wsl-ssh-agent-relay/default.nix similarity index 100% rename from pkgs/wsl-ssh-agent-relay/default.nix rename to pkgs-old/wsl-ssh-agent-relay/default.nix diff --git a/pkgs/wsl-ssh-agent-relay/wsl-ssh-agent-relay b/pkgs-old/wsl-ssh-agent-relay/wsl-ssh-agent-relay similarity index 100% rename from pkgs/wsl-ssh-agent-relay/wsl-ssh-agent-relay rename to pkgs-old/wsl-ssh-agent-relay/wsl-ssh-agent-relay diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 0000000..8c5e910 --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,6 @@ +# Custom packages, that can be defined similarly to ones from nixpkgs +# You can build them using 'nix build .#example' or (legacy) 'nix-build -A example' + +{ pkgs ? (import ../nixpkgs.nix) { } }: { + # example = pkgs.callPackage ./example { }; +} diff --git a/shell.nix b/shell.nix index 90bd695..9525915 100644 --- a/shell.nix +++ b/shell.nix @@ -1,19 +1,10 @@ -{ mkShell -, sops -, deploy-rs -, nixpkgs-fmt -, python3 -, pkgs -}: +# Shell for bootstrapping flake-enabled nix and home-manager +# You can enter it through 'nix develop' or (legacy) 'nix-shell' -mkShell { - # sopsPGPKeyDirs = [ "./secrets/keys" ]; - nativeBuildInputs = [ - python3.pkgs.invoke - pkgs.ssh-to-age - pkgs.age - sops - deploy-rs - nixpkgs-fmt - ]; +{ pkgs ? (import ./nixpkgs.nix) { } }: { + default = pkgs.mkShell { + # Enable experimental features without having to specify the argument + NIX_CONFIG = "experimental-features = nix-command flakes"; + nativeBuildInputs = with pkgs; [ nix home-manager git ]; + }; } diff --git a/utils/default.nix b/utils/default.nix deleted file mode 100644 index d0718de..0000000 --- a/utils/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ pkgs, ... }: { - renderMustache = name: template: data: - # Render handlebars `template` called `name` by converting `data` to JSON - pkgs.stdenv.mkDerivation { - - name = "${name}"; - - # Disable phases which are not needed. In particular the unpackPhase will - # fail, if no src attribute is set - nativeBuildInpts = [ pkgs.mustache-go ]; - - # Pass Json as file to avoid escaping - passAsFile = [ "jsonData" ]; - jsonData = builtins.toJSON data; - - phases = [ "buildPhase" "installPhase" ]; - - buildPhase = '' - ${pkgs.mustache-go}/bin/mustache $jsonDataPath ${template} > rendered_file - ''; - installPhase = '' - cp rendered_file $out - ''; - }; -}