sstent/vmimages
1
0
Fork 0
mirror of https://github.com/sstent/vmimages.git synced 2026-02-06 12:32:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

sync

Browse Source
This commit is contained in:
sstent
2023-02-25 04:46:28 +00:00
parent 6e4afd914a
commit c0305a7ed8
38 changed files with 536 additions and 451 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
README.md
View File

@@ -1,19 +0,0 @@
# vmimages
based on https://samleathers.com/posts/2022-02-11-my-new-network-and-sops.html
## Create new SSH HOST KEYS
sudo ssh-keygen -q -N "" -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key
sudo ssh-keygen -q -N "" -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
## Local
`nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'`
or in nix develop
`cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'`
## Add key to .sops.yaml
## rekey a file
`sops updatekeys hosts/wsl2/secrets.yaml`

47
configurations.nix
View File

@@ -1,47 +0,0 @@
{ self
, nixpkgs
, sops-nix
, inputs
, nixos-hardware
, home-manager
, vscode-server
, nix
, ...
}:
let
nixosSystem = nixpkgs.lib.makeOverridable nixpkgs.lib.nixosSystem;
customModules = import ./modules/modules-list.nix;
baseModules = [
# make flake inputs accessiable in NixOS
{ _module.args.inputs = inputs; }
{
imports = [
({ pkgs, ... }: {
nix.nixPath = [
"nixpkgs=${pkgs.path}"
];
# TODO: remove when switching to 22.05
nix.package = nixpkgs.lib.mkForce nix.packages.x86_64-linux.nix;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
documentation.info.enable = false;
})
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
vscode-server.nixosModule
];
}
];
defaultModules = baseModules ++ customModules;
in
{
nixos = nixosSystem {
system = "x86_64-linux";
modules = defaultModules ++ [
./hosts/wsl2
inputs.nixos-wsl.nixosModules.wsl
];
};
}

25
deploy.nix
View File

@@ -1,25 +0,0 @@
{ self
, deploy
, ...
}:
let
mkNode = server: ip: fast: {
hostname = "${ip}:22";
fastConnection = fast;
profiles.system.path =
deploy.lib.x86_64-linux.activate.nixos
self.nixosConfigurations."${server}";
};
in
{
user = "root";
sshUser = "root";
nodes = {
optina = mkNode "optina" "10.40.33.20" true;
portal = mkNode "portal" "10.40.33.1" true;
sarov = mkNode "sarov" "10.40.33.183" true;
valaam = mkNode "valaam" "10.40.33.21" true;
prod01 = mkNode "prod01" "45.76.4.212" false;
prod03 = mkNode "prod03" "45.63.23.13" false;
};
}

227
flake.lock generated
View File

@@ -1,44 +1,6 @@
{ {
"nodes": { "nodes": {
"deploy": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1674127017,
"narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1673956053,
@@ -89,14 +51,14 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"utils": "utils_2" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1676367705, "lastModified": 1676892629,
"narHash": "sha256-un5UbRat9TwruyImtwUGcKF823rCEp4fQxnsaLFL7CM=", "narHash": "sha256-rlvsqoSBO5dCwfnn7xvImYREidIPJaiFS3b54TZF4pU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "da72e6fc6b7dc0c3f94edbd310aae7cd95c678b5", "rev": "72ce74d3eae78a6b31538ea7ebe0c1fcf4a10f7a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -105,86 +67,13 @@
"type": "github" "type": "github"
} }
}, },
"lowdown-src": {
"flake": false,
"locked": {
"lastModified": 1633514407,
"narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
"owner": "kristapsdz",
"repo": "lowdown",
"rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
"type": "github"
},
"original": {
"owner": "kristapsdz",
"repo": "lowdown",
"type": "github"
}
},
"nix": {
"inputs": {
"lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1670334625,
"narHash": "sha256-sQ9C101CL/eVN5JgH91ozHFWU4+bXr8/Fi/8NQk6xRI=",
"owner": "NixOS",
"repo": "nix",
"rev": "ef800f1e73602c0f10951dd789b97e750f37afc0",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "2.12.0",
"repo": "nix",
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1636849918,
"narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1676297861,
"narHash": "sha256-YECUmK34xzg0IERpnbCnaO6z6YgfecJlstMWX7dqOZ8=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "1e0a05219f2a557d4622bc38f542abb360518795",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1676924492, "lastModified": 1677232326,
"narHash": "sha256-78278eyP55JRFe7UCpmFwdkrTY6H2arzTpVeteWo8kM=", "narHash": "sha256-rAk2/80kLvA3yIMmSV86T1B4kNvwCFMSQ1FxXndaUB0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "d24ea777c57b69c6b143cf11d83184ef71b0dbbf", "rev": "2d44015779cced4eec9df5b8dab238b9f6312cb2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -195,7 +84,7 @@
}, },
"nixos-wsl": { "nixos-wsl": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@@ -217,36 +106,20 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1657693803, "lastModified": 1676817468,
"narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=", "narHash": "sha256-ovuJ1jQOC2/EEibufBkXmSN/O9mLx80Wh7aDmHmHAhA=",
"owner": "NixOS", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "365e1b3a859281cf11b94f87231adeabbdd878a2", "rev": "0cf4274b5d06325bd16dbf879a30981bc283e58a",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "nixos",
"ref": "nixos-22.05-small", "ref": "nixos-22.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1676771332, "lastModified": 1676771332,
@@ -263,23 +136,23 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1676569297, "lastModified": 1676721149,
"narHash": "sha256-2n4C4H3/U+3YbDrQB6xIw7AaLdFISCCFwOkcETAigqU=", "narHash": "sha256-mN2EpTGxxVNnFZLoLWRwh6f7UWhXy4qE+wO2CZyrXps=",
"owner": "NixOS", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ac1f5b72a9e95873d1de0233fddcb56f99884b37", "rev": "5f4e07deb7c44f27d498f8df9c5f34750acf52d2",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "nixos",
"ref": "nixos-unstable", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1676549890, "lastModified": 1676549890,
"narHash": "sha256-sq/WcOEAl7gWrrfGkWdnyYazRyTf+enEim/o6LOQzI8=", "narHash": "sha256-sq/WcOEAl7gWrrfGkWdnyYazRyTf+enEim/o6LOQzI8=",
@@ -295,37 +168,20 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": {
"locked": {
"lastModified": 1672441588,
"narHash": "sha256-jx5kxOyeObnVD44HRebKYL3cjWrcKhhcDmEYm0/naDY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6a0d2701705c3cf6f42c15aa92b7885f1f8a477f",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"root": { "root": {
"inputs": { "inputs": {
"deploy": "deploy",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",
"nix": "nix",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixos-wsl": "nixos-wsl", "nixos-wsl": "nixos-wsl",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs",
"sops-nix": "sops-nix", "nixpkgs-unstable": "nixpkgs-unstable",
"vscode-server": "vscode-server" "sops-nix": "sops-nix"
} }
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
@@ -356,39 +212,6 @@
"repo": "flake-utils", "repo": "flake-utils",
"type": "github" "type": "github"
} }
},
"utils_2": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"vscode-server": {
"inputs": {
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1676501444,
"narHash": "sha256-H+uQetkzd5GIga56HmCDwl5eihdQgeN2jVdNrkXzDyo=",
"owner": "msteen",
"repo": "nixos-vscode-server",
"rev": "57f1716bc625d2892579294cc207956679e3d94c",
"type": "github"
},
"original": {
"owner": "msteen",
"repo": "nixos-vscode-server",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

88
flake.nix
View File

@@ -1,20 +1,92 @@
{ {
description = "NixOS configuration"; description = "Your new nix config";
inputs = { inputs = {
nixpkgs = {url ="github:NixOS/nixpkgs/nixos-unstable";}; # Main nixpkgs channel # Nixpkgs
home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs";}; nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11";
deploy = { url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs";}; # Import deploy-rs for deployments # You can access packages and modules from different nixpkgs revs
# at the same time. Here's an working example:
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
# Also see the 'unstable-packages' overlay at 'overlays/default.nix'.
# Home manager
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
# TODO: Add any other flake you might need
# hardware.url = "github:nixos/nixos-hardware";
# Shameless plug: looking for a way to nixify your themes and make
# everything match nicely? Try nix-colors!
# nix-colors.url = "github:misterio77/nix-colors";
nixos-hardware.url = "github:NixOS/nixos-hardware"; # Import nixos hardware quirks settings nixos-hardware.url = "github:NixOS/nixos-hardware"; # Import nixos hardware quirks settings
nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs";}; #import nixos-generators for building images # nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs";}; #import nixos-generators for building images
nixos-wsl = {url = "github:nix-community/NixOS-WSL"; inputs.nixpkgs.follows = "nixpkgs";}; nixos-wsl = {url = "github:nix-community/NixOS-WSL"; inputs.nixpkgs.follows = "nixpkgs";};
sops-nix.url = github:Mic92/sops-nix; sops-nix.url = github:Mic92/sops-nix;
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
nix.url = "github:NixOS/nix/2.12.0"; # nix.url = "github:NixOS/nix/2.12.0";
vscode-server.url = "github:msteen/nixos-vscode-server"; # vscode-server.url = "github:msteen/nixos-vscode-server";
}; };
outputs = { ... } @ args: import ./outputs.nix args; outputs = { self, nixpkgs, home-manager, ... }@inputs:
let
inherit (self) outputs;
forAllSystems = nixpkgs.lib.genAttrs [
"aarch64-linux"
"i686-linux"
"x86_64-linux"
];
in
rec {
# Your custom packages
# Acessible through 'nix build', 'nix shell', etc
packages = forAllSystems (system:
let pkgs = nixpkgs.legacyPackages.${system};
in import ./pkgs { inherit pkgs; }
);
# Devshell for bootstrapping
# Acessible through 'nix develop' or 'nix-shell' (legacy)
devShells = forAllSystems (system:
let pkgs = nixpkgs.legacyPackages.${system};
in import ./shell.nix { inherit pkgs; }
);
# Your custom packages and modifications, exported as overlays
overlays = import ./overlays { inherit inputs; };
# Reusable nixos modules you might want to export
# These are usually stuff you would upstream into nixpkgs
nixosModules = import ./modules/nixos;
# Reusable home-manager modules you might want to export
# These are usually stuff you would upstream into home-manager
homeManagerModules = import ./modules/home-manager;
# NixOS configuration entrypoint
# Available through 'nixos-rebuild --flake .#your-hostname'
nixosConfigurations = {
nixos = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs outputs; };
modules = [
./hosts/wsl2
];
};
};
# Standalone home-manager configuration entrypoint
# Available through 'home-manager --flake .#your-username@your-hostname'
homeConfigurations = {
# FIXME replace with your username@hostname
"sstent@nixos" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance
extraSpecialArgs = { inherit inputs outputs; };
modules = [
# > Our main home-manager configuration file <
./home-manager/sstent.nix
];
};
};
};
} }

63
home-manager/home.nix Normal file
View File

@@ -0,0 +1,63 @@
# This is your home-manager configuration file
# Use this to configure your home environment (it replaces ~/.config/nixpkgs/home.nix)
{ inputs, outputs, lib, config, pkgs, ... }: {
# You can import other home-manager modules here
imports = [
# If you want to use modules your own flake exports (from modules/home-manager):
# outputs.homeManagerModules.example
# Or modules exported from other flakes (such as nix-colors):
# inputs.nix-colors.homeManagerModules.default
# You can also split up your configuration and import pieces of it here:
# ./nvim.nix
];
nixpkgs = {
# You can add overlays here
overlays = [
# Add overlays your own flake exports (from overlays and pkgs dir):
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
# You can also add overlays exported from other flakes:
# neovim-nightly-overlay.overlays.default
# Or define it inline, for example:
# (final: prev: {
# hi = final.hello.overrideAttrs (oldAttrs: {
# patches = [ ./change-hello-to-hi.patch ];
# });
# })
];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
# Workaround for https://github.com/nix-community/home-manager/issues/2942
allowUnfreePredicate = (_: true);
};
};
# TODO: Set your username
home = {
username = "your-username";
homeDirectory = "/home/your-username";
};
# Add stuff for your user as you see fit:
# programs.neovim.enable = true;
# home.packages = with pkgs; [ steam ];
# Enable home-manager and git
programs.home-manager.enable = true;
programs.git.enable = true;
# Nicely reload system units when changing configs
systemd.user.startServices = "sd-switch";
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
home.stateVersion = "22.11";
}

41
modules/home-manager/sstent.nix → home-manager/sstent.nix
View File

@@ -1,20 +1,5 @@
{ lib, config, pkgs, ... }: { { lib, config, pkgs, ... }: {
options.mymods.user_sstent.enable = lib.mkEnableOption "Create sstent user";
config = lib.mkIf config.mymods.user_sstent.enable {
users.users = {
sstent = {
initialPassword = "farscape5";
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC"
];
extraGroups = [ "wheel" "video" ];
};
};
security.sudo.wheelNeedsPassword = false;
home-manager.users."sstent" = { home-manager.users."sstent" = {
home.username = "sstent"; home.username = "sstent";
home.homeDirectory = "/home/sstent"; home.homeDirectory = "/home/sstent";
@@ -50,6 +35,8 @@
services.keybase.enable = true; services.keybase.enable = true;
services.kbfs.enable = true; services.kbfs.enable = true;
programs.home-manager.enable = true;
home.file.".mrconfig".source = configs/mrconfig; home.file.".mrconfig".source = configs/mrconfig;
# xdg.configFile."beets/config.yaml".source = ./beets_config.yaml; # xdg.configFile."beets/config.yaml".source = ./beets_config.yaml;
programs = { programs = {
@@ -132,13 +119,29 @@ programs = {
}; };
}; };
# homeage = {
# # Absolute path to identity (created not through home-manager)
# identityPaths = [ "~/.ssh/id_ed25519" ];
# # "activation" if system doesn't support systemd
# installationType = "systemd";
# file."pijulsecretkey" = {
# # Path to encrypted file tracked by the git repository
# source = ./secretkey.json.age;
# symlinks = [ "${config.xdg.configHome}/pijul/secretkey.json" ];
# copies = [ "${config.xdg.configHome}/no-symlink-support/secretkey.json" ];
# };
# };
# imports = [ homeage.homeManagerModules.homeage ];
}; ### endf home-manager }; ### endf home-manager
};
#######If Gnome #######If Gnome
# config = lib.mkIf config.mymods.gnome.enable { # config = lib.mkIf config.mymods.gnome.enable {
# programs.bash.enable = true; # programs.bash.enable = true;

100
hosts/common/configuration.nix Normal file
View File

@@ -0,0 +1,100 @@
# This is your system's configuration file.
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{ inputs, outputs, lib, config, pkgs, ... }: {
# You can import other NixOS modules here
imports = [
# If you want to use modules your own flake exports (from modules/nixos):
# outputs.nixosModules.example
# Or modules from other flakes (such as nixos-hardware):
# inputs.hardware.nixosModules.common-cpu-amd
# inputs.hardware.nixosModules.common-ssd
# You can also split up your configuration and import pieces of it here:
# ./users.nix
# Import your generated (nixos-generate-config) hardware configuration
./hardware-configuration.nix
];
nixpkgs = {
# You can add overlays here
overlays = [
# Add overlays your own flake exports (from overlays and pkgs dir):
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
# You can also add overlays exported from other flakes:
# neovim-nightly-overlay.overlays.default
# Or define it inline, for example:
# (final: prev: {
# hi = final.hello.overrideAttrs (oldAttrs: {
# patches = [ ./change-hello-to-hi.patch ];
# });
# })
];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
};
};
nix = {
# This will add each flake input as a registry
# To make nix3 commands consistent with your flake
registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
# This will additionally add your inputs to the system's legacy channels
# Making legacy nix commands consistent as well, awesome!
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
settings = {
# Enable flakes and new 'nix' command
experimental-features = "nix-command flakes";
# Deduplicate and optimize nix store
auto-optimise-store = true;
};
};
# FIXME: Add the rest of your current configuration
# TODO: Set your hostname
networking.hostName = "your-hostname";
# TODO: This is just an example, be sure to use whatever bootloader you prefer
boot.loader.systemd-boot.enable = true;
# TODO: Configure your system-wide user settings (groups, etc), add more users as needed.
users.users = {
# FIXME: Replace with your username
your-username = {
# TODO: You can set an initial password for your user.
# If you do, you can skip setting a root password by passing '--no-root-passwd' to nixos-install.
# Be sure to change it (using passwd) after rebooting!
initialPassword = "correcthorsebatterystaple";
isNormalUser = true;
openssh.authorizedKeys.keys = [
# TODO: Add your SSH public key(s) here, if you plan on using SSH to connect
];
# TODO: Be sure to add any other groups you need (such as networkmanager, audio, docker, etc)
extraGroups = [ "wheel" ];
};
};
# This setups a SSH server. Very important if you're setting up a headless system.
# Feel free to remove if you don't need it.
services.openssh = {
enable = true;
# Forbid root login through SSH.
permitRootLogin = "no";
# Use keys only. Remove if you want to SSH using password (not recommended)
passwordAuthentication = false;
};
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "22.11";
}

32
hosts/common/default.nix Normal file
View File

@@ -0,0 +1,32 @@
# This file (and the global directory) holds config that i use on all hosts
{ lib, inputs, outputs, pkgs, ... }:
{
imports = [
inputs.home-manager.nixosModules.home-manager
./sops.nix
] ++ (builtins.attrValues outputs.nixosModules);
system.stateVersion = "22.11";
home-manager = {
useUserPackages = true;
extraSpecialArgs = { inherit inputs outputs; };
};
nixpkgs = {
#overlays = builtins.attrValues outputs.overlays;
config = {
allowUnfree = true;
};
};
programs.fuse.userAllowOther = true;
# nixpkgs.overlays = overlays;
# Enable nix flakes
nix.package = pkgs.nixFlakes;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
}

10
hosts/common/mnt-public.nix Normal file
View File

@@ -0,0 +1,10 @@
{ lib, inputs, outputs, ... }:
{
fileSystems."/mnt/Public" = {
device = "//192.168.1.109/Public";
fsType = "cifs";
# options = ["uid=0,gid=1000"];
options = ["guest" "uid=1000"];
};
}

57
hosts/common/secrets.yaml Normal file
View File

@@ -0,0 +1,57 @@
hello: ENC[AES256_GCM,data:YCv2DmmbLK0J/bfIETFAigdBYNA4ngz/hjxurUenY+8X0k/nFfPFMYo2T2SJgek=,iv:EwMz6ZkRZrPkGLUmTEkAVaqFXpBLP3Ur4A7buPOlmyE=,tag:9mKTqjVawZBXDxx1iUx65Q==,type:str]
example_key: ENC[AES256_GCM,data:nFMTN2mxDyCuWTB3CQ==,iv:1C2I7tSW15sGOdfiL1GvIOmCUeH5QgNI3zUWUBiqz3U=,tag:M3jaoS71WOTRe7JH2IFoow==,type:str]
#ENC[AES256_GCM,data:kmiX4PQr6LCSeIAnaWg5Vg==,iv:bYDdcMQyfKWgw6nqMaVTRPdKaukinOVifRcissdN7EI=,tag:An6CITxn5+g2DH2yxRKnnw==,type:comment]
example_array:
- ENC[AES256_GCM,data:ZvYNnG3Eth6u2INUF9A=,iv:iBhi9av/b2XrgEElTttgsr4GEsyprJ1/3DN18dDpvW8=,tag:mEeilFezrMWVJ8zFsIRTaA==,type:str]
- ENC[AES256_GCM,data:BA3E0wZv2TD1nJ4QoTY=,iv:mK2500yAbmmviq2/HuGPS71Adqxk/dZbyZvIH9bREhY=,tag:J2nVJSO5SNlg0LbupzyzkQ==,type:str]
example_number: ENC[AES256_GCM,data:ovijNr8tbyQ8Ww==,iv:02UHA0FDiYsM1WiostcpNjhp8Fz6zvVgq2ccfrSicI0=,tag:1a2flzhBtFUaohl8CTUCRQ==,type:float]
example_booleans:
- ENC[AES256_GCM,data:4Jnx+Q==,iv:jRAv486sWUtSXaDGQhUNq6ol/9Sjj71g1a9oemYbCT4=,tag:QSk3a0psmzdIKSDppvHLlg==,type:bool]
- ENC[AES256_GCM,data:kRIyTMI=,iv:57H3OtVIROJVfSRu+eLY1BEYmTWAcnRJqMn5ewYii+4=,tag:RzUieLUjdkK8r9qXwgozgg==,type:bool]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1jvqe2j70h97844nkz34z9k4epx3uahx50cx75ss8mty2dnxlrf7qqv9a0g
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVFoyWHJ5bURYSlRPenhw
dUxBcUJFQW15L25xSmdIVFNjNGMvQlNhSkFZCmFXWGIyUVBhT2ZPRUVOcWF5WWlC
Sm5ra1ZxMWVrcllPQWFBbEhPOTNoOWMKLS0tIHgyaFd1NU9jMHVRRHZLaHlUZFpV
c1VPdzhyOElhdnNWNGJtQVYwdGlzSDQKVKEr5ZPTUS3VPY+ywsmJaqGtQs/vH+ll
w0dyVelfdqaaZixBqZi+3D5IkL3g4Tx88R498YhgS1GJZDchf33itg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jvf8rd8krchw3ph0w2let8clvyuzcdhq2ug6sm7tx86refc2z5vq4w6lxr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NUlOVHhzVEU4L0RVeTM4
RzJXRGxRSkFIbXlHRkZhY2xOV0sxVmNIOENVCm5zUVRJRG9HaU1qMlkxcDVpM29t
ZGczOE4yeTdubjU1TzFyZlRLLysvMFkKLS0tIDlIajVwcktRNHl5YlVNeVBpVTlB
TEQzZ1dqc3crNFcyK3RMSGtJN2ZTQzQKPX5QRpyq+snJq7BFeIuibls0JT87DxSM
dfWALls+0GJ3p+iRGxCZvPEsD+1b21V1Ky9nPGsD3yr+IURJOkw/4g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1e0g0rrfdmp5f8f4xgkyp8zgxw2v5t3ldlm2t822xekdz0z6qj49q6aesuw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcXFMajNoVHY3YlowQmtN
eEt4QWMrUE9reTJhYmRrKzFkNDRqenM5TVNzCjh1bUR1K1FVaDF0Q1FLbHV4RWs4
bmhwdGtGazRIK3c4b3hjcnQyMlJIRGMKLS0tIEhqSXdrZEg5Q3BiUHl2b1JOTVZK
OU50RmdKY0w5OVI1akFHR0N6OUlScTgKSqYdXlXoLaOZLTVC83qXydvGBxOHctzf
Cdfmj674Ih4kqzFcM+0yFtOb574fAkaeU9fH58uoZ97Y8HNlLUHSAA==
-----END AGE ENCRYPTED FILE-----
- recipient: age187fdx6pc2559tjh03jrcwp6yj8whd70h666g8a0ptyr0z49tfcsssdx6au
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSZ2VIQXV3RndKUDNhZEVY
RlNNWnkyUFYyd01TYVR2UXR2QS9OeWkwVEdNCkhwakdXYkhkZlc2TXNtQ1pvYUFY
UUZMSUlNWXZxN21DQVhzTXNqTSthcE0KLS0tIEdsRHVQV0RudUppNXdEb1lyRDVQ
NVRURnUyUFA4OC80K2NqWDNlcW1nSVkKJDwadryzf4gpv+Ije54EL4XCiJh8DCVa
Kw9VPkU6WbpT8DMEUkvaydVhJm9QkT7XVAPd8xNh/INsCWhMHZsD2g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-02-25T04:46:09Z"
mac: ENC[AES256_GCM,data:J/BYh7T+5uXVE3BHj6uQ/o1c3p9B+M5oqBD6v8qxirEAlfCtMcciE93nXF0Gx9fln4rD3tt6YU24oT6/546F2TrWViAamRTDiyACs0gCbE+W7kp0AdcpjlBj4rL4pyYUGwDXZfLXKLpVWztx2O0XwIwoRX+FhjEpvkVvmy/6Acg=,iv:A5xEdkvuD9IO7QL7ZMtdSsxXP6NThgmBwquF14T/HGg=,tag:SzrscVaBPIg+gbMuwMcROA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

17
hosts/common/sops.nix Normal file
View File

@@ -0,0 +1,17 @@
{ inputs, lib, config, ... }:
{
imports = [
inputs.sops-nix.nixosModules.sops
];
sops = {
defaultSopsFile = ./secrets.yaml;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets.discogs_json = {
mode = "0440";
owner = config.users.users.sstent.name;
group = config.users.users.sstent.group;
};
};
}

18
hosts/common/user-sstent.nix Normal file
View File

@@ -0,0 +1,18 @@
{ inputs, lib, config, ... }:
{
users.users = {
sstent = {
initialPassword = "farscape5";
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC"
];
extraGroups = [ "wheel" "video" ];
};
};
# home-manager.users.misterio = import home/${config.networking.hostName}.nix;
}

36
hosts/wsl2/default.nix
View File

@@ -1,12 +1,13 @@
{ lib, pkgs, config, modulesPath, ... }: { { lib, pkgs, config, inputs, ... }: {
# nixpkgs.overlays = overlays; imports = [
# Enable nix flakes ../common
nix.package = pkgs.nixFlakes; ../common/mnt-public.nix
nix.extraOptions = '' inputs.nixos-wsl.nixosModules.wsl
experimental-features = nix-command flakes ];
'';
system.stateVersion = "22.11"; # system.stateVersion = "22.11";
nixpkgs.hostPlatform.system = "x86_64-linux";
wsl = { wsl = {
enable = true; enable = true;
@@ -17,21 +18,9 @@
nativeSystemd = true; nativeSystemd = true;
# Enable native Docker support # Enable native Docker support
docker-native.enable = true; docker-native.enable = true;
# Enable integration with Docker Desktop (needs to be installed) # Enable integration with Docker Desktop (needs to be installed)
# docker-desktop.enable = true; # docker-desktop.enable = true;
}; };
services.vscode-server.enable = true;
mymods = { user_sstent.enable = true; beets.enable = true;};
sops.defaultSopsFile = ./secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.secrets.discogs_json = { };
sops.secrets.discogs_json.mode = "0440";
sops.secrets.discogs_json.owner = config.users.users.sstent.name;
sops.secrets.discogs_json.group = config.users.users.sstent.group;
environment.systemPackages = [ environment.systemPackages = [
pkgs.socat pkgs.socat
@@ -44,13 +33,8 @@
npiperelay = callPackage ../../pkgs/npiperelay { }; npiperelay = callPackage ../../pkgs/npiperelay { };
#wsl-ssh-agent-relay = callPackage ../../pkgs/wsl-ssh-agent-relay { }; #wsl-ssh-agent-relay = callPackage ../../pkgs/wsl-ssh-agent-relay { };
}; };
fileSystems."/mnt/Public" = {
device = "//192.168.1.109/Public";
fsType = "cifs";
options = ["uid=0,gid=1000"];
};
systemd.services.nixs-wsl-systemd-fix = { systemd.services.nixs-wsl-systemd-fix = {
description = "Fix the /dev/shm symlink to be a mount"; description = "Fix the /dev/shm symlink to be a mount";
unitConfig = { unitConfig = {
DefaultDependencies = "no"; DefaultDependencies = "no";

22
mods-old/base.nix Normal file
View File

@@ -0,0 +1,22 @@
# This is your system's configuration file.
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{ lib, config, pkgs, inputs, ... }: {
security.sudo.wheelNeedsPassword = false;
environment.systemPackages =
[ pkgs.cifs-utils];
users.users = {
sstent = {
initialPassword = "farscape5";
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC"
];
extraGroups = [ "wheel" "video" ];
};
};
}

0
modules/default.nix → mods-old/default.nix
View File

0
modules/gnome/default.nix → mods-old/gnome/default.nix
View File

24
modules/home-manager/beets.nix → mods-old/home-manager/beets.nix
View File

@@ -1,23 +1,20 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
options.mymods.beets.enable = lib.mkEnableOption "Beets music manager";
config = lib.mkIf config.mymods.beets.enable {
home-manager.users."sstent" = { home-manager.users."sstent" = {
# xdg.configFile."beets/discogs_token.test".source = "/run/secrets/discogs_json"; # xdg.configFile."beets/discogs_token.test".source = "/run/secrets/discogs_json";
# xdg.configFile."beets/discogs_token.test".source = config.sops.secrets.discogs_json.path; # xdg.configFile."beets/discogs_token.test".source = config.sops.secrets.discogs_json.path;
# xdg.configFile."beets/discogs_token.test".source = config.lib.file.mkOutOfStoreSymlink "${config.sops.secrets.discogs_json.path}"; # xdg.configFile."beets/discogs_token.test".source = config.lib.file.mkOutOfStoreSymlink "${config.sops.secrets.discogs_json.path}";
home.activation.afterWriteBoundary = { # home.activation.afterWriteBoundary = {
after = [ "writeBoundary" ]; # after = [ "writeBoundary" ];
before = []; # before = [];
data = '' # data = ''
if [ ! -L "~/.config/beets/t3" ]; then # if [ ! -L "~/.config/beets/t3" ]; then
echo "=> File doesn't exist" # echo "=> File doesn't exist"
ln -s /run/secrets/discogs_json ~/.config/beets/discogs_token.json # ln -s /run/secrets/discogs_json ~/.config/beets/discogs_token.json
fi # fi
''; # '';
}; # };
programs.beets = { programs.beets = {
enable = true; enable = true;
@@ -166,6 +163,5 @@ fi
}; };
}; };
};
} }

0
modules/home-manager/configs/mrconfig → mods-old/home-manager/configs/mrconfig
View File

0
modules/home-manager/configs/nicotine → mods-old/home-manager/configs/nicotine
View File

9
mods-old/home-manager/default.nix Normal file
View File

@@ -0,0 +1,9 @@
{...}: {
imports = [
# New module organization
./sstent.nix
./beets.nix
# homeage.homeManagerModules.homeage
];
}

0
modules/home-manager/nicotine.nix → mods-old/home-manager/nicotine.nix
View File

0
modules/home-manager/packages/python-packages.nix → mods-old/home-manager/packages/python-packages.nix
View File

0
modules/homemanager_hyperv.nix → mods-old/homemanager_hyperv.nix
View File

0
modules/modules-list.nix → mods-old/modules-list.nix
View File

0
modules/ssh.nix → mods-old/ssh.nix
View File

10
modules/base.nix
View File

@@ -1,10 +0,0 @@
# This is your system's configuration file.
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{ lib, config, pkgs, inputs, ... }: {
security.sudo.wheelNeedsPassword = false;
environment.systemPackages =
[ pkgs.cifs-utils];
}

11
modules/home-manager/default.nix
View File

@@ -1,8 +1,7 @@
{...}: { # Add your reusable home-manager modules to this directory, on their own file (https://nixos.wiki/wiki/Module).
imports = [ # These should be stuff you would like to share with others, not your personal configurations.
# New module organization
./sstent.nix
./beets.nix
]; {
# List your module files here
# my-module = import ./my-module.nix;
} }

7
modules/nixos/default.nix Normal file
View File

@@ -0,0 +1,7 @@
# Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module).
# These should be stuff you would like to share with others, not your personal configurations.
{
# List your module files here
# my-module = import ./my-module.nix;
}

8
nixpkgs.nix Normal file
View File

@@ -0,0 +1,8 @@
# A nixpkgs instance that is grabbed from the pinned nixpkgs commit in the lock file
# This is useful to avoid using channels when using legacy nix commands
let lock = (builtins.fromJSON (builtins.readFile ./flake.lock)).nodes.nixpkgs.locked;
in
import (fetchTarball {
url = "https://github.com/nixos/nixpkgs/archive/${lock.rev}.tar.gz";
sha256 = lock.narHash;
})

30
outputs.nix
View File

@@ -1,30 +0,0 @@
{ self
, flake-utils
, nixpkgs
, sops-nix
, deploy
, home-manager
, vscode-server
, ...
} @ inputs:
(flake-utils.lib.eachDefaultSystem (system:
let
pkgs = nixpkgs.legacyPackages."${system}";
in
{
devShell = pkgs.callPackage ./shell.nix {
inherit (sops-nix.packages."${pkgs.system}");
inherit (deploy.packages."${pkgs.system}") deploy-rs;
inherit pkgs;
};
})) // {
nixosConfigurations = import ./configurations.nix (inputs // {
inherit inputs;
});
deploy = import ./deploy.nix (inputs // {
inherit inputs;
});
hydraJobs = nixpkgs.lib.mapAttrs' (name: config: nixpkgs.lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel) self.nixosConfigurations;
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy.lib;
}

24
overlays/default.nix Normal file
View File

@@ -0,0 +1,24 @@
# This file defines overlays
{ inputs, ... }:
{
# This one brings our custom packages from the 'pkgs' directory
additions = final: _prev: import ../pkgs { pkgs = final; };
# This one contains whatever you want to overlay
# You can change versions, add patches, set compilation flags, anything really.
# https://nixos.wiki/wiki/Overlays
modifications = final: prev: {
# example = prev.example.overrideAttrs (oldAttrs: rec {
# ...
# });
};
# When applied, the unstable nixpkgs set (declared in the flake inputs) will
# be accessible through 'pkgs.unstable'
unstable-packages = final: _prev: {
unstable = import inputs.nixpkgs-unstable {
system = final.system;
config.allowUnfree = true;
};
};
}

0
pkgs/npiperelay/default.nix → pkgs-old/npiperelay/default.nix
View File

0
pkgs/wsl-ssh-agent-relay/default.nix → pkgs-old/wsl-ssh-agent-relay/default.nix
View File

0
pkgs/wsl-ssh-agent-relay/wsl-ssh-agent-relay → pkgs-old/wsl-ssh-agent-relay/wsl-ssh-agent-relay
View File

6
pkgs/default.nix Normal file
View File

@@ -0,0 +1,6 @@
# Custom packages, that can be defined similarly to ones from nixpkgs
# You can build them using 'nix build .#example' or (legacy) 'nix-build -A example'
{ pkgs ? (import ../nixpkgs.nix) { } }: {
# example = pkgs.callPackage ./example { };
}

25
shell.nix
View File

@@ -1,19 +1,10 @@
{ mkShell # Shell for bootstrapping flake-enabled nix and home-manager
, sops # You can enter it through 'nix develop' or (legacy) 'nix-shell'
, deploy-rs
, nixpkgs-fmt
, python3
, pkgs
}:
mkShell { { pkgs ? (import ./nixpkgs.nix) { } }: {
# sopsPGPKeyDirs = [ "./secrets/keys" ]; default = pkgs.mkShell {
nativeBuildInputs = [ # Enable experimental features without having to specify the argument
python3.pkgs.invoke NIX_CONFIG = "experimental-features = nix-command flakes";
pkgs.ssh-to-age nativeBuildInputs = with pkgs; [ nix home-manager git ];
pkgs.age };
sops
deploy-rs
nixpkgs-fmt
];
} }

25
utils/default.nix
View File

@@ -1,25 +0,0 @@
{ pkgs, ... }: {
renderMustache = name: template: data:
# Render handlebars `template` called `name` by converting `data` to JSON
pkgs.stdenv.mkDerivation {
name = "${name}";
# Disable phases which are not needed. In particular the unpackPhase will
# fail, if no src attribute is set
nativeBuildInpts = [ pkgs.mustache-go ];
# Pass Json as file to avoid escaping
passAsFile = [ "jsonData" ];
jsonData = builtins.toJSON data;
phases = [ "buildPhase" "installPhase" ];
buildPhase = ''
${pkgs.mustache-go}/bin/mustache $jsonDataPath ${template} > rendered_file
'';
installPhase = ''
cp rendered_file $out
'';
};
}