diff options
| -rw-r--r-- | .gitattributes | 1 | ||||
| -rw-r--r-- | nix-conf/config.nix | 18 | ||||
| -rw-r--r-- | nix-conf/flake.lock | 24 | ||||
| -rw-r--r-- | nix-conf/flake.nix | 111 | ||||
| -rw-r--r-- | nix-conf/home/includes/common.nix | 9 | ||||
| -rw-r--r-- | nix-conf/home/includes/dev-common.nix | 4 | ||||
| -rw-r--r-- | nix-conf/home/includes/scripts/hm-changes-report.nix | 14 | ||||
| -rw-r--r-- | nix-conf/home/includes/scripts/system-changes-report.nix | 14 | ||||
| -rw-r--r-- | nix-conf/machines/djmuk2/configuration.nix | 11 | ||||
| -rw-r--r-- | nix-conf/machines/djmuk2/private.nix | bin | 0 -> 138 bytes | |||
| -rw-r--r-- | nix-conf/machines/edrahil/configuration.nix | 3 | ||||
| -rw-r--r-- | nix-conf/machines/edrahil/network-configuration.nix | 23 | ||||
| -rw-r--r-- | nix-conf/machines/edrahil/private.nix | bin | 0 -> 173 bytes | |||
| -rw-r--r-- | nix-conf/machines/egalmoth/configuration.nix | 12 |
14 files changed, 129 insertions, 115 deletions
diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..4887f4a --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +private.nix filter=git-crypt diff=git-crypt diff --git a/nix-conf/config.nix b/nix-conf/config.nix new file mode 100644 index 0000000..09d248e --- /dev/null +++ b/nix-conf/config.nix @@ -0,0 +1,18 @@ +{ pkgs, lib, nixpkgs, ... }: +{ + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "aspell-dict-en-science" ]; + nix = { + package = pkgs.nix; + settings = { + experimental-features = "nix-command flakes"; + substituters = [ + "https://nix-community.cachix.org" + "https://cache.nixos.org/" + ]; + trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + }; + }; +} + diff --git a/nix-conf/flake.lock b/nix-conf/flake.lock index 9972cf7..a745d87 100644 --- a/nix-conf/flake.lock +++ b/nix-conf/flake.lock @@ -20,11 +20,11 @@ ] }, "locked": { - "lastModified": 1753983724, - "narHash": "sha256-2vlAOJv4lBrE+P1uOGhZ1symyjXTRdn/mz0tZ6faQcg=", + "lastModified": 1754263839, + "narHash": "sha256-ck7lILfCNuunsLvExPI4Pw9OOCJksxXwozum24W8b+8=", "owner": "nix-community", "repo": "home-manager", - "rev": "7035020a507ed616e2b20c61491ae3eaa8e5462c", + "rev": "1d7abbd5454db97e0af51416f4960b3fb64a4773", "type": "github" }, "original": { @@ -77,11 +77,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1753939845, - "narHash": "sha256-K2ViRJfdVGE8tpJejs8Qpvvejks1+A4GQej/lBk5y7I=", + "lastModified": 1754214453, + "narHash": "sha256-Q/I2xJn/j1wpkGhWkQnm20nShYnG7TI99foDBpXm1SY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "94def634a20494ee057c76998843c015909d6311", + "rev": "5b09dc45f24cf32316283e62aec81ffee3c3e376", "type": "github" }, "original": { @@ -93,11 +93,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1753749649, - "narHash": "sha256-+jkEZxs7bfOKfBIk430K+tK9IvXlwzqQQnppC2ZKFj4=", + "lastModified": 1754292888, + "narHash": "sha256-1ziydHSiDuSnaiPzCQh1mRFBsM2d2yRX9I+5OPGEmIE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1f08a4df998e21f4e8be8fb6fbf61d11a1a5076a", + "rev": "ce01daebf8489ba97bd1609d185ea276efdeb121", "type": "github" }, "original": { @@ -125,11 +125,11 @@ ] }, "locked": { - "lastModified": 1752544651, - "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=", + "lastModified": 1754328224, + "narHash": "sha256-glPK8DF329/dXtosV7YSzRlF4n35WDjaVwdOMEoEXHA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2c8def626f54708a9c38a5861866660395bb3461", + "rev": "49021900e69812ba7ddb9e40f9170218a7eca9f4", "type": "github" }, "original": { diff --git a/nix-conf/flake.nix b/nix-conf/flake.nix index c674c80..ad2dee9 100644 --- a/nix-conf/flake.nix +++ b/nix-conf/flake.nix @@ -41,7 +41,7 @@ darwin-system = "aarch64-darwin"; linux-system = "x86_64-linux"; linux-arm-system = "aarch64-linux"; - darwin-pkgs = nixpkgs-stable.legacyPackages.${darwin-system}; + darwin-pkgs = nixpkgs.legacyPackages.${darwin-system}; linux-pkgs = nixpkgs-stable.legacyPackages.${linux-system}; linux-arm-pkgs = nixpkgs-stable.legacyPackages.${linux-arm-system}; darwin-overlay-unstable = final: prev: { @@ -53,18 +53,68 @@ linux-arm-overlay-unstable = final: prev: { unstable = nixpkgs.legacyPackages.${linux-arm-system}; }; - nixpkgs-config = { - allowUnfreePredicate = pkg: builtins.elem (nixpkgs.lib.getName pkg) [ "aspell-dict-en-science" ]; - }; in { + nixosConfigurations."egalmoth" = nixpkgs-stable.lib.nixosSystem { + system = linux-system; + modules = [ + ( + { config, pkgs, ... }: + { + nixpkgs.overlays = [ linux-overlay-unstable ]; + } + ) + ./config.nix + ./machines/egalmoth/configuration.nix + ]; + }; + nixosConfigurations."edrahil" = nixpkgs-stable.lib.nixosSystem { + system = linux-system; + modules = [ + ( + { config, pkgs, ... }: + { + nixpkgs.overlays = [ linux-overlay-unstable ]; + } + ) + ./config.nix + ./machines/edrahil/configuration.nix + sops-nix.nixosModules.sops + ]; + }; + nixosConfigurations."djmuk1" = nixpkgs-stable.lib.nixosSystem { + system = linux-system; + modules = [ + ( + { config, pkgs, ... }: + { + nixpkgs.overlays = [ linux-overlay-unstable ]; + } + ) + ./config.nix + ./machines/djmuk1/configuration.nix + ]; + }; + nixosConfigurations."djmuk2" = nixpkgs-stable.lib.nixosSystem { + system = linux-arm-system; + modules = [ + ( + { config, pkgs, ... }: + { + nixpkgs.overlays = [ linux-arm-overlay-unstable ]; + } + ) + ./config.nix + ./machines/djmuk2/configuration.nix + ]; + }; + darwinConfigurations."LDN-DMORGAN" = nix-darwin.lib.darwinSystem { modules = [ # TODO move to separate file ( { pkgs, ... }: { - nix.settings.experimental-features = "nix-command flakes"; nix.settings.trusted-users = [ "dmorgan" "@staff" @@ -75,8 +125,14 @@ #system.primaryUser = "dmorgan"; # required to update com.apple.symbolichotkeys system.keyboard.enableKeyMapping = true; system.keyboard.userKeyMapping = [ - { HIDKeyboardModifierMappingSrc = 30064771296; HIDKeyboardModifierMappingDst = 30064771299; } - { HIDKeyboardModifierMappingSrc = 30064771299; HIDKeyboardModifierMappingDst = 30064771296; } + { + HIDKeyboardModifierMappingSrc = 30064771296; + HIDKeyboardModifierMappingDst = 30064771299; + } + { + HIDKeyboardModifierMappingSrc = 30064771299; + HIDKeyboardModifierMappingDst = 30064771296; + } ]; #system.defaults.CustomUserPreferences = { # "com.apple.symbolichotkeys" = { @@ -100,28 +156,23 @@ ]; } ) - # TODO remove or re-enable? - #home-manager.darwinModules.home-manager - #{ - # nixpkgs.overlays = [ darwin-overlay-unstable ]; - # nixpkgs.config = nixpkgs-config; - # home-manager = { - # useGlobalPkgs = true; - # useUserPackages = true; - # extraSpecialArgs = { - # inherit inputs; - # system = darwin-system; - # }; - # users.dmorgan = ./home/otm.nix; - # }; - #} + ./config.nix ]; }; homeConfigurations."dmorgan@LDN-DMORGAN" = home-manager.lib.homeManagerConfiguration { pkgs = darwin-pkgs; - extraSpecialArgs = { inherit inputs; system = darwin-system; }; + extraSpecialArgs = { + inherit inputs; + system = darwin-system; + }; modules = [ - ({ config, pkgs, ... }: { nixpkgs.overlays = [ darwin-overlay-unstable ]; nixpkgs.config = nixpkgs-config; nix.package = pkgs.nix; }) + ( + { config, pkgs, ... }: + { + nixpkgs.overlays = [ darwin-overlay-unstable ]; + } + ) + ./config.nix ./home/otm.nix ]; }; @@ -135,11 +186,10 @@ ( { config, pkgs, ... }: { - nix.package = pkgs.nix; nixpkgs.overlays = [ linux-overlay-unstable ]; - nixpkgs.config = nixpkgs-config; } ) + ./config.nix ./home/egalmoth.nix ]; }; @@ -153,11 +203,10 @@ ( { config, pkgs, ... }: { - nix.package = pkgs.nix; nixpkgs.overlays = [ linux-overlay-unstable ]; - nixpkgs.config = nixpkgs-config; } ) + ./config.nix ./home/edrahil.nix ]; }; @@ -171,11 +220,10 @@ ( { config, pkgs, ... }: { - nix.package = pkgs.nix; nixpkgs.overlays = [ linux-overlay-unstable ]; - nixpkgs.config = nixpkgs-config; } ) + ./config.nix ./home/djmuk1.nix ]; }; @@ -189,11 +237,10 @@ ( { config, pkgs, ... }: { - nix.package = pkgs.nix; nixpkgs.overlays = [ linux-arm-overlay-unstable ]; - nixpkgs.config = nixpkgs-config; } ) + ./config.nix ./home/djmuk2.nix ]; }; diff --git a/nix-conf/home/includes/common.nix b/nix-conf/home/includes/common.nix index e4f08e8..281cf2c 100644 --- a/nix-conf/home/includes/common.nix +++ b/nix-conf/home/includes/common.nix @@ -5,10 +5,6 @@ inputs, ... }: -let - hcr = pkgs.callPackage ./scripts/hm-changes-report.nix { inherit config pkgs; }; - scr = pkgs.callPackage ./scripts/system-changes-report.nix { inherit config pkgs; }; -in { imports = [ ./zsh.nix @@ -36,12 +32,10 @@ in home.sessionVariables = { LSP_USE_PLISTS = "true"; + NH_FLAKE = config.home.homeDirectory; }; home.packages = with pkgs; [ - hcr - scr - (aspellWithDicts (dicts: with dicts; [ en en-computers en-science ])) bandwhich bottom @@ -376,6 +370,7 @@ in }; }; + # TODO: programs.nh.flake bring in so many dependencies? programs.nh.enable = true; } diff --git a/nix-conf/home/includes/dev-common.nix b/nix-conf/home/includes/dev-common.nix index 92b286e..59da868 100644 --- a/nix-conf/home/includes/dev-common.nix +++ b/nix-conf/home/includes/dev-common.nix @@ -36,7 +36,6 @@ in plugins = with pkgs; [ tmuxPlugins.copy-toolkit tmuxPlugins.copycat - tmuxPlugins.extrakto tmuxPlugins.fuzzback tmuxPlugins.fzf-tmux-url tmuxPlugins.jump @@ -57,6 +56,9 @@ in #${lib.optionalString pkgs.stdenv.isDarwin "set -g @thumbs-upcase-command 'xargs open {}'"} ''; } + ] + ++ optionals (!stdenv.isDarwin) [ + tmuxPlugins.extrakto ]; extraConfig = '' unbind-key R diff --git a/nix-conf/home/includes/scripts/hm-changes-report.nix b/nix-conf/home/includes/scripts/hm-changes-report.nix deleted file mode 100644 index 65e7fe8..0000000 --- a/nix-conf/home/includes/scripts/hm-changes-report.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, pkgs, ... }: - -# https://github.com/gvolpe/nix-config/blob/e28a220d0087064e6bad6b992b4914a65eb545e5/home/scripts/changes-report.nix -let - hm-profiles = "${config.home.homeDirectory}/.local/state/nix/profiles/home-manager-*-link"; -in -pkgs.writeShellScriptBin "hm-changes-report" '' - # Disable nvd if there are less than 2 hm profiles. - if [ $(ls -d1v ${hm-profiles} 2>/dev/null | wc -l) -lt 2 ]; then - echo "Skipping changes report..." - else - ${pkgs.nvd}/bin/nvd diff $(ls -d1v ${hm-profiles} | tail -2) - fi -'' diff --git a/nix-conf/home/includes/scripts/system-changes-report.nix b/nix-conf/home/includes/scripts/system-changes-report.nix deleted file mode 100644 index b94498c..0000000 --- a/nix-conf/home/includes/scripts/system-changes-report.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, pkgs, ... }: - -# https://github.com/gvolpe/nix-config/blob/e28a220d0087064e6bad6b992b4914a65eb545e5/home/scripts/changes-report.nix -let - system-profiles = "/nix/var/nix/profiles/system-*-link"; -in -pkgs.writeShellScriptBin "system-changes-report" '' - # Disable nvd if there are less than 2 hm profiles. - if [ $(ls -d1v ${system-profiles} 2>/dev/null | wc -l) -lt 2 ]; then - echo "Skipping changes report..." - else - ${pkgs.nvd}/bin/nvd diff $(ls -d1v ${system-profiles} | tail -2) - fi -'' diff --git a/nix-conf/machines/djmuk2/configuration.nix b/nix-conf/machines/djmuk2/configuration.nix index 0b31a01..b988dac 100644 --- a/nix-conf/machines/djmuk2/configuration.nix +++ b/nix-conf/machines/djmuk2/configuration.nix @@ -1,6 +1,9 @@ { config, pkgs, ... }: { - imports = [ ./hardware-configuration.nix ]; + imports = [ + ./hardware-configuration.nix + ./private.nix + ]; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; @@ -32,12 +35,8 @@ services.locate.enable = true; - # Emulate nix-sops. Technically an anti-pattern, but this isn't a real secret, and this has to be embedded here, as we cannot set a file path to read it from. - # Populate/update with: - # SOPS_AGE_KEY=$(doas ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) sops -d --extract '["openiscsi_name"]' machines/djmuk2/secrets.yaml | doas tee /root/.config/secrets/openiscsi_name + # services.openiscsi.name is in ./private.nix (encrypted with git-agecrypt) services.openiscsi.enable = true; - services.openiscsi.name = builtins.readFile "/root/.config/secrets/openiscsi_name"; - #services.openiscsi.enableAutoLoginOut = true; users.users.djm = { isNormalUser = true; diff --git a/nix-conf/machines/djmuk2/private.nix b/nix-conf/machines/djmuk2/private.nix new file mode 100644 index 0000000..74e244a --- /dev/null +++ b/nix-conf/machines/djmuk2/private.nix Binary files differdiff --git a/nix-conf/machines/edrahil/configuration.nix b/nix-conf/machines/edrahil/configuration.nix index a1bc8e3..68593aa 100644 --- a/nix-conf/machines/edrahil/configuration.nix +++ b/nix-conf/machines/edrahil/configuration.nix @@ -3,7 +3,6 @@ imports = [ ./hardware-configuration.nix ./network-configuration.nix - <sops-nix/modules/sops> ]; boot.tmp.cleanOnBoot = true; @@ -20,7 +19,7 @@ sops = { defaultSopsFile = builtins.path { - path = /etc/nixos/secrets.yaml; + path = ./secrets.yaml; name = "edrahil-secrets.yaml"; }; secrets.restic_password = { diff --git a/nix-conf/machines/edrahil/network-configuration.nix b/nix-conf/machines/edrahil/network-configuration.nix index 4b85912..16df081 100644 --- a/nix-conf/machines/edrahil/network-configuration.nix +++ b/nix-conf/machines/edrahil/network-configuration.nix @@ -1,19 +1,12 @@ { ... }: { - networking = { - interfaces.ens3.ipv6.addresses = [ - { - # Emulate nix-sops. Technically an anti-pattern, but IP addresses aren't real secrets, and this has to be embedded here, - # as we cannot set a file path to read it from. - # Populate/update with: - # SOPS_AGE_KEY=$(doas ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) sops -d --extract '["ipv6_address"]' machines/edrahil/secrets.yaml | doas tee /root/.config/secrets/ipv6_address - address = builtins.readFile "/root/.config/secrets/ipv6_address"; - prefixLength = 64; - } - ]; - defaultGateway6 = { - address = "fe80::1"; - interface = "ens3"; - }; + imports = [ + ./private.nix + ]; + + # networking.interfaces.ens3.ipv6.addresses configured in private.nix + networking.defaultGateway6 = { + address = "fe80::1"; + interface = "ens3"; }; } diff --git a/nix-conf/machines/edrahil/private.nix b/nix-conf/machines/edrahil/private.nix new file mode 100644 index 0000000..c5941c6 --- /dev/null +++ b/nix-conf/machines/edrahil/private.nix Binary files differdiff --git a/nix-conf/machines/egalmoth/configuration.nix b/nix-conf/machines/egalmoth/configuration.nix index 0da134b..d1fdd56 100644 --- a/nix-conf/machines/egalmoth/configuration.nix +++ b/nix-conf/machines/egalmoth/configuration.nix @@ -159,18 +159,6 @@ services.locate.enable = true; - nix = { - settings = { - substituters = [ - "https://nix-community.cachix.org" - "https://cache.nixos.org/" - ]; - trusted-public-keys = [ - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - }; - }; - environment.systemPackages = with pkgs; [ acpi acpitool |