darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

format all code

Browse source
This commit is contained in:
Charlotte 🦝 Delenk 2024-11-09 15:02:26 +01:00
parent c524dcaa0f
commit 0fe2e334bb
86 changed files with 787 additions and 603 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
config/default.nix
View file

@ -1,4 +1,5 @@
{nixos-config, ...}: { { nixos-config, ... }:
{
imports = [ imports = [
"${nixos-config}/modules" "${nixos-config}/modules"
"${nixos-config}/services/tailscale.nix" "${nixos-config}/services/tailscale.nix"

3
config/documentation.nix
View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
documentation.nixos.includeAllModules = true; documentation.nixos.includeAllModules = true;
documentation.nixos.options.warningsAreErrors = false; documentation.nixos.options.warningsAreErrors = false;
home-manager.users.darkkirb.manual = { home-manager.users.darkkirb.manual = {

3
config/graphical.nix
View file

@ -1,4 +1,5 @@
{config, ...}: { { config, ... }:
{
time.timeZone = "Etc/GMT-1"; time.timeZone = "Etc/GMT-1";
isGraphical = true; isGraphical = true;
imports = [ imports = [

3
config/graphical/plymouth.nix
View file

@ -1,6 +1,7 @@
# Unlike other modules in this directory, this one is not enabled by default # Unlike other modules in this directory, this one is not enabled by default
# The default graphical configuration would enable this, the verbose configuration would not. # The default graphical configuration would enable this, the verbose configuration would not.
{config, ...}: { { config, ... }:
{
boot = { boot = {
plymouth.enable = true; plymouth.enable = true;
consoleLogLevel = 0; consoleLogLevel = 0;

15
config/i18n.nix
View file

@ -1,11 +1,12 @@
{config, ...}: { { config, ... }:
{
console.keyMap = "neo"; console.keyMap = "neo";
i18n.extraLocaleSettings = { i18n.extraLocaleSettings = {
LC_ADDRESS="de_DE.UTF-8"; LC_ADDRESS = "de_DE.UTF-8";
LC_MONETARY="de_DE.UTF-8"; LC_MONETARY = "de_DE.UTF-8";
LC_NAME="de_DE.UTF-8"; LC_NAME = "de_DE.UTF-8";
LC_PAPER="de_DE.UTF-8"; LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE="de_DE.UTF-8"; LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME="de_DE.UTF-8"; LC_TIME = "de_DE.UTF-8";
}; };
} }

3
config/kde/default.nix
View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
services.xserver.enable = true; services.xserver.enable = true;
services.displayManager.sddm.enable = true; services.displayManager.sddm.enable = true;
services.desktopManager.plasma6.enable = true; services.desktopManager.plasma6.enable = true;

3
config/kde/home-manager.nix
View file

@ -1,4 +1,5 @@
{plasma-manager, ...}: { { plasma-manager, ... }:
{
programs.plasma.enable = true; programs.plasma.enable = true;
programs.plasma.configFile.baloofilerc."Basic Settings"."Indexing-Enabled" = false; programs.plasma.configFile.baloofilerc."Basic Settings"."Indexing-Enabled" = false;
imports = [ imports = [

3
config/kde/i18n.nix
View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
services.libinput.enable = true; services.libinput.enable = true;
services.xserver.xkb = { services.xserver.xkb = {
layout = "de"; layout = "de";

3
config/kde/theming.nix
View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
programs.plasma = { programs.plasma = {
workspace.lookAndFeel = "org.kde.breezedark.desktop"; workspace.lookAndFeel = "org.kde.breezedark.desktop";
hotkeys.commands."launch-konsole" = { hotkeys.commands."launch-konsole" = {

5
config/networkmanager.nix
View file

@ -1,6 +1,7 @@
{...}: { { ... }:
{
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
users.users.darkkirb.extraGroups = ["networkmanager"]; users.users.darkkirb.extraGroups = [ "networkmanager" ];
environment.persistence."/persistent".directories = [ environment.persistence."/persistent".directories = [
"/var/lib/NetworkManager" "/var/lib/NetworkManager"
"/etc/NetworkManager" "/etc/NetworkManager"

6
config/systemd-boot.nix
View file

@ -1,6 +1,8 @@
{system, ...}: let { system, ... }:
let
isx86 = system == "x86_64-linux"; isx86 = system == "x86_64-linux";
in { in
{
boot.loader.systemd-boot = { boot.loader.systemd-boot = {
enable = true; enable = true;
memtest86.enable = isx86; memtest86.enable = isx86;

3
containers/default-configuration.nix
View file

@ -1,4 +1,5 @@
{system, ...}: { { system, ... }:
{
inherit system; inherit system;
config = import ./default.nix; config = import ./default.nix;
autoStart = true; autoStart = true;

3
containers/default.nix
View file

@ -1,4 +1,5 @@
{nixos-config, ...}: { { nixos-config, ... }:
{
imports = [ imports = [
nixos-config.nixosModules.containers nixos-config.nixosModules.containers
]; ];

25
default.nix
View file

@ -1,14 +1,11 @@
( (import (
import let
( lock = builtins.fromJSON (builtins.readFile ./flake.lock);
let in
lock = builtins.fromJSON (builtins.readFile ./flake.lock); fetchTarball {
in url =
fetchTarball { lock.nodes.flake-compat.locked.url
url = lock.nodes.flake-compat.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
sha256 = lock.nodes.flake-compat.locked.narHash; sha256 = lock.nodes.flake-compat.locked.narHash;
} }
) ) { src = ./.; }).defaultNix
{src = ./.;}
)
.defaultNix

265
flake.nix
View file

@ -78,134 +78,161 @@
}; };
}; };
outputs = { outputs =
self, {
nixpkgs, self,
... nixpkgs,
} @ inputs': let ...
inputs = }@inputs':
inputs' let
// { inputs = inputs' // {
nixos-config = self; nixos-config = self;
inherit inputs; inherit inputs;
inTester = false; inTester = false;
pureInputs = inputs'; pureInputs = inputs';
}; };
pkgsFor = system: let pkgsFor =
inputs' = system:
inputs let
// { inputs' = inputs // {
inherit system;
inputs = inputs';
};
in
import nixpkgs {
inherit system; inherit system;
inputs = inputs'; overlays =
}; [
in (
import nixpkgs { _: _:
inherit system; inputs'
overlays = // {
[ inputs = inputs';
(_: _: }
inputs' )
// {
inputs = inputs';
})
]
++ (
if system == "riscv64-linux"
then [
inputs.riscv-overlay.overlays.default
] ]
else [] ++ (
if system == "riscv64-linux" then
[
inputs.riscv-overlay.overlays.default
]
else
[ ]
);
};
in
{
checks.x86_64-linux = nixpkgs.lib.listToAttrs (
map (testName: {
name = testName;
value = (pkgsFor "x86_64-linux").callPackage ./tests/${testName}.nix { };
}) [ "containers-default" ]
);
nixosModules = {
containers = import ./modules/containers/default.nix;
default = import ./modules/default.nix;
};
nixosContainers =
with nixpkgs.lib;
let
containerNames = [
"default"
];
containerArches = [
"x86_64-linux"
"aarch64-linux"
"riscv64-linux"
];
containers = listToAttrs (
flatten (
map (
system:
let
pkgs = pkgsFor system;
in
map (container: {
name = "container-${container}-${system}";
value = pkgs.callPackage ./containers/${container}-configuration.nix { };
}) containerNames
) containerArches
)
); );
in
containers;
nixosConfigurations =
with nixpkgs.lib;
let
mkSystem =
args:
let
inputs' = inputs // {
inherit (args) system;
};
in
nixosSystem (
args
// {
specialArgs = args.specialArgs or { } // inputs';
}
);
systems' = {
not522 = {
config = ./machine/not522;
system = "riscv64-linux";
};
not522-installer = {
config = ./machine/not522/installer;
system = "riscv64-linux";
};
pc-installer = {
config = ./machine/pc-installer;
system = "x86_64-linux";
};
rainbow-resort = {
config = ./machine/rainbow-resort;
system = "x86_64-linux";
};
thinkrac = {
config = ./machine/thinkrac;
system = "x86_64-linux";
};
};
containers = mapAttrs (
_: container:
mkSystem {
inherit (container) system;
modules = [
container.config
];
}
) self.nixosContainers;
systems = mapAttrs (
_: system:
mkSystem {
inherit (system) system;
modules = [
system.config
];
}
) systems';
in
containers // systems;
hydraJobs = {
inherit (self) checks devShells;
nixosConfigurations = nixpkgs.lib.mapAttrs (
_: v: v.config.system.build.toplevel
) self.nixosConfigurations;
}; };
in { devShells.x86_64-linux.default =
checks.x86_64-linux = nixpkgs.lib.listToAttrs (map (testName: { with pkgsFor "x86_64-linux";
name = testName; mkShell {
value = (pkgsFor "x86_64-linux").callPackage ./tests/${testName}.nix {}; nativeBuildInputs = with pkgs; [
}) ["containers-default"]); age
nixosModules = { sops
containers = import ./modules/containers/default.nix; ssh-to-age
default = import ./modules/default.nix; nixfmt-rfc-style
};
nixosContainers = with nixpkgs.lib; let
containerNames = [
"default"
];
containerArches = ["x86_64-linux" "aarch64-linux" "riscv64-linux"];
containers = listToAttrs (flatten (map (system: let
pkgs = pkgsFor system;
in
map (container: {
name = "container-${container}-${system}";
value = pkgs.callPackage ./containers/${container}-configuration.nix {};
})
containerNames)
containerArches));
in
containers;
nixosConfigurations = with nixpkgs.lib; let
mkSystem = args: let
inputs' = inputs // {inherit (args) system;};
in
nixosSystem (args
// {
specialArgs =
args.specialArgs
or {}
// inputs';
});
systems' = {
not522 = {
config = ./machine/not522;
system = "riscv64-linux";
};
not522-installer = {
config = ./machine/not522/installer;
system = "riscv64-linux";
};
pc-installer = {
config = ./machine/pc-installer;
system = "x86_64-linux";
};
rainbow-resort = {
config = ./machine/rainbow-resort;
system = "x86_64-linux";
};
thinkrac = {
config = ./machine/thinkrac;
system = "x86_64-linux";
};
};
containers = mapAttrs (_: container:
mkSystem {
inherit (container) system;
modules = [
container.config
]; ];
}) };
self.nixosContainers; formatter.x86_64-linux = (pkgsFor "x86_64-linux").nixfmt-rfc-style;
systems = mapAttrs (_: system:
mkSystem {
inherit (system) system;
modules = [
system.config
];
})
systems';
in
containers // systems;
hydraJobs = {
inherit (self) checks devShells;
nixosConfigurations = nixpkgs.lib.mapAttrs (_: v: v.config.system.build.toplevel) self.nixosConfigurations;
}; };
devShells.x86_64-linux.default = with pkgsFor "x86_64-linux";
mkShell {
nativeBuildInputs = with pkgs; [
age
sops
ssh-to-age
nixfmt-rfc-style
];
};
formatter.x86_64-linux = (pkgsFor "x86_64-linux").nixfmt-rfc-style;
};
} }

2
hydra/default.nix
View file

@ -1 +1 @@
{nixos-config}: (import nixos-config).hydraJobs { nixos-config }: (import nixos-config).hydraJobs

8
machine/not522/cross-packages.nix
View file

@ -3,13 +3,15 @@
nixpkgs, nixpkgs,
lix, lix,
... ...
}: let }:
let
pkgs_x86_64 = import nixpkgs { pkgs_x86_64 = import nixpkgs {
system = "x86_64-linux"; system = "x86_64-linux";
crossSystem.system = "riscv64-linux"; crossSystem.system = "riscv64-linux";
overlays = [lix.overlays.default]; overlays = [ lix.overlays.default ];
}; };
in { in
{
nixpkgs.overlays = [ nixpkgs.overlays = [
(self: super: { (self: super: {
inherit (pkgs_x86_64) lix nixos-option; inherit (pkgs_x86_64) lix nixos-option;

5
machine/not522/default.nix
View file

@ -3,7 +3,8 @@
nixos-hardware, nixos-hardware,
nixpkgs, nixpkgs,
... ...
}: { }:
{
networking.hostName = "not522"; networking.hostName = "not522";
imports = [ imports = [
"${nixos-config}/config" "${nixos-config}/config"
@ -14,5 +15,5 @@
]; ];
system.stateVersion = "24.11"; system.stateVersion = "24.11";
nixpkgs.config.allowUnsupportedSystem = true; nixpkgs.config.allowUnsupportedSystem = true;
nix.settings.system-features = ["native-riscv"]; nix.settings.system-features = [ "native-riscv" ];
} }

13
machine/not522/disko.nix
View file

@ -17,30 +17,33 @@
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
mountOptions = ["umask=0077"]; mountOptions = [ "umask=0077" ];
}; };
}; };
root = { root = {
end = "-8G"; end = "-8G";
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = ["-f"]; # Override existing partition extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted, # Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted # unless their parent is mounted
subvolumes = { subvolumes = {
# Subvolume name is different from mountpoint # Subvolume name is different from mountpoint
"/root" = { "/root" = {
mountOptions = ["compress=zstd"]; mountOptions = [ "compress=zstd" ];
mountpoint = "/"; mountpoint = "/";
}; };
# Subvolume name is the same as the mountpoint # Subvolume name is the same as the mountpoint
"/persistent" = { "/persistent" = {
mountOptions = ["compress=zstd"]; mountOptions = [ "compress=zstd" ];
mountpoint = "/persistent"; mountpoint = "/persistent";
}; };
# Parent is not mounted so the mountpoint must be set # Parent is not mounted so the mountpoint must be set
"/nix" = { "/nix" = {
mountOptions = ["compress=zstd" "noatime"]; mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix"; mountpoint = "/nix";
}; };
}; };

3
machine/not522/hardware.nix
View file

@ -3,7 +3,8 @@
nixos-hardware, nixos-hardware,
config, config,
... ...
}: { }:
{
imports = [ imports = [
"${nixos-hardware}/starfive/visionfive/v2/default.nix" "${nixos-hardware}/starfive/visionfive/v2/default.nix"
]; ];

24
machine/not522/installer/default.nix
View file

@ -7,19 +7,19 @@
lib, lib,
nixpkgs, nixpkgs,
... ...
}: let }:
dependencies = let
[ dependencies = [
nixos-config.nixosConfigurations.not522.config.system.build.toplevel nixos-config.nixosConfigurations.not522.config.system.build.toplevel
nixos-config.nixosConfigurations.not522.config.system.build.diskoScript nixos-config.nixosConfigurations.not522.config.system.build.diskoScript
nixos-config.nixosConfigurations.not522.config.system.build.diskoScript.drvPath nixos-config.nixosConfigurations.not522.config.system.build.diskoScript.drvPath
nixos-config.nixosConfigurations.not522.pkgs.stdenv.drvPath nixos-config.nixosConfigurations.not522.pkgs.stdenv.drvPath
(nixos-config.nixosConfigurations.not522.pkgs.closureInfo {rootPaths = [];}).drvPath (nixos-config.nixosConfigurations.not522.pkgs.closureInfo { rootPaths = [ ]; }).drvPath
] ] ++ map (i: i.outPath) (builtins.filter builtins.isAttrs (builtins.attrValues pureInputs));
++ map (i: i.outPath) (builtins.filter builtins.isAttrs (builtins.attrValues pureInputs));
closureInfo = pkgs.closureInfo {rootPaths = dependencies;}; closureInfo = pkgs.closureInfo { rootPaths = dependencies; };
in { in
{
networking.hostName = "not522-installer"; networking.hostName = "not522-installer";
imports = [ imports = [
"${nixos-config}/config" "${nixos-config}/config"

13
machine/not522/installer/disko.nix
View file

@ -17,30 +17,33 @@
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
mountOptions = ["umask=0077"]; mountOptions = [ "umask=0077" ];
}; };
}; };
root = { root = {
size = "100%"; size = "100%";
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = ["-f"]; # Override existing partition extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted, # Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted # unless their parent is mounted
subvolumes = { subvolumes = {
# Subvolume name is different from mountpoint # Subvolume name is different from mountpoint
"/root" = { "/root" = {
mountOptions = ["compress=zstd"]; mountOptions = [ "compress=zstd" ];
mountpoint = "/"; mountpoint = "/";
}; };
# Subvolume name is the same as the mountpoint # Subvolume name is the same as the mountpoint
"/persistent" = { "/persistent" = {
mountOptions = ["compress=zstd"]; mountOptions = [ "compress=zstd" ];
mountpoint = "/persistent"; mountpoint = "/persistent";
}; };
# Parent is not mounted so the mountpoint must be set # Parent is not mounted so the mountpoint must be set
"/nix" = { "/nix" = {
mountOptions = ["compress=zstd" "noatime"]; mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix"; mountpoint = "/nix";
}; };
}; };

10
machine/pc-installer/default.nix
View file

@ -5,21 +5,23 @@
pkgs, pkgs,
pureInputs, pureInputs,
... ...
}: let }:
let
getDeps = name: [ getDeps = name: [
nixos-config.nixosConfigurations.${name}.config.system.build.toplevel nixos-config.nixosConfigurations.${name}.config.system.build.toplevel
nixos-config.nixosConfigurations.${name}.config.system.build.diskoScript nixos-config.nixosConfigurations.${name}.config.system.build.diskoScript
nixos-config.nixosConfigurations.${name}.config.system.build.diskoScript.drvPath nixos-config.nixosConfigurations.${name}.config.system.build.diskoScript.drvPath
nixos-config.nixosConfigurations.${name}.pkgs.stdenv.drvPath nixos-config.nixosConfigurations.${name}.pkgs.stdenv.drvPath
(nixos-config.nixosConfigurations.${name}.pkgs.closureInfo {rootPaths = [];}).drvPath (nixos-config.nixosConfigurations.${name}.pkgs.closureInfo { rootPaths = [ ]; }).drvPath
]; ];
dependencies = dependencies =
(getDeps "rainbow-resort") (getDeps "rainbow-resort")
++ (getDeps "thinkrac") ++ (getDeps "thinkrac")
++ map (i: i.outPath) (builtins.filter builtins.isAttrs (builtins.attrValues pureInputs)); ++ map (i: i.outPath) (builtins.filter builtins.isAttrs (builtins.attrValues pureInputs));
closureInfo = pkgs.closureInfo {rootPaths = dependencies;}; closureInfo = pkgs.closureInfo { rootPaths = dependencies; };
in { in
{
networking.hostName = "pc-installer"; networking.hostName = "pc-installer";
imports = [ imports = [
"${nixos-config}/config" "${nixos-config}/config"

13
machine/pc-installer/disko.nix
View file

@ -18,30 +18,33 @@
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
mountOptions = ["umask=0077"]; mountOptions = [ "umask=0077" ];
}; };
}; };
root = { root = {
size = "100%"; size = "100%";
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = ["-f"]; # Override existing partition extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted, # Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted # unless their parent is mounted
subvolumes = { subvolumes = {
# Subvolume name is different from mountpoint # Subvolume name is different from mountpoint
"/root" = { "/root" = {
mountOptions = ["compress=zstd"]; mountOptions = [ "compress=zstd" ];
mountpoint = "/"; mountpoint = "/";
}; };
# Subvolume name is the same as the mountpoint # Subvolume name is the same as the mountpoint
"/persistent" = { "/persistent" = {
mountOptions = ["compress=zstd"]; mountOptions = [ "compress=zstd" ];
mountpoint = "/persistent"; mountpoint = "/persistent";
}; };
# Parent is not mounted so the mountpoint must be set # Parent is not mounted so the mountpoint must be set
"/nix" = { "/nix" = {
mountOptions = ["compress=zstd" "noatime"]; mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix"; mountpoint = "/nix";
}; };
}; };

3
machine/pc-installer/graphical.nix
View file

@ -2,7 +2,8 @@
config, config,
nixos-config, nixos-config,
... ...
}: { }:
{
imports = [ imports = [
"${nixos-config}/config/graphical.nix" "${nixos-config}/config/graphical.nix"
]; ];

3
machine/pc-installer/grub.nix
View file

@ -2,7 +2,8 @@
config, config,
lib, lib,
... ...
}: { }:
{
# For legacy pc reason, this needs to be grub # For legacy pc reason, this needs to be grub
boot.loader.systemd-boot.enable = lib.mkForce false; boot.loader.systemd-boot.enable = lib.mkForce false;
boot.loader.grub = { boot.loader.grub = {

12
machine/pc-installer/hardware.nix
View file

@ -1,5 +1,13 @@
{...}: { { ... }:
boot.initrd.availableKernelModules = ["nvme" "ahci" "xhci_pci" "usbhid" "uas" "sd_mod"]; {
boot.initrd.availableKernelModules = [
"nvme"
"ahci"
"xhci_pci"
"usbhid"
"uas"
"sd_mod"
];
hardware.cpu.amd.updateMicrocode = true; hardware.cpu.amd.updateMicrocode = true;
hardware.cpu.intel.updateMicrocode = true; hardware.cpu.intel.updateMicrocode = true;
} }

5
machine/rainbow-resort/default.nix
View file

@ -3,7 +3,8 @@
nixos-config, nixos-config,
lib, lib,
... ...
}: { }:
{
networking.hostName = "rainbow-resort"; networking.hostName = "rainbow-resort";
imports = [ imports = [
"${nixos-config}/config" "${nixos-config}/config"
@ -21,5 +22,5 @@
} }
]; ];
}; };
home-manager.users.darkkirb.imports = [./home-manager.nix]; home-manager.users.darkkirb.imports = [ ./home-manager.nix ];
} }

13
machine/rainbow-resort/disko.nix
View file

@ -17,30 +17,33 @@
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
mountOptions = ["umask=0077"]; mountOptions = [ "umask=0077" ];
}; };
}; };
root = { root = {
end = "-64G"; end = "-64G";
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = ["-f"]; # Override existing partition extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted, # Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted # unless their parent is mounted
subvolumes = { subvolumes = {
# Subvolume name is different from mountpoint # Subvolume name is different from mountpoint
"/root" = { "/root" = {
mountOptions = ["compress=zstd"]; mountOptions = [ "compress=zstd" ];
mountpoint = "/"; mountpoint = "/";
}; };
# Subvolume name is the same as the mountpoint # Subvolume name is the same as the mountpoint
"/persistent" = { "/persistent" = {
mountOptions = ["compress=zstd"]; mountOptions = [ "compress=zstd" ];
mountpoint = "/persistent"; mountpoint = "/persistent";
}; };
# Parent is not mounted so the mountpoint must be set # Parent is not mounted so the mountpoint must be set
"/nix" = { "/nix" = {
mountOptions = ["compress=zstd" "noatime"]; mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix"; mountpoint = "/nix";
}; };
}; };

24
machine/rainbow-resort/hardware.nix
View file

@ -2,7 +2,8 @@
modulesPath, modulesPath,
nixos-hardware, nixos-hardware,
... ...
}: { }:
{
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd
@ -13,10 +14,23 @@
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
]; ];
hardware.cpu.amd.updateMicrocode = true; hardware.cpu.amd.updateMicrocode = true;
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" "k10temp"]; boot.initrd.availableKernelModules = [
boot.initrd.kernelModules = ["amdgpu"]; "nvme"
boot.kernelModules = ["kvm-amd" "i2c-dev" "i2c-piix4"]; "xhci_pci"
boot.extraModulePackages = []; "ahci"
"usb_storage"
"usbhid"
"sd_mod"
"sr_mod"
"k10temp"
];
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelModules = [
"kvm-amd"
"i2c-dev"
"i2c-piix4"
];
boot.extraModulePackages = [ ];
nix.settings.cores = 16; nix.settings.cores = 16;
boot.binfmt.emulatedSystems = [ boot.binfmt.emulatedSystems = [
"armv7l-linux" "armv7l-linux"

3
machine/rainbow-resort/home-manager.nix
View file

@ -1,4 +1,5 @@
{lib, ...}: { { lib, ... }:
{
xdg.configFile."kwinoutputconfig.json".text = lib.strings.toJSON [ xdg.configFile."kwinoutputconfig.json".text = lib.strings.toJSON [
{ {
data = [ data = [

3
machine/thinkrac/default.nix
View file

@ -3,7 +3,8 @@
nixos-config, nixos-config,
lib, lib,
... ...
}: { }:
{
networking.hostName = "thinkrac"; networking.hostName = "thinkrac";
imports = [ imports = [
"${nixos-config}/config" "${nixos-config}/config"

13
machine/thinkrac/disko.nix
View file

@ -17,30 +17,33 @@
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
mountOptions = ["umask=0077"]; mountOptions = [ "umask=0077" ];
}; };
}; };
root = { root = {
end = "-24G"; end = "-24G";
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = ["-f"]; # Override existing partition extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted, # Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted # unless their parent is mounted
subvolumes = { subvolumes = {
# Subvolume name is different from mountpoint # Subvolume name is different from mountpoint
"/root" = { "/root" = {
mountOptions = ["compress=zstd"]; mountOptions = [ "compress=zstd" ];
mountpoint = "/"; mountpoint = "/";
}; };
# Subvolume name is the same as the mountpoint # Subvolume name is the same as the mountpoint
"/persistent" = { "/persistent" = {
mountOptions = ["compress=zstd"]; mountOptions = [ "compress=zstd" ];
mountpoint = "/persistent"; mountpoint = "/persistent";
}; };
# Parent is not mounted so the mountpoint must be set # Parent is not mounted so the mountpoint must be set
"/nix" = { "/nix" = {
mountOptions = ["compress=zstd" "noatime"]; mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix"; mountpoint = "/nix";
}; };
}; };

16
machine/thinkrac/hardware.nix
View file

@ -2,7 +2,8 @@
modulesPath, modulesPath,
nixos-hardware, nixos-hardware,
... ...
}: { }:
{
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
nixos-hardware.nixosModules.lenovo-thinkpad-t470s nixos-hardware.nixosModules.lenovo-thinkpad-t470s
@ -11,10 +12,15 @@
nixos-hardware.nixosModules.common-pc-laptop-ssd nixos-hardware.nixosModules.common-pc-laptop-ssd
]; ];
hardware.cpu.intel.updateMicrocode = true; hardware.cpu.intel.updateMicrocode = true;
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"]; boot.initrd.availableKernelModules = [
boot.initrd.kernelModules = []; "xhci_pci"
boot.kernelModules = ["kvm-intel"]; "nvme"
boot.extraModulePackages = []; "usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
nix.settings.cores = 4; nix.settings.cores = 4;
# use the lowest frequency possible, to save power # use the lowest frequency possible, to save power
powerManagement.cpuFreqGovernor = "powersave"; powerManagement.cpuFreqGovernor = "powersave";

23
modules/containers/autoconfig.nix
View file

@ -6,27 +6,28 @@
inputs, inputs,
... ...
}: }:
with lib; let with lib;
let
badNames = [ badNames = [
"system" "system"
"override" "override"
"overrideDerivation" "overrideDerivation"
]; ];
filterBad = filterAttrs (n: _: lib.all (m: n != m) badNames); filterBad = filterAttrs (n: _: lib.all (m: n != m) badNames);
in { in
{
options.autoContainers = mkOption { options.autoContainers = mkOption {
default = []; default = [ ];
type = types.listOf types.str; type = types.listOf types.str;
}; };
config = { config = {
containers = listToAttrs (map (container: { containers = listToAttrs (
map (container: {
name = container; name = container;
value = value = filterBad (pkgs.callPackage ../../containers/${container}-configuration.nix { }) // {
filterBad (pkgs.callPackage ../../containers/${container}-configuration.nix {}) specialArgs = inputs;
// { };
specialArgs = inputs; }) config.autoContainers
}; );
})
config.autoContainers);
}; };
} }

3
modules/containers/default.nix
View file

@ -2,7 +2,8 @@
nixos-config, nixos-config,
lib, lib,
... ...
}: { }:
{
imports = [ imports = [
nixos-config.nixosModules.default nixos-config.nixosModules.default
./hostName.nix ./hostName.nix

10
modules/containers/hostName.nix
View file

@ -3,7 +3,8 @@
lib, lib,
... ...
}: }:
with lib; { with lib;
{
options.networking = { options.networking = {
rootHostName = mkOption { rootHostName = mkOption {
description = "Hostname of the running host"; description = "Hostname of the running host";
@ -26,9 +27,10 @@ with lib; {
config = { config = {
networking = rec { networking = rec {
fullHostName = fullHostName =
if config.networking.rootHostName == "" if config.networking.rootHostName == "" then
then config.networking.hostName config.networking.hostName
else "${config.networking.rootHostName}-${config.networking.hostName}"; else
"${config.networking.rootHostName}-${config.networking.hostName}";
nodeID = lib.substring 0 8 (builtins.hashString "sha256" fullHostName); nodeID = lib.substring 0 8 (builtins.hashString "sha256" fullHostName);
}; };
}; };

3
modules/containers/minimize.nix
View file

@ -1,4 +1,5 @@
{nixpkgs, ...}: { { nixpkgs, ... }:
{
imports = [ imports = [
(nixpkgs.outPath + "/nixos/modules/profiles/minimal.nix") (nixpkgs.outPath + "/nixos/modules/profiles/minimal.nix")
(nixpkgs.outPath + "/nixos/modules/profiles/headless.nix") (nixpkgs.outPath + "/nixos/modules/profiles/headless.nix")

3
modules/default.nix
View file

@ -5,7 +5,8 @@
nur, nur,
... ...
}: }:
with lib; { with lib;
{
imports = [ imports = [
./riscv.nix ./riscv.nix
./containers/autoconfig.nix ./containers/autoconfig.nix

20
modules/environment/impermanence.nix
View file

@ -6,7 +6,8 @@
inTester, inTester,
... ...
}: }:
with lib; { with lib;
{
imports = [ imports = [
"${impermanence}/nixos.nix" "${impermanence}/nixos.nix"
./user-impermanence.nix ./user-impermanence.nix
@ -70,26 +71,23 @@ with lib; {
} }
{ {
assertion = assertion =
if hasAttr "/" config.fileSystems if hasAttr "/" config.fileSystems then config.fileSystems."/".fsType == "btrfs" else false;
then config.fileSystems."/".fsType == "btrfs"
else false;
message = "rootfs must be btrfs"; message = "rootfs must be btrfs";
} }
{ {
assertion = assertion =
if hasAttr "/" config.fileSystems if hasAttr "/" config.fileSystems then
then any (t: t == "subvol=root" || t == "subvol=/root") config.fileSystems."/".options any (t: t == "subvol=root" || t == "subvol=/root") config.fileSystems."/".options
else false; else
false;
message = "rootfs must mount subvolume root"; message = "rootfs must mount subvolume root";
} }
]; ];
fileSystems."/persistent" = { fileSystems."/persistent" = {
device = device =
if hasAttr "/" config.fileSystems if hasAttr "/" config.fileSystems then mkDefault config.fileSystems."/".device else "/dev/null";
then mkDefault config.fileSystems."/".device
else "/dev/null";
fsType = "btrfs"; fsType = "btrfs";
options = ["subvol=persistent"]; options = [ "subvol=persistent" ];
neededForBoot = true; neededForBoot = true;
}; };
environment.persistence."/persistent" = { environment.persistence."/persistent" = {

196
modules/environment/user-impermanence.nix
View file

@ -5,107 +5,121 @@
inTester, inTester,
... ...
}: }:
with lib; { with lib;
{
options = { options = {
environment.impermanence.users = mkOption { environment.impermanence.users = mkOption {
description = "Which users to clean up the home directory for"; description = "Which users to clean up the home directory for";
default = []; default = [ ];
type = types.listOf types.str; type = types.listOf types.str;
}; };
}; };
config = mkIf (config.environment.impermanence.enable && config.environment.impermanence.users != []) { config =
programs.fuse.userAllowOther = true; mkIf (config.environment.impermanence.enable && config.environment.impermanence.users != [ ])
home-manager.users = listToAttrs (map (name: { {
inherit name; programs.fuse.userAllowOther = true;
value = {config, ...}: { home-manager.users = listToAttrs (
home.file."${config.home.homeDirectory}/.cache/.keep" = { map (name: {
enable = false; inherit name;
}; value =
home.persistence.default = { { config, ... }:
persistentStoragePath = "/persistent/home/${name}";
allowOther = true;
directories = [
"Downloads"
"Music"
"Pictures"
"Documents"
"Videos"
{ {
directory = ".cache"; home.file."${config.home.homeDirectory}/.cache/.keep" = {
method = "symlink"; enable = false;
} };
"Data" home.persistence.default = {
]; persistentStoragePath = "/persistent/home/${name}";
}; allowOther = true;
}; directories = [
}) "Downloads"
config.environment.impermanence.users); "Music"
systemd.tmpfiles.rules = mkMerge (map (name: [ "Pictures"
"d /persistent/home/${name} 700 ${name} ${config.users.users.${name}.group} - -" "Documents"
"d /persistent/home/${name}/.cache 700 ${name} ${config.users.users.${name}.group} 7d -" "Videos"
]) {
config.environment.impermanence.users); directory = ".cache";
systemd.services = listToAttrs (flatten (map (name: let method = "symlink";
cfg = config.users.users.${name}; }
in [ "Data"
{ ];
name = "cleanup-home-${name}"; };
description = "Clean home directory for ${name}"; };
value = { }) config.environment.impermanence.users
before = [ );
"user@${toString cfg.uid}.service" systemd.tmpfiles.rules = mkMerge (
"home-manager-${name}.service" map (name: [
]; "d /persistent/home/${name} 700 ${name} ${config.users.users.${name}.group} - -"
partOf = [ "d /persistent/home/${name}/.cache 700 ${name} ${config.users.users.${name}.group} 7d -"
"user@${toString cfg.uid}.service" ]) config.environment.impermanence.users
]; );
serviceConfig.Type = "oneshot"; systemd.services = listToAttrs (
script = '' flatten (
if [[ -e ${cfg.home} ]]; then map (
timestamp=$(date --date="@$(stat -c %X ${cfg.home})" "+%Y-%m-%d_%H:%M:%S") name:
mkdir -p /persistent/old-homedirs/${name} let
mv ${cfg.home} /persistent/old-homedirs/${name}/$timestamp cfg = config.users.users.${name};
fi in
[
{
name = "cleanup-home-${name}";
description = "Clean home directory for ${name}";
value = {
before = [
"user@${toString cfg.uid}.service"
"home-manager-${name}.service"
];
partOf = [
"user@${toString cfg.uid}.service"
];
serviceConfig.Type = "oneshot";
script = ''
if [[ -e ${cfg.home} ]]; then
timestamp=$(date --date="@$(stat -c %X ${cfg.home})" "+%Y-%m-%d_%H:%M:%S")
mkdir -p /persistent/old-homedirs/${name}
mv ${cfg.home} /persistent/old-homedirs/${name}/$timestamp
fi
delete_subvolume_recursively() { delete_subvolume_recursively() {
IFS=$'\n' IFS=$'\n'
for i in $(${pkgs.btrfs-progs}/bin/btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do for i in $(${pkgs.btrfs-progs}/bin/btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/persistent/old-homedirs/${name}/$i" delete_subvolume_recursively "/persistent/old-homedirs/${name}/$i"
done done
${pkgs.btrfs-progs}/bin/btrfs subvolume delete "$1" || rm -rf "$1" ${pkgs.btrfs-progs}/bin/btrfs subvolume delete "$1" || rm -rf "$1"
} }
for i in $(find /persistent/old-homedirs/${name} -maxdepth 1 -atime +30); do for i in $(find /persistent/old-homedirs/${name} -maxdepth 1 -atime +30); do
delete_subvolume_recursively "$i" delete_subvolume_recursively "$i"
done done
${pkgs.btrfs-progs}/bin/btrfs subvolume create ${cfg.home} ${pkgs.btrfs-progs}/bin/btrfs subvolume create ${cfg.home}
chown -R ${name}:${cfg.group} ${cfg.home} chown -R ${name}:${cfg.group} ${cfg.home}
mkdir -p /persistent/home/${name} mkdir -p /persistent/home/${name}
chown -R ${name}:${cfg.group} /persistent/home/${name} chown -R ${name}:${cfg.group} /persistent/home/${name}
''; '';
}; };
} }
{ {
name = "home-manager-${name}"; name = "home-manager-${name}";
value = { value = {
wantedBy = mkForce [ wantedBy = mkForce [
"user@${toString cfg.uid}.service" "user@${toString cfg.uid}.service"
]; ];
after = [ after = [
"cleanup-home-${name}.service" "cleanup-home-${name}.service"
]; ];
before = [ before = [
"user@${toString cfg.uid}.service" "user@${toString cfg.uid}.service"
]; ];
partOf = [ partOf = [
"user@${toString cfg.uid}.service" "user@${toString cfg.uid}.service"
]; ];
}; };
} }
]) ]
config.environment.impermanence.users)); ) config.environment.impermanence.users
}; )
);
};
} }

12
modules/hydra/build-server.nix
View file

@ -3,13 +3,15 @@
config, config,
... ...
}: }:
with lib; { with lib;
{
options.hydra.buildServer.enable = mkEnableOption "Make this device a build server"; options.hydra.buildServer.enable = mkEnableOption "Make this device a build server";
imports = [ imports = [
{ {
config.hydra.buildServer.enable = let config.hydra.buildServer.enable =
buildServers = import ./build-server-list.nix; let
in buildServers = import ./build-server-list.nix;
in
mkDefault (any (t: t == config.networking.hostName) buildServers); mkDefault (any (t: t == config.networking.hostName) buildServers);
} }
]; ];
@ -21,6 +23,6 @@ with lib; {
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5Q/L2FyB3DIgdJRYnTGHW3naw5VQ9coOdwHYmv0aZ darkkirb@thinkrac" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5Q/L2FyB3DIgdJRYnTGHW3naw5VQ9coOdwHYmv0aZ darkkirb@thinkrac"
]; ];
}; };
nix.settings.trusted-users = ["remote-build"]; nix.settings.trusted-users = [ "remote-build" ];
}; };
} }

177
modules/nix/autoupdater.nix
View file

@ -3,60 +3,62 @@
pkgs, pkgs,
lib, lib,
... ...
}: let }:
let
cfg = config.nix.auto-update; cfg = config.nix.auto-update;
in in
with lib; { with lib;
options.nix.auto-update = { {
enable = mkEnableOption "enable automatic updates"; options.nix.auto-update = {
reboot = mkEnableOption "Reboot if kernel change"; enable = mkEnableOption "enable automatic updates";
hydraServer = mkOption { reboot = mkEnableOption "Reboot if kernel change";
type = types.str; hydraServer = mkOption {
description = "Location of hydra server"; type = types.str;
default = "https://hydra.chir.rs"; description = "Location of hydra server";
}; default = "https://hydra.chir.rs";
project = mkOption {
type = types.str;
description = "Project name to use";
default = "nixos-config";
};
jobset = mkOption {
type = types.str;
description = "Jobset name to use";
default = "pr618";
};
job = mkOption {
type = types.str;
description = "Job name to use";
default = "nixosConfigurations.${config.networking.hostName}";
defaultText = literalExpression ''"nixosConfigurations.''${config.networking.hostName}"'';
};
specialisation = mkOption {
type = types.nullOr types.str;
description = "specialisation to switch into";
default = null;
};
}; };
project = mkOption {
type = types.str;
description = "Project name to use";
default = "nixos-config";
};
jobset = mkOption {
type = types.str;
description = "Jobset name to use";
default = "pr618";
};
job = mkOption {
type = types.str;
description = "Job name to use";
default = "nixosConfigurations.${config.networking.hostName}";
defaultText = literalExpression ''"nixosConfigurations.''${config.networking.hostName}"'';
};
specialisation = mkOption {
type = types.nullOr types.str;
description = "specialisation to switch into";
default = null;
};
};
config.nix.auto-update.enable = mkDefault config.nix.enable; config.nix.auto-update.enable = mkDefault config.nix.enable;
config.nix.auto-update.reboot = mkDefault true; config.nix.auto-update.reboot = mkDefault true;
config.systemd.services.nixos-upgrade = mkIf config.nix.enable { config.systemd.services.nixos-upgrade = mkIf config.nix.enable {
description = "NixOS Upgrade"; description = "NixOS Upgrade";
restartIfChanged = false; restartIfChanged = false;
unitConfig.X-StopOnRemoval = false; unitConfig.X-StopOnRemoval = false;
wants = ["network-online.target"]; wants = [ "network-online.target" ];
after = ["network-online.target"]; after = [ "network-online.target" ];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
script = let script =
output = let
if cfg.specialisation == null output =
then "$output" if cfg.specialisation == null then "$output" else "$output/specialisation/${cfg.specialisation}";
else "$output/specialisation/${cfg.specialisation}";
switchToConfiguration = "${output}/bin/switch-to-configuration"; switchToConfiguration = "${output}/bin/switch-to-configuration";
in '' in
''
#!${pkgs.bash}/bin/bash #!${pkgs.bash}/bin/bash
set -euxo pipefail set -euxo pipefail
build=$(${pkgs.curl}/bin/curl -H "accept: application/json" -G ${cfg.hydraServer}/api/latestbuilds -d "nr=10" -d "project=${cfg.project}" -d "jobset=${cfg.jobset}" -d "job=${cfg.job}" | ${pkgs.jq}/bin/jq -r '[.[]|select(.buildstatus==0)][0].id') build=$(${pkgs.curl}/bin/curl -H "accept: application/json" -G ${cfg.hydraServer}/api/latestbuilds -d "nr=10" -d "project=${cfg.project}" -d "jobset=${cfg.jobset}" -d "job=${cfg.job}" | ${pkgs.jq}/bin/jq -r '[.[]|select(.buildstatus==0)][0].id')
@ -65,49 +67,50 @@ in
output=$(${pkgs.nix}/bin/nix-store -r $drvname) output=$(${pkgs.nix}/bin/nix-store -r $drvname)
${pkgs.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set ${output} ${pkgs.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set ${output}
${ ${
if cfg.reboot if cfg.reboot then
then '' ''
${switchToConfiguration} boot ${switchToConfiguration} boot
booted="$(${pkgs.coreutils}/bin/readlink /run/booted-system/{initrd,kernel,kernel-modules})" booted="$(${pkgs.coreutils}/bin/readlink /run/booted-system/{initrd,kernel,kernel-modules})"
built="$(${pkgs.coreutils}/bin/readlink ${output}/{initrd,kernel,kernel-modules})" built="$(${pkgs.coreutils}/bin/readlink ${output}/{initrd,kernel,kernel-modules})"
if [ "$booted" = "$built" ]; then if [ "$booted" = "$built" ]; then
${switchToConfiguration} switch
else
${pkgs.systemd}/bin/shutdown -r +1
fi
exit
''
else
''
${switchToConfiguration} switch ${switchToConfiguration} switch
else ''
${pkgs.systemd}/bin/shutdown -r +1
fi
exit
''
else ''
${switchToConfiguration} switch
''
} }
''; '';
}; };
config.systemd.timers.nixos-upgrade = { config.systemd.timers.nixos-upgrade = {
enable = cfg.enable; enable = cfg.enable;
description = "Automatically update nixos"; description = "Automatically update nixos";
requires = ["nixos-upgrade.service"]; requires = [ "nixos-upgrade.service" ];
wants = ["network-online.target"]; wants = [ "network-online.target" ];
after = ["network-online.target"]; after = [ "network-online.target" ];
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
timerConfig = { timerConfig = {
OnUnitActiveSec = "30min"; OnUnitActiveSec = "30min";
RandomizedDelaySec = "1h"; RandomizedDelaySec = "1h";
};
}; };
config.assertions = [ };
{ config.assertions = [
assertion = cfg.enable -> config.nix.enable; {
message = "Auto updating will only work when nix itself is enabled."; assertion = cfg.enable -> config.nix.enable;
} message = "Auto updating will only work when nix itself is enabled.";
{ }
assertion = (cfg.specialisation != null) -> config.isSpecialisation; {
message = "Automatic update switching to specialisation is only allowed in specialisations"; assertion = (cfg.specialisation != null) -> config.isSpecialisation;
} message = "Automatic update switching to specialisation is only allowed in specialisations";
{ }
assertion = config.isSpecialisation -> (cfg.specialisation != null); {
message = "Specifying the specialization name is required for autoupdate to work!"; assertion = config.isSpecialisation -> (cfg.specialisation != null);
} message = "Specifying the specialization name is required for autoupdate to work!";
]; }
} ];
}

13
modules/nix/build-server.nix
View file

@ -3,7 +3,8 @@
lib, lib,
... ...
}: }:
with lib; { with lib;
{
config = mkIf (!config.isInstaller) { config = mkIf (!config.isInstaller) {
nix.distributedBuilds = true; nix.distributedBuilds = true;
nix.buildMachines = mkMerge [ nix.buildMachines = mkMerge [
@ -17,7 +18,15 @@ with lib; {
]; ];
maxJobs = 4; maxJobs = 4;
speedFactor = 1; speedFactor = 1;
supportedFeatures = ["nixos-test" "benchmark" "ca-derivations" "gccarch-armv8-a" "gccarch-armv8.1-a" "gccarch-armv8.2-a" "big-parallel"]; supportedFeatures = [
"nixos-test"
"benchmark"
"ca-derivations"
"gccarch-armv8-a"
"gccarch-armv8.1-a"
"gccarch-armv8.2-a"
"big-parallel"
];
} }
] ]
[ [

9
modules/nix/default.nix
View file

@ -3,7 +3,8 @@
lib, lib,
... ...
}: }:
with lib; { with lib;
{
imports = [ imports = [
./link-inputs.nix ./link-inputs.nix
./lix.nix ./lix.nix
@ -12,9 +13,9 @@ with lib; {
]; ];
nix.settings = { nix.settings = {
substituters = mkMerge [ substituters = mkMerge [
["https://attic.chir.rs/chir-rs/"] [ "https://attic.chir.rs/chir-rs/" ]
(mkIf (!config.isInstaller) ["https://hydra.int.chir.rs"]) (mkIf (!config.isInstaller) [ "https://hydra.int.chir.rs" ])
(mkIf config.isInstaller ["https://hydra.chir.rs"]) (mkIf config.isInstaller [ "https://hydra.chir.rs" ])
]; ];
trusted-public-keys = [ trusted-public-keys = [
"nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg=" "nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg="

26
modules/nix/link-inputs.nix
View file

@ -2,22 +2,20 @@
lib, lib,
inputs, inputs,
... ...
}: let }:
let
# Taken from https://github.com/gytis-ivaskevicius/flake-utils-plus/blob/master/lib/options.nix # Taken from https://github.com/gytis-ivaskevicius/flake-utils-plus/blob/master/lib/options.nix
inherit (lib) filterAttrs mapAttrs'; inherit (lib) filterAttrs mapAttrs';
flakes = filterAttrs (name: value: (value ? outputs)) inputs; flakes = filterAttrs (name: value: (value ? outputs)) inputs;
nixRegistry = nixRegistry = builtins.mapAttrs (name: v: { flake = v; }) flakes;
builtins.mapAttrs in
(name: v: {flake = v;}) {
flakes;
in {
nix.registry = nixRegistry; nix.registry = nixRegistry;
environment.etc = environment.etc = mapAttrs' (name: value: {
mapAttrs' name = "nix/inputs/${name}";
(name: value: { value = {
name = "nix/inputs/${name}"; source = value.outPath;
value = {source = value.outPath;}; };
}) }) flakes;
flakes; nix.nixPath = [ "/etc/nix/inputs" ];
nix.nixPath = ["/etc/nix/inputs"];
} }

8
modules/nix/lix.nix
View file

@ -5,11 +5,9 @@
pkgs, pkgs,
lib, lib,
... ...
}: { }:
imports = {
if inTester imports = if inTester then [ ] else [ lix-module.nixosModules.default ];
then []
else [lix-module.nixosModules.default];
environment.systemPackages = lib.mkIf config.nix.enable [ environment.systemPackages = lib.mkIf config.nix.enable [
pkgs.git pkgs.git

15
modules/riscv.nix
View file

@ -3,10 +3,11 @@
riscv-overlay, riscv-overlay,
... ...
}: }:
if system == "riscv64-linux" if system == "riscv64-linux" then
then { {
nixpkgs.overlays = [ nixpkgs.overlays = [
riscv-overlay.overlays.default riscv-overlay.overlays.default
]; ];
} }
else {} else
{ }

3
modules/secrets/sops.nix
View file

@ -2,7 +2,8 @@
sops-nix, sops-nix,
config, config,
... ...
}: { }:
{
imports = [ imports = [
"${sops-nix}/modules/sops" "${sops-nix}/modules/sops"
]; ];

5
programs/desktop/audacious.nix
View file

@ -1,5 +1,6 @@
{pkgs, ...}: { { pkgs, ... }:
home.packages = with pkgs; [audacious]; {
home.packages = with pkgs; [ audacious ];
home.persistence.default.directories = [ home.persistence.default.directories = [
".config/audacious" ".config/audacious"
]; ];

14
programs/desktop/default.nix
View file

@ -1,13 +1,15 @@
{config, pkgs, ...}: { { config, pkgs, ... }:
{
imports = [ imports = [
./steam ./steam
]; ];
home-manager.users.darkkirb.imports = home-manager.users.darkkirb.imports =
if config.isGraphical if config.isGraphical then
then [ [
./home-manager.nix ./home-manager.nix
] ]
else []; else
[ ];
environment.plasma6.excludePackages = with pkgs.kdePackages; [ environment.plasma6.excludePackages = with pkgs.kdePackages; [
pkgs.elisa pkgs.elisa

28
programs/desktop/firefox/default.nix
View file

@ -4,7 +4,8 @@
lib, lib,
nur, nur,
... ...
}: let }:
let
extensions = { extensions = {
"ublock-origin" = [ "ublock-origin" = [
"alarms" "alarms"
@ -102,7 +103,8 @@
nurpkgs = pkgs; nurpkgs = pkgs;
inherit pkgs; inherit pkgs;
}; };
in { in
{
programs.firefox = { programs.firefox = {
enable = true; enable = true;
nativeMessagingHosts = with pkgs; [ nativeMessagingHosts = with pkgs; [
@ -139,18 +141,16 @@ in {
''; '';
}; };
}; };
assertions = assertions = lib.mapAttrsToList (
lib.mapAttrsToList (k: v: let k: v:
unaccepted = let
lib.subtractLists unaccepted = lib.subtractLists v nur'.repos.rycee.firefox-addons.${k}.meta.mozPermissions;
v in
nur'.repos.rycee.firefox-addons.${k}.meta.mozPermissions; {
in { assertion = unaccepted == [ ];
assertion = unaccepted == []; message = ''Extension ${k} has unaccepted permissions: ${builtins.toJSON unaccepted}'';
message = '' }
Extension ${k} has unaccepted permissions: ${builtins.toJSON unaccepted}''; ) extensions;
})
extensions;
home.persistence.default.directories = [ home.persistence.default.directories = [
".mozilla" ".mozilla"
]; ];

5
programs/desktop/games/default.nix
View file

@ -1,6 +1,7 @@
{pkgs, ...}: { { pkgs, ... }:
{
imports = [ imports = [
./ff14 ./ff14
]; ];
home.packages = with pkgs; [factorio]; home.packages = with pkgs; [ factorio ];
} }

11
programs/desktop/games/ff14/default.nix
View file

@ -1,6 +1,13 @@
{ config, pkgs, lib, systemConfig, ... }: { {
config,
pkgs,
lib,
systemConfig,
...
}:
{
config = lib.mkIf (systemConfig.networking.hostName == "rainbow-resort") { config = lib.mkIf (systemConfig.networking.hostName == "rainbow-resort") {
home.packages = with pkgs; [xivlauncher]; home.packages = with pkgs; [ xivlauncher ];
systemd.user.tmpfiles.rules = [ systemd.user.tmpfiles.rules = [
"L ${config.home.homeDirectory}/.xlcore - - - - ${config.home.homeDirectory}/Games/FF14/xlcore" "L ${config.home.homeDirectory}/.xlcore - - - - ${config.home.homeDirectory}/Games/FF14/xlcore"
]; ];

3
programs/desktop/home-manager.nix
View file

@ -1,4 +1,5 @@
{pkgs, nixos-config, ...}: { { pkgs, nixos-config, ... }:
{
imports = [ imports = [
./firefox ./firefox
./password-manager.nix ./password-manager.nix

5
programs/desktop/ims.nix
View file

@ -1,8 +1,9 @@
{config, pkgs, ...}: { { config, pkgs, ... }:
{
home.packages = with pkgs; [ home.packages = with pkgs; [
telegram-desktop telegram-desktop
]; ];
home.persistence.default.directories = [".local/share/TelegramDesktop"]; home.persistence.default.directories = [ ".local/share/TelegramDesktop" ];
systemd.user.tmpfiles.rules = [ systemd.user.tmpfiles.rules = [
"d ${config.xdg.cacheHome}/TelegramDesktop/cache - - - - -" "d ${config.xdg.cacheHome}/TelegramDesktop/cache - - - - -"
"d ${config.xdg.cacheHome}/TelegramDesktop/media_cache - - - - -" "d ${config.xdg.cacheHome}/TelegramDesktop/media_cache - - - - -"

5
programs/desktop/password-manager.nix
View file

@ -1,8 +1,9 @@
{ pkgs, lib, ... }: { { pkgs, lib, ... }:
{
home.packages = with pkgs; [ home.packages = with pkgs; [
keepassxc keepassxc
]; ];
xdg.configFile."keepassxc.ini".text = lib.generators.toINI {} { xdg.configFile."keepassxc.ini".text = lib.generators.toINI { } {
General.ConfigVersion = 2; General.ConfigVersion = 2;
Browser = { Browser = {
CustomProxyLocation = ""; CustomProxyLocation = "";

5
programs/desktop/steam/default.nix
View file

@ -1,4 +1,5 @@
{lib, config, ...}: { { lib, config, ... }:
{
programs.steam = lib.mkIf config.isGraphical { programs.steam = lib.mkIf config.isGraphical {
enable = !config.isInstaller; enable = !config.isInstaller;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
@ -7,5 +8,5 @@
}; };
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
home-manager.users.darkkirb.imports = if config.isGraphical then [./home-manager.nix] else []; home-manager.users.darkkirb.imports = if config.isGraphical then [ ./home-manager.nix ] else [ ];
} }

13
programs/desktop/steam/home-manager.nix
View file

@ -1,6 +1,9 @@
{...}: { { ... }:
home.persistence.default.directories = [{ {
directory = ".local/share/Steam"; home.persistence.default.directories = [
method = "symlink"; {
}]; directory = ".local/share/Steam";
method = "symlink";
}
];
} }

5
programs/desktop/syncthing/default.nix
View file

@ -1,7 +1,8 @@
{config, systemConfig, ...}: { { config, systemConfig, ... }:
{
services.syncthing = { services.syncthing = {
enable = true; enable = true;
tray.enable = true; tray.enable = true;
}; };
home.persistence.default.directories = [".local/state/syncthing"]; home.persistence.default.directories = [ ".local/state/syncthing" ];
} }

5
programs/editors/default.nix
View file

@ -1,6 +1,7 @@
{config, ...}: { { config, ... }:
{
imports = [ imports = [
./nvim ./nvim
]; ];
home-manager.users.darkkirb.imports = if config.isGraphical then [./vscode] else []; home-manager.users.darkkirb.imports = if config.isGraphical then [ ./vscode ] else [ ];
} }

16
programs/editors/nvim/globals.nix
View file

@ -3,16 +3,12 @@
pkgs, pkgs,
lib, lib,
... ...
}: let }:
boolToStr = b: let
if b boolToStr = b: if b then "true" else "false";
then "true" boolToStr' = b: if b then "1" else "0";
else "false"; in
boolToStr' = b: {
if b
then "1"
else "0";
in {
xdg.configFile."nvim/lua/globals.lua".text = '' xdg.configFile."nvim/lua/globals.lua".text = ''
local fn = vim.fn local fn = vim.fn
local api = vim.api local api = vim.api

5
programs/editors/nvim/home-manager.nix
View file

@ -2,13 +2,14 @@
pkgs, pkgs,
config, config,
... ...
}: { }:
{
imports = [ imports = [
./globals.nix ./globals.nix
./plugins/lazy-nvim.nix ./plugins/lazy-nvim.nix
]; ];
programs.neovim = { programs.neovim = {
plugins = with pkgs.vimPlugins; [lazy-nvim]; plugins = with pkgs.vimPlugins; [ lazy-nvim ];
enable = true; enable = true;
viAlias = true; viAlias = true;
vimAlias = true; vimAlias = true;

56
programs/editors/nvim/plugins/lazy-nvim.nix
View file

@ -2,11 +2,13 @@
pkgs, pkgs,
config, config,
... ...
}: { }:
{
programs.neovim = { programs.neovim = {
plugins = with pkgs.vimPlugins; plugins =
with pkgs.vimPlugins;
[ [
(nvim-treesitter.withPlugins (p: [])) (nvim-treesitter.withPlugins (p: [ ]))
(pkgs.vimUtils.buildVimPlugin { (pkgs.vimUtils.buildVimPlugin {
name = "vim-highlighturl"; name = "vim-highlighturl";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
@ -39,7 +41,10 @@
indent-blankline-nvim indent-blankline-nvim
lazy-nvim lazy-nvim
(LeaderF.overrideAttrs (super: { (LeaderF.overrideAttrs (super: {
buildInputs = [pkgs.python3 pkgs.python3Packages.setuptools]; buildInputs = [
pkgs.python3
pkgs.python3Packages.setuptools
];
})) }))
lspkind-nvim lspkind-nvim
lualine-nvim lualine-nvim
@ -84,12 +89,13 @@
zen-mode-nvim zen-mode-nvim
] ]
++ ( ++ (
if pkgs.targetPlatform.system != "riscv64-linux" if pkgs.targetPlatform.system != "riscv64-linux" then
then [ [
diffview-nvim diffview-nvim
vim-grammarous vim-grammarous
] ]
else [] else
[ ]
); );
}; };
xdg.configFile."nvim/lua/config/lazy-nvim.lua".text = '' xdg.configFile."nvim/lua/config/lazy-nvim.lua".text = ''
@ -280,12 +286,14 @@
-- Better git commit experience -- Better git commit experience
{ "rhysd/committia.vim", lazy = true }, { "rhysd/committia.vim", lazy = true },
${ ${
if pkgs.targetPlatform.system != "riscv64-linux" if pkgs.targetPlatform.system != "riscv64-linux" then
then '' { ''
"sindrets/diffview.nvim" {
},'' "sindrets/diffview.nvim"
else "" },''
} else
""
}
{ {
"kevinhwang91/nvim-bqf", "kevinhwang91/nvim-bqf",
ft = "qf", ft = "qf",
@ -310,13 +318,15 @@
end, end,
}, },
${ ${
if pkgs.targetPlatform.system != "riscv64-linux" if pkgs.targetPlatform.system != "riscv64-linux" then
then '' { ''
"rhysd/vim-grammarous", {
ft = { "markdown" }, "rhysd/vim-grammarous",
},'' ft = { "markdown" },
else "" },''
} else
""
}
{ "chrisbra/unicode.vim", event = "VeryLazy" }, { "chrisbra/unicode.vim", event = "VeryLazy" },
-- Additional powerful text object for vim, this plugin should be studied -- Additional powerful text object for vim, this plugin should be studied
-- carefully to use its full power -- carefully to use its full power

3
programs/editors/vscode/default.nix
View file

@ -1,4 +1,5 @@
{vscode-server, pkgs, ...}: { { vscode-server, pkgs, ... }:
{
imports = [ imports = [
"${vscode-server}/modules/vscode-server/home.nix" "${vscode-server}/modules/vscode-server/home.nix"
]; ];

8
programs/home-manager.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: { { pkgs, ... }:
{
programs.eza.enable = true; programs.eza.enable = true;
programs.bat.enable = true; programs.bat.enable = true;
programs.fzf.enable = true; programs.fzf.enable = true;
@ -6,5 +7,8 @@
cat = "bat"; cat = "bat";
less = "bat"; less = "bat";
}; };
home.packages = with pkgs; [ripgrep fd]; home.packages = with pkgs; [
ripgrep
fd
];
} }

3
programs/shell/fish/default.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: { { pkgs, ... }:
{
programs.fish.enable = true; programs.fish.enable = true;
home-manager.users.root.imports = [ home-manager.users.root.imports = [
./home-manager.nix ./home-manager.nix

3
programs/shell/fish/home-manager.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: { { pkgs, ... }:
{
imports = [ imports = [
./tide.nix ./tide.nix
./z.nix ./z.nix

3
programs/shell/fish/tide.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: { { pkgs, ... }:
{
programs.fish.plugins = with pkgs.fishPlugins; [ programs.fish.plugins = with pkgs.fishPlugins; [
{ {
name = "tide"; name = "tide";

3
programs/shell/fish/z.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: { { pkgs, ... }:
{
programs.fish.plugins = with pkgs.fishPlugins; [ programs.fish.plugins = with pkgs.fishPlugins; [
{ {
name = "z"; name = "z";

3
programs/shell/tmux/default.nix
View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
home-manager.users.root.imports = [ home-manager.users.root.imports = [
./home-manager.nix ./home-manager.nix
]; ];

3
programs/shell/tmux/home-manager.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: { { pkgs, ... }:
{
programs.tmux = { programs.tmux = {
enable = true; enable = true;
baseIndex = 1; baseIndex = 1;

13
programs/ssh/builders.nix
View file

@ -3,12 +3,15 @@
systemConfig, systemConfig,
lib, lib,
... ...
}: let }:
let
identityFile = identityFile =
if config.home.username == "root" if config.home.username == "root" then
then systemConfig.sops.secrets.".ssh/builder_id_ed25519".path systemConfig.sops.secrets.".ssh/builder_id_ed25519".path
else config.sops.secrets.".ssh/builder_id_ed25519".path; else
in { config.sops.secrets.".ssh/builder_id_ed25519".path;
in
{
programs.ssh = { programs.ssh = {
enable = true; enable = true;
matchBlocks = { matchBlocks = {

24
programs/ssh/home-manager.nix
View file

@ -3,19 +3,29 @@
config, config,
systemConfig, systemConfig,
... ...
}: { }:
{
imports = [ imports = [
./builders.nix ./builders.nix
]; ];
programs.ssh = { programs.ssh = {
controlMaster = "auto"; controlMaster = "auto";
controlPersist = "10m"; controlPersist = "10m";
matchBlocks."*" = lib.hm.dag.entryAfter ["build-nas" "build-rainbow-resort" "build-aarch64" "build-riscv"] { matchBlocks."*" =
identityFile = lib.hm.dag.entryAfter
if config.home.username == "root" [
then systemConfig.sops.secrets.".ssh/id_ed25519_sk".path "build-nas"
else config.sops.secrets.".ssh/id_ed25519_sk".path; "build-rainbow-resort"
}; "build-aarch64"
"build-riscv"
]
{
identityFile =
if config.home.username == "root" then
systemConfig.sops.secrets.".ssh/id_ed25519_sk".path
else
config.sops.secrets.".ssh/id_ed25519_sk".path;
};
enable = true; enable = true;
}; };
sops.secrets = lib.mkIf (config.home.username != "root") { sops.secrets = lib.mkIf (config.home.username != "root") {

3
services/desktop/default.nix
View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
imports = [ imports = [
./kdeconnect.nix ./kdeconnect.nix
]; ];

3
services/desktop/kdeconnect.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: { { pkgs, ... }:
{
services.kdeconnect = { services.kdeconnect = {
enable = true; enable = true;
indicator = true; indicator = true;

5
services/openssh.nix
View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
services.openssh.enable = true; services.openssh.enable = true;
services.openssh.settings = { services.openssh.settings = {
PermitRootLogin = "yes"; PermitRootLogin = "yes";
@ -9,5 +10,5 @@
"instance-20221213-1915.int.chir.rs".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+GanuiV1I08OP8+nNy24+zagQN08rtJnCoU/ixiQNn"; "instance-20221213-1915.int.chir.rs".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+GanuiV1I08OP8+nNy24+zagQN08rtJnCoU/ixiQNn";
"not522.tailbab65.ts.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpOcmvVODaja3wDdnocb/k6MK7vsh5uH8gpeHR9+/rY"; "not522.tailbab65.ts.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpOcmvVODaja3wDdnocb/k6MK7vsh5uH8gpeHR9+/rY";
}; };
networking.firewall.allowedTCPPorts = [22]; networking.firewall.allowedTCPPorts = [ 22 ];
} }

3
services/tailscale.nix
View file

@ -3,7 +3,8 @@
lib, lib,
... ...
}: }:
with lib; { with lib;
{
config = mkIf (!config.isInstaller) { config = mkIf (!config.isInstaller) {
services.tailscale = { services.tailscale = {
enable = true; enable = true;

26
tests/containers-default.nix
View file

@ -6,18 +6,22 @@
}: }:
testers.runNixOSTest { testers.runNixOSTest {
name = "container-default-test"; name = "container-default-test";
nodes.default = { nodes.default =
config, {
pkgs, config,
nixos-config, pkgs,
... nixos-config,
}: { ...
imports = [ }:
nixos-config.nixosModules.default {
]; imports = [
autoContainers = ["default"]; nixos-config.nixosModules.default
];
autoContainers = [ "default" ];
};
node.specialArgs = inputs // {
inTester = true;
}; };
node.specialArgs = inputs // {inTester = true;};
testScript = '' testScript = ''
machine.wait_for_unit("container@default.service") machine.wait_for_unit("container@default.service")
''; '';

3
users/common/default.nix
View file

@ -1,3 +1,4 @@
{...}: { { ... }:
{
home.stateVersion = "24.11"; home.stateVersion = "24.11";
} }

12
users/darkkirb/default.nix
View file

@ -1,4 +1,5 @@
{config, ...}: { { config, ... }:
{
users.users.darkkirb = { users.users.darkkirb = {
createHome = true; createHome = true;
isNormalUser = true; isNormalUser = true;
@ -6,7 +7,7 @@
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDXQlfvRUm/z6eP1EjsajIbMibkq9n+ymlbBi7NFiOuaAAAABHNzaDo= ssh:" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDXQlfvRUm/z6eP1EjsajIbMibkq9n+ymlbBi7NFiOuaAAAABHNzaDo= ssh:"
]; ];
hashedPasswordFile = config.sops.secrets."users/users/darkkirb/hashedPassword".path; hashedPasswordFile = config.sops.secrets."users/users/darkkirb/hashedPassword".path;
extraGroups = ["wheel"]; extraGroups = [ "wheel" ];
}; };
sops.secrets."users/users/darkkirb/hashedPassword" = { sops.secrets."users/users/darkkirb/hashedPassword" = {
neededForUsers = true; neededForUsers = true;
@ -16,7 +17,8 @@
owner = "darkkirb"; owner = "darkkirb";
sopsFile = ./system.yaml; sopsFile = ./system.yaml;
}; };
home-manager.users.darkkirb.sops.age.keyFile = config.sops.secrets."users/users/darkkirb/age-key".path; home-manager.users.darkkirb.sops.age.keyFile =
config.sops.secrets."users/users/darkkirb/age-key".path;
home-manager.users.darkkirb.home.persistence.default.directories = [ home-manager.users.darkkirb.home.persistence.default.directories = [
"sources" "sources"
{ {
@ -24,6 +26,6 @@
method = "symlink"; method = "symlink";
} }
]; ];
home-manager.users.darkkirb.imports = [./home-manager]; home-manager.users.darkkirb.imports = [ ./home-manager ];
environment.impermanence.users = ["darkkirb"]; environment.impermanence.users = [ "darkkirb" ];
} }

3
users/darkkirb/home-manager/default.nix
View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
imports = [ imports = [
./git.nix ./git.nix
]; ];

9
users/darkkirb/home-manager/git.nix
View file

@ -1,10 +1,8 @@
{pkgs, systemConfig, ...}: { { pkgs, systemConfig, ... }:
{
programs.git = { programs.git = {
enable = true; enable = true;
package = package = if systemConfig.isGraphical then pkgs.gitAndTools.gitFull else pkgs.git;
if systemConfig.isGraphical
then pkgs.gitAndTools.gitFull
else pkgs.git;
lfs.enable = true; lfs.enable = true;
userEmail = "lotte@chir.rs"; userEmail = "lotte@chir.rs";
userName = "Charlotte 🦝 Delenk"; userName = "Charlotte 🦝 Delenk";
@ -17,4 +15,3 @@
delta.enable = true; delta.enable = true;
}; };
} }

3
users/default.nix
View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
imports = [ imports = [
./home-manager.nix ./home-manager.nix
./root ./root

13
users/home-manager.nix
View file

@ -5,17 +5,16 @@
config, config,
sops-nix, sops-nix,
... ...
}: { }:
{
home-manager = { home-manager = {
useUserPackages = true; useUserPackages = true;
useGlobalPkgs = true; useGlobalPkgs = true;
backupFileExtension = "backup"; backupFileExtension = "backup";
extraSpecialArgs = extraSpecialArgs = inputs // {
inputs inherit inputs inputs';
// { systemConfig = config;
inherit inputs inputs'; };
systemConfig = config;
};
sharedModules = [ sharedModules = [
./common ./common
"${impermanence}/home-manager.nix" "${impermanence}/home-manager.nix"

7
users/root/default.nix
View file

@ -3,7 +3,8 @@
config, config,
lib, lib,
... ...
}: { }:
{
users.users.root = { users.users.root = {
createHome = true; createHome = true;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
@ -23,6 +24,6 @@
mode = "600"; mode = "600";
sopsFile = "${nixos-config}/programs/ssh/shared-keys.yaml"; sopsFile = "${nixos-config}/programs/ssh/shared-keys.yaml";
}; };
home-manager.users.root.sops.secrets = lib.mkForce {}; home-manager.users.root.sops.secrets = lib.mkForce { };
environment.impermanence.users = ["root"]; environment.impermanence.users = [ "root" ];
} }