From f11b0f9e0aad0086f90de8d79724e7beaf9b11ae Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Fri, 4 Jul 2025 14:36:37 -0400 Subject: [PATCH 1/3] add home-manager module for non-nixos systems --- .sops.yaml | 30 +++++++++++++++--------------- flake.nix | 23 +++++++++++++++++++++++ lib/systems.nix | 1 + users/alice/home/zsh.nix | 2 +- 4 files changed, 40 insertions(+), 16 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 45d9626..921dbf8 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -19,39 +19,39 @@ creation_rules: - path_regex: users/alice/secrets.*\.yaml$ key_groups: - pgp: - - *admin_alice + - *admin_alice age: - - *palatine-hill - - *artemision - - *artemision-home + - *palatine-hill + - *artemision + - *artemision-home - path_regex: systems/palatine-hill/secrets.*\.yaml$ key_groups: - pgp: - - *admin_alice + - *admin_alice age: - - *palatine-hill + - *palatine-hill - path_regex: systems/artemision/secrets.*\.yaml$ key_groups: - pgp: - - *admin_alice + - *admin_alice age: - - *artemision + - *artemision - path_regex: systems/selinunte/secrets.*\.yaml$ key_groups: - pgp: - - *admin_alice + - *admin_alice age: - - *artemision - - *selinunte + - *artemision + - *selinunte - path_regex: systems/palatine-hill/docker/wg/.*\.conf$ key_groups: - pgp: - - *admin_alice + - *admin_alice age: - - *palatine-hill + - *palatine-hill - path_regex: systems/palatine-hill/docker/openvpn/.*\.ovpn$ key_groups: - pgp: - - *admin_alice + - *admin_alice age: - - *palatine-hill + - *palatine-hill diff --git a/flake.nix b/flake.nix index 68a36c0..427fcdd 100644 --- a/flake.nix +++ b/flake.nix @@ -175,6 +175,29 @@ formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style); nixosConfigurations = genSystems inputs outputs src (src + "/systems"); + homeConfigurations = { + "alice" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = import nixpkgs { system = "x86_64-linux"; }; + modules = [ + inputs.stylix.homeModules.stylix + inputs.sops-nix.homeManagerModules.sops + inputs.nix-index-database.hmModules.nix-index + { + nixpkgs.config = { + allowUnfree = true; + allowUnfreePredicate = _: true; + }; + } + ./users/alice/home.nix + ]; + extraSpecialArgs = { + inherit inputs outputs; + machineConfig = { + server = false; + }; + }; + }; + }; images = { install-iso = getImages nixosConfigurations "install-iso"; iso = getImages nixosConfigurations "iso"; diff --git a/lib/systems.nix b/lib/systems.nix index fd46b2a..ba894b7 100644 --- a/lib/systems.nix +++ b/lib/systems.nix @@ -172,6 +172,7 @@ rec { modules = [ inputs.nixos-modules.nixosModule + inputs.nix-index-database.nixosModules.nix-index (genHostName hostname) (configPath + "/hardware.nix") (configPath + "/configuration.nix") diff --git a/users/alice/home/zsh.nix b/users/alice/home/zsh.nix index a2d3c73..14390a2 100644 --- a/users/alice/home/zsh.nix +++ b/users/alice/home/zsh.nix @@ -72,7 +72,7 @@ "sgc" = "sudo git -C /root/dotfiles"; ## SSH "ssh-init" = - "ssh-add -t 2h ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota ~/.ssh/id_ed25519_gh"; + "ssh-add -t 2h ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota ~/.ssh/id_ed25519_gh ~/.ssh/id_ed25519"; ## Backups "borgmatic-backup-quick" = From 8f8bb999a30c32a7b1cad05de241ef0fff1bce3e Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Fri, 4 Jul 2025 18:11:28 -0400 Subject: [PATCH 2/3] make restic repos private --- systems/palatine-hill/docker/restic.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/palatine-hill/docker/restic.nix b/systems/palatine-hill/docker/restic.nix index 1038997..833fa18 100644 --- a/systems/palatine-hill/docker/restic.nix +++ b/systems/palatine-hill/docker/restic.nix @@ -10,7 +10,7 @@ in image = "restic/rest-server:latest"; volumes = [ "${restic_path}:/data" ]; environment = { - OPTIONS = "--prometheus --htpasswd-file /data/.htpasswd"; + OPTIONS = "--prometheus --private-repos --htpasswd-file /data/.htpasswd"; }; ports = [ "8010:8000" ]; extraOptions = [ From f4ff5a6251d930d6d67d27cc194283f00908da6e Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Tue, 8 Jul 2025 01:10:59 -0400 Subject: [PATCH 3/3] remove lix, add homes to hydra --- flake.lock | 56 -------------------------------------------- flake.nix | 14 +++++------ hydra/jobs.nix | 8 +++++++ lib/systems.nix | 2 +- users/alice/home.nix | 1 + 5 files changed, 17 insertions(+), 64 deletions(-) diff --git a/flake.lock b/flake.lock index e8b0605..e700b84 100644 --- a/flake.lock +++ b/flake.lock @@ -178,21 +178,6 @@ "type": "github" } }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "fromYaml": { "flake": false, "locked": { @@ -358,46 +343,6 @@ "type": "github" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1737234286, - "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=", - "rev": "079528098f5998ba13c88821a2eca1005c1695de", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1741892773, - "narHash": "sha256-8oUT6D7VlsuLkms3zBsUaPBUoxucmFq62QdtyVpjq0Y=", - "ref": "stable", - "rev": "ed7a2fa83145868ecb830d6b3c73ebfd81a9e911", - "revCount": 130, - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module" - }, - "original": { - "ref": "stable", - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module" - } - }, "nix": { "flake": false, "locked": { @@ -660,7 +605,6 @@ "home-manager": "home-manager", "hydra": "hydra", "hyprland-contrib": "hyprland-contrib", - "lix-module": "lix-module", "nix-index-database": "nix-index-database", "nixos-cosmic": "nixos-cosmic", "nixos-generators": "nixos-generators", diff --git a/flake.nix b/flake.nix index 427fcdd..16bb675 100644 --- a/flake.nix +++ b/flake.nix @@ -66,13 +66,13 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - lix-module = { - url = "git+https://git.lix.systems/lix-project/nixos-module?ref=stable"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-utils.follows = "flake-utils"; - }; - }; + #lix-module = { + # url = "git+https://git.lix.systems/lix-project/nixos-module?ref=stable"; + # inputs = { + # nixpkgs.follows = "nixpkgs"; + # flake-utils.follows = "flake-utils"; + # }; + #}; nix-index-database = { url = "github:Mic92/nix-index-database"; diff --git a/hydra/jobs.nix b/hydra/jobs.nix index e8d9279..6fbc994 100644 --- a/hydra/jobs.nix +++ b/hydra/jobs.nix @@ -10,6 +10,9 @@ let getCfg = _: cfg: cfg.config.system.build.toplevel; hostToAgg = _: cfg: cfg; + getHome = _: cfg: cfg.config.home.activationPackage; + homeToAgg = _: cfg: cfg; + # get per-system check derivation (with optional postfix) mapSystems = { @@ -22,11 +25,16 @@ rec { inherit (outputs) formatter devShells checks; host = lib.mapAttrs getCfg outputs.nixosConfigurations; + home = lib.mapAttrs getHome outputs.homeConfigurations; # homeConfigurations.alice.config.home.activationPackage hosts = pkgs.releaseTools.aggregate { name = "hosts"; constituents = lib.mapAttrsToList hostToAgg host; }; + homes = pkgs.releaseTools.aggregate { + name = "homes"; + constituents = lib.mapAttrsToList homeToAgg home; + }; devChecks = pkgs.releaseTools.aggregate { name = "devChecks"; diff --git a/lib/systems.nix b/lib/systems.nix index ba894b7..09136b4 100644 --- a/lib/systems.nix +++ b/lib/systems.nix @@ -182,7 +182,7 @@ rec { ++ genWrapper sops genSops args ++ genWrapper home genHome args ++ genWrapper true genUsers args - ++ genWrapper lix ({ ... }: [ inputs.lix-module.nixosModules.default ]) args + #++ genWrapper lix ({ ... }: [ inputs.lix-module.nixosModules.default ]) args ++ genWrapper (system != "x86_64-linux") genNonX86 args; }; diff --git a/users/alice/home.nix b/users/alice/home.nix index 3e005a9..85c98b8 100644 --- a/users/alice/home.nix +++ b/users/alice/home.nix @@ -76,6 +76,7 @@ nix-prefetch nix-tree nh + home-manager # doom emacs dependencies fd