Merge pull request 'feature/home-config' (#130) from feature/home-config into main
Reviewed-on: #130
This commit is contained in:
30
.sops.yaml
30
.sops.yaml
@ -19,39 +19,39 @@ creation_rules:
|
||||
- path_regex: users/alice/secrets.*\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *admin_alice
|
||||
- *admin_alice
|
||||
age:
|
||||
- *palatine-hill
|
||||
- *artemision
|
||||
- *artemision-home
|
||||
- *palatine-hill
|
||||
- *artemision
|
||||
- *artemision-home
|
||||
- path_regex: systems/palatine-hill/secrets.*\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *admin_alice
|
||||
- *admin_alice
|
||||
age:
|
||||
- *palatine-hill
|
||||
- *palatine-hill
|
||||
- path_regex: systems/artemision/secrets.*\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *admin_alice
|
||||
- *admin_alice
|
||||
age:
|
||||
- *artemision
|
||||
- *artemision
|
||||
- path_regex: systems/selinunte/secrets.*\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *admin_alice
|
||||
- *admin_alice
|
||||
age:
|
||||
- *artemision
|
||||
- *selinunte
|
||||
- *artemision
|
||||
- *selinunte
|
||||
- path_regex: systems/palatine-hill/docker/wg/.*\.conf$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *admin_alice
|
||||
- *admin_alice
|
||||
age:
|
||||
- *palatine-hill
|
||||
- *palatine-hill
|
||||
- path_regex: systems/palatine-hill/docker/openvpn/.*\.ovpn$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *admin_alice
|
||||
- *admin_alice
|
||||
age:
|
||||
- *palatine-hill
|
||||
- *palatine-hill
|
||||
|
||||
56
flake.lock
generated
56
flake.lock
generated
@ -178,21 +178,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flakey-profile": {
|
||||
"locked": {
|
||||
"lastModified": 1712898590,
|
||||
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
|
||||
"owner": "lf-",
|
||||
"repo": "flakey-profile",
|
||||
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "lf-",
|
||||
"repo": "flakey-profile",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"fromYaml": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
@ -358,46 +343,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"lix": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1737234286,
|
||||
"narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=",
|
||||
"rev": "079528098f5998ba13c88821a2eca1005c1695de",
|
||||
"type": "tarball",
|
||||
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz"
|
||||
},
|
||||
"original": {
|
||||
"type": "tarball",
|
||||
"url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz"
|
||||
}
|
||||
},
|
||||
"lix-module": {
|
||||
"inputs": {
|
||||
"flake-utils": [
|
||||
"flake-utils"
|
||||
],
|
||||
"flakey-profile": "flakey-profile",
|
||||
"lix": "lix",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1741892773,
|
||||
"narHash": "sha256-8oUT6D7VlsuLkms3zBsUaPBUoxucmFq62QdtyVpjq0Y=",
|
||||
"ref": "stable",
|
||||
"rev": "ed7a2fa83145868ecb830d6b3c73ebfd81a9e911",
|
||||
"revCount": 130,
|
||||
"type": "git",
|
||||
"url": "https://git.lix.systems/lix-project/nixos-module"
|
||||
},
|
||||
"original": {
|
||||
"ref": "stable",
|
||||
"type": "git",
|
||||
"url": "https://git.lix.systems/lix-project/nixos-module"
|
||||
}
|
||||
},
|
||||
"nix": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
@ -660,7 +605,6 @@
|
||||
"home-manager": "home-manager",
|
||||
"hydra": "hydra",
|
||||
"hyprland-contrib": "hyprland-contrib",
|
||||
"lix-module": "lix-module",
|
||||
"nix-index-database": "nix-index-database",
|
||||
"nixos-cosmic": "nixos-cosmic",
|
||||
"nixos-generators": "nixos-generators",
|
||||
|
||||
37
flake.nix
37
flake.nix
@ -66,13 +66,13 @@
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
lix-module = {
|
||||
url = "git+https://git.lix.systems/lix-project/nixos-module?ref=stable";
|
||||
inputs = {
|
||||
nixpkgs.follows = "nixpkgs";
|
||||
flake-utils.follows = "flake-utils";
|
||||
};
|
||||
};
|
||||
#lix-module = {
|
||||
# url = "git+https://git.lix.systems/lix-project/nixos-module?ref=stable";
|
||||
# inputs = {
|
||||
# nixpkgs.follows = "nixpkgs";
|
||||
# flake-utils.follows = "flake-utils";
|
||||
# };
|
||||
#};
|
||||
|
||||
nix-index-database = {
|
||||
url = "github:Mic92/nix-index-database";
|
||||
@ -175,6 +175,29 @@
|
||||
formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
|
||||
|
||||
nixosConfigurations = genSystems inputs outputs src (src + "/systems");
|
||||
homeConfigurations = {
|
||||
"alice" = inputs.home-manager.lib.homeManagerConfiguration {
|
||||
pkgs = import nixpkgs { system = "x86_64-linux"; };
|
||||
modules = [
|
||||
inputs.stylix.homeModules.stylix
|
||||
inputs.sops-nix.homeManagerModules.sops
|
||||
inputs.nix-index-database.hmModules.nix-index
|
||||
{
|
||||
nixpkgs.config = {
|
||||
allowUnfree = true;
|
||||
allowUnfreePredicate = _: true;
|
||||
};
|
||||
}
|
||||
./users/alice/home.nix
|
||||
];
|
||||
extraSpecialArgs = {
|
||||
inherit inputs outputs;
|
||||
machineConfig = {
|
||||
server = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
images = {
|
||||
install-iso = getImages nixosConfigurations "install-iso";
|
||||
iso = getImages nixosConfigurations "iso";
|
||||
|
||||
@ -10,6 +10,9 @@ let
|
||||
getCfg = _: cfg: cfg.config.system.build.toplevel;
|
||||
hostToAgg = _: cfg: cfg;
|
||||
|
||||
getHome = _: cfg: cfg.config.home.activationPackage;
|
||||
homeToAgg = _: cfg: cfg;
|
||||
|
||||
# get per-system check derivation (with optional postfix)
|
||||
mapSystems =
|
||||
{
|
||||
@ -22,11 +25,16 @@ rec {
|
||||
inherit (outputs) formatter devShells checks;
|
||||
|
||||
host = lib.mapAttrs getCfg outputs.nixosConfigurations;
|
||||
home = lib.mapAttrs getHome outputs.homeConfigurations; # homeConfigurations.alice.config.home.activationPackage
|
||||
|
||||
hosts = pkgs.releaseTools.aggregate {
|
||||
name = "hosts";
|
||||
constituents = lib.mapAttrsToList hostToAgg host;
|
||||
};
|
||||
homes = pkgs.releaseTools.aggregate {
|
||||
name = "homes";
|
||||
constituents = lib.mapAttrsToList homeToAgg home;
|
||||
};
|
||||
|
||||
devChecks = pkgs.releaseTools.aggregate {
|
||||
name = "devChecks";
|
||||
|
||||
@ -172,6 +172,7 @@ rec {
|
||||
modules =
|
||||
[
|
||||
inputs.nixos-modules.nixosModule
|
||||
inputs.nix-index-database.nixosModules.nix-index
|
||||
(genHostName hostname)
|
||||
(configPath + "/hardware.nix")
|
||||
(configPath + "/configuration.nix")
|
||||
@ -181,7 +182,7 @@ rec {
|
||||
++ genWrapper sops genSops args
|
||||
++ genWrapper home genHome args
|
||||
++ genWrapper true genUsers args
|
||||
++ genWrapper lix ({ ... }: [ inputs.lix-module.nixosModules.default ]) args
|
||||
#++ genWrapper lix ({ ... }: [ inputs.lix-module.nixosModules.default ]) args
|
||||
++ genWrapper (system != "x86_64-linux") genNonX86 args;
|
||||
};
|
||||
|
||||
|
||||
@ -10,7 +10,7 @@ in
|
||||
image = "restic/rest-server:latest";
|
||||
volumes = [ "${restic_path}:/data" ];
|
||||
environment = {
|
||||
OPTIONS = "--prometheus --htpasswd-file /data/.htpasswd";
|
||||
OPTIONS = "--prometheus --private-repos --htpasswd-file /data/.htpasswd";
|
||||
};
|
||||
ports = [ "8010:8000" ];
|
||||
extraOptions = [
|
||||
|
||||
@ -76,6 +76,7 @@
|
||||
nix-prefetch
|
||||
nix-tree
|
||||
nh
|
||||
home-manager
|
||||
|
||||
# doom emacs dependencies
|
||||
fd
|
||||
|
||||
@ -72,7 +72,7 @@
|
||||
"sgc" = "sudo git -C /root/dotfiles";
|
||||
## SSH
|
||||
"ssh-init" =
|
||||
"ssh-add -t 2h ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota ~/.ssh/id_ed25519_gh";
|
||||
"ssh-add -t 2h ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota ~/.ssh/id_ed25519_gh ~/.ssh/id_ed25519";
|
||||
|
||||
## Backups
|
||||
"borgmatic-backup-quick" =
|
||||
|
||||
Reference in New Issue
Block a user