make restic repos private

add home-manager module for non-nixos systems
Merge pull request 'feature/lix' (#128 ) from feature/lix into main
2025-07-04 18:11:28 -04:00 · 2025-07-04 14:36:37 -04:00 · 2025-07-04 13:56:48 -04:00 · 2025-07-04 13:56:48 -04:00 · 2025-07-04 13:56:48 -04:00 · 2025-07-04 13:56:48 -04:00
9 changed files with 149 additions and 58 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -19,39 +19,39 @@ creation_rules:
    - path_regex: users/alice/secrets.*\.yaml$
      key_groups:
        - pgp:
-            - *admin_alice
+            - *admin_alice 
          age:
-            - *palatine-hill
-            - *artemision
-            - *artemision-home
+            - *palatine-hill 
+            - *artemision 
+            - *artemision-home 
    - path_regex: systems/palatine-hill/secrets.*\.yaml$
      key_groups:
        - pgp:
-            - *admin_alice
+            - *admin_alice 
          age:
-            - *palatine-hill
+            - *palatine-hill 
    - path_regex: systems/artemision/secrets.*\.yaml$
      key_groups:
        - pgp:
-            - *admin_alice
+            - *admin_alice 
          age:
-            - *artemision
+            - *artemision 
    - path_regex: systems/selinunte/secrets.*\.yaml$
      key_groups:
        - pgp:
-            - *admin_alice
+            - *admin_alice 
          age:
-            - *artemision
-            - *selinunte
+            - *artemision 
+            - *selinunte 
    - path_regex: systems/palatine-hill/docker/wg/.*\.conf$
      key_groups:
        - pgp:
-            - *admin_alice
+            - *admin_alice 
          age:
-            - *palatine-hill
+            - *palatine-hill 
    - path_regex: systems/palatine-hill/docker/openvpn/.*\.ovpn$
      key_groups:
        - pgp:
-            - *admin_alice
+            - *admin_alice 
          age:
-            - *palatine-hill
+            - *palatine-hill 
--- a/flake.lock
+++ b/flake.lock
@ -75,11 +75,11 @@
      },
      "locked": {
        "dir": "pkgs/firefox-addons",
-        "lastModified": 1751342607,
-        "narHash": "sha256-p2w7cNkcIwEzKYhL1kjohU368rNqoDOwlDJZfSyZNWg=",
+        "lastModified": 1751618693,
+        "narHash": "sha256-bAKNekZcZd4QnBO/RUxjQAgaz67bYwFXWfQENA45Scg=",
        "owner": "rycee",
        "repo": "nur-expressions",
-        "rev": "c0b09e83031df3bb3fc59cb1653035795273b222",
+        "rev": "0c5b037915083a27a260b063b127b31443827bae",
        "type": "gitlab"
      },
      "original": {
@ -124,11 +124,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1749398372,
-        "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
+        "lastModified": 1751413152,
+        "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
+        "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5",
        "type": "github"
      },
      "original": {
@ -178,6 +178,21 @@
        "type": "github"
      }
    },
+    "flakey-profile": {
+      "locked": {
+        "lastModified": 1712898590,
+        "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
+        "owner": "lf-",
+        "repo": "flakey-profile",
+        "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lf-",
+        "repo": "flakey-profile",
+        "type": "github"
+      }
+    },
    "fromYaml": {
      "flake": false,
      "locked": {
@ -266,16 +281,16 @@
    "gnome-shell": {
      "flake": false,
      "locked": {
-        "lastModified": 1744584021,
-        "narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=",
+        "lastModified": 1748186689,
+        "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=",
        "owner": "GNOME",
        "repo": "gnome-shell",
-        "rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae",
+        "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0",
        "type": "github"
      },
      "original": {
        "owner": "GNOME",
-        "ref": "48.1",
+        "ref": "48.2",
        "repo": "gnome-shell",
        "type": "github"
      }
@ -287,11 +302,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1751336185,
-        "narHash": "sha256-ptnVr2x+sl7cZcTuGx/0BOE2qCAIYHTcgfA+/h60ml0=",
+        "lastModified": 1751638848,
+        "narHash": "sha256-7HiC6w4ROEbMmKtj5pilnLOJej9HkkfU9wEd5QSTyNo=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "96354906f58464605ff81d2f6c2ea23211cbf051",
+        "rev": "7d9e3c35f0d46f82bac791d76260f15f53d83529",
        "type": "github"
      },
      "original": {
@ -343,6 +358,46 @@
        "type": "github"
      }
    },
+    "lix": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1737234286,
+        "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=",
+        "rev": "079528098f5998ba13c88821a2eca1005c1695de",
+        "type": "tarball",
+        "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz"
+      }
+    },
+    "lix-module": {
+      "inputs": {
+        "flake-utils": [
+          "flake-utils"
+        ],
+        "flakey-profile": "flakey-profile",
+        "lix": "lix",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1741892773,
+        "narHash": "sha256-8oUT6D7VlsuLkms3zBsUaPBUoxucmFq62QdtyVpjq0Y=",
+        "ref": "stable",
+        "rev": "ed7a2fa83145868ecb830d6b3c73ebfd81a9e911",
+        "revCount": 130,
+        "type": "git",
+        "url": "https://git.lix.systems/lix-project/nixos-module"
+      },
+      "original": {
+        "ref": "stable",
+        "type": "git",
+        "url": "https://git.lix.systems/lix-project/nixos-module"
+      }
+    },
    "nix": {
      "flake": false,
      "locked": {
@ -427,11 +482,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1751281697,
-        "narHash": "sha256-abHhTXGEGYhCKOc9vQbqHFG7dxwJ6AudIy1h4MUsjm0=",
+        "lastModified": 1751591814,
+        "narHash": "sha256-A4lgvuj4v+Pr8MniXz1FBG0DXOygi8tTECR+j53FMhM=",
        "owner": "lilyinstarlight",
        "repo": "nixos-cosmic",
-        "rev": "78b86e37713a1111d9e37c62b242d60be3013bd1",
+        "rev": "fef2d0c78c4e4d6c600a88795af193131ff51bdc",
        "type": "github"
      },
      "original": {
@ -463,11 +518,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1750837715,
-        "narHash": "sha256-2m1ceZjbmgrJCZ2PuQZaK4in3gcg3o6rZ7WK6dr5vAA=",
+        "lastModified": 1751432711,
+        "narHash": "sha256-136MeWtckSHTN9Z2WRNRdZ8oRP3vyx3L8UxeBYE+J9w=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "98236410ea0fe204d0447149537a924fb71a6d4f",
+        "rev": "497ae1357f1ac97f1aea31a4cb74ad0d534ef41f",
        "type": "github"
      },
      "original": {
@ -486,11 +541,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1751131209,
-        "narHash": "sha256-4Gn2E6GUCleK98nbQOC4MtSpd/sZ0+i3ZH55rbUdm5s=",
+        "lastModified": 1751649523,
+        "narHash": "sha256-39SLBeXE+bzq5ChXYB7FFzUNa+8SCnXvwe9IEgKcxWQ=",
        "owner": "SuperSandro2000",
        "repo": "nixos-modules",
-        "rev": "f8ef534458720fcdff6079db5eddfc1673b01f6e",
+        "rev": "d2a834e4f97a1ccb71c62e3091501a4e237fd6cb",
        "type": "github"
      },
      "original": {
@ -501,11 +556,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1751331362,
-        "narHash": "sha256-U4PMIjimk9RQwERsPkd7+84WRoWgaeVGDo/XuydRpns=",
+        "lastModified": 1751619433,
+        "narHash": "sha256-5aZFBHQNQzrfCisewtYBDNbiKcHbxPYChiP4dkEcSXQ=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "08ed4a9c085d54f04207ec4e8c5e0eddbe991229",
+        "rev": "a2867cc3f8acc944cb19fe0b73c840e9fa1ba589",
        "type": "github"
      },
      "original": {
@ -517,11 +572,11 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1748740939,
-        "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=",
+        "lastModified": 1751159883,
+        "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "656a64127e9d791a334452c6b6606d17539476e2",
+        "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab",
        "type": "github"
      },
      "original": {
@ -605,6 +660,7 @@
        "home-manager": "home-manager",
        "hydra": "hydra",
        "hyprland-contrib": "hyprland-contrib",
+        "lix-module": "lix-module",
        "nix-index-database": "nix-index-database",
        "nixos-cosmic": "nixos-cosmic",
        "nixos-generators": "nixos-generators",
@ -627,11 +683,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1751338093,
-        "narHash": "sha256-/yd9nPcTfUZPFtwjRbdB5yGLdt3LTPqz6Ja63Joiahs=",
+        "lastModified": 1751596734,
+        "narHash": "sha256-1tQOwmn3jEUQjH0WDJyklC+hR7Bj+iqx6ChtRX2QiPA=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "6cfb7821732dac2d3e2dea857a5613d3b856c20c",
+        "rev": "e28ba067a9368286a8bc88b68dc2ca92181a09f0",
        "type": "github"
      },
      "original": {
@ -647,11 +703,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1750119275,
-        "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=",
+        "lastModified": 1751606940,
+        "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2",
+        "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d",
        "type": "github"
      },
      "original": {
@ -688,11 +744,11 @@
        "tinted-zed": "tinted-zed"
      },
      "locked": {
-        "lastModified": 1751296480,
-        "narHash": "sha256-PMuzVs9khM7cYrjUCXQeV2OP6WVtbsmdZwa4Cc21y0o=",
+        "lastModified": 1751648901,
+        "narHash": "sha256-yC45eAT37H6rOFCGhr2iuV5dzJ/8I2N1QrKq1MwPG7U=",
        "owner": "danth",
        "repo": "stylix",
-        "rev": "4ead8043f70cc3b951e704a1f6e40c8a10230e61",
+        "rev": "dea0337e0bffeeeb941ca6caffb44e966b13a97b",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -66,6 +66,14 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };

+    lix-module = {
+      url = "git+https://git.lix.systems/lix-project/nixos-module?ref=stable";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        flake-utils.follows = "flake-utils";
+      };
+    };
+
    nix-index-database = {
      url = "github:Mic92/nix-index-database";
      inputs.nixpkgs.follows = "nixpkgs";
@ -167,6 +175,29 @@
      formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);

      nixosConfigurations = genSystems inputs outputs src (src + "/systems");
+      homeConfigurations = {
+        "alice" = inputs.home-manager.lib.homeManagerConfiguration {
+          pkgs = import nixpkgs { system = "x86_64-linux"; };
+          modules = [
+            inputs.stylix.homeModules.stylix
+            inputs.sops-nix.homeManagerModules.sops
+            inputs.nix-index-database.hmModules.nix-index
+            {
+              nixpkgs.config = {
+                allowUnfree = true;
+                allowUnfreePredicate = _: true;
+              };
+            }
+            ./users/alice/home.nix
+          ];
+          extraSpecialArgs = {
+            inherit inputs outputs;
+            machineConfig = {
+              server = false;
+            };
+          };
+        };
+      };
      images = {
        install-iso = getImages nixosConfigurations "install-iso";
        iso = getImages nixosConfigurations "iso";
--- a/lib/systems.nix
+++ b/lib/systems.nix
@ -156,6 +156,7 @@ rec {
      modules ? [ ],
      server ? true,
      sops ? true,
+      lix ? false,
      system ? "x86_64-linux",
    }@args:
    lib.nixosSystem {
@ -171,6 +172,7 @@ rec {
      modules =
        [
          inputs.nixos-modules.nixosModule
+          inputs.nix-index-database.nixosModules.nix-index
          (genHostName hostname)
          (configPath + "/hardware.nix")
          (configPath + "/configuration.nix")
@ -180,6 +182,7 @@ rec {
        ++ genWrapper sops genSops args
        ++ genWrapper home genHome args
        ++ genWrapper true genUsers args
+        ++ genWrapper lix ({ ... }: [ inputs.lix-module.nixosModules.default ]) args
        ++ genWrapper (system != "x86_64-linux") genNonX86 args;
    };

--- a/systems/artemision/default.nix
+++ b/systems/artemision/default.nix
@ -3,6 +3,7 @@
  system = "x86_64-linux";
  home = true;
  sops = true;
+  lix = true;
  server = false;
  users = [ "alice" ];
  modules = [
--- a/systems/palatine-hill/attic/default.nix
+++ b/systems/palatine-hill/attic/default.nix
@ -10,10 +10,6 @@
    attic-client
  ];

-  systemd.services.atticd.environment = {
-    RUST_LOG = "INFO";
-  };
-
  services = {
    atticd = {
      enable = true;
@ -71,6 +67,9 @@
  # configured default webstore for this on root user separately
  systemd = {
    services = {
+      atticd.environment = {
+        RUST_LOG = "INFO";
+      };
      attic-watch-store = {
        wantedBy = [ "multi-user.target" ];
        after = [
--- a/systems/palatine-hill/docker/restic.nix
+++ b/systems/palatine-hill/docker/restic.nix
@ -10,7 +10,7 @@ in
      image = "restic/rest-server:latest";
      volumes = [ "${restic_path}:/data" ];
      environment = {
-        OPTIONS = "--prometheus --htpasswd-file /data/.htpasswd";
+        OPTIONS = "--prometheus --private-repos --htpasswd-file /data/.htpasswd";
      };
      ports = [ "8010:8000" ];
      extraOptions = [
--- a/users/alice/default.nix
+++ b/users/alice/default.nix
@ -15,5 +15,6 @@ import ../default.nix {
  publicKeys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7oJjIYNRCRrUlhdGJgst6bzqubbKH0gjZYulQ1eVcZ alice@artemision"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILWG3cIBju6vzX6s8JlmGNJOiWY7pQ19bHvcqDADtWzv snowi@DESKTOP-EVIR8IH"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEMfC0IXl9sGx+9FjuYZT2OUfffGjciJIHWqZdEU1d3n alice@parthenon-7588"
  ];
 }
--- a/users/alice/home/zsh.nix
+++ b/users/alice/home/zsh.nix
@ -72,7 +72,7 @@
      "sgc" = "sudo git -C /root/dotfiles";
      ## SSH
      "ssh-init" =
-        "ssh-add -t 2h  ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails  ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota ~/.ssh/id_ed25519_gh";
+        "ssh-add -t 2h  ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails  ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota ~/.ssh/id_ed25519_gh ~/.ssh/id_ed25519";

      ## Backups
      "borgmatic-backup-quick" =
Author	SHA1	Message	Date
ahuston-0	8f8bb999a3	make restic repos private	2025-07-04 18:11:28 -04:00
ahuston-0	f11b0f9e0a	add home-manager module for non-nixos systems	2025-07-04 14:36:37 -04:00
ahuston-0	1ba29c6d07	Merge pull request 'feature/lix' (#128 ) from feature/lix into main All checks were successful Check flake.lock / Check health of `flake.lock` (push) Successful in 9m23s Details Check Nix flake / Perform Nix flake checks (push) Successful in 15m22s Details Update flakes / update_lockfile (push) Successful in 22m21s Details Reviewed-on: #128	2025-07-04 13:56:48 -04:00
ahuston-0	bb81c54d45	update flake lock	2025-07-04 13:56:48 -04:00
ahuston-0	70037306ec	update flake lock	2025-07-04 13:56:48 -04:00
ahuston-0	c310e8b5c3	update flake lock	2025-07-04 13:56:48 -04:00
ahuston-0	afccd339e9	add lix to artemision	2025-07-04 13:56:48 -04:00
ahuston-0	8b5c833785	fix lix linting error	2025-07-04 13:56:48 -04:00
ahuston-0	b5841dd58e	Merge pull request 'automated: Update `flake.lock`' (#127 ) from update-flake-lock into main All checks were successful Check flake.lock / Check health of `flake.lock` (push) Successful in 9m38s Details Check Nix flake / Perform Nix flake checks (push) Successful in 14m44s Details Reviewed-on: #127	2025-07-04 11:19:47 -04:00
github-actions[bot]	49b684bf53	automated: Update `flake.lock` All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 9m32s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 14m31s Details Auto-generated by [update.yml][1] with the help of [create-pull-request][2]. [1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml [2]: https://forgejo.stefka.eu/jiriks74/create-pull-request	2025-07-04 12:21:53 +00:00
ahuston-0	bb85894ae7	Merge pull request 'add parthenon key' (#126 ) from feature/add-parthenon into main All checks were successful Check flake.lock / Check health of `flake.lock` (push) Successful in 12s Details Check Nix flake / Perform Nix flake checks (push) Successful in 5m5s Details Update flakes / update_lockfile (push) Successful in 22m15s Details Reviewed-on: #126	2025-07-04 01:05:05 -04:00
ahuston-0	09ae81d71e	add parthenon key	2025-07-04 01:05:05 -04:00
ahuston-0	afa3cb8ca2	Merge pull request 'automated: Update `flake.lock`' (#125 ) from update-flake-lock into main All checks were successful Check flake.lock / Check health of `flake.lock` (push) Successful in 8s Details Check Nix flake / Perform Nix flake checks (push) Successful in 5m53s Details Reviewed-on: #125	2025-07-04 00:58:29 -04:00
github-actions[bot]	055f6d3509	automated: Update `flake.lock` All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 32s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 5m45s Details Auto-generated by [update.yml][1] with the help of [create-pull-request][2]. [1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml [2]: https://forgejo.stefka.eu/jiriks74/create-pull-request	2025-07-03 12:15:15 +00:00