ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Compare commits

base: ahuston-0:e0e1159c207552fa737e4f4a5e1cfd22177c04a9
Branches Tags
ahuston-0:main ahuston-0:update-flake-lock ahuston-0:feature/add-parthenon ahuston-0:ahuston-0-patch-2 ahuston-0:feature/add-pc ahuston-0:feature/add-jessica ahuston-0:feature/gitea-minio ahuston-0:feature/ftb-app ahuston-0:feature/hetzner-bridge ahuston-0:feature/setting-up-greylog ahuston-0:feature/build-cache ahuston-0:hotfix/zfs-import ahuston-0:feature/add-unpackerr ahuston-0:feature/pscsd-yubikey ahuston-0:feature/overseerr ahuston-0:feature/onboarding-kubernetes
..
compare: ahuston-0:feature/add-parthenon
Branches Tags
ahuston-0:update-flake-lock ahuston-0:main ahuston-0:feature/add-parthenon ahuston-0:ahuston-0-patch-2 ahuston-0:feature/add-pc ahuston-0:feature/add-jessica ahuston-0:feature/gitea-minio ahuston-0:feature/ftb-app ahuston-0:feature/hetzner-bridge ahuston-0:feature/setting-up-greylog ahuston-0:feature/build-cache ahuston-0:hotfix/zfs-import ahuston-0:feature/add-unpackerr ahuston-0:feature/pscsd-yubikey ahuston-0:feature/overseerr ahuston-0:feature/onboarding-kubernetes

2 Commits
e0e1159c20 ... feature/ad

Author SHA1 Message Date
ahuston-0
f063b8827e Merge branch 'main' into feature/add-parthenon
All checks were successful
Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 45s
Details
Check Nix flake / Perform Nix flake checks (pull_request) Successful in 6m14s
Details
2025-07-04 00:58:37 -04:00
ahuston-0
84b16ff0c1 add parthenon key
All checks were successful
Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 14s
Details
Check Nix flake / Perform Nix flake checks (pull_request) Successful in 5m41s
Details
2025-07-04 00:55:53 -04:00
10 changed files with 151 additions and 116 deletions
Expand all files Collapse all files

30
.sops.yaml
View File

@ -19,39 +19,39 @@ creation_rules:
- path_regex: users/alice/secrets.*\.yaml$
key_groups:
- pgp:
- *admin_alice
- *admin_alice
age:
- *palatine-hill
- *artemision
- *artemision-home
- *palatine-hill
- *artemision
- *artemision-home
- path_regex: systems/palatine-hill/secrets.*\.yaml$
key_groups:
- pgp:
- *admin_alice
- *admin_alice
age:
- *palatine-hill
- *palatine-hill
- path_regex: systems/artemision/secrets.*\.yaml$
key_groups:
- pgp:
- *admin_alice
- *admin_alice
age:
- *artemision
- *artemision
- path_regex: systems/selinunte/secrets.*\.yaml$
key_groups:
- pgp:
- *admin_alice
- *admin_alice
age:
- *artemision
- *selinunte
- *artemision
- *selinunte
- path_regex: systems/palatine-hill/docker/wg/.*\.conf$
key_groups:
- pgp:
- *admin_alice
- *admin_alice
age:
- *palatine-hill
- *palatine-hill
- path_regex: systems/palatine-hill/docker/openvpn/.*\.ovpn$
key_groups:
- pgp:
- *admin_alice
- *admin_alice
age:
- *palatine-hill
- *palatine-hill

182
flake.lock generated
View File

@ -75,11 +75,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1752206617,
"narHash": "sha256-/Pu0pBOI3hsg3eIK6AsQ6kwvONqE2b1b/zOz06ePJKE=",
"lastModified": 1751515409,
"narHash": "sha256-yu+/TxHkuZ8GHKwpKTv1BpfbYD1wH1CyPsOmY72chTg=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "680d0ba892443d95ad1afdc523686573111e6c1a",
"rev": "2e0dcafe8c48470e036908f34a2a1413f75bd804",
"type": "gitlab"
},
"original": {
@ -145,11 +145,11 @@
]
},
"locked": {
"lastModified": 1751413152,
"narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=",
"lastModified": 1743550720,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "77826244401ea9de6e3bac47c2db46005e1f30b5",
"rev": "c621e8422220273271f52058f618c94e405bb0f5",
"type": "github"
},
"original": {
@ -194,6 +194,32 @@
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": [
"stylix",
"flake-compat"
],
"gitignore": "gitignore_2",
"nixpkgs": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1747372754,
"narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
@ -215,6 +241,28 @@
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"stylix",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gnome-shell": {
"flake": false,
"locked": {
@ -239,11 +287,11 @@
]
},
"locked": {
"lastModified": 1752202894,
"narHash": "sha256-knafgng4gCjZIUMyAEWjxxdols6n/swkYnbWr+oF+1w=",
"lastModified": 1751513147,
"narHash": "sha256-idSXM3Y0KNf/WDDqGfthiOSQMwZYwis1JZhTkdWrr6A=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "fab659b346c0d4252208434c3c4b3983a4b38fec",
"rev": "426b405d979d893832549b95f23c13537c65d244",
"type": "github"
},
"original": {
@ -282,11 +330,11 @@
]
},
"locked": {
"lastModified": 1752069516,
"narHash": "sha256-dyzDJvt8IVgHJVmpnw1mueHHSLYnChW1XMkwz9WUBZ8=",
"lastModified": 1750372088,
"narHash": "sha256-LPwgPRBTfnA76rHUr7KYvwq2pNt5IfxymNAZUJFvn/M=",
"owner": "hyprwm",
"repo": "contrib",
"rev": "34d0c01910552b873a07c96921ef70e32bf369a2",
"rev": "189f32f56285aae9646bf1292976392beba5a2e2",
"type": "github"
},
"original": {
@ -335,11 +383,11 @@
]
},
"locked": {
"lastModified": 1751774635,
"narHash": "sha256-DuOznGdgMxeSlPpUu6Wkq0ZD5e2Cfv9XRZeZlHWMd1s=",
"lastModified": 1751170039,
"narHash": "sha256-3EKpUmyGmHYA/RuhZjINTZPU+OFWko0eDwazUOW64nw=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "85686025ba6d18df31cc651a91d5adef63378978",
"rev": "9c932ae632d6b5150515e5749b198c175d8565db",
"type": "github"
},
"original": {
@ -379,11 +427,11 @@
]
},
"locked": {
"lastModified": 1751591814,
"narHash": "sha256-A4lgvuj4v+Pr8MniXz1FBG0DXOygi8tTECR+j53FMhM=",
"lastModified": 1751281697,
"narHash": "sha256-abHhTXGEGYhCKOc9vQbqHFG7dxwJ6AudIy1h4MUsjm0=",
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"rev": "fef2d0c78c4e4d6c600a88795af193131ff51bdc",
"rev": "78b86e37713a1111d9e37c62b242d60be3013bd1",
"type": "github"
},
"original": {
@ -400,11 +448,11 @@
]
},
"locked": {
"lastModified": 1751903740,
"narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=",
"lastModified": 1747663185,
"narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "032decf9db65efed428afd2fa39d80f7089085eb",
"rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc",
"type": "github"
},
"original": {
@ -415,11 +463,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1752048960,
"narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=",
"lastModified": 1751432711,
"narHash": "sha256-136MeWtckSHTN9Z2WRNRdZ8oRP3vyx3L8UxeBYE+J9w=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806",
"rev": "497ae1357f1ac97f1aea31a4cb74ad0d534ef41f",
"type": "github"
},
"original": {
@ -438,11 +486,11 @@
]
},
"locked": {
"lastModified": 1752190421,
"narHash": "sha256-IXOsH31wgX1DXW1H1WMTBBMqz5Qhw2je6ObmzGK7z+w=",
"lastModified": 1751469444,
"narHash": "sha256-L5vPflQCt7WWzL66cA0ZbITfg+vzrSf6Ak5m4s6vDds=",
"owner": "SuperSandro2000",
"repo": "nixos-modules",
"rev": "17972ee0700a8e647e3fe74aa15315b5ccad4f06",
"rev": "ed24075c9b4d1cedac253f31aaa2d4729d4fdf53",
"type": "github"
},
"original": {
@ -453,11 +501,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1752206449,
"narHash": "sha256-NVAbC/s4CupABWGXF8M9mDiVw/n0YCftxwc1KatVjDk=",
"lastModified": 1751529439,
"narHash": "sha256-fn4qiux6lOX2MEB5VU/KFUhjc4HuQON2SexwJnC1ibc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1bd4d0d4a678d48b63eb18f457d74df2fcee6c69",
"rev": "f596e2141c241f5cca21188543cd4dcda32f2c3c",
"type": "github"
},
"original": {
@ -507,14 +555,15 @@
"nixpkgs": [
"stylix",
"nixpkgs"
]
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1751906969,
"narHash": "sha256-BSQAOdPnzdpOuCdAGSJmefSDlqmStFNScEnrWzSqKPw=",
"lastModified": 1748730660,
"narHash": "sha256-5LKmRYKdPuhm8j5GFe3AfrJL8dd8o57BQ34AGjJl1R0=",
"owner": "nix-community",
"repo": "NUR",
"rev": "ddb679f4131e819efe3bbc6457ba19d7ad116f25",
"rev": "2c0bc52fe14681e9ef60e3553888c4f086e46ecb",
"type": "github"
},
"original": {
@ -578,11 +627,11 @@
]
},
"locked": {
"lastModified": 1752201818,
"narHash": "sha256-d8KczaVT8WFEZdWg//tMAbv8EDyn2YTWcJvSY8gqKBU=",
"lastModified": 1751510438,
"narHash": "sha256-m8PjOoyyCR4nhqtHEBP1tB/jF+gJYYguSZmUmVTEAQE=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "bd8f8329780b348fedcd37b53dbbee48c08c496d",
"rev": "7f415261f298656f8164bd636c0dc05af4e95b6b",
"type": "github"
},
"original": {
@ -598,11 +647,11 @@
]
},
"locked": {
"lastModified": 1751606940,
"narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=",
"lastModified": 1750119275,
"narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d",
"rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2",
"type": "github"
},
"original": {
@ -618,8 +667,15 @@
"base16-helix": "base16-helix",
"base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-compat": [
"flake-compat"
],
"flake-parts": "flake-parts_2",
"git-hooks": "git-hooks",
"gnome-shell": "gnome-shell",
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
],
@ -632,11 +688,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1752231632,
"narHash": "sha256-ZuFQ62qagCV5GHSbwnpLk92HxKlNjG7w4wbkT1OrhUA=",
"lastModified": 1751498047,
"narHash": "sha256-2T/VKbqqp4KTz3szFl58AaI+LBg9ctLjnP1IQA8sPg8=",
"owner": "danth",
"repo": "stylix",
"rev": "0150050d6eed373b04fd85e08bd2ae7b5cc8d3b2",
"rev": "d21cfb364a78ad72935625e79b8c5d497f0b7616",
"type": "github"
},
"original": {
@ -711,11 +767,11 @@
"tinted-schemes": {
"flake": false,
"locked": {
"lastModified": 1750770351,
"narHash": "sha256-LI+BnRoFNRa2ffbe3dcuIRYAUcGklBx0+EcFxlHj0SY=",
"lastModified": 1748180480,
"narHash": "sha256-7n0XiZiEHl2zRhDwZd/g+p38xwEoWtT0/aESwTMXWG4=",
"owner": "tinted-theming",
"repo": "schemes",
"rev": "5a775c6ffd6e6125947b393872cde95867d85a2a",
"rev": "87d652edd26f5c0c99deda5ae13dfb8ece2ffe31",
"type": "github"
},
"original": {
@ -727,11 +783,11 @@
"tinted-tmux": {
"flake": false,
"locked": {
"lastModified": 1751159871,
"narHash": "sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE=",
"lastModified": 1748740859,
"narHash": "sha256-OEM12bg7F4N5WjZOcV7FHJbqRI6jtCqL6u8FtPrlZz4=",
"owner": "tinted-theming",
"repo": "tinted-tmux",
"rev": "bded5e24407cec9d01bd47a317d15b9223a1546c",
"rev": "57d5f9683ff9a3b590643beeaf0364da819aedda",
"type": "github"
},
"original": {
@ -743,11 +799,11 @@
"tinted-zed": {
"flake": false,
"locked": {
"lastModified": 1751158968,
"narHash": "sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR+C98jX8=",
"lastModified": 1725758778,
"narHash": "sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4=",
"owner": "tinted-theming",
"repo": "base16-zed",
"rev": "86a470d94204f7652b906ab0d378e4231a5b3384",
"rev": "122c9e5c0e6f27211361a04fae92df97940eccf9",
"type": "github"
},
"original": {
@ -756,6 +812,28 @@
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"stylix",
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733222881,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"wired-notify": {
"inputs": {
"flake-parts": [

31
flake.nix
View File

@ -66,14 +66,6 @@
inputs.nixpkgs.follows = "nixpkgs";
};
#lix-module = {
# url = "git+https://git.lix.systems/lix-project/nixos-module?ref=stable";
# inputs = {
# nixpkgs.follows = "nixpkgs";
# flake-utils.follows = "flake-utils";
# };
#};
nix-index-database = {
url = "github:Mic92/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
@ -175,29 +167,6 @@
formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
nixosConfigurations = genSystems inputs outputs src (src + "/systems");
homeConfigurations = {
"alice" = inputs.home-manager.lib.homeManagerConfiguration {
pkgs = import nixpkgs { system = "x86_64-linux"; };
modules = [
inputs.stylix.homeModules.stylix
inputs.sops-nix.homeManagerModules.sops
inputs.nix-index-database.hmModules.nix-index
{
nixpkgs.config = {
allowUnfree = true;
allowUnfreePredicate = _: true;
};
}
./users/alice/home.nix
];
extraSpecialArgs = {
inherit inputs outputs;
machineConfig = {
server = false;
};
};
};
};
images = {
install-iso = getImages nixosConfigurations "install-iso";
iso = getImages nixosConfigurations "iso";

8
hydra/jobs.nix
View File

@ -10,9 +10,6 @@ let
getCfg = _: cfg: cfg.config.system.build.toplevel;
hostToAgg = _: cfg: cfg;
getHome = _: cfg: cfg.config.home.activationPackage;
homeToAgg = _: cfg: cfg;
# get per-system check derivation (with optional postfix)
mapSystems =
{
@ -25,16 +22,11 @@ rec {
inherit (outputs) formatter devShells checks;
host = lib.mapAttrs getCfg outputs.nixosConfigurations;
home = lib.mapAttrs getHome outputs.homeConfigurations; # homeConfigurations.alice.config.home.activationPackage
hosts = pkgs.releaseTools.aggregate {
name = "hosts";
constituents = lib.mapAttrsToList hostToAgg host;
};
homes = pkgs.releaseTools.aggregate {
name = "homes";
constituents = lib.mapAttrsToList homeToAgg home;
};
devChecks = pkgs.releaseTools.aggregate {
name = "devChecks";

3
lib/systems.nix
View File

@ -156,7 +156,6 @@ rec {
modules ? [ ],
server ? true,
sops ? true,
lix ? false,
system ? "x86_64-linux",
}@args:
lib.nixosSystem {
@ -172,7 +171,6 @@ rec {
modules =
[
inputs.nixos-modules.nixosModule
inputs.nix-index-database.nixosModules.nix-index
(genHostName hostname)
(configPath + "/hardware.nix")
(configPath + "/configuration.nix")
@ -182,7 +180,6 @@ rec {
++ genWrapper sops genSops args
++ genWrapper home genHome args
++ genWrapper true genUsers args
#++ genWrapper lix ({ ... }: [ inputs.lix-module.nixosModules.default ]) args
++ genWrapper (system != "x86_64-linux") genNonX86 args;
};

1
systems/artemision/default.nix
View File

@ -3,7 +3,6 @@
system = "x86_64-linux";
home = true;
sops = true;
lix = true;
server = false;
users = [ "alice" ];
modules = [

7
systems/palatine-hill/attic/default.nix
View File

@ -10,6 +10,10 @@
attic-client
];
systemd.services.atticd.environment = {
RUST_LOG = "INFO";
};
services = {
atticd = {
enable = true;
@ -67,9 +71,6 @@
# configured default webstore for this on root user separately
systemd = {
services = {
atticd.environment = {
RUST_LOG = "INFO";
};
attic-watch-store = {
wantedBy = [ "multi-user.target" ];
after = [

2
systems/palatine-hill/docker/restic.nix
View File

@ -10,7 +10,7 @@ in
image = "restic/rest-server:latest";
volumes = [ "${restic_path}:/data" ];
environment = {
OPTIONS = "--prometheus --private-repos --htpasswd-file /data/.htpasswd";
OPTIONS = "--prometheus --htpasswd-file /data/.htpasswd";
};
ports = [ "8010:8000" ];
extraOptions = [

1
users/alice/home.nix
View File

@ -76,7 +76,6 @@
nix-prefetch
nix-tree
nh
home-manager
# doom emacs dependencies
fd

2
users/alice/home/zsh.nix
View File

@ -72,7 +72,7 @@
"sgc" = "sudo git -C /root/dotfiles";
## SSH
"ssh-init" =
"ssh-add -t 2h ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota ~/.ssh/id_ed25519_gh ~/.ssh/id_ed25519";
"ssh-add -t 2h ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota ~/.ssh/id_ed25519_gh";
## Backups
"borgmatic-backup-quick" =