ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 4 Actions Packages Projects Releases Wiki Activity

Compare commits

base: ahuston-0:feature/add-parthenon
Branches Tags
ahuston-0:main ahuston-0:update-flake-lock ahuston-0:feature/add-drafts ahuston-0:feature/add-parthenon ahuston-0:ahuston-0-patch-2 ahuston-0:feature/add-pc ahuston-0:feature/add-jessica ahuston-0:feature/gitea-minio ahuston-0:feature/ftb-app ahuston-0:feature/hetzner-bridge ahuston-0:feature/setting-up-greylog ahuston-0:feature/build-cache ahuston-0:hotfix/zfs-import ahuston-0:feature/add-unpackerr ahuston-0:feature/pscsd-yubikey ahuston-0:feature/overseerr ahuston-0:feature/onboarding-kubernetes
..
compare: ahuston-0:2df1ef27e1d3ca472c6b74029d6e95a1cdfc0b27
Branches Tags
ahuston-0:update-flake-lock ahuston-0:feature/add-drafts ahuston-0:main ahuston-0:feature/add-parthenon ahuston-0:ahuston-0-patch-2 ahuston-0:feature/add-pc ahuston-0:feature/add-jessica ahuston-0:feature/gitea-minio ahuston-0:feature/ftb-app ahuston-0:feature/hetzner-bridge ahuston-0:feature/setting-up-greylog ahuston-0:feature/build-cache ahuston-0:hotfix/zfs-import ahuston-0:feature/add-unpackerr ahuston-0:feature/pscsd-yubikey ahuston-0:feature/overseerr ahuston-0:feature/onboarding-kubernetes

14 Commits
feature/ad ... 2df1ef27e1

Author SHA1 Message Date
ahuston-0
2df1ef27e1 Merge pull request 'feature/home-config' (#130) from feature/home-config into main
Some checks failed
Check flake.lock / Check health of `flake.lock` (push) Successful in 9m39s
Details
Check Nix flake / Perform Nix flake checks (push) Successful in 14m38s
Details
Update flakes / update_lockfile (push) Failing after 23m0s
Details 
Reviewed-on: #130
 2025-07-08 01:26:38 -04:00
ahuston-0
f4ff5a6251 remove lix, add homes to hydra
All checks were successful
Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 9m40s
Details
Check Nix flake / Perform Nix flake checks (pull_request) Successful in 14m52s
Details
2025-07-08 01:10:59 -04:00
ahuston-0
8f8bb999a3 make restic repos private 2025-07-04 18:11:28 -04:00
ahuston-0
f11b0f9e0a add home-manager module for non-nixos systems 2025-07-04 14:36:37 -04:00
ahuston-0
1ba29c6d07 Merge pull request 'feature/lix' (#128) from feature/lix into main
All checks were successful
Check flake.lock / Check health of `flake.lock` (push) Successful in 9m23s
Details
Check Nix flake / Perform Nix flake checks (push) Successful in 15m22s
Details
Update flakes / update_lockfile (push) Successful in 21m33s
Details 
Reviewed-on: #128
 2025-07-04 13:56:48 -04:00
ahuston-0
bb81c54d45 update flake lock 2025-07-04 13:56:48 -04:00
ahuston-0
70037306ec update flake lock 2025-07-04 13:56:48 -04:00
ahuston-0
c310e8b5c3 update flake lock 2025-07-04 13:56:48 -04:00
ahuston-0
afccd339e9 add lix to artemision 2025-07-04 13:56:48 -04:00
ahuston-0
8b5c833785 fix lix linting error 2025-07-04 13:56:48 -04:00
ahuston-0
b5841dd58e Merge pull request 'automated: Update flake.lock' (#127) from update-flake-lock into main
All checks were successful
Check flake.lock / Check health of `flake.lock` (push) Successful in 9m38s
Details
Check Nix flake / Perform Nix flake checks (push) Successful in 14m44s
Details 
Reviewed-on: #127
 2025-07-04 11:19:47 -04:00
github-actions[bot]
49b684bf53 automated: Update flake.lock
All checks were successful
Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 9m32s
Details
Check Nix flake / Perform Nix flake checks (pull_request) Successful in 14m31s
Details 
Auto-generated by [update.yml][1] with the help of
[create-pull-request][2].

[1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml
[2]: https://forgejo.stefka.eu/jiriks74/create-pull-request
 2025-07-04 12:21:53 +00:00
ahuston-0
bb85894ae7 Merge pull request 'add parthenon key' (#126) from feature/add-parthenon into main
All checks were successful
Check flake.lock / Check health of `flake.lock` (push) Successful in 12s
Details
Check Nix flake / Perform Nix flake checks (push) Successful in 5m5s
Details
Update flakes / update_lockfile (push) Successful in 22m15s
Details 
Reviewed-on: #126
 2025-07-04 01:05:05 -04:00
ahuston-0
09ae81d71e add parthenon key 2025-07-04 01:05:05 -04:00
10 changed files with 88 additions and 45 deletions
Expand all files Collapse all files

30
.sops.yaml
View File

@@ -19,39 +19,39 @@ creation_rules:
- path_regex: users/alice/secrets.*\.yaml$ - path_regex: users/alice/secrets.*\.yaml$
key_groups: key_groups:
- pgp: - pgp:
- *admin_alice - *admin_alice
age: age:
- *palatine-hill - *palatine-hill
- *artemision - *artemision
- *artemision-home - *artemision-home
- path_regex: systems/palatine-hill/secrets.*\.yaml$ - path_regex: systems/palatine-hill/secrets.*\.yaml$
key_groups: key_groups:
- pgp: - pgp:
- *admin_alice - *admin_alice
age: age:
- *palatine-hill - *palatine-hill
- path_regex: systems/artemision/secrets.*\.yaml$ - path_regex: systems/artemision/secrets.*\.yaml$
key_groups: key_groups:
- pgp: - pgp:
- *admin_alice - *admin_alice
age: age:
- *artemision - *artemision
- path_regex: systems/selinunte/secrets.*\.yaml$ - path_regex: systems/selinunte/secrets.*\.yaml$
key_groups: key_groups:
- pgp: - pgp:
- *admin_alice - *admin_alice
age: age:
- *artemision - *artemision
- *selinunte - *selinunte
- path_regex: systems/palatine-hill/docker/wg/.*\.conf$ - path_regex: systems/palatine-hill/docker/wg/.*\.conf$
key_groups: key_groups:
- pgp: - pgp:
- *admin_alice - *admin_alice
age: age:
- *palatine-hill - *palatine-hill
- path_regex: systems/palatine-hill/docker/openvpn/.*\.ovpn$ - path_regex: systems/palatine-hill/docker/openvpn/.*\.ovpn$
key_groups: key_groups:
- pgp: - pgp:
- *admin_alice - *admin_alice
age: age:
- *palatine-hill - *palatine-hill

48
flake.lock generated
View File

@@ -75,11 +75,11 @@
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1751515409, "lastModified": 1751618693,
"narHash": "sha256-yu+/TxHkuZ8GHKwpKTv1BpfbYD1wH1CyPsOmY72chTg=", "narHash": "sha256-bAKNekZcZd4QnBO/RUxjQAgaz67bYwFXWfQENA45Scg=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "2e0dcafe8c48470e036908f34a2a1413f75bd804", "rev": "0c5b037915083a27a260b063b127b31443827bae",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@@ -287,11 +287,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1751513147, "lastModified": 1751638848,
"narHash": "sha256-idSXM3Y0KNf/WDDqGfthiOSQMwZYwis1JZhTkdWrr6A=", "narHash": "sha256-7HiC6w4ROEbMmKtj5pilnLOJej9HkkfU9wEd5QSTyNo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "426b405d979d893832549b95f23c13537c65d244", "rev": "7d9e3c35f0d46f82bac791d76260f15f53d83529",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -427,11 +427,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1751281697, "lastModified": 1751591814,
"narHash": "sha256-abHhTXGEGYhCKOc9vQbqHFG7dxwJ6AudIy1h4MUsjm0=", "narHash": "sha256-A4lgvuj4v+Pr8MniXz1FBG0DXOygi8tTECR+j53FMhM=",
"owner": "lilyinstarlight", "owner": "lilyinstarlight",
"repo": "nixos-cosmic", "repo": "nixos-cosmic",
"rev": "78b86e37713a1111d9e37c62b242d60be3013bd1", "rev": "fef2d0c78c4e4d6c600a88795af193131ff51bdc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -486,11 +486,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1751469444, "lastModified": 1751649523,
"narHash": "sha256-L5vPflQCt7WWzL66cA0ZbITfg+vzrSf6Ak5m4s6vDds=", "narHash": "sha256-39SLBeXE+bzq5ChXYB7FFzUNa+8SCnXvwe9IEgKcxWQ=",
"owner": "SuperSandro2000", "owner": "SuperSandro2000",
"repo": "nixos-modules", "repo": "nixos-modules",
"rev": "ed24075c9b4d1cedac253f31aaa2d4729d4fdf53", "rev": "d2a834e4f97a1ccb71c62e3091501a4e237fd6cb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -501,11 +501,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1751529439, "lastModified": 1751619433,
"narHash": "sha256-fn4qiux6lOX2MEB5VU/KFUhjc4HuQON2SexwJnC1ibc=", "narHash": "sha256-5aZFBHQNQzrfCisewtYBDNbiKcHbxPYChiP4dkEcSXQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f596e2141c241f5cca21188543cd4dcda32f2c3c", "rev": "a2867cc3f8acc944cb19fe0b73c840e9fa1ba589",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -627,11 +627,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1751510438, "lastModified": 1751596734,
"narHash": "sha256-m8PjOoyyCR4nhqtHEBP1tB/jF+gJYYguSZmUmVTEAQE=", "narHash": "sha256-1tQOwmn3jEUQjH0WDJyklC+hR7Bj+iqx6ChtRX2QiPA=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "7f415261f298656f8164bd636c0dc05af4e95b6b", "rev": "e28ba067a9368286a8bc88b68dc2ca92181a09f0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -647,11 +647,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1750119275, "lastModified": 1751606940,
"narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=", "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2", "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -688,11 +688,11 @@
"tinted-zed": "tinted-zed" "tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1751498047, "lastModified": 1751648901,
"narHash": "sha256-2T/VKbqqp4KTz3szFl58AaI+LBg9ctLjnP1IQA8sPg8=", "narHash": "sha256-yC45eAT37H6rOFCGhr2iuV5dzJ/8I2N1QrKq1MwPG7U=",
"owner": "danth", "owner": "danth",
"repo": "stylix", "repo": "stylix",
"rev": "d21cfb364a78ad72935625e79b8c5d497f0b7616", "rev": "dea0337e0bffeeeb941ca6caffb44e966b13a97b",
"type": "github" "type": "github"
}, },
"original": { "original": {

31
flake.nix
View File

@@ -66,6 +66,14 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
#lix-module = {
# url = "git+https://git.lix.systems/lix-project/nixos-module?ref=stable";
# inputs = {
# nixpkgs.follows = "nixpkgs";
# flake-utils.follows = "flake-utils";
# };
#};
nix-index-database = { nix-index-database = {
url = "github:Mic92/nix-index-database"; url = "github:Mic92/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@@ -167,6 +175,29 @@
formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style); formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
nixosConfigurations = genSystems inputs outputs src (src + "/systems"); nixosConfigurations = genSystems inputs outputs src (src + "/systems");
homeConfigurations = {
"alice" = inputs.home-manager.lib.homeManagerConfiguration {
pkgs = import nixpkgs { system = "x86_64-linux"; };
modules = [
inputs.stylix.homeModules.stylix
inputs.sops-nix.homeManagerModules.sops
inputs.nix-index-database.hmModules.nix-index
{
nixpkgs.config = {
allowUnfree = true;
allowUnfreePredicate = _: true;
};
}
./users/alice/home.nix
];
extraSpecialArgs = {
inherit inputs outputs;
machineConfig = {
server = false;
};
};
};
};
images = { images = {
install-iso = getImages nixosConfigurations "install-iso"; install-iso = getImages nixosConfigurations "install-iso";
iso = getImages nixosConfigurations "iso"; iso = getImages nixosConfigurations "iso";

8
hydra/jobs.nix
View File

@@ -10,6 +10,9 @@ let
getCfg = _: cfg: cfg.config.system.build.toplevel; getCfg = _: cfg: cfg.config.system.build.toplevel;
hostToAgg = _: cfg: cfg; hostToAgg = _: cfg: cfg;
getHome = _: cfg: cfg.config.home.activationPackage;
homeToAgg = _: cfg: cfg;
# get per-system check derivation (with optional postfix) # get per-system check derivation (with optional postfix)
mapSystems = mapSystems =
{ {
@@ -22,11 +25,16 @@ rec {
inherit (outputs) formatter devShells checks; inherit (outputs) formatter devShells checks;
host = lib.mapAttrs getCfg outputs.nixosConfigurations; host = lib.mapAttrs getCfg outputs.nixosConfigurations;
home = lib.mapAttrs getHome outputs.homeConfigurations; # homeConfigurations.alice.config.home.activationPackage
hosts = pkgs.releaseTools.aggregate { hosts = pkgs.releaseTools.aggregate {
name = "hosts"; name = "hosts";
constituents = lib.mapAttrsToList hostToAgg host; constituents = lib.mapAttrsToList hostToAgg host;
}; };
homes = pkgs.releaseTools.aggregate {
name = "homes";
constituents = lib.mapAttrsToList homeToAgg home;
};
devChecks = pkgs.releaseTools.aggregate { devChecks = pkgs.releaseTools.aggregate {
name = "devChecks"; name = "devChecks";

3
lib/systems.nix
View File

@@ -156,6 +156,7 @@ rec {
modules ? [ ], modules ? [ ],
server ? true, server ? true,
sops ? true, sops ? true,
lix ? false,
system ? "x86_64-linux", system ? "x86_64-linux",
}@args: }@args:
lib.nixosSystem { lib.nixosSystem {
@@ -171,6 +172,7 @@ rec {
modules = modules =
[ [
inputs.nixos-modules.nixosModule inputs.nixos-modules.nixosModule
inputs.nix-index-database.nixosModules.nix-index
(genHostName hostname) (genHostName hostname)
(configPath + "/hardware.nix") (configPath + "/hardware.nix")
(configPath + "/configuration.nix") (configPath + "/configuration.nix")
@@ -180,6 +182,7 @@ rec {
++ genWrapper sops genSops args ++ genWrapper sops genSops args
++ genWrapper home genHome args ++ genWrapper home genHome args
++ genWrapper true genUsers args ++ genWrapper true genUsers args
#++ genWrapper lix ({ ... }: [ inputs.lix-module.nixosModules.default ]) args
++ genWrapper (system != "x86_64-linux") genNonX86 args; ++ genWrapper (system != "x86_64-linux") genNonX86 args;
}; };

1
systems/artemision/default.nix
View File

@@ -3,6 +3,7 @@
system = "x86_64-linux"; system = "x86_64-linux";
home = true; home = true;
sops = true; sops = true;
lix = true;
server = false; server = false;
users = [ "alice" ]; users = [ "alice" ];
modules = [ modules = [

7
systems/palatine-hill/attic/default.nix
View File

@@ -10,10 +10,6 @@
attic-client attic-client
]; ];
systemd.services.atticd.environment = {
RUST_LOG = "INFO";
};
services = { services = {
atticd = { atticd = {
enable = true; enable = true;
@@ -71,6 +67,9 @@
# configured default webstore for this on root user separately # configured default webstore for this on root user separately
systemd = { systemd = {
services = { services = {
atticd.environment = {
RUST_LOG = "INFO";
};
attic-watch-store = { attic-watch-store = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ after = [

2
systems/palatine-hill/docker/restic.nix
View File

@@ -10,7 +10,7 @@ in
image = "restic/rest-server:latest"; image = "restic/rest-server:latest";
volumes = [ "${restic_path}:/data" ]; volumes = [ "${restic_path}:/data" ];
environment = { environment = {
OPTIONS = "--prometheus --htpasswd-file /data/.htpasswd"; OPTIONS = "--prometheus --private-repos --htpasswd-file /data/.htpasswd";
}; };
ports = [ "8010:8000" ]; ports = [ "8010:8000" ];
extraOptions = [ extraOptions = [

1
users/alice/home.nix
View File

@@ -76,6 +76,7 @@
nix-prefetch nix-prefetch
nix-tree nix-tree
nh nh
home-manager
# doom emacs dependencies # doom emacs dependencies
fd fd

2
users/alice/home/zsh.nix
View File

@@ -72,7 +72,7 @@
"sgc" = "sudo git -C /root/dotfiles"; "sgc" = "sudo git -C /root/dotfiles";
## SSH ## SSH
"ssh-init" = "ssh-init" =
"ssh-add -t 2h ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota ~/.ssh/id_ed25519_gh"; "ssh-add -t 2h ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota ~/.ssh/id_ed25519_gh ~/.ssh/id_ed25519";
## Backups ## Backups
"borgmatic-backup-quick" = "borgmatic-backup-quick" =