sora/nixconfig
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Releases Activity

Merged Host/Home Opt into SysOpt
All checks were successful
Nix Build / build-nixos (push) Successful in 5m27s
Details

Browse Source
This commit is contained in:
soraefir 2024-04-14 07:57:07 +02:00
parent 0a02d67b7e
commit 972cb47e3f
Signed by: sora
GPG Key ID: A362EA0491E2EEA0
65 changed files with 331 additions and 338 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
.sops.yaml
View File

@ -4,38 +4,39 @@ keys:
- &sora 4E241635F8EDD2919D2FB44CA362EA0491E2EEA0 - &sora 4E241635F8EDD2919D2FB44CA362EA0491E2EEA0
# Hosts # Hosts
- &hosts: - &hosts:
- &ci age13qv9dn9806paqgpjwmmkwtdzvv4qpv0ulksq0epnn8ufaxeug5zskyas3z
- &iriy age1ms8f0ysv6vakxepvt69fejczs6tddexepesdv4rkgtheehj3nu4sc6290s - &iriy age1ms8f0ysv6vakxepvt69fejczs6tddexepesdv4rkgtheehj3nu4sc6290s
- &avalon age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg - &avalon age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
- &valinor age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg - &valinor age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
- &asgard age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg - &asgard age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
creation_rules: creation_rules:
- path_regex: modules/nixos/system/security/sops/iriy.ya?ml$ - path_regex: modules/shared/sops/iriy.ya?ml
key_groups: key_groups:
- age: - age:
- *iriy - *iriy
pgp: pgp:
- *sora - *sora
- path_regex: modules/nixos/system/security/sops/avalon.ya?ml$ - path_regex: modules/shared/sops/avalon.ya?ml
key_groups: key_groups:
- age: - age:
- *avalon - *avalon
pgp: pgp:
- *sora - *sora
- path_regex: modules/nixos/system/security/sops/valinor.ya?ml$ - path_regex: modules/shared/sops/valinor.ya?ml
key_groups: key_groups:
- age: - age:
- *valinor - *valinor
pgp: pgp:
- *sora - *sora
- path_regex: modules/nixos/system/security/sops/asgard.ya?ml$ - path_regex: modules/shared/sops/asgard.ya?ml
key_groups: key_groups:
- age: - age:
- *asgard - *asgard
pgp: pgp:
- *sora - *sora
- path_regex: modules/nixos/system/security/sops/common.yaml$ - path_regex: modules/shared/sops/common.yaml
key_groups: key_groups:
- age: - age:
- *valinor - *valinor
@ -44,3 +45,8 @@ creation_rules:
- *asgard - *asgard
pgp: pgp:
- *sora - *sora
- path_regex: modules/shared/sops/mock.yaml
key_groups:
- age:
- *ci

20
generator.nix
View File

@ -1,25 +1,35 @@
{ inputs, ... }: { { inputs, ... }: {
generate = { type, system, host }: generate = { type, system, host }:
({ let
nameValuePair = name: value: { inherit name value; };
syscfg = import ./systems/${host}/cfg.nix;
in ({
"nixos" = inputs.nixpkgs.lib.nixosSystem { "nixos" = inputs.nixpkgs.lib.nixosSystem {
system = system; system = system;
modules = [ modules = [
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
./modules/shared/syscfg
./modules/shared/sops
./modules/nixos ./modules/nixos
syscfg
./systems/${host} ./systems/${host}
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
{ {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit inputs; }; home-manager.extraSpecialArgs = { inherit inputs; };
home-manager.users.sora = { home-manager.users = builtins.listToAttrs (map (userConfig:
nameValuePair userConfig.username {
imports = [ imports = [
./modules/home
inputs.nix-colors.homeManagerModule inputs.nix-colors.homeManagerModule
inputs.hyprland.homeManagerModules.default inputs.hyprland.homeManagerModules.default
./systems/${host}/home.nix ./modules/shared/syscfg
./modules/shared/colors
./modules/home
syscfg
{ usercfg = userConfig; }
]; ];
}; }) syscfg.syscfg.users);
} }
]; ];
}; };

4
modules/home/base/default.nix
View File

@ -4,8 +4,8 @@
programs.home-manager.enable = true; programs.home-manager.enable = true;
home = { home = {
username = "${config.homecfg.username}"; username = "${config.usercfg.username}";
homeDirectory = "/home/${config.homecfg.username}"; homeDirectory = "/home/${config.usercfg.username}";
stateVersion = "23.11"; stateVersion = "23.11";
}; };

6
modules/home/cli/git/default.nix
View File

@ -2,10 +2,10 @@
programs.git = { programs.git = {
enable = true; enable = true;
userEmail = "${config.homecfg.git.email}"; userEmail = "${config.usercfg.git.email}";
userName = "${config.homecfg.git.username}"; userName = "${config.usercfg.git.username}";
signing = { signing = {
key = "${config.homecfg.git.key}"; key = "${config.usercfg.git.key}";
signByDefault = true; signByDefault = true;
}; };
ignores = [ "*result*" ".direnv" "node_modules" ]; ignores = [ "*result*" ".direnv" "node_modules" ];

2
modules/home/default.nix
View File

@ -1 +1 @@
{ ... }: { imports = [ ./base ./cli ./gui ./homecfg ./wayland ./xdg ./xorg ]; } { ... }: { imports = [ ./base ./cli ./gui ./wayland ./xdg ./xorg ]; }

2
modules/home/gui/apps/develop/default.nix
View File

@ -1,7 +1,7 @@
{ lib, config, pkgs, ... }: { { lib, config, pkgs, ... }: {
imports = [ ./vscodium ]; imports = [ ./vscodium ];
config = lib.mkIf (config.homecfg.make.develop) { config = lib.mkIf (config.syscfg.make.develop) {
home.packages = with pkgs; [ blender godot_4 ]; home.packages = with pkgs; [ blender godot_4 ];
}; };
} }

2
modules/home/gui/apps/develop/vscodium/default.nix
View File

@ -1,6 +1,6 @@
{ lib, config, pkgs, ... }: { { lib, config, pkgs, ... }: {
config = lib.mkIf (config.homecfg.make.develop) { config = lib.mkIf (config.syscfg.make.develop) {
programs.vscode = { programs.vscode = {
enable = true; enable = true;
package = pkgs.vscodium; package = pkgs.vscodium;

2
modules/home/gui/apps/firefox/default.nix
View File

@ -1,5 +1,5 @@
{ lib, config, ... }: { { lib, config, ... }: {
config = lib.mkIf (config.homecfg.make.gui) { config = lib.mkIf (config.syscfg.make.gui) {
programs.firefox = { programs.firefox = {
enable = true; enable = true;
profiles = { profiles = {

2
modules/home/gui/apps/images/default.nix
View File

@ -1,6 +1,6 @@
{ lib, config, pkgs, ... }: { { lib, config, pkgs, ... }: {
config = lib.mkIf (config.homecfg.make.gui) { config = lib.mkIf (config.syscfg.make.gui) {
programs.imv.enable = true; programs.imv.enable = true;
programs.obs-studio.enable = true; programs.obs-studio.enable = true;

2
modules/home/gui/apps/mpv/default.nix
View File

@ -1,6 +1,6 @@
{ lib, config, pkgs, ... }: { { lib, config, pkgs, ... }: {
config = lib.mkIf (config.homecfg.make.gui) { config = lib.mkIf (config.syscfg.make.gui) {
programs.mpv = { programs.mpv = {
enable = true; enable = true;
scripts = with pkgs; [ mpvScripts.mpris ]; scripts = with pkgs; [ mpvScripts.mpris ];

2
modules/home/gui/apps/pipewire/default.nix
View File

@ -1,6 +1,6 @@
{ lib, config, ... }: { { lib, config, ... }: {
config = lib.mkIf (config.homecfg.make.gui) { config = lib.mkIf (config.syscfg.make.gui) {
xdg.configFile."pipewire/pipewire-pulse.conf.d/desktop.conf".text = '' xdg.configFile."pipewire/pipewire-pulse.conf.d/desktop.conf".text = ''
context.modules = [ context.modules = [
{ name = libpipewire-module-loopback { name = libpipewire-module-loopback

2
modules/home/gui/apps/vosk/default.nix
View File

@ -1,6 +1,6 @@
{ lib, config, pkgs, ... }: { { lib, config, pkgs, ... }: {
config = lib.mkIf (config.homecfg.make.gui) { config = lib.mkIf (config.syscfg.make.gui) {
home.packages = with pkgs; [ home.packages = with pkgs; [
custom.vosk.base custom.vosk.base
jq jq

2
modules/home/gui/apps/zathura/default.nix
View File

@ -1,6 +1,6 @@
{ lib, config, ... }: { { lib, config, ... }: {
config = lib.mkIf (config.homecfg.make.gui) { config = lib.mkIf (config.syscfg.make.gui) {
programs.zathura = { programs.zathura = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''

2
modules/home/gui/base/default.nix
View File

@ -1,6 +1,6 @@
{ lib, config, pkgs, ... }: { { lib, config, pkgs, ... }: {
config = lib.mkIf (config.homecfg.make.gui) { config = lib.mkIf (config.syscfg.make.gui) {
services.nextcloud-client.enable = true; services.nextcloud-client.enable = true;
home.packages = with pkgs; [ home.packages = with pkgs; [

2
modules/home/gui/games/default.nix
View File

@ -2,7 +2,7 @@
imports = [ ./openttd.nix ]; imports = [ ./openttd.nix ];
config = lib.mkIf (config.homecfg.make.game) { config = lib.mkIf (config.syscfg.make.game) {
home.packages = with pkgs; [ home.packages = with pkgs; [
# custom.simc # custom.simc

2
modules/home/gui/games/openttd.nix
View File

@ -1,6 +1,6 @@
{ lib, config, ... }: { { lib, config, ... }: {
config = lib.mkIf (config.homecfg.make.game) { config = lib.mkIf (config.syscfg.make.game) {
xdg.configFile."openttd/openttd.cfg".text = '' xdg.configFile."openttd/openttd.cfg".text = ''
[misc] [misc]
display_opt = SHOW_TOWN_NAMES|SHOW_STATION_NAMES|SHOW_SIGNS|FULL_ANIMATION|FULL_DETAIL|WAYPOINTS|SHOW_COMPETITOR_SIGNS display_opt = SHOW_TOWN_NAMES|SHOW_STATION_NAMES|SHOW_SIGNS|FULL_ANIMATION|FULL_DETAIL|WAYPOINTS|SHOW_COMPETITOR_SIGNS

2
modules/home/gui/theme/default.nix
View File

@ -5,7 +5,7 @@ let
wallpaperGen = import ./wallpaper-gen.nix { inherit pkgs config; }; wallpaperGen = import ./wallpaper-gen.nix { inherit pkgs config; };
in { in {
config = lib.mkIf (config.homecfg.make.gui) { config = lib.mkIf (config.syscfg.make.gui) {
home.pointerCursor = { home.pointerCursor = {
package = pkgs.bibata-cursors; package = pkgs.bibata-cursors;
name = "Bibata-Modern-Classic"; name = "Bibata-Modern-Classic";

43
modules/home/homecfg/default.nix
View File

@ -1,43 +0,0 @@
{ inputs, lib, config, ... }:
with lib; {
options.homecfg = {
username = mkOption { type = types.str; };
wm = mkOption {
type = types.enum [ "Wayland" "X11" ];
default = "Wayland";
};
make = {
cli = mkOption {
type = types.bool;
default = true;
};
gui = mkOption {
type = types.bool;
default = false;
};
develop = mkOption {
type = types.bool;
default = false;
};
game = mkOption {
type = types.bool;
default = false;
};
power = mkOption {
type = types.bool;
default = false;
};
};
git = {
username = mkOption { type = types.str; };
email = mkOption { type = types.str; };
key = mkOption { type = types.str; };
};
};
imports = with inputs; [
nix-colors.homeManagerModules.default
../../shared/colors
];
}

2
modules/home/wayland/apps/dunst/default.nix
View File

@ -1,6 +1,6 @@
{ lib, config, pkgs, ... }: { { lib, config, pkgs, ... }: {
config = lib.mkIf (config.homecfg.wm == "Wayland") { config = lib.mkIf (config.usercfg.wm == "Wayland") {
home.packages = with pkgs; [ libnotify ]; home.packages = with pkgs; [ libnotify ];
services.dunst = { services.dunst = {
enable = true; enable = true;

2
modules/home/wayland/apps/eww/default.nix
View File

@ -1,6 +1,6 @@
{ lib, config, pkgs, ... }: { { lib, config, pkgs, ... }: {
config = lib.mkIf (config.homecfg.wm == "Wayland") { config = lib.mkIf (config.usercfg.wm == "Wayland") {
home.packages = with pkgs; [ eww jq jaq custom.amdgpu_top ]; home.packages = with pkgs; [ eww jq jaq custom.amdgpu_top ];
xdg.configFile."eww" = { xdg.configFile."eww" = {

2
modules/home/wayland/apps/waybar/default.nix
View File

@ -17,7 +17,7 @@ let
'' ''
}/bin/waybar-${name}"; }/bin/waybar-${name}";
in { in {
config = lib.mkIf (config.homecfg.wm == "Wayland") { config = lib.mkIf (config.usercfg.wm == "Wayland") {
home.packages = [ pkgs.custom.amdgpu_top pkgs.jq ]; home.packages = [ pkgs.custom.amdgpu_top pkgs.jq ];

2
modules/home/wayland/apps/waylock/default.nix
View File

@ -1,5 +1,5 @@
{ lib, pkgs, config, ... }: { { lib, pkgs, config, ... }: {
config = lib.mkIf (config.homecfg.wm == "Wayland") { config = lib.mkIf (config.usercfg.wm == "Wayland") {
home.packages = with pkgs; [ swayidle swaylock-effects ]; home.packages = with pkgs; [ swayidle swaylock-effects ];

2
modules/home/wayland/apps/wofi/default.nix
View File

@ -1,6 +1,6 @@
{ lib, config, pkgs, ... }: { { lib, config, pkgs, ... }: {
config = lib.mkIf (config.homecfg.wm == "Wayland") { config = lib.mkIf (config.usercfg.wm == "Wayland") {
home.packages = with pkgs; [ wofi ]; home.packages = with pkgs; [ wofi ];
xdg.configFile."wofi/config".text = '' xdg.configFile."wofi/config".text = ''
width=280 width=280

2
modules/home/wayland/base/default.nix
View File

@ -11,7 +11,7 @@ let
''; '';
}; };
in { in {
config = lib.mkIf (config.homecfg.wm == "Wayland") { config = lib.mkIf (config.usercfg.wm == "Wayland") {
home.packages = with pkgs; [ home.packages = with pkgs; [
dbus-hyprland-environment dbus-hyprland-environment

2
modules/home/wayland/hyprland/config.nix
View File

@ -1,5 +1,5 @@
{ lib, config, pkgs, ... }: { { lib, config, pkgs, ... }: {
config = lib.mkIf (config.homecfg.wm == "Wayland") { config = lib.mkIf (config.usercfg.wm == "Wayland") {
wayland.windowManager.hyprland = { wayland.windowManager.hyprland = {
enable = true; enable = true;
xwayland.enable = true; xwayland.enable = true;

2
modules/home/wayland/hyprland/default.nix
View File

@ -1,6 +1,6 @@
{ lib, config, pkgs, ... }: { { lib, config, pkgs, ... }: {
imports = [ ./config.nix ]; imports = [ ./config.nix ];
config = lib.mkIf (config.homecfg.wm == "Wayland") { config = lib.mkIf (config.usercfg.wm == "Wayland") {
wayland.windowManager.hyprland = { enable = true; }; wayland.windowManager.hyprland = { enable = true; };
}; };
} }

2
modules/home/xorg/bspwm/config.nix
View File

@ -1,5 +1,5 @@
{ lib, config, ... }: { { lib, config, ... }: {
config = lib.mkIf (config.homecfg.wm == "X11") { config = lib.mkIf (config.usercfg.wm == "X11") {
xsession.windowManager.bspwm.extraConfig = '' xsession.windowManager.bspwm.extraConfig = ''
#! /bin/bash #! /bin/bash

2
modules/home/xorg/bspwm/default.nix
View File

@ -2,7 +2,7 @@
imports = [ ./config.nix ./script.nix ./xressources.nix ]; imports = [ ./config.nix ./script.nix ./xressources.nix ];
config = lib.mkIf (config.homecfg.wm == "X11") { config = lib.mkIf (config.usercfg.wm == "X11") {
xsession.windowManager.bspwm = { enable = true; }; xsession.windowManager.bspwm = { enable = true; };
services.sxhkd = { enable = true; }; services.sxhkd = { enable = true; };
home.packages = with pkgs; [ xrandr arandr flameshot xtrlock i3lock ]; home.packages = with pkgs; [ xrandr arandr flameshot xtrlock i3lock ];

2
modules/home/xorg/bspwm/script.nix
View File

@ -1,5 +1,5 @@
{ lib, config, ... }: { { lib, config, ... }: {
config = lib.mkIf (config.homecfg.wm == "X11") { config = lib.mkIf (config.usercfg.wm == "X11") {
xdg.configFile."script/lock.sh".text = '' xdg.configFile."script/lock.sh".text = ''
#!/bin/bash #!/bin/bash
TMPBG=/tmp/screen.png TMPBG=/tmp/screen.png

2
modules/home/xorg/bspwm/xressources.nix
View File

@ -1,5 +1,5 @@
{ lib, config, ... }: { { lib, config, ... }: {
config = lib.mkIf (config.homecfg.wm == "X11") { config = lib.mkIf (config.usercfg.wm == "X11") {
xresources.extraConfig = '' xresources.extraConfig = ''
#define white #ffffff #define white #ffffff

2
modules/nixos/default.nix
View File

@ -1 +1 @@
{ ... }: { imports = [ ./cli ./gui ./hostcfg ./system ./tools ./users ]; } { ... }: { imports = [ ./cli ./gui ./system ./tools ./users ]; }

2
modules/nixos/gui/audio/default.nix
View File

@ -1,5 +1,5 @@
{ lib, config, pkgs, ... }: { lib, config, pkgs, ... }:
let cfg = config.hostcfg.make.gui; let cfg = config.syscfg.make.gui;
in { in {
config = lib.mkIf cfg { config = lib.mkIf cfg {
sound.enable = true; sound.enable = true;

2
modules/nixos/gui/games/default.nix
View File

@ -1,5 +1,5 @@
{ lib, config, pkgs, ... }: { lib, config, pkgs, ... }:
let cfg = config.hostcfg.make.game; let cfg = config.syscfg.make.game;
in { in {
config = lib.mkIf cfg { config = lib.mkIf cfg {
programs.steam = { programs.steam = {

4
modules/nixos/gui/greet/default.nix
View File

@ -1,5 +1,5 @@
{ lib, config, pkgs, ... }: { lib, config, pkgs, ... }:
let cfg = config.hostcfg.make.gui; let cfg = config.syscfg.make.gui;
in { in {
config = lib.mkIf cfg { config = lib.mkIf cfg {
@ -8,7 +8,7 @@ in {
settings = rec { settings = rec {
initial_session = { initial_session = {
command = "zsh"; command = "zsh";
user = "${config.hostcfg.username}"; user = "${config.syscfg.defaultUser}";
}; };
default_session = initial_session; default_session = initial_session;
}; };

2
modules/nixos/gui/xserver/default.nix
View File

@ -1,5 +1,5 @@
{ lib, config, pkgs, ... }: { lib, config, pkgs, ... }:
let cfg = config.hostcfg.make.gui; let cfg = config.syscfg.make.gui;
in { in {
config = lib.mkIf cfg { config = lib.mkIf cfg {
services.xserver = { services.xserver = {

2
modules/nixos/system/hw/power/default.nix
View File

@ -1,5 +1,5 @@
{ lib, config, pkgs, ... }: { lib, config, pkgs, ... }:
let cfg = config.hostcfg.make.power; let cfg = config.syscfg.make.power;
in { in {
config = lib.mkIf cfg { config = lib.mkIf cfg {
services.tlp = { services.tlp = {

2
modules/nixos/system/hw/virt/default.nix
View File

@ -1,5 +1,5 @@
{ lib, config, pkgs, ... }: { lib, config, pkgs, ... }:
let cfg = config.hostcfg.make.virt; let cfg = config.syscfg.make.virt;
in { in {
config = lib.mkIf cfg { config = lib.mkIf cfg {

2
modules/nixos/system/network/base/default.nix
View File

@ -1,6 +1,6 @@
{ config, ... }: { { config, ... }: {
networking = { networking = {
hostName = config.hostcfg.hostname; hostName = config.syscfg.hostname;
useDHCP = true; useDHCP = true;
nameservers = [ "1.1.1.1" "9.9.9.9" ]; nameservers = [ "1.1.1.1" "9.9.9.9" ];

2
modules/nixos/system/network/wifi/default.nix
View File

@ -1,5 +1,5 @@
{ lib, config, ... }: { lib, config, ... }:
let cfg = config.hostcfg.net.wlp; let cfg = config.syscfg.net.wlp;
in { in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
networking.supplicant = { networking.supplicant = {

5
modules/nixos/system/network/wireguard/default.nix
View File

@ -3,8 +3,9 @@
enable = true; enable = true;
interfaces = { interfaces = {
wg0 = { wg0 = {
ips = [ config.hostcfg.net.wg.ip4 config.hostcfg.net.wg.ip6 ]; ips = [ config.syscfg.net.wg.ip4 config.syscfg.net.wg.ip6 ];
privateKeyFile = config.hostcfg.net.wg.pk; privateKeyFile =
config.sops.secrets."${config.syscfg.hostname}_wg_priv".path;
listenPort = 1515; listenPort = 1515;
mtu = 1340; mtu = 1340;
peers = [{ peers = [{

2
modules/nixos/system/security/default.nix
View File

@ -1 +1 @@
{ ... }: { imports = [ ./gpg ./polkit ./sops ./ssh ]; } { ... }: { imports = [ ./gpg ./polkit ./ssh ]; }

30
modules/nixos/system/security/sops/default.nix
View File

@ -1,30 +0,0 @@
{ config, pkgs, ... }:
let
keyFilePath = "/var/lib/sops-nix/age-key.txt";
isCI = builtins.elem config.hostcfg.hostname [ "ci" ];
sopsSettings = {
sops.defaultSopsFile = ./common.yaml;
sops.age.keyFile = keyFilePath;
sops.age.generateKey = true;
sops.secrets.wifi = { };
sops.secrets."${config.hostcfg.hostname}_ssh_priv" = {
mode = "0400";
owner = config.users.users.sora.name;
group = config.users.users.sora.group;
};
sops.secrets."${config.hostcfg.hostname}_ssh_pub" = {
mode = "0400";
owner = config.users.users.sora.name;
group = config.users.users.sora.group;
};
sops.secrets."${config.hostcfg.hostname}_wg_priv" = { };
sops.secrets."${config.hostcfg.hostname}_wg_pub" = { };
};
in {
environment.systemPackages = with pkgs; [ sops ];
environment.sessionVariables.OPS_AGE_KEY_FILE = keyFilePath;
inherit (if isCI then { } else sopsSettings) sops;
}

2
modules/nixos/system/security/ssh/default.nix
View File

@ -2,7 +2,7 @@
programs.ssh = { programs.ssh = {
extraConfig = '' extraConfig = ''
IdentityFile ${ IdentityFile ${
config.sops.secrets."${config.hostcfg.hostname}_ssh_priv".path config.sops.secrets."${config.syscfg.hostname}_ssh_priv".path
} }
''; '';
}; };

2
modules/nixos/tools/develop/default.nix
View File

@ -6,7 +6,7 @@ let
includeEmulator = false; includeEmulator = false;
}; };
in { in {
config = lib.mkIf (config.hostcfg.make.develop) { config = lib.mkIf (config.syscfg.make.develop) {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
android-tools android-tools
androidStudioPackages.canary androidStudioPackages.canary

11
modules/nixos/users/default.nix
View File

@ -1,10 +1,13 @@
{ config, pkgs, ... }: { { config, pkgs, lib, ... }:
let nameValuePair = name: value: { inherit name value; };
in {
programs.zsh.enable = true; programs.zsh.enable = true;
users = { users = {
defaultUserShell = pkgs.zsh; defaultUserShell = pkgs.zsh;
users.${config.hostcfg.username} = { users = builtins.listToAttrs (map (userConfig:
nameValuePair userConfig.username {
isNormalUser = true; isNormalUser = true;
description = "${config.hostcfg.username}"; description = "${userConfig.username}";
extraGroups = [ extraGroups = [
"networkmanager" "networkmanager"
"wheel" "wheel"
@ -18,6 +21,6 @@
"docker" "docker"
"wireshark" "wireshark"
]; ];
}; }) config.syscfg.users);
}; };
} }

0
modules/nixos/system/security/sops/common.yaml → modules/shared/sops/common.yaml
View File

30
modules/shared/sops/default.nix Executable file
View File

@ -0,0 +1,30 @@
{ config, pkgs, ... }:
let
isCI = builtins.elem config.syscfg.hostname [ "ci" ];
keyFilePath =
(if isCI then ./mock-key.txt else "/var/lib/sops-nix/age-key.txt");
sopsFilePath = (if isCI then ./mock.yaml else ./common.yaml);
in {
environment.systemPackages = with pkgs; [ sops ];
environment.sessionVariables.OPS_AGE_KEY_FILE = keyFilePath;
sops.defaultSopsFile = sopsFilePath;
sops.age.keyFile = keyFilePath;
sops.age.generateKey = true;
sops.secrets.wifi = { };
sops.secrets."${config.syscfg.hostname}_ssh_priv" = {
mode = "0400";
owner = config.users.users.${config.syscfg.defaultUser}.name;
group = config.users.users.${config.syscfg.defaultUser}.group;
};
sops.secrets."${config.syscfg.hostname}_ssh_pub" = {
mode = "0400";
owner = config.users.users.${config.syscfg.defaultUser}.name;
group = config.users.users.${config.syscfg.defaultUser}.group;
};
sops.secrets."${config.syscfg.hostname}_wg_priv" = { };
sops.secrets."${config.syscfg.hostname}_wg_pub" = { };
}

3
modules/shared/sops/mock-key.txt Normal file
View File

@ -0,0 +1,3 @@
# created: 2024-04-14T10:26:26+02:00
# public key: age13qv9dn9806paqgpjwmmkwtdzvv4qpv0ulksq0epnn8ufaxeug5zskyas3z
AGE-SECRET-KEY-19S8CC56JLVRDNAUR9TVXEDWAV7MLVPDY3JMQUEAZSQNUGE53VJMS6EET89

26
modules/shared/sops/mock.yaml Normal file
View File

@ -0,0 +1,26 @@
ci_ssh_priv: ENC[AES256_GCM,data:3Fd7HtFzD+0Pm0qnmaNeivSrEJnH6A3CzLrSyYD4J1rpdHCYdFB2hbZAB5HF3yeCMlyqnApGHxi+9jN8FI54SzwqJQAgSZvKrkBhrs4JIQxPU0ZhOQHvneWYnA==,iv:NbLyzilDIH5cT3SC0SLaOn0alxXSIyZ/4Tr1zSBjIjI=,tag:xGfI8QRlkj4OZDVuV21Kcg==,type:str]
ci_ssh_pub: ENC[AES256_GCM,data:6BVY3GS9lMLR/dYNxyldcBJe1DrjG/yHjqfCIw==,iv:VZOA/Q9zmbMnf9DsXN90er+tSnJ+syg3QabDuDal92Q=,tag:+xwHADgq22cV5ai9xd6ceQ==,type:str]
ci_wg_priv: ENC[AES256_GCM,data:uA4eiEhQbbhLkrTyhRX4Tg==,iv:uHbrAq/mSQ6TtMqGhJez3d13u9ZK1S92w49ntXvbA3g=,tag:KwjiYrnuQxrydVKKV4xN4A==,type:str]
ci_wg_pub: ENC[AES256_GCM,data:MBIdTEkyJBvbTtYrQYS8,iv:GD3xmJEyD9yZaV72GubGCBi8BW74zmSr2hOl123g0mM=,tag:ekUniuYPCSxwlmB1yUbo4w==,type:str]
PGP_KEY: ENC[AES256_GCM,data:IVhL/l0JSPcefX1z,iv:/tOEukP7LiNhhdSw870vPeUGhN2lse2v1pZ5fJQglc0=,tag:++NUJeRhsDE9eRsbKu8Ldw==,type:str]
wifi: ENC[AES256_GCM,data:SV3yNB/0dBqggh0kOKU98Nodd0VS4K8kTqg7aLyeAg==,iv:w4nspNxswHl2CZ7diPUzupzotfjskzp91NIq4f0v0UM=,tag:7nUHijRlEgyliWn2ZuZo/Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age13qv9dn9806paqgpjwmmkwtdzvv4qpv0ulksq0epnn8ufaxeug5zskyas3z
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZd0c5ZjZCb0Z6ZXlKaFph
S25LcnFaM3NueUdxOEkwQWRVYjZwNEx1TnpVCkJ1RnJsV2IwNWd5RVJBU2pOUnRa
UEcrdDVHUnZ3Zng4UVNWZjNhSzRmRGcKLS0tIEpMMGJCZmkrcnFwWjM4ZVF6VmJN
aFplU05pYXpPQWZRY202bVhFd3pHdHcKfauUQhzuUwpoaSlky+PlsOTrVQjyCSxi
NYlJ7ScbxzJsqTqJbZnD+lbSdWK2XVKXy1Vn4hR0C0WF7g2Y7CU7tg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-14T08:36:43Z"
mac: ENC[AES256_GCM,data:zWO5IETnr3clHvoNABNSA6izfTHNxPXEXcjh9FQhnSVKtzlY3UHHRhfSOPI2eGJ36TQ7xNEM8Fbe23WBTxI8TDb8ZCgB2njej1XQ72b8XM4JzevxlPEaolNo9SKXncVchNWTtKqeUhx07koRNogYKOKT8vlO57WmnrqoZqPy9N4=,iv:tjt9iNFnx/4TAQfF3wdVFw+qzU18cbEiJtu9NhyujZY=,tag:9M67OPo/3JEOlXJ4nBRMiQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

27
modules/nixos/hostcfg/default.nix → modules/shared/syscfg/default.nix Executable file → Normal file
View File

@ -1,8 +1,22 @@
{ lib, config, ... }: { inputs, lib, ... }:
with lib; { let
options.hostcfg = { userOpt = with lib; {
hostname = mkOption { type = types.str; };
username = mkOption { type = types.str; }; username = mkOption { type = types.str; };
wm = mkOption {
type = types.enum [ "Wayland" "X11" ];
default = "Wayland";
};
git = {
username = mkOption { type = types.str; };
email = mkOption { type = types.str; };
key = mkOption { type = types.str; };
};
};
in with lib; {
options.usercfg = userOpt;
options.syscfg = {
hostname = mkOption { type = types.str; };
defaultUser = mkOption { type = types.str; };
make = { make = {
cli = mkOption { cli = mkOption {
type = types.bool; type = types.bool;
@ -41,8 +55,11 @@ with lib; {
}; };
ip4 = mkOption { type = types.str; }; ip4 = mkOption { type = types.str; };
ip6 = mkOption { type = types.str; }; ip6 = mkOption { type = types.str; };
pk = mkOption { type = types.str; };
}; };
}; };
users = mkOption {
type = types.listOf (types.submodule { options = userOpt; });
default = [ ];
};
}; };
} }

42
systems/avalon/cfg.nix Normal file
View File

@ -0,0 +1,42 @@
{
syscfg = {
hostname = "avalon";
defaultUser = "sora";
users = [
{
username = "sora";
git = {
email = "soraefir+git@helcel";
username = "soraefir";
key = "4E241635F8EDD2919D2FB44CA362EA0491E2EEA0";
};
}
{
username = "git";
git = {
email = "git+git@helcel";
username = "git";
key = "";
};
}
];
make = {
gui = false;
cli = true;
virt = true;
power = false;
game = false;
develop = false;
};
wlp = {
enable = false;
nif = "";
};
wg = {
enable = true;
ip4 = "10.10.1.2/32";
ip6 = "fd10:10:10::2/128";
pk = config.sops.secrets.avalon_wg_priv.path;
};
};
}

33
systems/avalon/default.nix
View File

@ -1,32 +1,9 @@
{ config, inputs, ... }: { { config, inputs, ... }: {
imports = with inputs.hardware.nixosModules; [ imports = with inputs.hardware.nixosModules;
./hardware-configuration.nix [
common-cpu-intel ./hardware.nix
common-gpu-intel # common-cpu-intel
# common-gpu-intel
]; ];
hostcfg = {
hostname = "avalon";
username = "sora";
make = {
gui = false;
cli = true;
virt = true;
power = false;
game = false;
};
net = {
wlp = {
enable = false;
nif = "";
};
wg = {
enable = true;
ip4 = "10.10.1.2/32";
ip6 = "fd10:10:10::2/128";
pk = config.sops.secrets.avalon_wg_priv.path;
};
};
};
} }

15
systems/avalon/home.nix
View File

@ -1,15 +0,0 @@
{ ... }: {
config.homecfg = {
username = "sora";
make = {
gui = false;
cli = true;
game = false;
};
git = {
email = "soraefir+git@pm.me";
username = "soraefir";
key = "4E241635F8EDD2919D2FB44CA362EA0491E2EEA0";
};
};
}

33
systems/ci/cfg.nix Normal file
View File

@ -0,0 +1,33 @@
{
syscfg = {
hostname = "ci";
defaultUser = "ci";
users = [{
username = "ci";
git = {
email = "ci@ci";
username = "CI";
key = "";
};
}];
make = {
gui = true;
cli = true;
virt = true;
power = true;
game = true;
develop = true;
};
net = {
wlp = {
enable = false;
nif = "NA";
};
wg = {
enable = false;
ip4 = "";
ip6 = "";
};
};
};
}

29
systems/ci/default.nix
View File

@ -1,29 +1,2 @@
{ config, inputs, ... }: { { config, inputs, ... }: { imports = [ ./hardware.nix ]; }
imports = [ ./hardware.nix ];
hostcfg = {
hostname = "valinor";
username = "sora";
make = {
gui = true;
cli = true;
virt = true;
power = true;
game = true;
develop = true;
};
net = {
wlp = {
enable = false;
nif = "NA";
};
wg = {
enable = false;
ip4 = "";
ip6 = "";
pk = "";
};
};
};
}

1
systems/ci/hardware.nix
View File

@ -16,6 +16,5 @@
}; };
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
} }

18
systems/ci/home.nix
View File

@ -1,18 +0,0 @@
{ config, ... }: {
config.homecfg = {
username = "sora";
make = {
gui = true;
cli = true;
game = true;
develop = true;
power = true;
};
git = {
email = "ci@nonet";
username = "CI";
key = "";
};
};
}

33
systems/iriy/cfg.nix Normal file
View File

@ -0,0 +1,33 @@
{
syscfg = {
hostname = "iriy";
defaultUser = "sora";
users = [{
username = "sora";
git = {
email = "soraefir+git@helcel";
username = "soraefir";
key = "4E241635F8EDD2919D2FB44CA362EA0491E2EEA0";
};
}];
make = {
gui = true;
cli = true;
virt = true;
power = false;
game = true;
develop = true;
};
net = {
wlp = {
enable = true;
nif = "wlp11s0";
};
wg = {
enable = true;
ip4 = "10.10.1.7/32";
ip6 = "fd10:10:10::7/128";
};
};
};
}

27
systems/iriy/default.nix
View File

@ -1,33 +1,8 @@
{ config, inputs, ... }: { { config, inputs, ... }: {
imports = [ imports = [
./hardware-configuration.nix ./hardware.nix
# inputs.hardware.common-cpu-amd # inputs.hardware.common-cpu-amd
# inputs.hardware.common-gpu-amd # inputs.hardware.common-gpu-amd
]; ];
hostcfg = {
hostname = "iriy";
username = "sora";
make = {
gui = true;
cli = true;
virt = true;
power = false;
game = true;
develop = true;
};
net = {
wlp = {
enable = true;
nif = "wlp11s0";
};
wg = {
enable = true;
ip4 = "10.10.1.7/32";
ip6 = "fd10:10:10::7/128";
pk = config.sops.secrets.iriy_wg_priv.path;
};
};
};
} }

4
systems/iriy/hardware-configuration.nix → systems/iriy/hardware.nix
View File

@ -1,6 +1,4 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }: {
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = boot.initrd.availableKernelModules =

15
systems/iriy/home.nix
View File

@ -1,15 +0,0 @@
{ ... }: {
config.homecfg = {
username = "sora";
make = {
gui = true;
cli = true;
game = true;
};
git = {
email = "soraefir+git@pm.me";
username = "soraefir";
key = "4E241635F8EDD2919D2FB44CA362EA0491E2EEA0";
};
};
}

33
systems/valinor/cfg.nix Normal file
View File

@ -0,0 +1,33 @@
{
syscfg = {
hostname = "valinor";
defaultUser = "sora";
users = [{
username = "sora";
git = {
email = "soraefir+git@helcel";
username = "soraefir";
key = "4E241635F8EDD2919D2FB44CA362EA0491E2EEA0";
};
}];
make = {
gui = true;
cli = true;
virt = true;
power = true;
game = true;
develop = true;
};
net = {
wlp = {
enable = true;
nif = "wlp3s0";
};
wg = {
enable = true;
ip4 = "10.10.1.5/32";
ip6 = "fd10:10:10::5/128";
};
};
};
}

27
systems/valinor/default.nix
View File

@ -1,33 +1,8 @@
{ config, inputs, ... }: { { config, inputs, ... }: {
imports = [ imports = [
./hardware-configuration.nix ./hardware.nix
#common-cpu-amd #common-cpu-amd
#common-gpu-amd #common-gpu-amd
]; ];
hostcfg = {
hostname = "valinor";
username = "sora";
make = {
gui = true;
cli = true;
virt = true;
power = true;
game = true;
develop = true;
};
net = {
wlp = {
enable = true;
nif = "wlp3s0";
};
wg = {
enable = true;
ip4 = "10.10.1.5/32";
ip6 = "fd10:10:10::5/128";
pk = config.sops.secrets.valinor_wg_priv.path;
};
};
};
} }

4
systems/valinor/hardware-configuration.nix → systems/valinor/hardware.nix
View File

@ -1,6 +1,4 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }: {
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = boot.initrd.availableKernelModules =

18
systems/valinor/home.nix
View File

@ -1,18 +0,0 @@
{ config, ... }: {
config.homecfg = {
username = "sora";
make = {
gui = true;
cli = true;
game = true;
develop = true;
power = true;
};
git = {
email = "soraefir+git@pm.me";
username = "soraefir";
key = "4E241635F8EDD2919D2FB44CA362EA0491E2EEA0";
};
};
}