Merge branch 'main' of ssh://git.lillianviolet.dev:22/Lillian-Violet/NixOS-Config

This commit is contained in:
Lillian Violet 2024-02-04 23:28:40 +01:00
commit 43eee24a23
16 changed files with 499 additions and 106 deletions

View file

@ -1,6 +1,6 @@
# This example uses YAML anchors which allows reuse of multiple keys # This example uses YAML anchors which allows reuse of multiple keys
# without having to repeat yourself. # without having to repeat yourself.
# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml # Also see https://github.com/Mic92/dotfiles/blob/main/nixos/.sops.yaml
# for a more complex example. # for a more complex example.
keys: keys:
- &admin_lillian age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz - &admin_lillian age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz

View file

@ -1,3 +1,44 @@
Original source: https://git.lillianviolet.dev/Lillian-Violet/NixOS-Config
# NixOS-Config # NixOS-Config
My NixOS configuration for my different hosts. The configuration of different NixOS hosts using flakes and home-manager. It is assumed you have already installed NixOS and git to your system (note: git is not installed by default with the NixOS image, you can grab it with ``nix-shell -p git``), this configuration does not have image artifacts nor can it create them.
## Building and deploying the configuration
The first step is to add your age keyfile to the /nix/var/secrets folder with the name "keys.txt" (if you don't have one, remove the imports from the configuration files; the import can be found under
``hosts/<hostname>/configuration.nix``).
Then run this command within your cloned github repo (I put mine in /etc/nixos):
``sudo nixos-rebuild --flake .#<hostname> switch``
This should rebuild the OS with all programs and settings defined as in the configuration.
## Updating the flake lock
In order to have updated packages you will have to update the flake.lock file, this can be done by running the following command in the repository:
``nix flake update``
Please note that you should commit and push after you do this. It is therefore advisable to do this not in your deployment directory, but your local dev environment. Not commiting the files will dirty your git history, which can have unintended consequences as nix flakes work via git.
## Testing the evaluation
To test if your build succeeds the basic checks and can start building the artifacts, you can run the following command:
``nix flake check``
Note: this does not build the full configuration, and errors might still happen in deployment, especially for dependencies that rely on external services like webservers to be called. For obvious reasons the test building does not actually pull in all the artifacts, and does not make external calls aside from to the package files (You will need a built nix store, or a connection to the git repository that hosts your packages, like an internet connection to github, to make the test run)
## Technical details
### Home manager
Home manager is imported as a module within the global configuration, it is therefor not needed to build home-manager packages separately in this configuration. On multi user systems it might be useful to pull the home-manager configurations from separate repos for different users, so you don't have to give your users access to the global configuration.
### Sops
The secrets are managed in sops files within the hosts folders, there is only one sops file per host, but this can be changed quite easily. The command to edit the sops file is as follows:
``nix-shell -p sops --run "sops ./nixos/hosts/<hostname>/secrets/sops.yaml"``
This requires your system to have the keyfile available for sops to use, by default sops looks in the sops/age folder in your user folder for a keys.txt file with the private key. You can change this behaviour by setting the **\$SOPS_AGE_KEY_FILE** environment variable, or setting the **\$SOPS_AGE_KEY** environment variable to the key itself.

View file

@ -0,0 +1,60 @@
{
disko.devices = {
disk = {
vdb = {
device = "/dev/disk/by-path/pci-0000:71:00.0-nvme-1";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
encryptedSwap = {
size = "20M";
content = {
type = "swap";
randomEncryption = true;
};
};
plainSwap = {
size = "4G";
content = {
type = "swap";
resumeDevice = true; # resume from hiberation from this device
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
# disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive
settings = {
allowDiscards = true;
#keyFile = "/tmp/secret.key";
};
#additionalKeyFiles = ["/tmp/additionalSecret.key"];
content = {
type = "filesystem";
format = "bcachefs";
mountpoint = "/";
};
};
};
};
};
};
};
};
}

View file

@ -16,17 +16,38 @@
"type": "gitlab" "type": "gitlab"
} }
}, },
"crane": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1706473964,
"narHash": "sha256-Fq6xleee/TsX6NbtoRuI96bBuDHMU57PrcK9z1QEKbk=",
"owner": "ipetkov",
"repo": "crane",
"rev": "c798790eabec3e3da48190ae3698ac227aab770c",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"extest": { "extest": {
"inputs": { "inputs": {
"extest": "extest_2", "extest": "extest_2",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1701241962, "lastModified": 1706332837,
"narHash": "sha256-zY2MbHEMmGjPObG73aOEGqXxEJTveItYKV8cFL50XnQ=", "narHash": "sha256-6jwCjD6hLVRkPHyl/2K+5ZEoQV3C5BgWlDroUx/9ru8=",
"owner": "chaorace", "owner": "chaorace",
"repo": "extest-nix", "repo": "extest-nix",
"rev": "e0c93df813a594a0cd883f6bdd01ec44149206fa", "rev": "a9dbc41a7ba6723d8598cd699bbb163630b646b3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -52,6 +73,22 @@
} }
}, },
"flake-compat": { "flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1668681692, "lastModified": 1668681692,
@ -67,6 +104,27 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1704982712,
"narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "07f6395285469419cf9d078f59b5b49993198c00",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"
@ -85,6 +143,46 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit-hooks-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703887061,
"narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -92,11 +190,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1704980804, "lastModified": 1706435589,
"narHash": "sha256-lPNNKdPqIYcjhhYIVwlajNt/HqVWbMOoSdNnwCvOP04=", "narHash": "sha256-yhEYJxMv5BkfmUuNe4QELKo+V5eq1pwhtVs6kEziHfE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "93e804e7f8a1eb88bde6117cd5046501e66aa4bd", "rev": "4d54c29bce71f8c261513e0662cc573d30f3e33e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -112,11 +210,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1704665257, "lastModified": 1705667791,
"narHash": "sha256-Cycz00I26e8QZ9sZtCz0uIz6Cad5ld3zM7N2I+5beqI=", "narHash": "sha256-J0JYfA6eFdHluLnROVDkrqbYacWcJXYKXeJAFayDiAE=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "8951673c6c216ddd6bac3db3e88e3f2281b3511a", "rev": "330b7a78fcba967f2273ae71fb3c4bfb03b5dd21",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -125,6 +223,30 @@
"type": "github" "type": "github"
} }
}, },
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_3",
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1706522979,
"narHash": "sha256-2wP2qEFVoZ9q8C9MZdAwXPKDkIIQiEwUzuzCxVKafDc=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "c42edac7eb881315bb2a8dfd5190c8c87b91e084",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "lanzaboote",
"type": "github"
}
},
"linger": { "linger": {
"inputs": { "inputs": {
"flake-utils": [ "flake-utils": [
@ -169,11 +291,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1704842529, "lastModified": 1706367331,
"narHash": "sha256-OTeQA+F8d/Evad33JMfuXC89VMetQbsU4qcaePchGr4=", "narHash": "sha256-AqgkGHRrI6h/8FWuVbnkfFmXr4Bqsr4fV23aISqj/xg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "eabe8d3eface69f5bb16c18f8662a702f50c20d5", "rev": "160b762eda6d139ac10ae081f8f78d640dd523eb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -183,28 +305,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-22_11": {
"locked": {
"lastModified": 1669558522,
"narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-22.11",
"type": "indirect"
}
},
"nixpkgs-23_05": { "nixpkgs-23_05": {
"locked": { "locked": {
"lastModified": 1684782344, "lastModified": 1704290814,
"narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -213,13 +320,44 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs-stable": { "nixpkgs-23_11": {
"locked": { "locked": {
"lastModified": 1704290814, "lastModified": 1706098335,
"narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", "narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", "rev": "a77ab169a83a4175169d78684ddd2e54486ac651",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.11",
"type": "indirect"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1704874635,
"narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3dc440faeee9e889fe2d1b4d25ad0f430d449356",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1705957679,
"narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -231,11 +369,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1704722960, "lastModified": 1706191920,
"narHash": "sha256-mKGJ3sPsT6//s+Knglai5YflJUF2DGj7Ai6Ynopz0kI=", "narHash": "sha256-eLihrZAPZX0R6RyM5fYAWeKVNuQPYjAkCUBr+JNvtdE=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "317484b1ead87b9c1b8ac5261a8d2dd748a0492d", "rev": "ae5c332cbb5827f6b1f02572496b141021de335f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -247,11 +385,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1702312524, "lastModified": 1705133751,
"narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=", "narHash": "sha256-rCIsyE80jgiOU78gCWN3A0wE0tR2GI5nH6MlS+HaaSQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a9bf124c46ef298113270b1f84a164865987a91c", "rev": "9b19f5e77dd906cb52dade0b7bd280339d2a1f3d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -263,11 +401,27 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1704722960, "lastModified": 1706370590,
"narHash": "sha256-mKGJ3sPsT6//s+Knglai5YflJUF2DGj7Ai6Ynopz0kI=", "narHash": "sha256-vq8hTMHsmPkBDaLR2i3m2nSmFObWmo7YwK51KQdI6RY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3fb3707af869e32b0ad0676f589b16cc7711a376",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1706191920,
"narHash": "sha256-eLihrZAPZX0R6RyM5fYAWeKVNuQPYjAkCUBr+JNvtdE=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "317484b1ead87b9c1b8ac5261a8d2dd748a0492d", "rev": "ae5c332cbb5827f6b1f02572496b141021de335f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -277,13 +431,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1670751203, "lastModified": 1705856552,
"narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=", "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60", "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -292,13 +446,13 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs_5": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1704161960, "lastModified": 1706173671,
"narHash": "sha256-QGua89Pmq+FBAro8NriTuoO/wNaUtugt29/qqA8zeeM=", "narHash": "sha256-lciR7kQUK2FCAYuszyd7zyRRmTaXVeoZsCyK6QFpGdk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "63143ac2c9186be6d9da6035fa22620018c85932", "rev": "4fddc9be4eaf195d631333908f2a454b03628ee5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -344,11 +498,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1705257805, "lastModified": 1706365059,
"narHash": "sha256-hx88TjxRWR9hEYrePm2aR/rKAu4VFx4irgN7AofE0Wg=", "narHash": "sha256-2+M4vliRmSHQwGb1q1krg5lWKYiX7rF/B9GF4AlzXW4=",
"owner": "pjones", "owner": "pjones",
"repo": "plasma-manager", "repo": "plasma-manager",
"rev": "87ca0e29c6fccfb7f09be6ff137716db5a7c8d8f", "rev": "64f31bc95c22b04896111e4c9921d3e1122c0a92",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -357,14 +511,46 @@
"type": "github" "type": "github"
} }
}, },
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1706424699,
"narHash": "sha256-Q3RBuOpZNH2eFA1e+IHgZLAOqDD9SKhJ/sszrL8bQD4=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "7c54e08a689b53c8a1e5d70169f2ec9e2a68ffaf",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"extest": "extest", "extest": "extest",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",
"jovian": "jovian", "jovian": "jovian",
"lanzaboote": "lanzaboote",
"linger": "linger", "linger": "linger",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_4",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"pihole": "pihole", "pihole": "pihole",
"plasma-manager": "plasma-manager", "plasma-manager": "plasma-manager",
@ -372,21 +558,46 @@
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
} }
}, },
"rust-overlay": {
"inputs": {
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1706494265,
"narHash": "sha256-4ilEUJEwNaY9r/8BpL3VmZiaGber0j09lvvx0e/bosA=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "246ba7102553851af60e0382f558f6bc5f63fa13",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"simple-nixos-mailserver": { "simple-nixos-mailserver": {
"inputs": { "inputs": {
"blobs": "blobs", "blobs": "blobs",
"flake-compat": "flake-compat", "flake-compat": "flake-compat_2",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_5",
"nixpkgs-22_11": "nixpkgs-22_11",
"nixpkgs-23_05": "nixpkgs-23_05", "nixpkgs-23_05": "nixpkgs-23_05",
"nixpkgs-23_11": "nixpkgs-23_11",
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1703666786, "lastModified": 1706219574,
"narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=", "narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4", "rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -398,15 +609,15 @@
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_6",
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable_2"
}, },
"locked": { "locked": {
"lastModified": 1704908274, "lastModified": 1706410821,
"narHash": "sha256-74W9Yyomv3COGRmKi8zvyA5tL2KLiVkBeaYmYLjXyOw=", "narHash": "sha256-iCfXspqUOPLwRobqQNAQeKzprEyVowLMn17QaRPQc+M=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "c0b3a5af90fae3ba95645bbf85d2b64880addd76", "rev": "73bf36912e31a6b21af6e0f39218e067283c67ef",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -430,6 +641,21 @@
"type": "github" "type": "github"
} }
}, },
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": { "utils": {
"locked": { "locked": {
"lastModified": 1605370193, "lastModified": 1605370193,

View file

@ -15,6 +15,10 @@
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
# Also see the 'unstable-packages' overlay at 'overlays/default.nix'. # Also see the 'unstable-packages' overlay at 'overlays/default.nix'.
# Lanzaboot (secure boot)
lanzaboote.url = "github:nix-community/lanzaboote";
# Jovian nixos (steam deck)
jovian.url = "github:Jovian-Experiments/Jovian-NixOS"; jovian.url = "github:Jovian-Experiments/Jovian-NixOS";
# Home manager # Home manager
@ -47,6 +51,7 @@
plasma-manager, plasma-manager,
linger, linger,
pihole, pihole,
lanzaboote,
... ...
} @ inputs: let } @ inputs: let
inherit (self) outputs; inherit (self) outputs;
@ -79,6 +84,7 @@
# > Our main nixos configuration file < # > Our main nixos configuration file <
./nixos/hosts/EDI/configuration.nix ./nixos/hosts/EDI/configuration.nix
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
lanzaboote.nixosModules.lanzaboote
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ {
home-manager.sharedModules = [plasma-manager.homeManagerModules.plasma-manager]; home-manager.sharedModules = [plasma-manager.homeManagerModules.plasma-manager];
@ -95,6 +101,7 @@
# > Our main nixos configuration file < # > Our main nixos configuration file <
./nixos/hosts/GLaDOS/configuration.nix ./nixos/hosts/GLaDOS/configuration.nix
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
#lanzaboote.nixosModules.lanzaboote
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ {
home-manager.sharedModules = [plasma-manager.homeManagerModules.plasma-manager]; home-manager.sharedModules = [plasma-manager.homeManagerModules.plasma-manager];

View file

@ -51,6 +51,7 @@
# Coding: # Coding:
direnv direnv
git git
ruff
kate kate
# Chat applications: # Chat applications:
@ -99,11 +100,13 @@
extensions = with pkgs.vscode-extensions; [ extensions = with pkgs.vscode-extensions; [
arrterian.nix-env-selector arrterian.nix-env-selector
#ban.spellright #ban.spellright
#charliermarsh.ruff
dracula-theme.theme-dracula dracula-theme.theme-dracula
eamodio.gitlens eamodio.gitlens
github.vscode-pull-request-github github.vscode-pull-request-github
jnoortheen.nix-ide jnoortheen.nix-ide
kamadorueda.alejandra kamadorueda.alejandra
mkhl.direnv
ms-toolsai.jupyter ms-toolsai.jupyter
ms-pyright.pyright ms-pyright.pyright
ms-python.black-formatter ms-python.black-formatter
@ -128,6 +131,10 @@
defaultBranch = "main"; defaultBranch = "main";
}; };
}; };
ignores = [
"*.direnv"
"*.vscode"
];
}; };
# Nicely reload system units when changing configs # Nicely reload system units when changing configs

View file

@ -258,6 +258,7 @@
"dolphinrc"."ExtractDialog"."1536x864 screen: Height" = 560; "dolphinrc"."ExtractDialog"."1536x864 screen: Height" = 560;
"dolphinrc"."ExtractDialog"."1536x864 screen: Width" = 1024; "dolphinrc"."ExtractDialog"."1536x864 screen: Width" = 1024;
"dolphinrc"."ExtractDialog"."DirHistory[$e]" = "/home/"; "dolphinrc"."ExtractDialog"."DirHistory[$e]" = "/home/";
"dolphinrc"."IconsMode"."PreviewSize" = 80;
"dolphinrc"."KFileDialog Settings"."Places Icons Auto-resize" = false; "dolphinrc"."KFileDialog Settings"."Places Icons Auto-resize" = false;
"dolphinrc"."KFileDialog Settings"."Places Icons Static Size" = 22; "dolphinrc"."KFileDialog Settings"."Places Icons Static Size" = 22;
"dolphinrc"."KFileDialog Settings"."detailViewIconSize" = 16; "dolphinrc"."KFileDialog Settings"."detailViewIconSize" = 16;
@ -270,6 +271,7 @@
"kded5rc"."Module-browserintegrationreminder"."autoload" = false; "kded5rc"."Module-browserintegrationreminder"."autoload" = false;
"kded5rc"."Module-device_automounter"."autoload" = false; "kded5rc"."Module-device_automounter"."autoload" = false;
"kded5rc"."PlasmaBrowserIntegration"."shownCount" = 1; "kded5rc"."PlasmaBrowserIntegration"."shownCount" = 1;
"kdeglobals"."General"."AllowKDEAppsToRememberWindowPositions" = true;
"kdeglobals"."General"."BrowserApplication" = "firefox.desktop"; "kdeglobals"."General"."BrowserApplication" = "firefox.desktop";
"kdeglobals"."KDE"."AnimationDurationFactor" = 0.7071067811865475; "kdeglobals"."KDE"."AnimationDurationFactor" = 0.7071067811865475;
"kdeglobals"."KDE"."SingleClick" = false; "kdeglobals"."KDE"."SingleClick" = false;
@ -590,7 +592,7 @@
"khotkeysrc"."Data_3Conditions0"."Type" = "ACTIVE_WINDOW"; "khotkeysrc"."Data_3Conditions0"."Type" = "ACTIVE_WINDOW";
"khotkeysrc"."Data_3Conditions0Window"."Comment" = "Konqueror"; "khotkeysrc"."Data_3Conditions0Window"."Comment" = "Konqueror";
"khotkeysrc"."Data_3Conditions0Window"."WindowsCount" = 1; "khotkeysrc"."Data_3Conditions0Window"."WindowsCount" = 1;
"khotkeysrc"."Data_3Conditions0Window0"."Class" = "^konqueror\s"; "khotkeysrc"."Data_3Conditions0Window0"."Class" = "^konquerors";
"khotkeysrc"."Data_3Conditions0Window0"."ClassType" = 3; "khotkeysrc"."Data_3Conditions0Window0"."ClassType" = 3;
"khotkeysrc"."Data_3Conditions0Window0"."Comment" = "Konqueror"; "khotkeysrc"."Data_3Conditions0Window0"."Comment" = "Konqueror";
"khotkeysrc"."Data_3Conditions0Window0"."Role" = "konqueror-mainwindow#1"; "khotkeysrc"."Data_3Conditions0Window0"."Role" = "konqueror-mainwindow#1";
@ -799,6 +801,7 @@
"khotkeysrc"."Data_3_9Triggers"."TriggersCount" = 1; "khotkeysrc"."Data_3_9Triggers"."TriggersCount" = 1;
"khotkeysrc"."Data_3_9Triggers0"."GesturePointData" = "0,0.0625,-0.5,0.5,1,0.0625,0.0625,-0.5,0.5,0.875,0.125,0.0625,-0.5,0.5,0.75,0.1875,0.0625,-0.5,0.5,0.625,0.25,0.0625,-0.5,0.5,0.5,0.3125,0.0625,-0.5,0.5,0.375,0.375,0.0625,-0.5,0.5,0.25,0.4375,0.0625,-0.5,0.5,0.125,0.5,0.0625,0.5,0.5,0,0.5625,0.0625,0.5,0.5,0.125,0.625,0.0625,0.5,0.5,0.25,0.6875,0.0625,0.5,0.5,0.375,0.75,0.0625,0.5,0.5,0.5,0.8125,0.0625,0.5,0.5,0.625,0.875,0.0625,0.5,0.5,0.75,0.9375,0.0625,0.5,0.5,0.875,1,0,0,0.5,1"; "khotkeysrc"."Data_3_9Triggers0"."GesturePointData" = "0,0.0625,-0.5,0.5,1,0.0625,0.0625,-0.5,0.5,0.875,0.125,0.0625,-0.5,0.5,0.75,0.1875,0.0625,-0.5,0.5,0.625,0.25,0.0625,-0.5,0.5,0.5,0.3125,0.0625,-0.5,0.5,0.375,0.375,0.0625,-0.5,0.5,0.25,0.4375,0.0625,-0.5,0.5,0.125,0.5,0.0625,0.5,0.5,0,0.5625,0.0625,0.5,0.5,0.125,0.625,0.0625,0.5,0.5,0.25,0.6875,0.0625,0.5,0.5,0.375,0.75,0.0625,0.5,0.5,0.5,0.8125,0.0625,0.5,0.5,0.625,0.875,0.0625,0.5,0.5,0.75,0.9375,0.0625,0.5,0.5,0.875,1,0,0,0.5,1";
"khotkeysrc"."Data_3_9Triggers0"."Type" = "GESTURE"; "khotkeysrc"."Data_3_9Triggers0"."Type" = "GESTURE";
"khotkeysrc"."General"."AllowKDEAppsToRememberWindowPositions[$d]" = "";
"khotkeysrc"."General"."BrowserApplication[$d]" = ""; "khotkeysrc"."General"."BrowserApplication[$d]" = "";
"khotkeysrc"."General"."ColorSchemeHash[$d]" = ""; "khotkeysrc"."General"."ColorSchemeHash[$d]" = "";
"khotkeysrc"."General"."ColorScheme[$d]" = ""; "khotkeysrc"."General"."ColorScheme[$d]" = "";

View file

@ -6,6 +6,11 @@
pkgs, pkgs,
... ...
}: { }: {
# Enable starship
programs.starship = {
enable = true;
};
programs.zsh = { programs.zsh = {
enable = true; enable = true;
plugins = [ plugins = [

View file

@ -9,7 +9,11 @@
... ...
}: { }: {
imports = [ imports = [
# Import locale settings
../shared/locale/configuration.nix ../shared/locale/configuration.nix
# Import shared packages
../shared/packages/configuration.nix
]; ];
nixpkgs = { nixpkgs = {
# You can add overlays here # You can add overlays here
@ -17,7 +21,7 @@
# Add overlays your own flake exports (from overlays and pkgs dir): # Add overlays your own flake exports (from overlays and pkgs dir):
outputs.overlays.additions outputs.overlays.additions
outputs.overlays.modifications outputs.overlays.modifications
outputs.overlays.unstable-packages #outputs.overlays.unstable-packages
# You can also add overlays exported from other flakes: # You can also add overlays exported from other flakes:
# neovim-nightly-overlay.overlays.default # neovim-nightly-overlay.overlays.default
@ -64,18 +68,14 @@
dvt dvt
# System tools # System tools
age
alejandra
direnv direnv
docker docker
docker-compose docker-compose
git-filter-repo git-filter-repo
home-manager
htop
oh-my-zsh
pciutils pciutils
rsync waydroid
wget xwaylandvideobridge
yubikey-personalization
zsh zsh
# KDE/QT # KDE/QT
@ -90,15 +90,12 @@
libsForQt5.packagekit-qt libsForQt5.packagekit-qt
libportal-qt5 libportal-qt5
# System libraries
noto-fonts
noto-fonts-emoji-blob-bin
noto-fonts-emoji
# User tools # User tools
noisetorch noisetorch
]; ];
virtualisation.waydroid.enable = false;
programs.direnv = { programs.direnv = {
enable = true; enable = true;
}; };
@ -164,10 +161,6 @@
enable = true; enable = true;
}; };
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.configurationLimit = 3;
boot.loader.efi.canTouchEfiVariables = true;
users.users = { users.users = {
lillian = { lillian = {
isNormalUser = true; isNormalUser = true;

View file

@ -38,6 +38,16 @@
networking.hostName = "EDI"; networking.hostName = "EDI";
boot.bootspec.enable = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.supportedFilesystems = ["bcachefs"];
boot = {
loader.systemd-boot.enable = lib.mkForce false;
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
};
# Enable bluetooth hardware # Enable bluetooth hardware
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;

View file

@ -12,23 +12,30 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.kernel.sysctl."net.ipv4.icmp_echo_ignore_broadcasts" = 1; boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = []; boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"]; boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = []; boot.extraModulePackages = [];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/f930d7c6-2798-4e25-abc1-81d02e9abf35"; device = "UUID=88cd54d3-b644-4bae-96e9-51d2db3c5628";
fsType = "ext4"; fsType = "bcachefs";
}; };
boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/91da75e7-52bc-4a50-9293-7e5e431040e0";
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/42ED-068B"; device = "/dev/disk/by-uuid/01B2-909E";
fsType = "vfat"; fsType = "vfat";
options = ["fmask=0077" "dmask=0077" "defaults"];
}; };
swapDevices = []; swapDevices = [
{
device = "/dev/disk/by-path/pci-0000:71:00.0-nvme-1-part2";
randomEncryption.enable = true;
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
@ -39,6 +46,5 @@
# networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

View file

@ -28,6 +28,12 @@
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.configurationLimit = 3;
boot.loader.efi.canTouchEfiVariables = true;
boot.supportedFilesystems = ["bcachefs"];
boot.kernelPackages = pkgs.linuxPackages_latest;
home-manager = { home-manager = {
extraSpecialArgs = {inherit inputs outputs;}; extraSpecialArgs = {inherit inputs outputs;};
users = { users = {

View file

@ -21,6 +21,9 @@
# Import locale settings # Import locale settings
../../shared/locale/configuration.nix ../../shared/locale/configuration.nix
# Import shared packages
../../shared/packages/configuration.nix
#../../server/package-configs/akkoma/configuration.nix #../../server/package-configs/akkoma/configuration.nix
../../server/package-configs/forgejo/configuration.nix ../../server/package-configs/forgejo/configuration.nix
../../server/package-configs/gotosocial/configuration.nix ../../server/package-configs/gotosocial/configuration.nix
@ -88,12 +91,10 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
akkoma akkoma
age
fzf fzf
matrix-conduit matrix-conduit
docker docker
docker-compose docker-compose
git
gitea gitea
gotosocial gotosocial
alejandra alejandra
@ -101,22 +102,14 @@
imagemagick imagemagick
ffmpeg ffmpeg
aria2 aria2
git-filter-repo
home-manager
htop
jellyfin jellyfin
jellyfin-web jellyfin-web
jellyfin-ffmpeg jellyfin-ffmpeg
nextcloud28 nextcloud28
nginx nginx
noto-fonts
noto-fonts-emoji-blob-bin
noto-fonts-emoji
oh-my-zsh
onlyoffice-documentserver onlyoffice-documentserver
postgresql_16 postgresql_16
python3 python3
rsync
rabbitmq-server rabbitmq-server
roundcube roundcube
roundcubePlugins.contextmenu roundcubePlugins.contextmenu
@ -125,8 +118,6 @@
roundcubePlugins.persistent_login roundcubePlugins.persistent_login
roundcubePlugins.thunderbird_labels roundcubePlugins.thunderbird_labels
youtube-dl youtube-dl
wget
zsh
]; ];
# Enable networking # Enable networking

View file

@ -14,7 +14,12 @@
./armv7l.nix ./armv7l.nix
./hardware-configuration.nix ./hardware-configuration.nix
# Import locale settings
../../shared/locale/configuration.nix ../../shared/locale/configuration.nix
# Import shared packages
../../shared/packages/configuration.nix
]; ];
boot.loader.generic-extlinux-compatible.enable = true; boot.loader.generic-extlinux-compatible.enable = true;

View file

@ -9,6 +9,9 @@
sops.secrets."mailpass".mode = "0440"; sops.secrets."mailpass".mode = "0440";
sops.secrets."mailpass".owner = config.users.users.virtualMail.name; sops.secrets."mailpass".owner = config.users.users.virtualMail.name;
#Fix for the dovecot update
services.dovecot2.sieve.extensions = ["fileinto"];
mailserver = { mailserver = {
enable = true; enable = true;
enableImap = true; enableImap = true;
@ -85,6 +88,7 @@
"mail.lillianviolet.dev" "mail.lillianviolet.dev"
"pop3.lillianviolet.dev" "pop3.lillianviolet.dev"
"lillianviolet.dev" "lillianviolet.dev"
"mail.gladtherescake.eu"
]; ];
}; };
} }

View file

@ -0,0 +1,29 @@
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
environment.systemPackages = with pkgs; [
# System tools
age
alejandra
git
git-filter-repo
home-manager
htop
neofetch
oh-my-zsh
rsync
spacevim
wget
zsh
# System libraries
noto-fonts
noto-fonts-emoji-blob-bin
noto-fonts-emoji
];
}