nixos-config/flake.nix

553 lines
18 KiB
Nix
Raw Normal View History

2021-09-24 06:09:20 +02:00
{
# "git+file:///<full-path>" for fixing an input
2021-09-24 06:09:20 +02:00
inputs = {
2023-04-29 23:29:05 +02:00
clan-core.inputs.flake-parts.follows = "flake-parts";
clan-core.inputs.nixpkgs.follows = "nixpkgs";
clan-core.url = "git+https://git.clan.lol/clan/clan-core?rev=1bd3af310ea074d0ea9de6233376476c6ca9149a"; # last time clan was using facts instead of vars
clan-fact-generators.inputs.clan-core.follows = "clan-core";
clan-fact-generators.url = "github:mrvandalo/clan-fact-generators";
2024-04-17 21:30:19 +02:00
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
flake-parts.url = "github:hercules-ci/flake-parts";
healthchecks.inputs.nixpkgs.follows = "nixpkgs";
healthchecks.url = "github:mrvandalo/nixos-healthchecks";
#healthchecks.url = "git+file:///home/palo/dev/nixos/healthcheck";
home-manager-utils.inputs.home-manager.follows = "home-manager";
home-manager-utils.url = "github:mrvandalo/home-manager-utils";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager";
landingpage.url = "github:mrVanDalo/landingpage";
2024-08-30 03:49:18 +02:00
nix-topology.inputs.nixpkgs.follows = "nixpkgs";
nix-topology.url = "github:oddlama/nix-topology";
nixos-anywhere.url = "github:nix-community/nixos-anywhere";
nixos-hardware.url = "github:nixos/nixos-hardware";
2024-05-24 19:04:21 +02:00
nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11";
nixpkgs-legacy_2311.url = "github:nixos/nixpkgs/nixos-23.11";
2024-06-14 10:19:17 +02:00
nixpkgs-legacy_2405.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgs-legacy_2411.url = "github:nixos/nixpkgs/nixos-24.11";
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small";
permown.inputs.nixpkgs.follows = "nixpkgs";
permown.url = "github:mrVanDalo/module.permown";
polygon-art.url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
private-parts.inputs.nixpkgs.follows = "nixpkgs"; # only private input
private-parts.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git?ref=main";
2024-08-31 03:33:08 +02:00
#private-parts.url = "git+file:///home/palo/dev/nixos/nixos-private-parts";
retiolum.url = "github:Mic92/retiolum";
2024-11-22 07:21:28 +01:00
share-http.inputs.nixpkgs.follows = "nixpkgs"; # only private input
share-http.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/share-host.git?ref=main";
2024-02-16 22:21:05 +01:00
srvos.url = "github:nix-community/srvos";
stylix.inputs.home-manager.follows = "home-manager";
stylix.inputs.nixpkgs.follows = "nixpkgs";
stylix.url = "github:danth/stylix";
taskwarrior.inputs.nixpkgs.follows = "nixpkgs";
taskwarrior.url = "github:mrvandalo/taskwarrior-flake";
#taskwarrior.url = "git+file:///home/palo/dev/nixos/taskwarrior-flake";
telemetry.inputs.nixpkgs.follows = "nixpkgs";
telemetry.url = "github:mrvandalo/nixos-telemetry";
#telemetry.url = "git+file:///home/palo/dev/nixos/nixos-telemetry";
treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
treefmt-nix.url = "github:numtide/treefmt-nix";
2024-05-30 16:38:33 +02:00
# smoke test framwork to trigger tests (enable if I want to use it for real)
#smoke = {
# url = github:SamirTalwar/smoke;
# inputs.nixpkgs.follows = "nixpkgs";
#};
2021-09-24 06:09:20 +02:00
};
outputs =
2024-08-29 03:25:41 +02:00
inputs@{
clan-core,
clan-fact-generators,
flake-parts,
healthchecks,
2024-08-29 03:25:41 +02:00
home-manager,
home-manager-utils,
landingpage,
nix-topology,
2024-08-29 03:25:41 +02:00
nixos-anywhere,
nixos-hardware,
nixpkgs,
nixpkgs-legacy_2211,
nixpkgs-legacy_2311,
nixpkgs-legacy_2405,
nixpkgs-legacy_2411,
2024-08-29 03:25:41 +02:00
nixpkgs-unstable-small,
permown,
polygon-art,
private-parts,
2024-08-29 03:25:41 +02:00
retiolum,
self,
2024-11-22 07:21:28 +01:00
share-http,
2024-08-29 03:25:41 +02:00
srvos,
stylix,
taskwarrior,
telemetry,
2024-08-29 03:25:41 +02:00
treefmt-nix,
}:
2024-04-17 21:30:19 +02:00
2021-09-25 20:28:25 +02:00
let
2023-06-30 00:14:18 +02:00
inherit (nixpkgs) lib;
2024-04-17 21:30:19 +02:00
meta = rec {
2023-06-30 00:14:18 +02:00
system = "x86_64-linux";
2024-09-01 14:32:28 +02:00
pkgs =
let
allowUnfree = true;
permittedInsecurePackages = [
"electron-24.8.6" # for bitwarden
"python-2.7.18.6"
"python-2.7.18.7"
"python-2.7.18.8"
"electron-27.3.11" # for logseq
"electron-28.3.3" # for logseq
2024-12-03 14:45:26 +01:00
"aspnetcore-runtime-wrapped-6.0.36" # for jellyfin
"aspnetcore-runtime-6.0.36" # for jellyfin
"dotnet-sdk-wrapped-6.0.428" # for jellyfin
"dotnet-sdk-6.0.428" # for jellyfin
2024-09-01 14:32:28 +02:00
];
in
import nixpkgs {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
overlays = [
(_self: _super: {
unstable-small = import nixpkgs-unstable-small {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
};
legacy_2211 = import nixpkgs-legacy_2211 {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
};
legacy_2311 = import nixpkgs-legacy_2311 {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
};
legacy_2405 = import nixpkgs-legacy_2405 {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
};
polygon-art = polygon-art.packages.${system};
landingpage = landingpage.packages.${system}.plain;
2024-11-22 07:21:28 +01:00
share-via-http = share-http.packages.${system}.default;
inherit (taskwarrior.packages.${system})
bugwarrior
tasksh
taskwarrior-hooks
;
2024-09-05 04:21:16 +02:00
inherit (self.packages.${system})
otpmenu
nsxiv
;
2024-09-01 14:32:28 +02:00
})
];
};
2023-06-30 00:14:18 +02:00
specialArgs = {
2024-08-28 01:02:37 +02:00
inherit inputs;
2024-06-07 22:56:52 +02:00
assets = ./assets;
factsGenerator = clan-fact-generators.lib { inherit pkgs; };
2024-08-29 03:25:41 +02:00
clanLib = import ./lib/clanlib.nix {
inherit (pkgs) lib;
machineDir = ./machines;
};
2024-09-17 03:44:54 +02:00
# https://git.clan.lol/clan/clan-core/issues/1575 < here is how I could do this generic
2024-09-03 13:20:29 +02:00
zerotierInterface = "ztbn67ogn2";
2024-07-24 00:55:55 +02:00
components = ./components;
2024-08-08 16:39:50 +02:00
features = ./features;
2023-06-30 00:14:18 +02:00
};
2024-04-17 21:30:19 +02:00
};
2023-06-30 11:02:05 +02:00
2024-04-17 21:30:19 +02:00
clanSetup =
2024-08-29 03:25:41 +02:00
{
name,
host,
modules,
}:
{
2024-04-17 21:30:19 +02:00
clan.core.networking.targetHost = lib.mkDefault "root@${host}";
2024-04-17 21:30:19 +02:00
nixpkgs.pkgs = meta.pkgs;
nixpkgs.hostPlatform = meta.system;
2024-06-19 13:19:46 +02:00
clan.core.facts.secretStore = "password-store";
clan.core.vars.settings.secretStore = "password-store";
2024-05-29 20:16:04 +02:00
2024-08-29 03:25:41 +02:00
imports =
modules
++ defaultModules
++ [
./machines/${name}/configuration.nix
2024-08-30 03:49:18 +02:00
nix-topology.nixosModules.default
2024-08-29 03:25:41 +02:00
];
2023-06-30 11:02:05 +02:00
};
2024-08-29 03:25:41 +02:00
zerotierControllerModule = {
clan.core.networking.zerotier.controller = {
enable = true;
public = false;
2024-06-26 01:25:55 +02:00
};
};
2024-08-29 03:25:41 +02:00
zerotierModules =
{ pkgs, ... }:
{
imports = [
# this magically adds all my machines in the zero tier network
# and makes the controller accept them.
# will automatic look into `/machines/<name>/facts/zerotier-ip
inputs.clan-core.clanModules.zerotier-static-peers
# Statically configure the host names of machines based on their respective zerotier-ip.
inputs.clan-core.clanModules.static-hosts
# generate ssh host keys with facts
inputs.clan-core.clanModules.sshd
# manual configs
{
clan.static-hosts.topLevelDomain = "bear";
components.network.zerotier.enable = true;
environment.systemPackages = [
clan-core.packages.${pkgs.system}.clan-cli
(pkgs.writers.writeBashBin "zerotier-script-nodeid" ''
sudo ${pkgs.zerotierone}/bin/zerotier-cli info | cut -d " " -f 3
'')
];
}
];
};
defaultAuthorizedKeys =
{ config, pkgs, ... }:
{
users.users.root.openssh.authorizedKeys.keyFiles = [
# yubikey key
./assets/mrvandalo_rsa.pub
# backup key
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.paperless-ngx.id_ed25519.pub"
];
environment.systemPackages = [ pkgs.borgbackup ];
};
2023-06-30 00:14:18 +02:00
defaultModules = [
2024-05-30 16:38:33 +02:00
# make flake inputs accessiable in NixOS
2023-06-30 11:02:05 +02:00
{
_module.args.self = self;
_module.args.inputs = self.inputs;
}
{
# disable emergency mode everywhere, although it might be needed on laptops
boot.initrd.systemd.emergencyAccess = false;
boot.initrd.systemd.suppressedUnits = [
"emergency.service"
"emergency.target"
];
systemd.enableEmergencyMode = false;
}
2024-05-30 16:38:33 +02:00
# configure nix
2024-08-29 03:25:41 +02:00
(
{
pkgs,
lib,
clanLib,
...
}:
2024-05-27 10:48:38 +02:00
{
2024-08-07 23:08:28 +02:00
nix.settings.substituters = [ "http://cache.orbi.wg0" ];
nix.settings.trusted-public-keys = [ (clanLib.readFact "nix-serve.pub" "orbi") ];
2024-08-29 03:25:41 +02:00
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
2024-05-29 10:05:07 +02:00
nix.settings.max-jobs = 1;
2024-04-17 21:30:19 +02:00
# no channesl needed this way
2024-05-27 10:48:38 +02:00
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
# documentation
# =============
2024-06-07 07:54:43 +02:00
documentation.nixos.enable = true;
#documentation.nixos.includeAllModules = true; # fixme : not working (see down there)
documentation.nixos.options.warningsAreErrors = false; # todo make this true again
documentation.nixos.extraModules = [
./components
2024-08-08 16:39:50 +02:00
./features
#./modules
clan-core.nixosModules.clanCore
telemetry.nixosModules.telemetry
2024-08-27 15:30:09 +02:00
{
clan.core.clanDir = ./.; # fixes issues with clanCore https://git.clan.lol/clan/clan-core/issues/1979
}
# inputs.stylix.nixosModules.stylix # fixme: not working
permown.nixosModules.permown
home-manager.nixosModules.home-manager
# retiolum.nixosModules.retiolum # fixme: not working
];
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10;
boot.loader.grub.configurationLimit = lib.mkDefault 10;
2024-08-29 03:25:41 +02:00
}
)
2024-08-08 16:39:50 +02:00
# My Structure
./components
./features
./modules # todo : spread this across features and components
#./system/all # todo : spread this across features and components
(
{ lib, pkgs, ... }:
{
telemetry.netdata.enable = false;
}
)
2024-08-08 16:39:50 +02:00
2024-05-30 16:38:33 +02:00
# some modules I always use
telemetry.nixosModules.telemetry
2024-05-30 16:38:33 +02:00
permown.nixosModules.permown
# some default things I always want
2024-08-29 03:25:41 +02:00
(
{ pkgs, ... }:
{
boot.tmp.useTmpfs = lib.mkDefault true;
}
)
2023-06-30 00:14:18 +02:00
];
2024-08-29 03:25:41 +02:00
stylixModules =
2024-09-04 11:51:59 +02:00
{
pkgs,
config,
lib,
...
}:
2024-08-29 03:25:41 +02:00
{
imports = [ stylix.nixosModules.stylix ];
stylix.enable = true;
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
stylix.image = ./assets/wallpaper.png;
2024-09-04 11:51:59 +02:00
home-manager.sharedModules = [
{
# no need for hyperland
# https://github.com/danth/stylix/issues/543
stylix.targets.hyprpaper.enable = lib.mkForce false;
stylix.targets.hyprland.enable = lib.mkForce false;
}
];
2024-08-29 03:25:41 +02:00
stylix.fonts = {
serif = {
2024-12-03 14:45:26 +01:00
package = pkgs.nerd-fonts.ubuntu;
2024-08-29 03:25:41 +02:00
name = "Ubuntu";
};
sansSerif = {
2024-12-03 14:45:26 +01:00
package = pkgs.nerd-fonts.ubuntu;
2024-08-29 03:25:41 +02:00
name = "Ubuntu";
};
monospace = {
2024-12-03 14:45:26 +01:00
package = pkgs.nerd-fonts.jetbrains-mono;
2024-08-29 03:25:41 +02:00
name = "JetBrains Mono";
};
2024-10-31 06:08:05 +01:00
emoji = config.stylix.fonts.monospace;
# emoji = {
# package = pkgs.noto-fonts-emoji;
# name = "Noto Color Emoji";
# };
2024-08-29 03:25:41 +02:00
sizes.popups = 15;
};
};
2023-07-01 00:20:03 +02:00
2024-08-29 03:25:41 +02:00
homeManagerModules =
{ pkgs, config, ... }:
{
imports = [
home-manager.nixosModules.home-manager
];
home-manager.extraSpecialArgs = {
assets = ./assets;
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "backup";
home-manager.sharedModules = [
home-manager-utils.hmModule
taskwarrior.hmModules.bugwarrior
2024-08-29 03:25:41 +02:00
];
2024-04-21 21:15:45 +02:00
};
2023-02-13 18:40:56 +01:00
2023-06-30 00:14:18 +02:00
in
2023-01-31 15:28:24 +01:00
2024-08-29 03:25:41 +02:00
flake-parts.lib.mkFlake { inherit inputs; } (
2024-08-29 08:47:09 +02:00
{
self,
self',
pkgs,
...
}:
2024-08-29 03:25:41 +02:00
{
systems = [ "x86_64-linux" ];
imports = [
clan-core.flakeModules.default
healthchecks.flakeModule
2024-08-29 03:25:41 +02:00
./nix/formatter.nix
2024-08-29 08:50:06 +02:00
./nix/packages
2024-08-30 12:34:57 +02:00
./nix/topology
2024-08-29 03:25:41 +02:00
];
2024-04-17 21:30:19 +02:00
2024-08-29 03:25:41 +02:00
# Define your clan
clan = {
# Clan wide settings.
meta.name = "gummybears"; # Ensure to choose a unique name.
specialArgs = meta.specialArgs;
machines = {
cherry = clanSetup {
name = "cherry";
host = "cherry.bear";
modules = [
healthchecks.nixosModules.default
2024-08-29 03:25:41 +02:00
zerotierModules
nixos-hardware.nixosModules.framework-13th-gen-intel
retiolum.nixosModules.retiolum
private-parts.nixosModules.cherry
2024-08-29 03:25:41 +02:00
homeManagerModules
stylixModules
{ home-manager.users.mainUser.gui.enable = true; }
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Laptop";
}
(
{ config, ... }:
{
# keys only to access cherry
users.users.root.openssh.authorizedKeys.keyFiles = [
"${config.clan.core.clanDir}/machines/cherry/facts/ssh.root.cherry.id_ed25519.pub"
];
}
)
2024-08-29 03:25:41 +02:00
];
};
chungus = clanSetup {
name = "chungus";
host = "chungus.bear";
modules = [
healthchecks.nixosModules.default
2024-08-29 03:25:41 +02:00
zerotierModules
zerotierControllerModule
homeManagerModules
stylixModules
retiolum.nixosModules.retiolum
private-parts.nixosModules.chungus
2024-08-29 03:25:41 +02:00
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Home Server";
}
(
{ config, ... }:
{
# keys only to access chungus
users.users.root.openssh.authorizedKeys.keyFiles = [
"${config.clan.core.clanDir}/machines/cherry/facts/ssh.root.chungus.id_ed25519.pub"
];
}
)
2024-08-29 03:25:41 +02:00
];
};
orbi = clanSetup {
name = "orbi";
host = "orbi.bear";
#host = "95.216.66.212";
modules = [
defaultAuthorizedKeys
healthchecks.nixosModules.default
2024-08-29 03:25:41 +02:00
homeManagerModules
stylixModules
zerotierModules
srvos.nixosModules.hardware-hetzner-online-intel
#srvos.nixosModules.server
#srvos.nixosModules.mixins-terminfo
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Internet Server";
}
];
};
probe = clanSetup {
name = "probe";
#host = "167.235.205.150";
host = "95.217.18.54";
modules = [
defaultAuthorizedKeys
2024-08-29 03:25:41 +02:00
homeManagerModules
stylixModules
srvos.nixosModules.hardware-hetzner-cloud
srvos.nixosModules.server
srvos.nixosModules.mixins-terminfo
#inputs.clan-core.clanModules.sshd
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Dummy Internet Server";
}
];
};
usbstick = clanSetup {
name = "usbstick";
#host = "usbstick.bear";
host = "10.100.0.100";
modules = [
defaultAuthorizedKeys
2024-08-29 03:25:41 +02:00
homeManagerModules
stylixModules
zerotierModules
{ home-manager.users.mainUser.gui.enable = true; }
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "USB-Stick for Backup";
}
];
};
2024-06-21 22:33:32 +02:00
2024-08-08 23:44:25 +02:00
};
};
2024-04-17 21:30:19 +02:00
2024-08-29 03:25:41 +02:00
}
);
2024-04-17 21:30:19 +02:00
2021-09-24 06:09:20 +02:00
}