1e1e8e8509
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 11m58s
554 lines
19 KiB
Nix
554 lines
19 KiB
Nix
{
|
|
|
|
# "git+file:///<full-path>" for fixing an input
|
|
inputs = {
|
|
|
|
clan-core.inputs.flake-parts.follows = "flake-parts";
|
|
clan-core.inputs.nixpkgs.follows = "nixpkgs";
|
|
clan-core.url = "git+https://git.clan.lol/clan/clan-core?rev=1bd3af310ea074d0ea9de6233376476c6ca9149a"; # last time clan was using facts instead of vars
|
|
clan-fact-generators.inputs.clan-core.follows = "clan-core";
|
|
clan-fact-generators.url = "github:mrvandalo/clan-fact-generators";
|
|
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
|
|
flake-parts.url = "github:hercules-ci/flake-parts";
|
|
healthchecks.inputs.nixpkgs.follows = "nixpkgs";
|
|
healthchecks.url = "github:mrvandalo/nixos-healthchecks";
|
|
#healthchecks.url = "git+file:///home/palo/dev/nixos/healthcheck";
|
|
home-manager-utils.inputs.home-manager.follows = "home-manager";
|
|
home-manager-utils.url = "github:mrvandalo/home-manager-utils";
|
|
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
|
home-manager.url = "github:nix-community/home-manager";
|
|
landingpage.url = "github:mrVanDalo/landingpage";
|
|
nix-topology.inputs.nixpkgs.follows = "nixpkgs";
|
|
nix-topology.url = "github:oddlama/nix-topology";
|
|
nixos-anywhere.url = "github:nix-community/nixos-anywhere";
|
|
nixos-hardware.url = "github:nixos/nixos-hardware";
|
|
nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11";
|
|
nixpkgs-legacy_2311.url = "github:nixos/nixpkgs/nixos-23.11";
|
|
nixpkgs-legacy_2405.url = "github:nixos/nixpkgs/nixos-24.05";
|
|
nixpkgs-legacy_2411.url = "github:nixos/nixpkgs/nixos-24.11";
|
|
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
|
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small";
|
|
permown.inputs.nixpkgs.follows = "nixpkgs";
|
|
permown.url = "github:mrVanDalo/module.permown";
|
|
polygon-art.url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
|
|
private-parts.inputs.nixpkgs.follows = "nixpkgs"; # only private input
|
|
private-parts.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git?ref=main";
|
|
#private-parts.url = "git+file:///home/palo/dev/nixos/nixos-private-parts";
|
|
retiolum.url = "github:Mic92/retiolum";
|
|
share-http.inputs.nixpkgs.follows = "nixpkgs"; # only private input
|
|
share-http.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/share-host.git?ref=main";
|
|
srvos.url = "github:nix-community/srvos";
|
|
stylix.inputs.home-manager.follows = "home-manager";
|
|
stylix.inputs.nixpkgs.follows = "nixpkgs";
|
|
stylix.url = "github:danth/stylix";
|
|
taskwarrior.inputs.nixpkgs.follows = "nixpkgs";
|
|
taskwarrior.url = "github:mrvandalo/taskwarrior-flake";
|
|
#taskwarrior.url = "git+file:///home/palo/dev/nixos/taskwarrior-flake";
|
|
telemetry.inputs.nixpkgs.follows = "nixpkgs";
|
|
telemetry.url = "github:mrvandalo/nixos-telemetry";
|
|
#telemetry.url = "git+file:///home/palo/dev/nixos/nixos-telemetry";
|
|
treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
|
|
treefmt-nix.url = "github:numtide/treefmt-nix";
|
|
|
|
# smoke test framwork to trigger tests (enable if I want to use it for real)
|
|
#smoke = {
|
|
# url = github:SamirTalwar/smoke;
|
|
# inputs.nixpkgs.follows = "nixpkgs";
|
|
#};
|
|
|
|
};
|
|
|
|
outputs =
|
|
inputs@{
|
|
clan-core,
|
|
clan-fact-generators,
|
|
flake-parts,
|
|
healthchecks,
|
|
home-manager,
|
|
home-manager-utils,
|
|
landingpage,
|
|
nix-topology,
|
|
nixos-anywhere,
|
|
nixos-hardware,
|
|
nixpkgs,
|
|
nixpkgs-legacy_2211,
|
|
nixpkgs-legacy_2311,
|
|
nixpkgs-legacy_2405,
|
|
nixpkgs-legacy_2411,
|
|
nixpkgs-unstable-small,
|
|
permown,
|
|
polygon-art,
|
|
private-parts,
|
|
retiolum,
|
|
self,
|
|
share-http,
|
|
srvos,
|
|
stylix,
|
|
taskwarrior,
|
|
telemetry,
|
|
treefmt-nix,
|
|
}:
|
|
|
|
let
|
|
inherit (nixpkgs) lib;
|
|
|
|
meta = rec {
|
|
system = "x86_64-linux";
|
|
pkgs =
|
|
let
|
|
allowUnfree = true;
|
|
permittedInsecurePackages = [
|
|
"electron-24.8.6" # for bitwarden
|
|
"python-2.7.18.6"
|
|
"python-2.7.18.7"
|
|
"python-2.7.18.8"
|
|
"electron-27.3.11" # for logseq
|
|
"electron-28.3.3" # for logseq
|
|
"aspnetcore-runtime-wrapped-6.0.36" # for jellyfin
|
|
"aspnetcore-runtime-6.0.36" # for jellyfin
|
|
"dotnet-sdk-wrapped-6.0.428" # for jellyfin
|
|
"dotnet-sdk-6.0.428" # for jellyfin
|
|
];
|
|
in
|
|
import nixpkgs {
|
|
inherit system;
|
|
config = {
|
|
inherit allowUnfree permittedInsecurePackages;
|
|
};
|
|
overlays = [
|
|
(_self: _super: {
|
|
unstable-small = import nixpkgs-unstable-small {
|
|
inherit system;
|
|
config = {
|
|
inherit allowUnfree permittedInsecurePackages;
|
|
};
|
|
};
|
|
legacy_2211 = import nixpkgs-legacy_2211 {
|
|
inherit system;
|
|
config = {
|
|
inherit allowUnfree permittedInsecurePackages;
|
|
};
|
|
};
|
|
legacy_2311 = import nixpkgs-legacy_2311 {
|
|
inherit system;
|
|
config = {
|
|
inherit allowUnfree permittedInsecurePackages;
|
|
};
|
|
};
|
|
legacy_2405 = import nixpkgs-legacy_2405 {
|
|
inherit system;
|
|
config = {
|
|
inherit allowUnfree permittedInsecurePackages;
|
|
};
|
|
};
|
|
polygon-art = polygon-art.packages.${system};
|
|
landingpage = landingpage.packages.${system}.plain;
|
|
share-via-http = share-http.packages.${system}.default;
|
|
inherit (taskwarrior.packages.${system})
|
|
bugwarrior
|
|
tasksh
|
|
taskwarrior-hooks
|
|
;
|
|
inherit (self.packages.${system})
|
|
otpmenu
|
|
nsxiv
|
|
;
|
|
})
|
|
];
|
|
};
|
|
specialArgs = {
|
|
inherit inputs;
|
|
assets = ./assets;
|
|
factsGenerator = clan-fact-generators.lib { inherit pkgs; };
|
|
clanLib = import ./lib/clanlib.nix {
|
|
inherit (pkgs) lib;
|
|
machineDir = ./machines;
|
|
};
|
|
# https://git.clan.lol/clan/clan-core/issues/1575 < here is how I could do this generic
|
|
zerotierInterface = "ztbn67ogn2";
|
|
components = ./components;
|
|
features = ./features;
|
|
};
|
|
};
|
|
|
|
clanSetup =
|
|
{
|
|
name,
|
|
host,
|
|
modules,
|
|
}:
|
|
{
|
|
|
|
clan.core.networking.targetHost = lib.mkDefault "root@${host}";
|
|
nixpkgs.pkgs = meta.pkgs;
|
|
nixpkgs.hostPlatform = meta.system;
|
|
clan.core.facts.secretStore = "password-store";
|
|
clan.core.vars.settings.secretStore = "password-store";
|
|
|
|
imports =
|
|
modules
|
|
++ defaultModules
|
|
++ [
|
|
./machines/${name}/configuration.nix
|
|
nix-topology.nixosModules.default
|
|
];
|
|
};
|
|
|
|
zerotierControllerModule = {
|
|
clan.core.networking.zerotier.controller = {
|
|
enable = true;
|
|
public = false;
|
|
};
|
|
};
|
|
|
|
zerotierModules =
|
|
{ pkgs, ... }:
|
|
{
|
|
imports = [
|
|
|
|
# this magically adds all my machines in the zero tier network
|
|
# and makes the controller accept them.
|
|
# will automatic look into `/machines/<name>/facts/zerotier-ip
|
|
inputs.clan-core.clanModules.zerotier-static-peers
|
|
|
|
# Statically configure the host names of machines based on their respective zerotier-ip.
|
|
inputs.clan-core.clanModules.static-hosts
|
|
|
|
# generate ssh host keys with facts
|
|
inputs.clan-core.clanModules.sshd
|
|
|
|
# manual configs
|
|
{
|
|
clan.static-hosts.topLevelDomain = "bear";
|
|
components.network.zerotier.enable = true;
|
|
environment.systemPackages = [
|
|
clan-core.packages.${pkgs.system}.clan-cli
|
|
(pkgs.writers.writeBashBin "zerotier-script-nodeid" ''
|
|
sudo ${pkgs.zerotierone}/bin/zerotier-cli info | cut -d " " -f 3
|
|
'')
|
|
];
|
|
}
|
|
];
|
|
};
|
|
|
|
defaultAuthorizedKeys =
|
|
{ config, pkgs, ... }:
|
|
{
|
|
users.users.root.openssh.authorizedKeys.keyFiles = [
|
|
# yubikey key
|
|
./assets/mrvandalo_rsa.pub
|
|
# backup key
|
|
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
|
|
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
|
|
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.paperless-ngx.id_ed25519.pub"
|
|
];
|
|
environment.systemPackages = [ pkgs.borgbackup ];
|
|
};
|
|
|
|
defaultModules = [
|
|
# make flake inputs accessiable in NixOS
|
|
{
|
|
_module.args.self = self;
|
|
_module.args.inputs = self.inputs;
|
|
}
|
|
{
|
|
# disable emergency mode everywhere, although it might be needed on laptops
|
|
boot.initrd.systemd.emergencyAccess = false;
|
|
boot.initrd.systemd.suppressedUnits = [
|
|
"emergency.service"
|
|
"emergency.target"
|
|
];
|
|
systemd.enableEmergencyMode = false;
|
|
}
|
|
# configure nix
|
|
(
|
|
{
|
|
pkgs,
|
|
lib,
|
|
clanLib,
|
|
...
|
|
}:
|
|
{
|
|
nix.settings.substituters = [ "http://cache.orbi.wg0" ];
|
|
nix.settings.trusted-public-keys = [ (clanLib.readFact "nix-serve.pub" "orbi") ];
|
|
nix.settings.experimental-features = [
|
|
"nix-command"
|
|
"flakes"
|
|
];
|
|
# https://nix.dev/manual/nix/2.17/advanced-topics/cores-vs-jobs
|
|
nix.settings.max-jobs = 1;
|
|
nix.settings.cores = 4;
|
|
# no channesl needed this way
|
|
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
|
|
|
|
# documentation
|
|
# =============
|
|
documentation.nixos.enable = true;
|
|
#documentation.nixos.includeAllModules = true; # fixme : not working (see down there)
|
|
documentation.nixos.options.warningsAreErrors = false; # todo make this true again
|
|
documentation.nixos.extraModules = [
|
|
./components
|
|
./features
|
|
#./modules
|
|
clan-core.nixosModules.clanCore
|
|
telemetry.nixosModules.telemetry
|
|
{
|
|
clan.core.clanDir = ./.; # fixes issues with clanCore https://git.clan.lol/clan/clan-core/issues/1979
|
|
}
|
|
# inputs.stylix.nixosModules.stylix # fixme: not working
|
|
permown.nixosModules.permown
|
|
home-manager.nixosModules.home-manager
|
|
# retiolum.nixosModules.retiolum # fixme: not working
|
|
];
|
|
|
|
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
|
|
boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10;
|
|
boot.loader.grub.configurationLimit = lib.mkDefault 10;
|
|
}
|
|
)
|
|
# My Structure
|
|
./components
|
|
./features
|
|
./modules # todo : spread this across features and components
|
|
#./system/all # todo : spread this across features and components
|
|
(
|
|
{ lib, pkgs, ... }:
|
|
{
|
|
telemetry.netdata.enable = false;
|
|
}
|
|
)
|
|
|
|
# some modules I always use
|
|
telemetry.nixosModules.telemetry
|
|
permown.nixosModules.permown
|
|
# some default things I always want
|
|
(
|
|
{ pkgs, ... }:
|
|
{
|
|
boot.tmp.useTmpfs = lib.mkDefault true;
|
|
}
|
|
)
|
|
];
|
|
|
|
stylixModules =
|
|
{
|
|
pkgs,
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
{
|
|
imports = [ stylix.nixosModules.stylix ];
|
|
stylix.enable = true;
|
|
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
|
|
stylix.image = ./assets/wallpaper.png;
|
|
|
|
home-manager.sharedModules = [
|
|
{
|
|
# no need for hyperland
|
|
# https://github.com/danth/stylix/issues/543
|
|
stylix.targets.hyprpaper.enable = lib.mkForce false;
|
|
stylix.targets.hyprland.enable = lib.mkForce false;
|
|
}
|
|
];
|
|
stylix.fonts = {
|
|
serif = {
|
|
package = pkgs.nerd-fonts.ubuntu;
|
|
name = "Ubuntu";
|
|
};
|
|
sansSerif = {
|
|
package = pkgs.nerd-fonts.ubuntu;
|
|
name = "Ubuntu";
|
|
};
|
|
monospace = {
|
|
package = pkgs.nerd-fonts.jetbrains-mono;
|
|
name = "JetBrains Mono";
|
|
};
|
|
emoji = config.stylix.fonts.monospace;
|
|
# emoji = {
|
|
# package = pkgs.noto-fonts-emoji;
|
|
# name = "Noto Color Emoji";
|
|
# };
|
|
sizes.popups = 15;
|
|
};
|
|
};
|
|
|
|
homeManagerModules =
|
|
{ pkgs, config, ... }:
|
|
{
|
|
imports = [
|
|
home-manager.nixosModules.home-manager
|
|
];
|
|
home-manager.extraSpecialArgs = {
|
|
assets = ./assets;
|
|
};
|
|
home-manager.useGlobalPkgs = true;
|
|
home-manager.useUserPackages = true;
|
|
home-manager.backupFileExtension = "backup";
|
|
home-manager.sharedModules = [
|
|
home-manager-utils.hmModule
|
|
taskwarrior.hmModules.bugwarrior
|
|
];
|
|
};
|
|
|
|
in
|
|
|
|
flake-parts.lib.mkFlake { inherit inputs; } (
|
|
{
|
|
self,
|
|
self',
|
|
pkgs,
|
|
...
|
|
}:
|
|
{
|
|
systems = [ "x86_64-linux" ];
|
|
imports = [
|
|
clan-core.flakeModules.default
|
|
healthchecks.flakeModule
|
|
./nix/formatter.nix
|
|
./nix/packages
|
|
./nix/topology
|
|
];
|
|
|
|
# Define your clan
|
|
clan = {
|
|
# Clan wide settings.
|
|
meta.name = "gummybears"; # Ensure to choose a unique name.
|
|
specialArgs = meta.specialArgs;
|
|
|
|
machines = {
|
|
|
|
cherry = clanSetup {
|
|
name = "cherry";
|
|
host = "cherry.bear";
|
|
modules = [
|
|
healthchecks.nixosModules.default
|
|
zerotierModules
|
|
nixos-hardware.nixosModules.framework-13th-gen-intel
|
|
retiolum.nixosModules.retiolum
|
|
private-parts.nixosModules.cherry
|
|
homeManagerModules
|
|
stylixModules
|
|
{ home-manager.users.mainUser.gui.enable = true; }
|
|
{
|
|
home-manager.users.mainUser = import ./homes/palo;
|
|
home-manager.users.root = import ./homes/root;
|
|
}
|
|
{
|
|
clan.core.machineDescription = "Laptop";
|
|
}
|
|
(
|
|
{ config, ... }:
|
|
{
|
|
# keys only to access cherry
|
|
users.users.root.openssh.authorizedKeys.keyFiles = [
|
|
"${config.clan.core.clanDir}/machines/cherry/facts/ssh.root.cherry.id_ed25519.pub"
|
|
];
|
|
}
|
|
)
|
|
];
|
|
};
|
|
|
|
chungus = clanSetup {
|
|
name = "chungus";
|
|
host = "chungus.bear";
|
|
modules = [
|
|
healthchecks.nixosModules.default
|
|
zerotierModules
|
|
zerotierControllerModule
|
|
homeManagerModules
|
|
stylixModules
|
|
retiolum.nixosModules.retiolum
|
|
private-parts.nixosModules.chungus
|
|
{
|
|
home-manager.users.mainUser = import ./homes/palo;
|
|
home-manager.users.root = import ./homes/root;
|
|
}
|
|
{
|
|
clan.core.machineDescription = "Home Server";
|
|
}
|
|
(
|
|
{ config, ... }:
|
|
{
|
|
# keys only to access chungus
|
|
users.users.root.openssh.authorizedKeys.keyFiles = [
|
|
"${config.clan.core.clanDir}/machines/cherry/facts/ssh.root.chungus.id_ed25519.pub"
|
|
];
|
|
}
|
|
)
|
|
];
|
|
};
|
|
|
|
orbi = clanSetup {
|
|
name = "orbi";
|
|
host = "orbi.bear";
|
|
#host = "95.216.66.212";
|
|
modules = [
|
|
defaultAuthorizedKeys
|
|
healthchecks.nixosModules.default
|
|
homeManagerModules
|
|
stylixModules
|
|
zerotierModules
|
|
srvos.nixosModules.hardware-hetzner-online-intel
|
|
#srvos.nixosModules.server
|
|
#srvos.nixosModules.mixins-terminfo
|
|
{
|
|
home-manager.users.mainUser = import ./homes/palo;
|
|
home-manager.users.root = import ./homes/root;
|
|
}
|
|
{
|
|
clan.core.machineDescription = "Internet Server";
|
|
}
|
|
];
|
|
};
|
|
|
|
probe = clanSetup {
|
|
name = "probe";
|
|
#host = "167.235.205.150";
|
|
host = "95.217.18.54";
|
|
modules = [
|
|
defaultAuthorizedKeys
|
|
homeManagerModules
|
|
stylixModules
|
|
srvos.nixosModules.hardware-hetzner-cloud
|
|
srvos.nixosModules.server
|
|
srvos.nixosModules.mixins-terminfo
|
|
#inputs.clan-core.clanModules.sshd
|
|
{
|
|
home-manager.users.mainUser = import ./homes/palo;
|
|
home-manager.users.root = import ./homes/root;
|
|
}
|
|
{
|
|
clan.core.machineDescription = "Dummy Internet Server";
|
|
}
|
|
];
|
|
};
|
|
|
|
usbstick = clanSetup {
|
|
name = "usbstick";
|
|
#host = "usbstick.bear";
|
|
host = "10.100.0.100";
|
|
modules = [
|
|
defaultAuthorizedKeys
|
|
homeManagerModules
|
|
stylixModules
|
|
zerotierModules
|
|
{ home-manager.users.mainUser.gui.enable = true; }
|
|
{
|
|
home-manager.users.mainUser = import ./homes/palo;
|
|
home-manager.users.root = import ./homes/root;
|
|
}
|
|
{
|
|
clan.core.machineDescription = "USB-Stick for Backup";
|
|
}
|
|
];
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|
|
);
|
|
|
|
}
|