346 lines
11 KiB
Nix
346 lines
11 KiB
Nix
{
|
|
|
|
description = "my krops file";
|
|
|
|
inputs = {
|
|
|
|
secrets = {
|
|
url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-secrets.git?ref=main";
|
|
flake = false;
|
|
};
|
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
|
|
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
|
nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11";
|
|
nixpkgs-legacy_2205.url = "github:nixos/nixpkgs/nixos-22.05";
|
|
nixpkgs-legacy_2105.url = "github:nixos/nixpkgs/nixos-21.05";
|
|
nixos-hardware = {
|
|
url = "github:nixos/nixos-hardware";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
home-manager = {
|
|
url = "github:nix-community/home-manager/release-23.05";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
colmena = {
|
|
url = "github:zhaofengli/colmena";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
polygon-art = {
|
|
url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
|
|
};
|
|
sops-nix.url = "github:Mic92/sops-nix";
|
|
emacs-overlay = {
|
|
url = "github:nix-community/emacs-overlay";
|
|
flake = false;
|
|
};
|
|
doom-emacs-nix = {
|
|
url = "github:nix-community/nix-doom-emacs";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
#inputs.emacs-overlay.follows = "emacs-overlay";
|
|
};
|
|
home-manager-utils = {
|
|
url = "github:mrvandalo/home-manager-utils";
|
|
inputs.home-manager.follows = "home-manager";
|
|
};
|
|
nixpkgs-fmt = {
|
|
url = "github:nix-community/nixpkgs-fmt";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
grocy-scanner = {
|
|
url = "github:mrVanDalo/grocy-scanner";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
permown = {
|
|
url = "github:mrVanDalo/module.permown";
|
|
#url = "git+file:///home/palo/dev/nixos/permown";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
private_assets = {
|
|
#url = "git+file:///home/palo/dev/nixos/nixos-private-assets";
|
|
url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main";
|
|
flake = true;
|
|
};
|
|
retiolum = {
|
|
url = "github:Mic92/retiolum";
|
|
#url = "git+file:///home/palo/dev/nixos/retiolum";
|
|
};
|
|
landingpage = {
|
|
#url = "git+file:///home/palo/dev/landingpage";
|
|
url = "github:mrVanDalo/landingpage";
|
|
};
|
|
kmonad = {
|
|
url = "github:kmonad/kmonad?dir=nix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
disko = {
|
|
url = "github:nix-community/disko";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
#dns = {
|
|
# url = "github:kirelagin/dns.nix";
|
|
# inputs.nixpkgs.follows = "nixpkgs";
|
|
#};
|
|
};
|
|
|
|
outputs =
|
|
{ self
|
|
, colmena
|
|
, disko
|
|
#, dns
|
|
, doom-emacs-nix
|
|
, emacs-overlay
|
|
, grocy-scanner
|
|
, home-manager
|
|
, home-manager-utils
|
|
, kmonad
|
|
, landingpage
|
|
, nixos-hardware
|
|
, nixpkgs
|
|
, nixpkgs-fmt
|
|
, nixpkgs-legacy_2211
|
|
, nixpkgs-legacy_2105
|
|
, nixpkgs-legacy_2205
|
|
, nixpkgs-unstable
|
|
, permown
|
|
, polygon-art
|
|
, private_assets
|
|
, retiolum
|
|
, secrets
|
|
, sops-nix
|
|
}:
|
|
let
|
|
system = "x86_64-linux";
|
|
pkgs = nixpkgs.legacyPackages.${system};
|
|
|
|
pullNetworkPasswords = pkgs.writers.writeBashBin "pull-network-passwords" ''
|
|
# collect all network configurations and save them in the store
|
|
sudo ls /etc/NetworkManager/system-connections \
|
|
| while read file
|
|
do
|
|
sudo cat "/etc/NetworkManager/system-connections/$file" \
|
|
| ${pkgs.pass}/bin/pass insert -m "krops/desktop_secrets/network-manager/system-connections/$file"
|
|
done
|
|
'';
|
|
pushNetworkPasswords = pkgs.writers.writeBashBin "push-network-passwords" ''
|
|
echo "push network passwords to $1"
|
|
'';
|
|
in
|
|
{
|
|
# colmena
|
|
devShell.${system} =
|
|
pkgs.mkShell {
|
|
buildInputs = [
|
|
colmena.packages.${system}.colmena
|
|
pushNetworkPasswords
|
|
pullNetworkPasswords
|
|
nixpkgs-fmt.defaultPackage.${system}
|
|
];
|
|
};
|
|
|
|
colmena =
|
|
let
|
|
sopsModule = name: { lib, ... }: {
|
|
sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml";
|
|
imports = [
|
|
sops-nix.nixosModules.sops
|
|
kmonad.nixosModules.default
|
|
];
|
|
};
|
|
in
|
|
{
|
|
|
|
meta = {
|
|
nixpkgs = import nixpkgs {
|
|
system = "x86_64-linux";
|
|
config.allowUnfree = true;
|
|
overlays = [
|
|
(_self: _super: {
|
|
unstable = import nixpkgs-unstable {
|
|
inherit system;
|
|
config.allowUnfree = true;
|
|
};
|
|
legacy_2211 = nixpkgs-legacy_2211.legacyPackages.${pkgs.system};
|
|
legacy_2205 = nixpkgs-legacy_2205.legacyPackages.${pkgs.system};
|
|
legacy_2105 = nixpkgs-legacy_2105.legacyPackages.${pkgs.system};
|
|
polygon-art = polygon-art.packages.${pkgs.system};
|
|
landingpage = landingpage.packages.${pkgs.system}.plain;
|
|
trilium-server = nixpkgs-unstable.legacyPackages.${pkgs.system}.trilium-server;
|
|
kmonad = kmonad.packages.${pkgs.system}.kmonad;
|
|
})
|
|
];
|
|
};
|
|
specialArgs = {
|
|
inherit private_assets;
|
|
assets = ./nixos/assets;
|
|
};
|
|
};
|
|
|
|
defaults = { name, pkgs, lib, ... }: {
|
|
deployment.buildOnTarget = lib.mkDefault true;
|
|
nix = {
|
|
# no channesl needed this way
|
|
nixPath = [ "nixpkgs=${pkgs.path}" ];
|
|
# make flakes available
|
|
package = pkgs.nixUnstable;
|
|
extraOptions = ''
|
|
experimental-features = nix-command flakes
|
|
'';
|
|
};
|
|
environment.systemPackages = [
|
|
nixpkgs-fmt.defaultPackage.${system}
|
|
colmena.packages.${system}.colmena
|
|
];
|
|
boot.tmpOnTmpfs = lib.mkDefault true; # make /tmp a tmpfs (performance!)
|
|
imports = [
|
|
./nixos/machines/${name}/configuration.nix
|
|
(sopsModule name)
|
|
home-manager.nixosModules.home-manager
|
|
permown.nixosModules.permown
|
|
disko.nixosModules.disko
|
|
{ nix.settings.substituters = [ "https://cache.nixos.org/" ]; }
|
|
{
|
|
nix.settings = {
|
|
substituters = [ "https://colmena.cachix.org" ];
|
|
trusted-public-keys = [ "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg=" ];
|
|
};
|
|
}
|
|
#{
|
|
# nix.settings = {
|
|
# substituters = [ "http://chungus.private:5000" "http://robi.private:5000" ];
|
|
# #trusted-public-keys = [ "to be created" ];
|
|
# };
|
|
#}
|
|
];
|
|
home-manager.useGlobalPkgs = true;
|
|
home-manager.useUserPackages = true;
|
|
};
|
|
|
|
cream = { name, nodes, pkgs, ... }: {
|
|
deployment.allowLocalDeployment = true;
|
|
deployment.targetHost = "${name}.private";
|
|
#deployment.targetHost = "localhost";
|
|
deployment.tags = [ "desktop" "online" "private" ];
|
|
imports = [
|
|
grocy-scanner.nixosModule
|
|
nixos-hardware.nixosModules.framework-12th-gen-intel
|
|
private_assets.nixosModules.jobrad
|
|
retiolum.nixosModules.retiolum
|
|
];
|
|
home-manager.users.mainUser = {
|
|
imports = [
|
|
doom-emacs-nix.hmModule
|
|
home-manager-utils.hmModule
|
|
];
|
|
};
|
|
};
|
|
|
|
#sterni = { name, nodes, pkgs, ... }: {
|
|
# deployment.allowLocalDeployment = true;
|
|
# deployment.targetHost = "${name}.private";
|
|
# deployment.tags = [ "desktop" "online" "private" ];
|
|
# imports = [
|
|
# grocy-scanner.nixosModule
|
|
# nixos-hardware.nixosModules.lenovo-thinkpad-x220
|
|
# retiolum.nixosModules.retiolum
|
|
# ];
|
|
|
|
# home-manager.users.mainUser = {
|
|
# imports = [
|
|
# doom-emacs-nix.hmModule
|
|
# home-manager-utils.hmModule
|
|
# ];
|
|
# };
|
|
#};
|
|
|
|
#sternchen = { name, nodes, pkgs, ... }: {
|
|
# deployment.targetHost = "${name}.secret";
|
|
# deployment.tags = [ "desktop" ];
|
|
# imports = [
|
|
# grocy-scanner.nixosModule
|
|
# ];
|
|
# home-manager.users.mainUser = {
|
|
# imports = [
|
|
# doom-emacs-nix.hmModule
|
|
# home-manager-utils.hmModule
|
|
# ];
|
|
# programs.doom-emacs.enable = false;
|
|
# };
|
|
#};
|
|
|
|
pepe = { name, nodes, pkgs, ... }: {
|
|
deployment.targetHost = "${name}.private";
|
|
deployment.tags = [ "server" "online" "private" ];
|
|
imports = [
|
|
grocy-scanner.nixosModule
|
|
nixos-hardware.nixosModules.lenovo-thinkpad-x220
|
|
];
|
|
};
|
|
|
|
chungus = { name, nodes, pkgs, ... }: {
|
|
deployment.targetHost = "${name}.private";
|
|
deployment.tags = [ "server" "online" "private" ];
|
|
deployment.buildOnTarget = false;
|
|
imports = [
|
|
grocy-scanner.nixosModule
|
|
];
|
|
};
|
|
|
|
robi = { name, nodes, pkgs, ... }: {
|
|
deployment.targetHost = "${name}.private";
|
|
deployment.tags = [ "server" "online" "private" ];
|
|
imports = [
|
|
nixos-hardware.nixosModules.common-cpu-intel
|
|
nixos-hardware.nixosModules.common-gpu-intel
|
|
];
|
|
home-manager.users.root = {
|
|
home.stateVersion = "22.11";
|
|
imports = [
|
|
doom-emacs-nix.hmModule
|
|
];
|
|
programs.doom-emacs = {
|
|
enable = true;
|
|
emacsPackage = pkgs.emacs-nox;
|
|
doomPrivateDir = ./doom.d;
|
|
};
|
|
};
|
|
};
|
|
|
|
bobi = { name, nodes, pkgs, ... }: {
|
|
#deployment.targetHost = "${name}.private";
|
|
deployment.targetHost = "192.168.178.31";
|
|
deployment.buildOnTarget = false;
|
|
deployment.tags = [ "desktop" "usb" "private" ];
|
|
imports = [
|
|
grocy-scanner.nixosModule
|
|
];
|
|
home-manager.users.mainUser = {
|
|
imports = [
|
|
doom-emacs-nix.hmModule
|
|
home-manager-utils.hmModule
|
|
];
|
|
};
|
|
};
|
|
|
|
mobi = { name, nodes, pkgs, ... }: {
|
|
deployment.targetHost = "${name}.private";
|
|
deployment.buildOnTarget = false;
|
|
deployment.tags = [ "desktop" "usb" "private" ];
|
|
imports = [
|
|
grocy-scanner.nixosModule
|
|
];
|
|
home-manager.users.mainUser = {
|
|
imports = [
|
|
doom-emacs-nix.hmModule
|
|
home-manager-utils.hmModule
|
|
];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|