511 lines
16 KiB
Nix
511 lines
16 KiB
Nix
{
|
|
inputs = {
|
|
|
|
flake-parts.url = "github:hercules-ci/flake-parts";
|
|
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
|
|
|
|
clan-fact-generators = {
|
|
url = "github:mrvandalo/clan-fact-generators";
|
|
inputs.clan-core.follows = "clan-core";
|
|
};
|
|
|
|
clan-core = {
|
|
url = "git+https://git.clan.lol/clan/clan-core";
|
|
#url = "git+file:///home/palo/dev/clan-core";
|
|
inputs.nixpkgs.follows = "nixpkgs"; # Needed if your configuration uses nixpkgs unstable.
|
|
inputs.flake-parts.follows = "flake-parts";
|
|
};
|
|
|
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
|
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
|
|
nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11";
|
|
nixpkgs-legacy_2311.url = "github:nixos/nixpkgs/nixos-23.11";
|
|
nixpkgs-legacy_2405.url = "github:nixos/nixpkgs/nixos-24.05";
|
|
nixos-hardware.url = "github:nixos/nixos-hardware";
|
|
nixos-anywhere.url = "github:nix-community/nixos-anywhere";
|
|
|
|
home-manager = {
|
|
#url = "github:nix-community/home-manager/release-23.11";
|
|
url = "github:nix-community/home-manager";
|
|
#inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
polygon-art = {
|
|
url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
|
|
};
|
|
|
|
home-manager-utils = {
|
|
url = "github:mrvandalo/home-manager-utils";
|
|
inputs.home-manager.follows = "home-manager";
|
|
};
|
|
|
|
permown = {
|
|
url = "github:mrVanDalo/module.permown";
|
|
#url = "git+file:///home/palo/dev/nixos/permown";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
private_assets = {
|
|
#url = "git+file:///home/palo/dev/nixos/nixos-private-assets";
|
|
url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main";
|
|
flake = true;
|
|
};
|
|
|
|
retiolum = {
|
|
url = "github:Mic92/retiolum";
|
|
#url = "git+file:///home/palo/dev/nixos/retiolum";
|
|
};
|
|
|
|
srvos.url = "github:nix-community/srvos";
|
|
|
|
landingpage = {
|
|
#url = "git+file:///home/palo/dev/landingpage";
|
|
url = "github:mrVanDalo/landingpage";
|
|
};
|
|
|
|
# todo: mabye use https://github.com/jtroo/kanata instead
|
|
# fixme: kmonad crashes every now and than and the keyboard is not usable anymore.
|
|
kmonad = {
|
|
url = "github:kmonad/kmonad?dir=nix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
stylix = {
|
|
url = "github:danth/stylix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
inputs.home-manager.follows = "home-manager";
|
|
};
|
|
|
|
# smoke test framwork to trigger tests (enable if I want to use it for real)
|
|
#smoke = {
|
|
# url = github:SamirTalwar/smoke;
|
|
# inputs.nixpkgs.follows = "nixpkgs";
|
|
#};
|
|
|
|
# had to override it to remove colors
|
|
taskshell = {
|
|
url = "github:mrvandalo/taskshell";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
# my own tool
|
|
overviewer.url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/overviewer.git?ref=main";
|
|
};
|
|
|
|
outputs =
|
|
inputs@{ self
|
|
, clan-core
|
|
, clan-fact-generators
|
|
, flake-parts
|
|
, home-manager
|
|
, home-manager-utils
|
|
, kmonad
|
|
, landingpage
|
|
, nixos-anywhere
|
|
, nixos-hardware
|
|
, nixpkgs
|
|
, nixpkgs-legacy_2211
|
|
, nixpkgs-legacy_2311
|
|
, nixpkgs-legacy_2405
|
|
, nixpkgs-unstable-small
|
|
, overviewer
|
|
, permown
|
|
, polygon-art
|
|
, private_assets
|
|
, retiolum
|
|
, srvos
|
|
, stylix
|
|
, taskshell
|
|
}:
|
|
|
|
let
|
|
#system = "x86_64-linux";
|
|
|
|
#pkgs = nixpkgs.legacyPackages.${system};
|
|
inherit (nixpkgs) lib;
|
|
|
|
meta = rec {
|
|
system = "x86_64-linux";
|
|
pkgs = import nixpkgs {
|
|
inherit system;
|
|
config.allowUnfree = true;
|
|
config.permittedInsecurePackages = [
|
|
"electron-24.8.6" # for bitwarden
|
|
"python-2.7.18.6"
|
|
"python-2.7.18.7"
|
|
"python-2.7.18.8"
|
|
"electron-27.3.11" # for logseq
|
|
"electron-28.3.3" # for logseq
|
|
];
|
|
overlays = [
|
|
(_self: _super: {
|
|
unstable-small = import nixpkgs-unstable-small {
|
|
inherit system;
|
|
config.allowUnfree = true;
|
|
};
|
|
legacy_2211 = import nixpkgs-legacy_2211 {
|
|
inherit system;
|
|
config.allowUnfree = true;
|
|
};
|
|
legacy_2311 = import nixpkgs-legacy_2311 {
|
|
inherit system;
|
|
config.allowUnfree = true;
|
|
};
|
|
legacy_2405 = import nixpkgs-legacy_2405 {
|
|
inherit system;
|
|
config.allowUnfree = true;
|
|
};
|
|
polygon-art = polygon-art.packages.${system};
|
|
landingpage = landingpage.packages.${system}.plain;
|
|
kmonad = kmonad.packages.${system}.kmonad;
|
|
tasksh = taskshell.packages.${system}.tasksh;
|
|
overviewer = overviewer.packages.${system}.overviewer;
|
|
pkl = self.packages.${system}.pkl;
|
|
})
|
|
(import ./pkgs)
|
|
];
|
|
};
|
|
specialArgs = {
|
|
inherit private_assets inputs;
|
|
assets = ./assets;
|
|
factsGenerator = clan-fact-generators.lib { inherit pkgs; };
|
|
clanLib = import ./lib/clanlib.nix { inherit (pkgs) lib; machineDir = ./machines; };
|
|
zerotierDeviceName = "ztbn67ogn2";
|
|
components = ./components;
|
|
features = ./features;
|
|
};
|
|
};
|
|
|
|
clanSetup =
|
|
{ name
|
|
, host
|
|
, modules
|
|
}: {
|
|
|
|
clan.core.networking.targetHost = lib.mkDefault "root@${host}";
|
|
nixpkgs.pkgs = meta.pkgs;
|
|
nixpkgs.hostPlatform = meta.system;
|
|
clan.core.facts.secretStore = "password-store";
|
|
|
|
imports = modules ++ defaultModules ++ [
|
|
./machines/${name}/configuration.nix
|
|
];
|
|
};
|
|
|
|
zerotierControllerModule =
|
|
{
|
|
clan.core.networking.zerotier.controller = {
|
|
enable = true;
|
|
public = false;
|
|
};
|
|
};
|
|
|
|
zerotierModules = { pkgs, ... }: {
|
|
imports = [
|
|
|
|
# this magically adds all my machines in the zero tier network
|
|
# and makes the controller accept them.
|
|
# will automatic look into `/machines/<name>/facts/zerotier-ip
|
|
inputs.clan-core.clanModules.zerotier-static-peers
|
|
|
|
# Statically configure the host names of machines based on their respective zerotier-ip.
|
|
inputs.clan-core.clanModules.static-hosts
|
|
|
|
# generate ssh host keys with facts
|
|
inputs.clan-core.clanModules.sshd
|
|
|
|
# manual configs
|
|
{
|
|
clan.static-hosts.topLevelDomain = "bear";
|
|
components.network.zerotier.enable = true;
|
|
environment.systemPackages = [
|
|
clan-core.packages.${pkgs.system}.clan-cli
|
|
(pkgs.writers.writeBashBin "zerotier-script-nodeid" ''
|
|
sudo ${pkgs.zerotierone}/bin/zerotier-cli info | cut -d " " -f 3
|
|
'')
|
|
];
|
|
}
|
|
];
|
|
};
|
|
|
|
defaultModules = [
|
|
# make flake inputs accessiable in NixOS
|
|
{
|
|
_module.args.self = self;
|
|
_module.args.inputs = self.inputs;
|
|
}
|
|
# ssh keys
|
|
({ config, ... }: {
|
|
users.users.root.openssh.authorizedKeys.keyFiles = [
|
|
# master key
|
|
./assets/mrvandalo_rsa.pub
|
|
# backup key
|
|
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
|
|
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
|
|
];
|
|
})
|
|
# configure nix
|
|
({ pkgs, lib, clanLib, ... }:
|
|
{
|
|
nix.settings.substituters = [ "http://cache.orbi.wg0" ];
|
|
nix.settings.trusted-public-keys = [ (clanLib.readFact "nix-serve.pub" "orbi") ];
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
nix.settings.max-jobs = 1;
|
|
# no channesl needed this way
|
|
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
|
|
|
|
# documentation
|
|
# =============
|
|
documentation.nixos.enable = true;
|
|
#documentation.nixos.includeAllModules = true; # fixme : not working (see down there)
|
|
documentation.nixos.options.warningsAreErrors = false; # todo make this true again
|
|
documentation.nixos.extraModules = [
|
|
./components
|
|
./features
|
|
#./modules
|
|
inputs.clan-core.nixosModules.clanCore
|
|
# inputs.stylix.nixosModules.stylix # fixme: not working
|
|
permown.nixosModules.permown
|
|
kmonad.nixosModules.default
|
|
home-manager.nixosModules.home-manager
|
|
# retiolum.nixosModules.retiolum # fixme: not working
|
|
];
|
|
|
|
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
|
|
boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10;
|
|
boot.loader.grub.configurationLimit = lib.mkDefault 10;
|
|
})
|
|
# My Structure
|
|
./components
|
|
./features
|
|
./modules # todo : spread this across features and components
|
|
#./system/all # todo : spread this across features and components
|
|
|
|
# some modules I always use
|
|
permown.nixosModules.permown
|
|
kmonad.nixosModules.default
|
|
# some default things I always want
|
|
({ pkgs, ... }: {
|
|
boot.tmp.useTmpfs = lib.mkDefault true;
|
|
environment.systemPackages = [
|
|
pkgs.nixpkgs-fmt
|
|
];
|
|
})
|
|
];
|
|
|
|
stylixModules = { pkgs, config, ... }: {
|
|
imports = [ stylix.nixosModules.stylix ];
|
|
stylix.enable = true;
|
|
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
|
|
stylix.image = ./assets/wallpaper.png;
|
|
stylix.fonts = {
|
|
serif = {
|
|
package = pkgs.ubuntu_font_family;
|
|
name = "Ubuntu";
|
|
};
|
|
sansSerif = {
|
|
package = pkgs.ubuntu_font_family;
|
|
name = "Ubuntu";
|
|
};
|
|
monospace = {
|
|
package = pkgs.jetbrains-mono;
|
|
name = "JetBrains Mono";
|
|
};
|
|
emoji = {
|
|
package = pkgs.noto-fonts-emoji;
|
|
name = "Noto Color Emoji";
|
|
};
|
|
sizes.popups = 15;
|
|
};
|
|
# todo: remove this if not needed anymore
|
|
#home-manager.sharedModules = [
|
|
# { stylix.targets.bemenu.enable = false; }
|
|
#];
|
|
|
|
};
|
|
|
|
homeManagerModules = { pkgs, config, ... }: {
|
|
imports = [
|
|
home-manager.nixosModules.home-manager
|
|
];
|
|
home-manager.extraSpecialArgs = {
|
|
inherit private_assets;
|
|
assets = ./assets;
|
|
};
|
|
home-manager.useGlobalPkgs = true;
|
|
home-manager.useUserPackages = true;
|
|
home-manager.backupFileExtension = "backup";
|
|
home-manager.sharedModules = [
|
|
home-manager-utils.hmModule
|
|
];
|
|
};
|
|
|
|
in
|
|
|
|
flake-parts.lib.mkFlake { inherit inputs; } ({ self, pkgs, ... }: {
|
|
# We define our own systems below. you can still use this to add system specific outputs to your flake.
|
|
# See: https://flake.parts/getting-started
|
|
systems = [ "x86_64-linux" ];
|
|
|
|
# import clan-core modules
|
|
imports = [
|
|
clan-core.flakeModules.default
|
|
];
|
|
|
|
perSystem = { pkgs, ... }: {
|
|
packages.pkl = pkgs.callPackage ./pkgs/pkl { };
|
|
};
|
|
|
|
# Define your clan
|
|
clan = {
|
|
# Clan wide settings.
|
|
meta.name = "gummybears"; # Ensure to choose a unique name.
|
|
specialArgs = meta.specialArgs;
|
|
|
|
machines = {
|
|
|
|
sternchen = clanSetup {
|
|
name = "sternchen";
|
|
host = "sternchen.bear";
|
|
#host = "192.168.178.25";
|
|
modules = [
|
|
nixos-hardware.nixosModules.lenovo-thinkpad-x220
|
|
homeManagerModules
|
|
stylixModules
|
|
{ home-manager.users.mainUser.gui.enable = true; }
|
|
{
|
|
home-manager.users.mainUser = import ./homes/tina;
|
|
home-manager.users.root = import ./homes/root;
|
|
}
|
|
# todo : strange overrides, this should be an option kinda an be changed on another level (the homes/<name> folders or something)
|
|
({ lib, ... }: {
|
|
home-manager.sharedModules = [
|
|
{
|
|
programs.atuin.enable = lib.mkForce false;
|
|
}
|
|
];
|
|
})
|
|
{
|
|
clan.core.machineDescription = "LaLaptop";
|
|
}
|
|
];
|
|
};
|
|
|
|
cream = clanSetup {
|
|
name = "cream";
|
|
host = "cream.bear";
|
|
modules = [
|
|
zerotierModules
|
|
nixos-hardware.nixosModules.framework-12th-gen-intel
|
|
retiolum.nixosModules.retiolum
|
|
private_assets.nixosModules.cream
|
|
private_assets.nixosModules.yubikey
|
|
homeManagerModules
|
|
stylixModules
|
|
{ home-manager.users.mainUser.gui.enable = true; }
|
|
{
|
|
home-manager.users.mainUser = import ./homes/palo;
|
|
home-manager.users.root = import ./homes/root;
|
|
}
|
|
{
|
|
clan.core.machineDescription = "Laptop";
|
|
}
|
|
];
|
|
};
|
|
|
|
cherry = clanSetup {
|
|
name = "cherry";
|
|
host = "cherry.bear";
|
|
modules = [
|
|
zerotierModules
|
|
nixos-hardware.nixosModules.framework-13th-gen-intel
|
|
retiolum.nixosModules.retiolum
|
|
private_assets.nixosModules.yubikey
|
|
homeManagerModules
|
|
stylixModules
|
|
{ home-manager.users.mainUser.gui.enable = true; }
|
|
{
|
|
home-manager.users.mainUser = import ./homes/palo;
|
|
home-manager.users.root = import ./homes/root;
|
|
}
|
|
{
|
|
clan.core.machineDescription = "Laptop";
|
|
}
|
|
];
|
|
};
|
|
|
|
chungus = clanSetup {
|
|
name = "chungus";
|
|
host = "chungus.bear";
|
|
modules = [
|
|
zerotierModules
|
|
zerotierControllerModule
|
|
homeManagerModules
|
|
stylixModules
|
|
retiolum.nixosModules.retiolum
|
|
private_assets.nixosModules.chungus
|
|
{
|
|
home-manager.users.mainUser = import ./homes/palo;
|
|
home-manager.users.root = import ./homes/root;
|
|
}
|
|
{
|
|
clan.core.machineDescription = "Home Server";
|
|
}
|
|
];
|
|
};
|
|
|
|
orbi = clanSetup {
|
|
name = "orbi";
|
|
host = "orbi.bear";
|
|
#host = "95.216.66.212";
|
|
modules = [
|
|
zerotierModules
|
|
homeManagerModules
|
|
stylixModules
|
|
srvos.nixosModules.hardware-hetzner-online-intel
|
|
#srvos.nixosModules.server
|
|
#srvos.nixosModules.mixins-terminfo
|
|
{
|
|
# not needed for servers in general
|
|
boot.initrd.systemd.emergencyAccess = false;
|
|
systemd.enableEmergencyMode = false;
|
|
}
|
|
{
|
|
home-manager.users.mainUser = import ./homes/palo;
|
|
home-manager.users.root = import ./homes/root;
|
|
}
|
|
{
|
|
clan.core.machineDescription = "Internet Server";
|
|
}
|
|
];
|
|
};
|
|
|
|
probe = clanSetup {
|
|
name = "probe";
|
|
#host = "167.235.205.150";
|
|
host = "95.217.18.54";
|
|
modules = [
|
|
homeManagerModules
|
|
stylixModules
|
|
srvos.nixosModules.hardware-hetzner-cloud
|
|
srvos.nixosModules.server
|
|
srvos.nixosModules.mixins-terminfo
|
|
#inputs.clan-core.clanModules.sshd
|
|
{
|
|
home-manager.users.mainUser = import ./homes/palo;
|
|
home-manager.users.root = import ./homes/root;
|
|
}
|
|
{
|
|
clan.core.machineDescription = "Dummy Internet Server";
|
|
}
|
|
];
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
});
|
|
|
|
}
|
|
|