swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 00:57:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: update flake, introduce dev input

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-07-07 23:24:33 +02:00
parent 8f898bcb9b
commit 2830b98729
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
10 changed files with 198 additions and 233 deletions
Download patch file Download diff file Expand all files Collapse all files

64
SwarselSystems.org
View file

@ -224,13 +224,13 @@ Here I give a brief overview over the hostmachines that I am using. This is held
|💻 **nbl-imba-2** | Framework Laptop 16, AMD 7940HS, RX 7700S, 64GB RAM | Work laptop |
|💻 **nbm-imba-166** | MacBook Pro 2016 | MacOS Sandbox |
|🖥️ **winters** | ASRock J4105-ITX, 32GB RAM | Main homeserver and data storgae |
|🖥️ **sync** | Oracle Cloud: VM.Standard.E2.1.Micro | Server for lightweight synchronization tasks |
|🖥️ **milkywell** | Oracle Cloud: VM.Standard.E2.1.Micro | Server for lightweight synchronization tasks |
|🖥️ **moonside** | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services |
|📱 **magicant** | Samsung Galaxy Z Flip 6 | Phone |
|💿 **drugstore** | - | ISO installer configuration |
|❔ **chaotheatre** | - | Demo config for checking out my configurtion |
|❔ **toto** | - | Helper configuration for bootstrapping a new system |
|🏠 **home** | - | Reference configuration for a home-manager only host |
|🏠 **Treehouse** | - | Reference configuration for a home-manager only host |
#+end_src
** Programs
@ -391,6 +391,7 @@ When setting this option normally, the password would normally be written world-
};
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-dev.url = "github:Swarsel/nixpkgs/main";
nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05";
nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05";
@ -920,7 +921,7 @@ The structure of =globals.nix.enc= requires a toplevel =globals=.
connections = [
(mkConnection "moonside" "wan")
(mkConnection "pfsense" "wan")
(mkConnection "sync" "wan")
(mkConnection "milkywell" "wan")
(mkConnection "toto" "bootstrapper")
(mkConnection "chaostheatre" "demo host")
];
@ -928,7 +929,7 @@ The structure of =globals.nix.enc= requires a toplevel =globals=.
chaostheatre.interfaces."demo host" = { };
toto.interfaces."bootstrapper" = { };
sync.interfaces.wan = { };
milkywell.interfaces.wan = { };
moonside.interfaces.wan = { };
pfsense = mkRouter "pfSense" {
@ -1390,6 +1391,13 @@ Lastly, I add some of my own library functions to be used alongside the function
};
};
nixpkgs-dev = final: _: {
dev = import inputs.nixpkgs-dev {
inherit (final) system;
config.allowUnfree = true;
};
};
nixpkgs-kernel = final: _: {
kernel = import inputs.nixpkgs-kernel {
inherit (final) system;
@ -1419,6 +1427,7 @@ Lastly, I add some of my own library functions to be used alongside the function
(additions final prev)
// (modifications final prev)
// (nixpkgs-stable final prev)
// (nixpkgs-dev final prev)
// (nixpkgs-kernel final prev)
// (nixpkgs-stable24_05 final prev)
// (nixpkgs-stable24_11 final prev)
@ -2169,7 +2178,7 @@ My server setup was originally built on Proxmox VE; back when I started, I creat
I have removed most of the machines from this section. What remains are some hosts that I have deployed on OCI (mostly sync for medium-important data) and one other machine that I left for now as a reference.
**** Sync (OCI)
**** Milkywell (OCI)
:PROPERTIES:
:CUSTOM_ID: h:4c5febb0-fdf6-44c5-8d51-7ea0f8930abf
:END:
@ -2188,7 +2197,7 @@ This machine mainly acts as an external sync helper. It manages the following th
:CUSTOM_ID: h:922105c3-a604-47d9-918b-db1803784c75
:END:
#+begin_src nix-ts :tangle hosts/nixos/sync/default.nix
#+begin_src nix-ts :tangle hosts/nixos/milkywell/default.nix
{ lib, config, globals, ... }:
let
primaryUser = config.swarselsystems.mainUser;
@ -2206,7 +2215,7 @@ This machine mainly acts as an external sync helper. It manages the following th
];
sops = {
defaultSopsFile = lib.mkForce "/root/.dotfiles/secrets/sync/secrets.yaml";
defaultSopsFile = lib.mkForce "/root/.dotfiles/secrets/milkywell/secrets.yaml";
};
boot = {
@ -2217,7 +2226,7 @@ This machine mainly acts as an external sync helper. It manages the following th
networking = {
nftables.enable = lib.mkForce false;
hostName = "sync";
hostName = "milkywell";
enableIPv6 = false;
domain = "subnet03112148.vcn03112148.oraclevcn.com";
firewall = {
@ -2352,7 +2361,7 @@ This machine mainly acts as an external sync helper. It manages the following th
isSecureBoot = false;
isCrypted = false;
profiles = {
server.sync = true;
server.milkywell = true;
};
}
sharedOptions;
@ -2372,7 +2381,7 @@ This machine mainly acts as an external sync helper. It manages the following th
:CUSTOM_ID: h:64dddedd-9b13-4b74-baf0-1d54d5a89d3b
:END:
#+begin_src nix-ts :tangle hosts/nixos/sync/hardware-configuration.nix
#+begin_src nix-ts :tangle hosts/nixos/milkywell/hardware-configuration.nix
{ config, lib, modulesPath, ... }: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
@ -3836,6 +3845,7 @@ A breakdown of the flags being set:
config = lib.mkIf config.swarselsystems.modules.general
(lib.recursiveUpdate
{
sops.secrets.github-api-token = lib.mkIf (!minimal) { };
nix = {
package = pkgs.nixVersions.nix_2_28;
@ -3859,6 +3869,8 @@ A breakdown of the flags being set:
patches = (o.patches or []) ++ ["${self}/nix/nix-plugins.patch"];
})}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'' + lib.optionalString (!minimal) ''
!include ${config.sops.secrets.github-api-token.path}
'';
};
@ -4551,7 +4563,7 @@ Pipewire handles communication on Wayland. This enables several sound tools as w
Here I only enable =networkmanager= and a few default networks. The rest of the network config is done separately in [[#h:88bf4b90-e94b-46fb-aaf1-a381a512860d][System specific configuration]].
#+begin_src nix-ts :tangle modules/nixos/client/network.nix
{ self, lib, config, ... }:
{ self, lib, pkgs, config, ... }:
let
certsSopsFile = self + /secrets/certs/secrets.yaml;
clientSopsFile = self + /secrets/${config.networking.hostName}/secrets.yaml;
@ -4634,6 +4646,12 @@ Here I only enable =networkmanager= and a few default networks. The rest of the
networkmanager = {
enable = true;
wifi.backend = "iwd";
plugins = [
# list of plugins: https://search.nixos.org/packages?query=networkmanager-
# docs https://networkmanager.dev/docs/vpn/
pkgs.networkmanager-openconnect
pkgs.networkmanager-openvpn
];
ensureProfiles = lib.mkIf (!config.swarselsystems.isPublic) {
environmentFiles = [
"${config.sops.templates."network-manager.env".path}"
@ -5513,7 +5531,7 @@ This is used to better integrate Sway into the system on NixOS hosts. On the hom
config = lib.mkIf config.swarselsystems.modules.sway {
programs.sway = {
enable = true;
package = pkgs.swayfx;
package = pkgs.dev.swayfx;
wrapperFeatures = {
base = true;
gtk = true;
@ -7326,7 +7344,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
"magicant" = {
id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO";
};
"sync@oracle" = {
"milkywell@oracle" = {
id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB";
};
"${workHostName}" = {
@ -7341,7 +7359,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
path = "${cfg.dataDir}/Sync";
type = "receiveonly";
versioning = null;
devices = [ "sync@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
id = "default";
};
"Obsidian" = {
@ -7351,7 +7369,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
type = "simple";
params.keep = "5";
};
devices = [ "sync@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
id = "yjvni-9eaa7";
};
"Org" = {
@ -7361,7 +7379,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
type = "simple";
params.keep = "5";
};
devices = [ "sync@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
id = "a7xnl-zjj3d";
};
"Vpn" = {
@ -7371,7 +7389,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
type = "simple";
params.keep = "5";
};
devices = [ "sync@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
id = "hgp9s-fyq3p";
};
# "Documents" = {
@ -9922,7 +9940,7 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9
govc
terraform
opentofu
terragrunt
dev.terragrunt
graphviz
azure-cli
@ -10472,7 +10490,7 @@ This holds packages that I can use as provided, or with small modifications (as
(aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ]))
# browser
vieb
stable24_11.vieb
mgba
# utilities
@ -10768,7 +10786,7 @@ It is very convenient to have SSH aliases in place for machines that I use. This
hostname = "130.61.119.129";
user = "opc";
};
"sync" = {
"milkywell" = {
hostname = "193.122.53.173";
user = "root";
};
@ -14921,7 +14939,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man
rm modules/home/common/mail.nix
rm modules/home/common/yubikey.nix
rm modules/nixos/server/restic.nix
rm hosts/nixos/sync/default.nix
rm hosts/nixos/milkywell/default.nix
rm -rf modules/nixos/server
rm -rf modules/home/server
nix flake update vbc-nix
@ -16096,8 +16114,8 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
#+begin_src nix-ts :tangle profiles/nixos/syncserver/default.nix :mkdirp yes
{ lib, config, ... }:
{
options.swarselsystems.profiles.server.sync = lib.mkEnableOption "is this a oci sync server";
config = lib.mkIf config.swarselsystems.profiles.server.sync {
options.swarselsystems.profiles.server.milkywell = lib.mkEnableOption "is this a oci milkywell server";
config = lib.mkIf config.swarselsystems.profiles.server.milkywell {
swarselsystems = {
modules = {
general = lib.mkDefault true;

335
flake.lock generated
View file

@ -84,11 +84,11 @@
},
"crane_2": {
"locked": {
"lastModified": 1748970125,
"narHash": "sha256-UDyigbDGv8fvs9aS95yzFfOKkEjx1LO3PL3DsKopohA=",
"lastModified": 1750266157,
"narHash": "sha256-tL42YoNg9y30u7zAqtoGDNdTyXTi8EALDeCB13FtbQA=",
"owner": "ipetkov",
"repo": "crane",
"rev": "323b5746d89e04b22554b061522dfce9e4c49b18",
"rev": "e37c943371b73ed87faf33f7583860f81f1d5a48",
"type": "github"
},
"original": {
@ -145,11 +145,11 @@
]
},
"locked": {
"lastModified": 1750903843,
"narHash": "sha256-Ng9+f0H5/dW+mq/XOKvB9uwvGbsuiiO6HrPdAcVglCs=",
"lastModified": 1751854533,
"narHash": "sha256-U/OQFplExOR1jazZY4KkaQkJqOl59xlh21HP9mI79Vc=",
"owner": "nix-community",
"repo": "disko",
"rev": "83c4da299c1d7d300f8c6fd3a72ac46cb0d59aae",
"rev": "16b74a1e304197248a1bc663280f2548dbfcae3c",
"type": "github"
},
"original": {
@ -166,11 +166,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1750930065,
"narHash": "sha256-BRkcx5a0RUv3su63lMWRVlKUPCrwukeigdkyF+VeXT4=",
"lastModified": 1751908357,
"narHash": "sha256-7JeYhMYTdfzHsFfGZRUM+t0nx4HdYa3oaMH2B/qz9MA=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "b4529390e2e53bae6bfa7a6884dcfa5583b5b858",
"rev": "8e4ecd7c43c5e061dd2fc4d9d1994ec4d67cab2e",
"type": "github"
},
"original": {
@ -274,31 +274,16 @@
"type": "github"
}
},
"flake-compat_6": {
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1749398372,
"narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
"lastModified": 1751413152,
"narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
"rev": "77826244401ea9de6e3bac47c2db46005e1f30b5",
"type": "github"
},
"original": {
@ -406,12 +391,15 @@
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@ -422,7 +410,7 @@
},
"flake-utils_3": {
"inputs": {
"systems": "systems_5"
"systems": "systems_6"
},
"locked": {
"lastModified": 1731533236,
@ -476,32 +464,6 @@
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": [
"stylix",
"flake-compat"
],
"gitignore": "gitignore_4",
"nixpkgs": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1747372754,
"narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
@ -567,41 +529,19 @@
"type": "github"
}
},
"gitignore_4": {
"inputs": {
"nixpkgs": [
"stylix",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gnome-shell": {
"flake": false,
"locked": {
"lastModified": 1744584021,
"narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=",
"lastModified": 1748186689,
"narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=",
"owner": "GNOME",
"repo": "gnome-shell",
"rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae",
"rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0",
"type": "github"
},
"original": {
"owner": "GNOME",
"ref": "48.1",
"ref": "48.2",
"repo": "gnome-shell",
"type": "github"
}
@ -613,11 +553,11 @@
]
},
"locked": {
"lastModified": 1750798083,
"narHash": "sha256-DTCCcp6WCFaYXWKFRA6fiI2zlvOLCf5Vwx8+/0R8Wc4=",
"lastModified": 1751824240,
"narHash": "sha256-aDDC0CHTlL7QDKWWhdbEgVPK6KwWt+ca0QkmHYZxMzI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ff31a4677c1a8ae506aa7e003a3dba08cb203f82",
"rev": "fd9e55f5fac45a26f6169310afca64d56b681935",
"type": "github"
},
"original": {
@ -647,27 +587,6 @@
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1748737919,
"narHash": "sha256-5kvBbLYdp+n7Ftanjcs6Nv+UO6sBhelp6MIGJ9nWmjQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "5675a9686851d9626560052a032c4e14e533c1fa",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1737831083,
@ -693,11 +612,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1750866260,
"narHash": "sha256-fo5NvfutMEw9OV+5rGYuCKjlNNjcnD3cKMbOfzusO/E=",
"lastModified": 1751381593,
"narHash": "sha256-js1XwtJpYhvQrrTaVzViybpztkHJVZ63aXOlFAcTENM=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "f40a3401f86d117affeeb8ca6f0ce5cd1ca3cc24",
"rev": "f4eb75540307c2b33521322c04b7fea74e48a66f",
"type": "github"
},
"original": {
@ -733,11 +652,11 @@
]
},
"locked": {
"lastModified": 1750618568,
"narHash": "sha256-w9EG5FOXrjXGfbqCcQg9x1lMnTwzNDW5BMXp8ddy15E=",
"lastModified": 1751313918,
"narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "1dd19f19e4b53a1fd2e8e738a08dd5fe635ec7e5",
"rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf",
"type": "github"
},
"original": {
@ -797,11 +716,11 @@
]
},
"locked": {
"lastModified": 1750565152,
"narHash": "sha256-A6ZIoIgaPPkzIVxKuaxwEJicPOeTwC/MD9iuC3FVhDM=",
"lastModified": 1751774635,
"narHash": "sha256-DuOznGdgMxeSlPpUu6Wkq0ZD5e2Cfv9XRZeZlHWMd1s=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "78cd697acc2e492b4e92822a4913ffad279c20e6",
"rev": "85686025ba6d18df31cc651a91d5adef63378978",
"type": "github"
},
"original": {
@ -881,11 +800,11 @@
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1713543440,
"narHash": "sha256-lnzZQYG0+EXl/6NkGpyIz+FEOc/DSEG57AP1VsdeNrM=",
"lastModified": 1751696036,
"narHash": "sha256-hXq4IOgSdAAaF/9q/2U8TBDL7aXZyQmtq4wl6USZjKo=",
"owner": "guibou",
"repo": "nixGL",
"rev": "310f8e49a149e4c9ea52f1adf70cdc768ec53f8a",
"rev": "d47b0db35dfa693c10f7c378043dcc6121d3f4ec",
"type": "github"
},
"original": {
@ -917,11 +836,11 @@
]
},
"locked": {
"lastModified": 1747663185,
"narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=",
"lastModified": 1751903740,
"narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc",
"rev": "032decf9db65efed428afd2fa39d80f7089085eb",
"type": "github"
},
"original": {
@ -932,11 +851,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1750837715,
"narHash": "sha256-2m1ceZjbmgrJCZ2PuQZaK4in3gcg3o6rZ7WK6dr5vAA=",
"lastModified": 1751432711,
"narHash": "sha256-136MeWtckSHTN9Z2WRNRdZ8oRP3vyx3L8UxeBYE+J9w=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "98236410ea0fe204d0447149537a924fb71a6d4f",
"rev": "497ae1357f1ac97f1aea31a4cb74ad0d534ef41f",
"type": "github"
},
"original": {
@ -948,11 +867,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1750576544,
"narHash": "sha256-8myT+IxNWIB1B66NNDzQCXc5apy6pIXLW49m4qCRHFs=",
"lastModified": 1751203939,
"narHash": "sha256-omYD+H5LlSihz2DRfv90I8Oeo7JNEwvcHPHX+6nMIM4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e2d9c5bd3cd01115da3fc48c5d46b508a2c5deb1",
"rev": "650e71cbf76de8dd16f5648a96981b726c4ef8fe",
"type": "github"
},
"original": {
@ -962,6 +881,22 @@
"type": "github"
}
},
"nixpkgs-dev": {
"locked": {
"lastModified": 1751913235,
"narHash": "sha256-4iJDKcKd57CuisFTQRMTS1EfiBlwbyUzXlCkQQ63g54=",
"owner": "Swarsel",
"repo": "nixpkgs",
"rev": "2c18d068b3df6bc0fb461583c327b7b94ff4df08",
"type": "github"
},
"original": {
"owner": "Swarsel",
"ref": "main",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-docs": {
"locked": {
"lastModified": 1705957679,
@ -996,6 +931,7 @@
},
"nixpkgs-kernel": {
"locked": {
"lastModified": 1748026106,
"narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=",
"owner": "NixOS",
"repo": "nixpkgs",
@ -1012,11 +948,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1748740939,
"narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=",
"lastModified": 1751159883,
"narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "656a64127e9d791a334452c6b6606d17539476e2",
"rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab",
"type": "github"
},
"original": {
@ -1039,11 +975,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1750646418,
"narHash": "sha256-4UAN+W0Lp4xnUiHYXUXAPX18t+bn6c4Btry2RqM9JHY=",
"lastModified": 1751274312,
"narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1f426f65ac4e6bf808923eb6f8b8c2bfba3d18c5",
"rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674",
"type": "github"
},
"original": {
@ -1071,11 +1007,11 @@
},
"nixpkgs-stable24_11": {
"locked": {
"lastModified": 1750646418,
"narHash": "sha256-4UAN+W0Lp4xnUiHYXUXAPX18t+bn6c4Btry2RqM9JHY=",
"lastModified": 1751274312,
"narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1f426f65ac4e6bf808923eb6f8b8c2bfba3d18c5",
"rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674",
"type": "github"
},
"original": {
@ -1087,11 +1023,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1750838302,
"narHash": "sha256-aVkL3/yu50oQzi2YuKo0ceiCypVZpZXYd2P2p1FMJM4=",
"lastModified": 1751741127,
"narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7284e2decc982b81a296ab35aa46e804baaa1cfe",
"rev": "29e290002bfff26af1db6f64d070698019460302",
"type": "github"
},
"original": {
@ -1103,11 +1039,11 @@
},
"nixpkgs_10": {
"locked": {
"lastModified": 1749401433,
"narHash": "sha256-HXIQzULIG/MEUW2Q/Ss47oE3QrjxvpUX7gUl4Xp6lnc=",
"lastModified": 1750865895,
"narHash": "sha256-p2dWAQcLVzquy9LxYCZPwyUdugw78Qv3ChvnX755qHA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "08fcb0dcb59df0344652b38ea6326a2d8271baff",
"rev": "61c0f513911459945e2cb8bf333dc849f1b976ff",
"type": "github"
},
"original": {
@ -1151,11 +1087,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1660551188,
"narHash": "sha256-a1LARMMYQ8DPx1BgoI/UN4bXe12hhZkCNqdxNi6uS0g=",
"lastModified": 1746378225,
"narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "441dc5d512153039f19ef198e662e4f3dbb9fd65",
"rev": "93e8cdce7afc64297cfec447c311470788131cd9",
"type": "github"
},
"original": {
@ -1166,11 +1102,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1750776420,
"narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=",
"lastModified": 1751792365,
"narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf",
"rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb",
"type": "github"
},
"original": {
@ -1198,11 +1134,11 @@
},
"nixpkgs_7": {
"locked": {
"lastModified": 1750776420,
"narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=",
"lastModified": 1751792365,
"narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf",
"rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb",
"type": "github"
},
"original": {
@ -1320,15 +1256,14 @@
"nur": {
"inputs": {
"flake-parts": "flake-parts_4",
"nixpkgs": "nixpkgs_7",
"treefmt-nix": "treefmt-nix"
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1750928207,
"narHash": "sha256-Rd0528TViqq1hyWyTLNYngeAXRA+1fsGyU87ZW/yVCM=",
"lastModified": 1751906969,
"narHash": "sha256-BSQAOdPnzdpOuCdAGSJmefSDlqmStFNScEnrWzSqKPw=",
"owner": "nix-community",
"repo": "NUR",
"rev": "1a83c7bef385585fc29dbd4d18fc2e2ca32eefc3",
"rev": "ddb679f4131e819efe3bbc6457ba19d7ad116f25",
"type": "github"
},
"original": {
@ -1347,7 +1282,7 @@
"stylix",
"nixpkgs"
],
"treefmt-nix": "treefmt-nix_2"
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1748730660,
@ -1403,11 +1338,11 @@
]
},
"locked": {
"lastModified": 1749636823,
"narHash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4=",
"lastModified": 1750779888,
"narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "623c56286de5a3193aa38891a6991b28f9bab056",
"rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
"type": "github"
},
"original": {
@ -1458,6 +1393,7 @@
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_5",
"nixpkgs-dev": "nixpkgs-dev",
"nixpkgs-kernel": "nixpkgs-kernel",
"nixpkgs-stable": "nixpkgs-stable_2",
"nixpkgs-stable24_05": "nixpkgs-stable24_05",
@ -1467,7 +1403,7 @@
"pre-commit-hooks": "pre-commit-hooks_2",
"sops-nix": "sops-nix",
"stylix": "stylix",
"systems": "systems_3",
"systems": "systems_4",
"vbc-nix": "vbc-nix",
"zjstatus": "zjstatus"
}
@ -1480,11 +1416,11 @@
]
},
"locked": {
"lastModified": 1750560265,
"narHash": "sha256-jQCojKl1/TzqE6ANOu6rP2qqxOcGK2xs6hpxZ77wrR8=",
"lastModified": 1751165203,
"narHash": "sha256-3QhlpAk2yn+ExwvRLtaixWsVW1q3OX3KXXe0l8VMLl4=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "076fdb0d45a9de3f379a626f51a62c78afe7efb1",
"rev": "90f547b90e73d3c6025e66c5b742d6db51c418c3",
"type": "github"
},
"original": {
@ -1501,11 +1437,11 @@
]
},
"locked": {
"lastModified": 1749436897,
"narHash": "sha256-OkDtaCGQQVwVFz5HWfbmrMJR99sFIMXHCHEYXzUJEJY=",
"lastModified": 1750905536,
"narHash": "sha256-Mo7yXM5IvMGNvJPiNkFsVT2UERmnvjsKgnY6UyDdySQ=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "e7876c387e35dc834838aff254d8e74cf5bd4f19",
"rev": "2fa7c0aabd15fa0ccc1dc7e675a4fcf0272ad9a1",
"type": "github"
},
"original": {
@ -1535,11 +1471,11 @@
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1750119275,
"narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=",
"lastModified": 1751606940,
"narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2",
"rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d",
"type": "github"
},
"original": {
@ -1555,14 +1491,11 @@
"base16-helix": "base16-helix",
"base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-compat": "flake-compat_6",
"flake-parts": "flake-parts_5",
"git-hooks": "git-hooks",
"gnome-shell": "gnome-shell",
"home-manager": "home-manager_3",
"nixpkgs": "nixpkgs_9",
"nur": "nur_2",
"systems": "systems_2",
"systems": "systems_3",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
@ -1570,11 +1503,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1750902586,
"narHash": "sha256-6m9WvGLL7pX5KHb0hXgmHvS1RHunImrKQ/MUWLs2tk8=",
"lastModified": 1751906932,
"narHash": "sha256-vRZH3bq24I/heef0AIFnaBmDGdQSpTmyjT4vtpa7qqk=",
"owner": "danth",
"repo": "stylix",
"rev": "0f93e58628596297711954ba5ba6d3a3ef9cf3dd",
"rev": "c538d1a3571386eaaca31aef7bb5fd5c155327b0",
"type": "github"
},
"original": {
@ -1629,6 +1562,21 @@
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@ -1643,7 +1591,7 @@
"type": "github"
}
},
"systems_5": {
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -1740,27 +1688,6 @@
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733222881,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"stylix",
@ -1787,7 +1714,7 @@
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_4"
"systems": "systems_5"
},
"locked": {
"lastModified": 1742477270,
@ -1812,11 +1739,11 @@
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1750360050,
"narHash": "sha256-/BT5MJqy+e0jHjALBNL8YT4kQ9wlaSedxPapYvKyeyw=",
"lastModified": 1750957292,
"narHash": "sha256-2CYTG+jxP5e7GHAj1t5aMsgb0Rom4jdOb3rsdLKpVNA=",
"owner": "dj95",
"repo": "zjstatus",
"rev": "857ada14fc8f652300571272c6db7c12620c33c0",
"rev": "abd848f23eff00d21ec09278072111d97dfd7fe6",
"type": "github"
},
"original": {

1
flake.nix
View file

@ -13,6 +13,7 @@
};
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-dev.url = "github:Swarsel/nixpkgs/main";
nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05";
nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05";

2
modules/home/common/packages.nix
View file

@ -26,7 +26,7 @@
(aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ]))
# browser
vieb
stable24_11.vieb
mgba
# utilities

8
modules/nixos/client/network.nix
View file

@ -1,4 +1,4 @@
{ self, lib, config, ... }:
{ self, lib, pkgs, config, ... }:
let
certsSopsFile = self + /secrets/certs/secrets.yaml;
clientSopsFile = self + /secrets/${config.networking.hostName}/secrets.yaml;
@ -81,6 +81,12 @@ in
networkmanager = {
enable = true;
wifi.backend = "iwd";
plugins = [
# list of plugins: https://search.nixos.org/packages?query=networkmanager-
# docs https://networkmanager.dev/docs/vpn/
pkgs.networkmanager-openconnect
pkgs.networkmanager-openvpn
];
ensureProfiles = lib.mkIf (!config.swarselsystems.isPublic) {
environmentFiles = [
"${config.sops.templates."network-manager.env".path}"

2
modules/nixos/client/sway.nix
View file

@ -4,7 +4,7 @@
config = lib.mkIf config.swarselsystems.modules.sway {
programs.sway = {
enable = true;
package = pkgs.swayfx;
package = pkgs.dev.swayfx;
wrapperFeatures = {
base = true;
gtk = true;

3
modules/nixos/common/settings.nix
View file

@ -54,6 +54,7 @@ in
config = lib.mkIf config.swarselsystems.modules.general
(lib.recursiveUpdate
{
sops.secrets.github-api-token = lib.mkIf (!minimal) { };
nix = {
package = pkgs.nixVersions.nix_2_28;
@ -77,6 +78,8 @@ in
patches = (o.patches or []) ++ ["${self}/nix/nix-plugins.patch"];
})}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'' + lib.optionalString (!minimal) ''
!include ${config.sops.secrets.github-api-token.path}
'';
};

2
modules/nixos/optional/work.nix
View file

@ -195,7 +195,7 @@ in
govc
terraform
opentofu
terragrunt
dev.terragrunt
graphviz
azure-cli

8
nix/overlays.nix
View file

@ -45,6 +45,13 @@ in
};
};
nixpkgs-dev = final: _: {
dev = import inputs.nixpkgs-dev {
inherit (final) system;
config.allowUnfree = true;
};
};
nixpkgs-kernel = final: _: {
kernel = import inputs.nixpkgs-kernel {
inherit (final) system;
@ -74,6 +81,7 @@ in
(additions final prev)
// (modifications final prev)
// (nixpkgs-stable final prev)
// (nixpkgs-dev final prev)
// (nixpkgs-kernel final prev)
// (nixpkgs-stable24_05 final prev)
// (nixpkgs-stable24_11 final prev)

6
secrets/general/secrets.yaml
View file

@ -18,6 +18,8 @@ github-notifications-token: ENC[AES256_GCM,data:RYXPsn4Lqr0sFKC2J/+LOaqvWG8u/Xnr
u2f-keys: ENC[AES256_GCM,data:4UPXyOYEQR1oybxPLR3JW8ro5gTzq0YQse1lnAP020Nm4JG4ElR7iLGhEduXLZSuRcBGy9x/8FIr6UenR6vjFvlt/F+vV7WM2U6rXuUqLeplZksfvYDUi1LNVbj21DUvLddryIbXOfiya9lTPBlbCtOeT5eG2yzp9uzxkIshieH3izU8H5poR2aZiPcd5v9H3aAosrWKhUAR9V6C2s1L5CvlRxKeF0rN3eocCfLFQw9xLVPmyBpOJE6JbKaZgu/9nRB5cp7/xVgLwIvCv09liF3wwqR/O9sBzA3vaTIrZiFI7CeNG++i7HhdABCtvtVb8fh8OqtTi5J4uFRZ4eI4+t5MacVbYnAlmA2U5MHPYweXogIHWMbXZtYt3gb5yreD1+VVNxSHD8ZjkJ9JRazHEkVtDHUQUeVktArxQst7hdpfqYFXY8ZnhLGWhU6mXd/5UDanfVPWhVt4lDg0OY3W9fNM8crIR3g7vwbtxTq3w3pMG5nI/Ia2kxZjpbrIY26tb780ar0lbprCmKTpmjz3zkYFVQ4j8G0/fHJ7ndP8gOhtksPrGNhE4kdF8ORxzDnpjWBCGz7Nr7B+AJuwvgf06mRNvaNDFLA+Bq9qIAZ05bwEx+B2SUJjgdLAOkDSQGD5nJQRjUg589Mzgah7oqsmKSp4y25e29BnrbLTWzYBhzi40pkC5mNyo1yeo+D/Vl1IhQvjQGidyQBg6fxQjk9+kmBybAKTyVn/DSbnoNsl7CKkcL1J0dfP0FW7FTfpNt3gqcWvR4qcvPJagyA2fQ==,iv:31oBmnpgnLuvtlmYDe6BE3q7aLIHah2fBZmhNW43IOE=,tag:9H++b6LYoQqC5nDh8sSziw==,type:str]
#ENC[AES256_GCM,data:NoqAfw==,iv:myxrEPllN9zwXn5iCxL89qX7wSN8C0foFdxvvitq7b0=,tag:Yud5HDjWvEMrw1lMp21hMg==,type:comment]
croc-password: ENC[AES256_GCM,data:uz7vI2rrPi1uTKEks4IPnWOt/R6ydlp/cQ==,iv:ZE01XcS6nF1sqz04rC1o20l+1DpNSRVjhC40ZmTVCww=,tag:REjnDQBcDkUzLg2ZsiDUvA==,type:str]
#ENC[AES256_GCM,data:qsBNKxd3Ng==,iv:1fNMDJt7vgKFSdghYBZsuDoZ1sWvzj1Zu8NmkjX6Zh8=,tag:0D7EsgN8B1z7/y4iZS/PtQ==,type:comment]
github-api-token: ENC[AES256_GCM,data:9AhHkmv4JUjmir77INYflGvjNWW/E17FmfoXs5IUnAlL7B/l8s7UlVob0Az4lOUnm3+R0RWJz0HKMvOdZVZjd3RakdoWqvBHFqOVNF1MNthg2izIiaERsnDXcxj54qJfpD505xFSBWmnTKWVwRZlW5WEsFPuvaVy,iv:wzXT+qsn4VG+R8tGU33EWoaMKs4c/BB5W7f2JvuX2eY=,tag:EEhbktsmWHBwh0iBtfaXlA==,type:str]
sops:
age:
- recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63
@ -74,8 +76,8 @@ sops:
azY5dGFTUWhiQ083VlBzdVRrSmZFNTQKqoJy8eP+beb/86Dg7BLaYEmZJG2oMS/I
y1tSw+Ij5TfghzbtKcK++88L7ZPJLRocnKXftFbjutHNKmWW3+oW7Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-05T11:50:26Z"
mac: ENC[AES256_GCM,data:9We7i769wGZZS3D7c1BvruKwuepeVR9NatmIAbusNvvyM417YkLgggTyzNL00XFRYC1at+Wg7wAwajoFH0Eomt1gKLC8LRqYpetGja0m3+toZwpLAk1ByrknRgeueeV/LPbKZpd0DxHYHXm1AP2zUcDYUC4jikk54Kdt9G3nfEg=,iv:2QQvQNmhQlYtXo6/O/iuMeof2Cwt6aaopLNa7PHtxQc=,tag:XELS4r3bstTxHXsyjyYBAA==,type:str]
lastmodified: "2025-07-07T15:40:09Z"
mac: ENC[AES256_GCM,data:IgodPXcdFB7zYwt1dbRXkuQ2Ko2cAy4L6BvObuP8sWRO26Sn0CRvBtfwEtJLRMoXyS3hXJ25hzTeQOUaTVRw/5GEViM4SxdUuE9b5rX1J7tRftgdI45f12tsBMJQhk4NDtxpm4CSUvh11XqNdBkBjFUMxfZVweXFhoZ7tJ3oElg=,iv:9WNevYqRUe5DtCWN6mMNNwQvxB4Z8ac/zKPocjMa33A=,tag:n/DL3B8WB/YKfcbo6ArMDw==,type:str]
pgp:
- created_at: "2025-06-14T18:15:57Z"
enc: |-