swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: use nixos-extra-modules

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-11-08 03:45:54 +01:00
parent 47b2436ab0
commit d63cadd673
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
19 changed files with 3397 additions and 1802 deletions
Download patch file Download diff file Expand all files Collapse all files

81
.sops.yaml
View file

@ -49,48 +49,58 @@ creation_rules:
- *surface - *surface
- *winters - *winters
- *moonside - *moonside
- path_regex: secrets/pyramid/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *swarsel
age:
- *nbl
- path_regex: secrets/moonside/secrets.yaml
key_groups:
- pgp:
- *swarsel
age:
- *moonside
- path_regex: secrets/bakery/secrets.yaml
key_groups:
- pgp:
- *swarsel
age:
- *bakery
- path_regex: secrets/winters/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *swarsel
age:
- *winters
- path_regex: secrets/work/[^/]+\.(yaml|json|env|ini)$ - path_regex: secrets/work/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:
- pgp: - pgp:
- *swarsel - *swarsel
age: age:
- *nbl - *nbl
- path_regex: secrets/milkywell/[^/]+\.(yaml|json|env|ini)$
- path_regex: secrets/pyramid/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:
- pgp: - pgp:
- *swarsel - *swarsel
age: age:
- *milkywell - *nbl
- path_regex: hosts/nixos/pyramid/secrets/pii.nix.enc - path_regex: hosts/nixos/pyramid/secrets/pii.nix.enc
key_groups: key_groups:
- pgp: - pgp:
- *swarsel - *swarsel
age: age:
- *nbl - *nbl
- path_regex: secrets/moonside/secrets.yaml
key_groups:
- pgp:
- *swarsel
age:
- *moonside
- path_regex: hosts/nixos/moonside/secrets/pii.nix.enc
key_groups:
- pgp:
- *swarsel
age:
- *moonside
- path_regex: secrets/bakery/secrets.yaml
key_groups:
- pgp:
- *swarsel
age:
- *bakery
- path_regex: hosts/nixos/bakery/secrets/pii.nix.enc
key_groups:
- pgp:
- *swarsel
age:
- *bakery
- path_regex: secrets/winters/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *swarsel
age:
- *winters
- path_regex: hosts/nixos/winters/secrets/pii.nix.enc - path_regex: hosts/nixos/winters/secrets/pii.nix.enc
key_groups: key_groups:
- pgp: - pgp:
@ -98,24 +108,25 @@ creation_rules:
age: age:
- *winters - *winters
- *moonside - *moonside
- path_regex: secrets/milkywell/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *swarsel
age:
- *milkywell
- path_regex: hosts/nixos/milkywell/secrets/pii.nix.enc - path_regex: hosts/nixos/milkywell/secrets/pii.nix.enc
key_groups: key_groups:
- pgp: - pgp:
- *swarsel - *swarsel
age: age:
- *milkywell - *milkywell
- path_regex: hosts/nixos/bakery/secrets/pii.nix.enc
- path_regex: hosts/nixos/summers/secrets/
key_groups: key_groups:
- pgp: - pgp:
- *swarsel - *swarsel
age:
- *bakery
- path_regex: hosts/nixos/moonside/secrets/pii.nix.enc
key_groups:
- pgp:
- *swarsel
age:
- *moonside
- path_regex: hosts/darwin/nbm-imba-166/secrets/pii.nix.enc - path_regex: hosts/darwin/nbm-imba-166/secrets/pii.nix.enc
key_groups: key_groups:
- pgp: - pgp:

863
SwarselSystems.org
View file

File diff suppressed because it is too large Load diff

3722
flake.lock generated
View file

File diff suppressed because it is too large Load diff

4
flake.nix
View file

@ -94,6 +94,10 @@
url = "github:sodiboo/niri-flake"; url = "github:sodiboo/niri-flake";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixos-extra-modules = {
url = "github:oddlama/nixos-extra-modules";
inputs.nixpkgs.follows = "nixpkgs";
};
microvm = { microvm = {
url = "github:astro/microvm.nix"; url = "github:astro/microvm.nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";

8
hosts/home/treehouse/default.nix
View file

@ -1,4 +1,4 @@
{ self, outputs, ... }: { self, ... }:
{ {
imports = [ imports = [
@ -8,12 +8,6 @@
"${self}/modules/nixos/common/meta.nix" "${self}/modules/nixos/common/meta.nix"
]; ];
nixpkgs = {
overlays = [ outputs.overlays.default ];
config = {
allowUnfree = true;
};
};
services.xcape = { services.xcape = {
enable = true; enable = true;

108
hosts/nixos/summers/default.nix Normal file
View file

@ -0,0 +1,108 @@
{ inputs, lib, config, configName, minimal, nodes, globals, ... }:
{
imports = [
./hardware-configuration.nix
./disk-config.nix
];
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
# globals.hosts.${config.node.name}.ipv4 = config.repo.secrets.local.ipv4;
networking = {
inherit (config.repo.secrets.local) hostId;
hostName = configName;
firewall.enable = true;
enableIPv6 = true;
};
swarselsystems = {
info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM";
flakePath = "/root/.dotfiles";
isImpermanence = true;
isSecureBoot = true;
isCrypted = true;
isBtrfs = true;
isLinux = true;
isNixos = true;
withMicroVMs = false;
};
} // lib.optionalAttrs (!minimal) {
swarselprofiles = {
server = true;
};
swarselmodules = {
optional = {
microvmHost = true;
};
server = {
nfs = false;
nginx = false;
kavita = false;
restic = false;
jellyfin = false;
navidrome = false;
spotifyd = false;
mpd = false;
postgresql = false;
matrix = false;
nextcloud = false;
immich = false;
paperless = false;
transmission = false;
syncthing = false;
grafana = false;
emacs = false;
freshrss = false;
jenkins = false;
kanidm = false;
firefly-iii = false;
koillection = false;
radicale = false;
atuin = false;
forgejo = false;
ankisync = false;
homebox = false;
opkssh = false;
garage = false;
};
};
microvm.vms =
let
mkMicrovm = guestName: {
${guestName} = {
backend = "microvm";
autostart = true;
modules = [
./guests/${guestName}.nix
{
node.secretsDir = ./secrets/${guestName};
}
];
microvm = {
system = "x86_64-linux";
# baseMac = config.repo.secrets.local.networking.interfaces.lan.mac;
# interfaces.vlan-services = { };
};
specialArgs = {
inherit (config) nodes globals;
inherit lib;
inherit inputs minimal;
};
};
};
in
lib.mkIf (!minimal && config.swarselsystems.withMicroVMs) (
{ }
// mkMicrovm "guest1"
);
}

118
hosts/nixos/summers/disk-config.nix Normal file
View file

@ -0,0 +1,118 @@
{ lib, config, ... }:
let
type = "btrfs";
extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [
"subvol=root"
"compress=zstd"
"noatime"
];
};
"/home" = lib.mkIf config.swarselsystems.isImpermanence {
mountpoint = "/home";
mountOptions = [
"subvol=home"
"compress=zstd"
"noatime"
];
};
"/persist" = lib.mkIf config.swarselsystems.isImpermanence {
mountpoint = "/persist";
mountOptions = [
"subvol=persist"
"compress=zstd"
"noatime"
];
};
"/log" = lib.mkIf config.swarselsystems.isImpermanence {
mountpoint = "/var/log";
mountOptions = [
"subvol=log"
"compress=zstd"
"noatime"
];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [
"subvol=nix"
"compress=zstd"
"noatime"
];
};
"/swap" = lib.mkIf config.swarselsystems.isSwap {
mountpoint = "/.swapvol";
swap.swapfile.size = config.swarselsystems.swapSize;
};
};
in
{
disko.devices = {
disk = {
disk0 = {
type = "disk";
device = config.swarselsystems.rootDisk;
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "defaults" ];
};
};
root = lib.mkIf (!config.swarselsystems.isCrypted) {
size = "100%";
content = {
inherit type subvolumes extraArgs;
postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
MNTPOINT=$(mktemp -d)
mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5
trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
'';
};
};
luks = lib.mkIf config.swarselsystems.isCrypted {
size = "100%";
content = {
type = "luks";
name = "cryptroot";
passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh
settings = {
allowDiscards = true;
# https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36
crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
inherit type subvolumes extraArgs;
postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
MNTPOINT=$(mktemp -d)
mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5
trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
'';
};
};
};
};
};
};
};
};
fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
}

25
hosts/nixos/summers/guests/guest1/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ lib, minimal, ... }:
{
swarselsystems = {
info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM";
};
} // lib.optionalAttrs (!minimal) {
swarselprofiles = {
server = false;
};
swarselmodules = {
optional = {
microvmGuest = false;
};
};
microvm = {
mem = 1024 * 4;
vcpu = 2;
};
}

28
hosts/nixos/summers/hardware-configuration.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, lib, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
supportedFilesystems = [ "zfs" ];
zfs.extraPools = [ "Vault" ];
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

15
hosts/nixos/summers/secrets/guest1/pii.nix.enc Normal file
View file

@ -0,0 +1,15 @@
{
"data": "ENC[AES256_GCM,data:pGWiWA==,iv:sVpYJiphhvVPEo2MUMnpjlJmvf58/UJTTVVdU9dpqzM=,tag:2AsQRCyN9Pc/hnqviCo43g==,type:str]",
"sops": {
"lastmodified": "2025-11-06T12:11:19Z",
"mac": "ENC[AES256_GCM,data:NBAgy3MNd+p8Ih6v/JuxuMWgh0k9xj5Trg7mggBE/LrxfCZg+BpbhYcmAw/FW9Du5gq3Pcynnql3dqwKlzHEtkEOcI1MJSnBSWexgLxwEtRwbTJVOqEkCxby6dcQ4HWD1ZZnwa9Q7Cg1vcPD/yZuzVUH15mFHic7s5M5Xzdfu/w=,iv:tv8CFuXJ0iqh/Vho7vSoOpfhcGfCElMLWNvjxoE3fMg=,tag:pGP3CjKFFm0UuVgSCnn4RA==,type:str]",
"pgp": [
{
"created_at": "2025-11-06T12:11:04Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAwZd6dmNcZqOWY7Ro6DXCRAD2LJuzR0AA26cRRzPgTPcw\nOwvV+Nh3hBWcZb5qkjKysZKGlIxzs4f02dKI172vUyIWQ6P5skygOOOpbr9g5171\nY0XTrmemesSKNfoUhsMFMCbFUc4HUxkUK7zadLk1AiBUqZMIFtx/riFMUBS2qTpR\nuLWiebt1Dw+rwcR8rBNxXPbeclm7322YOQDLUk4sHfi0vTvn+3sfGkbJ+OcJckoD\ndjVhWFqGUAbbELoR8yHpb+Ps6RYjKRNFNros9Yx9zQ18512gxOpRSzm0MTkKFyrz\n1UYVcv4Oz4W/e4nh1z2/re5X3l/HFUzwBG6AUTrYVuRo580kkZvWYFxHT6R+goVC\n5dhkqZpowrGpDIE/C7hKLenFIcOl1Nw5wgJ4Y9EmfZzorUnjJqT1Et2b2GU0hxvY\nKny+fiDeCfNdLzJejSNNg1/whoVmHbw3Q2aBJP0NL3nmNvaykO8RSA8WmzvQa+MA\nXweflh5G9lXOdH2vwb6EelOXpxlTjI7K/43Nbw/SXf/e1FKYK5l6TscyGEcHpFux\ns4ufYkCqTgxdKZjKwh0vqbdmbPUOCe/jqBOz6s/L/sR1/+8c2iIs0JVZd1VJSvDu\nIdfDfQh4wmso8L0qpjWimmkf0Y9itLWZo/oyioIqjVQ9+Daj2mvMkbKcSa486b2F\nAgwDC9FRLmchgYQBD/9lVmkHkPz5pbJV5U0nL3h/xx0JSyt6YYtLDacW8fw135GT\nojHijHvJAd1MqbNv391LcsZ1jtnUawNf6GAkr649lRuEH/WhNitXq20Z/06v5lwt\nGDhPMMf5uh+Uwgjxbeg/PFeTKILS2VX0tjJ8yeos2jNMOrmmwIg74V6mJk03E85K\nId06e2qNjzWlESyWOCFkfLQfSOTajQWmGyil8vNglmjuZdzLSE8eL6nA0hePnfJW\nOwewWcXEzHeeJsaevKFBBDpimAqi3XbKasQbZNSSFlkmw0vzAWKw5mzcdTMseae1\nLafjem7uw2epr4HIhwCZ47pCFrKcbweZMuUY557SomIGmv93OvglnZC40AYkJuNU\nIAVwNc8W/pd+jyiHh6tMlXfQ5/n25AcylDcacxxalNcKI0emNC90TsFc6wDpLh5D\n+R6kJ7GK8tI5BwIwtGIQmFsRREKE1x+IYATtKwQskb0Rng/D6eqNEvs8pjD1nGO3\nfNTG9G8PgC07TXSKGcNGytZy/GNSW9mnFgDgoiqh29bgfoJfSTWWvwZlzFXdWm0c\nzOiV5JSDRLewaqzhsQ/etms7qJIccRD7WcvM82x7UF0VYGd92EVsZxsq2aSVlMob\nCsxNXxij3qqNHdFgUuYYDzFym3/zmmi2wltPOZl7qYMhZI9P6wCsvDpxlFv16tJc\nAaBkBf1oOnjDvJm5i62KCEcRUmphKOB6Odr9/VHkAtgjPdWCOyge7ktbcwgsPw8L\ndemiSrNAglDX9RnPST5ggShZWn1Ik2mFfocCapvGBi5Hj9I/4xG/oIKREYc=\n=Ty0h\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],
"version": "3.11.0"
}
}

26
hosts/nixos/summers/secrets/pii.nix.enc Normal file
View file

@ -0,0 +1,26 @@
{
"data": "ENC[AES256_GCM,data:XTHUIhn7yVn2/EvZBSg1v+EU154Kj0hgvHbUdpnc2W4U+0UNBlqxRvVxw8XFm8uo1en2hXoS,iv:XeEzWY0UB/QqbxoIQJEOkWlaU5nyETl0Aki7iyRq/Y8=,tag:rcNiCc5a6+wLYAzX1pMxxQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBET1RmRTM5OUxJMGNyWUZK\nMXFqUWF2ZHhOZ1pxa0RDbkNzWnVzVFFCbTJrCm1oU25haDl5eFg5T1VzOXByai84\ndTR6TGREVnBHNlV4S254dzh2Z1lvK2sKLS0tIGFLaWJFQ2VwaWtxaURqNDU2ekRQ\na09Hbm4vNnVQaEV1aGtqTTVOUWN2b28KQaoPc/UKaeQ72GdlbtWFdALywHcUkewf\nK5pEz41pzDKOjatypm9X8ZEIEarjOHIZgMpazVM4i1PRUUefSE0phw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeGtTZ0ZSV0trWlQrS2dV\nSFo0dytGYXhRTjl6cDZrUU0wZ1IybDVRaFZrCmZmRmxJNmdwS0xodHdEOGU4bldU\nR1JScHAvZHhlVTBJbWExb0VpR0h2MXMKLS0tIDYwQmZpMjdYRmpBeXFNOXArN0h5\nVGN1THljeCtVV0hXenMyRVJkMjlHNEEKm+yZTT48nYr3H0Bd1OKw/CYk1kwnrBzk\nTgSQHsGXhmOyDag9cSZ4wAOmqtqSjA9bouFBuhl2lSbgpjnarvFaXQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-11-06T11:16:16Z",
"mac": "ENC[AES256_GCM,data:rBE1qTiaLme63i23YL16qmDE6rcKaxwWwzzqgsv4SmKCBJonjiyUc4DyRU8JuCbTx6K9+4VtERJzTLlbXhvjXl27LRQtfbNSBXBIyTgdSz0Fo46lDdVUMFSdPDbU97XAx9P3eu425aspkJYxffOJ2lvqinAVuw9U6oBpot5jVaw=,iv:N3mp0DY80UVGa4Vf4ya+5B/9w8iTihAyg/XgStgtHAo=,tag:tKjnbFm0yFddj759OK5Mdw==,type:str]",
"pgp": [
{
"created_at": "2025-08-24T23:36:17Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAwf7TLx0TR1HBhh57CyIQLw8ztc9oblKAW/V7bSlQM/wR\nIwQTcTi3azdI9yewDRO30rIr++FEapdGVdpXoqQ8zcl49VjwDux6wzF3bsmR5Goc\nlTkDd0bmz8RBfsK+6efXiRqo3C0yP2ZTOh3PSOvsXKbYS6wY3TvNBdGnAYrfOvEw\nmBFRhn6uakw3zjVUngB1di07DH3y0wEb/r6+Mzoswzg4DqT1SAdDkfS9dpn9h3MW\n3NBesYlOukLrNA5Toi6x/fmE2lrPHt5QxPdvfvKe5ye4myZ/gBn1mdejB6U9nOsk\nRCJFMosjBH7jIpwokTjUT6Vs+zs8yrF+gbP82H4RVfZymMfdZoU/pTfYe1Mwg6Yi\ntlHyiRBgSPBY8Doa2hM8/yvmfHVMqSQf8uXltz2VC7JUGD6P0QbDLpqY3URmHg/q\nwN3zYJLlSIkU6Z7oivTjfg0dR32Z80lCdZDQf+OQsRtCUi169Fgxr7+HhdxJyj49\nFIb6CR0DHW4vsEj1GPAa0Q4uMfCxLiSZfesY8myoCtlVo7oeqx787KicJB5PryHr\nyZweKd7tXO9g8LNJtECTZ81y2/sCfSZPBia6M4oz56pIFK4jhYCY3iPnWIS77axu\n5MmqZNOP06obp87nt1ea51BmXkaYxmSPoQ5R29CeYU+m9q+kKvizncgsCl/O7U6F\nAgwDC9FRLmchgYQBEADJo2kPzrxLHptsr6aoIxfYNrQ7JJM3FAZ7do5YvAbQsl5t\ny45qZ4+qWIEMRXwji2TvgSg8/ylnZfN2+rTHdtNJkDdJ2sX+RDr8pm7L3VS2Zhjf\nIp1SdPd5cm/3QupegzUR+kcPa+gPM4asGSytIkAnnpev/DCnLsrqiejdosTDj9dn\nFtPKJKSUBzJSNRxBSpM9L+cTU1qyMT024D5Qvq6vBOjFI1YV3LSfVXQe7OZxxxVX\naChkGR1v3UjndQ4Yv9hamJJ81lRLeIcVEOpOPxLHJX76AJUqP3fR/+m2Poah8bFF\n+yIdSp2jyWOoU60We72fvlEwxsTLl8Zani+xX2ckkUCe+wsiGJLch4Df1pepxpef\nb95wZ9L0msRdHY8vRQYapde/ju8CUHgywVX7+YH3EF1bJSnUOBmyOA76v9ir09am\n49g+VomkWUuzPJ2VYQXXH6d/qn/sm9Z9yxy7e1eh5m+9cd42b4sMdW6ZCTMAtGJF\nPX0SiOMR6S0hjKVBcfcyNoT/wo7wqEl4mYDpoCy10K0nYRn+ggJnIZEJzBWibMYH\nDWUDyuQIYLjOBAchFatXyMtbc8qDorYelLX7amPRDSiDhhj6Y5nYMJtUSwfTLwkN\nrI0Q4bjE+fgNACCqPoq/BDFZotcr1b664ZUJqgnTBPKZ5OnmW/iFkOfzu4fF9tJe\nAcekEPwsFbugu2bZ0Hs5Rl/Dh9p4L9gceuMiwJ3oYGA5cwXFCeVZLNqSDLy4upVX\nnXRaMzBNGgWo4geDq5JL10Mh7/1d4GGVxdts8RGdI8zUFTPV3GOaPEHeNyIO+g==\n=2UMI\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.11.0"
}
}

14
modules/home/common/settings.nix
View file

@ -1,4 +1,4 @@
{ self, lib, pkgs, config, ... }: { self, outputs, lib, pkgs, config, ... }:
let let
inherit (config.swarselsystems) mainUser flakePath isNixos isLinux; inherit (config.swarselsystems) mainUser flakePath isNixos isLinux;
in in
@ -22,7 +22,7 @@ in
}; };
in in
'' ''
plugin-files = ${nix-plugins}/lib/nix/plugins plugin-files = ${nix-plugins}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix} extra-builtins-file = ${self + /nix/extra-builtins.nix}
''; '';
settings = { settings = {
@ -47,7 +47,13 @@ in
}; };
}; };
nixpkgs.overlays = lib.mkIf isNixos (lib.mkForce null); # nixpkgs.overlays = lib.mkIf isNixos (lib.mkForce null);
nixpkgs = lib.mkIf (!isNixos) {
overlays = [ outputs.overlays.default ];
config = {
allowUnfree = true;
};
};
programs = { programs = {
# home-manager.enable = lib.mkIf (!isNixos) true; # home-manager.enable = lib.mkIf (!isNixos) true;
@ -78,7 +84,7 @@ in
buildInputs = [ pkgs.makeWrapper ]; buildInputs = [ pkgs.makeWrapper ];
paths = [ pkgs.home-manager ]; paths = [ pkgs.home-manager ];
postBuild = '' postBuild = ''
wrapProgram $out/bin/home-manager \ wrapProgram $out/bin/home-manager \
--append-flags '--flake ${flakePath}#$(hostname)' --append-flags '--flake ${flakePath}#$(hostname)'
''; '';
}) })

8
modules/nixos/common/home-manager.nix
View file

@ -1,4 +1,4 @@
{ self, inputs, config, lib, outputs, globals, nodes, minimal, configName, ... }: { self, inputs, config, lib, homeLib, outputs, globals, nodes, minimal, configName, ... }:
{ {
options.swarselmodules.home-manager = lib.mkEnableOption "home-manager"; options.swarselmodules.home-manager = lib.mkEnableOption "home-manager";
config = lib.mkIf config.swarselmodules.home-manager { config = lib.mkIf config.swarselmodules.home-manager {
@ -29,7 +29,11 @@
home.stateVersion = lib.mkDefault config.system.stateVersion; home.stateVersion = lib.mkDefault config.system.stateVersion;
} }
]; ];
extraSpecialArgs = { inherit (inputs) self nixgl; inherit inputs outputs globals nodes minimal configName; }; extraSpecialArgs = {
inherit (inputs) self nixgl;
inherit inputs outputs globals nodes minimal configName;
lib = homeLib;
};
}; };
}; };
} }

55
modules/nixos/optional/microvm-guest.nix
View file

@ -7,58 +7,5 @@
# "${self}/modules/nixos" # "${self}/modules/nixos"
# ]; # ];
config = lib.mkIf config.swarselmodules.optional.microvmGuest config = lib.mkIf config.swarselmodules.optional.microvmGuest
{ { };
# imports = [
# inputs.microvm.nixosModules.microvm
# "${self}/profiles/nixos"
# "${self}/modules/nixos"
# ];
boot.kernelParams = [ "systemd.hostname=${config.networking.hostName}" ];
node.name = config;
documentation.enable = lib.mkForce false;
microvm = {
guest.enable = lib.mkForce true;
hypervisor = lib.mkDefault "qemu";
mem = lib.mkDefault 1024 * 4;
vcpu = lib.mkDefault 4;
optimize.enable = false;
writableStoreOverlay = "/nix/.rw-store";
# interfaces = flip lib.mapAttrsToList guestCfg.microvm.interfaces (
# _: { mac, hostLink, ...}:
# {
# type = "macvtap";
# id = "vm-${replaceStrings [ ":" ] [ "" ] mac}";
# inherit mac;
# macvtap = {
# link = hostLink;
# mode = "bridge";
# };
# }
# );
shares =
[
{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}
];
};
# systemd.network.networks = lib.flip lib.concatMapAttrs guestCfg.microvm.interfaces (
# name:
# { mac, ... }:
# {
# "10-${name}".matchConfig = mkForce {
# MACAddress = mac;
# };
# }
# );
};
} }

7
modules/nixos/optional/microvm-host.nix
View file

@ -1,15 +1,16 @@
{ lib, config, ... }: { lib, config, ... }:
{ {
options.swarselmodules.optional.microvmHost = lib.mkEnableOption "optional microvmHost settings"; options = {
swarselmodules.optional.microvmHost = lib.mkEnableOption "optional microvmHost settings";
};
# imports = [ # imports = [
# inputs.microvm.nixosModules.host # inputs.microvm.nixosModules.host
# ]; # ];
config = lib.mkIf (config.swarselmodules.optional.microvmHost && config.swarselsystems.withMicroVMs) { config = lib.mkIf (config.guests != { }) {
microvm = { microvm = {
hypervisor = lib.mkDefault "qemu"; hypervisor = lib.mkDefault "qemu";
}; };
}; };
} }

60
nix/hosts.nix
View file

@ -3,12 +3,29 @@
flake = { config, ... }: flake = { config, ... }:
let let
inherit (self) outputs; inherit (self) outputs;
inherit (outputs) lib; inherit (outputs) lib homeLib;
# lib = (inputs.nixpkgs.lib // inputs.home-manager.lib).extend (_: _: { swarselsystems = import "${self}/lib" { inherit self lib inputs outputs; inherit (inputs) systems; }; }); # lib = (inputs.nixpkgs.lib // inputs.home-manager.lib).extend (_: _: { swarselsystems = import "${self}/lib" { inherit self lib inputs outputs; inherit (inputs) systems; }; });
mkNixosHost = { minimal }: configName: mkNixosHost = { minimal }: configName:
lib.nixosSystem { let
specialArgs = { inherit inputs outputs lib self minimal configName; inherit (config) globals nodes; }; sys = "x86_64-linux";
# lib = config.pkgsPre.${sys}.lib // {
# inherit (inputs.home-manager.lib) hm;
# swarselsystems = self.outputs.swarselsystemsLib;
# };
# lib = config.pkgsPre.${sys}.lib // {
# inherit (inputs.home-manager.lib) hm;
# swarselsystems = self.outputs.swarselsystemsLib;
# };
inherit (config.pkgs.${sys}) lib;
in
inputs.nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs outputs self minimal configName;
inherit lib homeLib;
inherit (config) globals nodes;
};
modules = [ modules = [
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
@ -23,6 +40,7 @@
inputs.niri-flake.nixosModules.niri inputs.niri-flake.nixosModules.niri
inputs.microvm.nixosModules.host inputs.microvm.nixosModules.host
inputs.microvm.nixosModules.microvm inputs.microvm.nixosModules.microvm
(inputs.nixos-extra-modules + "/modules/guests")
"${self}/hosts/nixos/${configName}" "${self}/hosts/nixos/${configName}"
"${self}/profiles/nixos" "${self}/profiles/nixos"
"${self}/modules/nixos" "${self}/modules/nixos"
@ -31,7 +49,7 @@
microvm.guest.enable = lib.mkDefault false; microvm.guest.enable = lib.mkDefault false;
node = { node = {
name = configName; name = lib.mkForce configName;
secretsDir = ../hosts/nixos/${configName}/secrets; secretsDir = ../hosts/nixos/${configName}/secrets;
}; };
@ -53,7 +71,7 @@
mkDarwinHost = { minimal }: configName: mkDarwinHost = { minimal }: configName:
inputs.nix-darwin.lib.darwinSystem { inputs.nix-darwin.lib.darwinSystem {
specialArgs = { specialArgs = {
inherit inputs outputs lib self minimal configName; inherit inputs lib outputs self minimal configName;
inherit (config) globals nodes; inherit (config) globals nodes;
}; };
modules = [ modules = [
@ -70,7 +88,7 @@
"${self}/modules/nixos/common/meta.nix" "${self}/modules/nixos/common/meta.nix"
"${self}/modules/nixos/common/globals.nix" "${self}/modules/nixos/common/globals.nix"
{ {
node.name = configName; node.name = lib.mkForce configName;
node.secretsDir = ../hosts/darwin/${configName}/secrets; node.secretsDir = ../hosts/darwin/${configName}/secrets;
} }
@ -86,7 +104,7 @@
{ {
inherit pkgs; inherit pkgs;
extraSpecialArgs = { extraSpecialArgs = {
inherit inputs outputs lib self configName; inherit inputs lib outputs self configName;
inherit (config) globals nodes; inherit (config) globals nodes;
minimal = false; minimal = false;
}; };
@ -121,13 +139,31 @@
minimal = true; minimal = true;
}); });
# TODO: Build these for all architectures homeConfigurations =
homeConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "home") "home" lib.swarselsystems.pkgsFor.x86_64-linux // mkHalfHostConfigs (lib.swarselsystems.readHosts "home") "home" lib.swarselsystems.pkgsFor.aarch64-linux; let
nixOnDroidConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "android") "android" lib.swarselsystems.pkgsFor.aarch64-linux; inherit (lib.swarselsystems) pkgsFor readHosts;
in
mkHalfHostConfigs (readHosts "home") "home" pkgsFor.x86_64-linux
// mkHalfHostConfigs (readHosts "home") "home" pkgsFor.aarch64-linux;
nixOnDroidConfigurations =
let
inherit (lib.swarselsystems) pkgsFor readHosts;
in
mkHalfHostConfigs (readHosts "android") "android" pkgsFor.aarch64-linux;
guestConfigurations = lib.flip lib.concatMapAttrs config.nixosConfigurations (
_: node:
lib.flip lib.mapAttrs' (node.config.microvm.vms or { }) (
guestName: guestDef:
lib.nameValuePair guestDef.nodeName node.config.microvm.vms.${guestName}.config
)
);
diskoConfigurations.default = import "${self}/files/templates/hosts/nixos/disk-config.nix"; diskoConfigurations.default = import "${self}/files/templates/hosts/nixos/disk-config.nix";
nodes = config.nixosConfigurations // config.darwinConfigurations; nodes = config.nixosConfigurations
// config.darwinConfigurations
// config.guestConfigurations;
}; };
} }

3
nix/lib.nix
View file

@ -57,5 +57,8 @@ in
inherit (inputs.home-manager.lib) hm; inherit (inputs.home-manager.lib) hm;
inherit swarselsystems; inherit swarselsystems;
}); });
swarselsystemsLib = swarselsystems;
homeLib = self.outputs.lib;
}; };
} }

27
nix/overlays.nix
View file

@ -22,6 +22,11 @@ in
# withSystemVencord = true; # withSystemVencord = true;
# }; # };
lib = prev.lib // {
swarselsystems = self.outputs.swarselsystemsLib;
hm = self.outputs.homeLib;
};
firefox = prev.firefox.override { firefox = prev.firefox.override {
nativeMessagingHosts = [ nativeMessagingHosts = [
prev.tridactyl-native prev.tridactyl-native
@ -72,15 +77,19 @@ in
(builtins.attrNames nixpkgsInputs)); (builtins.attrNames nixpkgsInputs));
in in
(additions final prev) lib.recursiveUpdate
// (modifications final prev) (
// (nixpkgs-stable-versions final prev) (additions final prev)
// (inputs.niri-flake.overlays.niri final prev) // (nixpkgs-stable-versions final prev)
// (inputs.vbc-nix.overlays.default final prev) // (inputs.niri-flake.overlays.niri final prev)
// (inputs.nur.overlays.default final prev) // (inputs.vbc-nix.overlays.default final prev)
// (inputs.emacs-overlay.overlay final prev) // (inputs.nur.overlays.default final prev)
// (inputs.nix-topology.overlays.default final prev) // (inputs.emacs-overlay.overlay final prev)
// (inputs.nixgl.overlay final prev); // (inputs.nix-topology.overlays.default final prev)
// (inputs.nixgl.overlay final prev)
// (inputs.nixos-extra-modules.overlays.default final prev)
)
(modifications final prev);
}; };
}; };
} }

27
nix/packages.nix
View file

@ -1,5 +1,17 @@
{ self, ... }: { self, inputs, ... }:
{ {
imports = [
(
{ lib, flake-parts-lib, ... }:
flake-parts-lib.mkTransposedPerSystemModule {
name = "pkgs";
file = ./packages.nix;
option = lib.mkOption {
type = lib.types.unspecified;
};
}
)
];
flake = _: flake = _:
let let
inherit (self.outputs) lib; inherit (self.outputs) lib;
@ -7,4 +19,17 @@
{ {
packages = lib.swarselsystems.forEachLinuxSystem (pkgs: import "${self}/pkgs" { inherit self lib pkgs; }); packages = lib.swarselsystems.forEachLinuxSystem (pkgs: import "${self}/pkgs" { inherit self lib pkgs; });
}; };
perSystem = { pkgs, system, ... }:
{
# see https://flake.parts/module-arguments.html?highlight=modulewith#persystem-module-parameters
_module.args.pkgs = import inputs.nixpkgs {
inherit system;
config.allowUnfree = true;
overlays = [
self.overlays.default
];
};
inherit pkgs;
};
} }