more top-level bonehead
commit
3e9ba75329
30
flake.lock
30
flake.lock
|
@ -159,11 +159,11 @@
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"dir": "contrib",
|
"dir": "contrib",
|
||||||
"lastModified": 1673321445,
|
"lastModified": 1673504032,
|
||||||
"narHash": "sha256-5jdmIgcN2PNWHozyj8WRoSVJBiQi61SqWGfTJXUBDOI=",
|
"narHash": "sha256-x4nv7g8+bQXg5PfkFw3vCcr3pYI0Hco0VoSbAy60xek=",
|
||||||
"owner": "neovim",
|
"owner": "neovim",
|
||||||
"repo": "neovim",
|
"repo": "neovim",
|
||||||
"rev": "1df2db0bc4dfa2e4f632f9b3dbae00b8b29f2d9f",
|
"rev": "143d3f1f3224bca02bfef7df0932b9d7524a3ff2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -180,11 +180,11 @@
|
||||||
"nixpkgs": "nixpkgs"
|
"nixpkgs": "nixpkgs"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1673338492,
|
"lastModified": 1673511313,
|
||||||
"narHash": "sha256-UbqugOENjdtTWCvJQQ0ym80zTB28esvJQPO3j3+Zmjw=",
|
"narHash": "sha256-QGUT3w1bHclVRqX958EPOd3OxR/R10MoV97N5jx/qbw=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "neovim-nightly-overlay",
|
"repo": "neovim-nightly-overlay",
|
||||||
"rev": "de5bef64b8158b85b47256d5a366973534130621",
|
"rev": "5af6fe31f9906e70a1e8985dbbdcc4ae66c7f82d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -211,11 +211,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1673301451,
|
"lastModified": 1673466167,
|
||||||
"narHash": "sha256-0IvOqAXZ+dHjOV7dQl4iEcCUmzqg8VvGg+UZ68ONDIg=",
|
"narHash": "sha256-1HzUCtWwHRGzTOHCIKGG0lVL6wvsyPSSyBuIqZWYowc=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "35f1f865c03671a4f75a6996000f03ac3dc3e472",
|
"rev": "68e03abb2fd8db50eaee69ad58b208451143e005",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -242,11 +242,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_3": {
|
"nixpkgs_3": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1673226411,
|
"lastModified": 1673450908,
|
||||||
"narHash": "sha256-b6cGb5Ln7Zy80YO66+cbTyGdjZKtkoqB/iIIhDX9gRA=",
|
"narHash": "sha256-b8em+kwrNtnB7gR8SyVf6WuTyQ+6tHS6dzt9D9wgKF0=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "aa1d74709f5dac623adb4d48fdfb27cc2c92a4d4",
|
"rev": "6c8644fc37b6e141cbfa6c7dc8d98846c4ff0c2e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -290,11 +290,11 @@
|
||||||
"nixpkgs": "nixpkgs_4"
|
"nixpkgs": "nixpkgs_4"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1673317790,
|
"lastModified": 1673490397,
|
||||||
"narHash": "sha256-GWjj/bqTXPsKgwWGFZUyHRShxFvufShYnuyyeP99wmk=",
|
"narHash": "sha256-VCSmIYJy/ZzTvEGjdfITmTYfybXBgZpMjyjDndbou+8=",
|
||||||
"owner": "oxalica",
|
"owner": "oxalica",
|
||||||
"repo": "rust-overlay",
|
"repo": "rust-overlay",
|
||||||
"rev": "9724998ea2caf23214674bf0c2cdf6ec0b1719af",
|
"rev": "0833f4d063a2bb75aa31680f703ba594a384ffe6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
89
flake.nix
89
flake.nix
|
@ -25,33 +25,28 @@
|
||||||
neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay";
|
neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = {
|
outputs =
|
||||||
nixpkgs, agenix, home-manager, flake-utils, nixgl, rust-overlay, flake-compat,
|
{ nixpkgs
|
||||||
neovim-nightly-overlay
|
, agenix
|
||||||
,...
|
, home-manager
|
||||||
}@_inputs: let
|
, flake-utils
|
||||||
|
, nixgl
|
||||||
|
, rust-overlay
|
||||||
|
, flake-compat
|
||||||
|
, neovim-nightly-overlay
|
||||||
|
, ...
|
||||||
|
}@_inputs:
|
||||||
|
let
|
||||||
# Context/global stuffs to be passed down
|
# Context/global stuffs to be passed down
|
||||||
# TODO: adapt to different platforms think about different systems later
|
|
||||||
system = "x86_64-linux";
|
|
||||||
pkgs = import nixpkgs {
|
|
||||||
inherit system;
|
|
||||||
overlays = import ./overlays.nix _inputs;
|
|
||||||
config = {
|
|
||||||
allowUnfree = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# inject nixpkgs.lib onto c_ (calculus)
|
|
||||||
_lib = pkgs.lib;
|
|
||||||
inputs = (_lib.recursiveUpdate {
|
|
||||||
inherit system;
|
|
||||||
# NOTE: this will only read files that are within git tree
|
# NOTE: this will only read files that are within git tree
|
||||||
# all secrets should go into secrets.nix and secrets/*.age
|
# all secrets should go into secrets.nix and secrets/*.age
|
||||||
proj_root = let
|
proj_root =
|
||||||
|
let
|
||||||
path = builtins.toString ./.;
|
path = builtins.toString ./.;
|
||||||
in {
|
in
|
||||||
|
{
|
||||||
inherit path;
|
inherit path;
|
||||||
configs.path = "${path}/native-configs";
|
configs.path = "${path}/native_configs";
|
||||||
scripts.path = "${path}/scripts";
|
scripts.path = "${path}/scripts";
|
||||||
secrets.path = "${path}/secrets";
|
secrets.path = "${path}/secrets";
|
||||||
testdata.path = "${path}/tests";
|
testdata.path = "${path}/tests";
|
||||||
|
@ -59,12 +54,35 @@
|
||||||
hosts.path = "${path}/hosts";
|
hosts.path = "${path}/hosts";
|
||||||
users.path = "${path}/users";
|
users.path = "${path}/users";
|
||||||
};
|
};
|
||||||
} _inputs);
|
# TODO: adapt to different platforms think about different systems later
|
||||||
inputs_w_pkgs = (_lib.recursiveUpdate {inherit pkgs; lib = pkgs.lib;} inputs);
|
system = "x86_64-linux";
|
||||||
lib = _lib.recursiveUpdate (import ./lib inputs_w_pkgs) _lib;
|
overlays = [
|
||||||
|
rust-overlay.overlays.default
|
||||||
|
(self: pkgs@{ lib, ... }: {
|
||||||
|
lib = pkgs.lib // (import ./lib (_inputs // { inherit pkgs proj_root; }));
|
||||||
|
})
|
||||||
|
];
|
||||||
|
pkgs = import nixpkgs {
|
||||||
|
inherit system;
|
||||||
|
overlays = import ./overlays.nix _inputs;
|
||||||
|
config = {
|
||||||
|
allowUnfree = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
# now, this lib is extremely powerful as it also engulfs nixpkgs.lib
|
||||||
|
# lib = nixpkgs.lib // pkgs.lib;
|
||||||
|
lib = (builtins.foldl' (lhs: rhs: (nixpkgs.lib.recursiveUpdate lhs rhs)) { } [
|
||||||
|
nixpkgs.lib
|
||||||
|
pkgs.lib
|
||||||
|
(import ./lib {
|
||||||
|
inherit proj_root pkgs overlays system;
|
||||||
|
inherit (pkgs) lib;
|
||||||
|
})
|
||||||
|
]);
|
||||||
|
inputs_w_lib = (pkgs.lib.recursiveUpdate _inputs {
|
||||||
|
inherit system proj_root pkgs lib;
|
||||||
|
});
|
||||||
|
|
||||||
# update inputs with our library and past onto our end configurations
|
|
||||||
inputs_w_lib = (lib.recursiveUpdate {inherit lib;} inputs_w_pkgs);
|
|
||||||
modules = (import ./modules inputs_w_lib);
|
modules = (import ./modules inputs_w_lib);
|
||||||
hosts = (import ./hosts inputs_w_lib);
|
hosts = (import ./hosts inputs_w_lib);
|
||||||
users = (import ./users inputs_w_lib);
|
users = (import ./users inputs_w_lib);
|
||||||
|
@ -85,18 +103,25 @@
|
||||||
expected = "for sure";
|
expected = "for sure";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
secrets = import ./secrets final_inputs;
|
||||||
|
|
||||||
in {
|
in
|
||||||
|
{
|
||||||
inherit (hosts) nixosConfigurations;
|
inherit (hosts) nixosConfigurations;
|
||||||
# inherit (users) homeConfigurations;
|
inherit (users) homeConfigurations;
|
||||||
inherit lib;
|
inherit lib proj_root;
|
||||||
devShell."${system}" = import ./dev-shell.nix final_inputs;
|
devShell."${system}" = import ./dev-shell.nix final_inputs;
|
||||||
templates = import ./templates final_inputs;
|
templates = import ./templates final_inputs;
|
||||||
|
secrets = {
|
||||||
|
pubKeys = {
|
||||||
|
hosts = hosts.pubKeys;
|
||||||
|
users = users.pubKeys;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
unit_tests = lib.runTests unit_tests;
|
unit_tests = lib.runTests unit_tests;
|
||||||
secrets = import ./secrets final_inputs;
|
|
||||||
debug = {
|
debug = {
|
||||||
inherit final_inputs hosts users modules lib inputs_w_lib unit_tests pkgs;
|
inherit final_inputs hosts users modules lib inputs_w_lib unit_tests pkgs nixpkgs;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,6 +8,7 @@
|
||||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||||
];
|
];
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
# boot.initrd.kernelModules = [ "amdgpu" ];
|
# boot.initrd.kernelModules = [ "amdgpu" ];
|
||||||
boot.initrd.kernelModules = [];
|
boot.initrd.kernelModules = [];
|
||||||
|
|
|
@ -10,11 +10,13 @@ config = {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
preset = "base";
|
preset = "base";
|
||||||
};
|
};
|
||||||
|
# TODO: add override so that we can add wsl config on top
|
||||||
bao.nixosConfig = {
|
bao.nixosConfig = {
|
||||||
modules = [
|
modules = [
|
||||||
import ../modules/kde.sys.nix
|
(import ../modules/nvgpu.sys.nix)
|
||||||
import ../modules/pulseaudio.sys.nix
|
(import ../modules/kde.sys.nix)
|
||||||
import ../modules/storage.perso.sys.nix
|
(import ../modules/pulseaudio.sys.nix)
|
||||||
|
(import ../modules/storage.perso.sys.nix)
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -29,36 +31,45 @@ propagate = hostConfig@{metadata, nixosConfig}: let
|
||||||
preset = lib.attrByPath ["preset"] "base" metadata;
|
preset = lib.attrByPath ["preset"] "base" metadata;
|
||||||
# infer
|
# infer
|
||||||
hardwareConfig = import "${proj_root.hosts.path}/${hostName}/hardware-configuration.nix";
|
hardwareConfig = import "${proj_root.hosts.path}/${hostName}/hardware-configuration.nix";
|
||||||
|
# alias to prevent infinite recursion
|
||||||
|
_nixosConfig = nixosConfig;
|
||||||
in {
|
in {
|
||||||
inherit hostName ssh_pubkey users nixosVersion system preset hardwareConfig;
|
inherit hostName ssh_pubkey users nixosVersion system preset hardwareConfig;
|
||||||
nixosConfig = nixosConfig // {
|
nixosConfig = _nixosConfig // {
|
||||||
inherit system;
|
inherit system;
|
||||||
lib = finalInputs.lib;
|
|
||||||
modules = [
|
modules = [
|
||||||
|
{
|
||||||
|
config._module.args = {
|
||||||
|
inherit proj_root;
|
||||||
|
my-lib = finalInputs.lib;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
hardwareConfig
|
||||||
{
|
{
|
||||||
system.stateVersion = nixosVersion;
|
system.stateVersion = nixosVersion;
|
||||||
networking.hostName = hostName;
|
networking.hostName = hostName;
|
||||||
users.users = users;
|
users.users = users;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
_module.args = finalInputs;
|
imports = [agenix.nixosModule];
|
||||||
|
environment.systemPackages = [agenix.defaultPackage.x86_64-linux];
|
||||||
}
|
}
|
||||||
import "${proj_root.modules.path}/secrets.nix"
|
(import "${proj_root.modules.path}/secrets.nix")
|
||||||
import "${proj_root.modules.path}/${preset}.sys.nix"
|
(import "${proj_root.modules.path}/${preset}.sys.nix")
|
||||||
] ++ nixosConfig.modules;
|
] ++ _nixosConfig.modules;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
# we are blessed by the fact that we engulfed nixpkgs.lib.* at top level
|
||||||
mkHostFromPropagated = propagatedHostConfig@{nixosConfig,...}: nixpkgs.lib.nixosSystem nixosConfig;
|
mkHostFromPropagated = propagatedHostConfig@{nixosConfig,...}: nixpkgs.lib.nixosSystem nixosConfig;
|
||||||
|
<<<<<<< HEAD
|
||||||
mkHost = hostConfig: (lib.pipe [propagate mkHostFromPropagated] hostConfig);
|
mkHost = hostConfig: (lib.pipe [propagate mkHostFromPropagated] hostConfig);
|
||||||
trimNull = lib.filterAttrsRecursive (name: value: value != null);
|
trimNull = lib.filterAttrsRecursive (name: value: value != null);
|
||||||
flattenPubkey = lib.mapAttrs (hostName: meta_config: meta_config.metadata.ssh_pubkey);
|
flattenPubkey = lib.mapAttrs (hostName: meta_config: meta_config.metadata.ssh_pubkey);
|
||||||
|
=======
|
||||||
|
mkHost = hostConfig: (lib.pipe hostConfig [propagate mkHostFromPropagated]);
|
||||||
|
>>>>>>> 4619ea4 (rekey)
|
||||||
in {
|
in {
|
||||||
inherit config;
|
nixosConfigurations = lib.mapAttrs (name: hostConfig: mkHost hostConfig) config;
|
||||||
# nixosConfigurations = lib.mapAttrs (name: hostConfig: mkHost hostConfig) config;
|
|
||||||
nixosConfigurations = {};
|
|
||||||
debug = {
|
|
||||||
propagated = lib.mapAttrs (name: hostConfig: propagate hostConfig) config;
|
|
||||||
};
|
|
||||||
# {bao = "ssh-ed25519 ..."; another_host = "ssh-rsa ...";}
|
# {bao = "ssh-ed25519 ..."; another_host = "ssh-rsa ...";}
|
||||||
hostKeys = trimNull (flattenPubkey config);
|
pubKeys = lib.getPubkey config;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,22 +1,30 @@
|
||||||
{pkgs
|
{pkgs
|
||||||
,nixpkgs
|
# ,nixpkgs
|
||||||
,proj_root
|
,proj_root
|
||||||
,agenix
|
# ,agenix
|
||||||
,nixosDefaultVersion? "22.05"
|
,nixosDefaultVersion? "22.05"
|
||||||
,defaultSystem? "x86_64-linux"
|
,defaultSystem? "x86_64-linux"
|
||||||
,...}@inputs: let
|
,...}@inputs: let
|
||||||
lib = pkgs.lib;
|
lib = pkgs.lib;
|
||||||
serde = import ./serde.nix inputs // {inherit lib;};
|
inputs_w_lib = (inputs // {inherit lib;});
|
||||||
|
serde = import ./serde.nix inputs_w_lib;
|
||||||
|
shellAsDrv = {script, pname}: (pkgs.callPackage (
|
||||||
|
# just a pattern that we must remember: args to this are children of pkgs.
|
||||||
|
{writeShellScriptBin}: writeShellScriptBin pname script
|
||||||
|
) {});
|
||||||
|
trimNull = lib.filterAttrs (name: value: value != null);
|
||||||
|
# ssh
|
||||||
|
flattenPubkey = lib.mapAttrs (_identity: meta_config: lib.attrByPath ["metadata" "ssh_pubkey"] null meta_config);
|
||||||
|
getPubkey = config: (lib.pipe config [flattenPubkey trimNull]);
|
||||||
# procedure =
|
# procedure =
|
||||||
in {
|
in {
|
||||||
# short-hand to create a shell derivation
|
# short-hand to create a shell derivation
|
||||||
# NOTE: this is pure. This means, env vars from devShells might not
|
# NOTE: this is pure. This means, env vars from devShells might not
|
||||||
# be accessible unless MAYBE they are `export`ed
|
# be accessible unless MAYBE they are `export`ed
|
||||||
shellAsDrv = {script, pname}: (pkgs.callPackage (
|
inherit shellAsDrv trimNull flattenPubkey getPubkey;
|
||||||
# just a pattern that we must remember: args to this are children of pkgs.
|
ssh = {
|
||||||
{writeShellScriptBin}: writeShellScriptBin pname script
|
inherit flattenPubkey getPubkey;
|
||||||
) {});
|
};
|
||||||
|
|
||||||
# Configures hosts as nixosConfiguration
|
# Configures hosts as nixosConfiguration
|
||||||
# mkHost = {hostName
|
# mkHost = {hostName
|
||||||
# , nixosBareConfiguration
|
# , nixosBareConfiguration
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
{
|
||||||
|
imports = [./gpu.sys.nix];
|
||||||
|
boot.initrd.kernelModules = [ "amdgpu" ];
|
||||||
|
services.xserver.enable = true;
|
||||||
|
services.xserver.videoDrivers = [ "amdgpu" ];
|
||||||
|
}
|
|
@ -1,6 +1,7 @@
|
||||||
{pkgs
|
{pkgs
|
||||||
,lib
|
,lib
|
||||||
,proj_root
|
,proj_root
|
||||||
|
,...
|
||||||
}:{
|
}:{
|
||||||
imports = [
|
imports = [
|
||||||
./minimal.sys.nix
|
./minimal.sys.nix
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
{ pkgs, ... }: {
|
||||||
|
environment.systemPackages = [ pkgs.clinfo pkgs.lshw pkgs.glxinfo pkgs.pciutils pkgs.vulkan-tools ];
|
||||||
|
hardware.opengl = {
|
||||||
|
enable = true;
|
||||||
|
extraPackages = [ pkgs.rocm-opencl-icd pkgs.rocm-opencl-runtime ];
|
||||||
|
# Vulkan
|
||||||
|
driSupport = true;
|
||||||
|
driSupport32Bit = true;
|
||||||
|
package = pkgs.mesa.drivers;
|
||||||
|
package32 = pkgs.pkgsi686Linux.mesa.drivers;
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,7 +1,8 @@
|
||||||
{ pkgs
|
{ pkgs
|
||||||
, lib
|
, my-lib
|
||||||
|
,...
|
||||||
}: {
|
}: {
|
||||||
environment.noXlibs = lib.mkForce false;
|
environment.noXlibs = my-lib.mkForce false;
|
||||||
# TODO: wireless networking
|
# TODO: wireless networking
|
||||||
|
|
||||||
# Enable the X11 windowing system.
|
# Enable the X11 windowing system.
|
||||||
|
|
|
@ -1,12 +1,15 @@
|
||||||
{pkgs
|
{pkgs
|
||||||
,lib
|
,lib
|
||||||
,proj_root
|
,proj_root
|
||||||
|
,modulesPath
|
||||||
|
,...
|
||||||
}:{
|
}:{
|
||||||
|
imports = ["${modulesPath}/profiles/minimal.nix"];
|
||||||
# prune old builds after a while
|
# prune old builds after a while
|
||||||
nix.settings.auto-optimize-store = true;
|
nix.settings.auto-optimise-store = true;
|
||||||
nix.package = pkgs.nixFlakes; # nix flakes
|
nix.package = pkgs.nixFlakes; # nix flakes
|
||||||
nix.extraOptions = ''
|
nix.extraOptions = ''
|
||||||
experimental=feature = nix-command flakes
|
experimental-features = nix-command flakes
|
||||||
'';
|
'';
|
||||||
programs.neovim = {
|
programs.neovim = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -22,6 +25,6 @@
|
||||||
];
|
];
|
||||||
users.users.root = {
|
users.users.root = {
|
||||||
# openssh runs in root, no? This is because port < 1024 requires root.
|
# openssh runs in root, no? This is because port < 1024 requires root.
|
||||||
openssh.authorizedKeys.keys = lib.strings.splitString "\n" (builtins.readFile "${proj_root}/ssh/authorized_keys");
|
openssh.authorizedKeys.keys = lib.strings.splitString "\n" (builtins.readFile "${proj_root.configs.path}/ssh/authorized_keys");
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
{pkgs
|
{pkgs
|
||||||
,lib
|
,lib
|
||||||
,config
|
,config
|
||||||
|
,...
|
||||||
}: {
|
}: {
|
||||||
environment.systemPackages = [pkgs.mosh];
|
environment.systemPackages = [pkgs.mosh];
|
||||||
networking.firewall = lib.mkIf config.networking.firewall.enable {
|
networking.firewall = lib.mkIf config.networking.firewall.enable {
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
{config,...}: {
|
||||||
|
imports = [./gpu.sys.nix];
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
services.xserver.enable = true;
|
||||||
|
services.xserver.videoDrivers = [ "nvidia" ];
|
||||||
|
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable;
|
||||||
|
}
|
|
@ -1,8 +1,5 @@
|
||||||
{agenix
|
{proj_root
|
||||||
,proj_root}: {
|
,...}: {
|
||||||
imports = [
|
|
||||||
agenix.nixosModule
|
|
||||||
];
|
|
||||||
age.secrets.s3fs = {
|
age.secrets.s3fs = {
|
||||||
file = "${proj_root.secrets.path}/s3fs.age";
|
file = "${proj_root.secrets.path}/s3fs.age";
|
||||||
# mode = "600"; # owner + group only
|
# mode = "600"; # owner + group only
|
||||||
|
@ -15,5 +12,8 @@
|
||||||
age.secrets._nhitrl_cred = {
|
age.secrets._nhitrl_cred = {
|
||||||
file = "${proj_root.secrets.path}/_nhitrl.age";
|
file = "${proj_root.secrets.path}/_nhitrl.age";
|
||||||
};
|
};
|
||||||
environment.systemPackages = [agenix.defaultPackage.x86_64-linux];
|
age.secrets."wifi.env" = {
|
||||||
|
file = "${proj_root.secrets.path}/wifi.env.age";
|
||||||
|
};
|
||||||
|
# environment.systemPackages = [agenix.defaultPackage.x86_64-linux];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
permitRootLogin = false;
|
permitRootLogin = "no";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Personal configuration on storage solution
|
# Personal configuration on storage solution
|
||||||
{ pkgs, config, lib }: {
|
{ pkgs, config, lib,... }: {
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
pkgs.s3fs
|
pkgs.s3fs
|
||||||
pkgs.cifs-utils
|
pkgs.cifs-utils
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
{config,...}: {
|
||||||
|
networking.wireless.enable = true;
|
||||||
|
networking.wireless.environmentFile = config.age.secrets."wifi.env";
|
||||||
|
networking.wireless.networks = {
|
||||||
|
"Hoang Sa".psk = "@DESERT_PSK@";
|
||||||
|
"Truong Sa".psk = "@DESERT_PSK@";
|
||||||
|
};
|
||||||
|
}
|
|
@ -230,7 +230,7 @@
|
||||||
};
|
};
|
||||||
amd_rx470 = {
|
amd_rx470 = {
|
||||||
# early amd gpu usage
|
# early amd gpu usage
|
||||||
# boot.initrd.kernelModules = ["amdgpu"];
|
boot.initrd.kernelModules = ["amdgpu"];
|
||||||
services.xserver.enable = true;
|
services.xserver.enable = true;
|
||||||
services.xserver.videoDrivers = ["amdgpu"];
|
services.xserver.videoDrivers = ["amdgpu"];
|
||||||
};
|
};
|
||||||
|
|
|
@ -19,10 +19,10 @@ fi
|
||||||
SCRIPT_DIR=$(realpath $(dirname $0))
|
SCRIPT_DIR=$(realpath $(dirname $0))
|
||||||
echo "SCRIPT_DIR: ${SCRIPT_DIR}"
|
echo "SCRIPT_DIR: ${SCRIPT_DIR}"
|
||||||
|
|
||||||
SYSNIX_DIR="${SCRIPT_DIR}/../nix-conf/system"
|
SYSNIX_DIR="${SCRIPT_DIR}/.."
|
||||||
|
|
||||||
# Copy hardware-configuration of existing machine onto our version control
|
# Copy hardware-configuration of existing machine onto our version control
|
||||||
SYSNIX_PROF="${SYSNIX_DIR}/profiles/${HOSTNAME}"
|
SYSNIX_PROF="${SYSNIX_DIR}/hosts/${HOSTNAME}"
|
||||||
HARDWARE_CONF="${SYSNIX_PROF}/hardware-configuration.nix"
|
HARDWARE_CONF="${SYSNIX_PROF}/hardware-configuration.nix"
|
||||||
if [ ! -f "${HARDWARE_CONF}" ]; then
|
if [ ! -f "${HARDWARE_CONF}" ]; then
|
||||||
mkdir "$SYSNIX_PROF"
|
mkdir "$SYSNIX_PROF"
|
||||||
|
|
15
secrets.nix
15
secrets.nix
|
@ -1,4 +1,5 @@
|
||||||
(import
|
let
|
||||||
|
inherit ((import
|
||||||
(
|
(
|
||||||
let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in
|
let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in
|
||||||
fetchTarball {
|
fetchTarball {
|
||||||
|
@ -7,4 +8,14 @@
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
{ src = ./.; }
|
{ src = ./.; }
|
||||||
).defaultNix.secrets
|
).defaultNix) secrets;
|
||||||
|
inherit (secrets) pubKeys;
|
||||||
|
inherit (pubKeys) users hosts;
|
||||||
|
all = users // hosts;
|
||||||
|
c_ = builtins;
|
||||||
|
in {
|
||||||
|
"secrets/s3fs.age".publicKeys = c_.attrValues (all);
|
||||||
|
"secrets/s3fs.digital-garden.age".publicKeys = c_.attrValues (all);
|
||||||
|
"secrets/_nhitrl.age".publicKeys = c_.attrValues (all);
|
||||||
|
"secrets/wifi.env.age".publicKeys = c_.attrValues (all);
|
||||||
|
}
|
||||||
|
|
Binary file not shown.
|
@ -1,10 +1,10 @@
|
||||||
age-encryption.org/v1
|
age-encryption.org/v1
|
||||||
-> ssh-ed25519 ahbzMg 6pTVLAgOY/JZVWiCFHLo8xQ4/CL6620IMaBRpqI8Wws
|
-> ssh-ed25519 ahbzMg Lx4TLKDZ2yk3DQsM6nOOI1o+FHu0lNtT2p3PBdao+C4
|
||||||
CtJeQuy5VzKZhJnIH+/cjlKsAcg0RY2bhHTWVm+hUOY
|
RsTScUeLmFrO6v1OOxBbyBCMBMVhsGrtu5W9iMOw8B0
|
||||||
-> ssh-ed25519 glsjZQ we7RCgsnODTJ8rKYhU+9tu0DmLH+98mcQKQ3I2slikM
|
-> ssh-ed25519 glsjZQ CdLCkzb1dBoG9gYdMisaZBZT+nnzfOX326CWq6cvN1s
|
||||||
G81lsFLQR9polxme1K/MU2d8Y01PrTqtzJnVq0EMJF0
|
UKGCxej9lZnLzsuFJnFOMpyrz7YzJrHcrFuDz8l8RQk
|
||||||
-> |-grease B\W,I9z ^Gx;$ Kk7!4,P
|
-> U<J-grease + A6h/F, 'mix
|
||||||
0Jl5Lhx7R8YOs9S+hUtQDDpNIqBhC/MM0N7w1MCtwYtkIIIWKfY9jkJ7+Cew2Ee5
|
jpEa7b7rRo6bVpTr19c5ALOfaeiP0jldtpQBRWfJnma3VSo3kkDQpfa3RvPjZfD8
|
||||||
Qb04jnE
|
Eg9Zb03MKMUAJnWwfLCXVFQqEVpSaIwI+ujLZ5Cm
|
||||||
--- b7AXWRgK45a/91iwmwt5g+CWOlU/2f4nUDfXlg/bs9A
|
--- /a+J/jeGoWwuNvDEAIGzU0WKx86oH+YRTnSexf+8NP4
|
||||||
¢²%;Þ3RmQÚ‹WhpÌ–VŠ;º×®¡¥VÍÚñ[zš9al¦±=cLêüva<>ëu7é,†tø±’ýUܶh^&å‰Ö¿WåJP6-ÇÒ£
n‘-ˆ¿=™]
|
!]Fµ‹O¬J’v”žó%×-ŻtÚŹŘťuzčBÉ˙}ś‡Ő"C\;D(ľ‡Ă’FŠÎ®j®ëA7&ąü<C485>˛?é.ć…J•áBa»„ąŽ˛[ŘdXr‘ŢŚO
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,12 @@
|
||||||
|
{lib,...}@inputs: let
|
||||||
|
config = {
|
||||||
|
hungtr.metadata = {
|
||||||
|
};
|
||||||
|
"hungtr@bao".metadata = {
|
||||||
|
ssh_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+1+gps6phbZboIb9fH51VNPUCkhSSOAbkI3tq3Ou0Z";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
homeConfigurations = {};
|
||||||
|
pubKeys = lib.getPubkey config;
|
||||||
|
}
|
Loading…
Reference in New Issue