aciceri/nixfleet
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Things

Browse source 
- new host `devbox`
- `flake-parts` module to manage agenix secrets
- Searx -> Google again 😩 (it was too slow)
- WIP `git-workspace` module for `home-manager`
- `cgit` module
- `spotify-adblocked` packaged
This commit is contained in:
Andrea Ciceri 2023-03-26 11:35:42 +02:00
parent 29bea282e7
commit 52298435cd
No known key found for this signature in database
23 changed files with 947 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

67
hosts/default.nix
View file

@ -21,8 +21,23 @@
};
secrets = lib.mkOption {
description = "List of secrets names in the `secrets` folder";
type = lib.types.listOf lib.types.str;
default = [];
type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
options = {
owner = lib.mkOption {
type = lib.types.str;
default = "root";
};
group = lib.mkOption {
type = lib.types.str;
default = "root";
};
file = lib.mkOption {
type = lib.types.path;
default = "${self.outPath}/secrets/${name}.age";
};
};
}));
default = {};
};
enableHomeManager = lib.mkOption {
description = "Enable home-manager module";
@ -80,20 +95,38 @@
]
++ (lib.optionals (config.secrets != []) [
inputs.agenix.nixosModules.default
({lib, ...}: {
age.secrets =
({lib, ...}: let
allSecrets = lib.mapAttrs' (name: value: {
name = lib.removeSuffix ".age" name;
inherit value;
}) (import "${self.outPath}/secrets");
filteredSecrets =
lib.filterAttrs
(name: _: builtins.elem name config.secrets)
(lib.mapAttrs' (name: _: {
name = lib.removeSuffix ".age" (builtins.baseNameOf name);
value.file = "${self.outPath}/${name}";
}) (import "${self.outPath}/secrets"));
(name: _: builtins.hasAttr name config.secrets)
allSecrets;
in {
age.secrets =
lib.mapAttrs' (name: _: {
name = builtins.baseNameOf name;
value = {
inherit (config.secrets.${name}) owner group file;
};
})
filteredSecrets;
})
])
++ (lib.optionals config.enableHomeManager [
++ (lib.optionals config.enableHomeManager (let
user = config.extraHmModulesUser;
extraHmModules = config.extraHmModules;
in [
inputs.homeManager.nixosModule
{home-manager.users."${config.extraHmModulesUser}".imports = config.extraHmModules;}
])
({config, ...}: {
home-manager.users."${user}" = {
imports = extraHmModules;
_module.args.age = config.age or {};
};
})
]))
++ config.extraModules;
specialArgs = {
fleetModules = builtins.map (moduleName: "${self.outPath}/modules/${moduleName}");
@ -117,7 +150,6 @@
extraHmModules = [
inputs.ccrEmacs.hmModules.default
];
secrets = ["cachix"];
};
rock5b = {
system = "aarch64-linux";
@ -134,6 +166,15 @@
];
};
hs = {};
devbox = {
extraModules = [inputs.disko.nixosModules.disko];
extraHmModules = [
inputs.ccrEmacs.hmModules.default
];
secrets = {
"git-workspace-tokens".owner = "ccr";
};
};
};
flake.nixosConfigurations =

68
hosts/devbox/default.nix Normal file
View file

@ -0,0 +1,68 @@
{
modulesPath,
fleetModules,
lib,
pkgs,
...
}: {
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
]
++ fleetModules [
"common"
"ssh"
"ccr"
"nix"
];
ccr = {
enable = true;
autologin = true;
modules = [
"emacs"
"git"
"gpg"
"helix"
"password-store"
"shell"
"xdg"
"git-workspace"
];
packages = with pkgs; [
comma
];
extraGroups = [
"wheel"
"fuse"
"video"
"networkmanager"
];
};
fonts = {
fonts = with pkgs; [powerline-fonts dejavu_fonts fira-code fira-code-symbols emacs-all-the-icons-fonts nerdfonts joypixels etBook];
fontconfig.defaultFonts = {
monospace = ["DejaVu Sans Mono for Powerline"];
sansSerif = ["DejaVu Sans"];
serif = ["DejaVu Serif"];
};
};
nixpkgs.config.joypixels.acceptLicense = true;
environment.systemPackages = with pkgs; [waypipe firefox];
programs.mosh.enable = true;
disko.devices = import ./disko.nix {
inherit lib;
};
boot.loader.grub = {
devices = ["/dev/sda"];
efiSupport = true;
efiInstallAsRemovable = true;
};
}

79
hosts/devbox/disko.nix Normal file
View file

@ -0,0 +1,79 @@
# Example to create a bios compatible gpt partition
{
lib,
disks ? ["/dev/sda"],
...
}: {
disk = lib.genAttrs disks (dev: {
device = dev;
type = "disk";
content = {
type = "table";
format = "gpt";
partitions = [
{
name = "boot";
type = "partition";
start = "0";
end = "1M";
part-type = "primary";
flags = ["bios_grub"];
}
{
type = "partition";
name = "ESP";
start = "1MiB";
end = "100MiB";
bootable = true;
content = {
type = "mdraid";
name = "boot";
};
}
{
name = "root";
type = "partition";
start = "100MiB";
end = "100%";
part-type = "primary";
bootable = true;
content = {
type = "lvm_pv";
vg = "pool";
};
}
];
};
});
mdadm = {
boot = {
type = "mdadm";
level = 1;
metadata = "1.0";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
type = "lvm_lv";
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
}

38
hosts/rock5b/default.nix
View file

@ -14,17 +14,33 @@
"common"
"ssh"
"ccr"
"cgit"
]);
ccr.enable = true;
# programs.sway.enable = true;
services.rock5b-fan-control.enable = true;
# nixpkgs.config.permittedInsecurePackages = [
# "libav-11.12"
# ];
services.nginx.enable = true;
services.nginx.virtualHosts."localhost" = {
cgit = {
enable = true;
virtual-root = "/";
include = [
(builtins.toFile "cgitrc-extra-1" ''
repo.url=test-repo.git
repo.path=/srv/git/test-repo.
repo.desc=the master foo repository
repo.owner=fooman@example.com
css=/custom.css
'')
(builtins.toFile "cgitrc-extra-2" ''
# Allow http transport git clone
enable-http-clone=1
'')
];
};
};
fileSystems."/mnt/film" = {
device = "//ccr.ydns.eu/film";
@ -58,6 +74,18 @@
extraGroups = ["video" "input"];
};
networking.firewall.allowedTCPPorts = [
8080 # kodi control
80
];
programs.bash.loginShellInit = ''
[[ "$(tty)" == '/dev/tty1' ]] && \
[[ "$(whoami)" == 'kodi' ]] && \
${pkgs.kodi-rock5b}/bin/kodi-standalone
'';
# Waiting for https://github.com/NixOS/nixpkgs/issues/140304
services.getty = let
script = pkgs.writeText "login-program.sh" ''

1
hosts/thinkpad/default.nix
View file

@ -60,6 +60,7 @@
"zathura"
"chrome"
"obs-studio"
"spotify"
];
packages = with pkgs; [
comma