don/NixOS-Configs
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Activity

merge issues

Browse source
This commit is contained in:
Don Harper 2025-11-17 19:31:44 -06:00
commit 6b642140e2
37 changed files with 493 additions and 112 deletions
Download patch file Download diff file Expand all files Collapse all files

7
.sops.yaml Normal file
View file

@ -0,0 +1,7 @@
keys:
- &host_loki age16a4ywf6pycs9l8rn7y34c6y8pqfz9utmwwkr70d0hapknkzdaafsesn0ff
creation_rules:
- path_regex: secrets.yaml$
key_groups:
- age:
- *host_loki

4
TODO.md
View file

@ -1,4 +1,8 @@
# TODO
- [ ] Refactor {workstation,server,pi-server}/default.nix to share as much as
possible
- [ ] do not do mail sync on servers
- [ ] Get vim reset up
- [ ] evaluation warning: 'system' has been renamed to/replaced by
'stdenv.hostPlatform.system'

85
flake.lock generated
View file

@ -25,11 +25,11 @@
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1762198582,
"narHash": "sha256-P9giW/1Crn7ekQt4YIbONJ/hKFaHkTwyhz82FCjh+OM=",
"lastModified": 1762510976,
"narHash": "sha256-KGoSj8qMOOPaNE48RTtuNBbqOvKLTeklnRHWWvE/TXo=",
"owner": "catppuccin",
"repo": "nix",
"rev": "08716214674ca27914daa52e6fa809cc022b581e",
"rev": "728cb0a667ce37bb0c68557dba819c7fb54ff1c8",
"type": "github"
},
"original": {
@ -241,11 +241,11 @@
]
},
"locked": {
"lastModified": 1762296971,
"narHash": "sha256-Jyv3L5rrUYpecON+9zyFz2VqgTSTsIG35fXuCyuCQv0=",
"lastModified": 1762787259,
"narHash": "sha256-t2U/GLLXHa2+kJkwnFNRVc2fEJ/lUfyZXBE5iKzJdcs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "34fe48801d2a5301b814eaa1efb496499d06cebc",
"rev": "37a3d97f2873e0f68711117c34d04b7c7ead8f4e",
"type": "github"
},
"original": {
@ -298,11 +298,11 @@
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1762286227,
"narHash": "sha256-foAa58OTMJVFpH2dGuV8zL85EVDc8zcSLyAuUTDhTf8=",
"lastModified": 1762882195,
"narHash": "sha256-IwsSz/Kb6aV4qS00JlBUf3PiFiOiXgrxXiBjJlI+0Ao=",
"owner": "NixOS",
"repo": "nix",
"rev": "3ed42cd3543b2bf1bdd0bafa06052906c2749d87",
"rev": "af0ac14021a1de2302f89bcbb7aa3e0eb63631e0",
"type": "github"
},
"original": {
@ -333,11 +333,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1762267440,
"narHash": "sha256-WHjEJ80oYbWyNu0dxysBs5oMlBc5w7YYzL1/UPj4iGo=",
"lastModified": 1762847253,
"narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "2e85ae1b7030df39269d29118b1f74944d0c8f15",
"rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9",
"type": "github"
},
"original": {
@ -397,11 +397,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1761999846,
"narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=",
"lastModified": 1762756533,
"narHash": "sha256-HiRDeUOD1VLklHeOmaKDzf+8Hb7vSWPVFcWwaTrpm+U=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31",
"rev": "c2448301fb856e351aab33e64c33a3fc8bcf637d",
"type": "github"
},
"original": {
@ -429,11 +429,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1761672384,
"narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=",
"lastModified": 1762111121,
"narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c",
"rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4",
"type": "github"
},
"original": {
@ -477,11 +477,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1762111121,
"narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=",
"lastModified": 1762596750,
"narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4",
"rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e",
"type": "github"
},
"original": {
@ -491,6 +491,22 @@
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1762361079,
"narHash": "sha256-lz718rr1BDpZBYk7+G8cE6wee3PiBUpn8aomG/vLLiY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ffcdcf99d65c61956d882df249a9be53e5902ea5",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nvf": {
"inputs": {
"flake-compat": "flake-compat_3",
@ -502,11 +518,11 @@
"systems": "systems_3"
},
"locked": {
"lastModified": 1762093557,
"narHash": "sha256-esmyNNa8TvduITLfqYPSMroyZ9vxJr2nsvjYmHmO+Ag=",
"lastModified": 1762622004,
"narHash": "sha256-NpzzgaoMK8aRHnndHWbYNKLcZN0r1y6icCoJvGoBsoE=",
"owner": "notashelf",
"repo": "nvf",
"rev": "20d8fca94dceaf943686598da7fba31b37100e50",
"rev": "09470524a214ed26633ddc2b6ec0c9bf31a8b909",
"type": "github"
},
"original": {
@ -526,7 +542,8 @@
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_6",
"nixpkgs-stable": "nixpkgs-stable",
"nvf": "nvf"
"nvf": "nvf",
"sops-nix": "sops-nix"
}
},
"rust-overlay": {
@ -547,6 +564,24 @@
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1762812535,
"narHash": "sha256-A91a+K0Q9wfdPLwL06e/kbHeAWSzPYy2EGdTDsyfb+s=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "d75e4f89e58fdda39e4809f8c52013caa22483b7",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"stable": {
"locked": {
"lastModified": 1750133334,

12
flake.nix
View file

@ -6,6 +6,7 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
sops-nix.url = "github:Mic92/sops-nix";
# nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05";
# disko.inputs.nixpkgs.follows = "nixpkgs";
@ -26,13 +27,14 @@
outputs = inputs @ {
self,
nixpkgs,
nix,
nixpkgs-stable,
nixos-hardware,
home-manager,
catppuccin,
colmena,
home-manager,
nix,
nixos-hardware,
nixpkgs,
nixpkgs-stable,
sops-nix,
...
}: let
inherit (self) outputs;

21
home/common/git.nix
View file

@ -4,17 +4,20 @@
...
}: {
programs.lazygit = {settings = {os.editPreset = "nvim";};};
programs.diff-so-fancy = {
enable = true;
enableGitIntegration = true;
};
programs.git = {
enable = true;
aliases = {
co = "checkout";
br = "branch";
ci = "commit";
st = "status";
last = "cat-file commit HEAD";
};
diff-so-fancy = {enable = true;};
extraConfig = {
settings = {
alias = {
co = "checkout";
br = "branch";
ci = "commit";
st = "status";
last = "cat-file commit HEAD";
};
core = {
user = "Don Harper";
email = "duck@duckland.org";

17
home/default.nix
View file

@ -1,13 +1,20 @@
{ inputs, outputs, pkgs, pkgs-stable, ... }: {
imports = [ inputs.home-manager.nixosModules.home-manager ];
{
inputs,
outputs,
pkgs,
pkgs-stable,
...
}: {
imports = [inputs.home-manager.nixosModules.home-manager];
home-manager.extraSpecialArgs = {
pkgs-stable = import pkgs-stable { config.allowUnfree = true; };
pkgs-stable = import pkgs-stable {config.allowUnfree = true;};
inherit inputs outputs;
};
home-manager = {
# useGlobalPkgs = true;
useUserPackages = true;
backupFileExtension = "home-manager-backup";
sharedModules = [inputs.sops-nix.homeManagerModules.sops];
users = {
don = {
imports = [
@ -22,8 +29,8 @@
stateVersion = "23.05";
};
programs = {
home-manager = { enable = true; };
go = { enable = true; };
home-manager = {enable = true;};
go = {enable = true;};
};
};
};

4
home/gui/files/local-qutebrowser/userscripts/save-url Executable file
View file

@ -0,0 +1,4 @@
#!/usr/bin/env bash
VAULT="/home/don/src/nixos/RepoUrls.md"
echo "* [${QUTE_TITLE}](${QUTE_URL})" >>"${VAULT}"

9
home/gui/qutebrowser.nix
View file

@ -9,8 +9,8 @@
loadAutoconfig = true;
keyBindings = {
normal = {
",J" = "spawn /home/don/bin/vdi";
",L" = "spawn --userscript qute-bitwarden --password-only";
",N" = "spawn --userscript saveurl";
",O" = "spawn --userscript obsidian-import-lite";
",R" = "spawn --userscript obsidian-import -r";
",U" = "spawn --userscript sendurl";
@ -18,8 +18,7 @@
",d" = "spawn --userscript open_download";
",l" = "spawn --userscript qute-bitwarden";
",m" = "spawn --userscript mymail";
",n" = ''
config-cycle content.user_stylesheets /home/don/src/solarized-everything-css/css/mine.css ""'';
",n" = ''config-cycle content.user_stylesheets /home/don/src/solarized-everything-css/css/mine.css ""'';
",o" = "spawn --userscript obsidian-import";
",r" = "spawn --userscript recipe";
",t" = "spawn --userscript qute-bitwarden --totp-only";
@ -57,12 +56,8 @@
crhs = "https://www.katyisd.org/CRHS";
crhs-absence = "https://www.katyisd.org/domain/5809";
cups = "http://localhost:631/printers/printer";
darkroom = "https://thedarkroom.com/photodashboard/";
disk = "https://smart.trex-halfbeak.ts.net/web/dashboard";
driversed = "https://driving.aceable.com/teacher/log?studentId=I89fno2YEZo4hQ40";
droplet = "https://cloud.digitalocean.com/droplets?i=a8b99f";
ercot = "https://www.ercot.com/gridmktinfo/dashboards";
fiesta = "https://www.fiestamart.com/weekly-ads/?store_code=66";
flood = "https://www.harriscountyfws.org/";
gatus = "https://gatus.trex-halfbeak.ts.net/";
gcal = "https://calendar.google.com/calendar/r";

1
home/gui/sway.nix
View file

@ -317,6 +317,7 @@
exec ~/bin/configure-gtk
exec ~/bin/dovideo.sh
exec ~/bin/auto-start
exec ${pkgs.sway-audio-idle-inhibit}/bin/sway-audio-idle-inhibit
exec ${pkgs.swaynotificationcenter}/bin/swaync
exec ${pkgs.networkmanagerapplet}/bin/nm-applet
exec ${pkgs.kdePackages.kdeconnect-kde}/bin/kdeconnect-indicator

22
home/gui/terminals.nix
View file

@ -1,4 +1,8 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
programs = {
kitty = {
enable = true;
@ -7,26 +11,28 @@
size = 16;
};
settings = {
mouse_hide_wait = "3.0";
mouse_hide_wait = "-3.0";
url_style = "double";
copy_on_select = "no";
background_opacity = "0.75";
scrollback_lines = 4000;
scrollback_pager_history_size = 2048;
notify_on_cmd_finish = "unfocused 10";
};
};
foot = {
enable = true;
server = { enable = true; };
server = {enable = true;};
settings = {
main = { term = "tmux-256color"; };
mouse = { hide-when-typing = "yes"; };
bell = { urgent = "yes"; };
main = {term = "tmux-256color";};
mouse = {hide-when-typing = "yes";};
bell = {urgent = "yes";};
};
};
yazi = { # terminal fm ala ranger/vifm
yazi = {
# terminal fm ala ranger/vifm
enable = true;
flavors = { dark = pkgs.yaziPlugins.yatline-catppuccin; };
flavors = {dark = pkgs.yaziPlugins.yatline-catppuccin;};
};
};
}

12
hosts/ace/default.nix
View file

@ -1,5 +1,13 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
# ../disko/mmcblk.nix
../workstation
@ -11,5 +19,5 @@
gui.enable = true;
kmscon.enable = true;
};
wm = { sway.enable = true; };
wm = {sway.enable = true;};
}

1
hosts/book/default.nix
View file

@ -8,6 +8,7 @@
}: {
imports = [
inputs.nixos-hardware.nixosModules.google-pixelbook
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
# ../disko/mmcblk.nix
../workstation

12
hosts/display/default.nix
View file

@ -1,6 +1,14 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.nixos-hardware.nixosModules.raspberry-pi-4
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../pi-server
./kiosk.nix
@ -10,7 +18,7 @@
nixpkgs.overlays = [
(final: super: {
makeModulesClosure = x:
super.makeModulesClosure (x // { allowMissing = true; });
super.makeModulesClosure (x // {allowMissing = true;});
})
];
}

10
hosts/dragon/default.nix
View file

@ -1,5 +1,11 @@
{ inputs, config, pkgs, ... }: {
{
inputs,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
inputs.nixos-hardware.nixosModules.common-cpu-intel
inputs.nixos-hardware.nixosModules.common-gpu-intel
@ -15,5 +21,5 @@
kmscon.enable = true;
auto-cpufreq.enable = true;
};
wm = { sway.enable = true; };
wm = {sway.enable = true;};
}

12
hosts/eve/default.nix
View file

@ -1,6 +1,14 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.nixos-hardware.nixosModules.google-pixelbook
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
# ../disko/mmcblk.nix
../workstation
@ -14,5 +22,5 @@
kmscon.enable = true;
auto-cpufreq.enable = true;
};
wm = { sway.enable = true; };
wm = {sway.enable = true;};
}

16
hosts/fred/default.nix
View file

@ -1,5 +1,13 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../server
./docker.nix
@ -9,13 +17,15 @@
networking.hostName = "fred";
variables.address = "100.72.236.170";
boot = {
binfmt.emulatedSystems = [ "aarch64-linux" ];
binfmt.emulatedSystems = ["aarch64-linux"];
loader = {
systemd-boot = { enable = true; };
systemd-boot = {enable = true;};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
};
primary.enable = true;
}

15
hosts/harper/default.nix
View file

@ -1,5 +1,16 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
imports = [ ./hardware-configuration.nix ../../server ];
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../../server
];
networking.hostName = "harper";
variables.address = "100.72.0.3";
}

15
hosts/harper2/default.nix
View file

@ -1,5 +1,16 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
imports = [ ./hardware-configuration.nix ../../server ];
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../../server
];
networking.hostName = "harper2";
variables.address = "100.72.0.4";
}

4
hosts/loki/default.nix
View file

@ -8,6 +8,7 @@
}: {
imports = [
inputs.nixos-hardware.nixosModules.framework-amd-ai-300-series
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
# ../disko/nvme.nix
../workstation
@ -25,6 +26,7 @@
auto-cpufreq.enable = true;
gnome-calendar.enable = true;
};
primary.enable = true;
primary.enable = false;
ollama.enable = true;
wm = {sway.enable = true;};
}

15
hosts/nuwww/default.nix
View file

@ -1,5 +1,16 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
imports = [ ./hardware-configuration.nix ../../server ];
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../../server
];
networking.hostName = "nuwww";
variables.address = "100.72.2.1";
}

1
hosts/pi-server/default.nix
View file

@ -126,6 +126,7 @@
environment.systemPackages = with pkgs; [
python313
age
base16-schemes
bash-completion
btop

16
hosts/pi1/default.nix
View file

@ -1,4 +1,16 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
imports = [ ./hardware-configuration.nix ../pi-server ./kiosk.nix ];
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../pi-server
./kiosk.nix
];
networking.hostName = "pi1";
}

15
hosts/pihole/default.nix
View file

@ -1,4 +1,15 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
imports = [ ./hardware-configuration.nix ../../server ];
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../../server
];
networking.hostName = "pihole";
}

1
hosts/pocket2/default.nix
View file

@ -7,6 +7,7 @@
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
inputs.nixos-hardware.nixosModules.common-cpu-intel
inputs.nixos-hardware.nixosModules.common-gpu-intel

2
hosts/server/default.nix
View file

@ -35,6 +35,7 @@ in {
../vars.nix
# ./tailscale.nix
./upgrade-diff.nix
./systemd-primary.nix
../../modules/beszel-agent.nix
];
@ -156,6 +157,7 @@ in {
environment.systemPackages = with pkgs; [
python-with-my-packages
age
aspell
aspellDicts.en
base16-schemes

70
hosts/server/systemd-primary.nix Normal file
View file

@ -0,0 +1,70 @@
{ pkgs, lib, config, ... }:
with lib;
let cfg = config.primary;
in {
options.primary = { enable = mkEnableOption "is primary host"; };
config = mkIf cfg.enable {
systemd = {
user = {
services = {
do_agenda = {
description = "Send today's agenda";
unitConfig = { Type = "simple"; };
serviceConfig = {
Type = "oneshot";
Environment =
"PATH=/run/current-system/sw/bin:/etc/profiles/per-user/don/bin:/home/don/bin";
ExecStart = "/home/don/bin/do_agenda";
};
};
do_agenda_tomorrow = {
description = "Send tomorrow's agenda";
unitConfig = { Type = "simple"; };
serviceConfig = {
Type = "oneshot";
Environment =
"PATH=/run/current-system/sw/bin:/etc/profiles/per-user/don/bin:/home/don/bin";
ExecStart = "/home/don/bin/do_agenda_tomorrow";
};
};
gosleep = {
description = "Adjust tailscale MTU based on location";
unitConfig = { Type = "simple"; };
serviceConfig = {
Type = "oneshot";
Environment =
"PATH=/run/current-system/sw/bin:/etc/profiles/per-user/don/bin:/home/don/bin";
ExecStart = "/home/don/bin/gosleep";
};
};
};
timers = {
do_agenda = {
wantedBy = [ "timers.target" ];
partOf = [ "do_agenda.service" ];
timerConfig = {
OnCalendar = "05:00";
Unit = "do_agenda.service";
};
};
do_agenda_tomorrow = {
wantedBy = [ "timers.target" ];
partOf = [ "do_agenda_tomorrow.service" ];
timerConfig = {
OnCalendar = "20:00";
Unit = "do_agenda_tomorrow.service";
};
};
gosleep = {
wantedBy = [ "timers.target" ];
partOf = [ "gosleep.service" ];
timerConfig = {
OnCalendar = "1m";
Unit = "gosleep.service";
};
};
};
};
};
};
}

12
hosts/smaug/default.nix
View file

@ -1,8 +1,16 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x260
inputs.nixos-hardware.nixosModules.common-pc-laptop
inputs.nixos-hardware.nixosModules.common-pc-ssd
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
# ../disko/sda.nix
../workstation
@ -17,5 +25,5 @@
auto-cpufreq.enable = true;
gnome-calendar.enable = true;
};
wm = { sway.enable = true; };
wm = {sway.enable = true;};
}

10
hosts/template/default.nix
View file

@ -1,5 +1,13 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
# ../disko/mmcblk.nix
../workstation

15
hosts/vm/default.nix
View file

@ -1,4 +1,15 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
imports = [ ./hardware-configuration.nix ../server ];
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
../server
];
networking.hostName = "vm";
}

14
hosts/vm1/default.nix
View file

@ -1,4 +1,14 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
imports = [ ./hardware-configuration.nix ];
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
];
networking.hostName = "vm1";
}

15
hosts/w1/default.nix
View file

@ -1,5 +1,13 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
./network.nix
../server
@ -10,9 +18,8 @@
variables.address = "100.72.16.240";
boot = {
initrd = {
availableKernelModules =
[ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
kernelModules = [ "nvme" ];
availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
kernelModules = ["nvme"];
};
loader = {
grub = {

15
hosts/w2/default.nix
View file

@ -1,5 +1,13 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
inputs.sops-nix.nixosModules.sops
./hardware-configuration.nix
./network.nix
../server
@ -8,9 +16,8 @@
networking.hostName = "w1";
boot = {
initrd = {
availableKernelModules =
[ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
kernelModules = [ "nvme" ];
availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
kernelModules = ["nvme"];
};
loader = {
grub = {

66
hosts/workstation/default.nix
View file

@ -34,7 +34,7 @@ in {
};
imports = [
inputs.catppuccin.nixosModules.catppuccin
# ./tailscale.nix
./tailscale.nix
../../home
../../home/gui
../../home/gui/gnome-calenar.nix
@ -47,6 +47,7 @@ in {
../themes.nix
./detect-reboot-needed.nix
./kmscon.nix
./ollama.nix
./systemd.nix
./systemd-primary.nix
./auto-cpufreq.nix
@ -55,6 +56,52 @@ in {
./wine.nix
];
sops = {
age.keyFile = "/home/don/.config/sops/age/keys.txt";
defaultSopsFile = ../../secrets.yaml;
# defaultSymlinkPath = "/run/user/1000/secrets";
# defaultSecretsMountPoint = "/run/user/1000/secrets.d";
secrets = {
"users/root_password" = {
owner = "root";
mode = "0400";
};
"users/root_sshauth" = {
owner = "root";
mode = "0400";
path = "/etc/ssh/authorized_keys.d/root";
};
"users/don_password" = {
owner = "don";
mode = "0400";
};
"users/don_sshauth" = {
owner = "don";
mode = "0400";
path = "/etc/ssh/authorized_keys.d/don";
};
"users/vicky_password" = {
owner = "don";
mode = "0400";
};
"users/vicky_sshauth" = {
owner = "don";
mode = "0400";
path = "/etc/ssh/authorized_keys.d/vicky";
};
"smtp/smtp_password" = {
owner = "root";
mode = "0444";
};
"tailscale/ts_api" = {
owner = "root";
mode = "0400";
};
};
};
networking = {
networkmanager.enable = true;
enableIPv6 = true;
@ -222,28 +269,18 @@ in {
users = {
root = {
initialPassword = "changeme";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd8AdVbQQ/Fmw+b9mI8EMYqIoRkwmSwAOtmlte3incL don@loki"
];
openssh.authorizedKeys.keys = [config.sops.secrets."users/root_sshauth".path];
};
don = {
isNormalUser = true;
initialPassword = "changeme";
description = "Don Harper";
extraGroups = ["networkmanager" "wheel" "scanner" "lp" "video" "mlocate" "disk"];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd8AdVbQQ/Fmw+b9mI8EMYqIoRkwmSwAOtmlte3incL don@loki"
];
openssh.authorizedKeys.keys = [config.sops.secrets."users/don_sshauth".path];
};
};
};
zramSwap = {
enable = true;
memoryPercent = 25;
memoryMax = 2147483648;
};
# Allow unfree packages
nixpkgs = {
config = {
@ -274,6 +311,7 @@ in {
environment.systemPackages = with pkgs; [
python-with-my-packages
acpi
age
aspell
aspellDicts.en
base16-schemes
@ -364,7 +402,7 @@ in {
from = "don@donharper.org";
host = "smtp.smtp2go.com";
user = "donharper.org";
passwordeval = "cat /home/don/.smtp_password.txt";
passwordeval = "cat ${config.sops.secrets."smtp/smtp_password".path}";
};
};
};

19
hosts/workstation/ollama.nix Normal file
View file

@ -0,0 +1,19 @@
{
pkgs,
lib,
config,
...
}:
with lib; let
cfg = config.ollama;
in {
options.ollama = {enable = mkEnableOption "is ollama host";};
config = mkIf cfg.enable {
services.ollama = {
enable = true;
package = pkgs.ollama-rocm;
# Optional: preload models, see https://ollama.com/library
loadModels = ["qwen2.5-coder:1.5b"];
};
};
}

BIN
hosts/workstation/tailscale.nix
View file

Binary file not shown.

11
hosts/www2/default.nix
View file

@ -1,4 +1,11 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
imports = [ ./hardware-configuration.nix ../../server ];
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [inputs.sops-nix.nixosModules.sops ./hardware-configuration.nix ../../server];
networking.hostName = "www2";
}

29
secrets.yaml Normal file
View file

@ -0,0 +1,29 @@
#ENC[AES256_GCM,data:ZNxS2TSn,iv:29wdug8DNsqXK9gi3+HNSW1eeJGTcMtvccH2nFLk1DY=,tag:S3qAU5HB8Y5595dA6ItCmQ==,type:comment]
users:
root_password: ENC[AES256_GCM,data:c38DypOUaA==,iv:wwpjTEgTBMy3J7PzKnLO9IbLnq9HOMgQG/EQD+07U38=,tag:J/U8ddG2gqtRLUADWiJ8Bw==,type:str]
root_sshauth: ENC[AES256_GCM,data:1z7lTmMn2QB177S2re4+BIoiQ7XAmx9zKscUlUQKywQLqLDQJdvWJ0PvcKNfi0dyCJf5lWG3V3aZhGvIKMUizrZ0JMIZfRStbbLZKSnh0xsSvBdxo4NSd/k=,iv:iXnrcRN7l0uBboJsx/N1uCPkyqPWwbiR3Cp1RJVCVBU=,tag:h1rKlReNxKJ8uBTWVRAPgA==,type:str]
don_password: ENC[AES256_GCM,data:m9Jf4fvpSg==,iv:Z40H6ZSqjRFwvBdak22ijX0s4NVIjqbT1qfRkFnmp6c=,tag:K41k1JQUavKSZ47MkqF6PQ==,type:str]
don_sshauth: ENC[AES256_GCM,data:a7m3lzi9cRMfjSTZAUV6BUmSjcJcTTAex5vFmfC/narajIpmeo2So52cJKV9YYOgKaOCXEmMuokH8kXXZ9QL0zx5HhaCWSxCbsqh+wHEFiRdQFxBn1YLzM4=,iv:x2n+KQjbpReHIZDRnlNUd5HIHfowrnMD0dD4FxdDos8=,tag:PwzOCm3YjF/EiEStFpBGtg==,type:str]
vicky_password: ENC[AES256_GCM,data:KrTs/5d2,iv:ykzA5NMzD6EZJKLpFdgYm0E8/l+K8C96qsUJVm9qovY=,tag:xFzOmny25ytR/64SX0TPyA==,type:str]
vicky_sshauth: ENC[AES256_GCM,data:jFedFDYzaHtHOjKTc3iei3+dw3gpm9mZLncye9henZfx/fK1cbaH6SugnvsEZTtOEt7cjWkBhAKzRxCemhp0WENa2w9cQXrMtnzniIz4k7NsPkKWdBy+n34=,iv:cRPy89hstypZ5RhTlI2dQ28DIsCv9qjGglRdau5A53M=,tag:QosA7AeYaX8Su6wOX7XTVg==,type:str]
#ENC[AES256_GCM,data:wPhrf7k=,iv:2HQ4jzpjasLF1gZCfVCGv30xajhBUzhAXsi9s5Cy9JM=,tag:aCM86v27N+TAGVrxbuO5tg==,type:comment]
smtp:
smtp_password: ENC[AES256_GCM,data:YP3NqVQjuWPyCuTgmxBwSw==,iv:1eyDvHplyh9pKfdY795ndJzzl1LLFudYZB2eqkjYmlw=,tag:Jvb9escI5pNorDmIiXuFrw==,type:str]
#ENC[AES256_GCM,data:SFZglQQ16U0jDBTmBuxHH2TGFRt9rOxZTzc=,iv:MnzSRM4bte5WACvlTDSVTqFTBJMFFv8l8e7p1lu/bZE=,tag:v6JKaBu6dl+1jrK0VmpPBg==,type:comment]
tailscale:
ts_api: ENC[AES256_GCM,data:mchei6FdVpcn7A2m/1D/e7RbZ8YLdte2lZ1b8M1e6C5NqzzDzRSNS7Wne2bm7szPe6nzeDGVZZ/jp5WR26M=,iv:/DZsAk+W+Ev+ZS7XNvLbNXCARL9YjUgvrae5bUppWBY=,tag:Uj8FT/gCpO4XmMRDykz8ZA==,type:str]
sops:
age:
- recipient: age16a4ywf6pycs9l8rn7y34c6y8pqfz9utmwwkr70d0hapknkzdaafsesn0ff
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvWkF2Q21TTW9NTE9EVXFI
NlI4Y1pZdWZaUkNDQUZxR0lzS1k5ZTZSb2xvCk9jVE9KQytFQXlZdWZXWGgrM3ZV
dnd2TlZlMDV6RlF6RitTeE9BWnJERzgKLS0tIEdKT0xHaDFpMlR1YmJCRkdnaDBp
em9ZMDljK2tXVnVDN1Q2UnYrZWVwblEKE/z1PQsld/r4AEWFyUgt6zNf7QfcLNYh
Btn5qGBPYizmYzAwleNOq5PDINUAlfT9fTfU6QBdRYkarbVjqDV6Pg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-13T20:50:08Z"
mac: ENC[AES256_GCM,data:+pKY3n9B2nJCYuaGKD9abxQPS2sWALStnQLmbR1UVsIbimDmTaqh6bVbyAaY08MGi7s8oEejaixbeR3fyRUO1Unx23Xu89vHg7x+XQMfty3/AnGCROjFmMv2/1WAONi8U9cNKwTVnLfABse0nO8y7X2Bk/KXfaxG+Wcd2y5K8Nw=,iv:E2bY/lV23VEM72DTLAwD9qVACWRk01nbUc6KHda9Sn8=,tag:KdI2sS4EPbp85LoY1lcygQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0