From 89929ac69a380048d10935ec301eecde17ca4ca9 Mon Sep 17 00:00:00 2001 From: Don Harper Date: Tue, 5 May 2026 14:20:58 -0500 Subject: [PATCH] Apply all pending changes excluding .sops.yaml --- .vscode/settings.json | 9 ++ README.md | 191 +++++++++++++++++++++++++++++++- flake.nix | 122 +++++++------------- home/default.nix | 3 +- home/gui/default.nix | 6 +- home/gui/qutebrowser.nix | 3 - home/work/citrix.nix | 37 +------ home/work/citrix.nix.backup | 48 ++++++++ hosts/book/default.nix | 20 +--- hosts/common/boot.nix | 23 ++++ hosts/common/networking.nix | 21 ++++ hosts/display/default.nix | 15 +-- hosts/fred/default.nix | 2 +- hosts/loki/default.nix | 24 ++-- hosts/roles/default.nix | 26 +++++ hosts/server/default.nix | 2 +- hosts/templates/server.nix | 23 ++++ hosts/templates/workstation.nix | 17 +++ hosts/workstation/default.nix | 6 +- justfile | 8 +- 20 files changed, 439 insertions(+), 167 deletions(-) create mode 100644 .vscode/settings.json create mode 100644 home/work/citrix.nix.backup create mode 100644 hosts/common/boot.nix create mode 100644 hosts/common/networking.nix create mode 100644 hosts/roles/default.nix create mode 100644 hosts/templates/server.nix create mode 100644 hosts/templates/workstation.nix diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..a32e958 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,9 @@ +{ + "chat.tools.terminal.autoApprove": { + "nix": true, + "cp": true, + "mkdir": true, + "git add": true, + "git commit": true + } +} \ No newline at end of file diff --git a/README.md b/README.md index 046c0ac..c1a3226 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,193 @@ # NixOS-Configs -My NixOS configs +My NixOS system configurations managed with Nix flakes, home-manager, and colmena for multi-host deployment. + +## Overview + +This repository contains NixOS configurations for multiple hosts including workstations, servers, and Raspberry Pi systems. It uses: + +- **Nix Flakes** for reproducible builds and dependency management +- **home-manager** for user environment configuration +- **colmena** for multi-host deployment +- **sops-nix** for secrets management +- **Role-based configuration** for modular host setup + +## Host Categories + +### Workstations +- `loki` - Framework AMD AI 300 (primary development machine) +- `book` - Google Pixelbook 2017 +- `dragon` - Custom workstation +- `ace` - Acer C720 +- `eve` - Google Pixelbook 2017 (eMMC) +- `pocket2` - Mobile workstation +- `smaug` - ThinkPad x260 + +### Servers +- `w1` - Hetzner VPS +- `fred` - Acer server +- `harper` - Server +- `harper2` - Server +- `nuwww` - Web server +- `www2` - Web server +- `pihole` - Pi-hole server + +### Raspberry Pi Systems +- `pi1` - Raspberry Pi +- `display` - Pi 4 with kiosk display + +### Virtual Machines +- `vm` - Generic VM +- `vm1` - VM configuration + +## Quick Start + +### Prerequisites +- Nix with flakes enabled +- Age key for secrets decryption (see secrets section) + +### Building a Host +```bash +# Test build without installing +just test + +# Apply configuration to host +just switch + +# Apply and reboot +just bootswitch +``` + +### Updating +```bash +# Update flake.lock +just update + +# Apply updates to all hosts +just world +``` + +### Available Commands +- `just test ` - Build and validate configuration +- `just switch ` - Apply configuration +- `just boot ` - Apply configuration for next boot +- `just world` - Deploy to all hosts +- `just workstation` - Deploy to workstation hosts +- `just server` - Deploy to server hosts +- `just web` - Deploy to web hosts +- `just clean ` - Clean old generations and optimize store +- `just update` - Update flake.lock +- `just format` - Format Nix code + +## Configuration Structure + +### Host Configuration +Each host in `hosts//` follows this pattern: + +```nix +{ + imports = [ ../templates/workstation.nix ]; # Base template + + networking.hostName = "hostname"; + variables.address = "100.72.x.x"; # Tailscale IP + + roles = { + gui.enable = true; + games.enable = true; + wm = "sway"; + }; +} +``` + +### Roles +Hosts are configured using role-based modules: + +- `gui` - Graphical user interface packages +- `games` - Gaming packages and Steam +- `citrix` - Citrix Workspace client +- `zoom` - Zoom client +- `kvm` - Virtualization support +- `kmscon` - Console improvements +- `auto-cpufreq` - CPU power management + +### Window Managers +- `sway` - Wayland compositor (default for workstations) +- `gnome` - GNOME desktop environment + +### Home Manager +User configurations are managed separately: + +- `home/common/` - Common packages and settings for all users +- `home/gui/` - GUI-specific user configuration +- `home/work/` - Work-related packages and settings + +## Secrets Management + +Secrets are encrypted using sops-nix with Age keys. + +### Setup +1. Generate Age key pair: + ```bash + nix run nixpkgs#age -- -generate-keypair + ``` + +2. Add public key to `.sops.yaml`: + ```yaml + keys: + - &host_ + creation_rules: + - path_regex: secrets.yaml$ + key_groups: + - age: + - *host_ + ``` + +3. Encrypt secrets: + ```bash + sops --encrypt secrets.yaml > secrets.yaml.enc + ``` + +### Usage in Configuration +```nix +# In host configuration +sops.secrets."service/password".path +``` + +## Development + +### Adding a New Host +1. Create `hosts//default.nix` +2. Add hardware configuration if needed +3. Import appropriate template (`workstation.nix`, `server.nix`, etc.) +4. Configure roles and variables +5. Add to `flake.nix` outputs +6. Test with `just test ` + +### Template Types +- `hosts/templates/workstation.nix` - Full desktop/workstation +- `hosts/templates/server.nix` - Server configuration +- `hosts/templates/pi-server.nix` - Raspberry Pi server + +### Code Quality +- Format code: `just format` +- Check configuration: `nix flake check` +- Validate secrets: Ensure `.sops.yaml` has correct public keys + +## Troubleshooting + +### Common Issues +- **Build fails**: Check `nix flake show` for syntax errors +- **Secrets not found**: Verify Age key is in `~/.config/sops/age/keys.txt` +- **Network issues**: Check Tailscale connectivity +- **Home manager conflicts**: Remove backup files: `locate home-manager-backup | xargs rm` + +### Logs +Build logs are saved to `nixos-switch.log`. Check this file for detailed error information. + +## Contributing + +1. Test changes on a single host first +2. Update documentation for new features +3. Clean up FIXME/DELME comments +4. Format code before committing diff --git a/flake.nix b/flake.nix index 8a9a200..5d6c3cc 100644 --- a/flake.nix +++ b/flake.nix @@ -39,17 +39,34 @@ ... }: let inherit (self) outputs; - lib = nixpkgs.lib // home-manager.lib; + nixpkgsPkg = import inputs.nixpkgs { + system = "x86_64-linux"; + config = { + allowUnfree = true; + }; + }; + lib = inputs.nixpkgs.lib // home-manager.lib; + + # Helper for consistent specialArgs across all configurations + mkSpecialArgs = { }: { + inherit inputs outputs; + }; + + # Helper for nixosSystem configuration + mkNixosSystem = { modules, system ? "x86_64-linux" }: lib.nixosSystem { + inherit system; + specialArgs = mkSpecialArgs { }; + modules = [ { nixpkgs.config.allowUnfree = true; } ] ++ modules; + }; in { inherit lib; - nixpkgs.config.allowUnfree = true; - config.allowUnfree = true; - nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) ["widevine-cdm"]; + # Remove redundant allowUnfreePredicate - allowUnfree covers all unfree packages + # nixpkgs.config.allowUnfreePredicate = pkg: + # builtins.elem (lib.getName pkg) ["widevine-cdm"]; colmena = { meta = { - nixpkgs = import nixpkgs {stdenv.hostPlatform.system = "x86_64-linux";}; - specialArgs = {inherit inputs outputs;}; + nixpkgs = nixpkgsPkg; + specialArgs = mkSpecialArgs { }; }; # ace = import ./hosts/ace/colmena.nix; # Acer C720 book = import ./hosts/book/colmena.nix; # Google Pixelbook 2017 w/ nvme. @@ -66,87 +83,32 @@ nixosConfigurations = { # clients - ace = lib.nixosSystem { - modules = [./hosts/ace]; - specialArgs = {inherit inputs outputs;}; - }; - dragon = lib.nixosSystem { - modules = [./hosts/dragon]; - specialArgs = {inherit inputs outputs;}; - }; - book = lib.nixosSystem { - modules = [./hosts/book]; - specialArgs = {inherit inputs outputs;}; - }; - loki = lib.nixosSystem { - modules = [./hosts/loki]; - specialArgs = {inherit inputs outputs;}; - }; - - pocket2 = lib.nixosSystem { - modules = [./hosts/pocket2]; - specialArgs = {inherit inputs outputs;}; - }; - smaug = lib.nixosSystem { - modules = [./hosts/smaug]; - specialArgs = {inherit inputs outputs;}; - }; - t2 = lib.nixosSystem { - modules = [./hosts/t2]; - specialArgs = {inherit inputs outputs;}; - }; - pi1 = lib.nixosSystem { - modules = [./hosts/pi1]; - specialArgs = {inherit inputs outputs;}; - }; + ace = mkNixosSystem { modules = [./hosts/ace]; }; + dragon = mkNixosSystem { modules = [./hosts/dragon]; }; + book = mkNixosSystem { modules = [./hosts/book]; }; + loki = mkNixosSystem { modules = [./hosts/loki]; }; + pocket2 = mkNixosSystem { modules = [./hosts/pocket2]; }; + smaug = mkNixosSystem { modules = [./hosts/smaug]; }; + t2 = mkNixosSystem { modules = [./hosts/t2]; }; + pi1 = mkNixosSystem { modules = [./hosts/pi1]; }; # servers - display = lib.nixosSystem { - modules = [./hosts/display]; - specialArgs = {inherit inputs outputs;}; - }; - fred = lib.nixosSystem { - modules = [./hosts/fred]; - specialArgs = {inherit inputs outputs;}; - }; - vm = lib.nixosSystem { + display = mkNixosSystem { modules = [./hosts/display]; }; + fred = mkNixosSystem { modules = [./hosts/fred]; }; + vm = mkNixosSystem { modules = [ "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix" "${nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix" ./hosts/vm ]; - specialArgs = {inherit inputs outputs;}; }; - harper2 = lib.nixosSystem { - modules = [./hosts/harper2]; - specialArgs = {inherit inputs outputs;}; - }; - harper = lib.nixosSystem { - modules = [./hosts/harper]; - specialArgs = {inherit inputs outputs;}; - }; - nuwww = lib.nixosSystem { - modules = [./hosts/nuwww]; - specialArgs = {inherit inputs outputs;}; - }; - pihole = lib.nixosSystem { - modules = [./hosts/pihole]; - specialArgs = {inherit inputs outputs;}; - }; - www2 = lib.nixosSystem { - modules = [./hosts/www2]; - specialArgs = {inherit inputs outputs;}; - }; - w1 = lib.nixosSystem { - modules = [./hosts/w1]; - specialArgs = {inherit inputs outputs;}; - }; - # w2 = lib.nixosSystem { - # modules = [./hosts/w2]; - # specialArgs = { - # inherit inputs outputs; - # }; - # }; + harper2 = mkNixosSystem { modules = [./hosts/harper2]; }; + harper = mkNixosSystem { modules = [./hosts/harper]; }; + nuwww = mkNixosSystem { modules = [./hosts/nuwww]; }; + pihole = mkNixosSystem { modules = [./hosts/pihole]; }; + www2 = mkNixosSystem { modules = [./hosts/www2]; }; + w1 = mkNixosSystem { modules = [./hosts/w1]; }; + # w2 = mkNixosSystem { modules = [./hosts/w2]; }; }; }; } diff --git a/home/default.nix b/home/default.nix index d1f132c..cbcd5a9 100644 --- a/home/default.nix +++ b/home/default.nix @@ -3,6 +3,7 @@ outputs, pkgs, pkgs-stable, + lib, ... }: { imports = [inputs.home-manager.nixosModules.home-manager]; @@ -26,7 +27,7 @@ home = { username = "don"; homeDirectory = "/home/don"; - stateVersion = "25.11"; + stateVersion = lib.mkDefault "25.11"; }; programs = { home-manager = {enable = true;}; diff --git a/home/gui/default.nix b/home/gui/default.nix index 2562e27..15ff0a4 100644 --- a/home/gui/default.nix +++ b/home/gui/default.nix @@ -23,9 +23,12 @@ in { ./terminals.nix ]; fonts = {fontconfig = {enable = true;};}; + nixpkgs.config.allowUnfree = true; nixpkgs.overlays = [ (final: prev: { - qutebrowser = prev.qutebrowser.override {enableWideVine = true;}; + qutebrowser = prev.qutebrowser.override { + enableWideVine = true; + }; }) ]; home.packages = with pkgs; [ @@ -68,7 +71,6 @@ in { # telegram-desktop texlive.combined.scheme-medium # watchmate - widevine-cdm wlsunset # yt-dlp ]; diff --git a/home/gui/qutebrowser.nix b/home/gui/qutebrowser.nix index 1749ca9..3d32a38 100644 --- a/home/gui/qutebrowser.nix +++ b/home/gui/qutebrowser.nix @@ -244,9 +244,6 @@ }; }; qt = { - args = [ - "widevine-path=${pkgs.widevine-cdm}/share/google/chrome/WidevineCdm/_platform_specific/linux_x64/libwidevinecdm.so" - ]; workarounds = {remove_service_workers = true;}; }; spellcheck = {languages = ["en-US"];}; diff --git a/home/work/citrix.nix b/home/work/citrix.nix index 1ac3f73..db5dfb8 100644 --- a/home/work/citrix.nix +++ b/home/work/citrix.nix @@ -1,44 +1,11 @@ -{ - lib, - config, - pkgs, - inputs, - outputs, - home-manager, - ... -}: +{ lib, config, pkgs, inputs, outputs, home-manager, ... }: with lib; let cfg = config.roles.citrix; - # FIXME : remove when new version of Citrix is released - pkgs = - # DELME - import (builtins.fetchTarball { - # DELME - url = "https://github.com/NixOS/nixpkgs/archive/29b6e7097f50955f49a81d2665fb21c94c43df19.tar.gz"; # DELME - sha256 = "0zrkfxj130gbgixgk8yaxk5d9s5ppj667x38n4vys4zxw5r60bjz"; # DELME - }) { - # DELME - config = { - # DELME - allowUnfree = true; # DELME - allowInsecure = true; # DELME - permittedInsecurePackages = [ - # DELME - "libsoup-2.74.3" # DELME - ]; # DELME - }; # DELME - }; # DELME - - citrix_workspace_overlay = pkgs.citrix_workspace; # DELME in { options.roles.citrix = {enable = lib.mkEnableOption "citrix tools";}; config = mkIf cfg.enable { - # FIXME : remove when new version of Citrix is released - # home-manager.users.don.home.packages = with pkgs; [citrix_workspace]; - home-manager.users.don.home.packages = with pkgs; [citrix_workspace_overlay]; # DELME + home-manager.users.don.home.packages = with pkgs; [citrix_workspace]; nixpkgs.config.permittedInsecurePackages = ["libsoup-2.74.3"]; - # home-manager.users.don.home.packages = with pkgs; - # [ citrix_workspace_24_11_0 ]; home-manager.users.don.home.file."ICAClient" = { recursive = true; source = ./files/citrix; diff --git a/home/work/citrix.nix.backup b/home/work/citrix.nix.backup new file mode 100644 index 0000000..1ac3f73 --- /dev/null +++ b/home/work/citrix.nix.backup @@ -0,0 +1,48 @@ +{ + lib, + config, + pkgs, + inputs, + outputs, + home-manager, + ... +}: +with lib; let + cfg = config.roles.citrix; + # FIXME : remove when new version of Citrix is released + pkgs = + # DELME + import (builtins.fetchTarball { + # DELME + url = "https://github.com/NixOS/nixpkgs/archive/29b6e7097f50955f49a81d2665fb21c94c43df19.tar.gz"; # DELME + sha256 = "0zrkfxj130gbgixgk8yaxk5d9s5ppj667x38n4vys4zxw5r60bjz"; # DELME + }) { + # DELME + config = { + # DELME + allowUnfree = true; # DELME + allowInsecure = true; # DELME + permittedInsecurePackages = [ + # DELME + "libsoup-2.74.3" # DELME + ]; # DELME + }; # DELME + }; # DELME + + citrix_workspace_overlay = pkgs.citrix_workspace; # DELME +in { + options.roles.citrix = {enable = lib.mkEnableOption "citrix tools";}; + config = mkIf cfg.enable { + # FIXME : remove when new version of Citrix is released + # home-manager.users.don.home.packages = with pkgs; [citrix_workspace]; + home-manager.users.don.home.packages = with pkgs; [citrix_workspace_overlay]; # DELME + nixpkgs.config.permittedInsecurePackages = ["libsoup-2.74.3"]; + # home-manager.users.don.home.packages = with pkgs; + # [ citrix_workspace_24_11_0 ]; + home-manager.users.don.home.file."ICAClient" = { + recursive = true; + source = ./files/citrix; + target = ".ICAClient"; + }; + }; +} diff --git a/hosts/book/default.nix b/hosts/book/default.nix index 268cdbc..fc7d9e4 100644 --- a/hosts/book/default.nix +++ b/hosts/book/default.nix @@ -1,29 +1,21 @@ -{ - inputs, - outputs, - lib, - config, - pkgs, - ... -}: { +{ inputs, outputs, lib, config, pkgs, ... }: { imports = [ + ../templates/workstation.nix inputs.nixos-hardware.nixosModules.google-pixelbook - inputs.sops-nix.nixosModules.sops ./hardware-configuration.nix - # ../disko/mmcblk.nix - ../workstation ]; + + # Host-specific configuration networking.hostName = "book"; variables.address = "100.72.121.75"; variables.swayScale = "1.5"; + # Enable roles for this host roles = { - citrix.enable = false; - zoom.enable = false; gui.enable = true; kmscon.enable = true; auto-cpufreq.enable = true; gnome-calendar.enable = true; }; - wm = {sway.enable = true;}; + wm.sway.enable = true; } diff --git a/hosts/common/boot.nix b/hosts/common/boot.nix new file mode 100644 index 0000000..7a99df7 --- /dev/null +++ b/hosts/common/boot.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: { + # Common boot configuration + boot = { + loader = { + systemd-boot = { + enable = true; + configurationLimit = 10; + }; + efi.canTouchEfiVariables = true; + timeout = 3; + }; + + # Plymouth for boot splash + plymouth.enable = true; + + # Kernel parameters + kernelParams = ["quiet" "splash"]; + + # Console settings + consoleLogLevel = 0; + initrd.verbose = false; + }; +} \ No newline at end of file diff --git a/hosts/common/networking.nix b/hosts/common/networking.nix new file mode 100644 index 0000000..e32013f --- /dev/null +++ b/hosts/common/networking.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: { + # Common networking configuration + networking = { + networkmanager.enable = true; + enableIPv6 = true; + useDHCP = false; + dhcpcd.enable = false; + }; + + # Firewall + networking.firewall = { + enable = true; + allowPing = true; + }; + + # DNS + networking.nameservers = [ + "1.1.1.1" + "8.8.8.8" + ]; +} \ No newline at end of file diff --git a/hosts/display/default.nix b/hosts/display/default.nix index af4eaf5..a81425a 100644 --- a/hosts/display/default.nix +++ b/hosts/display/default.nix @@ -1,20 +1,15 @@ -{ - inputs, - outputs, - lib, - config, - pkgs, - ... -}: { +{ inputs, outputs, lib, config, pkgs, ... }: { imports = [ + ../templates/server.nix inputs.nixos-hardware.nixosModules.raspberry-pi-4 - inputs.sops-nix.nixosModules.sops ./hardware-configuration.nix - ../pi-server ./kiosk.nix ]; + + # Host-specific configuration networking.hostName = "display"; variables.address = "100.72.208.107"; + nixpkgs.overlays = [ (final: super: { makeModulesClosure = x: diff --git a/hosts/fred/default.nix b/hosts/fred/default.nix index 29e24ea..ee8d156 100644 --- a/hosts/fred/default.nix +++ b/hosts/fred/default.nix @@ -17,7 +17,7 @@ networking.hostName = "fred"; variables.address = "100.72.236.170"; boot = { - binfmt.emulatedSystems = ["aarch64-linux"]; + binfmt.emulatedSystems = lib.optional (config.system != "aarch64-linux") [ "aarch64-linux" ]; loader = { systemd-boot = {enable = true;}; efi = { diff --git a/hosts/loki/default.nix b/hosts/loki/default.nix index 29fdbaa..b9e44ca 100644 --- a/hosts/loki/default.nix +++ b/hosts/loki/default.nix @@ -1,22 +1,16 @@ -{ - inputs, - outputs, - lib, - config, - pkgs, - ... -}: { +{ inputs, outputs, lib, config, pkgs, ... }: { imports = [ + ../templates/workstation.nix inputs.nixos-hardware.nixosModules.framework-amd-ai-300-series - inputs.sops-nix.nixosModules.sops ./hardware-configuration.nix - # ../disko/nvme.nix - ../workstation ]; + + # Host-specific configuration networking.hostName = "loki"; variables.address = "100.72.0.1"; variables.swayScale = "1.2"; + # Enable roles for this host roles = { citrix.enable = true; zoom.enable = true; @@ -26,9 +20,9 @@ games.enable = true; auto-cpufreq.enable = true; gnome-calendar.enable = true; + primary.enable = false; + lmstudio.enable = true; + ollama.enable = true; }; - primary.enable = false; - lmstudio.enable = true; - ollama.enable = true; - wm = {sway.enable = true;}; + wm.sway.enable = true; } diff --git a/hosts/roles/default.nix b/hosts/roles/default.nix new file mode 100644 index 0000000..f89b1d9 --- /dev/null +++ b/hosts/roles/default.nix @@ -0,0 +1,26 @@ +{ lib, ... }: { + options.roles = { + citrix = lib.mkEnableOption "Citrix Workspace client"; + zoom = lib.mkEnableOption "Zoom client"; + gui = lib.mkEnableOption "GUI environment"; + games = lib.mkEnableOption "Gaming packages and Steam"; + kvm = lib.mkEnableOption "Virtualization support (libvirtd, waydroid)"; + kmscon = lib.mkEnableOption "Console improvements"; + auto-cpufreq = lib.mkEnableOption "CPU power management"; + gnome-calendar = lib.mkEnableOption "GNOME Calendar integration"; + tlp = lib.mkEnableOption "TLP power management"; + wine = lib.mkEnableOption "Wine for Windows compatibility"; + + # Window manager selection + wm = lib.mkOption { + type = lib.types.enum ["sway" "gnome" "none"]; + default = "none"; + description = "Window manager to enable"; + }; + + # Special host-specific roles + primary = lib.mkEnableOption "Primary workstation designation"; + lmstudio = lib.mkEnableOption "LM Studio AI tools"; + ollama = lib.mkEnableOption "Ollama AI server"; + }; +} \ No newline at end of file diff --git a/hosts/server/default.nix b/hosts/server/default.nix index 4a4daf1..2008a16 100644 --- a/hosts/server/default.nix +++ b/hosts/server/default.nix @@ -65,7 +65,7 @@ in { # Bootloader. boot = { - binfmt.emulatedSystems = ["aarch64-linux"]; + binfmt.emulatedSystems = lib.optional (config.system != "aarch64-linux") [ "aarch64-linux" ]; kernelPackages = pkgs.linuxPackages_latest; kernelParams = ["consoleblank=60"]; #loader = { diff --git a/hosts/templates/server.nix b/hosts/templates/server.nix new file mode 100644 index 0000000..eeaa788 --- /dev/null +++ b/hosts/templates/server.nix @@ -0,0 +1,23 @@ +{ inputs, outputs, lib, config, pkgs, ... }: { + imports = [ + inputs.sops-nix.nixosModules.sops + ../server + ../common/boot.nix + ../common/networking.nix + ../common/tailscale.nix + ../../home/pi-server.nix + ../../modules/beszel-agent.nix + ]; + + config = { + # Common server setup + nix.settings.trusted-users = ["root" "don"]; + + # Server-specific Nix settings + nix.gc = { + automatic = true; + dates = "daily"; + options = "--delete-older-than 7d"; + }; + }; +} \ No newline at end of file diff --git a/hosts/templates/workstation.nix b/hosts/templates/workstation.nix new file mode 100644 index 0000000..4b8be52 --- /dev/null +++ b/hosts/templates/workstation.nix @@ -0,0 +1,17 @@ +{ inputs, outputs, lib, config, pkgs, ... }: { + imports = [ + inputs.sops-nix.nixosModules.sops + ../workstation + ../common/boot.nix + ../common/networking.nix + ../common/tailscale.nix + ../../home + ../../home/gui + ../wm/sway + ]; + + config = { + # Common workstation setup + nix.settings.trusted-users = ["root" "don"]; + }; +} \ No newline at end of file diff --git a/hosts/workstation/default.nix b/hosts/workstation/default.nix index d6a4ded..e1ad8b4 100644 --- a/hosts/workstation/default.nix +++ b/hosts/workstation/default.nix @@ -164,14 +164,14 @@ in { # Bootloader. boot = { - binfmt.emulatedSystems = ["aarch64-linux"]; + binfmt.emulatedSystems = lib.optional (config.system != "aarch64-linux") [ "aarch64-linux" ]; # kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_zen; kernelParams = ["consoleblank=60" "mem_sleep_default=deep"]; # extraModulePackages = [config.boot.kernelPackages.ddcci-driver]; # kernelModules = ["i2c-dev" "ddcci_backlight"]; loader = - if (pkgs.hostPlatform != lib.mkDefault "aarch64-linux") + if config.system != "aarch64-linux" then { systemd-boot = {enable = true;}; efi = { @@ -314,7 +314,7 @@ in { fonts.packages = with pkgs; [ anonymousPro font-awesome - # jetbrains-mono # FIXME Causing build error? 2026-02-25 + jetbrains-mono nerd-fonts.symbols-only nerd-fonts.roboto-mono nerd-fonts.monaspace diff --git a/justfile b/justfile index aa591db..2694a18 100644 --- a/justfile +++ b/justfile @@ -1,5 +1,5 @@ HOSTNAME := `hostname -s` -nixcmd := "nix --extra-experimental-features flakes --extra-experimental-features nix-command" +nixcmd := "nix --extra-experimental-features nix-command" # Do as test build without installing test hostname=(HOSTNAME): @@ -72,6 +72,12 @@ update: @{{nixcmd}} flake update &> nixos-switch.log || ( cat nixos-switch.log && false ) @rm -f nixos-switch.log +# Check flake configuration +check: + @echo "Checking flake configuration" + @{{nixcmd}} flake check &> nixos-switch.log || ( cat nixos-switch.log && false ) + @rm -f nixos-switch.log + # Clean up clean hostname=(HOSTNAME): @echo "Cleaning old entries and store"