commit 3b06ef4418b4edafac0d147bc94ffc63e949c25e Author: Husky Date: Wed Dec 31 12:01:37 2025 +0100 first commit diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..525f408 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,11 @@ +root = true + +[*] +end_of_line = lf +insert_final_newline = true +charset = utf-8 +trim_trailing_whitespace = true + +[*.nix] +ident_style = space +ident_size = 2 diff --git a/deploy.sh b/deploy.sh new file mode 100755 index 0000000..5826add --- /dev/null +++ b/deploy.sh @@ -0,0 +1,13 @@ +hosts="$1" +shift + +if [ -z "$hosts" ]; then + echo "No hosts to deploy" + exit 2 +fi + +for host in ${hosts//,/ }; do + nixos-rebuild build-vm --flake .\#$host --use-remote-sudo --use-substitutes $@ + + #nixos-rebuild build-vm --flake .\#$host --target-host $host --use-remote-sudo --use-substitutes $@ +done diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..00b2c35 --- /dev/null +++ b/flake.lock @@ -0,0 +1,118 @@ +{ + "nodes": { + "hardware": { + "locked": { + "lastModified": 1767070591, + "narHash": "sha256-b0aM3221Pw6vbACFqZrVzZjMNqXVPi1dvgLr8QTbajc=", + "owner": "nixos", + "repo": "nixos-hardware", + "rev": "9b3c38bf6c260d0e88154ef07fa833fa845bfd14", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixos-hardware", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1767104570, + "narHash": "sha256-GKgwu5//R+cLdKysZjGqvUEEOGXXLdt93sNXeb2M/Lk=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "e4e78a2cbeaddd07ab7238971b16468cc1d14daf", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1766902085, + "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1766885793, + "narHash": "sha256-P6RVkrM9JLCW6xBjSwHfgTOQ1JwBUma5xe5LI8xAPC0=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "9ef261221d1e72399f2036786498d78c38185c46", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "hardware": "hardware", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "nixpkgs-stable": "nixpkgs-stable", + "sops-nix": "sops-nix", + "systems": "systems" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1766894905, + "narHash": "sha256-pn8AxxfajqyR/Dmr1wnZYdUXHgM3u6z9x0Z1Ijmz2UQ=", + "owner": "mic92", + "repo": "sops-nix", + "rev": "61b39c7b657081c2adc91b75dd3ad8a91d6f07a7", + "type": "github" + }, + "original": { + "owner": "mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..ff575fa --- /dev/null +++ b/flake.nix @@ -0,0 +1,72 @@ +{ + description = "Meine NixOS configuration"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11"; + systems.url = "github:nix-systems/default-linux"; + + hardware.url = "github:nixos/nixos-hardware"; + + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + sops-nix = { + url = "github:mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { + self, + nixpkgs, + home-manager, + systems, + ... + } @ inputs : let + inherit (self) outputs; + lib = nixpkgs.lib // home-manager.lib; + forEachSystem = f: lib.genAttrs (import systems) (system: f pkgsFor.${system}); + pkgsFor = lib.genAttrs (import systems) ( + system: + import nixpkgs { + inherit system; + config.allowUnfree = true; + } + ); + in { + inherit lib; + + nixosModules = import ./modules/nixos; + #homeManagerModules = import ./modules/home-manager; + + #overlays = import ./overlays {inherit inputs outputs;}; + hydraJobs = import ./hydra.nix {inherit inputs outputs;}; + + packages = forEachSystem (pkgs: import ./pkgs {inherit pkgs;}); + devShells = forEachSystem (pkgs: import ./shell.nix {inherit pkgs;}); + formatter = forEachSystem (pkgs: pkgs.alejandra); + + nixosConfigurations = { + raidy = lib.nixosSystem { + modules = [./hosts/raidy]; + specialArgs = { + inherit inputs outputs; + }; + }; + }; + + homeConfigurations = { + "dwessels@electra" = lib.homeManagerConfiguration { + modules = [ ./home/dwessels/electra.nix ]; # ./home/dwessels/nixpkgs.nix ]; + pkgs = pkgsFor.x86_64-linux; + extraSpecialArgs = { + inherit inputs outputs; + }; + }; + }; + + }; +} diff --git a/home/dwessels/electra.nix b/home/dwessels/electra.nix new file mode 100644 index 0000000..d19629b --- /dev/null +++ b/home/dwessels/electra.nix @@ -0,0 +1,12 @@ +{pkgs, lib, inputs, ...}: { + imports = [ + ./global + ]; + home.persistence = lib.mkForce {}; + home.username = "dwessels"; + home.packages = [ + pkgs.juju + pkgs.sshuttle + ]; + +} diff --git a/home/dwessels/raidy.nix b/home/dwessels/raidy.nix new file mode 100644 index 0000000..b80ef55 --- /dev/null +++ b/home/dwessels/raidy.nix @@ -0,0 +1,3 @@ +{pkgs, ...}: { + +} diff --git a/hosts/common/global/default.nix b/hosts/common/global/default.nix new file mode 100644 index 0000000..8660510 --- /dev/null +++ b/hosts/common/global/default.nix @@ -0,0 +1,7 @@ +{ + inputs, + outputs, + ... +}: { + +} diff --git a/hosts/common/users/dwessels/default.nix b/hosts/common/users/dwessels/default.nix new file mode 100644 index 0000000..367978b --- /dev/null +++ b/hosts/common/users/dwessels/default.nix @@ -0,0 +1,41 @@ +{ + pkgs, + config, + lib, + ... +}: let + ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; +in { + users.mutableUsers = false; + users.users.dwessels = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = ifTheyExist [ + "audio" + "deluge" + "docker" + "git" + "i2c" + "libvirtd" + "mysql" + "network" + "plugdev" + "video" + "wheel" + "wireshark" + ]; + hashedPasswordFile = config.sops.secrets.dwessels-password.path; + }; + + sops.secrets.dwessels-password = { + sopsFile = ../../secrets.yaml; + neededForUsers = true; + }; + + home-manager.users.dwessels = import ../../../../home/dwessels/${config.networking.hostName}.nix; + + security.pam.services = { + swaylock = {}; + hyprlock = {}; + }; +} diff --git a/hosts/common/users/secrets.yaml b/hosts/common/users/secrets.yaml new file mode 100644 index 0000000..ba2a915 --- /dev/null +++ b/hosts/common/users/secrets.yaml @@ -0,0 +1,17 @@ +dwessels-password: ENC[AES256_GCM,data:5FIfaQxiCOWT/uaf,iv:KyYcbVYyzC6lj4B4SOKtAgLLDIuB1HPbszBf654USSc=,tag:ndZ6BWqMAWeGv/y+htLizw==,type:str] +sops: + age: + - recipient: age1yubikey1qvztykl49tq9njv2qhaqs9lm43mpfjkrgjlddhyp9tu6mgngxzg8v7v9rql + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDgwUnBpQSBBN0JXQW5Q + bzhUUjNtdmp6MUFjcG1UMlBaa2RNUDlYalJpOEdxNUhjQ3FHNQpEWE1idHp6ZFc1 + VmdGUFRHNmZ5VHhyRzRHOCt0dmZMeEUyb1A4OE9yWm5nCi0tLSBhaU80aEJMZWxE + dkd5cnNYb3VNUFM0aGE3cUdsZDFORTNha2Z3UTZ6dWlFChMForXFy2Z0vq/ba0Fb + vlWRL14GHg2LinIyS1+2z8KwYfEp2mkIhg1y8/j+uraqFH2HQEM/3TOzTg9D/7Dw + JoQ= + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-12-30T23:40:22Z" + mac: ENC[AES256_GCM,data:4czv8j8VZ7WsU1cpULCgZDazoeI5f9vtrK8fuP2Y4y/H1HG1iRPq8TsEvB7Y5xIdXc8ZF9ff6r30KaNgt0IYBrPNoEZhsymiF7nsck43uPE51Utlhk/T1epJ7uvPYnLppSIGq6Gtzm2rlgiTGpM+H3KAC/0x+1bfz5WGcdSnr1w=,iv:liApOUtDkGBc3ct5A6k9EDafzODQxBzW7x1dREtGJJU=,tag:jPgQ+15821z5ENLS7ruljw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/hosts/raidy/default.nix b/hosts/raidy/default.nix new file mode 100644 index 0000000..ac8fe98 --- /dev/null +++ b/hosts/raidy/default.nix @@ -0,0 +1,20 @@ +{ + pkgs, + inputs, + ... +}: { + imports = [ + ./hardware-configuration.nix + ../common/global + ../common/users/dwessels + + ]; + + networking = { + hostName = "raidy"; + useDHCP = true; + }; + + system.stateVersion = "22.11"; + +} diff --git a/hosts/raidy/hardware-configuration.nix b/hosts/raidy/hardware-configuration.nix new file mode 100644 index 0000000..e7b79a5 --- /dev/null +++ b/hosts/raidy/hardware-configuration.nix @@ -0,0 +1,40 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci_renesas" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/3b9e8881-eaf3-4d32-955c-f8f2d1ac1a17"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/9246-7480"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wwan0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/https:⁄⁄github.com⁄Misterio77⁄nix-starter-configs.desktop b/https:⁄⁄github.com⁄Misterio77⁄nix-starter-configs.desktop new file mode 100644 index 0000000..97f6067 --- /dev/null +++ b/https:⁄⁄github.com⁄Misterio77⁄nix-starter-configs.desktop @@ -0,0 +1,5 @@ +[Desktop Entry] +Icon=text-html +Name=https://github.com/Misterio77/nix-starter-configs +Type=Link +URL[$e]=https://github.com/Misterio77/nix-starter-configs diff --git a/hydra.nix b/hydra.nix new file mode 100644 index 0000000..99f769f --- /dev/null +++ b/hydra.nix @@ -0,0 +1,20 @@ +{ + inputs, + outputs, +}: let + inherit (inputs.nixpkgs) lib; + + notBroken = pkg: !(pkg.meta.broken or false); + isDistributable = pkg: (pkg.meta.license or {redistributable = true;}=.redistributable; + hasPlatform = sys: pkg: lib.elem sys (pkg.meta.platforms or [sys]); + filterValidPkgs = sys: pkgs: + lib.filterAttrs(_: pkg: + lib.isDerivation pkg + && hasPlatform sys pkg + && notBroken pkg + && isDistributable pkg) + pkgs; +in { + pkgs = lib.mapAttrs filterValidPkgs outputs.packages; + hosts = lib.mapAttrs (_: cfg: cfg.config.system.build.toplevel) outputs.nixosConfigurations; + homes = lib.mapAttrs (_: cfg: cfg.activationPackage) outputs.homeConfigurations; diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..0db3279 --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,3 @@ +{ + +} diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 0000000..8efa897 --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,3 @@ +{pkgs ? import {}, ...}: rec { + +} diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..152fced --- /dev/null +++ b/shell.nix @@ -0,0 +1,15 @@ +{pkgs ? import {}, ...}: { + default = pkgs.mkShell { + NIX_CONFIG = "extra-experimental-features = nix-command flakes ca-derivations"; + nativeBuildInputs = with pkgs; [ + nix + home-manager + git + + sops + ssh-to-age + gnupg + age + ]; + }; +}