first commit

2025-12-31 12:01:37 +01:00
commit 3b06ef4418
16 changed files with 400 additions and 0 deletions
--- a/.editorconfig
+++ b/.editorconfig
@@ -0,0 +1,11 @@
 root = true
 [*]
 end_of_line = lf
 insert_final_newline = true
 charset = utf-8
 trim_trailing_whitespace = true
 [*.nix]
 ident_style = space
 ident_size = 2
--- a/deploy.sh
+++ b/deploy.sh
@@ -0,0 +1,13 @@
 hosts="$1"
 shift
 if [ -z "$hosts" ]; then
 	echo "No hosts to deploy"
 	exit 2
 fi
 for host in ${hosts//,/ }; do
 	nixos-rebuild build-vm --flake .\#$host --use-remote-sudo --use-substitutes $@
 	#nixos-rebuild build-vm --flake .\#$host --target-host $host --use-remote-sudo --use-substitutes $@
 done
--- a/flake.lock
+++ b/flake.lock
@@ -0,0 +1,118 @@
 {
  "nodes": {
    "hardware": {
      "locked": {
        "lastModified": 1767070591,
        "narHash": "sha256-b0aM3221Pw6vbACFqZrVzZjMNqXVPi1dvgLr8QTbajc=",
        "owner": "nixos",
        "repo": "nixos-hardware",
        "rev": "9b3c38bf6c260d0e88154ef07fa833fa845bfd14",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "repo": "nixos-hardware",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1767104570,
        "narHash": "sha256-GKgwu5//R+cLdKysZjGqvUEEOGXXLdt93sNXeb2M/Lk=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "e4e78a2cbeaddd07ab7238971b16468cc1d14daf",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1766902085,
        "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-stable": {
      "locked": {
        "lastModified": 1766885793,
        "narHash": "sha256-P6RVkrM9JLCW6xBjSwHfgTOQ1JwBUma5xe5LI8xAPC0=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "9ef261221d1e72399f2036786498d78c38185c46",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-25.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "hardware": "hardware",
        "home-manager": "home-manager",
        "nixpkgs": "nixpkgs",
        "nixpkgs-stable": "nixpkgs-stable",
        "sops-nix": "sops-nix",
        "systems": "systems"
      }
    },
    "sops-nix": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1766894905,
        "narHash": "sha256-pn8AxxfajqyR/Dmr1wnZYdUXHgM3u6z9x0Z1Ijmz2UQ=",
        "owner": "mic92",
        "repo": "sops-nix",
        "rev": "61b39c7b657081c2adc91b75dd3ad8a91d6f07a7",
        "type": "github"
      },
      "original": {
        "owner": "mic92",
        "repo": "sops-nix",
        "type": "github"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1689347949,
        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
        "owner": "nix-systems",
        "repo": "default-linux",
        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default-linux",
        "type": "github"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/flake.nix
+++ b/flake.nix
@@ -0,0 +1,72 @@
 {
  description = "Meine NixOS configuration";
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11";
    systems.url = "github:nix-systems/default-linux";
    hardware.url = "github:nixos/nixos-hardware";
    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    sops-nix = {
      url = "github:mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
  outputs = {
    self,
    nixpkgs,
    home-manager,
    systems,
    ...
  } @ inputs : let
    inherit (self) outputs;
    lib = nixpkgs.lib // home-manager.lib;
    forEachSystem = f: lib.genAttrs (import systems) (system: f pkgsFor.${system});
    pkgsFor = lib.genAttrs (import systems) (
      system:
        import nixpkgs {
 	  inherit system;
 	  config.allowUnfree = true;
 	}
    );
  in {
    inherit lib;
    nixosModules = import ./modules/nixos;
    #homeManagerModules = import ./modules/home-manager;
    #overlays = import ./overlays {inherit inputs outputs;};
    hydraJobs = import ./hydra.nix {inherit inputs outputs;};
    packages  = forEachSystem (pkgs: import ./pkgs {inherit pkgs;});
    devShells = forEachSystem (pkgs: import ./shell.nix {inherit pkgs;});
    formatter = forEachSystem (pkgs: pkgs.alejandra);
    nixosConfigurations = {
      raidy = lib.nixosSystem {
        modules = [./hosts/raidy];
 	specialArgs = {
 	  inherit inputs outputs;
 	};
      };
    };
    homeConfigurations = {
      "dwessels@electra" = lib.homeManagerConfiguration {
        modules = [ ./home/dwessels/electra.nix ]; # ./home/dwessels/nixpkgs.nix ];
 	pkgs = pkgsFor.x86_64-linux;
 	extraSpecialArgs = {
          inherit inputs outputs;
 	};
      };
    };
  };
 }
--- a/home/dwessels/electra.nix
+++ b/home/dwessels/electra.nix
@@ -0,0 +1,12 @@
 {pkgs, lib, inputs, ...}: {
  imports = [
    ./global
  ];
  home.persistence = lib.mkForce {};
  home.username = "dwessels";
  home.packages = [
    pkgs.juju
    pkgs.sshuttle
  ];
 }
--- a/home/dwessels/raidy.nix
+++ b/home/dwessels/raidy.nix
@@ -0,0 +1,3 @@
 {pkgs, ...}: {
 }
--- a/hosts/common/global/default.nix
+++ b/hosts/common/global/default.nix
@@ -0,0 +1,7 @@
 {
  inputs,
  outputs,
  ...
 }: {
 }
--- a/hosts/common/users/dwessels/default.nix
+++ b/hosts/common/users/dwessels/default.nix
@@ -0,0 +1,41 @@
 {
  pkgs,
  config,
  lib,
  ...
 }: let
  ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
 in {
  users.mutableUsers = false;
  users.users.dwessels = {
    isNormalUser = true;
    shell = pkgs.fish;
    extraGroups = ifTheyExist [
      "audio"
      "deluge"
      "docker"
      "git"
      "i2c"
      "libvirtd"
      "mysql"
      "network"
      "plugdev"
      "video"
      "wheel"
      "wireshark"
   ];
   hashedPasswordFile = config.sops.secrets.dwessels-password.path;
  };
  sops.secrets.dwessels-password = {
    sopsFile = ../../secrets.yaml;
    neededForUsers = true;
  };
  home-manager.users.dwessels = import ../../../../home/dwessels/${config.networking.hostName}.nix;
  security.pam.services = {
    swaylock = {};
    hyprlock = {};
  };
 }
--- a/hosts/common/users/secrets.yaml
+++ b/hosts/common/users/secrets.yaml
@@ -0,0 +1,17 @@
 dwessels-password: ENC[AES256_GCM,data:5FIfaQxiCOWT/uaf,iv:KyYcbVYyzC6lj4B4SOKtAgLLDIuB1HPbszBf654USSc=,tag:ndZ6BWqMAWeGv/y+htLizw==,type:str]
 sops:
    age:
        - recipient: age1yubikey1qvztykl49tq9njv2qhaqs9lm43mpfjkrgjlddhyp9tu6mgngxzg8v7v9rql
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDgwUnBpQSBBN0JXQW5Q
            bzhUUjNtdmp6MUFjcG1UMlBaa2RNUDlYalJpOEdxNUhjQ3FHNQpEWE1idHp6ZFc1
            VmdGUFRHNmZ5VHhyRzRHOCt0dmZMeEUyb1A4OE9yWm5nCi0tLSBhaU80aEJMZWxE
            dkd5cnNYb3VNUFM0aGE3cUdsZDFORTNha2Z3UTZ6dWlFChMForXFy2Z0vq/ba0Fb
            vlWRL14GHg2LinIyS1+2z8KwYfEp2mkIhg1y8/j+uraqFH2HQEM/3TOzTg9D/7Dw
            JoQ=
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-12-30T23:40:22Z"
    mac: ENC[AES256_GCM,data:4czv8j8VZ7WsU1cpULCgZDazoeI5f9vtrK8fuP2Y4y/H1HG1iRPq8TsEvB7Y5xIdXc8ZF9ff6r30KaNgt0IYBrPNoEZhsymiF7nsck43uPE51Utlhk/T1epJ7uvPYnLppSIGq6Gtzm2rlgiTGpM+H3KAC/0x+1bfz5WGcdSnr1w=,iv:liApOUtDkGBc3ct5A6k9EDafzODQxBzW7x1dREtGJJU=,tag:jPgQ+15821z5ENLS7ruljw==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.11.0
--- a/hosts/raidy/default.nix
+++ b/hosts/raidy/default.nix
@@ -0,0 +1,20 @@
 {
  pkgs,
  inputs,
  ...
 }: {
  imports = [
    ./hardware-configuration.nix
    ../common/global
    ../common/users/dwessels
  ];
  networking = {
    hostName = "raidy";
    useDHCP = true;
  };
  system.stateVersion = "22.11";
 }
--- a/hosts/raidy/hardware-configuration.nix
+++ b/hosts/raidy/hardware-configuration.nix
@@ -0,0 +1,40 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci_renesas" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/3b9e8881-eaf3-4d32-955c-f8f2d1ac1a17";
      fsType = "ext4";
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/9246-7480";
      fsType = "vfat";
      options = [ "fmask=0077" "dmask=0077" ];
    };
  swapDevices = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
  # networking.interfaces.wwan0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/https:⁄⁄github.com⁄Misterio77⁄nix-starter-configs.desktop
+++ b/https:⁄⁄github.com⁄Misterio77⁄nix-starter-configs.desktop
@@ -0,0 +1,5 @@
 [Desktop Entry]
 Icon=text-html
 Name=https://github.com/Misterio77/nix-starter-configs
 Type=Link
 URL[$e]=https://github.com/Misterio77/nix-starter-configs
--- a/hydra.nix
+++ b/hydra.nix
@@ -0,0 +1,20 @@
 {
  inputs,
  outputs,
 }: let
  inherit (inputs.nixpkgs) lib;
  notBroken = pkg: !(pkg.meta.broken or false);
  isDistributable = pkg: (pkg.meta.license or {redistributable = true;}=.redistributable;
  hasPlatform = sys: pkg: lib.elem sys (pkg.meta.platforms or [sys]);
  filterValidPkgs = sys: pkgs:
    lib.filterAttrs(_: pkg:
      lib.isDerivation pkg
      && hasPlatform sys pkg
      && notBroken pkg
      && isDistributable pkg)
    pkgs;
 in {
  pkgs  = lib.mapAttrs filterValidPkgs outputs.packages;
  hosts = lib.mapAttrs (_: cfg: cfg.config.system.build.toplevel) outputs.nixosConfigurations;
  homes = lib.mapAttrs (_: cfg: cfg.activationPackage) outputs.homeConfigurations;
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -0,0 +1,3 @@
 {
 }
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -0,0 +1,3 @@
 {pkgs ? import <nixpkgs> {}, ...}: rec {
 }
--- a/shell.nix
+++ b/shell.nix
@@ -0,0 +1,15 @@
 {pkgs ? import <nixpkgs> {}, ...}: {
  default = pkgs.mkShell {
    NIX_CONFIG = "extra-experimental-features = nix-command flakes ca-derivations";
    nativeBuildInputs = with pkgs; [
      nix
      home-manager
      git
      sops
      ssh-to-age
      gnupg
      age
    ];
  };
 }
		`@@ -0,0 +1,3 @@`
							`{pkgs ? import <nixpkgs> {}, ...}: rec {`

							`}`