ready?
This commit is contained in:
@@ -62,8 +62,7 @@
|
||||
};
|
||||
|
||||
programs.zsh.enable = true;
|
||||
environment.shells = with pkgs; [ zsh ];
|
||||
users.defaultUserShell = pkgs.zsh;
|
||||
environment.shells = with pkgs; [ zsh bashInteractive ];
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
@@ -91,19 +90,6 @@
|
||||
|
||||
system.stateVersion = "23.05"; # Did you read the comment?
|
||||
|
||||
users.users."nathan" = {
|
||||
isNormalUser = true;
|
||||
initialPassword = "7567";
|
||||
#hashedPasswordFile = config.sops.secrets."nathan/pass".path;
|
||||
extraGroups = [
|
||||
"wheel"
|
||||
]; # Enable ‘sudo’ for the user.
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
|
||||
];
|
||||
};
|
||||
|
||||
|
||||
sops = {
|
||||
age.keyFile = "/home/nathan/.config/sops/age/keys.txt";
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
@@ -116,120 +102,89 @@
|
||||
};
|
||||
};
|
||||
|
||||
sysconfig = {
|
||||
#remoteBuildHost = true;
|
||||
host = "homebox";
|
||||
graphical = true;
|
||||
users = {
|
||||
nathan = {
|
||||
extraGroups = [ "wheel" "networkmanager" ];
|
||||
sshKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
|
||||
];
|
||||
shell = pkgs.zsh;
|
||||
hashedPasswordFile = config.sops.secrets."nathan/pass".path;
|
||||
home-manager = {
|
||||
enable = true;
|
||||
extraModules = [
|
||||
{
|
||||
homeconfig = {
|
||||
host = "homebox";
|
||||
minimal = false;
|
||||
wayvnc.enable = false;
|
||||
hyprland.enable = true;
|
||||
swaylock.enable = true;
|
||||
wal.enable = true;
|
||||
mpd.enable = true;
|
||||
ags.enable = true;
|
||||
calcurse.enable = true;
|
||||
rofi.enable = true;
|
||||
firefox.enable = true;
|
||||
git.enable = true;
|
||||
nh.enable = true;
|
||||
};
|
||||
|
||||
home-manager = {
|
||||
backupFileExtension = "backup";
|
||||
extraSpecialArgs = {inherit inputs;};
|
||||
sharedModules = [ inputs.sops-nix.homeManagerModules.sops ];
|
||||
users = {
|
||||
"nathan" = lib.mkMerge [
|
||||
inputs.nathan-home-manager
|
||||
{
|
||||
config.homeconfig = {
|
||||
host = "homebox";
|
||||
minimal = false;
|
||||
wayvnc.enable = false;
|
||||
hyprland.enable = true;
|
||||
swaylock.enable = true;
|
||||
wal.enable = true;
|
||||
mpd.enable = true;
|
||||
ags.enable = true;
|
||||
calcurse.enable = true;
|
||||
rofi.enable = true;
|
||||
firefox.enable = true;
|
||||
git.enable = true;
|
||||
nh.enable = true;
|
||||
home.packages = [
|
||||
pkgs.wayvnc
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
home.packages = [
|
||||
pkgs.wayvnc
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
services = {
|
||||
sddm.enable = true;
|
||||
openssh.enable = true;
|
||||
pipewire.enable = true;
|
||||
netbird.enable = true;
|
||||
minecraft.enable = false;
|
||||
};
|
||||
|
||||
programs = {
|
||||
hyprland.enable = true;
|
||||
ags.enable = true;
|
||||
steam.enable = false;
|
||||
};
|
||||
|
||||
virtualization = {
|
||||
traefik.enable = true;
|
||||
jellyfin.enable = true;
|
||||
"blunkall.us".enable = true;
|
||||
nextcloud.enable = true;
|
||||
ntfy.enable = false;
|
||||
gitea.enable = true;
|
||||
n8n.enable = true;
|
||||
keycloak.enable = true;
|
||||
netbird.enable = true;
|
||||
ollama.enable = true;
|
||||
homeassistant.enable = true;
|
||||
wyoming = {
|
||||
enable = true;
|
||||
piper = true;
|
||||
openwakeword = true;
|
||||
faster-whisper = true;
|
||||
};
|
||||
rustdesk.enable = false; #broken
|
||||
pihole.enable = false; #broken
|
||||
code-server.enable = false;
|
||||
novnc.enable = true;
|
||||
minecraft.enable = true;
|
||||
|
||||
sandbox.enable = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
sysconfig = {
|
||||
|
||||
users = {
|
||||
nathan = {
|
||||
extraGroups = [ "wheel" "networkmanager" ];
|
||||
sshKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
|
||||
];
|
||||
hashedPasswordFile = config.sops.secrets."nathan/pass".path;
|
||||
home-manager = {
|
||||
enable = true;
|
||||
extraModules = [
|
||||
{
|
||||
homeconfig = {
|
||||
host = "homebox";
|
||||
minimal = false;
|
||||
wayvnc.enable = false;
|
||||
hyprland.enable = true;
|
||||
swaylock.enable = true;
|
||||
wal.enable = true;
|
||||
mpd.enable = true;
|
||||
ags.enable = true;
|
||||
calcurse.enable = true;
|
||||
rofi.enable = true;
|
||||
firefox.enable = true;
|
||||
git.enable = true;
|
||||
nh.enable = true;
|
||||
};
|
||||
|
||||
home.packages = [
|
||||
pkgs.wayvnc
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
sddm.enable = true;
|
||||
openssh.enable = true;
|
||||
pipewire.enable = true;
|
||||
netbird.enable = true;
|
||||
minecraft.enable = false;
|
||||
};
|
||||
|
||||
programs = {
|
||||
hyprland.enable = true;
|
||||
ags.enable = true;
|
||||
steam.enable = false;
|
||||
};
|
||||
|
||||
virtualization = {
|
||||
traefik.enable = true;
|
||||
jellyfin.enable = true;
|
||||
"blunkall.us".enable = true;
|
||||
nextcloud.enable = true;
|
||||
ntfy.enable = false;
|
||||
gitea.enable = true;
|
||||
n8n.enable = true;
|
||||
keycloak.enable = true;
|
||||
netbird.enable = true;
|
||||
ollama.enable = true;
|
||||
homeassistant.enable = true;
|
||||
wyoming = {
|
||||
enable = true;
|
||||
piper = true;
|
||||
openwakeword = true;
|
||||
faster-whisper = true;
|
||||
};
|
||||
rustdesk.enable = false; #broken
|
||||
pihole.enable = false; #broken
|
||||
code-server.enable = false;
|
||||
novnc.enable = true;
|
||||
minecraft.enable = true;
|
||||
|
||||
sandbox.enable = false;
|
||||
};
|
||||
};
|
||||
|
||||
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
|
||||
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
|
||||
|
||||
}
|
||||
|
||||
@@ -58,28 +58,24 @@
|
||||
|
||||
services.pulseaudio.enable = false;
|
||||
|
||||
virtualisation.docker.enable = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
docker
|
||||
docker-compose
|
||||
alsa-utils
|
||||
];
|
||||
|
||||
sysconfig = {
|
||||
#remoteBuildClient = true;
|
||||
host = "laptop";
|
||||
graphical = true;
|
||||
users = {
|
||||
nathan = {
|
||||
extraGroups = [ "wheel" "networkmanager" ];
|
||||
sshKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
|
||||
];
|
||||
hashedPasswordFile = config.sops.secrets."nathan/pass".path;
|
||||
shell = pkgs.zsh;
|
||||
home-manager = {
|
||||
enable = true;
|
||||
extraModules = [
|
||||
{
|
||||
homeconfig = {
|
||||
host = "homebox";
|
||||
minimal = false;
|
||||
wayvnc.enable = false;
|
||||
hyprland.enable = true;
|
||||
@@ -132,38 +128,6 @@
|
||||
};
|
||||
|
||||
|
||||
|
||||
home-manager = {
|
||||
backupFileExtension = "backup";
|
||||
extraSpecialArgs = { inherit inputs; };
|
||||
sharedModules = [ inputs.sops-nix.homeManagerModules.sops ];
|
||||
users = {
|
||||
"nathan" = lib.mkMerge [
|
||||
{
|
||||
homeconfig = {
|
||||
host = "laptop";
|
||||
minimal = false;
|
||||
hyprland.enable = true;
|
||||
swaylock.enable = true;
|
||||
wal.enable = true;
|
||||
wayvnc.enable = false;
|
||||
mpd.enable = true;
|
||||
ags.enable = true;
|
||||
calcurse.enable = true;
|
||||
rofi.enable = true;
|
||||
firefox.enable = true;
|
||||
git.enable = true;
|
||||
nh.enable = true;
|
||||
};
|
||||
}
|
||||
(inputs.nathan-home-manager {
|
||||
config = config.home-manager.users."nathan";
|
||||
inherit lib pkgs;
|
||||
})
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# Enable the X11 windowing system.
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
@@ -184,14 +148,13 @@
|
||||
};
|
||||
|
||||
|
||||
environment.shells = with pkgs; [ zsh ];
|
||||
environment.shells = with pkgs; [ zsh bashInteractive ];
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
services.printing.enable = true;
|
||||
|
||||
programs.adb.enable = true;
|
||||
|
||||
users.defaultUserShell = pkgs.zsh;
|
||||
programs.zsh.enable = true;
|
||||
|
||||
system.stateVersion = "23.05"; # Did you read the comment?
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
nathan:
|
||||
pass: ENC[AES256_GCM,data:O8d4PQ==,iv:CClnfFd/xUrfLBIb2ZDlBYm1GQVWwawMqePRYnRtSeE=,tag:mk++Mml+x5xT7aHiOQv25Q==,type:str]
|
||||
pass: ENC[AES256_GCM,data:H/duNPyclGoCF/Z90TQcqaUymowHOLRDmcfDxSubNGdmijknsCq+UH5PaWUmXGZ7uZqcpYWBcsVbYfQO/98OHH/kbwAFD/Hgkw==,iv:74M2PQqVzAgMXA8Z4RVLJKawt0Lzh94IKbn8YCTx3tY=,tag:B/xgA4mrhWEccaXQ+qvjCA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
|
||||
@@ -11,7 +11,7 @@ sops:
|
||||
Y2ZpR25VNGVoMi9ibW8wbW5rYTQ3R00Ka6/KLXSSRP9WJDV0RBHHS5nALfd/3xDu
|
||||
y+QS+Ueh56kQT2zbYpYBRIPDgI3LZgwlTifQCDJ9ZPq0LGgu4XbEqQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-08-01T23:42:11Z"
|
||||
mac: ENC[AES256_GCM,data:7kHz3rhmzaieuY97ISA7RmEQnPn6E7Ta6sioPXvVBCLOmgwqhtITDXZw7be7/Da/BZr7O2rFcw6RaFiOdreLEzz9Kp8c5AzqXa5V6Mxhs0XJPFZ4Xkabzc3cBrm6QqKVi5PSUjPv6wDmZP7tvgzS/pny9SBmzlWOItSvs3Dw+5I=,iv:yNdtnJkmt3veZj6sDrbuNpBFc9UQVYaWlG6zmfdyfI4=,tag:tRwXGMHtQtXWrTzzMFFN0w==,type:str]
|
||||
lastmodified: "2025-08-19T03:46:09Z"
|
||||
mac: ENC[AES256_GCM,data:oDQaS7PdVa2U8mJtv5lwj6DKO25dxyzAfhDuI+fBeAeKlq7RlILpxCsT3iXcltblMhz8Jk2QronMtAy53r/aCIEhmIeEKGqGWr/sPV5DRWmIcIvZU2EDAEqbcbrxOV8BQFmEvRvJ7RhpG90ffK51SdaczzTcod9PGMst7LHTeMw=,iv:4/MeKQ2j0CLXHwusfsyOzUVSz78j3q1aipw1ugWtW8Y=,tag:Tkn9Zx9vk93Ka28tBpcjWQ==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
||||
@@ -25,35 +25,7 @@
|
||||
};
|
||||
};
|
||||
|
||||
config = let
|
||||
dirs = (builtins.partition
|
||||
(x: ((builtins.readDir ./configuration).${x} == "directory" && (import x).config.sysconfig.host != config.sysconfig.host))
|
||||
(builtins.attrNames (builtins.readDir ./configuration))
|
||||
).right;
|
||||
|
||||
rbHosts = (builtins.listToAttrs
|
||||
(builtins.map
|
||||
(x: let
|
||||
host = import x;
|
||||
in {
|
||||
name = x;
|
||||
value = {
|
||||
hostName = host.config.networking.hostName;
|
||||
sshUser = "remote-builder";
|
||||
sshKey = config.sops.secrets."remoteBuildSSHKey".path;
|
||||
supportedFeatures = [
|
||||
"nixos-test"
|
||||
"benchmark"
|
||||
"big-parallel"
|
||||
"kvm"
|
||||
];
|
||||
system = pkgs.stdenv.hostPlatform.system;
|
||||
};
|
||||
})
|
||||
dirs
|
||||
)
|
||||
);
|
||||
in {
|
||||
config = {
|
||||
|
||||
sops.secrets."remoteBuildSSHKey" = lib.mkIf config.sysconfig.remoteBuildClient {};
|
||||
|
||||
@@ -69,17 +41,32 @@
|
||||
};
|
||||
|
||||
distributedBuilds = config.sysconfig.remoteBuildClient;
|
||||
buildMachines = lib.mkIf config.sysconfig.remoteBuildClient {};
|
||||
buildMachines = lib.mkIf config.sysconfig.remoteBuildClient [
|
||||
{
|
||||
hostName = "blunkall.us";
|
||||
sshUser = "remote-builder";
|
||||
sshKey = config.sops.secrets."remoteBuildSSHKey".path;
|
||||
supportedFeatures = [
|
||||
"nixos-test"
|
||||
"benchmark"
|
||||
"big-parallel"
|
||||
"kvm"
|
||||
];
|
||||
systems = [ "x86_64-linux" "aarch64-linux" ];
|
||||
}
|
||||
];
|
||||
|
||||
trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ config.users.users."remote-builder".name ];
|
||||
trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ "remote-builder" ];
|
||||
};
|
||||
|
||||
environment.etc = lib.mkIf config.sysconfig.remoteBuildHost {};
|
||||
boot.binfmt.emulatedSystems = lib.mkIf config.sysconfig.remoteBuildHost [ "aarch64-linux" ];
|
||||
|
||||
users.users."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
|
||||
isNormalUser = true;
|
||||
createHome = false;
|
||||
openssh.authorizedKeys.keyFiles = [];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7wpZD7mpHHpfHBSBV28x3ify+dtoLRDXO91mJ/WhUj root@laptop"
|
||||
];
|
||||
};
|
||||
|
||||
time.timeZone = lib.mkDefault "America/Chicago";
|
||||
|
||||
Reference in New Issue
Block a user