nathan/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test gitea docker

Browse Source
This commit is contained in:
Nathan
2026-04-26 12:25:17 -05:00
parent 7dd153349d fe29c5ff4b
commit e24312038e
37 changed files with 953 additions and 432 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
modules/features/default.nix
View File

@@ -1,96 +0,0 @@
{ inputs, ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: {
imports = [
inputs.sops-nix.nixosModules.sops
];
config = {
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
channel.enable = false;
settings = {
experimental-features = [ "nix-command" "flakes" ];
builders-use-substitutes = (config.sops.secrets ? "remoteBuildKey");
substituters = lib.mkIf config.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-substituters = lib.mkIf config.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-public-keys = lib.mkIf config.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
};
distributedBuilds = lib.mkDefault (config.sops.secrets ? "remoteBuildKey");
buildMachines = lib.mkIf (config.sops.secrets ? "remoteBuildKey") [
{
hostName = "esotericbytes.com";
sshUser = "remote-builder";
sshKey = config.sops.secrets."remoteBuildKey".path;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
systems = [ "x86_64-linux" "aarch64-linux" ];
}
];
};
users.users."remote-builder" = lib.mkIf (builtins.any
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
) {
isNormalUser = true;
createHome = false;
};
sops.templates."remote-builder" = lib.mkIf (builtins.any
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
) {
content = builtins.concatStringsSep ''''\n'' (builtins.map
(y: config.sops.placeholder.${y})
(builtins.filter
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
)
);
path = "/etc/ssh/authorized_keys.d/remote-builder";
owner = "remote-builder";
};
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFormat = "yaml";
};
programs.fuse.userAllowOther = true;
home-manager = {
backupFileExtension = "backup";
useUserPackages = true;
sharedModules = [];
};
time.timeZone = lib.mkDefault "America/Chicago";
i18n = lib.mkDefault {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
};
};
}

32
modules/features/ethdhcp.nix Normal file
View File

@@ -0,0 +1,32 @@
{ ... }: {
flake.nixosModules.ethdhcp = { config, lib, ... }: {
networking.firewall.interfaces."eno1" = {
allowedUDPPorts = [ 53 67 68 ];
allowedTCPPorts = [ 53 67 68 ];
};
networking = {
interfaces."eno1" = {
ipv4.addresses = [{ address = "192.168.121.1"; prefixLength = 24; }];
};
nat = {
enable = true;
internalInterfaces = [ "eno1" ];
externalInterface = "wlo1";
};
};
services.dnsmasq = {
enable = true;
settings = {
interface = "eno1";
dhcp-range = [ "192.168.121.2,192.168.121.2,1h" ];
};
};
networking.networkmanager.unmanaged = [ "eno1" ];
};
}

66
modules/features/gitea.nix
View File

@@ -80,6 +80,13 @@
repository = {
DEFAULT_BRANCH = "master";
};
migrations = {
ALLOWED_DOMAINS = "*";
ALLOW_LOCALNETWORKS = true;
SKIP_TLS_VERIFY = true;
BLOCKED_DOMAINS = "";
};
};
database = {
@@ -119,6 +126,26 @@
config = {
networking.firewall.allowedTCPPorts = [ 2222 ];
sops.secrets = {
"gitea/dbpass" = {};
};
sops.templates."gitea.env".content = ''
USER_UID=1000
USER_GID=1000
GITEA__database__DB_TYPE=postgres
GITEA__database__HOST=${name}-db:5432
GITEA__database__NAME=gitea
GITEA__database__USER=gitea
GITEA__database__PASSWD=${config.sops.placeholder."gitea/dbpass"}
'';
sops.templates."gitea-db.env".content = ''
POSTGRES_USER=gitea
POSTGRES_DB=gitea
POSTGRES_PASSWORD=${config.sops.placeholder."gitea/dbpass"}
'';
>>>>>>> dev
virtualisation.oci-containers.containers."${name}" = {
image = "docker.gitea.com/gitea:1.25.4";
@@ -134,7 +161,7 @@
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.entrypoints" = "websecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
@@ -153,15 +180,20 @@
];
extraOptions = [
"--ip=192.168.101.20"
"--ip=192.168.101.25"
];
volumes = [
"vol_gitea:/data"
"/etc/gitea/data:/data"
];
environment = {
};
environmentFiles = [
config.sops.templates."gitea.env".path
];
dependsOn = [
"${name}-db"
];
};
virtualisation.oci-containers.containers."${name}-db" = {
@@ -183,15 +215,16 @@
];
extraOptions = [
"--ip=192.168.101.21"
"--ip=192.168.101.26"
];
volumes = [
"/etc/gitea/db:/var/lib/postgresql/data"
];
environment = {
};
environmentFiles = [
config.sops.templates."gitea-db.env".path
];
};
systemd.services."docker-gitea" = {
@@ -203,12 +236,10 @@
};
after = [
"docker-network-setup.service"
"docker-volume-gitea.service"
"docker-gitea-db.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-gitea.service"
"docker-gitea-db.service"
];
partOf = [
@@ -239,21 +270,6 @@
"docker-compose-gitea-root.target"
];
};
systemd.services."docker-volume-gitea" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_gitea || docker volume create vol_gitea --driver=local
'';
partOf = [ "docker-compose-gitea-root.target" ];
wantedBy = [ "docker-compose-gitea-root.target" ];
};
};
};
}

21
modules/features/home-manager.nix Normal file
View File

@@ -0,0 +1,21 @@
{ inputs, ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: {
imports = [
inputs.home-manager.nixosModules.default
];
config = {
programs.fuse.userAllowOther = true;
home-manager = {
backupFileExtension = "backup";
useUserPackages = true;
sharedModules = [];
};
};
};
}

55
modules/features/hotspot.nix Normal file
View File

@@ -0,0 +1,55 @@
{ ... }: {
flake.nixosModules.hotspot = { config, lib, ... }: {
networking.firewall.interfaces."wlo1" = {
allowedUDPPorts = [ 53 67 68 ];
allowedTCPPorts = [ 53 67 68 ];
};
networking = {
interfaces."wlo1" = {
ipv4.addresses = [{ address = "192.168.121.1"; prefixLength = 24; }];
};
nat = {
enable = true;
internalInterfaces = [ "wlo1" ];
externalInterface = "eno1";
};
};
services.dnsmasq = {
enable = true;
settings = {
interface = "wlo1";
dhcp-range = [ "192.168.121.2,192.168.121.10,1h" ];
};
};
sops.secrets."hotspotPass".sopsFile = ./secrets.yaml;
services.hostapd = {
enable = true;
radios.wlo1 = {
networks.wlo1 = {
ssid = "laptopHotspot";
authentication.saePasswords = [{ passwordFile = "${config.sops.secrets."hotspotPass".path}"; }];
};
countryCode = "US";
band = "2g";
channel = 7;
wifi4 = {
enable = true;
};
};
};
networking.networkmanager.unmanaged = [ "wlo1" ];
};
}

2
modules/features/hyprland.nix
View File

@@ -22,6 +22,8 @@
portalPackage = inputs.hyprland.packages.${system}.xdg-desktop-portal-hyprland;
};
programs.partition-manager.enable = true;
};
};
}

27
modules/features/locale.nix Normal file
View File

@@ -0,0 +1,27 @@
{ ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: {
config = {
time.timeZone = lib.mkDefault "America/Chicago";
i18n = lib.mkDefault {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
};
};
}

2
modules/features/n8n.nix
View File

@@ -42,7 +42,7 @@
];
extraOptions = [
"--ip=192.168.101.2"
"--ip=192.168.101.14"
];
volumes = [

27
modules/features/netbird/netbird.nix
View File

@@ -31,6 +31,32 @@
};
};
flake.nixosModules.netbird-sbc = { config, lib, pkgs, ... }: {
config = let
pkgs-us = import inputs.nixpkgs-us {
system = "x86_64-linux";
};
in {
sops.secrets."netbirdKey".sopsFile = ./../secrets.yaml;
services.netbird = {
enable = lib.mkDefault true;
clients.default = {
port = 51820;
name = "netbird";
interface = "wt0";
hardened = false;
};
package = pkgs-us.netbird;
#package = pkgs.netbird;
};
};
};
flake.nixosModules.netbird-docker = { config, lib, pkgs, ... }: {
imports = [
@@ -218,6 +244,7 @@
extraOptions = [
"--network-alias=signal"
"--network=docker-main"
"--ip=192.168.101.2"
];
};
systemd.services."docker-netbird-signal" = {

21
modules/features/nix.nix Normal file
View File

@@ -0,0 +1,21 @@
{ inputs, ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: {
config = {
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
channel.enable = false;
settings = {
experimental-features = [ "nix-command" "flakes" ];
substituters = lib.mkIf config.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-substituters = lib.mkIf config.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-public-keys = lib.mkIf config.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
};
};
};
};
}

61
modules/features/remoteBuilds.nix Normal file
View File

@@ -0,0 +1,61 @@
{ inputs, ... }: {
flake.nixosModules.sops = { config, lib, ... }: {
imports = [
inputs.sops-nix.nixosModules.sops
];
config = {
nix = {
settings = {
builders-use-substitutes = (config.sops.secrets ? "remoteBuildKey");
};
distributedBuilds = lib.mkDefault (config.sops.secrets ? "remoteBuildKey");
buildMachines = lib.mkIf (config.sops.secrets ? "remoteBuildKey") [
{
hostName = "esotericbytes.com";
sshUser = "remote-builder";
sshKey = config.sops.secrets."remoteBuildKey".path;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
systems = [ "x86_64-linux" "aarch64-linux" ];
}
];
};
users.users."remote-builder" = lib.mkIf (builtins.any
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
) {
isNormalUser = true;
createHome = true;
home = "/tmp/remote-builder";
};
sops.templates."remote-builder" = lib.mkIf (builtins.any
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
) {
content = builtins.concatStringsSep ''''\n'' (builtins.map
(y: config.sops.placeholder.${y})
(builtins.filter
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
)
);
path = "/etc/ssh/authorized_keys.d/remote-builder";
owner = "remote-builder";
};
};
};
}

7
modules/features/secrets.yaml
View File

@@ -2,6 +2,7 @@ remoteBuildClientKeys:
laptop: ENC[AES256_GCM,data:SZRAZ36nSueWVLcdvpgZpltp/aORqAObFWhgqtIrTYccoK/3F7l0J+VJzF51FASa6spbGJL2BSbzOygyal609pvJc9Hb9bIN85GMzV1P4lha62iC8dkuVLXezPU=,iv:veQJxL4QTxFg2UKm2+I3RQXyuwW2rXEV/gXIQ7nBtlY=,tag:9C9Ltzwz823yY029p9K41A==,type:str]
pi4: ENC[AES256_GCM,data:zT7V70DbBj5OIl5dTkUjvdqrxSiPcc+oFvL7R2ZAuytSQWdo9MR+WuuhN1Zeo0Ho9eGcbS+Qwr/Vs+yIYU+XaUlgawHM6aiUXoQmQE/yJFOPYUcmi0R4mxD0nkPZ0w==,iv:HQ+bxpeHZq9cezF6omZ1OMecfOw74pXzBujndhXnLPM=,tag:AM5O21nYzb4xzybOPvBwRg==,type:str]
android: ENC[AES256_GCM,data:srkEb7oAxcN5++sTWQo43C8M4JNpfeeJlcGLGUA6gp74kcES1HnIs87ZtCik121oMSYD15LZ8p/x/AV2QdGMobQFxoMQ2NEehhP66n2EoXcEos3BXqUlbphiBGMRfVK9+w==,iv:bmDbVfVSZLU+EsZh/GBBY9QVcfHZJB9gLZYeI3NYoGY=,tag:biE4/DN7z2wRyFBjK7vEnQ==,type:str]
hotspotPass: ENC[AES256_GCM,data:str2NCiO3mkWQiNWC1fouqHl,iv:gtwKki5hs9PHMzrK516QxZ4iLx8raIV7vCdJ7RpPd/E=,tag:j+Yw431Mghqt//bFUQnSSA==,type:str]
sops:
age:
- recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
@@ -31,7 +32,7 @@ sops:
NXNhczV5Y3o3dmJ2RVk3eDBRd1FDdEkK4ELlB6suN3R3GJ6XRQCvE9mgiXUOMFs3
Yi+VfJTi3pkUQEi8MZP64Nl6IR5dXjUoPXFhBNcplmLf09JDjH4LJQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-26T22:28:31Z"
mac: ENC[AES256_GCM,data:hTEenm/UO84leu7alRdWlicKKrwNlaRR7ZQzhDtOCUcXemvwe30WkSq2mdzOnSo0uMSg1HZIlna8oRUd31ENe1aWfl69PlYPxEicmN5UHykVboXydw6m0yPoAqHj+nqG/vkWsVp0JN8HvTc59mzD+1DfydhJA3m0juaa81w5GsY=,iv:HBkE78QhX1wZANpvDW7nOIOTKBdCv0/dUc1Xv5+OQmQ=,tag:6I2z8MgZxnXjqd4iikA9nQ==,type:str]
lastmodified: "2026-04-24T23:13:22Z"
mac: ENC[AES256_GCM,data:m/4/y5r+BTeq5AtR6u3+vKxgTopGu+kIOGjaKMtNp/SSY1x086hzBfnB8p3BtLFijxYVrEqM/4JxvKU3m41jOtx4/1oSM/BXjHRUl+7diDSOcBaBtJMH2xam2b7Jlg4J0bW4ai3QnEQVF1A00dcmmEUqa/LZInFYSOXjB+FICCo=,iv:RcqpkSk8BSkcreVG1cY5f2OukCgcT36vqCyOfqoNXIs=,tag:aIDe4Tv5BygBYbyQ8GGr5Q==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.12.1

21
modules/features/sops.nix Normal file
View File

@@ -0,0 +1,21 @@
{ inputs, ... }: {
flake.nixosModules.sops = { config, lib, ... }: {
imports = [
inputs.sops-nix.nixosModules.sops
];
config = {
sops = {
age = {
keyFile = "/var/lib/sops/age/keys.txt";
#generateKey = true;
};
defaultSopsFormat = "yaml";
};
};
};
}

29
modules/features/traefik/config/routing.yml
View File

@@ -8,7 +8,7 @@ http:
rule: "Host(`esotericbytes.com`) || Host(`www.esotericbytes.com`)"
service: "homepage"
middlewares:
- authentik
- authentik@docker
tls:
certResolver: "cloudflare"
@@ -20,15 +20,6 @@ http:
tls:
certResolver: "cloudflare"
gitea:
entryPoints:
- "localsecure"
- "websecure"
rule: "Host(`gitea.esotericbytes.com`)"
service: "gitea"
tls:
certResolver: "cloudflare"
octoprint:
entryPoints:
- "localsecure"
@@ -49,27 +40,9 @@ http:
servers:
- url: "http://192.168.100.31:4444"
gitea:
loadBalancer:
servers:
- url: "http://192.168.100.20:3000"
octoprint:
loadBalancer:
servers:
- url: "http://rpi-3dp.local"
passHostHeader: true
tcp:
routers:
gitea-ssh:
entryPoints:
- "gitea-ssh"
rule: "HostSNI(`*`)"
service: "gitea-ssh"
services:
gitea-ssh:
loadBalancer:
servers:
- address: "192.168.100.20:2222"

7
modules/hosts/homebox/secrets.yaml
View File

@@ -14,6 +14,7 @@ keycloak:
dbpass: ENC[AES256_GCM,data:tc4wIAqzY7nonBhz8s+YdAux,iv:Wg0b0/xnl6cANLTOJWBsX+gw1iF8Q/GvO/iKyKwqJrM=,tag:LORKRmo4RjcrVbPNhk2A9Q==,type:str]
netbird:
secret_key: ENC[AES256_GCM,data:isJHGh/InvgJUSqISqxpWhZH0OMN/QG7WBbSS7WqHaWTdfZDBOh//PBP8g==,iv:j0D6feM3qnDjXijXRHgZPboFLHzPwWIhT5bYz3M+QMU=,tag:pOHRxOEdOUrL3n6DgqGDsA==,type:str]
netbirdKey: ENC[AES256_GCM,data:NSOx62QO2/BMgsV6B+Bi20XN1s8PUYDogRVj4XXYeqhF2QZE,iv:FiJzCpy+4Et58KJlG25A/GqeYscFQ9yzLj5i1ZEVDos=,tag:nlviBvsFJBGsAmwVt3agTg==,type:str]
gitlab:
db_pass: ENC[AES256_GCM,data:N3KvXkXql/PDjxZSpGo/Apr/,iv:OOzhR4BEmV3T01PA50vqdJMg7D2OGKHn/8hiqKEaOd4=,tag:jzdonXH/D/5kZ5Cld2W//w==,type:str]
root_pass: ENC[AES256_GCM,data:bALaUkoJw3N0ugZP/4MCnEsD,iv:LJdJpXlyzA6o00UVlK+l5WCCFIL/sT/fQNjI8wA5LAg=,tag:BYk1o/rjubyEpeHbgYA1Sg==,type:str]
@@ -38,7 +39,7 @@ sops:
S0NMRGJSeks0Q0UrVnZmUVdyU2NqVm8KLu2kQpD1fJdU0fTdR9A2cTQzRp+waJ6M
8vA+E8xYb2U4d7m0YnwKkGzw0CBPb0BvdEgvWvqpFViftoDwRv5KGA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-01T12:56:37Z"
mac: ENC[AES256_GCM,data:clu/WnwHAQaowQ99Z8tNlIKKcVnLHYeYsgQK0meftXgiQKnLyLzqNipwfaU3qjITdm6fB7wY+TcySygpwFbY2f2TKrqAk7RxdnTFa61vQDqMF7rYPG90Ub79P+R5URZI8yjv69Hmrav0Y6z92vH8ItbPSRBLtgrbYZx36IFq0LU=,iv:qzBVA0xATM979tzu6cTvMrX77firvA5K0WU2hoUggoA=,tag:Fm3IqH0GUHBq9Din6ZW6ng==,type:str]
lastmodified: "2026-04-26T03:37:06Z"
mac: ENC[AES256_GCM,data:gFZhelYC2ToiyRQmX2XiEmmMy3XeSFiF9EARogNcEIv+V/3Z4jKIDGwIvnP94s9ylgb+VZ2IoJLYb6zYSgYx/muOCoeoLifNwZOO+zA2hEgUf0kAhsM08HkuuwvifPwBZXO0P3VXTfP21QymetYVstX9ifYT3K5BIB2m9Unudu0=,iv:+Pr8idIxArX7eQEQaxigjhAGEOQRl7pz3p182yh6+Tg=,tag:qlpBKB4vg3BRFd/s+vDaDw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0
version: 3.12.1

25
modules/hosts/iso/configuration.nix
View File

@@ -2,14 +2,19 @@
flake.nixosModules.iso = { lib, pkgs, modulesPath, ... }: {
imports = with inputs; [
imports = with self.nixosModules; [
(modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")
inputs.home-manager.nixosModules.default
self.nixosModules.default
self.nixosModules.aurora-greeter
home-manager.nixosModules.default
aurora-greeter
hyprland
pipewire
avahi
netbird
openssh
];
@@ -32,9 +37,21 @@
];
};
environment.etc."wallpaper.jpg".source = ./../../users/nathan/home-manager/dotfiles/Wallpaper/bluescape.jpg;
system.activationScripts."wallpaperInit" = {
text = ''
mkdir -p /tmp/aurora/wallpaper
cp /etc/wallpaper.jpg /tmp/aurora/wallpaper/wallpaper.jpg
'';
};
users.users.nixos.enable = lib.mkForce false;
networking = {
hostName = "iso";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};

7
modules/hosts/iso/default.nix
View File

@@ -1,13 +1,14 @@
{ self, inputs, ...}: {
perSystem = { config, system, pkgs, self', inputs', ... }: {
perSystem = { ... }: {
packages.iso = self.nixosConfigurations.iso.config.system.build.isoImage;
};
flake.nixosConfigurations.iso = inputs.nixpkgs.lib.nixosSystem {
modules = [
self.nixosModules.iso
modules = with self.nixosModules; [
iso
user-nathan
];
};

13
modules/hosts/laptop/configuration.nix
View File

@@ -15,6 +15,7 @@
avahi
netbird
openssh
sops
];
config = {
@@ -31,6 +32,7 @@
efi.canTouchEfiVariables = true;
timeout = null;
};
binfmt.emulatedSystems = [ "aarch64-linux" ];
};
systemd.settings.Manager.DefaultLimitNOFILE = 2048;
@@ -47,7 +49,6 @@
};
programs.partition-manager.enable = true;
services.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [
@@ -81,7 +82,7 @@
];
networkmanager = {
enable = true;
dns = "none";
#dns = "none";
};
useDHCP = false;
dhcpcd.enable = false;
@@ -89,6 +90,14 @@
services.openssh.openFirewall = false;
specialisation = {
ethdhcp = {
configuration = with self.nixosModules; lib.mkMerge [
ethdhcp
];
};
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];

87
modules/hosts/pi4/configuration.nix
View File

@@ -1,87 +1,50 @@
{ inputs, ... }: {
{ self, inputs, ... }: {
flake.nixosModules.pi4 = { config, pkgs, ... }: {
flake.nixosModules.pi4-install-sd = { config, pkgs, modulesPath, ... }: {
imports = [
inputs.disko.nixosModules.default
imports = with self.nixosModules; [
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
pi4-core
inputs.home-manager.nixosModules.default
];
config = {
boot = {
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
};
};
};
networking = {
hostName = "pi4";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
flake.nixosModules.pi4-install-disko = { config, pkgs, ... }: {
time.timeZone = "America/Chicago";
imports = with self.nixosModules; [
inputs.disko.nixosModules.default
i18n.defaultLocale = "en_US.UTF-8";
pi4-core
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
self.diskoConfigurations.pi4
];
hardware = {
bluetooth.enable = true;
config = {
};
};
};
programs.zsh.enable = true;
flake.nixosModules.pi4 = { config, pkgs, ... }: {
environment.shells = with pkgs; [ zsh ];
imports = with self.nixosModules; [
users = {
groups.gpio = {};
};
pi4-core
services = {
udev.extraRules = ''
SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660"
SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"
'';
netbird-sbc
remoteBuilds
sops
];
pulseaudio = {
enable = true;
extraConfig = ''
load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
'';
};
};
config = {
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
sound.enable = true;
security.rtkit.enable = true;
system.stateVersion = "25.05";
};
};
}

72
modules/hosts/pi4/core.nix Normal file
View File

@@ -0,0 +1,72 @@
{ self, inputs, ... }: {
flake.nixosModules.pi4-core = { config, pkgs, ... }: {
imports = with self.nixosModules; [
inputs.home-manager.nixosModules.default
self.nixosModules.default
user-nathan
avahi
openssh
];
config = {
boot = {
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
kernelParams = [ "snd_bcm2835.enable_hdmi=1" "snd_bcm2835.enable_headphones=1" ];
};
networking = {
hostName = "pi4";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
hardware = {
bluetooth.enable = true;
};
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ];
environment.systemPackages = with pkgs; [
libraspberrypi
raspberrypi-eeprom
];
users = {
groups.gpio = {};
};
services = {
udev.extraRules = ''
SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660"
SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"
'';
pulseaudio = {
enable = true;
extraConfig = ''
load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
'';
};
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
security.rtkit.enable = true;
system.stateVersion = "25.11";
};
};
}

42
modules/hosts/pi4/default.nix
View File

@@ -1,12 +1,48 @@
{ self, inputs, ... }: {
flake.nixosConfigurations."pi4" = inputs.nixpkgs.lib.nixosSystem {
perSystem = { ... }: {
packages.pi4-sd = self.nixosConfigurations.pi4-install-sd.config.system.build.sdImage;
};
flake.nixosConfigurations.pi4 = inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
self.nixosModules.pi4
self.nixosModules.pi4-hardware
self.diskoConfigurations.pi4
#self.diskoConfigurations.pi4
];
};
flake.nixosConfigurations.pi4-install = inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
self.nixosModules.pi4-core
self.nixosModules.pi4-hardware
];
};
flake.nixosConfigurations.pi4-install-sd = inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
self.nixosModules.pi4-install-sd
self.nixosModules.pi4-hardware
];
};
flake.nixosConfigurations.pi4-install-disko = inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
self.nixosModules.pi4-install-disko
self.nixosModules.pi4-hardware
self.diskoConfigurations.pi4
];
};
}

35
modules/hosts/z2w/configuration.nix Normal file
View File

@@ -0,0 +1,35 @@
{ self, ... }: {
flake.nixosModules.z2w-install-sd = { config, pkgs, modulesPath, ... }: {
imports = with self.nixosModules; [
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
z2w-core
];
config = {
};
};
flake.nixosModules.z2w = { config, pkgs, ... }: {
imports = with self.nixosModules; [
z2w-install-sd
netbird-sbc
remoteBuilds
sops
];
config = {
sops = {
defaultSopsFile = ./secrets.yaml;
};
};
};
}

66
modules/hosts/z2w/core.nix Normal file
View File

@@ -0,0 +1,66 @@
{ self, inputs, ... }: {
flake.nixosModules.z2w-core = { config, lib, pkgs, ... }: {
imports = with self.nixosModules; [
inputs.home-manager.nixosModules.default
self.nixosModules.default
user-nathan
avahi
openssh
];
config = {
/*boot = {
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
};*/
networking = {
hostName = lib.mkDefault "z2w";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
#networkmanager.enable = true;
#wireless.enable = lib.mkForce false;
};
/*hardware = {
bluetooth.enable = true;
};*/
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ];
/*
users = {
groups.gpio = {};
};
services = {
udev.extraRules = ''
SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660"
SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"
'';
pulseaudio = {
enable = true;
extraConfig = ''
load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
'';
};
};
*/
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
system.stateVersion = "25.11";
};
};
}

26
modules/hosts/z2w/default.nix Normal file
View File

@@ -0,0 +1,26 @@
{ self, inputs, ... }: {
perSystem = { ... }: {
packages.z2w-sd = self.nixosConfigurations.z2w-install-sd.config.system.build.sdImage;
};
flake.nixosConfigurations.z2w = inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = inputs.opi-zero2w.lib.withOpiZero2wEssentials [
self.nixosModules.z2w
#self.nixosModules.z2w-hardware
];
};
flake.nixosConfigurations.z2w-install-sd = inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = inputs.opi-zero2w.lib.withOpiZero2wInstallerEssentials [
self.nixosModules.z2w-install-sd
#self.nixosModules.z2w-hardware
];
};
}

11
modules/users/nathan/home-manager/.sops.yaml
View File

@@ -1,11 +0,0 @@
keys:
- &homebox age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd
- &laptop age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
- &android age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74
creation_rules:
- path_regex: ^secrets.yaml$
key_groups:
- age:
- *laptop
- *homebox
- *android

32
modules/users/nathan/home-manager/default.nix
View File

@@ -1,11 +1,8 @@
{ self, inputs, ... }: {
{ self, ... }: {
flake.homeModules.nathan = { config, lib, pkgs, ... }: {
imports = with self.homeModules; [
inputs.sops-nix.homeManagerModules.sops
nathan-terminal
nathan-mpd
nathan-nh
@@ -41,35 +38,8 @@
iconTheme.name = "rose-pine-moon";
};
sops = {
age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
#secrets."remoteBuildKey" = {};
};
services.mpris-proxy.enable = true;
programs.ssh = {
enable = true;
matchBlocks = {
"builder" = {
hostname = "esotericbytes.com";
user = "remote-builder";
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
port = 22;
};
"remote" = {
hostname = "esotericbytes.com";
user = "nathan";
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
port = 22;
};
};
};
};
};
}

22
modules/users/nathan/home-manager/features/git.nix
View File

@@ -4,26 +4,9 @@
config = {
sops = {
secrets = {
"git/username" = {};
"git/email" = {};
};
templates.gitconfig.content = ''
[user]
name = "${config.sops.placeholder."git/username"}"
email = "${config.sops.placeholder."git/email"}"
'';
};
programs.git = {
enable = true;
includes = [
{ path = "${config.sops.templates.gitconfig.path}"; }
];
settings = {
init = {
defaultBranch = "master";
@@ -38,6 +21,11 @@
];
};
};
user = {
name = "Nathan";
email = "nathanblunkall5@gmail.com";
};
};
};
};

54
modules/users/nathan/home-manager/features/packages.nix
View File

@@ -2,6 +2,11 @@
flake.homeModules.nathan = { config, lib, pkgs, ... }: {
options.olympus.packageSet = lib.mkOption {
type = lib.types.str;
default = "full";
};
config = with lib; mkMerge [
{
@@ -17,17 +22,6 @@
unzip
rsync
curl
(python314.withPackages (ps: with ps; [
gpustat
numpy
matplotlib
scipy
pandas
pyaudio
pyusb
requests
]))
cava
android-tools
@@ -44,11 +38,6 @@
(mkIf config.wayland.windowManager.hyprland.enable {
nixpkgs.config = {
allowUnfree = true;
};
home.packages = with pkgs; [
grim
@@ -56,13 +45,42 @@
wl-clipboard
xfce.thunar
blueberry
brightnessctl
libdbusmenu-gtk3
];
})
(mkIf (pkgs.stdenv.hostPlatform.system == "x86_64-linux") {
home.packages = with pkgs; [
(python314.withPackages (ps: with ps; [
gpustat
numpy
matplotlib
scipy
pandas
pyaudio
pyusb
requests
]))
];
})
(mkIf (config.olympus.packageSet == "full") {
nixpkgs.config = {
allowUnfree = true;
};
home.packages = with pkgs; [
handbrake
quickemu
bottles
brightnessctl
libdbusmenu-gtk3
lmms
#unfree {

23
modules/users/nathan/home-manager/features/sops.nix Normal file
View File

@@ -0,0 +1,23 @@
{ inputs, ... }: {
flake.homeModules.nathan-sops = { config, lib, pkgs, ... }: {
imports = [
inputs.sops-nix.homeManagerModules.sops
];
config = {
sops = {
age = {
keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
generateKey = true;
};
defaultSopsFormat = "yaml";
#secrets."remoteBuildKey" = {};
};
};
};
}

44
modules/users/nathan/home-manager/features/ssh.nix
View File

@@ -1,27 +1,41 @@
{ ... }: {
flake.homeModules.nathan-terminal = { ... }: {
flake.homeModules.nathan-terminal = { config, ... }: {
programs.ssh = {
enable = true;
# defaults as of 25.11
matchBlocks."*" = {
forwardAgent = false;
addKeysToAgent = "no";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
};
enableDefaultConfig = false;
matchBlocks = {
"*" = {
forwardAgent = false;
addKeysToAgent = "no";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
};
"builder" = {
hostname = "esotericbytes.com";
user = "remote-builder";
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
port = 22;
};
"remote" = {
hostname = "esotericbytes.com";
user = "nathan";
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
port = 22;
};
};
};
};
}

36
modules/users/nathan/home-manager/secrets.yaml
View File

@@ -1,36 +0,0 @@
git:
username: ENC[AES256_GCM,data:418z4cCK,iv:tgPmynsW8fEJs6n+OGfm6IypOjNNhVdVaqFImeKXpC4=,tag:V5zI47vb9FnSO/OWurbJ+A==,type:str]
email: ENC[AES256_GCM,data:xp6HlIO1pTgvrXpGAOQwl0UvcnY4zrLrmw==,iv:LzGkluWeSe8MQqPXQMnNOv062UY+BkQE1fGjGqd/nCg=,tag:Y9nwo+Hjcg4ea2GxGKWApA==,type:str]
sops:
age:
- recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvMktJdFhxRjhaT0MyZ0N3
YVBMYlNkRnl1eU8zajZLWXRPajZzWDBGQWxVCkhMcEdsNlVKQ1VHR2hjZWdsR1gx
MkhCeVZGUDJwdkdDTiswRW40QjRRYWMKLS0tIENIN2pheisyR21YZkIzblVZZ1cw
bHpLWEdPdUc4d2ZSS1FjUDM0QWRQUWsKqvlH0oWHH/PhMDTYT5KhCTzaEffsf1jM
r0o60YUCe6pUFs0qPvOxEPM3bq+7MkUpH4eXVAw3tCov3nUkmwlVZg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5K3ovcmpPck1reGVPQ0lm
YTYvNGtaSk4vLzlYSW0rSkpHcjZWUnBMS2dBCmt3RU1PMkJ1VU5wNUc1NC9lbGFk
cjl6cXp6M292enFHckkyamwwaDRia2MKLS0tIGRUTzFGdDZFaS9LdkRjMW56U25B
emRDTncvNnlycHF3V2VJN3NlZTNVSjgK8RUx9qImdqjHBHisnwY+qRZ9vuafl3MN
jnJsIsKSdF51dWYskEMVnPYwn9HdOKkAh6amwSITcw3ZCcK7ftfT+g==
-----END AGE ENCRYPTED FILE-----
- recipient: age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRWXVTSVQvNEhsMkQ2QkRl
SlZLTWN2eUdMa3MwdTBHZE8vdENKTTRKYVF3Ck01N2VNQUJPeHBwVHZTNWYzbXR5
ZS9hUDQydy9nQnR0SVpiUHV6ejhPb0EKLS0tIEZKeXV5QnpZYzBCVDR3WjVSV2Vv
TmJkL3VUbTRLNGNISGhFaGpmaXJ1cDAKpiZ8Nfml0KFq46JRg+394BCyZmnpE4XC
zqxRrNlGH/EDp00q5/jN84vQA+bOhGHcScQpvRCDKMXehQn3H4jksw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-16T16:08:48Z"
mac: ENC[AES256_GCM,data:3/ztJNXhOIPqgQ47QxjM5KTeAJwXPpUuVtvI5/xJsMOOZhXYRt+uhL584F98rJiMHhnbsuGIZi+jGlYRiE6c+GJ9X7TKLj9yRqKvCMSCdWHGzY721GH5kMPcjD2YDYZ4tt+olIMePNJBPjC1XJgfhfOvs43o2HyDTCS95cEQzB4=,iv:qofZBAwxbTrc/hPyuSi8nxibJ0bGhoytZpUTZwwzbuI=,tag:z1SJXutJmlJ+j6RnV4u29Q==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

78
modules/users/nathan/nathan.nix
View File

@@ -1,29 +1,41 @@
{ self, inputs, ... }: {
flake.nixosModules.user-nathan = { config, lib, pkgs, ... }: let
laptop = [ "laptop" ];
homebox = [ "homebox" ];
#both = laptop ++ homebox;
useWith = x: y: (lib.mkIf (builtins.any (z: z == config.networking.hostName) x) y);
in {
laptop = [ "laptop" ];
homebox = [ "homebox" ];
iso = [ "iso" ];
pi4 = [ "pi4" ];
z2w = [ "red-black" "blue-white" "z2w" ];
useWith = x: y: (lib.mkIf (builtins.any (z: z == config.networking.hostName) x) y);
in {
config = {
sops.secrets."nathan/pass".neededForUsers = true;
users.users.nathan = {
enable = true;
shell = pkgs.zsh;
name = lib.mkDefault "nathan";
isNormalUser = lib.mkDefault true;
#hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile;
extraGroups = [ "networkmanager" "docker" "libvirtd" "wheel" ];
hashedPassword = lib.mkIf
(config.users.users.nathan.hashedPasswordFile == null)
"$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6";
extraGroups = lib.mkMerge [
[ "networkmanager" "wheel" ]
(useWith (homebox) [ "docker" "libvirtd" ])
(useWith (pi4) [ "gpio" ])
];
openssh.authorizedKeys.keys = lib.mkMerge [
(useWith homebox [
(useWith (homebox) [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCM7ZgIu4+ntHZbzo9iQPq5pUt7AhpOnfvvI0lWDgO4CgtkPGvyFrDnW87wjAKGKYkgKeHWHIkwq2hkEDqlPD+7xxtPpwzfyo7ZS23xlP31rL14HcG21jGHgx9SO7RmGDHHylu4PwJzz/KX59hcVmpSSV4hgB/mYA9UKe6VHv39X4y3HsjmiHwNBOKXltG4V+VkxOZD6HcZ62sgkyDTaqDpE7p+q8vHPbm6dVTKC9cMjtJmjB5EesMGKcEAy3VN2tA9M0EndtaLcBKM39vDXGpBsjURYZTu7NbQnncnO7L8kVL0nT4vA/d4mCjB51dPoXIcxn1ise0TOb9G7TxMbBQQO5YMOpiB2iuZRRvB3sYoKwbO8YfSxZi0EhvLcxkF9GBFw+pWPl0p0D2fPBbW88YQfEpoAt2EWvEu/pgaMJsTHpgaIuDwPLVQmDciX4MRoi324oElGSK8yN0P8IaCHhFchuehLBWvTi34Qot0GpnxeTzmlLzImICO9Yq0I7dk2rk= nathan@rpi-3dp"
])
(useWith (iso ++ pi4 ++ z2w) [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost"
])
(useWith laptop [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost"
])
@@ -37,14 +49,15 @@
home-manager.users.nathan = with self.homeModules; lib.mkMerge [
self.homeModules.nathan
(useWith laptop nathan-aurora)
(useWith laptop nathan-firefox)
(useWith laptop nathan-rofi)
(useWith laptop nathan-hypridle)
(useWith laptop nathan-hyprland)
(useWith laptop nathan-kitty)
(useWith laptop nathan-scripts)
(useWith laptop nathan-pywal)
(useWith (laptop ++ iso) nathan-aurora)
(useWith (laptop ++ iso) nathan-firefox)
(useWith (laptop ++ iso) nathan-rofi)
(useWith (laptop ++ iso) nathan-hypridle)
(useWith (laptop ++ iso) nathan-hyprland)
(useWith (laptop ++ iso) nathan-kitty)
(useWith (laptop ++ iso) nathan-scripts)
(useWith (laptop ++ iso) nathan-pywal)
(useWith (laptop ++ homebox) nathan-sops)
(useWith laptop {
wayland.windowManager.hyprland.extraConfig = ''
@@ -53,13 +66,35 @@
bind = ALT, Escape, exec, if [[ $(hyprctl monitors | grep 0x0 | sed -n -e "s/\t*1920x1080@//" -e "s/.[1234567890]* at 0x0//p") == 300 ]]; then hyprctl keyword monitor eDP-1,1920x1080@60,0x0,1; else hyprctl keyword monitor eDP-1,1920x1080@300,0x0,1; fi
'';
})
(useWith (iso) {
wayland.windowManager.hyprland.extraConfig = ''
monitor=,preferred,auto,1
'';
})
(useWith (iso ++ pi4 ++ z2w ++ homebox) {
olympus = {
packageSet = "minimal";
};
})
];
};
};
flake.homeModules.nathan-standalone = { lib, ... }:
flake.homeModules.nathan-sops = { ... }: {
imports = [
inputs.sops-nix.homeManagerModules.sops
];
config = {
sops.defaultSopsFile = ./secrets.yaml;
};
};
{
flake.homeModules.nathan-standalone = { ... }: {
config = {
@@ -83,6 +118,7 @@
modules = [
self.homeModules.nathan
self.homeModules.nathan-standalone
];
};
}

35
modules/users/nathan/secrets.yaml Normal file
View File

@@ -0,0 +1,35 @@
nathan:
pass: ENC[AES256_GCM,data:QCpcdtN8Bzn4UnrIdwcEv5jkpW1Xfsmhy7iMyOmBUuMFqqmKrJcFbIUJCuNUSqtRgRl4KO7gzUuXfZbaDX0tm+B/YDEt8vAWxQ==,iv:3GYAq0I2uqJ91YewyTVoTQNR6cnwJROQr2ipgHvbmSo=,tag:oHnAjSNqIIp39LLI8kSONQ==,type:str]
sops:
age:
- recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNOWVVVVpVdGFMMmNaTmU2
ZStjR0liZVVKSHcyQUhiVkdCeWhCZUVGMzFRCkFRc0xpdUJ5R0lMUHZzcVN3TTd3
OXVuNHhqSVBoYnFveFljbHlBbGRoZVkKLS0tIHgvOFA2cGxMaTFBUGFrQVBmRVJ1
N3ZvV3VKbmhNUGx1ckhhdWZVemRCMGcKLwZZ+wlV8EOCk7F5eaBFR4HPPCjvPI/+
UyQFJSzc9gGCNrhGicFtrDLx0m/JCzU/jILFUXav9IUTZ8ZRi01BOA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWQ1hRVHIrWHp0ZnlFVmJR
ODk4VzZPWnBLaTMxK3pLR2VxQk9LY0tMWWhVCjFqUzMxb01JNXZuaWVIdEE2NkxL
UWp2UytEYVl0SnZHQm4veGNva1p1a2MKLS0tIEphZVU4VjJJblpDRzdNZ3hJbTAx
c3lUMjBXMjVUY2VlSm9SRTNHUEdJd1kK/hotdiVc5La4c6k4U73URA/26y6EMzDL
iHqVcXZmgkipQtFB5Fvfs/6Zuc0E2f4zQmZSaGw2hQheVl1snm5xiw==
-----END AGE ENCRYPTED FILE-----
- recipient: age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJMDl4bWVPNnpxYXZmWG1h
N2krT2lqN09IOHlvS1FaL1hTNFpsZS9XUmdrCkRFc3YyaWNjejJobVlrdEFReW9N
RlRHdVc1RHNxUE0vV0VvTzdlMm11R3MKLS0tIEpDMUVVME9PdFVNVnVEeG5Oay9l
UU50YWtqSG5SYjc2YUhFWmNZc3NpNTAKPaL3XXAUMD0wjI3PkXEWN4epQPSURN+J
b7di0rMlc6JtJrtzU3HdfmXneMfd4Da9Xk1SeFIxKHS0AsD4cJyt2w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-04-24T01:30:18Z"
mac: ENC[AES256_GCM,data:1tuKI1VMDSiCNWZ2fXp4G3Z0OmhxdyF8IlTaoEFCq324qNgaIfUX7TLfzzEF7ogctf1VBwdu2klGNRKAwjaVIZ8/9U7RgjtkbP5KGJMtXiVkDh1gNV31mlE9ogddxixkQiM9j3wI3RbgsAJaBwo3WGNwEeRrqO21unlE28BrMo0=,iv:Asdx7jYvylRDxWRu7XALP9FpPxWvban8pldJ5b/O9to=,tag:cECR7vjAR05RyLhEWIIrcA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.1

22
modules/users/nathan/sops.nix Normal file
View File

@@ -0,0 +1,22 @@
{ inputs, ... }: {
flake.nixosModules.sops = { config, lib, ... }: {
imports = [
inputs.sops-nix.nixosModules.sops
];
config = {
sops.secrets."nathan/pass" = {
neededForUsers = true;
sopsFile = ./secrets.yaml;
};
users.users.nathan = {
enable = lib.mkDefault false;
hashedPasswordFile = lib.mkDefault config.sops.secrets."nathan/pass".path;
};
};
};
}