Compare commits
	
		
			13 Commits
		
	
	
		
			4b3eef4150
			...
			home_manag
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 869d3957b5 | |||
| a49c4f40e5 | |||
| a8851c19e4 | |||
| 3497d93dcb | |||
| 2eaffa8cfb | |||
| 955c3255a0 | |||
| 6b367a7c95 | |||
| 02155976ab | |||
| 4c7f22b903 | |||
| f0f7c2613e | |||
| b92ca00054 | |||
| 2315d56db0 | |||
| 98c0142938 | 
							
								
								
									
										3
									
								
								.gitmodules
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										3
									
								
								.gitmodules
									
									
									
									
										vendored
									
									
								
							| @@ -1,3 +1,6 @@ | ||||
| [submodule "assets/compose"] | ||||
| 	path = assets/compose | ||||
| 	url = ssh://git@code.lazyworkhorse.net:2222/gortium/compose.git | ||||
| [submodule "assets/dotfiles"] | ||||
| 	path = assets/dotfiles | ||||
| 	url = ssh://git@code.lazyworkhorse.net:2222/gortium/dotfiles.git | ||||
|   | ||||
 Submodule assets/compose updated: bcaad554a6...5def86e278
									
								
							
							
								
								
									
										33
									
								
								flake.lock
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										33
									
								
								flake.lock
									
									
									
										generated
									
									
									
								
							| @@ -10,11 +10,11 @@ | ||||
|         "systems": "systems" | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1754337839, | ||||
|         "narHash": "sha256-fEc2/4YsJwtnLU7HCFMRckb0u9UNnDZmwGhXT5U5NTw=", | ||||
|         "lastModified": 1754433428, | ||||
|         "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", | ||||
|         "owner": "ryantm", | ||||
|         "repo": "agenix", | ||||
|         "rev": "856df6f6922845abd4fd958ce21febc07ca2fa45", | ||||
|         "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
| @@ -44,13 +44,33 @@ | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "home-manager_2": { | ||||
|       "inputs": { | ||||
|         "nixpkgs": [ | ||||
|           "nixpkgs" | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1755625756, | ||||
|         "narHash": "sha256-t57ayMEdV9g1aCfHzoQjHj1Fh3LDeyblceADm2hsLHM=", | ||||
|         "owner": "nix-community", | ||||
|         "repo": "home-manager", | ||||
|         "rev": "dd026d86420781e84d0732f2fa28e1c051117b59", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "nix-community", | ||||
|         "repo": "home-manager", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "nixpkgs": { | ||||
|       "locked": { | ||||
|         "lastModified": 1753939845, | ||||
|         "narHash": "sha256-K2ViRJfdVGE8tpJejs8Qpvvejks1+A4GQej/lBk5y7I=", | ||||
|         "lastModified": 1755615617, | ||||
|         "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", | ||||
|         "owner": "nixos", | ||||
|         "repo": "nixpkgs", | ||||
|         "rev": "94def634a20494ee057c76998843c015909d6311", | ||||
|         "rev": "20075955deac2583bb12f07151c2df830ef346b4", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
| @@ -63,6 +83,7 @@ | ||||
|     "root": { | ||||
|       "inputs": { | ||||
|         "agenix": "agenix", | ||||
|         "home-manager": "home-manager_2", | ||||
|         "nixpkgs": "nixpkgs" | ||||
|       } | ||||
|     }, | ||||
|   | ||||
							
								
								
									
										15
									
								
								flake.nix
									
									
									
									
									
								
							
							
						
						
									
										15
									
								
								flake.nix
									
									
									
									
									
								
							| @@ -8,15 +8,23 @@ | ||||
|       inputs.darwin.follows = ""; | ||||
|       inputs.nixpkgs.follows = "nixpkgs"; | ||||
|     }; | ||||
|     home-manager = { | ||||
|       url = "github:nix-community/home-manager"; | ||||
|       inputs.nixpkgs.follows = "nixpkgs"; | ||||
|     }; | ||||
|     self.submodules = true; | ||||
|   }; | ||||
|  | ||||
|   outputs = { self, nixpkgs, agenix, ... }@inputs: | ||||
|   outputs = { self, nixpkgs, agenix, home-manager, ... }@inputs: | ||||
|     let | ||||
|       system = "x86_64-linux"; | ||||
|       keys = import ./lib/keys.nix; | ||||
|       paths = { | ||||
|         flake = "/home/gortium/infra"; | ||||
|         identities = [ "/home/gortium/.ssh/gortium_ssh_key" "/etc/ssh/ssh_host_ed25519_key" ]; | ||||
|         identities = [ | ||||
|           "/home/gortium/.ssh/gortium_ssh_key" | ||||
|           "/etc/ssh/ssh_host_ed25519_key" | ||||
|           "/root/.age/bootstrap.key" ]; | ||||
|       }; | ||||
|       overlays = [ agenix.overlays.default ]; | ||||
|       pkgs = import nixpkgs { | ||||
| @@ -35,10 +43,11 @@ | ||||
|             modules = [ | ||||
|               { nixpkgs.overlays = overlays; } | ||||
|               agenix.nixosModules.default | ||||
|               home-manager.nixosModules.default | ||||
|               ./hosts/lazyworkhorse/configuration.nix | ||||
|               ./hosts/lazyworkhorse/hardware-configuration.nix | ||||
|               ./modules/default.nix | ||||
|               ./users/gortium.nix | ||||
|               ./users/gortium | ||||
|             ]; | ||||
|           }; | ||||
|         }; | ||||
|   | ||||
| @@ -29,6 +29,8 @@ | ||||
|   boot.loader.systemd-boot.enable = true; | ||||
|   boot.loader.efi.canTouchEfiVariables = false; | ||||
|  | ||||
|   boot.kernelModules = [ "nct6775" "lm63" ]; | ||||
|   boot.blacklistedKernelModules = [ "eeepc_wmi" ]; | ||||
|   networking.hostName = "lazyworkhorse"; # Define your hostname. | ||||
|   # Pick only one of the below networking options. | ||||
|   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant. | ||||
| @@ -56,31 +58,6 @@ | ||||
|     LC_CTYPE = "en_CA.UTF-8"; | ||||
|   }; | ||||
|  | ||||
|   # Private host ssh key | ||||
|   age = { | ||||
|     identityPaths = paths.identities; | ||||
|     secrets = { | ||||
|       lazyworkhorse_host_ssh_key = { | ||||
|         file = "${self}/secrets/lazyworkhorse_host_ssh_key.age"; | ||||
|         owner = "root"; | ||||
|         group = "root"; | ||||
|         mode = "0600"; | ||||
|         path = "/etc/ssh/ssh_host_ed25519_key"; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   # Public host ssh key | ||||
|   environment.etc."ssh/ssh_host_ed25519_key.pub".text = keys.hosts.lazyworkhorse.main; | ||||
|  | ||||
|   # Prevent sshd from generating new keys and use this one | ||||
|   services.openssh.hostKeys = [ | ||||
|     { | ||||
|       path = "/etc/ssh/ssh_host_ed25519_key"; | ||||
|       type = "ed25519"; | ||||
|     } | ||||
|   ]; | ||||
|  | ||||
|   # Configure network proxy if necessary | ||||
|   # networking.proxy.default = "http://user:password@proxy:port/"; | ||||
|   # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; | ||||
| @@ -130,6 +107,7 @@ | ||||
|     age | ||||
|     git | ||||
|     nh | ||||
|     lm_sensors | ||||
|   ]; | ||||
|  | ||||
|   # Some programs need SUID wrappers, can be configured further or are | ||||
| @@ -142,12 +120,50 @@ | ||||
|  | ||||
|   # List services that you want to enable: | ||||
|  | ||||
|   # Enable the OpenSSH daemon. | ||||
|   # Enable the OpenSSH daemon | ||||
|   services.openssh = { | ||||
|     enable = true; | ||||
|     settings.PermitRootLogin = "no"; | ||||
|     hostKeys = [ | ||||
|       { | ||||
|         path = "/etc/ssh/ssh_host_ed25519_key"; | ||||
|         type = "ed25519"; | ||||
|       } | ||||
|     ]; | ||||
|   }; | ||||
|  | ||||
|   # Private host ssh key managed by agenix | ||||
|   age = { | ||||
|     identityPaths = paths.identities; | ||||
|     secrets = { | ||||
|       containers_env = { | ||||
|         file = ../../secrets/containers.env.age; | ||||
|         path = "/run/secrets/containers.env"; | ||||
|         owner = "root"; | ||||
|         group = "root"; | ||||
|         mode = "0400"; | ||||
|       }; | ||||
|       lazyworkhorse_host_ssh_key = { | ||||
|         file = ../../secrets/lazyworkhorse_host_ssh_key.age; | ||||
|         owner = "root"; | ||||
|         group = "root"; | ||||
|         mode = "0600"; | ||||
|         path = "/etc/ssh/ssh_host_ed25519_key"; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   fileSystems."/".neededForBoot = true; | ||||
|  | ||||
|   # Public host ssh key (kept in sync with the private one) | ||||
|   environment.etc."ssh/ssh_host_ed25519_key.pub".text = | ||||
|     "${keys.hosts.lazyworkhorse.main}"; | ||||
|  | ||||
|   services.fstrim.enable = true; | ||||
|  | ||||
|   services.zfs.autoSnapshot.enable = true; | ||||
|   services.zfs.autoScrub.enable = true; | ||||
|  | ||||
|  # Open ports in the firewall. | ||||
|   # networking.firewall.allowedTCPPorts = [ ... ]; | ||||
|   # networking.firewall.allowedUDPPorts = [ ... ]; | ||||
|   | ||||
| @@ -9,9 +9,10 @@ | ||||
|  | ||||
|   hosts = { | ||||
|     lazyworkhorse = { | ||||
|       main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBmPv4JssvhHGIx85UwFxDSrL5anR4eXB/cd9V2i9wdW"; | ||||
|       main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINmXqD+bBveCYf4khmARA0uaCzkBOUIE077ZrInLNs1O"; | ||||
|       github = ""; | ||||
|       gitea = ""; | ||||
|       bootstrap = "age1r796v2uldtspawyh863pks74sd2pwcan8j4e4pjzsvkmr3vjja9qpz5ste"; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
|   | ||||
| @@ -5,6 +5,5 @@ | ||||
|       # ./programs | ||||
|       ./services | ||||
|       ./filesystem | ||||
|       ./services/systemd | ||||
|     ]; | ||||
| } | ||||
|   | ||||
| @@ -1,7 +1,7 @@ | ||||
| { pkgs, lib, config, ... }: { | ||||
|  | ||||
|   options = { | ||||
|     hoardingcow-mount.enable = lib.mkEnableOption "enable hoardingcow acces"; | ||||
|     hoardingcow-mount.enable = lib.mkEnableOption "enable hoardingcow access"; | ||||
|   }; | ||||
|   config = lib.mkIf config.hoardingcow-mount.enable { | ||||
|     fileSystems."/mnt/HoardingCow_docker_data" = { | ||||
|   | ||||
| @@ -1,6 +1,6 @@ | ||||
| { pkgs, lib, config, ... }: { | ||||
|   imports = | ||||
|     [ | ||||
|       ./systemd | ||||
|     ]; | ||||
| { | ||||
|   imports = [ | ||||
|     ./dotfiles.nix | ||||
|     ./systemd | ||||
|   ]; | ||||
| } | ||||
|   | ||||
							
								
								
									
										69
									
								
								modules/nixos/services/dotfiles.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										69
									
								
								modules/nixos/services/dotfiles.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,69 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
|  | ||||
| with lib; | ||||
|  | ||||
| let | ||||
|   cfg = config.services.dotfiles; | ||||
|   stowDir = cfg.stowDir; | ||||
|  | ||||
|   # Function to recursively find all files in a directory | ||||
|   findFiles = dir: | ||||
|     let | ||||
|       files = builtins.attrNames (builtins.readDir dir); | ||||
|     in | ||||
|       concatMap (name: | ||||
|         let | ||||
|           path = dir + "/${name}"; | ||||
|         in | ||||
|           if (builtins.typeOf (builtins.readDir path) == "set") | ||||
|           then findFiles path | ||||
|           else [ path ] | ||||
|       ) files; | ||||
|  | ||||
|   # Get a list of all packages (directories) in the stow directory | ||||
|   stowPackages = builtins.attrNames (builtins.readDir stowDir); | ||||
|  | ||||
|   # Create an attribute set where each attribute is a package name | ||||
|   # and the value is a list of files to be linked. | ||||
|   homeManagerLinks = listToAttrs (map (pkg: | ||||
|     let | ||||
|       pkgPath = stowDir + "/${pkg}"; | ||||
|       files = findFiles pkgPath; | ||||
|     in | ||||
|       nameValuePair pkg (map (file: { | ||||
|         source = file; | ||||
|         target = removePrefix (pkgPath + "/") file; | ||||
|       }) files) | ||||
|   ) stowPackages); | ||||
|  | ||||
| in | ||||
| { | ||||
|   options.services.dotfiles = { | ||||
|     enable = mkEnableOption "Enable dotfiles management"; | ||||
|  | ||||
|     stowDir = mkOption { | ||||
|       type = types.path; | ||||
|       description = "The directory where your stow packages are located."; | ||||
|     }; | ||||
|  | ||||
|     user = mkOption { | ||||
|       type = types.str; | ||||
|       description = "The user to manage dotfiles for."; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   config = mkIf cfg.enable { | ||||
|     home-manager.users.${cfg.user} = { | ||||
|       home.file = | ||||
|         let | ||||
|           allFiles = concatLists (attrValues homeManagerLinks); | ||||
|         in | ||||
|           listToAttrs (map (file: | ||||
|             nameValuePair file.target { | ||||
|               source = file.source; | ||||
|             } | ||||
|           ) allFiles); | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
|  | ||||
| @@ -4,6 +4,7 @@ | ||||
|       ./network.nix | ||||
|       ./passwordmanager.nix | ||||
|       ./versioncontrol.nix | ||||
|       ./fancontrol.nix | ||||
|     ]; | ||||
|  | ||||
|   virtualisation.docker = { | ||||
| @@ -12,17 +13,4 @@ | ||||
|       "dns" = [ "1.1.1.1" "8.8.8.8" ]; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   age = { | ||||
|     identityPaths = paths.identities; | ||||
|     secrets = { | ||||
|       containers_env = { | ||||
|         file = self + "/secrets/containers.env.age"; | ||||
|         path = "/run/secrets/containers.env"; | ||||
|         owner = "root"; | ||||
|         group = "root"; | ||||
|         mode = "0400"; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
|   | ||||
| @@ -1,7 +1,9 @@ | ||||
| age-encryption.org/v1 | ||||
| -> ssh-ed25519 GhMD8A 9Tjo08Hbj3S+nCdLUylZoUK6meXtuHq9F/qwSJZBYho | ||||
| iu2MmQ2VHm+QEvqGjkEy02V0cNRanAyhrA8Xu7UWRFk | ||||
| -> ssh-ed25519 eB5ENw 8UTi2pmZML1Zyh9zCfEx4JqJhQ1vM/jZCEhrkuc1Hh4 | ||||
| et6FoN8E4tgo2DXlt/KTGLRsByJFyDu2oHA/Js/pIB8 | ||||
| --- dmEv5Fz1iUJ3W93lFtkHgtknfQGQNkMqglJZ+3e1qM8 | ||||
| <EFBFBD>U<EFBFBD><EFBFBD><EFBFBD>.<2E><>#C\<11><><EFBFBD>	<09>V<EFBFBD><56>-<2D><><EFBFBD><EFBFBD><1F>tp<74>wnީ<><02><>n<EFBFBD><<3C>E<EFBFBD><45><EFBFBD>~<7E><>bX<62><02><><EFBFBD>_<EFBFBD><5F><07><><EFBFBD><EFBFBD>u<EFBFBD>l?<3F>),s<>Ec7<63><37><EFBFBD><EFBFBD>v<EFBFBD>;<3B>A<EFBFBD>U<EFBFBD>-<2D>I<EFBFBD>7Y<37>-<2D>3g[<5B>jh~<7E>/<2F> | ||||
| -> ssh-ed25519 GhMD8A gLjSioFoNbora4jCZw3UguGp5TdUBLLMaYAiW11T824 | ||||
| TXRVls3R4Zaz2AOvRujcy1kf2XqBQulK3gRzoh45g5g | ||||
| -> ssh-ed25519 kYn3oA 25YlZSMkVE6I3VMUrlF4t3ZwuKj9PsMQoh2gi/pHb10 | ||||
| CAFHTAZ7eyGHT8t766aBiT2Iiq9ZBKitVIIt3AxJfTE | ||||
| -> X25519 2mIaB09iQVif9F3UF9azfs5bFpUkLIU4wtjsyavHPHc | ||||
| GAoZGils65rkG8wOhR4MJB1M2c9IdVSPh0frZdc3Pg0 | ||||
| --- 4Ujt4d9bouX5RsLq4WnkKb8vvGCrsLXfk3MWxP4Jar0 | ||||
| <EFBFBD>ڝ<11><><08>ғ<EFBFBD>w9"<22><>=UYEފ(<0B>J9<4A>mw{<7B><>\<16>jcc><0E>N<EFBFBD>q<EFBFBD><71>T|<7C> | ||||
										
											Binary file not shown.
										
									
								
							| @@ -1,6 +1,6 @@ | ||||
| let | ||||
|   keys = import ../lib/keys.nix; | ||||
|   authorizedKeys = [ keys.users.gortium.main keys.hosts.lazyworkhorse.main ]; | ||||
|   authorizedKeys = [ keys.users.gortium.main keys.hosts.lazyworkhorse.main keys.hosts.lazyworkhorse.bootstrap ]; | ||||
| in | ||||
| { | ||||
|   "containers.env.age".publicKeys = authorizedKeys; | ||||
|   | ||||
| @@ -1,4 +1,5 @@ | ||||
| { pkgs, inputs, config, keys, ... }: { | ||||
|   home-manager.users.gortium = import ./home.nix; | ||||
|   users.users.gortium = { | ||||
|     isNormalUser = true; | ||||
|     extraGroups = [ "wheel" "docker" ]; # Enable ‘sudo’ for the user. | ||||
							
								
								
									
										12
									
								
								users/gortium/home.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								users/gortium/home.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,12 @@ | ||||
| { pkgs, ... }: { | ||||
|   services.dotfiles = { | ||||
|     enable = true; | ||||
|     stowDir = ../../../assets/dotfiles; | ||||
|     user = "gortium"; | ||||
|   }; | ||||
|  | ||||
|   home.username = "gortium"; | ||||
|   home.homeDirectory = "/home/gortium"; | ||||
|   home.stateVersion = "23.11"; # Please change this to your version. | ||||
|   programs.home-manager.enable = true; | ||||
| } | ||||
		Reference in New Issue
	
	Block a user