sorceress
/
nix-infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Nix-darwin + Lix init

This commit is contained in:
Agatha Lovelace 2024-09-05 19:55:42 +02:00
parent 3ede14dc65
commit 518c89795b
Signed by: sorceress
GPG Key ID: 01D0B3AB10CED4F8
7 changed files with 351 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
common/default.nix
View File

@ -1,39 +1,28 @@
{ pkgs, ... }: {
imports = [ ./users ];
{ pkgs, ... }:
{
## Optimizations
# Clean /tmp
boot.tmp.cleanOnBoot = true;
# Link identical files
nix.settings.auto-optimise-store = true;
# Limit journald logs
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=1month
'';
# Garbage collection
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
## Other
# Flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
# Enable fish (needed for nix completions)
programs.fish.enable = true;
# Fix terminfo
environment.enableAllTerminfo = true;
environment.variables.COLORTERM = "truecolor";
# Packages used on all systems
environment.systemPackages = with pkgs; [
ccase
@ -52,38 +41,6 @@
xclip
];
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
banner = ''
Hello mistress ^,,^
'';
settings.PasswordAuthentication = false;
};
# 🥺
# security.please.enable = true;
## Locale/Timezone
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
# Configure keymap in X11
services.xserver = {
layout = "us";
xkbVariant = "";
};
}

5
common/home_manager/common.nix
View File

@ -4,8 +4,9 @@
home-manager.useGlobalPkgs = true;
home-manager.users.agatha = {
home.username = "agatha";
home.homeDirectory = "/home/agatha";
home.stateVersion = config.system.stateVersion;
home.homeDirectory = lib.mkDefault "/home/agatha";
# Fallback for nix-darwin
home.stateVersion = if pkgs.stdenv.isLinux then config.system.stateVersion else "24.05";
home.packages = with pkgs; [
bat
btop

53
common/linux-specific.nix Normal file
View File

@ -0,0 +1,53 @@
{
imports = [ ./users ];
## Optimizations
# Clean /tmp
boot.tmp.cleanOnBoot = true;
# Garbage collection
nix.gc.dates = "weekly";
# Limit journald logs
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=1month
'';
# Fix terminfo
environment.enableAllTerminfo = true;
environment.variables.COLORTERM = "truecolor";
## Locale/Timezone
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
# Configure keymap in X11
services.xserver = {
layout = "us";
xkbVariant = "";
};
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
banner = ''
Hello mistress ^,,^
'';
settings.PasswordAuthentication = false;
};
}

9
common/users/default.nix
View File

@ -1,9 +1,14 @@
{ config, pkgs, ... }: {
{ config, pkgs, ... }:
{
users.users = {
agatha = {
isNormalUser = true;
description = "Agatha Valentine Lovelace";
extraGroups = [ "networkmanager" "wheel" "docker" ];
extraGroups = [
"networkmanager"
"wheel"
"docker"
];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [

128
flake.lock
View File

@ -153,6 +153,24 @@
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -167,6 +185,21 @@
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"frq-friend": {
"inputs": {
"naersk": "naersk_2",
@ -199,11 +232,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1719881815,
"narHash": "sha256-+Vh7r/dOlEphIV5zOIKKYTNMc083lLbQcUVsiyuiiws=",
"lastModified": 1725452565,
"narHash": "sha256-kxduxKvEBSEhoxYHQbMCbxHT0t14kRF4zT6ZmWaqH6M=",
"owner": "helix-editor",
"repo": "helix",
"rev": "3524060ee83b23c2b741a41f57d6ecc06e3fd871",
"rev": "41db5d735eae03be9a69b1136844dac642484ed8",
"type": "github"
},
"original": {
@ -219,11 +252,11 @@
]
},
"locked": {
"lastModified": 1719827385,
"narHash": "sha256-qs+nU20Sm8czHg3bhGCqiH+8e13BJyRrKONW34g3i50=",
"lastModified": 1720042825,
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "391ca6e950c2525b4f853cbe29922452c14eda82",
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
"type": "github"
},
"original": {
@ -233,6 +266,41 @@
"type": "github"
}
},
"lix": {
"flake": false,
"locked": {
"lastModified": 1723503926,
"narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=",
"rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils_3",
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1723510904,
"narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=",
"rev": "622a2253a071a1fb97a4d3c8103a91114acc1140",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz?rev=622a2253a071a1fb97a4d3c8103a91114acc1140"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"
}
},
"lowdown-src": {
"flake": false,
"locked": {
@ -274,7 +342,7 @@
"mms": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_4",
"nix": "nix",
"nixpkgs": [
"nixpkgs"
@ -400,11 +468,11 @@
]
},
"locked": {
"lastModified": 1724219898,
"narHash": "sha256-7PwlnEQDIbww8+nk0CHLeYTYMA23F/CkynHsX7Mxk+s=",
"lastModified": 1725544312,
"narHash": "sha256-ETyDNLOF5YvFO2lVlKttXgdHTqSGdp9ZCRRCjv2gaoM=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "d6703b988728b89456b32bac242c8689902e5a5b",
"rev": "a55b3f1ab41bb6d5025ebeebb4da5fd240b9b3b3",
"type": "github"
},
"original": {
@ -429,11 +497,11 @@
},
"nixpkgs-darwin": {
"locked": {
"lastModified": 1724196396,
"narHash": "sha256-4GoGPErR0RM5r5x+LMnzZvxTdn11lCRO+z8wP3K3PyU=",
"lastModified": 1725140114,
"narHash": "sha256-tlRqsd84YFI7dL8Lz/Sm+M9Bm+Mh7kUs+5ArJbZsuy8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1c5f849214c6c03c47e684622306aad181c107a4",
"rev": "4927f77b7a68615ce99678086cd3dcd0eda34fdd",
"type": "github"
},
"original": {
@ -461,11 +529,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1719826879,
"narHash": "sha256-xs7PlULe8O1SAcs/9e/HOjeUjBrU5FNtkAF/bSEcFto=",
"lastModified": 1725369773,
"narHash": "sha256-gT+rUDbw+TQuszQEzMUJWTW7QYtccZ5xxWmKOSrPvEw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b9014df496d5b68bf7c0145d0e9b0f529ce4f2a8",
"rev": "8b4061fd60ccc3b3f44b73faa7c983eacf7a6f7b",
"type": "github"
},
"original": {
@ -520,11 +588,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1719838683,
"narHash": "sha256-Zw9rQjHz1ilNIimEXFeVa1ERNRBF8DoXDhLAZq5B4pE=",
"lastModified": 1725407940,
"narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d032c1a6dfad4eedec7e35e91986becc699d7d69",
"rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3",
"type": "github"
},
"original": {
@ -557,6 +625,7 @@
"frq-friend": "frq-friend",
"helix": "helix",
"home-manager": "home-manager",
"lix-module": "lix-module",
"matrix-ril100": "matrix-ril100",
"mms": "mms",
"nix-darwin": "nix-darwin",
@ -713,6 +782,21 @@
"type": "github"
}
},
"systems_8": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"url-eater": {
"inputs": {
"naersk": "naersk_4",
@ -791,7 +875,7 @@
},
"utils_4": {
"inputs": {
"systems": "systems_5"
"systems": "systems_6"
},
"locked": {
"lastModified": 1687709756,
@ -809,7 +893,7 @@
},
"utils_5": {
"inputs": {
"systems": "systems_6"
"systems": "systems_7"
},
"locked": {
"lastModified": 1701680307,
@ -827,7 +911,7 @@
},
"utils_6": {
"inputs": {
"systems": "systems_7"
"systems": "systems_8"
},
"locked": {
"lastModified": 1681202837,

193
flake.nix
View File

@ -2,6 +2,12 @@
inputs = {
nixpkgs.url = "nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "nixpkgs/nixpkgs-unstable";
nixpkgs-darwin.url = "github:NixOS/nixpkgs/nixpkgs-24.05-darwin";
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
vampysite.url = "git+https://git.lain.faith/sorceress/vampysite";
@ -10,6 +16,11 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nix-darwin = {
url = "github:LnL7/nix-darwin";
inputs.nixpkgs.follows = "nixpkgs-darwin";
};
mms = {
url = "github:mkaito/nixos-modded-minecraft-servers";
inputs.nixpkgs.follows = "nixpkgs";
@ -51,76 +62,108 @@
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
};
outputs = { nixpkgs, nixpkgs-unstable, home-manager, mms, helix, url-eater
, colorpickle, matrix-ril100, frq-friend, colmena, vampysite, ccase, ...
}: {
colmena = let
mkDesktop = hostname: {
imports = [
./common
./hosts/${hostname}/configuration.nix
./common/options.nix
(import "${home-manager}/nixos")
url-eater.nixosModules.default
colorpickle.nixosModules.default
];
outputs =
{
nixpkgs,
nixpkgs-unstable,
lix-module,
home-manager,
nix-darwin,
mms,
helix,
url-eater,
colorpickle,
matrix-ril100,
frq-friend,
colmena,
vampysite,
ccase,
...
}:
let
overlays = system: config: [
(final: prev: {
helix =
let
helix-pkgs = helix.packages.${final.system};
in
helix-pkgs.helix.passthru.wrapper (
helix-pkgs.helix-unwrapped.overrideAttrs {
preInstall = ''
substituteInPlace contrib/Helix.desktop \
--replace "Exec=hx %F" "Exec=kitty hx %F" \
--replace "Terminal=true" "Terminal=false"
'';
}
);
colorpickle = colorpickle.packages.${final.system}.default;
frq-friend = frq-friend.packages.${final.system}.default;
vampysite = vampysite.packages.${final.system}.default;
matrix-ril100 = matrix-ril100.packages.${final.system}.default;
ccase = ccase.packages.${final.system}.default;
deployment = {
targetUser = "root";
targetHost = hostname;
# Unstable packages
unstable = import nixpkgs-unstable { inherit system config; };
})
colmena.overlay
];
mkDesktop = hostname: {
imports = [
./common
./common/linux-specific.nix
./hosts/${hostname}/configuration.nix
./common/options.nix
lix-module.nixosModules.default
(import "${home-manager}/nixos")
url-eater.nixosModules.default
colorpickle.nixosModules.default
];
tags = [ "home" ];
deployment = {
targetUser = "root";
targetHost = hostname;
allowLocalDeployment = true;
tags = [ "home" ];
keys = {
"restic-password" = {
keyCommand = [ "cat" "./secrets/restic-password" ];
destDir = "/var/lib/secrets/";
};
"restic-env" = {
keyCommand = [ "cat" "./secrets/restic-env" ];
destDir = "/var/lib/secrets/";
};
allowLocalDeployment = true;
keys = {
"restic-password" = {
keyCommand = [
"cat"
"./secrets/restic-password"
];
destDir = "/var/lib/secrets/";
};
"restic-env" = {
keyCommand = [
"cat"
"./secrets/restic-env"
];
destDir = "/var/lib/secrets/";
};
};
};
in {
};
in
{
colmena = {
network = {
description = "Agatha's Nix Infra";
nixpkgs = import nixpkgs rec {
system = "x86_64-linux";
config.allowUnfree = true;
overlays = [
(final: prev: {
helix = let helix-pkgs = helix.packages.${final.system};
in helix-pkgs.helix.passthru.wrapper
(helix-pkgs.helix-unwrapped.overrideAttrs {
preInstall = ''
substituteInPlace contrib/Helix.desktop \
--replace "Exec=hx %F" "Exec=kitty hx %F" \
--replace "Terminal=true" "Terminal=false"
'';
});
colorpickle = colorpickle.packages.${final.system}.default;
frq-friend = frq-friend.packages.${final.system}.default;
vampysite = vampysite.packages.${final.system}.default;
matrix-ril100 = matrix-ril100.packages.${final.system}.default;
ccase = ccase.packages.${final.system}.default;
# Unstable packages
unstable = import nixpkgs-unstable { inherit system config; };
})
colmena.overlay
];
overlays = overlays system config;
};
};
bloodletting = {
imports = [
./common
./common/linux-specific.nix
./hosts/bloodletting/configuration.nix
lix-module.nixosModules.default
(import "${home-manager}/nixos")
mms.module
];
@ -133,23 +176,38 @@
keys = {
"nyandroid-token" = {
keyCommand = [ "cat" "./secrets/nyandroid-token" ];
keyCommand = [
"cat"
"./secrets/nyandroid-token"
];
destDir = "/var/lib/secrets/";
};
"hurricane-tokens" = {
keyCommand = [ "cat" "./secrets/hurricane-tokens" ];
keyCommand = [
"cat"
"./secrets/hurricane-tokens"
];
destDir = "/var/lib/secrets/";
};
"mc-status-bot-env" = {
keyCommand = [ "cat" "./secrets/mc-status-bot-env" ];
keyCommand = [
"cat"
"./secrets/mc-status-bot-env"
];
destDir = "/var/lib/secrets";
};
"fedi-data.toml" = {
keyCommand = [ "cat" "./secrets/frq-friend-fedi-data.toml" ];
keyCommand = [
"cat"
"./secrets/frq-friend-fedi-data.toml"
];
destDir = "/var/lib/frq-friend";
};
"ril100-bot-secrets" = {
keyCommand = [ "cat" "./secrets/ril100-bot-secrets" ];
keyCommand = [
"cat"
"./secrets/ril100-bot-secrets"
];
destDir = "/var/lib/matrix-ril100";
name = ".env";
};
@ -162,6 +220,7 @@
./common
./common/linux-specific.nix
./hosts/watchtower/configuration.nix
lix-module.nixosModules.default
(import "${home-manager}/nixos")
];
@ -176,14 +235,28 @@
ritual = mkDesktop "ritual";
tears = mkDesktop "tears";
};
darwinConfigurations."Agathas-Mac-mini" = nix-darwin.lib.darwinSystem {
modules = [
./common
./hosts/Agathas-Mac-mini/configuration.nix
lix-module.nixosModules.default
(import "${home-manager}/nix-darwin")
(
{ config, ... }:
{
nixpkgs.overlays = overlays nixpkgs.system config;
}
)
];
};
devShells."x86_64-linux".default =
let pkgs = import nixpkgs { system = "x86_64-linux"; };
in pkgs.mkShell {
let
pkgs = import nixpkgs { system = "x86_64-linux"; };
in
pkgs.mkShell {
buildInputs = [
(pkgs.writeShellScriptBin "colmena" ''
${
colmena.defaultPackage.${pkgs.system}
}/bin/colmena --disable-emoji $@
${colmena.defaultPackage.${pkgs.system}}/bin/colmena --disable-emoji $@
'')
];
};

43
hosts/Agathas-Mac-mini/configuration.nix Normal file
View File

@ -0,0 +1,43 @@
{ pkgs, lib, ... }:
{
imports = [
../../common/home_manager/common.nix
../../common/fragments/graphical/iosevka.nix
];
nixpkgs.hostPlatform = "aarch64-darwin";
services.nix-daemon.enable = true;
nix.settings = {
extra-nix-path = "nixpkgs=flake:nixpkgs";
substituters = [
"https://cache.nixos.org"
"https://cache.lix.systems"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
];
};
# Needed for the nix-darwin environment even if zsh is not used.
programs.zsh.enable = true;
users.users.agatha = {
name = "agatha";
home = lib.mkForce "/Users/agatha";
};
fonts.packages = with pkgs; [
(nerdfonts.override {
fonts = [
"DaddyTimeMono"
"NerdFontsSymbolsOnly"
];
})
fira-code
fira-code-symbols
font-awesome_5
iosevka
siji
];
}