reo101/rix101
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(jeeves)!: add config

Browse source 
Automatic disk partitioning using `disko`
Automatic secrets management using `agenix`
Automatic deployment using `deploy-rs`
This commit is contained in:
reo101 2023-10-16 21:42:10 +03:00
parent 64950f00f3
commit 8f17e5849a
Signed by: reo101
GPG key ID: 675AA7EF13964ACB
12 changed files with 869 additions and 55 deletions
Download patch file Download diff file Expand all files Collapse all files

342
flake.lock generated
View file

@ -1,5 +1,53 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"darwin": [
"nix-darwin"
],
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1696775529,
"narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=",
"owner": "ryantm",
"repo": "agenix",
"rev": "daf42cb35b2dc614d1551e37f96406e4c4a2d3e4",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"agenix_2": {
"inputs": {
"darwin": "darwin",
"nixpkgs": [
"ragenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1682101079,
"narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=",
"owner": "ryantm",
"repo": "agenix",
"rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"alejandra": { "alejandra": {
"inputs": { "inputs": {
"flakeCompat": "flakeCompat", "flakeCompat": "flakeCompat",
@ -25,11 +73,11 @@
"base16-schemes": { "base16-schemes": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1680729003, "lastModified": 1689473676,
"narHash": "sha256-M9LHTL24/W4oqgbYRkz0B2qpNrkefTs98pfj3MxIXnU=", "narHash": "sha256-L0RhUr9+W5EPWBpLcmkKpUeCEWRs/kLzVMF3Vao2ZU0=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "base16-schemes", "repo": "base16-schemes",
"rev": "dc048afa066287a719ddbab62b3e19e4b5110cf0", "rev": "d95123ca6377cd849cfdce92c0a24406b0c6a789",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -50,6 +98,59 @@
"url": "https://gist.github.com/antlilja/8372900fcc09e38d7b0b6bbaddad3904/archive/6c3321e0969ff2463f8335da5601986cf2108690.tar.gz" "url": "https://gist.github.com/antlilja/8372900fcc09e38d7b0b6bbaddad3904/archive/6c3321e0969ff2463f8335da5601986cf2108690.tar.gz"
} }
}, },
"crane": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-utils": [
"ragenix",
"flake-utils"
],
"nixpkgs": [
"ragenix",
"nixpkgs"
],
"rust-overlay": [
"ragenix",
"rust-overlay"
]
},
"locked": {
"lastModified": 1681680516,
"narHash": "sha256-EB8Adaeg4zgcYDJn9sR6UMjN/OHdIiMMK19+3LmmXQY=",
"owner": "ipetkov",
"repo": "crane",
"rev": "54b63c8eae4c50172cb50b612946ff1d2bc1c75c",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"ragenix",
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"deploy-rs": { "deploy-rs": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
@ -59,11 +160,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1686747123, "lastModified": 1695052866,
"narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=", "narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=",
"owner": "serokell", "owner": "serokell",
"repo": "deploy-rs", "repo": "deploy-rs",
"rev": "724463b5a94daa810abfc64a4f87faef4e00f984", "rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -84,6 +185,26 @@
"url": "https://github.com/ziglibs/diffz/archive/90353d401c59e2ca5ed0abe5444c29ad3d7489aa.tar.gz" "url": "https://github.com/ziglibs/diffz/archive/90353d401c59e2ca5ed0abe5444c29ad3d7489aa.tar.gz"
} }
}, },
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1696814493,
"narHash": "sha256-1qArVsJGG2RHbV2iKFpAmM5os3myvwpXMOdFy5nh54M=",
"owner": "nix-community",
"repo": "disko",
"rev": "32ce057c183506cecb0b84950e4eaf39f37e8c75",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -148,6 +269,22 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
@ -228,6 +365,24 @@
} }
}, },
"flake-utils_2": { "flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"locked": { "locked": {
"lastModified": 1659877975, "lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
@ -242,16 +397,16 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_3": { "flake-utils_4": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1689068808, "lastModified": 1694529238,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -284,11 +439,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1660459072, "lastModified": 1694102001,
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", "narHash": "sha256-vky6VPK1n1od6vXbqzOXnekrQpTL4hbPAwUhT5J9c9E=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "gitignore.nix", "repo": "gitignore.nix",
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", "rev": "9e21c80adf67ebcb077d75bd5e7d724d21eeafd6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -299,11 +454,11 @@
}, },
"hardware": { "hardware": {
"locked": { "locked": {
"lastModified": 1693718952, "lastModified": 1695109627,
"narHash": "sha256-+nGdJlgTk0MPN7NygopipmyylVuAVi7OItIwTlwtGnw=", "narHash": "sha256-4rpyoVzmunIG6xWA/EonnSSqC69bDBzciFi6SjBze/0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "793de77d9f83418b428e8ba70d1e42c6507d0d35", "rev": "cb4dc98f776ddb6af165e6f06b2902efe31ca67a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -377,11 +532,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1693972774, "lastModified": 1695224363,
"narHash": "sha256-Dt9UZs0/DaIex598quYRYFuGabUbvFdNrHuvGc6HjBc=", "narHash": "sha256-+hfjJLUMck5G92RVFDZA7LWkR3kOxs5zQ7RPW9t3eM8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "b22d7bab30076bbb73744867d6c5bf7d6380570c", "rev": "408ba13188ff9ce309fa2bdd2f81287d79773b00",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -394,13 +549,13 @@
"known_folders": { "known_folders": {
"flake": false, "flake": false,
"locked": { "locked": {
"narHash": "sha256-U/h4bVarq8CFKbFyNXKl3vBRPubYooLxA1xUz3qMGPE=", "narHash": "sha256-bZfn+jgCzrtm8vKPDDMNWLkJYoo7vKxZu+e2tGvSGHY=",
"type": "tarball", "type": "tarball",
"url": "https://github.com/ziglibs/known-folders/archive/fa75e1bc672952efa0cf06160bbd942b47f6d59b.tar.gz" "url": "https://github.com/ziglibs/known-folders/archive/a564f582122326328dad6b59209d070d57c4e6ae.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://github.com/ziglibs/known-folders/archive/fa75e1bc672952efa0cf06160bbd942b47f6d59b.tar.gz" "url": "https://github.com/ziglibs/known-folders/archive/a564f582122326328dad6b59209d070d57c4e6ae.tar.gz"
} }
}, },
"langref": { "langref": {
@ -425,11 +580,11 @@
}, },
"locked": { "locked": {
"dir": "contrib", "dir": "contrib",
"lastModified": 1693954768, "lastModified": 1695424083,
"narHash": "sha256-DIyHgdfhmftTN2aHVEmJ1q/W2o0Slild0McAf4sEa8U=", "narHash": "sha256-mCB8q5XQdmttc4+78YnRnWKtb8cGOYCp3nXEbCJb2Xw=",
"owner": "neovim", "owner": "neovim",
"repo": "neovim", "repo": "neovim",
"rev": "2ef7b6a433c61837bcef0fca297a665551835423", "rev": "c68c121f50ee0eae7f26ed043689105086572f55",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -450,11 +605,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1693958686, "lastModified": 1695427468,
"narHash": "sha256-UgdB+EXYbi90vm2fam4tYgY9hYGwxSk0sxG96jIyeg4=", "narHash": "sha256-LjVp//svQX0mLbzbP8hNUqVcDZPtvWxF1rjeTJRBy1M=",
"owner": "nix-community", "owner": "nix-community",
"repo": "neovim-nightly-overlay", "repo": "neovim-nightly-overlay",
"rev": "14defe836200c45acf14f3616d7ba20959028cf8", "rev": "5940bca71d4c8b7a688d72aefc4c29b1350b8c21",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -469,11 +624,11 @@
"nixpkgs-lib": "nixpkgs-lib_2" "nixpkgs-lib": "nixpkgs-lib_2"
}, },
"locked": { "locked": {
"lastModified": 1682108218, "lastModified": 1695388192,
"narHash": "sha256-tMr7BbxualFQlN+XopS8rMMgf2XR9ZfRuwIZtjsWmfI=", "narHash": "sha256-2jelpE7xK+4M7jZNyWL7QYOYegQLYBDQS5bvdo8XRUQ=",
"owner": "misterio77", "owner": "misterio77",
"repo": "nix-colors", "repo": "nix-colors",
"rev": "b92df8f5eb1fa20d8e09810c03c9dc0d94ef2820", "rev": "37227f274b34a3b51649166deb94ce7fec2c6a4c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -489,11 +644,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1692248770, "lastModified": 1695424346,
"narHash": "sha256-tZeFpETKQGbgnaSIO1AGWD27IyTcBm4D+A9d7ulQ4NM=", "narHash": "sha256-jkjKhxaBpS7p//l90uz9lNdVK5imVe9eo+XH6zbfrJU=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "511177ffe8226c78c9cf6a92a7b5f2df3684956b", "rev": "c286b23c7fd7f0622bc4af898c91f58b8d304ff1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -605,11 +760,11 @@
}, },
"nixpkgs-lib_2": { "nixpkgs-lib_2": {
"locked": { "locked": {
"lastModified": 1680397293, "lastModified": 1694911725,
"narHash": "sha256-wBpJ73+tJ8fZSWb4tzNbAVahC4HSo2QG3nICDy4ExBQ=", "narHash": "sha256-8YqI+YU1DGclEjHsnrrGfqsQg3Wyga1DfTbJrN3Ud0c=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "b18d328214ca3c627d3cc3f51fd9d1397fdbcd7a", "rev": "819180647f428a3826bfc917a54449da1e532ce0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -620,11 +775,27 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1693844670, "lastModified": 1695145219,
"narHash": "sha256-t69F2nBB8DNQUWHD809oJZJVE+23XBrth4QZuVd6IE0=", "narHash": "sha256-Eoe9IHbvmo5wEDeJXKFOpKUwxYJIOxKUesounVccNYk=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3c15feef7770eb5500a4b8792623e2d6f598c9c1", "rev": "5ba549eafcf3e33405e5f66decd1a72356632b96",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1681920287,
"narHash": "sha256-+/d6XQQfhhXVfqfLROJoqj3TuG38CAeoT6jO1g9r1k0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "645bc49f34fa8eff95479f0345ff57e55b53437e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -684,11 +855,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1694020178, "lastModified": 1695447549,
"narHash": "sha256-1FJT97lTUNL/sjAA85Ysmv8BAExcWohaaHlLJOqb48g=", "narHash": "sha256-R0oT3+/qaf9oqTBZQDwZM05Pt61secoA4RjOKVIB3vk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "1986d63bbafb176538af97ab6e4001ce5bb2718f", "rev": "be08974e568978b2f6c145e5983d6b0c6f61056f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -697,9 +868,33 @@
"type": "github" "type": "github"
} }
}, },
"ragenix": {
"inputs": {
"agenix": "agenix_2",
"crane": "crane",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_3",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1682237245,
"narHash": "sha256-xbBR7LNK+d5Yi/D6FXQGc1R6u2VV2nwr/Df5iaEbOEQ=",
"owner": "yaxitech",
"repo": "ragenix",
"rev": "281f68c3d477904f79ff1cd5807a8c226cd80a50",
"type": "github"
},
"original": {
"owner": "yaxitech",
"repo": "ragenix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix",
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"disko": "disko",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_2",
"hardware": "hardware", "hardware": "hardware",
"home-manager": "home-manager", "home-manager": "home-manager",
@ -709,11 +904,37 @@
"nix-on-droid": "nix-on-droid", "nix-on-droid": "nix-on-droid",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"nur": "nur", "nur": "nur",
"ragenix": "ragenix",
"wired": "wired", "wired": "wired",
"zig-overlay": "zig-overlay", "zig-overlay": "zig-overlay",
"zls-overlay": "zls-overlay" "zls-overlay": "zls-overlay"
} }
}, },
"rust-overlay": {
"inputs": {
"flake-utils": [
"ragenix",
"flake-utils"
],
"nixpkgs": [
"ragenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1682129965,
"narHash": "sha256-1KRPIorEL6pLpJR04FwAqqnt4Tzcm4MqD84yhlD+XSk=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "2c417c0460b788328220120c698630947547ee83",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
@ -744,6 +965,21 @@
"type": "github" "type": "github"
} }
}, },
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": { "utils": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1667395993,
@ -798,18 +1034,18 @@
}, },
"zig-overlay": { "zig-overlay": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_5",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_3",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1694002101, "lastModified": 1695428435,
"narHash": "sha256-wYQ4Z5AKT3gqLCDOqXqw1q40mjO3Zh9Tanc3/fMVFRQ=", "narHash": "sha256-RfegRMM3r+xSN2xrsb/GqI8t/hog9TCtUz/xaUTxMCk=",
"owner": "mitchellh", "owner": "mitchellh",
"repo": "zig-overlay", "repo": "zig-overlay",
"rev": "b9b8492e4e6edede26bf3bd36d8a42d9d54230d5", "rev": "8d84a99ebb95616575dec694657c21d83a6ac51e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -822,7 +1058,7 @@
"inputs": { "inputs": {
"binned_allocator": "binned_allocator", "binned_allocator": "binned_allocator",
"diffz": "diffz", "diffz": "diffz",
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_4",
"gitignore": "gitignore", "gitignore": "gitignore",
"known_folders": "known_folders", "known_folders": "known_folders",
"langref": "langref", "langref": "langref",
@ -834,11 +1070,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1693924059, "lastModified": 1695406829,
"narHash": "sha256-PfxEkc7BHWiIOaFvCLBCxyIRdgSdmMsKU4kHA0E5ps8=", "narHash": "sha256-eTtDS5dfNfwz+VKHzRsliB2sDAwGFdUFe8PDnY+YIa4=",
"owner": "zigtools", "owner": "zigtools",
"repo": "zls", "repo": "zls",
"rev": "7aeb758e9e652c3bad8fd11d1fb146328a3edbd3", "rev": "ab0352a6203adce9a94805c32bd3770af6b92832",
"type": "github" "type": "github"
}, },
"original": { "original": {

32
flake.nix
View file

@ -32,11 +32,38 @@
flake = false; flake = false;
}; };
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
deploy-rs = { deploy-rs = {
url = "github:serokell/deploy-rs"; url = "github:serokell/deploy-rs";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
agenix = {
url = "github:ryantm/agenix";
inputs = {
nixpkgs.follows = "nixpkgs";
darwin.follows = "nix-darwin";
home-manager.follows = "home-manager";
};
};
ragenix = {
url = "github:yaxitech/ragenix";
};
# sops-nix = {
# url = "github:Mic92/sops-nix";
# inputs = {
# nixpkgs.follows = "nixpkgs";
# darwin.follows = "nix-darwin";
# home-manager.follows = "home-manager";
# };
# };
# Nix User Repository # Nix User Repository
nur = { nur = {
url = "github:nix-community/NUR"; url = "github:nix-community/NUR";
@ -78,7 +105,10 @@
, nix-on-droid , nix-on-droid
, nix-darwin , nix-darwin
, home-manager , home-manager
, disko
, deploy-rs , deploy-rs
, agenix
, ragenix
, nur , nur
, hardware , hardware
, nix-colors , nix-colors
@ -105,7 +135,7 @@
# Dev Shells (`nix develop`) # Dev Shells (`nix develop`)
devShells = util.forEachPkgs (pkgs: devShells = util.forEachPkgs (pkgs:
import ./shells { inherit pkgs; } import ./shells { inherit pkgs inputs outputs; }
); );
# Formatter # Formatter

122
machines/nixos/x86_64-linux/jeeves/configuration.nix Normal file
View file

@ -0,0 +1,122 @@
{ inputs, outputs, lib, pkgs, config, ... }:
{
imports = [
(import ./disko.nix { inherit inputs outputs; })
inputs.agenix.nixosModules.default
./network.nix
];
nixpkgs = {
hostPlatform = "x86_64-linux";
config = {
allowUnfree = true;
};
overlays = [
];
};
networking.hostName = "jeeves";
boot = {
loader.systemd-boot.enable = true;
kernelPackages = pkgs.linuxPackages_latest;
initrd.availableKernelModules = [
"nvme"
];
};
hardware.enableRedistributableFirmware = true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nix = {
registry =
lib.mapAttrs
(_: value: {
flake = value;
})
inputs;
nixPath =
lib.mapAttrsToList
(key: value:
"${key}=${value.to.path}")
config.nix.registry;
settings = {
experimental-features = "nix-command flakes";
auto-optimise-store = true;
};
};
programs.zsh.enable = true;
environment.systemPackages = with pkgs; [
git
neovim
];
# NOTE: made with `mkpasswd -m sha-516`
age.secrets."home/jeeves_password".file = ../../../../secrets/home/jeeves_password.age;
users = {
mutableUsers = true;
users = {
jeeves = {
isNormalUser = true;
shell = pkgs.zsh;
passwordFile = config.age.secrets."home/jeeves_password".path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBj8ZGcvI80WrJWV+dNy1a3L973ydSNqtwcVHzurDUaW (none)"
];
extraGroups = [
"wheel"
"networkmanager"
"audio"
"docker"
];
};
};
};
# reo101.jellyfin = {
# enable = true;
# image = "docker.io/jellyfin/jellyfin:latest";
# volumes = [
# "/var/cache/jellyfin/config:/config"
# "/var/cache/jellyfin/cache:/cache"
# "/var/log/jellyfin:/log"
# "/data/media/jellyfin:/media:ro"
# ];
# ports = [
# "8096:8096"
# ];
# };
security.sudo.extraRules= [
{
users = [
"jeeves"
];
commands = [
{
command = "ALL" ;
options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea
}
];
}
];
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
boot.plymouth = {
enable = true;
};
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "23.05";
}

42
machines/nixos/x86_64-linux/jeeves/deploy.nix Normal file
View file

@ -0,0 +1,42 @@
{
# This is the hostname by which you'll refer to this machine using reploy-rs
hostname = "jeeves.reo101.xyz";
# This is the user that deploy-rs will use when connecting.
# This will default to your own username if not specified anywhere
sshUser = "jeeves";
# This is the user that the profile will be deployed to (will use sudo if not the same as above).
# If `sshUser` is specified, this will be the default (though it will _not_ default to your own username)
user = "root";
# Which sudo command to use. Must accept at least two arguments:
# the user name to execute commands as and the rest is the command to execute
# This will default to "sudo -u" if not specified anywhere.
sudo = "sudo -u";
# This is an optional list of arguments that will be passed to SSH.
sshOpts = [ "-p" "727" ];
# Fast connection to the node. If this is true, copy the whole closure instead of letting the node substitute.
# This defaults to `false`
fastConnection = false;
# If the previous profile should be re-activated if activation fails.
# This defaults to `true`
autoRollback = true;
# See the earlier section about Magic Rollback for more information.
# This defaults to `true`
magicRollback = true;
# The path which deploy-rs will use for temporary files, this is currently only used by `magicRollback` to create an inotify watcher in for confirmations
# If not specified, this will default to `/tmp`
# (if `magicRollback` is in use, this _must_ be writable by `user`)
tempPath = "/tmp";
# Build the derivation on the target system
# Will also fetch all external dependencies from the target system's substituters.
# This default to `false`
remoteBuild = true;
}

200
machines/nixos/x86_64-linux/jeeves/disko.nix Normal file
View file

@ -0,0 +1,200 @@
{ inputs, outputs, ... }:
{ lib, pkgs, config, ... }:
{
imports = [
inputs.disko.nixosModules.disko
];
environment.systemPackages = with pkgs; [
# `statfs` for btrfs commands
gocryptfs
];
# If on installer
disko.enableConfig = true;
# `head -c 8 /etc/machine-id`
networking.hostId = "1418566e";
# NOTE: needed for mounting `/key` (for LUKS)
boot.initrd.kernelModules = [
"uas"
"ext4"
];
# HACK: for troubleshooting
# see https://github.com/NixOS/nixpkgs/blob/9d6655c6222211adada5eeec4a91cb255b50dcb6/nixos/modules/system/boot/stage-1-init.sh#L45-L49
boot.initrd.preFailCommands = ''
export allowShell=1
'';
# NOTE: doesn't get mounted early enough, see below
# fileSystems."/key" = {
# device = "/dev/disk/by-partlabel/key";
# fsType = "ext4";
# neededForBoot = true;
# };
disko = {
devices = {
disk = {
# NOTE: we could do this to setup a usb for the keys
# but disko overrides it with no option of ignoring when partitioning
# (i.e. tell disko to only use this only for decalartion)
# key = {
# type = "disk";
# device = "/dev/disk/by-id/usb-USB2.0_Flash_Disk_1000000000001D8B-0";
# content = {
# type = "gpt";
# partitions = {
# key = {
# label = "key";
# size = "100%";
# content = {
# type = "filesystem";
# format = "ext4";
# mountpoint = "/key";
# };
# };
# };
# };
# };
ssd1 = {
type = "disk";
device = "/dev/disk/by-id/nvme-eui.e8238fa6bf530001001b448b4ebde3a6";
content = {
type = "gpt";
partitions = {
boot = {
label = "boot_mbr";
size = "1M";
type = "EF02"; # for grub MBR
priority = 1;
};
ESP = {
label = "boot";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
priority = 2;
};
root = {
label = "root";
size = "100%";
content = {
type = "luks";
name = "root";
extraOpenArgs = [ ];
settings = {
keyFile = "/key/root";
# HACK: we need to manually wait for and mount the partition containing the keys
preOpenCommands = ''
# Prepare (kernel modules and directory for mounting)
modprobe uas
modprobe ext4
mkdir -m "0755" -p "/key"
# Loop until mounted (+ initial wait)
sleep 5
until mount -n -t "ext4" -o "ro" "/dev/disk/by-partlabel/key" "/key" 2>&1 1>/dev/null; do
echo 'Could not find a partition with label `key` (at `/dev/disk/by-partlabel/key`), retrying...'
sleep 2
done
'';
};
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
subvolumes = {
"/root" = {
mountpoint = "/";
};
};
};
};
priority = 3;
};
};
};
};
hdd1 = {
type = "disk";
device = "/dev/disk/by-id/ata-WDC_WD8003FFBX-68B9AN0_VYJB5TUM";
content = {
type = "gpt";
partitions = {
mdadm = {
label = "hdd1";
size = "100%";
content = {
type = "mdraid";
name = "tank";
};
};
};
};
};
hdd2 = {
type = "disk";
device = "/dev/disk/by-id/ata-WDC_WD8003FFBX-68B9AN0_VYHZTWSM";
content = {
type = "gpt";
partitions = {
mdadm = {
label = "hdd2";
size = "100%";
content = {
type = "mdraid";
name = "tank";
};
};
};
};
};
};
mdadm = {
tank = {
type = "mdadm";
level = 1;
content = {
type = "luks";
name = "tank";
extraOpenArgs = [ "--allow-discards" ];
settings.keyFile = "/key/tank";
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
subvolumes = {
"/home" = {
mountpoint = "/home";
mountOptions = [
"compress=zstd"
];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"/data" = {
mountpoint = "/data";
mountOptions = [
"compress=zstd"
];
};
"/data/media" = { };
"/data/media/jellyfin" = { };
};
};
};
};
};
};
};
}

69
machines/nixos/x86_64-linux/jeeves/home/jeeves.nix Normal file
View file

@ -0,0 +1,69 @@
{ inputs, outputs, lib, pkgs, config, ... }:
{
imports = [
inputs.wired.homeManagerModules.default
];
nixpkgs = {
overlays = builtins.attrValues outputs.overlays;
config.allowUnfree = true;
};
home = {
username = "jeeves";
homeDirectory = "/home/jeeves";
stateVersion = "23.05";
};
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
home.packages = with pkgs; [
## Core
neovim
git
gnupg
pciutils # lspci
usbutils # lsusb
## Shell
# zsh
# starship
# zoxide
ripgrep
## Nix
direnv
## Torrents
tremc
## Rust
rustc
cargo
rust-analyzer
clang
openssl
pkg-config
];
reo101 = {
shell = {
enable = true;
direnv = true;
zoxide = true;
shells = [
"zsh"
"nushell"
];
};
};
home.file = {
".config/nvim" = {
source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/.local/src/reovim";
};
};
}

47
machines/nixos/x86_64-linux/jeeves/network.nix Normal file
View file

@ -0,0 +1,47 @@
{ lib, pkgs, config, ... }:
{
environment.systemPackages = with pkgs; [
];
# Networking
age.secrets."home/wifi.env".file = ../../../../secrets/home/wifi.env.age;
networking.wireless = {
iwd.enable = true;
environmentFile = config.age.secrets."home/wifi.env".path;
networks = {
home = {
ssid = "@HOME_WIFI_SSID@";
psk = "@HOME_WIFI_PSK@";
};
};
};
systemd.network = {
enable = true;
wait-online = {
enable = false;
anyInterface = true;
ignoredInterfaces = [
"eth0"
];
};
networks."10-eth0" = {
matchConfig.Name = "eth0";
networkConfig.DHCP = "yes";
};
links."10-eth0" = {
matchConfig.PermanentMACAddress = "04:7c:16:80:3c:2c";
linkConfig.Name = "eth0"; # "enp8s0";
};
networks."15-wan0" = {
matchConfig.Name = "wan0";
networkConfig.DHCP = "yes";
};
links."15-wan0" = {
matchConfig.PermanentMACAddress = "bc:f4:d4:40:5c:ed";
linkConfig.Name = "wan0"; # "wlp15s0";
};
};
}

14
secrets/home/jeeves_password.age Normal file
View file

@ -0,0 +1,14 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtbHdXaWlnVnl6bStVUEpR
c1d6a0lHL09VbVAraGtvclpJU1F6TUVCNUhRClNmVFFFVkpuNWJqUUxRTE93d3lT
Wk1qT2oraUpSMGduOTk3NXBuMkFsbW8KLT4gc3NoLWVkMjU1MTkgdk1uYmxnIEJu
ZUpodTN0VmRBanQwWWpIdzZvOS9HS0ZuZ05TWUtQbk5jRHI3cVNKRWcKT1IvYmpy
Tmw5SXJHdHBCREZKWmtsZVB4WGlkVFNaNFhyRmE5R2NwdVNtcwotPiBhSi1ncmVh
c2UgQlwKZHZQU2NwdkRhallRUStvU2tRSmVLRzN2d3NZMHVDNGxQQ01tVUZQOUQ0
QURBbmJ1Y2hGR2VBN0xrNFR3MGMyTApUZ2xPZmVGRndFb3NwR3FwZGVoVi9XWEYw
RGx5TDROYzJaQWFjc2UvQUs4Ci0tLSBDQy8yckEwTEttQVFIamxlM3VIVDRQZTN4
VGZZUjZsWk9SVGR4UmtmOEU4ClM22goWXt0lCfW7h8NOsbT7DrEZ6NeOUBi/soFL
nhAzqMKdDY5e3apubmGaerbzJ9nt22kAtnaswPA8EQF2FvdIRwiVvuPqp7sUbS/6
8rWhNuuBqxwLCoVWUe7dkRTVwKu7Wk6stWUrhEZhOpDU9pjFIs9p4dzXD8zFBzpA
pqn9cbRE46jheGN43sU=
-----END AGE ENCRYPTED FILE-----

20
secrets/home/wifi.env.age Normal file
View file

@ -0,0 +1,20 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IElkcVZ1USBuTWds
TmVVbEVPZjNYemU5Y0srUWdabnhGZDZ6TklvYXJaWlBtTWZ3MGhJCmhWd0VqZ1lV
djBwL05MVTZpR2xNWU9Hd0tLVWxYRExWc0ZKb1BYa3Bjc00KLT4gc3NoLWVkMjU1
MTkgV2Y4dmp3IE4vSHF2MHdrZmVvaXluWFpuZHRSU0tTQlRwTzBUUzNDaytvL3Jt
UEcwSE0KSkRoTlpZSmYrekRtT0ltOHNMTjVubWNLWTlDVTAvenJTcDErdHV2Z202
VQotPiBYMjU1MTkgUjJsMmc2QjR2T0ZQbS93ZUJhUFBIbHl3RFFzRzZrclcvOG5J
SVE0WDNUNApMZkYxeEc1ZXhMTTdVK0VBa1FLUXNscmJLWGVQRHFKQjFTaW5VTElj
UnJBCi0+IHNzaC1lZDI1NTE5IHZNbmJsZyA4TmQxSjNDV3Q0N3hLQXhYZnBCditI
aUtOZEpXVWpLRzF0c1h4SzZTSUZjCno0K0JhMENVY3ovMHRuL295dzI2VGtTZWt4
SW5jWWZ6K1hLV2FCeEhEMXcKLT4gc3NoLWVkMjU1MTkgQjdiZXhBIExkZEdwUlJp
V09YOEdKQmtpTE9xWXRwQkRsZ1VLRUhVTWxSK1dyQ2x1eDAKc29GMEt6a3NjSzRV
UDJBaENVYlRLS2JRM1VDK0hvN1hGdHNiYmFwM3ZWMAotPiBvP0UtZ3JlYXNlIFxG
IHA2O1okOzVsCkYxNGRtWnQ0M2pRVW1GZWw5bExoU0ZxSmllZEN3UWs5WFZpZG1V
RWhaUC9xSTFpQk9TaFhDOGxOZmk0YVJ4cjYKYzhPM3AxZC8raXVnUVh3ZlF3U0Vy
UUxMTytOb2tEOE1kU3RpaW15WWg1K1lTVXBnc29hU1k0TQotLS0gbzc3dHdJQ0pB
VmxzZ1FhTmo0UUc0RldKclZzZkNBb1FlNUNBZjJBekp6MArQ+1zBESesqZ6HtsI2
jdZVixj3TeSsdLzfW68kVyrBhUdV+r9zT3YHyHx0Qv9mr5alvdxTJxG00zJ7q0+u
kmDgK/mnCmVwn/bRGyPtYXJdF1i2YgT/enkZhA==
-----END AGE ENCRYPTED FILE-----

26
secrets/secrets.nix Normal file
View file

@ -0,0 +1,26 @@
# This file is not imported into the NixOS/home-manager configurations.
# It is only used for the `agenix` CLI.
# `agenix` use the public keys defined in this file to encrypt the secrets.
# Users can decrypt the secrets by any of the corresponding private keys.
let
# User's ssh public key:
# cat ~/.ssh/id_ed25519.pub
# Generate using:
# ssh-keygen -t ed25519
main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBj8ZGcvI80WrJWV+dNy1a3L973ydSNqtwcVHzurDUaW";
limonka = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmO9YwsuPMstyLVElvam5mKZfr51qnNj6cIZN8cCu7f";
limonka_age = "age1m23jgdtkfh6gqnxge88q03yy9exckajmlmx8sw2z9t3t5gpr0c4qxgdtwr";
users = [ main limonka limonka_age ];
# System's ssh public key:
# cat /etc/ssh/ssh_host_ed25519_key.pub
# Generated automatically when running `sshd`
jeeves_system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPopSTZ81UyKp9JSljCLp+Syk51zacjh9fLteqxQ6/aB";
limonka_system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2DM5F3nLKDiWoxqTwJw4bi5Q1RGZYtEPmTcLxTC7c9";
systems = [ jeeves_system limonka_system ];
in
{
"home/wifi.env.age".publicKeys = users ++ systems;
"home/jeeves_password.age".publicKeys = [ limonka_age jeeves_system ];
}

4
shells/default.nix
View file

@ -1,6 +1,8 @@
# If pkgs is not defined, instanciate nixpkgs from locked commit # If pkgs is not defined, instanciate nixpkgs from locked commit
{ pkgs ? (import ../nixpkgs.nix) { } { pkgs ? (import ../nixpkgs.nix) { }
, inputs
, outputs
, ... , ...
}: { }: {
default = import ./default { inherit pkgs; }; default = import ./default { inherit pkgs inputs outputs; };
} }

6
shells/default/default.nix
View file

@ -1,5 +1,7 @@
# Shell for bootstrapping flake-enabled nix and other tooling # Shell for bootstrapping flake-enabled nix and other tooling
{ pkgs { pkgs
, inputs
, outputs
, ... , ...
}: pkgs.mkShell { }: pkgs.mkShell {
NIX_CONFIG = '' NIX_CONFIG = ''
@ -9,5 +11,9 @@
nix nix
home-manager home-manager
git git
deploy-rs
# inputs.agenix.packages.${pkgs.system}.agenix
inputs.ragenix.packages.${pkgs.system}.ragenix
rage
]; ];
} }