diff --git a/flake.nix b/flake.nix index 2ece31a..6306f53 100644 --- a/flake.nix +++ b/flake.nix @@ -29,101 +29,13 @@ # emanote.url = "github:srid/emanote"; }; - outputs = inputs: + outputs = { self, ... }@inputs: let nix-config = { allowUnfree = true; extraOptions = "experimental-features = nix-command flakes"; - permittedInsecurePackages = [ - # "electron-27.3.11" # LogSeq - # "aspnetcore-runtime-6.0.36" # Sonarr - # "aspnetcore-runtime-wrapped-6.0.36" # Sonarr - # "dotnet-sdk-6.0.428" # Sonarr - # "dotnet-sdk-wrapped-6.0.428" # Sonarr - ]; + permittedInsecurePackages = [ ]; }; - - # cute-api = builtins.getFlake "gitlab:bertof/cute-api/0.2.1-3"; - - basic_module = { - nixpkgs = { - config = nix-config; - overlays = [ - # packages - inputs.self.overlays.packages - inputs.self.overlays.overrides - ]; - }; - nix = { - inherit (nix-config) extraOptions; - registry = { - stable = { from = { id = "stable"; type = "indirect"; }; flake = inputs.nixpkgs; }; - unstable = { from = { id = "unstable"; type = "indirect"; }; flake = inputs.nixpkgs-u; }; - }; - }; - }; - - # Home manager configuration - homeManagerModules = [ - inputs.home-manager.nixosModules.default - { - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = { - stable = inputs.nixpkgs; - unstable = inputs.nixpkgs-u; - }; - }; - } - ]; - homeManagerUModules = [ - inputs.home-manager-u.nixosModules.default - { - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = { - stable = inputs.nixpkgs; - unstable = inputs.nixpkgs-u; - }; - }; - } - ]; - - commonModules = [ - # Nix configuration - basic_module - - # Nix rice - inputs.nix-rice.modules.default - ./nixos/rice.nix - - # # S3 cache read - # ./nixos/s3_cache_read.nix - - # Agenix configuration - inputs.ragenix.nixosModules.default - # inputs.agenix.nixosModules.default - - # { services.userborn.enable = true; } - ./nixos/users/bertof.nix - - # Some basic defaults - ./nixos/basics - ]; - - mainModules = [ - ./nixos/pro_audio.nix - ./nixos/kdeconnect.nix - ./nixos/steam.nix - ./nixos/opentabletdriver.nix - - ./nixos/hyprland.nix - { home-manager.users.bertof.imports = [ ./hm/hyprland.nix ]; } - ]; - - installerModules = commonModules ++ [ ./nixos/installer.nix ]; in inputs.flake-parts.lib.mkFlake { inherit inputs; } { systems = import inputs.systems; @@ -133,8 +45,8 @@ inherit system; config = nix-config; overlays = [ - # inputs.nix-rice.overlays.default inputs.self.overlays.packages + inputs.self.overlays.overrides ]; }; @@ -163,39 +75,36 @@ wl-update-background ; - # inherit (cute-api.packages.${system}) cute-api; - # Installer ISO install-iso = inputs.nixos-generators.nixosGenerate { inherit system; - modules = installerModules; + modules = [ self.nixosModules.installerModules ]; format = "install-iso"; }; # RAW base image raw-base-image = inputs.nixos-generators.nixosGenerate { inherit system; - modules = installerModules; + modules = [ self.nixosModules.installerModules ]; format = "raw-efi"; }; # VMDK base image vmdk-base-image = inputs.nixos-generators.nixosGenerate { system = "x86_64-linux"; - modules = installerModules; + modules = [ self.nixosModules.installerModules ]; format = "vmware"; }; # Aarch64 base image aarch64-base-image = inputs.nixos-generators.nixosGenerate { system = "aarch64-linux"; - modules = installerModules; + modules = [ self.nixosModules.installerModules ]; format = "sd-aarch64"; }; # Installer DigitalOcean do-image = inputs.nixos-generators.nixosGenerate { inherit system; - modules = installerModules; + modules = [ self.nixosModules.installerModules ]; format = "do"; }; - }; }; @@ -246,220 +155,219 @@ }; }; + nixosModules = { + basic = { + nixpkgs = { config = nix-config; overlays = [ inputs.self.overlays.packages inputs.self.overlays.overrides ]; }; + nix = { + inherit (nix-config) extraOptions; + registry = { + stable = { from = { id = "stable"; type = "indirect"; }; flake = inputs.nixpkgs; }; + unstable = { from = { id = "unstable"; type = "indirect"; }; flake = inputs.nixpkgs-u; }; + }; + }; + }; + + # Home manager configuration + homeManagerUModules = { + imports = [ inputs.home-manager-u.nixosModules.default ]; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + extraSpecialArgs = { stable = inputs.nixpkgs; unstable = inputs.nixpkgs-u; }; + }; + }; + + commonModules = { + imports = [ + # Nix configuration + self.nixosModules.basic + + # Nix rice + inputs.nix-rice.modules.default + ./nixos/rice.nix + + # (R)Agenix configuration + inputs.ragenix.nixosModules.default + # inputs.agenix.nixosModules.default + + # Users + # { services.userborn.enable = true; } + self.nixosModules.bertof + + # Some basic defaults + ./nixos/basics + + # Home manager + self.nixosModules.homeManagerUModules + ]; + }; + + mainModules = { + imports = [ + self.nixosModules.commonModules + ./nixos/pro_audio.nix + ./nixos/kdeconnect.nix + ./nixos/steam.nix + ./nixos/opentabletdriver.nix + + ./nixos/hyprland.nix + ]; + home-manager.users.bertof.imports = [ ./hm/hyprland.nix ]; + }; + + server = { + imports = [ + self.nixosModules.commonModules + ./nixos/server + ]; + }; + + installerModules = { imports = [ self.nixosModules.commonModules ./nixos/installer.nix ]; }; + + bertof = { + imports = [ ./nixos/users/bertof.nix ]; + age.secrets.rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; + }; + + tiziano = { + imports = [ ./nixos/users/tiziano.nix ]; + age.secrets.rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; + }; + }; + nixosConfigurations = { thor = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; - modules = commonModules ++ mainModules ++ [ - ./instances/thor/hardware-configuration.nix + modules = [ inputs.nixos-hardware.nixosModules.common-cpu-amd inputs.nixos-hardware.nixosModules.common-pc-ssd + self.nixosModules.mainModules + ./instances/thor/hardware-configuration.nix ./instances/thor/configuration.nix - # # S3 cache write - # ./nixos/s3_cache_write.nix - - # ./nixos/plasma6.nix - # ./nixos/cuda_support.nix - # ./nixos/ollama.nix - # ./nixos/minio_local.nix - - ./nixos/hyprland.nix - { home-manager.users.bertof.imports = [ ./hm/hyprland.nix ]; } - - ./nixos/musa.nix - ] ++ homeManagerUModules ++ [{ - age.secrets = { - rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; - }; - home-manager.users.bertof = import ./instances/thor/hm.nix; - }]; + { home-manager.users.bertof = import ./instances/thor/hm.nix; } + ]; }; sif = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; - modules = commonModules ++ mainModules ++ [ - ./instances/sif/hardware-configuration.nix - inputs.nixos-hardware.nixosModules.common-cpu-intel + modules = [ inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-pc-ssd + self.nixosModules.mainModules + ./instances/sif/hardware-configuration.nix ./instances/sif/configuration.nix - # S3 cache write - # ./nixos/s3_cache_write.nix - # { age.secrets.s3_sif = { file = ./secrets/s3_sif.age; owner = "bertof"; }; } - - # ./nixos/plasma6.nix - # ./nixos/ollama.nix - # ./nixos/minio_local.nix - - # ./nixos/musa.nix - ] ++ homeManagerUModules ++ [{ - age.secrets = { - rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; - }; - home-manager.users.bertof = import ./instances/sif/hm.nix; - }]; + { home-manager.users.bertof = import ./instances/sif/hm.nix; } + ]; }; odin = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; - modules = commonModules ++ [ + modules = [ inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-pc-laptop inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd + self.nixosModules.server ./instances/odin/hardware-configuration.nix ./instances/odin/configuration.nix - ./nixos/users/tiziano.nix - - ./nixos/server ./nixos/ip_forwarding.nix - # ./nixos/plasma6.nix ./nixos/steam.nix - ] ++ homeManagerUModules ++ [{ - home-manager.users.bertof = import ./instances/odin/hm.nix; - home-manager.users.tiziano = import ./instances/odin/hm_tiziano.nix; - age.secrets = { - rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; - rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; - }; - }]; + + self.nixosModules.tiziano + { + home-manager.users.bertof = import ./instances/odin/hm.nix; + home-manager.users.tiziano = import ./instances/odin/hm_tiziano.nix; + } + ]; }; heimdall = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; - modules = commonModules ++ [ + modules = [ inputs.nixos-hardware.nixosModules.common-cpu-amd inputs.nixos-hardware.nixosModules.common-gpu-amd inputs.nixos-hardware.nixosModules.common-pc-ssd - ./nixos/server - + self.nixosModules.server ./instances/heimdall/hardware-configuration.nix ./instances/heimdall/configuration.nix - ./nixos/users/tiziano.nix - ./nixos/ip_forwarding.nix ./nixos/torrentbox.nix ./nixos/minio_server.nix ./nixos/nextcloud.nix ./nixos/immich.nix ./nixos/forgejo.nix - # cute-api.nixosModules.default - # { services.cute-api = { enable = true; host = "0.0.0.0"; }; } - # ./nixos/garage.nix - # ./nixos/ntfy.nix - # S3 cache read - # ./nixos/s3_cache_read.nix - ] ++ homeManagerUModules ++ [{ - age.secrets = { - rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; - heimdall-gitlab-runner-nix.file = ./secrets/heimdall-gitlab-runner-nix.age; - heimdall-gitlab-runner-docker-images.file = ./secrets/heimdall-gitlab-runner-docker-images.age; - heimdall-gitlab-runner-default.file = ./secrets/heimdall-gitlab-runner-default.age; - }; - home-manager.users.bertof = import ./instances/heimdall/hm.nix; - }]; + + self.nixosModules.tiziano + { + home-manager.users.bertof = import ./instances/heimdall/hm.nix; + age.secrets = { + heimdall-gitlab-runner-nix.file = ./secrets/heimdall-gitlab-runner-nix.age; + heimdall-gitlab-runner-docker-images.file = ./secrets/heimdall-gitlab-runner-docker-images.age; + heimdall-gitlab-runner-default.file = ./secrets/heimdall-gitlab-runner-default.age; + }; + } + ]; }; freya = inputs.nixpkgs.lib.nixosSystem { system = "aarch64-linux"; - modules = commonModules ++ [ + modules = [ inputs.nixos-hardware.nixosModules.raspberry-pi-4 - ({ lib, ... }: { - boot.supportedFilesystems = lib.mkForce [ - "btrfs" - "reiserfs" - "vfat" - "f2fs" - "xfs" - "ntfs" - "cifs" - ]; - }) - ./nixos/server - + ({ lib, ... }: { boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ]; }) + self.nixosModules.server ./instances/freya/hardware-configuration.nix ./instances/freya/configuration.nix ./nixos/torrentbox.nix ./nixos/minio_server.nix - # ./nixos/nextcloud.nix - ./nixos/ntfy.nix - # S3 cache read - # ./nixos/s3_cache_read.nix - ] ++ homeManagerModules ++ [{ - home-manager.users.bertof = import ./instances/freya/hm.nix; - }]; + # ./nixos/ntfy.nix + + self.nixosModules.tiziano + { home-manager.users.bertof = import ./instances/freya/hm.nix; } + ]; }; baldur = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; - modules = commonModules ++ [ - ./nixos/server + modules = [ + inputs.nixos-hardware.nixosModules.common-cpu-intel + inputs.nixos-hardware.nixosModules.common-pc-ssd + self.nixosModules.server ./instances/baldur/hardware-configuration.nix ./instances/baldur/configuration.nix - # ./nixos/digitalocean.nix - # ./nixos/users/tiziano.nix - # S3 cache read - # ./nixos/s3_cache_read.nix - ] ++ homeManagerUModules ++ [{ - home-manager.users.bertof = import ./instances/baldur/hm.nix; - # home-manager.users.tiziano = import ./instances/baldur/hm_tiziano.nix; - }]; + ./nixos/ip_forwarding.nix + + self.nixosModules.tiziano + { + home-manager.users.bertof = import ./instances/baldur/hm.nix; + home-manager.users.tiziano = import ./instances/baldur/hm_tiziano.nix; + } + ]; }; loki = inputs.nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - modules = commonModules ++ [ - ./nixos/server - + modules = [ inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-pc-ssd + self.nixosModules.server ./instances/loki/hardware-configuration.nix ./instances/loki/configuration.nix - ./nixos/users/tiziano.nix - # S3 cache read - # ./nixos/s3_cache_read.nix - ] ++ homeManagerModules ++ [{ - home-manager.users.bertof = import ./instances/odin/hm.nix; - home-manager.users.tiziano = import ./instances/odin/hm_tiziano.nix; - }]; + self.nixosModules.tiziano + { + home-manager.users.bertof = import ./instances/odin/hm.nix; + home-manager.users.tiziano = import ./instances/odin/hm_tiziano.nix; + } + ]; }; }; - # # Deploy-rs checks - # checks = builtins.mapAttrs (_system: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib; - - # Map nodes to Deploy-rs deployments - deploy.nodes = { - baldur = { - hostname = "baldur.bertof.net"; - profiles.system = { user = "root"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.baldur; }; - }; - freya = { - hostname = "freya.tsn"; - profiles.system = { user = "root"; path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos inputs.self.nixosConfigurations.freya; }; - }; - heimdall = { - hostname = "heimdall.tsn"; - profiles.system = { user = "root"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.heimdall; }; - }; - loki = { - hostname = "loki.tsn"; - profiles.system = { user = "root"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.loki; }; - }; - odin = { - hostname = "odin.tsn"; - profiles.system = { user = "root"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.odin; }; - }; - thor = { - hostname = "thor.tsn"; - profiles.system = { user = "root"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.thor; }; - }; - }; }; }; } diff --git a/instances/freya/configuration.nix b/instances/freya/configuration.nix index 2ca39de..ae9875a 100644 --- a/instances/freya/configuration.nix +++ b/instances/freya/configuration.nix @@ -30,10 +30,7 @@ in enable = true; # package = pkgs.bluezFull; }; - opengl = { - enable = true; - driSupport = true; - }; + opengl.enable = true; raspberry-pi."4" = { # audio.enable = true; # AUDIO fkms-3d.enable = true; # GPU diff --git a/instances/heimdall/hm_tiziano.nix b/instances/heimdall/hm_tiziano.nix new file mode 100644 index 0000000..a95bda5 --- /dev/null +++ b/instances/heimdall/hm_tiziano.nix @@ -0,0 +1,24 @@ +{ pkgs, ... }: { + home = { + language.base = "it_IT.UTF-8"; + keyboard = { + layout = "it"; + options = [ + "terminate:ctrl_alt_bksp" + "compose:rctrl" + ]; + }; + packages = [ pkgs.retroarch-free pkgs.heroic ]; + }; + + imports = [ + ../../hm/combined/basics.nix + + ../../hm/syncthing_tiziano.nix + + ../../hm/shell_aliases.nix + ../../hm/rclone-mount-tiziano.nix + ]; + + home.stateVersion = "23.05"; +} diff --git a/instances/odin/configuration.nix b/instances/odin/configuration.nix index 09b42da..22e9b53 100644 --- a/instances/odin/configuration.nix +++ b/instances/odin/configuration.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ pkgs, ... }: let hosts = import ../../hosts.nix; in diff --git a/nixos/basics/remote-deploy.nix b/nixos/basics/remote-deploy.nix index 1e4cb17..6bc6687 100644 --- a/nixos/basics/remote-deploy.nix +++ b/nixos/basics/remote-deploy.nix @@ -5,7 +5,7 @@ openFirewall = true; settings = { KbdInteractiveAuthentication = lib.mkDefault false; - PermitRootLogin = lib.mkDefault "prohibit-password"; + # PermitRootLogin = lib.mkDefault "prohibit-password"; PasswordAuthentication = lib.mkDefault false; }; };