From 2d93d5c46542c5725b77e356d7487c84a859b50e Mon Sep 17 00:00:00 2001 From: Filippo Berto Date: Tue, 23 Sep 2025 14:58:21 +0200 Subject: [PATCH 1/6] WIP: switch to open modules --- flake.nix | 43 +++++++++++++++++++------------ instances/freya/configuration.nix | 5 +--- instances/odin/configuration.nix | 2 +- nixos/basics/remote-deploy.nix | 2 +- 4 files changed, 30 insertions(+), 22 deletions(-) diff --git a/flake.nix b/flake.nix index 2ece31a..0590318 100644 --- a/flake.nix +++ b/flake.nix @@ -64,19 +64,6 @@ }; # Home manager configuration - homeManagerModules = [ - inputs.home-manager.nixosModules.default - { - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = { - stable = inputs.nixpkgs; - unstable = inputs.nixpkgs-u; - }; - }; - } - ]; homeManagerUModules = [ inputs.home-manager-u.nixosModules.default { @@ -246,6 +233,8 @@ }; }; + nixosModules = { }; + nixosConfigurations = { thor = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; @@ -382,14 +371,24 @@ ./instances/freya/hardware-configuration.nix ./instances/freya/configuration.nix + ./nixos/users/tiziano.nix + ./nixos/torrentbox.nix ./nixos/minio_server.nix # ./nixos/nextcloud.nix ./nixos/ntfy.nix # S3 cache read # ./nixos/s3_cache_read.nix - ] ++ homeManagerModules ++ [{ + ] ++ homeManagerUModules ++ [{ home-manager.users.bertof = import ./instances/freya/hm.nix; + + + + age.secrets = { + rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; + rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; + }; + }]; }; @@ -401,12 +400,19 @@ ./instances/baldur/configuration.nix # ./nixos/digitalocean.nix + ./nixos/users/tiziano.nix + # ./nixos/users/tiziano.nix # S3 cache read # ./nixos/s3_cache_read.nix ] ++ homeManagerUModules ++ [{ home-manager.users.bertof = import ./instances/baldur/hm.nix; - # home-manager.users.tiziano = import ./instances/baldur/hm_tiziano.nix; + home-manager.users.tiziano = import ./instances/baldur/hm_tiziano.nix; + + age.secrets = { + rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; + rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; + }; }]; }; @@ -423,9 +429,14 @@ ./nixos/users/tiziano.nix # S3 cache read # ./nixos/s3_cache_read.nix - ] ++ homeManagerModules ++ [{ + ] ++ homeManagerUModules ++ [{ home-manager.users.bertof = import ./instances/odin/hm.nix; home-manager.users.tiziano = import ./instances/odin/hm_tiziano.nix; + + age.secrets = { + rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; + rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; + }; }]; }; }; diff --git a/instances/freya/configuration.nix b/instances/freya/configuration.nix index 2ca39de..ae9875a 100644 --- a/instances/freya/configuration.nix +++ b/instances/freya/configuration.nix @@ -30,10 +30,7 @@ in enable = true; # package = pkgs.bluezFull; }; - opengl = { - enable = true; - driSupport = true; - }; + opengl.enable = true; raspberry-pi."4" = { # audio.enable = true; # AUDIO fkms-3d.enable = true; # GPU diff --git a/instances/odin/configuration.nix b/instances/odin/configuration.nix index 09b42da..22e9b53 100644 --- a/instances/odin/configuration.nix +++ b/instances/odin/configuration.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ pkgs, ... }: let hosts = import ../../hosts.nix; in diff --git a/nixos/basics/remote-deploy.nix b/nixos/basics/remote-deploy.nix index 1e4cb17..6bc6687 100644 --- a/nixos/basics/remote-deploy.nix +++ b/nixos/basics/remote-deploy.nix @@ -5,7 +5,7 @@ openFirewall = true; settings = { KbdInteractiveAuthentication = lib.mkDefault false; - PermitRootLogin = lib.mkDefault "prohibit-password"; + # PermitRootLogin = lib.mkDefault "prohibit-password"; PasswordAuthentication = lib.mkDefault false; }; }; From 5eb4de6380cb7a0b51d4f13e39929bb6dae08596 Mon Sep 17 00:00:00 2001 From: Filippo Berto Date: Tue, 23 Sep 2025 15:06:59 +0200 Subject: [PATCH 2/6] WIP: switch to open modules --- flake.nix | 256 +++++++++++++++++++++++++++++------------------------- 1 file changed, 139 insertions(+), 117 deletions(-) diff --git a/flake.nix b/flake.nix index 0590318..1105874 100644 --- a/flake.nix +++ b/flake.nix @@ -29,7 +29,7 @@ # emanote.url = "github:srid/emanote"; }; - outputs = inputs: + outputs = { self, ... }@inputs: let nix-config = { allowUnfree = true; @@ -45,61 +45,6 @@ # cute-api = builtins.getFlake "gitlab:bertof/cute-api/0.2.1-3"; - basic_module = { - nixpkgs = { - config = nix-config; - overlays = [ - # packages - inputs.self.overlays.packages - inputs.self.overlays.overrides - ]; - }; - nix = { - inherit (nix-config) extraOptions; - registry = { - stable = { from = { id = "stable"; type = "indirect"; }; flake = inputs.nixpkgs; }; - unstable = { from = { id = "unstable"; type = "indirect"; }; flake = inputs.nixpkgs-u; }; - }; - }; - }; - - # Home manager configuration - homeManagerUModules = [ - inputs.home-manager-u.nixosModules.default - { - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = { - stable = inputs.nixpkgs; - unstable = inputs.nixpkgs-u; - }; - }; - } - ]; - - commonModules = [ - # Nix configuration - basic_module - - # Nix rice - inputs.nix-rice.modules.default - ./nixos/rice.nix - - # # S3 cache read - # ./nixos/s3_cache_read.nix - - # Agenix configuration - inputs.ragenix.nixosModules.default - # inputs.agenix.nixosModules.default - - # { services.userborn.enable = true; } - ./nixos/users/bertof.nix - - # Some basic defaults - ./nixos/basics - ]; - mainModules = [ ./nixos/pro_audio.nix ./nixos/kdeconnect.nix @@ -110,7 +55,7 @@ { home-manager.users.bertof.imports = [ ./hm/hyprland.nix ]; } ]; - installerModules = commonModules ++ [ ./nixos/installer.nix ]; + installerModules = [ self.nixosModules.commonModules ./nixos/installer.nix ]; in inputs.flake-parts.lib.mkFlake { inherit inputs; } { systems = import inputs.systems; @@ -233,12 +178,68 @@ }; }; - nixosModules = { }; + nixosModules = { + basic = { + nixpkgs = { + config = nix-config; + overlays = [ + # packages + inputs.self.overlays.packages + inputs.self.overlays.overrides + ]; + }; + nix = { + inherit (nix-config) extraOptions; + registry = { + stable = { from = { id = "stable"; type = "indirect"; }; flake = inputs.nixpkgs; }; + unstable = { from = { id = "unstable"; type = "indirect"; }; flake = inputs.nixpkgs-u; }; + }; + }; + }; + + # Home manager configuration + homeManagerUModules = { + imports = [ inputs.home-manager-u.nixosModules.default ]; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + extraSpecialArgs = { + stable = inputs.nixpkgs; + unstable = inputs.nixpkgs-u; + }; + }; + }; + + commonModules = { + imports = [ + # Nix configuration + self.nixosModules.basic + + # Nix rice + inputs.nix-rice.modules.default + ./nixos/rice.nix + + # # S3 cache read + # ./nixos/s3_cache_read.nix + + # Agenix configuration + inputs.ragenix.nixosModules.default + # inputs.agenix.nixosModules.default + + # { services.userborn.enable = true; } + ./nixos/users/bertof.nix + + # Some basic defaults + ./nixos/basics + ]; + }; + }; nixosConfigurations = { thor = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; - modules = commonModules ++ mainModules ++ [ + modules = [ self.nixosModules.commonModules ] ++ mainModules ++ [ ./instances/thor/hardware-configuration.nix inputs.nixos-hardware.nixosModules.common-cpu-amd inputs.nixos-hardware.nixosModules.common-pc-ssd @@ -256,17 +257,20 @@ { home-manager.users.bertof.imports = [ ./hm/hyprland.nix ]; } ./nixos/musa.nix - ] ++ homeManagerUModules ++ [{ - age.secrets = { - rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; - }; - home-manager.users.bertof = import ./instances/thor/hm.nix; - }]; + self.nixosModules.homeManagerUModules + + { + age.secrets = { + rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; + }; + home-manager.users.bertof = import ./instances/thor/hm.nix; + } + ]; }; sif = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; - modules = commonModules ++ mainModules ++ [ + modules = [ self.nixosModules.commonModules ] ++ mainModules ++ [ ./instances/sif/hardware-configuration.nix inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-cpu-intel @@ -282,17 +286,20 @@ # ./nixos/minio_local.nix # ./nixos/musa.nix - ] ++ homeManagerUModules ++ [{ - age.secrets = { - rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; - }; - home-manager.users.bertof = import ./instances/sif/hm.nix; - }]; + self.nixosModules.homeManagerUModules + + { + age.secrets = { + rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; + }; + home-manager.users.bertof = import ./instances/sif/hm.nix; + } + ]; }; odin = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; - modules = commonModules ++ [ + modules = [ self.nixosModules.commonModules ] ++ [ inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-pc-laptop inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd @@ -305,19 +312,22 @@ ./nixos/ip_forwarding.nix # ./nixos/plasma6.nix ./nixos/steam.nix - ] ++ homeManagerUModules ++ [{ - home-manager.users.bertof = import ./instances/odin/hm.nix; - home-manager.users.tiziano = import ./instances/odin/hm_tiziano.nix; - age.secrets = { - rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; - rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; - }; - }]; + self.nixosModules.homeManagerUModules + + { + home-manager.users.bertof = import ./instances/odin/hm.nix; + home-manager.users.tiziano = import ./instances/odin/hm_tiziano.nix; + age.secrets = { + rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; + rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; + }; + } + ]; }; heimdall = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; - modules = commonModules ++ [ + modules = [ self.nixosModules.commonModules ] ++ [ inputs.nixos-hardware.nixosModules.common-cpu-amd inputs.nixos-hardware.nixosModules.common-gpu-amd inputs.nixos-hardware.nixosModules.common-pc-ssd @@ -340,20 +350,23 @@ # ./nixos/ntfy.nix # S3 cache read # ./nixos/s3_cache_read.nix - ] ++ homeManagerUModules ++ [{ - age.secrets = { - rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; - heimdall-gitlab-runner-nix.file = ./secrets/heimdall-gitlab-runner-nix.age; - heimdall-gitlab-runner-docker-images.file = ./secrets/heimdall-gitlab-runner-docker-images.age; - heimdall-gitlab-runner-default.file = ./secrets/heimdall-gitlab-runner-default.age; - }; - home-manager.users.bertof = import ./instances/heimdall/hm.nix; - }]; + self.nixosModules.homeManagerUModules + + { + age.secrets = { + rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; + heimdall-gitlab-runner-nix.file = ./secrets/heimdall-gitlab-runner-nix.age; + heimdall-gitlab-runner-docker-images.file = ./secrets/heimdall-gitlab-runner-docker-images.age; + heimdall-gitlab-runner-default.file = ./secrets/heimdall-gitlab-runner-default.age; + }; + home-manager.users.bertof = import ./instances/heimdall/hm.nix; + } + ]; }; freya = inputs.nixpkgs.lib.nixosSystem { system = "aarch64-linux"; - modules = commonModules ++ [ + modules = [ self.nixosModules.commonModules ] ++ [ inputs.nixos-hardware.nixosModules.raspberry-pi-4 ({ lib, ... }: { boot.supportedFilesystems = lib.mkForce [ @@ -379,22 +392,25 @@ ./nixos/ntfy.nix # S3 cache read # ./nixos/s3_cache_read.nix - ] ++ homeManagerUModules ++ [{ - home-manager.users.bertof = import ./instances/freya/hm.nix; + self.nixosModules.homeManagerUModules + + { + home-manager.users.bertof = import ./instances/freya/hm.nix; - age.secrets = { - rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; - rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; - }; + age.secrets = { + rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; + rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; + }; - }]; + } + ]; }; baldur = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; - modules = commonModules ++ [ + modules = [ self.nixosModules.commonModules ] ++ [ ./nixos/server ./instances/baldur/hardware-configuration.nix ./instances/baldur/configuration.nix @@ -405,20 +421,23 @@ # ./nixos/users/tiziano.nix # S3 cache read # ./nixos/s3_cache_read.nix - ] ++ homeManagerUModules ++ [{ - home-manager.users.bertof = import ./instances/baldur/hm.nix; - home-manager.users.tiziano = import ./instances/baldur/hm_tiziano.nix; + self.nixosModules.homeManagerUModules - age.secrets = { - rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; - rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; - }; - }]; + { + home-manager.users.bertof = import ./instances/baldur/hm.nix; + home-manager.users.tiziano = import ./instances/baldur/hm_tiziano.nix; + + age.secrets = { + rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; + rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; + }; + } + ]; }; loki = inputs.nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - modules = commonModules ++ [ + modules = [ self.nixosModules.commonModules ] ++ [ ./nixos/server inputs.nixos-hardware.nixosModules.common-cpu-intel @@ -429,15 +448,18 @@ ./nixos/users/tiziano.nix # S3 cache read # ./nixos/s3_cache_read.nix - ] ++ homeManagerUModules ++ [{ - home-manager.users.bertof = import ./instances/odin/hm.nix; - home-manager.users.tiziano = import ./instances/odin/hm_tiziano.nix; + self.nixosModules.homeManagerUModules - age.secrets = { - rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; - rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; - }; - }]; + { + home-manager.users.bertof = import ./instances/odin/hm.nix; + home-manager.users.tiziano = import ./instances/odin/hm_tiziano.nix; + + age.secrets = { + rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; + rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; + }; + } + ]; }; }; From b886717d6fc1b63349a8a7f9d6ab70a1f728366a Mon Sep 17 00:00:00 2001 From: Filippo Berto Date: Tue, 23 Sep 2025 15:11:50 +0200 Subject: [PATCH 3/6] WIP: switch to open modules --- flake.nix | 44 ++++++++++++++++++++++++++++---------------- 1 file changed, 28 insertions(+), 16 deletions(-) diff --git a/flake.nix b/flake.nix index 1105874..4cc340b 100644 --- a/flake.nix +++ b/flake.nix @@ -45,15 +45,6 @@ # cute-api = builtins.getFlake "gitlab:bertof/cute-api/0.2.1-3"; - mainModules = [ - ./nixos/pro_audio.nix - ./nixos/kdeconnect.nix - ./nixos/steam.nix - ./nixos/opentabletdriver.nix - - ./nixos/hyprland.nix - { home-manager.users.bertof.imports = [ ./hm/hyprland.nix ]; } - ]; installerModules = [ self.nixosModules.commonModules ./nixos/installer.nix ]; in @@ -234,12 +225,26 @@ ./nixos/basics ]; }; + + mainModules = { + imports = [ + ./nixos/pro_audio.nix + ./nixos/kdeconnect.nix + ./nixos/steam.nix + ./nixos/opentabletdriver.nix + + ./nixos/hyprland.nix + ]; + home-manager.users.bertof.imports = [ ./hm/hyprland.nix ]; + }; }; nixosConfigurations = { thor = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; - modules = [ self.nixosModules.commonModules ] ++ mainModules ++ [ + modules = [ + self.nixosModules.commonModules + self.nixosModules.mainModules ./instances/thor/hardware-configuration.nix inputs.nixos-hardware.nixosModules.common-cpu-amd inputs.nixos-hardware.nixosModules.common-pc-ssd @@ -270,7 +275,9 @@ sif = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; - modules = [ self.nixosModules.commonModules ] ++ mainModules ++ [ + modules = [ + self.nixosModules.commonModules + self.nixosModules.mainModules ./instances/sif/hardware-configuration.nix inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-cpu-intel @@ -299,7 +306,8 @@ odin = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; - modules = [ self.nixosModules.commonModules ] ++ [ + modules = [ + self.nixosModules.commonModules inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-pc-laptop inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd @@ -327,7 +335,8 @@ heimdall = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; - modules = [ self.nixosModules.commonModules ] ++ [ + modules = [ + self.nixosModules.commonModules inputs.nixos-hardware.nixosModules.common-cpu-amd inputs.nixos-hardware.nixosModules.common-gpu-amd inputs.nixos-hardware.nixosModules.common-pc-ssd @@ -366,7 +375,8 @@ freya = inputs.nixpkgs.lib.nixosSystem { system = "aarch64-linux"; - modules = [ self.nixosModules.commonModules ] ++ [ + modules = [ + self.nixosModules.commonModules inputs.nixos-hardware.nixosModules.raspberry-pi-4 ({ lib, ... }: { boot.supportedFilesystems = lib.mkForce [ @@ -410,7 +420,8 @@ baldur = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; - modules = [ self.nixosModules.commonModules ] ++ [ + modules = [ + self.nixosModules.commonModules ./nixos/server ./instances/baldur/hardware-configuration.nix ./instances/baldur/configuration.nix @@ -437,7 +448,8 @@ loki = inputs.nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - modules = [ self.nixosModules.commonModules ] ++ [ + modules = [ + self.nixosModules.commonModules ./nixos/server inputs.nixos-hardware.nixosModules.common-cpu-intel From 5672131186ef00dd155d453ca6c1f08f73b98c47 Mon Sep 17 00:00:00 2001 From: Filippo Berto Date: Tue, 23 Sep 2025 15:29:29 +0200 Subject: [PATCH 4/6] WIP: switch to open modules --- flake.nix | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/flake.nix b/flake.nix index 4cc340b..f7b34ea 100644 --- a/flake.nix +++ b/flake.nix @@ -46,7 +46,6 @@ # cute-api = builtins.getFlake "gitlab:bertof/cute-api/0.2.1-3"; - installerModules = [ self.nixosModules.commonModules ./nixos/installer.nix ]; in inputs.flake-parts.lib.mkFlake { inherit inputs; } { systems = import inputs.systems; @@ -86,39 +85,36 @@ wl-update-background ; - # inherit (cute-api.packages.${system}) cute-api; - # Installer ISO install-iso = inputs.nixos-generators.nixosGenerate { inherit system; - modules = installerModules; + modules = [ self.nixosModules.installerModules ]; format = "install-iso"; }; # RAW base image raw-base-image = inputs.nixos-generators.nixosGenerate { inherit system; - modules = installerModules; + modules = [ self.nixosModules.installerModules ]; format = "raw-efi"; }; # VMDK base image vmdk-base-image = inputs.nixos-generators.nixosGenerate { system = "x86_64-linux"; - modules = installerModules; + modules = [ self.nixosModules.installerModules ]; format = "vmware"; }; # Aarch64 base image aarch64-base-image = inputs.nixos-generators.nixosGenerate { system = "aarch64-linux"; - modules = installerModules; + modules = [ self.nixosModules.installerModules ]; format = "sd-aarch64"; }; # Installer DigitalOcean do-image = inputs.nixos-generators.nixosGenerate { inherit system; - modules = installerModules; + modules = [ self.nixosModules.installerModules ]; format = "do"; }; - }; }; @@ -237,6 +233,8 @@ ]; home-manager.users.bertof.imports = [ ./hm/hyprland.nix ]; }; + + installerModules = { imports = [ self.nixosModules.commonModules ./nixos/installer.nix ]; }; }; nixosConfigurations = { From d38ea124bda806ef957ea4736d27ced4e1a3d9d4 Mon Sep 17 00:00:00 2001 From: Filippo Berto Date: Tue, 23 Sep 2025 16:27:21 +0200 Subject: [PATCH 5/6] WIP: switch to open modules --- flake.nix | 191 ++++++++++++++---------------------------------------- 1 file changed, 48 insertions(+), 143 deletions(-) diff --git a/flake.nix b/flake.nix index f7b34ea..3842bcc 100644 --- a/flake.nix +++ b/flake.nix @@ -167,14 +167,7 @@ nixosModules = { basic = { - nixpkgs = { - config = nix-config; - overlays = [ - # packages - inputs.self.overlays.packages - inputs.self.overlays.overrides - ]; - }; + nixpkgs = { config = nix-config; overlays = [ inputs.self.overlays.packages inputs.self.overlays.overrides ]; }; nix = { inherit (nix-config) extraOptions; registry = { @@ -191,10 +184,7 @@ home-manager = { useGlobalPkgs = true; useUserPackages = true; - extraSpecialArgs = { - stable = inputs.nixpkgs; - unstable = inputs.nixpkgs-u; - }; + extraSpecialArgs = { stable = inputs.nixpkgs; unstable = inputs.nixpkgs-u; }; }; }; @@ -207,23 +197,25 @@ inputs.nix-rice.modules.default ./nixos/rice.nix - # # S3 cache read - # ./nixos/s3_cache_read.nix - - # Agenix configuration + # (R)Agenix configuration inputs.ragenix.nixosModules.default # inputs.agenix.nixosModules.default + # Users # { services.userborn.enable = true; } - ./nixos/users/bertof.nix + self.nixosModules.bertof # Some basic defaults ./nixos/basics + + # Home manager + self.nixosModules.homeManagerUModules ]; }; mainModules = { imports = [ + self.nixosModules.commonModules ./nixos/pro_audio.nix ./nixos/kdeconnect.nix ./nixos/steam.nix @@ -234,99 +226,70 @@ home-manager.users.bertof.imports = [ ./hm/hyprland.nix ]; }; + server = { + imports = [ + self.nixosModules.commonModules + ./nixos/server + ]; + }; + installerModules = { imports = [ self.nixosModules.commonModules ./nixos/installer.nix ]; }; + + bertof = { + imports = [ ./nixos/users/bertof.nix ]; + age.secrets.rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; + }; + + tiziano = { + imports = [ ./nixos/users/tiziano.nix ]; + age.secrets.rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; + }; }; nixosConfigurations = { thor = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; modules = [ - self.nixosModules.commonModules - self.nixosModules.mainModules - ./instances/thor/hardware-configuration.nix inputs.nixos-hardware.nixosModules.common-cpu-amd inputs.nixos-hardware.nixosModules.common-pc-ssd + self.nixosModules.mainModules + ./instances/thor/hardware-configuration.nix ./instances/thor/configuration.nix - # # S3 cache write - # ./nixos/s3_cache_write.nix - - # ./nixos/plasma6.nix - # ./nixos/cuda_support.nix - # ./nixos/ollama.nix - # ./nixos/minio_local.nix - - ./nixos/hyprland.nix - { home-manager.users.bertof.imports = [ ./hm/hyprland.nix ]; } - - ./nixos/musa.nix - self.nixosModules.homeManagerUModules - - { - age.secrets = { - rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; - }; - home-manager.users.bertof = import ./instances/thor/hm.nix; - } + { home-manager.users.bertof = import ./instances/thor/hm.nix; } ]; }; sif = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; modules = [ - self.nixosModules.commonModules - self.nixosModules.mainModules - ./instances/sif/hardware-configuration.nix - inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-pc-ssd + self.nixosModules.mainModules + ./instances/sif/hardware-configuration.nix ./instances/sif/configuration.nix - # S3 cache write - # ./nixos/s3_cache_write.nix - # { age.secrets.s3_sif = { file = ./secrets/s3_sif.age; owner = "bertof"; }; } - - # ./nixos/plasma6.nix - # ./nixos/ollama.nix - # ./nixos/minio_local.nix - - # ./nixos/musa.nix - self.nixosModules.homeManagerUModules - - { - age.secrets = { - rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; - }; - home-manager.users.bertof = import ./instances/sif/hm.nix; - } + { home-manager.users.bertof = import ./instances/sif/hm.nix; } ]; }; odin = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; modules = [ - self.nixosModules.commonModules inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-pc-laptop inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd + self.nixosModules.server ./instances/odin/hardware-configuration.nix ./instances/odin/configuration.nix - ./nixos/users/tiziano.nix - - ./nixos/server ./nixos/ip_forwarding.nix - # ./nixos/plasma6.nix ./nixos/steam.nix - self.nixosModules.homeManagerUModules + self.nixosModules.tiziano { home-manager.users.bertof = import ./instances/odin/hm.nix; home-manager.users.tiziano = import ./instances/odin/hm_tiziano.nix; - age.secrets = { - rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; - rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; - }; } ]; }; @@ -334,16 +297,15 @@ heimdall = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; modules = [ - self.nixosModules.commonModules inputs.nixos-hardware.nixosModules.common-cpu-amd inputs.nixos-hardware.nixosModules.common-gpu-amd inputs.nixos-hardware.nixosModules.common-pc-ssd - ./nixos/server + self.nixosModules.server ./instances/heimdall/hardware-configuration.nix ./instances/heimdall/configuration.nix - ./nixos/users/tiziano.nix + self.nixosModules.tiziano ./nixos/ip_forwarding.nix ./nixos/torrentbox.nix @@ -351,22 +313,14 @@ ./nixos/nextcloud.nix ./nixos/immich.nix ./nixos/forgejo.nix - # cute-api.nixosModules.default - # { services.cute-api = { enable = true; host = "0.0.0.0"; }; } - # ./nixos/garage.nix - # ./nixos/ntfy.nix - # S3 cache read - # ./nixos/s3_cache_read.nix - self.nixosModules.homeManagerUModules { + home-manager.users.bertof = import ./instances/heimdall/hm.nix; age.secrets = { - rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; heimdall-gitlab-runner-nix.file = ./secrets/heimdall-gitlab-runner-nix.age; heimdall-gitlab-runner-docker-images.file = ./secrets/heimdall-gitlab-runner-docker-images.age; heimdall-gitlab-runner-default.file = ./secrets/heimdall-gitlab-runner-default.age; }; - home-manager.users.bertof = import ./instances/heimdall/hm.nix; } ]; }; @@ -374,72 +328,34 @@ freya = inputs.nixpkgs.lib.nixosSystem { system = "aarch64-linux"; modules = [ - self.nixosModules.commonModules inputs.nixos-hardware.nixosModules.raspberry-pi-4 - ({ lib, ... }: { - boot.supportedFilesystems = lib.mkForce [ - "btrfs" - "reiserfs" - "vfat" - "f2fs" - "xfs" - "ntfs" - "cifs" - ]; - }) - ./nixos/server - + ({ lib, ... }: { boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ]; }) + self.nixosModules.server ./instances/freya/hardware-configuration.nix ./instances/freya/configuration.nix - ./nixos/users/tiziano.nix - ./nixos/torrentbox.nix ./nixos/minio_server.nix - # ./nixos/nextcloud.nix - ./nixos/ntfy.nix - # S3 cache read - # ./nixos/s3_cache_read.nix - self.nixosModules.homeManagerUModules + # ./nixos/ntfy.nix - { - home-manager.users.bertof = import ./instances/freya/hm.nix; - - - - age.secrets = { - rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; - rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; - }; - - } + self.nixosModules.tiziano + { home-manager.users.bertof = import ./instances/freya/hm.nix; } ]; }; baldur = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; modules = [ - self.nixosModules.commonModules - ./nixos/server + inputs.nixos-hardware.nixosModules.common-cpu-intel + inputs.nixos-hardware.nixosModules.common-pc-ssd + self.nixosModules.server ./instances/baldur/hardware-configuration.nix ./instances/baldur/configuration.nix - # ./nixos/digitalocean.nix - - ./nixos/users/tiziano.nix - - # ./nixos/users/tiziano.nix - # S3 cache read - # ./nixos/s3_cache_read.nix - self.nixosModules.homeManagerUModules + self.nixosModules.tiziano { home-manager.users.bertof = import ./instances/baldur/hm.nix; home-manager.users.tiziano = import ./instances/baldur/hm_tiziano.nix; - - age.secrets = { - rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; - rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; - }; } ]; }; @@ -447,27 +363,16 @@ loki = inputs.nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ - self.nixosModules.commonModules - ./nixos/server - inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-pc-ssd + self.nixosModules.server ./instances/loki/hardware-configuration.nix ./instances/loki/configuration.nix - ./nixos/users/tiziano.nix - # S3 cache read - # ./nixos/s3_cache_read.nix - self.nixosModules.homeManagerUModules - + self.nixosModules.tiziano { home-manager.users.bertof = import ./instances/odin/hm.nix; home-manager.users.tiziano = import ./instances/odin/hm_tiziano.nix; - - age.secrets = { - rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; }; - rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; }; - }; } ]; }; From efb678ad9292a2ede6147f49d2255bb1f100965a Mon Sep 17 00:00:00 2001 From: Filippo Berto Date: Tue, 23 Sep 2025 16:34:29 +0200 Subject: [PATCH 6/6] WIP: switch to open modules --- flake.nix | 50 ++++--------------------------- instances/heimdall/hm_tiziano.nix | 24 +++++++++++++++ 2 files changed, 29 insertions(+), 45 deletions(-) create mode 100644 instances/heimdall/hm_tiziano.nix diff --git a/flake.nix b/flake.nix index 3842bcc..6306f53 100644 --- a/flake.nix +++ b/flake.nix @@ -34,18 +34,8 @@ nix-config = { allowUnfree = true; extraOptions = "experimental-features = nix-command flakes"; - permittedInsecurePackages = [ - # "electron-27.3.11" # LogSeq - # "aspnetcore-runtime-6.0.36" # Sonarr - # "aspnetcore-runtime-wrapped-6.0.36" # Sonarr - # "dotnet-sdk-6.0.428" # Sonarr - # "dotnet-sdk-wrapped-6.0.428" # Sonarr - ]; + permittedInsecurePackages = [ ]; }; - - # cute-api = builtins.getFlake "gitlab:bertof/cute-api/0.2.1-3"; - - in inputs.flake-parts.lib.mkFlake { inherit inputs; } { systems = import inputs.systems; @@ -55,8 +45,8 @@ inherit system; config = nix-config; overlays = [ - # inputs.nix-rice.overlays.default inputs.self.overlays.packages + inputs.self.overlays.overrides ]; }; @@ -301,12 +291,9 @@ inputs.nixos-hardware.nixosModules.common-gpu-amd inputs.nixos-hardware.nixosModules.common-pc-ssd self.nixosModules.server - ./instances/heimdall/hardware-configuration.nix ./instances/heimdall/configuration.nix - self.nixosModules.tiziano - ./nixos/ip_forwarding.nix ./nixos/torrentbox.nix ./nixos/minio_server.nix @@ -314,6 +301,7 @@ ./nixos/immich.nix ./nixos/forgejo.nix + self.nixosModules.tiziano { home-manager.users.bertof = import ./instances/heimdall/hm.nix; age.secrets = { @@ -352,6 +340,8 @@ ./instances/baldur/hardware-configuration.nix ./instances/baldur/configuration.nix + ./nixos/ip_forwarding.nix + self.nixosModules.tiziano { home-manager.users.bertof = import ./instances/baldur/hm.nix; @@ -378,36 +368,6 @@ }; }; - # # Deploy-rs checks - # checks = builtins.mapAttrs (_system: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib; - - # Map nodes to Deploy-rs deployments - deploy.nodes = { - baldur = { - hostname = "baldur.bertof.net"; - profiles.system = { user = "root"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.baldur; }; - }; - freya = { - hostname = "freya.tsn"; - profiles.system = { user = "root"; path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos inputs.self.nixosConfigurations.freya; }; - }; - heimdall = { - hostname = "heimdall.tsn"; - profiles.system = { user = "root"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.heimdall; }; - }; - loki = { - hostname = "loki.tsn"; - profiles.system = { user = "root"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.loki; }; - }; - odin = { - hostname = "odin.tsn"; - profiles.system = { user = "root"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.odin; }; - }; - thor = { - hostname = "thor.tsn"; - profiles.system = { user = "root"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.thor; }; - }; - }; }; }; } diff --git a/instances/heimdall/hm_tiziano.nix b/instances/heimdall/hm_tiziano.nix new file mode 100644 index 0000000..a95bda5 --- /dev/null +++ b/instances/heimdall/hm_tiziano.nix @@ -0,0 +1,24 @@ +{ pkgs, ... }: { + home = { + language.base = "it_IT.UTF-8"; + keyboard = { + layout = "it"; + options = [ + "terminate:ctrl_alt_bksp" + "compose:rctrl" + ]; + }; + packages = [ pkgs.retroarch-free pkgs.heroic ]; + }; + + imports = [ + ../../hm/combined/basics.nix + + ../../hm/syncthing_tiziano.nix + + ../../hm/shell_aliases.nix + ../../hm/rclone-mount-tiziano.nix + ]; + + home.stateVersion = "23.05"; +}