bertof/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'better-modules-v2'

Browse source
This commit is contained in:
Filippo Berto 2025-09-23 16:35:07 +02:00
commit d2a3094c70
Signed by: bertof
GPG key ID: 9DBF7E6A1D2CE9ED
5 changed files with 176 additions and 247 deletions
Download patch file Download diff file Expand all files Collapse all files

390
flake.nix
View file

@ -29,101 +29,13 @@
# emanote.url = "github:srid/emanote";
};
outputs = inputs:
outputs = { self, ... }@inputs:
let
nix-config = {
allowUnfree = true;
extraOptions = "experimental-features = nix-command flakes";
permittedInsecurePackages = [
# "electron-27.3.11" # LogSeq
# "aspnetcore-runtime-6.0.36" # Sonarr
# "aspnetcore-runtime-wrapped-6.0.36" # Sonarr
# "dotnet-sdk-6.0.428" # Sonarr
# "dotnet-sdk-wrapped-6.0.428" # Sonarr
];
permittedInsecurePackages = [ ];
};
# cute-api = builtins.getFlake "gitlab:bertof/cute-api/0.2.1-3";
basic_module = {
nixpkgs = {
config = nix-config;
overlays = [
# packages
inputs.self.overlays.packages
inputs.self.overlays.overrides
];
};
nix = {
inherit (nix-config) extraOptions;
registry = {
stable = { from = { id = "stable"; type = "indirect"; }; flake = inputs.nixpkgs; };
unstable = { from = { id = "unstable"; type = "indirect"; }; flake = inputs.nixpkgs-u; };
};
};
};
# Home manager configuration
homeManagerModules = [
inputs.home-manager.nixosModules.default
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {
stable = inputs.nixpkgs;
unstable = inputs.nixpkgs-u;
};
};
}
];
homeManagerUModules = [
inputs.home-manager-u.nixosModules.default
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {
stable = inputs.nixpkgs;
unstable = inputs.nixpkgs-u;
};
};
}
];
commonModules = [
# Nix configuration
basic_module
# Nix rice
inputs.nix-rice.modules.default
./nixos/rice.nix
# # S3 cache read
# ./nixos/s3_cache_read.nix
# Agenix configuration
inputs.ragenix.nixosModules.default
# inputs.agenix.nixosModules.default
# { services.userborn.enable = true; }
./nixos/users/bertof.nix
# Some basic defaults
./nixos/basics
];
mainModules = [
./nixos/pro_audio.nix
./nixos/kdeconnect.nix
./nixos/steam.nix
./nixos/opentabletdriver.nix
./nixos/hyprland.nix
{ home-manager.users.bertof.imports = [ ./hm/hyprland.nix ]; }
];
installerModules = commonModules ++ [ ./nixos/installer.nix ];
in
inputs.flake-parts.lib.mkFlake { inherit inputs; } {
systems = import inputs.systems;
@ -133,8 +45,8 @@
inherit system;
config = nix-config;
overlays = [
# inputs.nix-rice.overlays.default
inputs.self.overlays.packages
inputs.self.overlays.overrides
];
};
@ -163,39 +75,36 @@
wl-update-background
;
# inherit (cute-api.packages.${system}) cute-api;
# Installer ISO
install-iso = inputs.nixos-generators.nixosGenerate {
inherit system;
modules = installerModules;
modules = [ self.nixosModules.installerModules ];
format = "install-iso";
};
# RAW base image
raw-base-image = inputs.nixos-generators.nixosGenerate {
inherit system;
modules = installerModules;
modules = [ self.nixosModules.installerModules ];
format = "raw-efi";
};
# VMDK base image
vmdk-base-image = inputs.nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = installerModules;
modules = [ self.nixosModules.installerModules ];
format = "vmware";
};
# Aarch64 base image
aarch64-base-image = inputs.nixos-generators.nixosGenerate {
system = "aarch64-linux";
modules = installerModules;
modules = [ self.nixosModules.installerModules ];
format = "sd-aarch64";
};
# Installer DigitalOcean
do-image = inputs.nixos-generators.nixosGenerate {
inherit system;
modules = installerModules;
modules = [ self.nixosModules.installerModules ];
format = "do";
};
};
};
@ -246,220 +155,219 @@
};
};
nixosModules = {
basic = {
nixpkgs = { config = nix-config; overlays = [ inputs.self.overlays.packages inputs.self.overlays.overrides ]; };
nix = {
inherit (nix-config) extraOptions;
registry = {
stable = { from = { id = "stable"; type = "indirect"; }; flake = inputs.nixpkgs; };
unstable = { from = { id = "unstable"; type = "indirect"; }; flake = inputs.nixpkgs-u; };
};
};
};
# Home manager configuration
homeManagerUModules = {
imports = [ inputs.home-manager-u.nixosModules.default ];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = { stable = inputs.nixpkgs; unstable = inputs.nixpkgs-u; };
};
};
commonModules = {
imports = [
# Nix configuration
self.nixosModules.basic
# Nix rice
inputs.nix-rice.modules.default
./nixos/rice.nix
# (R)Agenix configuration
inputs.ragenix.nixosModules.default
# inputs.agenix.nixosModules.default
# Users
# { services.userborn.enable = true; }
self.nixosModules.bertof
# Some basic defaults
./nixos/basics
# Home manager
self.nixosModules.homeManagerUModules
];
};
mainModules = {
imports = [
self.nixosModules.commonModules
./nixos/pro_audio.nix
./nixos/kdeconnect.nix
./nixos/steam.nix
./nixos/opentabletdriver.nix
./nixos/hyprland.nix
];
home-manager.users.bertof.imports = [ ./hm/hyprland.nix ];
};
server = {
imports = [
self.nixosModules.commonModules
./nixos/server
];
};
installerModules = { imports = [ self.nixosModules.commonModules ./nixos/installer.nix ]; };
bertof = {
imports = [ ./nixos/users/bertof.nix ];
age.secrets.rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; };
};
tiziano = {
imports = [ ./nixos/users/tiziano.nix ];
age.secrets.rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; };
};
};
nixosConfigurations = {
thor = inputs.nixpkgs-u.lib.nixosSystem {
system = "x86_64-linux";
modules = commonModules ++ mainModules ++ [
./instances/thor/hardware-configuration.nix
modules = [
inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-pc-ssd
self.nixosModules.mainModules
./instances/thor/hardware-configuration.nix
./instances/thor/configuration.nix
# # S3 cache write
# ./nixos/s3_cache_write.nix
# ./nixos/plasma6.nix
# ./nixos/cuda_support.nix
# ./nixos/ollama.nix
# ./nixos/minio_local.nix
./nixos/hyprland.nix
{ home-manager.users.bertof.imports = [ ./hm/hyprland.nix ]; }
./nixos/musa.nix
] ++ homeManagerUModules ++ [{
age.secrets = {
rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; };
};
home-manager.users.bertof = import ./instances/thor/hm.nix;
}];
{ home-manager.users.bertof = import ./instances/thor/hm.nix; }
];
};
sif = inputs.nixpkgs-u.lib.nixosSystem {
system = "x86_64-linux";
modules = commonModules ++ mainModules ++ [
./instances/sif/hardware-configuration.nix
inputs.nixos-hardware.nixosModules.common-cpu-intel
modules = [
inputs.nixos-hardware.nixosModules.common-cpu-intel
inputs.nixos-hardware.nixosModules.common-pc-ssd
self.nixosModules.mainModules
./instances/sif/hardware-configuration.nix
./instances/sif/configuration.nix
# S3 cache write
# ./nixos/s3_cache_write.nix
# { age.secrets.s3_sif = { file = ./secrets/s3_sif.age; owner = "bertof"; }; }
# ./nixos/plasma6.nix
# ./nixos/ollama.nix
# ./nixos/minio_local.nix
# ./nixos/musa.nix
] ++ homeManagerUModules ++ [{
age.secrets = {
rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; };
};
home-manager.users.bertof = import ./instances/sif/hm.nix;
}];
{ home-manager.users.bertof = import ./instances/sif/hm.nix; }
];
};
odin = inputs.nixpkgs-u.lib.nixosSystem {
system = "x86_64-linux";
modules = commonModules ++ [
modules = [
inputs.nixos-hardware.nixosModules.common-cpu-intel
inputs.nixos-hardware.nixosModules.common-pc-laptop
inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
self.nixosModules.server
./instances/odin/hardware-configuration.nix
./instances/odin/configuration.nix
./nixos/users/tiziano.nix
./nixos/server
./nixos/ip_forwarding.nix
# ./nixos/plasma6.nix
./nixos/steam.nix
] ++ homeManagerUModules ++ [{
home-manager.users.bertof = import ./instances/odin/hm.nix;
home-manager.users.tiziano = import ./instances/odin/hm_tiziano.nix;
age.secrets = {
rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; };
rclone_tiziano = { file = ./secrets/rclone_tiziano.age; owner = "tiziano"; };
};
}];
self.nixosModules.tiziano
{
home-manager.users.bertof = import ./instances/odin/hm.nix;
home-manager.users.tiziano = import ./instances/odin/hm_tiziano.nix;
}
];
};
heimdall = inputs.nixpkgs-u.lib.nixosSystem {
system = "x86_64-linux";
modules = commonModules ++ [
modules = [
inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-gpu-amd
inputs.nixos-hardware.nixosModules.common-pc-ssd
./nixos/server
self.nixosModules.server
./instances/heimdall/hardware-configuration.nix
./instances/heimdall/configuration.nix
./nixos/users/tiziano.nix
./nixos/ip_forwarding.nix
./nixos/torrentbox.nix
./nixos/minio_server.nix
./nixos/nextcloud.nix
./nixos/immich.nix
./nixos/forgejo.nix
# cute-api.nixosModules.default
# { services.cute-api = { enable = true; host = "0.0.0.0"; }; }
# ./nixos/garage.nix
# ./nixos/ntfy.nix
# S3 cache read
# ./nixos/s3_cache_read.nix
] ++ homeManagerUModules ++ [{
age.secrets = {
rclone_bertof = { file = ./secrets/rclone_bertof.age; owner = "bertof"; };
heimdall-gitlab-runner-nix.file = ./secrets/heimdall-gitlab-runner-nix.age;
heimdall-gitlab-runner-docker-images.file = ./secrets/heimdall-gitlab-runner-docker-images.age;
heimdall-gitlab-runner-default.file = ./secrets/heimdall-gitlab-runner-default.age;
};
home-manager.users.bertof = import ./instances/heimdall/hm.nix;
}];
self.nixosModules.tiziano
{
home-manager.users.bertof = import ./instances/heimdall/hm.nix;
age.secrets = {
heimdall-gitlab-runner-nix.file = ./secrets/heimdall-gitlab-runner-nix.age;
heimdall-gitlab-runner-docker-images.file = ./secrets/heimdall-gitlab-runner-docker-images.age;
heimdall-gitlab-runner-default.file = ./secrets/heimdall-gitlab-runner-default.age;
};
}
];
};
freya = inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = commonModules ++ [
modules = [
inputs.nixos-hardware.nixosModules.raspberry-pi-4
({ lib, ... }: {
boot.supportedFilesystems = lib.mkForce [
"btrfs"
"reiserfs"
"vfat"
"f2fs"
"xfs"
"ntfs"
"cifs"
];
})
./nixos/server
({ lib, ... }: { boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ]; })
self.nixosModules.server
./instances/freya/hardware-configuration.nix
./instances/freya/configuration.nix
./nixos/torrentbox.nix
./nixos/minio_server.nix
# ./nixos/nextcloud.nix
./nixos/ntfy.nix
# S3 cache read
# ./nixos/s3_cache_read.nix
] ++ homeManagerModules ++ [{
home-manager.users.bertof = import ./instances/freya/hm.nix;
}];
# ./nixos/ntfy.nix
self.nixosModules.tiziano
{ home-manager.users.bertof = import ./instances/freya/hm.nix; }
];
};
baldur = inputs.nixpkgs-u.lib.nixosSystem {
system = "x86_64-linux";
modules = commonModules ++ [
./nixos/server
modules = [
inputs.nixos-hardware.nixosModules.common-cpu-intel
inputs.nixos-hardware.nixosModules.common-pc-ssd
self.nixosModules.server
./instances/baldur/hardware-configuration.nix
./instances/baldur/configuration.nix
# ./nixos/digitalocean.nix
# ./nixos/users/tiziano.nix
# S3 cache read
# ./nixos/s3_cache_read.nix
] ++ homeManagerUModules ++ [{
home-manager.users.bertof = import ./instances/baldur/hm.nix;
# home-manager.users.tiziano = import ./instances/baldur/hm_tiziano.nix;
}];
./nixos/ip_forwarding.nix
self.nixosModules.tiziano
{
home-manager.users.bertof = import ./instances/baldur/hm.nix;
home-manager.users.tiziano = import ./instances/baldur/hm_tiziano.nix;
}
];
};
loki = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = commonModules ++ [
./nixos/server
modules = [
inputs.nixos-hardware.nixosModules.common-cpu-intel
inputs.nixos-hardware.nixosModules.common-pc-ssd
self.nixosModules.server
./instances/loki/hardware-configuration.nix
./instances/loki/configuration.nix
./nixos/users/tiziano.nix
# S3 cache read
# ./nixos/s3_cache_read.nix
] ++ homeManagerModules ++ [{
home-manager.users.bertof = import ./instances/odin/hm.nix;
home-manager.users.tiziano = import ./instances/odin/hm_tiziano.nix;
}];
self.nixosModules.tiziano
{
home-manager.users.bertof = import ./instances/odin/hm.nix;
home-manager.users.tiziano = import ./instances/odin/hm_tiziano.nix;
}
];
};
};
# # Deploy-rs checks
# checks = builtins.mapAttrs (_system: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib;
# Map nodes to Deploy-rs deployments
deploy.nodes = {
baldur = {
hostname = "baldur.bertof.net";
profiles.system = { user = "root"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.baldur; };
};
freya = {
hostname = "freya.tsn";
profiles.system = { user = "root"; path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos inputs.self.nixosConfigurations.freya; };
};
heimdall = {
hostname = "heimdall.tsn";
profiles.system = { user = "root"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.heimdall; };
};
loki = {
hostname = "loki.tsn";
profiles.system = { user = "root"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.loki; };
};
odin = {
hostname = "odin.tsn";
profiles.system = { user = "root"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.odin; };
};
thor = {
hostname = "thor.tsn";
profiles.system = { user = "root"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.thor; };
};
};
};
};
}

5
instances/freya/configuration.nix
View file

@ -30,10 +30,7 @@ in
enable = true;
# package = pkgs.bluezFull;
};
opengl = {
enable = true;
driSupport = true;
};
opengl.enable = true;
raspberry-pi."4" = {
# audio.enable = true; # AUDIO
fkms-3d.enable = true; # GPU

24
instances/heimdall/hm_tiziano.nix Normal file
View file

@ -0,0 +1,24 @@
{ pkgs, ... }: {
home = {
language.base = "it_IT.UTF-8";
keyboard = {
layout = "it";
options = [
"terminate:ctrl_alt_bksp"
"compose:rctrl"
];
};
packages = [ pkgs.retroarch-free pkgs.heroic ];
};
imports = [
../../hm/combined/basics.nix
../../hm/syncthing_tiziano.nix
../../hm/shell_aliases.nix
../../hm/rclone-mount-tiziano.nix
];
home.stateVersion = "23.05";
}

2
instances/odin/configuration.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ pkgs, ... }:
let
hosts = import ../../hosts.nix;
in

2
nixos/basics/remote-deploy.nix
View file

@ -5,7 +5,7 @@
openFirewall = true;
settings = {
KbdInteractiveAuthentication = lib.mkDefault false;
PermitRootLogin = lib.mkDefault "prohibit-password";
# PermitRootLogin = lib.mkDefault "prohibit-password";
PasswordAuthentication = lib.mkDefault false;
};
};