From e39747ae2e9f4032b234f1f8d9a399b240f66539 Mon Sep 17 00:00:00 2001 From: andromeda Date: Tue, 30 Dec 2025 13:47:08 +0100 Subject: andromeda: add agenix; machines: start to add box --- configuration.nix | 88 ----------- flake.lock | 88 ++++++++++- flake.nix | 46 ++++-- machines/173-249-5-230/configuration.nix | 73 +++++++++ machines/173-249-5-230/hardware-configuration.nix | 69 +++++++++ machines/173-249-5-230/machine.nix | 10 ++ machines/laptop/configuration.nix | 107 ++++++++++++++ machines/laptop/machine.nix | 4 +- users/andromeda/home.nix | 1 + users/mtgmonkey/home.nix | 172 ++++++++++++++++++++++ users/mtgmonkey/stylix.nix | 29 ++++ 11 files changed, 580 insertions(+), 107 deletions(-) delete mode 100644 configuration.nix create mode 100644 machines/173-249-5-230/configuration.nix create mode 100644 machines/173-249-5-230/hardware-configuration.nix create mode 100644 machines/173-249-5-230/machine.nix create mode 100644 machines/laptop/configuration.nix create mode 100644 users/mtgmonkey/home.nix create mode 100644 users/mtgmonkey/stylix.nix diff --git a/configuration.nix b/configuration.nix deleted file mode 100644 index 0f42365..0000000 --- a/configuration.nix +++ /dev/null @@ -1,88 +0,0 @@ -{ - lib, - machine, - ... -}: { - boot.loader = { - efi.canTouchEfiVariables = true; - systemd-boot.enable = true; - }; - environment.persistence."/nix/persist" = { - enable = true; - hideMounts = true; - directories = [ - "/var/log" - "/var/lib/bluetooth" - "/var/lib/nixos" - "/var/lib/systemd/coredump" - "/etc/NetworkManager/system-connections" - ]; - files = [ - "/etc/machine-id" - "/etc/ly/save.txt" - ]; - users."andromeda" = { - directories = [ - ".backups" - ".local/share/Anki2" - ".local/share/chat.fluffy.fluffychat" - ".local/share/zoxide" - ".ssh" - "conf" - "Downloads" - "pp" - ]; - files = [ - ".bash_history" - ".brush_history" - ]; - }; - }; - hardware.bluetooth = { - enable = true; - powerOnBoot = true; - }; - i18n.defaultLocale = "de_DE.UTF-8"; - networking = { - dhcpcd.enable = true; - firewall.enable = true; - hostName = machine.hostname; - networkmanager.enable = true; - }; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) [ - "steam" - "steam-original" - "steam-unwrapped" - "steam-run" - ]; - programs = { - noshell.enable = true; - steam.enable = true; - sway.enable = true; - }; - services = { - blueman.enable = true; - displayManager = { - enable = true; - ly.enable = true; - }; - libinput.enable = true; - printing.enable = true; - }; - system.stateVersion = "26.05"; - time.timeZone = "Europe/Berlin"; - users.users."andromeda" = { - isNormalUser = true; - description = "andromeda"; - initialPassword = "password"; - extraGroups = [ - "networkmanager" - "wheel" - ]; - }; -} diff --git a/flake.lock b/flake.lock index 4915b56..e952546 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,28 @@ { "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "owner": "ryantm", + "repo": "agenix", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, "base16": { "inputs": { "fromYaml": "fromYaml" @@ -68,6 +91,28 @@ "type": "github" } }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "firefox-gnome-theme": { "flake": false, "locked": { @@ -199,6 +244,27 @@ } }, "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -373,7 +439,7 @@ "nixpkgs": [ "nixpkgs" ], - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1766596669, @@ -391,7 +457,8 @@ }, "root": { "inputs": { - "home-manager": "home-manager", + "agenix": "agenix", + "home-manager": "home-manager_2", "impermanence": "impermanence", "nixpkgs": "nixpkgs", "noshell": "noshell", @@ -413,7 +480,7 @@ "nixpkgs" ], "nur": "nur_2", - "systems": "systems_2", + "systems": "systems_3", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -464,6 +531,21 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tinted-foot": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index f71dc4e..69b6cff 100644 --- a/flake.nix +++ b/flake.nix @@ -1,5 +1,9 @@ { inputs = { + agenix = { + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -24,6 +28,7 @@ }; }; outputs = { + agenix, home-manager, impermanence, nixpkgs, @@ -34,27 +39,38 @@ ... }: let laptop = import ./machines/laptop/machine.nix; - in { - nixosConfigurations.${laptop.hostname} = nixpkgs.lib.nixosSystem { - system = laptop.system; - specialArgs = {machine = laptop;}; - modules = [ + _173-249-5-230 = import ./machines/173-249-5-230/machine.nix; + configuration = machine: modules: + nixpkgs.lib.nixosSystem { + system = machine.system; + specialArgs = {inherit machine;}; + modules = + modules + ++ [ + machine.configuration + machine.hardware-configuration + ]; + }; + configurationWithHomeManager = machine: (configuration machine + [ home-manager.nixosModules.home-manager { - nixpkgs.overlays = [nur.overlays.default]; + nixpkgs.overlays = [ + agenix.overlays.default + nur.overlays.default + ]; home-manager.useGlobalPkgs = true; - home-manager.extraSpecialArgs = { - machine = laptop; - }; + home-manager.extraSpecialArgs = {inherit machine;}; home-manager.users = builtins.mapAttrs (name: value: value) ( - nixpkgs.legacyPackages.${laptop.system}.lib.genAttrs - laptop.usernames + nixpkgs.legacyPackages.${machine.system}.lib.genAttrs + machine.usernames ( name: { imports = [ + agenix.homeManagerModules.default stylix.homeModules.stylix nvf.homeManagerModules.default ./users/${name}/home.nix @@ -65,9 +81,9 @@ } impermanence.nixosModules.impermanence noshell.nixosModules.default - ./configuration.nix - laptop.hardware-configuration - ]; - }; + ]); + in { + nixosConfigurations.${laptop.hostname} = configurationWithHomeManager laptop; + nixosConfigurations.${_173-249-5-230.hostname} = configurationWithHomeManager _173-249-5-230; }; } diff --git a/machines/173-249-5-230/configuration.nix b/machines/173-249-5-230/configuration.nix new file mode 100644 index 0000000..b8b403e --- /dev/null +++ b/machines/173-249-5-230/configuration.nix @@ -0,0 +1,73 @@ +{machine, ...}: { + boot.tmp.cleanOnBoot = true; + boot.loader.grub.devices = ["nodev"]; + environment.persistence."/nix/persist" = { + enable = true; + hideMounts = true; + directories = [ + "/var/log" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/etc/NetworkManager/system-connections" + ]; + files = [ + "/etc/machine-id" + "/etc/ly/save.txt" + ]; + users."mtgmonkey" = { + directories = [ + ".local/share/zoxide" + ".ssh" + ]; + files = [ + ".bash_history" + ".brush_history" + ]; + }; + }; + i18n.defaultLocale = "de_DE.UTF-8"; + networking = { + dhcpcd.enable = true; + firewall = { + enable = true; + allowedTCPPorts = [80 443]; + allowedUDPPorts = [80 443]; + }; + hostName = machine.hostname; + domain = ""; + }; + nix.settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + allow-import-from-derivation = true; + }; + programs.noshell.enable = true; + services.openssh = { + enable = true; + allowSFTP = false; + ports = [5522]; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + KbdInteractiveAuthentication = true; + }; + extraConfig = '' + AllowTcpForwarding no + AllowAgentForwarding no + MaxAuthTries 3 + MaxSessions 4 + TCPKeepAlive no + ''; + }; + system.stateVersion = "26.05"; + time.timeZone = "Europe/Berlin"; + users.users."mtgmonkey" = { + isNormalUser = true; + description = "mtgmonkey"; + initialPassword = "password"; + extraGroups = ["wheel"]; + openssh.authorizedKeys.keys = machine.pub-keys.ssh; + }; +} diff --git a/machines/173-249-5-230/hardware-configuration.nix b/machines/173-249-5-230/hardware-configuration.nix new file mode 100644 index 0000000..bde1c83 --- /dev/null +++ b/machines/173-249-5-230/hardware-configuration.nix @@ -0,0 +1,69 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "sdhci_pci"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + #device = "none"; + #fsType = "tmpfs"; + #options = ["defaults" "size=60%" "mode=755"]; + device = "/dev/disk/by-uuid/16c93673-4f0e-4010-a7f4-7ccffb20edb7"; + fsType = "btrfs"; + options = ["subvol=root"]; + }; + + boot.initrd.postResumeCommands = lib.mkAfter '' + mkdir /btrfs_tmp + mount ${config.fileSystems."/".device} /btrfs_tmp + if [[ -e /btrfs_tmp/root ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:$M:%S") + mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do + delete_subvolume_recursively "$i" + done + + btrfs subvolume create /btrfs_tmp/root + umount /btrfs_tmp + ''; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/0e586651-36f4-42b0-99b3-3f0704a894d6"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/F425-55BA"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; + + swapDevices = []; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/machines/173-249-5-230/machine.nix b/machines/173-249-5-230/machine.nix new file mode 100644 index 0000000..672d46b --- /dev/null +++ b/machines/173-249-5-230/machine.nix @@ -0,0 +1,10 @@ +{ + hostname = "173-249-5-230"; + usernames = ["mtgmonkey"]; + system = "x86_64-linux"; + configuration = ./configuration.nix; + hardware-configuration = ./hardware-configuration.nix; + pub-keys = { + ssh = []; + }; +} diff --git a/machines/laptop/configuration.nix b/machines/laptop/configuration.nix new file mode 100644 index 0000000..1b07935 --- /dev/null +++ b/machines/laptop/configuration.nix @@ -0,0 +1,107 @@ +{ + lib, + machine, + ... +}: { + boot.loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + }; + environment.persistence."/nix/persist" = { + enable = true; + hideMounts = true; + directories = [ + "/var/log" + "/var/lib/bluetooth" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/etc/NetworkManager/system-connections" + ]; + files = [ + "/etc/machine-id" + "/etc/ly/save.txt" + ]; + users."andromeda" = { + directories = [ + ".backups" + ".local/share/Anki2" + ".local/share/chat.fluffy.fluffychat" + ".local/share/zoxide" + ".ssh" + "conf" + "Downloads" + "pp" + ]; + files = [ + ".bash_history" + ".brush_history" + ]; + }; + users."mtgmonkey" = { + directories = [ + ".local/share/zoxide" + ".ssh" + ]; + files = [ + ".bash_history" + ".brush_history" + ]; + }; + }; + hardware.bluetooth = { + enable = true; + powerOnBoot = true; + }; + i18n.defaultLocale = "de_DE.UTF-8"; + networking = { + dhcpcd.enable = true; + firewall.enable = true; + hostName = machine.hostname; + networkmanager.enable = true; + }; + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "steam" + "steam-original" + "steam-unwrapped" + "steam-run" + ]; + programs = { + noshell.enable = true; + steam.enable = true; + sway.enable = true; + }; + services = { + blueman.enable = true; + displayManager = { + enable = true; + ly.enable = true; + }; + libinput.enable = true; + printing.enable = true; + }; + system.stateVersion = "26.05"; + time.timeZone = "Europe/Berlin"; + users.users."andromeda" = { + isNormalUser = true; + description = "andromeda"; + initialPassword = "password"; + extraGroups = [ + "networkmanager" + "wheel" + ]; + }; + users.users."mtgmonkey" = { + isNormalUser = true; + description = "mtgmonkey"; + initialPassword = "password"; + extraGroups = [ + "networkmanager" + "wheel" + ]; + }; +} diff --git a/machines/laptop/machine.nix b/machines/laptop/machine.nix index d6b1e01..77c15b5 100644 --- a/machines/laptop/machine.nix +++ b/machines/laptop/machine.nix @@ -1,6 +1,8 @@ { hostname = "lenovo"; - usernames = ["andromeda"]; + usernames = ["andromeda" "mtgmonkey"]; system = "x86_64-linux"; + configuration = ./configuration.nix; hardware-configuration = ./hardware-configuration.nix; + pub-keys.ssh = []; } diff --git a/users/andromeda/home.nix b/users/andromeda/home.nix index 3812842..323a6b8 100644 --- a/users/andromeda/home.nix +++ b/users/andromeda/home.nix @@ -93,6 +93,7 @@ in { stateVersion = "26.05"; packages = [ pkgs.acpi + pkgs.agenix pkgs.alacritty pkgs.anki pkgs.brightnessctl diff --git a/users/mtgmonkey/home.nix b/users/mtgmonkey/home.nix new file mode 100644 index 0000000..173a547 --- /dev/null +++ b/users/mtgmonkey/home.nix @@ -0,0 +1,172 @@ +{ + config, + lib, + machine, + pkgs, + ... +}: { + imports = [./stylix.nix]; + xdg.configFile."shell".source = lib.getExe pkgs.brush; + home = { + username = "mtgmonkey"; + homeDirectory = "/home/${config.home.username}"; + stateVersion = "26.05"; + packages = [ + pkgs.acpi + pkgs.brightnessctl + pkgs.brush + pkgs.dust + pkgs.fzf + pkgs.glow + pkgs.jmtpfs + pkgs.nix-output-monitor + pkgs.ranger + pkgs.rip2 + pkgs.ripgrep + pkgs.tree + pkgs.zoxide + ]; + }; + programs = { + bash = { + enable = true; + shellAliases = { + neofetch = "fastfetch"; + ls = lib.mkForce "lsd"; + ll = lib.mkForce "lsd -l"; + l = "lsd -la"; + cd = "z"; + gg = "git log --oneline --abbrev-commit --all --graph --decorate --color"; + md = "glow"; + }; + bashrcExtra = '' + PS1="\u@\h:\w$" + eval "$(zoxide init bash)" + ''; + }; + btop = { + enable = true; + settings = { + theme_background = false; + vim_keys = true; + rounded_corners = false; + graph_symbol = "braille"; + update_ms = 150; + proc_sorting = "cpu lazy"; + proc_gradient = false; + proc_left = true; + cpu_single_graph = true; + cpu_bottom = true; + clock_format = "/user@/host:/uptime@%H:%M"; + background_update = true; + mem_graphs = false; + mem_below_net = true; + show_swap = false; + only_physical = true; + show_io_stat = true; + io_mode = false; + io_graph_combined = false; + }; + }; + fastfetch.enable = true; + git = { + enable = true; + settings = { + user = { + name = config.home.username; + email = "${config.home.username}@${machine.hostname}"; + }; + init.defaultBranch = "master"; + }; + }; + gh.enable = true; + home-manager.enable = true; + lsd.enable = true; + nvf = { + enable = true; + settings.vim = { + autocomplete.nvim-cmp.enable = false; + formatter.conform-nvim = { + enable = true; + setupOpts.format_on_save = { + lsp_format = "fallback"; + timeout_ms = 5000; + }; + }; + lsp.otter-nvim.enable = true; + git.enable = true; + keymaps = [ + { + key = ""; + mode = ["i" "n" "v" "c"]; + action = ""; + } + { + key = ""; + mode = ["i" "n" "v" "c"]; + action = ""; + } + { + key = ""; + mode = ["i" "n" "v" "c"]; + action = ""; + } + { + key = ""; + mode = ["i" "n" "v" "c"]; + action = ""; + } + { + key = "jj"; + mode = ["i"]; + action = ""; + } + { + key = "kk"; + mode = ["i"]; + action = ""; + } + { + key = "jk"; + mode = ["i"]; + action = ""; + } + { + key = "kj"; + mode = ["i"]; + action = ""; + } + { + key = ""; + mode = ["i"]; + action = ""; + } + ]; + languages = { + nix = { + enable = true; + format.enable = true; + lsp.enable = true; + }; + haskell = { + enable = true; + lsp.enable = true; + }; + }; + lineNumberMode = "relative"; + options = { + tabstop = 2; + shiftwidth = 2; + expandtab = true; + smarttab = true; + foldmethod = "indent"; + number = true; + colorcolumn = "80"; + }; + statusline.lualine.enable = true; + syntaxHighlighting = true; + }; + }; + ssh.enable = true; + }; +} diff --git a/users/mtgmonkey/stylix.nix b/users/mtgmonkey/stylix.nix new file mode 100644 index 0000000..f2538b0 --- /dev/null +++ b/users/mtgmonkey/stylix.nix @@ -0,0 +1,29 @@ +{ + pkgs, + config, + ... +}: { + stylix = { + enable = true; + # rebecca has lavener bkg + # tube has dark gray bkg + # silk-light is light theme + base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-material-dark-hard.yaml"; + polarity = "dark"; + fonts = { + monospace = { + package = pkgs.miracode; + name = "Miracode"; + }; + serif = config.stylix.fonts.sansSerif; + emoji = { + package = pkgs.noto-fonts-color-emoji; + name = "Noto Color Emoji"; + }; + sizes = { + applications = 12; + terminal = 10; + }; + }; + }; +} -- cgit v1.3