diff --git a/flake.lock b/flake.lock index 5b3e579f..ad619313 100644 --- a/flake.lock +++ b/flake.lock @@ -269,11 +269,11 @@ }, "hardware": { "locked": { - "lastModified": 1747900541, - "narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=", + "lastModified": 1748634340, + "narHash": "sha256-pZH4bqbOd8S+si6UcfjHovWDiWKiIGRNRMpmRWaDIms=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06", + "rev": "daa628a725ab4948e0e2b795e8fb6f4c3e289a7a", "type": "github" }, "original": { @@ -289,11 +289,11 @@ ] }, "locked": { - "lastModified": 1748226808, - "narHash": "sha256-GaBRgxjWO1bAQa8P2+FDxG4ANBVhjnSjBms096qQdxo=", + "lastModified": 1748665073, + "narHash": "sha256-RMhjnPKWtCoIIHiuR9QKD7xfsKb3agxzMfJY8V9MOew=", "owner": "nix-community", "repo": "home-manager", - "rev": "83665c39fa688bd6a1f7c43cf7997a70f6a109f9", + "rev": "282e1e029cb6ab4811114fc85110613d72771dea", "type": "github" }, "original": { @@ -326,11 +326,11 @@ ] }, "locked": { - "lastModified": 1748411314, - "narHash": "sha256-fvtRp+oHGDLiSQico9+LTAr6Z8CU1AIldLYLQ9mHqjo=", + "lastModified": 1748683484, + "narHash": "sha256-RXiY6t9E9oLEtfdGChHk/OIPqxYg1tu8XLvbPnJlfi4=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "9d69aed9023082af370b71bffdfcd414b6b61593", + "rev": "6f6bd4a27fb01c9dd623a157d769f34561407f47", "type": "github" }, "original": { @@ -396,11 +396,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1748225187, - "narHash": "sha256-gpNN43fNJQoHhnK1Z+nms4lo6i/t9t2rfZMAxc165vQ=", + "lastModified": 1748570485, + "narHash": "sha256-oDnEc/rxyDf+uUXO56Z2TJtrrQoBe0Z4MCIRaY6lVZ0=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "98c1bcaaa4dbd5980523a08a5b32e35d44e830e5", + "rev": "6c961ee42ff2301ee61c75aa42cbe8c8adecf3c8", "type": "github" }, "original": { @@ -487,11 +487,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1748444636, - "narHash": "sha256-wjcrY2/bFfHLm16HPuxDhHEqe3HBbLwZ5kT/BBklPKE=", + "lastModified": 1748748623, + "narHash": "sha256-ajFTvgFyRxLMjpJxK+KOEp2+dNRl/Bc8Mnby7W8uPk4=", "owner": "nix-community", "repo": "NUR", - "rev": "c68efc6197f91cae2904f68937bdfb235c3c7799", + "rev": "58a80c3ede0cdfa480f3bd8f0e79c010677f2a07", "type": "github" }, "original": { @@ -566,11 +566,11 @@ }, "stable": { "locked": { - "lastModified": 1748162331, - "narHash": "sha256-rqc2RKYTxP3tbjA+PB3VMRQNnjesrT0pEofXQTrMsS8=", + "lastModified": 1748437600, + "narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7c43f080a7f28b2774f3b3f43234ca11661bf334", + "rev": "7282cb574e0607e65224d33be8241eae7cfe0979", "type": "github" }, "original": { @@ -632,11 +632,11 @@ }, "unstable": { "locked": { - "lastModified": 1748370509, - "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=", + "lastModified": 1748460289, + "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4faa5f5321320e49a78ae7848582f684d64783e9", + "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 0e2d34bb..8b9cd5e5 100644 --- a/flake.nix +++ b/flake.nix @@ -41,6 +41,7 @@ url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "stable"; }; + nur = { url = "github:nix-community/NUR"; inputs.nixpkgs.follows = "unstable"; @@ -52,23 +53,31 @@ outputs = inputs: with inputs; - let - mkNix = name: channel: channel.lib.nixosSystem { - modules = [ (./hosts + "/${name}") ]; - specialArgs = inputs; - }; - in { - nixosConfigurations = builtins.mapAttrs (name: channel: mkNix name channel) { - tower = stable; - detritus = stable; - hidden = stable; + { + colmena = { + meta = { + nixpkgs = import stable {}; + specialArgs = inputs; - intuos = stable; - jupiter = unstable; + # Use a different Nixpkgs import on some systems + nodeNixpkgs.jupiter = import unstable {}; + }; - midas = stable; - kitty = stable; - prophet = stable; + # Desktops + tower.imports = [ ./hosts/tower ]; + #detritus.imports = [ ./hosts/detritus ]; + + # Laptops + intuos.imports = [ ./hosts/intuos ]; + jupiter.imports = [ ./hosts/jupiter ]; + + # Servers + midas.imports = [ ./hosts/midas ]; + kitty.imports = [ ./hosts/kitty ]; + prophet.imports = [ ./hosts/prophet ]; + + # Misc + hidden.imports = [ ./hosts/hidden ]; }; } diff --git a/hosts/detritus/colmena/default.nix b/hosts/detritus/colmena/default.nix new file mode 100644 index 00000000..654be402 --- /dev/null +++ b/hosts/detritus/colmena/default.nix @@ -0,0 +1,10 @@ +{ config, ... }: +{ + deployment = { + tags = [ + "latptop" + "pc" + ]; + targetHost = ""; + }; +} diff --git a/hosts/detritus/default.nix b/hosts/detritus/default.nix index 04eda225..209d0479 100644 --- a/hosts/detritus/default.nix +++ b/hosts/detritus/default.nix @@ -2,6 +2,7 @@ { imports = [ ./boot + ./colmena ./disko ./filesystems ./hardware @@ -9,12 +10,8 @@ ../../modules/system ]; - networking.hostName = "detritus"; - system = { desktop.enable = true; - stateVersion = "24.11"; + stateVersion = "25.05"; }; - - services.xserver.videoDrivers = [ "amdgpu" ]; } diff --git a/hosts/detritus/filesystems/default.nix b/hosts/detritus/filesystems/default.nix index 86a993b3..d8b41833 100644 --- a/hosts/detritus/filesystems/default.nix +++ b/hosts/detritus/filesystems/default.nix @@ -1,6 +1,6 @@ -{ config, ... }: +{ config, nodes, ... }: { - fileSystems = with config.services.mycelium.ips; { + fileSystems = with config.sysusers; with nodes; { # Local mounts "/persist/storage" = { device = "/dev/disk/by-uuid/d0d6783f-ad51-4d85-b8a9-3374f6460ef6"; @@ -11,7 +11,7 @@ "subvol=storage" ]; }; - "/persist/home/${config.sysusers.main}/games" = { + "/persist/home/${main}/games" = { device = "/dev/disk/by-uuid/d0d6783f-ad51-4d85-b8a9-3374f6460ef6"; fsType = "btrfs"; options = [ @@ -22,8 +22,8 @@ }; # Network mounts - "/home/${config.sysusers.main}/Network/Midas" = { - device = "[${midas}]:/storage"; + "/home/${main}/Network/Midas" = { + device = "[${midas.config.deployment.targetHost}]:/storage"; fsType = "nfs4"; options = [ "noauto" @@ -31,8 +31,8 @@ "x-systemd.automount" ]; }; - "/home/${config.sysusers.main}/Network/Kitty" = { - device = "[${kitty}]:/storage/bun"; + "/home/${main}/Network/Kitty" = { + device = "[${kitty.config.deployment.targetHost}]:/storage/bun"; fsType = "nfs4"; options = [ "noauto" @@ -40,8 +40,8 @@ "x-systemd.automount" ]; }; - "/home/${config.sysusers.main}/Network/Prophet" = { - device = "[${prophet}]:/storage"; + "/home/${main}/Network/Prophet" = { + device = "[${prophet.config.deployment.targetHost}]:/storage"; fsType = "nfs4"; options = [ "noauto" diff --git a/hosts/hidden/boot/default.nix b/hosts/hidden/boot/default.nix index fae86e7f..85554c2c 100644 --- a/hosts/hidden/boot/default.nix +++ b/hosts/hidden/boot/default.nix @@ -1,6 +1,7 @@ -{ ... }: +{ pkgs, ... }: { boot = { + kernelPackages = pkgs.linuxPackages_6_14; loader.systemd-boot.enable = true; plymouth.enable = true; }; diff --git a/hosts/hidden/colmena/default.nix b/hosts/hidden/colmena/default.nix new file mode 100644 index 00000000..fee43533 --- /dev/null +++ b/hosts/hidden/colmena/default.nix @@ -0,0 +1,10 @@ +{ config, ... }: +{ + deployment = { + tags = [ + "misc" + "pc" + ]; + targetHost = "4ec:1001:ca5a:ae79:40e2:cb4c:e3c9:f401"; + }; +} diff --git a/hosts/hidden/default.nix b/hosts/hidden/default.nix index 18cb16db..c552cd89 100644 --- a/hosts/hidden/default.nix +++ b/hosts/hidden/default.nix @@ -2,6 +2,7 @@ { imports = [ ./boot + ./colmena ./disko ./hardware ./services @@ -9,8 +10,6 @@ ../../modules/system ]; - networking.hostName = "hidden"; - system = { desktop.enable = true; stateVersion = "24.11"; diff --git a/hosts/intuos/colmena/default.nix b/hosts/intuos/colmena/default.nix new file mode 100644 index 00000000..65811f1e --- /dev/null +++ b/hosts/intuos/colmena/default.nix @@ -0,0 +1,10 @@ +{ config, ... }: +{ + deployment = { + tags = [ + "latptop" + "pc" + ]; + targetHost = "40e:404:a427:da33:163e:97b3:a2a3:9ed4"; + }; +} diff --git a/hosts/intuos/default.nix b/hosts/intuos/default.nix index ceea57fa..b12e9c30 100644 --- a/hosts/intuos/default.nix +++ b/hosts/intuos/default.nix @@ -2,6 +2,7 @@ { imports = [ ./boot + ./colmena ./disko ./filesystems ./hardware @@ -9,8 +10,6 @@ ../../modules/system ]; - networking.hostName = "intuos"; - system = { desktop.enable = true; stateVersion = "24.11"; diff --git a/hosts/intuos/filesystems/default.nix b/hosts/intuos/filesystems/default.nix index 577b5d27..dc72c3fd 100644 --- a/hosts/intuos/filesystems/default.nix +++ b/hosts/intuos/filesystems/default.nix @@ -1,9 +1,9 @@ -{ config, ... }: +{ config, nodes, ... }: { - fileSystems = with config.services.mycelium.ips; { + fileSystems = with config.sysusers; with nodes; { # Network mounts - "/home/${config.sysusers.main}/Network/Midas" = { - device = "[${midas}]:/storage"; + "/home/${main}/Network/Midas" = { + device = "[${midas.config.deployment.targetHost}]:/storage"; fsType = "nfs4"; options = [ "noauto" @@ -11,8 +11,8 @@ "x-systemd.automount" ]; }; - "/home/${config.sysusers.main}/Network/Kitty" = { - device = "[${kitty}]:/storage/bun"; + "/home/${main}/Network/Kitty" = { + device = "[${kitty.config.deployment.targetHost}]:/storage/bun"; fsType = "nfs4"; options = [ "noauto" @@ -20,8 +20,8 @@ "x-systemd.automount" ]; }; - "/home/${config.sysusers.main}/Network/Prophet" = { - device = "[${prophet}]:/storage"; + "/home/${main}/Network/Prophet" = { + device = "[${prophet.config.deployment.targetHost}]:/storage"; fsType = "nfs4"; options = [ "noauto" diff --git a/hosts/jupiter/boot/default.nix b/hosts/jupiter/boot/default.nix index 133c08ac..ff9d9cee 100644 --- a/hosts/jupiter/boot/default.nix +++ b/hosts/jupiter/boot/default.nix @@ -1,7 +1,7 @@ { pkgsStable, ... }: { boot = { - kernelPackages = pkgsStable.linuxPackages_latest; + kernelPackages = pkgsStable.linuxPackages_6_14; loader.systemd-boot.enable = true; plymouth.enable = true; }; diff --git a/hosts/jupiter/colmena/default.nix b/hosts/jupiter/colmena/default.nix new file mode 100644 index 00000000..29231ea0 --- /dev/null +++ b/hosts/jupiter/colmena/default.nix @@ -0,0 +1,10 @@ +{ config, ... }: +{ + deployment = { + tags = [ + "latptop" + "pc" + ]; + targetHost = "5ce:969c:40d1:9575:f5e:591d:c377:a20b"; + }; +} diff --git a/hosts/jupiter/default.nix b/hosts/jupiter/default.nix index fb5554d1..e2fad6f5 100644 --- a/hosts/jupiter/default.nix +++ b/hosts/jupiter/default.nix @@ -2,6 +2,7 @@ { imports = [ ./boot + ./colmena ./disko ./filesystems ./hardware @@ -11,8 +12,6 @@ ../../modules/system ]; - networking.hostName = "jupiter"; - system = { desktop.enable = true; steamdeck.enable = true; diff --git a/hosts/jupiter/filesystems/default.nix b/hosts/jupiter/filesystems/default.nix index de292804..f2428858 100644 --- a/hosts/jupiter/filesystems/default.nix +++ b/hosts/jupiter/filesystems/default.nix @@ -1,6 +1,6 @@ -{ config, ... }: +{ config, nodes, ... }: { - fileSystems = with config.services.mycelium.ips; { + fileSystems = with config.sysusers; with nodes; { # Local mounts "/mnt/Games" = { device = "/dev/disk/by-uuid/cb109a85-846d-4417-9c50-a2279bd20803"; @@ -12,8 +12,8 @@ }; # Network mounts - "/home/${config.sysusers.main}/Network/Midas" = { - device = "[${midas}]:/storage"; + "/home/${main}/Network/Midas" = { + device = "[${midas.config.deployment.targetHost}]:/storage"; fsType = "nfs4"; options = [ "noauto" @@ -21,8 +21,8 @@ "x-systemd.automount" ]; }; - "/home/${config.sysusers.main}/Network/Kitty" = { - device = "[${kitty}]:/storage/bun"; + "/home/${main}/Network/Kitty" = { + device = "[${kitty.config.deployment.targetHost}]:/storage/bun"; fsType = "nfs4"; options = [ "noauto" @@ -30,8 +30,8 @@ "x-systemd.automount" ]; }; - "/home/${config.sysusers.main}/Network/Prophet" = { - device = "[${prophet}]:/storage"; + "/home/${main}/Network/Prophet" = { + device = "[${prophet.config.deployment.targetHost}]:/storage"; fsType = "nfs4"; options = [ "noauto" diff --git a/hosts/jupiter/jovian/default.nix b/hosts/jupiter/jovian/default.nix index 0d4f8db6..68264bb0 100644 --- a/hosts/jupiter/jovian/default.nix +++ b/hosts/jupiter/jovian/default.nix @@ -32,7 +32,7 @@ services = { keyd.enable = lib.mkForce false; tlp.enable = lib.mkForce false; - xserver.desktopManager.gnome.enable = true; + desktopManager.gnome.enable = true; }; hardware.xone.enable = true; diff --git a/hosts/kitty/colmena/default.nix b/hosts/kitty/colmena/default.nix new file mode 100644 index 00000000..a9d36fa0 --- /dev/null +++ b/hosts/kitty/colmena/default.nix @@ -0,0 +1,7 @@ +{ config, ... }: +{ + deployment = { + tags = [ "server" ]; + targetHost = "53f:dc2d:80c9:3ca2:4b15:ef4d:38a0:c868"; + }; +} diff --git a/hosts/kitty/default.nix b/hosts/kitty/default.nix index 3fb0b916..908f7d33 100644 --- a/hosts/kitty/default.nix +++ b/hosts/kitty/default.nix @@ -2,6 +2,7 @@ { imports = [ ./boot + ./colmena ./disko ./filesystems ./hardware @@ -9,10 +10,7 @@ ../../modules/system ]; - networking = { - hostName = "kitty"; - hostId = "8745e22e"; - }; + networking.hostId = "8745e22e"; system = { server.enable = true; diff --git a/hosts/kitty/filesystems/default.nix b/hosts/kitty/filesystems/default.nix index d45a0867..71035999 100644 --- a/hosts/kitty/filesystems/default.nix +++ b/hosts/kitty/filesystems/default.nix @@ -1,6 +1,6 @@ -{ config, ... }: +{ config, nodes, ... }: { - fileSystems = with config.services.mycelium.ips; { + fileSystems = with config.sysusers; with nodes; { "/persist/storage" = { device = "/dev/disk/by-uuid/edd3e293-1aff-4fc0-96fa-4e17d6cccfca"; fsType = "btrfs"; @@ -11,17 +11,17 @@ }; # Network mounts - "/home/${config.sysusers.main}/Network/Midas" = { - device = "[${midas}]:/storage"; + "/home/${main}/Network/Midas" = { + device = "[${midas.config.deployment.targetHost}]:/storage"; fsType = "nfs4"; options = [ - "x-systemd.automount" "noauto" "soft" + "x-systemd.automount" ]; }; - "/home/${config.sysusers.main}/Network/Prophet" = { - device = "[${prophet}]:/storage"; + "/home/${main}/Network/Prophet" = { + device = "[${prophet.config.deployment.targetHost}]:/storage"; fsType = "nfs4"; options = [ "noauto" diff --git a/hosts/midas/colmena/default.nix b/hosts/midas/colmena/default.nix new file mode 100644 index 00000000..a6f434c3 --- /dev/null +++ b/hosts/midas/colmena/default.nix @@ -0,0 +1,7 @@ +{ config, ... }: +{ + deployment = { + tags = [ "server" ]; + targetHost = "538:e163:87ba:f847:3646:18b6:6b01:d8f8"; + }; +} diff --git a/hosts/midas/default.nix b/hosts/midas/default.nix index 766fb372..e2be2de8 100644 --- a/hosts/midas/default.nix +++ b/hosts/midas/default.nix @@ -2,6 +2,7 @@ { imports = [ ./boot + ./colmena ./disko ./filesystems ./hardware @@ -11,10 +12,7 @@ ../../modules/system ]; - networking = { - hostName = "midas"; - hostId = "38ba3f57"; - }; + networking.hostId = "38ba3f57"; system = { server.enable = true; diff --git a/hosts/midas/filesystems/default.nix b/hosts/midas/filesystems/default.nix index bdeba56d..e68fd763 100644 --- a/hosts/midas/filesystems/default.nix +++ b/hosts/midas/filesystems/default.nix @@ -1,6 +1,6 @@ -{ config, ... }: +{ config, nodes, ... }: { - fileSystems = with config.services.mycelium.ips; { + fileSystems = with config.sysusers; with nodes; { "/persist" = { device = "/dev/disk/by-uuid/acf95700-8669-45c7-9a72-bf3215b3c325"; fsType = "btrfs"; @@ -11,7 +11,7 @@ ]; }; "/kitty" = { - device = "[${kitty}]:/storage/bun"; + device = "[${kitty.config.deployment.targetHost}]:/storage/${main}"; fsType = "nfs4"; options = [ "noauto" diff --git a/hosts/prophet/colmena/default.nix b/hosts/prophet/colmena/default.nix new file mode 100644 index 00000000..ea5fbdc9 --- /dev/null +++ b/hosts/prophet/colmena/default.nix @@ -0,0 +1,8 @@ +{ config, ... }: +{ + deployment = { + buildOnTarget = true; + tags = [ "server" ]; + targetHost = "42f:2737:2aed:4dee:cbe4:3c73:1918:ad9b"; + }; +} diff --git a/hosts/prophet/default.nix b/hosts/prophet/default.nix index cafc1fea..171c6311 100644 --- a/hosts/prophet/default.nix +++ b/hosts/prophet/default.nix @@ -2,6 +2,7 @@ { imports = [ ./boot + ./colmena ./disko ./filesystems ./hardware @@ -11,10 +12,7 @@ (modulesPath + "/profiles/headless.nix") ]; - networking = { - hostName = "prophet"; - hostId = "97a21a38"; - }; + networking.hostId = "97a21a38"; system = { server.enable = true; diff --git a/hosts/tower/boot/default.nix b/hosts/tower/boot/default.nix index 0e2428c5..7d9298aa 100644 --- a/hosts/tower/boot/default.nix +++ b/hosts/tower/boot/default.nix @@ -12,7 +12,7 @@ let in { boot = { # Latest kernel and IOMMU isolation - kernelPackages = pkgs.linuxPackages_latest; + kernelPackages = pkgs.linuxPackages_6_14; kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:1f82,10de:10fa" ]; # Load into GPU before video driver @@ -24,6 +24,9 @@ in { # Secure boot lanzaboote.enable = true; + + # Emulate different architectures for remote builds + binfmt.emulatedSystems = [ "aarch64-linux" ]; }; # Use second GPU on boot diff --git a/hosts/tower/colmena/default.nix b/hosts/tower/colmena/default.nix new file mode 100644 index 00000000..a9fee8f3 --- /dev/null +++ b/hosts/tower/colmena/default.nix @@ -0,0 +1,10 @@ +{ config, ... }: +{ + deployment = { + tags = [ + "desktop" + "pc" + ]; + targetHost = "4e4:535:9d47:f367:becd:6557:458d:5b1b"; + }; +} diff --git a/hosts/tower/default.nix b/hosts/tower/default.nix index 1cfb0a01..49b7c8aa 100644 --- a/hosts/tower/default.nix +++ b/hosts/tower/default.nix @@ -2,6 +2,7 @@ { imports = [ ./boot + ./colmena ./disko ./filesystems ./hardware @@ -9,8 +10,6 @@ ../../modules/system ]; - networking.hostName = "tower"; - system = { desktop.enable = true; nvidia.enable = true; diff --git a/hosts/tower/filesystems/default.nix b/hosts/tower/filesystems/default.nix index e8a8fc50..a80b45f9 100644 --- a/hosts/tower/filesystems/default.nix +++ b/hosts/tower/filesystems/default.nix @@ -1,6 +1,6 @@ -{ config, ... }: +{ config, nodes, ... }: { - fileSystems = with config.services.mycelium.ips; { + fileSystems = with config.sysusers; with nodes; { # Games and such "/mnt/Linux1" = { device = "/dev/disk/by-uuid/b2901f8c-ffda-4b88-bb63-a9ea0c96ccb4"; @@ -39,8 +39,8 @@ }; # Network mounts - "/home/${config.sysusers.main}/Network/Midas" = { - device = "[${midas}]:/storage"; + "/home/${main}/Network/Midas" = { + device = "[${midas.config.deployment.targetHost}]:/storage"; fsType = "nfs4"; options = [ "noauto" @@ -48,8 +48,8 @@ "x-systemd.automount" ]; }; - "/home/${config.sysusers.main}/Network/Kitty" = { - device = "[${kitty}]:/storage/bun"; + "/home/${main}/Network/Kitty" = { + device = "[${kitty.config.deployment.targetHost}]:/storage/${main}"; fsType = "nfs4"; options = [ "noauto" @@ -57,8 +57,8 @@ "x-systemd.automount" ]; }; - "/home/${config.sysusers.main}/Network/Prophet" = { - device = "[${prophet}]:/storage"; + "/home/${main}/Network/Prophet" = { + device = "[${prophet.config.deployment.targetHost}]:/storage"; fsType = "nfs4"; options = [ "noauto" diff --git a/modules/home/programs/misc/headless/default.nix b/modules/home/programs/misc/headless/default.nix index 43d8e3f0..e36efce0 100644 --- a/modules/home/programs/misc/headless/default.nix +++ b/modules/home/programs/misc/headless/default.nix @@ -2,6 +2,7 @@ { home.packages = with pkgs; [ bc + colmena ncdu p7zip vimv diff --git a/modules/home/programs/terminal/default.nix b/modules/home/programs/terminal/default.nix index 8589ca96..43a041ea 100644 --- a/modules/home/programs/terminal/default.nix +++ b/modules/home/programs/terminal/default.nix @@ -11,7 +11,6 @@ ./lazygit ./ncmpcpp ./neovim - ./nh ./nix-index ./ranger ./ssh diff --git a/modules/home/programs/terminal/fastfetch/smallfetch/default.nix b/modules/home/programs/terminal/fastfetch/smallfetch/default.nix index 8b03d77f..7fe46f91 100644 --- a/modules/home/programs/terminal/fastfetch/smallfetch/default.nix +++ b/modules/home/programs/terminal/fastfetch/smallfetch/default.nix @@ -1,9 +1,11 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: { - home.packages = with pkgs; [ + home.packages = with pkgs; with lib; with config.home; with config.xdg; [ (writeScriptBin "smallfetch" '' #!/bin/sh - fastfetch --config ${builtins.toString ./config.jsonc} + fastfetch --config ${removePrefix "${homeDirectory}/" configHome}/fastfetch/small.jsonc '') ]; + + xdg.configFile."fastfetch/small.jsonc".source = ./small.jsonc; } diff --git a/modules/home/programs/terminal/fastfetch/smallfetch/config.jsonc b/modules/home/programs/terminal/fastfetch/smallfetch/small.jsonc similarity index 100% rename from modules/home/programs/terminal/fastfetch/smallfetch/config.jsonc rename to modules/home/programs/terminal/fastfetch/smallfetch/small.jsonc diff --git a/modules/home/programs/terminal/nh/default.nix b/modules/home/programs/terminal/nh/default.nix deleted file mode 100644 index 71697b6f..00000000 --- a/modules/home/programs/terminal/nh/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, ... }: -{ - programs.nh = { - enable = true; - flake = "${config.xdg.userDirs.extraConfig.XDG_PROJECTS_DIR}/nixos-config"; - }; - - home.shellAliases = { - nhs = "nh os switch"; - nht = "nh os test"; - }; -} diff --git a/modules/home/wms/programs/default.nix b/modules/home/wms/programs/default.nix index 4ab6f6e3..924e4a0b 100644 --- a/modules/home/wms/programs/default.nix +++ b/modules/home/wms/programs/default.nix @@ -8,9 +8,9 @@ ./rofi ./swayidle ./swaylock + ./wallpapers ./waybar ./wlsunset - ./wpaperd ]; home.packages = with pkgs; lib.mkIf config.home.desktop.enable [ diff --git a/modules/home/wms/programs/swaylock/default.nix b/modules/home/wms/programs/swaylock/default.nix index 33b18cfa..c2494e4e 100644 --- a/modules/home/wms/programs/swaylock/default.nix +++ b/modules/home/wms/programs/swaylock/default.nix @@ -12,7 +12,7 @@ in { package = pkgs.swaylock-effects; settings = { clock = true; - image = builtins.toString ./lock.png; + image = ".wallpapers/lock.png"; font = config.look.fonts.main; font-size = 30; timestr = "%I:%M%p"; diff --git a/modules/home/wms/programs/wallpapers/default.nix b/modules/home/wms/programs/wallpapers/default.nix new file mode 100644 index 00000000..9077d586 --- /dev/null +++ b/modules/home/wms/programs/wallpapers/default.nix @@ -0,0 +1,8 @@ +{ config, lib, ... }: +{ + imports = [ ./wpaperd ]; + + config = lib.mkIf config.home.desktop.enable { + home.file.".wallpapers".source = ./photos; + }; +} diff --git a/modules/home/wms/programs/wpaperd/wallpapers/1.png b/modules/home/wms/programs/wallpapers/photos/1.png similarity index 100% rename from modules/home/wms/programs/wpaperd/wallpapers/1.png rename to modules/home/wms/programs/wallpapers/photos/1.png diff --git a/modules/home/wms/programs/wpaperd/wallpapers/2.png b/modules/home/wms/programs/wallpapers/photos/2.png similarity index 100% rename from modules/home/wms/programs/wpaperd/wallpapers/2.png rename to modules/home/wms/programs/wallpapers/photos/2.png diff --git a/modules/home/wms/programs/wpaperd/wallpapers/3.png b/modules/home/wms/programs/wallpapers/photos/3.png similarity index 100% rename from modules/home/wms/programs/wpaperd/wallpapers/3.png rename to modules/home/wms/programs/wallpapers/photos/3.png diff --git a/modules/home/wms/programs/swaylock/lock.png b/modules/home/wms/programs/wallpapers/photos/lock.png similarity index 100% rename from modules/home/wms/programs/swaylock/lock.png rename to modules/home/wms/programs/wallpapers/photos/lock.png diff --git a/modules/home/wms/programs/wallpapers/wpaperd/default.nix b/modules/home/wms/programs/wallpapers/wpaperd/default.nix new file mode 100644 index 00000000..c3575bda --- /dev/null +++ b/modules/home/wms/programs/wallpapers/wpaperd/default.nix @@ -0,0 +1,12 @@ +{ config, ... }: +{ + services.wpaperd = { + enable = config.home.desktop.enable; + settings = { + default.mode = "center"; + any.path = ".wallpapers/1.png"; + "${config.displays.tower2}".path = ".wallpapers/2.png"; + "${config.displays.tower3}".path = ".wallpapers/3.png"; + }; + }; +} diff --git a/modules/home/wms/programs/wpaperd/default.nix b/modules/home/wms/programs/wpaperd/default.nix deleted file mode 100644 index b8d125f9..00000000 --- a/modules/home/wms/programs/wpaperd/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, ... }: -{ - services.wpaperd = { - enable = config.home.desktop.enable; - settings = { - default.mode = "center"; - any.path = builtins.toString ./wallpapers/1.png; - "${config.displays.tower2}".path = builtins.toString ./wallpapers/2.png; - "${config.displays.tower3}".path = builtins.toString ./wallpapers/3.png; - }; - }; -} diff --git a/modules/system/default.nix b/modules/system/default.nix index 1e750aaf..b397e67a 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, name, ... }: { imports = [ ./devices @@ -13,4 +13,6 @@ desktop.enable = mkEnableOption "Desktop apps and services"; server.enable = mkEnableOption "Server apps and services"; }; + + config.networking.hostName = name; } diff --git a/modules/system/devices/networking/mycelium/default.nix b/modules/system/devices/networking/mycelium/default.nix index 726b51de..0d178877 100644 --- a/modules/system/devices/networking/mycelium/default.nix +++ b/modules/system/devices/networking/mycelium/default.nix @@ -1,7 +1,5 @@ { ... }: { - imports = [ ./ips ]; - services.mycelium = { enable = true; openFirewall = true; diff --git a/modules/system/devices/networking/mycelium/ips/default.nix b/modules/system/devices/networking/mycelium/ips/default.nix deleted file mode 100644 index 46cfc01c..00000000 --- a/modules/system/devices/networking/mycelium/ips/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, ... }: -{ - options.services.mycelium.ips = lib.mkOption { - type = lib.types.attrs; - }; - - config.services.mycelium.ips = { - tower = "4e4:535:9d47:f367:becd:6557:458d:5b1b"; - intuos = "40e:404:a427:da33:163e:97b3:a2a3:9ed4"; - jupiter = "5ce:969c:40d1:9575:f5e:591d:c377:a20b"; - midas = "538:e163:87ba:f847:3646:18b6:6b01:d8f8"; - kitty = "53f:dc2d:80c9:3ca2:4b15:ef4d:38a0:c868"; - prophet = "42f:2737:2aed:4dee:cbe4:3c73:1918:ad9b"; - }; -} diff --git a/modules/system/programs/colmena/default.nix b/modules/system/programs/colmena/default.nix new file mode 100644 index 00000000..a25b73f0 --- /dev/null +++ b/modules/system/programs/colmena/default.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + deployment.targetUser = "sudo"; +} diff --git a/modules/system/programs/default.nix b/modules/system/programs/default.nix index beb3354e..2b6eefc6 100644 --- a/modules/system/programs/default.nix +++ b/modules/system/programs/default.nix @@ -1,6 +1,7 @@ { ... }: { imports = [ + ./colmena ./desktops ./gaming ./git diff --git a/modules/system/services/general/ssh/default.nix b/modules/system/services/general/ssh/default.nix index 9560df9e..f1280759 100644 --- a/modules/system/services/general/ssh/default.nix +++ b/modules/system/services/general/ssh/default.nix @@ -12,6 +12,8 @@ }; }; + programs.ssh.startAgent = true; + security.pam.services.sshd.allowNullPassword = true; environment.persistence."/persist".files = [ diff --git a/modules/system/services/server/nfs/default.nix b/modules/system/services/server/nfs/default.nix index e241400f..236a7147 100644 --- a/modules/system/services/server/nfs/default.nix +++ b/modules/system/services/server/nfs/default.nix @@ -1,11 +1,13 @@ -{ config, lib, ... }: +{ config, lib, nodes, ... }: { imports = [ ./user ]; config = lib.mkIf config.services.nfs.server.enable { services.nfs.server.exports = "/storage *(rw)"; - networking.firewall.extraInputRules = with lib; '' - ip6 saddr { ${concatStringsSep ", " (attrValues config.services.mycelium.ips)} } tcp dport 2049 accept + networking.firewall.extraInputRules = let + targetHosts = lib.attrValues (lib.mapAttrs (_: node: node.config.deployment.targetHost) nodes); + in '' + ip6 saddr { ${lib.concatStringsSep ", " targetHosts} } tcp dport 2049 accept ''; }; } diff --git a/modules/system/services/server/nginx/rtmp/default.nix b/modules/system/services/server/nginx/rtmp/default.nix index a52c1397..a8bdca83 100644 --- a/modules/system/services/server/nginx/rtmp/default.nix +++ b/modules/system/services/server/nginx/rtmp/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, nodes, ... }: { config = lib.mkIf config.services.webserver.enable { services.nginx = { @@ -23,8 +23,10 @@ } ''; }; - networking.firewall.extraInputRules = with config.services.mycelium.ips; '' - ip6 saddr { ${tower}, ${intuos}, ${jupiter} } tcp dport 1935 accept + networking.firewall.extraInputRules = let + targetHosts = lib.attrValues (lib.mapAttrs (_: node: node.config.deployment.targetHost) nodes); + in '' + ip6 saddr { ${lib.concatStringsSep ", " targetHosts} } tcp dport 1935 accept ip saddr { ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport 1935 accept ''; systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www/landing-page/streams/hls/" ]; diff --git a/modules/system/services/server/owncast/default.nix b/modules/system/services/server/owncast/default.nix index acc81c55..4f620795 100644 --- a/modules/system/services/server/owncast/default.nix +++ b/modules/system/services/server/owncast/default.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, nodes, ... }: { imports = [ ./nginx ]; @@ -7,8 +7,10 @@ port = 8060; rtmp-port = 1945; }; - networking.firewall.extraInputRules = with config.services.mycelium.ips; '' - ip6 saddr { ${tower}, ${intuos}, ${jupiter} } tcp dport 1935 accept + networking.firewall.extraInputRules = let + targetHosts = lib.attrValues (lib.mapAttrs (_: node: node.config.deployment.targetHost) nodes); + in '' + ip6 saddr { ${lib.concatStringsSep ", " targetHosts} } tcp dport ${toString config.services.owncast.rtmp-port} accept ''; environment.persistence."/persist".directories = [ "/var/lib/owncast" ]; }; diff --git a/modules/system/settings/security/privilege/default.nix b/modules/system/settings/security/privilege/default.nix index a2700af0..0fac0ed7 100644 --- a/modules/system/settings/security/privilege/default.nix +++ b/modules/system/settings/security/privilege/default.nix @@ -3,5 +3,25 @@ security.sudo-rs = { enable = true; execWheelOnly = true; + extraRules = [ + { + users = [ "sudo" ]; + commands = [ + { + command = "ALL"; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; + }; + + # Create a user that has admin non-interactively + users.users.sudo = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3B9Uf3h5JiD2HjF/vQ5Zx9pibMgRrlf7ZoBktev9eB Warden" + ]; }; } diff --git a/modules/system/users/main/default.nix b/modules/system/users/main/default.nix index acd1cce6..c306192a 100644 --- a/modules/system/users/main/default.nix +++ b/modules/system/users/main/default.nix @@ -23,7 +23,7 @@ ../../../../hosts/prophet/id_ed25519.pub ]; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKn+61Hd+nQ5tQgt4219+h/zsnej1j2dHU5uvC3k3Bnw Warden" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3B9Uf3h5JiD2HjF/vQ5Zx9pibMgRrlf7ZoBktev9eB Warden" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9" ]; extraGroups = [