diff --git a/flake.lock b/flake.lock index ec632f1c..38638d02 100644 --- a/flake.lock +++ b/flake.lock @@ -421,8 +421,7 @@ "nixpkgs-rust-analyzer": "nixpkgs-rust-analyzer", "nixpkgs-stable": "nixpkgs-stable", "nur": "nur", - "sops": "sops", - "veracrypt": "veracrypt" + "sops": "sops" } }, "rust-analyzer-src": { @@ -545,22 +544,6 @@ "repo": "default", "type": "github" } - }, - "veracrypt": { - "locked": { - "lastModified": 1696681798, - "narHash": "sha256-tvga08j8IOHrRbEnqJDc6bzO4la5i7ywf23kLs8W0OY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2bbbf414fed6ab89cd971f5645da692dad6d9420", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "2bbbf414fed6ab89cd971f5645da692dad6d9420", - "repo": "nixpkgs", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 838b756b..1f139292 100644 --- a/flake.nix +++ b/flake.nix @@ -1,228 +1,206 @@ { description = "NixOS configuration with flakes"; - outputs = { - alejandra, - cryptpad, - darwin, - disko, - endless-sky, - flake-compat, - flake-utils, - helix, - home-manager, - nil, - nix-ld, - nixos-hardware, - nixpkgs-master, - nixpkgs-nixos-unstable, - nixpkgs-rust-analyzer, - nixpkgs-stable, - nur, - self, - sops, - veracrypt, - } @ inputs: let - mkServer = pkgs: system: hostname: - pkgs.lib.nixosSystem { - inherit system; - modules = [ - (./. + "/nixos/boxes/${hostname}") - (import ./nixos/server-common.nix) - sops.nixosModules.sops - disko.nixosModules.disko - ({pkgs, ...}: { - nixpkgs.overlays = [inputs.cryptpad.overlays.default]; - }) - inputs.cryptpad.nixosModules.cryptpad - ]; - specialArgs = {inherit inputs system;}; - }; - mkRaspi = pkgs: hostname: - pkgs.lib.nixosSystem { - system = "aarch64-linux"; - modules = [ - (./. + "/nixos/boxes/${hostname}") - sops.nixosModules.sops - ]; - specialArgs = {inherit inputs;}; - }; - mkKiosk = pkgs: system: hostname: - pkgs.lib.nixosSystem { - inherit system; - modules = [ - (./. + "/nixos/boxes/${hostname}") - (import ./nixos/common.nix) - sops.nixosModules.sops + outputs = { alejandra, cryptpad, darwin, disko, endless-sky, flake-compat + , flake-utils, helix, home-manager, nil, nix-ld, nixos-hardware + , nixpkgs-master, nixpkgs-nixos-unstable, nixpkgs-rust-analyzer + , nixpkgs-stable, nur, self, sops, }@inputs: + let + mkServer = pkgs: system: hostname: + pkgs.lib.nixosSystem { + inherit system; + modules = [ + (./. + "/nixos/boxes/${hostname}") + (import ./nixos/server-common.nix) + sops.nixosModules.sops + disko.nixosModules.disko + ({ pkgs, ... }: { + nixpkgs.overlays = [ inputs.cryptpad.overlays.default ]; + }) + inputs.cryptpad.nixosModules.cryptpad + ]; + specialArgs = { inherit inputs system; }; + }; + mkRaspi = pkgs: hostname: + pkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = + [ (./. + "/nixos/boxes/${hostname}") sops.nixosModules.sops ]; + specialArgs = { inherit inputs; }; + }; + mkKiosk = pkgs: system: hostname: + pkgs.lib.nixosSystem { + inherit system; + modules = [ + (./. + "/nixos/boxes/${hostname}") + (import ./nixos/common.nix) + sops.nixosModules.sops - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.cyryl = { - imports = [./nixos/home-manager ./nixos/home-manager/linux.nix]; - _module.args.inputs = inputs; - _module.args.system = system; + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.cyryl = { + imports = + [ ./nixos/home-manager ./nixos/home-manager/linux.nix ]; + _module.args.inputs = inputs; + _module.args.system = system; + }; + } + ]; + specialArgs = { + inherit inputs system; + nixpkgs-nixos-stable-and-unfree = import nixpkgs-stable { + inherit system; + config = { allowUnfree = true; }; + }; + nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable { + inherit system; + config = { allowUnfree = true; }; }; - } - ]; - specialArgs = { - inherit inputs system; - nixpkgs-nixos-stable-and-unfree = import nixpkgs-stable { - inherit system; - config = {allowUnfree = true;}; - }; - nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable { - inherit system; - config = {allowUnfree = true;}; }; }; - }; - mkWorkstation = pkgs: system: hostname: - pkgs.lib.nixosSystem { - inherit system; - modules = [ - (./. + "/nixos/boxes/${hostname}") - (import ./nixos/email-accounts.nix) - (import ./nixos/common.nix) - sops.nixosModules.sops - disko.nixosModules.disko - nix-ld.nixosModules.nix-ld - {programs.nix-ld.dev.enable = true;} - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.cyryl = { - imports = [./nixos/home-manager ./nixos/home-manager/linux.nix]; - _module.args.inputs = inputs; - _module.args.system = system; + mkWorkstation = pkgs: system: hostname: + pkgs.lib.nixosSystem { + inherit system; + modules = [ + (./. + "/nixos/boxes/${hostname}") + (import ./nixos/email-accounts.nix) + (import ./nixos/common.nix) + sops.nixosModules.sops + disko.nixosModules.disko + nix-ld.nixosModules.nix-ld + { programs.nix-ld.dev.enable = true; } + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.cyryl = { + imports = + [ ./nixos/home-manager ./nixos/home-manager/linux.nix ]; + _module.args.inputs = inputs; + _module.args.system = system; + }; + } + ]; + specialArgs = { + inherit inputs system; + nixpkgs-nixos-stable-and-unfree = import nixpkgs-stable { + inherit system; + config = { allowUnfree = true; }; + }; + nixpkgs-nixos-unstable = + import nixpkgs-nixos-unstable { inherit system; }; + nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable { + inherit system; + config = { allowUnfree = true; }; }; - } - ]; - specialArgs = { - inherit inputs system; - nixpkgs-nixos-stable-and-unfree = import nixpkgs-stable { - inherit system; - config = {allowUnfree = true;}; - }; - nixpkgs-nixos-unstable = import nixpkgs-nixos-unstable { - inherit system; - }; - nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable { - inherit system; - config = {allowUnfree = true;}; - }; - nixpkgs-veracrypt = import veracrypt { - inherit system; - config = {allowUnfree = true;}; }; }; + mkShell = packageSet: system: + let pkgs = packageSet.legacyPackages.${system}; + in pkgs.mkShell { + packages = with pkgs; [ + inputs.alejandra.defaultPackage.${system} + cacert + git + git-lfs + nixpkgs-fmt + openssh + openssl + pkg-config + statix + ]; + }; + in { + devShells = { + "x86_64-darwin".default = mkShell nixpkgs-stable "x86_64-darwin"; + "x86_64-linux".default = mkShell nixpkgs-stable "x86_64-linux"; }; - mkShell = packageSet: system: let - pkgs = packageSet.legacyPackages.${system}; - in - pkgs.mkShell { - packages = with pkgs; [ - inputs.alejandra.defaultPackage.${system} - cacert - git - git-lfs - nixpkgs-fmt - openssh - openssl - pkg-config - statix - ]; - }; - in { - devShells = { - "x86_64-darwin".default = mkShell nixpkgs-stable "x86_64-darwin"; - "x86_64-linux".default = mkShell nixpkgs-stable "x86_64-linux"; - }; - darwinConfigurations = { - "FORM3-CYRYLPLOTN" = darwin.lib.darwinSystem rec { - system = "x86_64-darwin"; - modules = [ - (./. + "/nixos/boxes/form3") - home-manager.darwinModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.cyryl = { - imports = [./nixos/home-manager]; - _module.args.inputs = inputs; - _module.args.system = system; - }; - } - ]; - }; - }; - - nixosConfigurations = { - foryog = mkWorkstation nixpkgs-nixos-unstable "x86_64-linux" "foryog"; - thinky = mkWorkstation nixpkgs-stable "x86_64-linux" "thinky"; - bolty = mkServer nixpkgs-stable "x86_64-linux" "bolty"; - vpsfree1 = mkServer nixpkgs-stable "x86_64-linux" "vpsfree1"; - cupsnet = mkServer nixpkgs-stable "aarch64-linux" "cupsnet"; - mb1 = mkServer nixpkgs-stable "x86_64-linux" "mb1"; - homescreen = mkRaspi nixpkgs-stable "homescreen"; - - bootstrap = nixpkgs-stable.lib.nixosSystem rec { - system = "x86_64-linux"; - modules = [(./. + "/nixos/boxes/bootstrap") sops.nixosModules.sops]; - specialArgs = { - inherit inputs system; - nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable { - inherit system; - config = {allowUnfree = true;}; - }; + darwinConfigurations = { + "FORM3-CYRYLPLOTN" = darwin.lib.darwinSystem rec { + system = "x86_64-darwin"; + modules = [ + (./. + "/nixos/boxes/form3") + home-manager.darwinModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.cyryl = { + imports = [ ./nixos/home-manager ]; + _module.args.inputs = inputs; + _module.args.system = system; + }; + } + ]; }; }; - # nix build .#nixosConfigurations.raspiimage.config.system.build.sdImage - # sudo dd if=result/sd-image/nixos-sd-image-21.11.20211201.a640d83-aarch64-linux.img of=/dev/sda bs=4M conv=fsync status=progress - # make sure to update eeprom https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_4#Board-specific_installation_notes - raspiimage = nixpkgs-stable.lib.nixosSystem { - system = "aarch64-linux"; - modules = [ - (import - "${inputs.nixpkgs-stable}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix") - { - environment.systemPackages = with nixpkgs-nixos-unstable.legacyPackages."aarch64-linux"; [ - neovim - htop - btop - atop - ]; - networking.networkmanager.enable = false; - hardware.enableRedistributableFirmware = true; - networking.wireless.enable = true; + nixosConfigurations = { + foryog = mkWorkstation nixpkgs-nixos-unstable "x86_64-linux" "foryog"; + thinky = mkWorkstation nixpkgs-stable "x86_64-linux" "thinky"; + bolty = mkServer nixpkgs-stable "x86_64-linux" "bolty"; + vpsfree1 = mkServer nixpkgs-stable "x86_64-linux" "vpsfree1"; + cupsnet = mkServer nixpkgs-stable "aarch64-linux" "cupsnet"; + mb1 = mkServer nixpkgs-stable "x86_64-linux" "mb1"; + homescreen = mkRaspi nixpkgs-stable "homescreen"; - services.openssh = { - enable = true; - permitRootLogin = - nixpkgs-stable.lib.mkForce "prohibit-password"; - passwordAuthentication = false; + bootstrap = nixpkgs-stable.lib.nixosSystem rec { + system = "x86_64-linux"; + modules = [ (./. + "/nixos/boxes/bootstrap") sops.nixosModules.sops ]; + specialArgs = { + inherit inputs system; + nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable { + inherit system; + config = { allowUnfree = true; }; }; + }; + }; + # nix build .#nixosConfigurations.raspiimage.config.system.build.sdImage + # sudo dd if=result/sd-image/nixos-sd-image-21.11.20211201.a640d83-aarch64-linux.img of=/dev/sda bs=4M conv=fsync status=progress + # make sure to update eeprom https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_4#Board-specific_installation_notes + raspiimage = nixpkgs-stable.lib.nixosSystem { + system = "aarch64-linux"; + modules = [ + (import + "${inputs.nixpkgs-stable}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix") + { + environment.systemPackages = + with nixpkgs-nixos-unstable.legacyPackages."aarch64-linux"; [ + neovim + htop + btop + atop + ]; - services.xserver = { - enable = true; - displayManager.lightdm.enable = true; - desktopManager.gnome.enable = true; - libinput.enable = true; - }; + networking.networkmanager.enable = false; + hardware.enableRedistributableFirmware = true; + networking.wireless.enable = true; - users.extraUsers.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty" - ]; - sdImage.compressImage = false; - console.earlySetup = true; - } - ]; - specialArgs = {inherit inputs;}; + services.openssh = { + enable = true; + permitRootLogin = + nixpkgs-stable.lib.mkForce "prohibit-password"; + passwordAuthentication = false; + }; + + services.xserver = { + enable = true; + displayManager.lightdm.enable = true; + desktopManager.gnome.enable = true; + libinput.enable = true; + }; + + users.extraUsers.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty" + ]; + sdImage.compressImage = false; + console.earlySetup = true; + } + ]; + specialArgs = { inherit inputs; }; + }; }; }; - }; inputs = { nixpkgs-master = { type = "github"; @@ -254,12 +232,6 @@ repo = "nixpkgs"; ref = "2100c4926200b1ebbee032ad22113597195932f2"; }; - veracrypt = { - type = "github"; - owner = "NixOS"; - repo = "nixpkgs"; - ref = "2bbbf414fed6ab89cd971f5645da692dad6d9420"; - }; nixos-hardware = { type = "github"; owner = "NixOS"; @@ -329,9 +301,7 @@ }; cryptpad = { url = "github:michaelshmitty/cryptpad-flake"; - inputs = { - nixpkgs.follows = "nixpkgs-stable"; - }; + inputs = { nixpkgs.follows = "nixpkgs-stable"; }; }; disko = { url = "github:nix-community/disko"; diff --git a/nixos/boxes/foryog/default.nix b/nixos/boxes/foryog/default.nix index e721d442..a1b114a5 100644 --- a/nixos/boxes/foryog/default.nix +++ b/nixos/boxes/foryog/default.nix @@ -51,6 +51,7 @@ "vscode-extension-ms-vscode-cpptools" "vscode-with-extensions" "vscode" + "veracrypt" ]; home-manager.users.cyryl = { ... }: { diff --git a/nixos/common.nix b/nixos/common.nix index fe532812..af84c63f 100644 --- a/nixos/common.nix +++ b/nixos/common.nix @@ -1,12 +1,5 @@ -{ - config, - pkgs, - lib, - inputs, - nixpkgs-nixos-unstable-and-unfree, - nixpkgs-veracrypt, - ... -}: let +{ config, pkgs, lib, inputs, nixpkgs-nixos-unstable-and-unfree, ... }: +let stateVersion = "23.11"; username = "cyryl"; in { @@ -37,7 +30,7 @@ in { tmux usbutils wget - nixpkgs-veracrypt.veracrypt + veracrypt ]; i18n.defaultLocale = "en_GB.UTF-8"; @@ -61,9 +54,10 @@ in { shell = pkgs.zsh; }; - networking.nameservers = ["9.9.9.9" "2620:fe::fe" "149.112.112.112" "2620:fe::9"]; + networking.nameservers = + [ "9.9.9.9" "2620:fe::fe" "149.112.112.112" "2620:fe::9" ]; - networking.hosts = {"10.11.99.1" = ["remarkable"];}; + networking.hosts = { "10.11.99.1" = [ "remarkable" ]; }; programs.light.enable = true; programs.adb.enable = true; @@ -86,13 +80,13 @@ in { enable = true; autoPrune.enable = true; daemon.settings = { - "insecure-registries" = ["vpsfree1.raptor-carp.ts.net:5000"]; + "insecure-registries" = [ "vpsfree1.raptor-carp.ts.net:5000" ]; }; }; fonts.fontconfig = { enable = true; - defaultFonts.monospace = ["BerkeleyMono Nerd Font"]; + defaultFonts.monospace = [ "BerkeleyMono Nerd Font" ]; }; fonts.packages = with pkgs; [ @@ -118,7 +112,7 @@ in { ''; }; - system = {inherit stateVersion;}; + system = { inherit stateVersion; }; system.activationScripts.diff = '' ${pkgs.nvd}/bin/nvd --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig" '';