use home manager

2023-04-16 10:30:45 +08:00 · 2023-04-16 10:30:45 +08:00 · c0e2e3b8b9
commit c0e2e3b8b9
parent 29885591ce
10 changed files with 215 additions and 36 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -0,0 +1,14 @@
 keys:
  - &xin age1n359y6qkgzypu0lkcy66pfpneskul35xyhrzz3qumjsmeyp2wsuqq0df49
  - &host-laptop age179ldmg92wqsspgujc70hujfgttw0ljxkh7g86w8rqzywx0f7psysrk0cfn
 creation_rules:
  - path_regex: secrets/laptop/[^/]+\.yaml$
    key_groups:
    - age:
      - *xin
      - *host-laptop
  - path_regex: secrets/common/[^/]+\.yaml$
    kay_groups:
    - age:
      - *xin
      - *host-laptop   
--- a/flake.lock
+++ b/flake.lock
@ -37,12 +37,15 @@
      }
    },
    "flake-utils_2": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1678901627,
+        "lastModified": 1681037374,
-        "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
+        "narHash": "sha256-XL6X3VGbEFJZDUouv2xpKg2Aljzu/etPLv5e1FPt1q0=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
+        "rev": "033b9f258ca96a10e543d4442071f614dc3f8412",
        "type": "github"
      },
      "original": {
@ -51,19 +54,39 @@
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1681468923,
        "narHash": "sha256-+X2oO4juRVhQRs002mn8km6PODccIRiz09c2K1xtSpY=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "17198cf5ae27af5b647c7dac58d935a7d0dbd189",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "nixos-cn": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": [
-          "nixpkgs-stable"
+          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1680485243,
+        "lastModified": 1681522588,
-        "narHash": "sha256-DyPq1Nn8f1TwBXqJBD4iicrv97ALg2IHW9YSw91oDhU=",
+        "narHash": "sha256-GG2C4OEAIEE6rIeU+ba6YN2hZe2neZ5HF6acEwncsqU=",
        "owner": "nixos-cn",
        "repo": "flakes",
-        "rev": "c2fd9273eadae18fecc2047180329fb05d739cf3",
+        "rev": "fc7cb10f00b69c97fab945400f480dac06496ff2",
        "type": "github"
      },
      "original": {
@ -74,11 +97,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1680213900,
+        "lastModified": 1681303793,
-        "narHash": "sha256-cIDr5WZIj3EkKyCgj/6j3HBH4Jj1W296z7HTcWj1aMA=",
+        "narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "e3652e0735fbec227f342712f180f4f21f0594f2",
+        "rev": "fe2ecaf706a5907b5e54d979fbde4924d84b65fc",
        "type": "github"
      },
      "original": {
@ -90,11 +113,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1680334310,
+        "lastModified": 1681349002,
-        "narHash": "sha256-ISWz16oGxBhF7wqAxefMPwFag6SlsA9up8muV79V9ck=",
+        "narHash": "sha256-9Ckc2WvSwuYrPfk3ZXgPasM1ir/cgs6UV0EpIWyPGZE=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "884e3b68be02ff9d61a042bc9bd9dd2a358f95da",
+        "rev": "2b1bba76a13ed39c7abc0a6e8f74f9e168cf3c7c",
        "type": "github"
      },
      "original": {
@ -104,13 +127,45 @@
        "type": "github"
      }
    },
    "nixpkgs-stable_2": {
      "locked": {
        "lastModified": 1681005198,
        "narHash": "sha256-5LrnBeXR7Hv8OXh6eany7br4qBW+ZNl4LKf1CJu9zbg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "e45cc0138829ad86e7ff17a76acf2d05e781e30a",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "release-22.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1680942619,
        "narHash": "sha256-kpCW1IegAZfEjCVJW7IPN/hEtRL/9dxaFFYiHS5qVAk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "6f95dd4fd050daf017cae2dfeb1cea1ec0e4c1a1",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nur": {
      "locked": {
-        "lastModified": 1680505766,
+        "lastModified": 1681527005,
-        "narHash": "sha256-5E6ZFt13gJnKIZChTSMnKU1nKjuzyaQ7s1jUgVl85hs=",
+        "narHash": "sha256-BMO3rnCA8kr5Cq/URyU25j1eSL3HygUT1rd7vniwfKE=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "f9584e3b5d8ea46f9b25631cbab588b14b7e0be0",
+        "rev": "ace101967ecf693fad5387d671b09435b23fd9dc",
        "type": "github"
      },
      "original": {
@ -124,15 +179,15 @@
        "flake-utils": "flake-utils_2",
        "flake-utils-plus": "flake-utils-plus",
        "nixpkgs": [
-          "nixpkgs-stable"
+          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1680504755,
+        "lastModified": 1681369018,
-        "narHash": "sha256-tDOIL7DWfxLUCCZawVbszzROGqzOYBYpP0XbPdVKNp8=",
+        "narHash": "sha256-bqwKQX4G4DgxEalw8h0zlG0B/GQzOk5djQBpmFz0zzs=",
        "owner": "xddxdd",
        "repo": "nur-packages",
-        "rev": "d24e41633775d7aa68a95c36a74905a324bd524f",
+        "rev": "eb318d24ebdcf6efd8af91a54cd932ed3ed86f78",
        "type": "github"
      },
      "original": {
@ -143,11 +198,47 @@
    },
    "root": {
      "inputs": {
        "home-manager": "home-manager",
        "nixos-cn": "nixos-cn",
        "nixpkgs": "nixpkgs",
        "nixpkgs-stable": "nixpkgs-stable",
        "nur": "nur",
-        "nur-xddxdd": "nur-xddxdd"
+        "nur-xddxdd": "nur-xddxdd",
        "sops-nix": "sops-nix"
      }
    },
    "sops-nix": {
      "inputs": {
        "nixpkgs": "nixpkgs_2",
        "nixpkgs-stable": "nixpkgs-stable_2"
      },
      "locked": {
        "lastModified": 1681209176,
        "narHash": "sha256-wyQokPpkNZnsl/bVf8m1428tfA0hJ0w/qexq4EizhTc=",
        "owner": "Mic92",
        "repo": "sops-nix",
        "rev": "00d5fd73756d424de5263b92235563bc06f2c6e1",
        "type": "github"
      },
      "original": {
        "owner": "Mic92",
        "repo": "sops-nix",
        "type": "github"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@ -4,28 +4,46 @@
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-22.11";
    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nur.url = "github:nix-community/NUR";
    nur-xddxdd = {
      url = "github:xddxdd/nur-packages";
-      inputs.nixpkgs.follows = "nixpkgs-stable";
+      inputs.nixpkgs.follows = "nixpkgs";
    };
    nixos-cn = {
      url = "github:nixos-cn/flakes";
      # Use the same nixpkgs
-      inputs.nixpkgs.follows = "nixpkgs-stable";
+      inputs.nixpkgs.follows = "nixpkgs";
    };
    sops-nix.url = "github:Mic92/sops-nix";
  };
-  outputs = { self, nixpkgs, nur, nixos-cn, ...}@attrs: {
+  outputs = { self, nixpkgs, nur, home-manager, sops-nix, nixos-cn, ... }@inputs:
    let
      mkHome = user: host: home-manager.nixosModules.home-manager {
        extraSpecialArgs = { inherit inputs; };
        home-manager.users.${user} = import ./home/${user}/${host};
      };
    in
    {
      nixosModules = import ./modules/nixos;
      homeManagerModules = import ./modules/home-manager;
      nixosConfigurations.xin-laptop = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
      specialArgs = attrs;
        modules = [
        nur.nixosModules.nur
          machines/laptop/configuration.nix
          nur.nixosModules.nur
          sops-nix.nixosModules.sops
        ];
        specialArgs = inputs;
      };
    };
 }
--- a/home/xin/laptop/default.nix
+++ b/home/xin/laptop/default.nix
@ -0,0 +1,15 @@
 {
  home.username = "xin";
  home.homeDirectory = "/home/xin";
  accounts = {
    gmail = {
    };
  };
  # Let Home Manager install and manage itself.
  programs.home-manager.enable = true;
 }
--- a/machines/laptop/configuration.nix
+++ b/machines/laptop/configuration.nix
@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
-{ config, pkgs, nixos-cn, nur-xddxdd, ... }:
+{ config, pkgs, nixos-cn, nur, nur-xddxdd, ... }:
 {
  imports =
@ -44,7 +44,6 @@
  i18n.inputMethod = {
    enabled = "fcitx5";
    fcitx5.addons = with pkgs; [ fcitx5-rime ];
    fcitx5.enableRimeData = true;
  };
  i18n.extraLocaleSettings = {
@ -204,7 +203,7 @@
    # IM
    tdesktop
    qq
-    nur-xddxdd.packages.${system}.wechat-uos-bin
+    nur-xddxdd.packages."x86_64-linux".wechat-uos-bin
    # nixos-cn.legacyPackages.${system}.wechat-uos
    # Mail
@ -295,6 +294,7 @@
  # Enable Tailscale
  services.tailscale.enable = true;
  services.tailscale.useRoutingFeatures = "both";
  # Setup Nvidia driver
  services.xserver.videoDrivers = [ "nvidia" ];
@ -347,5 +347,10 @@
      enable = true;
      enableNvidia = true;
    };
    docker = {
      enable = true;
      enableNvidia = true;
      autoPrune.enable = true;
    };
  };
 }
--- a/machines/laptop/secret.nix
+++ b/machines/laptop/secret.nix
--- a/modules/home-manager/default.nix
+++ b/modules/home-manager/default.nix
@ -0,0 +1,3 @@
 {
 }
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -0,0 +1,3 @@
 {
 }
--- a/secrets/laptop/default.yaml
+++ b/secrets/laptop/default.yaml
@ -0,0 +1,30 @@
 gmail: ENC[AES256_GCM,data:CajGtLth9OWLc4OHvRB2WIf9h8Fz4A==,iv:8VpGHDn06sDsTwsIVSHf9teRLNWx3hmQJ7Qml5ovjoo=,tag:dVIgRQ9LjSWSe/6QdCVUyA==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1n359y6qkgzypu0lkcy66pfpneskul35xyhrzz3qumjsmeyp2wsuqq0df49
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByNmR1LzJkZUxHcnRsV0Nj
            RVRJZ3lZWmhzWFkyM3M5ZHZyZGo5OG0xZmpJCkVEd0VmNVNDejlDY0pYcmNHMjB0
            a1d0UDVQRFFCUUxFMXh2UlBGc0RRZk0KLS0tIFpJRVIvM1Q3NG02ZEk2MEdsYmkz
            YU9zMzJCcDVtRGdOWXNSMGpCcUNneDgKUDVNx2OjyOSRzMqhmFkBx3do4VrNO/fw
            tFk4EzayyNoRAd5Ch/XfAccGwLceNhvMPZYxcB0hZljZM5u3g3JPtQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age179ldmg92wqsspgujc70hujfgttw0ljxkh7g86w8rqzywx0f7psysrk0cfn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLVFg0OEFSMHJYTjZxNUM0
            ZmY0NUU0c3pNK1d4ak0wcmYrRTN1TEcyakZRCnBLNzNxNm5YWk9kNzZqL0dHMkhG
            UXA1bDY4QVg2K3d6eVBpWG1ybHN2VDAKLS0tIFJpSTk4cFZKeTVkd09sN3NmQzc1
            eXNvMElBbnkxaEVJZ1hRZnZDUmp0WE0KmjdpdtWkxNgwcm3GuGAhO2p8rH/UyGSW
            iJMXAD/FIbbB9e50oSVixg5PFZuqL6ryxFDrj8UgUZozBVXFrlZfBw==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2023-04-12T14:46:17Z"
    mac: ENC[AES256_GCM,data:2OxHuP8xjwuS999XylcyAXEOhJJY2OGcPbYzE5/9GJZVOv/C5FWV1zRhdauByTcODjUeUYx3n0N4VsT7PlPBLTnKGuW7K9n2Dou0PsPxTOy/NgtUpB4cmpIr/Kflf7uTHTahzRMT5lRmZOA0Z7HggiAYq1fSAo+uRfldkQtk5R0=,iv:t8Oyqrl3XWtgh8IbZzjEyXWRmudLgOeZQgIsFjQBODI=,tag:n0yZMiR1htdYwld3LarK3Q==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3