From c0e2e3b8b9b93e5d0b7e106a64db1e15b79b2a11 Mon Sep 17 00:00:00 2001 From: xinyangli Date: Sun, 16 Apr 2023 10:30:45 +0800 Subject: [PATCH] use home manager --- .gitattributes | 2 +- .sops.yaml | 14 ++++ flake.lock | 133 +++++++++++++++++++++++++----- flake.nix | 40 ++++++--- home/xin/laptop/default.nix | 15 ++++ machines/laptop/configuration.nix | 11 ++- machines/laptop/secret.nix | Bin 494 -> 598 bytes modules/home-manager/default.nix | 3 + modules/nixos/default.nix | 3 + secrets/laptop/default.yaml | 30 +++++++ 10 files changed, 215 insertions(+), 36 deletions(-) create mode 100644 .sops.yaml create mode 100644 home/xin/laptop/default.nix create mode 100644 modules/home-manager/default.nix create mode 100644 modules/nixos/default.nix create mode 100644 secrets/laptop/default.yaml diff --git a/.gitattributes b/.gitattributes index 0dab521..e8965a2 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1,2 @@ machines/laptop/secret.nix filter=git-crypt diff=git-crypt -machines/clash.nix filter=git-crypt diff=git-crypt \ No newline at end of file +machines/clash.nix filter=git-crypt diff=git-crypt diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..56ad9bb --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,14 @@ +keys: + - &xin age1n359y6qkgzypu0lkcy66pfpneskul35xyhrzz3qumjsmeyp2wsuqq0df49 + - &host-laptop age179ldmg92wqsspgujc70hujfgttw0ljxkh7g86w8rqzywx0f7psysrk0cfn +creation_rules: + - path_regex: secrets/laptop/[^/]+\.yaml$ + key_groups: + - age: + - *xin + - *host-laptop + - path_regex: secrets/common/[^/]+\.yaml$ + kay_groups: + - age: + - *xin + - *host-laptop diff --git a/flake.lock b/flake.lock index 19c8035..ed3a4f5 100644 --- a/flake.lock +++ b/flake.lock @@ -37,12 +37,15 @@ } }, "flake-utils_2": { + "inputs": { + "systems": "systems" + }, "locked": { - "lastModified": 1678901627, - "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "lastModified": 1681037374, + "narHash": "sha256-XL6X3VGbEFJZDUouv2xpKg2Aljzu/etPLv5e1FPt1q0=", "owner": "numtide", "repo": "flake-utils", - "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "rev": "033b9f258ca96a10e543d4442071f614dc3f8412", "type": "github" }, "original": { @@ -51,19 +54,39 @@ "type": "github" } }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1681468923, + "narHash": "sha256-+X2oO4juRVhQRs002mn8km6PODccIRiz09c2K1xtSpY=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "17198cf5ae27af5b647c7dac58d935a7d0dbd189", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "nixos-cn": { "inputs": { "flake-utils": "flake-utils", "nixpkgs": [ - "nixpkgs-stable" + "nixpkgs" ] }, "locked": { - "lastModified": 1680485243, - "narHash": "sha256-DyPq1Nn8f1TwBXqJBD4iicrv97ALg2IHW9YSw91oDhU=", + "lastModified": 1681522588, + "narHash": "sha256-GG2C4OEAIEE6rIeU+ba6YN2hZe2neZ5HF6acEwncsqU=", "owner": "nixos-cn", "repo": "flakes", - "rev": "c2fd9273eadae18fecc2047180329fb05d739cf3", + "rev": "fc7cb10f00b69c97fab945400f480dac06496ff2", "type": "github" }, "original": { @@ -74,11 +97,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1680213900, - "narHash": "sha256-cIDr5WZIj3EkKyCgj/6j3HBH4Jj1W296z7HTcWj1aMA=", + "lastModified": 1681303793, + "narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e3652e0735fbec227f342712f180f4f21f0594f2", + "rev": "fe2ecaf706a5907b5e54d979fbde4924d84b65fc", "type": "github" }, "original": { @@ -90,11 +113,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1680334310, - "narHash": "sha256-ISWz16oGxBhF7wqAxefMPwFag6SlsA9up8muV79V9ck=", + "lastModified": 1681349002, + "narHash": "sha256-9Ckc2WvSwuYrPfk3ZXgPasM1ir/cgs6UV0EpIWyPGZE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "884e3b68be02ff9d61a042bc9bd9dd2a358f95da", + "rev": "2b1bba76a13ed39c7abc0a6e8f74f9e168cf3c7c", "type": "github" }, "original": { @@ -104,13 +127,45 @@ "type": "github" } }, + "nixpkgs-stable_2": { + "locked": { + "lastModified": 1681005198, + "narHash": "sha256-5LrnBeXR7Hv8OXh6eany7br4qBW+ZNl4LKf1CJu9zbg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e45cc0138829ad86e7ff17a76acf2d05e781e30a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-22.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1680942619, + "narHash": "sha256-kpCW1IegAZfEjCVJW7IPN/hEtRL/9dxaFFYiHS5qVAk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "6f95dd4fd050daf017cae2dfeb1cea1ec0e4c1a1", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { "locked": { - "lastModified": 1680505766, - "narHash": "sha256-5E6ZFt13gJnKIZChTSMnKU1nKjuzyaQ7s1jUgVl85hs=", + "lastModified": 1681527005, + "narHash": "sha256-BMO3rnCA8kr5Cq/URyU25j1eSL3HygUT1rd7vniwfKE=", "owner": "nix-community", "repo": "NUR", - "rev": "f9584e3b5d8ea46f9b25631cbab588b14b7e0be0", + "rev": "ace101967ecf693fad5387d671b09435b23fd9dc", "type": "github" }, "original": { @@ -124,15 +179,15 @@ "flake-utils": "flake-utils_2", "flake-utils-plus": "flake-utils-plus", "nixpkgs": [ - "nixpkgs-stable" + "nixpkgs" ] }, "locked": { - "lastModified": 1680504755, - "narHash": "sha256-tDOIL7DWfxLUCCZawVbszzROGqzOYBYpP0XbPdVKNp8=", + "lastModified": 1681369018, + "narHash": "sha256-bqwKQX4G4DgxEalw8h0zlG0B/GQzOk5djQBpmFz0zzs=", "owner": "xddxdd", "repo": "nur-packages", - "rev": "d24e41633775d7aa68a95c36a74905a324bd524f", + "rev": "eb318d24ebdcf6efd8af91a54cd932ed3ed86f78", "type": "github" }, "original": { @@ -143,11 +198,47 @@ }, "root": { "inputs": { + "home-manager": "home-manager", "nixos-cn": "nixos-cn", "nixpkgs": "nixpkgs", "nixpkgs-stable": "nixpkgs-stable", "nur": "nur", - "nur-xddxdd": "nur-xddxdd" + "nur-xddxdd": "nur-xddxdd", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "nixpkgs-stable": "nixpkgs-stable_2" + }, + "locked": { + "lastModified": 1681209176, + "narHash": "sha256-wyQokPpkNZnsl/bVf8m1428tfA0hJ0w/qexq4EizhTc=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "00d5fd73756d424de5263b92235563bc06f2c6e1", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index f8f6210..3c3b675 100644 --- a/flake.nix +++ b/flake.nix @@ -4,28 +4,46 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-22.11"; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nur.url = "github:nix-community/NUR"; nur-xddxdd = { url = "github:xddxdd/nur-packages"; - inputs.nixpkgs.follows = "nixpkgs-stable"; + inputs.nixpkgs.follows = "nixpkgs"; }; nixos-cn = { url = "github:nixos-cn/flakes"; # Use the same nixpkgs - inputs.nixpkgs.follows = "nixpkgs-stable"; + inputs.nixpkgs.follows = "nixpkgs"; }; + + sops-nix.url = "github:Mic92/sops-nix"; }; - outputs = { self, nixpkgs, nur, nixos-cn, ...}@attrs: { - nixosConfigurations.xin-laptop = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = attrs; - modules = [ - nur.nixosModules.nur - machines/laptop/configuration.nix - ]; + outputs = { self, nixpkgs, nur, home-manager, sops-nix, nixos-cn, ... }@inputs: + let + mkHome = user: host: home-manager.nixosModules.home-manager { + extraSpecialArgs = { inherit inputs; }; + home-manager.users.${user} = import ./home/${user}/${host}; + }; + in + { + nixosModules = import ./modules/nixos; + homeManagerModules = import ./modules/home-manager; + + nixosConfigurations.xin-laptop = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + machines/laptop/configuration.nix + nur.nixosModules.nur + sops-nix.nixosModules.sops + ]; + specialArgs = inputs; + }; }; - }; } diff --git a/home/xin/laptop/default.nix b/home/xin/laptop/default.nix new file mode 100644 index 0000000..5b2d754 --- /dev/null +++ b/home/xin/laptop/default.nix @@ -0,0 +1,15 @@ + +{ + home.username = "xin"; + home.homeDirectory = "/home/xin"; + + accounts = { + gmail = { + + }; + + }; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; +} \ No newline at end of file diff --git a/machines/laptop/configuration.nix b/machines/laptop/configuration.nix index 0b5fef1..6eb7607 100644 --- a/machines/laptop/configuration.nix +++ b/machines/laptop/configuration.nix @@ -2,7 +2,7 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, pkgs, nixos-cn, nur-xddxdd, ... }: +{ config, pkgs, nixos-cn, nur, nur-xddxdd, ... }: { imports = @@ -44,7 +44,6 @@ i18n.inputMethod = { enabled = "fcitx5"; fcitx5.addons = with pkgs; [ fcitx5-rime ]; - fcitx5.enableRimeData = true; }; i18n.extraLocaleSettings = { @@ -204,7 +203,7 @@ # IM tdesktop qq - nur-xddxdd.packages.${system}.wechat-uos-bin + nur-xddxdd.packages."x86_64-linux".wechat-uos-bin # nixos-cn.legacyPackages.${system}.wechat-uos # Mail @@ -295,6 +294,7 @@ # Enable Tailscale services.tailscale.enable = true; + services.tailscale.useRoutingFeatures = "both"; # Setup Nvidia driver services.xserver.videoDrivers = [ "nvidia" ]; @@ -347,5 +347,10 @@ enable = true; enableNvidia = true; }; + docker = { + enable = true; + enableNvidia = true; + autoPrune.enable = true; + }; }; } diff --git a/machines/laptop/secret.nix b/machines/laptop/secret.nix index 15bc5d55d29ffc24f1f59c615d0b39a6134d634a..06f9d0675663640b2101b1065da53a2b2c8db0b8 100644 GIT binary patch literal 598 zcmV-c0;&A~M@dveQdv+`06myu>)UVX`o4ms$`-44qW{da|JWvou`CzTspPH)eR9Ds z4y-8{b-&ov<5GmC0_cXJ6_0F6-aFOd&mfPxUYS+=uU+F-75!Kn{JZAiZKsU{j{9_- z0VNGb9`EFb#$tbK#omDnNYoC#8p?{SM#w>z-XZBN|5h$Cf{sqYoWH_(Z0BB zRWV0c&tGCih+5Thyh}IX32(8^n?0i=lqY93uYkZB?5Xvq>{XP)spV+v5AgMM?|e^W}*|*24Ns zzZG_Z8n2v|bDw{S`y~HhwMY{_PI296 zM*0zk#g9F`4?b!2BpyCG4}cGB4rx=!`TMpsPcLWb1jQ8I^uA?e`w6mxcKqH@hf~Gj z^{9L>;e47+)=2Z5@l$YFa%K;HWAC6+GF&%-cMD_oi1o~<4QOx`Iaufpe+UeAGCk!~ zz%9vOZI@|Kvj#WbTNG+H_0FT6j%qj(^FcbL{GZ}0!@eOYO$Go>QaE~J;rT_o{ literal 494 zcmVfd!cj|NH7(&y0vzR(DM%s&qwt@$dq>F#mHZ84=7~kLng{46YcA9bW$Ab z3|UTv>25SBNvTmlFH(bc56^31m#&=lqw8w~9K8HAj%?k+AxISo*qTk?W_~PhmNkrJ z95v7s9Fp;0BlTAGCv}u=pHKr*)!MTf)ImI5SPH_p{UdIO@FGayA zuscPE0L8I5DlwBJK0?^YO$A*fzB-$cvhJZ41n*=^&%c6WU@rFDIm3EuD`o5!6t}etQBd|FKux3+5i9m diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix new file mode 100644 index 0000000..0e0dcd2 --- /dev/null +++ b/modules/home-manager/default.nix @@ -0,0 +1,3 @@ +{ + +} \ No newline at end of file diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..077404a --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,3 @@ +{ + +} \ No newline at end of file diff --git a/secrets/laptop/default.yaml b/secrets/laptop/default.yaml new file mode 100644 index 0000000..a590e66 --- /dev/null +++ b/secrets/laptop/default.yaml @@ -0,0 +1,30 @@ +gmail: ENC[AES256_GCM,data:CajGtLth9OWLc4OHvRB2WIf9h8Fz4A==,iv:8VpGHDn06sDsTwsIVSHf9teRLNWx3hmQJ7Qml5ovjoo=,tag:dVIgRQ9LjSWSe/6QdCVUyA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1n359y6qkgzypu0lkcy66pfpneskul35xyhrzz3qumjsmeyp2wsuqq0df49 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByNmR1LzJkZUxHcnRsV0Nj + RVRJZ3lZWmhzWFkyM3M5ZHZyZGo5OG0xZmpJCkVEd0VmNVNDejlDY0pYcmNHMjB0 + a1d0UDVQRFFCUUxFMXh2UlBGc0RRZk0KLS0tIFpJRVIvM1Q3NG02ZEk2MEdsYmkz + YU9zMzJCcDVtRGdOWXNSMGpCcUNneDgKUDVNx2OjyOSRzMqhmFkBx3do4VrNO/fw + tFk4EzayyNoRAd5Ch/XfAccGwLceNhvMPZYxcB0hZljZM5u3g3JPtQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age179ldmg92wqsspgujc70hujfgttw0ljxkh7g86w8rqzywx0f7psysrk0cfn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLVFg0OEFSMHJYTjZxNUM0 + ZmY0NUU0c3pNK1d4ak0wcmYrRTN1TEcyakZRCnBLNzNxNm5YWk9kNzZqL0dHMkhG + UXA1bDY4QVg2K3d6eVBpWG1ybHN2VDAKLS0tIFJpSTk4cFZKeTVkd09sN3NmQzc1 + eXNvMElBbnkxaEVJZ1hRZnZDUmp0WE0KmjdpdtWkxNgwcm3GuGAhO2p8rH/UyGSW + iJMXAD/FIbbB9e50oSVixg5PFZuqL6ryxFDrj8UgUZozBVXFrlZfBw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-04-12T14:46:17Z" + mac: ENC[AES256_GCM,data:2OxHuP8xjwuS999XylcyAXEOhJJY2OGcPbYzE5/9GJZVOv/C5FWV1zRhdauByTcODjUeUYx3n0N4VsT7PlPBLTnKGuW7K9n2Dou0PsPxTOy/NgtUpB4cmpIr/Kflf7uTHTahzRMT5lRmZOA0Z7HggiAYq1fSAo+uRfldkQtk5R0=,iv:t8Oyqrl3XWtgh8IbZzjEyXWRmudLgOeZQgIsFjQBODI=,tag:n0yZMiR1htdYwld3LarK3Q==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3