Compare commits
2 commits
5da958c996
...
6d6e66a056
Author | SHA1 | Date | |
---|---|---|---|
6d6e66a056 | |||
55473f78ad |
6 changed files with 82 additions and 69 deletions
36
flake.lock
36
flake.lock
|
@ -84,11 +84,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1704498488,
|
"lastModified": 1705104164,
|
||||||
"narHash": "sha256-yINKdShHrtjdiJhov+q0s3Y3B830ujRoSbHduUNyKag=",
|
"narHash": "sha256-pllCu3Hcm1wP/B0SUxgUXvHeEd4w8s2aVrEQRdIL1yo=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "51e44a13acea71b36245e8bd8c7db53e0a3e61ee",
|
"rev": "0912d26b30332ae6a90e1b321ff88e80492127dd",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -128,11 +128,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1704590722,
|
"lastModified": 1705108826,
|
||||||
"narHash": "sha256-exh2bDwYYkdJgm5wLvpWht5bRuPigk8v4Z7l4RegX3Q=",
|
"narHash": "sha256-1xOzPcS8Zr4rqgLoaRwAcKqdCdzrBDaNwT+tiBdXf18=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nix-vscode-extensions",
|
"repo": "nix-vscode-extensions",
|
||||||
"rev": "7d0eace387cf4fd2812d0791684f4befa0865512",
|
"rev": "92fd8c24719f08692c36b685de6884a20080edf0",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -166,11 +166,11 @@
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1704632650,
|
"lastModified": 1704786394,
|
||||||
"narHash": "sha256-83J/nd/NoLqo3vj0S0Ppqe8L+ijIFiGL6HNDfCCUD/Q=",
|
"narHash": "sha256-aJM0ln9fMGWw1+tjyl5JZWZ3ahxAA2gw2ZpZY/hkEMs=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "c478b3d56969006e015e55aaece4931f3600c1b2",
|
"rev": "b34a6075e9e298c4124e35c3ccaf2210c1f3a43b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -182,11 +182,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1704194953,
|
"lastModified": 1704722960,
|
||||||
"narHash": "sha256-RtDKd8Mynhe5CFnVT8s0/0yqtWFMM9LmCzXv/YKxnq4=",
|
"narHash": "sha256-mKGJ3sPsT6//s+Knglai5YflJUF2DGj7Ai6Ynopz0kI=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "bd645e8668ec6612439a9ee7e71f7eac4099d4f6",
|
"rev": "317484b1ead87b9c1b8ac5261a8d2dd748a0492d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -230,11 +230,11 @@
|
||||||
},
|
},
|
||||||
"nur": {
|
"nur": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1704645857,
|
"lastModified": 1705110884,
|
||||||
"narHash": "sha256-YRFry+uleoeDKs0kr039eVCN5XSCOuUbgbyKMJRXeFY=",
|
"narHash": "sha256-8t8C+vYVoNsG7uv1cH/vkUHM84EkxGRoPuwk1TMXBZE=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "NUR",
|
"repo": "NUR",
|
||||||
"rev": "e72bc8a4fff841c6a131fe40471e4ae401f31096",
|
"rev": "075357ead2dbaf5c64120371f6a1e57d1ee23a02",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -266,11 +266,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable_2"
|
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1704596510,
|
"lastModified": 1704908274,
|
||||||
"narHash": "sha256-tupdwwg1WeX2hNMOQrvtyafTaTVty0QC/gQp7yaYJic=",
|
"narHash": "sha256-74W9Yyomv3COGRmKi8zvyA5tL2KLiVkBeaYmYLjXyOw=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "f5fbcc0f50e7fc60c4f806fa7a09abccf0826d8a",
|
"rev": "c0b3a5af90fae3ba95645bbf85d2b64880addd76",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
92
flake.nix
92
flake.nix
|
@ -9,7 +9,7 @@
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
nix-vscode-extensions = {
|
nix-vscode-extensions = {
|
||||||
url = "github:nix-community/nix-vscode-extensions";
|
url = "github:nix-community/nix-vscode-extensions";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
inputs.flake-utils.follows = "flake-utils";
|
inputs.flake-utils.follows = "flake-utils";
|
||||||
|
@ -86,7 +86,7 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
mkNixos = { system, modules, specialArgs ? {}}: nixpkgs.lib.nixosSystem {
|
mkNixos = { system, modules, specialArgs ? { } }: nixpkgs.lib.nixosSystem {
|
||||||
inherit system;
|
inherit system;
|
||||||
specialArgs = specialArgs // { inherit inputs system; };
|
specialArgs = specialArgs // { inherit inputs system; };
|
||||||
modules = [
|
modules = [
|
||||||
|
@ -102,57 +102,65 @@
|
||||||
|
|
||||||
homeConfigurations = builtins.listToAttrs [ (mkHomeConfiguration "xin" "calcite") ];
|
homeConfigurations = builtins.listToAttrs [ (mkHomeConfiguration "xin" "calcite") ];
|
||||||
|
|
||||||
colmenaHive = colmena.lib.makeHive {
|
colmenaHive =
|
||||||
|
let
|
||||||
|
deploymentModule = {
|
||||||
|
deployment.targetUser = "xin";
|
||||||
|
};
|
||||||
|
sharedModules = [
|
||||||
|
self.nixosModules.default
|
||||||
|
deploymentModule
|
||||||
|
];
|
||||||
|
in
|
||||||
|
colmena.lib.makeHive {
|
||||||
meta = {
|
meta = {
|
||||||
nixpkgs = import nixpkgs {
|
nixpkgs = import nixpkgs {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
};
|
};
|
||||||
machinesFile = ./nixbuild.net;
|
machinesFile = ./nixbuild.net;
|
||||||
specialArgs = {
|
specialArgs = {
|
||||||
inherit inputs;
|
inherit inputs;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
massicot = { name, nodes, pkgs, ... }: with inputs; {
|
massicot = { name, nodes, pkgs, ... }: with inputs; {
|
||||||
deployment.targetHost = "49.13.13.122";
|
deployment.targetHost = "49.13.13.122";
|
||||||
|
deployment.buildOnTarget = true;
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
{ nixpkgs.system = "aarch64-linux"; }
|
{ nixpkgs.system = "aarch64-linux"; }
|
||||||
self.nixosModules.default
|
machines/massicot
|
||||||
machines/massicot
|
] ++ sharedModules;
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
sgp-00 = { name, nodes, pkgs, ... }: with inputs; {
|
sgp-00 = { name, nodes, pkgs, ... }: with inputs; {
|
||||||
imports = [
|
imports = [
|
||||||
self.nixosModules.default
|
machines/dolomite
|
||||||
machines/dolomite
|
] ++ sharedModules;
|
||||||
];
|
nixpkgs.system = "x86_64-linux";
|
||||||
nixpkgs.system = "x86_64-linux";
|
networking.hostName = "sgp-00";
|
||||||
networking.hostName = "sgp-00";
|
system.stateVersion = "23.11";
|
||||||
system.stateVersion = "23.11";
|
deployment = {
|
||||||
deployment = {
|
targetHost = "video.namely.icu";
|
||||||
targetHost = "video.namely.icu";
|
buildOnTarget = false;
|
||||||
buildOnTarget = false;
|
tags = [ "proxy" ];
|
||||||
tags = [ "proxy" ];
|
};
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
tok-00 = { name, nodes, pkgs, ... }: with inputs; {
|
tok-00 = { name, nodes, pkgs, ... }: with inputs; {
|
||||||
imports = [
|
imports = [
|
||||||
self.nixosModules.default
|
machines/dolomite
|
||||||
machines/dolomite
|
] ++ sharedModules;
|
||||||
];
|
nixpkgs.system = "x86_64-linux";
|
||||||
nixpkgs.system = "x86_64-linux";
|
networking.hostName = "tok-00";
|
||||||
networking.hostName = "tok-00";
|
system.stateVersion = "23.11";
|
||||||
system.stateVersion = "23.11";
|
deployment = {
|
||||||
deployment = {
|
targetHost = "video01.namely.icu";
|
||||||
targetHost = "video01.namely.icu";
|
buildOnTarget = false;
|
||||||
buildOnTarget = false;
|
tags = [ "proxy" ];
|
||||||
tags = [ "proxy" ];
|
};
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
calcite = mkNixos {
|
calcite = mkNixos {
|
||||||
|
@ -191,7 +199,7 @@
|
||||||
{
|
{
|
||||||
devShells = {
|
devShells = {
|
||||||
default = pkgs.mkShell {
|
default = pkgs.mkShell {
|
||||||
packages = with pkgs; [ git colmena sops nix-output-monitor ];
|
packages = with pkgs; [ git colmena sops nix-output-monitor rnix-lsp ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -66,12 +66,17 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services.fail2ban.enable = true;
|
services.fail2ban.enable = true;
|
||||||
|
programs.mosh.enable = true;
|
||||||
|
|
||||||
security.sudo = {
|
security.sudo = {
|
||||||
execWheelOnly = true;
|
execWheelOnly = true;
|
||||||
wheelNeedsPassword = false;
|
wheelNeedsPassword = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nix.settings = {
|
||||||
|
trusted-users = config.users.groups.wheel.members;
|
||||||
|
};
|
||||||
|
|
||||||
services.sing-box = let
|
services.sing-box = let
|
||||||
singTls = {
|
singTls = {
|
||||||
enabled = true;
|
enabled = true;
|
||||||
|
|
|
@ -87,8 +87,8 @@
|
||||||
KerberosAuthentication = "no";
|
KerberosAuthentication = "no";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.fail2ban.enable = true;
|
services.fail2ban.enable = true;
|
||||||
|
programs.mosh.enable = true;
|
||||||
|
|
||||||
systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
|
systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -26,13 +26,13 @@ in
|
||||||
dynamic_padding = true;
|
dynamic_padding = true;
|
||||||
};
|
};
|
||||||
import = [
|
import = [
|
||||||
"${config.xdg.configHome}/alacritty/catppuccin-macchiato.yml"
|
"${config.xdg.configHome}/alacritty/catppuccin-macchiato.toml"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
xdg.configFile."alacritty/catppuccin-macchiato.yml".source = builtins.fetchurl {
|
xdg.configFile."alacritty/catppuccin-macchiato.toml".source = builtins.fetchurl {
|
||||||
url = "https://raw.githubusercontent.com/catppuccin/alacritty/main/catppuccin-macchiato.yml";
|
url = "https://raw.githubusercontent.com/catppuccin/alacritty/main/catppuccin-macchiato.toml";
|
||||||
sha256 = "sha256-+m8FyPStdh1A1xMVBOkHpfcaFPcyVL99tIxHuDZ2zXI=";
|
sha256 = "sha256:1iq187vg64h4rd15b8fv210liqkbzkh8sw04ykq0hgpx20w3qilv";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue