diff --git a/devshells/java17-maven/flake.lock b/devshells/java17-maven/flake.lock new file mode 100644 index 0000000..ae71305 --- /dev/null +++ b/devshells/java17-maven/flake.lock @@ -0,0 +1,64 @@ +{ + "nodes": { + "flake-utils": { + "inputs": { + "systems": [ + "systems" + ] + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1736684107, + "narHash": "sha256-vH5mXxEvZeoGNkqKoCluhTGfoeXCZ1seYhC2pbMN0sg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "635e887b48521e912a516625eee7df6cf0eba9c1", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs", + "systems": "systems" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/devshells/java17-maven/flake.nix b/devshells/java17-maven/flake.nix new file mode 100644 index 0000000..106308a --- /dev/null +++ b/devshells/java17-maven/flake.nix @@ -0,0 +1,21 @@ +{ + description = "A basic flake with a shell"; + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + inputs.systems.url = "github:nix-systems/default"; + inputs.flake-utils = { + url = "github:numtide/flake-utils"; + inputs.systems.follows = "systems"; + }; + + outputs = + { nixpkgs, flake-utils, ... }: + flake-utils.lib.eachDefaultSystem ( + system: + let + pkgs = nixpkgs.legacyPackages.${system}; + in + { + devShells.default = pkgs.mkShell { packages = with pkgs; [ maven jdk17 ]; }; + } + ); +} diff --git a/devshells/java21-maven/flake.lock b/devshells/java21-maven/flake.lock new file mode 100644 index 0000000..72a721c --- /dev/null +++ b/devshells/java21-maven/flake.lock @@ -0,0 +1,64 @@ +{ + "nodes": { + "flake-utils": { + "inputs": { + "systems": [ + "systems" + ] + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1734435836, + "narHash": "sha256-kMBQ5PRiFLagltK0sH+08aiNt3zGERC2297iB6vrvlU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4989a246d7a390a859852baddb1013f825435cee", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs", + "systems": "systems" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/devshells/java21-maven/flake.nix b/devshells/java21-maven/flake.nix new file mode 100644 index 0000000..79f8a2c --- /dev/null +++ b/devshells/java21-maven/flake.nix @@ -0,0 +1,21 @@ +{ + description = "A basic flake with a shell"; + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + inputs.systems.url = "github:nix-systems/default"; + inputs.flake-utils = { + url = "github:numtide/flake-utils"; + inputs.systems.follows = "systems"; + }; + + outputs = + { nixpkgs, flake-utils, ... }: + flake-utils.lib.eachDefaultSystem ( + system: + let + pkgs = nixpkgs.legacyPackages.${system}; + in + { + devShells.default = pkgs.mkShell { packages = with pkgs; [ maven jdk21 ]; }; + } + ); +} diff --git a/devshells/php8/flake.lock b/devshells/php8/flake.lock new file mode 100644 index 0000000..ae71305 --- /dev/null +++ b/devshells/php8/flake.lock @@ -0,0 +1,64 @@ +{ + "nodes": { + "flake-utils": { + "inputs": { + "systems": [ + "systems" + ] + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1736684107, + "narHash": "sha256-vH5mXxEvZeoGNkqKoCluhTGfoeXCZ1seYhC2pbMN0sg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "635e887b48521e912a516625eee7df6cf0eba9c1", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs", + "systems": "systems" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/devshells/php8/flake.nix b/devshells/php8/flake.nix new file mode 100644 index 0000000..146dfe4 --- /dev/null +++ b/devshells/php8/flake.nix @@ -0,0 +1,30 @@ +{ + description = "A basic flake with a shell"; + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + inputs.systems.url = "github:nix-systems/default"; + inputs.flake-utils = { + url = "github:numtide/flake-utils"; + inputs.systems.follows = "systems"; + }; + + outputs = + { nixpkgs, flake-utils, ... }: + flake-utils.lib.eachDefaultSystem ( + system: + let + pkgs = nixpkgs.legacyPackages.${system}; + in + { + devShells.default = pkgs.mkShell { packages = with pkgs; [ (php81.buildEnv { + extensions = ({ enabled, all }: enabled ++ (with all; [ + xdebug + ])); + extraConfig = '' + xdebug.mode=debug + ''; + }) + php81Packages.composer + ]; }; + } + ); +} diff --git a/devshells/texlive-with-pygments/flake.lock b/devshells/texlive-with-pygments/flake.lock new file mode 100644 index 0000000..cd08dba --- /dev/null +++ b/devshells/texlive-with-pygments/flake.lock @@ -0,0 +1,64 @@ +{ + "nodes": { + "flake-utils": { + "inputs": { + "systems": [ + "systems" + ] + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1739624908, + "narHash": "sha256-f84lBmLl4tkDp1ZU5LBTSFzlxXP4926DVW3KnXrke10=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a60651b217d2e529729cbc7d989c19f3941b9250", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs", + "systems": "systems" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/devshells/texlive-with-pygments/flake.nix b/devshells/texlive-with-pygments/flake.nix new file mode 100644 index 0000000..3a6635e --- /dev/null +++ b/devshells/texlive-with-pygments/flake.nix @@ -0,0 +1,21 @@ +{ + description = "Flake for TeXlive with python pygments"; + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + inputs.systems.url = "github:nix-systems/default"; + inputs.flake-utils = { + url = "github:numtide/flake-utils"; + inputs.systems.follows = "systems"; + }; + + outputs = + { nixpkgs, flake-utils, ... }: + flake-utils.lib.eachDefaultSystem ( + system: + let + pkgs = nixpkgs.legacyPackages.${system}; + in + { + devShells.default = pkgs.mkShell { packages = with pkgs; [ texliveFull python3Packages.pygments ]; }; + } + ); +} diff --git a/flake.lock b/flake.lock index 3348a05..000b4f1 100644 --- a/flake.lock +++ b/flake.lock @@ -1,28 +1,5 @@ { "nodes": { - "agenix": { - "inputs": { - "darwin": [], - "home-manager": "home-manager", - "nixpkgs": [ - "nixpkgs" - ], - "systems": "systems" - }, - "locked": { - "lastModified": 1770165109, - "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", - "owner": "ryantm", - "repo": "agenix", - "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", - "type": "github" - }, - "original": { - "owner": "ryantm", - "repo": "agenix", - "type": "github" - } - }, "auto-cpufreq": { "inputs": { "nixpkgs": [ @@ -30,11 +7,11 @@ ] }, "locked": { - "lastModified": 1772058043, - "narHash": "sha256-m1cmQgb6tBcHkndKZ8BSsw6PRNJMG89FZwoYVOuKi34=", + "lastModified": 1748372346, + "narHash": "sha256-7y7NZ6uW0GbT0h4gqfD2xvRuJj5IlPGw32oIc9Twga8=", "owner": "AdnanHodzic", "repo": "auto-cpufreq", - "rev": "5d600d710bb2aa331e1a4370e08476bcdea1cab5", + "rev": "becd5b89963fa54fef3566147f3fd2087f8a5842", "type": "github" }, "original": { @@ -43,26 +20,6 @@ "type": "github" } }, - "disko": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1773889306, - "narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=", - "owner": "nix-community", - "repo": "disko", - "rev": "5ad85c82cc52264f4beddc934ba57f3789f28347", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "disko", - "type": "github" - } - }, "flake-compat": { "flake": false, "locked": { @@ -79,21 +36,6 @@ "type": "github" } }, - "flake-compat_2": { - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "gitignore": { "inputs": { "nixpkgs": [ @@ -119,41 +61,20 @@ "home-manager": { "inputs": { "nixpkgs": [ - "agenix", "nixpkgs" ] }, "locked": { - "lastModified": 1745494811, - "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "lastModified": 1749154018, + "narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=", "owner": "nix-community", "repo": "home-manager", - "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111", "type": "github" }, "original": { "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1774559029, - "narHash": "sha256-deix7yg3j6AhjMPnFDCmWB3f83LsajaaULP5HH2j34k=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "a0bb0d11514f92b639514220114ac8063c72d0a3", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-25.11", + "ref": "release-25.05", "repo": "home-manager", "type": "github" } @@ -166,11 +87,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1764660538, - "narHash": "sha256-kEWb9Hc2OxdLhJ1pRdW7zRZ57Mul3/Jpy3vyhQ8Yq6o=", + "lastModified": 1746906641, + "narHash": "sha256-b6few4tkqN2TWdrZTwWOjsWxA11rle7y9pcc0/ynuoE=", "owner": "~rycee", "repo": "lazy-apps", - "rev": "4ddc92c77213f8ed3ddef1868f4a19002afa728a", + "rev": "0b30a0bf524a661f9657c441d021aaa5724f12ff", "type": "sourcehut" }, "original": { @@ -181,11 +102,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1774465523, - "narHash": "sha256-4v7HPm63Q90nNn4fgkgKsjW1AH2Klw7XzPtHJr562nM=", + "lastModified": 1749195551, + "narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "de895be946ad1d8aafa0bb6dfc7e7e0e9e466a29", + "rev": "4602f7e1d3f197b3cb540d5accf5669121629628", "type": "github" }, "original": { @@ -197,36 +118,20 @@ }, "nixpkgs": { "locked": { - "lastModified": 1774388614, - "narHash": "sha256-tFwzTI0DdDzovdE9+Ras6CUss0yn8P9XV4Ja6RjA+nU=", + "lastModified": 1749086602, + "narHash": "sha256-DJcgJMekoxVesl9kKjfLPix2Nbr42i7cpEHJiTnBUwU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1073dad219cb244572b74da2b20c7fe39cb3fa9e", + "rev": "4792576cb003c994bd7cc1edada3129def20b27d", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-25.11", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs-libvncserver": { - "locked": { - "lastModified": 1750111231, - "narHash": "sha256-3a7Tha/RwYlzH/v3PJrG7+HjOj4c6YOv2K8sqdGsHVQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e6f23dc08d3624daab7094b701aa3954923c6bbb", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e6f23dc08d3624daab7094b701aa3954923c6bbb", - "type": "github" - } - }, "nixpkgs-stable": { "locked": { "lastModified": 1730741070, @@ -243,38 +148,6 @@ "type": "github" } }, - "nixpkgs-stable_2": { - "locked": { - "lastModified": 1769318308, - "narHash": "sha256-Mjx6p96Pkefks3+aA+72lu1xVehb6mv2yTUUqmSet6Q=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "1cd347bf3355fce6c64ab37d3967b4a2cb4b878c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1774386573, - "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "pre-commit-hooks": { "inputs": { "flake-compat": "flake-compat", @@ -299,89 +172,17 @@ "type": "github" } }, - "proxmox-nixos": { - "inputs": { - "flake-compat": "flake-compat_2", - "nixpkgs-libvncserver": "nixpkgs-libvncserver", - "nixpkgs-stable": "nixpkgs-stable_2", - "utils": "utils" - }, - "locked": { - "lastModified": 1769870714, - "narHash": "sha256-wjwCj70iiFXoAasQto+3jTaA4wCMOAs/rdX+nsmtBrQ=", - "owner": "SaumonNet", - "repo": "proxmox-nixos", - "rev": "c1f79f104930347a0b84abbca0d42884063a8c09", - "type": "github" - }, - "original": { - "owner": "SaumonNet", - "repo": "proxmox-nixos", - "type": "github" - } - }, "root": { "inputs": { - "agenix": "agenix", "auto-cpufreq": "auto-cpufreq", - "disko": "disko", - "home-manager": "home-manager_2", + "home-manager": "home-manager", "lazy-apps": "lazy-apps", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", - "nixpkgs-unstable": "nixpkgs-unstable", - "proxmox-nixos": "proxmox-nixos", - "secrets": "secrets", - "systems": "systems_3" - } - }, - "secrets": { - "flake": false, - "locked": { - "lastModified": 1774571252, - "narHash": "sha256-NU/vfItTMSjaRTXe0UDzbWR8UnhkBUFU47OpqEpxKb4=", - "ref": "refs/heads/main", - "rev": "7965907ae885d77acb3c4ecc11cee096a12af868", - "revCount": 25, - "type": "git", - "url": "ssh://git@git.jfreudenberger.de/JuliusFreudenberger/nix-private.git" - }, - "original": { - "type": "git", - "url": "ssh://git@git.jfreudenberger.de/JuliusFreudenberger/nix-private.git" + "systems": "systems" } }, "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_3": { "locked": { "lastModified": 1689347949, "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", @@ -395,24 +196,6 @@ "repo": "default-linux", "type": "github" } - }, - "utils": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 0d1fcc0..558ac71 100644 --- a/flake.nix +++ b/flake.nix @@ -1,21 +1,12 @@ { description = "NixOS configuration of Julius Freudenberger"; - nixConfig = { - extra-substituters = [ - "https://cache.saumon.network/proxmox-nixos" - ]; - extra-trusted-public-keys = [ - "proxmox-nixos:D9RYSWpQQC/msZUWphOY2I5RLH5Dd6yQcaHIuug7dWM=" - ]; - }; - inputs = { - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; - nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; + #nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; home-manager = { - url = "github:nix-community/home-manager/release-25.11"; + url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; auto-cpufreq = { @@ -26,43 +17,24 @@ url = "sourcehut:~rycee/lazy-apps"; inputs.nixpkgs.follows = "nixpkgs"; }; - proxmox-nixos.url = "github:SaumonNet/proxmox-nixos"; - disko = { - url = "github:nix-community/disko"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - agenix = { - url = "github:ryantm/agenix"; - inputs = { - nixpkgs.follows = "nixpkgs"; - darwin.follows = ""; - }; - }; - secrets = { - url = "git+ssh://git@git.jfreudenberger.de/JuliusFreudenberger/nix-private.git"; - flake = false; - }; + systems.url = "github:nix-systems/default-linux"; }; outputs = { self, nixpkgs, - nixpkgs-unstable, + #nixpkgs-unstable, nixos-hardware, home-manager, auto-cpufreq, - proxmox-nixos, - agenix, - disko, systems, ... } @ inputs: let inherit (self) outputs; lib = nixpkgs.lib; - eachSystem = lib.genAttrs (import systems); forEachSystem = f: lib.genAttrs (import systems) (system: f pkgsFor.${system}); - pkgsFor = eachSystem ( + pkgsFor = lib.genAttrs (import systems) ( system: import nixpkgs { inherit system; @@ -82,6 +54,10 @@ system = "x86_64-linux"; specialArgs = { + #pkgs-unstable = import nixpkgs-unstable { + # inherit system; + # config.allowUnfree = true; + #}; inherit inputs outputs username; }; @@ -114,113 +90,6 @@ ./hosts/backup-raspberrypi ]; }; - - busch = nixpkgs.lib.nixosSystem rec { - system = "x86_64-linux"; - - specialArgs = { - inherit inputs outputs; - }; - - modules = [ - ./hosts/busch - disko.nixosModules.disko - proxmox-nixos.nixosModules.proxmox-ve - - ({...}: { - nixpkgs.overlays = [ - proxmox-nixos.overlays.${system} - ]; - }) - ]; - }; - - busch-main-docker = nixpkgs.lib.nixosSystem rec { - system = "x86_64-linux"; - - specialArgs = { - inherit inputs outputs; - }; - - modules = [ - ./hosts/busch-main-docker - disko.nixosModules.disko - agenix.nixosModules.default - ]; - }; - - srv01-hf = nixpkgs.lib.nixosSystem rec { - system = "x86_64-linux"; - - specialArgs = { - inherit inputs outputs; - pkgs-unstable = import nixpkgs-unstable { - inherit system; - config.allowUnfree = true; - }; - }; - - modules = [ - disko.nixosModules.disko - agenix.nixosModules.default - ./hosts/srv01.hf - ]; - }; - }; - - homeConfigurations = { - jufr2 = let - username = "jufr2"; - system = "x86_64-linux"; - pkgs = nixpkgs.legacyPackages.${system}; - in - home-manager.lib.homeManagerConfiguration { - inherit pkgs; - - extraSpecialArgs = { - inherit username; - }; - - modules = [ - home/core.nix - - home/targets/genericLinux.nix - - modules/nix.nix - home/neovim/default.nix - home/zsh/default.nix - home/cli.nix - home/gui.nix - home/java-dev.nix - - home/direnv/default.nix - ]; - - }; - }; - - devShells = eachSystem (system: - let - pkgs = nixpkgs.legacyPackages.${system}; - in { - java11-maven = pkgs.mkShell { packages = with pkgs; [ maven jdk11 ]; }; - java17-maven = pkgs.mkShell { packages = with pkgs; [ maven jdk17 ]; }; - java21-maven = pkgs.mkShell { packages = with pkgs; [ maven jdk21 ]; }; - texlive-with-pygments = pkgs.mkShell { packages = with pkgs; [ texliveFull python3Packages.pygments ]; }; - php8 = pkgs.mkShell { packages = with pkgs; [ - (php82.buildEnv { - extensions = ({ enabled, all }: enabled ++ (with all; [ - xdebug - ])); - extraConfig = '' - xdebug.mode=debug - ''; - }) - php82Packages.composer - ];}; - } - ); - }; } diff --git a/home/cli.nix b/home/cli.nix deleted file mode 100644 index 5c089dd..0000000 --- a/home/cli.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: { - home.packages = with pkgs; [ - wget - curl - git - neofetch - tealdeer - - pdfgrep - pdftk - p7zip - ]; - - programs = { - htop.enable = true; - bat.enable = true; - }; -} diff --git a/home/gui.nix b/home/gui.nix deleted file mode 100644 index e1627fe..0000000 --- a/home/gui.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: { - home.packages = with pkgs; [ - jetbrains.idea - teams-for-linux - mate.engrampa - zotero - deezer-enhanced - ]; - - programs = { - firefox.enable = true; - keepassxc = { - enable = true; - autostart = true; - }; - }; - - xdg.autostart.enable = true; -} diff --git a/home/java-dev.nix b/home/java-dev.nix deleted file mode 100644 index c4c5adc..0000000 --- a/home/java-dev.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: { - home.packages = with pkgs; [ - maven - gradle - ]; - - home.extraDependencies = with pkgs; [ - jdk11 - jdk17 - jdk21 - ]; -} diff --git a/home/targets/genericLinux.nix b/home/targets/genericLinux.nix deleted file mode 100644 index 061ab31..0000000 --- a/home/targets/genericLinux.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - ... -}: { - - targets.genericLinux.enable = true; - -} diff --git a/hosts/busch-main-docker/default.nix b/hosts/busch-main-docker/default.nix deleted file mode 100644 index 42b93a4..0000000 --- a/hosts/busch-main-docker/default.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ inputs, outputs, config, lib, pkgs, ... }: - -{ - imports = - [ - ../../modules/disko/legacy-full-ext4.nix - - ../../users/julius/nixos-server.nix - ../../modules/nix.nix - ../../modules/auto-upgrade.nix - ../../modules/locale.nix - ../../modules/server-cli.nix - ../../modules/sshd.nix - ../../modules/docker.nix - "${inputs.secrets}/modules/opkssh.nix" - - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - # Use the GRUB 2 boot loader. - boot = { - loader.grub = { - enable = true; - }; - tmp.useTmpfs = true; - }; - networking.hostName = "docker-main"; # Define your hostname. - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how - # to actually do that. - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "25.05"; # Did you read the comment? -} diff --git a/hosts/busch-main-docker/hardware-configuration.nix b/hosts/busch-main-docker/hardware-configuration.nix deleted file mode 100644 index 54932ff..0000000 --- a/hosts/busch-main-docker/hardware-configuration.nix +++ /dev/null @@ -1,17 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/hosts/busch/default.nix b/hosts/busch/default.nix deleted file mode 100644 index 199d471..0000000 --- a/hosts/busch/default.nix +++ /dev/null @@ -1,107 +0,0 @@ -{ inputs, outputs, config, lib, pkgs, ... }: - -{ - imports = - [ - ./disko.nix - - ../../modules/nix.nix - ../../modules/auto-upgrade.nix - ../../modules/locale.nix - ../../modules/server-cli.nix - ../../modules/sshd.nix - "${inputs.secrets}/modules/opkssh.nix" - - ../../modules/intel-cpu.nix - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - # Use the GRUB 2 boot loader. - boot = { - loader.grub = { - enable = true; - }; - tmp.useTmpfs = true; - }; - networking.hostName = "busch"; # Define your hostname. - users = { - users = { - julius = { - isNormalUser = true; - uid = 1000; - extraGroups = [ "wheel" "julius" ]; - }; - }; - groups = { - julius = { - gid = 1000; - }; - }; - }; - - nix.settings = { - substituters = [ - "https://cache.saumon.network/proxmox-nixos" - ]; - trusted-public-keys = [ - "proxmox-nixos:D9RYSWpQQC/msZUWphOY2I5RLH5Dd6yQcaHIuug7dWM=" - ]; - }; - - services = { - proxmox-ve = { - enable = true; - ipAddress = "192.168.7.252"; - - # Make vmbr0 bridge visible in Proxmox web interface - bridges = [ "vmbr0" ]; - }; - openiscsi = { - enable = true; - name = "busch"; - }; - }; - - networking.useDHCP = false; - - systemd.network = { - enable = true; - - networks."10-lan" = { - matchConfig.Name = [ "enp0s25" ]; - networkConfig = { - Bridge = "vmbr0"; - }; - }; - - netdevs."vmbr0" = { - netdevConfig = { - Name = "vmbr0"; - Kind = "bridge"; - }; - }; - - networks."10-lan-bridge" = { - matchConfig.Name = "vmbr0"; - networkConfig = { - IPv6AcceptRA = true; - DHCP = "ipv4"; - }; - linkConfig.RequiredForOnline = "routable"; - }; - }; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how - # to actually do that. - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "25.05"; # Did you read the comment? -} diff --git a/hosts/busch/disko.nix b/hosts/busch/disko.nix deleted file mode 100644 index 5563eae..0000000 --- a/hosts/busch/disko.nix +++ /dev/null @@ -1,107 +0,0 @@ -{ - disko.devices = { - disk = { - disk1 = { - type = "disk"; - device = "/dev/disk/by-id/ata-Samsung_SSD_850_PRO_256GB_S251NX0H423575T"; - content = { - type = "gpt"; - partitions = { - MBR = { - type = "EF02"; # for grub MBR - size = "1M"; - priority = 1; # Needs to be first partition - }; - ESP = { - priority = 1; - name = "ESP"; - size = "2G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - crypt_p1 = { - size = "100%"; - content = { - type = "luks"; - name = "p1"; - settings = { - allowDiscards = true; - }; - }; - }; - }; - }; - }; - disk2 = { - type = "disk"; - device = "/dev/disk/by-id/ata-Samsung_SSD_850_PRO_256GB_S251NXAG833792N"; - content = { - type = "gpt"; - partitions = { - MBR = { - type = "EF02"; # for grub MBR - size = "1M"; - priority = 1; # Needs to be first partition - }; - ESP = { - priority = 1; - name = "ESP"; - size = "2G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot-fallback"; - mountOptions = [ "umask=0077" ]; - }; - }; - crypt_p2 = { - size = "100%"; - content = { - type = "luks"; - name = "p2"; - settings = { - allowDiscards = true; - }; - content = { - type = "btrfs"; - extraArgs = [ - "-d raid1" - "-m raid1" - "/dev/mapper/p1" - ]; - subvolumes = { - "/rootfs" = { - mountpoint = "/"; - }; - "/home" = { - mountOptions = [ "compress=zstd" ]; - mountpoint = "/home"; - }; - "/nix" = { - mountOptions = [ "compress=zstd" "noatime" ]; - mountpoint = "/nix"; - }; - "/pve-cluster" = { - mountOptions = [ "compress=zstd" ]; - mountpoint = "/var/lib/pve-cluster"; - }; - "/swap" = { - mountpoint = "/.swapvol"; - swap.swapfile.size = "32G"; - }; - }; - }; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/busch/hardware-configuration.nix b/hosts/busch/hardware-configuration.nix deleted file mode 100644 index 2de4340..0000000 --- a/hosts/busch/hardware-configuration.nix +++ /dev/null @@ -1,22 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "mpt3sas" "usbhid" "usb_storage" "sr_mod" ]; - boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - boot.kernelParams = [ "intel_iommu=on" "iommu=pt" "vfio-pci.ids=1000:0087" ]; - - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/srv01.hf/default.nix b/hosts/srv01.hf/default.nix deleted file mode 100644 index f88e962..0000000 --- a/hosts/srv01.hf/default.nix +++ /dev/null @@ -1,98 +0,0 @@ -{ inputs, outputs, config, lib, pkgs, ... }: - -{ - imports = - [ - ../../modules/disko/efi-full-btrfs.nix - ./secrets.nix - - ../../users/julius/nixos-server.nix - ../../users/nixremote.nix - ../../modules/nix.nix - ../../modules/network-server.nix - ../../modules/locale.nix - ../../modules/server-cli.nix - ../../modules/sshd.nix - ../../modules/qemu-guest.nix - ../../modules/docker.nix - ../../modules/teleport.nix - ../../modules/portainer_agent.nix - ../../modules/pangolin.nix - ../../modules/newt.nix - ../../modules/dockhand.nix - ../../modules/auto-upgrade.nix - "${inputs.secrets}/modules/opkssh.nix" - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - services.openssh.openFirewall = false; - services.teleport = { - enable = true; - settings.teleport = { - ca_pin = config.age.secrets."teleport-ca_pin".path; - auth_token = config.age.secrets."teleport-join_token".path; - }; - }; - - virtualisation.oci-containers.containers.portainer_agent.environmentFiles = [ config.age.secrets."portainer-join_token".path ]; - - services = { - pangolin = { - dnsProvider = "netcup"; - baseDomain = "juliusfr.eu"; - letsEncryptEmail = "contact@jfreudenberger.de"; - environmentFile = config.age.secrets."pangolin".path; - }; - traefik = { - environmentFiles = [ config.age.secrets."netcup-dns".path ]; - }; - }; - - services.newt-docker = { - enable = true; - pangolinEndpoint = "https://pangolin.juliusfr.eu"; - connectionSecret = config.age.secrets."newt"; - }; - - services.dockhand = { - enable = true; - appUrl = "dockhand.juliusfr.eu"; - }; - - systemd.network = { - enable = true; - networks."10-wan" = { - matchConfig.Name = "ens18"; - networkConfig.DHCP = "no"; - address = [ - "77.90.17.93/24" - "2a06:de00:100:63::2/64" - ]; - routes = [ - { Gateway = "77.90.17.1"; } - { Gateway = "2a06:de00:100::1"; GatewayOnLink = true; } - ]; - dns = [ "9.9.9.9" ]; - }; - }; - - # Disable classic networking configuration - networking.useDHCP = lib.mkForce false; - - networking.hostName = "srv01-hf"; # Define your hostname. - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how - # to actually do that. - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "25.05"; # Did you read the comment? -} diff --git a/hosts/srv01.hf/hardware-configuration.nix b/hosts/srv01.hf/hardware-configuration.nix deleted file mode 100644 index d152a40..0000000 --- a/hosts/srv01.hf/hardware-configuration.nix +++ /dev/null @@ -1,24 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/hosts/srv01.hf/secrets.nix b/hosts/srv01.hf/secrets.nix deleted file mode 100644 index a328f24..0000000 --- a/hosts/srv01.hf/secrets.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ inputs, ... }: -{ - age.secrets = { - teleport-ca_pin.file = "${inputs.secrets}/secrets/teleport/ca_pin"; - teleport-join_token.file = "${inputs.secrets}/secrets/srv01-hf/teleport_auth_token"; - portainer-join_token.file = "${inputs.secrets}/secrets/srv01-hf/portainer_join_token"; - netcup-dns.file = "${inputs.secrets}/secrets/dns-management/netcup"; - pangolin.file = "${inputs.secrets}/secrets/srv01-hf/pangolin"; - newt.file = "${inputs.secrets}/secrets/srv01-hf/newt"; - }; -} diff --git a/modules/arcane.nix b/modules/arcane.nix deleted file mode 100644 index 160088f..0000000 --- a/modules/arcane.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.services.arcane; -in { - options.services.arcane = { - enable = lib.mkEnableOption "arcane, a modern Docker management UI"; - appUrl = lib.mkOption { - description = "External URL arcane will be reachable from, without protocol"; - type = lib.types.str; - }; - secretFile = lib.mkOption { - description = '' - Agenix secret containing the following needed environment variables in dotenv notation: - - ENCRYPTION_KEY - - JWT_SECRET - - OIDC_CLIENT_ID - - OIDC_CLIENT_SECRET - - OIDC_ISSUER_URL - - OIDC_ADMIN_CLAIM - - OIDC_ADMIN_VALUE - ''; - }; - }; - - config = lib.mkIf cfg.enable { - virtualisation.oci-containers.containers = { - arcane = { - image = "ghcr.io/getarcaneapp/arcane:v1.11.2"; - volumes = [ - "/var/run/docker.sock:/var/run/docker.sock" - ]; - environment = { - APP_URL = "https://${cfg.appUrl}"; - PUID = "1000"; - PGID = "1000"; - LOG_LEVEL = "info"; - LOG_JSON = "false"; - OIDC_ENABLED = "true"; - OIDC_SCOPES = "openid email profile groups"; - DATABASE_URL = "file:data/arcane.db?_pragma=journal_mode(WAL)&_pragma=busy_timeout(2500)&_txlock=immediate"; - }; - environmentFiles = [ - cfg.secretFile.path - ]; - networks = [ - "traefik" - ]; - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.arcane.middlewares" = "arcane-oidc-auth@file"; - "traefik.http.routers.arcane.rule" = "Host(`${cfg.appUrl}`)"; - "traefik.http.services.arcane.loadbalancer.server.port" = "3552"; - }; - extraOptions = [ - ''--mount=type=volume,source=arcane-data,target=/app/data,volume-driver=local'' - ]; - }; - }; - }; -} diff --git a/modules/auto-upgrade.nix b/modules/auto-upgrade.nix deleted file mode 100644 index 3dc9849..0000000 --- a/modules/auto-upgrade.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - inputs, - pkgs, - ... -}: { - system.autoUpgrade = { - enable = true; - flags = [ - "--recreate-lock-file" # Deprecated, but will hopefully be reintroduced - "-L" - ]; - flake = inputs.self.outPath; - dates = "02:00"; - randomizedDelaySec = "45min"; - allowReboot = true; - rebootWindow = { - lower = "01:00"; - upper = "05:00"; - }; - }; - - # Also needs access to the nix-private repo which contains the encrypted secrets - programs.ssh = { - extraConfig = " - Host git.jfreudenberger.de - Port 222 - User git - IdentityFile /etc/ssh/ssh_host_ed25519_key - "; - knownHostsFiles = [ - (pkgs.writeText "forgejo.keys" ''[git.jfreudenberger.de]:222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+uqIeb9+AoqwD0Z6xLKI2dsRoS9Qh/VwboYfGpBJd+ -[git.jfreudenberger.de]:222 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8GDSt4LsCzOoIZkqZRLgXyTLyHoJu62cFFP88i8GpSadyV6mJPkK5p2mgBzN/BM9I/G2VWfvqdM8Fy/7p3S8kDhmmkOk1AK7C/+qaQKsKcQauJuzNXlwMHG1Ivath80TO9PIQc9jYakP9xl8SACd5bwkvfEm3rS5awZ8T2hWgnsgO8pFHFOFmFnVbujXZk58FVTCxpgyPqjFv76JSYxpHk1VtiQ52jScsreOImEOWWg88f9IM9etWcshuxte4zudaqc2KjjAB6pYMuVj7O6cwMXKjCUxTzyomWjr2JoEruIslifbZ6bJGgswg5ENJSKURuMPgTuGM6Nrjp75V/yFD -[git.jfreudenberger.de]:222 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOS447cAWRZgHPs6MOoRS6/J66oY753QPiM7BI63/qNDd5qrCan153dJd5lBGwDR0vMWiV/0cmzuACfP5QS1Lv8= - '') - ]; - }; -} diff --git a/modules/disko/efi-full-btrfs.nix b/modules/disko/efi-full-btrfs.nix deleted file mode 100644 index 59e8b26..0000000 --- a/modules/disko/efi-full-btrfs.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - disko.devices = { - disk = { - sda = { - type = "disk"; - device = "/dev/sda"; - content = { - type = "gpt"; - partitions = { - MBR = { - type = "EF02"; # for grub MBR - size = "1M"; - priority = 1; # Needs to be first partition - }; - ESP = { - priority = 1; - name = "ESP"; - size = "500M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - root = { - size = "100%"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; # Override existing partition - # Subvolumes must set a mountpoint in order to be mounted, - # unless their parent is mounted - subvolumes = { - # Subvolume name is different from mountpoint - "/rootfs" = { - mountpoint = "/"; - }; - # Subvolume name is the same as the mountpoint - "/home" = { - mountOptions = [ "compress=zstd" ]; - mountpoint = "/home"; - }; - # Sub(sub)volume doesn't need a mountpoint as its parent is mounted - "/home/julius" = { }; - # Parent is not mounted so the mountpoint must be set - "/nix" = { - mountOptions = [ "compress=zstd" "noatime" ]; - mountpoint = "/nix"; - }; - }; - - mountpoint = "/partition-root"; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/modules/disko/legacy-full-ext4.nix b/modules/disko/legacy-full-ext4.nix deleted file mode 100644 index 3cb3094..0000000 --- a/modules/disko/legacy-full-ext4.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - disko.devices = { - disk = { - sda = { - type = "disk"; - device = "/dev/sda"; - content = { - type = "gpt"; - partitions = { - MBR = { - type = "EF02"; # for grub MBR - size = "1M"; - priority = 1; # Needs to be first partition - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/modules/docker.nix b/modules/docker.nix index 2c88d1a..b9f7aa1 100644 --- a/modules/docker.nix +++ b/modules/docker.nix @@ -4,15 +4,8 @@ ... }: { - virtualisation = { - docker = { - enable = true; - daemon.settings = { - ipv6 = true; - ip6tables = true; - }; - }; - oci-containers.backend = "docker"; + virtualisation.docker = { + enable = true; }; } diff --git a/modules/dockhand.nix b/modules/dockhand.nix deleted file mode 100644 index 7eeaf8e..0000000 --- a/modules/dockhand.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.services.dockhand; -in { - options.services.dockhand = { - enable = lib.mkEnableOption "dockhand, a powerful, intuitive Docker platform"; - appUrl = lib.mkOption { - description = "External URL dockhand will be reachable from, without protocol"; - type = lib.types.str; - }; - }; - - config = lib.mkIf cfg.enable { - virtualisation.oci-containers.containers = { - dockhand = { - image = "fnsys/dockhand:v1.0.12"; - volumes = [ - "/var/run/docker.sock:/var/run/docker.sock" - ]; - environment = { - PUID = "1000"; - PGID = "1000"; - }; - networks = [ - "pangolin" - ]; - labels = { - "pangolin.public-resources.dockhand.name" = "dockhand"; - "pangolin.public-resources.dockhand.full-domain" = cfg.appUrl; - "pangolin.public-resources.dockhand.protocol" = "http"; - "pangolin.public-resources.dockhand.auth.sso-enabled" = "true"; - "pangolin.public-resources.dockhand.auth.auto-login-idp" = "1"; - "pangolin.public-resources.dockhand.targets[0].method" = "http"; - }; - extraOptions = [ - ''--mount=type=volume,source=dockhand-data,target=/app/data,volume-driver=local'' - ''--group-add=131'' # docker group - ]; - }; - }; - }; -} diff --git a/modules/fonts.nix b/modules/fonts.nix index 6a3cbd9..55a3e97 100644 --- a/modules/fonts.nix +++ b/modules/fonts.nix @@ -8,7 +8,6 @@ font-awesome terminus_font dlrg-fonts - fira ]; } diff --git a/modules/gui-coding.nix b/modules/gui-coding.nix index 223f2b6..33056ef 100644 --- a/modules/gui-coding.nix +++ b/modules/gui-coding.nix @@ -4,8 +4,9 @@ ... }: { environment.systemPackages = with pkgs; [ - jetbrains.idea - jetbrains.pycharm + jetbrains.idea-ultimate + jetbrains.pycharm-professional + jetbrains.phpstorm vscodium-fhs zed-editor.fhs diff --git a/modules/i3.nix b/modules/i3.nix index 80fcb57..dcefbd7 100644 --- a/modules/i3.nix +++ b/modules/i3.nix @@ -18,7 +18,7 @@ lightlocker xautolock # lock screen after some time i3status # provide information to i3bar - i3 # i3 with gaps + i3-gaps # i3 with gaps nitrogen # set wallpaper acpi # battery information arandr # screen layout manager diff --git a/modules/intel-cpu.nix b/modules/intel-cpu.nix deleted file mode 100644 index 7e037c3..0000000 --- a/modules/intel-cpu.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - pkgs, - ... -}: { - hardware.graphics = { - enable = true; - extraPackages = with pkgs; [ - intel-media-driver # Enable Hardware Acceleration - vpl-gpu-rt # Enable QSV - ]; - }; -} diff --git a/modules/k3s.nix b/modules/k3s.nix deleted file mode 100644 index 2dab28a..0000000 --- a/modules/k3s.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - pkgs, - lib, - ... -}: { - - services.k3s = { - enable = true; - role = "server"; - token = "verysecrettoken"; - extraFlags = toString ([ - "--write-kubeconfig-mode \"0644\"" - "--disable servicelb" - "--disable traefik" - "--disable local-storage" - ]); - }; - - networking.firewall.allowedTCPPorts = [ - 6443 - 2379 - 2380 - ]; - networking.firewall.allowedUDPPorts = [ - 8472 - ]; - -} diff --git a/modules/laptop.nix b/modules/laptop.nix index 9a95899..73f9fa6 100644 --- a/modules/laptop.nix +++ b/modules/laptop.nix @@ -4,12 +4,12 @@ ... }: { - boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelPackages = pkgs.linuxKernel.packages.linux_zen; - services.logind.settings.Login = { - HandleLidSwitch= "suspend-then-hibernate"; - HandleLidSwitchDocked = "suspend-then-hibernate"; - HandlePowerKey = "ignore"; + services.logind = { + lidSwitch = "suspend-then-hibernate"; + lidSwitchDocked = "suspend-then-hibernate"; + powerKey = "ignore"; }; programs.auto-cpufreq.enable = true; diff --git a/modules/network-client.nix b/modules/network-client.nix index a72a9f3..4efdecd 100644 --- a/modules/network-client.nix +++ b/modules/network-client.nix @@ -13,7 +13,19 @@ firewall = { # if packets are still dropped, they will show up in dmesg logReversePathDrops = true; - checkReversePath = "loose"; + # wireguard trips rpfilter up + extraCommands = '' + iptables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 1194 -j RETURN + ip6tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 1194 -j RETURN + iptables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 1194 -j RETURN + ip6tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 1194 -j RETURN + ''; + extraStopCommands = '' + iptables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 1194 -j RETURN || true + ip6tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 1194 -j RETURN || true + iptables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 1194 -j RETURN || true + ip6tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 1194 -j RETURN || true + ''; }; }; } diff --git a/modules/network-server.nix b/modules/network-server.nix index 017b1b0..99645e8 100644 --- a/modules/network-server.nix +++ b/modules/network-server.nix @@ -5,6 +5,5 @@ }: { networking = { useDHCP = true; - firewall.allowPing = false; }; } diff --git a/modules/newt.nix b/modules/newt.nix deleted file mode 100644 index 5f7a8f4..0000000 --- a/modules/newt.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: -let - - cfg = config.services.newt-docker; - -in { - - options.services.newt-docker = { - enable = lib.mkEnableOption "Newt, user space tunnel client for Pangolin"; - pangolinEndpoint = lib.mkOption { - description = "External URL of the Pangolin instance"; - type = lib.types.str; - }; - connectionSecret = lib.mkOption { - description = "Secrets for Pangolin authentication."; - type = lib.types.anything; - }; - }; - - config = lib.mkIf cfg.enable { - virtualisation.oci-containers.containers = { - newt = { - image = "fosrl/newt:1.9.0"; - autoStart = true; - networks = [ - "pangolin" - ]; - environment = { - PANGOLIN_ENDPOINT = cfg.pangolinEndpoint; - DOCKER_SOCKET = "/var/run/docker.sock"; - }; - environmentFiles = [ cfg.connectionSecret.path ]; - volumes = [ - "/var/run/docker.sock:/var/run/docker.sock:ro" - ]; - extraOptions = [ - "--add-host=host.docker.internal:host-gateway" - ]; - }; - }; - - systemd.services."docker-newt" = { - after = [ - "docker-network-newt.service" - ]; - requires = [ - "docker-network-newt.service" - ]; - }; - - systemd.services."docker-network-newt" = { - path = [ pkgs.docker ]; - serviceConfig = { - Type = "oneshot"; - }; - script = '' - docker network inspect pangolin || docker network create pangolin --ipv4 --ipv6 --subnet=172.18.0.0/16 --gateway=172.18.0.1 - ''; - }; - - networking.firewall.extraCommands = '' - iptables -A INPUT -p icmp --source 100.89.128.0/24 -j ACCEPT - iptables -A INPUT -p tcp --source 172.18.0.0/12 --dport 22 -j ACCEPT - ''; - - }; -} diff --git a/modules/nix.nix b/modules/nix.nix index 8813371..1329a34 100644 --- a/modules/nix.nix +++ b/modules/nix.nix @@ -5,7 +5,6 @@ }: { # do garbage collection weekly to keep disk usage low nix = { - package = pkgs.nix; settings = { experimental-features = ["nix-command" "flakes"]; }; diff --git a/modules/opkssh.sample.nix b/modules/opkssh.sample.nix deleted file mode 100644 index 55c8383..0000000 --- a/modules/opkssh.sample.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - ... -}: { - services.opkssh = { - enable = true; - providers = { - pocket-id = { - issuer = "https://example.com"; - clientId = ""; - lifetime = "12h"; - }; - }; - authorizations = [ - { user = ""; principal = ""; issuer = "https://example.com"; } - ]; - }; -} - diff --git a/modules/pangolin.nix b/modules/pangolin.nix deleted file mode 100644 index 55e5fed..0000000 --- a/modules/pangolin.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ - pkgs-unstable, - utils, - config, - lib, - ... -}: { - - services = { - pangolin = { - enable = true; - package = pkgs-unstable.fosrl-pangolin; - openFirewall = true; - settings = { - app = { - save_logs = true; - log_failed_attempts = true; - }; - domains = { - domain1 = { - prefer_wildcard_cert = true; - }; - }; - flags = { - disable_signup_without_invite = true; - disable_user_create_org = true; - }; - }; - }; - }; - - systemd.services.gerbil.serviceConfig.ExecStart = lib.mkForce (utils.escapeSystemdExecArgs [ - (lib.getExe pkgs-unstable.fosrl-gerbil) - "--reachableAt=http://localhost:${toString config.services.gerbil.port}" - "--generateAndSaveKeyTo=${toString config.services.pangolin.dataDir}/config/key" - "--remoteConfig=http://localhost:3001/api/v1/gerbil/get-config" - ]); - -} - -# Settings needed on the host -# -# services = { -# pangolin = { -# dnsProvider = ""; -# baseDomain = ""; -# letsEncryptEmail = ""; -# environmentFile = config.age.secrets."".path; -# }; -# traefik = { -# environmentFiles = [ config.age.secrets."".path ]; -# }; -# }; diff --git a/modules/portainer_agent.nix b/modules/portainer_agent.nix deleted file mode 100644 index 408834b..0000000 --- a/modules/portainer_agent.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - ... -}: { - virtualisation.oci-containers.containers = { - portainer_agent = { - image = "portainer/agent:2.33.2"; - volumes = [ - "/var/run/docker.sock:/var/run/docker.sock" - "/var/lib/docker/volumes:/var/lib/docker/volumes" - "/:/host" - ]; - environment = { - EDGE = "1"; - CAP_HOST_MANAGEMENT = "1"; - }; - extraOptions = [ - ''--mount=type=volume,source=portainer_agent,target=/data,volume-driver=local'' - ]; - }; - }; -} diff --git a/modules/qemu-guest.nix b/modules/qemu-guest.nix deleted file mode 100644 index 97e2081..0000000 --- a/modules/qemu-guest.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - ... -}: { - - services.qemuGuest.enable = true; - -} diff --git a/modules/sshd.nix b/modules/sshd.nix deleted file mode 100644 index 551c0d4..0000000 --- a/modules/sshd.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - pkgs, - lib, - ... -}: { - services = { - openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - PermitRootLogin = "no"; - }; - }; - fail2ban = { - enable = true; - bantime = "1h"; - }; - }; -} diff --git a/modules/systemd-boot.nix b/modules/systemd-boot.nix deleted file mode 100644 index 02f515d..0000000 --- a/modules/systemd-boot.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - ... -}: { - - boot = { - loader = { - systemd-boot = { - enable = true; - }; - efi.canTouchEfiVariables = true; - }; - tmp.useTmpfs = true; - }; - -} diff --git a/modules/traefik.nix b/modules/traefik.nix deleted file mode 100644 index 92b1204..0000000 --- a/modules/traefik.nix +++ /dev/null @@ -1,221 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: -let - - cfg = config.services.traefik-docker; - - mapOidcClientNameToEnv = stringToReplace: lib.replaceString "-" "_" (lib.toUpper stringToReplace); - - traefik-mtls-config = (pkgs.formats.yaml { }).generate "traefik-mtls-config" { - tls.options.default.clientAuth = { - caFiles = "caFiles/root_ca.crt"; - clientAuthType = "VerifyClientCertIfGiven"; - }; - }; - -in { - - options.services.traefik-docker = { - enable = lib.mkEnableOption "traefik web server hosted as OCI container"; - dashboardUrl = lib.mkOption { - description = "External URL the traefik dashboard will be reachable from, without protocol"; - type = lib.types.str; - }; - dnsSecrets = lib.mkOption { - description = "Secrets for DNS providers."; - type = lib.types.listOf lib.types.anything; - }; - mTLSCaCertSecret = lib.mkOption { - description = "Agenix secret containing the CA file to verify client certificates against."; - }; - oidcAuthProviderUrl = lib.mkOption { - description = "Provider URL of OIDC auth provider."; - type = lib.types.str; - }; - oidcClients = lib.mkOption { - example = '' - immich = { - scopes = [ - "openid" - "email" - "profile" - ]; - enableBypassUsingClientCertificate = true; - usePkce = true; - }; - ''; - description = "Attribute set of OIDC clients with their configurations."; - type = lib.types.attrsOf ( - lib.types.submodule { - options = { - secret = lib.mkOption { - description = ''Agenix secret containing the following needed environment variables in dotenv notation: - - _OIDC_AUTH_SECRET - - _OIDC_AUTH_PROVIDER_CLIENT_ID - - _OIDC_CLIENT_SECRET - ''; - }; - scopes = lib.mkOption { - default = [ "openid" ]; - example = [ "openid" "email" "profile" "groups" ]; - description = "OIDC scopes to request from auth provider."; - type = lib.types.listOf lib.types.str; - }; - usePkce = lib.mkOption { - default = true; - description = "Whether to enable PKCE for this provider."; - type = lib.types.bool; - }; - enableBypassUsingClientCertificate = lib.mkOption { - default = false; - description = "Whether to allow bypassing OIDC protection when a verified client certificate is presented."; - type = lib.types.bool; - }; - useClaimsFromUserInfo = lib.mkOption { - default = false; - description = "When enabled, an additional request to the provider's userinfo_endpoint is made to validate the token and to retrieve additional claims. The userinfo claims are merged directly into the token claims, with userinfo values overriding token values for non-security-critical claims."; - type = lib.types.bool; - }; - headers = lib.mkOption { - default = []; - description = "Headers to be added to the upstream request. Templating is possible. Documentation can be found here: https://traefik-oidc-auth.sevensolutions.cc/docs/getting-started/middleware-configuration"; - type = lib.types.listOf (lib.types.submodule { - options = { - Name = lib.mkOption { - description = "The name of the header which should be added to the upstream request."; - type = lib.types.str; - }; - Value = lib.mkOption { - description = "The value of the header, which can use Go-Templates."; - type = lib.types.str; - }; - }; - }); - }; - }; - } - ); - }; - }; - - config = lib.mkIf cfg.enable { - virtualisation.oci-containers.containers = { - traefik = { - image = "traefik:v3.6.6"; - cmd = [ - "--providers.docker=true" - "--providers.docker.exposedByDefault=false" - "--providers.docker.network=traefik" - "--providers.file.directory=/dynamic-config" - "--log.level=INFO" - "--api=true" - "--ping=true" - "--entrypoints.web.address=:80" - "--entrypoints.websecure.address=:443" - "--entrypoints.websecure.transport.respondingTimeouts.readTimeout=600s" - "--entrypoints.websecure.transport.respondingTimeouts.idleTimeout=600s" - "--entrypoints.websecure.transport.respondingTimeouts.writeTimeout=600s" - "--entrypoints.web.http.redirections.entrypoint.to=websecure" - "--entrypoints.websecure.asDefault=true" - "--entrypoints.websecure.http.middlewares=strip-mtls-headers@docker,pass-tls-client-cert@docker" - "--entrypoints.websecure.http.tls.certresolver=letsencrypt" - "--certificatesresolvers.letsencrypt.acme.storage=/certs/acme.json" - "--certificatesresolvers.letsencrypt.acme.dnschallenge=true" - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=netcup" - "--experimental.plugins.traefik-oidc-auth.modulename=github.com/sevensolutions/traefik-oidc-auth" - "--experimental.plugins.traefik-oidc-auth.version=v0.17.0" - ]; - autoStart = true; - ports = [ - "80:80" - "443:443" - ]; - networks = [ - "traefik" - ]; - environment = { - OIDC_AUTH_PROVIDER_URL = cfg.oidcAuthProviderUrl; - }; - environmentFiles = lib.forEach cfg.dnsSecrets (secret: secret.path) ++ (lib.mapAttrsToList (oidcClientName: oidcClientConfig: oidcClientConfig.secret.path) cfg.oidcClients); - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.dashboard.rule" = "Host(`${cfg.dashboardUrl}`)"; - "traefik.http.routers.dashboard.service" = "dashboard@internal"; - "traefik.http.routers.dashboard.middlewares" = "traefik-dashboard-oidc-auth@file"; - "traefik.http.routers.api.rule" = "Host(`${cfg.dashboardUrl}`) && (PathPrefix(`/api`) || PathPrefix(`/oidc/callback`))"; - "traefik.http.routers.api.service" = "api@internal"; - "traefik.http.routers.api.middlewares" = "traefik-dashboard-oidc-auth@file"; - "traefik.http.middlewares.strip-mtls-headers.headers.customrequestheaders.X-Forwarded-Tls-Client-Cert" = ""; - "traefik.http.middlewares.pass-tls-client-cert.passtlsclientcert.pem" = "true"; - }; - volumes = let - oidc-config = lib.mapAttrs' ( - oidcClientName: oidcClientConfig: - lib.nameValuePair "${oidcClientName}-oidc-auth" { - plugin.traefik-oidc-auth = { - LogLevel = "INFO"; - Secret = ''{{ env "${mapOidcClientNameToEnv oidcClientName}_OIDC_AUTH_SECRET" }}''; - Provider = { - Url = ''{{ env "OIDC_AUTH_PROVIDER_URL" }}''; - ClientId = ''{{ env "${mapOidcClientNameToEnv oidcClientName}_OIDC_AUTH_PROVIDER_CLIENT_ID" }}''; - ClientSecret = ''{{ env "${mapOidcClientNameToEnv oidcClientName}_OIDC_AUTH_PROVIDER_CLIENT_SECRET" }}''; - UsePkce = oidcClientConfig.usePkce; - UseClaimsFromUserInfo = oidcClientConfig.useClaimsFromUserInfo; - }; - Scopes = oidcClientConfig.scopes; - LoginUrl = ''{{ env "OIDC_AUTH_PROVIDER_URL" }}''; - } // (lib.attrsets.optionalAttrs oidcClientConfig.enableBypassUsingClientCertificate { - BypassAuthenticationRule = "HeaderRegexp(`X-Forwarded-Tls-Client-Cert`, `.+`)"; - }) // (lib.attrsets.optionalAttrs ((lib.length oidcClientConfig.headers) > 0) { - Headers = oidcClientConfig.headers; - }); - } - ) cfg.oidcClients; - traefik-oidc-authentication-config = (pkgs.formats.yaml {}).generate "traefik-oidc-auth" { - http.middlewares = oidc-config; - }; - in [ - "/var/run/docker.sock:/var/run/docker.sock" - "${traefik-oidc-authentication-config}:/dynamic-config/traefik-oidc-auth.yaml:ro" - "${traefik-mtls-config}:/dynamic-config/traefik-mtls.yaml:ro" - "${cfg.mTLSCaCertSecret.path}:/caFiles/root_ca.crt:ro" - ]; - extraOptions = [ - ''--mount=type=volume,source=certs,target=/certs,volume-driver=local'' - "--add-host=host.docker.internal:host-gateway" - "--health-cmd=wget --spider --quiet http://localhost:8080/ping" - "--health-interval=10s" - "--health-timeout=5s" - "--health-retries=3" - "--health-start-period=5s" - ]; - }; - }; - - systemd.services."docker-traefik" = { - after = [ - "docker-network-traefik.service" - ]; - requires = [ - "docker-network-traefik.service" - ]; - }; - - systemd.services."docker-network-traefik" = { - path = [ pkgs.docker ]; - serviceConfig = { - Type = "oneshot"; - }; - script = '' - docker network inspect traefik || docker network create traefik --ipv4 --ipv6 --subnet=172.18.0.0/16 --gateway=172.18.0.1 - ''; - }; - - networking.firewall.extraCommands = "iptables -t nat -I PREROUTING -s 172.18.0.0/16 -d 172.18.0.0/16 -j MASQUERADE"; - - }; -} diff --git a/modules/typesetting.nix b/modules/typesetting.nix index 272b263..56ba34e 100644 --- a/modules/typesetting.nix +++ b/modules/typesetting.nix @@ -5,7 +5,9 @@ }: { environment.systemPackages = with pkgs; [ typst - typstyle + typstfmt + + texliveFull pandoc diff --git a/modules/virtualization.nix b/modules/virtualization.nix index 4eb21ce..b1cde0f 100644 --- a/modules/virtualization.nix +++ b/modules/virtualization.nix @@ -3,16 +3,12 @@ lib, ... }: { + environment.systemPackages = with pkgs; [ + virt-manager + ]; + virtualisation = { - libvirtd = { - enable = true; - qemu = { - swtpm.enable = true; - vhostUserPackages = [ pkgs.virtiofsd ]; - }; - }; + libvirtd.enable = true; spiceUSBRedirection.enable = true; }; - - programs.virt-manager.enable = true; } diff --git a/pkgs/rofirefox/default.nix b/pkgs/rofirefox/default.nix index 66805e2..2030d4f 100644 --- a/pkgs/rofirefox/default.nix +++ b/pkgs/rofirefox/default.nix @@ -37,7 +37,6 @@ meta = with lib; { platforms = platforms.all; - mainProgram = "rofirefox"; }; } diff --git a/terraform/.envrc b/terraform/.envrc deleted file mode 100644 index 2c8269e..0000000 --- a/terraform/.envrc +++ /dev/null @@ -1 +0,0 @@ -use flake ../#opentofu diff --git a/terraform/.gitignore b/terraform/.gitignore deleted file mode 100644 index 8a7f7b7..0000000 --- a/terraform/.gitignore +++ /dev/null @@ -1,42 +0,0 @@ -# Local .terraform directories -**/.terraform/* - -# .tfstate files -*.tfstate -*.tfstate.* - -# Crash log files -crash.log -crash.*.log - -# Exclude all .tfvars files, which are likely to contain sensitive data, such as -# password, private keys, and other secrets. These should not be part of version -# control as they are data points which are potentially sensitive and subject -# to change depending on the environment. -*.tfvars -*.tfvars.json - -# Ignore override files as they are usually used to override resources locally and so -# are not checked in -override.tf -override.tofu -override.tf.json -override.tofu.json -*_override.tf -*_override.tofu -*_override.tf.json -*_override.tofu.json - -# Ignore transient lock info files created by tofu apply -.terraform.tfstate.lock.info - -# Include override files you do wish to add to version control using negated pattern -# !example_override.tf -# !example_override.tofu - -# Include tfplan files to ignore the plan output of command: tofu plan -out=tfplan -# example: *tfplan* - -# Ignore CLI configuration files -.terraformrc -terraform.rc diff --git a/terraform/busch/.terraform.lock.hcl b/terraform/busch/.terraform.lock.hcl deleted file mode 100644 index 6ce99f5..0000000 --- a/terraform/busch/.terraform.lock.hcl +++ /dev/null @@ -1,24 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/telmate/proxmox" { - version = "3.0.2-rc07" - constraints = "3.0.2-rc07" - hashes = [ - "h1:zp5hpQJQ4t4zROSLqdltVpBO+Riy9VugtfFbpyTw1aM=", - "zh:2ee860cd0a368b3eaa53f4a9ea46f16dab8a97929e813ea6ef55183f8112c2ca", - "zh:415965fd915bae2040d7f79e45f64d6e3ae61149c10114efeac1b34687d7296c", - "zh:6584b2055df0e32062561c615e3b6b2c291ca8c959440adda09ef3ec1e1436bd", - "zh:65dcfad71928e0a8dd9befc22524ed686be5020b0024dc5cca5184c7420eeb6b", - "zh:7253dc29bd265d33f2791ac4f779c5413f16720bb717de8e6c5fcb2c858648ea", - "zh:7ec8993da10a47606670f9f67cfd10719a7580641d11c7aa761121c4a2bd66fb", - "zh:999a3f7a9dcf517967fc537e6ec930a8172203642fb01b8e1f78f908373db210", - "zh:a50e6df7280eb6584a5fd2456e3f5b6df13b2ec8a7fa4605511e438e1863be42", - "zh:b25b329a1e42681c509d027fee0365414f0cc5062b65690cfc3386aab16132ae", - "zh:c028877fdb438ece48f7bc02b65bbae9ca7b7befbd260e519ccab6c0cbb39f26", - "zh:cf0eaa3ea9fcc6d62793637947f1b8d7c885b6ad74695ab47e134e4ff132190f", - "zh:d5ade3fae031cc629b7c512a7b60e46570f4c41665e88a595d7efd943dde5ab2", - "zh:f388c15ad1ecfc09e7361e3b98bae9b627a3a85f7b908c9f40650969c949901c", - "zh:f415cc6f735a3971faae6ac24034afdb9ee83373ef8de19a9631c187d5adc7db", - ] -} diff --git a/terraform/busch/main.tf b/terraform/busch/main.tf deleted file mode 100644 index 966ec14..0000000 --- a/terraform/busch/main.tf +++ /dev/null @@ -1,46 +0,0 @@ -terraform { - required_providers { - proxmox = { - source = "telmate/proxmox" - version = "3.0.2-rc07" - } - } -} - -provider "proxmox" { - pm_api_url = var.proxmox_api_url - pm_api_token_id = var.proxmox_token_id - pm_api_token_secret = var.proxmox_token_secret - pm_tls_insecure = true -} - -module "truenas" { - source = "./modules/proxmox-vm" - - name = "truenas" - target_node = "busch" - vmid = 100 - memory = 8192 - cpu_cores = 2 - disk_storage = "local" - disk_size = "32G" - iso_path = "local:iso/TrueNAS-SCALE-25.10.2.1.iso" - startup_order = 1 - - mapped_pcie_devices = ["HBA"] -} - -module "nixos-docker" { - source = "./modules/proxmox-vm" - - name = "nixos-docker" - target_node = "busch" - vmid = 101 - memory = 4096 - cpu_cores = 2 - disk_storage = "truenas-lvm" - disk_size = "64G" - iso_path = "local:iso/latest-nixos-minimal-x86_64-linux.iso" - startup_order = 2 - startup_delay = 240 -} diff --git a/terraform/busch/modules/proxmox-vm/main.tf b/terraform/busch/modules/proxmox-vm/main.tf deleted file mode 100644 index 89ddcf3..0000000 --- a/terraform/busch/modules/proxmox-vm/main.tf +++ /dev/null @@ -1,66 +0,0 @@ -terraform { - required_providers { - proxmox = { - source = "telmate/proxmox" - version = "3.0.2-rc07" - } - } -} - -resource "proxmox_vm_qemu" "truenas" { - name = var.name - description = var.description - target_node = var.target_node - vmid = var.vmid - machine = length(var.mapped_pcie_devices) == 0 ? "pc" : "q35" - memory = var.memory - balloon = 1024 - scsihw = "virtio-scsi-pci" - boot = "order=scsi0;ide0" - start_at_node_boot = true - - cpu { - cores = var.cpu_cores - sockets = 1 - } - - disks { - scsi { - scsi0 { - disk { - storage = var.disk_storage - size = var.disk_size - } - } - } - ide { - ide0 { - cdrom { - iso = var.iso_path - } - } - } - } - - network { - id = 0 - bridge = "vmbr0" - model = "virtio" - } - - dynamic "pci" { - for_each = { for device in var.mapped_pcie_devices : index(var.mapped_pcie_devices, device) => device } - - content { - id = pci.key - mapping_id = pci.value - pcie = true - } - } - - startup_shutdown { - order = var.startup_order - startup_delay = var.startup_delay - } - -} diff --git a/terraform/busch/modules/proxmox-vm/variables.tf b/terraform/busch/modules/proxmox-vm/variables.tf deleted file mode 100644 index fe75fcd..0000000 --- a/terraform/busch/modules/proxmox-vm/variables.tf +++ /dev/null @@ -1,64 +0,0 @@ -variable "vmid" { - description = "ID of the VM to create" - type = string -} - -variable "name" { - description = "Name of the VM to create" - type = string -} - -variable "description" { - description = "Description of the VM to create" - type = string - default = null - nullable = true -} - -variable "target_node" { - description = "Name of the target node to create the VM on" - type = string -} - -variable "memory" { - description = "Memory to allocate for the VM" - type = string -} - -variable "cpu_cores" { - description = "Number of CPU cores to allocate for the VM" - type = number -} - -variable "disk_storage" { - description = "Name of the storage to store the disk on" - type = string - default = "local" -} - -variable "disk_size" { - description = "Size of the primary disk" - type = string -} - -variable "iso_path" { - description = "Path of the ISO to use to install an OS" - type = string -} - -variable "startup_order" { - description = "Order number of the VM in the startup chain" - type = number -} - -variable "startup_delay" { - description = "Startup delay in seconds" - type = number - default = -1 -} - -variable "mapped_pcie_devices" { - description = "PCI mappings" - type = list(string) - default = [] -} diff --git a/terraform/busch/plan b/terraform/busch/plan deleted file mode 100644 index 2532f9d..0000000 Binary files a/terraform/busch/plan and /dev/null differ diff --git a/terraform/busch/variables.tf b/terraform/busch/variables.tf deleted file mode 100644 index a352dd7..0000000 --- a/terraform/busch/variables.tf +++ /dev/null @@ -1,10 +0,0 @@ -variable "proxmox_api_url" { - description = "API URL, typically ends with `/api2/json`" -} - -variable "proxmox_token_id" { - description = "Token ID" -} -variable "proxmox_token_secret" { - description = "Token Secret" -} diff --git a/users/julius/nixos-server.nix b/users/julius/nixos-server.nix deleted file mode 100644 index 5802f86..0000000 --- a/users/julius/nixos-server.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - ... -}: { - - users = { - users = { - julius = { - initialPassword = "password"; - isNormalUser = true; - uid = 1000; - group = "julius"; - extraGroups = [ "wheel" ]; - }; - }; - groups = { - julius = { - gid = 1000; - }; - }; - }; - - nix.settings.trusted-users = [ "julius" ]; -} diff --git a/users/julius/nixos.nix b/users/julius/nixos.nix index 81c9e60..a424826 100644 --- a/users/julius/nixos.nix +++ b/users/julius/nixos.nix @@ -6,7 +6,7 @@ }: { users.users.julius = { isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" "docker" "libvirtd" "kvm" ]; + extraGroups = [ "wheel" "networkmanager" "docker" "libvirtd" ]; shell = pkgs.zsh; }; diff --git a/users/nixremote.nix b/users/nixremote.nix deleted file mode 100644 index b0075cb..0000000 --- a/users/nixremote.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - ... -}: { - users.users = { - nixremote = { - isNormalUser = true; - uid = 1100; - group = "users"; - }; - }; - - nix.settings.trusted-users = [ "nixremote" ]; -}