nrabulinski/settei
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Compare commits

base: nrabulinski:06a76ae98f2aaaad3f7090f88f4837cb274915c7
Branches Tags
nrabulinski:main
nrabulinski:bootstrap
nrabulinski:experiments/nilla
...
compare: nrabulinski:9a2c0fed2ccd4b633417b1574c8e45014065d031
Branches Tags
nrabulinski:main
nrabulinski:bootstrap
nrabulinski:experiments/nilla

17 commits
06a76ae98f ... 9a2c0fed2c

Author SHA1 Message Date
Nikodem Rabuliński
9a2c0fed2c
inputs: lazy-trees at home
All checks were successful
/ check (push) Successful in 1m22s
Details
2025-03-31 20:06:15 +02:00
Nikodem Rabuliński
12ad94fd70
flake.lock: update 2025-03-31 19:45:21 +02:00
Nikodem Rabuliński
9feea032e7
flake: remove flake-parts 2025-03-31 19:45:21 +02:00
Nikodem Rabuliński
75074db3c8
modules: migrate to nilla 2025-03-31 19:45:21 +02:00
Nikodem Rabuliński
ea89bf9e71
hosts: migrate to nilla 2025-03-31 19:45:19 +02:00
Nikodem Rabuliński
7906c51d71
services: migrate to nilla 2025-03-31 19:42:35 +02:00
Nikodem Rabuliński
b9b4835c5c
services: prepare for migration 2025-03-31 19:42:35 +02:00
Nikodem Rabuliński
3a421dfd3c
flake: simplify transpose logic 2025-03-31 19:42:35 +02:00
Nikodem Rabuliński
6081f4c79d
treefmt: migrate to nilla 2025-03-31 19:42:35 +02:00
Nikodem Rabuliński
8bfc855160
wrappers: migrate to nilla 2025-03-31 19:42:35 +02:00
Nikodem Rabuliński
affba3963e
pkgs: migrate to nilla 2025-03-31 19:42:35 +02:00
Nikodem Rabuliński
3249aaad9b
flake: start moving away from flake-parts 2025-03-31 19:42:35 +02:00
Nikodem Rabuliński
f1acd21647
nilla: modularize 2025-03-31 19:42:35 +02:00
Nikodem Rabuliński
8e4cbdf40b
nilla: migrate devshells 2025-03-31 19:42:35 +02:00
Nikodem Rabuliński
702fab32dc
nilla: init 2025-03-31 19:42:35 +02:00
Nikodem Rabuliński
678005a0ee
hosts: remove legion
All checks were successful
/ check (pull_request) Successful in 1m23s
Details
/ check (push) Successful in 44s
Details 
it's been a good ride, but it's time to say goodbye
 2025-03-22 23:22:42 +01:00
Nikodem Rabuliński
a6b046e28b
readme: mention youko 2025-03-22 23:17:02 +01:00
65 changed files with 654 additions and 1099 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -17,11 +17,11 @@ Collection of my personal Nix configurations and opinionated NixOS, nix-darwin,
- hosts - per-machine configurations
- kazuki - my linux arm server
- legion - my linux x86 server
- hijiri - my macbook
- hijiri-vm - linux vm running on my macbook
- ude - another linux arm server
- kogata - my m1 mac mini doubling as a server
- youko - my linux x86 server
- modules - options which in principle should be reusable by others
- system - my opinionated nixos/nix-darwin modules
- home - my opinionated home-manager modules

8
assets/default.nix
View file

@ -1,8 +1,8 @@
{ lib, ... }:
{ lib }:
{
options.assets = lib.mkOption {
type = lib.types.unspecified;
readOnly = true;
options.assets = lib.options.create {
type = lib.types.raw;
writable = false;
};
config.assets = {

2
assets/ssh.nix
View file

@ -9,7 +9,6 @@
hijiri-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6tfXLB6xhcl3rtI5x9NXSs12U4LVy06RRlyZxiORa0 nikodem@rabulinski.com";
kazuki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImsFb9qRxX0n2Bmy00T8iPam+Fc3mgKkm7dfM7AQRHN nikodem@rabulinski.com";
legion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILHX2MNGZGSTedYAepZHgcx+KK0A6ASulwSrpf9ytb5h nikodem@rabulinski.com";
miyagi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIf4Ypws+1v9WL9MibW1dELpa/7YixElaBE7S71jsTy nrabulinski@antmicro.com";
ude = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDm3M/i/4wP2BM4+9hHAOMospwvlBZ+FT+pJtVgaaMq nikodem@rabulinski.com";
kogata = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGK7H4Z29d72HJlI69Vt0YLOyuPcn9XxYjvMZfql80z0 nikodem@rabulinski.com";
@ -20,7 +19,6 @@
system = {
kazuki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEyYhYWDNmKSrpcslD3NzWW+lQmDcLJdjLh7CSkL4hW5 root@kazuki";
legion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0Ktyj0FSn8KLRwRGd0Tp/qNUPXV7+XyxAsWGWdMYp8 root@legion";
miyagi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILbUcsZrZgGHojG+1yVyNEW5Fgr7/7qNaWxOt+lFrJaD root@miyagi";
ude = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZW15ObZ6XG776pdEvs9yqSuIiWlbGveEVA774Ri9/o root@ude";
kogata = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPN/SXBcIB1WN8GIhYrQrqzFGuVkEP4o0E+x0uQ4f2l";

228
flake.lock generated
View file

@ -1,5 +1,21 @@
{
"nodes": {
"__flake-compat": {
"flake": false,
"locked": {
"lastModified": 1743033641,
"narHash": "sha256-7L0/So1J21N4VHaZRzdK6Ywj3+NLdHfM8z0o5XVuPeo=",
"ref": "refs/heads/main",
"rev": "5bbdeaea85d5f396f01e8af94bcb6f29d5af22f7",
"revCount": 83,
"type": "git",
"url": "https://git.lix.systems/lix-project/flake-compat.git"
},
"original": {
"type": "git",
"url": "https://git.lix.systems/lix-project/flake-compat.git"
}
},
"agenix": {
"inputs": {
"darwin": [
@ -79,11 +95,11 @@
"conduit-src": {
"flake": false,
"locked": {
"lastModified": 1742005420,
"narHash": "sha256-v4LCx7VUZ+8Hy1+6ziREVY/QEADjZbo8c0h9eU7nMVY=",
"lastModified": 1742789401,
"narHash": "sha256-oZ8TPrtzPwXupsAfwMjLRI/s0/PokqL3q1ejeGVn5lE=",
"owner": "famedly",
"repo": "conduit",
"rev": "063d13a0e10619f17bc21f0dd291c5a733581394",
"rev": "a7e6f60b41122761422df2b7bcc0c192416f9a28",
"type": "gitlab"
},
"original": {
@ -115,11 +131,11 @@
]
},
"locked": {
"lastModified": 1742382197,
"narHash": "sha256-5OtFbbdKAkWDVuzjs1J9KwdFuDxsEvz0FZX3xR2jEUM=",
"lastModified": 1743359449,
"narHash": "sha256-unjpn5SCn55Ma+/grXuTybICgUa/bcPGKxJMt9lLoIg=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "643b57fd32135769f809913663130a95fe6db49e",
"rev": "fe625481e50d05aa452d684d5228e5059b4942d4",
"type": "github"
},
"original": {
@ -177,11 +193,11 @@
]
},
"locked": {
"lastModified": 1742432361,
"narHash": "sha256-FlqTrkzSn6oPR5iJTPsCQDd0ioMGzzxnPB+2wve9W2w=",
"lastModified": 1743383039,
"narHash": "sha256-Palj4EeFRS3tLl2aK0FgE01SBWRbqD4vKE+SNBJaYo4=",
"owner": "bandithedoge",
"repo": "nixpkgs-firefox-darwin",
"rev": "c868ff433ea5123e837a62ae689543045187d7a4",
"rev": "96f1d9e12f0efbbc4cea47c0a06a1667ed90e5f8",
"type": "github"
},
"original": {
@ -190,22 +206,6 @@
"type": "github"
}
},
"fl-config": {
"locked": {
"lastModified": 1653159448,
"narHash": "sha256-PvB9ha0r4w6p412MBPP71kS/ZTBnOjxL0brlmyucPBA=",
"owner": "flakelib",
"repo": "fl",
"rev": "fcefb9738d5995308a24cda018a083ccb6b0f460",
"type": "github"
},
"original": {
"owner": "flakelib",
"ref": "config",
"repo": "fl",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
@ -260,26 +260,6 @@
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1741352980,
"narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
@ -351,25 +331,6 @@
"type": "github"
}
},
"flakelib": {
"inputs": {
"fl-config": "fl-config",
"std": "std"
},
"locked": {
"lastModified": 1701802971,
"narHash": "sha256-Zo5fJpXbe+xXOTiDT4JG2rExobMJTmFZ72+3XTMMHrQ=",
"owner": "flakelib",
"repo": "fl",
"rev": "b71a91517f6b16aa5faefe8ec491d9f3062d7a20",
"type": "github"
},
"original": {
"owner": "flakelib",
"repo": "fl",
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
@ -394,11 +355,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1742479163,
"narHash": "sha256-YC0zdGyZMu7seA2Jm1mxtcxE4lSeVwvCPMfWzJ8+o/c=",
"lastModified": 1743346877,
"narHash": "sha256-WczB9koq4xvdBZoMLW8VFT16RGaDrJXyA0rDTg2GFVU=",
"owner": "helix-editor",
"repo": "helix",
"rev": "b7d735ffe66a03ab5970e5f860923aada50d4e4c",
"rev": "e148d8b3110ace99505c0871714cd64391cc4ba3",
"type": "github"
},
"original": {
@ -414,11 +375,11 @@
]
},
"locked": {
"lastModified": 1742501496,
"narHash": "sha256-LYwyZmhckDKK7i4avmbcs1pBROpOaHi98lbjX1fmVpU=",
"lastModified": 1743360001,
"narHash": "sha256-HtpS/ZdgWXw0y+aFdORcX5RuBGTyz3WskThspNR70SM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "d725df5ad8cee60e61ee6fe3afb735e4fbc1ff41",
"rev": "b6fd653ef8fbeccfd4958650757e91767a65506d",
"type": "github"
},
"original": {
@ -430,11 +391,11 @@
"lix": {
"flake": false,
"locked": {
"lastModified": 1742411066,
"narHash": "sha256-8vXOKPQFRzTjapsRnTJ1nuFjUfC+AGI2ybdK5cAEHZ8=",
"lastModified": 1743274305,
"narHash": "sha256-gsPA3AAGi3pucRpzJbhWWyyOBv2/2OjAjU/SlcSE8Vc=",
"ref": "refs/heads/main",
"rev": "2491b7cc2128ee440d24768c4521c38b1859fc28",
"revCount": 17705,
"rev": "d169c092fc28838a253be136d17fe7de1292c728",
"revCount": 17746,
"type": "git",
"url": "https://git.lix.systems/lix-project/lix.git"
},
@ -455,11 +416,11 @@
]
},
"locked": {
"lastModified": 1741894565,
"narHash": "sha256-2FD0NDJbEjUHloVrtEIms5miJsj1tvQCc/0YK5ambyc=",
"lastModified": 1742945498,
"narHash": "sha256-MB/b/xcDKqaVBxJIIxwb81r8ZiGLeKEcqokATRRroo8=",
"ref": "refs/heads/main",
"rev": "a6da43f8193d9e329bba1795c42590c27966082e",
"revCount": 136,
"rev": "fa69ae26cc32dda178117b46487c2165c0e08316",
"revCount": 138,
"type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module.git"
},
@ -493,7 +454,7 @@
},
"niko-nur": {
"inputs": {
"flake-parts": "flake-parts_3",
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs"
},
"locked": {
@ -510,6 +471,22 @@
"type": "github"
}
},
"nilla": {
"flake": false,
"locked": {
"lastModified": 1743409018,
"narHash": "sha256-fghnO1XmDnM0U6PdFu0GquNIRQNxH2IQ1AgifyZk6Wk=",
"owner": "nilla-nix",
"repo": "nilla",
"rev": "6747fe62879d7d15c96808bc370a52941287772c",
"type": "github"
},
"original": {
"owner": "nilla-nix",
"repo": "nilla",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
@ -531,21 +508,6 @@
"type": "github"
}
},
"nix-std": {
"locked": {
"lastModified": 1701658249,
"narHash": "sha256-KIt1TUuBvldhaVRta010MI5FeQlB8WadjqljybjesN0=",
"owner": "chessai",
"repo": "nix-std",
"rev": "715db541ffff4194620e48d210b76f73a74b5b5d",
"type": "github"
},
"original": {
"owner": "chessai",
"repo": "nix-std",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1723603349,
@ -607,11 +569,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1742395137,
"narHash": "sha256-WWNNjCSzQCtATpCFEijm81NNG1xqlLMVbIzXAiZysbs=",
"lastModified": 1743259260,
"narHash": "sha256-ArWLUgRm1tKHiqlhnymyVqi5kLNCK5ghvm06mfCl4QY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2a725d40de138714db4872dc7405d86457aa17ad",
"rev": "eb0e0f21f15c559d2ac7633dc81d079d1caf5f5f",
"type": "github"
},
"original": {
@ -621,44 +583,6 @@
"type": "github"
}
},
"nvidia-patch": {
"inputs": {
"flakelib": "flakelib",
"nixpkgs": [
"nixpkgs"
],
"nvidia-patch-src": "nvidia-patch-src"
},
"locked": {
"lastModified": 1742460640,
"narHash": "sha256-Qks0TRMOiuVKjcSPkg251Q2/wdU5ooMt4b2f2numPzg=",
"owner": "arcnmx",
"repo": "nvidia-patch.nix",
"rev": "c85990250376300fe11413e22458911f408f64d0",
"type": "github"
},
"original": {
"owner": "arcnmx",
"repo": "nvidia-patch.nix",
"type": "github"
}
},
"nvidia-patch-src": {
"flake": false,
"locked": {
"lastModified": 1742384429,
"narHash": "sha256-5O0TXVrLsFrULXli2vB2iJ7TECUckMHKvJZYmdkcnGE=",
"owner": "keylase",
"repo": "nvidia-patch",
"rev": "07080317245ac30c38001d2149810b2dee3cce1f",
"type": "github"
},
"original": {
"owner": "keylase",
"repo": "nvidia-patch",
"type": "github"
}
},
"racket": {
"inputs": {
"nixpkgs": [
@ -681,6 +605,7 @@
},
"root": {
"inputs": {
"__flake-compat": "__flake-compat",
"agenix": "agenix",
"attic": "attic",
"conduit-src": "conduit-src",
@ -689,15 +614,14 @@
"disko": "disko",
"fenix": "fenix",
"firefox-darwin": "firefox-darwin",
"flake-parts": "flake-parts_2",
"helix": "helix",
"home-manager": "home-manager",
"lix": "lix",
"lix-module": "lix-module",
"mailserver": "mailserver",
"niko-nur": "niko-nur",
"nilla": "nilla",
"nixpkgs": "nixpkgs_2",
"nvidia-patch": "nvidia-patch",
"racket": "racket",
"treefmt": "treefmt",
"wrapper-manager": "wrapper-manager",
@ -764,24 +688,6 @@
"type": "github"
}
},
"std": {
"inputs": {
"nix-std": "nix-std"
},
"locked": {
"lastModified": 1701802337,
"narHash": "sha256-JCVCyjDZ6LA0xyVoDZzRXjy0OgWOZo3OpeZEVm/U97w=",
"owner": "flakelib",
"repo": "std",
"rev": "443d1c8246b3d96a4822b02af907ca0d833e8b63",
"type": "github"
},
"original": {
"owner": "flakelib",
"repo": "std",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@ -849,11 +755,11 @@
]
},
"locked": {
"lastModified": 1742370146,
"narHash": "sha256-XRE8hL4vKIQyVMDXykFh4ceo3KSpuJF3ts8GKwh5bIU=",
"lastModified": 1743081648,
"narHash": "sha256-WRAylyYptt6OX5eCEBWyTwOEqEtD6zt33rlUkr6u3cE=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "adc195eef5da3606891cedf80c0d9ce2d3190808",
"rev": "29a3d7b768c70addce17af0869f6e2bd8f5be4b7",
"type": "github"
},
"original": {
@ -921,11 +827,11 @@
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1741803511,
"narHash": "sha256-DcCGBWvAvt+OWI+EcPRO+/IXZHkFgPxZUmxf2VLl8no=",
"lastModified": 1743151937,
"narHash": "sha256-SjfGN+3wrzgRvzpziowTQUIr/o6ac5iMniua0ra6elo=",
"owner": "dj95",
"repo": "zjstatus",
"rev": "df9c77718f7023de8406e593eda6b5b0bc09cddd",
"rev": "2772e18d1bf57b5fe24c7e2c86a6cbec0475cd88",
"type": "github"
},
"original": {

101
flake.nix
View file

@ -1,82 +1,37 @@
{
outputs =
inputs@{ flake-parts, ... }:
flake-parts.lib.mkFlake { inherit inputs; } {
inputs:
let
nilla = import ./nilla.nix { inherit inputs; };
systems = [
"x86_64-linux"
"aarch64-linux"
"aarch64-darwin"
];
imports = [
inputs.treefmt.flakeModule
./assets
./hosts
./modules
./wrappers
./pkgs
./services
];
perSystem =
# NOTE: Assumes every package is available for every system.
# For now let's say this is always the case.
transpose =
attrs:
let
inherit (inputs.nixpkgs) lib;
mappedForSystem = system: builtins.mapAttrs (_: pkg: pkg.result.${system}) attrs;
in
lib.genAttrs systems mappedForSystem;
in
{
inputs',
self',
pkgs,
...
}:
{
devShells.default = pkgs.mkShellNoCC {
packages = [
inputs'.agenix.packages.agenix
self'.packages.attic-client
# TODO: Contribute darwin support to nh
pkgs.nh
];
};
packages = {
# Re-export it for convenience and for caching
inherit (inputs'.attic.packages) attic-client attic-server;
base-packages = pkgs.symlinkJoin {
name = "settei-base";
paths = with self'.packages; [
helix
fish
git-commit-last
git-fixup
];
};
};
treefmt = {
programs.deadnix.enable = true;
programs.nixfmt.enable = true;
programs.statix.enable = true;
programs.fish_indent.enable = true;
programs.deno.enable = true;
programs.stylua.enable = true;
programs.shfmt.enable = true;
settings.global.excludes = [
# agenix
"*.age"
# racket
"*.rkt"
"**/rashrc"
];
settings.on-unmatched = "fatal";
};
};
inherit (nilla) nixosModules;
inherit (nilla) darwinModules;
inherit (nilla) homeModules;
inherit (nilla) nixosConfigurations;
inherit (nilla) darwinConfigurations;
inherit (nilla) homeConfigurations;
devShells = transpose nilla.shells;
packages = transpose nilla.packages;
formatter = nilla.packages.formatter.result;
};
inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixpkgs-unstable";
flake-parts = {
url = "github:hercules-ci/flake-parts";
inputs.nixpkgs-lib.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
@ -121,10 +76,6 @@
url = "gitlab:famedly/conduit?ref=next";
flake = false;
};
nvidia-patch = {
url = "github:arcnmx/nvidia-patch.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
fenix = {
url = "github:nix-community/fenix";
inputs.nixpkgs.follows = "nixpkgs";
@ -168,6 +119,14 @@
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
__flake-compat = {
url = "git+https://git.lix.systems/lix-project/flake-compat.git";
flake = false;
};
nilla = {
url = "github:nilla-nix/nilla";
flake = false;
};
};
/*

21
hosts/default.nix
View file

@ -1,15 +1,14 @@
{
config,
self,
inputs,
...
}:
let
inputs = builtins.mapAttrs (_: input: input.result) config.inputs;
in
{
imports = [
includes = [
./kazuki
./hijiri-vm
./hijiri
./legion
# TODO: Custom installer ISO
# ./installer
./ude
@ -17,20 +16,20 @@
./youko
];
builders =
config.configBuilders =
let
sharedOptions = {
_file = ./default.nix;
settei.sane-defaults.allSshKeys = config.assets.sshKeys.user;
settei.flake-qol.inputs = inputs // {
settei = self;
settei = inputs.self;
};
};
baseNixos = inputs.nixpkgs.lib.nixosSystem {
modules = [
self.nixosModules.combined
config.nixosModules.combined
sharedOptions
];
specialArgs.configurationName = "base";
@ -38,7 +37,7 @@
baseDarwin = inputs.darwin.lib.darwinSystem {
modules = [
self.darwinModules.combined
config.darwinModules.combined
sharedOptions
];
specialArgs.configurationName = "base";
@ -50,7 +49,7 @@
baseNixos.extendModules {
modules = [
module
config.__extraHostConfigs.${name} or { }
config.extraHostConfigs.${name} or { }
];
specialArgs.configurationName = name;
};
@ -61,7 +60,7 @@
eval = baseDarwin._module.args.extendModules {
modules = [
module
config.__extraHostConfigs.${name} or { }
config.extraHostConfigs.${name} or { }
];
specialArgs.configurationName = name;
};

2
hosts/hijiri-vm/default.nix
View file

@ -1,5 +1,5 @@
{
configurations.nixos.hijiri-vm =
config.configurations.nixos.hijiri-vm =
{
modulesPath,
lib,

2
hosts/hijiri/default.nix
View file

@ -1,5 +1,5 @@
{
configurations.darwin.hijiri =
config.configurations.darwin.hijiri =
{
config,
pkgs,

2
hosts/installer/default.nix
View file

@ -1,6 +1,6 @@
{ lib, ... }:
{
configurations.nixos =
config.configurations.nixos =
let
mkInstaller =
system:

2
hosts/kazuki/default.nix
View file

@ -1,5 +1,5 @@
{
configurations.nixos.kazuki =
config.configurations.nixos.kazuki =
{
modulesPath,
...

2
hosts/kogata/default.nix
View file

@ -1,5 +1,5 @@
{
configurations.darwin.kogata =
config.configurations.darwin.kogata =
{ pkgs, ... }:
{
nixpkgs.system = "aarch64-darwin";

47
hosts/legion/default.nix
View file

@ -1,47 +0,0 @@
{
configurations.nixos.legion =
{
config,
username,
...
}:
{
imports = [
./hardware.nix
# ./disks.nix
./msmtp.nix
./desktop.nix
];
nixpkgs.hostPlatform = "x86_64-linux";
specialisation = {
nas.configuration = ./nas;
};
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
settei.tailscale = {
ipv4 = "100.84.112.35";
ipv6 = "fd7a:115c:a1e0:ab12:4843:cd96:6254:7023";
};
networking = {
hostName = "legion";
hostId = builtins.substring 0 8 "524209a432724c7abaf04398cdd6eecd";
networkmanager.enable = true;
};
systemd.services.NetworkManager-wait-online.enable = false;
powerManagement.cpuFreqGovernor = "performance";
age.secrets.niko-pass.file = ../../secrets/legion-niko-pass.age;
users.users.${username}.hashedPasswordFile = config.age.secrets.niko-pass.path;
settei.incus.enable = true;
virtualisation.podman.enable = true;
};
}

112
hosts/legion/desktop.nix
View file

@ -1,112 +0,0 @@
# TODO: Proper desktop module
{
config,
pkgs,
lib,
username,
...
}:
{
# Needed for nvidia and steam
nixpkgs.config.allowUnfree = true;
settei.user.config = {
settei.desktop.enable = true;
home.packages = with pkgs; [
brightnessctl
dmenu
];
xsession.windowManager.i3 = {
enable = true;
config = {
terminal = "wezterm";
modifier = "Mod4";
};
};
home.file.".xinitrc".source = pkgs.writeShellScript "xinitrc" ''
xrandr --setprovideroutputsource modesetting NVIDIA-0
xrandr --auto
exec dbus-run-session i3
'';
};
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
gamescopeSession = { };
};
hardware.steam-hardware.enable = true;
services.logind = lib.genAttrs [
"lidSwitch"
"lidSwitchDocked"
"lidSwitchExternalPower"
] (_: "ignore");
services.pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
};
programs.dconf.enable = true;
services.dbus.enable = true;
users.users.${username}.extraGroups = [
"video"
"input"
];
# NVIDIA stuff
services.xserver = {
enable = true;
excludePackages = [ pkgs.xterm ];
videoDrivers = [ "nvidia" ];
xkb.layout = "pl";
displayManager.startx.enable = true;
config = lib.mkForce ''
Section "OutputClass"
Identifier "intel"
MatchDriver "i915"
Driver "modesetting"
EndSection
Section "OutputClass"
Identifier "nvidia"
MatchDriver "nvidia-drm"
Driver "nvidia"
Option "AllowEmptyInitialConfiguration"
Option "PrimaryGPU" "yes"
ModulePath "${config.hardware.nvidia.package.bin}/lib/xorg/modules"
ModulePath "${pkgs.xorg.xorgserver}/lib/xorg/modules"
EndSection
Section "InputClass"
Identifier "touchpad"
Driver "libinput"
MatchIsTouchpad "on"
Option "Tapping" "on"
Option "TappingButtonMap" "lrm"
Option "NaturalScrolling" "true"
EndSection
'';
exportConfiguration = true;
};
services.libinput.enable = true;
hardware.nvidia = {
patch.enable = true;
patch.nvidiaPackage = config.boot.kernelPackages.nvidia_x11_production;
open = false;
modesetting.enable = true;
};
hardware.graphics = {
enable = true;
enable32Bit = true;
};
}

14
hosts/legion/disks.nix
View file

@ -1,14 +0,0 @@
_args:
/*
let
bootDevice = args.bootDevice or "/dev/nvme0n1";
in
*/
{
assertions = [
{
assertion = false;
message = "Disko config TODO";
}
];
}

90
hosts/legion/hardware.nix
View file

@ -1,90 +0,0 @@
{ config, ... }:
{
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"uas"
];
boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
boot.kernelModules = [
"kvm-intel"
"i2c-dev"
"acpi_call"
];
boot.blacklistedKernelModules = [ "nouveau" ];
# Needed for enableAllFirmware
nixpkgs.config.allowUnfree = true;
hardware = {
enableAllFirmware = true;
cpu.intel.updateMicrocode = true;
};
services.smartd.enable = true;
# TODO: Move to disko only
# TODO: Actually set up impermanence
boot.supportedFilesystems = [ "btrfs" ];
boot.initrd.luks.devices."enc".device = "/dev/disk/by-label/LUKS";
fileSystems."/" = {
device = "/dev/disk/by-label/LINUX";
fsType = "btrfs";
options = [
"subvol=root"
"compress=zstd"
"noatime"
];
};
fileSystems."/home" = {
device = "/dev/disk/by-label/LINUX";
fsType = "btrfs";
options = [
"subvol=home"
"compress=zstd"
"noatime"
];
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/LINUX";
fsType = "btrfs";
options = [
"subvol=nix"
"compress=zstd"
"noatime"
];
};
fileSystems."/persist" = {
device = "/dev/disk/by-label/LINUX";
fsType = "btrfs";
options = [
"subvol=persist"
"compress=zstd"
"noatime"
];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-label/LINUX";
fsType = "btrfs";
options = [
"subvol=log"
"compress=zstd"
"noatime"
];
neededForBoot = true;
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
};
swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ];
}

36
hosts/legion/msmtp.nix
View file

@ -1,36 +0,0 @@
# TODO: Potentially make this a common module?
{
pkgs,
config,
username,
...
}:
let
mail = "alert@nrab.lol";
aliases = pkgs.writeText "mail-aliases" ''
${username}: nikodem@rabulinski.com
root: ${mail}
'';
in
{
age.secrets.alert-plaintext.file = ../../secrets/alert-plain-pass.age;
programs.msmtp = {
enable = true;
setSendmail = true;
defaults = {
inherit aliases;
tls = "on";
auth = "login";
tls_starttls = "off";
};
accounts = {
default = {
host = "mail.nrab.lol";
passwordeval = "cat ${config.age.secrets.alert-plaintext.path}";
user = mail;
from = mail;
};
};
};
}

59
hosts/legion/nas/default.nix
View file

@ -1,59 +0,0 @@
{
pkgs,
lib,
username,
...
}:
{
imports = [ ./media.nix ];
boot.supportedFilesystems = [
"ext4"
"zfs"
];
boot.zfs.extraPools = [ "yottapool" ];
services.zfs = {
autoScrub.enable = true;
zed.settings = {
ZED_DEBUG_LOG = "/tmp/zed.debug.log";
ZED_EMAIL_ADDR = [ username ];
ZED_EMAIL_PROG = lib.getExe pkgs.msmtp;
ZED_EMAIL_OPTS = "@ADDRESS@";
ZED_NOTIFY_INTERVAL_SECS = 3600;
ZED_NOTIFY_VERBOSE = true;
ZED_USE_ENCLOSURE_LEDS = true;
ZED_SCRUB_AFTER_RESILVER = true;
};
};
fileSystems."/bulk" = {
device = "/dev/disk/by-label/BULK";
fsType = "ext4";
};
systemd.mounts = [
{
type = "none";
options = "bind";
what = "/media/data";
where = "/export/yotta-data";
requires = [ "zfs-mount.service" ];
after = [ "zfs-mount.service" ];
wantedBy = [ "multi-user.target" ];
before = [ "nfs-server.service" ];
requiredBy = [ "nfs-server.service" ];
}
];
services.nfs.server = {
enable = true;
hostName = "100.84.112.35";
exports = ''
/export *(insecure,rw,crossmnt,fsid=0)
/export/yotta-data *(insecure,rw,nohide)
'';
};
}

132
hosts/legion/nas/media.nix
View file

@ -1,132 +0,0 @@
{
config,
username,
lib,
...
}:
{
age.secrets.rab-lol-cf = {
file = ../../../secrets/rab-lol-cf.age;
owner = config.services.nginx.user;
};
services.jellyfin = {
enable = true;
openFirewall = true;
};
services.radarr.enable = true;
# TODO: Remove once https://github.com/Sonarr/Sonarr/pull/7443 is merged
nixpkgs.config.permittedInsecurePackages = [
"dotnet-sdk-6.0.428"
"aspnetcore-runtime-6.0.36"
];
services.sonarr.enable = true;
services.prowlarr.enable = true;
services.jellyseerr.enable = true;
services.deluge = {
enable = true;
web.enable = true;
config.download_location = "/media/deluge";
};
services.restic.server = {
enable = true;
dataDir = "/media/restic";
extraFlags = [ "--no-auth" ];
};
users.users = {
jellyfin.extraGroups = [
"radarr"
"sonarr"
];
radarr.extraGroups = [ "deluge" ];
sonarr.extraGroups = [ "deluge" ];
${username}.extraGroups = [ "deluge" ];
};
systemd.services = lib.mkMerge [
(lib.genAttrs
[
"jellyfin"
"radarr"
"sonarr"
"prowlarr"
"deluged"
"restic-rest-server"
]
(_: {
requires = [ "zfs-mount.service" ];
after = [ "zfs-mount.service" ];
})
)
{
jellyseerr.requires = [
"jellyfin.service"
"radarr.service"
"sonarr.service"
];
radarr.requires = [ "deluged.service" ];
sonarr.requires = [ "deluged.service" ];
}
];
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts =
let
services = [
"jellyfin"
"jellyseerr"
"deluge"
"prowlarr"
"sonarr"
"radarr"
];
mkService = name: {
forceSSL = true;
useACMEHost = "_wildcard.legion.rab.lol";
listen = lib.flatten (
map
(port: [
(port // { addr = config.settei.tailscale.ipv4; })
(port // { addr = "[${config.settei.tailscale.ipv6}]"; })
])
[
{ port = 80; }
{
port = 443;
ssl = true;
}
]
);
locations."/".proxyPass = "http://${name}";
};
services' = map (service: {
name = "${service}.legion.rab.lol";
value = mkService service;
}) services;
in
lib.listToAttrs services';
upstreams = {
jellyfin.servers."localhost:8096" = { };
jellyseerr.servers."localhost:5055" = { };
deluge.servers."localhost:8112" = { };
prowlarr.servers."localhost:9696" = { };
radarr.servers."localhost:7878" = { };
sonarr.servers."localhost:8989" = { };
};
};
users.users.nginx.extraGroups = [ "acme" ];
security.acme.acceptTerms = true;
security.acme.certs."_wildcard.legion.rab.lol" = {
domain = "*.legion.rab.lol";
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.rab-lol-cf.path;
email = "nikodem@rabulinski.com";
};
}

2
hosts/ude/default.nix
View file

@ -1,5 +1,5 @@
{
configurations.nixos.ude =
config.configurations.nixos.ude =
{
config,
modulesPath,

2
hosts/youko/default.nix
View file

@ -1,5 +1,5 @@
{
configurations.nixos.youko =
config.configurations.nixos.youko =
{
config,
lib,

14
inputs.nix Normal file
View file

@ -0,0 +1,14 @@
let
lock = builtins.fromJSON (builtins.readFile ./flake.lock);
inherit (lock.nodes.__flake-compat.locked) narHash rev url;
flake-compat = builtins.fetchTarball {
url = "${url}/archive/${rev}.tar.gz";
sha256 = narHash;
};
flake = import flake-compat {
src = ./.;
copySourceTreeToStore = false;
useBuiltinsFetchTree = true;
};
in
flake.inputs

27
modules/default.nix
View file

@ -1,29 +1,21 @@
{
config,
inputs,
...
}:
let
flakeModule = import ./flake { inherit (inputs) nixpkgs darwin home-manager; };
inputs = builtins.mapAttrs (_: input: input.result) config.inputs;
perInput = system: flake: {
packages = flake.packages.${system};
};
in
{
imports = [
flakeModule
];
flake.homeModules = rec {
config.homeModules = rec {
settei = ./home;
default = settei;
};
flake.flakeModules = rec {
settei = flakeModule;
default = settei;
};
flake.nixosModules = rec {
config.nixosModules = rec {
settei = import ./system {
inherit (config) perInput;
inherit perInput;
isLinux = true;
};
combined = {
@ -33,7 +25,6 @@ in
inputs.disko.nixosModules.disko
inputs.mailserver.nixosModules.default
inputs.home-manager.nixosModules.home-manager
inputs.nvidia-patch.nixosModules.nvidia-patch
inputs.attic.nixosModules.atticd
inputs.lix-module.nixosModules.default
{
@ -46,9 +37,9 @@ in
default = combined;
};
flake.darwinModules = rec {
config.darwinModules = rec {
settei = import ./system {
inherit (config) perInput;
inherit perInput;
isLinux = false;
};
combined = {

54
modules/flake/configurations.nix
View file

@ -1,54 +0,0 @@
{
nixpkgs,
darwin,
home-manager,
}:
{
config,
lib,
...
}:
with lib;
{
_file = ./configurations.nix;
options = {
# Those functions take the final arguments and emit a valid configuration.
# Probably should hardly ever be overriden
builders = {
nixos = mkOption {
type = types.functionTo types.unspecified;
default = _name: nixpkgs.lib.nixosSystem;
};
darwin = mkOption {
type = types.functionTo types.unspecified;
default = _name: darwin.lib.darwinSystem;
};
home = mkOption {
type = types.functionTo types.unspecified;
default = _name: home-manager.lib.homeManagerConfiguration;
};
};
configurations = {
nixos = mkOption {
type = types.lazyAttrsOf types.deferredModule;
default = { };
};
darwin = mkOption {
type = types.lazyAttrsOf types.deferredModule;
default = { };
};
home = mkOption {
type = types.lazyAttrsOf types.deferredModule;
default = { };
};
};
};
config.flake = {
nixosConfigurations = mapAttrs config.builders.nixos config.configurations.nixos;
darwinConfigurations = mapAttrs config.builders.darwin config.configurations.darwin;
homeConfigurations = mapAttrs config.builders.home config.configurations.home;
};
}

13
modules/flake/default.nix
View file

@ -1,13 +0,0 @@
{
nixpkgs,
darwin,
home-manager,
}:
{
_file = ./default.nix;
imports = [
(import ./configurations.nix { inherit nixpkgs darwin home-manager; })
./services.nix
];
}

95
modules/flake/services.nix
View file

@ -1,95 +0,0 @@
# List of features I want this module to eventually have
# TODO: Automatic port allocation
# TODO: Making it possible to conveniently isolate services (running them in NixOS containers)
# TODO: Handling specializations
# TODO: Convenient http handling
# TODO: Automatic backup
{ config, lib, ... }:
let
serviceModule =
{ config, ... }:
{
options = {
host = lib.mkOption {
type = lib.types.str;
};
ports = lib.mkOption {
type = with lib.types; listOf port;
default = [ ];
};
hosts = lib.mkOption {
type = with lib.types; listOf str;
default = [ config.host ];
};
config = lib.mkOption {
type = lib.types.deferredModule;
default = { };
};
hostConfig = lib.mkOption {
type = with lib.types; attrsOf deferredModule;
default = { };
};
};
};
moduleToHostConfigs =
cfg:
lib.genAttrs cfg.hosts (host: {
imports = [
cfg.config
(cfg.hostConfig.${host} or { })
];
});
maybeGetPreviousConfigs = acc: host: (acc.${host} or { imports = [ ]; }).imports;
in
{
_file = ./services.nix;
options = {
services = lib.mkOption {
type = with lib.types; attrsOf (submodule serviceModule);
default = { };
};
__extraHostConfigs = lib.mkOption {
type = with lib.types; attrsOf deferredModule;
readOnly = true;
};
};
config.__extraHostConfigs =
let
duplicatePorts = lib.pipe config.services [
lib.attrValues
(map (cfg: cfg.ports))
lib.flatten
(lib.groupBy' (cnt: _: cnt + 1) 0 toString)
(lib.filterAttrs (_: cnt: cnt > 1))
lib.attrNames
];
assertMsg =
let
plural = lib.length duplicatePorts > 1;
in
"\nBad service config:\nThe following port${if plural then "s" else ""} ${
if plural then "were" else "was"
} declared multiple times: ${lib.concatStringsSep ", " duplicatePorts}";
# Here I collect all the services.<name>.config into a flat
# __extraHostConfigs.<host>.imports = [
# ...
# ]
# so that I can easily import them in hosts/default.nix
hostConfigs = lib.pipe config.services [
lib.attrValues
(lib.foldl' (
acc: cfg:
acc
// lib.mapAttrs (host: c: {
imports = c.imports ++ (maybeGetPreviousConfigs acc host);
}) (moduleToHostConfigs cfg)
) { })
];
in
if duplicatePorts != [ ] then throw assertMsg else hostConfigs;
}

8
modules/nilla/builders/custom-load.nix Normal file
View file

@ -0,0 +1,8 @@
{ lib }:
{
config.builders.custom-load = {
settings.type = lib.types.submodule { };
settings.default = { };
build = pkg: lib.attrs.generate pkg.systems (system: pkg.package { inherit system; });
};
}

6
modules/nilla/builders/default.nix Normal file
View file

@ -0,0 +1,6 @@
{
includes = [
./nixpkgs-flake.nix
./custom-load.nix
];
}

21
modules/nilla/builders/nixpkgs-flake.nix Normal file
View file

@ -0,0 +1,21 @@
{
config,
lib,
}:
{
config.builders.nixpkgs-flake = {
settings.type = lib.types.submodule {
options.args = lib.options.create {
type = lib.types.any;
default.value = { };
};
};
settings.default = { };
build =
pkg:
lib.attrs.generate pkg.systems (
system:
config.inputs.nixpkgs.result.legacyPackages.${system}.callPackage pkg.package pkg.settings.args
);
};
}

47
modules/nilla/configurations.nix Normal file
View file

@ -0,0 +1,47 @@
{ config, lib }:
{
options = {
configBuilders = {
nixos = lib.options.create {
type = lib.types.function lib.types.raw;
default.value = _name: config.inputs.nixpkgs.result.lib.nixosSystem;
};
darwin = lib.options.create {
type = lib.types.function lib.types.raw;
default.value = _name: config.inputs.darwin.result.lib.darwinSystem;
};
home = lib.options.create {
type = lib.types.function lib.types.raw;
default.value = _name: config.inputs.home-manager.result.lib.homeManagerConfiguration;
};
};
configurations = {
nixos = lib.options.create {
type = lib.types.attrs.lazy lib.types.raw;
default.value = { };
};
darwin = lib.options.create {
type = lib.types.attrs.lazy lib.types.raw;
default.value = { };
};
home = lib.options.create {
type = lib.types.attrs.lazy lib.types.raw;
default.value = { };
};
};
nixosConfigurations = lib.options.create {
type = lib.types.attrs.lazy lib.types.raw;
default.value = builtins.mapAttrs config.configBuilders.nixos config.configurations.nixos;
};
darwinConfigurations = lib.options.create {
type = lib.types.attrs.lazy lib.types.raw;
default.value = builtins.mapAttrs config.configBuilders.darwin config.configurations.darwin;
};
homeConfigurations = lib.options.create {
type = lib.types.attrs.lazy lib.types.raw;
default.value = builtins.mapAttrs config.configBuilders.home config.configurations.home;
};
};
}

8
modules/nilla/default.nix Normal file
View file

@ -0,0 +1,8 @@
{
includes = [
./builders
./services.nix
./configurations.nix
./modules.nix
];
}

17
modules/nilla/modules.nix Normal file
View file

@ -0,0 +1,17 @@
{ lib }:
{
options = {
nixosModules = lib.options.create {
type = lib.types.attrs.of lib.types.raw;
default.value = { };
};
darwinModules = lib.options.create {
type = lib.types.attrs.of lib.types.raw;
default.value = { };
};
homeModules = lib.options.create {
type = lib.types.attrs.of lib.types.raw;
default.value = { };
};
};
}

95
modules/nilla/services.nix Normal file
View file

@ -0,0 +1,95 @@
{ lib, config }:
let
inherit (builtins)
attrNames
attrValues
concatStringsSep
mapAttrs
foldl'
groupBy
length
;
serviceModule =
{ config }:
{
options = {
host = lib.options.create {
type = lib.types.string;
};
ports = lib.options.create {
type = lib.types.list.of lib.types.port;
default.value = [ ];
};
hosts = lib.options.create {
type = lib.types.list.of lib.types.string;
default.value = [ config.host ];
};
module = lib.options.create {
type = lib.types.raw;
default.value = { };
};
hostModule = lib.options.create {
type = lib.types.attrs.of lib.types.raw;
default.value = { };
};
};
};
moduleToHostConfigs =
cfg:
lib.attrs.generate cfg.hosts (host: {
imports = [
cfg.module
(cfg.hostModule.${host} or { })
];
});
maybeGetPreviousConfigs = acc: host: (acc.${host} or { imports = [ ]; }).imports;
# Copied from nixpkgs/lib/lists.nix
groupBy' =
op: nul: pred: lst:
mapAttrs (_name: foldl' op nul) (groupBy pred lst);
duplicatePorts = lib.fp.pipe [
attrValues
(map (cfg: cfg.ports))
lib.lists.flatten
(groupBy' (cnt: _: cnt + 1) 0 toString)
(lib.attrs.filter (_: cnt: cnt > 1))
attrNames
] config.services;
in
{
options.services = lib.options.create {
type = lib.types.attrs.of (lib.types.submodule serviceModule);
default.value = { };
};
options.extraHostConfigs = lib.options.create {
type = lib.types.attrs.of lib.types.raw;
writable = false;
default.value = lib.fp.pipe [
attrValues
(foldl' (
acc: cfg:
acc
// mapAttrs (host: c: {
imports = c.imports ++ (maybeGetPreviousConfigs acc host);
}) (moduleToHostConfigs cfg)
) { })
] config.services;
};
config.assertions = [
{
assertion = duplicatePorts == [ ];
message =
let
plural = length duplicatePorts > 1;
in
"\nBad service config:\nThe following port${if plural then "s" else ""} ${
if plural then "were" else "was"
} declared multiple times: ${concatStringsSep ", " duplicatePorts}";
}
];
}

103
nilla.nix Normal file
View file

@ -0,0 +1,103 @@
{
inputs ? import ./inputs.nix,
}:
(import inputs.nilla).create (
{ config, lib }:
{
includes = [
./modules/nilla
./pkgs
./wrappers
./hosts
./assets
./services
./modules
];
config.inputs = builtins.mapAttrs (_: src: {
inherit src;
loader = "raw";
}) inputs;
config.packages =
let
systems = [
"x86_64-linux"
"aarch64-linux"
"aarch64-darwin"
];
mkPackage = package: {
builder = "nixpkgs-flake";
inherit systems package;
};
mkPackageFlakeOutput =
{
input,
output ? input,
}:
{
inherit systems;
builder = "custom-load";
package = { system }: inputs.${input}.packages.${system}.${output};
};
getPkgs = system: builtins.mapAttrs (_: pkg: pkg.result.${system}) config.packages;
in
{
# Re-export for convenience and for caching
attic-client = mkPackageFlakeOutput {
input = "attic";
output = "attic-client";
};
attic-server = mkPackageFlakeOutput {
input = "attic";
output = "attic-server";
};
agenix = mkPackageFlakeOutput { input = "agenix"; };
base-packages = mkPackage (
{ symlinkJoin, system }:
symlinkJoin {
name = "settei-base";
paths = with (getPkgs system); [
# TODO: wrappers
helix
fish
git-commit-last
git-fixup
];
}
);
formatter = {
inherit systems;
builder = "custom-load";
package =
{ system }:
let
eval = inputs.treefmt.lib.evalModule inputs.nixpkgs.legacyPackages.${system} ./treefmt.nix;
in
eval.config.build.wrapper;
};
};
config.shells.default = {
systems = [
"x86_64-linux"
"aarch64-linux"
"aarch64-darwin"
];
builder = "nixpkgs-flake";
shell =
{
mkShellNoCC,
system,
nh,
}:
mkShellNoCC {
packages = [
config.packages.agenix.result.${system}
config.packages.attic-client.result.${system}
nh
];
};
};
}
)

6
pkgs/conduit/default.nix
View file

@ -1,6 +1,8 @@
{
lib,
stdenv,
pkgs,
system,
fenix,
crane,
src,
@ -11,12 +13,12 @@
}:
let
rust =
with fenix;
with fenix.${system};
combine [
stable.cargo
stable.rustc
];
crane' = crane.overrideToolchain rust;
crane' = (crane pkgs).overrideToolchain rust;
rocksdb' = rocksdb.overrideAttrs (
final: prev: {
version = "9.1.1";

57
pkgs/default.nix
View file

@ -1,35 +1,52 @@
{ inputs, ... }:
{
perSystem =
{
pkgs,
lib,
inputs',
...
}:
{
packages.conduit-next = pkgs.callPackage ./conduit {
src = inputs.conduit-src;
crane = inputs.crane.mkLib pkgs;
fenix = inputs'.fenix.packages;
{ config }:
let
systems = [
"x86_64-linux"
"aarch64-linux"
"aarch64-darwin"
];
builder = "nixpkgs-flake";
mkPackage = package: {
inherit systems package builder;
};
packages.git-commit-last = pkgs.writeShellApplication {
in
{
config.packages.conduit-next = {
inherit systems builder;
package = import ./conduit;
settings.args = {
src = config.inputs.conduit-src.result;
crane = config.inputs.crane.result.mkLib;
fenix = config.inputs.fenix.result.packages;
};
};
config.packages.git-commit-last = mkPackage (
{ writeShellApplication }:
writeShellApplication {
name = "git-commit-last";
text = ''
GITDIR="$(git rev-parse --git-dir)"
git commit -eF "$GITDIR/COMMIT_EDITMSG"
'';
};
}
);
packages.git-fixup = pkgs.writeShellApplication {
config.packages.git-fixup = mkPackage (
{
lib,
writeShellApplication,
fzf,
}:
writeShellApplication {
name = "git-fixup";
text = ''
git log -n 50 --pretty=format:'%h %s' --no-merges | \
${lib.getExe pkgs.fzf} | \
${lib.getExe fzf} | \
cut -c -7 | \
xargs -o git commit --fixup
'';
};
};
}
);
}

13
secrets/alert-nrab-lol-pass.age
View file

@ -1,7 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 84j9mw XYwseCo1fgFTMZ4IL13orBFdnWo0is7fujpJ5vDEIXo
5L2q/5umRSXrK1YGUXeUS3rpUlaGGwCKqzvUpQ5nk8s
-> ssh-ed25519 GKhvwg 2fSKj5gtCn8oj35oOgL3o8TxkkZNBlp+xy/W4mYghm8
fNse8uiLWps7zSIY8826MRAY1PyO++G3+7tT6TDQeag
--- /1Qqdeo1Tvw3EQDGKc5D85eXTnJ/vmdtwfHf/WuvGwQ
Qr.KGè²ùõ;1ýçW9£>†ˆ<E280A0>GjE(÷<>~]ß÷œ3"®†Žðiº“ï )1 [Èäñm;ÀܺWÅqn)vsEÜY«ÝÒÅÁäË,Ú0X3I1ñ‡P`
-> ssh-ed25519 84j9mw Uex/8V7Wq/9Bz9nvJRwfl5F6/QexinaDIhe14gAqWng
/lvX7cziXcohWI8FS8eybbdAaWDgN2Nvv2/3/DDaCFg
-> ssh-ed25519 GKhvwg JmC8WUB4SkpEy9nYGo9sfoNPx1pOAqvq0YDqd4l4vWw
F7KRZaLxCs7eYlPvv+yLovyFAxkahr/p5apcL+Bilfk
--- k5tZFrWFA+pUvgN2TYuIXzHBII2bLhB308qm5LFGJVg
¸0ZTJÑJÊ)]>Äp¹À
?LM‰¥µßØ><08>ÍwПuYxŒÒ ï™"/Œ"$¾ÀÓL <0A>Éé<14>ÿøYÆ1ÐüT׸áö§±ÃÑs»~

37
secrets/alert-plain-pass.age
View file

@ -1,19 +1,20 @@
age-encryption.org/v1
-> ssh-ed25519 GKhvwg 5euhetVuCUsVmzsFBVQr0U709Ogv6j1m+rhaS1ZXQhw
p9dTjCsqwXRFgY1qvZOmlpJGYIz+hj286sP/oaX15H4
-> ssh-ed25519 H0Rg/A MrlNR2XgW04Csdhpd1s2Tfr3gsD8l1YWj5l/5EJEtGI
+3RiO5GHLJOstxEKvNvAlZ1ycWHLUun0K7raJ/86a/M
-> ssh-ed25519 84j9mw 2wIXF94Zbo3fB7fRzQWGv5mCwdiomYVoFU8p25olt1k
S2A2AP8clxTkJBtqRTTSeHeKCkcveEYaaU41di0v9kM
-> ssh-ed25519 5A7peQ G+MxkpWskys34yRKVC9CEXdfqujMUG/v4Vp9WvPYRw0
BA+l5LIAIX0/KeSRcxLRybQ42OZV/ZX9pLCHhvkI1gc
-> ssh-ed25519 ioPMHA EXnV+gYXCwuE9kL8HJDxwGTWRqfJQt4gO4IxDXNXCDM
s2Ji8kJ+hl+3vy/kIIHyngIw6BGouXjLTbIK/AQYfNI
-> ssh-ed25519 g2vRWw Ir+r+/jelVmGjtahgKwTkiwZUWSxkCHJrYFkm+GqTDQ
GsDZu3gaQArHOEFQH4qoJSQw1mflKWvWNYpI+RZgI/0
-> ssh-ed25519 IFuY+w tWgf0Nelr0ji9Kr9fBt+2rdr0alagGG960uzW8RL9yE
FW5Wt5OMD887sClsLF/q4AlTDocImI72az465K/qZPs
-> ssh-ed25519 rA7dkQ 9apitDrmj/hY9bCHadtYFZmjGUwqXtFZiUypjt9Z1BQ
l+4ZTzw1rAYQV9dWn2sAr6Q1UtwunbelGr+UqMwetsE
--- dmVol02/2xV9zEOzA8+n5fyyjEk5Tsq/3W1yZa07ntg
Pÿ`nÑHmXöتDâ¸`7ô{ç3˜Pø¿¸ùãÊÛð}€£ñèvÉÜT€—Áb
-> ssh-ed25519 GKhvwg ZvzKWT14nrdbiVRJf4hK3Gmb7pkLA1YrzIAXi7GqUm0
OqGUgm/4oefj+J6JrIM42FPq/2tH/evQfKYQGCSMIc4
-> ssh-ed25519 H0Rg/A ucyXgt869tI6HWLjrsg5o65HBBHnjiAyJ2T7aCps7iQ
h58tIKkuHEFM+7VRl6u+3vvV3XQ0r+XqvUo7OdLuKEg
-> ssh-ed25519 84j9mw 2a5d7xIwqwF9MuAKv490mGUMYiDvZWK8+sLDjShpnmk
7CH1AzJQD7nrq7aKZJy54+74awO2MHO6RySq29/MH18
-> ssh-ed25519 5A7peQ 8h1pfClbTdBZuSZyw1LcntL6QIDXukYkJ+SBmcZMYAE
d8gix1GBYjqe8nYc/gdOxEvsYNo7+W+vhQZq/RFPeRw
-> ssh-ed25519 g2vRWw E4b+U5rVKsurdddkOSeDKmhIQW5iK4hdoRePQjohM2w
+WlMZ6Yd9iCqcm/WIrzRSRU9fmqdtc2Lb79wgB945Kg
-> ssh-ed25519 B2veVw 4APxbmXkGw6O319hX1rPpgCz2BNXs1fa71eopRvgsFI
AQ3FsW+H7qYg90JG8904/N0FjxjH4S70S1Gyer1BiXI
-> ssh-ed25519 IFuY+w +W4IMgBS9ihPCEGWQw8DrsTkF8Ih5H1+ZjhmGdPimQE
qlMFMVpw6uvH/OqGx/fIBFcP41RlXxyXKJ3//1N7mcQ
-> ssh-ed25519 rA7dkQ 1XI21LILuaiYGHbdgCllU+H8N+/YPq9FyrOUTp0AXCI
vklhN/5KOmbB0MaQ4F/iIuj5ReLiBrmFQunPtJu0o7w
--- 5T2/adM9me57EcbMcLPba1MIisFzJnXLC+inc57bJdk
ÿJi'ª©6£—&Ù&o
k4-hu¨š}ï2¥Ú|Î1DIl9Þíܦ¡—ýY•

BIN
secrets/attic-creds.age
View file

Binary file not shown.

BIN
secrets/forgejo-token.age
View file

Binary file not shown.

BIN
secrets/github-token.age
View file

Binary file not shown.

BIN
secrets/hercules-cache.age
View file

Binary file not shown.

26
secrets/hercules-secrets.age
View file

@ -1,16 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 84j9mw qVTbaORT1Ouwq1uA0cWQ3Q85tLYcq6xuZ9UhcMOTTSk
PE0VZp1P9K4IAnm/BIDusGsp4dtLvaN0/m9q9gNnfx4
-> ssh-ed25519 ioPMHA +m127XNN1vH6Tg6XGuHDbND0giQgGsMLE7YUKagZbXk
tKyYRNLt1UgnQR//64yAunpHjE7JyB/Mkdmc4gkMTWw
-> ssh-ed25519 IFuY+w x4WynTbStig1Ay9gyaplDcNlLQT0kMOFOJwVvcco1i0
i8M7n2tfBJoFNmQHs5jEaZdfKc1UmjL5y6oBCos1mDk
-> ssh-ed25519 5A7peQ +XJDHQntGS+FcrFgy9X/9RDOrBMNCI8rHsicV4Z5sBo
i6xfceBN4DE9EYF8Q4PaJjX7qbELJaJ5dxMGoAIE8xU
-> ssh-ed25519 GKhvwg fzJcotOtNhVeNwOdMQIwPT9GmgbE13HYmCkwbFlCCkQ
mNtYtoX8IUDgHKAQRA5e7HLZgYVI9wCF8QMm530eFEo
--- EIWU+anFU1NSYiu3O+xncDnVvJVrwHzwaAX1YhsaOj4
%§ëDJ#Îä·0Ÿ¨AÉD
qz,3sHÿ…µÌÂVb¦<>®ÄÂTùÍÞªˆË‡¹8Ÿ¬[ ÏÈ?VgNVdˆ
Ä<EFBFBD>È—L=è©í̵žðg%ιî[ÕmdšòíëØ6oqòžEÂ4Å<34>óöÕF3@P\(MDM;%É^<5E>Ü«ïp¾xîª÷p<10>):O9,iBµ¥±„T
sÇšÏ-—à“ÃJWºÖèEÎ\0£™yÎ>0;î<>öyÑLæå{üt.g%W,ºX} JÆJßÀdgê3žŽ\Ž#<> 0h=l´ˆüš<C3BC>hBB䃜üXÀ<58>ÄëÍb$õ^Ð óå” B¨M™ØìÕþ[È~ÌÜu?Ñâ®þþ h¾ªlÿ”Ìc;z½k
-> ssh-ed25519 84j9mw bwa+uUxySjFDjOaCzRiZyYVKl4po1YDaOoDQLqqObSI
ayXv7BKF5lkzM3ai3rHL8irPetF2Nlwoji2VHpRsD5c
-> ssh-ed25519 IFuY+w k98+p1XfAR7f7kbahEwTzZVA45ulV4t3INkOQMsU3D8
1QbRrGvE5cMMKzSNXK5LfBndDBJITd6gTBg9dJWir9E
-> ssh-ed25519 5A7peQ NyqKUm+8hfHcJ760y3EttpxygXxQXKFXURU8pHg1bAw
Rh7EqnDagUFvmIEsFkjkE2tVzlhWrGgANKy9UQM0D7M
-> ssh-ed25519 GKhvwg J3b+gGMaemGwSb7jfeCug9bcjXUJbU8BBGRoTXw2lw4
tmMZY+0SSYVxZSMDQEBWCYzKUHTVbFH1iuybHyBvor8
--- Uh1N32VLTQ2mxhsxu40FbIv0dQkqPdfBk+q3nJ/xPZ4
;¨tضïálÌ™„RyœhÙQBXzÇiߦþ¶ä%JN@Ö§þFƒDv8º½.ÒD™“,½¦_J¢žÝ(<¿p-<½Añf—l)ÕøFQ±”Íf“øéª+—6îmH<6D>þݲſç~ðÉy•NÁ5ØŠÍ®ñÃb—#]yÛ{§MSx9XO•3«ýñ`ô®ƒR<|—O4ÓÓ(ˆƒäKÍ@wdMq s%XdG®rW™m 1N QåñGJòÅ~ÙÄ݃«xkÅgRCvëš&vÏùåÞ¶±NS f©6ÿ÷,È`¾K ÑŠþkŸ1<C5B8>Z!T%[,a6XèÖ¾ÛÿNL5îÉk»^ÌËVž
õg}×Cí¡>Šˆm5ØÐrd7MÃnÙ=

BIN
secrets/hercules-token.age
View file

Binary file not shown.

12
secrets/leet-nrab-lol-pass.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 84j9mw qRlII1WyhanH2pNwSnl01iMlPWQ7tsyiNNOHPLNMflo
ZMtYsPCDsgcbN1qoAYWTBQtfBWGHzi4WKbGtpJSzKRA
-> ssh-ed25519 GKhvwg Fck+71BDUxko70r43pDKCYaa5OKZipR4iNveNrJaiC0
uZZhlsckmE+mi7Oq8+gtisDFmLEoy0Pm/9BKgRi9VHo
--- i/jgJHw3pEnMDGSjdK47mOkt87oI8szIHiIqimXVyXY
ÚÖßµSÇÞ<Èñ<C388>S¨ýjË{B>A¼Ñ¶î°Âå<>í<EFBFBD>ÏBzœ¸ÜwgÅÙá@"PY^£+E¥×['ÓÞú–ÌŽÕ,K©[ÈXÜ~XåÇg{øÊ2æìíc4
-> ssh-ed25519 84j9mw 9ygN4fWQWX889zSTchiwqVwxTzHzl+3PSelEpeGx6yA
v1GTvSMdbwC6U0QZtaD7/b5QbJ9j4J3F10eCUaT5COY
-> ssh-ed25519 GKhvwg 9I2sycYPtBMPZenbWLueANm46TTPzbgCa//4oKojGEQ
aEX3TQpWRAcrtJaiTMxB08L8OY/O/4JR+/zoNPl7Kxc
--- 6EB80pdWxmL1yVM+klouel5E59m2C88Dz0SH2DiT6nE
hkdJwÓ|g¾~ºvà^Ëjq\<5C> ' ƒ™yöIícdW™YF?ÓNÍþâ/ä0ÄØý+h<>…=œ85±#Š ²‘\bm£~ŽäÇú1æïy"úqÌAT<41>

BIN
secrets/legion-niko-pass.age
View file

Binary file not shown.

14
secrets/miyagi-niko-pass.age
View file

@ -1,8 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 g2vRWw Pdv9mU1heeteeLbLFVUAIyZxmCWHNmhnw0TphSVMczg
xks6yrF0BziJFp1QHSJdv5Svo1bCu9DF6s3wa2h0Xmg
-> ssh-ed25519 GKhvwg H2DeS0HP/vWKRrBszwCffNgIZo8nVymGSkWEH26Y/2k
2y9DCIwpFsFXpgOwOrrD9+HpRzEuno1fW2upd2FLbZc
--- LNHsLxE4XBziNhnXmARcxB7UWhcKNvon1sDdX6mfZaw
-1Šdmÿ<6D>
öf——ŽR´¸…,È[Û#[-ô;øMÓ}ävžêi4üx˜~=èÌ)ño¬º¡N^Ènþê„"X<>§Bª}W583Ùæƒ<C3A6>vÞÀò:Î¥çôu†Z«µ<C2AB> åɶ
-> ssh-ed25519 g2vRWw 8FCO/eYVK3KfOvdyk5Va3R9jXaSNzV+ArFVhJwJPDDk
zRBpyAtdJxg4TSsgUep66Yv2CMUUAI8IF3pL5+MI/88
-> ssh-ed25519 GKhvwg eMLyDK82QCKJrVjtfuy5DKTNFOc39zdJxJNFEXCO1Ac
6AamgzEBeT1018cy7N5GcvgjypGPLqF+2P14h//jTtA
--- jhq8ZEIoUjMq5PH7tktWMKQuCLMKifY/UfjjM1Qn7UE
QÖ8cœV2ž ƈ<19>4Ü$h©+e…yÖ
0ç#¬aJ`ng{@½Ç.sªIgÏžåc*®Q'è&•¶˜‡k,CuI±†ý´w†™ɘ×Î +rEÔNîÕ·@FŽP€I¸¸?ÐÑ’

BIN
secrets/nrab-lol-cf.age
View file

Binary file not shown.

BIN
secrets/ntfy-alert-pass.age
View file

Binary file not shown.

12
secrets/ntfy-niko-pass.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 84j9mw VodL+EHOjoXj8R/F0vMQzEcnnCFzzes0QByGCDCgVQw
tZLaDA1FLFwbK0AGo8lpTJjMUnPhJh1czYVLIYjkcEc
-> ssh-ed25519 GKhvwg gHaR4I4l0I+/XrbjTMp/mevEzxPJXNLB1eHs33WKwGw
GTAzrhyyDylZgExteDGpGbcS/TFX1q+NhF1FWHzNV0s
--- QS1dAgdS96KwIprDjzz6OD4qSIZs4/m9JEIsi3+kgPk
¼ÐzêÐPCžSÖx€ªf ¹Â-èÕžÀiŒ¡cû7˜_¸Š~¶ÛjA
-> ssh-ed25519 84j9mw 5fEqoBEGZ6AZRfWuU6mej6XNl6hDrxMIMMlccp9CVzg
QvontdV2/amh/i1Ldmzup8TB+lN4b0+YuoT+UFWiPw8
-> ssh-ed25519 GKhvwg 5Qm1FPvbv0ZsJiJ0Rjm0CPm6eWKvfQ4XHAOmEUWWCiA
eu1MXEWfo425lbnq5tAOnGqpLgRVIOCkZKegTQQjw/I
--- s1g2UCKwlew0wCJSxGosBzn1K0TEbPlrIl09iZ58bMg
PÕÌý®ü$<24>N{èLrÿxS:=W²x•Òc¤(Jµ£|ÁÏúõ»48ÙäS

15
secrets/rab-lol-cf.age
View file

@ -1,9 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 ioPMHA ftS+6CMGsySkp/KbDBLPKeWNDK83bZ2VB8ZKMRijkkY
U+2wopG3G2AvI4KUD9tZGIrHZSM3UdyDdYmbbkllWPo
-> ssh-ed25519 84j9mw xek41MX1ETVgRZa24I7n5U/XkJOqItQWK3Qz1FfkDCc
40CWzCUmxsjgmiObbqKuSieifZ2vNo965jOeTrZ8hT8
-> ssh-ed25519 GKhvwg X2YSREIPjoaWaku9qrVu04hOlZjUF3LFEUZaIMgg02s
jbjT6qoIFGXRv2wrkzf2GHx3tcku/tgWfK6Sns3uFVc
--- B/FIIz8dDg9YXbtDxfAQFZj9PCLHwI/mboBJQBuFmJg
„ýÎãì4®L7Hç3F¼ À <0B>íÍ„"ºæfU(ëÁ×Û~î‡%sb£ìùãæ¾Ô€~ZÂ}Z>2KO¨'Q\Á¿W[š„·ÏŒe…š¡1ö^IÖ‘
-> ssh-ed25519 84j9mw qUAkkpjjETyLa0IZfbm8yJ2opDBBsngbrrNjwu02G0s
kpEKDzWIfskgnZYR+0lgtCKqv0KwfpxRTq9crCsjvto
-> ssh-ed25519 GKhvwg FKrEGsx5mPhWnq5vNgFgxM816v6ZAG16pmdukuBWDDU
qmPRvA2bd0W3QlR6h8BLC/O+XjTp00vYXnp+tXakXDY
--- 7FE7FzsRmCKPvjr3yOlot32FV0lod38Hec/JRaxP+8g
xA°}~ <0B>˙H]…źTLزոl]µ¬0>Cź}J:·0nľ°°CšEćĹaăŕV´¤bĐ "d—ŻV!ŘR˙Ávďş ®z ĺ9ójO


12
secrets/rabulinski-com-cf.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 84j9mw d9KZV9S1hRXBvVcFe40S0NqWKlQ/AdRgAqdYXKicXR8
SgTn9MXrft+sRr4I96fqQHzAdm0b21Bd0eSoYFfq7/4
-> ssh-ed25519 GKhvwg B9qTfegTwDH/X0nQMGvTKCsK2GyzJ7yWgFIo+nKhsGc
Is4Hi8B2/9s0pz/quvNER2hTkabPbr7qeILL4PhQO1c
--- 1BhfbNEwYq0ra5slik651qbC8jffR2FmnDHV3FDtom0
Œ-…oSÔ<E2809A>¢-?{¢r]5«°óâ”;Ä+0 ÁoE9tƒ”µHXjqâj2@3üÞ ¶¼µº©÷m°mkúðyQâØ;_<>ŸW°Ñ϶Qœ~
-> ssh-ed25519 84j9mw O57uksGzyC2Obzy7AYk86DnEFQNXt43g5CqM4Vp69jU
1fW8YTn28ju1O3tX62A6AtvfzsmKzmhe79c3DmGUPrY
-> ssh-ed25519 GKhvwg s3WZPik8t204g4BlxpHeSpnL4/IgM+JdekXJYx7EFVo
N0Pyre1DwiLFo4HUE8SFDmNnkE4XJtcyHfn63cMlQJo
--- WPllwfNX5iXFmVC0pGCNrH4T9EGRhmRwGayE3bY/YC0
d p¿/Ý©„ÿ3+dvÕÛv&÷ËÒ²„ µR ÷xdèþSyé©8 øSà ­ûæÒ ÅešÞ}Nb#ø¹6åw.w“E0Q¬·–‹%˜Å

9
secrets/secrets.nix
View file

@ -13,21 +13,18 @@ in
# "bitwarden-env-file.age".publicKeys = [keys.system.kazuki keys.other.bootstrap];
"hercules-token.age".publicKeys = [
keys.system.kazuki
keys.system.legion
keys.system.ude
keys.system.kogata
keys.other.bootstrap
];
"hercules-cache.age".publicKeys = [
keys.system.kazuki
keys.system.legion
keys.system.ude
keys.system.kogata
keys.other.bootstrap
];
"hercules-secrets.age".publicKeys = [
keys.system.kazuki
keys.system.legion
keys.system.ude
keys.system.kogata
keys.other.bootstrap
@ -35,10 +32,6 @@ in
"alert-plain-pass.age".publicKeys = [
keys.other.bootstrap
] ++ builtins.attrValues keys.system;
"legion-niko-pass.age".publicKeys = [
keys.system.legion
keys.other.bootstrap
];
"storage-box-creds.age".publicKeys = [
keys.system.kazuki
keys.other.bootstrap
@ -54,7 +47,6 @@ in
"github-token.age".publicKeys = [
keys.system.ude
keys.system.kazuki
keys.system.legion
keys.system.kogata
keys.other.bootstrap
];
@ -72,7 +64,6 @@ in
keys.other.bootstrap
];
"rab-lol-cf.age".publicKeys = [
keys.system.legion
keys.system.kazuki
keys.other.bootstrap
];

12
secrets/storage-box-creds.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 84j9mw auP2WgwsaWjyocQkSzoYShO2kSLjn2UArvAVEhKgDiY
4Uh423ZjS7/Xo6TxLJzWqXgHZAu0xouH0UvFZuJuEz4
-> ssh-ed25519 GKhvwg JHtyTS12OXspSKP9r/a61cfp+ubYbsAXFmEijMTex3Q
wZYrJ8yIZ3v5cdBzpiI9ocaTpHbtmebEpbr59Bz3rhc
--- koWJ57H+ErMJDxW6JDNL2ImmZb6o9v2BJtaFi2OL+dc
Ioð5q®&¢C<C2A2>³U*”†[T.Hª€ÉŠ×ʺkkp„Oç£Ys,Óg£49øËʼn$^l-Aú/—¶åë¦QÊX»ÆðÖø
-> ssh-ed25519 84j9mw tKQQB/cd6JHCLQLrix2WGW5hHBUNC+pqDZXvTmOlOkw
lnx4olU3W8dgMwigYga/NYcjJ/C59J/uVdYNOfWmN2I
-> ssh-ed25519 GKhvwg iWTl/jvU1aBd78yAZUsOgcG6JaK+vO8Dpx61dYMjmhc
2Iu6OHlLlhJLy/cxI/zSuqRhBnoeGLXINbDyMIvDZD8
--- eOl0sze0EOvfcAarBav7mb4B3jdBvOE+fF166oukbrk
!żlćxq*T,.ÄX˝k6ě^ů<†!żX5ŘČŢŁž‡‰·ÇŐáĄńô,`ßěY‰^đŮ›Čů.¬đÔÜ°úďe Wßěµ âOúyÖ

13
secrets/storage-box-webdav.age
View file

@ -1,7 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 84j9mw 8RHYGSsbQG4F+mKMbXJu9aFv6xN3ZyxRBBhFJ3H8EFY
sRQonxjyqPLnL3AbfugdmraHzVK7RE3LjhuzLirImGM
-> ssh-ed25519 GKhvwg aEEIBlvZ//KmEqkX1pkZrT7QK9sopwKKiD6YUa9lA3k
srUtd+v0kDfbCsZ7OwPvzRVIualWm8CA4mhgdNAJm+A
--- yWhOlkbF9GUT7OsMu3R0/Dc+nP7DrUetuPLZJFySPpE
ƒ7™î0P`öÍsT§±=ÃÄ*ä=sÁÌp>¿mtY{±ò‘·…-­ö;M0ŸzÔCm}®¾ñßûŒ÷¾g“O» žjǡ<C38B>þàÁ½éÌN
-> ssh-ed25519 84j9mw C3TpEZsxJIYJ3d5vsQkCcCTity80nLsyxm5zCBZOMzk
56z54taf+KUJjDugfCGKlcbeRZfDzi3+eeanKPINS6E
-> ssh-ed25519 GKhvwg uUXJkGw54Q7dCnYobwV1zihOPa4R1FydJZehlFc5MA4
6Zbym9jLykqsYjmb6rKIa6GExAKVVvEkvCQrzl6HB/M
--- QICnyH0PORBpoNgT3pjuhP1p8AHn9gD2OIae/9G23x8
±(¯}¨{¬¤Ôœ2Ë“¿òi]UmiL­mÂvé>ke<7F>ã'6“AÀ̯¶XÔi<¯á:òùÓfÇU<>È~Ÿú&A¬Ë¡çj°
D·?_“E-éH

12
secrets/ude-deluge.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 IFuY+w EOJQpXxn+NL/BJjpdo8mIGfOYxcMElkVIiGx7KftrQ4
OcglvGhSgb1mxH8M19ZMf3m6lSF0clzH7Mjikf7cilM
-> ssh-ed25519 GKhvwg cr+0J59wCjYBONBcDulN8lpvZiCvULHqnwDu+eKQRAo
9q87PSfr4kq8lCDrw5Od3D1xJjSSmVv2/TXBWEBtBpU
--- FmVR9tb8wjYFb/FBTrblXMCUAMw5KQ7sX8WojcxCrbk
ŃĚÇCÂ<\á}ŹJ<C5B9>Ą ¨„f”é|<7C>6G“Ś•@WXc-"©Ő÷Ď<C3B7>űîüîAGşŹ«Z' Ĺxé_ňÔ ˝z,@nÇ" 3[Ä? Lb@óŹďe
-> ssh-ed25519 IFuY+w ZigoLhwVERGG/r7uYI3DKX7jijKt+4tsiTWpbIdUTXE
k4jmQIJXr7yJOY3pkc1VnoqDgWkNr84k1AgYF7jNjRs
-> ssh-ed25519 GKhvwg FMZOLDeE2Yw1Kd8V7NTL2oQtWo4IKDUoHu/Z8Su2hHI
QF+L/Qf35wkOcgGWWRGANMJCG5Vz80epjQuwa4IdYQM
--- ZUTRNDrgxdsZsNSP1Z3BLxw4EYexr873aJrbUvIgE2I
yâùZͪëú¶ M¹®ËXd識塸*ô5ð‡øj"‹¥¿íí*ÃÖZU³å Ñ„²|Ý•]¼ßa8 ð"Zœb<>][9S÷Uµ ù.

12
secrets/youko-niko-pass.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 rA7dkQ etmPKjKz102knTx/qQAihC9bFvRENB0Q1DtnaQyjfm4
GPt9OCIwT+/Q/UUDtkHB8d7T6znHy1y1NEUeI+SCeMg
-> ssh-ed25519 GKhvwg qdCxGyXrdD+WQa/il8fIlV7OKdREqd40Qk0PKITHxlk
OBJ9gg+KBHi2s1HYLazy3K+yh8tvnUvmuH+riWU7K8c
--- V3FRy0/TcUdUaBDUK+93r5rH26Is/KVuNJC+1vFMsOI
ŠýØÀëÐw§±æÏôOÌ.➌añ«÷Ûä<01>&<26>ößÞ<C39F>z³¹û ä[ oXµÄu<E2809A>ÁßùÅþƒáÖÉ÷”,ášajxGÆœuÕ/šÆñæeL²Ì/6S[SU¾
-> ssh-ed25519 rA7dkQ ucrMqUlwttyHHFkJ/c5tYpHohefNYe6aJnxHMUjkUxU
RgsGaMLmtziGu/n6MiDJmkTZORTh2yYWoSS0eu9i6PA
-> ssh-ed25519 GKhvwg u7Fjda07e17aJGV0ZFK/Mt2ZbF/3b38MLydE8WKs2gY
gO2rNP64Nkhr5GShWP8zhxeT2YUKEkqN1Oc6/3l6PKU
--- H9oqwkU/uI5fZAdy+qkCW5vw1PBaahe28FTUxhEFsds
xSæmL6îï9ÊŽÐîGŽ×3Ñ<áò4[ZÀ Œt»}å¶<OÓÃØdšÊcªYûé}>XQ^]<5D>ŠñK|B¶ÌwDmÓq×HïX©]FñeÄRt%¥`Ò¤0†»IVÂ×

BIN
secrets/zitadel-master.age
View file

Binary file not shown.

4
services/attic.nix
View file

@ -1,12 +1,12 @@
{
services.attic =
config.services.attic =
let
atticPort = 9476;
in
{
host = "kazuki";
ports = [ atticPort ];
config =
module =
{ config, ... }:
{
age.secrets.attic-creds = {

2
services/default.nix
View file

@ -1,5 +1,5 @@
{
imports = [
includes = [
./attic.nix
./forgejo-runner.nix
];

4
services/forgejo-runner.nix
View file

@ -1,10 +1,10 @@
{
services.forgejo-runner = {
config.services.forgejo-runner = {
hosts = [
"ude"
"youko"
];
config =
module =
{
config,
lib,

1
shell.nix Normal file
View file

@ -0,0 +1 @@
(import ./nilla.nix { }).shells.default.result.${builtins.currentSystem}

19
treefmt.nix Normal file
View file

@ -0,0 +1,19 @@
{
projectRootFile = "nilla.nix";
programs.deadnix.enable = true;
programs.nixfmt.enable = true;
programs.statix.enable = true;
programs.fish_indent.enable = true;
programs.deno.enable = true;
programs.stylua.enable = true;
programs.shfmt.enable = true;
settings.global.excludes = [
# agenix
"*.age"
# racket
"*.rkt"
"**/rashrc"
];
settings.on-unmatched = "fatal";
}

33
wrappers/default.nix
View file

@ -1,10 +1,14 @@
{ inputs, ... }:
{
perSystem =
{ pkgs, inputs', ... }:
{ lib, config }:
let
wrapped = inputs.wrapper-manager-hm-compat.lib {
inherit pkgs;
systems = [
"x86_64-linux"
"aarch64-linux"
"aarch64-darwin"
];
wrappedPerSystem = lib.attrs.generate systems (
system:
config.inputs.wrapper-manager-hm-compat.result.lib {
pkgs = config.inputs.nixpkgs.result.legacyPackages.${system};
modules = [
./starship
./helix
@ -13,13 +17,16 @@
./fish
./wezterm
];
specialArgs = {
inherit inputs inputs';
};
};
all-packages = wrapped.config.build.packages;
specialArgs.inputs = builtins.mapAttrs (_: input: input.result) config.inputs;
}
);
wrappedPerSystem' = builtins.mapAttrs (_: wrapped: wrapped.config.build.packages) wrappedPerSystem;
wrapperNames = builtins.attrNames wrappedPerSystem'."x86_64-linux";
in
{
packages = all-packages;
};
config.packages = lib.attrs.generate wrapperNames (wrapper: {
inherit systems;
builder = "custom-load";
package = { system }: wrappedPerSystem'.${system}.${wrapper};
});
}

4
wrappers/helix/default.nix
View file

@ -1,8 +1,8 @@
{ pkgs, inputs', ... }:
{ pkgs, inputs, ... }:
{
programs.helix = {
enable = true;
package = inputs'.helix.packages.default;
package = inputs.helix.packages.${pkgs.system}.default;
settings = {
theme = "base16_default_dark";
editor = {

4
wrappers/rash/default.nix
View file

@ -1,6 +1,6 @@
{
pkgs,
inputs',
inputs,
config,
...
}:
@ -13,7 +13,7 @@
rev = "8eb52c163d6ea7c3cec2cc6b1011ce00738942e1";
hash = "sha256-1yU0ZUBQqYEn85j4T2pLs02MTyJnO5BbYALIa88iomY=";
};
racket-with-libs = inputs'.racket.packages.racket.newLayer {
racket-with-libs = inputs.racket.packages.${pkgs.system}.racket.newLayer {
withRacketPackages =
ps: with ps; [
readline-gpl