feat(starling)!: init · 42willow.bsky.social/flake@ceb0c87

+1

.gitignore

··· 3 3 result 4 4 node_modules 5 5 **/.vitepress/cache 6 + .DS_Store

+1

hosts/starling/default.nix

··· 9 9 in { 10 10 imports = [ 11 11 "${self}/modules/darwin" 12 + "${self}/modules/shared" 12 13 ]; 13 14 14 15 networking = {

+1 -1

justfile

··· 2 2 just --list 3 3 4 4 starling: 5 - sudo nix run nix-darwin/nix-darwin-25.05#darwin-rebuild --extra-experimental-features "nix-command flakes" -- switch --flake ~/Documents/git/flake#starling 5 + sudo nix run nix-darwin/nix-darwin-25.05#darwin-rebuild --extra-experimental-features "nix-command flakes" -- switch --flake ~/Documents/git/flake#starling --impure 6 6 7 7 alias a-sd := anemone-deploy 8 8 [group('anemone')]

+3 -1

modules/darwin/default.nix

··· 1 1 { 2 - # imports = [ ./homebrew.nix ]; 2 + imports = [ ./homebrew.nix ]; 3 3 4 4 system = { 5 5 stateVersion = 6; 6 + 7 + primaryUser = builtins.getEnv "SUDO_USER"; # not declarative, needs to be built with impure 6 8 7 9 # defaults = { 8 10 # };

+5 -2

modules/darwin/homebrew.nix

··· 40 40 41 41 casks = [ 42 42 "alacritty" 43 + "angry-ip-scanner" 44 + "anki" 45 + "calibre" 43 46 "deskflow" 44 47 "font-atkinson-hyperlegible" 45 48 "font-maple-mono-nf" 46 49 "font-pacifico" 47 - "ganttproject" 48 50 "ghostty" 49 51 "iina" 52 + "inkscape" 50 53 "karabiner-elements" 51 54 "keepassxc" 52 55 "keka" 53 - "microsoft-auto-update" 54 56 "microsoft-excel" 57 + "microsoft-word" 55 58 "middleclick" 56 59 "monitorcontrol" 57 60 "obsidian"

+6 -2

modules/nixos/default.nix

··· 1 1 { 2 2 imports = [ 3 3 ./desktop 4 - ./network 5 - ./nix 6 4 ./options 7 5 ./programs 8 6 ./services 9 7 ./themes 8 + 9 + ./network.nix 10 + ./nix.nix 11 + ./vm.nix 12 + 13 + ../shared 10 14 ]; 11 15 }

modules/nixos/network/default.nix modules/nixos/network.nix

+10 -20

modules/nixos/nix/age.nix modules/shared/nix/age.nix

··· 4 4 config, 5 5 ... 6 6 }: let 7 - inherit (config.settings.system) mainUser; 8 7 inherit (inputs) self; 9 8 10 - sshDir = config.users.users.${mainUser}.home + "/.ssh"; 11 - userGroup = config.users.users.${mainUser}.group; 9 + mainUser = if config ? settings && config.settings ? system && config.settings.system ? mainUser 10 + then config.settings.system.mainUser 11 + else null; 12 + 13 + userGroup = if mainUser != null then config.users.users.${mainUser}.group else null; 14 + sshDir = if mainUser != null then config.users.users.${mainUser}.home + "/.ssh" else null; 12 15 13 16 # https://github.com/isabelroses/dotfiles/blob/0827bb1893b8072b65c66a6919f8abbe6df9a55a/modules/flake/lib/secrets.nix 14 17 mkSecret = { 15 18 file, 16 - owner ? "root", 17 - group ? "root", 18 19 mode ? "400", 19 20 ... 20 21 }: { 21 22 file = "${self}/secrets/${file}.age"; 22 - inherit owner group mode; 23 + owner = if mainUser != null then mainUser else "root"; 24 + group = if userGroup != null then userGroup else "root"; 25 + inherit mode; 23 26 }; 24 27 in { 25 28 imports = [ ··· 33 36 age = { 34 37 identityPaths = [ 35 38 "/etc/ssh/ssh_host_ed25519_key" 36 - "${sshDir}/id_ed25519" 37 - ]; 39 + ] ++ (if sshDir != null then ["${sshDir}/id_ed25519" ] else []); 38 40 39 41 secrets = { 40 42 gh = mkSecret { 41 43 file = "gh"; 42 - owner = mainUser; 43 - group = userGroup; 44 44 }; 45 45 gh-pub = mkSecret { 46 46 file = "gh-pub"; 47 - owner = mainUser; 48 - group = userGroup; 49 47 }; 50 48 lastfm = mkSecret { 51 49 file = "lastfm"; 52 - owner = mainUser; 53 - group = userGroup; 54 50 }; 55 51 restic = mkSecret { 56 52 file = "restic"; 57 - owner = mainUser; 58 - group = userGroup; 59 53 }; 60 54 samba = mkSecret { 61 55 file = "samba"; 62 - owner = mainUser; 63 - group = userGroup; 64 56 }; 65 57 wifi = mkSecret { 66 58 file = "wifi"; 67 - owner = mainUser; 68 - group = userGroup; 69 59 }; 70 60 }; 71 61 };

-25

modules/nixos/nix/default.nix modules/nixos/nix.nix

··· 3 3 lib, 4 4 ... 5 5 }: { 6 - imports = [ 7 - ./age.nix 8 - ./virtualisation.nix 9 - ]; 10 - 11 - nix.settings = { 12 - experimental-features = ["nix-command" "flakes"]; 13 - warn-dirty = false; 14 - keep-going = true; 15 - allowed-users = ["willow"]; 16 - trusted-users = ["root" "willow"]; 17 - 18 - # cachix 19 - extra-substituters = ["https://nix-community.cachix.org"]; 20 - extra-trusted-public-keys = ["nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="]; 21 - }; 22 - 23 - nixpkgs.config = { 24 - permittedInsecurePackages = [ 25 - "electron-27.3.11" 26 - "python3.12-django-3.1.14" 27 - ]; 28 - allowUnfree = true; 29 - }; 30 - 31 6 time.timeZone = "Australia/Sydney"; 32 7 33 8 i18n.defaultLocale = "en_AU.UTF-8";

-1

modules/nixos/nix/virtualisation.nix modules/nixos/vm.nix

··· 1 - # disabled in default.nix 2 1 {pkgs, ...}: { 3 2 virtualisation.podman = { 4 3 enable = true;

+5

modules/shared/default.nix

··· 1 + { 2 + imports = [ 3 + ./nix 4 + ]; 5 + }

+29

modules/shared/nix/default.nix

··· 1 + { 2 + pkgs, 3 + lib, 4 + ... 5 + }: { 6 + imports = [ 7 + ./age.nix 8 + ]; 9 + 10 + nix.settings = { 11 + experimental-features = ["nix-command" "flakes"]; 12 + warn-dirty = false; 13 + keep-going = true; 14 + allowed-users = ["willow"]; 15 + trusted-users = ["root" "willow"]; 16 + 17 + # cachix 18 + extra-substituters = ["https://nix-community.cachix.org"]; 19 + extra-trusted-public-keys = ["nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="]; 20 + }; 21 + 22 + nixpkgs.config = { 23 + permittedInsecurePackages = [ 24 + "electron-27.3.11" 25 + "python3.12-django-3.1.14" 26 + ]; 27 + allowUnfree = true; 28 + }; 29 + }

Configure Feed

Configure Feed