passing all tests for all systems · hyl.st/helm@4f2bb94

+101 -54

flake.nix

··· 16 16 agenix.inputs.nixpkgs.follows = "nixpkgs"; 17 17 deploy-rs.url = "github:serokell/deploy-rs"; 18 18 deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; 19 + 19 20 # Packages 20 21 poonam.url = "git+ssh://gitea@git.sealight.xyz/aynish/kitaab?ref=main"; 21 22 basant.url = "git+ssh://gitea@git.sealight.xyz/aynish/basant?ref=main"; 22 23 basant.inputs.nixpkgs.follows = "nixpkgs"; 23 24 basant.inputs.poonam.follows = "poonam"; 25 + grasp.url = "git+ssh://gitea@git.sealight.xyz/aynish/grasp.git?ref=main"; 26 + grasp.inputs.nixpkgs.follows = "nixpkgs"; 27 + # Others 28 + nur.url = "github:nix-community/NUR"; 24 29 rust-overlay = { 25 30 url = "github:oxalica/rust-overlay"; 26 31 inputs.nixpkgs.follows = "nixpkgs"; ··· 30 35 inputs.nixpkgs.follows = "nixpkgs"; 31 36 inputs.rust-overlay.follows = "rust-overlay"; 32 37 }; 33 - nur.url = "github:nix-community/NUR"; 34 - grasp.url = "git+ssh://gitea@git.sealight.xyz/aynish/grasp.git?ref=main"; 35 - grasp.inputs.nixpkgs.follows = "nixpkgs"; 36 38 tidalcycles.url = "github:mitchmindtree/tidalcycles.nix"; 37 39 tidalcycles.inputs.nixpkgs.follows = "unstable"; 38 40 # TODO hundred rabbits software 39 - # TODO not quite useful yet, since it needs secrets 41 + # TODO needs secrets 40 42 # dhyan.url = "git+ssh://gitea@git.sealight.xyz/aynish/dhyan?ref=main"; 41 43 # dhyan.inputs.nixpkgs.follows = "nixpkgs"; 42 44 # TODO needs secrets ··· 131 133 } 132 134 ]; 133 135 }; 134 - # helix = pkgs.lib.nixosSystem { 135 - # specialArgs = { inherit inputs outputs; }; 136 - # modules = [ 137 - # ./hosts/helix 138 - # home-manager.nixosModules.home-manager 139 - # { 140 - # home-manager.useGlobalPkgs = true; 141 - # home-manager.useUserPackages = true; 142 - # home-manager.users.anish = import ./home/core; 143 - # } 144 - # ]; 145 - # }; 146 - # lituus = pkgs.lib.nixosSystem { 147 - # specialArgs = { inherit inputs outputs; }; 148 - # modules = [ 149 - # ./hosts/lituus 150 - # home-manager.nixosModules.home-manager 151 - # { 152 - # home-manager.useGlobalPkgs = true; 153 - # home-manager.useUserPackages = true; 154 - # home-manager.users.anish = import ./home/core; 155 - # } 156 - # ]; 157 - # }; 158 - # cube = pkgs.lib.nixosSystem { 159 - # specialArgs = { inherit inputs outputs; }; 160 - # modules = [ 161 - # ./hosts/cube 162 - # home-manager.nixosModules.home-manager 163 - # { 164 - # home-manager.useGlobalPkgs = true; 165 - # home-manager.useUserPackages = true; 166 - # home-manager.users.anish = import ./home/core; 167 - # } 168 - # ]; 169 - # }; 170 - # box = pkgs.lib.nixosSystem { 171 - # specialArgs = { inherit inputs outputs; }; 172 - # modules = [ 173 - # ./hosts/box 174 - # home-manager.nixosModules.home-manager 175 - # { 176 - # home-manager.useGlobalPkgs = true; 177 - # home-manager.useUserPackages = true; 178 - # home-manager.users.anish = import ./home/core; 179 - # } 180 - # ]; 181 - # }; 136 + helix = nixpkgs.lib.nixosSystem rec { 137 + specialArgs = { inherit inputs self; }; 138 + system = "x86_64-linux"; 139 + pkgs = nixpkgsFor.${system}; 140 + modules = [ 141 + ./hosts/helix 142 + agenix.nixosModules.age 143 + self.nixosModules.backup 144 + self.nixosModules.hesienbridge 145 + home-manager.nixosModules.home-manager 146 + { 147 + home-manager.useGlobalPkgs = true; 148 + home-manager.useUserPackages = true; 149 + home-manager.users.anish = import ./home/core; 150 + } 151 + ]; 152 + }; 153 + lituus = nixpkgs.lib.nixosSystem rec { 154 + specialArgs = { inherit inputs self; }; 155 + system = "x86_64-linux"; 156 + pkgs = nixpkgsFor.${system}; 157 + modules = [ 158 + ./hosts/lituus 159 + agenix.nixosModules.age 160 + self.nixosModules.backup 161 + self.nixosModules.wireguard 162 + home-manager.nixosModules.home-manager 163 + { 164 + home-manager.useGlobalPkgs = true; 165 + home-manager.useUserPackages = true; 166 + home-manager.users.anish = import ./home/core; 167 + } 168 + ]; 169 + }; 170 + cube = nixpkgs.lib.nixosSystem rec { 171 + specialArgs = { inherit inputs self; }; 172 + system = "x86_64-linux"; 173 + pkgs = nixpkgsFor.${system}; 174 + modules = [ 175 + ./hosts/cube 176 + agenix.nixosModules.age 177 + self.nixosModules.backup 178 + self.nixosModules.wireguard 179 + basant.nixosModule 180 + home-manager.nixosModules.home-manager 181 + { 182 + home-manager.useGlobalPkgs = true; 183 + home-manager.useUserPackages = true; 184 + home-manager.users.anish = import ./home/core; 185 + } 186 + ]; 187 + }; 188 + box = nixpkgs.lib.nixosSystem rec { 189 + specialArgs = { inherit inputs self; }; 190 + system = "x86_64-linux"; 191 + pkgs = nixpkgsFor.${system}; 192 + modules = [ 193 + ./hosts/box 194 + agenix.nixosModules.age 195 + self.nixosModules.backup 196 + self.nixosModules.wireguard 197 + self.nixosModules.wallabag 198 + self.nixosModules.gonic 199 + grasp.nixosModule 200 + home-manager.nixosModules.home-manager 201 + { 202 + home-manager.useGlobalPkgs = true; 203 + home-manager.useUserPackages = true; 204 + home-manager.users.anish = import ./home/core; 205 + } 206 + ]; 207 + }; 182 208 }; 183 209 184 210 # Standalone home-manager configuration entrypoint ··· 189 215 extraSpecialArgs = { inherit inputs; }; 190 216 modules = [ 191 217 ./home/core.nix 218 + ./home/profiles/firefox 192 219 ]; 193 220 }; 194 221 }; 195 222 196 223 deploy.nodes = { 197 224 curve.profiles.system = { 198 - user = "root"; 225 + user = "anish"; 199 226 path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.curve; 200 227 }; 228 + box.profiles.system = { 229 + user = "anish"; 230 + hostname = "mossnet.lan"; 231 + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.box; 232 + }; 233 + helix.profiles.system = { 234 + user = "anish"; 235 + hostname = "sealight.xyz"; 236 + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.helix; 237 + }; 238 + lituus.profiles.system = { 239 + user = "anish"; 240 + hostname = "git.sealight.xyz"; 241 + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.lituus; 242 + }; 243 + cube.profiles.system = { 244 + user = "anish"; 245 + hostname = "anish.lakhwara.com"; 246 + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.cube; 247 + }; 201 248 }; 202 249 203 - # checks = builtins.mapAttrs (system: deploy-rsLib: deployLib.deployChecks self.deploy) deploy.lib; 250 + checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; 204 251 }; 205 252 }

+1

home/core/default.nix

··· 7 7 ../profiles/git 8 8 ../profiles/task 9 9 ]; 10 + home.stateVersion = "22.05"; 10 11 }

-1

hosts/box/default.nix

··· 2 2 { 3 3 imports = [ 4 4 ./configuration.nix 5 - ../users/anish 6 5 ../profiles/core 7 6 ../profiles/server 8 7 ../profiles/taskd

+1

hosts/box/hardware-configuration.nix

··· 49 49 50 50 powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; 51 51 hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 52 + nixpkgs.hostPlatform = "x86_64-linux"; 52 53 }

+7 -3

hosts/cube/hardware-configuration.nix

··· 5 5 6 6 { 7 7 imports = 8 - [ (modulesPath + "/profiles/qemu-guest.nix") 8 + [ 9 + (modulesPath + "/profiles/qemu-guest.nix") 9 10 ]; 10 11 11 12 boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; ··· 14 15 boot.extraModulePackages = [ ]; 15 16 16 17 fileSystems."/" = 17 - { device = "/dev/disk/by-uuid/9233d8be-539f-43c8-9b83-84b5b4d72a93"; 18 + { 19 + device = "/dev/disk/by-uuid/9233d8be-539f-43c8-9b83-84b5b4d72a93"; 18 20 fsType = "ext4"; 19 21 }; 20 22 21 23 fileSystems."/boot" = 22 - { device = "/dev/disk/by-uuid/E00D-9070"; 24 + { 25 + device = "/dev/disk/by-uuid/E00D-9070"; 23 26 fsType = "vfat"; 24 27 }; 25 28 26 29 swapDevices = [ ]; 27 30 28 31 hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 32 + nixpkgs.hostPlatform = "x86_64-linux"; 29 33 }

+1 -1

hosts/curve/default.nix

··· 1 - { self, inputs, pkgs, ... }: 1 + { self, pkgs, ... }: 2 2 { 3 3 imports = [ 4 4 ./configuration.nix

+1

hosts/curve/hardware-configuration.nix

··· 47 47 48 48 powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; 49 49 hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 50 + nixpkgs.hostPlatform = "x86_64-linux"; 50 51 }

+1 -12

hosts/helix/default.nix

··· 10 10 ../profiles/wireguard-server 11 11 ]; 12 12 13 - # Capsul specific 14 - users.users.cyberian = { 15 - isNormalUser = true; 16 - extraGroups = [ "wheel" ]; 17 - }; 18 - 19 - mossnet.wg = { 20 - enable = true; 21 - ips = [ "10.0.69.5/24" ]; 22 - privateKeyFile = "/home/anish/wg/wg-priv"; 23 - }; 24 - 25 13 # mossnet.backup = { 26 14 # enable = false; 27 15 # name = "sealight"; ··· 34 22 # databases = [ "matrix-synapse" "gitea" ]; 35 23 # location = "/var/backup/postgresql"; 36 24 # }; 25 + 37 26 }

+1

hosts/helix/hardware-configuration.nix

··· 23 23 swapDevices = [ ]; 24 24 25 25 hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 26 + nixpkgs.hostPlatform = "x86_64-linux"; 26 27 }

+12 -1

hosts/lituus/default.nix

··· 2 2 { 3 3 imports = [ 4 4 ./configuration.nix 5 - ../users/anish 6 5 ../profiles/core 7 6 ../profiles/server 8 7 ../profiles/metrics ··· 11 10 ../profiles/mount-mossnet 12 11 ../profiles/freshrss 13 12 ]; 13 + 14 + # Capsul specific 15 + users.users.cyberian = { 16 + isNormalUser = true; 17 + extraGroups = [ "wheel" ]; 18 + }; 19 + 20 + mossnet.wg = { 21 + enable = true; 22 + ips = [ "10.0.69.5/24" ]; 23 + privateKeyFile = "/home/anish/wg/wg-priv"; 24 + }; 14 25 15 26 }

+1

hosts/lituus/hardware-configuration.nix

··· 23 23 swapDevices = [ ]; 24 24 25 25 nix.maxJobs = lib.mkDefault 1; 26 + nixpkgs.hostPlatform = "x86_64-linux"; 26 27 }

+1 -1

hosts/profiles/core/default.nix

··· 2 2 let inherit (lib) fileContents; 3 3 in 4 4 { 5 - imports = [ ../cachix ]; 5 + imports = [ ../../users/anish ]; 6 6 7 7 8 8 fonts = {

+2 -1

hosts/profiles/freshrss/default.nix

··· 1 - { config, lib, pkgs, ... }: 1 + { self, config, lib, pkgs, ... }: 2 2 3 3 { 4 4 age.secrets.freshrss-dbpass.file = "${self}/secrets/freshrss-dbpass.age"; ··· 7 7 enable = true; 8 8 virtualHost = "rss.sealight.xyz"; 9 9 baseUrl = "https://rss.sealight.xyz/"; 10 + passwordFile = "/run/agenix/freshrss-dbpass"; 10 11 database = { 11 12 type = "pgsql"; 12 13 passFile = "/run/agenix/freshrss-dbpass";

+6 -4

hosts/profiles/monitoring/default.nix

··· 2 2 # grafana configuration 3 3 services.grafana = { 4 4 enable = true; 5 - domain = "stats.mossnet.lan"; 6 - port = 2342; 7 - addr = "127.0.0.1"; 5 + settings.server = { 6 + domain = "stats.mossnet.lan"; 7 + http_port = 2342; 8 + http_addr = "127.0.0.1"; 9 + }; 8 10 }; 9 11 10 12 # nginx reverse proxy ··· 26 28 port = 9002; 27 29 }; 28 30 dnsmasq = { 29 - enable = true; 31 + enable = false; 30 32 port = 9153; 31 33 }; 32 34 };

+1

hosts/profiles/sync/kitaab/default.nix

··· 5 5 serviceConfig.Type = "oneshot"; 6 6 path = [ 7 7 pkgs.git 8 + pkgs.openssh 8 9 pkgs.coreutils 9 10 ]; 10 11 script = ''

+2 -2

hosts/profiles/sync/website/default.nix

··· 1 - { pkgs, inputs, ... }: 1 + { pkgs, ... }: 2 2 3 3 { 4 4 systemd.services.website-deploy = { ··· 8 8 pkgs.coreutils 9 9 pkgs.nixUnstable 10 10 pkgs.openssh 11 - inputs.deploy.packages.${pkgs.system}.deploy-rs 11 + pkgs.deploy 12 12 ]; 13 13 script = '' 14 14 cd /etc/nixos/ # TODO make variable

+1 -15

hosts/users/anish/default.nix

··· 1 - { hmUsers, pkgs, ... }: 1 + { pkgs, ... }: 2 2 3 3 { 4 - #home-manager.users = { inherit (hmUsers) anish; }; 5 - 6 4 users.users.anish = { 7 5 description = "Personal user for Anish"; 8 6 hashedPassword = "$y$j9T$y3DPt/dWaPE.gRazQqw1w0$1RMH5sl/Nu8kW3ZMywYCPRniHD/jF5qRh0VKrdJ.bV2"; ··· 16 14 "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDtU2GMYjXj6RGO1+mwM4TDGOo0qrKLTL4Di8+QgDX0p5vUEsnE1PS9wnuqCmSu75U8g0XIAMtvtdYyGk1N+Bx01erAZpT8DLYtIXFCyaiN28PVu5T1D0T+TQ7xgIH1qenXZR2DOQdf6kpvKEfm7+7bWhCo0N/KFMpmReubyzHDQcq/1qQasxTL+YALQFOjwKqsOTBXbHwZ103AEAcQX4ftBFEOfVli4/1aKIK4dNSZYB7J9Htq707YnsEqo9RLAMh0aOTTYgTx9AoSUDeqGuh/AGkcB7NcS7EEtI6d5YUGylwZh/gF6hqE0jl8kn2m5jMKXL3CRohZvjifue8x/GIjpu5WRabUuhBEbrfTQQaC7taHnt5rvYCGzKZx09TexUzhuz2CL480DRoxSG+P+lCNm1dIg/EZrnGEzXCSr36PlOqS5t5gm8tPkzCmZf2wU15A3ZIYUPmnYLqsn4WmIV7rKmdqt2ctWELUXow3PPiZXBucP9P3xpsYEfF1SB2SGNc= u0_a139@localhost" 17 15 ]; 18 16 }; 19 - 20 - home-manager.users.anish.home.stateVersion = "22.05"; 21 - 22 - # home-manager.users.anish.programs.git = { 23 - # userName = "Anish Lakhwara"; 24 - # userEmail = "anish+git@lakhwara.com"; 25 - # delta.enable = true; 26 - # }; 27 - 28 - #home-manager.users.anish = { suites, ... }: { 29 - # imports = suites.gui; 30 - #}; 31 17 }

+2 -2

modules/nixos/wallabag.nix

··· 89 89 services.phpfpm.pools."${poolName}" = { 90 90 user = "${cfg.user}"; 91 91 group = "nginx"; 92 - phpPackage = pkgs.php74; 92 + phpPackage = pkgs.php; 93 93 settings = { 94 94 "listen.owner" = "nginx"; 95 95 "listen.group" = "nginx"; ··· 155 155 wantedBy = [ "multi-user.target" ]; 156 156 before = [ "phpfpm-wallabag.service" ]; 157 157 after = [ "mysql.service" "postgresql.service" ]; 158 - path = with pkgs; [ coreutils php74 php74Packages.composer ]; 158 + path = with pkgs; [ coreutils php phpPackages.composer ]; 159 159 160 160 serviceConfig = { 161 161 User = cfg.user;

Configure Feed

Configure Feed