Remove configs for home server. · yemou.pink/dotfiles@a9f26e1

-6

.sops.yaml

··· 1 1 keys: 2 2 - &lutea age1p55em5e3uk3fprj2mpum7ulrslcqgly63pjsyw2yv6hx99trdsnsvvv9ex 3 - - &lily age1amaa55e7nusv904a9ucfvtnjlw4srtet42suehey6u3yc4t2xc5sdldepj 4 3 creation_rules: 5 4 - path_regex: secrets/common.yaml$ 6 5 key_groups: 7 6 - age: 8 7 - *lutea 9 - - *lily 10 8 - path_regex: secrets/lutea.yaml$ 11 9 key_groups: 12 10 - age: 13 11 - *lutea 14 - - path_regex: secrets/lily.yaml$ 15 - key_groups: 16 - - age: 17 - - *lily

+26 -105

flake.lock

··· 1 1 { 2 2 "nodes": { 3 - "esquid": { 4 - "inputs": { 5 - "nixpkgs": [ 6 - "nixpkgs" 7 - ] 8 - }, 9 - "locked": { 10 - "lastModified": 1682903408, 11 - "narHash": "sha256-W+CTNeqTFwTgEfFZbIFH56zPlveLmoDhSrIUW0kpKTM=", 12 - "owner": "Things-N-Stuff", 13 - "repo": "eSquid", 14 - "rev": "4499666171c68dae7541a5ba8c1c79235052d1b5", 15 - "type": "github" 16 - }, 17 - "original": { 18 - "owner": "Things-N-Stuff", 19 - "repo": "eSquid", 20 - "type": "github" 21 - } 22 - }, 23 - "flake-compat": { 24 - "flake": false, 25 - "locked": { 26 - "lastModified": 1673956053, 27 - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", 28 - "owner": "edolstra", 29 - "repo": "flake-compat", 30 - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", 31 - "type": "github" 32 - }, 33 - "original": { 34 - "owner": "edolstra", 35 - "repo": "flake-compat", 36 - "type": "github" 37 - } 38 - }, 39 - "flake-utils": { 40 - "inputs": { 41 - "systems": "systems" 42 - }, 43 - "locked": { 44 - "lastModified": 1681202837, 45 - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", 46 - "owner": "numtide", 47 - "repo": "flake-utils", 48 - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", 49 - "type": "github" 50 - }, 51 - "original": { 52 - "owner": "numtide", 53 - "repo": "flake-utils", 54 - "type": "github" 55 - } 56 - }, 57 3 "home-manager": { 58 4 "inputs": { 59 5 "nixpkgs": [ ··· 61 7 ] 62 8 }, 63 9 "locked": { 64 - "lastModified": 1708031129, 65 - "narHash": "sha256-EH20hJfNnc1/ODdDVat9B7aKm0B95L3YtkIRwKLvQG8=", 10 + "lastModified": 1714515075, 11 + "narHash": "sha256-azMK7aWH0eUc3IqU4Fg5rwZdB9WZBvimOGG3piqvtsY=", 66 12 "owner": "nix-community", 67 13 "repo": "home-manager", 68 - "rev": "3d6791b3897b526c82920a2ab5f61d71985b3cf8", 14 + "rev": "6d3b6dc9222c12b951169becdf4b0592ee9576ef", 69 15 "type": "github" 70 16 }, 71 17 "original": { ··· 74 20 "type": "github" 75 21 } 76 22 }, 77 - "nix-minecraft": { 78 - "inputs": { 79 - "flake-compat": "flake-compat", 80 - "flake-utils": "flake-utils", 81 - "nixpkgs": [ 82 - "nixpkgs" 83 - ] 84 - }, 23 + "nixpkgs": { 85 24 "locked": { 86 - "lastModified": 1708132460, 87 - "narHash": "sha256-qINWCY4dq6Hzvxd3QY5OTKhE4FPsNSoas5thNwpttk4=", 88 - "owner": "Infinidoge", 89 - "repo": "nix-minecraft", 90 - "rev": "e8109d2e605a376109d5329c428c8d2d933470f1", 25 + "lastModified": 1714253743, 26 + "narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=", 27 + "owner": "NixOS", 28 + "repo": "nixpkgs", 29 + "rev": "58a1abdbae3217ca6b702f03d3b35125d88a2994", 91 30 "type": "github" 92 31 }, 93 32 "original": { 94 - "owner": "Infinidoge", 95 - "repo": "nix-minecraft", 33 + "owner": "NixOS", 34 + "ref": "nixos-unstable", 35 + "repo": "nixpkgs", 96 36 "type": "github" 97 37 } 98 38 }, 99 - "nixpkgs": { 39 + "nixpkgs-stable": { 100 40 "locked": { 101 - "lastModified": 1708118438, 102 - "narHash": "sha256-kk9/0nuVgA220FcqH/D2xaN6uGyHp/zoxPNUmPCMmEE=", 41 + "lastModified": 1713638189, 42 + "narHash": "sha256-q7APLfB6FmmSMI1Su5ihW9IwntBsk2hWNXh8XtSdSIk=", 103 43 "owner": "NixOS", 104 44 "repo": "nixpkgs", 105 - "rev": "5863c27340ba4de8f83e7e3c023b9599c3cb3c80", 45 + "rev": "74574c38577914733b4f7a775dd77d24245081dd", 106 46 "type": "github" 107 47 }, 108 48 "original": { 109 49 "owner": "NixOS", 110 - "ref": "nixos-unstable", 50 + "ref": "release-23.11", 111 51 "repo": "nixpkgs", 112 52 "type": "github" 113 53 } 114 54 }, 115 - "nixpkgs-stable": { 55 + "nixpkgs_2": { 116 56 "locked": { 117 - "lastModified": 1707603439, 118 - "narHash": "sha256-LodBVZ3+ehJP2azM5oj+JrhfNAAzmTJ/OwAIOn0RfZ0=", 57 + "lastModified": 1713596654, 58 + "narHash": "sha256-LJbHQQ5aX1LVth2ST+Kkse/DRzgxlVhTL1rxthvyhZc=", 119 59 "owner": "NixOS", 120 60 "repo": "nixpkgs", 121 - "rev": "d8cd80616c8800feec0cab64331d7c3d5a1a6d98", 61 + "rev": "fd16bb6d3bcca96039b11aa52038fafeb6e4f4be", 122 62 "type": "github" 123 63 }, 124 64 "original": { 125 65 "owner": "NixOS", 126 - "ref": "release-23.11", 66 + "ref": "nixpkgs-unstable", 127 67 "repo": "nixpkgs", 128 68 "type": "github" 129 69 } 130 70 }, 131 71 "root": { 132 72 "inputs": { 133 - "esquid": "esquid", 134 73 "home-manager": "home-manager", 135 - "nix-minecraft": "nix-minecraft", 136 74 "nixpkgs": "nixpkgs", 137 75 "sops-nix": "sops-nix", 138 76 "yemou-scripts": "yemou-scripts" ··· 140 78 }, 141 79 "sops-nix": { 142 80 "inputs": { 143 - "nixpkgs": [ 144 - "nixpkgs" 145 - ], 81 + "nixpkgs": "nixpkgs_2", 146 82 "nixpkgs-stable": "nixpkgs-stable" 147 83 }, 148 84 "locked": { 149 - "lastModified": 1707842202, 150 - "narHash": "sha256-3dTBbCzHJBinwhsisGJHW1HLBsLbj91+a5ZDXt7ttW0=", 85 + "lastModified": 1713892811, 86 + "narHash": "sha256-uIGmA2xq41vVFETCF1WW4fFWFT2tqBln+aXnWrvjGRE=", 151 87 "owner": "Mic92", 152 88 "repo": "sops-nix", 153 - "rev": "48afd3264ec52bee85231a7122612e2c5202fa74", 89 + "rev": "f1b0adc27265274e3b0c9b872a8f476a098679bd", 154 90 "type": "github" 155 91 }, 156 92 "original": { 157 93 "owner": "Mic92", 158 94 "repo": "sops-nix", 159 - "type": "github" 160 - } 161 - }, 162 - "systems": { 163 - "locked": { 164 - "lastModified": 1681028828, 165 - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 166 - "owner": "nix-systems", 167 - "repo": "default", 168 - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 169 - "type": "github" 170 - }, 171 - "original": { 172 - "owner": "nix-systems", 173 - "repo": "default", 174 95 "type": "github" 175 96 } 176 97 },

+1 -28

flake.nix

··· 5 5 url = "github:nix-community/home-manager"; 6 6 inputs.nixpkgs.follows = "nixpkgs"; 7 7 }; 8 - sops-nix = { 9 - url = "github:Mic92/sops-nix"; 10 - inputs.nixpkgs.follows = "nixpkgs"; 11 - }; 8 + sops-nix.url = "github:Mic92/sops-nix"; 12 9 yemou-scripts = { 13 10 url = "gitlab:yemou/scripts"; 14 11 # url = "path:/home/mou/misc/repos/scripts"; 15 12 inputs.nixpkgs.follows = "nixpkgs"; 16 13 }; 17 - esquid = { 18 - url = "github:Things-N-Stuff/eSquid"; 19 - # url = "path:/home/mou/misc/repos/eSquid"; 20 - inputs.nixpkgs.follows = "nixpkgs"; 21 - }; 22 - nix-minecraft = { 23 - url = "github:Infinidoge/nix-minecraft"; 24 - inputs.nixpkgs.follows = "nixpkgs"; 25 - }; 26 14 }; 27 15 28 16 outputs = { self, nixpkgs, sops-nix, home-manager, ... }@attrs: { 29 17 nixosConfigurations = { 30 - # lily = nixpkgs.lib.nixosSystem { 31 - # system = "x86_64-linux"; 32 - # specialArgs = attrs; 33 - # modules = [ 34 - # ./lily/config.nix 35 - # home-manager.nixosModules.home-manager 36 - # { 37 - # home-manager.extraSpecialArgs = attrs; 38 - # home-manager.useGlobalPkgs = true; 39 - # home-manager.useUserPackages = true; 40 - # home-manager.users.mou = import ./lily/home.nix; 41 - # } 42 - # ]; 43 - # }; 44 - 45 18 lutea = nixpkgs.lib.nixosSystem { 46 19 system = "x86_64-linux"; 47 20 specialArgs = attrs;

-85

lily/config.nix

··· 1 - { config, pkgs, ... }: 2 - { 3 - imports = [ 4 - ./hardware.nix 5 - ./packages.nix 6 - # There are secrets here I haven't put into sops yet 7 - # ./services/esquid.nix 8 - # ./services/starbound.nix 9 - ./services/openssh.nix 10 - ]; 11 - 12 - sops = { 13 - defaultSopsFile = ../secrets/lily.yaml; 14 - defaultSopsFormat = "yaml"; 15 - age.keyFile = "/home/mou/.config/sops/age/keys.txt"; 16 - secrets = { 17 - "passwordHashes/root".neededForUsers = true; 18 - "passwordHashes/mou".neededForUsers = true; 19 - }; 20 - }; 21 - 22 - networking.hostName = "lily"; 23 - time.timeZone = "America/New_York"; 24 - 25 - services = { 26 - acpid.enable = true; 27 - fail2ban.enable = true; 28 - fwupd.enable = true; 29 - smartd.enable = true; 30 - thermald.enable = true; 31 - }; 32 - 33 - environment = { 34 - sessionVariables = { 35 - XDG_CACHE_HOME = "$HOME/.cache"; 36 - XDG_CONFIG_HOME = "$HOME/.config"; 37 - XDG_DATA_HOME = "$HOME/.local/share"; 38 - XDG_STATE_HOME = "$HOME/.local/state"; 39 - }; 40 - loginShellInit = '' 41 - if [ -e /etc/profiles/per-user/$USER/etc/profile.d/hm-session-vars.sh ] 42 - then 43 - . /etc/profiles/per-user/$USER/etc/profile.d/hm-session-vars.sh 44 - fi 45 - ''; 46 - }; 47 - 48 - users = { 49 - groups.mou = { 50 - gid = 1000; 51 - }; 52 - users = { 53 - root.hashedPasswordFile = config.sops.secrets."passwordHashes/root".path; 54 - mou = { 55 - isNormalUser = true; 56 - group = "mou"; 57 - extraGroups = [ "users" "wheel" ]; 58 - shell = pkgs.loksh; 59 - hashedPasswordFile = config.sops.secrets."passwordHashes/mou".path; 60 - }; 61 - }; 62 - }; 63 - 64 - nix = { 65 - optimise.automatic = true; 66 - gc.automatic = true; 67 - settings = { 68 - use-xdg-base-directories = true; 69 - auto-optimise-store = true; 70 - experimental-features = [ "nix-command" "flakes" ]; 71 - }; 72 - }; 73 - 74 - # This option defines the first version of NixOS you have installed on this particular machine, 75 - # and is used to maintain compatibility with application data (e.g. databases) created on older 76 - # NixOS versions. Most users should NEVER change this value after the initial install, for any 77 - # reason, even if you've upgraded your system to a new NixOS release. This value does NOT affect 78 - # the Nixpkgs version your packages and OS are pulled from, so changing it will NOT upgrade your 79 - # system. This value being lower than the current NixOS release does NOT mean your system is out 80 - # of date, out of support, or vulnerable. Do NOT change this value unless you have manually 81 - # inspected all the changes it would make to your configuration, and migrated your data 82 - # accordingly. For more information, see `man configuration.nix` or 83 - # https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . 84 - system.stateVersion = "24.05"; # Did you read the comment? 85 - }

-49

lily/hardware.nix

··· 1 - { lib, modulesPath, ... }: 2 - 3 - { 4 - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; 5 - 6 - boot = { 7 - initrd = { 8 - availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; 9 - kernelModules = [ ]; 10 - }; 11 - kernelModules = [ "kvm-intel" ]; 12 - loader = { 13 - efi.canTouchEfiVariables = true; 14 - systemd-boot = { 15 - consoleMode = "auto"; 16 - editor = false; 17 - enable = true; 18 - }; 19 - timeout = 0; 20 - }; 21 - tmp.useTmpfs = true; 22 - }; 23 - 24 - fileSystems = { 25 - "/" = { 26 - device = "UUID=e0b979fb-2c29-4e0b-910f-c89e4959c9a0"; 27 - fsType = "bcachefs"; 28 - }; 29 - "/boot" = { 30 - device = "/dev/disk/by-uuid/862D-85DB"; 31 - fsType = "vfat"; 32 - options = [ "fmask=0077" "dmask=0077" "defaults" ]; 33 - }; 34 - }; 35 - 36 - hardware = { 37 - enableRedistributableFirmware = true; 38 - bluetooth = { 39 - enable = true; 40 - powerOnBoot = true; 41 - }; 42 - cpu.intel.updateMicrocode = true; 43 - uinput.enable = true; 44 - }; 45 - 46 - swapDevices = [ ]; 47 - networking.useDHCP = lib.mkDefault true; 48 - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 49 - }

-52

lily/home.nix

··· 1 - { config, ... }: 2 - { 3 - home.username = "mou"; 4 - home.homeDirectory = "/home/${config.home.username}"; 5 - 6 - xdg = { 7 - enable = true; 8 - cacheHome = "${config.home.homeDirectory}/.cache"; 9 - configHome = "${config.home.homeDirectory}/.config"; 10 - dataHome = "${config.home.homeDirectory}/.local/share"; 11 - stateHome = "${config.home.homeDirectory}/.local/state"; 12 - 13 - configFile = { 14 - "kak" = { 15 - source = config.lib.file.mkOutOfStoreSymlink 16 - "${config.home.homeDirectory}/misc/repos/setup/data/configs/kak"; 17 - recursive = true; 18 - }; 19 - "kak-lsp" = { 20 - source = config.lib.file.mkOutOfStoreSymlink 21 - "${config.home.homeDirectory}/misc/repos/setup/data/configs/kak-lsp"; 22 - }; 23 - "loksh" = { 24 - source = config.lib.file.mkOutOfStoreSymlink 25 - "${config.home.homeDirectory}/misc/repos/setup/data/configs/loksh"; 26 - }; 27 - "thm" = { 28 - source = config.lib.file.mkOutOfStoreSymlink 29 - "${config.home.homeDirectory}/misc/repos/setup/data/configs/thm"; 30 - }; 31 - }; 32 - }; 33 - 34 - # This doesn't prepend the path, it appends it 35 - # home.sessionPath = [ "${config.home.homeDirectory}/misc/exes" ]; 36 - home.sessionVariables = { 37 - ENV = "${config.xdg.configHome}/loksh/rc"; 38 - HISTCONTROL = "ignoredups:ignorespace"; 39 - HISTFILE = "${config.xdg.cacheHome}/loksh_history"; 40 - PATH = "${config.home.homeDirectory}/misc/exes:$PATH"; 41 - }; 42 - 43 - programs = { 44 - git = { 45 - enable = true; 46 - userEmail = "yemou@butwho.xyz"; 47 - userName = "yemou"; 48 - }; 49 - }; 50 - 51 - home.stateVersion = "24.05"; 52 - }

-23

lily/packages.nix

··· 1 - { pkgs, yemou-scripts, ... }: 2 - { 3 - # nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ ]; 4 - # nixpkgs.config.permittedInsecurePackages = [ ]; 5 - 6 - nixpkgs.overlays = [ yemou-scripts.overlays.default ]; 7 - 8 - environment.systemPackages = with pkgs; [ 9 - git 10 - htop 11 - man-pages 12 - man-pages-posix 13 - ]; 14 - 15 - users.users.mou.packages = with pkgs; [ 16 - abduco 17 - kak-lsp 18 - magic-wormhole 19 - nil 20 - nixpkgs-fmt 21 - yemou-scripts.packages."x86_64-linux".thm 22 - ]; 23 - }

-14

lily/services/openssh.nix

··· 1 - { ... }: 2 - { 3 - services.openssh = { 4 - enable = true; 5 - ports = [ 36823 ]; 6 - settings = { 7 - PasswordAuthentication = false; 8 - PermitRootLogin = "no"; 9 - }; 10 - }; 11 - 12 - users.users.mou.openssh.authorizedKeys.keys = 13 - [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKnyBRVRLKrlsAlMFXimvcF/mBjmSfixdzUX4yCZsYvE" ]; 14 - }

-23

secrets/lily.yaml

··· 1 - passwordHashes: 2 - root: ENC[AES256_GCM,data:srzTrkyYp2SbKFg75jk5XLwEp4g8WdugA+eub/sWA1mJ+tObP2KY84zOZ+sxqHKK03GvEgG9//5aJ8IwxolVgSa2m/yfZIHMUA==,iv:et3gyW5P86DdGCYFciwz/nBcuoKPKc1+pUBRRwuMZRQ=,tag:Gx71MlC6gw8y69G9QSxUsw==,type:str] 3 - mou: ENC[AES256_GCM,data:nCr/pLkF1/G9RluVJM3uADQzndQ9zkHkKXgX7Wrmtt4NkUMmrm7fuETka3AoQMgiU3PKK4R3SArFMdCs5R037RgY81BLOQkgyA==,iv:DLeJzinK6A8PzD3Wrmk+1yV+szOxWlHh9DBHIEKR+aA=,tag:ouhe5vY3rOCTPYPj2plWaQ==,type:str] 4 - sops: 5 - kms: [] 6 - gcp_kms: [] 7 - azure_kv: [] 8 - hc_vault: [] 9 - age: 10 - - recipient: age1amaa55e7nusv904a9ucfvtnjlw4srtet42suehey6u3yc4t2xc5sdldepj 11 - enc: | 12 - -----BEGIN AGE ENCRYPTED FILE----- 13 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRbzRJOVBKQlI3Z2lmaVBR 14 - UnhWOU5LOCtXMSthOU10OGVJek02eWFaSmhJClpidnpjWkFTWXU4Qk9ZV0s2cVds 15 - NTBGRmxRK0ZlZlgwaVYwSk1vK2w0djAKLS0tIGpiTFFKRmNoWktYTURyU21xazdw 16 - cHlWQjF3ZkU5NUs0Y1hodUlabkxpdzAK91EV34EhJMrxxdVrRCwZlGKuRs7AU7v3 17 - dU8XRhjAzJs2Vu5UnCVOGB5Zl6w7FkXICYY0IP2dA0b477dI5rXNBg== 18 - -----END AGE ENCRYPTED FILE----- 19 - lastmodified: "2024-02-13T06:44:12Z" 20 - mac: ENC[AES256_GCM,data:wZXlMBGRZcdG5ArdtXLVrRkInIEDpOlC10zUuwOHwMUSBTAOLAgLsuTYwwnARyjPPEMhaR8/E1QrAFu8czy5xTkFg+rVGaD31Xb6CGmyGQm3nHLN3Olvwao/a9tQ0uuVJgzxbWA6RFDXc87wvSAsuSUbHVdKYmNZ3MGUVgvrf2A=,iv:bBLNKh0FgxBAU1BCsCg8EcPnqsq8RVle/9AXOmn50JE=,tag:19RyOanGIH/vuKiQQy9pYA==,type:str] 21 - pgp: [] 22 - unencrypted_suffix: _unencrypted 23 - version: 3.8.1

Configure Feed

Configure Feed