SK-Development-Studios/Nixos-Configuration
2
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

init commit

Browse source
This commit is contained in:
Jermeiah S 2025-06-13 23:18:52 -04:00
commit 8f7a75814d
No known key found for this signature in database
21 changed files with 1073 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.envrc Normal file
View file

@ -0,0 +1,3 @@
source_url https://raw.githubusercontent.com/juspay/omnix/75ed48923835963e2f18baba08f54a8adc307ba2/omnixrc "sha256-8C2Jb5bHx/0cvm1+9gOlBEdWzbikCWT5UsJWewUAFt4="
watch_file om.yaml
use omnix

4
.gitignore vendored Normal file
View file

@ -0,0 +1,4 @@
data2
data
result
.direnv

38
configurations/nixos/tofu/configuration.nix Normal file
View file

@ -0,0 +1,38 @@
{ config, pkgs, ... }:
{
disko.devices.disk.main.device = "/dev/vda";
users.users.admin = {
isNormalUser = true;
name = "sky";
extraGroups = [
"wheel"
"networkmanager"
"video"
"input"
];
uid = 1000;
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
};
users.users.root.openssh.authorizedKeys.keys = [
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA9i9HoP7X8Ufzz8rAaP7Nl3UOMZxQHMrsnA5aEQfpTyIQ1qW68jJ4jGK5V6Wv27MMc3czDU1qfFWIbGEWurUHQ="
];
services.tailscale = {
enable = true;
};
services.tty-ips.enable = true;
networking.yggdrasil.enable = true;
networking.yggdrasil.AllowedPublicKeys = [
"d0e265fcf663451ae9bc048dc1297749819ce9d48042a986f2866c15a779a074"
];
virtualisation.incus.agent.enable = true;
nixpkgs.hostPlatform = "x86_64-linux";
networking.hostName = "smultiboi";
environment.systemPackages = [
pkgs.otf
];
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = "25.05";
}

16
configurations/nixos/tofu/default.nix Normal file
View file

@ -0,0 +1,16 @@
# See /modules/nixos/* for actual settings
# This file is just *top-level* configuration.
{ flake, ... }:
let
inherit (flake) inputs;
inherit (inputs) self;
in
{
imports = [
self.nixosModules.default
./configuration.nix
./hardware-configuration.nix
./disko.nix
];
}

47
configurations/nixos/tofu/disko.nix Normal file
View file

@ -0,0 +1,47 @@
{
lib,
config,
...
}:
{
boot.loader.grub.efiSupport = lib.mkDefault true;
boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true;
disko.devices = {
disk = {
"main" = {
# suffix is to prevent disk name collisions
name = "main-" + config.networking.hostName;
type = "disk";
# device = <uuid>;
content = {
type = "gpt";
partitions = {
"boot" = {
size = "1M";
type = "EF02"; # for grub MBR
priority = 1;
};
"ESP" = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "nofail" ];
};
};
"root" = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

36
configurations/nixos/tofu/hardware-configuration.nix Normal file
View file

@ -0,0 +1,36 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"sr_mod"
"virtio_blk"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# virtualisation.qemu.guestAgent.enable = true;
services.qemuGuest.enable = true;
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
# networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

543
flake.lock generated Normal file
View file

@ -0,0 +1,543 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1747575206,
"owner": "ryantm",
"repo": "agenix",
"rev": "4835b1dc898959d8547a871ef484930675cb47f1",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1727447169,
"owner": "serokell",
"repo": "deploy-rs",
"rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1746728054,
"narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=",
"rev": "ff442f5d1425feb86344c028298548024f21256d",
"revCount": 1236,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/nix-community/disko/1.12.0/0196b11c-619a-758e-a575-5bc724a22daf/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/nix-community/disko/1.12.0.tar.gz"
}
},
"disko_2": {
"inputs": {
"nixpkgs": [
"nixos-anywhere",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744940522,
"narHash": "sha256-TNoetfICvd29DhxRPpmyKItQBDlqSvKcV+wGNkn14jk=",
"owner": "nix-community",
"repo": "disko",
"rev": "51d33bbb7f1e74ba5f9d9a77357735149da99081",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1743550720,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
"rev": "c621e8422220273271f52058f618c94e405bb0f5",
"revCount": 372,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/hercules-ci/flake-parts/0.1.372%2Brev-c621e8422220273271f52058f618c94e405bb0f5/0195f502-afa0-7717-826b-66943fb33808/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1.372.tar.gz"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixos-anywhere",
"nixpkgs"
]
},
"locked": {
"lastModified": 1743550720,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "c621e8422220273271f52058f618c94e405bb0f5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1747556831,
"narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=",
"rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33",
"revCount": 4762,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/nix-community/home-manager/0.2505.4762%2Brev-d0bbd221482c2713cccb80220f3c9d16a6e20a33/0196e282-f128-7f4d-9772-a83177941c96/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/nix-community/home-manager/0.2505.%2A.tar.gz"
}
},
"nix-darwin": {
"locked": {
"lastModified": 1748437600,
"narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=",
"rev": "7282cb574e0607e65224d33be8241eae7cfe0979",
"revCount": 802746,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.802746%2Brev-7282cb574e0607e65224d33be8241eae7cfe0979/01972246-83e0-7eee-b37e-089e4cceceda/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505.%2A.tar.gz"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1748751003,
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "2860bee699248d828c2ed9097a1cd82c2f991b43",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-index-database",
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1736643958,
"narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-anywhere": {
"inputs": {
"disko": "disko_2",
"flake-parts": "flake-parts_2",
"nixos-images": "nixos-images",
"nixos-stable": "nixos-stable",
"nixpkgs": "nixpkgs_3",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1747722472,
"owner": "nix-community",
"repo": "nixos-anywhere",
"rev": "1e2882c902322f1fd5992da0f5674c70ad8b133b",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "1.10.0",
"repo": "nixos-anywhere",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1747663185,
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixos-images": {
"inputs": {
"nixos-stable": [
"nixos-anywhere",
"nixos-stable"
],
"nixos-unstable": [
"nixos-anywhere",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744853194,
"narHash": "sha256-NBOdBdQdxb3FdM4Ywb4cATMLfFtkPqDYh0LIQMZ7eRY=",
"owner": "nix-community",
"repo": "nixos-images",
"rev": "8f6f8060a13096934c2a502eb0508bdc3f1284a1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-images",
"type": "github"
}
},
"nixos-stable": {
"locked": {
"lastModified": 1744440957,
"narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixos-unified": {
"locked": {
"lastModified": 1747972413,
"owner": "srid",
"repo": "nixos-unified",
"rev": "a1d1cd9ae1ca9866f47afc5e12f30acded261fcb",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "nixos-unified",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1745391562,
"narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1743296961,
"narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1746576598,
"narHash": "sha256-FshoQvr6Aor5SnORVvh/ZdJ1Sa2U4ZrIMwKBX5k2wu0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b3582c75c7f21ce0b429898980eddbbf05c68e55",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1745088452,
"narHash": "sha256-6SrsUiwNtyQtl+JJNcNKe98iediwPrY9Kldhszqggto=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ae0c0ebf757121ee44bb98e70a71212a9961055d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1748437600,
"narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=",
"rev": "7282cb574e0607e65224d33be8241eae7cfe0979",
"revCount": 802746,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.802746%2Brev-7282cb574e0607e65224d33be8241eae7cfe0979/01972246-83e0-7eee-b37e-089e4cceceda/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505.%2A.tar.gz"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1731763621,
"narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c69a9bffbecde46b4b939465422ddc59493d3e4d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"deploy-rs": "deploy-rs",
"disko": "disko",
"flake-parts": "flake-parts",
"home-manager": "home-manager_2",
"nix-darwin": "nix-darwin",
"nix-index-database": "nix-index-database",
"nixos-anywhere": "nixos-anywhere",
"nixos-generators": "nixos-generators",
"nixos-unified": "nixos-unified",
"nixpkgs": "nixpkgs_4",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1731850885,
"narHash": "sha256-V5eA7YtZwUnjtDK8hHoiXB17hBKZ+L6kpgR0UxKehtQ=",
"rev": "793c07f331a831e4321038e3e8ac2e503167af8b",
"revCount": 887,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/Mic92/sops-nix/0.1.887%2Brev-793c07f331a831e4321038e3e8ac2e503167af8b/01933a5d-224a-74d8-bbdb-08ceebbdd708/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/Mic92/sops-nix/0.1.887"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixos-anywhere",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744961264,
"narHash": "sha256-aRmUh0AMwcbdjJHnytg1e5h5ECcaWtIFQa6d9gI85AI=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "8d404a69efe76146368885110f29a2ca3700bee6",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

37
flake.nix Normal file
View file

@ -0,0 +1,37 @@
{
description = "A home-manager template providing useful tools & settings for Nix-based development";
inputs = {
# Principle inputs (updated by `nix run .#update`)
nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.2505.*.tar.gz";
nix-darwin.url = "https://flakehub.com/f/NixOS/nixpkgs/0.2505.*.tar.gz";
# nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "https://flakehub.com/f/nix-community/home-manager/0.2505.*.tar.gz";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
flake-parts.url = "https://flakehub.com/f/hercules-ci/flake-parts/0.1.372.tar.gz";
nixos-unified.url = "github:srid/nixos-unified";
agenix = {
url = "github:ryantm/agenix";
# inputs.nixpkgs.follows = "nixpkgs";
};
disko.url = "https://flakehub.com/f/nix-community/disko/1.12.0.tar.gz";
deploy-rs.url = "github:serokell/deploy-rs";
deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
nix-index-database.url = "github:nix-community/nix-index-database";
nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
nixos-anywhere.url = "github:nix-community/nixos-anywhere/1.10.0";
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix.url = "https://flakehub.com/f/Mic92/sops-nix/0.1.887";
};
# Wired using https://nixos-unified.org/autowiring.html
outputs =
inputs:
inputs.nixos-unified.lib.mkFlake {
inherit inputs;
root = ./.;
};
}

32
justfile Normal file
View file

@ -0,0 +1,32 @@
# Like GNU `make`, but `just` rustier.
# https://just.systems/
# run `just` from this directory to see available commands
# Default command when 'just' is run without arguments
default:
@just --list
# Update nix flake
[group('Main')]
update:
nix flake update
# Lint nix files
[group('dev')]
lint:
nix fmt
# Check nix flake
[group('dev')]
check:
nix flake check
# Manually enter dev shell
[group('dev')]
dev:
nix develop
# Activate the configuration
[group('Main')]
run:
nix run

55
modules/flake/deploy.nix Normal file
View file

@ -0,0 +1,55 @@
{ inputs, ... }:
let
inherit (inputs)
self
deploy-rs
nixpkgs
nixos-anywhere
agenix
;
inherit (nixpkgs) lib;
genNode =
hostName: nixosCfg:
let
# inherit (self.hosts.${hostName}) address hostPlatform remoteBuild;
# inherit (deploy-rs.lib.${hostPlatform}) activate;
system = self.nixosConfigurations."${hostName}".pkgs.system;
in
{
hostname = hostName;
profiles.system.path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.${hostName};
};
in
{
perSystem =
{
system,
...
}:
{
apps = rec {
default = deploy;
secrets = {
type = "app";
program = "${agenix.packages.${system}.agenix}/bin/agenix";
meta.description = "";
};
install = {
type = "app";
program = "${nixos-anywhere.packages.${system}.nixos-anywhere}/bin/nixos-anywhere";
meta.description = "";
};
deploy = deploy-rs.apps.${system}.deploy-rs;
};
};
flake = {
deploy = {
autoRollback = false;
magicRollback = true;
user = "root";
remoteBuild = true;
nodes = lib.mapAttrs genNode (self.nixosConfigurations or { });
};
};
}

12
modules/flake/devshell.nix Normal file
View file

@ -0,0 +1,12 @@
{
perSystem = { pkgs, ... }: {
devShells.default = pkgs.mkShell {
name = "nixos-unified-template-shell";
meta.description = "Shell environment for modifying this Nix configuration";
packages = with pkgs; [
just
nixd
];
};
};
}

16
modules/flake/toplevel.nix Normal file
View file

@ -0,0 +1,16 @@
# Top-level flake glue to get our configuration working
{ inputs, ... }:
{
imports = [
inputs.nixos-unified.flakeModules.default
inputs.nixos-unified.flakeModules.autoWire
];
perSystem = { self', pkgs, ... }: {
# For 'nix fmt'
formatter = pkgs.nixpkgs-fmt;
# Enables 'nix run' to activate.
packages.default = self'.packages.activate;
};
}

12
modules/nixos/common/avahi.nix Normal file
View file

@ -0,0 +1,12 @@
_: {
services.avahi = {
enable = true;
nssmdns4 = true;
nssmdns6 = true;
publish = {
addresses = true;
enable = true;
userServices = true;
};
};
}

9
modules/nixos/common/default.nix Normal file
View file

@ -0,0 +1,9 @@
{ flake, ... }:
{
imports =
with builtins;
map (fn: ./${fn}) (filter (fn: fn != "default.nix") (attrNames (readDir ./.)))
++ [
flake.inputs.disko.nixosModules.default
];
}

49
modules/nixos/common/discovery.nix Normal file
View file

@ -0,0 +1,49 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkOption mkIf types;
in
{
options.services.tty-ips = {
enable = mkOption {
type = types.bool;
default = false;
description = "Show interface IPs in TTY login using a dynamic issue file.";
};
};
config = mkIf config.services.tty-ips.enable {
systemd.services.tty-ips = {
description = "Generate /run/issue.dynamic with interface IPs";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
requires = [ "network-online.target" ];
before = [ "getty@tty1.service" ];
serviceConfig =
let
sw = "/run/current-system/sw/bin";
in
{
Type = "oneshot";
ExecStart = pkgs.writeShellScript "tty-ips-generate" ''
echo "Welcome to NixOS!" > /run/issue.dynamic
echo "" >> /run/issue.dynamic
echo "IP Addresses:" >> /run/issue.dynamic
${sw}/ip -brief addr show ygg0 | ${sw}/awk '{print " " $3}v' | ${pkgs.qrencode}/bin/qrencode -t ANSIUTF8 >> /run/issue.dynamic
echo "" >> /run/issue.dynamic
'';
};
};
services.getty.extraArgs = [
"--issue-file"
"/run/issue.dynamic"
];
};
}

6
modules/nixos/common/nixos-generators.nix Normal file
View file

@ -0,0 +1,6 @@
{ flake, ... }:
{
imports = [
flake.inputs.nixos-generators.nixosModules.all-formats
];
}

9
modules/nixos/common/ssh.nix Normal file
View file

@ -0,0 +1,9 @@
_: {
security = {
sudo.execWheelOnly = true;
pam = {
sshAgentAuth.enable = true;
services.sudo.sshAgentAuth = true;
};
};
}

68
modules/nixos/common/yggdrasil.nix Normal file
View file

@ -0,0 +1,68 @@
{
config,
lib,
...
}:
let
inherit (lib)
mkOption
mkEnableOption
mkIf
types
;
cfg = config.networking.yggdrasil;
in
{
options.networking.yggdrasil = {
enable = mkEnableOption "enables yggdrasil a sdwan solution";
AllowedPublicKeys = mkOption {
type = with types; listOf str;
default = [ "" ];
};
};
config = mkIf cfg.enable {
users = {
users.yggdrasil = {
isSystemUser = true;
description = "Yggdrasil";
group = "yggdrasil";
uid = 728;
};
groups.yggdrasil.gid = 728;
};
systemd.services.yggdrasil = {
serviceConfig = {
DynamicUser = lib.mkForce false;
User = "yggdrasil";
RestrictNamespaces = lib.mkForce "no";
};
};
services.yggdrasil = {
enable = true;
persistentKeys = true;
openMulticastPort = true;
settings = {
inherit (cfg) AllowedPublicKeys;
Peers = [
"tls://ygg.yt:443"
"tls://ygg.jjolly.dev:3443"
"quic://ygg-kcmo.incognet.io:8885"
];
MulticastInterfaces = [
{
Regex = "w.*";
Beacon = true;
Listen = true;
Port = 9001;
Priority = 0;
}
];
IfName = "ygg0";
IfMTU = 65535;
NodeInfoPrivacy = false;
NodeInfo = null;
};
};
};
}

10
modules/nixos/default.nix Normal file
View file

@ -0,0 +1,10 @@
# This is your nixos configuration.
# For home configuration, see /modules/home/*
{ flake, ... }:
{
imports = [
flake.inputs.self.nixosModules.common
];
services.openssh.enable = true;
nixpkgs.overlays = [ flake.inputs.self.overlays.default ];
}

21
overlays/default.nix Normal file
View file

@ -0,0 +1,21 @@
{ flake, ... }:
let
inherit (flake) inputs;
inherit (inputs) self;
pkgsDir = ../packages; # This must be absolute or relative to this file
# List only subdirs with default.nix
packageDirs = builtins.filter (name: builtins.pathExists (pkgsDir + "/${name}/default.nix")) (
builtins.attrNames (builtins.readDir pkgsDir)
);
in
self: super:
builtins.listToAttrs (
map (name: {
name = name;
value = self.callPackage (pkgsDir + "/${name}") { };
}) packageDirs
)

50
packages/otf/default.nix Normal file
View file

@ -0,0 +1,50 @@
{
lib,
fetchFromGitHub,
buildGoModule,
git,
}:
buildGoModule rec {
pname = "otf";
version = "0.3.23";
src = fetchFromGitHub {
owner = "leg100";
repo = "otf";
rev = "v${version}";
hash = "sha256-lm/J0ZEdkF+aI+NvbYg75rCexqjDLz/w+Sp9PhhAsv4=";
leaveDotGit = true;
postFetch = ''
cd "$out"
git rev-parse HEAD > $out/COMMIT_HASH
date -u -d "@$(git log -1 --pretty=%ct)" "+%s" > $out/BUILD_TIME
find "$out" -name .git -print0 | xargs -0 rm -rf
'';
};
nativeBuildInputs = [ git ];
vendorHash = "sha256-8FcdezTBWCIChytTbJal3TzTi/JfUbkW3Yu4djzDIgk=";
ldflags = [
"-s"
"-w"
"-X github.com/leg100/otf/internal.Version=v${version}"
];
preBuild = ''
ldflags+=" -X github.com/leg100/otf/internal.Commit=$(cat COMMIT_HASH)"
ldflags+=" -X github.com/leg100/otf/internal.Built=$(cat BUILD_TIME)"
'';
subPackages = [
"cmd/otf"
"cmd/otf-agent"
"cmd/otfd"
];
meta = with lib; {
description = "An open source alternative to Terraform Enterprise.";
license = licenses.mpl20;
platforms = platforms.linux ++ platforms.darwin;
};
}