From fc6bf69f0079786fc1bf3598153d4df5c5b511b8 Mon Sep 17 00:00:00 2001 From: Christoph Schmatzler Date: Tue, 12 Aug 2025 19:32:49 +0000 Subject: [PATCH] up --- flake.lock | 20 +++----------- flake.nix | 15 ++++++++--- hosts/darwin/chidi/default.nix | 7 +++-- hosts/darwin/jason/default.nix | 8 ++++-- hosts/metadata.nix | 16 +++++++++++ hosts/nixos/tahani/default.nix | 30 +++++++++++++++------ lib/constants.nix | 13 +++++++++ modules/core/default.nix | 2 +- modules/home-manager/base/default.nix | 2 +- modules/home-manager/base/shell/aliases.nix | 2 +- modules/home-manager/darwin/default.nix | 2 +- modules/home-manager/nixos/default.nix | 2 +- modules/networking/firewall.nix | 2 +- modules/networking/ssh.nix | 2 +- modules/networking/tailscale.nix | 2 +- modules/packages/default.nix | 4 +-- modules/platform/darwin/default.nix | 10 ++++--- modules/platform/darwin/secrets.nix | 5 +--- modules/platform/nixos/default.nix | 26 +++++++----------- modules/platform/nixos/tailscale.nix | 2 +- modules/services/adguard.nix | 2 +- secrets/tahani.yaml | 26 ------------------ 22 files changed, 102 insertions(+), 98 deletions(-) create mode 100644 hosts/metadata.nix create mode 100644 lib/constants.nix delete mode 100644 secrets/tahani.yaml diff --git a/flake.lock b/flake.lock index 63a54b0..8e80881 100644 --- a/flake.lock +++ b/flake.lock @@ -270,22 +270,6 @@ "type": "github" } }, - "nixpkgs_4": { - "locked": { - "lastModified": 1744868846, - "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixvim": { "inputs": { "flake-parts": "flake-parts_2", @@ -346,7 +330,9 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1754988908, diff --git a/flake.nix b/flake.nix index 3f94ed3..371cda2 100644 --- a/flake.nix +++ b/flake.nix @@ -4,7 +4,10 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/master"; flake-parts.url = "github:hercules-ci/flake-parts"; - sops-nix.url = "github:Mic92/sops-nix"; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; home-manager.url = "github:nix-community/home-manager"; darwin = { url = "github:LnL7/nix-darwin/master"; @@ -29,7 +32,9 @@ outputs = inputs @ {flake-parts, ...}: flake-parts.lib.mkFlake {inherit inputs;} ( let - user = "cschmatzler"; + constants = import ./lib/constants.nix; + hostMetadata = import ./hosts/metadata.nix; + user = constants.user; darwinHosts = builtins.attrNames (builtins.readDir ./hosts/darwin); nixosHosts = builtins.attrNames (builtins.readDir ./hosts/nixos); in { @@ -45,7 +50,8 @@ specialArgs = inputs // { - inherit user hostname; + inherit user hostname constants; + hostMeta = hostMetadata.${hostname} or {}; }; modules = [ inputs.home-manager.darwinModules.home-manager @@ -75,7 +81,8 @@ specialArgs = inputs // { - inherit user hostname; + inherit user hostname constants; + hostMeta = hostMetadata.${hostname} or {}; }; modules = [ inputs.home-manager.nixosModules.home-manager diff --git a/hosts/darwin/chidi/default.nix b/hosts/darwin/chidi/default.nix index abf49f4..d598b9b 100644 --- a/hosts/darwin/chidi/default.nix +++ b/hosts/darwin/chidi/default.nix @@ -1,6 +1,7 @@ { pkgs, user, + hostMeta, ... }: { imports = [ @@ -11,10 +12,8 @@ networking.computerName = "Chidi"; home-manager.users.${user} = { - programs.git.userEmail = "christoph@tuist.dev"; + programs.git.userEmail = hostMeta.email; }; - environment.systemPackages = with pkgs; [ - slack - ]; + environment.systemPackages = with pkgs; hostMeta.extraPackages; } diff --git a/hosts/darwin/jason/default.nix b/hosts/darwin/jason/default.nix index 9f306ba..d647673 100644 --- a/hosts/darwin/jason/default.nix +++ b/hosts/darwin/jason/default.nix @@ -1,4 +1,8 @@ -{user, ...}: { +{ + user, + hostMeta, + ... +}: { imports = [ ../shared.nix ]; @@ -7,6 +11,6 @@ networking.computerName = "Jason"; home-manager.users.${user} = { - programs.git.userEmail = "christoph@schmatzler.com"; + programs.git.userEmail = hostMeta.email; }; } diff --git a/hosts/metadata.nix b/hosts/metadata.nix new file mode 100644 index 0000000..b458cc7 --- /dev/null +++ b/hosts/metadata.nix @@ -0,0 +1,16 @@ +{ + chidi = { + email = "christoph@tuist.dev"; + extraPackages = ["slack"]; + }; + + jason = { + email = "christoph@schmatzler.com"; + extraPackages = []; + }; + + tahani = { + email = "christoph@schmatzler.com"; + extraPackages = []; + }; +} diff --git a/hosts/nixos/tahani/default.nix b/hosts/nixos/tahani/default.nix index 220350b..88b7bdb 100644 --- a/hosts/nixos/tahani/default.nix +++ b/hosts/nixos/tahani/default.nix @@ -2,6 +2,7 @@ pkgs, hostname, user, + hostMeta, ... }: { imports = [ @@ -50,13 +51,20 @@ nameservers = ["1.1.1.1"]; }; - # sops.secrets = { - # tahani-syncthing-cert = { - # sopsFile = "./secrets/tahani-syncthing-cert"; - # format = "binary"; - # path = "/home/${user}/.config/syncthing/cert.pem"; - # }; - # }; + sops.secrets = { + tahani-syncthing-cert = { + sopsFile = ../../../secrets/tahani-syncthing-cert; + format = "binary"; + owner = user; + path = "/home/${user}/.config/syncthing/cert.pem"; + }; + tahani-syncthing-key = { + sopsFile = ../../../secrets/tahani-syncthing-key; + format = "binary"; + owner = user; + path = "/home/${user}/.config/syncthing/key.pem"; + }; + }; services.syncthing = { enable = true; @@ -73,6 +81,12 @@ devices = {}; options.globalAnnounceEnabled = false; }; + folders = { + "Projects" = { + path = "/home/${user}/Projects"; + devices = []; + }; + }; }; services.postgresql = { @@ -110,6 +124,6 @@ }; home-manager.users.${user} = { - programs.git.userEmail = "christoph@schmatzler.com"; + programs.git.userEmail = hostMeta.email; }; } diff --git a/lib/constants.nix b/lib/constants.nix new file mode 100644 index 0000000..7e061fa --- /dev/null +++ b/lib/constants.nix @@ -0,0 +1,13 @@ +{ + user = "cschmatzler"; + + sshKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILw2lQn2yEwprOzz50kxG4fKXHzq6askh+XSGLSnWidd" + ]; + + stateVersions = { + darwin = 6; + nixos = "25.11"; + homeManager = "25.11"; + }; +} diff --git a/modules/core/default.nix b/modules/core/default.nix index fab772c..9269b5b 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -36,4 +36,4 @@ experimental-features = nix-command flakes ''; }; -} \ No newline at end of file +} diff --git a/modules/home-manager/base/default.nix b/modules/home-manager/base/default.nix index def90eb..fdfbeb1 100644 --- a/modules/home-manager/base/default.nix +++ b/modules/home-manager/base/default.nix @@ -21,4 +21,4 @@ enable = true; nix-direnv.enable = true; }; -} \ No newline at end of file +} diff --git a/modules/home-manager/base/shell/aliases.nix b/modules/home-manager/base/shell/aliases.nix index 1c0793c..076eca1 100644 --- a/modules/home-manager/base/shell/aliases.nix +++ b/modules/home-manager/base/shell/aliases.nix @@ -3,4 +3,4 @@ v = "nvim"; lg = "lazygit"; }; -} \ No newline at end of file +} diff --git a/modules/home-manager/darwin/default.nix b/modules/home-manager/darwin/default.nix index 19666f9..650b264 100644 --- a/modules/home-manager/darwin/default.nix +++ b/modules/home-manager/darwin/default.nix @@ -2,4 +2,4 @@ imports = [ ./terminal/ghostty.nix ]; -} \ No newline at end of file +} diff --git a/modules/home-manager/nixos/default.nix b/modules/home-manager/nixos/default.nix index fc9d310..b360719 100644 --- a/modules/home-manager/nixos/default.nix +++ b/modules/home-manager/nixos/default.nix @@ -2,4 +2,4 @@ imports = [ ./terminal/zellij.nix ]; -} \ No newline at end of file +} diff --git a/modules/networking/firewall.nix b/modules/networking/firewall.nix index 88e2f3f..63fbebd 100644 --- a/modules/networking/firewall.nix +++ b/modules/networking/firewall.nix @@ -3,4 +3,4 @@ enable = true; trustedInterfaces = ["eno1" "tailscale0"]; }; -} \ No newline at end of file +} diff --git a/modules/networking/ssh.nix b/modules/networking/ssh.nix index ab2531c..aae2c60 100644 --- a/modules/networking/ssh.nix +++ b/modules/networking/ssh.nix @@ -6,4 +6,4 @@ PasswordAuthentication = false; }; }; -} \ No newline at end of file +} diff --git a/modules/networking/tailscale.nix b/modules/networking/tailscale.nix index 715abc6..d886410 100644 --- a/modules/networking/tailscale.nix +++ b/modules/networking/tailscale.nix @@ -1,3 +1,3 @@ { services.tailscale.enable = true; -} \ No newline at end of file +} diff --git a/modules/packages/default.nix b/modules/packages/default.nix index 5a9c8e1..93f8c2b 100644 --- a/modules/packages/default.nix +++ b/modules/packages/default.nix @@ -1,4 +1,4 @@ -{pkgs}: +{pkgs, ...}: with pkgs; [ alejandra delta @@ -29,4 +29,4 @@ with pkgs; [ vivid wget zip -] \ No newline at end of file +] diff --git a/modules/platform/darwin/default.nix b/modules/platform/darwin/default.nix index d05ccdd..82a93d5 100644 --- a/modules/platform/darwin/default.nix +++ b/modules/platform/darwin/default.nix @@ -3,6 +3,7 @@ pkgs, nixvim, user, + constants, ... }: { imports = [ @@ -16,7 +17,7 @@ system = { primaryUser = user; - stateVersion = 6; + stateVersion = constants.stateVersions.darwin; }; nix = { @@ -50,9 +51,10 @@ ]; fonts.fontconfig.enable = true; home = { - packages = pkgs.callPackage ../../packages {} - ++ pkgs.callPackage ./packages.nix {}; - stateVersion = "25.11"; + packages = + pkgs.callPackage ../../packages {} + ++ pkgs.callPackage ./packages.nix {}; + stateVersion = constants.stateVersions.homeManager; }; }; }; diff --git a/modules/platform/darwin/secrets.nix b/modules/platform/darwin/secrets.nix index f4bb873..a170409 100644 --- a/modules/platform/darwin/secrets.nix +++ b/modules/platform/darwin/secrets.nix @@ -1,7 +1,4 @@ -{ - user, - ... -}: { +{user, ...}: { age.identityPaths = [ "/Users/${user}/.ssh/id_ed25519" ]; diff --git a/modules/platform/nixos/default.nix b/modules/platform/nixos/default.nix index d6bc449..0ef2819 100644 --- a/modules/platform/nixos/default.nix +++ b/modules/platform/nixos/default.nix @@ -2,15 +2,10 @@ pkgs, nixvim, user, + constants, sops-nix, ... -}: let - sshKeys = { - keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILw2lQn2yEwprOzz50kxG4fKXHzq6askh+XSGLSnWidd" - ]; - }; -in { +}: { imports = [ ../../core ../../networking/firewall.nix @@ -22,7 +17,7 @@ in { security.sudo.enable = true; - system.stateVersion = "25.11"; + system.stateVersion = constants.stateVersions.nixos; time.timeZone = "UTC"; nix = { @@ -31,8 +26,6 @@ in { nixPath = ["nixos-config=/home/${user}/.local/share/src/nixos-config:/etc/nixos"]; }; - - users.users = { ${user} = { isNormalUser = true; @@ -45,16 +38,14 @@ in { "docker" ]; shell = pkgs.fish; - openssh.authorizedKeys.keys = sshKeys.keys; + openssh.authorizedKeys.keys = constants.sshKeys; }; root = { - openssh.authorizedKeys.keys = sshKeys.keys; + openssh.authorizedKeys.keys = constants.sshKeys; }; }; - - home-manager = { users.${user} = { pkgs, @@ -69,9 +60,10 @@ in { ../../home-manager/nixos ]; home = { - packages = pkgs.callPackage ../../packages {} - ++ pkgs.callPackage ./packages.nix {}; - stateVersion = "25.11"; + packages = + pkgs.callPackage ../../packages {} + ++ pkgs.callPackage ./packages.nix {}; + stateVersion = constants.stateVersions.homeManager; }; }; }; diff --git a/modules/platform/nixos/tailscale.nix b/modules/platform/nixos/tailscale.nix index 70d8372..262783f 100644 --- a/modules/platform/nixos/tailscale.nix +++ b/modules/platform/nixos/tailscale.nix @@ -5,4 +5,4 @@ useRoutingFeatures = "server"; openFirewall = true; }; -} \ No newline at end of file +} diff --git a/modules/services/adguard.nix b/modules/services/adguard.nix index 05e69ae..138866f 100644 --- a/modules/services/adguard.nix +++ b/modules/services/adguard.nix @@ -18,4 +18,4 @@ }; }; }; -} \ No newline at end of file +} diff --git a/secrets/tahani.yaml b/secrets/tahani.yaml deleted file mode 100644 index eaea437..0000000 --- a/secrets/tahani.yaml +++ /dev/null @@ -1,26 +0,0 @@ -syncthing_cert: ENC[AES256_GCM,data:24s+oLn0v5ZBeEzYLs/n/G3HhqwktLCyCqZ/JU7F9NQHK0ZlR0k/5TFAoxjSr+1/DHGYalCf+KtCv9rJfDH4Mj+ekd+H8JzPAg9nzZ+xw7D4FH+2oHv4nHSFeGinKbgNwXibXd915gugLb0qjN09DCrZrIlxYcglrK2ds1klFIp6npGF1AvCaZg4bqDI1k+ATVqjH8HoNWN9MJyjv2ixZ2hXuHK6y9waY9mweBh/0UK6IDwvrJx4mDjKTDhPTB9C08qNZ2wP+FPEdDOMUha1zv2KQocRp4b+U5bEUlLuxeVusMxYh4ZSuPQWrAr35D40bwyvi4c6uyVywIZ5XP+BxrJsLck+tD49QE6mqAMuRV0PjfakHnbiH1uV1Wop9P6+n7tKQ1umHPK7YSWAMSG2QmGJBTW5NoTgFPDRLa+9RMkEAX11BdkS8SgJtVS6i/B8WhtPIrSKi8KMaLkMJ5q42bgxwQmNhRuvzwV8nevbFdTcEg8ZHJS8WAP+viC9JiSryD2hz6GN6gZnEZAtlINNy9p3AtCYYc1BDACJgm4jtMTDWMmqy4K6lGhFW7hAKBxHoV4/a1Nyxx35IIV8AJVqWnmCR8P6Xy/UEUsFz1L8l/y15mvEhmAu6axUi+4qkqx+54cGWA75ml5b0KnG3j2E7p5NIRrILHpzlTsR3y+zakcwtOi3Ggbu16hvr/WM+D/PJacv3fnZG65lBShbIFNmKNgwPXMlXljzl23XY1mXcVNmDCXRgZhe2KnlzV//jWIYB/04GLDAJ0pLZ99lVLU8qoE9CCBW7sd/NZTaYbyLR2pBwQJhRVapwN60ZYDKqZWARqk5jR49ZR8LWA3EHGP6YfgjPGM6/xpMovqHNpys1TEBdzbB1vCsyseTnfJEApaWFsTg1472TIBWJP5YjScXtq6pRkqorLEyR4h331OX3Qu37sRpMlbxYFD9NpBajRiH01RoYKOqSIbttq8ovsAvt5LotrLUyTIR7hp5T5/Est1++o7zdGmOwL1Sl8VAlY0ucyEPBl2tNeUsEYRrRy0WVWD5zNRcXRmACpIsquYxvDJd5hrbeaAXhD1XCVaiV7cA1zg4EOcy6x/K0IPGGHm6U9UzHZmIzw/9MDb8vCOqb6r+58k2VqVl34l39X51Kl9xg1MJ9GWJKqah0d9JgRFGK2dHOUo5Yat7pe6fobP3BUGV8cxfEvny3IKpHnY6NllYaERQnq3Eje6nagyC1QQBVwYJeGqImqGJeYIT8+fhOnXUC/Uhmbe3OZQoWXhZMo1Pk+aMiiUPnAM3l+ykf0wlaf+r4JcCc+lQpcrGImK0XdsCf3SiairZowBMcuJqf/HVM99zujx2D/GG4HFttWXZN5KDcWqWfBkmWxQuXTR3tgIMXtZdCHVctN9LYRtJ4Rjp3T8GlQ==,iv:DSQ2uHBlhFaMklqbItA6Crt09EOydiCD7DzQcSPJdlM=,tag:nWT/ZiJVGKojw/QzhVJiqg==,type:str] -syncthing_key: ENC[AES256_GCM,data:W/mx/qc1Cc5AY3utYSfroSoVDzX+pyOE6z54ppck1Hc/Y2LLyInRuc6eIZgqdA9BvVtv8YDTltpXjp2kJSZSm+GWjrkl/OislojXeOLkuqjRtjydCyu/ErlFglcLLvWwx+kvLeq0yADARZnanmG2+HT1nnF8OORWQ08sP8GnujFKVj4JLUX7emBzUz6wARjjFbnuF1xNh+Ach+0J6g+shGRMDdVSazbk+lDKsotUCMItMLhEde0TK7fWxpsCGRBfTjERDoQiyIgwouOIvV78Z8Qa/5GCWntg2b8lvqE9IsWvdmySiZ0XNzP8Qmd1ux3PRT5Btw0e3eZIehVmtwEkgKmuBx++SmEi4fULlrA2bs/SW1lyDYazUXfMteGNtEUY4rlKpE2RMiY3xXi4+7/K1SgQoPLn0tIiW5YUVxmQKOSYvXoCg+HF3ppmbXRHnVrfj8rv/fEXjGXywXKCyGeIJMEp+gmPaxHaMIjiAXvsuxBhvOnc17j0UakKB9mdefVs,iv:RnSiWtdgQfDiEooqm5ecjubN5uR11+qa28d79v+6GK8=,tag:LJwBUw3BBvcUWPGBKOSSsA==,type:str] -sops: - age: - - recipient: age1smjjh7l5gchlp4zgfqcxaam506mudacsr37nqj690t0gktzlksvqskd2ek - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1VlRCZHlaRVVjbTAweEMv - RXc5eDZMdjk3MFEyZFY2NmFYZGg0WFVuK1d3CmpheFB0SzlTWTA2MXg4eDVSeG9a - ZGlkK3BJbzM5RkNOazV5TGNJWVI1bDAKLS0tIExBM1JQNk9IL1FHeXFabWJ2ckxW - U1BsSnRNWTdUMlR5YVlGaW1PWDdBNzQKSZVNl4AWkEzn6cTxOrl+OVpWel1JQHmy - w8kWDihMnFfB4LwuDePYtUIFdOxxWeTZjObP/UP6ZxumhxNEAOR6tQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1njjegjjdqzfnrr54f536yl4lduqgna3wuv7ef6vtl9jw5cju0grsgy62tm - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZFhkSGVjSTNJVUdIbnFj - WEJNMGhheHVUUUdQM01vb0tNamg2ekExc244ClJsT21uZ2ZJZlNoQ0Vld01JWFAx - bDBwNEEvZ0dFalVVb2kxaUZ3Q0x4eTAKLS0tIHhWRmh2N3NEekN0bnJSSHBVTzBk - cEE5bVpUSE9TY2t3ZjZTSUZ3Z1ZreGsKqZH2+N5cTl5a5MIDO/x33RQ44ZZWM8HN - eb0lI8kOc+e4plDQF6Qe2RXJCKcD/4MPkB70sUiPb6SemqBfrREsew== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-12T18:34:32Z" - mac: ENC[AES256_GCM,data:XBKlvlDejMuOK5LXFTtmIV0TcnzAPctQrmhV28ZqPcdpiBYINGiWM4r4Zo3fNjpjBhKx+Vd3sIIGiBBi40Lhm1uK6FBAZ7eqhIDU0LOsJJ+jBo26m7kXCWYddzoPzTHBfYRx0DyecLml2bhW8JuRv5v5/IHSq6ibF5XUtbZT9GA=,iv:oOUCUd2BlodibsUoe1eLWWtJvempPZBckfgAwU4rqKA=,tag:gYmsLVaOopKJsO7k52vZKw==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2