cschmatzler/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

up

Browse Source
This commit is contained in:
Christoph Schmatzler
2025-08-12 19:32:49 +00:00
parent 2a40e49f70
commit fc6bf69f00
22 changed files with 102 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
flake.lock generated
View File

@@ -270,22 +270,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": {
"locked": {
"lastModified": 1744868846,
"narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixvim": { "nixvim": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_2",
@@ -346,7 +330,9 @@
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_4" "nixpkgs": [
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1754988908, "lastModified": 1754988908,

15
flake.nix
View File

@@ -4,7 +4,10 @@
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/master"; nixpkgs.url = "github:nixos/nixpkgs/master";
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
sops-nix.url = "github:Mic92/sops-nix"; sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager.url = "github:nix-community/home-manager"; home-manager.url = "github:nix-community/home-manager";
darwin = { darwin = {
url = "github:LnL7/nix-darwin/master"; url = "github:LnL7/nix-darwin/master";
@@ -29,7 +32,9 @@
outputs = inputs @ {flake-parts, ...}: outputs = inputs @ {flake-parts, ...}:
flake-parts.lib.mkFlake {inherit inputs;} ( flake-parts.lib.mkFlake {inherit inputs;} (
let let
user = "cschmatzler"; constants = import ./lib/constants.nix;
hostMetadata = import ./hosts/metadata.nix;
user = constants.user;
darwinHosts = builtins.attrNames (builtins.readDir ./hosts/darwin); darwinHosts = builtins.attrNames (builtins.readDir ./hosts/darwin);
nixosHosts = builtins.attrNames (builtins.readDir ./hosts/nixos); nixosHosts = builtins.attrNames (builtins.readDir ./hosts/nixos);
in { in {
@@ -45,7 +50,8 @@
specialArgs = specialArgs =
inputs inputs
// { // {
inherit user hostname; inherit user hostname constants;
hostMeta = hostMetadata.${hostname} or {};
}; };
modules = [ modules = [
inputs.home-manager.darwinModules.home-manager inputs.home-manager.darwinModules.home-manager
@@ -75,7 +81,8 @@
specialArgs = specialArgs =
inputs inputs
// { // {
inherit user hostname; inherit user hostname constants;
hostMeta = hostMetadata.${hostname} or {};
}; };
modules = [ modules = [
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager

7
hosts/darwin/chidi/default.nix
View File

@@ -1,6 +1,7 @@
{ {
pkgs, pkgs,
user, user,
hostMeta,
... ...
}: { }: {
imports = [ imports = [
@@ -11,10 +12,8 @@
networking.computerName = "Chidi"; networking.computerName = "Chidi";
home-manager.users.${user} = { home-manager.users.${user} = {
programs.git.userEmail = "christoph@tuist.dev"; programs.git.userEmail = hostMeta.email;
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; hostMeta.extraPackages;
slack
];
} }

8
hosts/darwin/jason/default.nix
View File

@@ -1,4 +1,8 @@
{user, ...}: { {
user,
hostMeta,
...
}: {
imports = [ imports = [
../shared.nix ../shared.nix
]; ];
@@ -7,6 +11,6 @@
networking.computerName = "Jason"; networking.computerName = "Jason";
home-manager.users.${user} = { home-manager.users.${user} = {
programs.git.userEmail = "christoph@schmatzler.com"; programs.git.userEmail = hostMeta.email;
}; };
} }

16
hosts/metadata.nix Normal file
View File

@@ -0,0 +1,16 @@
{
chidi = {
email = "christoph@tuist.dev";
extraPackages = ["slack"];
};
jason = {
email = "christoph@schmatzler.com";
extraPackages = [];
};
tahani = {
email = "christoph@schmatzler.com";
extraPackages = [];
};
}

30
hosts/nixos/tahani/default.nix
View File

@@ -2,6 +2,7 @@
pkgs, pkgs,
hostname, hostname,
user, user,
hostMeta,
... ...
}: { }: {
imports = [ imports = [
@@ -50,13 +51,20 @@
nameservers = ["1.1.1.1"]; nameservers = ["1.1.1.1"];
}; };
# sops.secrets = { sops.secrets = {
# tahani-syncthing-cert = { tahani-syncthing-cert = {
# sopsFile = "./secrets/tahani-syncthing-cert"; sopsFile = ../../../secrets/tahani-syncthing-cert;
# format = "binary"; format = "binary";
# path = "/home/${user}/.config/syncthing/cert.pem"; owner = user;
# }; path = "/home/${user}/.config/syncthing/cert.pem";
# }; };
tahani-syncthing-key = {
sopsFile = ../../../secrets/tahani-syncthing-key;
format = "binary";
owner = user;
path = "/home/${user}/.config/syncthing/key.pem";
};
};
services.syncthing = { services.syncthing = {
enable = true; enable = true;
@@ -73,6 +81,12 @@
devices = {}; devices = {};
options.globalAnnounceEnabled = false; options.globalAnnounceEnabled = false;
}; };
folders = {
"Projects" = {
path = "/home/${user}/Projects";
devices = [];
};
};
}; };
services.postgresql = { services.postgresql = {
@@ -110,6 +124,6 @@
}; };
home-manager.users.${user} = { home-manager.users.${user} = {
programs.git.userEmail = "christoph@schmatzler.com"; programs.git.userEmail = hostMeta.email;
}; };
} }

13
lib/constants.nix Normal file
View File

@@ -0,0 +1,13 @@
{
user = "cschmatzler";
sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILw2lQn2yEwprOzz50kxG4fKXHzq6askh+XSGLSnWidd"
];
stateVersions = {
darwin = 6;
nixos = "25.11";
homeManager = "25.11";
};
}

2
modules/packages/default.nix
View File

@@ -1,4 +1,4 @@
{pkgs}: {pkgs, ...}:
with pkgs; [ with pkgs; [
alejandra alejandra
delta delta

8
modules/platform/darwin/default.nix
View File

@@ -3,6 +3,7 @@
pkgs, pkgs,
nixvim, nixvim,
user, user,
constants,
... ...
}: { }: {
imports = [ imports = [
@@ -16,7 +17,7 @@
system = { system = {
primaryUser = user; primaryUser = user;
stateVersion = 6; stateVersion = constants.stateVersions.darwin;
}; };
nix = { nix = {
@@ -50,9 +51,10 @@
]; ];
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;
home = { home = {
packages = pkgs.callPackage ../../packages {} packages =
pkgs.callPackage ../../packages {}
++ pkgs.callPackage ./packages.nix {}; ++ pkgs.callPackage ./packages.nix {};
stateVersion = "25.11"; stateVersion = constants.stateVersions.homeManager;
}; };
}; };
}; };

5
modules/platform/darwin/secrets.nix
View File

@@ -1,7 +1,4 @@
{ {user, ...}: {
user,
...
}: {
age.identityPaths = [ age.identityPaths = [
"/Users/${user}/.ssh/id_ed25519" "/Users/${user}/.ssh/id_ed25519"
]; ];

24
modules/platform/nixos/default.nix
View File

@@ -2,15 +2,10 @@
pkgs, pkgs,
nixvim, nixvim,
user, user,
constants,
sops-nix, sops-nix,
... ...
}: let }: {
sshKeys = {
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILw2lQn2yEwprOzz50kxG4fKXHzq6askh+XSGLSnWidd"
];
};
in {
imports = [ imports = [
../../core ../../core
../../networking/firewall.nix ../../networking/firewall.nix
@@ -22,7 +17,7 @@ in {
security.sudo.enable = true; security.sudo.enable = true;
system.stateVersion = "25.11"; system.stateVersion = constants.stateVersions.nixos;
time.timeZone = "UTC"; time.timeZone = "UTC";
nix = { nix = {
@@ -31,8 +26,6 @@ in {
nixPath = ["nixos-config=/home/${user}/.local/share/src/nixos-config:/etc/nixos"]; nixPath = ["nixos-config=/home/${user}/.local/share/src/nixos-config:/etc/nixos"];
}; };
users.users = { users.users = {
${user} = { ${user} = {
isNormalUser = true; isNormalUser = true;
@@ -45,16 +38,14 @@ in {
"docker" "docker"
]; ];
shell = pkgs.fish; shell = pkgs.fish;
openssh.authorizedKeys.keys = sshKeys.keys; openssh.authorizedKeys.keys = constants.sshKeys;
}; };
root = { root = {
openssh.authorizedKeys.keys = sshKeys.keys; openssh.authorizedKeys.keys = constants.sshKeys;
}; };
}; };
home-manager = { home-manager = {
users.${user} = { users.${user} = {
pkgs, pkgs,
@@ -69,9 +60,10 @@ in {
../../home-manager/nixos ../../home-manager/nixos
]; ];
home = { home = {
packages = pkgs.callPackage ../../packages {} packages =
pkgs.callPackage ../../packages {}
++ pkgs.callPackage ./packages.nix {}; ++ pkgs.callPackage ./packages.nix {};
stateVersion = "25.11"; stateVersion = constants.stateVersions.homeManager;
}; };
}; };
}; };

26
secrets/tahani.yaml
View File

@@ -1,26 +0,0 @@
syncthing_cert: ENC[AES256_GCM,data:24s+oLn0v5ZBeEzYLs/n/G3HhqwktLCyCqZ/JU7F9NQHK0ZlR0k/5TFAoxjSr+1/DHGYalCf+KtCv9rJfDH4Mj+ekd+H8JzPAg9nzZ+xw7D4FH+2oHv4nHSFeGinKbgNwXibXd915gugLb0qjN09DCrZrIlxYcglrK2ds1klFIp6npGF1AvCaZg4bqDI1k+ATVqjH8HoNWN9MJyjv2ixZ2hXuHK6y9waY9mweBh/0UK6IDwvrJx4mDjKTDhPTB9C08qNZ2wP+FPEdDOMUha1zv2KQocRp4b+U5bEUlLuxeVusMxYh4ZSuPQWrAr35D40bwyvi4c6uyVywIZ5XP+BxrJsLck+tD49QE6mqAMuRV0PjfakHnbiH1uV1Wop9P6+n7tKQ1umHPK7YSWAMSG2QmGJBTW5NoTgFPDRLa+9RMkEAX11BdkS8SgJtVS6i/B8WhtPIrSKi8KMaLkMJ5q42bgxwQmNhRuvzwV8nevbFdTcEg8ZHJS8WAP+viC9JiSryD2hz6GN6gZnEZAtlINNy9p3AtCYYc1BDACJgm4jtMTDWMmqy4K6lGhFW7hAKBxHoV4/a1Nyxx35IIV8AJVqWnmCR8P6Xy/UEUsFz1L8l/y15mvEhmAu6axUi+4qkqx+54cGWA75ml5b0KnG3j2E7p5NIRrILHpzlTsR3y+zakcwtOi3Ggbu16hvr/WM+D/PJacv3fnZG65lBShbIFNmKNgwPXMlXljzl23XY1mXcVNmDCXRgZhe2KnlzV//jWIYB/04GLDAJ0pLZ99lVLU8qoE9CCBW7sd/NZTaYbyLR2pBwQJhRVapwN60ZYDKqZWARqk5jR49ZR8LWA3EHGP6YfgjPGM6/xpMovqHNpys1TEBdzbB1vCsyseTnfJEApaWFsTg1472TIBWJP5YjScXtq6pRkqorLEyR4h331OX3Qu37sRpMlbxYFD9NpBajRiH01RoYKOqSIbttq8ovsAvt5LotrLUyTIR7hp5T5/Est1++o7zdGmOwL1Sl8VAlY0ucyEPBl2tNeUsEYRrRy0WVWD5zNRcXRmACpIsquYxvDJd5hrbeaAXhD1XCVaiV7cA1zg4EOcy6x/K0IPGGHm6U9UzHZmIzw/9MDb8vCOqb6r+58k2VqVl34l39X51Kl9xg1MJ9GWJKqah0d9JgRFGK2dHOUo5Yat7pe6fobP3BUGV8cxfEvny3IKpHnY6NllYaERQnq3Eje6nagyC1QQBVwYJeGqImqGJeYIT8+fhOnXUC/Uhmbe3OZQoWXhZMo1Pk+aMiiUPnAM3l+ykf0wlaf+r4JcCc+lQpcrGImK0XdsCf3SiairZowBMcuJqf/HVM99zujx2D/GG4HFttWXZN5KDcWqWfBkmWxQuXTR3tgIMXtZdCHVctN9LYRtJ4Rjp3T8GlQ==,iv:DSQ2uHBlhFaMklqbItA6Crt09EOydiCD7DzQcSPJdlM=,tag:nWT/ZiJVGKojw/QzhVJiqg==,type:str]
syncthing_key: ENC[AES256_GCM,data:W/mx/qc1Cc5AY3utYSfroSoVDzX+pyOE6z54ppck1Hc/Y2LLyInRuc6eIZgqdA9BvVtv8YDTltpXjp2kJSZSm+GWjrkl/OislojXeOLkuqjRtjydCyu/ErlFglcLLvWwx+kvLeq0yADARZnanmG2+HT1nnF8OORWQ08sP8GnujFKVj4JLUX7emBzUz6wARjjFbnuF1xNh+Ach+0J6g+shGRMDdVSazbk+lDKsotUCMItMLhEde0TK7fWxpsCGRBfTjERDoQiyIgwouOIvV78Z8Qa/5GCWntg2b8lvqE9IsWvdmySiZ0XNzP8Qmd1ux3PRT5Btw0e3eZIehVmtwEkgKmuBx++SmEi4fULlrA2bs/SW1lyDYazUXfMteGNtEUY4rlKpE2RMiY3xXi4+7/K1SgQoPLn0tIiW5YUVxmQKOSYvXoCg+HF3ppmbXRHnVrfj8rv/fEXjGXywXKCyGeIJMEp+gmPaxHaMIjiAXvsuxBhvOnc17j0UakKB9mdefVs,iv:RnSiWtdgQfDiEooqm5ecjubN5uR11+qa28d79v+6GK8=,tag:LJwBUw3BBvcUWPGBKOSSsA==,type:str]
sops:
age:
- recipient: age1smjjh7l5gchlp4zgfqcxaam506mudacsr37nqj690t0gktzlksvqskd2ek
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1VlRCZHlaRVVjbTAweEMv
RXc5eDZMdjk3MFEyZFY2NmFYZGg0WFVuK1d3CmpheFB0SzlTWTA2MXg4eDVSeG9a
ZGlkK3BJbzM5RkNOazV5TGNJWVI1bDAKLS0tIExBM1JQNk9IL1FHeXFabWJ2ckxW
U1BsSnRNWTdUMlR5YVlGaW1PWDdBNzQKSZVNl4AWkEzn6cTxOrl+OVpWel1JQHmy
w8kWDihMnFfB4LwuDePYtUIFdOxxWeTZjObP/UP6ZxumhxNEAOR6tQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1njjegjjdqzfnrr54f536yl4lduqgna3wuv7ef6vtl9jw5cju0grsgy62tm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZFhkSGVjSTNJVUdIbnFj
WEJNMGhheHVUUUdQM01vb0tNamg2ekExc244ClJsT21uZ2ZJZlNoQ0Vld01JWFAx
bDBwNEEvZ0dFalVVb2kxaUZ3Q0x4eTAKLS0tIHhWRmh2N3NEekN0bnJSSHBVTzBk
cEE5bVpUSE9TY2t3ZjZTSUZ3Z1ZreGsKqZH2+N5cTl5a5MIDO/x33RQ44ZZWM8HN
eb0lI8kOc+e4plDQF6Qe2RXJCKcD/4MPkB70sUiPb6SemqBfrREsew==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-12T18:34:32Z"
mac: ENC[AES256_GCM,data:XBKlvlDejMuOK5LXFTtmIV0TcnzAPctQrmhV28ZqPcdpiBYINGiWM4r4Zo3fNjpjBhKx+Vd3sIIGiBBi40Lhm1uK6FBAZ7eqhIDU0LOsJJ+jBo26m7kXCWYddzoPzTHBfYRx0DyecLml2bhW8JuRv5v5/IHSq6ibF5XUtbZT9GA=,iv:oOUCUd2BlodibsUoe1eLWWtJvempPZBckfgAwU4rqKA=,tag:gYmsLVaOopKJsO7k52vZKw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2