john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: john/dendritic:c1339ef94934641a53d1e16b581e05fbe7181daa
Branches Tags
john/dendritic:main john/dendritic:wrappers john/dendritic:forgejo
...
compare: john/dendritic:9e8c782f889000f15991852abc8808842e6a356d
Branches Tags
john/dendritic:wrappers john/dendritic:forgejo john/dendritic:main

4 Commits
c1339ef949 ... 9e8c782f88

Author SHA1 Message Date
John Lancaster 9e8c782f88 added ds script to shell-tools 2026-03-28 19:16:32 -05:00
John Lancaster 550e61eb5a separated nixos rebuild 2026-03-28 19:15:31 -05:00
John Lancaster 8ec898d874 moved restic to features 2026-03-28 17:41:07 -05:00
John Lancaster 9340776aa3 testpushCmd 2026-03-28 17:40:59 -05:00
6 changed files with 90 additions and 69 deletions
Expand all files Collapse all files
modules/services/restic/default.nix → modules/features/restic.nix
+4 -4
View File
@@ -1,4 +1,4 @@
{ inputs, ... }: { { self, inputs, ... }: {
flake.modules.nixos.restic-server = { config, pkgs, lib, ... }: { flake.modules.nixos.restic-server = { config, pkgs, lib, ... }: {
services.restic.server = { services.restic.server = {
enable = true; enable = true;
@@ -47,20 +47,20 @@
config = let config = let
resticRepository = "rest:https://soteria.john-stream.com/${cfg.repoName}"; resticRepository = "rest:https://soteria.john-stream.com/${cfg.repoName}";
caCert = "${config.mtls.certDir}/root_ca.crt"; caCert = "${config.mtls.certDir}/root_ca.crt";
mtlsClientCert = "${config.mtls.certDir}/${config.mtls.bundleFilename}"; mtlsBundle = "${config.mtls.certDir}/${config.mtls.bundleFilename}";
in in
{ {
home.sessionVariables = { home.sessionVariables = {
RESTIC_REPOSITORY = resticRepository; RESTIC_REPOSITORY = resticRepository;
RESTIC_PASSWORD_FILE = cfg.passwordFile; RESTIC_PASSWORD_FILE = cfg.passwordFile;
RESTIC_CACERT = caCert; RESTIC_CACERT = caCert;
RESTIC_TLS_CLIENT_CERT = mtlsClientCert; RESTIC_TLS_CLIENT_CERT = mtlsBundle;
}; };
# This is necessary because the restic service in home manager doesn't otherwise expose these options. # This is necessary because the restic service in home manager doesn't otherwise expose these options.
systemd.user.services."restic-backups-${cfg.repoName}".Service.Environment = [ systemd.user.services."restic-backups-${cfg.repoName}".Service.Environment = [
"RESTIC_CACERT=${caCert}" "RESTIC_CACERT=${caCert}"
"RESTIC_TLS_CLIENT_CERT=${mtlsClientCert}" "RESTIC_TLS_CLIENT_CERT=${mtlsBundle}"
]; ];
services.restic = { services.restic = {
modules/hosts/john-p14s/configuration.nix
+6 -3
View File
@@ -16,6 +16,8 @@
allowUnfree = true; allowUnfree = true;
}; };
flakeDir = "${config.home-manager.users.john.home.homeDirectory}/Documents/dendritic";
networking = { networking = {
hostName = hostname; hostName = hostname;
networkmanager.enable = true; networkmanager.enable = true;
@@ -66,9 +68,9 @@
time.timeZone = "America/Chicago"; time.timeZone = "America/Chicago";
# Select internationalisation properties. # Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8"; i18n = {
defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = { extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8"; LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8"; LC_MEASUREMENT = "en_US.UTF-8";
@@ -79,6 +81,7 @@
LC_TELEPHONE = "en_US.UTF-8"; LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8";
}; };
};
services.libinput.enable = true; # Enable touchpad support (enabled default in most desktopManager). services.libinput.enable = true; # Enable touchpad support (enabled default in most desktopManager).
services.fprintd.enable = true; # Enables fingerprint sensor services.fprintd.enable = true; # Enables fingerprint sensor
modules/hosts/john-p14s/default.nix
+1
View File
@@ -12,6 +12,7 @@
"${inputs.nixos-hardware}/lenovo/thinkpad/p14s/amd/gen4" "${inputs.nixos-hardware}/lenovo/thinkpad/p14s/amd/gen4"
] ++ (with self.modules.nixos; [ ] ++ (with self.modules.nixos; [
p14sConfiguration p14sConfiguration
rebuild
sudo sudo
john john
gnome gnome
modules/hosts/john-pc/default.nix
+24 -20
View File
@@ -1,17 +1,28 @@
{ inputs, ... }: { self, inputs, ... }:
let let
username = "john"; username = "john";
hostname = "john-pc-ubuntu"; hostname = "john-pc-ubuntu";
testHost = "soteria";
testTarget = "fded:fb16:653e:25da:be24:11ff:fea0:753f"; # test-nix testTarget = "fded:fb16:653e:25da:be24:11ff:fea0:753f"; # test-nix
# testTarget = "fded:fb16:653e:25da:be24:11ff:fe89:1cc3"; # soteria # testTarget = "fded:fb16:653e:25da:be24:11ff:fe89:1cc3"; # soteria
in in
{ {
flake.modules.homeManager."${hostname}" = { pkgs, config, ... }: flake.modules.homeManager."${hostname}" = { config, pkgs, lib, ... }:
let let
flakeDir = "${config.xdg.configHome}/home-manager/jsl-dendritic"; flakeDir = "${config.xdg.configHome}/home-manager/jsl-dendritic";
certDir = "${config.mtls.certDir}"; certDir = "${config.mtls.certDir}";
mtlsBundle = "${certDir}/${config.mtls.bundleFilename}"; mtlsBundle = "${certDir}/${config.mtls.bundleFilename}";
resticPasswordFile = "${config.xdg.configHome}/restic/password.txt"; resticPasswordFile = "${config.xdg.configHome}/restic/password.txt";
testPushCmd = (pkgs.writeShellScriptBin "test-push" ''
${lib.getExe' pkgs.coreutils "mkdir"} -p /var/tmp/nix-build
${lib.getExe' pkgs.coreutils "chmod"} 1777 /var/tmp/nix-build
${lib.getExe pkgs.nixos-rebuild} switch \
--flake ${flakeDir}#${testHost} \
--target-host root@${testTarget}
'');
in in
{ {
imports = with inputs.self.modules.homeManager; [ imports = with inputs.self.modules.homeManager; [
@@ -25,28 +36,21 @@ in
docker docker
desktop desktop
]; ];
targets.genericLinux.enable = true;
shell.program = "zsh";
home.username = "${username}";
home.homeDirectory = "/home/${username}";
home.packages = with pkgs; [
nixos-rebuild
(writeShellScriptBin "test-push" ''
mkdir -p /var/tmp/nix-build
chmod 1777 /var/tmp/nix-build
nixos-rebuild switch \
--flake ${flakeDir}#${hostname} \
--target-host root@${testTarget}
'')
];
# TODO: make this more restrictive, rather than allowing all unfree packages # TODO: make this more restrictive, rather than allowing all unfree packages
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ]; nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ];
targets.genericLinux.enable = true;
home.username = "${username}";
home.homeDirectory = "/home/${username}";
home.packages = [
pkgs.nixos-rebuild
testPushCmd
];
shell.program = "zsh";
homeManagerFlakeDir = flakeDir; homeManagerFlakeDir = flakeDir;
docker.enable = true; docker.enable = true;
modules/nix-tools/rebuild.nix
+43 -33
View File
@@ -1,7 +1,49 @@
{ self, inputs, ... }: { self, inputs, ... }:
{ {
flake.modules.nixos.rebuild =
{ config, pkgs, lib, ... }:
let
flakeDir = config.rebuild.flakeDir;
echoCmd = lib.getExe' pkgs.coreutils "echo";
hostnameCmd = "$(${lib.getExe pkgs.hostname} -s)";
nfs = (pkgs.writeShellScriptBin "nfs" ''
HOSTNAME=${hostnameCmd}
${echoCmd} "Switching to the $HOSTNAME nixos profile"
sudo ${lib.getExe pkgs.nixos-rebuild} switch --impure --flake ${flakeDir}#$HOSTNAME
'');
in
{
options.rebuild = {
flakeDir = lib.mkOption {
description = "Path to the flake directory.";
type = lib.types.str;
default = "/etc/nixos";
};
};
config = {
environment.systemPackages = with pkgs; [
nfs
(writeShellScriptBin "nfsu" ''
${lib.getExe nix} flake update --impure --flake ${flakeDir}
${lib.getExe git} -C ${flakeDir} add ${flakeDir}/flake.lock > /dev/null 2>&1
${lib.getExe nfs}
'')
(writeShellScriptBin "test-build" ''
if [ -z "$1" ]; then
HOSTNAME=${hostnameCmd}
else
HOSTNAME="$1"
fi
${echoCmd} "Testing the evaulation of the nixos config for $HOSTNAME"
${lib.getExe nix} eval ${flakeDir}#nixosConfigurations.$HOSTNAME.config.system.build.toplevel.drvPath
'')
];
};
};
flake.modules.homeManager.rebuild = flake.modules.homeManager.rebuild =
{ pkgs, lib, config, ... }: { config, pkgs, lib, ... }:
let let
nixBin = lib.getExe pkgs.nix; nixBin = lib.getExe pkgs.nix;
flakeDir = config.homeManagerFlakeDir; flakeDir = config.homeManagerFlakeDir;
@@ -12,11 +54,6 @@
${echoCmd} "Switching to the $HOSTNAME home-manager profile" ${echoCmd} "Switching to the $HOSTNAME home-manager profile"
${lib.getExe pkgs.home-manager} switch --impure --flake ${flakeDir}#$HOSTNAME ${lib.getExe pkgs.home-manager} switch --impure --flake ${flakeDir}#$HOSTNAME
''); '');
nfs = (pkgs.writeShellScriptBin "nfs" ''
HOSTNAME=${hostnameCmd}
${echoCmd} "Switching to the $HOSTNAME nixos profile"
sudo ${lib.getExe pkgs.nixos-rebuild} switch --impure --flake ${flakeDir}#$HOSTNAME
'');
in in
{ {
options = { options = {
@@ -39,43 +76,16 @@
home.packages = with pkgs; [ home.packages = with pkgs; [
home-manager home-manager
#
# Flake-Parts checks
#
(writeShellScriptBin "flake-parts-check" '' (writeShellScriptBin "flake-parts-check" ''
cd ${flakeDir} cd ${flakeDir}
${nixBin} run "${flakeDir}#write-flake" ${nixBin} run "${flakeDir}#write-flake"
${nixBin} flake check ${nixBin} flake check
'') '')
#
# Home-Manager rebuilds
#
nhms nhms
(writeShellScriptBin "nhmu" '' (writeShellScriptBin "nhmu" ''
${nixBin} flake update --flake ${flakeDir} ${nixBin} flake update --flake ${flakeDir}
${lib.getExe nhms} ${lib.getExe nhms}
'') '')
#
# NixOS rebuilds
#
nfs
(writeShellScriptBin "nfsu" ''
${nixBin} flake update --impure --flake ${flakeDir}
${lib.getExe git} -C ${flakeDir} add ${flakeDir}/flake.lock > /dev/null 2>&1
${lib.getExe nfs}
'')
(writeShellScriptBin "test-build" ''
if [ -z "$1" ]; then
HOSTNAME=${hostnameCmd}
else
HOSTNAME="$1"
fi
${echoCmd} "Testing the evaulation of the nixos config for $HOSTNAME"
${nixBin} eval ${flakeDir}#nixosConfigurations.$HOSTNAME.config.system.build.toplevel.drvPath
'')
]; ];
}; };
}; };
modules/programs/shell-tools.nix
+3
View File
@@ -31,6 +31,9 @@
xclip xclip
jq jq
ripgrep ripgrep
(writeShellScriptBin "ds" ''
${lib.getExe pkgs.gdu} -x -I /snap /
'')
]; ];
}; };
}; };