diff --git a/configuration.nix b/configuration.nix deleted file mode 100644 index 1e1788f..0000000 --- a/configuration.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ pkgs, userSettings, systemSettings, ... }: -{ - # nix.settings.experimental-features = [ "nix-command" "flakes" ]; - - environment.systemPackages = with pkgs; [ - # (pkgs.writeShellScriptBin "nrbs" "sudo nixos-rebuild switch") - # (pkgs.writeShellScriptBin "nrbsu" "sudo nix-channel --update && sudo nixos-rebuild switch") - bash - busybox - git - eza - ]; - - # For SSH access - services.openssh.enable = true; - - # Networking stuff - services.avahi = { enable = true; nssmdns4 = true; }; - - # Uses rust-based sudo - security.sudo-rs = { - enable = true; - execWheelOnly = false; - wheelNeedsPassword = false; # allows sudo without password for those in the wheel group - }; - - users.users.${userSettings.username} = { - isNormalUser = true; - uid = 1000; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keyFiles = [ /root/.ssh/authorized_keys ]; - }; - - time.timeZone = "${systemSettings.timeZone}"; - networking.hostName = systemSettings.hostName; -} diff --git a/flake.nix b/flake.nix index 6d46c62..cf1e175 100644 --- a/flake.nix +++ b/flake.nix @@ -1,27 +1,10 @@ { description = "Panoptes flake config"; - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11"; - home-manager = { - url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - vscode-server.url = "github:nix-community/nixos-vscode-server"; - }; - - outputs = { - self, - nixpkgs, - nixpkgs-stable, - home-manager, - ... - } @ inputs: + outputs = { self, ... }@args: let - stateVersion = "24.11"; inherit (self) outputs; - nixosSystem = inputs.nixpkgs.lib.nixosSystem; + nixosSystem = args.nixpkgs.lib.nixosSystem; userSettings = rec { username = "panoptes"; @@ -32,54 +15,59 @@ systemSettings = rec { hostName = "panoptes-nix"; + stateVersion = "24.11"; system = "x86_64-linux"; timeZone = "America/Chicago"; locale = "en_US.UTF-8"; }; - pkgs = inputs.nixpkgs.legacyPackages.${systemSettings.system}; - pkgs-stable = inputs.nixpkgs-stable.legacyPackages.${systemSettings.system}; + pkgs = args.nixpkgs.legacyPackages.${systemSettings.system}; + pkgs-stable = args.nixpkgs-stable.legacyPackages.${systemSettings.system}; in { nixosModules.default = ./nixosModules; - nixosConfigurations = { - "${systemSettings.hostName}" = nixosSystem { - system = systemSettings.system; - specialArgs = { - inherit inputs; - inherit outputs; - inherit userSettings; - inherit systemSettings; - }; - modules = [ - ./configuration.nix # > Our main nixos configuration file < - "${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix" - ({ ... }: { - system.stateVersion = "${stateVersion}"; - services.vscode-server.enable = true; - }) - inputs.vscode-server.nixosModules.default - ]; + nixosConfigurations.${systemSettings.hostName} = nixosSystem { + system = systemSettings.system; + specialArgs = { + inherit systemSettings; + inherit userSettings; }; + modules = [ + (args.nixpkgs + "/nixos/modules/virtualisation/proxmox-lxc.nix") + # ./configuration.nix # > Our main nixos configuration file < + outputs.nixosModules.default + args.home-manager.nixosModules.default + args.vscode-server.nixosModules.default + ({ ... }: { services.vscode-server.enable = true; }) + ]; }; homeConfigurations = { useGlobalPkgs = true; - "panoptes@panoptes-nix" = home-manager.lib.homeManagerConfiguration { - inherit pkgs stateVersion; - specialArgs = { - inherit inputs; + ${userSettings.username} = args.home-manager.lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { + inherit args; inherit outputs; inherit userSettings; inherit systemSettings; }; modules = [ ./home.nix - # ({...}: {home.stateVersion = "${stateVersion}";}) ]; }; }; }; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11"; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + vscode-server.url = "github:nix-community/nixos-vscode-server"; + }; } diff --git a/home.nix b/home.nix index 98fd823..e1e6b5d 100644 --- a/home.nix +++ b/home.nix @@ -5,9 +5,10 @@ ... }: let - homePath = "/srv/panoptes"; - repoURL = "https://gitea.john-stream.com/john/loki-nix"; - repoBranch = "reorg"; + repoURL = "https://gitea.john-stream.com/john/panoptes-nix"; + repoBranch = "main"; + homePath = "/home/${userSettings.username}"; + repoPath = "${homePath}/${systemSettings.hostName}"; in { nixpkgs.config.allowUnfree = true; @@ -25,15 +26,18 @@ in programs.ssh.enable = true; home = { + stateVersion = "${systemSettings.stateVersion}"; + username = "${userSettings.username}"; homeDirectory = "${homePath}"; - packages = [ - (pkgs.writeShellScriptBin "nfs" '' - sudo nixos-rebuild switch --flake ${homePath}#${hostName} --impure + packages = with pkgs; [ + (writeShellScriptBin "nfs" '' + sudo nixos-rebuild switch --flake ${repoPath}#${systemSettings.hostName} --impure '') - (pkgs.writeShellScriptBin "init-panoptes" '' - sudo -u git clone -b ${repoBranch} ${repoURL} /srv/panoptes + (writeShellScriptBin "init-panoptes" '' + sudo -u ${userSettings.username} git clone -b ${repoBranch} ${repoURL} ${repoPath} '') git + python313 ]; }; diff --git a/nixosModules/default.nix b/nixosModules/default.nix index e3352e8..fb44495 100644 --- a/nixosModules/default.nix +++ b/nixosModules/default.nix @@ -1,9 +1,8 @@ { pkgs, config, - lib, - inputs, - outputs, + systemSettings, + userSettings, ... }: { imports = @@ -13,7 +12,34 @@ config = { nix.settings.experimental-features = ["nix-command" "flakes"]; - programs.nix-ld.enable = true; nixpkgs.config.allowUnfree = true; + system.stateVersion = "${systemSettings.stateVersion}"; + # programs.nix-ld.enable = true; + services.openssh.enable = true; + services.avahi = { enable = true; nssmdns4 = true; }; + + time.timeZone = "${systemSettings.timeZone}"; + networking.hostName = systemSettings.hostName; + + environment.systemPackages = with pkgs; [ + home-manager + bash + busybox + git + eza + ]; + + security.sudo-rs = { + enable = true; + execWheelOnly = false; + wheelNeedsPassword = false; # allows sudo without password for those in the wheel group + }; + + users.users.${userSettings.username} = { + isNormalUser = true; + uid = 1000; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keyFiles = [ /root/.ssh/authorized_keys ]; + }; }; } \ No newline at end of file diff --git a/nixosModules/services/loki.nix b/nixosModules/services/loki.nix index c2b395b..ba605d0 100644 --- a/nixosModules/services/loki.nix +++ b/nixosModules/services/loki.nix @@ -1,12 +1,13 @@ { pkgs, config, ... }: +let + lokiPort = config.services.loki.configuration.server.http_listen_port; +in { - networking.firewall.allowedTCPPorts = [ - config.services.loki.configuration.server.http_listen_port - ]; + networking.firewall.allowedTCPPorts = [ lokiPort ]; environment.systemPackages = with pkgs; [ (pkgs.writeShellScriptBin "loki-check" '' - curl http://localhost:${config.services.loki.configuration.server.http_listen_port}/ready + curl http://localhost:${builtins.toString lokiPort}/ready '') (pkgs.writeShellScriptBin "loki-logs" "journalctl -b -u loki.service -n 10") ];