From 80cc7131e2f65768d2d5233c5597b3d506a61d59 Mon Sep 17 00:00:00 2001 From: John Lancaster <32917998+jsl12@users.noreply.github.com> Date: Mon, 26 May 2025 23:26:43 -0500 Subject: [PATCH] a bit of reorg --- configuration.nix | 26 +++++++ flake.lock | 72 +++++++++---------- flake.nix | 113 ++++++++++++++---------------- nixosModules/default.nix | 44 +----------- nixosModules/home-manager/git.nix | 9 +++ nixosModules/users.nix | 26 +++++++ scripts/default.nix | 24 +++++++ 7 files changed, 174 insertions(+), 140 deletions(-) create mode 100644 configuration.nix create mode 100644 nixosModules/home-manager/git.nix create mode 100644 nixosModules/users.nix create mode 100644 scripts/default.nix diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..bc74e0d --- /dev/null +++ b/configuration.nix @@ -0,0 +1,26 @@ +{ + pkgs, + config, + systemSettings, + userSettings, + ... +}: { + config = { + services.openssh.enable = true; + services.avahi = { enable = true; nssmdns4 = true; }; + + environment.systemPackages = with pkgs; [ + home-manager + bash + busybox + git + eza + ]; + + security.sudo-rs = { + enable = true; + execWheelOnly = false; + wheelNeedsPassword = false; # allows sudo without password for those in the wheel group + }; + }; +} \ No newline at end of file diff --git a/flake.lock b/flake.lock index 69bdf4d..9fe5da2 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1733484277, - "narHash": "sha256-i5ay20XsvpW91N4URET/nOc0VQWOAd4c4vbqYtcH8Rc=", + "lastModified": 1748227609, + "narHash": "sha256-SaSdslyo6UGDpPUlmrPA4dWOEuxCy2ihRN9K6BnqYsA=", "owner": "nix-community", "repo": "home-manager", - "rev": "d00c6f6d0ad16d598bf7e2956f52c1d9d5de3c3a", + "rev": "d23d20f55d49d8818ac1f1b2783671e8a6725022", "type": "github" }, "original": { @@ -40,58 +40,48 @@ }, "nixpkgs": { "locked": { - "lastModified": 1733581040, - "narHash": "sha256-Qn3nPMSopRQJgmvHzVqPcE3I03zJyl8cSbgnnltfFDY=", - "owner": "NixOS", + "lastModified": 1748190013, + "narHash": "sha256-R5HJFflOfsP5FBtk+zE8FpL8uqE7n62jqOsADvVshhE=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "22c3f2cf41a0e70184334a958e6b124fb0ce3e01", + "rev": "62b852f6c6742134ade1abdd2a21685fd617a291", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1733412085, - "narHash": "sha256-FillH0qdWDt/nlO6ED7h4cmN+G9uXwGjwmCnHs0QVYM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "4dc2fc4e62dbf62b84132fe526356fbac7b03541", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1682134069, - "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "fd901ef4bf93499374c5af385b2943f5801c0833", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, "root": { "inputs": { "home-manager": "home-manager", "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable", + "sops-nix": "sops-nix", "vscode-server": "vscode-server" } }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747603214, + "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -110,7 +100,9 @@ "vscode-server": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_2" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1729422940, diff --git a/flake.nix b/flake.nix index da91c36..c92d058 100644 --- a/flake.nix +++ b/flake.nix @@ -1,68 +1,63 @@ { - description = "Panoptes flake config"; - - outputs = { self, ... }@args: - let - inherit (self) outputs; - nixosSystem = args.nixpkgs.lib.nixosSystem; - - userSettings = { - username = "panoptes"; - gitUserName = "John Lancaster"; - gitUserEmail = "32917998+jsl12@users.noreply.github.com"; - }; - - systemSettings = { - hostName = "panoptes-nix"; - stateVersion = "24.11"; - system = "x86_64-linux"; - timeZone = "America/Chicago"; - locale = "en_US.UTF-8"; - }; - - pkgs = args.nixpkgs.legacyPackages.${systemSettings.system}; - pkgs-stable = args.nixpkgs-stable.legacyPackages.${systemSettings.system}; - - in - { - nixosModules.default = ./nixosModules; - - nixosConfigurations.${systemSettings.hostName} = nixosSystem { - system = systemSettings.system; - specialArgs = { - inherit systemSettings; - inherit userSettings; - }; - modules = [ - (args.nixpkgs + "/nixos/modules/virtualisation/proxmox-lxc.nix") - # ./configuration.nix # > Our main nixos configuration file < - outputs.nixosModules.default - args.home-manager.nixosModules.default - args.vscode-server.nixosModules.default - ({ ... }: { services.vscode-server.enable = true; }) - ]; - }; - - homeConfigurations = { - useGlobalPkgs = true; - ${userSettings.username} = args.home-manager.lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { - inherit systemSettings; - inherit userSettings; - }; - modules = [ ./home.nix ]; - }; - }; - }; + description = "A very basic flake"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11"; + nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; + vscode-server = { + url = "github:nix-community/nixos-vscode-server"; + inputs.nixpkgs.follows = "nixpkgs"; + }; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; - vscode-server.url = "github:nix-community/nixos-vscode-server"; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, ... }@args: + let + inherit (self) outputs; + systemSettings = { + hostName = "panoptes-nix"; + system = "x86_64-linux"; + timeZone = "America/Chicago"; + locale = "en_US.UTF-8"; + }; + userSettings = { + username = "root"; + }; + nixosSystem = args.nixpkgs.lib.nixosSystem; + pkgs = args.nixpkgs.legacyPackages.${systemSettings.system}; + + in + { + nixosConfigurations.${systemSettings.hostName} = nixosSystem { + system = systemSettings.system; + specialArgs = { + inherit systemSettings userSettings; + }; + modules = [ + (args.nixpkgs + "/nixos/modules/virtualisation/proxmox-lxc.nix") + args.home-manager.nixosModules.default + args.sops-nix.nixosModules.sops + args.vscode-server.nixosModules.default + ./nixosModules + ./scripts + ({ pkgs, systemSettings, ... }: { + networking.hostName = systemSettings.hostName; + system.stateVersion = "24.11"; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + time.timeZone = "${systemSettings.timeZone}"; + + nixpkgs.config.allowUnfree = true; + services.vscode-server.enable = true; + programs.nix-ld.enable = true; + environment.systemPackages = with pkgs; [ git ]; + }) + ]; + }; }; } diff --git a/nixosModules/default.nix b/nixosModules/default.nix index fb44495..ac7098e 100644 --- a/nixosModules/default.nix +++ b/nixosModules/default.nix @@ -1,45 +1,7 @@ -{ - pkgs, - config, - systemSettings, - userSettings, - ... -}: { +{ ... }: { imports = [ ./services/loki.nix + ./users.nix ]; - - config = { - nix.settings.experimental-features = ["nix-command" "flakes"]; - nixpkgs.config.allowUnfree = true; - system.stateVersion = "${systemSettings.stateVersion}"; - # programs.nix-ld.enable = true; - services.openssh.enable = true; - services.avahi = { enable = true; nssmdns4 = true; }; - - time.timeZone = "${systemSettings.timeZone}"; - networking.hostName = systemSettings.hostName; - - environment.systemPackages = with pkgs; [ - home-manager - bash - busybox - git - eza - ]; - - security.sudo-rs = { - enable = true; - execWheelOnly = false; - wheelNeedsPassword = false; # allows sudo without password for those in the wheel group - }; - - users.users.${userSettings.username} = { - isNormalUser = true; - uid = 1000; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keyFiles = [ /root/.ssh/authorized_keys ]; - }; - }; -} \ No newline at end of file +} diff --git a/nixosModules/home-manager/git.nix b/nixosModules/home-manager/git.nix new file mode 100644 index 0000000..d30ba88 --- /dev/null +++ b/nixosModules/home-manager/git.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + programs.git = { + enable = true; + extraConfig.credential.helper = "store --file ~/.git-credentials"; + userName = "John Lancaster"; + userEmail = "32917998+jsl12@users.noreply.github.com"; + }; +} \ No newline at end of file diff --git a/nixosModules/users.nix b/nixosModules/users.nix new file mode 100644 index 0000000..77be447 --- /dev/null +++ b/nixosModules/users.nix @@ -0,0 +1,26 @@ +{ config, userSettings, ... }: +{ + # Uses rust-based sudo + security.sudo-rs = { + enable = true; + execWheelOnly = false; + wheelNeedsPassword = false; # allows sudo without password for those in the wheel group + }; + + users.users.root = { + isSystemUser = true; + extraGroups = [ + "wheel" # needed for sudo without password + "docker" # needed for docker without sudo + ]; + openssh.authorizedKeys.keyFiles = [ /root/.ssh/authorized_keys ]; + }; + + home-manager = { + useGlobalPkgs = true; + users.root = { + home.stateVersion = config.system.stateVersion; + imports = [ ./home-manager/git.nix ]; + }; + }; +} diff --git a/scripts/default.nix b/scripts/default.nix new file mode 100644 index 0000000..0584a65 --- /dev/null +++ b/scripts/default.nix @@ -0,0 +1,24 @@ +{ pkgs, systemSettings, ... }: +{ + environment.systemPackages = with pkgs; [ + (pkgs.writeShellScriptBin "nfs" '' + sudo nixos-rebuild switch --flake $(readlink -f /etc/nixos)#${systemSettings.hostName} --impure + '') + (pkgs.writeShellScriptBin "nfsu" '' + FLAKE=$(readlink -f /etc/nixos) + nix flake update --flake $FLAKE --impure + git -C $FLAKE add "$FLAKE/flake.lock" > /dev/null 2>&1 + sudo nixos-rebuild switch --flake $FLAKE#${systemSettings.hostName} --impure + '') + (pkgs.writeShellScriptBin "edit-secrets" "sudo sops $(readlink -f /etc/nixos)/secrets/encrypted_secrets.yaml") + (pkgs.writeShellScriptBin "public-age-key" '' + nix run nixpkgs#ssh-to-age -- -i /etc/ssh/ssh_host_ed25519_key.pub + '') + (pkgs.writeShellScriptBin "private-age-key" '' + sudo mkdir -p ~/.config/sops/age + sudo nix run nixpkgs#ssh-to-age -- -private-key -i /etc/ssh/ssh_host_ed25519_key > ~/.config/sops/age/keys.txt + sudo chown -R 0:0 ~/.config + sudo chmod -R 600 ~/.config/sops + '') + ]; +} \ No newline at end of file