fern/flock
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Modularise config. Add sops-nix for secrets management.

Browse source
This commit is contained in:
Fern Garden 2025-07-08 14:09:35 +08:00
parent 02fdb4707d
commit a348413d83
15 changed files with 211 additions and 119 deletions
Download patch file Download diff file Expand all files Collapse all files

52
flake.nix
View file

@ -5,6 +5,11 @@
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; # Stable nixpkgs.
lanzaboote.url = "github:nix-community/lanzaboote"; # Secure boot.
nixos-hardware.url = "github:NixOS/nixos-hardware"; # Hardware specific config.
sops-nix.url = "github:Mic92/sops-nix"; # Secrets management.
secrets = {
url = "git+ssh://git@docker.local:222/fern/secrets?ref=main";
flake = false;
}; # Secrets repo.
# Updated packages.
fluffychat2.url = "github:NixOS/nixpkgs?ref=pull/419632/head"; # FluffyChat 2.0.0
@ -17,11 +22,13 @@
nixpkgs,
lanzaboote,
nixos-hardware,
sops-nix,
fluffychat2,
feishin0_17,
...
}:
{
# ThinkPad T480
nixosConfigurations.muskduck = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
@ -38,10 +45,13 @@
./configuration/common.nix
./configuration/desktop.nix
./hardware-configuration/muskduck.nix # Include the results of the hardware scan.
./hosts/muskduck.nix # Include the results of the hardware scan.
];
};
### Proxmox Guests ###
nixosConfigurations.vm-minecraft = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
@ -49,8 +59,12 @@
{ networking.hostName = "minecraft"; }
./configuration/common.nix
./configuration/vm.nix
./hardware-configuration/vm-minecraft.nix # Include the results of the hardware scan.
./configuration/server/common.nix
./configuration/server/vm.nix
./configuration/server/docker.nix
./hosts/vm-minecraft.nix # Include the results of the hardware scan.
];
};
@ -61,8 +75,12 @@
{ networking.hostName = "docker"; }
./configuration/common.nix
./configuration/vm.nix
./hardware-configuration/vm-docker.nix # Include the results of the hardware scan.
./configuration/server/common.nix
./configuration/server/vm.nix
./configuration/server/docker.nix
./hosts/vm-docker.nix # Include the results of the hardware scan.
];
};
@ -70,19 +88,35 @@
system = "x86_64-linux";
modules = [
(nixpkgs + "/nixos/modules/virtualisation/proxmox-lxc.nix")
{ networking.hostName = "technitium"; }
./configuration/containers/technitium.nix
./configuration/common.nix
./configuration/server/common.nix
./configuration/server/containers/common.nix
./configuration/server/containers/technitium.nix
];
};
nixosConfigurations.lxc-firefox-syncserver = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
secrets = builtins.toString inputs.secrets;
};
modules = [
(nixpkgs + "/nixos/modules/virtualisation/proxmox-lxc.nix")
sops-nix.nixosModules.sops
{ networking.hostName = "firefox-syncserver"; }
./configuration/containers/firefox-syncserver.nix
./configuration/common.nix
./configuration/server/common.nix
./configuration/server/containers/common.nix
./configuration/server/containers/firefox-syncserver.nix
];
};
};