diff --git a/flake.lock b/flake.lock index b38e475..3f8112b 100755 --- a/flake.lock +++ b/flake.lock @@ -15,26 +15,6 @@ "type": "github" } }, - "deploy-rs": { - "inputs": { - "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs", - "utils": "utils" - }, - "locked": { - "lastModified": 1749105467, - "narHash": "sha256-hXh76y/wDl15almBcqvjryB50B0BaiXJKk20f314RoE=", - "owner": "serokell", - "repo": "deploy-rs", - "rev": "6bc76b872374845ba9d645a2f012b764fecd765f", - "type": "github" - }, - "original": { - "owner": "serokell", - "repo": "deploy-rs", - "type": "github" - } - }, "feishin-0_17_0": { "locked": { "lastModified": 1751534869, @@ -52,22 +32,6 @@ } }, "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "flake": false, "locked": { "lastModified": 1747046372, @@ -127,7 +91,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": "systems" }, "locked": { "lastModified": 1731533236, @@ -212,9 +176,9 @@ "lanzaboote": { "inputs": { "crane": "crane", - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "pre-commit-hooks-nix": "pre-commit-hooks-nix", "rust-overlay": "rust-overlay" }, @@ -248,22 +212,6 @@ } }, "nixpkgs": { - "locked": { - "lastModified": 1743014863, - "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { "locked": { "lastModified": 1751203939, "narHash": "sha256-omYD+H5LlSihz2DRfv90I8Oeo7JNEwvcHPHX+6nMIM4=", @@ -279,7 +227,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_2": { "locked": { "lastModified": 1751741127, "narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=", @@ -295,7 +243,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1751786137, "narHash": "sha256-lIlUKVGCGsh0Q2EA7/6xRtKUZjaQ/ur8uUyY+MynHXQ=", @@ -311,7 +259,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1744868846, "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", @@ -330,9 +278,9 @@ "nixvim": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "nuschtosSearch": "nuschtosSearch", - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1752099138, @@ -399,12 +347,11 @@ }, "root": { "inputs": { - "deploy-rs": "deploy-rs", "feishin-0_17_0": "feishin-0_17_0", "fluffychat-2_0_0": "fluffychat-2_0_0", "lanzaboote": "lanzaboote", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "nixvim": "nixvim", "secrets": "secrets", "sops-nix": "sops-nix" @@ -450,7 +397,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1751606940, @@ -495,39 +442,6 @@ "repo": "default", "type": "github" } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 107aea0..e171816 100755 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,6 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; # Stable nixpkgs. - deploy-rs.url = "github:serokell/deploy-rs"; lanzaboote.url = "github:nix-community/lanzaboote"; # Secure boot. nixos-hardware.url = "github:NixOS/nixos-hardware"; # Hardware specific config. sops-nix.url = "github:Mic92/sops-nix"; # Secrets management. @@ -20,52 +19,115 @@ feishin-0_17_0.url = "github:NixOS/nixpkgs?ref=pull/414929/head"; # Feishin 0.17.0 }; - outputs = { + outputs = inputs @ { + nixpkgs, lanzaboote, nixos-hardware, + nixvim, sops-nix, + fluffychat-2_0_0, + feishin-0_17_0, ... - } @ inputs: let - helpers = import ./helpers.nix inputs; - inherit (helpers) mergeHosts mkHost; - in - mergeHosts [ - (mkHost "muskduck" { - suite = "laptop"; - extraModules = [ - lanzaboote.nixosModules.lanzaboote - nixos-hardware.nixosModules.lenovo-thinkpad-t480 - ]; - }) + }: + with nixpkgs.lib; let + mkHost = { + hostname, + suite, + platform ? "x86_64-linux", + user ? "fern", + extraModules ? [], + }: + nixosSystem rec { + system = platform; - (mkHost "weebill" { - suite = "server"; - platform = "aarch64-linux"; - user = "docker"; - extraModules = [ - nixos-hardware.nixosModules.raspberry-pi-4 - ]; - }) + pkgs = import nixpkgs { + inherit system; + config = { + allowUnfree = true; + permittedInsecurePackages = [ + "dotnet-sdk-6.0.428" + "dotnet-runtime-6.0.36" + ]; + }; + }; - # (mkHost "docker" { - # suite = "vm"; - # user = "docker"; - # }) + specialArgs = { + inherit + nixpkgs + hostname + suite + platform + user + ; # Inherit variables. - (mkHost "minecraft" { - suite = "vm"; - user = "docker"; - }) + userPackages = { + fluffychat = fluffychat-2_0_0.legacyPackages.${system}.fluffychat; + feishin = feishin-0_17_0.legacyPackages.${system}.feishin; + webone = pkgs.callPackage ./packages/webone {}; + }; - (mkHost "technitium" { - suite = "lxc"; - }) + secrets = builtins.toString inputs.secrets; # Secrets directory. + }; - (mkHost "firefox-syncserver" { - suite = "lxc"; - extraModules = [ - sops-nix.nixosModules.sops - ]; - }) - ]; + modules = + [ + nixvim.nixosModules.nixvim + ./suites/common.nix + ./suites/${suite}.nix + ./hosts/${suite}/${hostname}.nix + ] + ++ (filesystem.listFilesRecursive ./modules) + ++ extraModules; + }; + in { + nixosConfigurations = { + # Laptops. + muskduck = mkHost { + hostname = "muskduck"; + suite = "laptop"; + extraModules = [ + lanzaboote.nixosModules.lanzaboote + nixos-hardware.nixosModules.lenovo-thinkpad-t480 + ]; + }; + + # Servers. + weebill = mkHost { + hostname = "weebill"; + suite = "server"; + platform = "aarch64-linux"; + user = "docker"; + extraModules = [ + nixos-hardware.nixosModules.raspberry-pi-4 + ]; + }; + + # Virtual machines. + vm-docker = mkHost { + hostname = "docker"; + suite = "vm"; + user = "docker"; + }; + + vm-minecraft = mkHost { + hostname = "minecraft"; + suite = "vm"; + user = "docker"; + }; + + # LXC containers. + lxc-technitium = mkHost { + hostname = "technitium"; + suite = "lxc"; + }; + + lxc-firefox-syncserver = mkHost { + hostname = "firefox-syncserver"; + suite = "lxc"; + extraModules = [ + sops-nix.nixosModules.sops + ]; + }; + }; + }; } diff --git a/helpers.nix b/helpers.nix deleted file mode 100644 index 6808817..0000000 --- a/helpers.nix +++ /dev/null @@ -1,67 +0,0 @@ -inputs: -with inputs; -with inputs.nixpkgs.lib; let -in { - mergeHosts = lists.foldl' ( - a: b: attrsets.recursiveUpdate a b - ) {}; - - mkHost = hostname: { - platform ? "x86_64-linux", - suite, - user ? "fern", - extraModules ? [], - }: { - nixosConfigurations.${hostname} = nixosSystem rec { - system = platform; - - pkgs = import nixpkgs { - inherit system; - config = { - allowUnfree = true; - permittedInsecurePackages = [ - "dotnet-sdk-6.0.428" - "dotnet-runtime-6.0.36" - ]; - }; - }; - - specialArgs = { - inherit - hostname - nixpkgs - suite - platform - user - ; # Inherit variables. - - userPackages = { - fluffychat = fluffychat-2_0_0.legacyPackages.${system}.fluffychat; - feishin = feishin-0_17_0.legacyPackages.${system}.feishin; - webone = pkgs.callPackage ./packages/webone {}; - }; - - secrets = builtins.toString inputs.secrets; # Secrets directory. - }; - - modules = - [ - nixvim.nixosModules.nixvim - ./suites/common.nix - ./suites/${suite}.nix - ./hosts/${suite}/${hostname}.nix - ] - ++ (filesystem.listFilesRecursive ./modules) - ++ extraModules; - }; - - deploy.nodes.${hostname} = { - hostname = "${hostname}.local"; - profiles.system = { - user = "root"; - sshUser = user; - path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${hostname}; - }; - }; - }; -} diff --git a/hosts/laptop/muskduck.nix b/hosts/laptop/muskduck.nix index b34de12..511a951 100644 --- a/hosts/laptop/muskduck.nix +++ b/hosts/laptop/muskduck.nix @@ -25,6 +25,4 @@ }; hardware.cpu.intel.updateMicrocode = true; - - boot.binfmt.emulatedSystems = ["aarch64-linux"]; } diff --git a/hosts/server/weebill.nix b/hosts/server/weebill.nix index 6be91cd..89c949c 100644 --- a/hosts/server/weebill.nix +++ b/hosts/server/weebill.nix @@ -28,16 +28,4 @@ # Enable WebOne HTTP proxy. services.webone.enable = true; - - # Enable Netatalk AFP fileserver. - services.netatalk = { - enable = true; - settings = { - Global."uam list" = "uams_guest.so"; - iMac = { - path = "/srv/iMac"; - "read-only" = true; - }; - }; - }; } diff --git a/suites/common.nix b/suites/common.nix index ccc900d..c5ee193 100644 --- a/suites/common.nix +++ b/suites/common.nix @@ -16,9 +16,6 @@ with lib; { "flakes" ]; - # Add @wheel to trusted-users for remote deployments. - nix.settings.trusted-users = ["root" "@wheel"]; - # Set $NIX_PATH to flake input. nix.nixPath = ["nixpkgs=${nixpkgs}"]; @@ -63,12 +60,6 @@ with lib; { "wheel" "networkmanager" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETPyuxUVEmYyEW6PVC6BXqkhULHd/RvMm8fMbYhjTMV fern@muskduck" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzW4epTmK01kGVXcuAXUNJQPltnogf4uab9FA5m8S3n fern@pardalote" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEJYq1fMxVOzCMfE/td6DtWS8nUk76U9seYD3Z9RYAz u0_a399@fairywren" - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMoJvPcUJDVVzO4dHROCFNlgJdDZSP5xyPx2s40zcx5QAAAABHNzaDo= YubiKey5NFC" - ]; }; # Use fish shell @@ -132,9 +123,6 @@ with lib; { ''; }; - # https://discourse.nixos.org/t/slow-build-at-building-man-cache/52365/2 - documentation.man.generateCaches = false; - # Install some packages. programs = { git.enable = true; @@ -297,17 +285,9 @@ with lib; { yazi ]; - # Enable SSH server. - services.openssh.enable = true; - # Enable avahi hostname resolution. services.avahi = { enable = true; nssmdns4 = true; - publish = { - enable = true; - addresses = true; - domain = true; - }; }; } diff --git a/suites/server.nix b/suites/server.nix index 762cc11..1f6af57 100644 --- a/suites/server.nix +++ b/suites/server.nix @@ -10,7 +10,19 @@ with lib; { # Enable all terminfo (for ghostty). environment.enableAllTerminfo = true; + # Enable SSH server. + services.openssh.enable = true; + + users.users.${user} = { + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETPyuxUVEmYyEW6PVC6BXqkhULHd/RvMm8fMbYhjTMV fern@muskduck" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzW4epTmK01kGVXcuAXUNJQPltnogf4uab9FA5m8S3n fern@pardalote" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEJYq1fMxVOzCMfE/td6DtWS8nUk76U9seYD3Z9RYAz u0_a399@fairywren" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMoJvPcUJDVVzO4dHROCFNlgJdDZSP5xyPx2s40zcx5QAAAABHNzaDo= YubiKey5NFC" + ]; + extraGroups = mkIf (user == "docker") ["docker"]; + }; + # Enable docker. virtualisation.docker.enable = mkIf (user == "docker") true; - users.users.${user}.extraGroups = mkIf (user == "docker") ["docker"]; }