dokkae.cat/nixos
1
0
Fork 0
Code Issues 7 Pull requests Projects Releases Packages Wiki Activity Actions

init

Browse source
This commit is contained in:
Finn Linck Ryan 2026-01-11 01:42:54 +00:00
commit aae151cee6
33 changed files with 1351 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

181
flake.lock generated Executable file
View file

@ -0,0 +1,181 @@
{
"nodes": {
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1766150702,
"narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",
"owner": "nix-community",
"repo": "disko",
"rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1767609335,
"narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "250481aafeb741edfe23d29195671c19b36b6dca",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1767909183,
"narHash": "sha256-u/bcU0xePi5bgNoRsiqSIwaGBwDilKKFTz3g0hqOBAo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "cd6e96d56ed4b2a779ac73a1227e0bb1519b3509",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"impermanence",
"nixpkgs"
]
},
"locked": {
"lastModified": 1747978958,
"narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "7419250703fd5eb50e99bdfb07a86671939103ea",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"inputs": {
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1767822991,
"narHash": "sha256-iyrn9AcPZCoyxX4OT8eMkBsjG7SRUQXXS/V1JzxS7rA=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "82e5bc4508cab9e8d5a136626276eb5bbce5e9c5",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1748026106,
"narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "063f43f2dbdef86376cc29ad646c45c46e93234c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1765674936,
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1767767207,
"narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5912c1772a44e31bf1c63c0390b90501e5026886",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"disko": "disko",
"flake-parts": "flake-parts",
"home-manager": "home-manager",
"impermanence": "impermanence",
"nixpkgs": "nixpkgs_2",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1767826491,
"narHash": "sha256-WSBENPotD2MIhZwolL6GC9npqgaS5fkM7j07V2i/Ur8=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "ea3adcb6d2a000d9a69d0e23cad1f2cacb3a9fbe",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

90
flake.nix Executable file
View file

@ -0,0 +1,90 @@
{
description = "Personal system configurations";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-parts.url = "github:hercules-ci/flake-parts";
impermanence.url = "github:nix-community/impermanence";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, flake-parts, ... } @ inputs: let
inherit (self) outputs;
in
flake-parts.lib.mkFlake { inherit inputs; } {
imports = [
inputs.home-manager.flakeModules.home-manager
];
# Systems the "perSystem" option will target.
systems = [
"x86_64-linux"
"x86_64-darwin"
"aarch64-linux"
"aarch64-darwin"
"i686-linux"
];
# Outputs for each above defined system.
perSystem = { pkgs, ... }: {
devShells.default = pkgs.mkShell {
packages = with pkgs; [
just
];
};
};
# Flake configuration attributes.
flake = {
# Reusable nixos modules one might want to export.
# Usually bundled pre-configured configuration toggles for my systems.
nixosModules = import ./modules/nixos;
# Reusable home-manager modules one might want to export.
# Usually bundled pre-configured configuration toggles for my homes.
homeManagerModules = import ./modules/home-manager;
nixosConfigurations = {
makise = inputs.nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs outputs; };
modules = [
./hosts/makise/system/system.nix
];
};
};
homeConfigurations = {
"kurisu@makise" = inputs.home-manager.lib.homeManagerConfiguration {
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = { inherit inputs outputs; };
modules = [
./hosts/makise/homes/kurisu/home.nix
];
};
"admin@makise" = inputs.home-manager.lib.homeManagerConfiguration {
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = { inherit inputs outputs; };
modules = [
./hosts/makise/homes/admin/default.nix
];
};
};
};
};
}

9
hosts/makise/.sops.yaml Executable file
View file

@ -0,0 +1,9 @@
keys:
- &host_makise age1pj86dmk8j5tne0r7zu09v3x40xjdae6mhvrzyw5squ9px96z9p0suj89f8
- &user_kurisu age1w3n63wg0pkjy300hsaw6uvd6ell7hpkfpd7knjsp637u2dcjx3nql654fm
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *host_makise
- *user_kurisu

30
hosts/makise/homes/admin/default.nix Executable file
View file

@ -0,0 +1,30 @@
{ inputs
, pkgs
, ...
}:
{
imports = [
# ./configuration
];
nixpkgs = {
config = {
allowUnfree = true;
};
};
home = {
username = "admin";
homeDirectory = "/home/admin";
# !!! DO NOT TOUCH !!!
stateVersion = "26.05";
};
# Enable essential programs.
programs.home-manager.enable = true;
# Nicely reload user system units when changed.
systemd.user.startServices = "sd-switch";
}

27
hosts/makise/homes/kurisu/configuration/default.nix Executable file
View file

@ -0,0 +1,27 @@
{ outputs
, ...
}:
let
modules = outputs.homeManagerModules;
in
{
imports = [
modules.editors
modules.shells
./git.nix
];
custom = {
editors = {
defaultEditor = "helix";
helix.enable = true;
};
shells = {
fish.enable = true;
direnv.enable = true;
zellij.enable = true;
};
};
}

27
hosts/makise/homes/kurisu/configuration/git.nix Normal file
View file

@ -0,0 +1,27 @@
{ ...
}:
{
programs.git = {
enable = true;
settings = {
user = {
name = "dokkae.cat";
email = "finnliry@gmail.com";
};
init.defaultBranch = "main";
safe.directory = "/etc/nixos";
};
ignores = [
".idea/"
".helix/"
".direnv/"
".envrc"
".ignore"
];
};
}

30
hosts/makise/homes/kurisu/home.nix Executable file
View file

@ -0,0 +1,30 @@
{ inputs
, pkgs
, ...
}:
{
imports = [
./configuration
];
nixpkgs = {
config = {
allowUnfree = true;
};
};
home = {
username = "kurisu";
homeDirectory = "/home/kurisu";
# !!! DO NOT TOUCH !!!
stateVersion = "26.05";
};
# Enable essential programs.
programs.home-manager.enable = true;
# Nicely reload user system units when changed.
systemd.user.startServices = "sd-switch";
}

35
hosts/makise/secrets/default.yaml Executable file
View file

@ -0,0 +1,35 @@
users:
admin:
password_hash: ENC[AES256_GCM,data:xrlPAn4BIbijmhhytipFv+ok/sS5NCn9k+eoSsMXOSRqxwRJCtsv/+DCWg8jd7N3YpgarmDBxcr9LN51KnP+FmzRbmlYt4MDeG1ttvos/W+TEgj+v1bZOOjMoyBj5r1VRdWabbG3g3lTTQ==,iv:Ue8w4NgYgJvpeyEVvmPJODCW30VutJDYe7cSIWchVkc=,tag:3sQX2I+N9BmaxHEK4bMttA==,type:str]
kurisu:
password_hash: ENC[AES256_GCM,data:CeKLgF+zFhoHa6bjzweFbLeElgVGMzPaqxV08ggppHADaDf5cyZ0hg/hattQBppVPYKti907EJMmPewVmo4OfGa0E1gyN9JVAUTaKyG3eNqlij4SpUSx7rIm1JRuWz16QSdRQ/5U5ZFFXw==,iv:Ct6C2MnGg3P6VLv8GIeTDHwq0okdgK1Q/14znEpTqcw=,tag:+ldoe5MiGjcrha052NtkRQ==,type:str]
forgejo:
admin:
dokkae.cat:
password: ENC[AES256_GCM,data:FBmMqD+zROFZ4A==,iv:uh1t3+fMylalXqIQGwzRQoZwoT6kP0xRmkrs3ygVqeA=,tag:tXMNEFcWbPW/kaADN1urow==,type:str]
mailer:
password: ENC[AES256_GCM,data:HoxA9HNIMf0rnltDJrOynvoKzQ==,iv:/9YlRJI2WMjtuyLJJFJInxDpngdiQ1g+L9cel+tISy0=,tag:R3nRPmu23G0zOPEZQkUSug==,type:str]
sops:
age:
- recipient: age1pj86dmk8j5tne0r7zu09v3x40xjdae6mhvrzyw5squ9px96z9p0suj89f8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0d1IvelNVbUhoUGY4TVRH
Q01zN0thbi9Jc2lZei9NcW5ZcUNTNkxJdVRFCkVscGNUWjVuT1dsMFFBSVRHZGI3
VXZNdUtXaDVVQ0VJUGRlR21tbjZ4K28KLS0tIHhEK2lQRmJud2hDTENUeHpvb29H
ZlJjZkJnbXRBc0JkS3pidG13K1BPS1UKHTUkEfwNtDf+c2UVcp1SInS2e7frvFXd
o4aqAAD8w1/xdjDneus9OmMruwKUbh5bE3Oh0fZGHySVshkLpPhrJg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w3n63wg0pkjy300hsaw6uvd6ell7hpkfpd7knjsp637u2dcjx3nql654fm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjRXo0dEphcDVxVU9tUnov
TlRJZTVaZi9iZmVneE92WDZ5WlRHRGhCSWg0CjZES0duazdUOVJrcEFzWCt0UjVt
TEZNNkJEb0VKamFlUkVXWEl5Y01BeDAKLS0tIHMyT28vT09DRVFPdVhzQ0dJL0Rk
MTJWN0R6VUR6c21iVE1tK0VPL2NoYzAKrGwbTolQpUWcFRyJ6M1KVQ3odS4leYvW
KZZUx9n9O6j9LH2tHH6ut1maiDXfLkBTnEeXrogp+oK075QVKXfUBA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-10T19:58:26Z"
mac: ENC[AES256_GCM,data:N/eVKWgRdTCHxcTkeKpBUxiVF7OKRdUtpBj+dM2c5uclKxwSHB5jw/GuZjcrq8BQvTjgwZxnH6Q7D05c+tFOl+P1m/LrnZLtIxH/iynqMavFwXsBXFF+1ngY+CwLflsagtiNhKp/JxvIKRSaSlNTxGL7NqX6feeTNQirA0CFs0M=,iv:z0MpIYnONpEIfu90takM398GapmkuuGZGC0y3kFjZP0=,tag:/gz+ngidM0fJPCI7b7ABDw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0

27
hosts/makise/system/configuration/default.nix Executable file
View file

@ -0,0 +1,27 @@
{ outputs
, ...
}:
let
modules = outputs.nixosModules;
in
{
imports = [
modules.shells
./sops.nix
./forgejo.nix
./gc.nix
./postgres.nix
./ssh.nix
./traefik.nix
./users.nix
];
custom = {
shells.fish = {
enable = true;
defaultFor = [ "root" "kurisu" ];
};
};
}

85
hosts/makise/system/configuration/forgejo.nix Executable file
View file

@ -0,0 +1,85 @@
{ config
, lib
, pkgs
, ...
}:
{
networking.firewall.allowedTCPPorts = [ 22 ];
services.traefik.dynamicConfigOptions.http = {
routers.forgejo = {
rule = "Host(`git.dokkae.duckdns.org`)";
service = "forgejo";
entryPoints = [ "websecure" ];
tls = { certResolver = "letsencrypt"; };
};
services.forgejo = {
loadBalancer.servers = [
{ url = "http://localhost:3003"; }
];
};
};
services.forgejo = {
enable = true;
database = {
type = "postgres";
host = "/run/postgresql";
name = "forgejo";
user = "forgejo";
};
lfs.enable = false;
settings = {
server = {
DOMAIN = "localhost";
PROTOCOL = "http";
HTTP_PORT = 3003;
# Used for web-displayed URL references.
ROOT_URL = "https://git.dokkae.duckdns.org/";
# SSH Settings
SSH_DOMAIN = "git.dokkae.duckdns.org";
SSH_PORT = 22;
START_SSH_SERVER = false;
};
services = {
# Can be temporarily disabled to allow registration of an admin user.
# Admin account can manually create new users via web interface.
DISABLE_REGISTRATION = true;
};
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "github";
};
# Optional email server configuration.
# Test mails can be sent via: Profile Picture > Site Administration > Configuration > Mailer Configuration
mailer = {
ENABLED = true;
SMTP_ADDR = "smtp.gmail.com";
FROM = "noreply@git.dokkae.duckdns.org";
USER = "finnliry@gmail.com";
};
};
secrets = {
mailer.PASSWD = config.sops.secrets."forgejo/mailer/password".path;
};
};
systemd.services.forgejo.preStart = let
adminCmd = "${lib.getExe config.services.forgejo.package} admin user";
pwdPath = config.sops.secrets."forgejo/admin/dokkae.cat/password".path;
user = "dokkae.cat";
in ''
PASSWORD="$(cat "${pwdPath}" | tr -d '\n')"
${adminCmd} create --admin --email "finnliry@gmail.com" --username ${user} --password "$PASSWORD" || true
'';
}

13
hosts/makise/system/configuration/gc.nix Executable file
View file

@ -0,0 +1,13 @@
{ ...
}:
{
nix.gc = {
# Enable automatic garbage collection
automatic = true;
# Run daily at 03:00 AM
dates = "03:00";
# Keep only the latest generations (safety net for rollbacks)
options = "--delete-older-than 7d";
};
}

31
hosts/makise/system/configuration/postgres.nix Executable file
View file

@ -0,0 +1,31 @@
{ pkgs
, ...
}:
{
services.postgresql = {
enable = true;
package = pkgs.postgresql_18;
ensureDatabases = [
"forgejo"
];
ensureUsers = [
{ name = "forgejo"; ensureDBOwnership = true; }
];
authentication = ''
# Socket connections
local forgejo forgejo peer
# Localhost connections
host forgejo forgejo 127.0.0.1/32 trust
host forgejo forgejo ::1/128 trust
# Deny everything else
host all all 0.0.0.0/0 reject
host all all ::0/0 reject
'';
};
}

41
hosts/makise/system/configuration/sops.nix Executable file
View file

@ -0,0 +1,41 @@
{ inputs
, ...
}:
{
imports = [
inputs.sops-nix.nixosModules.sops
];
sops = {
defaultSopsFile = ../../secrets/default.yaml;
defaultSopsFormat = "yaml";
gnupg.sshKeyPaths = [ ];
age.sshKeyPaths = [
"/persist/etc/ssh/ssh_host_ed25519_key"
];
secrets = {
"users/admin/password_hash" = {
owner = "admin";
neededForUsers = true;
};
"users/kurisu/password_hash" = {
owner = "kurisu";
neededForUsers = true;
};
"forgejo/admin/dokkae.cat/password" = {
owner = "forgejo";
group = "forgejo";
mode = "400";
};
"forgejo/mailer/password" = {
owner = "forgejo";
group = "forgejo";
mode = "400";
};
};
};
}

13
hosts/makise/system/configuration/ssh.nix Executable file
View file

@ -0,0 +1,13 @@
{ ...
}:
{
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
};
};
}

39
hosts/makise/system/configuration/traefik.nix Executable file
View file

@ -0,0 +1,39 @@
{ ...
}:
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.traefik = {
enable = true;
dataDir = "/var/lib/traefik";
staticConfigOptions = {
global = {
checkNewVersion = false;
sendAnonymousUsage = false;
};
entryPoints = {
web = {
address = ":80";
http.redirections.entrypoint = {
to = "websecure";
scheme = "https";
};
};
websecure.address = ":443";
};
certificatesResolvers = {
letsencrypt = {
acme = {
email = "finnliry+acme-cl-00-00@gmail.com";
storage = "/var/lib/traefik/acme.json";
httpChallenge = { entryPoint = "web"; };
};
};
};
};
};
}

38
hosts/makise/system/configuration/users.nix Executable file
View file

@ -0,0 +1,38 @@
{ config
, ...
}:
{
users = {
mutableUsers = false;
users = {
root = {
# Disables password based authentication
hashedPassword = "!";
};
admin = {
isNormalUser = true;
extraGroups = [ "wheel" ];
hashedPasswordFile = config.sops.secrets."users/admin/password_hash".path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZa7mIXvsHouMb3I9gq2uQjNZKsMV43bpWc7yX/RH/X finnliry@gmail.com"
];
};
kurisu = {
isNormalUser = true;
extraGroups = [ "wheel" ];
hashedPasswordFile = config.sops.secrets."users/kurisu/password_hash".path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZa7mIXvsHouMb3I9gq2uQjNZKsMV43bpWc7yX/RH/X finnliry@gmail.com"
];
};
};
};
}

124
hosts/makise/system/disk-configuration.nix Executable file
View file

@ -0,0 +1,124 @@
{ inputs
, lib
, ...
}:
{
imports = [
inputs.disko.nixosModules.disko
];
# !!! DANGER !!!
# You have to carefully configure your partitions here.
boot.initrd.postDeviceCommands = lib.mkAfter ''
mkdir /btrfs_tmp
mount /dev/disk/by-label/nixos /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/roots.old
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/roots.old/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/roots.old/ -maxdepth 1 -mtime +7); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
priority = 1;
};
esp = {
name = "ESP";
end = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-L" "nixos" "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "subvol=root" "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "subvol=home" "compress=zstd" "noatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "subvol=nix" "compress=zstd" "noatime" ];
};
"/persist" = {
mountpoint = "/persist";
mountOptions = [ "subvol=persist" "compress=zstd" "noatime" ];
};
"/var-lib" = {
mountpoint = "/var/lib";
mountOptions = [ "subvol=var-lib" "compress=zstd" "noatime" ];
};
"/var-log" = {
mountpoint = "/var/log";
mountOptions = [ "subvol=var-log" "compress=zstd" "noatime" ];
};
"/var-tmp" = {
mountpoint = "/var/tmp";
mountOptions = [ "subvol=var-tmp" "compress=zstd" "noatime" ];
};
"/swap" = {
mountpoint = "/.swap";
swap.swapfile.size = "4G";
};
};
};
};
};
};
};
};
};
fileSystems = {
# /, /nix/, /nix/store, /var, /var/log, /var/lib, /var/lib/nixos, /etc, /usr
# are all automatically mounted marked as needed for boot.
"/boot".neededForBoot = true;
"/persist".neededForBoot = true;
# Possibly not required
"/home".neededForBoot = true;
};
}

49
hosts/makise/system/hardware-configuration.nix Executable file
View file

@ -0,0 +1,49 @@
{ lib
, modulesPath
, ...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot = {
loader = {
grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
};
limine = {
enable = false;
efiSupport = true;
efiInstallAsRemovable = true;
};
};
initrd = {
availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
kernelModules = [ ];
};
kernelModules = [ ];
extraModulePackages = [ ];
};
swapDevices = [ ];
networking.useDHCP = lib.mkDefault true;
networking.hostName = "cl-00-00";
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

24
hosts/makise/system/impermanence-configuration.nix Executable file
View file

@ -0,0 +1,24 @@
{ inputs
, ...
}:
{
imports = [
inputs.impermanence.nixosModules.impermanence
];
environment.persistence."/persist" = {
enable = true;
hideMounts = true;
directories = [
"/root/.ssh"
"/etc/nixos"
"/etc/ssh"
];
files = [
"/etc/machine-id"
];
};
}

53
hosts/makise/system/system.nix Executable file
View file

@ -0,0 +1,53 @@
{ inputs
, pkgs
, lib
, ...
}:
{
imports = [
./disk-configuration.nix
./hardware-configuration.nix
./impermanence-configuration.nix
./configuration
];
nixpkgs = {
overlays = [ ];
config = {
allowUnfree = true;
};
};
nix = let
flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
in {
settings = {
# Enable flakes and new 'nix' command
experimental-features = "nix-command flakes";
# Disable global registry
flake-registry = "";
trusted-users = ["root" "@wheel"];
};
# Disable channels in favor of flakes
channel.enable = false;
# Make flake registry and nix path match flake inputs
registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs;
nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
};
# Relevant core programs
environment.systemPackages = with pkgs; [
home-manager
nix
];
# !!! DO NOT TOUCH !!!
system.stateVersion = "26.05";
}

16
justfile Executable file
View file

@ -0,0 +1,16 @@
# Show recipe list as help by default.
default:
@just --list
# Rebuilds the NixOS system configuration.
rebuild-system host='':
scripts/rebuild-system.sh {{host}}
# Rebuilds the Home-Manager user configuration.
rebuild-home users='':
scripts/rebuild-home.sh {{users}}
# Rebuilds both the home and the system configuration in that order.
rebuild-all:
just rebuild-home
just rebuild-system

4
modules/home-manager/default.nix Executable file
View file

@ -0,0 +1,4 @@
{
editors = import ./editors;
shells = import ./shells;
}

29
modules/home-manager/editors/default.nix Executable file
View file

@ -0,0 +1,29 @@
{ lib
, config
, ...
}:
let
cfg = config.custom.editors;
in
{
imports = [
./helix.nix
];
options.custom.editors = {
defaultEditor = lib.mkOption {
type = lib.types.enum [ "helix" ];
default = null;
description = "Which editor to use as the default one. If set to null the default editor won't be set explicitly.";
};
};
config = lib.mkIf (cfg.defaultEditor != null) {
assertions = [
{ assertion = (config.custom.editors.${cfg.defaultEditor}.enable);
message = "Can't set an editor as the default if it is disabled.";
}
];
};
}

97
modules/home-manager/editors/helix.nix Executable file
View file

@ -0,0 +1,97 @@
{ lib
, config
, pkgs
, inputs
, ...
}:
let
cfg = config.custom.editors.helix;
in
{
options.custom.editors.helix = {
enable = lib.mkEnableOption "Whether to enable the Helix editor.";
};
config = lib.mkIf cfg.enable {
programs.helix = {
enable = true;
defaultEditor = (config.custom.editors.defaultEditor == "helix");
settings = {
theme = "term16_dark";
editor = {
line-number = "relative";
};
};
languages = {
language-server = {
nixd = {
command = "nixd";
args = [ "--semantic-tokens=true" ];
config.nixd = let
host = "evergarden";
flake = "(builtins.getFlake (toString ${inputs.self.outPath}))";
nixosOptions = "${flake}.nixosConfigurations.${host}.options";
homeManagerOptions = "${nixosOptions}.home-manager.users.type.getSubOptions []";
in {
nixpkgs.expr = "import ${flake}.inputs.nixpkgs { }";
options = {
nixos.expr = nixosOptions;
home-manager.expr = homeManagerOptions;
};
};
};
rust = {
command = "rust-analyzer";
};
qml = {
command = "qmlls";
args = [ ];
};
dockerfile = {
command = "docker-language-server";
};
};
language = [
{
name = "css";
auto-format = false;
}
];
};
extraPackages = with pkgs; [
nixd
kdePackages.qtdeclarative
just-lsp
yaml-language-server
tombi
docker-compose-language-service
docker-language-server
rust-analyzer
clang-tools
ruff
intelephense
vscode-langservers-extracted
typescript-language-server
kotlin-language-server
jdt-language-server
marksman
];
};
};
}

10
modules/home-manager/shells/default.nix Executable file
View file

@ -0,0 +1,10 @@
{ ...
}:
{
imports = [
./direnv.nix
./fish.nix
./zellij.nix
];
}

24
modules/home-manager/shells/direnv.nix Executable file
View file

@ -0,0 +1,24 @@
{ lib
, config
, ...
}:
let
cfg = config.custom.shells.direnv;
in
{
options.custom.shells.direnv = {
enable = lib.mkEnableOption "Whether to enable the direnv shell environment tool.";
};
config = lib.mkIf cfg.enable {
programs.direnv = {
enable = true;
nix-direnv.enable = true;
enableBashIntegration = config.programs.bash.enable;
enableFishIntegration = config.programs.fish.enable;
};
};
}

93
modules/home-manager/shells/fish.nix Executable file
View file

@ -0,0 +1,93 @@
{ lib
, config
, pkgs
, ...
}:
let
cfg = config.custom.shells.fish;
in
{
options.custom.shells.fish = {
enable = lib.mkEnableOption "Whether to enable the Fish shell";
};
config = lib.mkIf cfg.enable {
programs = {
fish = {
enable = true;
# Disable annoying welcome message.
shellInit = ''
set fish_greeting
'';
shellAliases = {
e = "$EDITOR";
".." = "cd ..";
"..." = "cd ../..";
"...." = "cd ../../..";
"....." = "cd ../../../..";
"......" = "cd ../../../../..";
tree = "${pkgs.eza}/bin/eza --color=always --tree";
ls = "${pkgs.eza}/bin/eza --color=always --group-directories-first --icons";
ll = "${pkgs.eza}/bin/eza -la --icons --octal-permissions --group-directories-first";
l = "${pkgs.eza}/bin/eza --long --all --group --group-directories-first --icons";
lx = "${pkgs.eza}/bin/eza -lbhHigUmuSa@ --time-style=long-iso --git --color-scale --color=always --group-directories-first --icons";
cat = "${pkgs.bat}/bin/bat -Pp";
};
};
starship = {
enable = true;
settings = {
character = {
success_symbol = "[[](mauve) ](maroon)";
error_symbol = "[](red)";
vimcmd_symbol = "[](green)";
};
directory = {
truncation_length = 4;
style = "bold pink";
};
palette = "catppuccin_mocha";
palettes.catppuccin_mocha = {
rosewater = "#f5e0dc";
flamingo = "#f2cdcd";
pink = "#f5c2e7";
mauve = "#cba6f7";
red = "#f38ba8";
maroon = "#eba0ac";
peach = "#fab387";
yellow = "#f9e2af";
green = "#a6e3a1";
teal = "#94e2d5";
sky = "#89dceb";
sapphire = "#74c7ec";
blue = "#89b4fa";
lavender = "#b4befe";
text = "#cdd6f4";
subtext1 = "#bac2de";
subtext0 = "#a6adc8";
overlay2 = "#9399b2";
overlay1 = "#7f849c";
overlay0 = "#6c7086";
surface2 = "#585b70";
surface1 = "#45475a";
surface0 = "#313244";
base = "#1e1e2e";
mantle = "#181825";
crust = "#11111b";
};
};
};
};
};
}

21
modules/home-manager/shells/zellij.nix Executable file
View file

@ -0,0 +1,21 @@
{ config
, lib
, pkgs
, ...
}:
let
cfg = config.custom.shells.zellij;
in
{
options.custom.shells.zellij = {
enable = lib.mkEnableOption "Enable the Zellij multiplexer.";
};
config = lib.mkIf cfg.enable {
programs.zellij = {
enable = true;
};
};
}

3
modules/nixos/default.nix Executable file
View file

@ -0,0 +1,3 @@
{
shells = import ./shells;
}

8
modules/nixos/shells/default.nix Executable file
View file

@ -0,0 +1,8 @@
{ ...
}:
{
imports = [
./fish.nix
];
}

34
modules/nixos/shells/fish.nix Executable file
View file

@ -0,0 +1,34 @@
{ config
, lib
, pkgs
, ...
}:
let
cfg = config.custom.shells.fish;
in
{
options.custom.shells.fish = {
enable = lib.mkEnableOption "Enable the Fish shell.";
defaultFor = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
description = "Users to set Fish as their default shell. If set the shell must be enabled.";
};
};
config = {
# Actually enable and assign the shell
programs = lib.mkIf cfg.enable {
fish.enable = true;
};
users.users = lib.mkIf cfg.enable (
lib.genAttrs cfg.defaultFor (user: {
shell = lib.mkOverride 900 "${pkgs.fish}/bin/fish";
})
);
};
}

27
scripts/rebuild-home.sh Executable file
View file

@ -0,0 +1,27 @@
#!/usr/bin/env bash
# rebuild-home.sh - Rebuild home-manager configurations
#
# USAGE:
# rebuild-home.sh # Rebuild current user
# rebuild-home.sh user1 user2 ... # Rebuild specified users
#
# EXAMPLES:
# rebuild-home.sh
# rebuild-home.sh kurisu admin
set -e
HOST=$(hostname)
if [ $# -eq 0 ]; then
USERS=$(whoami)
else
USERS="$*"
fi
for user in $USERS; do
echo "Rebuilding $user@$HOST..."
sudo -u "$user" home-manager switch -b hmbak --flake .#"$user"@"$HOST"
done

19
scripts/rebuild-system.sh Executable file
View file

@ -0,0 +1,19 @@
#!/usr/bin/env bash
# rebuild-system.sh - Rebuild nixos configurations
#
# USAGE:
# rebuild-system.sh # Rebuild system with current hostname
# rebuild-system.sh hostname # Rebuild specific system
#
# EXAMPLES:
# rebuild-system.sh
# rebuild-system.sh makise
if [ ! -z $1 ]; then
export HOST=$1
else
export HOST=$(hostname)
fi
nixos-rebuild switch --flake .#$HOST --sudo