diff --git a/configs/home-manager/common.nix b/configs/home-manager/common.nix index 235aba2..d0bd7ca 100644 --- a/configs/home-manager/common.nix +++ b/configs/home-manager/common.nix @@ -25,7 +25,7 @@ }; }; imports = [ - ../../modules/nixos/hostopts.nix + ../../modules/hostopts.nix ../../modules/home-manager ]; } diff --git a/configs/home-manager/nushell/default.nix b/configs/home-manager/nushell/default.nix index f029fcf..de06dd4 100644 --- a/configs/home-manager/nushell/default.nix +++ b/configs/home-manager/nushell/default.nix @@ -19,6 +19,7 @@ yazi.enableNushellIntegration = true; zoxide.enableNushellIntegration = true; starship.enableNushellIntegration = true; + eza.enableNushellIntegration = true; carapace = { enable = true; enableNushellIntegration = true; diff --git a/configs/nixos/common.nix b/configs/nixos/common.nix index 211f049..ec2f3a5 100644 --- a/configs/nixos/common.nix +++ b/configs/nixos/common.nix @@ -61,7 +61,7 @@ in { else defaultPasswordHash; imports = [ - ../../modules/nixos + ../../modules/hostopts.nix ]; home-manager.useGlobalPkgs = true; diff --git a/flake.nix b/flake.nix index de955a7..afdcb2e 100644 --- a/flake.nix +++ b/flake.nix @@ -96,6 +96,7 @@ rockhole = import ./hosts/rockhole64 {inherit inputs configLib;}; cirrus = import ./hosts/cirrus {inherit inputs configLib;}; cirrostratus = import ./hosts/cirrostratus {inherit inputs configLib;}; + remotepi-karp = import ./hosts/remotepi-karp {inherit inputs configLib;}; }; # Standalone home-manager configuration entrypoint diff --git a/hosts/cirrostratus/default.nix b/hosts/cirrostratus/default.nix index 9c7a1a0..a6d1f80 100644 --- a/hosts/cirrostratus/default.nix +++ b/hosts/cirrostratus/default.nix @@ -16,12 +16,11 @@ inputs.nixpkgs.lib.nixosSystem { ../../configs/nixos/common.nix ../../configs/nixos/tailscale.nix ../../configs/nixos/sshd.nix - ../../configs/nixos/secrets.nix + # ../../configs/nixos/secrets.nix ({ config, pkgs, configLib, - lib, ... }: { host = { @@ -43,18 +42,6 @@ inputs.nixpkgs.lib.nixosSystem { }; }; - services.duckdns = lib.mkIf (lib.hasAttrByPath ["sops" "secrets" "duckdns-token"] config) { - enable = true; - domains = ["venberg"]; - tokenFile = config.sops.secrets.duckdns-token.path; - }; - - sops = lib.mkIf (inputs ? nix-secrets) { - secrets = { - duckdns-token.sopsFile = "${inputs.nix-secrets}/duckdns.yaml"; - }; - }; - home-manager.users.${config.host.user} = { inputs, osConfig, @@ -63,7 +50,6 @@ inputs.nixpkgs.lib.nixosSystem { }: { host = osConfig.host; user = { - nvim.enable-lsp = false; git = { profile = { name = config.host.fullName; @@ -73,7 +59,7 @@ inputs.nixpkgs.lib.nixosSystem { }; }; imports = [ - ../../roles/home-manager/terminal.nix + ../../roles/home-manager/minimal-terminal.nix ../../configs/home-manager/common.nix inputs.nixvim.homeManagerModules.nixvim ]; diff --git a/hosts/remotepi-karp/default.nix b/hosts/remotepi-karp/default.nix new file mode 100644 index 0000000..b124dab --- /dev/null +++ b/hosts/remotepi-karp/default.nix @@ -0,0 +1,108 @@ +{ + inputs, + configLib, + ... +}: +inputs.nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + specialArgs = {inherit inputs configLib;}; + modules = [ + inputs.home-manager.nixosModules.home-manager + inputs.disko.nixosModules.disko + inputs.nixos-hardware.nixosModules.raspberry-pi-3 + + ../../configs/nixos/common.nix + ../../configs/nixos/sshd.nix + # ../../configs/nixos/secrets.nix + ../../configs/nixos/tailscale.nix + ({ + config, + pkgs, + lib, + configLib, + modulesPath, + ... + }: { + hardware.enableRedistributableFirmware = true; + host = { + user = "gabe"; + fullName = "Gabe Venberg"; + }; + networking.hostName = "remotepi-karp"; # Define your hostname. + networking.hostId = "8efd3e13"; + networking.useNetworkd = true; + systemd.network = { + enable = true; + networks."eth0" = { + name = "eth0"; + DHCP = "yes"; + # address = ["10.10.10.31/24"]; + # gateway = ["10.10.10.1"]; + # dns = ["1.1.1.1"]; + }; + }; + fileSystems = { + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = ["noatime"]; + }; + }; + + time.timeZone = "America/Chicago"; + + # home-manager.sharedModules = [ + # inputs.sops-nix.homeManagerModules.sops + # ]; + home-manager.users.${config.host.user} = { + inputs, + osConfig, + lib, + ... + }: { + host = osConfig.host; + user = { + git = { + profile = { + name = config.host.fullName; + email = "gabevenberg@gmail.com"; + }; + workProfile.enable = false; + }; + }; + imports = [ + ../../roles/home-manager/minimal-terminal.nix + ../../configs/home-manager/common.nix + inputs.nixvim.homeManagerModules.nixvim + # ../../configs/home-manager/secrets.nix + ]; + + # sops = lib.mkIf (inputs ? nix-secrets) { + # secrets = { + # }; + # }; + }; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + boot.supportedFilesystems.zfs = lib.mkForce false; + boot.kernelParams = [ + "console=ttyS1,115200n8" + ]; + boot.loader.grub.enable = false; + boot.loader.generic-extlinux-compatible.enable = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.05"; # Did you read the comment? + }) + ]; +} diff --git a/modules/nixos/hostopts.nix b/modules/hostopts.nix similarity index 100% rename from modules/nixos/hostopts.nix rename to modules/hostopts.nix diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix deleted file mode 100644 index 8f3fc6c..0000000 --- a/modules/nixos/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - imports = [ - ./duckdns.nix - ./hostopts.nix - ]; -} diff --git a/modules/nixos/duckdns.nix b/modules/nixos/duckdns.nix deleted file mode 100644 index 1a566b1..0000000 --- a/modules/nixos/duckdns.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ - inputs, - config, - pkgs, - lib, - ... -}: let - cfg = config.services.duckdns; - urlFile = pkgs.writeText "curlurl" "url=https://www.duckdns.org/update?domains=@domains_placeholder@&token=@token_placeholder@&ip="; -in { - # partially taken from https://github.com/NixOS/nixpkgs/pull/294489 - options = { - services.duckdns = { - enable = lib.mkEnableOption "Enable duckdns updating"; - tokenFile = lib.mkOption { - default = null; - type = lib.types.path; - description = '' - The path to a file containing the token - used to authenticate with DuckDNS. - ''; - }; - domains = lib.mkOption { - type = lib.types.nullOr (lib.types.listOf lib.types.str); - example = ["examplehost"]; - description = lib.mdDoc '' - The record(s) to update in DuckDNS - (without the .duckdns.org prefix) - ''; - }; - domainsFile = lib.mkOption { - default = null; - type = lib.types.nullOr lib.types.path; - description = '' - The path to a file containing a - newline-separated list of DuckDNS - domain(s) to be updated - ''; - }; - }; - }; - config = lib.mkIf cfg.enable { - assertions = [ - { - assertion = cfg.domains != null || cfg.domainsFile != null; - message = "services.duckdns.domains or services.duckdns.domainsFile has to be defined"; - } - ]; - systemd.services.duckdns = { - description = "DuckDNS Dynamic DNS Client"; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; - # every 5 minutes - startAt = "*:00/5:00"; - serviceConfig = { - Type = "simple"; - DynamicUser = true; - RuntimeDirectory = "duckdns-update"; - RuntimeDirectoryMode = "700"; - }; - script = '' - install --mode 600 ${urlFile} $RUNTIME_DIRECTORY/curlurl - # replace the token - ${pkgs.replace-secret}/bin/replace-secret @token_placeholder@ ${cfg.tokenFile} $RUNTIME_DIRECTORY/curlurl - - # initalise the replacement file for the domains from the domains file if it exists, otherwise make it empty. - install --mode 600 ${ - if (cfg.domainsFile != null) - then cfg.domainsFile - else "/dev/null" - } $RUNTIME_DIRECTORY/domains - # these are already in the nix store, so doesnt matter if they leak via cmdline. - echo '${lib.strings.concatStringsSep "\n" cfg.domains}' >> $RUNTIME_DIRECTORY/domains - ${pkgs.gnused}/bin/sed -zi 's/\n/,/g' $RUNTIME_DIRECTORY/domains - ${pkgs.replace-secret}/bin/replace-secret @domains_placeholder@ $RUNTIME_DIRECTORY/domains $RUNTIME_DIRECTORY/curlurl - - ${pkgs.curl}/bin/curl --no-progress-meter --insecure --config $RUNTIME_DIRECTORY/curlurl | ${pkgs.gnugrep}/bin/grep -v "KO" - ''; - }; - }; -}