julian/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity

Start migration to using flake-parts

Browse Source
This commit is contained in:
Julian Mutter
2026-03-23 20:34:48 +01:00
parent ba56618049
commit 6cbe60c784
158 changed files with 1935 additions and 1830 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
features-nixos/base/auto-upgrade.nix Normal file
View File

@@ -0,0 +1,18 @@
{
flake.nixosModules.base = {
inputs,
config,
...
}: {
system.hydraAutoUpgrade = {
# Only enable if not dirty
enable = inputs.self ? rev;
dates = "*:0/10"; # Every 10 minutes
instance = "http://hydra.julian-mutter.de";
project = "dotfiles";
jobset = "main";
job = "hosts.${config.networking.hostName}";
oldFlakeRef = "self";
};
};
}

40
features-nixos/base/default.nix Normal file
View File

@@ -0,0 +1,40 @@
# Common config for all hosts
{
flake.nixosModules.base = {
inputs,
outputs,
pkgs,
lib,
...
}: {
imports = [
inputs.home-manager.nixosModules.home-manager
];
# Replaces the (modulesPath + "/installer/scan/not-detected.nix") from default hardware-configuration.nix
# Enables non-free firmware
hardware.enableRedistributableFirmware = true;
# Networking
networking.networkmanager = {
enable = true;
plugins = with pkgs; [
networkmanager-openconnect
];
};
services.resolved.enable = false;
# MDNS Taken by avahi
# networking.networkmanager.dns = "none";
networking.nameservers = lib.mkDefault [
"1.1.1.1"
"8.8.8.8"
];
# HM module
home-manager.useGlobalPkgs = true; # hm module uses the pkgs of the nixos config
home-manager.backupFileExtension = "hm-backup"; # backup conflicting files. So hm activation never fails
home-manager.extraSpecialArgs = {
inherit inputs outputs;
};
};
}

12
features-nixos/base/fish.nix Normal file
View File

@@ -0,0 +1,12 @@
{
flake.nixosModules.base = {
programs.fish = {
enable = true;
vendor = {
completions.enable = true;
config.enable = true;
functions.enable = true;
};
};
};
}

28
features-nixos/base/locale.nix Normal file
View File

@@ -0,0 +1,28 @@
{
flake.nixosModules.base = {
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
# Keymap
services.xserver.xkb = {
layout = "de";
variant = "";
};
console.keyMap = "de";
time.timeZone = "Europe/Berlin";
};
}

48
features-nixos/base/nix.nix Normal file
View File

@@ -0,0 +1,48 @@
{
flake.nixosModules.base = {outputs, ...}: {
# Apply overlays
nixpkgs = {
# TODO: apply this to hm and nixos without duplicate code
overlays = builtins.attrValues outputs.overlays;
config = {
nvidia.acceptLicense = true;
allowUnfree = true;
allowUnfreePredicate = _: true; # TODO: what is this
warn-dirty = false;
permittedInsecurePackages = [
"olm-3.2.16"
];
};
};
# optimize at every build, slows down builds
# better to do optimise.automatic for regular optimising
# nix.settings.auto-optimise-store = lib.mkDefault true;
nix.settings.experimental-features = [
"nix-command"
"flakes"
"ca-derivations"
];
# warn-dirty = false;
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
persistent = true;
};
nix.optimise = {
automatic = true;
dates = ["weekly"]; # Optional; allows customizing optimisation schedule
persistent = true;
};
programs.nix-ld.enable = true;
# TODO: is this useful?, what does it do?
# nix.settings.flake-registry = ""; # Disable global flake registry
# Add each flake input as a registry and nix_path
# registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs;
# nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
};
}

11
features-nixos/base/root.nix Normal file
View File

@@ -0,0 +1,11 @@
{
flake.nixosModules.base = {pkgs, ...}: {
# Packages needed as root
environment.systemPackages = with pkgs; [
vim
htop
mc
gparted-xhost # needs to be installed as system package so it can be actually opened
];
};
}

53
features-nixos/base/sops/secrets.yaml Normal file
View File

@@ -0,0 +1,53 @@
#ENC[AES256_GCM,data:NSxfTl2hTXEoGl23aQnElG+df/1YzA==,iv:+oy9oITMGzdM2muDUPjwxJqUu1Bdyregl65/0hiulZ0=,tag:VKjforpyahKj0ktIN36gNw==,type:comment]
julian-password: ENC[AES256_GCM,data:tgeu4uVI91j34+Gfzy2Uckmopj9bJNWiu65W0cdA76Kly3LH7RqXCq4rNM4DCwrsX3k9WdOlGX6T9edIjJgmbbe6MkeH7oQwiA==,iv:GE6zfSHymkAewjry7fofURz70az608+hja385LLeCIY=,tag:FqTopL5DyM3DTpa7AoGPDg==,type:str]
wifi:
pianonix: ENC[AES256_GCM,data:Ty1wElfVj+CU9bTbpuYIk2dA4fgFm59PkQGqvODn51Q=,iv:bLomyTlOW2Z4rPbue7Klo6Jt5lR+44AuL+dIMFgDNAE=,tag:DuH2ayeb19dkPi9xmbAu3A==,type:str]
syncthing:
public-keys:
aspi-nix: ENC[AES256_GCM,data:ZTykdQCyh4DMuQUCy1DSKsGNxxn1dinaqztpDdJY53pkWcW4YcWRHk94iGJQZgG1oLfr3AB2S3J6b9w2WuV3,iv:9z2ovHzq6JjRtHzNMIQtcUCinIjG/ImSGqqC7KPhpuw=,tag:No2LCjD+XXB77Su+s98MIA==,type:str]
pianonix: ENC[AES256_GCM,data:pUJPXH47VG363aIoxZwmbVe3uBoO7EO2TflK4f761C7PwD0tFNthZt9HRE6gQXAMQMF6qWzNK3CNGspSzKsE,iv:E89oz8BG5iQW/mRzdxSrYewGeVLiCrTcAF+c9ny6gPc=,tag:rLqwUmFDsaOMClR1tbE1sA==,type:str]
pianonix:
key: ENC[AES256_GCM,data:IaCXIRDMWCHj3lTKpkLg1Nd3pX4bktWg4WjZPGKgTBCLVkMi/SDtlaoNhDz+a+Vt6jYTXHS4exFnIVJ878nWSrA1sD2NHXmfsMh1kkLhub68qv0M33dBXvgX0vQ51Z1WMoti73yDUjJH8Ym5yF/SCg2+RbkVf+4pe2hSlAzwkGP6YC2rbCE5sZG31C55MkaGC6zwo2ZpZXdVhCW845SqAc11cF/OeEHb9B1FS3rd+El7rlJHrIEVQTkomNLshcspb13H0z3vNhtfu9pPkGxee8Hp/hEhFQ+waWBAg4w15yKihjHJmhzdjhDHCilvwYaceb7b5OwARuuiruQ+cJ40bdnStDpi2ouP8QJjEi7tmKWeplZ0X70PVZJFH/e/mTH5,iv:3hQMB4ka31w3chXXwjl/1IHF8ES/RobZVeugMC3ddlU=,tag:j8wwrNQUQbCEGtcriSpc4g==,type:str]
cert: ENC[AES256_GCM,data:v9LO8qpeGDDV6I+AJU5iTYKKBV6qgr1ddwLvBVEOYyvmtPNeqaatYaK6vMBCabBIhxQu2NC96pREvWu1UHbxaMWvSCT1TzrIPrcFm+gKCH6PIPhqcnQpdGa3OYn01ohThpLp8hEmVUpJ0FO/AnE1QHK0VfPqJ3S0uHLjSCBJtxLmcBWNVvlcTU/P68QIQkrYAQRAtz9aDS+JNpUKhwCJBgjpY1Thj8Lj/fpc1t0qWo3BKIL3eW5iSlUW0iEriFS0bkMr4Bi9mNqpO26l1eZ3IXFJy/7pkqhmXXW83qOaF9AFXgg41p1Kjw4G6isB/obuhR7Z4oQ/AtkSU0wxHP4mF0AWrvC7/YGlrDG9aPYUEWOexTTBHkm89PhgEa69sekbzac7mYYFi/MIdU34ks4oc8ZIChWpT+V66mbo4f+3mn7raih5SLnyEMS7ENBes9cQC7SghSpB7D8c/2+q74A5aEZHUWRhqiDEx9IggP43SiWuNnb/HyZw16RUB7xnQKPs7LzAVlLC6M7ZETUmyEDEWWOsDY8+0Li4wuD3z4WXLAD9nP43TMx4GNoafjG+0Gu05hSR8fWv8strRCtIWjzK3wMaD9VT/cbt2oqOBkJcaqIW8+lM+ktk1WsD4Kc1DQ4q5O2oMrdPOWI9xZOs7DQTFshLHuvxutN05vgEUovI1vbMOl7SIzUW8YUY9PN0ofC7zwQlEJxfOdqT0nwv9vmqikSMP6V3jXgP5OnPb4KVx8G27X0oCjN++dJgDxdkh2JiLR9JaJHNmYPtLlP7hU4NsBpRpd9ObxRlv+uIbF2o0I8PGXMo3IVnRjrFDrRyoth2UJ+YUMGCVuonoS+nZLMCNz1xwRMaZBYjSEESmxc2Ilwdu3XTzd1KF282UvumBpRwcNxvsmPhI84v/XV8TJE8Z7YxyO3RYBQHD5+OuHOHKTtlajnKpSp/m0p0QR7rrGFoDuDKp+Z81MKz8wz3/8GG+sDh0pgniUfNyrmLroLPdT6nj0brvSVWYmOIJHDHKqM+6HZok5PyS+uHlb5dzwnmrd9OmhmwPVdkP5s=,iv:X9VNz2nsN4ywu3E0c+agwZCl43I4bt6jHz0jMoMFTJQ=,tag:RZUWa4h5JoIiZaDrYgcAeg==,type:str]
sops:
age:
- recipient: age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBualdnWmtBTThhZDFVdDRP
WHlMamk1MFhUYUwwa0hyQmpobGNocC9VR0ZVCmc3N1FjcUZCNUdTTm91OVpwZDhP
bTNXekp2bDd3Tjh6a2ZVTVNTSW9RTU0KLS0tIGJpcUVHb2ZlODgvelhwQ0JFU3l5
WU5VanhYMTUvNklYazJxOXVveXhpM2cKCo+4FhhcbRylASEbQb9rAQUzEO1D+0AR
52Jzc9s9rSdypeBRE7SaSOI4eVnkEjPfyhNFvMdxiBzBj7GdocpmCw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4STZpU0ZnRzVVOFFRUXZG
akcwS2Z5V3lmQzRTSGNHT2hDME5JMks2QTNNClpkZzNMc0wyRjVEaVlBRFlyNFhs
M1pyeW1XdnZubnRxMzEzMFJoK0lkVVEKLS0tIENhRExzUWRWMUlObmhxazM5cU9y
aDFyaDJackFoaEZOYWdTbWt0ODB1bm8Kg1VDAj5/i8ZbYxspIdXrI474YN5YkV4H
86maCRDfUxO5lvu4zBa9pOmFtJ2iuJ2MxDnmCSHTl+GOk8yyUT8JhA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAveE9NV2JCOW9odlN6Wmkw
WFEvU2pka3htV2FTTFlpc05ES2JjbGxTaFJZCjhYdG1sRVBFaEF3YjNkWEw3Ny8x
MlYyTjJBMHA2YVpHRkkwWW5hNDdrS1UKLS0tIFZXTFNVbkd6VFExc0dSVU4vd3JF
ajlFY2pvWW13VGxOZ0hEc3dMbU9IeUUKNSf7ycj+1XHhsoghmY2iR1BwIySqfIOF
zawE+MQcQg0u+fy6Aik26eUGvQG3rya2Fx2+3VlAbKB+rbiP0fwsgg==
-----END AGE ENCRYPTED FILE-----
- recipient: age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxaTNJNkJ0RVJiYlRzcmlX
TmEweVdLaGpoVXMxZEFDU3dOZTJCRjdiNENBCkZ3bjJUNm1vcmY1ZUpZcEo4OGxa
UWJKSjNKL002UDhmTmJER2M0MjJ3aG8KLS0tIFMvZjBkOS83T3NDUE82M3kweVNw
VXhoN0VyWkVxMEJPQ3orVUNDK21rRU0KvnmuFxcCpP+LZg7v5jaStw9F0owVrQl9
AkIq7GUJh7xewLxcVZfiBRpXMhw/mM8LYnd2KGP8R/TfYg+v0//+5A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-23T07:00:17Z"
mac: ENC[AES256_GCM,data:JgaTIRbzD0hs2o86xUlQrPN2cPXvsuTH/zKG5xbQIDaYcEvD/mkuVa3hfnYKrA91kWg2Y1DgEi9583+o6UCl/+ldY4ptu+xpnYfyQFdhM4rB+KoP/pDt8vQKQ3zAX8fpAkugCgTTbuvm3TfQ1nt98V8boyhCn4JHNC1T0j7ZtZI=,iv:G3YJOLeDWDKuANo2mxS2JAdrRaonD87CU9BpCZZrlRs=,tag:mcKIdP5cSQUwNL2tcv/o6g==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.1

24
features-nixos/base/sops/sops.nix Normal file
View File

@@ -0,0 +1,24 @@
{
flake.nixosModules.base = {
inputs,
config,
...
}: let
isEd25519 = k: k.type == "ed25519";
getKeyPath = k: k.path;
keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
in {
imports = [inputs.sops-nix.nixosModules.sops];
sops.age = {
sshKeyPaths = map getKeyPath keys;
# TODO: remove? only rely on ssh or pgp keys (e.g. ubikey like misterio is using!!!)
# keyFile = "/home/julian/.config/sops/age/keys.txt";
# Generate key if none of the above worked. With this, building will still work, just without secrets
generateKey = false; # TODO: building should not work without secrets!?
};
sops.defaultSopsFile = ./secrets.yaml;
};
}