L-Nafaryus/bonfire
L-Nafaryus/bonfire
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects 2 Releases Wiki Activity

Compare commits

base: L-Nafaryus:5217f6d2229e246f0df4d47c1b4046559160c14f
Branches Tags
L-Nafaryus:master
L-Nafaryus:packages-onetagger
L-Nafaryus:catarina-radio-service
L-Nafaryus:packages-wezterm
...
compare: L-Nafaryus:a2f306e7fc5abcf1c05e4cbe72c23d9e53588932
Branches Tags
L-Nafaryus:master
L-Nafaryus:packages-onetagger
L-Nafaryus:catarina-radio-service
L-Nafaryus:packages-wezterm

4 Commits
5217f6d222 ... a2f306e7fc

Author SHA1 Message Date
L-Nafaryus
a2f306e7fc
flake: update secrets 2024-04-26 17:07:03 +05:00
L-Nafaryus
df7589143e
flake: add input oscuro, remove input devenv 2024-04-26 17:06:50 +05:00
L-Nafaryus
0b6dc5634c
catarina: rename user; remove all necessary graphics; oscuro service 2024-04-26 17:05:21 +05:00
L-Nafaryus
45bde215f8
astora: nat configuration for containers 2024-04-26 17:04:04 +05:00
11 changed files with 416 additions and 76 deletions
Show Stats Expand all files Collapse all files

2
.secrets

@ -1 +1 @@
Subproject commit c7dc80d23b6bf67ae8e69545b430bb13f000fa03
Subproject commit f8ed74005067a0f97e022dc5ddf7a1c392f4a0cb

7
.sops.yaml
View File

@ -1,7 +0,0 @@
keys:
- &astora age1u9xr3tmwskfsrxg6gus3hmh9eakjh2h22jklfmcu33kassaraues435vvc
creation_rules:
- path_regex: secrests/[^/]+\.(yaml|env|txt)$
key_groups:
- age:
- *astora

27
README.md
View File

@ -17,6 +17,33 @@
> it's a more than just a dotfiles in cause of packages, modules, templates and
> etc. Discover the current repository on your own risk.
# Hints
* Update and push inputs:
```sh
nix flake update
nix flake archive --json \
| jq -r '.path,(.inputs|to_entries[].value.path)' \
| cachix push bonfire
```
* Build and push package:
```sh
nix build --json .#package \
| jq -r '.[].outputs | to_entries[].value' \
| cachix push bonfire
```
* Rebuild system with git submodules:
```sh
nixos-rebuild switch --flake ".?submodules=1#astora"
```
* Rebuild remote system from local system with git submodules:
```sh
nixos-rebuild switch --flake ".?submodules=1#catarina" --build-host l-nafaryus@astora --target-host l.nafaryus@catarina --use-remote-sudo
```
# License

2
devShells/bonfire.nix
View File

@ -1,6 +1,8 @@
{ crane-lib, pkgs, ... }:
crane-lib.devShell {
packages = with pkgs; [
sops
mkpasswd
nil
jq
cachix

378
flake.lock
View File

@ -16,18 +16,65 @@
"type": "gitlab"
}
},
"blobs_2": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"bonfire": {
"inputs": {
"crane": "crane_2",
"devenv": "devenv",
"fenix": "fenix_2",
"home-manager": "home-manager_2",
"nixgl": "nixgl_2",
"nixos-mailserver": "nixos-mailserver_2",
"nixpkgs": "nixpkgs_3",
"sops-nix": "sops-nix"
},
"locked": {
"lastModified": 1713950784,
"narHash": "sha256-E8KH9rUYRNEajvuUhQxaqVZEj4INxgux/HbQ7NzZZ68=",
"owner": "L-Nafaryus",
"repo": "bonfire",
"rev": "5217f6d2229e246f0df4d47c1b4046559160c14f",
"type": "github"
},
"original": {
"owner": "L-Nafaryus",
"repo": "bonfire",
"type": "github"
}
},
"cachix": {
"inputs": {
"devenv": "devenv_2",
"flake-compat": [
"oscuro",
"bonfire",
"devenv",
"flake-compat"
],
"nixpkgs": [
"oscuro",
"bonfire",
"devenv",
"nixpkgs"
],
"pre-commit-hooks": [
"oscuro",
"bonfire",
"devenv",
"pre-commit-hooks"
]
@ -66,12 +113,36 @@
"type": "github"
}
},
"crane_2": {
"inputs": {
"nixpkgs": [
"oscuro",
"bonfire",
"nixpkgs"
]
},
"locked": {
"lastModified": 1713738183,
"narHash": "sha256-qd/MuLm7OfKQKyd4FAMqV4H6zYyOfef5lLzRrmXwKJM=",
"owner": "ipetkov",
"repo": "crane",
"rev": "f6c6a2fb1b8bd9b65d65ca9342dd0eb180a63f11",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"devenv": {
"inputs": {
"cachix": "cachix",
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_3",
"nix": "nix_2",
"nixpkgs": [
"oscuro",
"bonfire",
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks"
@ -93,14 +164,18 @@
"devenv_2": {
"inputs": {
"flake-compat": [
"oscuro",
"bonfire",
"devenv",
"cachix",
"flake-compat"
],
"nix": "nix",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2",
"poetry2nix": "poetry2nix",
"pre-commit-hooks": [
"oscuro",
"bonfire",
"devenv",
"cachix",
"pre-commit-hooks"
@ -142,14 +217,40 @@
"type": "github"
}
},
"fenix_2": {
"inputs": {
"nixpkgs": [
"oscuro",
"bonfire",
"nixpkgs"
],
"rust-analyzer-src": [
"oscuro",
"bonfire"
]
},
"locked": {
"lastModified": 1713853552,
"narHash": "sha256-OOXi+9cSbst7Crah6UVxHe33O6HK91WgD2yU/p5/dqs=",
"owner": "nix-community",
"repo": "fenix",
"rev": "d596927635ddd8db224bbff6e4ccb08e42649eb5",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "fenix",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
@ -161,11 +262,11 @@
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
@ -190,9 +291,40 @@
"type": "github"
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems"
"systems": "systems_2"
},
"locked": {
"lastModified": 1689068808,
@ -208,9 +340,9 @@
"type": "github"
}
},
"flake-utils_2": {
"flake-utils_3": {
"inputs": {
"systems": "systems_2"
"systems": "systems_3"
},
"locked": {
"lastModified": 1710146030,
@ -226,7 +358,7 @@
"type": "github"
}
},
"flake-utils_3": {
"flake-utils_4": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
@ -244,6 +376,8 @@
"gitignore": {
"inputs": {
"nixpkgs": [
"oscuro",
"bonfire",
"devenv",
"pre-commit-hooks",
"nixpkgs"
@ -283,10 +417,34 @@
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"oscuro",
"bonfire",
"nixpkgs"
]
},
"locked": {
"lastModified": 1713818326,
"narHash": "sha256-aw3xbVPJauLk/bbrlakIYxKpeuMWzA2feGrkIpIuXd8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "67de98ae6eed5ad6f91b1142356d71a87ba97f21",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nix": {
"inputs": {
"flake-compat": "flake-compat",
"flake-compat": "flake-compat_2",
"nixpkgs": [
"oscuro",
"bonfire",
"devenv",
"cachix",
"devenv",
@ -312,6 +470,8 @@
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"oscuro",
"bonfire",
"devenv",
"cachix",
"devenv",
@ -336,10 +496,14 @@
"nix_2": {
"inputs": {
"flake-compat": [
"oscuro",
"bonfire",
"devenv",
"flake-compat"
],
"nixpkgs": [
"oscuro",
"bonfire",
"devenv",
"nixpkgs"
],
@ -362,7 +526,7 @@
},
"nixgl": {
"inputs": {
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
@ -381,10 +545,33 @@
"type": "github"
}
},
"nixgl_2": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": [
"oscuro",
"bonfire",
"nixpkgs"
]
},
"locked": {
"lastModified": 1713543440,
"narHash": "sha256-lnzZQYG0+EXl/6NkGpyIz+FEOc/DSEG57AP1VsdeNrM=",
"owner": "guibou",
"repo": "nixGL",
"rev": "310f8e49a149e4c9ea52f1adf70cdc768ec53f8a",
"type": "github"
},
"original": {
"owner": "guibou",
"repo": "nixGL",
"type": "github"
}
},
"nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
],
@ -404,18 +591,43 @@
"type": "gitlab"
}
},
"nixos-mailserver_2": {
"inputs": {
"blobs": "blobs_2",
"flake-compat": "flake-compat_4",
"nixpkgs": [
"oscuro",
"bonfire",
"nixpkgs"
],
"utils": "utils_2"
},
"locked": {
"lastModified": 1713012165,
"narHash": "sha256-z/soXKDnz+w4Nw0LkRaM73YqolhSmIYy6cpg1F2ps8I=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "9f6635a0351c190179dc6904545f950108a23dd8",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1692808169,
"narHash": "sha256-x9Opq06rIiwdwGeK2Ykj69dNc2IvUH1fY55Wm7atwrE=",
"owner": "NixOS",
"lastModified": 1713714899,
"narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9201b5ff357e781bf014d0330d18555695df7ba8",
"rev": "6143fc5eeb9c4f00163267708e26191d1e918932",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
@ -484,7 +696,39 @@
"type": "github"
}
},
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1713638189,
"narHash": "sha256-q7APLfB6FmmSMI1Su5ihW9IwntBsk2hWNXh8XtSdSIk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "74574c38577914733b4f7a775dd77d24245081dd",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1692808169,
"narHash": "sha256-x9Opq06rIiwdwGeK2Ykj69dNc2IvUH1fY55Wm7atwrE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9201b5ff357e781bf014d0330d18555695df7ba8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1713714899,
"narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=",
@ -500,11 +744,31 @@
"type": "github"
}
},
"oscuro": {
"inputs": {
"bonfire": "bonfire"
},
"locked": {
"lastModified": 1714131862,
"narHash": "sha256-t936zWQu+wHz4i1SPveDrCIpzvtjzhqlbCh7quzZldU=",
"owner": "L-Nafaryus",
"repo": "oscuro",
"rev": "d3944c0a08747f11aa4b9227dcb256c103a5a559",
"type": "github"
},
"original": {
"owner": "L-Nafaryus",
"repo": "oscuro",
"type": "github"
}
},
"poetry2nix": {
"inputs": {
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"oscuro",
"bonfire",
"devenv",
"cachix",
"devenv",
@ -528,12 +792,16 @@
"pre-commit-hooks": {
"inputs": {
"flake-compat": [
"oscuro",
"bonfire",
"devenv",
"flake-compat"
],
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils_3",
"gitignore": "gitignore",
"nixpkgs": [
"oscuro",
"bonfire",
"devenv",
"nixpkgs"
],
@ -556,18 +824,20 @@
"root": {
"inputs": {
"crane": "crane",
"devenv": "devenv",
"fenix": "fenix",
"home-manager": "home-manager",
"nixgl": "nixgl",
"nixos-mailserver": "nixos-mailserver",
"nixpkgs": "nixpkgs_2",
"sops-nix": "sops-nix"
"nixpkgs": "nixpkgs",
"oscuro": "oscuro",
"sops-nix": "sops-nix_2"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"oscuro",
"bonfire",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_2"
@ -586,6 +856,27 @@
"type": "github"
}
},
"sops-nix_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_3"
},
"locked": {
"lastModified": 1713775152,
"narHash": "sha256-xyP8h9jLQ0AmyPy40sIwL7/D03oVpXG9YHoYJ4ecYWA=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "4371a1301c4d36cc791069d90ae522613a3a335e",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@ -631,9 +922,42 @@
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_3"
"systems": "systems"
},
"locked": {
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_2": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1709126324,

15
flake.nix
View File

@ -2,8 +2,8 @@
description = "Derivation lit";
nixConfig = {
extra-substituters = ["https://bonfire.cachix.org"];
extra-trusted-public-keys = ["bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM="];
extra-substituters = [ "https://bonfire.cachix.org" ];
extra-trusted-public-keys = [ "bonfire.cachix.org-1:mzAGBy/Crdf8NhKail5ciK7ZrGRbPJJobW6TwFb7WYM=" ];
};
inputs = {
@ -12,10 +12,6 @@
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
devenv = {
url = "github:cachix/devenv";
inputs.nixpkgs.follows = "nixpkgs";
};
nixgl = {
url = "github:guibou/nixGL";
inputs.nixpkgs.follows = "nixpkgs";
@ -37,9 +33,13 @@
inputs.nixpkgs.follows = "nixpkgs";
inputs.rust-analyzer-src.follows = "";
};
oscuro = {
url = "github:L-Nafaryus/oscuro";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs @ { self, nixpkgs, home-manager, devenv, nixgl, nixos-mailserver, sops-nix, crane, fenix, ... }: {
outputs = inputs @ { self, nixpkgs, home-manager, nixgl, nixos-mailserver, sops-nix, crane, fenix, oscuro, ... }: {
lib = import ./lib {};
@ -60,6 +60,7 @@
modules = [
nixos-mailserver.nixosModules.mailserver
sops-nix.nixosModules.sops
oscuro.nixosModules.oscuro
./nixosConfigurations/catarina
./nixosModules/bonfire.nix
self.nixosModules.spoofdpi

2
nixosConfigurations/astora/default.nix
View File

@ -141,7 +141,7 @@
Host catarina
HostName 192.168.156.102
Port 22
User l.nafaryus
User l-nafaryus
'';
programs.direnv.enable = true;

14
nixosConfigurations/astora/hardware.nix
View File

@ -150,6 +150,7 @@
networking = {
networkmanager.enable = true;
networkmanager.unmanaged = [ "interface-name:ve-*" ];
useDHCP = lib.mkDefault true;
hostName = "astora";
extraHosts = '''';
@ -157,6 +158,19 @@
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
trustedInterfaces = [ "ve-+" ];
extraCommands = ''
iptables -t nat -A POSTROUTING -o wlo1 -j MASQUERADE
'';
extraStopCommands = ''
iptables -t nat -D POSTROUTING -o wlo1 -j MASQUERADE
'';
};
nat = {
enable = true;
externalInterface = "wlo1";
internalInterfaces = [ "ve-+" ];
};
interfaces.wlo1.ipv4.addresses = [ {

35
nixosConfigurations/catarina/default.nix
View File

@ -1,5 +1,5 @@
{ config, pkgs, lib, inputs, self, ... }:
rec {
{
system.stateVersion = "23.11";
imports = [
@ -12,8 +12,8 @@ rec {
nix = {
settings = {
experimental-features = [ "nix-command" "flakes" ];
trusted-users = [ "l.nafaryus" ];
allowed-users = [ "l.nafaryus" ];
trusted-users = [ "l-nafaryus" ];
allowed-users = [ "l-nafaryus" ];
substituters = [ "https://nix-community.cachix.org" ];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
@ -38,23 +38,6 @@ rec {
};
# Services
services.xserver = {
enable = true;
xkb = {
layout = "us";
variant = "";
};
videoDrivers = [ "nvidia" ];
displayManager.gdm = {
enable = false;
autoSuspend = false;
};
desktopManager.gnome.enable = false;
};
services.printing.enable = true;
services.pipewire = {
@ -204,6 +187,11 @@ rec {
};
};
services.oscuro = {
enable = true;
discordTokenFile = config.sops.secrets.discordToken.path;
};
# Packages
environment.systemPackages = with pkgs; [
wget
@ -255,16 +243,13 @@ rec {
Host astora
HostName 192.168.156.101
Port 22
User nafaryus
User l-nafaryus
Host catarina
HostName 192.168.156.102
Port 22
User l.nafaryus
User l-nafaryus
'';
programs.direnv.enable = true;
fonts.packages = with pkgs; [ nerdfonts ];
}

6
nixosConfigurations/catarina/hardware.nix
View File

@ -119,12 +119,6 @@
cpu.intel.updateMicrocode = true;
nvidia.nvidiaSettings = true;
nvidia.modesetting.enable = true;
opengl.enable = true;
opengl.driSupport32Bit = true;
bluetooth.enable = true;
pulseaudio.enable = false;

4
nixosConfigurations/catarina/users.nix
View File

@ -3,14 +3,14 @@
# Users
users.users.root.hashedPasswordFile = config.sops.secrets."users/root".path;
users.users."l.nafaryus" = {
users.users.l-nafaryus = {
isNormalUser = true;
description = "L-Nafaryus";
extraGroups = [ "networkmanager" "wheel" ];
group = "users";
uid = 1000;
shell = pkgs.fish;
hashedPasswordFile = config.sops.secrets."users/l.nafaryus".path;
hashedPasswordFile = config.sops.secrets."users/l-nafaryus".path;
};
users.users.nginx.extraGroups = [ "acme" "papermc" ];