Compare commits

...

119 Commits

Author SHA1 Message Date
Tudor Roman 2f2a8e4dd0 I think I'm having a windows phase again
Flake Check / flake-check (push) Successful in 2m48s Details
2024-05-09 12:48:15 +02:00
Tudor Roman 21c97d11d3
Quickfix. Will look into this later
Flake Check / flake-check (push) Failing after 11m18s Details
2024-04-09 19:56:40 +02:00
Tudor Roman 842fe8238b
Update flakes
Flake Check / flake-check (push) Successful in 48s Details
2024-04-08 12:09:58 +02:00
Tudor Roman c61f4b6179
Use RCtrl as compose key in Niri
Flake Check / flake-check (pull_request) Successful in 59s Details
Flake Check / flake-check (push) Successful in 43s Details
2024-04-08 12:04:01 +02:00
Tudor Roman 506f944514
niri: struts, gaps, borders 2024-04-08 12:04:00 +02:00
Tudor Roman 05bd4cf793
niri: start emote emoji picker 2024-04-08 12:03:59 +02:00
Tudor Roman db62ebf338
niri: start 1password in cage (lol) 2024-04-08 12:03:58 +02:00
Tudor Roman 6d8a539a4f
niri: start polkit agent and mako 2024-04-08 12:03:57 +02:00
Tudor Roman 8806496ca8
niri: please no springy window open animations i beg you 2024-04-08 12:03:56 +02:00
Tudor Roman 5a1dbe4ec1
Make swayidle work for both sway and niri 2024-04-08 12:03:55 +02:00
Tudor Roman 44ab1f127a
Niri: better input options 2024-04-08 12:03:54 +02:00
Tudor Roman 980fd19316
Trying out Niri 2024-04-08 12:03:53 +02:00
Tudor Roman 51797a6c63
Use RCtrl as compose key in Sway
Flake Check / flake-check (push) Successful in 2m48s Details
2024-04-08 12:03:25 +02:00
Tudor Roman 85686e8f47
sway: move workspaces around
Flake Check / flake-check (push) Successful in 1m2s Details
2024-04-02 13:16:26 +02:00
Tudor Roman da126bf13a
Foot is faster than wezterm
Flake Check / flake-check (pull_request) Successful in 1m8s Details
Flake Check / flake-check (push) Successful in 45s Details
2024-04-02 12:17:47 +02:00
Tudor Roman 65be64ce1a
Declare default shell to be used in terminals 2024-04-02 12:17:46 +02:00
Tudor Roman 7e8025ff5b
Create common wayland compositor options 2024-04-02 12:17:45 +02:00
Tudor Roman a102d09ffa
Fix (tray)icons of nix-installed gtk apps
Flake Check / flake-check (push) Successful in 1m24s Details
2024-04-02 12:17:25 +02:00
Tudor Roman e96d9cc705
update flakes
Flake Check / flake-check (push) Successful in 14m56s Details
2024-03-29 17:32:21 +01:00
Tudor Roman ce2c7311ea
let the terminal start the shell instead of bash
Flake Check / flake-check (push) Successful in 3m35s Details
2024-03-25 18:54:05 +01:00
Tudor Roman 206a5120b4
Also use garnix cache in forgejo actions
Flake Check / flake-check (push) Successful in 58s Details
2024-03-16 13:12:04 +01:00
Tudor Roman e66be35b4d
Fully remove attic
Flake Check / flake-check (pull_request) Successful in 43s Details
Flake Check / flake-check (push) Successful in 43s Details
2024-03-16 13:04:38 +01:00
Tudor Roman 3fcded03dc
Use Garnix Cache
Flake Check / flake-check (pull_request) Failing after 23s Details
2024-03-16 13:03:24 +01:00
Tudor Roman 5e525bf863
Enable Zoxide
Flake Check / flake-check (push) Successful in 1m0s Details
2024-03-16 12:27:36 +01:00
Tudor Roman 4e946501ae
Move .gitea to .forgejo
Flake Check / flake-check (pull_request) Successful in 57s Details
Flake Check / flake-check (push) Successful in 43s Details
2024-03-15 11:14:55 +01:00
Tudor Roman 7ba385f5dc
Bye Ansible!
Flake Check / flake-check (pull_request) Successful in 57s Details
Flake Check / flake-check (push) Successful in 44s Details
2024-03-15 11:05:11 +01:00
Tudor Roman 9e932104a6
Change zfs dataset for podman
Flake Check / flake-check (push) Successful in 1m45s Details
Don't ask why
2024-03-15 10:55:53 +01:00
Tudor Roman a35e8e8cd4
Fix fonts
Flake Check / flake-check (push) Successful in 1m12s Details
2024-03-11 10:15:16 +01:00
Tudor Roman 968b772fe0
Base my home-manager config on nixpkgs-unstable
Flake Check / flake-check (pull_request) Successful in 1m30s Details
Flake Check / flake-check (push) Successful in 45s Details
2024-03-11 09:21:57 +01:00
Tudor Roman 1ae1820a4f
forgejo: fix deprecation
Flake Check / flake-check (pull_request) Successful in 1m11s Details
Flake Check / flake-check (push) Successful in 48s Details
2024-03-04 18:28:51 +01:00
Tudor Roman cd7300f41f
forgejo: no need for a token
Flake Check / flake-check (pull_request) Successful in 1m14s Details
2024-03-04 18:24:59 +01:00
Tudor Roman 6b900213e3
migrate from gitea to forgejo
Flake Check / flake-check (pull_request) Successful in 1m40s Details
2024-03-04 18:22:20 +01:00
Tudor Roman 6d83bc868e
update flakes
Flake Check / flake-check (push) Successful in 2m52s Details
2024-03-03 16:35:56 +01:00
Tudor Roman bd575604e9
ceres: the site is not hosted here anymore 2024-03-03 16:35:29 +01:00
Tudor Roman cbc7d1c9fe
disable trackpoint because it broke (you'll be missed) 2024-03-03 15:01:12 +01:00
Tudor Roman 4c611b3977
update flakes
Flake Check / flake-check (push) Successful in 17m15s Details
2024-02-16 10:30:09 +01:00
Tudor Roman bc6049c310
sway: better touchpad settings
Flake Check / flake-check (push) Successful in 3m40s Details
2024-02-14 11:37:13 +01:00
Tudor Roman 13fa05a37e
include gnutar and zstd to make the cache action work
Flake Check / flake-check (push) Successful in 1m43s Details
2024-02-04 13:13:39 +01:00
Tudor Roman e9a02fea7f
try simplifying the nix actions image
Flake Check / flake-check (pull_request) Successful in 1m4s Details
Flake Check / flake-check (push) Successful in 43s Details
2024-02-01 23:07:40 +01:00
Tudor Roman ed03273815
actions: only run with nixuser in the nix image
Flake Check / flake-check (pull_request) Successful in 49s Details
2024-02-01 20:56:32 +01:00
Tudor Roman d280c2a4ba
update ceres.tudorr.ro instead of apex
Flake Check / flake-check (pull_request) Successful in 1m12s Details
Flake Check / flake-check (push) Successful in 48s Details
but you cannot see that because it's a secret >:)
2024-02-01 19:26:54 +01:00
Tudor Roman 51e9976d98
update microcode for ceres, hw tweaks
Flake Check / flake-check (pull_request) Successful in 4m53s Details
Flake Check / flake-check (push) Successful in 53s Details
2024-02-01 13:34:11 +01:00
Tudor Roman c4d75aafc2
gitea: rebase and ff as default merge strategy
Flake Check / flake-check (push) Successful in 1m13s Details
2024-01-31 19:21:39 +01:00
Tudor Roman f7b83ddf3b
disable attic for now
Flake Check / flake-check (pull_request) Successful in 3m21s Details
Flake Check / flake-check (push) Successful in 48s Details
2024-01-31 19:03:28 +01:00
Tudor Roman 12ab0c4529
update flakes
Flake Check / flake-check (push) Successful in 3m9s Details
2024-01-30 12:40:17 +01:00
Tudor Roman 3adb662b78
slim down my base profile a bit 2024-01-30 11:50:29 +01:00
Tudor Roman 679f00024a
trust myself 2024-01-30 11:44:28 +01:00
Tudor Roman cda9b8b229
just run nix flake check in the action
Flake Check / flake-check (pull_request) Successful in 1m16s Details
Flake Check / flake-check (push) Successful in 50s Details
2024-01-30 10:46:54 +01:00
Tudor Roman 5fa7e17584
not using wsl2, comment out the flake output 2024-01-30 10:43:18 +01:00
Tudor Roman 3125054a31
move podman zfs config to the host itself
pre-commit / pre-commit (pull_request) Successful in 53s Details
pre-commit / pre-commit (push) Successful in 50s Details
2024-01-30 10:39:24 +01:00
Tudor Roman 711c53c29e
gitea actions service hardening
pre-commit / pre-commit (pull_request) Successful in 50s Details
2024-01-30 10:30:46 +01:00
Tudor Roman 04c9045119
Use nix label for actions, and run nix in the action directly 2024-01-30 10:30:20 +01:00
Tudor Roman a4390b328d
try using the much better setup from (link bellow)
https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix

This one automatically joins the runner to the gitea instance,
enabled KVM in the runner, and adds a special label / image for running
nix, in which the system's nix store is directly mounted.
2024-01-30 10:29:39 +01:00
Tudor Roman afcc595527
pong no more
pre-commit / pre-commit (pull_request) Has been cancelled Details
pre-commit / pre-commit (push) Has been cancelled Details
2024-01-29 12:10:02 +01:00
Tudor Roman b60500f4be
enable gitea actions runner cache
pre-commit / pre-commit (pull_request) Successful in 4m18s Details
pre-commit / pre-commit (push) Has been cancelled Details
2024-01-29 12:08:33 +01:00
Tudor Roman ff55fcdb04
make gitea actions runner not pollute my syslog
pre-commit / pre-commit (pull_request) Has been cancelled Details
pre-commit / pre-commit (push) Has been cancelled Details
2024-01-29 12:03:20 +01:00
Tudor Roman cfd22425fa
run ansible-lint through pre-commit
pre-commit / pre-commit (pull_request) Successful in 4m7s Details
pre-commit / pre-commit (push) Successful in 4m31s Details
2024-01-28 17:46:42 +01:00
Tudor Roman 248c711267
give pretty names to the gitea actions 2024-01-28 17:46:10 +01:00
Tudor Roman 19d113cadf
try out magic nix cache
pre-commit / pre-commit (pull_request) Successful in 3m34s Details
pre-commit / pre-commit (push) Successful in 2m53s Details
2024-01-28 16:25:10 +01:00
Tudor Roman 85374aa3da
pre-commit gitea action
pre-commit / pre-commit (pull_request) Successful in 3m18s Details
2024-01-28 16:20:40 +01:00
Tudor Roman e0cdc980a6
ignore grand reformat in git blame 2024-01-28 16:15:10 +01:00
Tudor Roman 3237085311
reformat everything with alejandra 2024-01-28 15:51:55 +01:00
Tudor Roman 7b8952679b
applied static 2024-01-28 15:49:42 +01:00
Tudor Roman 9f089dee03
applied deadnix 2024-01-28 15:33:57 +01:00
Tudor Roman 8d83b68d57
precommit hooks 2024-01-28 15:28:07 +01:00
Tudor Roman e0e4820de2
install attic client for my user 2024-01-28 15:22:15 +01:00
Tudor Roman 4dc0a6e413
more padding between battery charge and icon 2024-01-28 15:08:04 +01:00
Tudor Roman ba416852d9
configure attic api endpoints 2024-01-28 15:04:05 +01:00
Tudor Roman e614f4b6a0
use recent nodejs for gitea actions 2024-01-28 14:58:45 +01:00
Tudor Roman 9fd692f998
split gitea actions runner from gitea 2024-01-28 14:58:44 +01:00
Tudor Roman 2a1c986c5f
install attic 2024-01-28 14:58:35 +01:00
Tudor Roman 0abd339e8a
privileged containers in actions 2024-01-28 14:50:58 +01:00
Tudor Roman 247b3229a8
update co input 2024-01-28 14:46:28 +01:00
Tudor Roman fb7bdf0d85
gitea actions 2024-01-26 17:51:30 +01:00
Tudor Roman 578304c0de
purge site and blog inputs 2024-01-26 13:21:36 +01:00
Tudor Roman 659c037f83
preparations for the new website 2024-01-26 13:21:35 +01:00
Tudor Roman caa3075068
install clipboard utilities 2024-01-26 13:03:46 +01:00
Tudor Roman 4b0326a396
make fuzzel render the eyes emoji correctly 2024-01-26 12:59:58 +01:00
Tudor Roman 43578606a7
ability to switch between foot and wezterm 2024-01-26 12:59:09 +01:00
Tudor Roman 2b5a21a637
wezterm instead of foot 2024-01-22 14:18:07 +01:00
Tudor Roman e8d22b9684
added systemd service hardening helper 2024-01-19 14:01:56 +01:00
Tudor Roman f6c7a4ec1d
oops oops 2024-01-17 19:09:50 +01:00
Tudor Roman 62bb304b68
oops 2024-01-17 19:08:55 +01:00
Tudor Roman d0bf008c24
do not enable any desktop modules on non desktop configs 2024-01-17 19:01:57 +01:00
Tudor Roman f5fc65c284
disable ui animations in gtk and gnome 2024-01-17 18:54:31 +01:00
Tudor Roman 1964e240b6
enable nushell fuzzy completion mode 2024-01-17 18:53:02 +01:00
Tudor Roman e3564dd7b3
remove unneeded nixpkgs config 2024-01-17 18:51:09 +01:00
Tudor Roman 6b437e731d
use inherit for my packages 2024-01-17 18:37:27 +01:00
Tudor Roman e971cbf544
flake: make systems easier to configure 2024-01-17 18:37:09 +01:00
Tudor Roman cdee0eca04
flake: simplify deploy-related stuff 2024-01-13 13:03:18 +01:00
Tudor Roman 0fdd911b67
one less nixpkgs dep 2024-01-13 13:03:16 +01:00
Tudor Roman 9f2b6979cd
Properly put my packages in pkgs.tudor 2024-01-13 13:01:57 +01:00
Tudor Roman 910c89e5f2
Make sure all referenced inputs are between the brackets 2024-01-13 13:01:56 +01:00
Tudor Roman dbcaafe117
Remove configName hacks and use proper options instead 2024-01-13 13:01:55 +01:00
Tudor Roman 5e6361b9b5
Let each host define the homedir instead of one global one in the flake 2024-01-13 13:01:54 +01:00
Tudor Roman f20df09855
Add packages to devshell from the flake directly 2024-01-13 13:01:53 +01:00
Tudor Roman d09ed5b642
Import modules when needed 2024-01-13 13:01:52 +01:00
Tudor Roman 8d8d78e118
Use haumea, shuffle things around 2024-01-13 13:01:51 +01:00
Tudor Roman fedcc8d778
Only use overlays when needed 2024-01-13 13:01:50 +01:00
Tudor Roman 39f0a31fab
update flakes 2024-01-13 13:01:34 +01:00
Tudor Roman 42dfc03275
fix emojis once and for all 2024-01-13 11:32:40 +01:00
Tudor Roman 9234c78061
Fix brightness+ keybind 2024-01-13 11:32:17 +01:00
Tudor Roman baef26cf12
dyndns: load credentials through systemd credentials 2024-01-10 21:50:50 +01:00
Tudor Roman 87532bb751
Harden dyndns service 2024-01-10 21:37:50 +01:00
Tudor Roman ce034e82fc
Harden pong service 2024-01-10 21:37:34 +01:00
Tudor Roman 8f3b232ec7
oops 2023-12-27 16:24:58 +02:00
Tudor Roman 8fbc483c82
better nginx base config 2023-12-27 16:19:43 +02:00
Tudor Roman 52bb058d43
dyndns config 2023-12-27 13:31:53 +02:00
Tudor Roman 744ad0460a
fix deploy config 2023-12-27 11:06:51 +02:00
Tudor Roman 8e41f500db
use the right passwordfile option 2023-12-27 10:42:09 +02:00
Tudor Roman c25e1c63b8
upgrade to nixpkgs 23.11. not yet adapted for nixos 2023-12-27 10:42:06 +02:00
Tudor Roman 4b708ac164
update site 2023-12-26 22:57:31 +02:00
Tudor Roman 93e6ca505b
ansible: install langpacks 2023-12-22 15:44:19 +02:00
Tudor Roman ca11b5affe
Use Universal Blue, simplify ansible playbooks 2023-12-22 15:05:37 +02:00
Tudor Roman 97b7adac24
update password 2023-12-17 16:33:15 +01:00
Tudor Roman 01e78ae61c
set global useDHCP to true 2023-12-17 16:33:13 +01:00
Tudor Roman 4a900e8e4b
Update state version, use right url for home-manager 2023-12-17 16:05:28 +01:00
Tudor Roman 16146cc2d5
remove flake-utils 2023-12-17 16:04:09 +01:00
Tudor Roman 79994e616d
abandon flake-utils in favour of flake-parts 2023-12-17 13:05:23 +01:00
92 changed files with 2930 additions and 1845 deletions

View File

@ -0,0 +1,14 @@
name: Flake Check
on:
pull_request:
push:
branches: [master]
jobs:
flake-check:
runs-on: nix
steps:
- uses: actions/checkout@v3
- name: Run flake check
run: nix flake check -L --show-trace

2
.git-blame-ignore-revs Normal file
View File

@ -0,0 +1,2 @@
# https://stackoverflow.com/a/69118451
323708531114b1c15614e3769fbbf63bd1a8dc1c

3
.gitignore vendored
View File

@ -1,2 +1,3 @@
result
.direnv
.direnv
.pre-commit-config.yaml

View File

@ -26,8 +26,11 @@ Remote server:
### Any other Linux distro for sane people
1. Provision a machine with a "normal" Linux distro (my personal choice is Fedora).
For this, [I prepared Ansible roles and playbooks](./ansible).
The companion distro for this config is [My Build of Fedora Silverblue](https://github.com/tudurom/my-os).
It is made with [BlueBuild](https://blue-build.org). The desktop-oriented configs in this repo
are meant to be used with this Fedora build only.
1. Provision a system with the [ISO](https://github.com/tudurom/my-os/releases/tag/auto-iso).
2. Install Nix (my installer of choice is [nix-installer][nix-installer]).
3. Clone this repo somewhere on the machine
4. `nix run .#home-manager -- switch --flake .#tudor`

1
ansible/.gitignore vendored
View File

@ -1 +0,0 @@
.direnv

View File

@ -1,55 +0,0 @@
Ansible roles and playbooks
===========================
While I very much love Nix and NixOS, I think NixOS is not suitable
for a developer's day-to-day-use machine.
On my personal machine, which is now just a laptop, I want to be able
to quickly change settings and run random scripts and programs without
first adapting them, whereas on a server and/or a VM
(either a server VM, or just some tiny one for development and testing)
I do prefer having the rigurousness that NixOS provides.
For this reason, I prefer running Nix with Home Manager on top of Fedora
on my laptop. I actually use [Fedora Silverblue][fedora-silverblue], which also gives me
a very nice system base that I can version and roll-back if needed, with the advantage
of looking very much like a "normal" Linux distro. I even have automatic updates
that are applied transparently on next reboot!
[fedora-silverblue]: https://fedoraproject.org/silverblue/
I would, however, like to also manage the underlying OS in a declarative way.
I am using Ansible to achieve this.
Setup
-----
Because I don't want to litter my Silverblue install with Ansible and Python stuff,
I am running it from a container (with either [Toolbx][toolbx] or [Distrobox][distrobox]).
To make that work, I enabled the SSH daemon, added my own SSH key to `authorized_keys`,
and configured the daemon to only allow pubkey authentication.
[toolbx]: https://containertoolbx.org/
[distrobox]: https://distrobox.it/
To prepare the environment:
```sh
distrobox create ansible-box [--image whatever]
distrobox enter ansible-box
```
Running
-------
```sh
distrobox enter ansible-box
ansible-playbook playbooks/a_playbook.yml -K # the -K is short for --ask-become-pass
# or even shorter
distrobox enter ansible-box -- ansible-playbook playbooks/a_playbook.yml -K
```
To lint, run `ansible-lint` (installation left as an exercise to the reader), or:
```sh
nix flake check # this builds EVERYTHING, it will take a while
```

View File

@ -1,4 +0,0 @@
[defaults]
roles_path = ./roles
inventory = ./hosts.yml
pipelining = true

View File

@ -1,4 +0,0 @@
---
collections:
- name: community.general
version: '>=8.0.0,<9.0.0'

View File

@ -1,5 +0,0 @@
---
ungrouped:
hosts:
pepper:
ansible_host: localhost

View File

@ -1,13 +0,0 @@
---
- name: Setup my laptop
hosts: pepper
roles:
- sshd_no_passwords
- auto_updates
- nix_installer
- distrobox
- tailscale
- one_password
- sway_fixes
- flatpaks
- codecs

View File

@ -1,6 +0,0 @@
---
- name: Reload rpm-ostree
become: true
changed_when: true
ansible.builtin.command:
cmd: /usr/bin/rpm-ostree reload

View File

@ -1,16 +0,0 @@
---
- name: Enable rpm-ostree automatic update staging
become: true
ansible.builtin.lineinfile:
path: /etc/rpm-ostreed.conf
regexp: '^#?AutomaticUpdatePolicy='
line: 'AutomaticUpdatePolicy=stage'
register: auto_updates_policy_conf
notify: Reload rpm-ostree
- name: Enable and start rpm-ostreed-automatic timer
become: true
ansible.builtin.systemd_service:
name: rpm-ostreed-automatic.timer
state: started
enabled: true

View File

@ -1,3 +0,0 @@
---
dependencies:
- role: rpmfusion

View File

@ -1,28 +0,0 @@
---
- name: Get package facts
ansible.builtin.package_facts:
- name: Install hardware codecs
become: true
community.general.rpm_ostree_pkg:
name: intel-media-driver
state: present
- name: Install software codecs
become: true
when: '"ffmpeg" not in ansible_facts.packages'
changed_when: true
ansible.builtin.command: >-
/usr/bin/rpm-ostree override
remove
mesa-va-drivers
libavcodec-free
libavfilter-free
libavformat-free
libavutil-free
libpostproc-free
libswresample-free
libswscale-free
--install ffmpeg
--install mesa-va-drivers-freeworld

View File

@ -1,6 +0,0 @@
---
- name: Install distrobox
become: true
community.general.rpm_ostree_pkg:
name: distrobox
state: present

View File

@ -1,46 +0,0 @@
---
- name: Setup user flathub flatpak repo
community.general.flatpak_remote:
method: user
enabled: true
name: flathub
state: present
flatpakrepo_url: 'https://dl.flathub.org/repo/flathub.flatpakrepo'
- name: Setup user fedora flatpak repo
community.general.flatpak_remote:
method: user
enabled: true
name: fedora
state: present
flatpakrepo_url: 'oci+https://registry.fedoraproject.org'
- name: Install various apps from flathub
community.general.flatpak:
method: user
state: present
remote: flathub
name:
- com.raggesilver.BlackBox
- org.telegram.desktop
- com.discordapp.Discord
- org.videolan.VLC
- io.github.flattool.Warehouse
- com.spotify.Client
- com.google.Chrome # for work...
- org.gnome.Solanum
- org.signal.Signal
- name: Install various apps from fedora flatpak repo
community.general.flatpak:
method: user
state: present
remote: fedora
name:
- com.github.tchx84.Flatseal
- org.gimp.GIMP
- ca.desrt.dconf-editor
- org.mozilla.Thunderbird
- org.gnome.NautilusPreviewer
- org.pulseaudio.pavucontrol
- org.libreoffice.LibreOffice

View File

@ -1,19 +0,0 @@
---
- name: Check if nix is installer
ansible.builtin.stat:
path: /nix
register: nix_installer_nix_stat
- name: Install Nix
when: 'not nix_installer_nix_stat.stat.exists'
block:
- name: Download Nix installer
ansible.builtin.get_url:
url: 'https://install.determinate.systems/nix/nix-installer-{{ ansible_architecture }}-linux'
dest: '/tmp/nix-installer'
mode: '0755'
- name: Run Nix installer
become: true
changed_when: true
ansible.builtin.command:
cmd: '/tmp/nix-installer install --explain --no-confirm'

View File

@ -1,7 +0,0 @@
[1password]
name="1Password Stable Channel"
baseurl=https://downloads.1password.com/linux/rpm/stable/$basearch
enabled=1
gpgcheck=1
#repo_gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/1password.asc

View File

@ -1,23 +0,0 @@
---
- name: Get package facts
ansible.builtin.package_facts:
- name: Download 1password repo key
become: true
ansible.builtin.get_url:
url: 'https://downloads.1password.com/linux/keys/1password.asc'
dest: '/etc/pki/rpm-gpg/1password.asc'
mode: '0644'
- name: Install 1password repo
become: true
ansible.builtin.copy:
src: '1password.repo'
dest: /etc/yum.repos.d/1password.repo
mode: '0644'
- name: Install 1Password
become: true
community.general.rpm_ostree_pkg:
name: '1password'
state: present

View File

@ -1,2 +0,0 @@
---
one_password_rpm_url: 'https://downloads.1password.com/linux/rpm/stable/x86_64/1password-latest.rpm'

View File

@ -1,31 +0,0 @@
---
- name: Get package facts
ansible.builtin.package_facts:
- name: Install RPMFusion Repo
when: '"rpmfusion-free-release" not in ansible_facts.packages'
block:
- name: Enable RPMFusion Repo
become: true
community.general.rpm_ostree_pkg:
name:
- 'https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ ansible_distribution_major_version }}.noarch.rpm'
- 'https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-{{ ansible_distribution_major_version }}.noarch.rpm'
state: present
- name: Apply trick to make upgrading RPMFusion easier
block:
- name: Set orig_pkg variable
ansible.builtin.set_fact:
rpmfusion_orig_pkg: '{{ ansible_facts.packages["rpmfusion-free-release"][0] }}'
- name: Do the trick
become: true
changed_when: true
ansible.builtin.command:
cmd: >-
/usr/bin/rpm-ostree update
--uninstall rpmfusion-free-release-{{ rpmfusion_orig_pkg.version }}-{{ rpmfusion_orig_pkg.release }}.noarch
--uninstall rpmfusion-nonfree-release-{{ rpmfusion_orig_pkg.version }}-{{ rpmfusion_orig_pkg.release }}.noarch
--install rpmfusion-free-release
--install rpmfusion-nonfree-release

View File

@ -1,5 +0,0 @@
---
- name: Reload SSHD
ansible.builtin.systemd_service:
name: sshd.service
state: reloaded

View File

@ -1,9 +0,0 @@
---
- name: Disable SSHD password authentication
become: true
ansible.builtin.copy:
dest: /etc/ssh/sshd_config.d/80-no-passwords.conf
mode: '0600'
content: >
PasswordAuthentication no
notify: Reload SSHD

View File

@ -1,5 +0,0 @@
[Desktop Entry]
Name=sway
Exec=/home/tudor/.nix-profile/bin/sway
Type=Application
DesktopNames=sway

View File

@ -1,24 +0,0 @@
---
- name: Install packages
become: true
community.general.rpm_ostree_pkg:
name:
- swaylock # for PAM config to be installed
- polkit-gnome
state: present
- name: Install sway Wayland session
block:
- name: Create wayland-sessions dir
become: true
ansible.builtin.file:
path: /usr/local/share/wayland-sessions
state: directory
mode: "0755"
- name: Copy session file
become: true
ansible.builtin.copy:
src: sway.desktop
dest: /usr/local/share/wayland-sessions/sway.desktop
mode: "0444"

View File

@ -1,20 +0,0 @@
---
- name: Add tailscale repo
become: true
ansible.builtin.get_url:
url: 'https://pkgs.tailscale.com/stable/fedora/tailscale.repo'
dest: '/etc/yum.repos.d/tailscale.repo'
mode: '0644'
- name: Install tailscale
become: true
community.general.rpm_ostree_pkg:
name: tailscale
state: present
- name: Start and enable systemd service
become: true
ansible.builtin.systemd_service:
name: tailscaled.service
enabled: true
state: started

View File

@ -3,11 +3,12 @@
let
lock = builtins.fromJSON (builtins.readFile ./flake.lock);
in
fetchTarball {
url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
sha256 = lock.nodes.flake-compat.locked.narHash;
}
fetchTarball {
url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
sha256 = lock.nodes.flake-compat.locked.narHash;
}
)
{
src = ./.;
}).defaultNix
})
.defaultNix

File diff suppressed because it is too large Load Diff

364
flake.nix
View File

@ -1,12 +1,19 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
unstable.url = "github:nixos/nixpkgs/nixos-unstable";
systems.url = "github:nix-systems/default-linux";
utils = {
url = "github:numtide/flake-utils";
inputs.systems.follows = "systems";
flake-parts = {
url = "github:hercules-ci/flake-parts";
inputs.nixpkgs-lib.follows = "nixpkgs";
};
haumea = {
url = "github:nix-community/haumea/v0.2.2";
inputs.nixpkgs.follows = "nixpkgs";
};
pre-commit-hooks = {
url = "github:cachix/pre-commit-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
deploy-rs = {
@ -22,22 +29,27 @@
};
home-manager = {
url = "github:rycee/home-manager/release-23.05";
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager-unstable = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "unstable";
};
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
# nix-alien = {
# url = "github:thiagokokada/nix-alien";
# inputs.nixpkgs.follows = "nixpkgs";
# };
flake-compat = {
url = "github:edolstra/flake-compat";
flake = false;
};
niri = {
url = "github:sodiboo/niri-flake";
inputs.nixpkgs.follows = "unstable";
};
nixos-wsl = {
url = "github:nix-community/NixOS-WSL";
inputs.nixpkgs.follows = "nixpkgs";
@ -50,190 +62,190 @@
hypr-contrib = {
url = "github:hyprwm/contrib";
inputs.nixpkgs.follows = "nixpkgs";
};
yarr-nix = {
url = "git+https://git.tudorr.ro/tudor/yarr-nix.git";
inputs.nixpkgs.follows = "nixpkgs";
};
co-work.url = "git+ssh://git@github.com/tudurom/co-work.git";
site.url = "github:tudurom/site";
blog.url = "github:tudurom/blog";
};
outputs = { self, nixpkgs, utils, deploy-rs, unstable, ... } @ inputs:
let
vars = {
stateVersion = "22.05";
username = "tudor";
outputs = inputs @ {
self,
haumea,
pre-commit-hooks,
nixpkgs,
unstable,
deploy-rs,
flake-parts,
home-manager,
home-manager-unstable,
...
}: let
systems = ["x86_64-linux" "aarch64-linux"];
vars = {
stateVersion = "23.11";
};
specialArgs = {
inherit vars;
flake = {
inherit self inputs;
};
};
mkPkgs = pkgs: system: import pkgs {
inherit system;
config.allowUnfree = true;
overlays = [
inputs.hypr-contrib.overlays.default
inputs.nixgl.overlays.default
inputs.agenix.overlays.default
inputs.yarr-nix.overlays.default
(final: prev: {
tudor.site = inputs.site.packages.${system}.site;
tudor.blog = inputs.blog.packages.${system}.blog;
tudor.pong = inputs.co-work.packages.${system}.pong;
unstable = import inputs.unstable { inherit system; config.allowUnfree = true; };
home-manager = inputs.home-manager.packages.${system}.home-manager;
})
];
};
deployPkgs = with nixpkgs.lib; listToAttrs (map (system: nameValuePair system (self.lib.deploy.mkPkgs system)) systems);
in
flake-parts.lib.mkFlake {inherit inputs;} {
inherit systems;
mkHmDependencies = system: [
inputs.agenix.homeManagerModules.default
];
mkNixOSModules = name: system: [
{
nixpkgs.pkgs = mkPkgs nixpkgs system;
_module.args.nixpkgs = nixpkgs;
_module.args.self = self;
_module.args.inputs = inputs;
_module.args.configName = name;
_module.args.vars = vars;
}
inputs.agenix.nixosModules.default
{
environment.systemPackages = [ inputs.agenix.packages.${system}.default ];
# enable ssh host key generation
services.openssh.enable = true;
}
inputs.home-manager.nixosModules.home-manager
inputs.nixos-wsl.nixosModules.wsl
inputs.yarr-nix.nixosModules.default
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = false;
extraSpecialArgs = { inherit inputs vars; configName = name; };
sharedModules = mkHmDependencies system;
flake = {
lib = haumea.lib.load {
src = ./lib;
inputs = {
inherit nixpkgs inputs;
};
}
./hosts/${name}
];
};
mkNixOSSystem = name: system: nixpkgs.lib.nixosSystem {
inherit system;
modules = mkNixOSModules name system;
nixosConfigurations = let
mkNixOSSystem = name: system: let
modules = [
inputs.agenix.nixosModules.default
{
environment.systemPackages = [inputs.agenix.packages.${system}.default];
# enable ssh host key generation
services.openssh.enable = true;
}
inputs.home-manager.nixosModules.home-manager
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = false;
extraSpecialArgs = specialArgs;
sharedModules = self.lib.hm-modules;
};
}
./hosts/${name}
];
in
nixpkgs.lib.nixosSystem {
pkgs = self.lib.nixpkgs.mkPkgs {inherit system;};
inherit system modules specialArgs;
};
in {
"ceres" = mkNixOSSystem "ceres" "x86_64-linux";
"wsl2" = mkNixOSSystem "wsl2" "x86_64-linux";
};
homeConfigurations = let
mkHomeConfiguration = name: user: system: let
stablePkgs = self.lib.nixpkgs.mkPkgs {inherit system;};
hm = inputs.home-manager;
in
mkHomeConfiguration' hm stablePkgs name user;
mkHomeConfigurationUnstable = name: user: system: let
unstablePkgs = self.lib.nixpkgs.mkPkgs {
inherit system;
nixpkgsVersion = unstable;
};
hm = inputs.home-manager-unstable;
in
mkHomeConfiguration' hm unstablePkgs name user;
mkHomeConfiguration' = hm: pkgs: name: user:
hm.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = specialArgs;
modules =
self.lib.hm-modules
++ [
{
home = {
homeDirectory = "/home/${user}";
username = user;
sessionVariables = {
GIT_SSH = "/usr/bin/ssh";
};
};
programs.bash.profileExtra = ''
. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
'';
nix.package = pkgs.nix;
}
(./users + "/${name}")
];
};
in {
"tudor" = mkHomeConfiguration "tudor" "tudor" "x86_64-linux";
"tudor@pepper-penguin" = mkHomeConfigurationUnstable "tudor@pepper-penguin" "tudor" "x86_64-linux";
};
deploy.nodes."ceres" = let
cfg = self.nixosConfigurations."ceres";
in {
hostname = "ceres.lamb-monitor.ts.net";
profiles.system = {
user = "root";
path = deployPkgs.${cfg.pkgs.system}.deploy-rs.lib.activate.nixos cfg;
};
};
checks."x86_64-linux" = deployPkgs."x86_64-linux".deploy-rs.lib.deployChecks self.deploy;
};
mkNonNixOSEnvironment = name: user: system: inputs.home-manager.lib.homeManagerConfiguration {
pkgs = mkPkgs nixpkgs system;
extraSpecialArgs = {inherit inputs vars; configName = "normal-linux"; };
modules = (mkHmDependencies system) ++ [
{
_module.args.nixpkgs = nixpkgs;
_module.args.inputs = inputs;
_module.args.vars = vars;
}
{
home = {
homeDirectory = "/home/${user}";
username = user;
sessionVariables = {
GIT_SSH = "/usr/bin/ssh";
};
};
perSystem = {
pkgs,
system,
self',
...
}: {
packages.default = pkgs.nix;
packages.nixos-rebuild = pkgs.nixos-rebuild;
programs.bash.profileExtra = ''
. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
packages.home-manager = inputs.home-manager.packages.${system}.default;
packages.home-manager-unstable = inputs.home-manager-unstable.packages.${system}.default;
packages.agenix = inputs.agenix.packages.${system}.default;
packages.deploy-rs = deployPkgs.${system}.deploy-rs.deploy-rs;
devShells.default = pkgs.mkShell {
shellHook =
self'.checks.pre-commit-check.shellHook
+ ''
/usr/bin/env git config blame.ignoreRevsFile .git-blame-ignore-revs
'';
}
(./users + "/${name}")
];
};
buildInputs = with pkgs; [
self'.packages.home-manager
self'.packages.home-manager-unstable
self'.packages.nixos-rebuild
self'.packages.agenix
self'.packages.deploy-rs
mkDeployPkgs = system: import nixpkgs {
inherit system;
overlays = [
deploy-rs.overlay
(self: super: {
deploy-rs = {
inherit (nixpkgs.legacyPackages."${system}") deploy-rs;
lib = super.deploy-rs.lib;
nil
alejandra
statix
deadnix
];
};
checks = {
pre-commit-check = pre-commit-hooks.lib.${system}.run {
src = ./.;
hooks = {
alejandra.enable = true;
statix.enable = true;
deadnix.enable = true;
};
})
];
};
in
{
nixosConfigurations."ceres" = mkNixOSSystem "ceres" "x86_64-linux";
nixosConfigurations."wsl2" = mkNixOSSystem "wsl2" "x86_64-linux";
homeConfigurations."tudor" = mkNonNixOSEnvironment "tudor" "tudor" "x86_64-linux";
homeConfigurations."tudor@pepper-penguin" = mkNonNixOSEnvironment "tudor@pepper-penguin" "tudor" "x86_64-linux";
packages.x86_64-linux."tudor" = self.homeConfigurations."tudor".activationPackage;
packages.x86_64-linux."tudor@pepper-penguin" = self.homeConfigurations."tudor@pepper-penguin".activationPackage;
} // {
checks = (builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib);
deploy.nodes."ceres" = {
hostname = "ceres.lamb-monitor.ts.net";
profiles.system = {
sshUser = "root";
path = (mkDeployPkgs "x86_64-linux").deploy-rs.lib.activate.nixos self.nixosConfigurations."ceres";
};
};
};
} // utils.lib.eachDefaultSystem (system: let
deployPkgs = let
pkgs = import nixpkgs { inherit system; };
in import nixpkgs {
inherit system;
overlays = [
deploy-rs.overlay
(final: prev: {
deploy-rs = { inherit (pkgs) deploy-rs; lib = prev.deploy-rs.lib; };
})
];
};
pkgs = mkPkgs nixpkgs system;
in {
apps.deploy-rs = {
type = "app";
program = "${deployPkgs.deploy-rs.deploy-rs}/bin/deploy";
};
packages.default = pkgs.nix;
packages.home-manager = pkgs.home-manager;
packages.nixos-rebuild = pkgs.nixos-rebuild;
packages.agenix = pkgs.agenix;
devShells.default = pkgs.mkShell {
buildInputs = with pkgs; [
nix
home-manager
nixos-rebuild
agenix
deployPkgs.deploy-rs.deploy-rs
nil
];
};