diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..0f94eed --- /dev/null +++ b/.envrc @@ -0,0 +1,2 @@ +# shellcheck shell=bash +use flake diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..76570c1 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +result +.direnv/ \ No newline at end of file diff --git a/README.md b/README.md deleted file mode 100644 index 191ec47..0000000 --- a/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# amarth - diff --git a/clan.nix b/clan.nix new file mode 100644 index 0000000..35b1890 --- /dev/null +++ b/clan.nix @@ -0,0 +1,57 @@ +{ + # Ensure this is unique among all clans you want to use. + meta.name = "__CHANGE_ME__"; + + inventory.machines = { + # Define machines here. + # jon = { }; + }; + + # Docs: See https://docs.clan.lol/reference/clanServices + inventory.instances = { + + # Docs: https://docs.clan.lol/reference/clanServices/admin/ + # Admin service for managing machines + # This service adds a root password and SSH access. + admin = { + roles.default.tags.all = { }; + roles.default.settings.allowedKeys = { + # Insert the public key that you want to use for SSH access. + # All keys will have ssh access to all machines ("tags.all" means 'all machines'). + # Alternatively set 'users.users.root.openssh.authorizedKeys.keys' in each machine + "admin-machine-1" = "__YOUR_PUBLIC_KEY__"; + }; + }; + + # Docs: https://docs.clan.lol/reference/clanServices/zerotier/ + # The lines below will define a zerotier network and add all machines as 'peer' to it. + # !!! Manual steps required: + # - Define a controller machine for the zerotier network. + # - Deploy the controller machine first to initilize the network. + zerotier = { + # Replace with the name (string) of your machine that you will use as zerotier-controller + # See: https://docs.zerotier.com/controller/ + # Deploy this machine first to create the network secrets + roles.controller.machines."__YOUR_CONTROLLER__" = { }; + # Peers of the network + # tags.all means 'all machines' will joined + roles.peer.tags.all = { }; + }; + + # Docs: https://docs.clan.lol/reference/clanServices/tor/ + # Tor network provides secure, anonymous connections to your machines + # All machines will be accessible via Tor as a fallback connection method + tor = { + roles.server.tags.nixos = { }; + }; + }; + + # Additional NixOS configuration can be added here. + # machines/jon/configuration.nix will be automatically imported. + # See: https://docs.clan.lol/guides/more-machines/#automatic-registration + machines = { + # jon = { config, ... }: { + # environment.systemPackages = [ pkgs.asciinema ]; + # }; + }; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..acbceee --- /dev/null +++ b/flake.lock @@ -0,0 +1,228 @@ +{ + "nodes": { + "clan-core": { + "inputs": { + "data-mesher": "data-mesher", + "disko": "disko", + "flake-parts": "flake-parts", + "nix-darwin": "nix-darwin", + "nix-select": "nix-select", + "nixos-facter-modules": "nixos-facter-modules", + "nixpkgs": "nixpkgs", + "sops-nix": "sops-nix", + "systems": "systems", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1756806573, + "narHash": "sha256-NHpnZrZ2bploGlGEUEvTvhDZRpI1yjFj72SSTmw56GI=", + "rev": "f97e22e125143e8e58325aa614aee59ed868296b", + "type": "tarball", + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/f97e22e125143e8e58325aa614aee59ed868296b.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.clan.lol/clan/clan-core/archive/main.tar.gz" + } + }, + "data-mesher": { + "inputs": { + "flake-parts": [ + "clan-core", + "flake-parts" + ], + "nixpkgs": [ + "clan-core", + "nixpkgs" + ], + "treefmt-nix": [ + "clan-core", + "treefmt-nix" + ] + }, + "locked": { + "lastModified": 1756695982, + "narHash": "sha256-dyLhOSDzxZtRgi5aj/OuaZJUsuvo+8sZ9CU/qieZ15c=", + "rev": "cc8f26e7e6c2dc985526ba59b286ae5a83168cdb", + "type": "tarball", + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/cc8f26e7e6c2dc985526ba59b286ae5a83168cdb.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.clan.lol/clan/data-mesher/archive/main.tar.gz" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "clan-core", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756733629, + "narHash": "sha256-dwWGlDhcO5SMIvMSTB4mjQ5Pvo2vtxvpIknhVnSz2I8=", + "owner": "nix-community", + "repo": "disko", + "rev": "a5c4f2ab72e3d1ab43e3e65aa421c6f2bd2e12a1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "clan-core", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "clan-core", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1755825449, + "narHash": "sha256-XkiN4NM9Xdy59h69Pc+Vg4PxkSm9EWl6u7k6D5FZ5cM=", + "owner": "nix-darwin", + "repo": "nix-darwin", + "rev": "8df64f819698c1fee0c2969696f54a843b2231e8", + "type": "github" + }, + "original": { + "owner": "nix-darwin", + "repo": "nix-darwin", + "type": "github" + } + }, + "nix-select": { + "locked": { + "lastModified": 1755887746, + "narHash": "sha256-lzWbpHKX0WAn/jJDoCijIDss3rqYIPawe46GDaE6U3g=", + "rev": "92c2574c5e113281591be01e89bb9ddb31d19156", + "type": "tarball", + "url": "https://git.clan.lol/api/v1/repos/clan/nix-select/archive/92c2574c5e113281591be01e89bb9ddb31d19156.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.clan.lol/clan/nix-select/archive/main.tar.gz" + } + }, + "nixos-facter-modules": { + "locked": { + "lastModified": 1756491981, + "narHash": "sha256-lXyDAWPw/UngVtQfgQ8/nrubs2r+waGEYIba5UX62+k=", + "owner": "nix-community", + "repo": "nixos-facter-modules", + "rev": "c1b29520945d3e148cd96618c8a0d1f850965d8c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-facter-modules", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 315532800, + "narHash": "sha256-h8Sx4S+/0FpodZji6W9lHzwY5BcuUG85Aj3GfhvGC2o=", + "rev": "a650b5d0de99158323597f048667c4d914243224", + "type": "tarball", + "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.11pre845298.a650b5d0de99/nixexprs.tar.xz" + }, + "original": { + "type": "tarball", + "url": "https://nixos.org/channels/nixpkgs-unstable/nixexprs.tar.xz" + } + }, + "root": { + "inputs": { + "clan-core": "clan-core", + "nixpkgs": [ + "clan-core", + "nixpkgs" + ] + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "clan-core", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754988908, + "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "clan-core", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756662192, + "narHash": "sha256-F1oFfV51AE259I85av+MAia221XwMHCOtZCMcZLK2Jk=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "1aabc6c05ccbcbf4a635fb7a90400e44282f61c4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..340c1b7 --- /dev/null +++ b/flake.nix @@ -0,0 +1,39 @@ +{ + inputs.clan-core.url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"; + inputs.nixpkgs.follows = "clan-core/nixpkgs"; + + outputs = + { + self, + clan-core, + nixpkgs, + ... + }@inputs: + let + # Usage see: https://docs.clan.lol + clan = clan-core.lib.clan { + inherit self; + imports = [ ./clan.nix ]; + specialArgs = { inherit inputs; }; + }; + in + { + inherit (clan.config) nixosConfigurations nixosModules clanInternals; + clan = clan.config; + # Add the Clan cli tool to the dev shell. + # Use "nix develop" to enter the dev shell. + devShells = + nixpkgs.lib.genAttrs + [ + "x86_64-linux" + "aarch64-linux" + "aarch64-darwin" + "x86_64-darwin" + ] + (system: { + default = clan-core.inputs.nixpkgs.legacyPackages.${system}.mkShell { + packages = [ clan-core.packages.${system}.clan-cli ]; + }; + }); + }; +} diff --git a/modules/gnome.nix b/modules/gnome.nix new file mode 100644 index 0000000..d36b852 --- /dev/null +++ b/modules/gnome.nix @@ -0,0 +1,15 @@ +{ ... }: +{ + # Can be imported into machines to enable GNOME and GDM. + # + # Copy this into a machine's configuration: + # `machines//configuration.nix` + # ```nix + # imports = [ + # ../../modules/gnome.nix + # ]; + # ``` + + services.displayManager.gdm.enable = true; + services.desktopManager.gnome.enable = true; +} diff --git a/sops/users/nixos/key.json b/sops/users/nixos/key.json new file mode 100644 index 0000000..afee838 --- /dev/null +++ b/sops/users/nixos/key.json @@ -0,0 +1,6 @@ +[ + { + "publickey": "age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x", + "type": "age" + } +] \ No newline at end of file