chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

initial migration

Browse source
This commit is contained in:
Chris Kruining 2026-03-24 14:09:46 +00:00
parent 01fb98ba10
commit 59a1fbaf0f
54 changed files with 522 additions and 613 deletions
Download patch file Download diff file Expand all files Collapse all files

20
.just/machine.just
View file

@ -1,20 +0,0 @@
@_default: list
[doc('List machines')]
@list:
ls -1 ../systems/x86_64-linux/
[doc('Update target machine')]
[no-exit-message]
@update machine:
echo "Checking vars"
cd .. && just vars _check {{ machine }}
echo ""
just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | sed ':a;N;$!ba;s/\n/, /g')"
nixos-rebuild switch -L --sudo --target-host {{ machine }} --flake ..#{{ machine }} --log-format internal-json -v |& nom --json
[doc('Check if target machine builds')]
[no-exit-message]
@check machine:
just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | sed ':a;N;$!ba;s/\n/, /g')"
nix build ..#nixosConfigurations.{{ machine }}.config.system.build.toplevel

101
.just/users.just
View file

@ -1,101 +0,0 @@
set unstable := true
set quiet := true
_default:
just --list users
[doc('List available users')]
[script]
list:
cd .. && just vars get ulmo zitadel/users | jq -r -C '
import ".jq/table" as table;
import ".jq/format" as f;
fromjson
| to_entries
| sort_by(.key)
| map(
(.key|f::to_title) + ":\n"
+ table::create(
.value
| to_entries
| sort_by(.key)
| map({username:.key} + .value)
)
)
| join("\n\n┄┄┄\n\n")
';
[doc('Add a new user')]
[script]
add:
exec 5>&1
pad () { [ "$#" -gt 1 ] && [ -n "$2" ] && printf "%$2.${2#-}s" "$1"; }
input() {
local label=$1
local value=$2
local res=$(gum input --header "$label" --value "$value")
echo -e "\e[2m$(pad "$label" -11)\e[0m$res" >&5
echo $res
}
data=`cd .. && just vars get ulmo zitadel/users | jq 'fromjson'`
# Gather inputs
org=`
jq -r 'to_entries | map(.key)[]' <<< "$data" \
| gum choose --header 'Which organisation to save to?' --select-if-one
`
username=`input 'user name' ''`
email=`input 'email' ''`
first_name=`input 'first name' ''`
last_name=`input 'last name' ''`
user_exists=`jq --arg 'org' "$org" --arg 'username' "$username" '.[$org][$username]? | . != null' <<< "$data"`
if [ "$user_exists" == "true" ]; then
gum confirm 'User already exists, overwrite it?' --padding="1 1" || exit 0
fi
next=`
jq \
--arg 'org' "$org" \
--arg 'username' "$username" \
--arg 'email' "$email" \
--arg 'first_name' "$first_name" \
--arg 'last_name' "$last_name" \
--compact-output \
'.[$org] += { $username: { email: $email, firstName: $first_name, lastName: $last_name } }' \
<<< $data
`
gum spin --title "saving..." -- echo "$(cd .. && just vars set ulmo 'zitadel/users' "$next")"
[doc('Remove a new user')]
[script]
remove:
data=`cd .. && just vars get ulmo zitadel/users | jq fromjson`
# Gather inputs
org=`
jq -r 'to_entries | map(.key)[]' <<< "$data" \
| gum choose --header 'Which organisation?' --select-if-one
`
user=`
jq -r --arg org "$org" '.[$org] | to_entries | map(.key)[]' <<< "$data" \
| gum choose --header 'Which user?' --select-if-one
`
next=`
jq \
--arg 'org' "$org" \
--arg 'user' "$user" \
--compact-output \
'del(.[$org][$user])' \
<<< $data
`
gum spin --title "saving..." -- echo "$(cd .. && just vars set ulmo 'zitadel/users' "$next")"

27
.just/vars.just
View file

@ -1,38 +1,39 @@
set unstable := true set unstable := true
set quiet := true set quiet := true
base_path := justfile_directory() + "/systems/x86_64-linux" machine_base_path := justfile_directory() + "/../machines"
secret_base_path := justfile_directory() + "/../systems/x86_64-linux"
_default: _default:
just --list vars just --list vars
[doc('List all vars of {machine}')] [doc('List all vars of {machine}')]
list machine: list machine:
sops decrypt {{ base_path }}/{{ machine }}/secrets.yml sops decrypt {{ secret_base_path }}/{{ machine }}/secrets.yml
[doc('Edit all vars of {machine} in your editor')] [doc('Edit all vars of {machine} in your editor')]
edit machine: edit machine:
sops edit {{ base_path }}/{{ machine }}/secrets.yml sops edit {{ secret_base_path }}/{{ machine }}/secrets.yml
[doc('Set var {value} by {key} for {machine}')] [doc('Set var {value} by {key} for {machine}')]
@set machine key value: @set machine key value:
sops set {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" "\"$(echo '{{ value }}' | sed 's/\"/\\\"/g')\"" sops set {{ secret_base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" "\"$(echo '{{ value }}' | sed 's/\"/\\\"/g')\""
git add {{ base_path }}/{{ machine }}/secrets.yml git add {{ secret_base_path }}/{{ machine }}/secrets.yml
git commit -m 'chore(secrets): set secret "{{ key }}" for machine "{{ machine }}"' -- {{ base_path }}/{{ machine }}/secrets.yml > /dev/null git commit -m 'chore(secrets): set secret "{{ key }}" for machine "{{ machine }}"' -- {{ secret_base_path }}/{{ machine }}/secrets.yml > /dev/null
echo "Done" echo "Done"
[doc('Get var by {key} from {machine}')] [doc('Get var by {key} from {machine}')]
get machine key: get machine key:
sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g') // \"\"" sops decrypt {{ secret_base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g') // \"\""
[doc('Remove var by {key} for {machine}')] [doc('Remove var by {key} for {machine}')]
remove machine key: remove machine key:
sops unset {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" sops unset {{ secret_base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')"
git add {{ base_path }}/{{ machine }}/secrets.yml git add {{ secret_base_path }}/{{ machine }}/secrets.yml
git commit -m 'chore(secrets): removed secret "{{ key }}" from machine "{{ machine }}"' -- {{ base_path }}/{{ machine }}/secrets.yml > /dev/null git commit -m 'chore(secrets): removed secret "{{ key }}" from machine "{{ machine }}"' -- {{ secret_base_path }}/{{ machine }}/secrets.yml > /dev/null
echo "Done" echo "Done"
@ -59,7 +60,7 @@ _rotate machine key:
check: check:
cd .. cd ..
for machine in $(ls {{ base_path }}); do for machine in $(ls {{ machine_base_path }}); do
just vars _check "$machine" just vars _check "$machine"
done done
@ -70,14 +71,14 @@ _check machine:
# we can skip this folder as we are # we can skip this folder as we are
# missing the files used to compare # missing the files used to compare
# the defined vs the configured secrets # the defined vs the configured secrets
if [ ! -f "{{ base_path }}/{{ machine }}/default.nix" ]; then if [ ! -f "{{ machine_base_path }}/{{ machine }}/default.nix" ]; then
printf "\r• %-8sskipped\n" "{{ machine }}" printf "\r• %-8sskipped\n" "{{ machine }}"
exit 0 exit 0
fi fi
exec 3< <(jq -nr \ exec 3< <(jq -nr \
--rawfile defined <(nix eval --json ..#nixosConfigurations.{{ machine }}.config.sops.secrets 2>/dev/null) \ --rawfile defined <(nix eval --json ..#nixosConfigurations.{{ machine }}.config.sops.secrets 2>/dev/null) \
--rawfile configured <([ -f "{{ base_path }}/{{ machine }}/secrets.yml" ] && sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq '.' || echo "{}") \ --rawfile configured <([ -f "{{ secret_base_path }}/{{ machine }}/secrets.yml" ] && sops decrypt {{ secret_base_path }}/{{ machine }}/secrets.yml | yq '.' || echo "{}") \
' '
[ $configured | fromjson | paths(scalars) | join("/") ] as $conf [ $configured | fromjson | paths(scalars) | join("/") ] as $conf
| $defined | $defined

31
.justfile
View file

@ -3,34 +3,3 @@
[doc('Manage vars')] [doc('Manage vars')]
mod vars '.just/vars.just' mod vars '.just/vars.just'
[doc('Manage users')]
mod users '.just/users.just'
[doc('Manage machines')]
mod machine '.just/machine.just'
[doc('Show information about project')]
@show:
echo "show"
[doc('update the flake dependencies')]
@update:
nix flake update
git commit -m 'chore: update dependencies' -- ./flake.lock > /dev/null
echo "Done"
[doc('Introspection on flake output')]
@select key:
nix eval --show-trace --json .#{{ key }} | jq .
#===============================================================================================
# Utils
#===============================================================================================
[no-exit-message]
[no-cd]
[private]
@assert condition message:
[ {{ condition }} ] || { echo -e 1>&2 "\n\x1b[1;41m Error \x1b[0m {{ message }}\n"; exit 1; }

101
clan.nix Normal file
View file

@ -0,0 +1,101 @@
{
sharedSpecialArgs,
mkMachineModuleList,
}: {
meta = {
name = "arda";
domain = "arda";
description = "My personal machines at home";
};
directory = ./.;
inventory.machines = {
aule = {
name = "aule";
description = "Planned build server.";
machineClass = "nixos";
tags = ["planned" "build"];
};
mandos = {
name = "mandos";
description = "Living room Steam box.";
machineClass = "nixos";
tags = ["gaming" "living-room"];
};
manwe = {
name = "manwe";
description = "Main desktop.";
machineClass = "nixos";
tags = ["desktop"];
};
melkor = {
name = "melkor";
description = "Planned machine with no defined role yet.";
machineClass = "nixos";
tags = [];
};
orome = {
name = "orome";
description = "Work laptop.";
machineClass = "nixos";
tags = ["laptop" "work"];
};
tulkas = {
name = "tulkas";
description = "Steam Deck.";
machineClass = "nixos";
tags = ["gaming" "handheld"];
};
ulmo = {
name = "ulmo";
description = "Primary self-hosted services machine.";
machineClass = "nixos";
tags = ["server" "services"];
};
varda = {
name = "varda";
description = "Planned machine with no defined role yet.";
machineClass = "nixos";
tags = [];
};
yavanna = {
name = "yavanna";
description = "Planned machine with no defined role yet.";
machineClass = "nixos";
tags = [];
};
};
machines = {
mandos = {
_module.args = sharedSpecialArgs;
imports = mkMachineModuleList "mandos";
nixpkgs.hostPlatform = "x86_64-linux";
};
manwe = {
_module.args = sharedSpecialArgs;
imports = mkMachineModuleList "manwe";
nixpkgs.hostPlatform = "x86_64-linux";
};
orome = {
_module.args = sharedSpecialArgs;
imports = mkMachineModuleList "orome";
nixpkgs.hostPlatform = "x86_64-linux";
};
tulkas = {
_module.args = sharedSpecialArgs;
imports = mkMachineModuleList "tulkas";
nixpkgs.hostPlatform = "x86_64-linux";
};
ulmo = {
_module.args = sharedSpecialArgs;
imports = mkMachineModuleList "ulmo";
nixpkgs.hostPlatform = "x86_64-linux";
};
};
}

351
flake.lock generated
View file

@ -72,12 +72,12 @@
"inputs": { "inputs": {
"data-mesher": "data-mesher", "data-mesher": "data-mesher",
"disko": "disko", "disko": "disko",
"flake-parts": "flake-parts", "flake-parts": [
"flake-parts"
],
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
"nix-select": "nix-select", "nix-select": "nix-select",
"nixpkgs": [ "nixpkgs": "nixpkgs",
"nixpkgs"
],
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"systems": "systems", "systems": "systems",
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
@ -160,7 +160,7 @@
"erosanix": { "erosanix": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1773767380, "lastModified": 1773767380,
@ -197,26 +197,6 @@
"type": "github" "type": "github"
} }
}, },
"firefox": {
"inputs": {
"flake-compat": "flake-compat_2",
"lib-aggregate": "lib-aggregate",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1774141843,
"narHash": "sha256-gpjHyyfLvBLZQiWumOxsfsOxt6KTjNhUOXk+m9ISBHc=",
"owner": "nix-community",
"repo": "flake-firefox-nightly",
"rev": "3a1fcd6a4dbd617ad2014dd03aa68cdd885d5322",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-firefox-nightly",
"type": "github"
}
},
"firefox-gnome-theme": { "firefox-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -250,21 +230,6 @@
} }
}, },
"flake-compat_2": { "flake-compat_2": {
"locked": {
"lastModified": 1761640442,
"narHash": "sha256-AtrEP6Jmdvrqiv4x2xa5mrtaIp3OEe8uBYCDZDS+hu8=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "4a56054d8ffc173222d09dad23adf4ba946c8884",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1747046372, "lastModified": 1747046372,
@ -280,7 +245,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_4": { "flake-compat_3": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1751685974, "lastModified": 1751685974,
@ -296,22 +261,6 @@
"url": "https://git.lix.systems/lix-project/flake-compat.git" "url": "https://git.lix.systems/lix-project/flake-compat.git"
} }
}, },
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
@ -417,61 +366,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils_2"
},
"locked": {
"lastModified": 1715533576,
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flux": { "flux": {
"inputs": { "inputs": {
"mcman": "mcman", "mcman": "mcman",
@ -626,25 +520,6 @@
"type": "github" "type": "github"
} }
}, },
"lib-aggregate": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1773579712,
"narHash": "sha256-cvxFTYuOvvmpLJz5nB8iREmMGsDksY6gmZFf74UKD1Q=",
"owner": "nix-community",
"repo": "lib-aggregate",
"rev": "c23c52797845b8e4f273ddb5ccdf8622b5d98284",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "lib-aggregate",
"type": "github"
}
},
"mcman": { "mcman": {
"inputs": { "inputs": {
"crane": "crane", "crane": "crane",
@ -765,9 +640,9 @@
}, },
"nix-minecraft": { "nix-minecraft": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_2",
"nixpkgs": "nixpkgs_7", "nixpkgs": "nixpkgs_7",
"systems": "systems_3" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1774060651, "lastModified": 1774060651,
@ -796,78 +671,6 @@
"url": "https://git.clan.lol/clan/nix-select/archive/main.tar.gz" "url": "https://git.clan.lol/clan/nix-select/archive/main.tar.gz"
} }
}, },
"nixlib": {
"locked": {
"lastModified": 1736643958,
"narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-boot": {
"locked": {
"lastModified": 1722927293,
"narHash": "sha256-8oCsiFyAuidAdhSz60Lu8+TwCPHxaeWixyv0xT0mLt4=",
"owner": "Melkor333",
"repo": "nixos-boot",
"rev": "afaed735149d0a06f234e54dd2d9db2e18dc64ae",
"type": "github"
},
"original": {
"owner": "Melkor333",
"repo": "nixos-boot",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1769813415,
"narHash": "sha256-nnVmNNKBi1YiBNPhKclNYDORoHkuKipoz7EtVnXO50A=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "8946737ff703382fda7623b9fab071d037e897d5",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixos-wsl": {
"inputs": {
"flake-compat": [],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1773882647,
"narHash": "sha256-VzcOcE0LLpEnyoxLuMuptZ9ZWCkSBn99bTgEQoz5Viw=",
"owner": "nix-community",
"repo": "nixos-wsl",
"rev": "fd0eae98d1ecee31024271f8d64676250a386ee7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-wsl",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1772380631, "lastModified": 1772380631,
@ -884,38 +687,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib": {
"locked": {
"lastModified": 1773538553,
"narHash": "sha256-hohiyWALn8cXqk3FPnE3UADy03lRMaTV5iRzKCU86zM=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "a5ed666a3c206de0019b4c9dafc3a51f352bc7e3",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs_10": { "nixpkgs_10": {
"locked": {
"lastModified": 1773840656,
"narHash": "sha256-9tpvMGFteZnd3gRQZFlRCohVpqooygFuy9yjuyRL2C0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9cf7092bdd603554bd8b63c216e8943cf9b12512",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_11": {
"locked": { "locked": {
"lastModified": 1767767207, "lastModified": 1767767207,
"narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=",
@ -933,16 +705,16 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1774106199, "lastModified": 1772380631,
"narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", "narHash": "sha256-FhW0uxeXjefINP0vUD4yRBB52Us7fXZPk9RiPAopfiY=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655", "rev": "6d3b61b190a899042ce82a5355111976ba76d698",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "NixOS",
"ref": "nixos-unstable-small", "ref": "master",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -1028,11 +800,11 @@
}, },
"nixpkgs_8": { "nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1774106199, "lastModified": 1771008912,
"narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655", "rev": "a82ccc39b39b621151d6732718e3e250109076fa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1044,16 +816,16 @@
}, },
"nixpkgs_9": { "nixpkgs_9": {
"locked": { "locked": {
"lastModified": 1771008912, "lastModified": 1774273680,
"narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=", "narHash": "sha256-a++tZ1RQsDb1I0NHrFwdGuRlR5TORvCEUksM459wKUA=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a82ccc39b39b621151d6732718e3e250109076fa", "rev": "fdc7b8f7b30fdbedec91b71ed82f36e1637483ed",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "NixOS",
"ref": "nixos-unstable", "ref": "nixpkgs-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -1085,12 +857,12 @@
}, },
"nvf": { "nvf": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_3",
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts_3",
"mnw": "mnw", "mnw": "mnw",
"ndg": "ndg", "ndg": "ndg",
"nixpkgs": "nixpkgs_9", "nixpkgs": "nixpkgs_8",
"systems": "systems_4" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1774224548, "lastModified": 1774224548,
@ -1134,7 +906,7 @@
"clan-core": "clan-core", "clan-core": "clan-core",
"erosanix": "erosanix", "erosanix": "erosanix",
"fenix": "fenix", "fenix": "fenix",
"firefox": "firefox", "flake-parts": "flake-parts",
"flux": "flux", "flux": "flux",
"grub2-themes": "grub2-themes", "grub2-themes": "grub2-themes",
"himmelblau": "himmelblau", "himmelblau": "himmelblau",
@ -1142,13 +914,12 @@
"jovian": "jovian", "jovian": "jovian",
"mydia": "mydia", "mydia": "mydia",
"nix-minecraft": "nix-minecraft", "nix-minecraft": "nix-minecraft",
"nixos-boot": "nixos-boot", "nixpkgs": [
"nixos-generators": "nixos-generators", "clan-core",
"nixos-wsl": "nixos-wsl", "nixpkgs"
"nixpkgs": "nixpkgs_8", ],
"nvf": "nvf", "nvf": "nvf",
"plasma-manager": "plasma-manager", "plasma-manager": "plasma-manager",
"snowfall-lib": "snowfall-lib",
"sops-nix": "sops-nix_2", "sops-nix": "sops-nix_2",
"stylix": "stylix", "stylix": "stylix",
"terranix": "terranix", "terranix": "terranix",
@ -1172,28 +943,6 @@
"type": "github" "type": "github"
} }
}, },
"snowfall-lib": {
"inputs": {
"flake-compat": "flake-compat_5",
"flake-utils-plus": "flake-utils-plus",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1765361626,
"narHash": "sha256-kX0Dp/kYSRbQ+yd9e3lmmUWdNbipufvKfL2IzbrSpnY=",
"owner": "snowfallorg",
"repo": "lib",
"rev": "c566ad8b7352c30ec3763435de7c8f1c46ebb357",
"type": "github"
},
"original": {
"owner": "snowfallorg",
"repo": "lib",
"type": "github"
}
},
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -1217,7 +966,7 @@
}, },
"sops-nix_2": { "sops-nix_2": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_10" "nixpkgs": "nixpkgs_9"
}, },
"locked": { "locked": {
"lastModified": 1774154798, "lastModified": 1774154798,
@ -1242,9 +991,9 @@
"firefox-gnome-theme": "firefox-gnome-theme", "firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": "flake-parts_4", "flake-parts": "flake-parts_4",
"gnome-shell": "gnome-shell", "gnome-shell": "gnome-shell",
"nixpkgs": "nixpkgs_11", "nixpkgs": "nixpkgs_10",
"nur": "nur", "nur": "nur",
"systems": "systems_6", "systems": "systems_4",
"tinted-foot": "tinted-foot", "tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty", "tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes", "tinted-schemes": "tinted-schemes",
@ -1340,43 +1089,13 @@
"type": "github" "type": "github"
} }
}, },
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_7": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"terranix": { "terranix": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_5", "flake-parts": "flake-parts_5",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"systems": "systems_7" "systems": "systems_5"
}, },
"locked": { "locked": {
"lastModified": 1773700838, "lastModified": 1773700838,

333
flake.nix
View file

@ -2,13 +2,18 @@
description = "Nixos config flake"; description = "Nixos config flake";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; flake-parts = {
url = "github:hercules-ci/flake-parts";
snowfall-lib = { inputs.nixpkgs-lib.follows = "clan-core/nixpkgs";
url = "github:snowfallorg/lib";
inputs.nixpkgs.follows = "nixpkgs";
}; };
clan-core = {
url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz";
inputs.flake-parts.follows = "flake-parts";
};
nixpkgs.follows = "clan-core/nixpkgs";
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -20,18 +25,20 @@
inputs.home-manager.follows = "home-manager"; inputs.home-manager.follows = "home-manager";
}; };
nixos-generators = { # Legacy ISO flow removed in favor of Clan install workflows.
url = "github:nix-community/nixos-generators"; # nixos-generators = {
inputs.nixpkgs.follows = "nixpkgs"; # url = "github:nix-community/nixos-generators";
}; # inputs.nixpkgs.follows = "nixpkgs";
# };
# neovim # neovim
nvf.url = "github:notashelf/nvf"; nvf.url = "github:notashelf/nvf";
# plymouth theme # Unused input retained as a comment for easy recovery.
nixos-boot.url = "github:Melkor333/nixos-boot"; # nixos-boot.url = "github:Melkor333/nixos-boot";
firefox.url = "github:nix-community/flake-firefox-nightly"; # Unused input retained as a comment for easy recovery.
# firefox.url = "github:nix-community/flake-firefox-nightly";
stylix.url = "github:nix-community/stylix"; stylix.url = "github:nix-community/stylix";
@ -71,45 +78,44 @@
url = "github:vinceliuice/grub2-themes"; url = "github:vinceliuice/grub2-themes";
}; };
nixos-wsl = { # Unused input retained as a comment for easy recovery.
url = "github:nix-community/nixos-wsl"; # nixos-wsl = {
inputs = { # url = "github:nix-community/nixos-wsl";
nixpkgs.follows = "nixpkgs"; # inputs = {
flake-compat.follows = ""; # nixpkgs.follows = "nixpkgs";
}; # flake-compat.follows = "";
}; # };
# };
terranix = { terranix = {
url = "github:terranix/terranix"; url = "github:terranix/terranix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
clan-core = {
url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
mydia = { mydia = {
url = "github:chris-kruining/mydia"; url = "github:chris-kruining/mydia";
# url = "github:getmydia/mydia"; # url = "github:getmydia/mydia";
}; };
}; };
outputs = inputs: outputs = inputs @ {
inputs.snowfall-lib.mkFlake { flake-parts,
inherit inputs; home-manager,
src = ./.; nixpkgs,
...
}: let
inherit (nixpkgs) lib;
snowfall = {
namespace = "sneeuwvlok"; namespace = "sneeuwvlok";
meta = { supportedSystems = [
name = "sneeuwvlok"; "x86_64-linux"
title = "Sneeuwvlok"; "aarch64-linux"
}; "x86_64-darwin"
}; "aarch64-darwin"
];
channels-config = { channelConfig = {
allowUnfree = true; allowUnfree = true;
permittedInsecurePackages = [ permittedInsecurePackages = [
# Due to *arr stack # Due to *arr stack
@ -124,19 +130,260 @@
]; ];
}; };
overlays = with inputs; [ packageDefs = {
studio = {
path = ./packages/studio/default.nix;
extra = {
erosanixLib = inputs.erosanix.lib;
};
systems = ["x86_64-linux"];
};
vaultwarden = {
path = ./packages/vaultwarden/default.nix;
extra = {};
systems = supportedSystems;
};
};
mkPackageOverlay = name: def: final: prev:
lib.optionalAttrs (lib.elem final.stdenv.hostPlatform.system def.systems) {
${name} = final.callPackage def.path def.extra;
};
packageOverlays = {
"package/studio" = mkPackageOverlay "studio" packageDefs.studio;
"package/vaultwarden" = mkPackageOverlay "vaultwarden" packageDefs.vaultwarden;
};
systemOverlays = with inputs; [
fenix.overlays.default fenix.overlays.default
nix-minecraft.overlay nix-minecraft.overlay
flux.overlays.default flux.overlays.default
]; ];
systems.modules = with inputs; [ mkPkgs = system:
clan-core.nixosModules.default import nixpkgs {
]; inherit system;
overlays = systemOverlays;
config = channelConfig;
};
homes.modules = with inputs; [ collectModules = root: let
stylix.homeModules.stylix recurse = prefix: dir: let
plasma-manager.homeModules.plasma-manager entries = builtins.readDir dir;
]; selfModule =
if builtins.pathExists (dir + "/default.nix")
then {
"${if prefix == "" then "__root" else prefix}" = dir;
}
else {};
in
lib.foldl' (acc: name: let
kind = entries.${name};
path = dir + "/${name}";
rel = if prefix == "" then name else "${prefix}/${name}";
children =
if kind == "directory"
then recurse rel path
else {};
current =
if kind == "directory" && builtins.pathExists (path + "/default.nix")
then {"${rel}" = path;}
else {};
in
acc // children // current) selfModule (builtins.attrNames entries);
in
recurse "" root;
nixosModules = collectModules ./modules/nixos;
homeModules = collectModules ./modules/home;
homeEntries = {
"chris@mandos" = {
machine = "mandos";
user = "chris";
path = ./homes/x86_64-linux + "/chris@mandos";
};
"chris@manwe" = {
machine = "manwe";
user = "chris";
path = ./homes/x86_64-linux + "/chris@manwe";
};
"chris@orome" = {
machine = "orome";
user = "chris";
path = ./homes/x86_64-linux + "/chris@orome";
};
"chris@tulkas" = {
machine = "tulkas";
user = "chris";
path = ./homes/x86_64-linux + "/chris@tulkas";
};
};
sneeuwvlokLib =
(import ./lib/options {inherit lib;})
// (import ./lib/strings {inherit lib;});
machineConfigPaths = builtins.listToAttrs (map (name: lib.nameValuePair name (./machines + "/${name}/configuration.nix")) [
"aule"
"mandos"
"manwe"
"melkor"
"orome"
"tulkas"
"ulmo"
"varda"
"yavanna"
]);
machineHomeModules = lib.mapAttrs' (_: spec: lib.nameValuePair spec.machine [{
users.users.${spec.user} = {
isNormalUser = lib.mkDefault true;
};
home-manager.users.${spec.user} = import spec.path;
}]) homeEntries;
sharedSpecialArgs = {
inherit namespace;
erosanixLib = inputs.erosanix.lib;
repoRoot = ./.;
inherit sneeuwvlokLib;
terranixLib = inputs.terranix.lib;
system = "x86_64-linux";
};
homeSharedModules =
[
inputs.stylix.homeModules.stylix
inputs.plasma-manager.homeModules.plasma-manager
inputs.zen-browser.homeModules.default
]
++ builtins.attrValues homeModules;
baseNixosModules =
[
{ _module.args = sharedSpecialArgs; }
inputs.grub2-themes.nixosModules.default
inputs.home-manager.nixosModules.home-manager
inputs.himmelblau.nixosModules.himmelblau
inputs.jovian.nixosModules.default
inputs.mydia.nixosModules.default
inputs.nix-minecraft.nixosModules.minecraft-servers
inputs.nvf.nixosModules.default
inputs.sops-nix.nixosModules.sops
{
nixpkgs = {
config = channelConfig;
overlays = systemOverlays;
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = sharedSpecialArgs;
sharedModules = homeSharedModules;
};
}
]
++ builtins.attrValues nixosModules;
mkClanMachineModuleList = name:
baseNixosModules
++ (machineHomeModules.${name} or [])
++ [
{
networking.hostName = lib.mkDefault name;
}
];
mkMachineModuleList = name:
mkClanMachineModuleList name
++ [
machineConfigPaths.${name}
];
clanConfig = import ./clan.nix {
inherit sharedSpecialArgs;
mkMachineModuleList = mkClanMachineModuleList;
};
activeMachineNames = builtins.attrNames clanConfig.machines;
nixosConfigurations =
lib.genAttrs activeMachineNames (name:
lib.nixosSystem {
system = "x86_64-linux";
specialArgs = sharedSpecialArgs;
modules = mkMachineModuleList name;
});
homeConfigurations =
lib.mapAttrs (_: spec:
home-manager.lib.homeManagerConfiguration {
pkgs = mkPkgs "x86_64-linux";
extraSpecialArgs =
sharedSpecialArgs
// {
osConfig = nixosConfigurations.${spec.machine}.config;
};
modules =
homeSharedModules
++ [
{
home.username = spec.user;
home.homeDirectory = "/home/${spec.user}";
}
spec.path
];
})
homeEntries;
in
flake-parts.lib.mkFlake {inherit inputs;} {
systems = supportedSystems;
imports = [
inputs.clan-core.flakeModules.default
];
clan = clanConfig;
perSystem = {
system,
...
}: let
pkgs = mkPkgs system;
in {
_module.args.pkgs = pkgs;
packages = lib.filterAttrs (_: value: value != null) {
studio =
if lib.elem system packageDefs.studio.systems
then pkgs.callPackage packageDefs.studio.path packageDefs.studio.extra
else null;
vaultwarden =
if lib.elem system packageDefs.vaultwarden.systems
then pkgs.callPackage packageDefs.vaultwarden.path packageDefs.vaultwarden.extra
else null;
};
devShells.default = import ./shells/default/default.nix {
inherit inputs pkgs;
inherit (pkgs) mkShell stdenv;
};
};
flake = {
inherit homeConfigurations;
nixosConfigurations = lib.mkForce nixosConfigurations;
lib = sneeuwvlokLib;
overlays =
packageOverlays
// {
default = lib.composeManyExtensions (builtins.attrValues packageOverlays);
};
};
}; };
} }

0
systems/x86_64-linux/aule/README.md → machines/aule/README.md
View file

2
machines/aule/configuration.nix Normal file
View file

@ -0,0 +1,2 @@
{ ... }: {
}

0
systems/x86_64-linux/mandos/README.md → machines/mandos/README.md
View file

0
systems/x86_64-linux/mandos/default.nix → machines/mandos/configuration.nix
View file

3
machines/mandos/default.nix Normal file
View file

@ -0,0 +1,3 @@
{ ... }: {
imports = [ ./configuration.nix ];
}

0
systems/x86_64-linux/mandos/disks.nix → machines/mandos/disks.nix
View file

0
systems/x86_64-linux/mandos/hardware.nix → machines/mandos/hardware.nix
View file

0
systems/x86_64-linux/manwe/README.md → machines/manwe/README.md
View file

0
systems/x86_64-linux/manwe/default.nix → machines/manwe/configuration.nix
View file

3
machines/manwe/default.nix Normal file
View file

@ -0,0 +1,3 @@
{ ... }: {
imports = [ ./configuration.nix ];
}

0
systems/x86_64-linux/manwe/disks.nix → machines/manwe/disks.nix
View file

0
systems/x86_64-linux/manwe/hardware.nix → machines/manwe/hardware.nix
View file

0
systems/x86_64-linux/melkor/README.md → machines/melkor/README.md
View file

2
machines/melkor/configuration.nix Normal file
View file

@ -0,0 +1,2 @@
{ ... }: {
}

0
systems/x86_64-linux/orome/README.md → machines/orome/README.md
View file

2
systems/x86_64-linux/orome/default.nix → machines/orome/configuration.nix
View file

@ -15,7 +15,7 @@
audio = true; audio = true;
}; };
authentication.himmelblau.enable = true; services.authentication.himmelblau.enable = true;
application = { application = {
steam.enable = true; steam.enable = true;

3
machines/orome/default.nix Normal file
View file

@ -0,0 +1,3 @@
{ ... }: {
imports = [ ./configuration.nix ];
}

0
systems/x86_64-linux/orome/disks.nix → machines/orome/disks.nix
View file

0
systems/x86_64-linux/orome/hardware.nix → machines/orome/hardware.nix
View file

0
systems/x86_64-linux/tulkas/README.md → machines/tulkas/README.md
View file

0
systems/x86_64-linux/tulkas/default.nix → machines/tulkas/configuration.nix
View file

3
machines/tulkas/default.nix Normal file
View file

@ -0,0 +1,3 @@
{ ... }: {
imports = [ ./configuration.nix ];
}

0
systems/x86_64-linux/tulkas/disks.nix → machines/tulkas/disks.nix
View file

0
systems/x86_64-linux/tulkas/hardware.nix → machines/tulkas/hardware.nix
View file

0
systems/x86_64-linux/ulmo/default.nix → machines/ulmo/configuration.nix
View file

3
machines/ulmo/default.nix Normal file
View file

@ -0,0 +1,3 @@
{ ... }: {
imports = [ ./configuration.nix ];
}

0
systems/x86_64-linux/ulmo/disks.nix → machines/ulmo/disks.nix
View file

0
systems/x86_64-linux/ulmo/hardware.nix → machines/ulmo/hardware.nix
View file

0
systems/x86_64-linux/varda/README.md → machines/varda/README.md
View file

2
machines/varda/configuration.nix Normal file
View file

@ -0,0 +1,2 @@
{ ... }: {
}

0
systems/x86_64-linux/yavanna/README.md → machines/yavanna/README.md
View file

2
machines/yavanna/configuration.nix Normal file
View file

@ -0,0 +1,2 @@
{ ... }: {
}

7
modules/home/application/studio/default.nix
View file

@ -1,8 +1,11 @@
{ config, lib, pkgs, namespace, ... }: { config, lib, pkgs, namespace, repoRoot, erosanixLib, ... }:
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.application.studio; cfg = config.${namespace}.application.studio;
studioPackage = pkgs.callPackage (repoRoot + "/packages/studio/default.nix") {
inherit erosanixLib;
};
in in
{ {
options.${namespace}.application.studio = { options.${namespace}.application.studio = {
@ -10,6 +13,6 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs.${namespace}; [ studio ]; home.packages = [ studioPackage ];
}; };
} }

4
modules/home/application/thunderbird/default.nix
View file

@ -14,7 +14,7 @@ in
enable = true; enable = true;
package = pkgs.thunderbird-latest; package = pkgs.thunderbird-latest;
profiles.${config.snowfallorg.user.name} = { profiles.chris = {
isDefault = true; isDefault = true;
}; };
}; };
@ -30,7 +30,7 @@ in
}; };
thunderbird = { thunderbird = {
enable = true; enable = true;
profiles = [ config.snowfallorg.user.name ]; profiles = [ "chris" ];
}; };
}; };

6
modules/home/application/zen/default.nix
View file

@ -1,14 +1,10 @@
{ inputs, config, lib, pkgs, namespace, ... }: { config, lib, pkgs, namespace, ... }:
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.application.zen; cfg = config.${namespace}.application.zen;
in in
{ {
imports = [
inputs.zen-browser.homeModules.default
];
options.${namespace}.application.zen = { options.${namespace}.application.zen = {
enable = mkEnableOption "enable zen"; enable = mkEnableOption "enable zen";
}; };

5
modules/nixos/desktop/default.nix
View file

@ -2,7 +2,6 @@
lib, lib,
config, config,
namespace, namespace,
inputs,
... ...
}: let }: let
inherit (lib) mkIf mkOption mkEnableOption mkMerge; inherit (lib) mkIf mkOption mkEnableOption mkMerge;
@ -10,10 +9,6 @@
cfg = config.${namespace}.desktop; cfg = config.${namespace}.desktop;
in { in {
imports = [
inputs.grub2-themes.nixosModules.default
];
options.${namespace}.desktop = { options.${namespace}.desktop = {
use = mkOption { use = mkOption {
type = nullOr (enum ["plasma" "gamescope" "gnome" "cosmic"]); type = nullOr (enum ["plasma" "gamescope" "gnome" "cosmic"]);

4
modules/nixos/desktop/gamescope/default.nix
View file

@ -1,12 +1,10 @@
{ lib, config, namespace, inputs, ... }: { lib, config, namespace, ... }:
let let
inherit (lib) mkIf mkEnableOption mkForce; inherit (lib) mkIf mkEnableOption mkForce;
cfg = config.${namespace}.desktop.gamescope; cfg = config.${namespace}.desktop.gamescope;
in in
{ {
imports = [ inputs.jovian.nixosModules.default ];
options.${namespace}.desktop.gamescope = { options.${namespace}.desktop.gamescope = {
enable = mkEnableOption "Enable Steamdeck ui" // { enable = mkEnableOption "Enable Steamdeck ui" // {
default = (config.${namespace}.desktop.use == "gamescope"); default = (config.${namespace}.desktop.use == "gamescope");

6
modules/nixos/editor/nvim/default.nix
View file

@ -1,14 +1,10 @@
{ inputs, config, lib, pkgs, namespace, ... }: { config, lib, pkgs, namespace, ... }:
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.editor.nvim; cfg = config.${namespace}.editor.nvim;
in in
{ {
imports = [
inputs.nvf.nixosModules.default
];
options.${namespace}.editor.nvim = { options.${namespace}.editor.nvim = {
enable = mkEnableOption "enable nvim via nvf on system level"; enable = mkEnableOption "enable nvim via nvf on system level";
}; };

3
modules/nixos/services/authentication/himmelblau/default.nix
View file

@ -1,5 +1,4 @@
{ {
inputs,
lib, lib,
config, config,
namespace, namespace,
@ -9,8 +8,6 @@
cfg = config.${namespace}.services.authentication.himmelblau; cfg = config.${namespace}.services.authentication.himmelblau;
in { in {
imports = [inputs.himmelblau.nixosModules.himmelblau];
options.${namespace}.services.authentication.himmelblau = { options.${namespace}.services.authentication.himmelblau = {
enable = mkEnableOption "enable azure entra ID authentication"; enable = mkEnableOption "enable azure entra ID authentication";
}; };

8
modules/nixos/services/authentication/zitadel/default.nix
View file

@ -1,7 +1,7 @@
{ config, lib, pkgs, namespace, system, inputs, ... }: { config, lib, pkgs, namespace, system, terranixLib, sneeuwvlokLib, ... }:
let let
inherit (lib) mkIf mkEnableOption mkOption types toUpper toSentenceCase nameValuePair mapAttrs mapAttrs' concatMapAttrs concatMapStringsSep filterAttrsRecursive listToAttrs imap0 head drop length literalExpression attrNames; inherit (lib) mkIf mkEnableOption mkOption types toUpper toSentenceCase nameValuePair mapAttrs mapAttrs' concatMapAttrs concatMapStringsSep filterAttrsRecursive listToAttrs imap0 head drop length literalExpression attrNames;
inherit (lib.${namespace}.strings) toSnakeCase; inherit (sneeuwvlokLib.strings) toSnakeCase;
cfg = config.${namespace}.services.authentication.zitadel; cfg = config.${namespace}.services.authentication.zitadel;
@ -339,7 +339,7 @@ in
config' = config; config' = config;
# this is a nix package, the generated json file to be exact # this is a nix package, the generated json file to be exact
terraformConfiguration = inputs.terranix.lib.terranixConfiguration { terraformConfiguration = terranixLib.terranixConfiguration {
inherit system; inherit system;
modules = [ modules = [
@ -576,7 +576,7 @@ in
let let
tofu = lib.getExe pkgs.opentofu; tofu = lib.getExe pkgs.opentofu;
in in
'' lib.replaceStrings ["\r"] [""] ''
if [ "$(systemctl is-active zitadel)" != "active" ]; then if [ "$(systemctl is-active zitadel)" != "active" ]; then
echo "Zitadel is not running" echo "Zitadel is not running"
exit 1 exit 1

5
modules/nixos/services/games/minecraft/default.nix
View file

@ -1,5 +1,4 @@
{ {
inputs,
config, config,
lib, lib,
pkgs, pkgs,
@ -11,10 +10,6 @@
cfg = config.${namespace}.services.games.minecraft; cfg = config.${namespace}.services.games.minecraft;
in { in {
imports = [
inputs.nix-minecraft.nixosModules.minecraft-servers
];
options.${namespace}.services.games.minecraft = { options.${namespace}.services.games.minecraft = {
enable = mkEnableOption "Minecraft"; enable = mkEnableOption "Minecraft";

5
modules/nixos/services/media/mydia/default.nix
View file

@ -2,7 +2,6 @@
config, config,
lib, lib,
namespace, namespace,
inputs,
system, system,
... ...
}: let }: let
@ -10,10 +9,6 @@
cfg = config.${namespace}.services.media.mydia; cfg = config.${namespace}.services.media.mydia;
in { in {
imports = [
inputs.mydia.nixosModules.default
];
options.${namespace}.services.media.mydia = { options.${namespace}.services.media.mydia = {
enable = mkEnableOption "Enable Mydia"; enable = mkEnableOption "Enable Mydia";
}; };

8
modules/nixos/services/media/servarr/default.nix
View file

@ -3,8 +3,8 @@
config, config,
lib, lib,
namespace, namespace,
inputs,
system, system,
terranixLib,
... ...
}: let }: let
inherit (builtins) toString; inherit (builtins) toString;
@ -155,7 +155,7 @@ in {
config' = config; config' = config;
lib' = lib; lib' = lib;
terraformConfiguration = inputs.terranix.lib.terranixConfiguration { terraformConfiguration = terranixLib.terranixConfiguration {
inherit system; inherit system;
modules = [ modules = [
@ -341,11 +341,11 @@ in {
} }
''; '';
script = '' script = lib.replaceStrings ["\r"] [""] ''
# Sleep for a bit to give the service a chance to start up # Sleep for a bit to give the service a chance to start up
sleep 5s sleep 5s
if [ "$(systemctl is-active "${service}")" != "active" ]; then if [ "$(systemctl is-active ${lib.escapeShellArg service})" != "active" ]; then
echo "${service} is not running" echo "${service} is not running"
exit 1 exit 1
fi fi

11
modules/nixos/services/networking/caddy/default.nix
View file

@ -10,14 +10,9 @@
cfg = config.${namespace}.services.networking.caddy; cfg = config.${namespace}.services.networking.caddy;
hasHosts = (cfg.hosts |> attrNames |> length) > 0; hasHosts = (cfg.hosts |> attrNames |> length) > 0;
caddyBase = pkgs.callPackage "${pkgs.path}/pkgs/by-name/ca/caddy/package.nix" { caddyPackage = pkgs.caddy.withPlugins {
buildGo125Module = pkgs.buildGo126Module;
caddy = caddyBase;
};
caddyPackage =
caddyBase.withPlugins {
plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"]; plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"];
hash = "sha256-pSXjLaZoRtKV3eFl2ySRSjl3yxi514G1Cb7pfrpxxtE="; hash = "sha256-rsDnTunR8C7hVOX5aKcba+iFYHbpWek65DZgbMxOdTs=";
}; };
in { in {
options.${namespace}.services.networking.caddy = { options.${namespace}.services.networking.caddy = {
@ -25,10 +20,12 @@ in {
hosts = mkOption { hosts = mkOption {
type = types.attrsOf types.str; type = types.attrsOf types.str;
default = {};
}; };
extraConfig = mkOption { extraConfig = mkOption {
type = types.str; type = types.str;
default = "";
}; };
}; };

8
modules/nixos/services/security/vaultwarden/default.nix
View file

@ -3,6 +3,8 @@
config, config,
lib, lib,
namespace, namespace,
repoRoot,
sneeuwvlokLib,
... ...
}: let }: let
inherit (builtins) toString; inherit (builtins) toString;
@ -26,7 +28,7 @@
}); });
databaseProviderPostgresql = types.submodule ({...}: let databaseProviderPostgresql = types.submodule ({...}: let
urlOptions = lib.${namespace}.options.mkUrlOptions { urlOptions = sneeuwvlokLib.options.mkUrlOptions {
host = { host = {
description = '' description = ''
Hostname of the postgresql server Hostname of the postgresql server
@ -118,7 +120,7 @@ in {
enable = true; enable = true;
dbBackend = "postgresql"; dbBackend = "postgresql";
package = pkgs.${namespace}.vaultwarden; package = pkgs.callPackage (repoRoot + "/packages/vaultwarden/default.nix") {};
config = { config = {
SIGNUPS_ALLOWED = false; SIGNUPS_ALLOWED = false;
@ -196,7 +198,7 @@ in {
else if type == "postgresql" else if type == "postgresql"
then { then {
inherit (db) type; inherit (db) type;
url = lib.${namespace}.strings.toUrl { url = sneeuwvlokLib.strings.toUrl {
inherit (db) protocol host port; inherit (db) protocol host port;
path = "vaultwarden"; path = "vaultwarden";
query = { query = {

8
modules/nixos/system/security/sops/default.nix
View file

@ -1,12 +1,8 @@
{ pkgs, config, namespace, inputs, system, ... }: { pkgs, config, namespace, repoRoot, system, ... }:
let let
cfg = config.${namespace}.system.security.sops; cfg = config.${namespace}.system.security.sops;
in in
{ {
imports = [
inputs.sops-nix.nixosModules.sops
];
options.${namespace}.system.security.sops = {}; options.${namespace}.system.security.sops = {};
config = { config = {
@ -14,7 +10,7 @@ in
sops = { sops = {
defaultSopsFormat = "yaml"; defaultSopsFormat = "yaml";
defaultSopsFile = inputs.self + "/systems/${system}/${config.networking.hostName}/secrets.yml"; defaultSopsFile = repoRoot + "/systems/${system}/${config.networking.hostName}/secrets.yml";
age = { age = {
# keyFile = "~/.config/sops/age/keys.txt"; # keyFile = "~/.config/sops/age/keys.txt";

14
packages/studio/default.nix
View file

@ -1,10 +1,10 @@
{ {
pkgs, pkgs,
inputs, erosanixLib,
}: let }: let
inherit (builtins) fetchurl; inherit (builtins) fetchurl replaceStrings;
inherit (pkgs) makeDesktopItem copyDesktopItems wineWow64Packages; inherit (pkgs) makeDesktopItem copyDesktopItems wineWow64Packages;
inherit (inputs.erosanix.lib.x86_64-linux) mkWindowsAppNoCC makeDesktopIcon copyDesktopIcons; inherit (erosanixLib.x86_64-linux) mkWindowsAppNoCC makeDesktopIcon copyDesktopIcons;
wine = wineWow64Packages.base; wine = wineWow64Packages.base;
in in
@ -56,24 +56,24 @@ in
nativeBuildInputs = [copyDesktopIcons copyDesktopItems]; nativeBuildInputs = [copyDesktopIcons copyDesktopItems];
winAppInstall = '' winAppInstall = replaceStrings ["\r"] [""] ''
wine64 ${src} wine64 ${src}
wineserver -W wineserver -W
wine64 reg add 'HKEY_CURRENT_USER\Software\Wine\X11 Driver' /t REG_SZ /v UseTakeFocus /d N /f wine64 reg add 'HKEY_CURRENT_USER\Software\Wine\X11 Driver' /t REG_SZ /v UseTakeFocus /d N /f
''; '';
winAppPreRun = '' winAppPreRun = replaceStrings ["\r"] [""] ''
wineserver -W wineserver -W
wine64 reg add 'HKEY_CURRENT_USER\Software\Wine\X11 Driver' /t REG_SZ /v UseTakeFocus /d N /f wine64 reg add 'HKEY_CURRENT_USER\Software\Wine\X11 Driver' /t REG_SZ /v UseTakeFocus /d N /f
''; '';
winAppRun = '' winAppRun = replaceStrings ["\r"] [""] ''
wine64 "$WINEPREFIX/drive_c/Program Files/Studio 2.0/Studio.exe" "$ARGS" wine64 "$WINEPREFIX/drive_c/Program Files/Studio 2.0/Studio.exe" "$ARGS"
''; '';
winAppPostRun = ""; winAppPostRun = "";
installPhase = '' installPhase = replaceStrings ["\r"] [""] ''
runHook preInstall runHook preInstall
ln -s $out/bin/.launcher $out/bin/${pname} ln -s $out/bin/.launcher $out/bin/${pname}