diff --git a/hosts/h001/flake.nix b/hosts/h001/flake.nix index 5774c07..1ae4bc2 100644 --- a/hosts/h001/flake.nix +++ b/hosts/h001/flake.nix @@ -10,7 +10,7 @@ oauth2-proxy-nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; pinchflat-nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - # Use relative to get current version for testin + # Use relative to get current version for testing # common.url = "path:../../flakes/common"; common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/common"; # secrets.url = "path:../../flakes/secrets"; diff --git a/hosts/h003/flake.nix b/hosts/h003/flake.nix index 1d93336..f9232d8 100644 --- a/hosts/h003/flake.nix +++ b/hosts/h003/flake.nix @@ -1,10 +1,13 @@ { inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + home-manager.url = "github:rycee/home-manager/release-25.05"; # Use relative to get current version for testing - # common.url = "path:../../common"; - common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles"; + # common.url = "path:../../flakes/common"; + common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/common"; + # secrets.url = "path:../../flakes/secrets"; + secrets.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/secrets"; ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim"; }; @@ -12,89 +15,109 @@ outputs = { nixpkgs, + home-manager, common, + secrets, ros_neovim, ... - }: + }@inputs: let configuration_name = "h003"; + system = "x86_64-linux"; + stateVersion = "24.11"; + primaryUser = "luser"; lib = nixpkgs.lib; in { nixosConfigurations = { "${configuration_name}" = ( lib.nixosSystem { + inherit system; + specialArgs = { + inherit inputs; + }; modules = [ - common.nixosModules.default + home-manager.nixosModules.default + + secrets.nixosModules.default ros_neovim.nixosModules.default + + common.nixosModules.essentials + common.nixosModules.git + common.nixosModules.boot_systemd + common.nixosModules.hardening + common.nixosModules.nix_options + common.nixosModules.podman + common.nixosModules.tailnet + common.nixosModules.timezone_auto + common.nixosModules.tty_caps_esc + common.nixosModules.zsh + ./configuration.nix ./hardware-configuration.nix ./mods ( { config, pkgs, ... }: - { + rec { + # Home Manager + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + backupFileExtension = "bak"; + # add all normal users to home manager so it applies to them + users = lib.mapAttrs (name: user: { + home.stateVersion = stateVersion; + programs.home-manager.enable = true; + }) (lib.filterAttrs (name: user: user.isNormalUser or false) users.users); + + sharedModules = [ + common.homeManagerModules.tmux + common.homeManagerModules.atuin + common.homeManagerModules.direnv + common.homeManagerModules.git + common.homeManagerModules.postgres_cli_options + common.homeManagerModules.ssh + common.homeManagerModules.starship + common.homeManagerModules.zoxide + common.homeManagerModules.zsh + ]; + }; + + # System configuration + system.stateVersion = stateVersion; + networking.hostName = configuration_name; + programs.nh.flake = "/home/${primaryUser}/.config/nixos-config/hosts/${configuration_name}"; + nixpkgs.config.allowUnfree = true; + users.users = { + "${primaryUser}" = { + isNormalUser = true; + initialPassword = "password1"; + shell = pkgs.zsh; + extraGroups = [ + "wheel" + "networkmanager" + "video" + "input" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3riAQ8RP5JXj2eO87JpjbM/9SrfFHcN5pEJwQpRcOl nix2h003" + ]; + }; + root = { + shell = pkgs.zsh; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3riAQ8RP5JXj2eO87JpjbM/9SrfFHcN5pEJwQpRcOl nix2h003" + ]; + }; + }; + environment.systemPackages = with pkgs; [ lua sqlite - # networking tools + ttyd tcpdump dig ]; - - ringofstorms_common = { - systemName = configuration_name; - boot.systemd.enable = true; - secrets.enable = true; - general = { - reporting.enable = true; - }; - programs = { - tailnet.enable = true; - ssh.enable = true; - podman.enable = true; - }; - users = { - admins = [ "luser" ]; # First admin is also the primary user owning nix config - users = { - root = { - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3riAQ8RP5JXj2eO87JpjbM/9SrfFHcN5pEJwQpRcOl nix2h003" - ]; - shell = pkgs.zsh; - }; - luser = { - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3riAQ8RP5JXj2eO87JpjbM/9SrfFHcN5pEJwQpRcOl nix2h003" - ]; - extraGroups = [ - "networkmanager" - "video" - "input" - ]; - shell = pkgs.zsh; - }; - }; - }; - homeManager = { - users = { - luser = { - imports = with common.homeManagerModules; [ - kitty - tmux - atuin - direnv - git - nix_deprecations - postgres - ssh - starship - zoxide - zsh - ]; - }; - }; - }; - }; } ) ];