ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: ringofstorms:3d4d7d88290dd1f55542691d3ac45b2a5f021709
Branches Tags
ringofstorms:master
..
compare: ringofstorms:6277d06b4dcaa6665e92aaf5f20eee49a8362556
Branches Tags
ringofstorms:master

No commits in common. "3d4d7d88290dd1f55542691d3ac45b2a5f021709" and "6277d06b4dcaa6665e92aaf5f20eee49a8362556" have entirely different histories.
3d4d7d8829 ... 6277d06b4d

9 changed files with 48 additions and 197 deletions
Download patch file Download diff file Expand all files Collapse all files

31
common/programs/default.nix
View file

@ -1,8 +1,4 @@
{ config, lib, ... }: { ... }:
let
ccfg = import ../config.nix;
cfg = config.${ccfg.custom_config_key}.programs;
in
{ {
imports = [ imports = [
./qFlipper.nix ./qFlipper.nix
@ -11,31 +7,6 @@ in
./tailnet.nix ./tailnet.nix
./ssh.nix ./ssh.nix
./docker.nix ./docker.nix
./podman.nix
./incus.nix ./incus.nix
]; ];
config = {
assertions = [
(
let
enabledVirtualizers = lib.filter (x: x.enabled) [
{
name = "docker";
enabled = cfg.docker.enable;
}
{
name = "podman";
enabled = cfg.podman.enable;
}
];
in
{
assertion = lib.length enabledVirtualizers <= 1;
message =
"Only one virtualizer can be enabled at a time. Enabled: "
+ lib.concatStringsSep ", " (map (x: x.name) enabledVirtualizers);
}
)
];
};
} }

32
common/programs/podman.nix
View file

@ -1,32 +0,0 @@
{
config,
lib,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"programs"
"podman"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
users_cfg = config.${ccfg.custom_config_key}.users;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "podman";
};
config = lib.mkIf cfg.enable {
virtualisation.podman = {
enable = true;
dockerSocket.enable = true;
autoPrune.enable = true;
};
# TODO add admins?
users.extraGroups.podman.members = lib.mkIf (users_cfg.primary != null) [ users_cfg.primary ];
};
}

96
hosts/h001/containers/default.nix
View file

@ -1,96 +0,0 @@
{ common }:
{
...
}:
{
imports = [
# common.nixosModules.containers.librechat
# common.nixosModules.containers.forgejo
];
config = {
## Give internet access
networking = {
nat = {
enable = true;
internalInterfaces = [ "ve-*" ];
externalInterface = "enp0s31f6";
enableIPv6 = true;
};
firewall.trustedInterfaces = [ "ve-*" ];
};
containers.wasabi = {
ephemeral = true;
autoStart = true;
privateNetwork = true;
hostAddress = "10.0.0.1";
localAddress = "10.0.0.111";
config =
{ config, pkgs, ... }:
{
system.stateVersion = "24.11";
services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall = {
enable = true;
allowedTCPPorts = [ 80 ];
};
};
};
virtualisation.oci-containers.containers = {
ntest = {
image = "nginx:alpine";
ports = [
"127.0.0.1:8085:80"
];
};
};
virtualisation.oci-containers.backend = "podman";
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"localhost" = {
locations."/" = {
proxyPass = "http://10.0.0.111";
};
};
# "git.joshuabell.xyz" = {
# # GIT passthrough
# locations."/" = {
# proxyPass = "http://10.0.0.2:3000";
# };
# };
"_" = {
default = true;
locations."/" = {
return = "404"; # or 444 for drop
};
};
};
# STREAMS
streamConfig = ''
server {
listen 3032;
proxy_pass 10.0.0.2:3032;
}
'';
};
networking.firewall.allowedTCPPorts = [
80
443
];
};
}

3
hosts/h001/flake.nix
View file

@ -30,7 +30,6 @@
ros_neovim.nixosModules.default ros_neovim.nixosModules.default
./configuration.nix ./configuration.nix
./hardware-configuration.nix ./hardware-configuration.nix
(import ./containers { inherit common; })
( (
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
@ -45,7 +44,7 @@
programs = { programs = {
tailnet.enable = true; tailnet.enable = true;
ssh.enable = true; ssh.enable = true;
podman.enable = true; docker.enable = true;
}; };
users = { users = {
admins = [ "luser" ]; # First admin is also the primary user owning nix config admins = [ "luser" ]; # First admin is also the primary user owning nix config

48
hosts/h002/flake.lock generated
View file

@ -32,17 +32,17 @@
"ragenix": "ragenix" "ragenix": "ragenix"
}, },
"locked": { "locked": {
"lastModified": 1745957989, "lastModified": 1742406739,
"narHash": "sha256-mLYJXPri4DVRa6exEPtzlkje5FZVSYAteObHOxcAvfA=", "narHash": "sha256-1Tdt3a0Le9cDD0voBeDcSuHtRbVTX/vAhbDrMIOE/+o=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "6277d06b4dcaa6665e92aaf5f20eee49a8362556", "rev": "2b026ed0c883c942a84d20a9c0491905e61ddbf3",
"revCount": 426, "revCount": 373,
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" "url": "https://git.joshuabell.xyz/dotfiles"
}, },
"original": { "original": {
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" "url": "https://git.joshuabell.xyz/dotfiles"
} }
}, },
"crane": { "crane": {
@ -210,15 +210,16 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1745961410, "lastModified": 1735697839,
"narHash": "sha256-RU4c9JVZp/CdWyPUUZGsZvTWvjrFtXLUnlMs38IeHD0=", "narHash": "sha256-0Acw0UaLi+VNThsmeX8zOKi000DFrYXNnrgpOpk2+MM=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a2001229477b3a343b13e6e7870fa37fedd8e09d", "rev": "5eaa5fdf06d2b15d373b82c0f3a1ec1c6cab02ae",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "master",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -623,6 +624,22 @@
"type": "github" "type": "github"
} }
}, },
"nvim_plugin-lvimuser/lsp-inlayhints.nvim": {
"flake": false,
"locked": {
"lastModified": 1686236485,
"narHash": "sha256-06CiJ+xeMO4+OJkckcslqwloJyt2gwg514JuxV6KOfQ=",
"owner": "lvimuser",
"repo": "lsp-inlayhints.nvim",
"rev": "d981f65c9ae0b6062176f0accb9c151daeda6f16",
"type": "github"
},
"original": {
"owner": "lvimuser",
"repo": "lsp-inlayhints.nvim",
"type": "github"
}
},
"nvim_plugin-m4xshen/hardtime.nvim": { "nvim_plugin-m4xshen/hardtime.nvim": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -1176,6 +1193,7 @@
"nvim_plugin-lewis6991/gitsigns.nvim": "nvim_plugin-lewis6991/gitsigns.nvim", "nvim_plugin-lewis6991/gitsigns.nvim": "nvim_plugin-lewis6991/gitsigns.nvim",
"nvim_plugin-lnc3l0t/glow.nvim": "nvim_plugin-lnc3l0t/glow.nvim", "nvim_plugin-lnc3l0t/glow.nvim": "nvim_plugin-lnc3l0t/glow.nvim",
"nvim_plugin-lukas-reineke/indent-blankline.nvim": "nvim_plugin-lukas-reineke/indent-blankline.nvim", "nvim_plugin-lukas-reineke/indent-blankline.nvim": "nvim_plugin-lukas-reineke/indent-blankline.nvim",
"nvim_plugin-lvimuser/lsp-inlayhints.nvim": "nvim_plugin-lvimuser/lsp-inlayhints.nvim",
"nvim_plugin-m4xshen/hardtime.nvim": "nvim_plugin-m4xshen/hardtime.nvim", "nvim_plugin-m4xshen/hardtime.nvim": "nvim_plugin-m4xshen/hardtime.nvim",
"nvim_plugin-mbbill/undotree": "nvim_plugin-mbbill/undotree", "nvim_plugin-mbbill/undotree": "nvim_plugin-mbbill/undotree",
"nvim_plugin-mfussenegger/nvim-lint": "nvim_plugin-mfussenegger/nvim-lint", "nvim_plugin-mfussenegger/nvim-lint": "nvim_plugin-mfussenegger/nvim-lint",
@ -1210,17 +1228,17 @@
"rust-overlay": "rust-overlay_2" "rust-overlay": "rust-overlay_2"
}, },
"locked": { "locked": {
"lastModified": 1745585761, "lastModified": 1735841437,
"narHash": "sha256-xS3068xhndFrZh9GcTTNTmeebGq1A3uVykRRdzJOj3Y=", "narHash": "sha256-ZwmlaFhOlQ7f6Rq6VxRup7giPiwQlwe71HcoO/laRJo=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "e5523910a0c07c88d026d006f5962434bfa53548", "rev": "71d82c875fff85ae250804f45f1acf65f42cdc1e",
"revCount": 277, "revCount": 253,
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/nvim" "url": "https://git.joshuabell.xyz/nvim"
}, },
"original": { "original": {
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/nvim" "url": "https://git.joshuabell.xyz/nvim"
} }
}, },
"rust-overlay": { "rust-overlay": {

7
hosts/h002/flake.nix
View file

@ -35,7 +35,6 @@
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
lua lua
qdirstat
]; ];
ringofstorms_common = { ringofstorms_common = {
@ -44,12 +43,10 @@
secrets.enable = true; secrets.enable = true;
desktopEnvironment.gnome.enable = true; desktopEnvironment.gnome.enable = true;
programs = { programs = {
qFlipper.enable = true;
rustDev.enable = true; rustDev.enable = true;
tailnet.enable = true; tailnet.enable = true;
ssh.enable = true; ssh.enable = true;
docker.enable = true; docker.enable = true;
uhkAgent.enable = true;
}; };
users = { users = {
admins = [ "luser" ]; # First admin is also the primary user owning nix config admins = [ "luser" ]; # First admin is also the primary user owning nix config
@ -72,10 +69,6 @@
packages = with pkgs; [ packages = with pkgs; [
bitwarden bitwarden
vaultwarden vaultwarden
google-chrome
firefox-esr
openscad
vlc
]; ];
}; };
}; };

18
hosts/lio/containers.nix
View file

@ -26,12 +26,15 @@
firewall.trustedInterfaces = [ "ve-*" ]; firewall.trustedInterfaces = [ "ve-*" ];
}; };
# mathesar
# services.mathesar.secretKey = "mImvhwyu0cFmtUNOAyOjm6qozWjEmHyrGIpOTZXWW7lnkj5RP3";
containers.wasabi = { containers.wasabi = {
ephemeral = true; ephemeral = true;
autoStart = true; autoStart = true;
privateNetwork = true; privateNetwork = true;
hostAddress = "10.0.0.1"; hostAddress = "192.168.100.2";
localAddress = "10.0.0.111"; localAddress = "192.168.100.11";
config = config =
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
@ -45,17 +48,10 @@
}; };
}; };
virtualisation.oci-containers.containers = {
ntest = {
image = "nginx:alpine";
ports = [
"127.0.0.1:8085:80"
];
};
};
virtualisation.oci-containers.backend = "docker"; virtualisation.oci-containers.backend = "docker";
security.acme.acceptTerms = true;
security.acme.defaults.email = "admin@joshuabell.xyz";
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;

8
hosts/lio/flake.lock generated
View file

@ -32,11 +32,11 @@
"ragenix": "ragenix" "ragenix": "ragenix"
}, },
"locked": { "locked": {
"lastModified": 1745957989, "lastModified": 1745953495,
"narHash": "sha256-mLYJXPri4DVRa6exEPtzlkje5FZVSYAteObHOxcAvfA=", "narHash": "sha256-8FzNmiQ4FuAk3Lz1vP3Up2npluYPXe5eos05h3npvrA=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "6277d06b4dcaa6665e92aaf5f20eee49a8362556", "rev": "37d4ac85b2450a407d8528aef1f5de38fbabb72d",
"revCount": 426, "revCount": 413,
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
}, },

2
readme.md
View file

@ -68,7 +68,9 @@
- atuin setup - atuin setup
- if atuin is on enable that mod in configuration.nix, make sure to `atuin login` get key from existing device - if atuin is on enable that mod in configuration.nix, make sure to `atuin login` get key from existing device
- TODO move key into secrets and mount it to atuin local share - TODO move key into secrets and mount it to atuin local share
- stormd onboard to network
- ssh key access, ssh iden in config in nix config - ssh key access, ssh iden in config in nix config
-
### Notes ### Notes