nyancat/flake
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

flake: import flakes in {machine,user}-specific configs

Browse source
This commit is contained in:
Guanran Wang 2023-10-14 13:53:54 +08:00
parent 92ca867f76
commit 902c079413
Signed by: nyancat
SSH key fingerprint: SHA256:8oWGKciPALWut/6WA27oFKofX+6Wtc0gQnsefXLQx/8
5 changed files with 26 additions and 71 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
flake.nix
View file

@ -69,7 +69,7 @@
./machines/darwin/imac-2017 # Hardware-specific configurations ./machines/darwin/imac-2017 # Hardware-specific configurations
# Machine-specific configurations (does such stuff even exist on nix-darwin) # Machine-specific configurations (does such stuff even exist on nix-darwin)
./users/guanranwang/darwin.nix # User-specific configurations ./users/guanranwang/darwin.nix # User-specific configurations
./flakes/darwin/home-manager.nix # Flakes # Flakes
{ networking.hostName = "iMac-macOS"; } { networking.hostName = "iMac-macOS"; }
]; ];
@ -85,21 +85,10 @@
modules = [ modules = [
./nixos # Entrypoint ./nixos # Entrypoint
./machines/nixos/81fw-lenovo-legion-y7000 # Hardware-specific configurations ./machines/nixos/81fw-lenovo-legion-y7000 # Hardware-specific configurations
#./machines/nixos/81fw-lenovo-legion-y7000/machine-1 # Machine-specific configurations ./machines/nixos/81fw-lenovo-legion-y7000/machine-1 # Machine-specific configurations
./users/guanranwang/nixos.nix # User-specific configurations ./users/guanranwang/nixos.nix # User-specific configurations
./flakes/nixos/berberman.nix # Flakes
./flakes/nixos/home-manager.nix
./flakes/nixos/hosts.nix
./flakes/nixos/lanzaboote.nix
./flakes/nixos/sops-nix.nix
./flakes/nixos/impermanence.nix
./flakes/nixos/disko.nix
{ { networking.hostName = "81fw-nixos"; }
_module.args.disks = [ "/dev/nvme0n1" ]; # Disko
boot.initrd.systemd.enable = true; # LUKS TPM unlocking
networking.hostName = "81fw-nixos";
}
]; ];
}; };
@ -112,11 +101,6 @@
./machines/nixos/imac-2017 ./machines/nixos/imac-2017
./machines/nixos/imac-2017/machine-1 ./machines/nixos/imac-2017/machine-1
./users/guanranwang/nixos.nix ./users/guanranwang/nixos.nix
./flakes/nixos/berberman.nix
./flakes/nixos/home-manager.nix
./flakes/nixos/hosts.nix
./flakes/nixos/lanzaboote.nix
./flakes/nixos/sops-nix.nix
{ networking.hostName = "imac-nixos"; } { networking.hostName = "imac-nixos"; }
]; ];

7
machines/nixos/81fw-lenovo-legion-y7000/machine-1/default.nix
View file

@ -2,6 +2,11 @@
{ {
imports = [ imports = [
./partition.nix ../../../../flakes/nixos/lanzaboote.nix
../../../../flakes/nixos/impermanence.nix
../../../../flakes/nixos/disko.nix
]; ];
_module.args.disks = [ "/dev/nvme0n1" ]; # Disko
boot.initrd.systemd.enable = true; # LUKS TPM unlocking
} }

41
machines/nixos/81fw-lenovo-legion-y7000/machine-1/partition.nix
View file

@ -1,41 +0,0 @@
{ ... }:
{
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/6288ce7a-a153-4302-a4de-5dc71f58da79";
fsType = "btrfs";
options = [ "compress=zstd" "subvol=@" ]; # nested subvol
};
#"/" = {
# device = "none";
# fsType = "tmpfs";
# options = [ "size=3G" "mode=755" ]; # mode=755 so only root can write to those files
#};
"/home" = {
device = "/dev/disk/by-uuid/6288ce7a-a153-4302-a4de-5dc71f58da79";
fsType = "btrfs";
options = [ "compress=zstd" "subvol=@home" ];
};
#"/var/lib/flatpak" = {
# device = "/dev/disk/by-uuid/6288ce7a-a153-4302-a4de-5dc71f58da79";
# fsType = "btrfs";
# options = [ "compress=zstd" "subvol=@flatpak" ];
#};
"/btrfs" = {
device = "/dev/disk/by-uuid/6288ce7a-a153-4302-a4de-5dc71f58da79";
fsType = "btrfs";
options = [ "compress=zstd" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/C44A-313A";
fsType = "vfat";
};
};
swapDevices = [ { device = "/dev/disk/by-uuid/0ba792d3-571d-44bb-8696-82126611784d"; } ];
}

6
users/guanranwang/darwin.nix
View file

@ -12,6 +12,10 @@
}; };
}; };
# Flakes. # Flakes
imports = [
../../flakes/darwin/home-manager.nix
];
### home-manager
home-manager.users.guanranwang = import ./home-manager/darwin; # NOTE: using flakes home-manager.users.guanranwang = import ./home-manager/darwin; # NOTE: using flakes
} }

21
users/guanranwang/nixos.nix
View file

@ -12,27 +12,30 @@
# Flakes. # Flakes
imports = [
../../flakes/nixos/home-manager.nix
../../flakes/nixos/sops-nix.nix
../../flakes/nixos/hosts.nix
../../flakes/nixos/berberman.nix
];
### home-manager
home-manager.users.guanranwang = import ./home-manager/nixos; home-manager.users.guanranwang = import ./home-manager/nixos;
### sops-nix
sops = { sops = {
defaultSopsFile = ./secrets/secrets.yaml; defaultSopsFile = ./secrets/secrets.yaml;
age.sshKeyPaths = [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ];
gnupg.sshKeyPaths = []; gnupg.sshKeyPaths = [];
secrets = { secrets = {
"clash-config" = { "hashed-passwd".neededForUsers = true; # Hashed user password
"wireless/home".path = "/var/lib/iwd/wangxiaobo.psk"; # Home wifi password
"clash-config" = { # Clash.Meta configuration
#mode = "0444"; # readable #mode = "0444"; # readable
owner = config.users.users."clash-meta".name; owner = config.users.users."clash-meta".name;
group = config.users.users."clash-meta".group; group = config.users.users."clash-meta".group;
restartUnits = [ "clash-meta.service" ]; restartUnits = [ "clash-meta.service" ];
path = "/etc/clash-meta/config.yaml"; path = "/etc/clash-meta/config.yaml";
}; };
"hashed-passwd".neededForUsers = true;
"wireless/home" = {};
}; };
}; };
systemd.tmpfiles.rules = [
"C /var/lib/iwd/wangxiaobo.psk - - - - ${config.sops.secrets."wireless/home".path}"
];
} }