diff --git a/flake.lock b/flake.lock index 2cf70b8..45cbde5 100644 --- a/flake.lock +++ b/flake.lock @@ -84,11 +84,11 @@ ] }, "locked": { - "lastModified": 1705104164, - "narHash": "sha256-pllCu3Hcm1wP/B0SUxgUXvHeEd4w8s2aVrEQRdIL1yo=", + "lastModified": 1704498488, + "narHash": "sha256-yINKdShHrtjdiJhov+q0s3Y3B830ujRoSbHduUNyKag=", "owner": "nix-community", "repo": "home-manager", - "rev": "0912d26b30332ae6a90e1b321ff88e80492127dd", + "rev": "51e44a13acea71b36245e8bd8c7db53e0a3e61ee", "type": "github" }, "original": { @@ -128,11 +128,11 @@ ] }, "locked": { - "lastModified": 1705108826, - "narHash": "sha256-1xOzPcS8Zr4rqgLoaRwAcKqdCdzrBDaNwT+tiBdXf18=", + "lastModified": 1704590722, + "narHash": "sha256-exh2bDwYYkdJgm5wLvpWht5bRuPigk8v4Z7l4RegX3Q=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "92fd8c24719f08692c36b685de6884a20080edf0", + "rev": "7d0eace387cf4fd2812d0791684f4befa0865512", "type": "github" }, "original": { @@ -166,11 +166,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1704786394, - "narHash": "sha256-aJM0ln9fMGWw1+tjyl5JZWZ3ahxAA2gw2ZpZY/hkEMs=", + "lastModified": 1704632650, + "narHash": "sha256-83J/nd/NoLqo3vj0S0Ppqe8L+ijIFiGL6HNDfCCUD/Q=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b34a6075e9e298c4124e35c3ccaf2210c1f3a43b", + "rev": "c478b3d56969006e015e55aaece4931f3600c1b2", "type": "github" }, "original": { @@ -182,11 +182,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1704722960, - "narHash": "sha256-mKGJ3sPsT6//s+Knglai5YflJUF2DGj7Ai6Ynopz0kI=", + "lastModified": 1704194953, + "narHash": "sha256-RtDKd8Mynhe5CFnVT8s0/0yqtWFMM9LmCzXv/YKxnq4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "317484b1ead87b9c1b8ac5261a8d2dd748a0492d", + "rev": "bd645e8668ec6612439a9ee7e71f7eac4099d4f6", "type": "github" }, "original": { @@ -230,11 +230,11 @@ }, "nur": { "locked": { - "lastModified": 1705110884, - "narHash": "sha256-8t8C+vYVoNsG7uv1cH/vkUHM84EkxGRoPuwk1TMXBZE=", + "lastModified": 1704645857, + "narHash": "sha256-YRFry+uleoeDKs0kr039eVCN5XSCOuUbgbyKMJRXeFY=", "owner": "nix-community", "repo": "NUR", - "rev": "075357ead2dbaf5c64120371f6a1e57d1ee23a02", + "rev": "e72bc8a4fff841c6a131fe40471e4ae401f31096", "type": "github" }, "original": { @@ -266,11 +266,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1704908274, - "narHash": "sha256-74W9Yyomv3COGRmKi8zvyA5tL2KLiVkBeaYmYLjXyOw=", + "lastModified": 1704596510, + "narHash": "sha256-tupdwwg1WeX2hNMOQrvtyafTaTVty0QC/gQp7yaYJic=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c0b3a5af90fae3ba95645bbf85d2b64880addd76", + "rev": "f5fbcc0f50e7fc60c4f806fa7a09abccf0826d8a", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index c8182ad..e5d7755 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nix-vscode-extensions = { + nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; @@ -20,7 +20,7 @@ inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; - + nur = { url = "github:nix-community/NUR"; }; @@ -86,7 +86,7 @@ }; }; }; - mkNixos = { system, modules, specialArgs ? { } }: nixpkgs.lib.nixosSystem { + mkNixos = { system, modules, specialArgs ? {}}: nixpkgs.lib.nixosSystem { inherit system; specialArgs = specialArgs // { inherit inputs system; }; modules = [ @@ -102,65 +102,57 @@ homeConfigurations = builtins.listToAttrs [ (mkHomeConfiguration "xin" "calcite") ]; - colmenaHive = - let - deploymentModule = { - deployment.targetUser = "xin"; - }; - sharedModules = [ - self.nixosModules.default - deploymentModule - ]; - in - colmena.lib.makeHive { + colmenaHive = colmena.lib.makeHive { meta = { - nixpkgs = import nixpkgs { - system = "x86_64-linux"; - }; - machinesFile = ./nixbuild.net; - specialArgs = { - inherit inputs; - }; + nixpkgs = import nixpkgs { + system = "x86_64-linux"; + }; + machinesFile = ./nixbuild.net; + specialArgs = { + inherit inputs; + }; }; massicot = { name, nodes, pkgs, ... }: with inputs; { - deployment.targetHost = "49.13.13.122"; - deployment.buildOnTarget = true; + deployment.targetHost = "49.13.13.122"; - imports = [ - { nixpkgs.system = "aarch64-linux"; } - machines/massicot - ] ++ sharedModules; + imports = [ + { nixpkgs.system = "aarch64-linux"; } + self.nixosModules.default + machines/massicot + ]; }; sgp-00 = { name, nodes, pkgs, ... }: with inputs; { - imports = [ - machines/dolomite - ] ++ sharedModules; - nixpkgs.system = "x86_64-linux"; - networking.hostName = "sgp-00"; - system.stateVersion = "23.11"; - deployment = { - targetHost = "video.namely.icu"; - buildOnTarget = false; - tags = [ "proxy" ]; - }; + imports = [ + self.nixosModules.default + machines/dolomite + ]; + nixpkgs.system = "x86_64-linux"; + networking.hostName = "sgp-00"; + system.stateVersion = "23.11"; + deployment = { + targetHost = "video.namely.icu"; + buildOnTarget = false; + tags = [ "proxy" ]; + }; }; tok-00 = { name, nodes, pkgs, ... }: with inputs; { - imports = [ - machines/dolomite - ] ++ sharedModules; - nixpkgs.system = "x86_64-linux"; - networking.hostName = "tok-00"; - system.stateVersion = "23.11"; - deployment = { - targetHost = "video01.namely.icu"; - buildOnTarget = false; - tags = [ "proxy" ]; - }; + imports = [ + self.nixosModules.default + machines/dolomite + ]; + nixpkgs.system = "x86_64-linux"; + networking.hostName = "tok-00"; + system.stateVersion = "23.11"; + deployment = { + targetHost = "video01.namely.icu"; + buildOnTarget = false; + tags = [ "proxy" ]; + }; }; - }; + }; nixosConfigurations = { calcite = mkNixos { @@ -170,7 +162,7 @@ machines/calcite/configuration.nix (mkHome "xin" "calcite") ]; - }; + }; raspite = mkNixos { system = "aarch64-linux"; modules = [ @@ -194,12 +186,12 @@ } ]; }).config.system.build.sdImage; - } // flake-utils.lib.eachDefaultSystem (system: + } // flake-utils.lib.eachDefaultSystem (system: let pkgs = nixpkgs.legacyPackages.${system}; in { devShells = { default = pkgs.mkShell { - packages = with pkgs; [ git colmena sops nix-output-monitor rnix-lsp ]; + packages = with pkgs; [ git colmena sops nix-output-monitor ]; }; }; } diff --git a/machines/dolomite/default.nix b/machines/dolomite/default.nix index bb91fa5..e10df8b 100644 --- a/machines/dolomite/default.nix +++ b/machines/dolomite/default.nix @@ -66,17 +66,12 @@ }; }; services.fail2ban.enable = true; - programs.mosh.enable = true; security.sudo = { execWheelOnly = true; wheelNeedsPassword = false; }; - nix.settings = { - trusted-users = config.users.groups.wheel.members; - }; - services.sing-box = let singTls = { enabled = true; diff --git a/machines/massicot/default.nix b/machines/massicot/default.nix index 7a40b4e..283dadb 100644 --- a/machines/massicot/default.nix +++ b/machines/massicot/default.nix @@ -87,8 +87,8 @@ KerberosAuthentication = "no"; }; }; + services.fail2ban.enable = true; - programs.mosh.enable = true; systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ]; } diff --git a/modules/home-manager/alacritty.nix b/modules/home-manager/alacritty.nix index 4c79b19..9f10b00 100644 --- a/modules/home-manager/alacritty.nix +++ b/modules/home-manager/alacritty.nix @@ -26,13 +26,13 @@ in dynamic_padding = true; }; import = [ - "${config.xdg.configHome}/alacritty/catppuccin-macchiato.toml" + "${config.xdg.configHome}/alacritty/catppuccin-macchiato.yml" ]; }; }; - xdg.configFile."alacritty/catppuccin-macchiato.toml".source = builtins.fetchurl { - url = "https://raw.githubusercontent.com/catppuccin/alacritty/main/catppuccin-macchiato.toml"; - sha256 = "sha256:1iq187vg64h4rd15b8fv210liqkbzkh8sw04ykq0hgpx20w3qilv"; + xdg.configFile."alacritty/catppuccin-macchiato.yml".source = builtins.fetchurl { + url = "https://raw.githubusercontent.com/catppuccin/alacritty/main/catppuccin-macchiato.yml"; + sha256 = "sha256-+m8FyPStdh1A1xMVBOkHpfcaFPcyVL99tIxHuDZ2zXI="; }; }; } diff --git a/modules/home-manager/vscode.nix b/modules/home-manager/vscode.nix index f8c98cc..38e70e9 100644 --- a/modules/home-manager/vscode.nix +++ b/modules/home-manager/vscode.nix @@ -5,7 +5,7 @@ let cfg = config.custom-hm.vscode; in { - options.custom-hm.vscode = { + options.custom-hm.vscode = { enable = mkEnableOption "Vscode config"; }; config = mkIf cfg.enable {