Luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-03-26 13:50:51 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: Luj:5b249c58e5fc3890965124758872615f02d29296
Branches Tags
Luj:main
..
compare: Luj:74921ea499619d3b6d0ace758910ccfd7a8b29a3
Branches Tags
Luj:main

No commits in common. "5b249c58e5fc3890965124758872615f02d29296" and "74921ea499619d3b6d0ace758910ccfd7a8b29a3" have entirely different histories.
5b249c58e5 ... 74921ea499

7 changed files with 21 additions and 122 deletions
Show stats Expand all files Collapse all files

17
README.md
View file

@ -1,4 +1,4 @@
# Snowfield # My NixOS Configurations
[![Build status](https://ci.julienmalka.me/badges/JulienMalka_snowfield_nix-eval.svg)](https://ci.julienmalka.me/#/builders/16) [![built with nix](https://img.shields.io/static/v1?logo=nixos&logoColor=white&label=&message=Built%20with%20Nix&color=41439a)](https://builtwithnix.org) [![Build status](https://ci.julienmalka.me/badges/JulienMalka_snowfield_nix-eval.svg)](https://ci.julienmalka.me/#/builders/16) [![built with nix](https://img.shields.io/static/v1?logo=nixos&logoColor=white&label=&message=Built%20with%20Nix&color=41439a)](https://builtwithnix.org)
This repository contains the configurations of my machines using NixOS. This repository contains the configurations of my machines using NixOS.
@ -7,6 +7,19 @@ This repository contains the configurations of my machines using NixOS.
NixOS is a linux distribution based on the Nix package manager. It allows fully reproducible builds and a declarative configuration style, using a functionnal langage called Nix (yes, it is the same name as the package manager and the OS). NixOS is a linux distribution based on the Nix package manager. It allows fully reproducible builds and a declarative configuration style, using a functionnal langage called Nix (yes, it is the same name as the package manager and the OS).
### *What is a flake ?*
This whole repository is a flake. It is an experimental feature of Nix, allowing for pure evaluation of code. Dependency are fully specified and locked.
### *How does this work ?*
#### Machines
This project manage the configuration of three machines :
- **Macintosh**, a thinkpad laptop,
- **Lisa**, a high performance server,
- **Newton**, a low performance stockage server.
Machines configurations are located in the machines folder, and are using all the custom modules defined in this project. Machines configurations are located in the machines folder, and are using all the custom modules defined in this project.
#### Modules #### Modules
@ -15,7 +28,7 @@ This configuration defines a number of custom NixOS and home-manager modules. Th
#### Secrets #### Secrets
Secrets are stored in the secrets folder. They are uncrypted upon system activation using the host ssh key. Secrets are managed using agenix. Secrets are stored in the secrets folder. They are uncrypted upon system activation using the host ssh key. Secrets are managed using nix-sops.
### Inspirations ### Inspirations

4
machines/gallifrey/default.nix
View file

@ -10,7 +10,6 @@
imports = [ imports = [
./hardware.nix ./hardware.nix
./home-julien.nix ./home-julien.nix
./syncthing.nix
]; ];
machine.meta = { machine.meta = {
@ -27,8 +26,7 @@
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
programs.ssh.knownHosts."epyc.infra.newtype.fr".publicKey = programs.ssh.knownHosts."epyc.infra.newtype.fr".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOXT9Init1MhKt4rjBANLq0t0bPww/WQZ96uB4AEDrml";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOXT9Init1MhKt4rjBANLq0t0bPww/WQZ96uB4AEDrml";
networking.networkmanager.dns = "systemd-resolved"; networking.networkmanager.dns = "systemd-resolved";
services.resolved.enable = true; services.resolved.enable = true;

3
machines/gallifrey/home-julien.nix
View file

@ -122,6 +122,7 @@
home.persistence."/persistent/home/julien" = { home.persistence."/persistent/home/julien" = {
files = [ files = [
".config/gnome-initial-setup-done" ".config/gnome-initial-setup-done"
".config/monitors.xml"
".config/background" ".config/background"
".cert/nm-openvpn/telecom-paris-ca.pem" ".cert/nm-openvpn/telecom-paris-ca.pem"
".local/share/com.ranfdev.Notify.sqlite" ".local/share/com.ranfdev.Notify.sqlite"
@ -130,8 +131,8 @@
"Pictures" "Pictures"
"Documents" "Documents"
".ssh" ".ssh"
"dev"
".mozilla" ".mozilla"
"devold"
".config/cosmic" ".config/cosmic"
".local/share/direnv" ".local/share/direnv"
".local/state/cosmic-comp" ".local/state/cosmic-comp"

52
machines/gallifrey/syncthing.nix
View file

@ -1,52 +0,0 @@
{ config, ... }:
{
services.syncthing = {
enable = true;
user = "julien";
group = "users";
overrideDevices = true;
overrideFolders = true;
settings.options = {
urAccepted = -1;
listenAddresses = [ "tcp://${config.machine.meta.ips.vpn.ipv4}" ];
};
devices = {
"gustave" = {
id = "6APF3EP-TIV7ZBK-5WB5SA4-Y2K37CR-AMIB2TM-6T2VORK-UYNQO2X-TO6V2QH";
addresses = [
"tcp://gustave.luj:22000"
];
};
"fischer" = {
id = "PLIMD3Z-L4DYKDB-MY4PFTS-3RMQUNF-GFWFOBB-SELW6MB-WIQJ2LM-QAC45QQ";
addresses = [
"tcp://fischer.luj:22000"
];
};
};
folders = {
"dev" = {
path = "/home/julien/dev";
devices = [
"gustave"
"fischer"
];
};
};
};
systemd.services.syncthing.serviceConfig.StateDirectory = "syncthing";
systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true";
environment.persistence."/persistent".directories = [
{
directory = "/home/julien/dev";
user = "julien";
group = "users";
}
];
}

1
machines/gustave/default.nix
View file

@ -47,7 +47,6 @@
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
programs.fuse.userAllowOther = true;
deployment.tags = [ "server" ]; deployment.tags = [ "server" ];

45
machines/gustave/home-julien.nix
View file

@ -1,45 +1,4 @@
{ pkgs, ... }: _:
{ {
luj.hmgr.julien = { luj.hmgr.julien = { };
home.persistence."/persistent/home/julien" = {
files = [
".config/gnome-initial-setup-done"
".config/background"
".cert/nm-openvpn/telecom-paris-ca.pem"
".local/share/com.ranfdev.Notify.sqlite"
];
directories = [
"Pictures"
"Documents"
".ssh"
".mozilla"
"devold"
".config/cosmic"
".local/share/direnv"
".local/state/cosmic-comp"
".local/share/atuin"
".local/share/firefoxpwa"
".config/Signal"
".cache/spotify"
".config/spotify"
".config/autostart"
".config/borg"
".config/pika-backup"
".config/Element"
".step"
".emacs.d"
".gnupg"
"Zotero"
".config/dconf"
".local/share/keyrings"
".cache/mu"
"Maildir"
];
allowOther = true;
};
home.stateVersion = "23.11";
home.packages = [ pkgs.hello ];
};
} }

21
machines/gustave/syncthing.nix
View file

@ -14,16 +14,7 @@
devices = { devices = {
"fischer" = { "fischer" = {
id = "PLIMD3Z-L4DYKDB-MY4PFTS-3RMQUNF-GFWFOBB-SELW6MB-WIQJ2LM-QAC45QQ"; id = "XEPZZIP-GX73OKE-KNGZA47-XWWGI5G-LNXPU57-BMLXK5M-VNGS5UQ-ZFIZSAK";
addresses = [
"tcp://fischer.luj:22000"
];
};
"gallifrey" = {
id = "P3BTFAX-4MCSFQB-C5R5YBP-YGMJ6FU-OKJN4QG-MJ2BV6Y-YB4U7VL-3GFSTAM";
addresses = [
"tcp://gallifrey.luj:22000"
];
}; };
}; };
folders = { folders = {
@ -31,7 +22,6 @@
path = "/home/julien/dev"; path = "/home/julien/dev";
devices = [ devices = [
"fischer" "fischer"
"gallifrey"
]; ];
}; };
}; };
@ -39,13 +29,4 @@
systemd.services.syncthing.serviceConfig.StateDirectory = "syncthing"; systemd.services.syncthing.serviceConfig.StateDirectory = "syncthing";
systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true"; systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true";
environment.persistence."/persistent".directories = [
{
directory = "/home/julien/dev";
user = "julien";
group = "users";
}
];
} }