From 9214bed77f012bbb48ea5c699ec74374fe3d8119 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Sat, 25 Jan 2025 16:48:53 +0100 Subject: [PATCH 1/2] chore: update readme --- README.md | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index f2897e2..63d8cb6 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# My NixOS Configurations ❄ +# Snowfield ❄ [![Build status](https://ci.julienmalka.me/badges/JulienMalka_snowfield_nix-eval.svg)](https://ci.julienmalka.me/#/builders/16) [![built with nix](https://img.shields.io/static/v1?logo=nixos&logoColor=white&label=&message=Built%20with%20Nix&color=41439a)](https://builtwithnix.org) This repository contains the configurations of my machines using NixOS. @@ -7,19 +7,6 @@ This repository contains the configurations of my machines using NixOS. NixOS is a linux distribution based on the Nix package manager. It allows fully reproducible builds and a declarative configuration style, using a functionnal langage called Nix (yes, it is the same name as the package manager and the OS). -### *What is a flake ?* - -This whole repository is a flake. It is an experimental feature of Nix, allowing for pure evaluation of code. Dependency are fully specified and locked. - -### *How does this work ?* - -#### Machines - -This project manage the configuration of three machines : -- **Macintosh**, a thinkpad laptop, -- **Lisa**, a high performance server, -- **Newton**, a low performance stockage server. - Machines configurations are located in the machines folder, and are using all the custom modules defined in this project. #### Modules @@ -28,7 +15,7 @@ This configuration defines a number of custom NixOS and home-manager modules. Th #### Secrets -Secrets are stored in the secrets folder. They are uncrypted upon system activation using the host ssh key. Secrets are managed using nix-sops. +Secrets are stored in the secrets folder. They are uncrypted upon system activation using the host ssh key. Secrets are managed using agenix. ### Inspirations From 5b249c58e5fc3890965124758872615f02d29296 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Sat, 25 Jan 2025 16:49:42 +0100 Subject: [PATCH 2/2] chore: activate syncthing on several machines --- machines/gallifrey/default.nix | 4 ++- machines/gallifrey/home-julien.nix | 3 +- machines/gallifrey/syncthing.nix | 52 ++++++++++++++++++++++++++++++ machines/gustave/default.nix | 1 + machines/gustave/home-julien.nix | 45 ++++++++++++++++++++++++-- machines/gustave/syncthing.nix | 21 +++++++++++- 6 files changed, 120 insertions(+), 6 deletions(-) create mode 100644 machines/gallifrey/syncthing.nix diff --git a/machines/gallifrey/default.nix b/machines/gallifrey/default.nix index 77cbb00..69738a6 100644 --- a/machines/gallifrey/default.nix +++ b/machines/gallifrey/default.nix @@ -10,6 +10,7 @@ imports = [ ./hardware.nix ./home-julien.nix + ./syncthing.nix ]; machine.meta = { @@ -26,7 +27,8 @@ networking.networkmanager.enable = true; - programs.ssh.knownHosts."epyc.infra.newtype.fr".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOXT9Init1MhKt4rjBANLq0t0bPww/WQZ96uB4AEDrml"; + programs.ssh.knownHosts."epyc.infra.newtype.fr".publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOXT9Init1MhKt4rjBANLq0t0bPww/WQZ96uB4AEDrml"; networking.networkmanager.dns = "systemd-resolved"; services.resolved.enable = true; diff --git a/machines/gallifrey/home-julien.nix b/machines/gallifrey/home-julien.nix index 69c26af..1420466 100644 --- a/machines/gallifrey/home-julien.nix +++ b/machines/gallifrey/home-julien.nix @@ -122,7 +122,6 @@ home.persistence."/persistent/home/julien" = { files = [ ".config/gnome-initial-setup-done" - ".config/monitors.xml" ".config/background" ".cert/nm-openvpn/telecom-paris-ca.pem" ".local/share/com.ranfdev.Notify.sqlite" @@ -131,8 +130,8 @@ "Pictures" "Documents" ".ssh" - "dev" ".mozilla" + "devold" ".config/cosmic" ".local/share/direnv" ".local/state/cosmic-comp" diff --git a/machines/gallifrey/syncthing.nix b/machines/gallifrey/syncthing.nix new file mode 100644 index 0000000..c3abffc --- /dev/null +++ b/machines/gallifrey/syncthing.nix @@ -0,0 +1,52 @@ +{ config, ... }: +{ + services.syncthing = { + enable = true; + user = "julien"; + group = "users"; + overrideDevices = true; + overrideFolders = true; + + settings.options = { + urAccepted = -1; + listenAddresses = [ "tcp://${config.machine.meta.ips.vpn.ipv4}" ]; + }; + + devices = { + "gustave" = { + id = "6APF3EP-TIV7ZBK-5WB5SA4-Y2K37CR-AMIB2TM-6T2VORK-UYNQO2X-TO6V2QH"; + addresses = [ + "tcp://gustave.luj:22000" + ]; + }; + + "fischer" = { + id = "PLIMD3Z-L4DYKDB-MY4PFTS-3RMQUNF-GFWFOBB-SELW6MB-WIQJ2LM-QAC45QQ"; + addresses = [ + "tcp://fischer.luj:22000" + ]; + }; + + }; + folders = { + "dev" = { + path = "/home/julien/dev"; + devices = [ + "gustave" + "fischer" + ]; + }; + }; + }; + + systemd.services.syncthing.serviceConfig.StateDirectory = "syncthing"; + systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true"; + environment.persistence."/persistent".directories = [ + { + directory = "/home/julien/dev"; + user = "julien"; + group = "users"; + } + ]; + +} diff --git a/machines/gustave/default.nix b/machines/gustave/default.nix index 7dc02a7..18dd3f8 100644 --- a/machines/gustave/default.nix +++ b/machines/gustave/default.nix @@ -47,6 +47,7 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + programs.fuse.userAllowOther = true; deployment.tags = [ "server" ]; diff --git a/machines/gustave/home-julien.nix b/machines/gustave/home-julien.nix index 8b3d5a4..04feccd 100644 --- a/machines/gustave/home-julien.nix +++ b/machines/gustave/home-julien.nix @@ -1,4 +1,45 @@ -_: +{ pkgs, ... }: { - luj.hmgr.julien = { }; + luj.hmgr.julien = { + + home.persistence."/persistent/home/julien" = { + files = [ + ".config/gnome-initial-setup-done" + ".config/background" + ".cert/nm-openvpn/telecom-paris-ca.pem" + ".local/share/com.ranfdev.Notify.sqlite" + ]; + directories = [ + "Pictures" + "Documents" + ".ssh" + ".mozilla" + "devold" + ".config/cosmic" + ".local/share/direnv" + ".local/state/cosmic-comp" + ".local/share/atuin" + ".local/share/firefoxpwa" + ".config/Signal" + ".cache/spotify" + ".config/spotify" + ".config/autostart" + ".config/borg" + ".config/pika-backup" + ".config/Element" + ".step" + ".emacs.d" + ".gnupg" + "Zotero" + ".config/dconf" + ".local/share/keyrings" + ".cache/mu" + "Maildir" + ]; + allowOther = true; + }; + + home.stateVersion = "23.11"; + home.packages = [ pkgs.hello ]; + }; } diff --git a/machines/gustave/syncthing.nix b/machines/gustave/syncthing.nix index 30b4bc1..4f6644e 100644 --- a/machines/gustave/syncthing.nix +++ b/machines/gustave/syncthing.nix @@ -14,7 +14,16 @@ devices = { "fischer" = { - id = "XEPZZIP-GX73OKE-KNGZA47-XWWGI5G-LNXPU57-BMLXK5M-VNGS5UQ-ZFIZSAK"; + id = "PLIMD3Z-L4DYKDB-MY4PFTS-3RMQUNF-GFWFOBB-SELW6MB-WIQJ2LM-QAC45QQ"; + addresses = [ + "tcp://fischer.luj:22000" + ]; + }; + "gallifrey" = { + id = "P3BTFAX-4MCSFQB-C5R5YBP-YGMJ6FU-OKJN4QG-MJ2BV6Y-YB4U7VL-3GFSTAM"; + addresses = [ + "tcp://gallifrey.luj:22000" + ]; }; }; folders = { @@ -22,6 +31,7 @@ path = "/home/julien/dev"; devices = [ "fischer" + "gallifrey" ]; }; }; @@ -29,4 +39,13 @@ systemd.services.syncthing.serviceConfig.StateDirectory = "syncthing"; systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true"; + + environment.persistence."/persistent".directories = [ + { + directory = "/home/julien/dev"; + user = "julien"; + group = "users"; + } + ]; + }