diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..937a074 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +secrets/** filter=git-crypt diff=git-crypt +.gitattributes !filter !diff diff --git a/build-vm.sh b/build-vm.sh new file mode 100755 index 0000000..e2e8279 --- /dev/null +++ b/build-vm.sh @@ -0,0 +1,5 @@ +#!/bin/sh -e +nixos-rebuild build-vm --flake .#cafe +rm -f nixos.qcow2 +./result/bin/run-*-vm +rm -f nixos.qcow2 result diff --git a/flake.lock b/flake.lock index 02c9d81..8762653 100644 --- a/flake.lock +++ b/flake.lock @@ -1,6 +1,194 @@ { "nodes": { + "agda": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixos-config", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1701366566, + "narHash": "sha256-B8Jmjld0gGbkVO08GsovVqrUXCs8VfJ8UdM3sjHnzgM=", + "owner": "agda", + "repo": "agda", + "rev": "4293e0a94d15acac915ab9088b2ec028f78d14a9", + "type": "github" + }, + "original": { + "owner": "agda", + "ref": "v2.6.4.1", + "repo": "agda", + "type": "github" + } + }, + "cornelis": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixos-config", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1712595875, + "narHash": "sha256-KaAhKeESwOQ0R0vxeAO/CDPiPimiemoARyr0uIVTQ4w=", + "owner": "isovector", + "repo": "cornelis", + "rev": "9d3347e7d8589a28bcdd283001367d60bacf6b05", + "type": "github" + }, + "original": { + "owner": "isovector", + "repo": "cornelis", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1678901627, + "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixos-config", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1712386041, + "narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-23.11", + "repo": "home-manager", + "type": "github" + } + }, + "nixos-config": { + "inputs": { + "agda": "agda", + "cornelis": "cornelis", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "nixpkgs-unstable": "nixpkgs-unstable", + "ssbm-nix": "ssbm-nix" + }, + "locked": { + "lastModified": 1716454285, + "narHash": "sha256-VPD9pgXR7awQ9d1mvh2NpnWnE0FNc2+6nEFlC8I16S0=", + "ref": "refs/heads/master", + "rev": "259c7dc9971e92323625da97af5177f13975d180", + "revCount": 136, + "type": "git", + "url": "https://githug.xyz/rachel/nixos-config" + }, + "original": { + "type": "git", + "url": "https://githug.xyz/rachel/nixos-config" + } + }, "nixpkgs": { + "locked": { + "lastModified": 1712588820, + "narHash": "sha256-y31s5idk3jMJMAVE4Ud9AdI7HT3CgTAeMTJ0StqKN7Y=", + "owner": "NixOs", + "repo": "nixpkgs", + "rev": "d272ca50d1f7424fbfcd1e6f1c9e01d92f6da167", + "type": "github" + }, + "original": { + "owner": "NixOs", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1713297878, + "narHash": "sha256-hOkzkhLT59wR8VaMbh1ESjtZLbGi+XNaBN6h49SPqEc=", + "owner": "NixOs", + "repo": "nixpkgs", + "rev": "66adc1e47f8784803f2deb6cacd5e07264ec2d5c", + "type": "github" + }, + "original": { + "owner": "NixOs", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1711703276, + "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1716361217, "narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=", @@ -18,7 +206,58 @@ }, "root": { "inputs": { - "nixpkgs": "nixpkgs" + "nixos-config": "nixos-config", + "nixpkgs": "nixpkgs_3" + } + }, + "slippi-desktop": { + "flake": false, + "locked": { + "lastModified": 1711346593, + "narHash": "sha256-WWgGRT58w1a4UcEe924hqa4ZVodQtsbXC44aCOEj528=", + "owner": "project-slippi", + "repo": "slippi-desktop-app", + "rev": "02f3f007cd03c6e2b0da57db65c90646efc04a86", + "type": "github" + }, + "original": { + "owner": "project-slippi", + "repo": "slippi-desktop-app", + "type": "github" + } + }, + "ssbm-nix": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "slippi-desktop": "slippi-desktop" + }, + "locked": { + "lastModified": 1712071998, + "narHash": "sha256-k95NCkXJ61PGMFuqyMtfvP3yTLozED/7DkN+lBWK0gs=", + "owner": "lytedev", + "repo": "ssbm-nix", + "rev": "eff966a97287d1d86b189d59a14bf744d86836b0", + "type": "github" + }, + "original": { + "owner": "lytedev", + "repo": "ssbm-nix", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index 0a4d4b0..7e29629 100644 --- a/flake.nix +++ b/flake.nix @@ -1,21 +1,40 @@ { - description = "My various NixOs configurations"; + description = "NixOs configuration for my server"; inputs = { nixpkgs.url = "github:NixOs/nixpkgs/nixos-23.11"; + nixos-config.url = "git+https://githug.xyz/rachel/nixos-config"; }; - outputs = { self, nixpkgs, ... }: + outputs = { self, nixpkgs, nixos-config, ... }: let nix-config-module = { nix.registry.nixpkgs.flake = nixpkgs; system.configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev; }; + keyboard-module = + { + console = { + useXkbConfig = true; + }; + + services.xserver = { + xkb = { + layout = "fox"; + extraLayouts.fox = { + description = "Layout suitable to be used by a fox"; + languages = [ "se" ]; + symbolsFile = nixos-config.keyboardLayouts.fox; + }; + }; + }; + }; in { nixosConfigurations.cafe = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ nix-config-module + keyboard-module ./host.nix ]; }; diff --git a/host.nix b/host.nix index 95caa54..5365f46 100644 --- a/host.nix +++ b/host.nix @@ -3,6 +3,7 @@ let gitea = { host = "10.10.0.1"; local = "10.10.0.2"; }; + secrets = import ./secrets/secrets.nix; in { # [CONTAINERS] @@ -12,7 +13,7 @@ in privateNetwork = true; hostAddress = gitea.host; localAddress = gitea.local; - config = ./gitea.nix; + config = ./guests/gitea.nix; }; # [NGINX] @@ -31,31 +32,11 @@ in networking.firewall.allowedUDPPorts = [ ]; # VM test user - users.users.test.isSystemUser = true ; - users.users.test.initialPassword = "test"; - users.users.test.group = "test"; - users.groups.test = {}; + users.users.admin.isSystemUser = true ; + users.users.admin.hashedPassword = builtins.readFile ./secrets/admin_password; + users.users.admin.group = "admin"; + users.groups.admin = {}; - console = { - useXkbConfig = true; - }; - - services.xserver = { - xkb = { - layout = "fox,sus"; - options = "ctrl:nocaps"; - extraLayouts.sus = { - description = "Swedish US"; - languages = [ "se" ]; - symbolsFile = ../shared/sus.xkb; - }; - extraLayouts.fox = { - description = "Layout suitable to be used by a fox"; - languages = [ "se" ]; - symbolsFile = ../shared/fox.xkb; - }; - }; - }; system.stateVersion = "23.11"; diff --git a/secrets/admin_password b/secrets/admin_password new file mode 100644 index 0000000..ddf3156 Binary files /dev/null and b/secrets/admin_password differ