hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: hektor:1a1a85aeda1eb252b69f30f490b24816b6f707c8
Branches Tags
hektor:main
...
compare: hektor:b6500b97ff6c05c3afd88e91627922e543512aa3
Branches Tags
hektor:main

8 Commits
1a1a85aeda ... b6500b97ff

Author SHA1 Message Date
hektor
b6500b97ff refactor(stylix): extract shared stylix overrides into 'targets.nix' 2026-04-21 17:11:16 +02:00
hektor
8f756554ad refactor(stylix): do not hardcode 'dconf' font 2026-04-21 17:11:10 +02:00
hektor
583b9ea5f3 refactor(deploy): move deployment config into '<host>/meta.nix' 2026-04-21 17:11:04 +02:00
hektor
6a30a431f8 refactor: simplify 'user' options 2026-04-21 17:10:42 +02:00
hektor
38818e7508 refactor: merge '<host>/system.nix' into '<host>/meta.nix' 2026-04-21 15:51:25 +02:00
hektor
94c64e9d33 fix: remove task count limits 2026-04-21 15:51:21 +02:00
Hektor Misplon
a9854ac144 feat: alias 'kubectl' to 'k' 2026-04-21 15:51:17 +02:00
Hektor Misplon
8b109af08b fix: add 'devenv' to 'astyanax' and 'work' hosts 2026-04-21 15:51:12 +02:00
47 changed files with 168 additions and 282 deletions
Expand all files Collapse all files

12
deploy/colmena.nix
View File

@@ -8,19 +8,15 @@ let
utils = import ../utils { inherit lib; }; utils = import ../utils { inherit lib; };
hostDirNames = utils.dirNames ../hosts; hostDirNames = utils.dirNames ../hosts;
mkNode = hostname: tags: { mkNode = hostname: meta: {
imports = [ ../hosts/${hostname} ]; imports = [ ../hosts/${hostname} ];
deployment = { deployment = {
targetHost = self.nixosConfigurations.${hostname}.config.ssh.publicHostname; inherit (meta.deployment) targetHost targetUser tags;
targetUser = self.nixosConfigurations.${hostname}.config.ssh.username; buildOnTarget = builtins.any (t: t != "local" && t != "arm") meta.deployment.tags;
buildOnTarget = builtins.any (t: t != "local" && t != "arm") tags;
inherit tags;
}; };
}; };
nodes = lib.genAttrs hostDirNames ( nodes = lib.genAttrs hostDirNames (hostname: mkNode hostname (utils.hostMeta ../hosts/${hostname}));
hostname: mkNode hostname (utils.hostMeta ../hosts/${hostname}).deployment.tags
);
in in
inputs.colmena.lib.makeHive ( inputs.colmena.lib.makeHive (
{ {

29
dots/.local/share/task/hooks/on-add.limit.py
View File

@@ -1,29 +0,0 @@
#!/usr/bin/env python3
import sys
import json
SLOTS_FILE = "/home/h/.local/share/task/add_slots"
def get_slots():
try:
with open(SLOTS_FILE, "r") as f:
return int(f.read().strip())
except:
return 0
slots = get_slots()
if slots <= 0:
print(f"Cannot add task: No slots available (0/{slots}).")
print("Delete or complete a task first to earn an add slot.")
sys.exit(1)
with open(SLOTS_FILE, "w") as f:
f.write(str(slots - 1))
print(f"Task added. Slots remaining: {slots - 1}")
for line in sys.stdin:
task = json.loads(line)
print(json.dumps(task))
sys.exit(0)

34
dots/.local/share/task/hooks/on-modify.limit.py
View File

@@ -1,34 +0,0 @@
#!/usr/bin/env python3
import sys
import json
SLOTS_FILE = "/home/h/.local/share/task/add_slots"
def get_slots():
try:
with open(SLOTS_FILE, "r") as f:
return int(f.read().strip())
except:
return 0
data = sys.stdin.read().strip().split("\n")
if len(data) < 2:
for line in data:
if line:
print(line)
sys.exit(0)
old_task = json.loads(data[0])
new_task = json.loads(data[1])
was_pending = old_task.get("status") == "pending"
is_not_pending = new_task.get("status") in ("completed", "deleted")
if was_pending and is_not_pending:
slots = get_slots() + 1
with open(SLOTS_FILE, "w") as f:
f.write(str(slots))
print(f"Slot earned! Total slots: {slots}")
print(json.dumps(new_task))
sys.exit(0)

2
flake.nix
View File

@@ -76,7 +76,7 @@
nixpkgs.lib.nixosSystem { nixpkgs.lib.nixosSystem {
modules = [ modules = [
./hosts/${host} ./hosts/${host}
{ nixpkgs.hostPlatform = import ./hosts/${host}/system.nix; } { nixpkgs.hostPlatform = (myUtils.hostMeta ./hosts/${host}).system; }
]; ];
specialArgs = { specialArgs = {
inherit inherit

1
home/hosts/astyanax/default.nix
View File

@@ -15,6 +15,7 @@
../../modules/cloud ../../modules/cloud
../../modules/comms ../../modules/comms
../../modules/desktop/niri ../../modules/desktop/niri
../../modules/devenv
../../modules/direnv ../../modules/direnv
../../modules/git ../../modules/git
../../modules/k8s/k9s.nix ../../modules/k8s/k9s.nix

8
home/hosts/work/default.nix
View File

@@ -5,9 +5,6 @@
... ...
}: }:
let
username = "hektor";
in
{ {
imports = [ imports = [
inputs.sops-nix.homeManagerModules.sops inputs.sops-nix.homeManagerModules.sops
@@ -21,6 +18,7 @@ in
../../modules/database ../../modules/database
../../modules/dconf ../../modules/dconf
../../modules/desktop/niri ../../modules/desktop/niri
../../modules/devenv
../../modules/direnv ../../modules/direnv
../../modules/docker ../../modules/docker
../../modules/git ../../modules/git
@@ -56,8 +54,8 @@ in
home = { home = {
stateVersion = "25.05"; stateVersion = "25.05";
inherit username; username = "hektor";
homeDirectory = "/home/${username}"; homeDirectory = "/home/${config.home.username}";
}; };
targets.genericLinux.nixGL = { targets.genericLinux.nixGL = {

5
home/modules/dconf/default.nix
View File

@@ -3,6 +3,7 @@
let let
terminal = "kitty"; terminal = "kitty";
browser = config.browser.primary; browser = config.browser.primary;
font = "${config.stylix.fonts.monospace.name} ${toString config.stylix.fonts.sizes.applications}";
in in
{ {
dconf.settings = { dconf.settings = {
@@ -40,9 +41,9 @@ in
clock-show-weekday = true; clock-show-weekday = true;
color-scheme = "prefer-dark"; color-scheme = "prefer-dark";
enable-hot-corners = false; enable-hot-corners = false;
font-name = "Iosevka Term SS08 12"; font-name = font;
locate-pointer = true; locate-pointer = true;
monospace-font-name = "Iosevka Term SS08 12"; monospace-font-name = font;
}; };
"org/gnome/desktop/wm/keybindings" = { "org/gnome/desktop/wm/keybindings" = {

11
home/modules/default.nix
View File

@@ -6,13 +6,19 @@
}: }:
{ {
options.nixgl.wrap = lib.mkOption { options = {
host.username = lib.mkOption {
type = lib.types.str;
default = config.home.username;
};
nixgl.wrap = lib.mkOption {
type = lib.types.functionTo lib.types.package; type = lib.types.functionTo lib.types.package;
default = if config.lib ? nixGL then config.lib.nixGL.wrap else lib.id; default = if config.lib ? nixGL then config.lib.nixGL.wrap else lib.id;
readOnly = true; readOnly = true;
}; };
options.wrapApp = lib.mkOption { wrapApp = lib.mkOption {
type = lib.types.raw; type = lib.types.raw;
default = default =
pkg: flags: pkg: flags:
@@ -27,4 +33,5 @@
pkg; pkg;
readOnly = true; readOnly = true;
}; };
};
} }

4
home/modules/k8s/default.nix
View File

@@ -18,6 +18,10 @@
enableAlias = true; enableAlias = true;
}; };
home.shellAliases = {
k = "kubectl";
};
imports = [ imports = [
./helm.nix ./helm.nix
./k9s.nix ./k9s.nix

22
home/modules/ssh/default.nix
View File

@@ -1,18 +1,15 @@
{ {
outputs, myUtils,
lib, lib,
pkgs, pkgs,
... ...
}: }:
let let
nixosConfigs = builtins.attrNames outputs.nixosConfigurations; hostDir = ../../hosts;
homeConfigs = map (n: lib.last (lib.splitString "@" n)) ( hostNames = myUtils.dirNames hostDir;
builtins.attrNames outputs.homeConfigurations
);
allHosts = lib.unique (homeConfigs ++ nixosConfigs);
hostsWithKeys = lib.filter ( hostsWithKeys = lib.filter (
hostname: builtins.pathExists ../../hosts/${hostname}/ssh_host.pub hostname: builtins.pathExists (hostDir + "/${hostname}/ssh_host.pub")
) allHosts; ) hostNames;
in in
{ {
home.packages = with pkgs; [ sshfs ]; home.packages = with pkgs; [ sshfs ];
@@ -25,15 +22,14 @@ in
lib.genAttrs hostsWithKeys ( lib.genAttrs hostsWithKeys (
hostname: hostname:
let let
hostConfig = outputs.nixosConfigurations.${hostname}.config; meta = myUtils.hostMeta (hostDir + "/${hostname}");
inherit (hostConfig.ssh) publicHostname username;
in in
{ {
host = hostname; host = hostname;
user = username; user = meta.deployment.targetUser;
} }
// lib.optionalAttrs (publicHostname != "") { // lib.optionalAttrs (meta.deployment.targetHost != "") {
hostname = publicHostname; hostname = meta.deployment.targetHost;
} }
) )
// { // {

17
home/modules/stylix/default.nix
View File

@@ -25,21 +25,6 @@ in
sansSerif = config.stylix.fonts.monospace; sansSerif = config.stylix.fonts.monospace;
emoji = config.stylix.fonts.monospace; emoji = config.stylix.fonts.monospace;
}; };
targets = { targets = import ../../../modules/stylix/targets.nix;
firefox = {
profileNames = [ "default" ];
colorTheme.enable = true;
};
librewolf = {
profileNames = [ "default" ];
colorTheme.enable = true;
};
gnome.enable = false;
gtk.enable = false;
kitty = {
variant256Colors = true;
};
nixvim.enable = false;
};
}; };
} }

8
home/modules/taskwarrior/default.nix
View File

@@ -56,14 +56,6 @@ lib.optionalAttrs standalone {
".local/share/task/hooks/on-exit.sync.py" = { ".local/share/task/hooks/on-exit.sync.py" = {
source = dotsPath + "/.local/share/task/hooks/on-exit.sync.py"; source = dotsPath + "/.local/share/task/hooks/on-exit.sync.py";
}; };
".local/share/task/hooks/on-add.limit.py" = {
source = dotsPath + "/.local/share/task/hooks/on-add.limit.py";
executable = true;
};
".local/share/task/hooks/on-modify.limit.py" = {
source = dotsPath + "/.local/share/task/hooks/on-modify.limit.py";
executable = true;
};
".local/share/task/scripts/sync-and-notify.sh" = { ".local/share/task/scripts/sync-and-notify.sh" = {
source = dotsPath + "/.local/share/task/scripts/sync-and-notify.sh"; source = dotsPath + "/.local/share/task/scripts/sync-and-notify.sh";
executable = true; executable = true;

23
hosts/andromache/default.nix
View File

@@ -51,31 +51,17 @@ in
../../modules/yubikey ../../modules/yubikey
]; ];
home-manager.users.${config.host.username} = import ../../home/hosts/andromache { home-manager.users.${config.host.username} = import ../../home/hosts/andromache;
inherit
inputs
config
pkgs
lib
;
};
ssh.username = config.host.username;
ssh.authorizedHosts = [ "astyanax" ]; ssh.authorizedHosts = [ "astyanax" ];
secrets = { secrets.nixSigningKey.enable = true;
inherit (config.host) username;
nixSigningKey.enable = true;
};
tailscale.enable = true; tailscale.enable = true;
docker.user = config.host.username; docker.enable = true;
hcloud = { hcloud.enable = true;
enable = true;
inherit (config.host) username;
};
disko.devices = { disko.devices = {
disk.data = { disk.data = {
@@ -107,7 +93,6 @@ in
my.yubikey = { my.yubikey = {
enable = false; enable = false;
inherit (config.host) username;
keys = [ keys = [
{ {
handle = "<KeyHandle1>"; handle = "<KeyHandle1>";

7
hosts/andromache/meta.nix
View File

@@ -1,4 +1,9 @@
{ {
deployment.tags = [ "local" ]; system = "x86_64-linux";
deployment = {
tags = [ "local" ];
targetHost = "";
targetUser = "h";
};
role = "desktop"; role = "desktop";
} }

1
hosts/andromache/system.nix
View File

@@ -1 +0,0 @@
"x86_64-linux"

19
hosts/astyanax/default.nix
View File

@@ -47,26 +47,15 @@ in
../../modules/yubikey ../../modules/yubikey
]; ];
home-manager.users.${config.host.username} = import ../../home/hosts/astyanax { home-manager.users.${config.host.username} = import ../../home/hosts/astyanax;
inherit
inputs
config
pkgs
lib
;
};
ssh.username = config.host.username;
ssh.authorizedHosts = [ "andromache" ]; ssh.authorizedHosts = [ "andromache" ];
secrets = { secrets.nixSigningKey.enable = true;
inherit (config.host) username;
nixSigningKey.enable = true;
};
tailscale.enable = true; tailscale.enable = true;
docker.user = config.host.username; docker.enable = true;
nfc.user = config.host.username; nfc.enable = true;
desktop.ly.enable = true; desktop.ly.enable = true;
audio.automation.enable = true; audio.automation.enable = true;

7
hosts/astyanax/meta.nix
View File

@@ -1,4 +1,9 @@
{ {
deployment.tags = [ "local" ]; system = "x86_64-linux";
deployment = {
tags = [ "local" ];
targetHost = "";
targetUser = "h";
};
role = "laptop"; role = "laptop";
} }

1
hosts/astyanax/system.nix
View File

@@ -1 +0,0 @@
"x86_64-linux"

2
hosts/eetion-02/default.nix
View File

@@ -12,8 +12,6 @@
]; ];
ssh = { ssh = {
inherit (config.host) username;
publicHostname = config.host.name;
authorizedHosts = [ authorizedHosts = [
"andromache" "andromache"
"astyanax" "astyanax"

7
hosts/eetion-02/meta.nix
View File

@@ -1,4 +1,9 @@
{ {
deployment.tags = [ "arm" ]; system = "aarch64-linux";
deployment = {
tags = [ "arm" ];
targetHost = "eetion-02";
targetUser = "h";
};
role = "embedded"; role = "embedded";
} }

1
hosts/eetion-02/system.nix
View File

@@ -1 +0,0 @@
"aarch64-linux"

2
hosts/eetion/default.nix
View File

@@ -13,8 +13,6 @@
]; ];
ssh = { ssh = {
inherit (config.host) username;
publicHostname = config.host.name;
authorizedHosts = [ authorizedHosts = [
"andromache" "andromache"
"astyanax" "astyanax"

7
hosts/eetion/meta.nix
View File

@@ -1,4 +1,9 @@
{ {
deployment.tags = [ "arm" ]; system = "aarch64-linux";
deployment = {
tags = [ "arm" ];
targetHost = "eetion";
targetUser = "h";
};
role = "embedded"; role = "embedded";
} }

1
hosts/eetion/system.nix
View File

@@ -1 +0,0 @@
"aarch64-linux"

4
hosts/hecuba/default.nix
View File

@@ -19,15 +19,13 @@
networking.hostName = config.host.name; networking.hostName = config.host.name;
ssh = { ssh = {
inherit (config.host) username;
publicHostname = "server.hektormisplon.xyz";
authorizedHosts = [ authorizedHosts = [
"andromache" "andromache"
"astyanax" "astyanax"
]; ];
}; };
docker.user = config.host.username; docker.enable = true;
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-label/nixos"; device = "/dev/disk/by-label/nixos";

7
hosts/hecuba/meta.nix
View File

@@ -1,4 +1,9 @@
{ {
deployment.tags = [ "cloud" ]; system = "x86_64-linux";
deployment = {
tags = [ "cloud" ];
targetHost = "server.hektormisplon.xyz";
targetUser = "username";
};
role = "server"; role = "server";
} }

1
hosts/hecuba/system.nix
View File

@@ -1 +0,0 @@
"x86_64-linux"

9
hosts/vm/default.nix
View File

@@ -1,7 +1,6 @@
{ {
inputs, inputs,
config, config,
pkgs,
... ...
}: }:
{ {
@@ -29,13 +28,7 @@
../../modules/x ../../modules/x
]; ];
home-manager.users.${config.host.username} = import ../../home/hosts/vm { home-manager.users.${config.host.username} = import ../../home/hosts/vm;
inherit inputs config pkgs;
};
ssh.username = config.host.username;
secrets.username = config.host.username;
disko = { disko = {
devices.disk.main = { devices.disk.main = {

7
hosts/vm/meta.nix
View File

@@ -1,4 +1,9 @@
{ {
deployment.tags = [ "local" ]; system = "x86_64-linux";
deployment = {
tags = [ "local" ];
targetHost = "";
targetUser = "h";
};
role = "vm"; role = "vm";
} }

1
hosts/vm/system.nix
View File

@@ -1 +0,0 @@
"x86_64-linux"

7
images/sd-image-orange-pi-aarch64.nix
View File

@@ -12,10 +12,15 @@ let
in in
{ {
imports = [ imports = [
../modules/common/host.nix
../modules/ssh ../modules/ssh
]; ];
ssh.username = username; host = {
inherit username;
name = "orange-pi";
};
ssh.authorizedHosts = [ ssh.authorizedHosts = [
"andromache" "andromache"
"astyanax" "astyanax"

7
images/sd-image-raspberry-pi-aarch64.nix
View File

@@ -12,10 +12,15 @@ let
in in
{ {
imports = [ imports = [
../modules/common/host.nix
../modules/ssh ../modules/ssh
]; ];
ssh.username = username; host = {
inherit username;
name = "raspberry-pi";
};
ssh.authorizedHosts = [ ssh.authorizedHosts = [
"andromache" "andromache"
"astyanax" "astyanax"

3
modules/ai-tools/default.nix
View File

@@ -1,7 +1,8 @@
{ config, myUtils, ... }: { config, myUtils, ... }:
let let
inherit (config.secrets) sopsDir username; inherit (config.secrets) sopsDir;
inherit (config.host) username;
owner = config.users.users.${username}.name; owner = config.users.users.${username}.name;
in in
{ {

3
modules/anki/default.nix
View File

@@ -1,7 +1,8 @@
{ config, myUtils, ... }: { config, myUtils, ... }:
let let
inherit (config.secrets) sopsDir username; inherit (config.secrets) sopsDir;
inherit (config.host) username;
owner = config.users.users.${username}.name; owner = config.users.users.${username}.name;
in in
{ {

5
modules/common/default.nix
View File

@@ -73,6 +73,11 @@ in
myUtils myUtils
; ;
}; };
sharedModules = [
{
host.username = lib.mkDefault config.host.username;
}
];
}; };
}; };
} }

24
modules/docker/default.nix
View File

@@ -2,29 +2,17 @@
let let
cfg = config.docker; cfg = config.docker;
inherit (config.host) username;
in in
{ {
options.docker = { options.docker = {
enable = lib.mkEnableOption "docker";
rootless = lib.mkOption { rootless = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
}; };
user = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
};
}; };
config = lib.mkMerge [ config = lib.mkMerge [
{
warnings = lib.flatten [
(lib.optional (
cfg.rootless && cfg.user != null
) "'virtualisation.docker.user' is ignored when rootless mode is enabled")
(lib.optional (
!cfg.rootless && cfg.user == null
) "'virtualisation.docker.user' is not set (no user is added to the docker group)")
];
}
(lib.mkIf cfg.rootless { (lib.mkIf cfg.rootless {
virtualisation.docker = { virtualisation.docker = {
enable = false; enable = false;
@@ -34,11 +22,9 @@ in
}; };
}; };
}) })
(lib.mkIf (!cfg.rootless && cfg.user != null) { (lib.mkIf (cfg.enable && !cfg.rootless) {
virtualisation.docker = { virtualisation.docker.enable = true;
enable = true; users.users.${username}.extraGroups = [ "docker" ];
};
users.users.${cfg.user}.extraGroups = [ "docker" ];
}) })
]; ];
} }

2
modules/git/default.nix
View File

@@ -4,7 +4,7 @@
}: }:
let let
inherit (config.secrets) username; inherit (config.host) username;
owner = config.users.users.${username}.name; owner = config.users.users.${username}.name;
in in
{ {

11
modules/hcloud/default.nix
View File

@@ -7,25 +7,22 @@
let let
cfg = config.hcloud; cfg = config.hcloud;
inherit (config.host) username;
inherit (config.secrets) sopsDir; inherit (config.secrets) sopsDir;
in in
{ {
options.hcloud = { options.hcloud = {
enable = lib.mkEnableOption "hcloud CLI configuration"; enable = lib.mkEnableOption "hcloud CLI configuration";
username = lib.mkOption {
type = lib.types.str;
description = "Username for hcloud CLI configuration";
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
sops.secrets = myUtils.mkSopsSecrets sopsDir "hcloud" [ "api-token" ] { sops.secrets = myUtils.mkSopsSecrets sopsDir "hcloud" [ "api-token" ] {
owner = config.users.users.${cfg.username}.name; owner = config.users.users.${username}.name;
}; };
sops.templates."hcloud/cli.toml" = { sops.templates."hcloud/cli.toml" = {
owner = config.users.users.${cfg.username}.name; owner = config.users.users.${username}.name;
path = "/home/${cfg.username}/.config/hcloud/cli.toml"; path = "/home/${username}/.config/hcloud/cli.toml";
content = '' content = ''
active_context = "server" active_context = "server"

10
modules/nfc/default.nix
View File

@@ -2,15 +2,13 @@
let let
cfg = config.nfc; cfg = config.nfc;
inherit (config.host) username;
in in
{ {
options.nfc = { options.nfc = {
user = lib.mkOption { enable = lib.mkEnableOption "NFC device access";
type = lib.types.nullOr lib.types.str;
default = null;
}; };
}; config = lib.mkIf cfg.enable {
config = lib.mkIf (cfg.user != null) { users.users.${username}.extraGroups = [ "dialout" ];
users.users.${cfg.user}.extraGroups = [ "dialout" ];
}; };
} }

9
modules/secrets/default.nix
View File

@@ -9,8 +9,9 @@
let let
cfg = config.secrets; cfg = config.secrets;
inherit (config.host) username;
inherit (cfg) sopsDir; inherit (cfg) sopsDir;
owner = config.users.users.${cfg.username}.name; owner = config.users.users.${username}.name;
mkSopsSecrets = myUtils.mkSopsSecrets sopsDir; mkSopsSecrets = myUtils.mkSopsSecrets sopsDir;
in in
{ {
@@ -18,10 +19,6 @@ in
options = { options = {
secrets = { secrets = {
username = lib.mkOption {
type = lib.types.str;
};
sopsDir = lib.mkOption { sopsDir = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "${toString inputs.nix-secrets}/secrets"; default = "${toString inputs.nix-secrets}/secrets";
@@ -43,7 +40,7 @@ in
# ``` # ```
# age-plugin-yubikey --identity > <keyfile-path> # age-plugin-yubikey --identity > <keyfile-path>
# ``` # ```
age.keyFile = "/home/${cfg.username}/.config/sops/age/keys.txt"; age.keyFile = "/home/${username}/.config/sops/age/keys.txt";
secrets = lib.mkMerge [ secrets = lib.mkMerge [
(mkSopsSecrets "email" [ "personal" "work" ] { inherit owner; }) (mkSopsSecrets "email" [ "personal" "work" ] { inherit owner; })

14
modules/ssh/authorized-keys.nix
View File

@@ -1,22 +1,18 @@
{ lib, config, ... }: { lib, config, ... }:
let
inherit (config.host) username;
in
{ {
options.ssh = { options.ssh = {
authorizedHosts = lib.mkOption { authorizedHosts = lib.mkOption {
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
default = [ ]; default = [ ];
}; };
username = lib.mkOption {
type = lib.types.str;
default = "h";
};
publicHostname = lib.mkOption {
type = lib.types.str;
default = "";
};
}; };
# auto generate authorized_keys from `authorizedHosts` # auto generate authorized_keys from `authorizedHosts`
config.users.users.${config.ssh.username}.openssh.authorizedKeys.keys = lib.flatten ( config.users.users.${username}.openssh.authorizedKeys.keys = lib.flatten (
map ( map (
hostname: hostname:
let let

2
modules/ssh/extract-keys.nix
View File

@@ -1,6 +1,6 @@
{ lib, config, ... }: { lib, config, ... }:
let let
inherit (config.ssh) username; inherit (config.host) username;
in in
{ {
# auto extract SSH keys # auto extract SSH keys

15
modules/stylix/default.nix
View File

@@ -30,20 +30,7 @@ in
home-manager.sharedModules = [ home-manager.sharedModules = [
{ {
stylix.targets = { stylix.targets = import ./targets.nix;
firefox = {
profileNames = [ "default" ];
colorTheme.enable = true;
};
librewolf = {
profileNames = [ "default" ];
colorTheme.enable = true;
};
kitty.variant256Colors = true;
gnome.enable = false;
gtk.enable = false;
nixvim.enable = false;
};
} }
]; ];
} }

14
modules/stylix/targets.nix Normal file
View File

@@ -0,0 +1,14 @@
{
firefox = {
profileNames = [ "default" ];
colorTheme.enable = true;
};
librewolf = {
profileNames = [ "default" ];
colorTheme.enable = true;
};
kitty.variant256Colors = true;
gnome.enable = false;
gtk.enable = false;
nixvim.enable = false;
}

17
modules/syncthing/default.nix
View File

@@ -7,23 +7,18 @@
with lib; with lib;
let let
cfg = config.my.syncthing; inherit (config.host) username;
in in
{ {
options.my.syncthing.username = mkOption {
type = types.str;
default = "h";
};
config = { config = {
users.groups.${cfg.username} = { }; users.groups.${username} = { };
users.users.${cfg.username}.extraGroups = [ cfg.username ]; users.users.${username}.extraGroups = [ username ];
services.syncthing = { services.syncthing = {
enable = true; enable = true;
user = cfg.username; user = username;
group = cfg.username; group = username;
configDir = "/home/${cfg.username}/.local/state/syncthing"; configDir = "/home/${username}/.local/state/syncthing";
openDefaultPorts = true; openDefaultPorts = true;
}; };
}; };

3
modules/taskwarrior/default.nix
View File

@@ -1,7 +1,8 @@
{ config, myUtils, ... }: { config, myUtils, ... }:
let let
inherit (config.secrets) sopsDir username; inherit (config.secrets) sopsDir;
inherit (config.host) username;
owner = config.users.users.${username}.name; owner = config.users.users.${username}.name;
in in
{ {

10
modules/yubikey/default.nix
View File

@@ -9,18 +9,14 @@ with lib;
let let
cfg = config.my.yubikey; cfg = config.my.yubikey;
inherit (config.host) username;
formatKey = key: ":${key.handle},${key.userKey},${key.coseType},${key.options}"; formatKey = key: ":${key.handle},${key.userKey},${key.coseType},${key.options}";
authfileContent = username: keys: username + lib.concatMapStrings formatKey keys; authfileContent = u: keys: u + lib.concatMapStrings formatKey keys;
in in
{ {
options.my.yubikey = { options.my.yubikey = {
enable = mkEnableOption "yubiKey U2F authentication"; enable = mkEnableOption "yubiKey U2F authentication";
username = mkOption {
type = types.str;
default = "h";
};
origin = mkOption { origin = mkOption {
type = types.str; type = types.str;
default = "pam://yubi"; default = "pam://yubi";
@@ -61,7 +57,7 @@ in
interactive = true; interactive = true;
cue = true; cue = true;
inherit (cfg) origin; inherit (cfg) origin;
authfile = pkgs.writeText "u2f-mappings" (authfileContent cfg.username cfg.keys); authfile = pkgs.writeText "u2f-mappings" (authfileContent username cfg.keys);
}; };
}; };
services = { services = {