hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: hektor:2efccdb4de08b2606fda5db458f594a83e36bf3f
Branches Tags
hektor:main
...
compare: hektor:main
Branches Tags
hektor:main

12 Commits
2efccdb4de ... main

Author SHA1 Message Date
hektor
3bcd4c3c13 chore: update lockfile 2026-05-06 19:41:05 +02:00
hektor
d975d49844 fix(nvim): allow unfree nvim plugins 2026-05-06 19:41:00 +02:00
hektor
1ead7fe7be chore: update lockfile 2026-04-30 18:33:01 +02:00
hektor
7dd2fc7e59 chore: update lockfile 2026-04-30 18:28:53 +02:00
Hektor Misplon
95ffe7b908 refactor: derive host name solely from host directory name 2026-04-30 17:20:02 +02:00
Hektor Misplon
ce02cc5538 fix(desktops): resolve xdg portal error on 'work' host 2026-04-30 15:31:07 +02:00
Hektor Misplon
0dbc007a90 feat(database): add redis to database module 2026-04-30 15:07:10 +02:00
Hektor Misplon
57e0d49278 fix(nvim): add missing dependencies 2026-04-30 15:06:51 +02:00
Hektor Misplon
ee44b26147 feat(ai): add 'ai-tools' 'skills' submodule 2026-04-29 18:37:43 +02:00
Hektor Misplon
675306ec91 refactor: modularize 'ai-tools' 2026-04-29 18:37:42 +02:00
Hektor Misplon
a829f160fb fix(gnome): don't use monospace font for 'dconf' 2026-04-29 18:37:07 +02:00
Hektor Misplon
4cfe0387e2 chore: update 'nvim' flake dependencies 2026-04-29 18:37:06 +02:00
31 changed files with 316 additions and 217 deletions
Expand all files Collapse all files

12
dots/.config/nvim/flake.lock generated
View File

@@ -42,11 +42,11 @@
},
"nixCats": {
"locked": {
"lastModified": 1776724015,
"narHash": "sha256-kFpzUivYI8F75cZcggmjKM8HEEJPajKNLweYsTYdM7Q=",
"lastModified": 1777273601,
"narHash": "sha256-xBUa8Tl9V7IXI+VmLEuDc81La/EhoSn1C3EVSnJ3cfU=",
"owner": "BirdeeHub",
"repo": "nixCats-nvim",
"rev": "da76c45b33d589836946bb566bd91df4cd3cfb09",
"rev": "f69ea013e328841a7def7037ed59788a76be8816",
"type": "github"
},
"original": {
@@ -73,11 +73,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1776949667,
"narHash": "sha256-GMSVw35Q+294GlrTUKlx087E31z7KurReQ1YHSKp5iw=",
"lastModified": 1777270315,
"narHash": "sha256-yKB4G6cKsQsWN7M6rZGk6gkJPDNPIzT05y4qzRyCDlI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "01fbdeef22b76df85ea168fbfe1bfd9e63681b30",
"rev": "6368eda62c9775c38ef7f714b2555a741c20c72d",
"type": "github"
},
"original": {

22
dots/.config/nvim/flake.nix
View File

@@ -45,7 +45,23 @@
inherit (nixCats) utils;
luaPath = ./.;
forEachSystem = utils.eachSystem nixpkgs.lib.platforms.all;
extra_pkg_config = { };
extra_pkg_config = {
allowUnfreePredicate =
pkg:
builtins.elem (nixpkgs.lib.getName pkg) [
"vim-sandwich"
"jupytext.nvim"
"eyeliner.nvim"
"context_filetype.vim"
"editorconfig-vim"
"unicode.vim"
"quarto-nvim"
"vim-openscad"
"lsp_lines.nvim"
"nvim-highlight-colors"
"nvim-lint"
];
};
mkDependencyOverlays = system: [
(utils.standardPluginOverlay inputs)
@@ -75,6 +91,7 @@
black
clang
clang-tools
curl # → plenary-nvim, mcp-hub
delta
emmet-language-server
eslint_d
@@ -88,6 +105,8 @@
mcp-hub
nixd
nixfmt
prettier
typescript-language-server
ormolu
prettierd
rust-analyzer
@@ -96,6 +115,7 @@
stylelint
stylua
tree-sitter
tailwindcss-language-server
typescript-language-server
vscode-langservers-extracted
vtsls

78
flake.lock generated
View File

@@ -38,11 +38,11 @@
"base16-helix": {
"flake": false,
"locked": {
"lastModified": 1760703920,
"narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=",
"lastModified": 1776754714,
"narHash": "sha256-E3OAK27smtATTmX45uoTSRsVD+Y+ZiVVfgM/tjpbtYg=",
"owner": "tinted-theming",
"repo": "base16-helix",
"rev": "d646af9b7d14bff08824538164af99d0c521b185",
"rev": "4d508123037e7851ad36ebf7d9c48b0e9e1eb581",
"type": "github"
},
"original": {
@@ -121,11 +121,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1777176175,
"narHash": "sha256-l/0TJCLEarrsyHIKNhAjI4+7lkyGsFqojyx1X1h64Ks=",
"lastModified": 1778040175,
"narHash": "sha256-SSXJp3BMjO2LrW/VLjNdGGcjd3RFEyV4FemYA6OGrYw=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "515c8c1296021efe49ba1b1318ff27a43e93442b",
"rev": "3bd76b0f41e65661866bddcac57ebe83aeadb581",
"type": "gitlab"
},
"original": {
@@ -138,11 +138,11 @@
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1775176642,
"narHash": "sha256-2veEED0Fg7Fsh81tvVDNYR6SzjqQxa7hbi18Jv4LWpM=",
"lastModified": 1776136500,
"narHash": "sha256-r0gN2brVWA351zwMV0Flmlcd6SGMvYqFbvC3DfKFM8Y=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "179704030c5286c729b5b0522037d1d51341022c",
"rev": "0f8ba203d475587f477e7ae12661bd8459e225b7",
"type": "github"
},
"original": {
@@ -342,11 +342,11 @@
]
},
"locked": {
"lastModified": 1777196875,
"narHash": "sha256-6M/rTHxFRdKJ6WZYxrCl68qIyh3BvjWBmYC7Vufolbg=",
"lastModified": 1778009629,
"narHash": "sha256-nUoQtf4Zq7DRYJrfv904hjrxjAlWVP6a1pNNFKx3FCg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "38bf0202cae280174cbb80fc24a63978f16333f7",
"rev": "00ed86e58bb6979a7921859fd1615d19382eac5c",
"type": "github"
},
"original": {
@@ -415,11 +415,11 @@
},
"nixCats": {
"locked": {
"lastModified": 1774835836,
"narHash": "sha256-6ok7iv/9R82vl6MYe3Lwyyb6S5bmW2PxEZtmjzlqyPs=",
"lastModified": 1777273601,
"narHash": "sha256-xBUa8Tl9V7IXI+VmLEuDc81La/EhoSn1C3EVSnJ3cfU=",
"owner": "BirdeeHub",
"repo": "nixCats-nvim",
"rev": "ebb9f279a55ca60ff4e37e4accf6518dc627aa8d",
"rev": "f69ea013e328841a7def7037ed59788a76be8816",
"type": "github"
},
"original": {
@@ -451,11 +451,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1776983936,
"narHash": "sha256-ZOQyNqSvJ8UdrrqU1p7vaFcdL53idK+LOM8oRWEWh6o=",
"lastModified": 1777917524,
"narHash": "sha256-k+LVe9YaO2BEPB9AaCtTtOMCeGi4dxDo6gt4Un3qoPY=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "2096f3f411ce46e88a79ae4eafcfc9df8ed41c61",
"rev": "df7783100babf59001340a7a874ba3824e441ecb",
"type": "github"
},
"original": {
@@ -467,11 +467,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1776877367,
"narHash": "sha256-EHq1/OX139R1RvBzOJ0aMRT3xnWyqtHBRUBuO1gFzjI=",
"lastModified": 1777954456,
"narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0726a0ecb6d4e08f6adced58726b95db924cef57",
"rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
"type": "github"
},
"original": {
@@ -509,11 +509,11 @@
]
},
"locked": {
"lastModified": 1775228139,
"narHash": "sha256-ebbeHmg+V7w8050bwQOuhmQHoLOEOfqKzM1KgCTexK4=",
"lastModified": 1777598946,
"narHash": "sha256-X239dAGaU1+gfDj8jKH8GzlqKMcxaVfXOio+uzBOkeE=",
"owner": "nix-community",
"repo": "NUR",
"rev": "601971b9c89e0304561977f2c28fa25e73aa7132",
"rev": "5d55af01c0f86be583931fe99207fc56c14134b3",
"type": "github"
},
"original": {
@@ -665,11 +665,11 @@
]
},
"locked": {
"lastModified": 1776771786,
"narHash": "sha256-DRFGPfFV6hbrfO9a1PH1FkCi7qR5FgjSqsQGGvk1rdI=",
"lastModified": 1777944972,
"narHash": "sha256-VfGRo1qTBKOe3s2gOv8LSoA6Fk19PvBlwQ1ECN0Evn8=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "bef289e2248991f7afeb95965c82fbcd8ff72598",
"rev": "c591bf665727040c6cc5cb409079acb22dcce33c",
"type": "github"
},
"original": {
@@ -714,11 +714,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1776893932,
"narHash": "sha256-AFD5cf9eNqXq1brHS63xeZy2xKZMgG9J86XJ9I2eLn8=",
"lastModified": 1777835090,
"narHash": "sha256-VLH8zPweblCOvpnQXp4fVs7f6Q79YhXF5XFKlOrvIFk=",
"owner": "danth",
"repo": "stylix",
"rev": "84971726c7ef0bb3669a5443e151cc226e65c518",
"rev": "7989a1054b01153212dede6005abfd1576b8328c",
"type": "github"
},
"original": {
@@ -776,11 +776,11 @@
"tinted-schemes": {
"flake": false,
"locked": {
"lastModified": 1772661346,
"narHash": "sha256-4eu3LqB9tPqe0Vaqxd4wkZiBbthLbpb7llcoE/p5HT0=",
"lastModified": 1777041405,
"narHash": "sha256-BAGZ7ObFV/9Z61OJZun7ifPyhkuHqNuW1QIhQ8LuzCo=",
"owner": "tinted-theming",
"repo": "schemes",
"rev": "13b5b0c299982bb361039601e2d72587d6846294",
"rev": "5f868b3a338b6904c47f3833b9c411be641983a8",
"type": "github"
},
"original": {
@@ -792,11 +792,11 @@
"tinted-tmux": {
"flake": false,
"locked": {
"lastModified": 1772934010,
"narHash": "sha256-x+6+4UvaG+RBRQ6UaX+o6DjEg28u4eqhVRM9kpgJGjQ=",
"lastModified": 1777169200,
"narHash": "sha256-h7dDbIzP5hDr9v97w9PL6jdAgXawmj6krcH+959rqpU=",
"owner": "tinted-theming",
"repo": "tinted-tmux",
"rev": "c3529673a5ab6e1b6830f618c45d9ce1bcdd829d",
"rev": "f798c2dce44ef815bb6b8f05a82135c7942d35ac",
"type": "github"
},
"original": {
@@ -808,11 +808,11 @@
"tinted-zed": {
"flake": false,
"locked": {
"lastModified": 1772909925,
"narHash": "sha256-jx/5+pgYR0noHa3hk2esin18VMbnPSvWPL5bBjfTIAU=",
"lastModified": 1777463218,
"narHash": "sha256-Bhkozqtq3BKLqWTlmKm8uAptfX4aRGI8QX3eEL54Vpc=",
"owner": "tinted-theming",
"repo": "base16-zed",
"rev": "b4d3a1b3bcbd090937ef609a0a3b37237af974df",
"rev": "5768d08ed2e7944a26a958868cdb073cb8856dae",
"type": "github"
},
"original": {

5
flake.nix
View File

@@ -76,7 +76,10 @@
nixpkgs.lib.nixosSystem {
modules = [
./hosts/${host}
{ nixpkgs.hostPlatform = (myUtils.hostMeta ./hosts/${host}).system; }
{
nixpkgs.hostPlatform = (myUtils.hostMeta ./hosts/${host}).system;
host.name = host;
}
];
specialArgs = {
inherit

7
home/hosts/work/default.nix
View File

@@ -73,8 +73,11 @@
tirith.enable = true;
opencode.enable = true;
};
database.mssql.enable = true;
database.postgresql.enable = true;
database = {
mssql.enable = true;
postgresql.enable = true;
redis.enable = true;
};
git.github.enable = true;
git.gitlab.enable = true;
secrets.vault.enable = true;

60
home/modules/ai-tools/claude-code.nix Normal file
View File

@@ -0,0 +1,60 @@
{
lib,
config,
pkgs,
...
}:
let
cfg = config.ai-tools.claude-code;
rtk-version = "0.18.1";
in
{
options.ai-tools.claude-code.enable = lib.mkEnableOption "claude code with rtk and ccline";
config = lib.mkIf cfg.enable {
programs.claude-code.enable = true;
home.packages = with pkgs; [
(stdenv.mkDerivation {
name = "ccline";
src = fetchurl {
url = "https://github.com/Haleclipse/CCometixLine/releases/download/v1.0.8/ccline-linux-x64.tar.gz";
hash = "sha256-Joe3Dd6uSMGi66QT6xr2oY/Tz8rA5RuKa6ckBVJIzI0=";
};
unpackPhase = "tar xzf $src";
installPhase = ''
mkdir -p $out/bin
cp ccline $out/bin/
chmod +x $out/bin/ccline
'';
meta = {
description = "CCometixLine Linux x64 CLI (Claude Code statusline)";
homepage = "https://github.com/Haleclipse/CCometixLine";
license = lib.licenses.mit;
platforms = [ "x86_64-linux" ];
};
})
(stdenv.mkDerivation {
name = "rtk-${rtk-version}";
version = rtk-version;
src = fetchurl {
url = "https://github.com/rtk-ai/rtk/releases/download/v${rtk-version}/rtk-x86_64-unknown-linux-gnu.tar.gz";
hash = "sha256-XoTia5K8b00OzcKYCufwx8ApkAS31DxUCpGSU0jFs2Q=";
};
unpackPhase = "tar xzf $src";
installPhase = ''
mkdir -p $out/bin
cp rtk $out/bin/
chmod +x $out/bin/rtk
'';
meta = {
description = "RTK - AI coding tool enhancer";
homepage = "https://www.rtk-ai.app";
license = lib.licenses.mit;
platforms = [ "x86_64-linux" ];
};
})
mcp-nixos
];
};
}

118
home/modules/ai-tools/default.nix
View File

@@ -1,116 +1,8 @@
{
lib,
config,
pkgs,
...
}:
let
cfg = config.ai-tools;
rtk-version = "0.18.1";
in
{
options.ai-tools = {
claude-code.enable = lib.mkEnableOption "claude code with rtk and ccline";
tirith.enable = lib.mkEnableOption "tirith shell security guard";
opencode.enable = lib.mkEnableOption "opencode";
};
config = lib.mkMerge [
(lib.mkIf cfg.claude-code.enable {
home.packages = with pkgs; [
claude-code
(pkgs.stdenv.mkDerivation {
name = "ccline";
src = pkgs.fetchurl {
url = "https://github.com/Haleclipse/CCometixLine/releases/download/v1.0.8/ccline-linux-x64.tar.gz";
hash = "sha256-Joe3Dd6uSMGi66QT6xr2oY/Tz8rA5RuKa6ckBVJIzI0=";
};
unpackPhase = ''
tar xzf $src
'';
installPhase = ''
mkdir -p $out/bin
cp ccline $out/bin/
chmod +x $out/bin/ccline
'';
meta = with pkgs.lib; {
description = "CCometixLine Linux x64 CLI (Claude Code statusline)";
homepage = "https://github.com/Haleclipse/CCometixLine";
license = licenses.mit;
platforms = [ "x86_64-linux" ];
};
})
(pkgs.stdenv.mkDerivation {
name = "rtk-${rtk-version}";
version = rtk-version;
src = pkgs.fetchurl {
url = "https://github.com/rtk-ai/rtk/releases/download/v${rtk-version}/rtk-x86_64-unknown-linux-gnu.tar.gz";
hash = "sha256-XoTia5K8b00OzcKYCufwx8ApkAS31DxUCpGSU0jFs2Q=";
};
unpackPhase = ''
tar xzf $src
'';
installPhase = ''
mkdir -p $out/bin
cp rtk $out/bin/
chmod +x $out/bin/rtk
'';
meta = with pkgs.lib; {
description = "RTK - AI coding tool enhancer";
homepage = "https://www.rtk-ai.app";
license = licenses.mit;
platforms = [ "x86_64-linux" ];
};
})
# mcp-nixos
];
})
(lib.mkIf cfg.tirith.enable {
home.packages = with pkgs; [
tirith
];
})
(lib.mkIf (cfg.tirith.enable && cfg.claude-code.enable) {
home.file.".claude/hooks/tirith-check.py" = {
source = ./tirith-check.py;
executable = true;
};
home.activation.tirith-claude-code = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
${pkgs.tirith}/bin/tirith setup claude-code --with-mcp --scope user --force 2>/dev/null || true
'';
})
(lib.mkIf cfg.opencode.enable {
home.packages = with pkgs; [
opencode
];
home.file.".config/opencode/opencode.json".text = builtins.toJSON {
"$schema" = "https://opencode.ai/config.json";
permission = {
external_directory = {
"/run/secrets/" = "deny";
"~/.config/sops/age/keys.txt" = "deny";
"~/.ssh/id_rsa" = "deny";
"~/.ssh/id_ed25519" = "deny";
"~/.ssh/id_ecdsa" = "deny";
"~/.ssh/id_dsa" = "deny";
"/etc/ssh/ssh_host_rsa_key" = "deny";
"/etc/ssh/ssh_host_ed25519_key" = "deny";
"/etc/ssh/ssh_host_ecdsa_key" = "deny";
"/etc/ssh/ssh_host_dsa_key" = "deny";
};
command = {
sops = "deny";
};
};
plugin = [ "@mohak34/opencode-notifier@latest" ];
};
})
imports = [
./claude-code.nix
./opencode.nix
./skills.nix
./tirith.nix
];
}

40
home/modules/ai-tools/opencode.nix Normal file
View File

@@ -0,0 +1,40 @@
{
lib,
config,
pkgs,
...
}:
let
cfg = config.ai-tools.opencode;
in
{
options.ai-tools.opencode = {
enable = lib.mkEnableOption "opencode";
};
config = lib.mkIf cfg.enable {
home.packages = [ pkgs.opencode ];
home.file.".config/opencode/opencode.json".text = builtins.toJSON {
"$schema" = "https://opencode.ai/config.json";
permission = {
external_directory = {
"/run/secrets/" = "deny";
"~/.config/sops/age/keys.txt" = "deny";
"~/.ssh/id_rsa" = "deny";
"~/.ssh/id_ed25519" = "deny";
"~/.ssh/id_ecdsa" = "deny";
"~/.ssh/id_dsa" = "deny";
"/etc/ssh/ssh_host_rsa_key" = "deny";
"/etc/ssh/ssh_host_ed25519_key" = "deny";
"/etc/ssh/ssh_host_ecdsa_key" = "deny";
"/etc/ssh/ssh_host_dsa_key" = "deny";
};
command = {
sops = "deny";
};
};
plugin = [ "@mohak34/opencode-notifier@latest" ];
};
};
}

49
home/modules/ai-tools/skills.nix Normal file
View File

@@ -0,0 +1,49 @@
{
lib,
config,
pkgs,
...
}:
let
cfg = config.ai-tools.claude-code;
skillType = lib.types.submodule {
options = {
owner = lib.mkOption { type = lib.types.str; };
repo = lib.mkOption { type = lib.types.str; };
rev = lib.mkOption { type = lib.types.str; };
hash = lib.mkOption { type = lib.types.str; };
skill = lib.mkOption { type = lib.types.str; };
};
};
fetchSkill =
skill:
let
src = pkgs.fetchFromGitHub {
inherit (skill)
owner
repo
rev
hash
;
};
in
{
name = ".claude/skills/${skill.skill}";
value = {
source = "${src}/${skill.skill}";
recursive = true;
};
};
in
{
options.ai-tools.claude-code.skills = lib.mkOption {
type = lib.types.listOf skillType;
default = [ ];
};
config = lib.mkIf cfg.enable {
home.file = builtins.listToAttrs (map fetchSkill cfg.skills);
};
}

30
home/modules/ai-tools/tirith.nix Normal file
View File

@@ -0,0 +1,30 @@
{
lib,
config,
pkgs,
...
}:
let
cfg = config.ai-tools.tirith;
in
{
options.ai-tools.tirith = {
enable = lib.mkEnableOption "tirith shell security guard";
};
config = lib.mkMerge [
(lib.mkIf cfg.enable {
home.packages = [ pkgs.tirith ];
})
(lib.mkIf (cfg.enable && config.ai-tools.claude-code.enable) {
home.file.".claude/hooks/tirith-check.py" = {
source = ./tirith-check.py;
executable = true;
};
home.activation.tirith-claude-code = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
${pkgs.tirith}/bin/tirith setup claude-code --with-mcp --scope user --force 2>/dev/null || true
'';
})
];
}

8
home/modules/database/default.nix
View File

@@ -9,14 +9,18 @@
options.database = {
mssql.enable = lib.mkEnableOption "MSSQL";
postgresql.enable = lib.mkEnableOption "PostgreSQL";
redis.enable = lib.mkEnableOption "Redis";
};
config = lib.mkMerge [
(lib.mkIf config.database.mssql.enable {
home.packages = [ (config.nixgl.wrap pkgs.dbeaver-bin) ];
home.packages = with pkgs; [ (config.nixgl.wrap dbeaver-bin) ];
})
(lib.mkIf config.database.postgresql.enable {
home.packages = [ (config.nixgl.wrap pkgs.pgadmin4-desktopmode) ];
home.packages = with pkgs; [ (config.nixgl.wrap pgadmin4-desktopmode) ];
})
(lib.mkIf config.database.postgresql.enable {
home.packages = with pkgs; [ redis ];
})
];
}

2
home/modules/dconf/default.nix
View File

@@ -41,7 +41,7 @@ in
clock-show-weekday = true;
color-scheme = "prefer-dark";
enable-hot-corners = false;
font-name = font;
# font-name = font;
locate-pointer = true;
monospace-font-name = font;
};

4
hosts/andromache/default.nix
View File

@@ -51,9 +51,7 @@ in
../../modules/yubikey
];
home-manager.users.${config.host.username} = import ../../home/hosts/andromache;
ssh.authorizedHosts = [ "astyanax" ];
home-manager.users.${config.host.username} = import ../../home/hosts/${config.host.name};
secrets.nixSigningKey.enable = true;

2
hosts/andromache/host.nix
View File

@@ -1,7 +1,7 @@
{
host = {
username = "h";
name = "andromache";
highRam = true;
admin = true;
};
}

4
hosts/astyanax/default.nix
View File

@@ -47,9 +47,7 @@ in
../../modules/yubikey
];
home-manager.users.${config.host.username} = import ../../home/hosts/astyanax;
ssh.authorizedHosts = [ "andromache" ];
home-manager.users.${config.host.username} = import ../../home/hosts/${config.host.name};
secrets.nixSigningKey.enable = true;

2
hosts/astyanax/host.nix
View File

@@ -1,7 +1,7 @@
{
host = {
username = "h";
name = "astyanax";
highRam = true;
admin = true;
};
}

7
hosts/eetion-02/default.nix
View File

@@ -11,13 +11,6 @@
../../modules/ssh
];
ssh = {
authorizedHosts = [
"andromache"
"astyanax"
];
};
boot = {
kernelParams = [
"console=ttyS1,115200n8"

1
hosts/eetion-02/host.nix
View File

@@ -1,6 +1,5 @@
{
host = {
username = "h";
name = "eetion-02";
};
}

7
hosts/eetion/default.nix
View File

@@ -15,13 +15,6 @@
tailscale.enable = true;
ssh = {
authorizedHosts = [
"andromache"
"astyanax"
];
};
boot.loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;

1
hosts/eetion/host.nix
View File

@@ -1,6 +1,5 @@
{
host = {
username = "h";
name = "eetion";
};
}

7
hosts/hecuba/default.nix
View File

@@ -18,13 +18,6 @@
];
networking.hostName = config.host.name;
ssh = {
authorizedHosts = [
"andromache"
"astyanax"
];
};
docker.enable = true;
fileSystems."/" = {

1
hosts/hecuba/host.nix
View File

@@ -1,6 +1,5 @@
{
host = {
username = "username";
name = "hecuba";
};
}

1
hosts/vm/host.nix
View File

@@ -1,6 +1,5 @@
{
host = {
username = "h";
name = "vm";
};
}

5
images/sd-image-orange-pi-aarch64.nix
View File

@@ -21,11 +21,6 @@ in
name = "orange-pi";
};
ssh.authorizedHosts = [
"andromache"
"astyanax"
];
nix.settings.experimental-features = [
"nix-command"
"flakes"

5
images/sd-image-raspberry-pi-aarch64.nix
View File

@@ -21,11 +21,6 @@ in
name = "raspberry-pi";
};
ssh.authorizedHosts = [
"andromache"
"astyanax"
];
boot.kernelParams = [
"console=ttyS1,115200n8"
];

5
modules/common/host.nix
View File

@@ -24,5 +24,10 @@
type = lib.types.bool;
default = false;
};
admin = lib.mkOption {
type = lib.types.bool;
default = false;
};
};
}

14
modules/desktops/niri/default.nix
View File

@@ -37,6 +37,20 @@ in
];
};
# error:
# Failed assertions:
# - h profile: xdg.portal: since you installed Home Manager via its NixOS module and
# 'home-manager.useUserPackages' is enabled, you need to add
#
# environment.pathsToLink = [ `/share/applications` `/share/xdg-desktop-portal` ];
#
# to your NixOS configuration so that the portal definitions and DE
# provided configurations get linked.
environment.pathsToLink = [
"/share/applications"
"/share/xdg-desktop-portal"
];
services = {
gnome.gnome-keyring.enable = false;
dbus.enable = true;

9
modules/ssh/authorized-keys.nix
View File

@@ -1,7 +1,12 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
inherit (config.host) username;
adminHosts = (import ../../utils { inherit lib; }).adminHosts ../../hosts;
in
{
options.ssh = {
@@ -19,6 +24,6 @@ in
keyFile = ../../hosts/${hostname}/ssh_user.pub;
in
lib.optionals (builtins.pathExists keyFile) (lib.splitString "\n" (builtins.readFile keyFile))
) config.ssh.authorizedHosts
) ((builtins.filter (h: h != config.host.name) adminHosts) ++ config.ssh.authorizedHosts)
);
}

10
utils/default.nix
View File

@@ -1,12 +1,8 @@
{ lib }:
let
hosts = import ./hosts.nix;
fs = import ./fs.nix { inherit lib; };
hosts = import ./hosts.nix { inherit lib; };
secrets = import ./secrets.nix { inherit lib; };
in
{
dirNames =
path: builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir path));
}
// hosts
// secrets
fs // hosts // secrets

6
utils/fs.nix Normal file
View File

@@ -0,0 +1,6 @@
{ lib }:
{
dirNames =
path: builtins.attrNames (lib.filterAttrs (_: t: t == "directory") (builtins.readDir path));
}

11
utils/hosts.nix
View File

@@ -1,3 +1,8 @@
{ lib }:
let
fs = import ./fs.nix { inherit lib; };
in
{
hostMeta =
hostDir:
@@ -5,4 +10,10 @@
import (hostDir + "/meta.nix")
else
throw "meta.nix required in ${hostDir}";
adminHosts =
hostsPath:
builtins.filter (host: ((import (hostsPath + "/${host}/host.nix")).host.admin or false)) (
fs.dirNames hostsPath
);
}