hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: hektor:42af1badc486c65db711dfe52a24366f4c2316a4
Branches Tags
hektor:main
..
compare: hektor:0f369bdf6c130b7ec2950ca60464df6324e52e3b
Branches Tags
hektor:main

6 Commits
42af1badc4 ... 0f369bdf6c

Author SHA1 Message Date
hektor
0f369bdf6c feat: set up colmena with hetzner stuff 2026-01-22 20:26:11 +01:00
hektor
600e55de1f feat: configure auto suspend 2026-01-22 20:25:06 +01:00
hektor
a390428ca9 feat: set up opencode (with automated API key) 2026-01-22 20:25:05 +01:00
hektor
a5aeddc5c2 feat: add 'hcloud' module 2026-01-22 20:24:36 +01:00
Hektor Misplon
e9748b0236 chore: update Nix 'work' host 2026-01-22 20:22:19 +01:00
hektor
3902e2da67 chore: update lockfile 2026-01-22 20:20:30 +01:00
16 changed files with 240 additions and 53 deletions
Expand all files Collapse all files

9
deploy/README.md Normal file
View File

@@ -0,0 +1,9 @@
# `colmena` deployments
* tags: `local`, `cloud`
* deployments can be made from `astyanax` and `andromache` hosts
## References
- [docs: `colmena`](https://colmena.cli.rs/)
- [repo: `colmena`](https://github.com/zhaofengli/colmena)

28
deploy/colmena.nix Normal file
View File

@@ -0,0 +1,28 @@
{
self,
inputs,
}:
inputs.colmena.lib.makeHive {
meta = {
nixpkgs = import inputs.nixpkgs {
system = "x86_64-linux";
};
nodeNixpkgs = builtins.mapAttrs (_: v: v.pkgs) self.nixosConfigurations;
nodeSpecialArgs = builtins.mapAttrs (_: v: v._module.specialArgs or { }) self.nixosConfigurations;
};
astyanax.deployment.tags = [ "local" ];
andromache.deployment.tags = [ "local" ];
vm.deployment.tags = [ "local" ];
hecuba.deployment = {
targetHost = "hecuba";
targetUser = "username";
targetPort = 22;
tags = [ "cloud" ];
};
}

24
dots/.config/nvim/flake.lock generated
View File

@@ -42,11 +42,11 @@
},
"nixCats": {
"locked": {
"lastModified": 1767604651,
"narHash": "sha256-itAnxzTpWpY1s3LA/oNngOuZDXT5U5JUZP5fApwx9gs=",
"lastModified": 1769085828,
"narHash": "sha256-TjhFIAtS628+/r3IuYWPcNa++mUMMDDG8PbSfFHXBiA=",
"owner": "BirdeeHub",
"repo": "nixCats-nvim",
"rev": "3c9bc4d7123e1b48d92f25ba505b889af541e897",
"rev": "43fbf4d12b0a613f1a792503da4bb2bf270173c7",
"type": "github"
},
"original": {
@@ -73,11 +73,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1768302833,
"narHash": "sha256-h5bRFy9bco+8QcK7rGoOiqMxMbmn21moTACofNLRMP4=",
"lastModified": 1768875095,
"narHash": "sha256-dYP3DjiL7oIiiq3H65tGIXXIT1Waiadmv93JS0sS+8A=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "61db79b0c6b838d9894923920b612048e1201926",
"rev": "ed142ab1b3a092c4d149245d0c4126a5d7ea00b0",
"type": "github"
},
"original": {
@@ -106,11 +106,11 @@
"plugins-helm-ls-nvim": {
"flake": false,
"locked": {
"lastModified": 1761915179,
"narHash": "sha256-W9NRa84l5Cs62OsDeqb+LMxk8oYjhVBCB3o3UmE9a0I=",
"lastModified": 1768584652,
"narHash": "sha256-jnMc87OjURNcqsva0npYgVyUrWc5C6L7yHpNvt9eSmg=",
"owner": "qvalentin",
"repo": "helm-ls.nvim",
"rev": "d6f3a8d4ad59b4f54cd734267dfb5411679ea608",
"rev": "f0b9a1723890971a6d84890b50dbf5f40974ea1b",
"type": "github"
},
"original": {
@@ -138,11 +138,11 @@
"plugins-mcphub-nvim": {
"flake": false,
"locked": {
"lastModified": 1765628564,
"narHash": "sha256-nvWqCGRKhbUHsAM/zd+cwFdcoXXxf6EmcCkpN4mElf4=",
"lastModified": 1768730387,
"narHash": "sha256-g9tPvjThz6EUk7zcY7lL+YH4lrT4x3FJ6jrNMHA8PAE=",
"owner": "ravitemer",
"repo": "mcphub.nvim",
"rev": "5193329d510a68f1f5bf189960642c925c177a3a",
"rev": "7cd5db330f41b7bae02b2d6202218a061c3ebc1f",
"type": "github"
},
"original": {

2
dots/.config/nvim/flake.nix
View File

@@ -135,7 +135,7 @@
zenbones-nvim
nvim-treesitter.withAllGrammars
nvim-treesitter-textobjects
nvim-treesitter-context
# nvim-treesitter-context
nvim-ts-context-commentstring
treesj
sniprun

155
flake.lock generated
View File

@@ -1,5 +1,29 @@
{
"nodes": {
"colmena": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"nixpkgs"
],
"stable": "stable"
},
"locked": {
"lastModified": 1762034856,
"narHash": "sha256-QVey3iP3UEoiFVXgypyjTvCrsIlA4ecx6Acaz5C8/PQ=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "349b035a5027f23d88eeb3bc41085d7ee29f18ed",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "colmena",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
@@ -7,11 +31,11 @@
]
},
"locked": {
"lastModified": 1746728054,
"narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=",
"lastModified": 1768920986,
"narHash": "sha256-CNzzBsRhq7gg4BMBuTDObiWDH/rFYHEuDRVOwCcwXw4=",
"owner": "nix-community",
"repo": "disko",
"rev": "ff442f5d1425feb86344c028298548024f21256d",
"rev": "de5708739256238fb912c62f03988815db89ec9a",
"type": "github"
},
"original": {
@@ -29,11 +53,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1768709017,
"narHash": "sha256-/Xc5B/+6nbX24iSaPbN/+wiVqGS50/LS4y53tzTvN0o=",
"lastModified": 1769054619,
"narHash": "sha256-LCc0gbSgjehdy41Gi1H5WNxEuW9PtRHFVaPXoFzslQU=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "5728e3d62c3af09445cb013e304d627f6589efc4",
"rev": "6509620630f68dc02ac3e99f15a67760778444ff",
"type": "gitlab"
},
"original": {
@@ -43,6 +67,22 @@
"type": "gitlab"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
@@ -66,6 +106,21 @@
}
},
"flake-utils": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems"
},
@@ -90,11 +145,11 @@
]
},
"locked": {
"lastModified": 1768707181,
"narHash": "sha256-GdwFfnwdUgABFpc4sAmX7GYx8eQs6cEjOPo6nBJ0YaI=",
"lastModified": 1769102673,
"narHash": "sha256-/qvRFjn1s3bIJdSKG6IpaE6ML3j9anQKUqGhmt4Qe+E=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "83bcb17377f0242376a327e742e9404e9a528647",
"rev": "b0491fe55680bd19be8e74847969dad9d7784658",
"type": "github"
},
"original": {
@@ -122,13 +177,34 @@
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"colmena",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729742964,
"narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix-secrets": {
"flake": false,
"locked": {
"lastModified": 1768726358,
"narHash": "sha256-OFD8qqNfGnLnL+15Hpzl6jhuzb4KVuVNz0zfPBz8lyo=",
"lastModified": 1768769813,
"narHash": "sha256-3ft3BnwlJyrqfJKlXj4px3oIh5feLEJZ2iOEg8kErRc=",
"ref": "main",
"rev": "84db870708bb281edf24f626d1e105e8a8ea0b3f",
"rev": "af4d568e01b6b5ccf8cc1262886ebea63b2010f2",
"shallow": true,
"type": "git",
"url": "ssh://git@github.com/hektor/nix-secrets"
@@ -142,11 +218,11 @@
},
"nixCats": {
"locked": {
"lastModified": 1767604651,
"narHash": "sha256-itAnxzTpWpY1s3LA/oNngOuZDXT5U5JUZP5fApwx9gs=",
"lastModified": 1769085828,
"narHash": "sha256-TjhFIAtS628+/r3IuYWPcNa++mUMMDDG8PbSfFHXBiA=",
"owner": "BirdeeHub",
"repo": "nixCats-nvim",
"rev": "3c9bc4d7123e1b48d92f25ba505b889af541e897",
"rev": "43fbf4d12b0a613f1a792503da4bb2bf270173c7",
"type": "github"
},
"original": {
@@ -157,7 +233,7 @@
},
"nixgl": {
"inputs": {
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
@@ -178,11 +254,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1768584846,
"narHash": "sha256-IRPmIOV2tPwxbhP/I9M5AmwhTC0lMPtoPStC+8T6xl0=",
"lastModified": 1769086393,
"narHash": "sha256-3ymIZ8s3+hu7sDl/Y48o6bwMxorfKrmn97KuWiw1vjY=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "cce68f4a54fa4e3d633358364477f5cc1d782440",
"rev": "9f7ba891ea5fc3ededd7804f1a23fafadbcb26ca",
"type": "github"
},
"original": {
@@ -194,11 +270,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1768564909,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
"lastModified": 1769018530,
"narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
"rev": "88d3861acdd3d2f0e361767018218e51810df8a1",
"type": "github"
},
"original": {
@@ -268,11 +344,11 @@
"plugins-helm-ls-nvim": {
"flake": false,
"locked": {
"lastModified": 1761915179,
"narHash": "sha256-W9NRa84l5Cs62OsDeqb+LMxk8oYjhVBCB3o3UmE9a0I=",
"lastModified": 1768584652,
"narHash": "sha256-jnMc87OjURNcqsva0npYgVyUrWc5C6L7yHpNvt9eSmg=",
"owner": "qvalentin",
"repo": "helm-ls.nvim",
"rev": "d6f3a8d4ad59b4f54cd734267dfb5411679ea608",
"rev": "f0b9a1723890971a6d84890b50dbf5f40974ea1b",
"type": "github"
},
"original": {
@@ -300,11 +376,11 @@
"plugins-mcphub-nvim": {
"flake": false,
"locked": {
"lastModified": 1765628564,
"narHash": "sha256-nvWqCGRKhbUHsAM/zd+cwFdcoXXxf6EmcCkpN4mElf4=",
"lastModified": 1768730387,
"narHash": "sha256-g9tPvjThz6EUk7zcY7lL+YH4lrT4x3FJ6jrNMHA8PAE=",
"owner": "ravitemer",
"repo": "mcphub.nvim",
"rev": "5193329d510a68f1f5bf189960642c925c177a3a",
"rev": "7cd5db330f41b7bae02b2d6202218a061c3ebc1f",
"type": "github"
},
"original": {
@@ -363,6 +439,7 @@
},
"root": {
"inputs": {
"colmena": "colmena",
"disko": "disko",
"firefox-addons": "firefox-addons",
"home-manager": "home-manager",
@@ -381,11 +458,11 @@
]
},
"locked": {
"lastModified": 1768709255,
"narHash": "sha256-aigyBfxI20FRtqajVMYXHtj5gHXENY2gLAXEhfJ8/WM=",
"lastModified": 1768863606,
"narHash": "sha256-1IHAeS8WtBiEo5XiyJBHOXMzECD6aaIOJmpQKzRRl64=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "5e8fae80726b66e9fec023d21cd3b3e638597aa9",
"rev": "c7067be8db2c09ab1884de67ef6c4f693973f4a2",
"type": "github"
},
"original": {
@@ -394,6 +471,22 @@
"type": "github"
}
},
"stable": {
"locked": {
"lastModified": 1750133334,
"narHash": "sha256-urV51uWH7fVnhIvsZIELIYalMYsyr2FCalvlRTzqWRw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "36ab78dab7da2e4e27911007033713bab534187b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,

12
flake.nix
View File

@@ -34,6 +34,10 @@
url = "path:./dots/.config/nvim";
inputs.nixpkgs.follows = "nixpkgs";
};
colmena = {
url = "github:zhaofengli/colmena";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
@@ -48,6 +52,7 @@
nixgl,
firefox-addons,
nvim,
colmena,
}@inputs:
let
inherit (self) outputs;
@@ -82,5 +87,12 @@
};
};
};
colmenaHive = import ./deploy/colmena.nix {
inherit
self
inputs
;
};
};
}

2
home/hosts/andromache/default.nix
View File

@@ -13,7 +13,7 @@ in
imports = [
../../modules/desktop/niri
../../modules/git.nix
../../modules/hetzner
# ../../modules/hetzner.nix
../../modules/k9s.nix
../../modules/kitty.nix
../../modules/ssh.nix

2
home/hosts/astyanax/default.nix
View File

@@ -13,7 +13,7 @@ in
../../modules/anki.nix
../../modules/desktop/niri
../../modules/git.nix
../../modules/hetzner
# ../../modules/hetzner.nix
../../modules/k9s.nix
../../modules/kitty.nix
../../modules/ssh.nix

1
home/hosts/packages.nix
View File

@@ -15,6 +15,7 @@ with pkgs;
nixfmt-rfc-style
nmap
nodejs_24
opencode
nvimpager
pandoc
parallel

6
home/modules/hcloud/default.nix
View File

@@ -1,5 +1,4 @@
{
config,
lib,
osConfig ? null,
...
@@ -10,7 +9,8 @@ let
in
{
config = {
warnings = lib.optional (!isNixOS)
"hcloud module requires NixOS host configuration. This module will not work with standalone home-manager.";
warnings =
lib.optional (!isNixOS)
"hcloud module requires NixOS host configuration. This module will not work with standalone home-manager.";
};
}

2
hosts/andromache/default.nix
View File

@@ -51,6 +51,8 @@ in
secrets.username = username;
docker.user = username;
nix.settings.secret-key-files = [ config.sops.secrets.nix_signing_key_andromache.path ];
disko.devices = {
disk.data = {
type = "disk";

2
hosts/astyanax/default.nix
View File

@@ -53,6 +53,8 @@ in
secrets.username = username;
docker.user = username;
nix.settings.secret-key-files = [ config.sops.secrets.nix_signing_key_astyanax.path ];
hardware = {
cpu.intel.updateMicrocode = true;
# https://wiki.nixos.org/wiki/Intel_Graphics

27
hosts/hecuba/default.nix
View File

@@ -18,11 +18,17 @@ in
../../modules/common
./hard.nix
../../modules/ssh/hardened-openssh.nix
../../modules/docker
];
networking.hostName = hostName;
ssh.username = username;
ssh.authorizedHosts = [ "andromache" ];
ssh.authorizedHosts = [
"andromache"
"astyanax"
];
docker.user = username;
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
@@ -51,7 +57,13 @@ in
security.sudo.wheelNeedsPassword = false;
networking.firewall.enable = true;
networking.firewall = {
enable = true;
allowedTCPPorts = [
80
443
];
};
environment.systemPackages = with pkgs; [
vim
@@ -67,4 +79,15 @@ in
enable = true;
harden = true;
};
nix.settings = {
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"astyanax:JY2qJkZUFSax47R3c1nq53AZ8GnLfNqz6mSnJ60cLZ4="
"andromache:XM4VLrEw63RB/3v/56OxzH/Yw+kKXKMBLKCb7UGAXzo="
];
auto-optimise-store = true;
keep-derivations = false;
keep-outputs = false;
};
}

1
hosts/hecuba/ssh_host.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIffzYkin2QHGoaOKXbQv6pbim8SU1J+3vAf2vXerMj root@nixos

4
modules/desktops/niri/default.nix
View File

@@ -1,11 +1,11 @@
{ pkgs, ... }:
{
programs.niri.enable = true;
services.dbus.enable = true;
services.logind.settings.Login = {
HandleLidSwitch = "suspend";
IdleAction = "suspend";
IdleActionSec = 1800;
};
services.displayManager.ly = {

16
modules/secrets/default.nix
View File

@@ -29,6 +29,9 @@ in
"anki_sync_user".owner = config.users.users.${cfg.username}.name;
"anki_sync_key".owner = config.users.users.${cfg.username}.name;
"hcloud".owner = config.users.users.${cfg.username}.name;
"nix_signing_key_astyanax" = { };
"nix_signing_key_andromache" = { };
"opencode_api_key".owner = config.users.users.${cfg.username}.name;
};
templates."taskrc.d/sync" = {
@@ -69,6 +72,19 @@ in
token = "${config.sops.placeholder."hcloud"}"
'';
};
templates."opencode/auth.json" = {
owner = config.users.users.${cfg.username}.name;
path = "/home/${cfg.username}/.local/share/opencode/auth.json";
content = ''
{
"zai-coding-plan": {
"type": "api",
"key": "${config.sops.placeholder."opencode_api_key"}"
}
}
'';
};
};
};
}