hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: hektor:6389bf4e25da589def503be4b0f5ef9a6fb454f8
Branches Tags
hektor:main
..
compare: hektor:7c92cc5c6a6d567b9403143cfbe08a5a77be5f86
Branches Tags
hektor:main

4 Commits
6389bf4e25 ... 7c92cc5c6a

Author SHA1 Message Date
Hektor Misplon
7c92cc5c6a fix: use mkDefault for stateVersion to allow host overrides 2026-03-11 23:05:04 +01:00
Hektor Misplon
0a568cba6f chore: update lockfile 2026-03-11 23:05:04 +01:00
Hektor Misplon
43dff3e8e5 refactor: add config.host option for host variables 2026-03-11 23:04:43 +01:00
Hektor Misplon
4c9db2b822 refactor(waybar): modularize waybar config 2026-03-11 21:33:29 +01:00
14 changed files with 167 additions and 144 deletions
Expand all files Collapse all files

12
flake.lock generated
View File

@@ -344,11 +344,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1773179137, "lastModified": 1773264496,
"narHash": "sha256-EdW2bwzlfme0vbMOcStnNmKlOAA05Bp6su2O8VLGT0k=", "narHash": "sha256-uwFY0+UfaGEo6205ixeBjplZxHWr56UQef+MtmJ0PW0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "3f98e2bbc661ec0aaf558d8a283d6955f05f1d09", "rev": "32f78141a98098efed490842923b25ecb93b9b9f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -400,10 +400,10 @@
"nix-secrets": { "nix-secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1770135527, "lastModified": 1773265075,
"narHash": "sha256-Fup9LiyL6bDID3x+rAB2nP99Xv2o9Is5NkTDbmIy6o0=", "narHash": "sha256-RMDvtOdnzX3A0sZMeqLHwGXpMcR52YL3QImGaHVyIN4=",
"ref": "main", "ref": "main",
"rev": "521d144f8a8ff9fca8ccf492d7fbdd05d9a5fe37", "rev": "f91e1d56318de56907b3f1a3a10785da75b958f6",
"shallow": true, "shallow": true,
"type": "git", "type": "git",
"url": "ssh://git@github.com/hektor/nix-secrets" "url": "ssh://git@github.com/hektor/nix-secrets"

7
home/hosts/andromache/default.nix
View File

@@ -5,9 +5,6 @@
... ...
}: }:
let
username = "h";
in
{ {
imports = [ imports = [
../../modules ../../modules
@@ -35,8 +32,8 @@ in
home = { home = {
stateVersion = "25.05"; stateVersion = "25.05";
inherit username; username = config.host.username;
homeDirectory = "/home/${username}"; homeDirectory = "/home/${config.host.username}";
}; };
xdg.userDirs.createDirectories = false; xdg.userDirs.createDirectories = false;

7
home/hosts/astyanax/default.nix
View File

@@ -4,9 +4,6 @@
... ...
}: }:
let
username = "h";
in
{ {
imports = [ imports = [
../../modules ../../modules
@@ -33,8 +30,8 @@ in
home = { home = {
stateVersion = "25.05"; stateVersion = "25.05";
inherit username; username = config.host.username;
homeDirectory = "/home/${username}"; homeDirectory = "/home/${config.host.username}";
}; };
xdg.userDirs.createDirectories = false; xdg.userDirs.createDirectories = false;

70
home/modules/waybar/default.nix
View File

@@ -1,68 +1,8 @@
{ {
lib, imports = [
... ./settings.nix
}: ./style.nix
];
{ programs.waybar.enable = true;
programs.waybar = {
enable = true;
settings = [
{
height = 16;
spacing = 4;
modules-left = [ "niri/workspaces" ];
modules-right = [
"pulseaudio"
"memory"
"cpu"
"network"
"clock"
"battery"
];
clock = {
format = "W{:%V %d %b %H:%M}";
tooltip-format = "{calendar}";
format-alt = "{:%Y-%m-%d %H:%M:%S}";
};
battery = {
bat = "BAT0";
adapter = "ADP1";
interval = 5;
full-at = 99;
states = {
good = 80;
warning = 20;
critical = 10;
};
format = "{capacity}%--";
format-charging = "{capacity}%++";
format-plugged = "{capacity}%";
format-alt = "{time} {power}W";
};
pulseaudio = {
format = "VOL {volume}%";
format-muted = "muted";
on-click = "pavucontrol";
};
memory = {
interval = 2;
format = "RAM {percentage}%";
format-alt = "RAM {used:0.1f}G/{total:0.1f}G";
};
cpu = {
interval = 2;
format = "CPU {usage}%";
format-alt = "CPU {avg_frequency}GHz";
};
network = {
interval = 5;
format-wifi = "{ifname} {ipaddr} {essid}";
format-ethernet = "{ifname} {ipaddr}";
format-disconnected = "{ifname} disconnected";
tooltip-format = "{ifname}: {ipaddr}/{cidr}";
};
}
];
style = lib.readFile ./style.css;
};
} }

61
home/modules/waybar/settings.nix Normal file
View File

@@ -0,0 +1,61 @@
{ lib, ... }:
{
programs.waybar.settings = [
{
height = 16;
spacing = 4;
modules-left = [ "niri/workspaces" ];
modules-right = [
"pulseaudio"
"memory"
"cpu"
"network"
"clock"
"battery"
];
clock = {
format = "W{:%V %d %b %H:%M}";
tooltip-format = "{calendar}";
format-alt = "{:%Y-%m-%d %H:%M:%S}";
};
battery = {
bat = "BAT0";
adapter = "ADP1";
interval = 5;
full-at = 99;
states = {
good = 80;
warning = 20;
critical = 10;
};
format = "{capacity}%--";
format-charging = "{capacity}%++";
format-plugged = "{capacity}%";
format-alt = "{time} {power}W";
};
pulseaudio = {
format = "VOL {volume}%";
format-muted = "muted";
on-click = "pavucontrol";
};
memory = {
interval = 2;
format = "RAM {percentage}%";
format-alt = "RAM {used:0.1f}G/{total:0.1f}G";
};
cpu = {
interval = 2;
format = "CPU {usage}%";
format-alt = "CPU {avg_frequency}GHz";
};
network = {
interval = 5;
format-wifi = "{ifname} {ipaddr} {essid}";
format-ethernet = "{ifname} {ipaddr}";
format-disconnected = "{ifname} disconnected";
tooltip-format = "{ifname}: {ipaddr}/{cidr}";
};
}
];
}

5
home/modules/waybar/style.nix Normal file
View File

@@ -0,0 +1,5 @@
{ lib, ... }:
{
programs.waybar.style = lib.readFile ./style.css;
}

21
hosts/andromache/default.nix
View File

@@ -7,8 +7,6 @@
}: }:
let let
username = "h";
hostName = "andromache";
wolInterfaces = import ./wol-interfaces.nix; wolInterfaces = import ./wol-interfaces.nix;
in in
{ {
@@ -30,7 +28,7 @@ in
../../modules/bluetooth ../../modules/bluetooth
../../modules/gaming ../../modules/gaming
../../modules/keyboard ../../modules/keyboard
(import ../../modules/networking { inherit hostName; }) (import ../../modules/networking { hostName = config.host.name; })
../../modules/users ../../modules/users
../../modules/audio ../../modules/audio
../../modules/localization ../../modules/localization
@@ -45,7 +43,12 @@ in
../../modules/yubikey ../../modules/yubikey
]; ];
home-manager.users.${username} = import ../../home/hosts/andromache { host = {
username = "h";
name = "andromache";
};
home-manager.users.${config.host.username} = import ../../home/hosts/andromache {
inherit inherit
inputs inputs
config config
@@ -54,13 +57,11 @@ in
; ;
}; };
networking.hostName = hostName; ssh.username = config.host.username;
ssh.username = username;
ssh.authorizedHosts = [ "astyanax" ]; ssh.authorizedHosts = [ "astyanax" ];
secrets.username = username; secrets.username = config.host.username;
docker.user = username; docker.user = config.host.username;
nix.settings.secret-key-files = [ config.sops.secrets.nix_signing_key_andromache.path ]; nix.settings.secret-key-files = [ config.sops.secrets.nix_signing_key_andromache.path ];
@@ -94,7 +95,7 @@ in
my.yubikey = { my.yubikey = {
enable = false; enable = false;
inherit username; username = config.host.username;
keys = [ keys = [
{ {
handle = "<KeyHandle1>"; handle = "<KeyHandle1>";

21
hosts/astyanax/default.nix
View File

@@ -6,8 +6,6 @@
... ...
}: }:
let let
username = "h";
hostName = "astyanax";
wolInterfaces = import ../andromache/wol-interfaces.nix; wolInterfaces = import ../andromache/wol-interfaces.nix;
in in
{ {
@@ -30,7 +28,7 @@ in
../../modules/backups ../../modules/backups
../../modules/bluetooth ../../modules/bluetooth
../../modules/keyboard ../../modules/keyboard
(import ../../modules/networking { inherit hostName; }) (import ../../modules/networking { hostName = config.host.name; })
../../modules/users ../../modules/users
../../modules/localization ../../modules/localization
../../modules/fonts ../../modules/fonts
@@ -42,7 +40,12 @@ in
../../modules/nfc ../../modules/nfc
]; ];
home-manager.users.${username} = import ../../home/hosts/astyanax { host = {
username = "h";
name = "astyanax";
};
home-manager.users.${config.host.username} = import ../../home/hosts/astyanax {
inherit inherit
inputs inputs
config config
@@ -51,14 +54,12 @@ in
; ;
}; };
networking.hostName = hostName; ssh.username = config.host.username;
ssh.username = username;
ssh.authorizedHosts = [ "andromache" ]; ssh.authorizedHosts = [ "andromache" ];
secrets.username = username; secrets.username = config.host.username;
docker.user = username; docker.user = config.host.username;
nfc.user = username; nfc.user = config.host.username;
desktop.ly.enable = true; desktop.ly.enable = true;
nix.settings.secret-key-files = [ config.sops.secrets.nix_signing_key_astyanax.path ]; nix.settings.secret-key-files = [ config.sops.secrets.nix_signing_key_astyanax.path ];

20
hosts/eetion-02/default.nix
View File

@@ -1,21 +1,23 @@
{ pkgs, ... }: { pkgs, config, ... }:
# Raspberry Pi 3 # Raspberry Pi 3
# See <https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_3> # See <https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_3>
let
username = "h";
hostName = "eetion-02";
in
{ {
imports = [ imports = [
./hard.nix ./hard.nix
../../modules/ssh ../../modules/ssh
../../modules/common
]; ];
host = {
username = "h";
name = "eetion-02";
};
ssh = { ssh = {
inherit username; username = config.host.username;
publicHostname = "eetion-02"; publicHostname = config.host.name;
authorizedHosts = [ authorizedHosts = [
"andromache" "andromache"
"astyanax" "astyanax"
@@ -38,7 +40,7 @@ in
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
networking = { networking = {
inherit hostName; hostName = config.host.name;
networkmanager.enable = true; networkmanager.enable = true;
firewall = { firewall = {
enable = true; enable = true;
@@ -51,7 +53,7 @@ in
users.users = { users.users = {
root.hashedPassword = "!"; root.hashedPassword = "!";
${username} = { ${config.host.username} = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
}; };

34
hosts/eetion/default.nix
View File

@@ -1,22 +1,24 @@
{ pkgs, ... }: { pkgs, config, ... }:
# Orange Pi Zero2 H616 # Orange Pi Zero2 H616
# See <https://nixos.wiki/wiki/NixOS_on_ARM/Orange_Pi_Zero2_H616> # See <https://nixos.wiki/wiki/NixOS_on_ARM/Orange_Pi_Zero2_H616>
let
username = "h";
hostName = "eetion";
in
{ {
imports = [ imports = [
./hard.nix ./hard.nix
../../modules/ssh ../../modules/ssh
../../modules/common
# ../../modules/uptime-kuma # ../../modules/uptime-kuma
]; ];
host = {
username = "h";
name = "eetion";
};
ssh = { ssh = {
inherit username; username = config.host.username;
publicHostname = "eetion"; publicHostname = config.host.name;
authorizedHosts = [ authorizedHosts = [
"andromache" "andromache"
"astyanax" "astyanax"
@@ -29,7 +31,7 @@ in
}; };
networking = { networking = {
inherit hostName; hostName = config.host.name;
networkmanager.enable = true; networkmanager.enable = true;
firewall = { firewall = {
enable = true; enable = true;
@@ -44,7 +46,7 @@ in
users.users = { users.users = {
root.hashedPassword = "!"; root.hashedPassword = "!";
${username} = { ${config.host.username} = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
}; };
@@ -57,19 +59,19 @@ in
enable = true; enable = true;
passwordFile = "/etc/paperless-admin-pass"; passwordFile = "/etc/paperless-admin-pass";
settings = { settings = {
PAPERLESS_URL = "http://paperless.eetion"; PAPERLESS_URL = "http://paperless.${config.host.name}";
}; };
}; };
# added (OPNSense) domain override to make this work on LAN # added (OPNSense) domain override to make this work on LAN
# #
# host: eetion # host: <host-name>
# domain: <domain (e.g. lan)> # domain: <domain (e.g. lan)>
# ip address: <eetion-ip> # ip address: <host-ip>
# #
# host: paperless # host: paperless
# domain: eetion # domain: <host-name>
# ip address: <eetion-ip> # ip address: <host-ip>
nginx = { nginx = {
enable = true; enable = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
@@ -78,13 +80,13 @@ in
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts = { virtualHosts = {
"eetion" = { "${config.host.name}" = {
default = true; default = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:5006"; proxyPass = "http://127.0.0.1:5006";
}; };
}; };
"paperless.eetion" = { "paperless.${config.host.name}" = {
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:28981"; proxyPass = "http://127.0.0.1:28981";
}; };

18
hosts/hecuba/default.nix
View File

@@ -1,15 +1,12 @@
{ {
inputs, inputs,
pkgs, pkgs,
config,
... ...
}: }:
# Also see <https://wiki.nixos.org/wiki/Install_NixOS_on_Hetzner_Cloud> # Also see <https://wiki.nixos.org/wiki/Install_NixOS_on_Hetzner_Cloud>
let
username = "username";
hostName = "hecuba";
in
{ {
imports = [ imports = [
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
@@ -19,9 +16,14 @@ in
../../modules/docker ../../modules/docker
]; ];
networking.hostName = hostName; host = {
username = "username";
name = "hecuba";
};
networking.hostName = config.host.name;
ssh = { ssh = {
inherit username; username = config.host.username;
publicHostname = "server.hektormisplon.xyz"; publicHostname = "server.hektormisplon.xyz";
authorizedHosts = [ authorizedHosts = [
"andromache" "andromache"
@@ -29,7 +31,7 @@ in
]; ];
}; };
docker.user = username; docker.user = config.host.username;
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-label/nixos"; device = "/dev/disk/by-label/nixos";
@@ -50,7 +52,7 @@ in
users.users = { users.users = {
root.hashedPassword = "!"; root.hashedPassword = "!";
username = { ${config.host.username} = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
}; };

19
hosts/vm/default.nix
View File

@@ -5,10 +5,6 @@
pkgs, pkgs,
... ...
}: }:
let
username = "h";
hostName = "vm";
in
{ {
imports = [ imports = [
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
@@ -18,7 +14,7 @@ in
./disk.nix ./disk.nix
../../modules/boot/bootloader.nix ../../modules/boot/bootloader.nix
../../modules/keyboard ../../modules/keyboard
(import ../../modules/networking { inherit hostName; }) (import ../../modules/networking { hostName = config.host.name; })
../../modules/users ../../modules/users
../../modules/audio ../../modules/audio
../../modules/localization ../../modules/localization
@@ -31,14 +27,19 @@ in
}) })
]; ];
home-manager.users.${username} = import ../../home/hosts/vm { host = {
username = "h";
name = "vm";
};
home-manager.users.${config.host.username} = import ../../home/hosts/vm {
inherit inputs config pkgs; inherit inputs config pkgs;
}; };
networking.hostName = hostName; networking.hostName = config.host.name;
ssh.username = username; ssh.username = config.host.username;
secrets.username = username; secrets.username = config.host.username;
disko = { disko = {
devices.disk.main = { devices.disk.main = {

3
modules/common/default.nix
View File

@@ -12,6 +12,7 @@ in
{ {
imports = [ imports = [
inputs.home-manager.nixosModules.default inputs.home-manager.nixosModules.default
./host.nix
]; ];
options.nixpkgs.allowedUnfree = lib.mkOption { options.nixpkgs.allowedUnfree = lib.mkOption {
@@ -20,7 +21,7 @@ in
}; };
config = { config = {
system.stateVersion = "25.05"; system.stateVersion = lib.mkDefault "25.05";
nix = { nix = {
optimise = { optimise = {

13
modules/common/host.nix Normal file
View File

@@ -0,0 +1,13 @@
{ lib, ... }:
{
options.host = {
username = lib.mkOption {
type = lib.types.str;
};
name = lib.mkOption {
type = lib.types.str;
};
};
}