hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: hektor:6389bf4e25da589def503be4b0f5ef9a6fb454f8
Branches Tags
hektor:main
..
compare: hektor:7c92cc5c6a6d567b9403143cfbe08a5a77be5f86
Branches Tags
hektor:main

4 Commits
6389bf4e25 ... 7c92cc5c6a

Author SHA1 Message Date
Hektor Misplon
7c92cc5c6a fix: use mkDefault for stateVersion to allow host overrides 2026-03-11 23:05:04 +01:00
Hektor Misplon
0a568cba6f chore: update lockfile 2026-03-11 23:05:04 +01:00
Hektor Misplon
43dff3e8e5 refactor: add config.host option for host variables 2026-03-11 23:04:43 +01:00
Hektor Misplon
4c9db2b822 refactor(waybar): modularize waybar config 2026-03-11 21:33:29 +01:00
14 changed files with 167 additions and 144 deletions
Expand all files Collapse all files

12
flake.lock generated
View File

@@ -344,11 +344,11 @@
]
},
"locked": {
"lastModified": 1773179137,
"narHash": "sha256-EdW2bwzlfme0vbMOcStnNmKlOAA05Bp6su2O8VLGT0k=",
"lastModified": 1773264496,
"narHash": "sha256-uwFY0+UfaGEo6205ixeBjplZxHWr56UQef+MtmJ0PW0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3f98e2bbc661ec0aaf558d8a283d6955f05f1d09",
"rev": "32f78141a98098efed490842923b25ecb93b9b9f",
"type": "github"
},
"original": {
@@ -400,10 +400,10 @@
"nix-secrets": {
"flake": false,
"locked": {
"lastModified": 1770135527,
"narHash": "sha256-Fup9LiyL6bDID3x+rAB2nP99Xv2o9Is5NkTDbmIy6o0=",
"lastModified": 1773265075,
"narHash": "sha256-RMDvtOdnzX3A0sZMeqLHwGXpMcR52YL3QImGaHVyIN4=",
"ref": "main",
"rev": "521d144f8a8ff9fca8ccf492d7fbdd05d9a5fe37",
"rev": "f91e1d56318de56907b3f1a3a10785da75b958f6",
"shallow": true,
"type": "git",
"url": "ssh://git@github.com/hektor/nix-secrets"

7
home/hosts/andromache/default.nix
View File

@@ -5,9 +5,6 @@
...
}:
let
username = "h";
in
{
imports = [
../../modules
@@ -35,8 +32,8 @@ in
home = {
stateVersion = "25.05";
inherit username;
homeDirectory = "/home/${username}";
username = config.host.username;
homeDirectory = "/home/${config.host.username}";
};
xdg.userDirs.createDirectories = false;

7
home/hosts/astyanax/default.nix
View File

@@ -4,9 +4,6 @@
...
}:
let
username = "h";
in
{
imports = [
../../modules
@@ -33,8 +30,8 @@ in
home = {
stateVersion = "25.05";
inherit username;
homeDirectory = "/home/${username}";
username = config.host.username;
homeDirectory = "/home/${config.host.username}";
};
xdg.userDirs.createDirectories = false;

70
home/modules/waybar/default.nix
View File

@@ -1,68 +1,8 @@
{
lib,
...
}:
imports = [
./settings.nix
./style.nix
];
{
programs.waybar = {
enable = true;
settings = [
{
height = 16;
spacing = 4;
modules-left = [ "niri/workspaces" ];
modules-right = [
"pulseaudio"
"memory"
"cpu"
"network"
"clock"
"battery"
];
clock = {
format = "W{:%V %d %b %H:%M}";
tooltip-format = "{calendar}";
format-alt = "{:%Y-%m-%d %H:%M:%S}";
};
battery = {
bat = "BAT0";
adapter = "ADP1";
interval = 5;
full-at = 99;
states = {
good = 80;
warning = 20;
critical = 10;
};
format = "{capacity}%--";
format-charging = "{capacity}%++";
format-plugged = "{capacity}%";
format-alt = "{time} {power}W";
};
pulseaudio = {
format = "VOL {volume}%";
format-muted = "muted";
on-click = "pavucontrol";
};
memory = {
interval = 2;
format = "RAM {percentage}%";
format-alt = "RAM {used:0.1f}G/{total:0.1f}G";
};
cpu = {
interval = 2;
format = "CPU {usage}%";
format-alt = "CPU {avg_frequency}GHz";
};
network = {
interval = 5;
format-wifi = "{ifname} {ipaddr} {essid}";
format-ethernet = "{ifname} {ipaddr}";
format-disconnected = "{ifname} disconnected";
tooltip-format = "{ifname}: {ipaddr}/{cidr}";
};
}
];
style = lib.readFile ./style.css;
};
programs.waybar.enable = true;
}

61
home/modules/waybar/settings.nix Normal file
View File

@@ -0,0 +1,61 @@
{ lib, ... }:
{
programs.waybar.settings = [
{
height = 16;
spacing = 4;
modules-left = [ "niri/workspaces" ];
modules-right = [
"pulseaudio"
"memory"
"cpu"
"network"
"clock"
"battery"
];
clock = {
format = "W{:%V %d %b %H:%M}";
tooltip-format = "{calendar}";
format-alt = "{:%Y-%m-%d %H:%M:%S}";
};
battery = {
bat = "BAT0";
adapter = "ADP1";
interval = 5;
full-at = 99;
states = {
good = 80;
warning = 20;
critical = 10;
};
format = "{capacity}%--";
format-charging = "{capacity}%++";
format-plugged = "{capacity}%";
format-alt = "{time} {power}W";
};
pulseaudio = {
format = "VOL {volume}%";
format-muted = "muted";
on-click = "pavucontrol";
};
memory = {
interval = 2;
format = "RAM {percentage}%";
format-alt = "RAM {used:0.1f}G/{total:0.1f}G";
};
cpu = {
interval = 2;
format = "CPU {usage}%";
format-alt = "CPU {avg_frequency}GHz";
};
network = {
interval = 5;
format-wifi = "{ifname} {ipaddr} {essid}";
format-ethernet = "{ifname} {ipaddr}";
format-disconnected = "{ifname} disconnected";
tooltip-format = "{ifname}: {ipaddr}/{cidr}";
};
}
];
}

5
home/modules/waybar/style.nix Normal file
View File

@@ -0,0 +1,5 @@
{ lib, ... }:
{
programs.waybar.style = lib.readFile ./style.css;
}

21
hosts/andromache/default.nix
View File

@@ -7,8 +7,6 @@
}:
let
username = "h";
hostName = "andromache";
wolInterfaces = import ./wol-interfaces.nix;
in
{
@@ -30,7 +28,7 @@ in
../../modules/bluetooth
../../modules/gaming
../../modules/keyboard
(import ../../modules/networking { inherit hostName; })
(import ../../modules/networking { hostName = config.host.name; })
../../modules/users
../../modules/audio
../../modules/localization
@@ -45,7 +43,12 @@ in
../../modules/yubikey
];
home-manager.users.${username} = import ../../home/hosts/andromache {
host = {
username = "h";
name = "andromache";
};
home-manager.users.${config.host.username} = import ../../home/hosts/andromache {
inherit
inputs
config
@@ -54,13 +57,11 @@ in
;
};
networking.hostName = hostName;
ssh.username = username;
ssh.username = config.host.username;
ssh.authorizedHosts = [ "astyanax" ];
secrets.username = username;
docker.user = username;
secrets.username = config.host.username;
docker.user = config.host.username;
nix.settings.secret-key-files = [ config.sops.secrets.nix_signing_key_andromache.path ];
@@ -94,7 +95,7 @@ in
my.yubikey = {
enable = false;
inherit username;
username = config.host.username;
keys = [
{
handle = "<KeyHandle1>";

21
hosts/astyanax/default.nix
View File

@@ -6,8 +6,6 @@
...
}:
let
username = "h";
hostName = "astyanax";
wolInterfaces = import ../andromache/wol-interfaces.nix;
in
{
@@ -30,7 +28,7 @@ in
../../modules/backups
../../modules/bluetooth
../../modules/keyboard
(import ../../modules/networking { inherit hostName; })
(import ../../modules/networking { hostName = config.host.name; })
../../modules/users
../../modules/localization
../../modules/fonts
@@ -42,7 +40,12 @@ in
../../modules/nfc
];
home-manager.users.${username} = import ../../home/hosts/astyanax {
host = {
username = "h";
name = "astyanax";
};
home-manager.users.${config.host.username} = import ../../home/hosts/astyanax {
inherit
inputs
config
@@ -51,14 +54,12 @@ in
;
};
networking.hostName = hostName;
ssh.username = username;
ssh.username = config.host.username;
ssh.authorizedHosts = [ "andromache" ];
secrets.username = username;
docker.user = username;
nfc.user = username;
secrets.username = config.host.username;
docker.user = config.host.username;
nfc.user = config.host.username;
desktop.ly.enable = true;
nix.settings.secret-key-files = [ config.sops.secrets.nix_signing_key_astyanax.path ];

20
hosts/eetion-02/default.nix
View File

@@ -1,21 +1,23 @@
{ pkgs, ... }:
{ pkgs, config, ... }:
# Raspberry Pi 3
# See <https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_3>
let
username = "h";
hostName = "eetion-02";
in
{
imports = [
./hard.nix
../../modules/ssh
../../modules/common
];
host = {
username = "h";
name = "eetion-02";
};
ssh = {
inherit username;
publicHostname = "eetion-02";
username = config.host.username;
publicHostname = config.host.name;
authorizedHosts = [
"andromache"
"astyanax"
@@ -38,7 +40,7 @@ in
hardware.enableRedistributableFirmware = true;
networking = {
inherit hostName;
hostName = config.host.name;
networkmanager.enable = true;
firewall = {
enable = true;
@@ -51,7 +53,7 @@ in
users.users = {
root.hashedPassword = "!";
${username} = {
${config.host.username} = {
isNormalUser = true;
extraGroups = [ "wheel" ];
};

34
hosts/eetion/default.nix
View File

@@ -1,22 +1,24 @@
{ pkgs, ... }:
{ pkgs, config, ... }:
# Orange Pi Zero2 H616
# See <https://nixos.wiki/wiki/NixOS_on_ARM/Orange_Pi_Zero2_H616>
let
username = "h";
hostName = "eetion";
in
{
imports = [
./hard.nix
../../modules/ssh
../../modules/common
# ../../modules/uptime-kuma
];
host = {
username = "h";
name = "eetion";
};
ssh = {
inherit username;
publicHostname = "eetion";
username = config.host.username;
publicHostname = config.host.name;
authorizedHosts = [
"andromache"
"astyanax"
@@ -29,7 +31,7 @@ in
};
networking = {
inherit hostName;
hostName = config.host.name;
networkmanager.enable = true;
firewall = {
enable = true;
@@ -44,7 +46,7 @@ in
users.users = {
root.hashedPassword = "!";
${username} = {
${config.host.username} = {
isNormalUser = true;
extraGroups = [ "wheel" ];
};
@@ -57,19 +59,19 @@ in
enable = true;
passwordFile = "/etc/paperless-admin-pass";
settings = {
PAPERLESS_URL = "http://paperless.eetion";
PAPERLESS_URL = "http://paperless.${config.host.name}";
};
};
# added (OPNSense) domain override to make this work on LAN
#
# host: eetion
# host: <host-name>
# domain: <domain (e.g. lan)>
# ip address: <eetion-ip>
# ip address: <host-ip>
#
# host: paperless
# domain: eetion
# ip address: <eetion-ip>
# domain: <host-name>
# ip address: <host-ip>
nginx = {
enable = true;
recommendedGzipSettings = true;
@@ -78,13 +80,13 @@ in
recommendedTlsSettings = true;
virtualHosts = {
"eetion" = {
"${config.host.name}" = {
default = true;
locations."/" = {
proxyPass = "http://127.0.0.1:5006";
};
};
"paperless.eetion" = {
"paperless.${config.host.name}" = {
locations."/" = {
proxyPass = "http://127.0.0.1:28981";
};

18
hosts/hecuba/default.nix
View File

@@ -1,15 +1,12 @@
{
inputs,
pkgs,
config,
...
}:
# Also see <https://wiki.nixos.org/wiki/Install_NixOS_on_Hetzner_Cloud>
let
username = "username";
hostName = "hecuba";
in
{
imports = [
inputs.disko.nixosModules.disko
@@ -19,9 +16,14 @@ in
../../modules/docker
];
networking.hostName = hostName;
host = {
username = "username";
name = "hecuba";
};
networking.hostName = config.host.name;
ssh = {
inherit username;
username = config.host.username;
publicHostname = "server.hektormisplon.xyz";
authorizedHosts = [
"andromache"
@@ -29,7 +31,7 @@ in
];
};
docker.user = username;
docker.user = config.host.username;
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
@@ -50,7 +52,7 @@ in
users.users = {
root.hashedPassword = "!";
username = {
${config.host.username} = {
isNormalUser = true;
extraGroups = [ "wheel" ];
};

19
hosts/vm/default.nix
View File

@@ -5,10 +5,6 @@
pkgs,
...
}:
let
username = "h";
hostName = "vm";
in
{
imports = [
inputs.disko.nixosModules.disko
@@ -18,7 +14,7 @@ in
./disk.nix
../../modules/boot/bootloader.nix
../../modules/keyboard
(import ../../modules/networking { inherit hostName; })
(import ../../modules/networking { hostName = config.host.name; })
../../modules/users
../../modules/audio
../../modules/localization
@@ -31,14 +27,19 @@ in
})
];
home-manager.users.${username} = import ../../home/hosts/vm {
host = {
username = "h";
name = "vm";
};
home-manager.users.${config.host.username} = import ../../home/hosts/vm {
inherit inputs config pkgs;
};
networking.hostName = hostName;
ssh.username = username;
networking.hostName = config.host.name;
ssh.username = config.host.username;
secrets.username = username;
secrets.username = config.host.username;
disko = {
devices.disk.main = {

3
modules/common/default.nix
View File

@@ -12,6 +12,7 @@ in
{
imports = [
inputs.home-manager.nixosModules.default
./host.nix
];
options.nixpkgs.allowedUnfree = lib.mkOption {
@@ -20,7 +21,7 @@ in
};
config = {
system.stateVersion = "25.05";
system.stateVersion = lib.mkDefault "25.05";
nix = {
optimise = {

13
modules/common/host.nix Normal file
View File

@@ -0,0 +1,13 @@
{ lib, ... }:
{
options.host = {
username = lib.mkOption {
type = lib.types.str;
};
name = lib.mkOption {
type = lib.types.str;
};
};
}