hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: hektor:c75724de688f294a98504e84354fce3879b21c10
Branches Tags
hektor:main
..
compare: hektor:eec5d54f59c2161d0aa477f5e9fe70135a065d17
Branches Tags
hektor:main

6 Commits
c75724de68 ... eec5d54f59

Author SHA1 Message Date
hektor
eec5d54f59 chore: remove 'phone' config (skip 'nix-on-droid' for now) 2026-02-21 13:51:01 +01:00
hektor
1a0c85ec97 feat: set up 'eetion-02' raspberry pi host 2026-02-21 13:51:01 +01:00
hektor
0037ba2e54 flake.lock: Update 
Flake lock file updates:

• Updated input 'firefox-addons':
    'gitlab:rycee/nur-expressions/c7794d3f46304de5234008c31b5b28a9d5709184?dir=pkgs/firefox-addons&narHash=sha256-0iGDl/ct3rW%2Bh6%2BsLq4RZaze/U/aQo2L5sLLuyjuVTk%3D' (2026-02-04)
  → 'gitlab:rycee/nur-expressions/65d59f814068d04e532cad2773d281e4951acd95?dir=pkgs/firefox-addons&narHash=sha256-%2BFHN9EthS%2BkHxnMoSDZEiGLoxwiIuij6ltK3aTmlLMA%3D' (2026-02-07)
• Updated input 'home-manager':
    'github:nix-community/home-manager/04e5203db66417d548ae1ff188a9f591836dfaa7?narHash=sha256-R1WFtIvp38hS9x63dnijdJw1KyIiy30KGea6e6N7LHs%3D' (2026-02-05)
  → 'github:nix-community/home-manager/6cee0821577643e0b34e2c5d9a90d0b1b5cdca70?narHash=sha256-cyxgVsNfHnJ4Zn6G1EOzfTXbjTy7Ds9zMOsZaX7VZWs%3D' (2026-02-07)
• Updated input 'nvim':
    'path:./dots/.config/nvim'
  → 'path:./dots/.config/nvim'
 2026-02-21 13:51:00 +01:00
hektor
846112cd25 feat: add (but disable for now) uptime kuma module for 'hecuba' 2026-02-21 13:50:39 +01:00
hektor
6233bd0867 refactor: resolve warnings/errors in checks 2026-02-21 13:50:38 +01:00
hektor
6ba7fd28d5 fix: simplify syncthing module 2026-02-21 13:49:53 +01:00
33 changed files with 291 additions and 491 deletions
Expand all files Collapse all files

3
dots/.config/nvim/flake.nix
View File

@@ -37,7 +37,6 @@
outputs =
{
self,
nixpkgs,
nixCats,
...
@@ -50,7 +49,7 @@
mkDependencyOverlays = system: [
(utils.standardPluginOverlay inputs)
(final: prev: {
(_final: _prev: {
mcp-hub = inputs.mcp-hub.packages.${system}.default;
})
];

4
dots/.config/nvim/lua/skeleton/init.lua
View File

@@ -2,10 +2,10 @@ local autocmd = vim.api.nvim_create_autocmd
autocmd("BufNewFile", {
pattern = "shell.nix",
command = "0r ~/.config/nvim/skeletons/shell.nix",
command = "0r ~/.config/nvim/skeletons/shell.nix.skeleton",
})
autocmd("BufNewFile", {
pattern = "flake.nix",
command = "0r ~/.config/nvim/skeletons/flake.nix",
command = "0r ~/.config/nvim/skeletons/flake.nix.skeleton",
})

0
dots/.config/nvim/skeletons/flake.nix → dots/.config/nvim/skeletons/flake.nix.skeleton
View File

0
dots/.config/nvim/skeletons/shell.nix → dots/.config/nvim/skeletons/shell.nix.skeleton
View File

334
flake.lock generated
View File

@@ -1,73 +1,5 @@
{
"nodes": {
"base16": {
"inputs": {
"fromYaml": "fromYaml"
},
"locked": {
"lastModified": 1755819240,
"narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=",
"owner": "SenchoPens",
"repo": "base16.nix",
"rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "base16.nix",
"type": "github"
}
},
"base16-fish": {
"flake": false,
"locked": {
"lastModified": 1765809053,
"narHash": "sha256-XCUQLoLfBJ8saWms2HCIj4NEN+xNsWBlU1NrEPcQG4s=",
"owner": "tomyun",
"repo": "base16-fish",
"rev": "86cbea4dca62e08fb7fd83a70e96472f92574782",
"type": "github"
},
"original": {
"owner": "tomyun",
"repo": "base16-fish",
"rev": "86cbea4dca62e08fb7fd83a70e96472f92574782",
"type": "github"
}
},
"base16-helix": {
"flake": false,
"locked": {
"lastModified": 1760703920,
"narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=",
"owner": "tinted-theming",
"repo": "base16-helix",
"rev": "d646af9b7d14bff08824538164af99d0c521b185",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-helix",
"type": "github"
}
},
"base16-vim": {
"flake": false,
"locked": {
"lastModified": 1732806396,
"narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=",
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
"type": "github"
}
},
"colmena": {
"inputs": {
"flake-compat": "flake-compat",
@@ -121,11 +53,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1771041825,
"narHash": "sha256-O+wN3O4yXWsNZBS7qG32fg0UnecVzDAr3aQNz/nT38s=",
"lastModified": 1770437015,
"narHash": "sha256-+FHN9EthS+kHxnMoSDZEiGLoxwiIuij6ltK3aTmlLMA=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "03e6c3789a1952bd68837ff1d358375b953d35e8",
"rev": "65d59f814068d04e532cad2773d281e4951acd95",
"type": "gitlab"
},
"original": {
@@ -135,22 +67,6 @@
"type": "gitlab"
}
},
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1764873433,
"narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92",
"type": "github"
},
"original": {
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
@@ -205,27 +121,6 @@
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1767609335,
"narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "250481aafeb741edfe23d29195671c19b36b6dca",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1659877975,
@@ -259,22 +154,6 @@
"type": "github"
}
},
"fromYaml": {
"flake": false,
"locked": {
"lastModified": 1731966426,
"narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=",
"owner": "SenchoPens",
"repo": "fromYaml",
"rev": "106af9e2f715e2d828df706c386a685698f3223b",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "fromYaml",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat_2",
@@ -284,11 +163,11 @@
]
},
"locked": {
"lastModified": 1770726378,
"narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=",
"lastModified": 1769939035,
"narHash": "sha256-Fok2AmefgVA0+eprw2NDwqKkPGEI5wvR+twiZagBvrg=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae",
"rev": "a8ca480175326551d6c4121498316261cbb5b260",
"type": "github"
},
"original": {
@@ -318,25 +197,6 @@
"type": "github"
}
},
"gnome-shell": {
"flake": false,
"locked": {
"host": "gitlab.gnome.org",
"lastModified": 1767737596,
"narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=",
"owner": "GNOME",
"repo": "gnome-shell",
"rev": "ef02db02bf0ff342734d525b5767814770d85b49",
"type": "gitlab"
},
"original": {
"host": "gitlab.gnome.org",
"owner": "GNOME",
"ref": "gnome-49",
"repo": "gnome-shell",
"type": "gitlab"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@@ -344,11 +204,11 @@
]
},
"locked": {
"lastModified": 1771037579,
"narHash": "sha256-NX5XuhGcsmk0oEII2PEtMRgvh2KaAv3/WWQsOpxAgR4=",
"lastModified": 1770476834,
"narHash": "sha256-cyxgVsNfHnJ4Zn6G1EOzfTXbjTy7Ds9zMOsZaX7VZWs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "05e6dc0f6ed936f918cb6f0f21f1dad1e4c53150",
"rev": "6cee0821577643e0b34e2c5d9a90d0b1b5cdca70",
"type": "github"
},
"original": {
@@ -504,11 +364,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1770882871,
"narHash": "sha256-nw5g+xl3veea+maxJ2/81tMEA/rPq9aF1H5XF35X+OE=",
"lastModified": 1769302137,
"narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "af04cb78aa85b2a4d1c15fc7270347e0d0eda97b",
"rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8",
"type": "github"
},
"original": {
@@ -520,11 +380,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1771008912,
"narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=",
"lastModified": 1770197578,
"narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a82ccc39b39b621151d6732718e3e250109076fa",
"rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2",
"type": "github"
},
"original": {
@@ -636,31 +496,6 @@
"type": "gitlab"
}
},
"nur": {
"inputs": {
"flake-parts": [
"stylix",
"flake-parts"
],
"nixpkgs": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1767810917,
"narHash": "sha256-ZKqhk772+v/bujjhla9VABwcvz+hB2IaRyeLT6CFnT0=",
"owner": "nix-community",
"repo": "NUR",
"rev": "dead29c804adc928d3a69dfe7f9f12d0eec1f1a4",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"nvim": {
"inputs": {
"mcp-hub": "mcp-hub",
@@ -811,8 +646,7 @@
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"nvim": "nvim",
"sops-nix": "sops-nix",
"stylix": "stylix"
"sops-nix": "sops-nix"
}
},
"scss-reset": {
@@ -838,11 +672,11 @@
]
},
"locked": {
"lastModified": 1770683991,
"narHash": "sha256-xVfPvXDf9QN3Eh9dV+Lw6IkWG42KSuQ1u2260HKvpnc=",
"lastModified": 1770145881,
"narHash": "sha256-ktjWTq+D5MTXQcL9N6cDZXUf9kX8JBLLBLT0ZyOTSYY=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "8b89f44c2cc4581e402111d928869fe7ba9f7033",
"rev": "17eea6f3816ba6568b8c81db8a4e6ca438b30b7c",
"type": "github"
},
"original": {
@@ -867,40 +701,6 @@
"type": "github"
}
},
"stylix": {
"inputs": {
"base16": "base16",
"base16-fish": "base16-fish",
"base16-helix": "base16-helix",
"base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": "flake-parts_2",
"gnome-shell": "gnome-shell",
"nixpkgs": [
"nixpkgs"
],
"nur": "nur",
"systems": "systems_2",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
"tinted-tmux": "tinted-tmux",
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1770914701,
"narHash": "sha256-QHFYyngohNhih4w+3IqQty5DV+p1txsx1kkk6XJWar8=",
"owner": "danth",
"repo": "stylix",
"rev": "db03fed72e5ca02be34e1d24789345a943329738",
"type": "github"
},
"original": {
"owner": "danth",
"repo": "stylix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@@ -915,102 +715,6 @@
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tinted-foot": {
"flake": false,
"locked": {
"lastModified": 1726913040,
"narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=",
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
}
},
"tinted-kitty": {
"flake": false,
"locked": {
"lastModified": 1735730497,
"narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=",
"owner": "tinted-theming",
"repo": "tinted-kitty",
"rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-kitty",
"type": "github"
}
},
"tinted-schemes": {
"flake": false,
"locked": {
"lastModified": 1767710407,
"narHash": "sha256-+W1EB79Jl0/gm4JqmO0Nuc5C7hRdp4vfsV/VdzI+des=",
"owner": "tinted-theming",
"repo": "schemes",
"rev": "2800e2b8ac90f678d7e4acebe4fa253f602e05b2",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "schemes",
"type": "github"
}
},
"tinted-tmux": {
"flake": false,
"locked": {
"lastModified": 1767489635,
"narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=",
"owner": "tinted-theming",
"repo": "tinted-tmux",
"rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-tmux",
"type": "github"
}
},
"tinted-zed": {
"flake": false,
"locked": {
"lastModified": 1767488740,
"narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=",
"owner": "tinted-theming",
"repo": "base16-zed",
"rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-zed",
"type": "github"
}
}
},
"root": "root",

45
flake.nix
View File

@@ -26,11 +26,6 @@
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-on-droid = {
url = "github:nix-community/nix-on-droid/release-24.05";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
nixgl = {
url = "github:nix-community/nixGL";
inputs.nixpkgs.follows = "nixpkgs";
@@ -58,7 +53,6 @@
self,
nixpkgs,
home-manager,
nix-on-droid,
nixgl,
git-hooks,
colmena,
@@ -92,11 +86,26 @@
}
))
// {
sd-image-aarch64 = nixpkgs.lib.nixosSystem {
sd-image-orange-pi-aarch64 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
./images/sd-image-aarch64.nix
./images/sd-image-orange-pi-aarch64.nix
{
nixpkgs.crossSystem = {
system = "aarch64-linux";
};
}
];
specialArgs = {
inherit inputs outputs dotsPath;
};
};
sd-image-raspberry-pi-aarch64 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
./images/sd-image-raspberry-pi-aarch64.nix
{
nixpkgs.crossSystem = {
system = "aarch64-linux";
@@ -108,6 +117,7 @@
};
};
};
homeConfigurations = {
work = home-manager.lib.homeManagerConfiguration {
pkgs = import nixpkgs {
@@ -120,20 +130,6 @@
};
};
};
# https://github.com/nix-community/nix-on-droid/blob/master/templates/advanced/flake.nix
nixOnDroidConfigurations = {
pixel = nix-on-droid.lib.nixOnDroidConfiguration {
modules = [ ./phone ];
extraSpecialArgs = {
inherit inputs outputs dotsPath;
};
pkgs = import nixpkgs {
system = "aarch64-linux";
overlays = [ nix-on-droid.overlays.default ];
};
home-manager-path = home-manager.outPath;
};
};
apps.${system}.colmena = inputs.colmena.apps.${system}.default;
colmenaHive = import ./deploy/colmena.nix {
@@ -147,6 +143,9 @@
formatter.${system} = gitHooks.formatter;
devShells.${system} = gitHooks.devShells;
images.sd-image-aarch64 = self.nixosConfigurations.sd-image-aarch64.config.system.build.sdImage;
images.sd-image-orange-pi-aarch64 =
self.nixosConfigurations.sd-image-orange-pi-aarch64.config.system.build.sdImage;
images.sd-image-raspberry-pi-aarch64 =
self.nixosConfigurations.sd-image-raspberry-pi-aarch64.config.system.build.sdImage;
};
}

1
home/hosts/andromache/default.nix
View File

@@ -1,6 +1,5 @@
{
lib,
inputs,
config,
pkgs,
...

2
home/modules/keepassxc.nix
View File

@@ -1,5 +1,3 @@
{ pkgs, ... }:
{
programs.keepassxc = {
enable = true;

1
home/modules/shell/bash.nix
View File

@@ -1,7 +1,6 @@
{
config,
lib,
pkgs,
dotsPath,
...
}:

1
home/modules/shell/prompt.nix
View File

@@ -1,7 +1,6 @@
{
config,
lib,
pkgs,
...
}:
{

22
hosts/andromache/default.nix
View File

@@ -1,7 +1,6 @@
{
lib,
inputs,
outputs,
config,
pkgs,
...
@@ -114,26 +113,7 @@ in
};
};
my.syncthing = {
enable = true;
deviceNames = [
"boox"
"astyanax"
];
folders = {
readings = {
path = "/home/h/doc/readings";
id = "readings";
devices = [
{
device = "boox";
type = "receiveonly";
}
"astyanax"
];
};
};
};
my.syncthing.enable = true;
networking = {
# TODO: generate unique hostId on actual host with: head -c 8 /etc/machine-id

1
hosts/andromache/hard.nix
View File

@@ -4,7 +4,6 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:

27
hosts/astyanax/default.nix
View File

@@ -1,7 +1,6 @@
{
lib,
inputs,
outputs,
config,
pkgs,
...
@@ -105,33 +104,11 @@ in
enable = true;
harden = true;
};
};
my.syncthing = {
enable = true;
deviceNames = [
"boox"
"andromache"
];
folders = {
readings = {
path = "/home/h/doc/readings";
id = "readings";
devices = [
{
device = "boox";
type = "receiveonly";
}
"andromache"
];
};
};
};
services = {
locate = {
enable = true;
package = pkgs.plocate;
};
};
my.syncthing.enable = true;
}

1
hosts/astyanax/hard.nix
View File

@@ -4,7 +4,6 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:

86
hosts/eetion-02/default.nix Normal file
View File

@@ -0,0 +1,86 @@
{ pkgs, ... }:
# Raspberry Pi 3
# See <https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_3>
let
username = "h";
hostName = "eetion-02";
in
{
imports = [
./hard.nix
../../modules/ssh/hardened-openssh.nix
];
ssh = {
inherit username;
publicHostname = "eetion-02";
authorizedHosts = [
"andromache"
"astyanax"
];
};
boot = {
kernelParams = [
"console=ttyS1,115200n8"
];
kernel.sysctl."net.ipv4.ip_forward" = 1;
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
};
hardware.enableRedistributableFirmware = true;
networking = {
inherit hostName;
networkmanager.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [
80
443
];
};
};
users.users = {
root.hashedPassword = "!";
${username} = {
isNormalUser = true;
extraGroups = [ "wheel" ];
};
};
security.sudo.wheelNeedsPassword = false;
services = {
openssh = {
enable = true;
harden = true;
};
};
environment.systemPackages = with pkgs; [
vim
git
];
nix.settings = {
experimental-features = [
"nix-command"
"flakes"
];
trusted-users = [
"root"
"@wheel"
];
};
system.stateVersion = "26.05";
}

24
hosts/eetion-02/hard.nix Normal file
View File

@@ -0,0 +1,24 @@
{ lib, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd.availableKernelModules = [ ];
initrd.kernelModules = [ ];
kernelModules = [ ];
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = [ "noatime" ];
};
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

1
hosts/eetion-02/system.nix Normal file
View File

@@ -0,0 +1 @@
"aarch64-linux"

3
hosts/hecuba/default.nix
View File

@@ -17,6 +17,7 @@ in
./hard.nix
../../modules/ssh/hardened-openssh.nix
../../modules/docker
../../modules/uptime-kuma
];
networking.hostName = hostName;
@@ -31,6 +32,8 @@ in
docker.user = username;
my.uptime-kuma.enable = false;
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";

2
hosts/hecuba/hard.nix
View File

@@ -2,9 +2,7 @@
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:

1
hosts/vm/default.nix
View File

@@ -1,7 +1,6 @@
{
lib,
inputs,
outputs,
config,
pkgs,
...

2
hosts/vm/hard.nix
View File

@@ -2,9 +2,7 @@
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:

15
images/README.md Normal file
View File

@@ -0,0 +1,15 @@
# building SD Images
## Raspberry Pi 3B+
```bash
nix build .#images.sd-image-raspberry-pi-aarch64
nix-shell -p zstd --run "zstdcat result/sd-image/*.img.zst | sudo dd of=/dev/sdX bs=4M status=progress conv=fsync"
```
## Orange Pi Zero2 H616
```bash
nix build .#images.sd-image-orange-pi-aarch64
nix-shell -p zstd --run "zstdcat result/sd-image/*.img.zst | sudo dd of=/dev/sdX bs=4M status=progress conv=fsync"
sudo dd if=~/dl/u-boot-sunxi-with-spl.bin of=/dev/sdX bs=1024 seek=8
```

0
images/sd-image-aarch64.nix → images/sd-image-orange-pi-aarch64.nix
View File

73
images/sd-image-raspberry-pi-aarch64.nix Normal file
View File

@@ -0,0 +1,73 @@
# see <https://nixos.wiki/wiki/NixOS_on_ARM#Build_your_own_image_natively>
# see <https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_3>
# ```
# nix build .#images.sd-image-raspberry-pi-aarch64
# nix-shell -p zstd --run "zstdcat result/sd-image/*.img.zst | sudo dd of=/dev/sdX bs=4M status=progress conv=fsync"
# ```
{ pkgs, ... }:
let
username = "h";
in
{
imports = [
../modules/ssh/hardened-openssh.nix
];
ssh.username = username;
ssh.authorizedHosts = [
"andromache"
"astyanax"
];
boot.kernelParams = [
"console=ttyS1,115200n8"
];
boot.kernelModules = [
"bcm2835-v4l2"
];
hardware.enableRedistributableFirmware = true;
hardware.pulseaudio.enable = true;
networking.wireless.enable = true;
systemd.services.btattach = {
before = [ "bluetooth.service" ];
after = [ "dev-ttyAMA0.device" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
};
};
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
users.users = {
root.initialPassword = "nixos";
${username} = {
isNormalUser = true;
extraGroups = [ "wheel" ];
initialPassword = "nixos";
};
};
security.sudo.wheelNeedsPassword = false;
services.openssh = {
enable = true;
harden = true;
};
environment.systemPackages = with pkgs; [
libraspberrypi
];
system.stateVersion = "26.05";
}

2
modules/desktops/gnome.nix
View File

@@ -1,5 +1,3 @@
{ config, pkgs, ... }:
{
services.xserver = {
displayManager.gdm.enable = true;

2
modules/keyboard/default.nix
View File

@@ -3,7 +3,7 @@
with pkgs;
let
tools = interception-tools;
caps2esc = interception-tools-plugins.caps2esc;
inherit (interception-tools-plugins) caps2esc;
in
{
services.interception-tools = {

2
modules/printing/default.nix
View File

@@ -1,5 +1,3 @@
{ pkgs, ... }:
{
# services.avahi = {
# enable = true;

54
modules/syncthing/default.nix
View File

@@ -8,7 +8,6 @@ with lib;
let
cfg = config.my.syncthing;
allDevices = import ./devices.nix;
in
{
options.my.syncthing = {
@@ -17,41 +16,11 @@ in
type = types.str;
default = "h";
};
deviceNames = mkOption {
type = types.listOf types.str;
default = [ ];
};
folders = mkOption {
type = types.attrsOf (
types.submodule {
options = {
path = mkOption { type = types.path; };
id = mkOption { type = types.str; };
devices = mkOption {
type = types.listOf (
types.either types.str (
types.submodule {
options = {
device = mkOption { type = types.str; };
type = mkOption {
type = types.str;
default = "sendreceive";
};
};
}
)
);
default = cfg.deviceNames;
};
};
}
);
default = { };
};
};
config = mkIf cfg.enable {
users.groups.${cfg.username} = { };
users.users.${cfg.username}.extraGroups = [ cfg.username ];
services.syncthing = {
enable = true;
@@ -59,27 +28,6 @@ in
group = cfg.username;
configDir = "/home/${cfg.username}/.local/state/syncthing";
openDefaultPorts = true;
settings = {
options = {
localAnnounceEnabled = true;
globalAnnounceEnabled = true;
relaysEnabled = true;
urAccepted = -1;
};
devices = mapAttrs (name: id: { inherit id; }) (
filterAttrs (name: _: elem name cfg.deviceNames) allDevices
);
folders = mapAttrs (name: folder: {
inherit (folder) id path;
devices = map (
device:
if isString device then
allDevices.${device}
else
device // { deviceID = allDevices.${device.device}; }
) folder.devices;
}) cfg.folders;
};
};
};
}

39
modules/uptime-kuma/default.nix Normal file
View File

@@ -0,0 +1,39 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.my.uptime-kuma;
in
{
options.my.uptime-kuma.enable = lib.mkEnableOption "Uptime Kuma monitoring service (Docker container)";
config = lib.mkIf cfg.enable {
virtualisation.oci-containers = {
backend = "docker";
containers.uptime-kuma = {
image = "louislam/uptime-kuma:latest";
ports = [ "127.0.0.1:3001:3001" ];
volumes = [ "/var/lib/uptime-kuma:/app/data" ];
environment = {
TZ = "UTC";
UMASK = "0022";
};
extraOptions = [
"--network=proxiable"
];
};
};
systemd.tmpfiles.settings."uptime-kuma" = {
"/var/lib/uptime-kuma".d = {
mode = "0755";
};
};
environment.systemPackages = with pkgs; [ docker-compose ];
};
}

2
modules/users/default.nix
View File

@@ -1,5 +1,3 @@
{ pkgs, ... }:
{
users.users.h = {
isNormalUser = true;

26
phone/default.nix
View File

@@ -1,26 +0,0 @@
{
pkgs,
...
}:
{
environment.packages = with pkgs; [
neovim
];
environment.etcBackupExtension = ".bak";
system.stateVersion = "24.05";
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
time.timeZone = "Europe/Brussels";
home-manager = {
config = ./home.nix;
backupFileExtension = "hm-bak";
useGlobalPkgs = true;
};
}

3
phone/home.nix
View File

@@ -1,3 +0,0 @@
{
home.stateVersion = "24.05";
}

3
utils/default.nix
View File

@@ -2,6 +2,5 @@
{
dirNames =
path:
builtins.attrNames (lib.filterAttrs (name: type: type == "directory") (builtins.readDir path));
path: builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir path));
}