diff --git a/.sops.yaml b/.sops.yaml index 1a6fcab..b5d3805 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,6 +3,7 @@ keys: - &host_zima age16ptwug2yygtfh2dyy5dahaz85pfv3nvqyks03wltyymhyal25uyskz3q9v - &host_cryochamber age122r8wrurhfjwple2ykd4wxafxezjd78mpkrzzyplcdju8q5ykecs3wycee - &host_liminal age1jv3t4pltlsympq86vjhjjr66hvm25hv9utlk2nwa99qxfapc2amq2vmkel + - &host_ruil age1z9x0t7yw3g65wusgg3pg8dr9hu74wkxxfnasqgly32l28pkr6sfs8g72fz creation_rules: - path_regex: hosts/zima/secrets/[^/]+\.(yaml|json|env|ini)$ key_groups: @@ -19,3 +20,8 @@ creation_rules: - age: - *person_hunner - *host_liminal + - path_regex: hosts/ruil/secrets/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - age: + - *person_hunner + - *host_ruil diff --git a/README.md b/README.md index 477960e..f6a1fd5 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,62 @@ -# Notes +# NixOS Configurations -I generated the sops keys via `ssh 'cat /etc/ssh/ssh_host_ed25519_key.pub'|nix run 'nixpkgs#ssh-to-age'` +Flake-based NixOS configurations for zima, cryochamber, liminal, and ruil. + +## Hosts + +| Host | Description | +|------|-------------| +| zima | Local server (ZFS, impermanence) | +| cryochamber | zfs.rent server (impermanence) | +| liminal | Workstation (hardware-specific overlays) | +| ruil | Digital Ocean droplet (ams3) | + +## Deploying + +After changing a host's config, deploy with: + +```sh +# Build and activate on the remote host +just deploy ruil root@ruil.hunnur.com + +# Or build and activate locally via sudo +just deploy-sudo ruil +``` + +There's also a shortcut: + +```sh +just deploy-ruil +``` + +For local hosts, just run: + +```sh +sudo nixos-rebuild switch --flake .#zima +``` + +## Secrets (sops-nix) + +Secrets are managed with [sops-nix](https://github.com/Mic92/sops-nix) using age keys. Each host's secrets live in `hosts//secrets/config.yaml`. + +Host age keys are derived from SSH host keys: + +```sh +ssh 'cat /etc/ssh/ssh_host_ed25519_key.pub' | nix run 'nixpkgs#ssh-to-age' +``` + +To edit a host's secrets: + +```sh +sops edit hosts//secrets/config.yaml +``` + +## Available Commands + +| Command | Description | +|---------|-------------| +| `just deploy ` | Build remotely and activate | +| `just deploy-sudo ` | Build locally and activate | +| `just deploy-ruil` | Deploy ruil (shortcut) | +| `just deploy-liminal` | Deploy liminal (shortcut) | +| `just update` | Update flake lock file | diff --git a/flake.lock b/flake.lock index 2d7e9a4..320f748 100644 --- a/flake.lock +++ b/flake.lock @@ -1,16 +1,36 @@ { "nodes": { + "awww": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1770895252, + "narHash": "sha256-TUGZVDcC5xsrWVnpBNosAG1cTy+aWchCWXPyeLZdnGM=", + "ref": "refs/heads/main", + "rev": "2c86d41d07471f518e24f5cd1f586e4d2a32d12c", + "revCount": 1331, + "type": "git", + "url": "https://codeberg.org/LGFae/awww" + }, + "original": { + "type": "git", + "url": "https://codeberg.org/LGFae/awww" + } + }, "beads-flake": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1764830699, - "narHash": "sha256-GmK2+kcaorEsQ/O9lweJIVBv21Np6VfW6sE/3F/GBjY=", + "lastModified": 1770942279, + "narHash": "sha256-pIMRw8uW9uXCP+10CIvxzSorOaxyZWlhG9YiM1XLtrY=", "owner": "steveyegge", "repo": "beads", - "rev": "f4b8a7ad4f7eb3bd47b24357f69f22bc1a75d4b7", + "rev": "2d517c60aa8b7734bd19b7718b34b06bb72e131e", "type": "github" }, "original": { @@ -19,6 +39,22 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -37,13 +73,38 @@ "type": "github" } }, - "impermanence": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "impermanence", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1737831083, - "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", + "lastModified": 1768598210, + "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "impermanence": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1769548169, + "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=", "owner": "nix-community", "repo": "impermanence", - "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", + "rev": "7b1d382faf603b6d264f58627330f9faa5cba149", "type": "github" }, "original": { @@ -52,6 +113,26 @@ "type": "github" } }, + "niri": { + "inputs": { + "nixpkgs": "nixpkgs_4", + "rust-overlay": "rust-overlay_2" + }, + "locked": { + "lastModified": 1769884849, + "narHash": "sha256-prt52Vr9/Wb1bBwR9O4o99UXKhaYuqWSESW3HlaHCPQ=", + "owner": "hunner", + "repo": "niri", + "rev": "366f6859c167bb24ffe2ff87e9a379d7cc5b26c8", + "type": "github" + }, + "original": { + "owner": "hunner", + "ref": "hunner/focus-to-workspace", + "repo": "niri", + "type": "github" + } + }, "nix-github-actions": { "inputs": { "nixpkgs": [ @@ -75,11 +156,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1764440730, - "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=", + "lastModified": 1770882871, + "narHash": "sha256-nw5g+xl3veea+maxJ2/81tMEA/rPq9aF1H5XF35X+OE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3", + "rev": "af04cb78aa85b2a4d1c15fc7270347e0d0eda97b", "type": "github" }, "original": { @@ -90,59 +171,27 @@ }, "nixpkgs": { "locked": { - "lastModified": 1760284886, - "narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=", - "owner": "NixOS", + "lastModified": 1763934636, + "narHash": "sha256-9glbI7f1uU+yzQCq5LwLgdZqx6svOhZWkd4JRY265fc=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "cf3f5c4def3c7b5f1fc012b3d839575dbe552d43", + "rev": "ee09932cedcef15aaf476f9343d1dea2cb77e261", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-23-11": { - "locked": { - "lastModified": 1720535198, - "narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-25-05": { - "locked": { - "lastModified": 1766687554, - "narHash": "sha256-DegN7KD/EtFSKXf2jvqL6lvev6GlfAAatYBcRC8goEo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "fd0ca39c92fdb4012ed8d60e1683c26fddadd136", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.05", + "owner": "nixos", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-25-11": { "locked": { - "lastModified": 1766885793, - "narHash": "sha256-P6RVkrM9JLCW6xBjSwHfgTOQ1JwBUma5xe5LI8xAPC0=", + "lastModified": 1770770419, + "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9ef261221d1e72399f2036786498d78c38185c46", + "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a", "type": "github" }, "original": { @@ -154,11 +203,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1764667669, - "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=", + "lastModified": 1770841267, + "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "418468ac9527e799809c900eda37cbff999199b6", + "rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae", "type": "github" }, "original": { @@ -170,11 +219,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1764667669, - "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=", + "lastModified": 1770197578, + "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "418468ac9527e799809c900eda37cbff999199b6", + "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2", "type": "github" }, "original": { @@ -186,11 +235,27 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1766840161, - "narHash": "sha256-Ss/LHpJJsng8vz1Pe33RSGIWUOcqM1fjrehjUkdrWio=", + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1757967192, + "narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3edc4a30ed3903fdf6f90c837f961fa6b49582d1", + "rev": "0d7c15863b251a7a50265e57c1dca1a7add2e291", "type": "github" }, "original": { @@ -200,7 +265,39 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { + "locked": { + "lastModified": 1770841267, + "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1770380644, + "narHash": "sha256-P7dWMHRUWG5m4G+06jDyThXO7kwSk46C1kgjEWcybkE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ae67888ff7ef9dff69b3cf0cc0fbfbcd3a722abe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_7": { "locked": { "lastModified": 1698318101, "narHash": "sha256-gUihHt3yPD7bVqg+k/UVHgngyaJ3DMEBchbymBMvK1E=", @@ -219,11 +316,11 @@ "plover": { "flake": false, "locked": { - "lastModified": 1764131295, - "narHash": "sha256-Q6vrDmn3a0m7oz8EeyuIhkq1V4nXNGHIdJhyQl9CAuE=", + "lastModified": 1770872141, + "narHash": "sha256-i9c4BI+C3N0/En75jPwYL+rcezHWjAVhjL5lIEDVdjI=", "owner": "openstenoproject", "repo": "plover", - "rev": "bf2eaa51491d719e65f2afc4b9f999d42230dbdb", + "rev": "a2664f2f8ee7623b3241c0762801b4133ee540c3", "type": "github" }, "original": { @@ -234,21 +331,19 @@ }, "plover-flake": { "inputs": { - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_5", "plover": "plover", - "plover-machine-hid": "plover-machine-hid", "plover-stroke": "plover-stroke", "plover2cat": "plover2cat", "plover_plugins_registry": "plover_plugins_registry", - "pyobjc": "pyobjc", "rtf-tokenize": "rtf-tokenize" }, "locked": { - "lastModified": 1764820984, - "narHash": "sha256-DyBpG7Mh2mPk6HUpC+g2a4vwvBhTHArX3RNJSmIbf6g=", + "lastModified": 1770959233, + "narHash": "sha256-rAT0hNeHoxy1in8pbAsAKrYNOWct7ch5kDvkobkmJx4=", "owner": "openstenoproject", "repo": "plover-flake", - "rev": "15dd9b231fd74e7c80416adf94daeb47ba74b8a6", + "rev": "df89f50dc4440782afa1917099a66bdd04a6509b", "type": "github" }, "original": { @@ -257,22 +352,6 @@ "type": "github" } }, - "plover-machine-hid": { - "flake": false, - "locked": { - "lastModified": 1757266704, - "narHash": "sha256-S+NBVnLjWdINTRpNIZvGotNGiMVSnvq1NZRPnKCmZyM=", - "owner": "dnaq", - "repo": "plover-machine-hid", - "rev": "db917f8b2545964fdaa2f664d1d1e2afafae96a1", - "type": "github" - }, - "original": { - "owner": "dnaq", - "repo": "plover-machine-hid", - "type": "github" - } - }, "plover-stroke": { "flake": false, "locked": { @@ -292,11 +371,11 @@ "plover2cat": { "flake": false, "locked": { - "lastModified": 1757574932, - "narHash": "sha256-kIDuIezGN+n3RDWMOlR6eFlQlQDp6okKgQCk71AgUDs=", + "lastModified": 1770832726, + "narHash": "sha256-V1a+zD0xBXW0NiAnidTYtiGQ8k+3mCh3895lMZlcNt0=", "owner": "greenwyrt", "repo": "plover2CAT", - "rev": "477163958b1a9e6fc48337be137173570fa7350a", + "rev": "440a9a7dd71901ad8528a8c1a464a86f03b8abb5", "type": "github" }, "original": { @@ -308,11 +387,11 @@ "plover_plugins_registry": { "flake": false, "locked": { - "lastModified": 1761769055, - "narHash": "sha256-OLXZEkKGifMpngZfQ9JO/phKXZPNQMigEvT4DWKtjJo=", + "lastModified": 1770827307, + "narHash": "sha256-DAW9pKxDHJUbgYAVzYu+aeeC0CdX6GaX7RMo6xweBI0=", "owner": "openstenoproject", "repo": "plover_plugins_registry", - "rev": "1420aaf4e792c328acd5233a78f343b9167a72e8", + "rev": "626c91a685497a7f51719015caa438b98b0cd5ea", "type": "github" }, "original": { @@ -321,30 +400,13 @@ "type": "github" } }, - "pyobjc": { - "flake": false, - "locked": { - "lastModified": 1736669867, - "narHash": "sha256-Kj1CH1+RYTFszao9G7P3fnsgBjTcvsq4ZpxdjHzQ520=", - "owner": "ronaldoussoren", - "repo": "pyobjc", - "rev": "e29d3a0c80b5bb852e4311ce10827efab9844c6c", - "type": "github" - }, - "original": { - "owner": "ronaldoussoren", - "ref": "v11.0", - "repo": "pyobjc", - "type": "github" - } - }, "root": { "inputs": { + "awww": "awww", "beads-flake": "beads-flake", "impermanence": "impermanence", + "niri": "niri", "nixos-hardware": "nixos-hardware", - "nixpkgs-23-11": "nixpkgs-23-11", - "nixpkgs-25-05": "nixpkgs-25-05", "nixpkgs-25-11": "nixpkgs-25-11", "nixpkgs-unstable": "nixpkgs-unstable", "plover-flake": "plover-flake", @@ -368,16 +430,58 @@ "type": "github" } }, - "sops-nix": { + "rust-overlay": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": [ + "awww", + "nixpkgs" + ] }, "locked": { - "lastModified": 1766894905, - "narHash": "sha256-pn8AxxfajqyR/Dmr1wnZYdUXHgM3u6z9x0Z1Ijmz2UQ=", + "lastModified": 1764038373, + "narHash": "sha256-M6w2wNBRelcavoDAyFL2iO4NeWknD40ASkH1S3C0YGM=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "ab3536fe850211a96673c6ffb2cb88aab8071cc9", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_2": { + "inputs": { + "nixpkgs": [ + "niri", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1757989933, + "narHash": "sha256-9cpKYWWPCFhgwQTww8S94rTXgg8Q8ydFv9fXM6I8xQM=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "8249aa3442fb9b45e615a35f39eca2fe5510d7c3", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": "nixpkgs_6" + }, + "locked": { + "lastModified": 1770683991, + "narHash": "sha256-xVfPvXDf9QN3Eh9dV+Lw6IkWG42KSuQ1u2260HKvpnc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "61b39c7b657081c2adc91b75dd3ad8a91d6f07a7", + "rev": "8b89f44c2cc4581e402111d928869fe7ba9f7033", "type": "github" }, "original": { @@ -404,7 +508,7 @@ "talon-nix": { "inputs": { "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1746431176, diff --git a/flake.nix b/flake.nix index 5a4b3cd..175f9a4 100644 --- a/flake.nix +++ b/flake.nix @@ -1,9 +1,7 @@ { - description = "NixOS configurations for zima, cryochamber, and liminal"; + description = "NixOS configurations for zima, cryochamber, liminal, and ruil"; inputs = { - nixpkgs-23-11.url = "github:NixOS/nixpkgs/nixos-23.11"; - nixpkgs-25-05.url = "github:NixOS/nixpkgs/nixos-25.05"; nixpkgs-25-11.url = "github:NixOS/nixpkgs/nixos-25.11"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; sops-nix.url = "github:Mic92/sops-nix"; @@ -12,17 +10,38 @@ talon-nix.url = "github:nix-community/talon-nix"; plover-flake.url = "github:openstenoproject/plover-flake"; beads-flake.url = "github:steveyegge/beads"; + awww.url = "git+https://codeberg.org/LGFae/awww"; + niri.url = "github:hunner/niri/hunner/focus-to-workspace"; + #niri.inputs.nixpkgs.follows = "nixpkgs-25-11"; }; - outputs = { self, nixpkgs-23-11, nixpkgs-25-05, nixpkgs-25-11, nixpkgs-unstable, sops-nix, nixos-hardware, impermanence, talon-nix, plover-flake, beads-flake, ... }: + outputs = { + self, + nixpkgs-25-11, + nixpkgs-unstable, + sops-nix, + nixos-hardware, + impermanence, + talon-nix, + plover-flake, + beads-flake, + awww, + niri, + ... + }: let system = "x86_64-linux"; + overlay-unstable = final: prev: { unstable = import nixpkgs-unstable { inherit system; config.allowUnfree = true; }; }; + + overlay-local = final: prev: { + codex = prev.callPackage ./pkgs/codex/package.nix { }; + }; in { nixosConfigurations.zima = nixpkgs-25-11.lib.nixosSystem { @@ -47,14 +66,31 @@ ]; }; + nixosConfigurations.ruil = nixpkgs-25-11.lib.nixosSystem { + inherit system; + modules = [ + ./hosts/ruil/configuration.nix + sops-nix.nixosModules.sops + ]; + }; + nixosConfigurations.liminal = nixpkgs-25-11.lib.nixosSystem { inherit system; specialArgs = { - inherit nixos-hardware impermanence talon-nix plover-flake beads-flake; + inherit + nixos-hardware + impermanence + talon-nix + plover-flake + beads-flake + awww + niri + ; }; modules = [ - ({ ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) + ({ ... }: { nixpkgs.overlays = [ overlay-unstable overlay-local ]; }) ./hosts/liminal/configuration.nix + sops-nix.nixosModules.sops ]; }; }; diff --git a/hosts/cryochamber/flake.nix b/hosts/cryochamber/flake.nix deleted file mode 100644 index 4039f1b..0000000 --- a/hosts/cryochamber/flake.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - inputs = { - sops-nix.url = "github:Mic92/sops-nix"; - sops-nix.inputs.nixpkgs.follows = "nixpkgs"; - }; - - outputs = { - self, - nixpkgs, - sops-nix, - }: - let - system = "x86_64-linux"; - in - { - nixosConfigurations.cryochamber = nixpkgs.lib.nixosSystem { - modules = [ - ./configuration.nix - sops-nix.nixosModules.sops - ]; - }; - }; -} diff --git a/hosts/liminal/configuration.nix b/hosts/liminal/configuration.nix index e29697e..92d8827 100644 --- a/hosts/liminal/configuration.nix +++ b/hosts/liminal/configuration.nix @@ -293,7 +293,7 @@ yt-dlp ledger-live-desktop socat - plover-flake.packages.${pkgs.stdenv.hostPlatform.system}.plover-full + #plover-flake.packages.${pkgs.stdenv.hostPlatform.system}.plover-full pkgs.unstable.zoom-us # beads-flake.packages.${pkgs.stdenv.hostPlatform.system}.default awww.packages.${pkgs.stdenv.hostPlatform.system}.awww diff --git a/hosts/liminal/flake.lock b/hosts/liminal/flake.lock deleted file mode 100644 index c5c8376..0000000 --- a/hosts/liminal/flake.lock +++ /dev/null @@ -1,502 +0,0 @@ -{ - "nodes": { - "awww": { - "inputs": { - "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs", - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1766518114, - "narHash": "sha256-3zIOjIidbrHXTxEzjPVrwSd19Mwdfw58VvSnTWtlunc=", - "ref": "refs/heads/main", - "rev": "138c4ebdbe0c3eead5656373ea8837a5bd49c40b", - "revCount": 1329, - "type": "git", - "url": "https://codeberg.org/LGFae/awww" - }, - "original": { - "type": "git", - "url": "https://codeberg.org/LGFae/awww" - } - }, - "beads-flake": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1770403663, - "narHash": "sha256-d8rkeRKa2H1nXFIFgtaFS0B5RslL5aLDM1J1yCI7tac=", - "owner": "steveyegge", - "repo": "beads", - "rev": "eb1049baf371de3988123244bacac01b1a62ef67", - "type": "github" - }, - "original": { - "owner": "steveyegge", - "repo": "beads", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "impermanence", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1768598210, - "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "impermanence": { - "inputs": { - "home-manager": "home-manager", - "nixpkgs": "nixpkgs_3" - }, - "locked": { - "lastModified": 1769548169, - "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=", - "owner": "nix-community", - "repo": "impermanence", - "rev": "7b1d382faf603b6d264f58627330f9faa5cba149", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "impermanence", - "type": "github" - } - }, - "niri": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ], - "rust-overlay": "rust-overlay_2" - }, - "locked": { - "lastModified": 1769884849, - "narHash": "sha256-prt52Vr9/Wb1bBwR9O4o99UXKhaYuqWSESW3HlaHCPQ=", - "owner": "hunner", - "repo": "niri", - "rev": "366f6859c167bb24ffe2ff87e9a379d7cc5b26c8", - "type": "github" - }, - "original": { - "owner": "hunner", - "ref": "hunner/focus-to-workspace", - "repo": "niri", - "type": "github" - } - }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "talon-nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1693660503, - "narHash": "sha256-B/g2V4v6gjirFmy+I5mwB2bCYc0l3j5scVfwgl6WOl8=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "bd5bdbb52350e145c526108f4ef192eb8e554fa0", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-github-actions", - "type": "github" - } - }, - "nixos-hardware": { - "locked": { - "lastModified": 1769302137, - "narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=", - "owner": "NixOS", - "repo": "nixos-hardware", - "rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixos-hardware", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1763934636, - "narHash": "sha256-9glbI7f1uU+yzQCq5LwLgdZqx6svOhZWkd4JRY265fc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "ee09932cedcef15aaf476f9343d1dea2cb77e261", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1770197578, - "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1760284886, - "narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "cf3f5c4def3c7b5f1fc012b3d839575dbe552d43", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1768564909, - "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1770136044, - "narHash": "sha256-tlFqNG/uzz2++aAmn4v8J0vAkV3z7XngeIIB3rM3650=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e576e3c9cf9bad747afcddd9e34f51d18c855b4e", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1770197578, - "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { - "locked": { - "lastModified": 1698318101, - "narHash": "sha256-gUihHt3yPD7bVqg+k/UVHgngyaJ3DMEBchbymBMvK1E=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "63678e9f3d3afecfeafa0acead6239cdb447574c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "plover": { - "flake": false, - "locked": { - "lastModified": 1770363408, - "narHash": "sha256-5VlX3rdLBp6in2MNZpf69KDi5wqsmJcv+3klFz1MGFE=", - "owner": "openstenoproject", - "repo": "plover", - "rev": "a04f2c8d1a60c275a20b907b147c803932ed35bc", - "type": "github" - }, - "original": { - "owner": "openstenoproject", - "repo": "plover", - "type": "github" - } - }, - "plover-flake": { - "inputs": { - "nixpkgs": "nixpkgs_5", - "plover": "plover", - "plover-stroke": "plover-stroke", - "plover2cat": "plover2cat", - "plover_plugins_registry": "plover_plugins_registry", - "rtf-tokenize": "rtf-tokenize" - }, - "locked": { - "lastModified": 1770371166, - "narHash": "sha256-yCP26dPlyE/cB+HpiPmRYDqexDPnyKXnKEb60telt1Q=", - "owner": "openstenoproject", - "repo": "plover-flake", - "rev": "604a11a80433ea52f8f411b3b8cfcdc5ae36be01", - "type": "github" - }, - "original": { - "owner": "openstenoproject", - "repo": "plover-flake", - "type": "github" - } - }, - "plover-stroke": { - "flake": false, - "locked": { - "lastModified": 1652559629, - "narHash": "sha256-A75OMzmEn0VmDAvmQCp6/7uptxzwWJTwsih3kWlYioA=", - "owner": "openstenoproject", - "repo": "plover_stroke", - "rev": "e717a1983b58dcba644153a542dbf8514425a39b", - "type": "github" - }, - "original": { - "owner": "openstenoproject", - "repo": "plover_stroke", - "type": "github" - } - }, - "plover2cat": { - "flake": false, - "locked": { - "lastModified": 1770344683, - "narHash": "sha256-CSydXof9n5zWL7rT2cI+a81N+fxYDOIF9FRgaEk0XFo=", - "owner": "greenwyrt", - "repo": "plover2CAT", - "rev": "2f7028415b1eaffd3122b9947a9b929b8612bdf5", - "type": "github" - }, - "original": { - "owner": "greenwyrt", - "repo": "plover2CAT", - "type": "github" - } - }, - "plover_plugins_registry": { - "flake": false, - "locked": { - "lastModified": 1769296318, - "narHash": "sha256-xpDpYhxzqxMV5wTZ4MC/L5V6DodQG4aSjheLcJIXHjA=", - "owner": "openstenoproject", - "repo": "plover_plugins_registry", - "rev": "627f6f4650cd75a62f6741f8643bd437e75c9eeb", - "type": "github" - }, - "original": { - "owner": "openstenoproject", - "repo": "plover_plugins_registry", - "type": "github" - } - }, - "root": { - "inputs": { - "awww": "awww", - "beads-flake": "beads-flake", - "impermanence": "impermanence", - "niri": "niri", - "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_4", - "nixpkgs-unstable": "nixpkgs-unstable", - "plover-flake": "plover-flake", - "sops-nix": "sops-nix", - "talon-nix": "talon-nix" - } - }, - "rtf-tokenize": { - "flake": false, - "locked": { - "lastModified": 1751102035, - "narHash": "sha256-bM/DFl1mpHgeBItdyA5Tt+Eo9u82Gz+6qwft2h0bM94=", - "owner": "openstenoproject", - "repo": "rtf_tokenize", - "rev": "5c4ad772f4b45ceb35b60584e22a171e90526916", - "type": "github" - }, - "original": { - "owner": "openstenoproject", - "repo": "rtf_tokenize", - "type": "github" - } - }, - "rust-overlay": { - "inputs": { - "nixpkgs": [ - "awww", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1764038373, - "narHash": "sha256-M6w2wNBRelcavoDAyFL2iO4NeWknD40ASkH1S3C0YGM=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "ab3536fe850211a96673c6ffb2cb88aab8071cc9", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_2": { - "inputs": { - "nixpkgs": [ - "niri", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1757989933, - "narHash": "sha256-9cpKYWWPCFhgwQTww8S94rTXgg8Q8ydFv9fXM6I8xQM=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "8249aa3442fb9b45e615a35f39eca2fe5510d7c3", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "sops-nix": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1770145881, - "narHash": "sha256-ktjWTq+D5MTXQcL9N6cDZXUf9kX8JBLLBLT0ZyOTSYY=", - "owner": "Mic92", - "repo": "sops-nix", - "rev": "17eea6f3816ba6568b8c81db8a4e6ca438b30b7c", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "sops-nix", - "type": "github" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "talon-nix": { - "inputs": { - "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs_6" - }, - "locked": { - "lastModified": 1746431176, - "narHash": "sha256-bwXLFy2pDpNE60EkVltrmiRgwNWLo4eYBesP997p8mg=", - "owner": "nix-community", - "repo": "talon-nix", - "rev": "cc110629c5f0be12e839b2aea6a16880f1822706", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "talon-nix", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/hosts/liminal/flake.nix b/hosts/liminal/flake.nix deleted file mode 100644 index 707f1e5..0000000 --- a/hosts/liminal/flake.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ - description = "NixOS configuration for liminal (Framework 16)"; - - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; - nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; - - nixos-hardware.url = "github:NixOS/nixos-hardware"; - impermanence.url = "github:nix-community/impermanence"; - talon-nix.url = "github:nix-community/talon-nix"; - plover-flake.url = "github:openstenoproject/plover-flake"; - beads-flake.url = "github:steveyegge/beads"; - awww.url = "git+https://codeberg.org/LGFae/awww"; - sops-nix.url = "github:Mic92/sops-nix"; - sops-nix.inputs.nixpkgs.follows = "nixpkgs"; - niri.url = "github:hunner/niri/hunner/focus-to-workspace"; - niri.inputs.nixpkgs.follows = "nixpkgs"; - }; - - outputs = { - self, - nixpkgs, - nixpkgs-unstable, - nixos-hardware, - impermanence, - talon-nix, - plover-flake, - beads-flake, - awww, - sops-nix, - niri, - ... - }: - let - system = "x86_64-linux"; - - # Create unstable overlay - overlay-unstable = final: prev: { - unstable = import nixpkgs-unstable { - inherit system; - config.allowUnfree = true; - }; - }; - - overlay-local = final: prev: { - codex = prev.callPackage ./pkgs/codex/package.nix { }; - }; - in - { - nixosConfigurations.liminal = nixpkgs.lib.nixosSystem { - inherit system; - - specialArgs = { - inherit nixos-hardware impermanence talon-nix plover-flake beads-flake awww niri; - }; - - modules = [ - # Add unstable overlay - ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable overlay-local ]; }) - - # Add sops - sops-nix.nixosModules.sops - - # Import configuration - ./configuration.nix - ]; - }; - }; -} diff --git a/hosts/ruil/configuration.nix b/hosts/ruil/configuration.nix new file mode 100644 index 0000000..a82aba5 --- /dev/null +++ b/hosts/ruil/configuration.nix @@ -0,0 +1,71 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + ./hardware-configuration.nix + (modulesPath + "/virtualisation/digital-ocean-config.nix") + ]; + + networking.hostName = "ruil"; + + system.stateVersion = "25.11"; + + # Enable nix flakes + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + # sops-nix secrets + sops.defaultSopsFile = ./secrets/config.yaml; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + sops.secrets.hashedPassword-hunner.neededForUsers = true; + sops.secrets.hashedPassword-ruil.neededForUsers = true; + sops.secrets.hashedPassword-root.neededForUsers = true; + + # SSH key from DO metadata, shared across all users + users.users.root = { + hashedPasswordFile = config.sops.secrets.hashedPassword-root.path; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5+cFZ52qQft4ionKvdHkNM7lmj3x7vSiG/KqGvZ9JP hunter@haugens.org" + ]; + }; + + users.users.hunner = { + uid = 1000; + isNormalUser = true; + extraGroups = [ "wheel" ]; + hashedPasswordFile = config.sops.secrets.hashedPassword-hunner.path; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5+cFZ52qQft4ionKvdHkNM7lmj3x7vSiG/KqGvZ9JP hunter@haugens.org" + ]; + }; + + users.users.ruil = { + uid = 1001; + isNormalUser = true; + hashedPasswordFile = config.sops.secrets.hashedPassword-ruil.path; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5+cFZ52qQft4ionKvdHkNM7lmj3x7vSiG/KqGvZ9JP hunter@haugens.org" + ]; + }; + + # Packages + environment.systemPackages = with pkgs; [ + vim + git + wget + curl + htop + tmux + ]; + + # SSH — keys only, no password auth + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "prohibit-password"; + services.openssh.settings.PasswordAuthentication = false; + services.openssh.settings.KbdInteractiveAuthentication = false; + + # Firewall + networking.firewall = { + enable = true; + allowedTCPPorts = [ 22 ]; + }; +} diff --git a/hosts/ruil/hardware-configuration.nix b/hosts/ruil/hardware-configuration.nix new file mode 100644 index 0000000..2ddec87 --- /dev/null +++ b/hosts/ruil/hardware-configuration.nix @@ -0,0 +1,24 @@ +# Do not modify this file! It was generated by 'nixos-generate-config' +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/f222513b-ded1-49fa-b591-20ce86a2fe7f"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/ruil/secrets/config.yaml b/hosts/ruil/secrets/config.yaml new file mode 100644 index 0000000..80e4bf2 --- /dev/null +++ b/hosts/ruil/secrets/config.yaml @@ -0,0 +1,27 @@ +hashedPassword-hunner: ENC[AES256_GCM,data:fvgYWStE5XyHF1b9lntEfnml9cFbwaz5YCJRiPglDnLvWCPUY/95WsPAod/+1wYDW/LZl3tcBi9B0jF3OqiPZ8yeiu2DR85IKA==,iv:M0mu3m65L7ObZ9Mv97fvr9Z6qZk268h7AZSuW+ecrEk=,tag:pQKMKdJXToLJ188gkJMuCA==,type:str] +hashedPassword-ruil: ENC[AES256_GCM,data:fwBU+24byBOTKljdABTvk2VxR5PGR18R3oozB/wSlORz12oQwjqAtdVBLSR2JZqA7yOWM5V//Ig60GCE4XmYc5pwVsEWqdY8JA==,iv:yuMNzQc+YfPyCFNYgNsh+xEJyLIFRUj0Er5TtYdcG18=,tag:dQpTM937EHEcEDJto4BVog==,type:str] +hashedPassword-root: ENC[AES256_GCM,data:E/T3LBreiSZaC/qZ2QNxz3prGHoj47zS3ILsa7lmPzJDfLQ5yALxjWo4GyPHT9+kAU7uGOBG5/Ab5VqWxw+1cyk/YwT2dyMB+Q==,iv:eMav5Lnrm9SmQgHSDFiTKP6n9mADSsunlWyrSrIgA4E=,tag:fcMt6wiOClb30Vfkd9Dxmw==,type:str] +sops: + age: + - recipient: age17sdp0gguexd88qel74fa4zeckxh93gqpkayz366fz6yvjauw7vcq7w6y45 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSNU83VWd1WkVoQmJQSWxl + K0kwVkdwSmF0M1hWQllZVWdBOFZlVDJQQ3hzCjIzbTRuOVlLR2F5b2p2d0VzckRa + c3NmTDQ1KzMyVW1VaS92a0tHT0thR3cKLS0tIGFKRWkyVlZ6SVhxQW02Ny9vRVRG + VWltdzhKcVk1aW1iYlRyS2t2YVBpVlUKaIuwNyokIQt9NYWKeSqO2o0Zr3TrJkGT + tndCtzrHPjuQ5CPGofPW38nkNGMrrmuKcxwp+g8rawd35leCWCidPw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1z9x0t7yw3g65wusgg3pg8dr9hu74wkxxfnasqgly32l28pkr6sfs8g72fz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsTTU2aTlJVkY2eUc5UG53 + OGd6eFFwU3ZqcDRtdzRHSmJGVGFYVkZhMWljCkRoSUlCSW1ZeW9xdzUwL1FBYVpP + OVpRUXBQZ1dzdW9VWjlaZWUrenRSa28KLS0tIFNmcURtL0xvWVE3Y004Y3ZhSTZl + VHorQzNrMFJLaFpSalZZdjNraXhlSVUKwWLesTzMxsEB45hWWzhZGWc1cDm/gmvF + MAytSLiBcieAkRKZoklyk/llbnq7kycvpZCU/sQrjKqmoHkC+TF3BQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-02-12T04:52:00Z" + mac: ENC[AES256_GCM,data:nl2ALcLsI0eQJjfZniRxeKl6XV9IMGiSJOlv7fadsaTfE+tFRDZY9WyXTsdnyGXq+wH1jb7quesPQ2cv060A1COCa5cdbxfqPDRj2AacmSQ4YhBfz+SdfJznhpWDupeMyn0LBF7ffHVOqq+dkcWVOVQR/AzBuEPIdJdzs3/ya1k=,iv:PDnfRMBjQMXbB2Upycqqp/TYCC6fPYsh6GQAt9hf4qE=,tag:8riFvSKCx3Hisdxz3HgKdA==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/hosts/zima/flake.nix b/hosts/zima/flake.nix deleted file mode 100644 index 2076098..0000000 --- a/hosts/zima/flake.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - inputs = { - sops-nix.url = "github:Mic92/sops-nix"; - sops-nix.inputs.nixpkgs.follows = "nixpkgs"; - }; - - outputs = { - self, - nixpkgs, - sops-nix, - }: - let - system = "x86_64-linux"; - in - { - nixosConfigurations.zima = nixpkgs.lib.nixosSystem { - modules = [ - ./configuration.nix - sops-nix.nixosModules.sops - ]; - }; - }; -} diff --git a/justfile b/justfile new file mode 100644 index 0000000..1101d1b --- /dev/null +++ b/justfile @@ -0,0 +1,23 @@ +# Deploy config to a host (builds remotely, activates remotely) +deploy host target: + nixos-rebuild switch \ + --flake .#{{host}} \ + --target-host {{target}} \ + --build-host {{target}} + +# Deploy config to a host +deploy-sudo host: + sudo nixos-rebuild switch \ + --flake .#{{host}} + +# Shortcut: deploy ruil (remote) +deploy-ruil: + just deploy ruil root@ruil.hunnur.com + +# Shortcut: deploy liminal (local) +deploy-liminal: + just deploy-sudo liminal + +# Update flake lock file +update: + nix flake update diff --git a/hosts/liminal/pkgs/codex/package.nix b/pkgs/codex/package.nix similarity index 91% rename from hosts/liminal/pkgs/codex/package.nix rename to pkgs/codex/package.nix index 5c778be..9db465f 100644 --- a/hosts/liminal/pkgs/codex/package.nix +++ b/pkgs/codex/package.nix @@ -12,24 +12,25 @@ nix-update-script, pkg-config, openssl, + libcap, ripgrep, versionCheckHook, installShellCompletions ? stdenv.buildPlatform.canExecute stdenv.hostPlatform, }: rustPlatform.buildRustPackage (finalAttrs: { pname = "codex"; - version = "0.98.0"; + version = "0.101.0"; src = fetchFromGitHub { owner = "openai"; repo = "codex"; tag = "rust-v${finalAttrs.version}"; - hash = "sha256-rP5Qo70n5lNrdR6ycE63VObLwcMNRlk8sY/kuJ4Qw9Y="; + hash = "sha256-m2Jq7fbSXQ/O3bNBr6zbnQERhk2FZXb+AlGZsHn8GuQ="; }; sourceRoot = "${finalAttrs.src.name}/codex-rs"; - cargoHash = "sha256-DTLC+s9OfWXkjK2Ab5RKPxRB5SfWNqDLA38jvcraZvg="; + cargoHash = "sha256-oOcQv3NFd45WRdn2QtDMxVZwf3KjGWaSDBCjCk0ik/U="; nativeBuildInputs = [ clang @@ -43,6 +44,8 @@ rustPlatform.buildRustPackage (finalAttrs: { buildInputs = [ libclang openssl + ] ++ lib.optionals stdenv.hostPlatform.isLinux [ + libcap ]; # NOTE: set LIBCLANG_PATH so bindgen can locate libclang, and adjust @@ -81,6 +84,7 @@ rustPlatform.buildRustPackage (finalAttrs: { ''; doInstallCheck = true; + versionCheckProgramArg = "--version"; nativeInstallCheckInputs = [ versionCheckHook ]; passthru = { diff --git a/hosts/liminal/pkgs/hp15c/default.nix b/pkgs/hp15c/default.nix similarity index 100% rename from hosts/liminal/pkgs/hp15c/default.nix rename to pkgs/hp15c/default.nix diff --git a/hosts/liminal/pkgs/nonpareil/default.nix b/pkgs/nonpareil/default.nix similarity index 100% rename from hosts/liminal/pkgs/nonpareil/default.nix rename to pkgs/nonpareil/default.nix