hunner/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add ruil and make liminal full-flake

Browse source
This commit is contained in:
Hunter Haugen 2026-02-13 22:25:21 -08:00
parent 97dceb1d65
commit ff5367794d
Signed by: hunner
GPG key ID: EF99694AA599DDAD
16 changed files with 484 additions and 747 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.sops.yaml
View file

@ -3,6 +3,7 @@ keys:
- &host_zima age16ptwug2yygtfh2dyy5dahaz85pfv3nvqyks03wltyymhyal25uyskz3q9v - &host_zima age16ptwug2yygtfh2dyy5dahaz85pfv3nvqyks03wltyymhyal25uyskz3q9v
- &host_cryochamber age122r8wrurhfjwple2ykd4wxafxezjd78mpkrzzyplcdju8q5ykecs3wycee - &host_cryochamber age122r8wrurhfjwple2ykd4wxafxezjd78mpkrzzyplcdju8q5ykecs3wycee
- &host_liminal age1jv3t4pltlsympq86vjhjjr66hvm25hv9utlk2nwa99qxfapc2amq2vmkel - &host_liminal age1jv3t4pltlsympq86vjhjjr66hvm25hv9utlk2nwa99qxfapc2amq2vmkel
- &host_ruil age1z9x0t7yw3g65wusgg3pg8dr9hu74wkxxfnasqgly32l28pkr6sfs8g72fz
creation_rules: creation_rules:
- path_regex: hosts/zima/secrets/[^/]+\.(yaml|json|env|ini)$ - path_regex: hosts/zima/secrets/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:
@ -19,3 +20,8 @@ creation_rules:
- age: - age:
- *person_hunner - *person_hunner
- *host_liminal - *host_liminal
- path_regex: hosts/ruil/secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *person_hunner
- *host_ruil

63
README.md
View file

@ -1,3 +1,62 @@
# Notes # NixOS Configurations
I generated the sops keys via `ssh <host> 'cat /etc/ssh/ssh_host_ed25519_key.pub'|nix run 'nixpkgs#ssh-to-age'` Flake-based NixOS configurations for zima, cryochamber, liminal, and ruil.
## Hosts
| Host | Description |
|------|-------------|
| zima | Local server (ZFS, impermanence) |
| cryochamber | zfs.rent server (impermanence) |
| liminal | Workstation (hardware-specific overlays) |
| ruil | Digital Ocean droplet (ams3) |
## Deploying
After changing a host's config, deploy with:
```sh
# Build and activate on the remote host
just deploy ruil root@ruil.hunnur.com
# Or build and activate locally via sudo
just deploy-sudo ruil
```
There's also a shortcut:
```sh
just deploy-ruil
```
For local hosts, just run:
```sh
sudo nixos-rebuild switch --flake .#zima
```
## Secrets (sops-nix)
Secrets are managed with [sops-nix](https://github.com/Mic92/sops-nix) using age keys. Each host's secrets live in `hosts/<name>/secrets/config.yaml`.
Host age keys are derived from SSH host keys:
```sh
ssh <host> 'cat /etc/ssh/ssh_host_ed25519_key.pub' | nix run 'nixpkgs#ssh-to-age'
```
To edit a host's secrets:
```sh
sops edit hosts/<name>/secrets/config.yaml
```
## Available Commands
| Command | Description |
|---------|-------------|
| `just deploy <host> <target>` | Build remotely and activate |
| `just deploy-sudo <host>` | Build locally and activate |
| `just deploy-ruil` | Deploy ruil (shortcut) |
| `just deploy-liminal` | Deploy liminal (shortcut) |
| `just update` | Update flake lock file |

340
flake.lock generated
View file

@ -1,16 +1,36 @@
{ {
"nodes": { "nodes": {
"awww": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1770895252,
"narHash": "sha256-TUGZVDcC5xsrWVnpBNosAG1cTy+aWchCWXPyeLZdnGM=",
"ref": "refs/heads/main",
"rev": "2c86d41d07471f518e24f5cd1f586e4d2a32d12c",
"revCount": 1331,
"type": "git",
"url": "https://codeberg.org/LGFae/awww"
},
"original": {
"type": "git",
"url": "https://codeberg.org/LGFae/awww"
}
},
"beads-flake": { "beads-flake": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1764830699, "lastModified": 1770942279,
"narHash": "sha256-GmK2+kcaorEsQ/O9lweJIVBv21Np6VfW6sE/3F/GBjY=", "narHash": "sha256-pIMRw8uW9uXCP+10CIvxzSorOaxyZWlhG9YiM1XLtrY=",
"owner": "steveyegge", "owner": "steveyegge",
"repo": "beads", "repo": "beads",
"rev": "f4b8a7ad4f7eb3bd47b24357f69f22bc1a75d4b7", "rev": "2d517c60aa8b7734bd19b7718b34b06bb72e131e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -19,6 +39,22 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1761588595,
"narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"
@ -37,13 +73,38 @@
"type": "github" "type": "github"
} }
}, },
"impermanence": { "home-manager": {
"inputs": {
"nixpkgs": [
"impermanence",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1737831083, "lastModified": 1768598210,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c47b2cc64a629f8e075de52e4742de688f930dc6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"inputs": {
"home-manager": "home-manager",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1769548169,
"narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", "rev": "7b1d382faf603b6d264f58627330f9faa5cba149",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -52,6 +113,26 @@
"type": "github" "type": "github"
} }
}, },
"niri": {
"inputs": {
"nixpkgs": "nixpkgs_4",
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1769884849,
"narHash": "sha256-prt52Vr9/Wb1bBwR9O4o99UXKhaYuqWSESW3HlaHCPQ=",
"owner": "hunner",
"repo": "niri",
"rev": "366f6859c167bb24ffe2ff87e9a379d7cc5b26c8",
"type": "github"
},
"original": {
"owner": "hunner",
"ref": "hunner/focus-to-workspace",
"repo": "niri",
"type": "github"
}
},
"nix-github-actions": { "nix-github-actions": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -75,11 +156,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1764440730, "lastModified": 1770882871,
"narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=", "narHash": "sha256-nw5g+xl3veea+maxJ2/81tMEA/rPq9aF1H5XF35X+OE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3", "rev": "af04cb78aa85b2a4d1c15fc7270347e0d0eda97b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -90,59 +171,27 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1760284886, "lastModified": 1763934636,
"narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=", "narHash": "sha256-9glbI7f1uU+yzQCq5LwLgdZqx6svOhZWkd4JRY265fc=",
"owner": "NixOS", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "cf3f5c4def3c7b5f1fc012b3d839575dbe552d43", "rev": "ee09932cedcef15aaf476f9343d1dea2cb77e261",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "nixos",
"ref": "nixos-unstable", "ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-23-11": {
"locked": {
"lastModified": 1720535198,
"narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-25-05": {
"locked": {
"lastModified": 1766687554,
"narHash": "sha256-DegN7KD/EtFSKXf2jvqL6lvev6GlfAAatYBcRC8goEo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fd0ca39c92fdb4012ed8d60e1683c26fddadd136",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-25-11": { "nixpkgs-25-11": {
"locked": { "locked": {
"lastModified": 1766885793, "lastModified": 1770770419,
"narHash": "sha256-P6RVkrM9JLCW6xBjSwHfgTOQ1JwBUma5xe5LI8xAPC0=", "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9ef261221d1e72399f2036786498d78c38185c46", "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -154,11 +203,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1764667669, "lastModified": 1770841267,
"narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=", "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "418468ac9527e799809c900eda37cbff999199b6", "rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -170,11 +219,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1764667669, "lastModified": 1770197578,
"narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=", "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "418468ac9527e799809c900eda37cbff999199b6", "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -186,11 +235,27 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1766840161, "lastModified": 1768564909,
"narHash": "sha256-Ss/LHpJJsng8vz1Pe33RSGIWUOcqM1fjrehjUkdrWio=", "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1757967192,
"narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3edc4a30ed3903fdf6f90c837f961fa6b49582d1", "rev": "0d7c15863b251a7a50265e57c1dca1a7add2e291",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -200,7 +265,39 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_5": {
"locked": {
"lastModified": 1770841267,
"narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1770380644,
"narHash": "sha256-P7dWMHRUWG5m4G+06jDyThXO7kwSk46C1kgjEWcybkE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ae67888ff7ef9dff69b3cf0cc0fbfbcd3a722abe",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1698318101, "lastModified": 1698318101,
"narHash": "sha256-gUihHt3yPD7bVqg+k/UVHgngyaJ3DMEBchbymBMvK1E=", "narHash": "sha256-gUihHt3yPD7bVqg+k/UVHgngyaJ3DMEBchbymBMvK1E=",
@ -219,11 +316,11 @@
"plover": { "plover": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1764131295, "lastModified": 1770872141,
"narHash": "sha256-Q6vrDmn3a0m7oz8EeyuIhkq1V4nXNGHIdJhyQl9CAuE=", "narHash": "sha256-i9c4BI+C3N0/En75jPwYL+rcezHWjAVhjL5lIEDVdjI=",
"owner": "openstenoproject", "owner": "openstenoproject",
"repo": "plover", "repo": "plover",
"rev": "bf2eaa51491d719e65f2afc4b9f999d42230dbdb", "rev": "a2664f2f8ee7623b3241c0762801b4133ee540c3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -234,21 +331,19 @@
}, },
"plover-flake": { "plover-flake": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_5",
"plover": "plover", "plover": "plover",
"plover-machine-hid": "plover-machine-hid",
"plover-stroke": "plover-stroke", "plover-stroke": "plover-stroke",
"plover2cat": "plover2cat", "plover2cat": "plover2cat",
"plover_plugins_registry": "plover_plugins_registry", "plover_plugins_registry": "plover_plugins_registry",
"pyobjc": "pyobjc",
"rtf-tokenize": "rtf-tokenize" "rtf-tokenize": "rtf-tokenize"
}, },
"locked": { "locked": {
"lastModified": 1764820984, "lastModified": 1770959233,
"narHash": "sha256-DyBpG7Mh2mPk6HUpC+g2a4vwvBhTHArX3RNJSmIbf6g=", "narHash": "sha256-rAT0hNeHoxy1in8pbAsAKrYNOWct7ch5kDvkobkmJx4=",
"owner": "openstenoproject", "owner": "openstenoproject",
"repo": "plover-flake", "repo": "plover-flake",
"rev": "15dd9b231fd74e7c80416adf94daeb47ba74b8a6", "rev": "df89f50dc4440782afa1917099a66bdd04a6509b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -257,22 +352,6 @@
"type": "github" "type": "github"
} }
}, },
"plover-machine-hid": {
"flake": false,
"locked": {
"lastModified": 1757266704,
"narHash": "sha256-S+NBVnLjWdINTRpNIZvGotNGiMVSnvq1NZRPnKCmZyM=",
"owner": "dnaq",
"repo": "plover-machine-hid",
"rev": "db917f8b2545964fdaa2f664d1d1e2afafae96a1",
"type": "github"
},
"original": {
"owner": "dnaq",
"repo": "plover-machine-hid",
"type": "github"
}
},
"plover-stroke": { "plover-stroke": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -292,11 +371,11 @@
"plover2cat": { "plover2cat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1757574932, "lastModified": 1770832726,
"narHash": "sha256-kIDuIezGN+n3RDWMOlR6eFlQlQDp6okKgQCk71AgUDs=", "narHash": "sha256-V1a+zD0xBXW0NiAnidTYtiGQ8k+3mCh3895lMZlcNt0=",
"owner": "greenwyrt", "owner": "greenwyrt",
"repo": "plover2CAT", "repo": "plover2CAT",
"rev": "477163958b1a9e6fc48337be137173570fa7350a", "rev": "440a9a7dd71901ad8528a8c1a464a86f03b8abb5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -308,11 +387,11 @@
"plover_plugins_registry": { "plover_plugins_registry": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1761769055, "lastModified": 1770827307,
"narHash": "sha256-OLXZEkKGifMpngZfQ9JO/phKXZPNQMigEvT4DWKtjJo=", "narHash": "sha256-DAW9pKxDHJUbgYAVzYu+aeeC0CdX6GaX7RMo6xweBI0=",
"owner": "openstenoproject", "owner": "openstenoproject",
"repo": "plover_plugins_registry", "repo": "plover_plugins_registry",
"rev": "1420aaf4e792c328acd5233a78f343b9167a72e8", "rev": "626c91a685497a7f51719015caa438b98b0cd5ea",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -321,30 +400,13 @@
"type": "github" "type": "github"
} }
}, },
"pyobjc": {
"flake": false,
"locked": {
"lastModified": 1736669867,
"narHash": "sha256-Kj1CH1+RYTFszao9G7P3fnsgBjTcvsq4ZpxdjHzQ520=",
"owner": "ronaldoussoren",
"repo": "pyobjc",
"rev": "e29d3a0c80b5bb852e4311ce10827efab9844c6c",
"type": "github"
},
"original": {
"owner": "ronaldoussoren",
"ref": "v11.0",
"repo": "pyobjc",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"awww": "awww",
"beads-flake": "beads-flake", "beads-flake": "beads-flake",
"impermanence": "impermanence", "impermanence": "impermanence",
"niri": "niri",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs-23-11": "nixpkgs-23-11",
"nixpkgs-25-05": "nixpkgs-25-05",
"nixpkgs-25-11": "nixpkgs-25-11", "nixpkgs-25-11": "nixpkgs-25-11",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"plover-flake": "plover-flake", "plover-flake": "plover-flake",
@ -368,16 +430,58 @@
"type": "github" "type": "github"
} }
}, },
"sops-nix": { "rust-overlay": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_3" "nixpkgs": [
"awww",
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1766894905, "lastModified": 1764038373,
"narHash": "sha256-pn8AxxfajqyR/Dmr1wnZYdUXHgM3u6z9x0Z1Ijmz2UQ=", "narHash": "sha256-M6w2wNBRelcavoDAyFL2iO4NeWknD40ASkH1S3C0YGM=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "ab3536fe850211a96673c6ffb2cb88aab8071cc9",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_2": {
"inputs": {
"nixpkgs": [
"niri",
"nixpkgs"
]
},
"locked": {
"lastModified": 1757989933,
"narHash": "sha256-9cpKYWWPCFhgwQTww8S94rTXgg8Q8ydFv9fXM6I8xQM=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "8249aa3442fb9b45e615a35f39eca2fe5510d7c3",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1770683991,
"narHash": "sha256-xVfPvXDf9QN3Eh9dV+Lw6IkWG42KSuQ1u2260HKvpnc=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "61b39c7b657081c2adc91b75dd3ad8a91d6f07a7", "rev": "8b89f44c2cc4581e402111d928869fe7ba9f7033",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -404,7 +508,7 @@
"talon-nix": { "talon-nix": {
"inputs": { "inputs": {
"nix-github-actions": "nix-github-actions", "nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_7"
}, },
"locked": { "locked": {
"lastModified": 1746431176, "lastModified": 1746431176,

48
flake.nix
View file

@ -1,9 +1,7 @@
{ {
description = "NixOS configurations for zima, cryochamber, and liminal"; description = "NixOS configurations for zima, cryochamber, liminal, and ruil";
inputs = { inputs = {
nixpkgs-23-11.url = "github:NixOS/nixpkgs/nixos-23.11";
nixpkgs-25-05.url = "github:NixOS/nixpkgs/nixos-25.05";
nixpkgs-25-11.url = "github:NixOS/nixpkgs/nixos-25.11"; nixpkgs-25-11.url = "github:NixOS/nixpkgs/nixos-25.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
@ -12,17 +10,38 @@
talon-nix.url = "github:nix-community/talon-nix"; talon-nix.url = "github:nix-community/talon-nix";
plover-flake.url = "github:openstenoproject/plover-flake"; plover-flake.url = "github:openstenoproject/plover-flake";
beads-flake.url = "github:steveyegge/beads"; beads-flake.url = "github:steveyegge/beads";
awww.url = "git+https://codeberg.org/LGFae/awww";
niri.url = "github:hunner/niri/hunner/focus-to-workspace";
#niri.inputs.nixpkgs.follows = "nixpkgs-25-11";
}; };
outputs = { self, nixpkgs-23-11, nixpkgs-25-05, nixpkgs-25-11, nixpkgs-unstable, sops-nix, nixos-hardware, impermanence, talon-nix, plover-flake, beads-flake, ... }: outputs = {
self,
nixpkgs-25-11,
nixpkgs-unstable,
sops-nix,
nixos-hardware,
impermanence,
talon-nix,
plover-flake,
beads-flake,
awww,
niri,
...
}:
let let
system = "x86_64-linux"; system = "x86_64-linux";
overlay-unstable = final: prev: { overlay-unstable = final: prev: {
unstable = import nixpkgs-unstable { unstable = import nixpkgs-unstable {
inherit system; inherit system;
config.allowUnfree = true; config.allowUnfree = true;
}; };
}; };
overlay-local = final: prev: {
codex = prev.callPackage ./pkgs/codex/package.nix { };
};
in in
{ {
nixosConfigurations.zima = nixpkgs-25-11.lib.nixosSystem { nixosConfigurations.zima = nixpkgs-25-11.lib.nixosSystem {
@ -47,14 +66,31 @@
]; ];
}; };
nixosConfigurations.ruil = nixpkgs-25-11.lib.nixosSystem {
inherit system;
modules = [
./hosts/ruil/configuration.nix
sops-nix.nixosModules.sops
];
};
nixosConfigurations.liminal = nixpkgs-25-11.lib.nixosSystem { nixosConfigurations.liminal = nixpkgs-25-11.lib.nixosSystem {
inherit system; inherit system;
specialArgs = { specialArgs = {
inherit nixos-hardware impermanence talon-nix plover-flake beads-flake; inherit
nixos-hardware
impermanence
talon-nix
plover-flake
beads-flake
awww
niri
;
}; };
modules = [ modules = [
({ ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) ({ ... }: { nixpkgs.overlays = [ overlay-unstable overlay-local ]; })
./hosts/liminal/configuration.nix ./hosts/liminal/configuration.nix
sops-nix.nixosModules.sops
]; ];
}; };
}; };

23
hosts/cryochamber/flake.nix
View file

@ -1,23 +0,0 @@
{
inputs = {
sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = {
self,
nixpkgs,
sops-nix,
}:
let
system = "x86_64-linux";
in
{
nixosConfigurations.cryochamber = nixpkgs.lib.nixosSystem {
modules = [
./configuration.nix
sops-nix.nixosModules.sops
];
};
};
}

2
hosts/liminal/configuration.nix
View file

@ -293,7 +293,7 @@
yt-dlp yt-dlp
ledger-live-desktop ledger-live-desktop
socat socat
plover-flake.packages.${pkgs.stdenv.hostPlatform.system}.plover-full #plover-flake.packages.${pkgs.stdenv.hostPlatform.system}.plover-full
pkgs.unstable.zoom-us pkgs.unstable.zoom-us
# beads-flake.packages.${pkgs.stdenv.hostPlatform.system}.default # beads-flake.packages.${pkgs.stdenv.hostPlatform.system}.default
awww.packages.${pkgs.stdenv.hostPlatform.system}.awww awww.packages.${pkgs.stdenv.hostPlatform.system}.awww

502
hosts/liminal/flake.lock generated
View file

@ -1,502 +0,0 @@
{
"nodes": {
"awww": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1766518114,
"narHash": "sha256-3zIOjIidbrHXTxEzjPVrwSd19Mwdfw58VvSnTWtlunc=",
"ref": "refs/heads/main",
"rev": "138c4ebdbe0c3eead5656373ea8837a5bd49c40b",
"revCount": 1329,
"type": "git",
"url": "https://codeberg.org/LGFae/awww"
},
"original": {
"type": "git",
"url": "https://codeberg.org/LGFae/awww"
}
},
"beads-flake": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1770403663,
"narHash": "sha256-d8rkeRKa2H1nXFIFgtaFS0B5RslL5aLDM1J1yCI7tac=",
"owner": "steveyegge",
"repo": "beads",
"rev": "eb1049baf371de3988123244bacac01b1a62ef67",
"type": "github"
},
"original": {
"owner": "steveyegge",
"repo": "beads",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1761588595,
"narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"impermanence",
"nixpkgs"
]
},
"locked": {
"lastModified": 1768598210,
"narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c47b2cc64a629f8e075de52e4742de688f930dc6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"inputs": {
"home-manager": "home-manager",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1769548169,
"narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "7b1d382faf603b6d264f58627330f9faa5cba149",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"niri": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1769884849,
"narHash": "sha256-prt52Vr9/Wb1bBwR9O4o99UXKhaYuqWSESW3HlaHCPQ=",
"owner": "hunner",
"repo": "niri",
"rev": "366f6859c167bb24ffe2ff87e9a379d7cc5b26c8",
"type": "github"
},
"original": {
"owner": "hunner",
"ref": "hunner/focus-to-workspace",
"repo": "niri",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"talon-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1693660503,
"narHash": "sha256-B/g2V4v6gjirFmy+I5mwB2bCYc0l3j5scVfwgl6WOl8=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "bd5bdbb52350e145c526108f4ef192eb8e554fa0",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1769302137,
"narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1763934636,
"narHash": "sha256-9glbI7f1uU+yzQCq5LwLgdZqx6svOhZWkd4JRY265fc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ee09932cedcef15aaf476f9343d1dea2cb77e261",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1770197578,
"narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1760284886,
"narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cf3f5c4def3c7b5f1fc012b3d839575dbe552d43",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1768564909,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1770136044,
"narHash": "sha256-tlFqNG/uzz2++aAmn4v8J0vAkV3z7XngeIIB3rM3650=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e576e3c9cf9bad747afcddd9e34f51d18c855b4e",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1770197578,
"narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1698318101,
"narHash": "sha256-gUihHt3yPD7bVqg+k/UVHgngyaJ3DMEBchbymBMvK1E=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "63678e9f3d3afecfeafa0acead6239cdb447574c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"plover": {
"flake": false,
"locked": {
"lastModified": 1770363408,
"narHash": "sha256-5VlX3rdLBp6in2MNZpf69KDi5wqsmJcv+3klFz1MGFE=",
"owner": "openstenoproject",
"repo": "plover",
"rev": "a04f2c8d1a60c275a20b907b147c803932ed35bc",
"type": "github"
},
"original": {
"owner": "openstenoproject",
"repo": "plover",
"type": "github"
}
},
"plover-flake": {
"inputs": {
"nixpkgs": "nixpkgs_5",
"plover": "plover",
"plover-stroke": "plover-stroke",
"plover2cat": "plover2cat",
"plover_plugins_registry": "plover_plugins_registry",
"rtf-tokenize": "rtf-tokenize"
},
"locked": {
"lastModified": 1770371166,
"narHash": "sha256-yCP26dPlyE/cB+HpiPmRYDqexDPnyKXnKEb60telt1Q=",
"owner": "openstenoproject",
"repo": "plover-flake",
"rev": "604a11a80433ea52f8f411b3b8cfcdc5ae36be01",
"type": "github"
},
"original": {
"owner": "openstenoproject",
"repo": "plover-flake",
"type": "github"
}
},
"plover-stroke": {
"flake": false,
"locked": {
"lastModified": 1652559629,
"narHash": "sha256-A75OMzmEn0VmDAvmQCp6/7uptxzwWJTwsih3kWlYioA=",
"owner": "openstenoproject",
"repo": "plover_stroke",
"rev": "e717a1983b58dcba644153a542dbf8514425a39b",
"type": "github"
},
"original": {
"owner": "openstenoproject",
"repo": "plover_stroke",
"type": "github"
}
},
"plover2cat": {
"flake": false,
"locked": {
"lastModified": 1770344683,
"narHash": "sha256-CSydXof9n5zWL7rT2cI+a81N+fxYDOIF9FRgaEk0XFo=",
"owner": "greenwyrt",
"repo": "plover2CAT",
"rev": "2f7028415b1eaffd3122b9947a9b929b8612bdf5",
"type": "github"
},
"original": {
"owner": "greenwyrt",
"repo": "plover2CAT",
"type": "github"
}
},
"plover_plugins_registry": {
"flake": false,
"locked": {
"lastModified": 1769296318,
"narHash": "sha256-xpDpYhxzqxMV5wTZ4MC/L5V6DodQG4aSjheLcJIXHjA=",
"owner": "openstenoproject",
"repo": "plover_plugins_registry",
"rev": "627f6f4650cd75a62f6741f8643bd437e75c9eeb",
"type": "github"
},
"original": {
"owner": "openstenoproject",
"repo": "plover_plugins_registry",
"type": "github"
}
},
"root": {
"inputs": {
"awww": "awww",
"beads-flake": "beads-flake",
"impermanence": "impermanence",
"niri": "niri",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_4",
"nixpkgs-unstable": "nixpkgs-unstable",
"plover-flake": "plover-flake",
"sops-nix": "sops-nix",
"talon-nix": "talon-nix"
}
},
"rtf-tokenize": {
"flake": false,
"locked": {
"lastModified": 1751102035,
"narHash": "sha256-bM/DFl1mpHgeBItdyA5Tt+Eo9u82Gz+6qwft2h0bM94=",
"owner": "openstenoproject",
"repo": "rtf_tokenize",
"rev": "5c4ad772f4b45ceb35b60584e22a171e90526916",
"type": "github"
},
"original": {
"owner": "openstenoproject",
"repo": "rtf_tokenize",
"type": "github"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"awww",
"nixpkgs"
]
},
"locked": {
"lastModified": 1764038373,
"narHash": "sha256-M6w2wNBRelcavoDAyFL2iO4NeWknD40ASkH1S3C0YGM=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "ab3536fe850211a96673c6ffb2cb88aab8071cc9",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_2": {
"inputs": {
"nixpkgs": [
"niri",
"nixpkgs"
]
},
"locked": {
"lastModified": 1757989933,
"narHash": "sha256-9cpKYWWPCFhgwQTww8S94rTXgg8Q8ydFv9fXM6I8xQM=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "8249aa3442fb9b45e615a35f39eca2fe5510d7c3",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1770145881,
"narHash": "sha256-ktjWTq+D5MTXQcL9N6cDZXUf9kX8JBLLBLT0ZyOTSYY=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "17eea6f3816ba6568b8c81db8a4e6ca438b30b7c",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"talon-nix": {
"inputs": {
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1746431176,
"narHash": "sha256-bwXLFy2pDpNE60EkVltrmiRgwNWLo4eYBesP997p8mg=",
"owner": "nix-community",
"repo": "talon-nix",
"rev": "cc110629c5f0be12e839b2aea6a16880f1822706",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "talon-nix",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

69
hosts/liminal/flake.nix
View file

@ -1,69 +0,0 @@
{
description = "NixOS configuration for liminal (Framework 16)";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixos-hardware.url = "github:NixOS/nixos-hardware";
impermanence.url = "github:nix-community/impermanence";
talon-nix.url = "github:nix-community/talon-nix";
plover-flake.url = "github:openstenoproject/plover-flake";
beads-flake.url = "github:steveyegge/beads";
awww.url = "git+https://codeberg.org/LGFae/awww";
sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
niri.url = "github:hunner/niri/hunner/focus-to-workspace";
niri.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = {
self,
nixpkgs,
nixpkgs-unstable,
nixos-hardware,
impermanence,
talon-nix,
plover-flake,
beads-flake,
awww,
sops-nix,
niri,
...
}:
let
system = "x86_64-linux";
# Create unstable overlay
overlay-unstable = final: prev: {
unstable = import nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
};
overlay-local = final: prev: {
codex = prev.callPackage ./pkgs/codex/package.nix { };
};
in
{
nixosConfigurations.liminal = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit nixos-hardware impermanence talon-nix plover-flake beads-flake awww niri;
};
modules = [
# Add unstable overlay
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable overlay-local ]; })
# Add sops
sops-nix.nixosModules.sops
# Import configuration
./configuration.nix
];
};
};
}

71
hosts/ruil/configuration.nix Normal file
View file

@ -0,0 +1,71 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
./hardware-configuration.nix
(modulesPath + "/virtualisation/digital-ocean-config.nix")
];
networking.hostName = "ruil";
system.stateVersion = "25.11";
# Enable nix flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# sops-nix secrets
sops.defaultSopsFile = ./secrets/config.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.secrets.hashedPassword-hunner.neededForUsers = true;
sops.secrets.hashedPassword-ruil.neededForUsers = true;
sops.secrets.hashedPassword-root.neededForUsers = true;
# SSH key from DO metadata, shared across all users
users.users.root = {
hashedPasswordFile = config.sops.secrets.hashedPassword-root.path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5+cFZ52qQft4ionKvdHkNM7lmj3x7vSiG/KqGvZ9JP hunter@haugens.org"
];
};
users.users.hunner = {
uid = 1000;
isNormalUser = true;
extraGroups = [ "wheel" ];
hashedPasswordFile = config.sops.secrets.hashedPassword-hunner.path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5+cFZ52qQft4ionKvdHkNM7lmj3x7vSiG/KqGvZ9JP hunter@haugens.org"
];
};
users.users.ruil = {
uid = 1001;
isNormalUser = true;
hashedPasswordFile = config.sops.secrets.hashedPassword-ruil.path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5+cFZ52qQft4ionKvdHkNM7lmj3x7vSiG/KqGvZ9JP hunter@haugens.org"
];
};
# Packages
environment.systemPackages = with pkgs; [
vim
git
wget
curl
htop
tmux
];
# SSH — keys only, no password auth
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "prohibit-password";
services.openssh.settings.PasswordAuthentication = false;
services.openssh.settings.KbdInteractiveAuthentication = false;
# Firewall
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 ];
};
}

24
hosts/ruil/hardware-configuration.nix Normal file
View file

@ -0,0 +1,24 @@
# Do not modify this file! It was generated by 'nixos-generate-config'
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/f222513b-ded1-49fa-b591-20ce86a2fe7f";
fsType = "ext4";
};
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

27
hosts/ruil/secrets/config.yaml Normal file
View file

@ -0,0 +1,27 @@
hashedPassword-hunner: ENC[AES256_GCM,data:fvgYWStE5XyHF1b9lntEfnml9cFbwaz5YCJRiPglDnLvWCPUY/95WsPAod/+1wYDW/LZl3tcBi9B0jF3OqiPZ8yeiu2DR85IKA==,iv:M0mu3m65L7ObZ9Mv97fvr9Z6qZk268h7AZSuW+ecrEk=,tag:pQKMKdJXToLJ188gkJMuCA==,type:str]
hashedPassword-ruil: ENC[AES256_GCM,data:fwBU+24byBOTKljdABTvk2VxR5PGR18R3oozB/wSlORz12oQwjqAtdVBLSR2JZqA7yOWM5V//Ig60GCE4XmYc5pwVsEWqdY8JA==,iv:yuMNzQc+YfPyCFNYgNsh+xEJyLIFRUj0Er5TtYdcG18=,tag:dQpTM937EHEcEDJto4BVog==,type:str]
hashedPassword-root: ENC[AES256_GCM,data:E/T3LBreiSZaC/qZ2QNxz3prGHoj47zS3ILsa7lmPzJDfLQ5yALxjWo4GyPHT9+kAU7uGOBG5/Ab5VqWxw+1cyk/YwT2dyMB+Q==,iv:eMav5Lnrm9SmQgHSDFiTKP6n9mADSsunlWyrSrIgA4E=,tag:fcMt6wiOClb30Vfkd9Dxmw==,type:str]
sops:
age:
- recipient: age17sdp0gguexd88qel74fa4zeckxh93gqpkayz366fz6yvjauw7vcq7w6y45
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSNU83VWd1WkVoQmJQSWxl
K0kwVkdwSmF0M1hWQllZVWdBOFZlVDJQQ3hzCjIzbTRuOVlLR2F5b2p2d0VzckRa
c3NmTDQ1KzMyVW1VaS92a0tHT0thR3cKLS0tIGFKRWkyVlZ6SVhxQW02Ny9vRVRG
VWltdzhKcVk1aW1iYlRyS2t2YVBpVlUKaIuwNyokIQt9NYWKeSqO2o0Zr3TrJkGT
tndCtzrHPjuQ5CPGofPW38nkNGMrrmuKcxwp+g8rawd35leCWCidPw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1z9x0t7yw3g65wusgg3pg8dr9hu74wkxxfnasqgly32l28pkr6sfs8g72fz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsTTU2aTlJVkY2eUc5UG53
OGd6eFFwU3ZqcDRtdzRHSmJGVGFYVkZhMWljCkRoSUlCSW1ZeW9xdzUwL1FBYVpP
OVpRUXBQZ1dzdW9VWjlaZWUrenRSa28KLS0tIFNmcURtL0xvWVE3Y004Y3ZhSTZl
VHorQzNrMFJLaFpSalZZdjNraXhlSVUKwWLesTzMxsEB45hWWzhZGWc1cDm/gmvF
MAytSLiBcieAkRKZoklyk/llbnq7kycvpZCU/sQrjKqmoHkC+TF3BQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-12T04:52:00Z"
mac: ENC[AES256_GCM,data:nl2ALcLsI0eQJjfZniRxeKl6XV9IMGiSJOlv7fadsaTfE+tFRDZY9WyXTsdnyGXq+wH1jb7quesPQ2cv060A1COCa5cdbxfqPDRj2AacmSQ4YhBfz+SdfJznhpWDupeMyn0LBF7ffHVOqq+dkcWVOVQR/AzBuEPIdJdzs3/ya1k=,iv:PDnfRMBjQMXbB2Upycqqp/TYCC6fPYsh6GQAt9hf4qE=,tag:8riFvSKCx3Hisdxz3HgKdA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0

23
hosts/zima/flake.nix
View file

@ -1,23 +0,0 @@
{
inputs = {
sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = {
self,
nixpkgs,
sops-nix,
}:
let
system = "x86_64-linux";
in
{
nixosConfigurations.zima = nixpkgs.lib.nixosSystem {
modules = [
./configuration.nix
sops-nix.nixosModules.sops
];
};
};
}

23
justfile Normal file
View file

@ -0,0 +1,23 @@
# Deploy config to a host (builds remotely, activates remotely)
deploy host target:
nixos-rebuild switch \
--flake .#{{host}} \
--target-host {{target}} \
--build-host {{target}}
# Deploy config to a host
deploy-sudo host:
sudo nixos-rebuild switch \
--flake .#{{host}}
# Shortcut: deploy ruil (remote)
deploy-ruil:
just deploy ruil root@ruil.hunnur.com
# Shortcut: deploy liminal (local)
deploy-liminal:
just deploy-sudo liminal
# Update flake lock file
update:
nix flake update

10
hosts/liminal/pkgs/codex/package.nix → pkgs/codex/package.nix
View file

@ -12,24 +12,25 @@
nix-update-script, nix-update-script,
pkg-config, pkg-config,
openssl, openssl,
libcap,
ripgrep, ripgrep,
versionCheckHook, versionCheckHook,
installShellCompletions ? stdenv.buildPlatform.canExecute stdenv.hostPlatform, installShellCompletions ? stdenv.buildPlatform.canExecute stdenv.hostPlatform,
}: }:
rustPlatform.buildRustPackage (finalAttrs: { rustPlatform.buildRustPackage (finalAttrs: {
pname = "codex"; pname = "codex";
version = "0.98.0"; version = "0.101.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "openai"; owner = "openai";
repo = "codex"; repo = "codex";
tag = "rust-v${finalAttrs.version}"; tag = "rust-v${finalAttrs.version}";
hash = "sha256-rP5Qo70n5lNrdR6ycE63VObLwcMNRlk8sY/kuJ4Qw9Y="; hash = "sha256-m2Jq7fbSXQ/O3bNBr6zbnQERhk2FZXb+AlGZsHn8GuQ=";
}; };
sourceRoot = "${finalAttrs.src.name}/codex-rs"; sourceRoot = "${finalAttrs.src.name}/codex-rs";
cargoHash = "sha256-DTLC+s9OfWXkjK2Ab5RKPxRB5SfWNqDLA38jvcraZvg="; cargoHash = "sha256-oOcQv3NFd45WRdn2QtDMxVZwf3KjGWaSDBCjCk0ik/U=";
nativeBuildInputs = [ nativeBuildInputs = [
clang clang
@ -43,6 +44,8 @@ rustPlatform.buildRustPackage (finalAttrs: {
buildInputs = [ buildInputs = [
libclang libclang
openssl openssl
] ++ lib.optionals stdenv.hostPlatform.isLinux [
libcap
]; ];
# NOTE: set LIBCLANG_PATH so bindgen can locate libclang, and adjust # NOTE: set LIBCLANG_PATH so bindgen can locate libclang, and adjust
@ -81,6 +84,7 @@ rustPlatform.buildRustPackage (finalAttrs: {
''; '';
doInstallCheck = true; doInstallCheck = true;
versionCheckProgramArg = "--version";
nativeInstallCheckInputs = [ versionCheckHook ]; nativeInstallCheckInputs = [ versionCheckHook ];
passthru = { passthru = {

0
hosts/liminal/pkgs/hp15c/default.nix → pkgs/hp15c/default.nix
View file

0
hosts/liminal/pkgs/nonpareil/default.nix → pkgs/nonpareil/default.nix
View file