2025-02-14 13:04:04 -06:00
|
|
|
{
|
|
|
|
|
hardware,
|
|
|
|
|
self,
|
|
|
|
|
nixpkgs,
|
|
|
|
|
sops-nix,
|
|
|
|
|
disko,
|
|
|
|
|
home-manager,
|
|
|
|
|
nixpkgs-unstable,
|
|
|
|
|
home-manager-unstable,
|
|
|
|
|
...
|
2025-02-14 13:31:18 -06:00
|
|
|
}:
|
|
|
|
|
let
|
|
|
|
|
baseHost =
|
|
|
|
|
{
|
|
|
|
|
nixpkgs,
|
|
|
|
|
home-manager,
|
|
|
|
|
...
|
|
|
|
|
}:
|
|
|
|
|
(
|
|
|
|
|
path:
|
|
|
|
|
(
|
|
|
|
|
{
|
|
|
|
|
system ? "x86_64-linux",
|
|
|
|
|
}:
|
|
|
|
|
(nixpkgs.lib.nixosSystem {
|
|
|
|
|
inherit system;
|
|
|
|
|
modules = [
|
|
|
|
|
(
|
2025-02-14 13:04:04 -06:00
|
|
|
{
|
2025-02-14 13:31:18 -06:00
|
|
|
config,
|
|
|
|
|
lib,
|
|
|
|
|
pkgs,
|
|
|
|
|
modulesPath,
|
|
|
|
|
...
|
|
|
|
|
}:
|
|
|
|
|
{
|
|
|
|
|
imports = with self.outputs.nixosModules; [
|
|
|
|
|
(modulesPath + "/installer/scan/not-detected.nix")
|
|
|
|
|
home-manager.nixosModules.home-manager
|
|
|
|
|
sops-nix.nixosModules.sops
|
|
|
|
|
disko.nixosModules.disko
|
|
|
|
|
deno-netlify-ddns-client
|
|
|
|
|
shell-defaults-and-applications
|
|
|
|
|
wifi
|
|
|
|
|
printing
|
|
|
|
|
podman
|
|
|
|
|
virtual-machines
|
|
|
|
|
postgres
|
|
|
|
|
gaming
|
|
|
|
|
gnome
|
|
|
|
|
daniel
|
|
|
|
|
root
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
config = {
|
|
|
|
|
lyte.shell.enable = lib.mkDefault true;
|
|
|
|
|
nixpkgs.config.allowUnfree = lib.mkDefault true;
|
|
|
|
|
|
|
|
|
|
sops = {
|
|
|
|
|
age = {
|
|
|
|
|
sshKeyPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
|
|
|
keyFile = lib.mkDefault "/var/lib/sops-nix/key.txt";
|
|
|
|
|
generateKey = lib.mkDefault true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
nix = {
|
|
|
|
|
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
|
|
|
|
|
registry = lib.mapAttrs (_: value: { flake = value; }) self.inputs;
|
|
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
|
trusted-users = lib.mkDefault [ "@wheel" ];
|
|
|
|
|
extra-experimental-features = lib.mkDefault [
|
|
|
|
|
"nix-command"
|
|
|
|
|
"flakes"
|
|
|
|
|
];
|
|
|
|
|
auto-optimise-store = lib.mkDefault true;
|
|
|
|
|
} // self.nixConfig;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.services.nix-daemon.environment.TMPDIR = lib.mkDefault "/var/tmp"; # TODO: why did I do this again?
|
|
|
|
|
boot.tmp.cleanOnBoot = lib.mkDefault true;
|
|
|
|
|
programs.gnupg.agent.enable = lib.mkDefault true;
|
|
|
|
|
time.timeZone = lib.mkDefault "America/Chicago";
|
|
|
|
|
i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
|
|
|
|
|
hardware.enableRedistributableFirmware = lib.mkDefault true;
|
|
|
|
|
|
|
|
|
|
home-manager.useGlobalPkgs = lib.mkDefault true;
|
|
|
|
|
home-manager.backupFileExtension = lib.mkDefault "hm-backup";
|
|
|
|
|
|
|
|
|
|
users.users.root = {
|
|
|
|
|
openssh.authorizedKeys.keys = lib.mkDefault [ self.constants.pubkey ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services = {
|
|
|
|
|
openssh = {
|
|
|
|
|
enable = lib.mkDefault true;
|
|
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
|
PasswordAuthentication = lib.mkDefault false;
|
|
|
|
|
KbdInteractiveAuthentication = lib.mkDefault false;
|
|
|
|
|
PermitRootLogin = lib.mkForce "prohibit-password";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
openFirewall = lib.mkDefault true;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
listenAddresses = [
|
|
|
|
|
{ addr = "0.0.0.0"; port = 22; }
|
|
|
|
|
];
|
|
|
|
|
*/
|
|
|
|
|
};
|
|
|
|
|
avahi = {
|
|
|
|
|
enable = lib.mkDefault true;
|
|
|
|
|
reflector = lib.mkDefault true;
|
|
|
|
|
openFirewall = lib.mkDefault true;
|
|
|
|
|
nssmdns4 = lib.mkDefault true;
|
|
|
|
|
};
|
|
|
|
|
tailscale = {
|
|
|
|
|
enable = lib.mkDefault true;
|
|
|
|
|
useRoutingFeatures = lib.mkDefault "client";
|
|
|
|
|
};
|
|
|
|
|
journald.extraConfig = lib.mkDefault "SystemMaxUse=1G";
|
|
|
|
|
xserver.xkb = {
|
|
|
|
|
layout = lib.mkDefault "us";
|
|
|
|
|
|
|
|
|
|
# have the caps-lock key instead be a ctrl key
|
|
|
|
|
options = lib.mkDefault "ctrl:nocaps";
|
|
|
|
|
};
|
|
|
|
|
smartd.enable = lib.mkDefault true;
|
|
|
|
|
fwupd.enable = lib.mkDefault true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
console = {
|
|
|
|
|
useXkbConfig = lib.mkDefault true;
|
|
|
|
|
earlySetup = lib.mkDefault true;
|
|
|
|
|
|
|
|
|
|
colors =
|
|
|
|
|
with self.constants.style.colors;
|
|
|
|
|
lib.mkDefault [
|
|
|
|
|
bg
|
|
|
|
|
red
|
|
|
|
|
green
|
|
|
|
|
orange
|
|
|
|
|
blue
|
|
|
|
|
purple
|
|
|
|
|
yellow
|
|
|
|
|
fg3
|
|
|
|
|
fgdim
|
|
|
|
|
red
|
|
|
|
|
green
|
|
|
|
|
orange
|
|
|
|
|
blue
|
|
|
|
|
purple
|
|
|
|
|
yellow
|
|
|
|
|
fg
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networking = {
|
|
|
|
|
hostName = lib.mkDefault "set-a-hostname-dingus";
|
|
|
|
|
|
|
|
|
|
useDHCP = lib.mkDefault true;
|
|
|
|
|
firewall = {
|
|
|
|
|
enable = lib.mkDefault true;
|
|
|
|
|
allowPing = lib.mkDefault true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2025-02-14 13:04:04 -06:00
|
|
|
}
|
2025-02-14 13:31:18 -06:00
|
|
|
)
|
2025-02-14 13:04:04 -06:00
|
|
|
|
2025-02-14 13:31:18 -06:00
|
|
|
{
|
|
|
|
|
_module.args = {
|
|
|
|
|
hardware = hardware.outputs.nixosModules;
|
|
|
|
|
diskoConfigurations = self.outputs.diskoConfigurations;
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
(import path)
|
|
|
|
|
];
|
|
|
|
|
})
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
stableHost = baseHost { inherit nixpkgs home-manager; };
|
2025-02-14 13:04:04 -06:00
|
|
|
host = baseHost {
|
|
|
|
|
nixpkgs = nixpkgs-unstable;
|
|
|
|
|
home-manager = home-manager-unstable;
|
|
|
|
|
};
|
2025-02-14 13:31:18 -06:00
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
beefcake = stableHost ./beefcake.nix { };
|
|
|
|
|
dragon = host ./dragon.nix { };
|
|
|
|
|
arm-dragon = host ./dragon.nix { system = "aarch64-linux"; };
|
2025-02-14 13:04:04 -06:00
|
|
|
}
|
