lilith/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: lilith:44fc8ce45650958caff59d393c231e0d87bff9a3
Branches Tags
lilith:main
..
compare: lilith:a9d0f1e6b7e6dfff30773d11dd1ff32d517cdc06
Branches Tags
lilith:main

No commits in common. "44fc8ce45650958caff59d393c231e0d87bff9a3" and "a9d0f1e6b7e6dfff30773d11dd1ff32d517cdc06" have entirely different histories.
44fc8ce456 ... a9d0f1e6b7

21 changed files with 1 additions and 319 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,2 +1,2 @@
old old
result

6
flake.nix
View file

@ -32,13 +32,11 @@
outputs = { outputs = {
self, self,
nixpkgs, nixpkgs,
home-manager,
... ...
} @ inputs: let } @ inputs: let
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
defaultConfig = { defaultConfig = {
desktop = true;
}; };
makeHost = host: let makeHost = host: let
@ -53,10 +51,6 @@
./hosts/${host}/hardware-configuration.nix ./hosts/${host}/hardware-configuration.nix
./system ./system
{networking.hostName = host;} {networking.hostName = host;}
]
++ lib.optionals config.desktop [
home-manager
./home
]; ];
}; };
in { in {

1
headless/default.nix
View file

@ -1 +0,0 @@
{...}: {}

1
home/default.nix
View file

@ -1 +0,0 @@
{...}: {}

9
system/audio.nix
View file

@ -1,9 +0,0 @@
{...}: {
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
}

3
system/bluetooth.nix
View file

@ -1,3 +0,0 @@
{...}: {
hardware.bluetooth.enable = true;
}

11
system/btrfs.nix
View file

@ -1,11 +0,0 @@
{...}: {
services.btrfs.autoScrub = {
enable = true;
interval = "Fri 07:00";
fileSystems = [
"/persist"
"/nix"
];
};
}

21
system/default.nix
View file

@ -1,26 +1,5 @@
{...}: { {...}: {
imports = [ imports = [
./boot.nix ./boot.nix
./packages.nix
./env.nix
./btrfs.nix
./users.nix
./networking.nix
./persistence.nix
./nix.nix
./audio.nix
./ssh.nix
./syncthing.nix
./wayland.nix
./steam.nix
./nfs.nix
./fonts.nix
./bluetooth.nix
./zsh.nix
]; ];
system.stateVersion = "24.11";
} }

9
system/env.nix
View file

@ -1,9 +0,0 @@
{...}: {
time.timeZone = "Europe/Berlin";
environment.variables = {
EDITOR = "hx";
VISUAL = "hx";
FLAKE = "/home/lilith/nixos";
};
}

6
system/fonts.nix
View file

@ -1,6 +0,0 @@
{...}: {
fonts.packages = with pkgs; [
nerd-fonts.jetbrains-mono
twemoji-color-font
];
}

19
system/networking.nix
View file

@ -1,19 +0,0 @@
{...}: {
networking.networkmanager = {
enable = true;
wifi.macAddress = "random";
ethernet.macAddress = "random";
};
networking.nftables = {
enable = true;
};
networking.firewall = {
enable = true;
allowedTCPPorts = [
22 # ssh
22000 # syncthing
];
};
}

13
system/nfs.nix
View file

@ -1,13 +0,0 @@
{ ... }: {
fileSystems."/mnt/nas" = {
device = "nixserver:/share";
fsType = "nfs";
options = [
"nfsvers=4.2"
"noauto"
"x-systemd.automount"
"x-systemd.idle-timeout=600"
"_netdev"
];
};
}

15
system/nix.nix
View file

@ -1,15 +0,0 @@
{...}: {
nix = {
gc = {
automatic = true;
dates = "05:30";
options = "--delete-older-than 7d";
};
settings = {
keep-outputs = true;
auto-optimise-store = true;
experimental-features = ["nix-command" "flakes"];
trusted-users = ["root" "@wheel"];
};
};
}

21
system/packages.nix
View file

@ -1,21 +0,0 @@
{ pkgs, ...}: {
environment.systemPackages = with pkgs; [
age
compsize
duf
eza
bat
file
htop
btop
git
jq
yq
du-dust
ripgrep
sops
wget
wireguard-tools
zip
];
}

60
system/persistence.nix
View file

@ -1,60 +0,0 @@
{impermanence, conf, lib, config, ...}: {
imports = [impermanence.nixosModule];
environment.persistence."/persist/data" = {
hideMounts = true;
directories = [
"/etc/NetworkManager/system-connections"
"/var/lib/bluetooth"
];
files = [];
users.lilith = {
directories = [
".config/syncthing"
".config/sops"
".config/keepassxc"
".config/obsidian"
".config/vesktop"
".gnupg"
".ssh"
".thunderbird"
".mozilla"
"nixos"
"sync"
"obsidian"
"code"
".keepass"
];
files = [];
}
};
environment.persistence."/persist/cache" = {
hideMounts = true;
directories = [
"/root/.cache/nix"
"/var/lib/btrfs"
"/var/lib/nixos"
"/var/lib/systemd/backlight"
"/var/lib/systemd/timers"
"/var/log"
];
files = [
"/etc/machine-id"
];
users.lilith = {
directories = [
".cache/nix"
".cache/keepassxc"
".cargo"
".local/state/wireplumber"
"tmp"
];
files = [];
};
};
}

11
system/ssh.nix
View file

@ -1,11 +0,0 @@
{...}: {
networking.firewall.allowedTCPPorts = [22];
services.openssh = {
enable = true;
ports = [22];
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
}

5
system/steam.nix
View file

@ -1,5 +0,0 @@
{...}: {
programs.steam.enable = true;
programs.steam.remotePlay.openFirewall = true;
}

49
system/syncthing.nix
View file

@ -1,49 +0,0 @@
{ config, ...}: let
host = networking.hostName;
in {
sops.secrets."syncthing/key.pem" = {
sopsFile = ../hosts/${host}/secrets/default.yaml;
};
sops.secrets."syncthing/cert.pem" = {
sopsFile = ../hosts/${host}/secrets/default.yaml;
};
services.syncthing = {
enable = true;
user = lilith;
dataDir = "/home/lilith";
configDir = "/home/lilith/.config/syncthing";
overrideDevices = true;
overrideFolders = true;
settings = {
key = config.sops.secrets."syncthing/key.pem".path;
cert = config.sops.secrets."syncthing/cert.pem".path;
devices = {
"phone" = {id = "C2CKYRP-72UNJRX-MUPZIUY-CCHQYGF-6T4NA6B-MO7AEZB-RSN5EAG-CN2JCAF";};
"nixserver" = {id = "DW6GTZ3-3JPAHLO-UEB3LBL-AWOX3BT-QPI7ODT-OZ6Q4YR-K3KK22C-5RY3XQZ";};
"lilith-pc" = {id = "37HHP4Q-NNQRQPQ-MVSIHAX-BK2A3GL-O6K4WXA-Y7ZQ5GZ-BY4UTFH-LG4HYAY";};
"lilith-pad" = {id = "GQJA6WA-G5YZZSN-4OOQMVE-JPIR22N-VFHPY4O-XMRG37D-DALH4R2-7DCTMQK";};
"lilith-old" = {id = "MSUZJ6K-4CIFE5D-ILO6FE4-SPRPTZI-VEWZQ7F-ECARCCF-2VLVMDQ-2HQUAAS";};
};
folders = {
"rdcj2-mfyb4" = {
path = "/home/lilith/sync";
devices = ["phone" "nixserver" "lilith-pad" "lilith-pc" "lilith-old"];
};
"sdpfs-2beqd" = {
path = "/home/lilith/.keepass";
devices = ["phone" "nixserver" "lilith-pad" "lilith-pc" "lilith-old"];
};
"7qim7-yzqpn" = {
path = "/home/lilith/obsidian";
devices = ["phone" "nixserver" "lilith-pad" "lilith-pc" "lilith-old"];
};
};
};
};
}

30
system/users.nix
View file

@ -1,30 +0,0 @@
{ config, ...}: let
host = config.networking.hostName;
in {
users.mutableUsers = false;
users.users = {
lilith = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel" "networkmanager" ];
hashedPasswordFile = config.sops.secrets."user/password".path;
};
};
sops.secrets = {
"user/password" = {
sopsFile = ../hosts/${host}/secrets/default.yaml;
neededForUsers = true;
};
"user/ssh/private" = {
sopsFile = ../hosts/${conf.hostname}/secrets/default.yaml;
path = "/home/lilith/.ssh/id_ed25519";
owner = "lilith";
};
"user/ssh/public" = {
sopsFile = ../hosts/${conf.hostname}/secrets/default.yaml;
path = "/home/lilith/.ssh/id_ed25519.pub";
owner = "lilith";
};
};
}

24
system/wayland.nix
View file

@ -1,24 +0,0 @@
{...}: {
hardware.graphics.enable = true;
security.polkit.enable = true;
security.pam.services.hyprlock = {};
services.dbus.enable = true;
programs.hyprland.enable = true;
services.greetd = {
enable = true;
settings = {
default_session = {
user = "lilith";
command = "Hyprland";
};
initial_session = {
user = "lilith";
command = "Hyprland";
};
};
};
}

4
system/zsh.nix
View file

@ -1,4 +0,0 @@
{pkgs, ...}: {
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
}