From 608236005e6520535cefce4883583457cda08dc9 Mon Sep 17 00:00:00 2001 From: Tyler Starr Date: Thu, 19 Dec 2024 11:03:57 -0800 Subject: [PATCH 1/7] refactor flake to allow for alternate users --- provision/flake.nix | 35 ++++++++--------------------- provision/hosts.json | 20 +++++++++++++++++ provision/hosts/bulwark/default.nix | 6 +++-- provision/hosts/kestrel/default.nix | 6 +++-- provision/hosts/osprey/default.nix | 6 +++-- provision/hosts/shivan/default.nix | 6 +++-- provision/hosts/torus/default.nix | 6 +++-- provision/hosts/wsl/default.nix | 6 +++-- 8 files changed, 53 insertions(+), 38 deletions(-) create mode 100644 provision/hosts.json diff --git a/provision/flake.nix b/provision/flake.nix index f21acd23..b6dcdcb1 100644 --- a/provision/flake.nix +++ b/provision/flake.nix @@ -15,34 +15,17 @@ outputs = inputs @ { self, nixpkgs, home-manager, jovian-nixos, agenix, nixos-wsl, ... }: let system = "x86_64-linux"; - user = "tstarr"; + hosts = builtins.fromJSON (builtins.readFile ./hosts.json); lib = nixpkgs.lib; in { - nixosConfigurations = { - kestrel = lib.nixosSystem (import ./hosts/kestrel { + nixosConfigurations = lib.mapAttrs (hostname: hostConfig: + lib.nixosSystem (import ./hosts/${hostname} { inherit lib; - inherit system user inputs agenix home-manager; - }); - shivan = lib.nixosSystem (import ./hosts/shivan { - inherit lib; - inherit system user inputs agenix home-manager; - }); - torus = lib.nixosSystem (import ./hosts/torus { - inherit lib; - inherit system user inputs agenix home-manager; - }); - bulwark = lib.nixosSystem (import ./hosts/bulwark { - inherit lib; - inherit system user inputs agenix home-manager jovian-nixos; - }); - wsl = lib.nixosSystem (import ./hosts/wsl { - inherit lib; - inherit system user inputs agenix home-manager nixos-wsl; - }); - osprey = lib.nixosSystem (import ./hosts/osprey { - inherit lib; - inherit system user inputs agenix home-manager; - }); - }; + inherit system inputs agenix home-manager jovian-nixos nixos-wsl; + specialArgs = { + user = hostConfig.user; + }; + }) + ) hosts; }; } diff --git a/provision/hosts.json b/provision/hosts.json new file mode 100644 index 00000000..2be92cbd --- /dev/null +++ b/provision/hosts.json @@ -0,0 +1,20 @@ +{ + "kestrel": { + "user": "tstarr" + }, + "shivan": { + "user": "tstarr" + }, + "torus": { + "user": "tstarr" + }, + "bulwark": { + "user": "test" + }, + "osprey": { + "user": "tstarr" + }, + "wsl": { + "user": "user" + } +} diff --git a/provision/hosts/bulwark/default.nix b/provision/hosts/bulwark/default.nix index 83fb02bd..c25169b8 100644 --- a/provision/hosts/bulwark/default.nix +++ b/provision/hosts/bulwark/default.nix @@ -1,5 +1,7 @@ -{ lib, system, user, inputs, agenix, home-manager, jovian-nixos, ... }: -{ +{ lib, specialArgs, system, user, inputs, agenix, home-manager, jovian-nixos, ... }: +let + user = specialArgs.user; +in { inherit system; specialArgs = { inherit user inputs home-manager jovian-nixos; }; modules = [ diff --git a/provision/hosts/kestrel/default.nix b/provision/hosts/kestrel/default.nix index c4d30e18..58fdff86 100644 --- a/provision/hosts/kestrel/default.nix +++ b/provision/hosts/kestrel/default.nix @@ -1,5 +1,7 @@ -{ lib, system, user, inputs, agenix, home-manager, ... }: -{ +{ lib, specialArgs, system, inputs, agenix, home-manager, ... }: +let + user = specialArgs.user; +in { inherit system; specialArgs = { inherit user inputs home-manager; }; modules = [ diff --git a/provision/hosts/osprey/default.nix b/provision/hosts/osprey/default.nix index 3b4f8302..df27ae2d 100644 --- a/provision/hosts/osprey/default.nix +++ b/provision/hosts/osprey/default.nix @@ -1,5 +1,7 @@ -{ lib, system, user, inputs, agenix, home-manager, ... }: -{ +{ lib, specialArgs, system, user, inputs, agenix, home-manager, ... }: +let + user = specialArgs.user; +in { inherit system; specialArgs = { inherit user inputs home-manager; }; modules = [ diff --git a/provision/hosts/shivan/default.nix b/provision/hosts/shivan/default.nix index f4fcc139..f6227117 100644 --- a/provision/hosts/shivan/default.nix +++ b/provision/hosts/shivan/default.nix @@ -1,5 +1,7 @@ -{ lib, system, user, inputs, agenix, home-manager, ... }: -{ +{ lib, specialArgs, system, user, inputs, agenix, home-manager, ... }: +let + user = specialArgs.user; +in { inherit system; specialArgs = { inherit user inputs home-manager; }; modules = [ diff --git a/provision/hosts/torus/default.nix b/provision/hosts/torus/default.nix index 237ab50e..349d5c8b 100644 --- a/provision/hosts/torus/default.nix +++ b/provision/hosts/torus/default.nix @@ -1,5 +1,7 @@ -{ lib, system, user, inputs, agenix, home-manager, ... }: -{ +{ lib, specialArgs, system, user, inputs, agenix, home-manager, ... }: +let + user = specialArgs.user; +in { inherit system; specialArgs = { inherit user inputs home-manager; }; modules = [ diff --git a/provision/hosts/wsl/default.nix b/provision/hosts/wsl/default.nix index 3619e9fc..da99d32b 100644 --- a/provision/hosts/wsl/default.nix +++ b/provision/hosts/wsl/default.nix @@ -1,5 +1,7 @@ -{ lib, system, user, inputs, agenix, home-manager, nixos-wsl, ... }: -{ +{ lib, specialArgs, system, user, inputs, agenix, home-manager, nixos-wsl, ... }: +let + user = specialArgs.user; +in { inherit system; specialArgs = { inherit user inputs nixos-wsl home-manager; }; modules = [ From 26301235fe3854ff5a5958309e4ed4e6e33a3608 Mon Sep 17 00:00:00 2001 From: Tyler Starr Date: Thu, 19 Dec 2024 11:03:57 -0800 Subject: [PATCH 2/7] refactor flake to allow for alternate users --- provision/flake.nix | 35 ++++++++--------------------- provision/hosts.json | 20 +++++++++++++++++ provision/hosts/bulwark/default.nix | 6 +++-- provision/hosts/kestrel/default.nix | 6 +++-- provision/hosts/osprey/default.nix | 6 +++-- provision/hosts/shivan/default.nix | 6 +++-- provision/hosts/torus/default.nix | 6 +++-- provision/hosts/wsl/default.nix | 6 +++-- 8 files changed, 53 insertions(+), 38 deletions(-) create mode 100644 provision/hosts.json diff --git a/provision/flake.nix b/provision/flake.nix index f21acd23..b6dcdcb1 100644 --- a/provision/flake.nix +++ b/provision/flake.nix @@ -15,34 +15,17 @@ outputs = inputs @ { self, nixpkgs, home-manager, jovian-nixos, agenix, nixos-wsl, ... }: let system = "x86_64-linux"; - user = "tstarr"; + hosts = builtins.fromJSON (builtins.readFile ./hosts.json); lib = nixpkgs.lib; in { - nixosConfigurations = { - kestrel = lib.nixosSystem (import ./hosts/kestrel { + nixosConfigurations = lib.mapAttrs (hostname: hostConfig: + lib.nixosSystem (import ./hosts/${hostname} { inherit lib; - inherit system user inputs agenix home-manager; - }); - shivan = lib.nixosSystem (import ./hosts/shivan { - inherit lib; - inherit system user inputs agenix home-manager; - }); - torus = lib.nixosSystem (import ./hosts/torus { - inherit lib; - inherit system user inputs agenix home-manager; - }); - bulwark = lib.nixosSystem (import ./hosts/bulwark { - inherit lib; - inherit system user inputs agenix home-manager jovian-nixos; - }); - wsl = lib.nixosSystem (import ./hosts/wsl { - inherit lib; - inherit system user inputs agenix home-manager nixos-wsl; - }); - osprey = lib.nixosSystem (import ./hosts/osprey { - inherit lib; - inherit system user inputs agenix home-manager; - }); - }; + inherit system inputs agenix home-manager jovian-nixos nixos-wsl; + specialArgs = { + user = hostConfig.user; + }; + }) + ) hosts; }; } diff --git a/provision/hosts.json b/provision/hosts.json new file mode 100644 index 00000000..a728deec --- /dev/null +++ b/provision/hosts.json @@ -0,0 +1,20 @@ +{ + "kestrel": { + "user": "tstarr" + }, + "shivan": { + "user": "tstarr" + }, + "torus": { + "user": "tstarr" + }, + "bulwark": { + "user": "tstarr" + }, + "osprey": { + "user": "tstarr" + }, + "wsl": { + "user": "user" + } +} diff --git a/provision/hosts/bulwark/default.nix b/provision/hosts/bulwark/default.nix index 83fb02bd..480dfcbe 100644 --- a/provision/hosts/bulwark/default.nix +++ b/provision/hosts/bulwark/default.nix @@ -1,5 +1,7 @@ -{ lib, system, user, inputs, agenix, home-manager, jovian-nixos, ... }: -{ +{ lib, specialArgs, system, inputs, agenix, home-manager, jovian-nixos, ... }: +let + user = specialArgs.user; +in { inherit system; specialArgs = { inherit user inputs home-manager jovian-nixos; }; modules = [ diff --git a/provision/hosts/kestrel/default.nix b/provision/hosts/kestrel/default.nix index c4d30e18..58fdff86 100644 --- a/provision/hosts/kestrel/default.nix +++ b/provision/hosts/kestrel/default.nix @@ -1,5 +1,7 @@ -{ lib, system, user, inputs, agenix, home-manager, ... }: -{ +{ lib, specialArgs, system, inputs, agenix, home-manager, ... }: +let + user = specialArgs.user; +in { inherit system; specialArgs = { inherit user inputs home-manager; }; modules = [ diff --git a/provision/hosts/osprey/default.nix b/provision/hosts/osprey/default.nix index 3b4f8302..25c7949b 100644 --- a/provision/hosts/osprey/default.nix +++ b/provision/hosts/osprey/default.nix @@ -1,5 +1,7 @@ -{ lib, system, user, inputs, agenix, home-manager, ... }: -{ +{ lib, specialArgs, system, inputs, agenix, home-manager, ... }: +let + user = specialArgs.user; +in { inherit system; specialArgs = { inherit user inputs home-manager; }; modules = [ diff --git a/provision/hosts/shivan/default.nix b/provision/hosts/shivan/default.nix index f4fcc139..11c9829a 100644 --- a/provision/hosts/shivan/default.nix +++ b/provision/hosts/shivan/default.nix @@ -1,5 +1,7 @@ -{ lib, system, user, inputs, agenix, home-manager, ... }: -{ +{ lib, specialArgs, system, inputs, agenix, home-manager, ... }: +let + user = specialArgs.user; +in { inherit system; specialArgs = { inherit user inputs home-manager; }; modules = [ diff --git a/provision/hosts/torus/default.nix b/provision/hosts/torus/default.nix index 237ab50e..82de3d14 100644 --- a/provision/hosts/torus/default.nix +++ b/provision/hosts/torus/default.nix @@ -1,5 +1,7 @@ -{ lib, system, user, inputs, agenix, home-manager, ... }: -{ +{ lib, specialArgs, system, inputs, agenix, home-manager, ... }: +let + user = specialArgs.user; +in { inherit system; specialArgs = { inherit user inputs home-manager; }; modules = [ diff --git a/provision/hosts/wsl/default.nix b/provision/hosts/wsl/default.nix index 3619e9fc..8143937f 100644 --- a/provision/hosts/wsl/default.nix +++ b/provision/hosts/wsl/default.nix @@ -1,5 +1,7 @@ -{ lib, system, user, inputs, agenix, home-manager, nixos-wsl, ... }: -{ +{ lib, specialArgs, system, inputs, agenix, home-manager, nixos-wsl, ... }: +let + user = specialArgs.user; +in { inherit system; specialArgs = { inherit user inputs nixos-wsl home-manager; }; modules = [ From 8e983192f7f295565312d91222d2922d4ee6b7cf Mon Sep 17 00:00:00 2001 From: Tyler Starr Date: Sat, 21 Dec 2024 14:03:32 -0800 Subject: [PATCH 3/7] add security device for NIPR with firefox --- provision/modules/programs/firefox/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/provision/modules/programs/firefox/default.nix b/provision/modules/programs/firefox/default.nix index c0540ca2..10def893 100644 --- a/provision/modules/programs/firefox/default.nix +++ b/provision/modules/programs/firefox/default.nix @@ -14,6 +14,13 @@ in { home-manager.users.${user} = { programs.firefox = { enable = true; + policies = { + SecurityDevices = { + Add = { + "NIPR" = "${pkgs.opensc}/lib/opensc-pkcs11.so"; + }; + }; + }; profiles.default = { bookmarks = import ./bookmarks.nix; isDefault = true; From cff0d07665ca0e222bbd11ef54a71bf6ca61ad52 Mon Sep 17 00:00:00 2001 From: Tyler Starr Date: Sat, 21 Dec 2024 14:31:57 -0800 Subject: [PATCH 4/7] use custom hostname from json file --- provision/flake.nix | 1 + provision/hosts/bulwark/configuration.nix | 4 ++-- provision/hosts/bulwark/default.nix | 1 + provision/hosts/kestrel/configuration.nix | 4 ++-- provision/hosts/kestrel/default.nix | 3 ++- provision/hosts/osprey/configuration.nix | 4 ++-- provision/hosts/osprey/default.nix | 1 + provision/hosts/shivan/configuration.nix | 4 ++-- provision/hosts/shivan/default.nix | 1 + provision/hosts/torus/configuration.nix | 4 ++-- provision/hosts/torus/default.nix | 1 + provision/hosts/wsl/configuration.nix | 4 ++-- provision/hosts/wsl/default.nix | 1 + 13 files changed, 20 insertions(+), 13 deletions(-) diff --git a/provision/flake.nix b/provision/flake.nix index b6dcdcb1..2ca1c9e1 100644 --- a/provision/flake.nix +++ b/provision/flake.nix @@ -24,6 +24,7 @@ inherit system inputs agenix home-manager jovian-nixos nixos-wsl; specialArgs = { user = hostConfig.user; + hostname = "${hostname}"; }; }) ) hosts; diff --git a/provision/hosts/bulwark/configuration.nix b/provision/hosts/bulwark/configuration.nix index 4afe3c2b..f24e1fa0 100644 --- a/provision/hosts/bulwark/configuration.nix +++ b/provision/hosts/bulwark/configuration.nix @@ -1,11 +1,11 @@ -{ config, lib, pkgs, user, ... }: +{ config, lib, pkgs, user, hostname, ... }: { imports = [ ./steam-deck.nix ]; # Set networking options - networking.hostName = "bulwark"; + networking.hostName = "${hostname}"; networking.firewall.checkReversePath = "loose"; networking.firewall.enable = false; diff --git a/provision/hosts/bulwark/default.nix b/provision/hosts/bulwark/default.nix index 480dfcbe..e16ebed1 100644 --- a/provision/hosts/bulwark/default.nix +++ b/provision/hosts/bulwark/default.nix @@ -1,6 +1,7 @@ { lib, specialArgs, system, inputs, agenix, home-manager, jovian-nixos, ... }: let user = specialArgs.user; + hostname = specialArgs.hostname; in { inherit system; specialArgs = { inherit user inputs home-manager jovian-nixos; }; diff --git a/provision/hosts/kestrel/configuration.nix b/provision/hosts/kestrel/configuration.nix index 67a52371..6614d566 100644 --- a/provision/hosts/kestrel/configuration.nix +++ b/provision/hosts/kestrel/configuration.nix @@ -1,4 +1,4 @@ -{ config, pkgs, user, lib, ... }: +{ config, pkgs, user, lib, hostname, ... }: { imports = [ ./backup.nix @@ -9,7 +9,7 @@ powerManagement.cpuFreqGovernor = "performance"; # Set networking options - networking.hostName = "kestrel"; + networking.hostName = "${hostname}"; networking.firewall.checkReversePath = "loose"; networking.firewall.enable = false; diff --git a/provision/hosts/kestrel/default.nix b/provision/hosts/kestrel/default.nix index 58fdff86..0f63c0f7 100644 --- a/provision/hosts/kestrel/default.nix +++ b/provision/hosts/kestrel/default.nix @@ -1,9 +1,10 @@ { lib, specialArgs, system, inputs, agenix, home-manager, ... }: let user = specialArgs.user; + hostname = specialArgs.hostname; in { inherit system; - specialArgs = { inherit user inputs home-manager; }; + specialArgs = { inherit user hostname inputs home-manager; }; modules = [ ../default # shared by all configs ../default/physical/configuration.nix # shared by physical machines diff --git a/provision/hosts/osprey/configuration.nix b/provision/hosts/osprey/configuration.nix index b9195da7..65ab7512 100644 --- a/provision/hosts/osprey/configuration.nix +++ b/provision/hosts/osprey/configuration.nix @@ -1,10 +1,10 @@ -{ config, pkgs, user, lib, ... }: +{ config, pkgs, user, lib, hostname, ... }: { # Use performance governor for sweet gaming performance! powerManagement.cpuFreqGovernor = "performance"; # Set networking options - networking.hostName = "osprey"; + networking.hostName = "${hostname}"; networking.firewall.checkReversePath = false; networking.firewall.enable = false; diff --git a/provision/hosts/osprey/default.nix b/provision/hosts/osprey/default.nix index 25c7949b..bcd208c4 100644 --- a/provision/hosts/osprey/default.nix +++ b/provision/hosts/osprey/default.nix @@ -1,6 +1,7 @@ { lib, specialArgs, system, inputs, agenix, home-manager, ... }: let user = specialArgs.user; + hostname = specialArgs.hostname; in { inherit system; specialArgs = { inherit user inputs home-manager; }; diff --git a/provision/hosts/shivan/configuration.nix b/provision/hosts/shivan/configuration.nix index c3184431..0323cc89 100644 --- a/provision/hosts/shivan/configuration.nix +++ b/provision/hosts/shivan/configuration.nix @@ -1,10 +1,10 @@ -{ config, pkgs, user, lib, ... }: +{ config, pkgs, user, lib, hostname, ... }: { # Use performance governor for sweet gaming performance! powerManagement.cpuFreqGovernor = "performance"; # Set networking options - networking.hostName = "shivan"; + networking.hostName = "${hostname}"; networking.firewall.checkReversePath = "loose"; networking.firewall.enable = false; diff --git a/provision/hosts/shivan/default.nix b/provision/hosts/shivan/default.nix index 11c9829a..1210b7e3 100644 --- a/provision/hosts/shivan/default.nix +++ b/provision/hosts/shivan/default.nix @@ -1,6 +1,7 @@ { lib, specialArgs, system, inputs, agenix, home-manager, ... }: let user = specialArgs.user; + hostname = specialArgs.hostname; in { inherit system; specialArgs = { inherit user inputs home-manager; }; diff --git a/provision/hosts/torus/configuration.nix b/provision/hosts/torus/configuration.nix index 72125462..f3746c3a 100644 --- a/provision/hosts/torus/configuration.nix +++ b/provision/hosts/torus/configuration.nix @@ -1,4 +1,4 @@ -{ config, pkgs, user, lib, ... }: +{ config, pkgs, user, lib, hostname, ... }: { imports = [ ./wireguard-server.nix @@ -18,7 +18,7 @@ boot.kernelModules = [ "sg" ]; # Set networking options - networking.hostName = "torus"; + networking.hostName = "${hostname}"; networking.firewall.enable = true; networking.firewall.checkReversePath = "loose"; networking.firewall.allowedTCPPorts = [ 80 443 ]; diff --git a/provision/hosts/torus/default.nix b/provision/hosts/torus/default.nix index 82de3d14..e60e2cd3 100644 --- a/provision/hosts/torus/default.nix +++ b/provision/hosts/torus/default.nix @@ -1,6 +1,7 @@ { lib, specialArgs, system, inputs, agenix, home-manager, ... }: let user = specialArgs.user; + hostname = specialArgs.hostname; in { inherit system; specialArgs = { inherit user inputs home-manager; }; diff --git a/provision/hosts/wsl/configuration.nix b/provision/hosts/wsl/configuration.nix index 6d635183..d07a885c 100644 --- a/provision/hosts/wsl/configuration.nix +++ b/provision/hosts/wsl/configuration.nix @@ -1,4 +1,4 @@ -{ config, pkgs, user, lib, inputs, nixos-wsl, ... }: +{ config, pkgs, user, lib, inputs, nixos-wsl, hostname, ... }: let defaultUser = user; in @@ -15,7 +15,7 @@ in }; # Set networking options - networking.hostName = "wsl"; + networking.hostName = "${hostname}"; networking.firewall.checkReversePath = "loose"; networking.firewall.enable = false; diff --git a/provision/hosts/wsl/default.nix b/provision/hosts/wsl/default.nix index 8143937f..b11c2c7a 100644 --- a/provision/hosts/wsl/default.nix +++ b/provision/hosts/wsl/default.nix @@ -1,6 +1,7 @@ { lib, specialArgs, system, inputs, agenix, home-manager, nixos-wsl, ... }: let user = specialArgs.user; + hostname = specialArgs.hostname; in { inherit system; specialArgs = { inherit user inputs nixos-wsl home-manager; }; From 85d52e311fcad9866ca60ab2215ab34cdcde8a97 Mon Sep 17 00:00:00 2001 From: Tyler Starr Date: Sat, 21 Dec 2024 14:45:52 -0800 Subject: [PATCH 5/7] use roles attribute to import config for host --- provision/flake.nix | 2 +- provision/hosts.json | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/provision/flake.nix b/provision/flake.nix index 2ca1c9e1..7e5f7d96 100644 --- a/provision/flake.nix +++ b/provision/flake.nix @@ -19,7 +19,7 @@ lib = nixpkgs.lib; in { nixosConfigurations = lib.mapAttrs (hostname: hostConfig: - lib.nixosSystem (import ./hosts/${hostname} { + lib.nixosSystem (import ./hosts/${hostConfig.role} { inherit lib; inherit system inputs agenix home-manager jovian-nixos nixos-wsl; specialArgs = { diff --git a/provision/hosts.json b/provision/hosts.json index a728deec..496ba928 100644 --- a/provision/hosts.json +++ b/provision/hosts.json @@ -1,20 +1,26 @@ { "kestrel": { + "role": "kestrel", "user": "tstarr" }, "shivan": { + "role": "shivan", "user": "tstarr" }, "torus": { + "role": "torus", "user": "tstarr" }, "bulwark": { + "role": "bulwark", "user": "tstarr" }, "osprey": { + "role": "osprey", "user": "tstarr" }, "wsl": { + "role": "wsl", "user": "user" } } From 6184934d1cf267d00821f10b03287ad42b70e5b0 Mon Sep 17 00:00:00 2001 From: Tyler Starr Date: Sat, 21 Dec 2024 14:48:14 -0800 Subject: [PATCH 6/7] initial config for htpc role and first htpc machine in json --- provision/hosts.json | 4 ++++ provision/hosts/htpc/configuration.nix | 26 ++++++++++++++++++++++++++ provision/hosts/htpc/default.nix | 21 +++++++++++++++++++++ 3 files changed, 51 insertions(+) create mode 100644 provision/hosts/htpc/configuration.nix create mode 100644 provision/hosts/htpc/default.nix diff --git a/provision/hosts.json b/provision/hosts.json index 496ba928..e26f8eb5 100644 --- a/provision/hosts.json +++ b/provision/hosts.json @@ -22,5 +22,9 @@ "wsl": { "role": "wsl", "user": "user" + }, + "htpc-bako": { + "role": "htpc", + "user": "starr" } } diff --git a/provision/hosts/htpc/configuration.nix b/provision/hosts/htpc/configuration.nix new file mode 100644 index 00000000..e0ff1614 --- /dev/null +++ b/provision/hosts/htpc/configuration.nix @@ -0,0 +1,26 @@ +{ config, pkgs, user, lib, hostname, ... }: +{ + # Use performance governor for sweet gaming performance! + powerManagement.cpuFreqGovernor = "performance"; + + # Set networking options + networking.hostName = "${hostname}"; + networking.firewall.checkReversePath = "loose"; + networking.firewall.enable = false; + + # Modules + modules = { + desktop = { + enable = true; + gnome.enable = true; + }; + programs = { + chezmoi.apply = true; + kitty.enable = true; + }; + services = { + samba-client.enable = true; + ssh.enable = true; + }; + }; +} diff --git a/provision/hosts/htpc/default.nix b/provision/hosts/htpc/default.nix new file mode 100644 index 00000000..29312e91 --- /dev/null +++ b/provision/hosts/htpc/default.nix @@ -0,0 +1,21 @@ +{ lib, specialArgs, system, inputs, agenix, home-manager, ... }: +let + user = specialArgs.user; + hostname = specialArgs.hostname; +in { + inherit system; + specialArgs = { inherit user hostname inputs home-manager; }; + modules = [ + ../default # shared by all configs + ../default/physical/configuration.nix # shared by physical machines + ./configuration.nix # htpc specific + ../../modules + /etc/nixos/hardware-configuration.nix + agenix.nixosModules.default + home-manager.nixosModules.home-manager { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.extraSpecialArgs = { inherit user; }; + } + ]; +} From a3c52acd31fcf238728c84b6cb33920d546f5080 Mon Sep 17 00:00:00 2001 From: Tyler Starr Date: Sat, 21 Dec 2024 15:40:51 -0800 Subject: [PATCH 7/7] update readme to cover role-based installs --- provision/readme.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/provision/readme.md b/provision/readme.md index 53eaa5ad..776cb771 100644 --- a/provision/readme.md +++ b/provision/readme.md @@ -14,16 +14,17 @@ nix-shell -p vim git neovim git clone https://github.com/starr-dusT/dotfiles ~/.local/share/chezmoi ``` -3. Copy existing configuration files from another host and modify as needed. Make sure to move the installer created configuration-hardware.nix to dotfiles (e.g. `provision/hosts//hardware.nix`). +3. Copy existing configuration files from another host and modify as needed. For most configs, move the installer created `configuration-hardware.nix` to dotfiles (e.g. `provision/hosts//hardware.nix`); however, role-based installs like `htpc` and `wsl` either do not require a `hardware.nix` file or the flake imports `hardware-configuration.nix` from `/etc/nixos`. 4. If required move agenix keypairs to `~/.ssh/keys/{age,age.pub}`. A new keypair may be required and agenix files will need to be rekeyed on another system. 5. Rebuild the system and initialize chezmoi dotfiles to save America: ```bash -sudo nixos-rebuild switch --flake .# +sudo nixos-rebuild switch --impure --flake .# chezmoi init && chezmoi apply ``` +*Note:* if the `chezmoi.apply` option is enabled in `configuration.nix` the dotfiles should deploy automatically. The chezmoi commands then are not necessary. 6. Profit!