Andromeda/conf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Andromeda:2114c6c347d4b45e7419c2827311baf68230767e
Branches Tags
Andromeda:master Andromeda:dev Andromeda:phoenix Andromeda:flake-parts Andromeda:r0-persist
Andromeda:nixos-anywhere
..
compare: Andromeda:flake-parts
Branches Tags
Andromeda:dev Andromeda:master Andromeda:phoenix Andromeda:flake-parts Andromeda:r0-persist
Andromeda:nixos-anywhere

1 Commits
2114c6c347 ... flake-part

Author SHA1 Message Date
andromeda
3cee358293 add flake-parts 2026-01-03 17:28:28 +01:00
11 changed files with 50 additions and 65 deletions
Expand all files Collapse all files

62
flake.lock generated
View File

@@ -180,58 +180,15 @@
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nur",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1733312601, "lastModified": 1765835352,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "rev": "a34fae9c08a15ad73f295041fec82323541400a9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nvf",
"nixpkgs"
]
},
"locked": {
"lastModified": 1760948891,
"narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1763759067,
"narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -489,7 +446,9 @@
}, },
"nur": { "nur": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": [
"flake-parts"
],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
@@ -536,7 +495,9 @@
"nvf": { "nvf": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2", "flake-parts": [
"flake-parts"
],
"mnw": "mnw", "mnw": "mnw",
"ndg": "ndg", "ndg": "ndg",
"nixpkgs": [ "nixpkgs": [
@@ -581,6 +542,7 @@
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"flake-parts": "flake-parts",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"impermanence": "impermanence", "impermanence": "impermanence",
"nixos-mailserver": "nixos-mailserver", "nixos-mailserver": "nixos-mailserver",
@@ -599,7 +561,9 @@
"base16-helix": "base16-helix", "base16-helix": "base16-helix",
"base16-vim": "base16-vim", "base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme", "firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": "flake-parts_3", "flake-parts": [
"flake-parts"
],
"gnome-shell": "gnome-shell", "gnome-shell": "gnome-shell",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"

29
flake.nix
View File

@@ -4,6 +4,10 @@
url = "github:ryantm/agenix"; url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
flake-parts = {
url = "github:hercules-ci/flake-parts";
inputs.nixpkgs-lib.follows = "nixpkgs";
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@@ -21,10 +25,12 @@
nur = { nur = {
url = "github:nix-community/NUR"; url = "github:nix-community/NUR";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-parts.follows = "flake-parts";
}; };
nvf = { nvf = {
url = "github:notashelf/nvf"; url = "github:notashelf/nvf";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-parts.follows = "flake-parts";
}; };
phoenix = { phoenix = {
url = "github:celenityy/Phoenix"; url = "github:celenityy/Phoenix";
@@ -33,10 +39,12 @@
stylix = { stylix = {
url = "github:nix-community/stylix"; url = "github:nix-community/stylix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-parts.follows = "flake-parts";
}; };
}; };
outputs = { outputs = inputs @ {
agenix, agenix,
flake-parts,
home-manager, home-manager,
impermanence, impermanence,
nixos-mailserver, nixos-mailserver,
@@ -95,10 +103,17 @@
} }
noshell.nixosModules.default noshell.nixosModules.default
]); ]);
in { in
nixosConfigurations = flake-parts.lib.mkFlake {inherit inputs;} (top @ {
builtins.mapAttrs config,
(hostname: value: configurationWithHomeManager value) withSystem,
machines; moduleWithSystem,
}; ...
}: {
systems = ["x86_64-linux"];
flake.nixosConfigurations =
builtins.mapAttrs
(hostname: value: configurationWithHomeManager value)
machines;
});
} }

2
machines/109-199-104-83/configuration.nix
View File

@@ -25,7 +25,7 @@
x509.useACMEHost = config.mailserver.fqdn; x509.useACMEHost = config.mailserver.fqdn;
loginAccounts = { loginAccounts = {
"test@${config.networking.domain}" = { "test@${config.networking.domain}" = {
hashedPasswordFile = builtins.toString config.age.secrets.mailserver-acc-test-pw.path; hashedPasswordFile = builtins.toString config.age.secrets.secret3.path;
}; };
}; };
}; };

4
machines/lenovo/configuration.nix
View File

@@ -9,6 +9,10 @@
./impermanence.nix ./impermanence.nix
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
age.secrets = {
secret0.file = ../../secrets/secret0.age;
secret1.file = ../../secrets/secret1.age;
};
boot.loader = { boot.loader = {
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
systemd-boot.enable = true; systemd-boot.enable = true;

7
pub-keys.nix
View File

@@ -1,8 +1,9 @@
{ {
age.secrets = { age.secrets = {
andromeda-pw.file = ./secrets/andromeda-pw.age; secret0.file = ./secrets/secret0.age;
mtgmonkey-pw.file = ./secrets/mtgmonkey-pw.age; secret1.file = ./secrets/secret1.age;
mailserver-acc-test-pw.file = ./secrets/mailserver-acc-test-pw.age; secret2.file = ./secrets/secret2.age;
secret3.file = ./secrets/secret3.age;
}; };
pub-keys = { pub-keys = {
ssh = { ssh = {

0
secrets/andromeda-pw.age → secrets/secret0.age
View File

0
secrets/mtgmonkey-pw.age → secrets/secret1.age
View File

BIN
secrets/secret2.age Normal file
View File

Binary file not shown.

0
secrets/mailserver-acc-test-pw.age → secrets/secret3.age
View File

7
secrets/secrets.nix
View File

@@ -4,7 +4,8 @@ let
lenovo = pub-keys.ssh.lenovo; lenovo = pub-keys.ssh.lenovo;
_109-199-104-83 = pub-keys.ssh._109-199-104-83; _109-199-104-83 = pub-keys.ssh._109-199-104-83;
in { in {
"andromeda-pw.age".publicKeys = [andromeda lenovo]; "secret0.age".publicKeys = [andromeda lenovo];
"mtgmonkey-pw.age".publicKeys = [andromeda lenovo]; "secret1.age".publicKeys = [andromeda lenovo];
"mailserver-acc-test-pw.age".publicKeys = [andromeda lenovo _109-199-104-83]; "secret2.age".publicKeys = [andromeda lenovo _109-199-104-83];
"secret3.age".publicKeys = [andromeda lenovo _109-199-104-83];
} }

4
users.nix
View File

@@ -13,7 +13,7 @@ in {
"andromeda" = { "andromeda" = {
isNormalUser = true; isNormalUser = true;
description = "andromeda"; description = "andromeda";
hashedPasswordFile = builtins.toString config.age.secrets.andromeda-pw.path; hashedPasswordFile = builtins.toString config.age.secrets.secret0.path;
extraGroups = [ extraGroups = [
"networkmanager" "networkmanager"
"wheel" "wheel"
@@ -22,7 +22,7 @@ in {
"mtgmonkey" = { "mtgmonkey" = {
isNormalUser = true; isNormalUser = true;
description = "mtgmonkey"; description = "mtgmonkey";
hashedPasswordFile = builtins.toString config.age.secrets.mtgmonkey-pw.path; hashedPasswordFile = builtins.toString config.age.secrets.secret1.path;
extraGroups = [ extraGroups = [
(lib.mkIf (lib.mkIf
(machine == machines.lenovo) (machine == machines.lenovo)