From 0738ab2e8b9a68ed7c9324f3ae583ab694453e06 Mon Sep 17 00:00:00 2001 From: Alexander Szczepanski Date: Sat, 31 Aug 2024 21:11:57 +0200 Subject: [PATCH] framework-2024-08-31-21-11-57 --- flake.lock | 232 +++++++++++++++++++++++++++- flake.nix | 3 + machine/desktop/configuration.nix | 3 - machine/framework/configuration.nix | 30 +++- 4 files changed, 253 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 57ac6db..3adab9a 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,67 @@ { "nodes": { + "chaotic": { + "inputs": { + "compare-to": "compare-to", + "fenix": "fenix", + "flake-schemas": "flake-schemas", + "home-manager": "home-manager", + "jovian": "jovian", + "nixpkgs": "nixpkgs", + "systems": "systems", + "yafas": "yafas" + }, + "locked": { + "lastModified": 1725043054, + "narHash": "sha256-wNKROMH0TmS3yqpces3ldlRLE75Bec0gfmaP9DF6OPc=", + "owner": "chaotic-cx", + "repo": "nyx", + "rev": "1de4f25728a7f37785da5742f6d3fe98daffe83f", + "type": "github" + }, + "original": { + "owner": "chaotic-cx", + "ref": "nyxpkgs-unstable", + "repo": "nyx", + "type": "github" + } + }, + "compare-to": { + "locked": { + "lastModified": 1695341185, + "narHash": "sha256-htO6DSbWyCgaDkxi7foPjXwJFPzGjVt3RRUbPSpNtZY=", + "rev": "98b8e330823a3570d328720f87a1153f8a7f2224", + "revCount": 2, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/chaotic-cx/nix-empty-flake/0.1.2%2Brev-98b8e330823a3570d328720f87a1153f8a7f2224/018aba35-d228-7fa9-b205-7616c89ef4e0/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/chaotic-cx/nix-empty-flake/%3D0.1.2.tar.gz" + } + }, + "fenix": { + "inputs": { + "nixpkgs": [ + "chaotic", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1724999484, + "narHash": "sha256-AIR8uYGteWS/RyHyZJAHQAUEJ/Mv4ktkPe2mzbJ2zCE=", + "owner": "nix-community", + "repo": "fenix", + "rev": "e3bb9176e807e2b166d54153ce8caea5cb2c6700", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -16,6 +78,20 @@ "type": "github" } }, + "flake-schemas": { + "locked": { + "lastModified": 1693491534, + "narHash": "sha256-ifw8Td8kD08J8DxFbYjeIx5naHcDLz7s2IFP3X42I/U=", + "rev": "c702cbb663d6d70bbb716584a2ee3aeb35017279", + "revCount": 21, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.1.1/018a4c59-80e1-708a-bb4d-854930c20f72/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%3D0.1.1.tar.gz" + } + }, "fw-fanctrl": { "inputs": { "flake-compat": "flake-compat", @@ -39,6 +115,27 @@ } }, "home-manager": { + "inputs": { + "nixpkgs": [ + "chaotic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1724435763, + "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -59,6 +156,51 @@ "type": "github" } }, + "jovian": { + "inputs": { + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "chaotic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1724999205, + "narHash": "sha256-Lc9kb5hhUohcJlUye5Pu8BNYHDPIOUtejYySTvHTlio=", + "owner": "Jovian-Experiments", + "repo": "Jovian-NixOS", + "rev": "a14f978f74e89213a5f565f827454dd6178b2bb5", + "type": "github" + }, + "original": { + "owner": "Jovian-Experiments", + "repo": "Jovian-NixOS", + "type": "github" + } + }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "chaotic", + "jovian", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1690328911, + "narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=", + "owner": "zhaofengli", + "repo": "nix-github-actions", + "rev": "96df4a39c52f53cb7098b923224d8ce941b64747", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "ref": "matrix-name", + "repo": "nix-github-actions", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1724878143, @@ -77,16 +219,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725001927, - "narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=", - "owner": "nixos", + "lastModified": 1724819573, + "narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "6e99f2a27d600612004fbd2c3282d614bfee6421", + "rev": "71e91c409d1e654808b2621f28a327acfdad8dc2", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-24.05", + "owner": "NixOS", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -123,16 +265,50 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1725001927, + "narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "6e99f2a27d600612004fbd2c3282d614bfee6421", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { + "chaotic": "chaotic", "fw-fanctrl": "fw-fanctrl", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable", "sops-nix": "sops-nix" } }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1724937894, + "narHash": "sha256-M/28TIG+fm5x3GtQ6qSGDw1NHS4nHttz0DM7JcDs4g8=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "0ae42bd42576566540a84c62e118aa823edcf2ec", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, "sops-nix": { "inputs": { "nixpkgs": [ @@ -153,6 +329,46 @@ "repo": "sops-nix", "type": "github" } + }, + "systems": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "yafas": { + "inputs": { + "flake-schemas": [ + "chaotic", + "flake-schemas" + ], + "systems": [ + "chaotic", + "systems" + ] + }, + "locked": { + "lastModified": 1695926485, + "narHash": "sha256-wNFFnItckgSs8XeYhhv8vlJs2WF09fSQaWgw4xkDqHQ=", + "owner": "UbiqueLambda", + "repo": "yafas", + "rev": "7772afd6686458ca0ddbc599a52cf5d337367653", + "type": "github" + }, + "original": { + "owner": "UbiqueLambda", + "repo": "yafas", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 97b49d5..1ec89d1 100644 --- a/flake.nix +++ b/flake.nix @@ -8,6 +8,7 @@ #nixos-hardware nixos-hardware.url = "github:nixos/nixos-hardware/master"; + chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable"; sops-nix = { @@ -29,6 +30,7 @@ outputs = { self + , chaotic , fw-fanctrl , home-manager , nixos-hardware @@ -71,6 +73,7 @@ modules = [ fw-fanctrl.nixosModules.default ./machine/framework/configuration.nix + chaotic.nixosModules.default # OUR DEFAULT MODULE ]; }; diff --git a/machine/desktop/configuration.nix b/machine/desktop/configuration.nix index f2a8056..6551d5c 100755 --- a/machine/desktop/configuration.nix +++ b/machine/desktop/configuration.nix @@ -192,15 +192,12 @@ in compression = "auto,zstd"; encryption = { mode = "repokey-blake2"; - # passphrase = secrets.borg-key; passCommand = "cat ${config.sops.secrets.borg-key.path}"; }; extraCreateArgs = "--checkpoint-interval 600 --exclude-caches"; environment.BORG_RSH = "ssh -i ~/.ssh/id_borg_ed25519"; paths = "/home/alex"; repo = "ssh://u278697-sub2@u278697.your-storagebox.de:23/./borg"; - # repo = secrets.borg-repo; - # repo = (builtins.readFile config.sops.secrets.borg-repo.path); startAt = "daily"; user = "alex"; prune.keep = { diff --git a/machine/framework/configuration.nix b/machine/framework/configuration.nix index 15da59c..002e648 100755 --- a/machine/framework/configuration.nix +++ b/machine/framework/configuration.nix @@ -1,7 +1,6 @@ { config, pkgs, lib, outputs, inputs, ... }: let be = import ../../configs/borg-exclude.nix; - secrets = import ../../configs/secrets.nix; in { nixpkgs = { @@ -18,6 +17,7 @@ in imports = [ ./hardware-configuration.nix inputs.nixos-hardware.nixosModules.framework-12th-gen-intel + inputs.sops-nix.nixosModules.sops ../../configs/browser.nix ../../configs/common.nix ../../configs/docker.nix @@ -28,7 +28,30 @@ in ../../configs/user.nix ]; + sops = { + defaultSopsFile = ../../secrets.yaml; + validateSopsFiles = true; + age = { + sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + keyFile = "/var/lib/sops-nix/key.txt"; + generateKey = true; + }; + + secrets = { + borg-key = { + sopsFile = ../../secrets-framework.yaml; + owner = config.users.users.alex.name; + group = config.users.users.alex.group; + }; + + hashedPassword = { + neededForUsers = true; + }; + }; + }; + boot = { + kernelPackages = pkgs.linuxPackages_latest; initrd.systemd.enable = true; loader = { systemd-boot.enable = true; @@ -82,7 +105,6 @@ in hardware = { keyboard.qmk.enable = true; enableAllFirmware = true; - cpu.intel.updateMicrocode = true; openrazer = { enable = true; users = [ "alex" ]; @@ -142,13 +164,13 @@ in compression = "auto,zstd"; encryption = { mode = "repokey-blake2"; - passphrase = secrets.borg-key; + passCommand = "cat ${config.sops.secrets.borg-key.path}"; }; extraCreateArgs = "--stats --verbose --checkpoint-interval 600 --exclude-caches"; environment.BORG_RSH = "ssh -i /home/alex/.ssh/id_borg_ed25519"; paths = [ "/home/alex" "/var/lib" ]; - repo = secrets.borg-repo; + repo = "ssh://u278697-sub9@u278697.your-storagebox.de:23/./borg"; startAt = "daily"; prune.keep = { daily = 7;