jana/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

make home configs work

Browse source
This commit is contained in:
Jana Dönszelmann 2026-01-23 13:27:58 +01:00
parent f0c21b2e79
commit 30f81b2b79
No known key found for this signature in database
29 changed files with 2131 additions and 2033 deletions
Download patch file Download diff file Expand all files Collapse all files

33
; Normal file
View file

@ -0,0 +1,33 @@
{
lib,
options,
machine,
...
}:
with lib;
{
options = {
custom.program = mkOption {
type = types.attrsOf (
types.submodule (
{ config, ... }:
{
options = {
name = mkOption {
type = types.string;
};
home-config = mkOption {
type = types.deferredModule;
};
system-config = mkOption {
type = types.deferredModule;
default = _: { };
};
};
config = if builtins.isNull machine.home-only then config.system-config else config.home-config;
}
)
);
};
};
}

124
config.nix Normal file
View file

@ -0,0 +1,124 @@
inputs@{
nixpkgs,
deploy-rs,
self,
pkgsForSystem,
...
}:
rec {
configs =
configs: builtins.foldl' (acc: val: nixpkgs.lib.recursiveUpdate (config val) acc) { } configs;
config =
{
hostname,
capabilities,
type,
home-only ? null,
extra-modules ? [ ],
system ? "x86_64-linux",
deploy-hostname ? hostname,
deploy-options ? {
user = if builtins.isNull home-only then "root" else home-only;
sshUser = if builtins.isNull home-only then "jana" else home-only;
},
home-manager ? builtins.isNull home-only,
stateVersion ? "26.05",
}:
with nixpkgs.lib;
let
inherit (nixpkgs) lib;
matches-capabilities =
# all requirements are contained in the machine capabilities
requirements: lib.all (req: builtins.elem req capabilities) requirements;
program =
{
requirements ? [ ],
home-config,
system-config ? { },
}:
# if (matches-capabilities requirements) then
if (true) then
{
inherit home-config system-config;
}
else
{
# home-config = _: { };
};
specialArgsForHomeSystem =
{
system,
type,
capabilities,
}:
home-only: {
pkgs = pkgsForSystem system;
flakes = inputs;
inherit inputs;
inherit (inputs.secrets.packages.${system}) secrets;
machine = {
inherit
type
capabilities
stateVersion
home-only
program
;
};
};
specialArgsForSystem = system: specialArgsForHomeSystem system null;
specialArgs = specialArgsForSystem {
inherit system type capabilities;
};
modules =
extra-modules
++ [ ./hosts/${hostname}/configuration.nix ]
++ (
if builtins.isNull home-only then
[ ./defaults/machine-config.nix ]
else
[ ./defaults/machine-or-home-config.nix ]
)
++ (
if home-manager then
[
inputs.home-manager.nixosModules.default
{
home-manager.extraSpecialArgs = specialArgs;
}
]
else
[ ]
);
in
{
deploy.nodes.${hostname} = {
hostname = deploy-hostname;
fastConnection = true;
profiles.system = {
path =
if (builtins.isNull home-only) then
deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${hostname}
else
deploy-rs.lib.x86_64-linux.activate.home-manager self.nixosConfigurations.${hostname};
}
// deploy-options;
};
nixosConfigurations.${hostname} =
if builtins.isNull home-only then
(nixosSystem {
inherit system modules specialArgs;
})
else
inputs.home-manager.lib.homeManagerConfiguration {
extraSpecialArgs = specialArgsForHomeSystem {
inherit system type capabilities;
} home-only;
inherit modules;
pkgs = pkgsForSystem system;
};
};
}

14
default-machine-config.nix → defaults/machine-config.nix
View file

@ -1,23 +1,21 @@
{ {
lib, lib,
pkgs, pkgs,
inputs,
flakes, flakes,
machine,
... ...
}: }:
{ {
imports = [ imports = [
(inputs.self + /modules/machine-type.nix) ./machine-or-home-config.nix
(inputs.self + /modules/program.nix) ./xdg.nix
(inputs.self + /programs)
(inputs.self + /users)
]; ];
xdg.mime.enable = lib.mkForce false; system.stateVersion = machine.stateVersion;
system.stateVersion = "26.05";
services.resolved.enable = false; services.resolved.enable = false;
xdg.mime.enable = lib.mkForce false;
# Enable SSH # Enable SSH
services.openssh = { services.openssh = {
enable = true; enable = true;

9
defaults/machine-or-home-config.nix Normal file
View file

@ -0,0 +1,9 @@
{ inputs, ... }:
{
imports = [
(../modules/program.nix)
(../programs)
(../users)
];
}

0
programs/xdg.nix → defaults/xdg.nix
View file

104
flake.nix
View file

@ -72,12 +72,10 @@
}; };
outputs = outputs =
{ {
self,
nixpkgs, nixpkgs,
flake-utils, flake-utils,
sops-nix, sops-nix,
vpn-confinement, vpn-confinement,
home-manager,
deploy-rs, deploy-rs,
... ...
}@inputs: }@inputs:
@ -94,87 +92,40 @@
}) })
]; ];
}; };
configs = import ./config.nix (inputs // { inherit pkgsForSystem; });
specialArgsForSystem = system: {
pkgs = pkgsForSystem system;
flakes = inputs;
inherit inputs;
inherit (inputs.secrets.packages.${system}) secrets;
};
in in
(configs.configs [
{ {
nixosConfigurations.fili = nixpkgs.lib.nixosSystem rec { hostname = "fili";
system = "x86_64-linux"; capabilities = [ "cli" ];
modules = [ type = "server";
inputs.home-manager.nixosModules.default extra-modules = [
{ home-manager.extraSpecialArgs = specialArgs; }
./hosts/fili/configuration.nix
./users
./default-machine-config.nix
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
vpn-confinement.nixosModules.default vpn-confinement.nixosModules.default
]; ];
specialArgs = specialArgsForSystem system; }
};
nixosConfigurations.kili = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
modules = [
inputs.home-manager.nixosModules.default
{ home-manager.extraSpecialArgs = specialArgs; }
./hosts/kili/configuration.nix
./users
];
specialArgs = specialArgsForSystem system;
};
nixosConfigurations.ragdoll = home-manager.lib.homeManagerConfiguration (
let
system = "x86_64-linux";
in
{ {
modules = [ hostname = "kili";
inputs.home-manager.nixosModules.default deploy-hostname = "localhost";
{ home-manager.extraSpecialArgs = specialArgsForSystem system; } capabilities = [
"cli"
./hosts/ragdoll/configuration.nix "graphical"
./default-machine-config.nix "work"
"fun"
]; ];
pkgs = pkgsForSystem system; type = "pc";
} }
); {
deploy.nodes.fili = {
hostname = "fili";
fastConnection = true;
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.fili;
sshUser = "jana";
};
};
deploy.nodes.kili = {
hostname = "localhost";
fastConnection = true;
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.kili;
sshUser = "jana";
};
};
deploy.nodes.ragdoll = {
hostname = "ragdoll"; hostname = "ragdoll";
fastConnection = true; deploy-hostname = "ragdoll";
profiles.system = { home-only = "jana";
user = "jana"; capabilities = [
path = deploy-rs.lib.x86_64-linux.activate.home-manager self.nixosConfigurations.ragdoll; "cli"
sshUser = "jana"; "work"
}; ];
}; type = "pc";
} }
])
// flake-utils.lib.eachDefaultSystem ( // flake-utils.lib.eachDefaultSystem (
system: system:
let let
@ -184,14 +135,17 @@
devShells.default = pkgs.mkShell { devShells.default = pkgs.mkShell {
buildInputs = with pkgs; [ buildInputs = with pkgs; [
lix lix
(pkgs.writeShellScriptBin "apply-local" ''
apply $(hostname)
'')
(pkgs.writeShellScriptBin "apply" '' (pkgs.writeShellScriptBin "apply" ''
set -e set -e
if [ $# -eq 0 ] if [ $# -eq 0 ]
then then
deploy deploy -s
elif [ $# -eq 1 ] elif [ $# -eq 1 ]
then then
deploy ".#$@" deploy -s ".#$@"
else else
echo "too many parameters" echo "too many parameters"
exit 1 exit 1

9
hosts/fili/configuration.nix
View file

@ -6,13 +6,6 @@ _: {
./services ./services
]; ];
custom.machine = {
type = "server";
capabilities = [
"cli"
];
};
networking.nameservers = [ networking.nameservers = [
"1.1.1.1" "1.1.1.1"
"9.9.9.9" "9.9.9.9"
@ -50,4 +43,6 @@ _: {
"media" "media"
"nginx" "nginx"
]; ];
users.groups.media = { };
} }

2
hosts/fili/services/forgejo.nix
View file

@ -150,7 +150,7 @@
wget wget
# used in deployments # used in deployments
flakes.colmena.defaultPackage."x86_64-linux" # flakes.deploy.defaultPackage."x86_64-linux"
lix lix
openssh openssh
]; ];

12
hosts/kili/configuration.nix
View file

@ -6,19 +6,9 @@
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../default-machine-config.nix ./kanata.nix
]; ];
custom.machine = {
type = "pc";
capabilities = [
"cli"
"graphical"
"work"
"fun"
];
};
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;

34
hosts/kili/hardware-configuration.nix
View file

@ -1,27 +1,43 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/4919727e-d114-4d57-b206-522b5df5fccc"; device = "/dev/disk/by-uuid/4919727e-d114-4d57-b206-522b5df5fccc";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/26CD-373C"; device = "/dev/disk/by-uuid/26CD-373C";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ]; options = [
"fmask=0077"
"dmask=0077"
];
}; };
swapDevices = [ ]; swapDevices = [ ];

13
hosts/kili/kanata.nix Normal file
View file

@ -0,0 +1,13 @@
{ pkgs, ... }:
{
# TODO: make kanata system pkgs only
users.groups.uinput = { };
users.extraUsers.jana.extraGroups = [
"uinput"
"input"
];
environment.systemPackages = [ pkgs.kanata-with-cmd ];
services.udev.extraRules = ''
KERNEL=="uinput", MODE="0660", GROUP="uinput", OPTIONS+="static_node=uinput"
'';
}

13
hosts/ragdoll/configuration.nix
View file

@ -1,18 +1,7 @@
{ {
pkgs,
... ...
}: }:
{ {
imports = [ imports = [ ];
./hardware-configuration.nix
../../default-machine-config.nix
];
custom.machine = {
type = "pc";
capabilities = [
"cli"
];
homeOnly = "jana";
};
} }

16
hosts/ragdoll/hardware-configuration.nix
View file

@ -1,16 +0,0 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
fileSystems."/" = {
device = "/dev/disk/by-uuid/4919727e-d114-4d57-b206-522b5df5fccc";
fsType = "ext4";
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

16
modules/home-info.nix
View file

@ -1,16 +0,0 @@
{
lib,
...
}:
with lib;
{
options = {
custom.home-info = mkOption {
type = types.submodule {
options = {
};
};
};
};
}

25
modules/machine-type.nix
View file

@ -1,25 +0,0 @@
{
lib,
...
}:
with lib;
{
options = {
custom.machine = mkOption {
type = types.submodule {
options = {
type = mkOption {
type = types.enum [
"server"
"pc"
];
};
capabilities = mkOption {
type = types.listOf (types.enum (import ./capabilities.nix));
default = [ "cli" ];
};
};
};
};
};
}

9
modules/program.nix
View file

@ -1,6 +1,7 @@
{ {
lib, lib,
options, options,
machine,
... ...
}: }:
with lib; with lib;
@ -15,19 +16,15 @@ with lib;
name = mkOption { name = mkOption {
type = types.string; type = types.string;
}; };
requirements = mkOption {
type = types.listOf (types.enum (import ./capabilities.nix));
default = [ "cli" ];
};
home-config = mkOption { home-config = mkOption {
type = types.deferredModule; type = types.deferredModule;
}; };
system-config = mkOption { system-config = mkOption {
# type = types.attrs;
type = types.deferredModule; type = types.deferredModule;
default = { }; default = _: { };
}; };
}; };
config = if builtins.isNull machine.home-only then config.system-config else config.home-config;
} }
) )
); );

44
modules/users.nix
View file

@ -1,30 +1,31 @@
{ args@{
lib, lib,
pkgs, pkgs,
config, config,
machine,
... ...
}: }:
with lib; with lib;
let let
cfg = config.custom.users; cfg = config.custom.users;
machine = config.custom.machine; inherit (machine) home-only;
inherit (machine) stateVersion;
valid-on-machine = valid-on-machine =
on: on:
# TODO: iterate over possibilities # TODO: iterate over possibilities
(
if machine.type == "server" then if machine.type == "server" then
on.server on.server
else if machine.type == "pc" then else if machine.type == "pc" then
on.pc on.pc
else else
false; false
matches-capabilities = );
# all requirements are contained in the machine capabilities
requirements: lib.all (req: builtins.elem req machine.capabilities) requirements;
users = lib.filterAttrs (_: value: valid-on-machine value.on) cfg; users = lib.filterAttrs (_: value: valid-on-machine value.on) cfg;
home-users = lib.filterAttrs (_: value: value.apply-home-configs) users; home-users = lib.filterAttrs (_: value: value.apply-home-configs) users;
stateVersion = config.system.stateVersion;
programs = lib.attrsets.attrValues config.custom.program; programs = lib.attrsets.attrValues config.custom.program;
valid-programs = builtins.filter (program: matches-capabilities program.requirements) programs;
in in
{ {
options = options =
@ -75,13 +76,28 @@ in
}; };
}; };
config = lib.mkMerge ([ config = lib.mkMerge [
(
if (!builtins.isNull home-only) then
lib.mkMerge ([
{
home = {
inherit stateVersion;
username = toString home-only;
homeDirectory = "/home/${toString home-only}";
};
}
]
# ++ map (program: program.home-config) programs
)
else
(lib.mkMerge ([
{ {
users.extraUsers = lib.mapAttrs (name: value: { users.extraUsers = lib.mapAttrs (name: value: {
isNormalUser = true; isNormalUser = true;
extraGroups = value.groups; extraGroups = value.groups;
openssh.authorizedKeys.keys = value.keys; openssh.authorizedKeys.keys = value.keys;
shell = value.shell; inherit (value) shell;
description = name; description = name;
}) users; }) users;
home-manager.users = lib.mapAttrs ( home-manager.users = lib.mapAttrs (
@ -89,11 +105,9 @@ in
(_: { (_: {
imports = ( imports = (
[ [
./home-info.nix
] ]
++ (map (program: program.home-config) valid-programs) ++ (map (program: program.home-config) programs)
); );
home = { home = {
inherit stateVersion; inherit stateVersion;
username = name; username = name;
@ -102,5 +116,7 @@ in
}) })
) home-users; ) home-users;
} }
]); ]))
)
];
} }

11
programs/default.nix
View file

@ -1,4 +1,4 @@
{ ... }@inputs: { machine, ... }@inputs:
{ {
imports = [ imports = [
./nvim ./nvim
@ -11,10 +11,9 @@
./niri ./niri
./zed ./zed
./firefox ./firefox
./xdg.nix
]; ];
custom.program.graphcial-packages = { custom.program.graphcial-packages = machine.program {
requirements = [ "graphical" ]; requirements = [ "graphical" ];
home-config = home-config =
{ pkgs, ... }: { pkgs, ... }:
@ -34,7 +33,7 @@
}; };
}; };
custom.program.discord = { custom.program.discord = machine.program {
requirements = [ "graphical" ]; requirements = [ "graphical" ];
home-config = home-config =
{ {
@ -150,7 +149,7 @@
}; };
}; };
custom.program.fun-packages = { custom.program.fun-packages = machine.program {
requirements = [ "fun" ]; requirements = [ "fun" ];
home-config = home-config =
{ pkgs, ... }: { pkgs, ... }:
@ -162,7 +161,7 @@
}; };
}; };
custom.program.cli-packages = { custom.program.cli-packages = machine.program {
requirements = [ "cli" ]; requirements = [ "cli" ];
home-config = home-config =
{ config, pkgs, ... }: { config, pkgs, ... }:

9
programs/firefox/default.nix
View file

@ -1,6 +1,8 @@
_: { { machine, ... }:
custom.program.firefox.requirements = [ "graphical" ]; {
custom.program.firefox.home-config = custom.program.firefox = machine.program {
requirements = [ "graphical" ];
home-config =
{ {
config, config,
flakes, flakes,
@ -162,4 +164,5 @@ _: {
defaultApplications."x-scheme-handler/unknown" = [ "firefox.desktop" ]; defaultApplications."x-scheme-handler/unknown" = [ "firefox.desktop" ];
}; };
}; };
};
} }

9
programs/fish/default.nix
View file

@ -1,6 +1,8 @@
_: { { machine, ... }:
custom.program.fish.requirements = [ "cli" ]; {
custom.program.fish.home-config = custom.program.fish = machine.program {
requirements = [ "cli" ];
home-config =
{ {
config, config,
pkgs, pkgs,
@ -251,4 +253,5 @@ _: {
''; '';
}; };
}; };
};
} }

9
programs/git/default.nix
View file

@ -1,6 +1,8 @@
_: { { machine, ... }:
custom.program.git.requirements = [ "cli" ]; {
custom.program.git.home-config = _: { custom.program.git = machine.program {
requirements = [ "cli" ];
home-config = _: {
programs.git = { programs.git = {
enable = true; enable = true;
signing.key = "/home/jana/.ssh/id_ed25519.pub"; signing.key = "/home/jana/.ssh/id_ed25519.pub";
@ -36,4 +38,5 @@ _: {
enableGitIntegration = true; enableGitIntegration = true;
}; };
}; };
};
} }

9
programs/jj/default.nix
View file

@ -1,6 +1,8 @@
_: { { machine, ... }:
custom.program.jujutsu.requirements = [ "cli" ]; {
custom.program.jujutsu.home-config = custom.program.jujutsu = machine.program {
requirements = [ "cli" ];
home-config =
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
programs.jujutsu = { programs.jujutsu = {
@ -190,4 +192,5 @@ _: {
}; };
}; };
}; };
};
} }

19
programs/kanata/default.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: { machine, pkgs, ... }:
let let
kanata-config = '' kanata-config = ''
(defcfg (defcfg
@ -86,9 +86,10 @@ let
''; '';
in in
{ {
custom.program.kanata.requirements = [ "graphical" ]; custom.program.kanata = machine.program {
custom.program.kanata.home-config = requirements = [ "graphical" ];
{ pkgs, config, ... }: home-config =
{ pkgs, ... }:
{ {
systemd.user.services.kanata = { systemd.user.services.kanata = {
Unit = { Unit = {
@ -112,6 +113,7 @@ in
text = kanata-config; text = kanata-config;
}; };
}; };
};
# custom.program.kanata.system-config = # custom.program.kanata.system-config =
# { pkgs, ... }: # { pkgs, ... }:
@ -123,15 +125,6 @@ in
# reboot or sudo udevadm control --reload-rules && sudo udevadm trigger # reboot or sudo udevadm control --reload-rules && sudo udevadm trigger
# sudo modprobe uinput # sudo modprobe uinput
users.groups.uinput = { };
users.extraUsers.jana.extraGroups = [
"uinput"
"input"
];
environment.systemPackages = [ pkgs.kanata-with-cmd ];
services.udev.extraRules = ''
KERNEL=="uinput", MODE="0660", GROUP="uinput", OPTIONS+="static_node=uinput"
'';
# }; # };
} }

9
programs/kitty/default.nix
View file

@ -1,6 +1,8 @@
_: { { machine, ... }:
custom.program.kitty.requirements = [ "graphical" ]; {
custom.program.kitty.home-config = custom.program.kitty = machine.program {
requirements = [ "graphical" ];
home-config =
{ pkgs, flakes, ... }: { pkgs, flakes, ... }:
{ {
home.packages = pkgs.custom.maple-fonts-pack; home.packages = pkgs.custom.maple-fonts-pack;
@ -60,4 +62,5 @@ _: {
''; '';
}; };
}; };
};
} }

9
programs/niri/default.nix
View file

@ -1,6 +1,8 @@
_: { { machine, ... }:
custom.program.niri.requirements = [ "graphical" ]; {
custom.program.niri.home-config = custom.program.niri = machine.program {
requirements = [ "graphical" ];
home-config =
{ {
config, config,
pkgs, pkgs,
@ -660,4 +662,5 @@ _: {
}; };
}; };
}; };
};
} }

9
programs/nvim/default.nix
View file

@ -1,6 +1,8 @@
_: { { machine, ... }:
custom.program.nvim.requirements = [ "cli" ]; {
custom.program.nvim.home-config = custom.program.nvim = machine.program {
requirements = [ "cli" ];
home-config =
{ {
pkgs, pkgs,
flakes, flakes,
@ -152,4 +154,5 @@ _: {
''; '';
}; };
}; };
};
} }

9
programs/tmux/default.nix
View file

@ -1,6 +1,8 @@
_: { { machine, ... }:
custom.program.tmux.requirements = [ "cli" ]; {
custom.program.tmux.home-config = custom.program.tmux = machine.program {
requirements = [ "cli" ];
home-config =
{ pkgs, ... }: { pkgs, ... }:
{ {
programs.tmux = { programs.tmux = {
@ -199,4 +201,5 @@ _: {
''; '';
}; };
}; };
};
} }

12
programs/zed/default.nix
View file

@ -1,6 +1,11 @@
_: { { machine, ... }:
custom.program.zed.requirements = [ "work" ]; {
custom.program.zed.home-config = custom.program.zed = machine.program {
requirements = [
"work"
"graphical"
];
home-config =
{ pkgs, ... }: { pkgs, ... }:
{ {
home.packages = pkgs.custom.maple-fonts-pack; home.packages = pkgs.custom.maple-fonts-pack;
@ -173,4 +178,5 @@ _: {
}; };
}; };
}; };
};
} }

5
users/default.nix
View file

@ -1,9 +1,8 @@
{ pkgs, inputs, ... }: { pkgs, ... }:
{ {
imports = [ imports = [
(inputs.self + /modules/users.nix) (../modules/users.nix)
]; ];
users.groups.media = { };
custom.users = { custom.users = {
vivian = { vivian = {