From 546c5170d74ccb3196887b1ace7ccde7b292ed43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?c=C4=83t=C4=83lin?= Date: Mon, 5 Jan 2026 15:15:02 +0100 Subject: [PATCH] add multiple envs for packages --- README.md | 135 ++++++++ fish/conf.d/functions.fish | 67 +++- nix/base/packages.nix | 38 +++ nix/flake.lock | 288 +++++++++++++++--- nix/flake.nix | 58 +++- nix/hosts/carpates/configuration.nix | 37 +++ nix/hosts/carpates/home.nix | 27 ++ nix/{ => hosts/limgrave}/configuration.nix | 92 ++++-- .../limgrave}/hardware-configuration.nix | 0 nix/hosts/limgrave/packages.nix | 77 +++++ nix/packages.nix | 1 + 11 files changed, 739 insertions(+), 81 deletions(-) create mode 100644 nix/base/packages.nix create mode 100644 nix/hosts/carpates/configuration.nix create mode 100644 nix/hosts/carpates/home.nix rename nix/{ => hosts/limgrave}/configuration.nix (74%) rename nix/{ => hosts/limgrave}/hardware-configuration.nix (100%) create mode 100644 nix/hosts/limgrave/packages.nix diff --git a/README.md b/README.md index a6e8017..978d712 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,141 @@ # dots +This repository contains my dotfiles and a Nix flake that supports multiple hosts (machines) with a shared base and per-host configuration. + +- On NixOS: hosts are built via `nixosConfigurations`. +- On non-NixOS (e.g., Ubuntu): hosts are applied via Home Manager using `homeConfigurations`. + +## Bootstrap + ```shell pip install pipx ansible ansible-playbook --ask-become-pass ansible/main.yml +# Then apply dotfiles with dotter dotter +``` + +## NixOS: multi-host layout + +- nix/base/packages.nix — packages installed on all hosts +- nix/hosts// + - configuration.nix — host-specific NixOS configuration + - hardware-configuration.nix — generated per-machine + - packages.nix — extra packages for this host +- nix/flake.nix — exposes each host under nixosConfigurations + +Current hosts: +- limgrave — my main system +- carpates — scaffolded/minimal, ready to extend + +## Naming rule (important) +Your machine hostname must match the Nix flake host name. For example: +- networking.hostName = "limgrave" in the host configuration +- The flake exports nixosConfigurations.limgrave +- The system hostname (output of `hostname -s`) is limgrave + +This allows the upgrade function to pick the right configuration automatically. + +## Build or switch +From repo root: + +```bash +# Limgrave (current system) +sudo nixos-rebuild switch --flake ./nix#limgrave + +# carpates (on target machine) +sudo nixos-rebuild switch --flake ./nix#carpates +# Or during install: +# nixos-install --flake /nix#carpates +``` + +## Upgrades: nix_upgrade +A convenience Fish function is provided in fish/conf.d/functions.fish: `nix_upgrade`. +It updates flake inputs and rebuilds the system using a host name that matches the machine hostname. + +Usage: +```fish +# Automatic: uses (hostname -s) → must match a host in nix/flake.nix +nix_upgrade + +# Override the host explicitly (useful for recovery or chroots) +nix_upgrade limgrave +``` +What it does: +1) sudo nix flake update --flake /home/catalin/.dotfiles/nix +2) sudo nixos-rebuild switch --flake /home/catalin/.dotfiles/nix# --upgrade + +Safety checks: +- Verifies nix/flake.nix exists +- Verifies the host is declared in nix/flake.nix +- Prints clear error if the hostname doesn’t map to a known host + +Tip: ensure your system hostname matches one of the directories in nix/hosts/ and the entry under nixosConfigurations in nix/flake.nix. + +## Adding a new host +1) Create a directory: nix/hosts// +2) Add configuration files (start by copying limgrave and trimming, or use the minimal example from carpates) +3) Generate hardware config on the new machine: +```bash +sudo nixos-generate-config +# Move merge the generated hardware-configuration.nix into nix/hosts// +``` +4) Add the host to nix/flake.nix under nixosConfigurations +5) Make sure networking.hostName = "" in the host configuration +6) Build or install: +```bash +sudo nixos-rebuild switch --flake ./nix# +# or during install: +nixos-install --flake /nix# +``` + +## Notes +- Old single-host files nix/configuration.nix and nix/packages.nix are kept for reference but are not used by the flake. You can remove them once comfortable with the new layout. +- limgrave includes nix-snapd and Home Manager; carpates currently includes Home Manager only. + +## Nix on non-NixOS (Ubuntu, etc.) +You can also use this flake on non-NixOS systems (e.g., Ubuntu) via Home Manager. For that path, hosts are defined under `homeConfigurations` in `nix/flake.nix` and typically live next to their NixOS counterparts. In this repo, `carpates` is prepared for non-NixOS via Home Manager. + +- Naming rule: your machine's hostname (output of `hostname -s`) should match the `homeConfigurations.` entry. Example: `carpates`. +- Packages: non-NixOS hosts usually install user-scoped packages via Home Manager, using the shared base set from `nix/base/packages.nix`. + +### Prerequisites +- Install Nix (multi-user is recommended): + ```bash + sh <(curl -L https://nixos.org/nix/install) --daemon + ``` +- Enable flakes (if not already). On non-NixOS, set in `/etc/nix/nix.conf` or `$XDG_CONFIG_HOME/nix/nix.conf`: + ``` + experimental-features = nix-command flakes + ``` +- Install Home Manager (no separate channel needed when using flakes; we can run it via `nix run` or install it on PATH): + ```bash + # Optional, to have `home-manager` on PATH: + nix profile install github:nix-community/home-manager + ``` + +### Apply the configuration (non-NixOS) +From repo root: +```bash +# Use the prepared Home Manager host (example: carpates) +home-manager switch --flake ./nix#carpates +# If `home-manager` is not installed, you can run it via nix: +nix run github:nix-community/home-manager -- switch --flake ./nix#carpates +``` + +### Upgrades (non-NixOS) +`nix_upgrade` also works on non-NixOS: +```fish +# Auto-detects host from (hostname -s) and runs Home Manager switch +nix_upgrade + +# Or override explicitly +nix_upgrade carpates +``` +What it does on non-NixOS: +- `nix flake update --flake /home/catalin/.dotfiles/nix` +- `home-manager switch --flake /home/catalin/.dotfiles/nix#` (or `nix run ... -- switch` if HM is not on PATH) + +### NixOS vs. non-NixOS summary +- NixOS hosts are declared under `nixosConfigurations` and are applied with `nixos-rebuild`. +- non-NixOS hosts are declared under `homeConfigurations` and are applied with `home-manager switch`. +- The `nix_upgrade` function detects the OS and selects the correct path automatically based on the hostname. diff --git a/fish/conf.d/functions.fish b/fish/conf.d/functions.fish index 3d33bef..cb41427 100644 --- a/fish/conf.d/functions.fish +++ b/fish/conf.d/functions.fish @@ -77,8 +77,71 @@ function gur end function nix_upgrade - sudo nix flake update --flake /home/catalin/.dotfiles/nix/ - sudo nixos-rebuild switch --flake /home/catalin/.dotfiles/nix/ --upgrade + # Upgrade this system based on hostname matching the flake host. + # Works on both NixOS (nixos-rebuild) and non-NixOS (Home Manager). + # Usage: nix_upgrade [host-override] + + set -l flake_path /home/catalin/.dotfiles/nix + + # Determine host either from arg or from the machine hostname + if set -q argv[1] + set -l host $argv[1] + else + set -l host (hostname -s) + if test $status -ne 0 -o -z "$host" + set host (hostname) + end + end + + if not test -f $flake_path/flake.nix + echo "Error: flake not found at $flake_path/flake.nix" + return 1 + end + + # Detect if we are on NixOS + set -l is_nixos 0 + if test -f /etc/NIXOS + set is_nixos 1 + else if type -q nixos-version + set is_nixos 1 + end + + echo "Updating inputs for flake: $flake_path" + # On non-NixOS this usually doesn't require sudo; on NixOS it might. + if test $is_nixos -eq 1 + sudo nix flake update --flake $flake_path + else + nix flake update --flake $flake_path + end + + if test $is_nixos -eq 1 + # NixOS path: verify host exists under nixosConfigurations (heuristic) + if not grep -Eq "^[[:space:]]*$host[[:space:]]*=[[:space:]]*lib\\.nixosSystem" $flake_path/flake.nix + echo "Error: host '$host' not found in nixosConfigurations in $flake_path/flake.nix." + echo " Pass an explicit host: nix_upgrade " + return 1 + end + echo "Rebuilding NixOS for host: $host" + sudo nixos-rebuild switch --flake $flake_path#$host --upgrade + else + # non-NixOS path: try Home Manager via flake's homeConfigurations + if not grep -q "homeConfigurations" $flake_path/flake.nix + echo "Error: no homeConfigurations found in flake; cannot upgrade on non-NixOS." + return 1 + end + # Best-effort heuristic that the host exists as a home configuration + if not grep -Eq "^[[:space:]]*$host[[:space:]]*=" $flake_path/flake.nix + echo "Warning: host '$host' not explicitly found; attempting Home Manager switch anyway." + end + + echo "Rebuilding Home Manager for host: $host" + if type -q home-manager + home-manager switch --flake $flake_path#$host + else + # Fallback: use nix to run HM + nix run github:nix-community/home-manager -- switch --flake $flake_path#$host + end + end end function delete_line diff --git a/nix/base/packages.nix b/nix/base/packages.nix new file mode 100644 index 0000000..d0c8b68 --- /dev/null +++ b/nix/base/packages.nix @@ -0,0 +1,38 @@ +pkgs: with pkgs; [ + vim + wget + git + tmux + eza + bat + jq + curl + atuin + leaf + dotter + kubectl + k9s + trashy + krew + pre-commit + devenv + git-cliff + difftastic + unzip + hadolint + docker-compose + delta + bottom + bat + dust + popeye + kubecolor + kubeconform + kube-score + uv + neovim + ncdu + direnv + asciinema + yq +] diff --git a/nix/flake.lock b/nix/flake.lock index 41ec776..1ff6c22 100644 --- a/nix/flake.lock +++ b/nix/flake.lock @@ -1,13 +1,74 @@ { "nodes": { + "autofirma-nix": { + "inputs": { + "autofirma-src": "autofirma-src", + "clienteafirma-external-src": "clienteafirma-external-src", + "flake-parts": "flake-parts", + "home-manager": "home-manager", + "jmulticard-src": "jmulticard-src", + "nix-unit": "nix-unit", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1762846273, + "narHash": "sha256-TvPVL/CLMstwlnsDrBHw7vMbrxwO1RlxJcQD2Csc/3Q=", + "owner": "nix-community", + "repo": "autofirma-nix", + "rev": "014a7decf4a60dcab532f78469ce83387c9aa40e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.05", + "repo": "autofirma-nix", + "type": "github" + } + }, + "autofirma-src": { + "flake": false, + "locked": { + "lastModified": 1716805628, + "narHash": "sha256-GQyj3QuWIHTkYwdJ4oKVsG923YG9mCUXfhqdIvEWNMA=", + "owner": "ctt-gob-es", + "repo": "clienteafirma", + "rev": "f8888062394a4ca41c5802beb2524597a5ce465a", + "type": "github" + }, + "original": { + "owner": "ctt-gob-es", + "ref": "v1.8.3", + "repo": "clienteafirma", + "type": "github" + } + }, + "clienteafirma-external-src": { + "flake": false, + "locked": { + "lastModified": 1712248159, + "narHash": "sha256-iS3I6zIxuKG133s/FqDlXZzOZ2ZOJcqZK9X6Tv3+3lc=", + "owner": "ctt-gob-es", + "repo": "clienteafirma-external", + "rev": "f450ac76094ffe387f6590b9ac61b5ada5a501e7", + "type": "github" + }, + "original": { + "owner": "ctt-gob-es", + "ref": "OT_14395", + "repo": "clienteafirma-external", + "type": "github" + } + }, "flake-compat": { "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "revCount": 57, + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "revCount": 69, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz" }, "original": { "type": "tarball", @@ -15,15 +76,36 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "autofirma-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1762810396, + "narHash": "sha256-dxFVgQPG+R72dkhXTtqUm7KpxElw3u6E+YlQ2WaDgt8=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "0bdadb1b265fb4143a75bd1ec7d8c915898a9923", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", "type": "github" }, "original": { @@ -33,6 +115,24 @@ } }, "home-manager": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1762787259, + "narHash": "sha256-t2U/GLLXHa2+kJkwnFNRVc2fEJ/lUfyZXBE5iKzJdcs=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "37a3d97f2873e0f68711117c34d04b7c7ead8f4e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -53,20 +153,59 @@ "type": "github" } }, + "jmulticard-src": { + "flake": false, + "locked": { + "lastModified": 1686816513, + "narHash": "sha256-sCqMK4FvwRHsGIB6iQVyqrx0+EDiUfQSAsPqmDq2Giw=", + "owner": "ctt-gob-es", + "repo": "jmulticard", + "rev": "9983fc690f3b68dc2c8fde19db269766cf0fb387", + "type": "github" + }, + "original": { + "owner": "ctt-gob-es", + "ref": "v1.8", + "repo": "jmulticard", + "type": "github" + } + }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "autofirma-nix", + "nix-unit", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737420293, + "narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nix-snapd": { "inputs": { "flake-compat": "flake-compat", - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1734935829, - "narHash": "sha256-/7Y+EZoU8O+N2PgEIvJKwp6qLBuwiOq3MeC0YLezX/w=", + "lastModified": 1761703712, + "narHash": "sha256-OKuNVXmHuZ0zi8T0aGWrBJizIfvdTqV1RiV0IN8GPZs=", "owner": "nix-community", "repo": "nix-snapd", - "rev": "355a1ed0141b6fd3093e3cb7b3492e6e67913681", + "rev": "f7694a0e26d890e285137e1b726b1b44038805c4", "type": "github" }, "original": { @@ -75,13 +214,71 @@ "type": "github" } }, + "nix-unit": { + "inputs": { + "flake-parts": [ + "autofirma-nix", + "flake-parts" + ], + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "autofirma-nix", + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1762774186, + "narHash": "sha256-hRADkHjNt41+JUHw2EiSkMaL4owL83g5ZppjYUdF/Dc=", + "owner": "nix-community", + "repo": "nix-unit", + "rev": "1c9ab50554eed0b768f9e5b6f646d63c9673f0f7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-unit", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1760862643, - "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=", + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1762233356, + "narHash": "sha256-cGS3lLTYusbEP/IJIWGgnkzIl+FA5xDvtiHyjalGr4k=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ca534a76c4afb2bdc07b681dbc11b453bab21af8", "type": "github" }, "original": { @@ -91,25 +288,13 @@ "type": "github" } }, - "nixpkgs-lib": { + "nixpkgs_3": { "locked": { - "lastModified": 1733096140, - "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1760524057, - "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "lastModified": 1761907660, + "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", "type": "github" }, "original": { @@ -121,24 +306,25 @@ }, "root": { "inputs": { - "home-manager": "home-manager", + "autofirma-nix": "autofirma-nix", + "home-manager": "home-manager_2", "nix-snapd": "nix-snapd", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "spicetify-nix": "spicetify-nix", "unstable": "unstable" } }, "spicetify-nix": { "inputs": { - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "systems": "systems" }, "locked": { - "lastModified": 1760848035, - "narHash": "sha256-H3MFH8+i4wFagkebtHPcosQdkmxQ4a6fl1lMbLb+RkA=", + "lastModified": 1762057664, + "narHash": "sha256-mdEEvepIi8ebpGP1WWOHNvNQyd8rF0mUrKAiU6mwHCk=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "cde9f78ae705343a38f5d1d19ab34858b5e9caa9", + "rev": "4aa6e43d29e3c8acf544aa6782a1963a11369208", "type": "github" }, "original": { @@ -162,13 +348,35 @@ "type": "github" } }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "autofirma-nix", + "nix-unit", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1762410071, + "narHash": "sha256-aF5fvoZeoXNPxT0bejFUBXeUjXfHLSL7g+mjR/p5TEg=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "97a30861b13c3731a84e09405414398fbf3e109f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "unstable": { "locked": { - "lastModified": 1760965567, - "narHash": "sha256-0JDOal5P7xzzAibvD0yTE3ptyvoVOAL0rcELmDdtSKg=", + "lastModified": 1762361079, + "narHash": "sha256-lz718rr1BDpZBYk7+G8cE6wee3PiBUpn8aomG/vLLiY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "cb82756ecc37fa623f8cf3e88854f9bf7f64af93", + "rev": "ffcdcf99d65c61956d882df249a9be53e5902ea5", "type": "github" }, "original": { diff --git a/nix/flake.nix b/nix/flake.nix index 6dfba30..e350be4 100644 --- a/nix/flake.nix +++ b/nix/flake.nix @@ -7,31 +7,63 @@ nix-snapd.url = "github:nix-community/nix-snapd"; nix-snapd.inputs.nixpkgs.follows = "nixpkgs"; spicetify-nix.url = "github:Gerg-L/spicetify-nix"; + autofirma-nix = { + url = "github:nix-community/autofirma-nix/release-25.05"; + inputs.nixpkgs.follows = "nixpkgs"; + }; home-manager = { url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; }; }; - outputs = { self, nixpkgs, unstable, nix-snapd, home-manager, ... }: + nixConfig = { + extra-substituters = [ + "https://nix-community.cachix.org" + ]; + extra-trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + }; + + outputs = { self, nixpkgs, unstable, nix-snapd, home-manager, autofirma-nix, ... }: let system = "x86_64-linux"; lib = nixpkgs.lib; pkgs-unstable = unstable.legacyPackages.${system}; + pkgs = nixpkgs.legacyPackages.${system}; in { - nixosConfigurations.limgrave = nixpkgs.lib.nixosSystem { - inherit system; - specialArgs = { inherit pkgs-unstable; }; - modules = [ - ./configuration.nix - nix-snapd.nixosModules.default - home-manager.nixosModules.home-manager - { - environment.systemPackages = [ - ]; - } - ]; + nixosConfigurations = { + limgrave = lib.nixosSystem { + inherit system; + specialArgs = { inherit pkgs-unstable; }; + modules = [ + ./hosts/limgrave/configuration.nix + nix-snapd.nixosModules.default + autofirma-nix.nixosModules.default + home-manager.nixosModules.home-manager + ]; + }; + + carpates = lib.nixosSystem { + inherit system; + specialArgs = { inherit pkgs-unstable; }; + modules = [ + ./hosts/carpates/configuration.nix + home-manager.nixosModules.home-manager + ]; + }; + }; + + # Home Manager configurations for non-NixOS hosts (e.g., Ubuntu) + homeConfigurations = { + # For non-NixOS usage on a machine named "carpates". + # Run: home-manager switch --flake ./nix#carpates + carpates = home-manager.lib.homeManagerConfiguration { + inherit pkgs; + modules = [ ./hosts/carpates/home.nix ]; + }; }; }; } diff --git a/nix/hosts/carpates/configuration.nix b/nix/hosts/carpates/configuration.nix new file mode 100644 index 0000000..daf1cd7 --- /dev/null +++ b/nix/hosts/carpates/configuration.nix @@ -0,0 +1,37 @@ +{ config, pkgs, pkgs-unstable, ... }: +{ + imports = [ + ./hardware-configuration.nix + ]; + + # Basic system metadata + networking.hostName = "carpates"; + time.timeZone = "Europe/Madrid"; + i18n.defaultLocale = "en_US.UTF-8"; + + # Nix settings + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nixpkgs.config = { + allowUnfree = true; + allowBroken = false; + }; + + # Users + users.users.catalin = { + isNormalUser = true; + description = "catalin"; + shell = pkgs.fish; + extraGroups = [ "networkmanager" "wheel" ]; + }; + + # Minimal services + networking.networkmanager.enable = true; + services.openssh.enable = true; + + # Base CLI set only (shared across hosts) + environment.systemPackages = import ../../base/packages.nix pkgs; + + programs.fish.enable = true; + + system.stateVersion = "24.11"; +} diff --git a/nix/hosts/carpates/home.nix b/nix/hosts/carpates/home.nix new file mode 100644 index 0000000..14099f0 --- /dev/null +++ b/nix/hosts/carpates/home.nix @@ -0,0 +1,27 @@ +{ config, pkgs, ... }: +{ + # Home Manager configuration for non-NixOS usage on host "carpates". + # Apply with: + # home-manager switch --flake ./nix#carpates + + home.username = "catalin"; + home.homeDirectory = "/home/catalin"; + + # Use the same base CLI set as all hosts + home.packages = import ../../base/packages.nix pkgs; + + programs.fish.enable = true; + + # Example: some common quality-of-life programs + programs.git = { + enable = true; + userName = "catalin"; + userEmail = ""; # set if desired + }; + + # Make sure HM itself can manage its state + programs.home-manager.enable = true; + + # Set the HM release; doesn't have to match NixOS release + home.stateVersion = "24.11"; +} diff --git a/nix/configuration.nix b/nix/hosts/limgrave/configuration.nix similarity index 74% rename from nix/configuration.nix rename to nix/hosts/limgrave/configuration.nix index 34f8211..4b0920a 100644 --- a/nix/configuration.nix +++ b/nix/hosts/limgrave/configuration.nix @@ -1,19 +1,26 @@ - { config, pkgs, pkgs-unstable, ... }: -{ imports = - [ - ./hardware-configuration.nix - ]; +{ + imports = [ + ./hardware-configuration.nix + ]; + nixpkgs.config.allowBroken = true; nix.settings.download-buffer-size = 524288000; - nixpkgs.config.permittedInsecurePackages = ["electron-33.4.11" "mono-5.20.1.34"]; + nixpkgs.config.permittedInsecurePackages = [ "electron-33.4.11" "mono-5.20.1.34" ]; + boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - boot.supportedFilesystems = ["ntfs"]; + boot.supportedFilesystems = [ "ntfs" ]; + services.snap.enable = false; + networking.hostName = "limgrave"; networking.networkmanager.enable = true; + services.mullvad-vpn.enable = true; + + environment.sessionVariables.MOZ_ENABLE_WAYLAND = 0; + time.timeZone = "Europe/Madrid"; i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { @@ -27,10 +34,12 @@ LC_TELEPHONE = "es_ES.UTF-8"; LC_TIME = "es_ES.UTF-8"; }; + networking.firewall = rec { allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; allowedUDPPortRanges = allowedTCPPortRanges; }; + home-manager.users.catalin = { programs.gnome-shell = { enable = true; @@ -72,17 +81,17 @@ ]; }; }; - + services.xserver = { - enable = true; - displayManager.gdm.enable = true; - desktopManager.gnome.enable = true; - windowManager.openbox.enable = true; - - xkb = { - layout = "us"; - variant = ""; - }; + enable = true; + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + windowManager.openbox.enable = true; + + xkb = { + layout = "us"; + variant = ""; + }; }; services.printing.enable = true; @@ -100,19 +109,44 @@ isNormalUser = true; description = "catalin"; shell = pkgs.fish; - useDefaultShell = true; + useDefaultShell = true; extraGroups = [ "networkmanager" "wheel" "docker" "nas" ]; - packages = with pkgs; [ - flatpak - ]; + packages = with pkgs; [ flatpak ]; }; users.groups.nas.gid = 568; programs.firefox.enable = true; + # Enable smart card service and eID tooling (AutoFirma stack) + services.pcscd.enable = true; + programs.autofirma = { + enable = true; + firefoxIntegration.enable = true; + }; + programs.dnieremote = { + enable = true; + jumpIntro = "no"; + wifiPort = 9501; + usbPort = 9501; + openFirewall = false; + }; + programs.configuradorfnmt = { + enable = true; + firefoxIntegration.enable = true; + }; + # Configure Firefox PKCS#11 modules for DNIe and OpenSC + programs.firefox.policies = { + SecurityDevices = { + "OpenSC PKCS#11" = "${pkgs.opensc}/lib/opensc-pkcs11.so"; + "DNIeRemote" = "${config.programs.dnieremote.finalPackage}/lib/libdnieremotepkcs11.so"; + }; + }; nixpkgs.config.allowUnfree = true; services.flatpak.enable = true; programs.nix-ld.enable = true; - environment.systemPackages = import ./packages.nix pkgs ; + + # Merge base packages with host-specific packages + environment.systemPackages = (import ../../base/packages.nix pkgs) ++ (import ./packages.nix pkgs); + programs = { bash = { interactiveShellInit = '' @@ -127,20 +161,23 @@ steam = { enable = true; package = pkgs.steam.override { - extraLibraries = p: with p; [(lib.getLib networkmanager)]; + extraLibraries = p: with p; [ (lib.getLib networkmanager) ]; }; }; }; + xdg.portal.enable = true; xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; xdg.portal.config.common.default = "gtk"; + programs.mtr.enable = true; programs.dconf.enable = true; programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; - systemd.services.flatpak-repo = { + + systemd.services.flatpak-repo = { wantedBy = [ "multi-user.target" ]; path = [ pkgs.flatpak ]; script = '' @@ -154,18 +191,21 @@ dates = "weekly"; options = "--delete-older-than 1w"; }; + fonts.packages = with pkgs; [ atkinson-hyperlegible ]; + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; services.openssh.enable = true; services.tailscale.enable = true; virtualisation.docker.enable = true; networking.nameservers = [ "192.168.1.7" "1.1.1.1" ]; + nix.extraOptions = '' - trusted-users = root catalin + trusted-users = root catalin ''; + system.autoUpgrade.enable = true; system.stateVersion = "24.11"; - } diff --git a/nix/hardware-configuration.nix b/nix/hosts/limgrave/hardware-configuration.nix similarity index 100% rename from nix/hardware-configuration.nix rename to nix/hosts/limgrave/hardware-configuration.nix diff --git a/nix/hosts/limgrave/packages.nix b/nix/hosts/limgrave/packages.nix new file mode 100644 index 0000000..ede77dd --- /dev/null +++ b/nix/hosts/limgrave/packages.nix @@ -0,0 +1,77 @@ +pkgs: with pkgs; [ + kitty + steam + steam-run + vesktop + python311 + protonup-qt + jellyfin-media-player + spotify + adwaita-icon-theme + fishPlugins.z + fishPlugins.tide + fishPlugins.transient-fish + fishPlugins.done + fishPlugins.colored-man-pages + lutris + telegram-desktop + restic + bitwarden + pre-commit + cargo + inconsolata + google-chrome + yt-dlp + mpv + gnumake + stremio + kubernetes-helm + opentofu + kubeseal + openssl + xclip + resticprofile + gnupg + awscli2 + kor + exiftool + jetbrains-toolbox + chiaki-ng + gnome-themes-extra + tela-circle-icon-theme + hmcl + rose-pine-gtk-theme + rose-pine-icon-theme + rose-pine-cursor + vlc + unrar-wrapper + atkinson-hyperlegible + libreoffice-qt + hunspell + hunspellDicts.es_ES + hunspellDicts.en_US + sqlite-interactive + ffmpeg + filezilla + lrcget + picard + gimp + yq + qbittorrent + p7zip + ansible + k3sup + gamemode + lm_sensors + appimage-run + coder + xcolor + signal-desktop + element-desktop + pavucontrol + samrewritten + audacity + mullvad-browser + mullvad-vpn + limo +] diff --git a/nix/packages.nix b/nix/packages.nix index 2cd15f1..0d423ca 100644 --- a/nix/packages.nix +++ b/nix/packages.nix @@ -117,4 +117,5 @@ pkgs: with pkgs; [ nexusmods-app cargo rustc + samrewritten ]