catalin/dotfiles
1
0
Fork 0
Code Activity

add multiple envs for packages

Browse source
This commit is contained in:
cătălin 2026-01-05 15:15:02 +01:00
commit 546c5170d7
No known key found for this signature in database
11 changed files with 733 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

135
README.md
View file

@ -1,6 +1,141 @@
# dots
This repository contains my dotfiles and a Nix flake that supports multiple hosts (machines) with a shared base and per-host configuration.
- On NixOS: hosts are built via `nixosConfigurations`.
- On non-NixOS (e.g., Ubuntu): hosts are applied via Home Manager using `homeConfigurations`.
## Bootstrap
```shell
pip install pipx ansible
ansible-playbook --ask-become-pass ansible/main.yml
# Then apply dotfiles with dotter
dotter
```
## NixOS: multi-host layout
- nix/base/packages.nix — packages installed on all hosts
- nix/hosts/<host>/
- configuration.nix — host-specific NixOS configuration
- hardware-configuration.nix — generated per-machine
- packages.nix — extra packages for this host
- nix/flake.nix — exposes each host under nixosConfigurations
Current hosts:
- limgrave — my main system
- carpates — scaffolded/minimal, ready to extend
## Naming rule (important)
Your machine hostname must match the Nix flake host name. For example:
- networking.hostName = "limgrave" in the host configuration
- The flake exports nixosConfigurations.limgrave
- The system hostname (output of `hostname -s`) is limgrave
This allows the upgrade function to pick the right configuration automatically.
## Build or switch
From repo root:
```bash
# Limgrave (current system)
sudo nixos-rebuild switch --flake ./nix#limgrave
# carpates (on target machine)
sudo nixos-rebuild switch --flake ./nix#carpates
# Or during install:
# nixos-install --flake <repo-path>/nix#carpates
```
## Upgrades: nix_upgrade
A convenience Fish function is provided in fish/conf.d/functions.fish: `nix_upgrade`.
It updates flake inputs and rebuilds the system using a host name that matches the machine hostname.
Usage:
```fish
# Automatic: uses (hostname -s) → must match a host in nix/flake.nix
nix_upgrade
# Override the host explicitly (useful for recovery or chroots)
nix_upgrade limgrave
```
What it does:
1) sudo nix flake update --flake /home/catalin/.dotfiles/nix
2) sudo nixos-rebuild switch --flake /home/catalin/.dotfiles/nix#<host> --upgrade
Safety checks:
- Verifies nix/flake.nix exists
- Verifies the host is declared in nix/flake.nix
- Prints clear error if the hostname doesnt map to a known host
Tip: ensure your system hostname matches one of the directories in nix/hosts/ and the entry under nixosConfigurations in nix/flake.nix.
## Adding a new host
1) Create a directory: nix/hosts/<newhost>/
2) Add configuration files (start by copying limgrave and trimming, or use the minimal example from carpates)
3) Generate hardware config on the new machine:
```bash
sudo nixos-generate-config
# Move merge the generated hardware-configuration.nix into nix/hosts/<newhost>/
```
4) Add the host to nix/flake.nix under nixosConfigurations
5) Make sure networking.hostName = "<newhost>" in the host configuration
6) Build or install:
```bash
sudo nixos-rebuild switch --flake ./nix#<newhost>
# or during install:
nixos-install --flake <repo-path>/nix#<newhost>
```
## Notes
- Old single-host files nix/configuration.nix and nix/packages.nix are kept for reference but are not used by the flake. You can remove them once comfortable with the new layout.
- limgrave includes nix-snapd and Home Manager; carpates currently includes Home Manager only.
## Nix on non-NixOS (Ubuntu, etc.)
You can also use this flake on non-NixOS systems (e.g., Ubuntu) via Home Manager. For that path, hosts are defined under `homeConfigurations` in `nix/flake.nix` and typically live next to their NixOS counterparts. In this repo, `carpates` is prepared for non-NixOS via Home Manager.
- Naming rule: your machine's hostname (output of `hostname -s`) should match the `homeConfigurations.<host>` entry. Example: `carpates`.
- Packages: non-NixOS hosts usually install user-scoped packages via Home Manager, using the shared base set from `nix/base/packages.nix`.
### Prerequisites
- Install Nix (multi-user is recommended):
```bash
sh <(curl -L https://nixos.org/nix/install) --daemon
```
- Enable flakes (if not already). On non-NixOS, set in `/etc/nix/nix.conf` or `$XDG_CONFIG_HOME/nix/nix.conf`:
```
experimental-features = nix-command flakes
```
- Install Home Manager (no separate channel needed when using flakes; we can run it via `nix run` or install it on PATH):
```bash
# Optional, to have `home-manager` on PATH:
nix profile install github:nix-community/home-manager
```
### Apply the configuration (non-NixOS)
From repo root:
```bash
# Use the prepared Home Manager host (example: carpates)
home-manager switch --flake ./nix#carpates
# If `home-manager` is not installed, you can run it via nix:
nix run github:nix-community/home-manager -- switch --flake ./nix#carpates
```
### Upgrades (non-NixOS)
`nix_upgrade` also works on non-NixOS:
```fish
# Auto-detects host from (hostname -s) and runs Home Manager switch
nix_upgrade
# Or override explicitly
nix_upgrade carpates
```
What it does on non-NixOS:
- `nix flake update --flake /home/catalin/.dotfiles/nix`
- `home-manager switch --flake /home/catalin/.dotfiles/nix#<host>` (or `nix run ... -- switch` if HM is not on PATH)
### NixOS vs. non-NixOS summary
- NixOS hosts are declared under `nixosConfigurations` and are applied with `nixos-rebuild`.
- non-NixOS hosts are declared under `homeConfigurations` and are applied with `home-manager switch`.
- The `nix_upgrade` function detects the OS and selects the correct path automatically based on the hostname.

67
fish/conf.d/functions.fish
View file

@ -77,8 +77,71 @@ function gur
end
function nix_upgrade
sudo nix flake update --flake /home/catalin/.dotfiles/nix/
sudo nixos-rebuild switch --flake /home/catalin/.dotfiles/nix/ --upgrade
# Upgrade this system based on hostname matching the flake host.
# Works on both NixOS (nixos-rebuild) and non-NixOS (Home Manager).
# Usage: nix_upgrade [host-override]
set -l flake_path /home/catalin/.dotfiles/nix
# Determine host either from arg or from the machine hostname
if set -q argv[1]
set -l host $argv[1]
else
set -l host (hostname -s)
if test $status -ne 0 -o -z "$host"
set host (hostname)
end
end
if not test -f $flake_path/flake.nix
echo "Error: flake not found at $flake_path/flake.nix"
return 1
end
# Detect if we are on NixOS
set -l is_nixos 0
if test -f /etc/NIXOS
set is_nixos 1
else if type -q nixos-version
set is_nixos 1
end
echo "Updating inputs for flake: $flake_path"
# On non-NixOS this usually doesn't require sudo; on NixOS it might.
if test $is_nixos -eq 1
sudo nix flake update --flake $flake_path
else
nix flake update --flake $flake_path
end
if test $is_nixos -eq 1
# NixOS path: verify host exists under nixosConfigurations (heuristic)
if not grep -Eq "^[[:space:]]*$host[[:space:]]*=[[:space:]]*lib\\.nixosSystem" $flake_path/flake.nix
echo "Error: host '$host' not found in nixosConfigurations in $flake_path/flake.nix."
echo " Pass an explicit host: nix_upgrade <host>"
return 1
end
echo "Rebuilding NixOS for host: $host"
sudo nixos-rebuild switch --flake $flake_path#$host --upgrade
else
# non-NixOS path: try Home Manager via flake's homeConfigurations
if not grep -q "homeConfigurations" $flake_path/flake.nix
echo "Error: no homeConfigurations found in flake; cannot upgrade on non-NixOS."
return 1
end
# Best-effort heuristic that the host exists as a home configuration
if not grep -Eq "^[[:space:]]*$host[[:space:]]*=" $flake_path/flake.nix
echo "Warning: host '$host' not explicitly found; attempting Home Manager switch anyway."
end
echo "Rebuilding Home Manager for host: $host"
if type -q home-manager
home-manager switch --flake $flake_path#$host
else
# Fallback: use nix to run HM
nix run github:nix-community/home-manager -- switch --flake $flake_path#$host
end
end
end
function delete_line

38
nix/base/packages.nix Normal file
View file

@ -0,0 +1,38 @@
pkgs: with pkgs; [
vim
wget
git
tmux
eza
bat
jq
curl
atuin
leaf
dotter
kubectl
k9s
trashy
krew
pre-commit
devenv
git-cliff
difftastic
unzip
hadolint
docker-compose
delta
bottom
bat
dust
popeye
kubecolor
kubeconform
kube-score
uv
neovim
ncdu
direnv
asciinema
yq
]

288
nix/flake.lock generated
View file

@ -1,13 +1,74 @@
{
"nodes": {
"autofirma-nix": {
"inputs": {
"autofirma-src": "autofirma-src",
"clienteafirma-external-src": "clienteafirma-external-src",
"flake-parts": "flake-parts",
"home-manager": "home-manager",
"jmulticard-src": "jmulticard-src",
"nix-unit": "nix-unit",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1762846273,
"narHash": "sha256-TvPVL/CLMstwlnsDrBHw7vMbrxwO1RlxJcQD2Csc/3Q=",
"owner": "nix-community",
"repo": "autofirma-nix",
"rev": "014a7decf4a60dcab532f78469ce83387c9aa40e",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.05",
"repo": "autofirma-nix",
"type": "github"
}
},
"autofirma-src": {
"flake": false,
"locked": {
"lastModified": 1716805628,
"narHash": "sha256-GQyj3QuWIHTkYwdJ4oKVsG923YG9mCUXfhqdIvEWNMA=",
"owner": "ctt-gob-es",
"repo": "clienteafirma",
"rev": "f8888062394a4ca41c5802beb2524597a5ce465a",
"type": "github"
},
"original": {
"owner": "ctt-gob-es",
"ref": "v1.8.3",
"repo": "clienteafirma",
"type": "github"
}
},
"clienteafirma-external-src": {
"flake": false,
"locked": {
"lastModified": 1712248159,
"narHash": "sha256-iS3I6zIxuKG133s/FqDlXZzOZ2ZOJcqZK9X6Tv3+3lc=",
"owner": "ctt-gob-es",
"repo": "clienteafirma-external",
"rev": "f450ac76094ffe387f6590b9ac61b5ada5a501e7",
"type": "github"
},
"original": {
"owner": "ctt-gob-es",
"ref": "OT_14395",
"repo": "clienteafirma-external",
"type": "github"
}
},
"flake-compat": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"revCount": 69,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz"
},
"original": {
"type": "tarball",
@ -15,15 +76,36 @@
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"autofirma-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1762810396,
"narHash": "sha256-dxFVgQPG+R72dkhXTtqUm7KpxElw3u6E+YlQ2WaDgt8=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "0bdadb1b265fb4143a75bd1ec7d8c915898a9923",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"lastModified": 1760948891,
"narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04",
"type": "github"
},
"original": {
@ -33,6 +115,24 @@
}
},
"home-manager": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1762787259,
"narHash": "sha256-t2U/GLLXHa2+kJkwnFNRVc2fEJ/lUfyZXBE5iKzJdcs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "37a3d97f2873e0f68711117c34d04b7c7ead8f4e",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
@ -53,20 +153,59 @@
"type": "github"
}
},
"jmulticard-src": {
"flake": false,
"locked": {
"lastModified": 1686816513,
"narHash": "sha256-sCqMK4FvwRHsGIB6iQVyqrx0+EDiUfQSAsPqmDq2Giw=",
"owner": "ctt-gob-es",
"repo": "jmulticard",
"rev": "9983fc690f3b68dc2c8fde19db269766cf0fb387",
"type": "github"
},
"original": {
"owner": "ctt-gob-es",
"ref": "v1.8",
"repo": "jmulticard",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"autofirma-nix",
"nix-unit",
"nixpkgs"
]
},
"locked": {
"lastModified": 1737420293,
"narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix-snapd": {
"inputs": {
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-parts": "flake-parts_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1734935829,
"narHash": "sha256-/7Y+EZoU8O+N2PgEIvJKwp6qLBuwiOq3MeC0YLezX/w=",
"lastModified": 1761703712,
"narHash": "sha256-OKuNVXmHuZ0zi8T0aGWrBJizIfvdTqV1RiV0IN8GPZs=",
"owner": "nix-community",
"repo": "nix-snapd",
"rev": "355a1ed0141b6fd3093e3cb7b3492e6e67913681",
"rev": "f7694a0e26d890e285137e1b726b1b44038805c4",
"type": "github"
},
"original": {
@ -75,13 +214,71 @@
"type": "github"
}
},
"nix-unit": {
"inputs": {
"flake-parts": [
"autofirma-nix",
"flake-parts"
],
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"autofirma-nix",
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1762774186,
"narHash": "sha256-hRADkHjNt41+JUHw2EiSkMaL4owL83g5ZppjYUdF/Dc=",
"owner": "nix-community",
"repo": "nix-unit",
"rev": "1c9ab50554eed0b768f9e5b6f646d63c9673f0f7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-unit",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1760862643,
"narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=",
"lastModified": 1762111121,
"narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c",
"rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1754788789,
"narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "a73b9c743612e4244d865a2fdee11865283c04e6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1762233356,
"narHash": "sha256-cGS3lLTYusbEP/IJIWGgnkzIl+FA5xDvtiHyjalGr4k=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ca534a76c4afb2bdc07b681dbc11b453bab21af8",
"type": "github"
},
"original": {
@ -91,25 +288,13 @@
"type": "github"
}
},
"nixpkgs-lib": {
"nixpkgs_3": {
"locked": {
"lastModified": 1733096140,
"narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1760524057,
"narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=",
"lastModified": 1761907660,
"narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5",
"rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15",
"type": "github"
},
"original": {
@ -121,24 +306,25 @@
},
"root": {
"inputs": {
"home-manager": "home-manager",
"autofirma-nix": "autofirma-nix",
"home-manager": "home-manager_2",
"nix-snapd": "nix-snapd",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2",
"spicetify-nix": "spicetify-nix",
"unstable": "unstable"
}
},
"spicetify-nix": {
"inputs": {
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs_3",
"systems": "systems"
},
"locked": {
"lastModified": 1760848035,
"narHash": "sha256-H3MFH8+i4wFagkebtHPcosQdkmxQ4a6fl1lMbLb+RkA=",
"lastModified": 1762057664,
"narHash": "sha256-mdEEvepIi8ebpGP1WWOHNvNQyd8rF0mUrKAiU6mwHCk=",
"owner": "Gerg-L",
"repo": "spicetify-nix",
"rev": "cde9f78ae705343a38f5d1d19ab34858b5e9caa9",
"rev": "4aa6e43d29e3c8acf544aa6782a1963a11369208",
"type": "github"
},
"original": {
@ -162,13 +348,35 @@
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"autofirma-nix",
"nix-unit",
"nixpkgs"
]
},
"locked": {
"lastModified": 1762410071,
"narHash": "sha256-aF5fvoZeoXNPxT0bejFUBXeUjXfHLSL7g+mjR/p5TEg=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "97a30861b13c3731a84e09405414398fbf3e109f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"unstable": {
"locked": {
"lastModified": 1760965567,
"narHash": "sha256-0JDOal5P7xzzAibvD0yTE3ptyvoVOAL0rcELmDdtSKg=",
"lastModified": 1762361079,
"narHash": "sha256-lz718rr1BDpZBYk7+G8cE6wee3PiBUpn8aomG/vLLiY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "cb82756ecc37fa623f8cf3e88854f9bf7f64af93",
"rev": "ffcdcf99d65c61956d882df249a9be53e5902ea5",
"type": "github"
},
"original": {

58
nix/flake.nix
View file

@ -7,31 +7,63 @@
nix-snapd.url = "github:nix-community/nix-snapd";
nix-snapd.inputs.nixpkgs.follows = "nixpkgs";
spicetify-nix.url = "github:Gerg-L/spicetify-nix";
autofirma-nix = {
url = "github:nix-community/autofirma-nix/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, unstable, nix-snapd, home-manager, ... }:
nixConfig = {
extra-substituters = [
"https://nix-community.cachix.org"
];
extra-trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
outputs = { self, nixpkgs, unstable, nix-snapd, home-manager, autofirma-nix, ... }:
let
system = "x86_64-linux";
lib = nixpkgs.lib;
pkgs-unstable = unstable.legacyPackages.${system};
pkgs = nixpkgs.legacyPackages.${system};
in
{
nixosConfigurations.limgrave = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit pkgs-unstable; };
modules = [
./configuration.nix
nix-snapd.nixosModules.default
home-manager.nixosModules.home-manager
{
environment.systemPackages = [
];
}
];
nixosConfigurations = {
limgrave = lib.nixosSystem {
inherit system;
specialArgs = { inherit pkgs-unstable; };
modules = [
./hosts/limgrave/configuration.nix
nix-snapd.nixosModules.default
autofirma-nix.nixosModules.default
home-manager.nixosModules.home-manager
];
};
carpates = lib.nixosSystem {
inherit system;
specialArgs = { inherit pkgs-unstable; };
modules = [
./hosts/carpates/configuration.nix
home-manager.nixosModules.home-manager
];
};
};
# Home Manager configurations for non-NixOS hosts (e.g., Ubuntu)
homeConfigurations = {
# For non-NixOS usage on a machine named "carpates".
# Run: home-manager switch --flake ./nix#carpates
carpates = home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules = [ ./hosts/carpates/home.nix ];
};
};
};
}

37
nix/hosts/carpates/configuration.nix Normal file
View file

@ -0,0 +1,37 @@
{ config, pkgs, pkgs-unstable, ... }:
{
imports = [
./hardware-configuration.nix
];
# Basic system metadata
networking.hostName = "carpates";
time.timeZone = "Europe/Madrid";
i18n.defaultLocale = "en_US.UTF-8";
# Nix settings
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nixpkgs.config = {
allowUnfree = true;
allowBroken = false;
};
# Users
users.users.catalin = {
isNormalUser = true;
description = "catalin";
shell = pkgs.fish;
extraGroups = [ "networkmanager" "wheel" ];
};
# Minimal services
networking.networkmanager.enable = true;
services.openssh.enable = true;
# Base CLI set only (shared across hosts)
environment.systemPackages = import ../../base/packages.nix pkgs;
programs.fish.enable = true;
system.stateVersion = "24.11";
}

27
nix/hosts/carpates/home.nix Normal file
View file

@ -0,0 +1,27 @@
{ config, pkgs, ... }:
{
# Home Manager configuration for non-NixOS usage on host "carpates".
# Apply with:
# home-manager switch --flake ./nix#carpates
home.username = "catalin";
home.homeDirectory = "/home/catalin";
# Use the same base CLI set as all hosts
home.packages = import ../../base/packages.nix pkgs;
programs.fish.enable = true;
# Example: some common quality-of-life programs
programs.git = {
enable = true;
userName = "catalin";
userEmail = ""; # set if desired
};
# Make sure HM itself can manage its state
programs.home-manager.enable = true;
# Set the HM release; doesn't have to match NixOS release
home.stateVersion = "24.11";
}

88
nix/configuration.nix → nix/hosts/limgrave/configuration.nix
View file

@ -1,19 +1,26 @@
{ config, pkgs, pkgs-unstable, ... }:
{ imports =
[
./hardware-configuration.nix
];
{
imports = [
./hardware-configuration.nix
];
nixpkgs.config.allowBroken = true;
nix.settings.download-buffer-size = 524288000;
nixpkgs.config.permittedInsecurePackages = ["electron-33.4.11" "mono-5.20.1.34"];
nixpkgs.config.permittedInsecurePackages = [ "electron-33.4.11" "mono-5.20.1.34" ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.supportedFilesystems = ["ntfs"];
boot.supportedFilesystems = [ "ntfs" ];
services.snap.enable = false;
networking.hostName = "limgrave";
networking.networkmanager.enable = true;
services.mullvad-vpn.enable = true;
environment.sessionVariables.MOZ_ENABLE_WAYLAND = 0;
time.timeZone = "Europe/Madrid";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
@ -27,10 +34,12 @@
LC_TELEPHONE = "es_ES.UTF-8";
LC_TIME = "es_ES.UTF-8";
};
networking.firewall = rec {
allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
allowedUDPPortRanges = allowedTCPPortRanges;
};
home-manager.users.catalin = {
programs.gnome-shell = {
enable = true;
@ -74,15 +83,15 @@
};
services.xserver = {
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
windowManager.openbox.enable = true;
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
windowManager.openbox.enable = true;
xkb = {
layout = "us";
variant = "";
};
xkb = {
layout = "us";
variant = "";
};
};
services.printing.enable = true;
@ -100,19 +109,44 @@
isNormalUser = true;
description = "catalin";
shell = pkgs.fish;
useDefaultShell = true;
useDefaultShell = true;
extraGroups = [ "networkmanager" "wheel" "docker" "nas" ];
packages = with pkgs; [
flatpak
];
packages = with pkgs; [ flatpak ];
};
users.groups.nas.gid = 568;
programs.firefox.enable = true;
# Enable smart card service and eID tooling (AutoFirma stack)
services.pcscd.enable = true;
programs.autofirma = {
enable = true;
firefoxIntegration.enable = true;
};
programs.dnieremote = {
enable = true;
jumpIntro = "no";
wifiPort = 9501;
usbPort = 9501;
openFirewall = false;
};
programs.configuradorfnmt = {
enable = true;
firefoxIntegration.enable = true;
};
# Configure Firefox PKCS#11 modules for DNIe and OpenSC
programs.firefox.policies = {
SecurityDevices = {
"OpenSC PKCS#11" = "${pkgs.opensc}/lib/opensc-pkcs11.so";
"DNIeRemote" = "${config.programs.dnieremote.finalPackage}/lib/libdnieremotepkcs11.so";
};
};
nixpkgs.config.allowUnfree = true;
services.flatpak.enable = true;
programs.nix-ld.enable = true;
environment.systemPackages = import ./packages.nix pkgs ;
# Merge base packages with host-specific packages
environment.systemPackages = (import ../../base/packages.nix pkgs) ++ (import ./packages.nix pkgs);
programs = {
bash = {
interactiveShellInit = ''
@ -127,20 +161,23 @@
steam = {
enable = true;
package = pkgs.steam.override {
extraLibraries = p: with p; [(lib.getLib networkmanager)];
extraLibraries = p: with p; [ (lib.getLib networkmanager) ];
};
};
};
xdg.portal.enable = true;
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
xdg.portal.config.common.default = "gtk";
programs.mtr.enable = true;
programs.dconf.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
systemd.services.flatpak-repo = {
systemd.services.flatpak-repo = {
wantedBy = [ "multi-user.target" ];
path = [ pkgs.flatpak ];
script = ''
@ -154,18 +191,21 @@
dates = "weekly";
options = "--delete-older-than 1w";
};
fonts.packages = with pkgs; [
atkinson-hyperlegible
];
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
services.openssh.enable = true;
services.tailscale.enable = true;
virtualisation.docker.enable = true;
networking.nameservers = [ "192.168.1.7" "1.1.1.1" ];
nix.extraOptions = ''
trusted-users = root catalin
trusted-users = root catalin
'';
system.autoUpgrade.enable = true;
system.stateVersion = "24.11";
}

0
nix/hardware-configuration.nix → nix/hosts/limgrave/hardware-configuration.nix
View file

77
nix/hosts/limgrave/packages.nix Normal file
View file

@ -0,0 +1,77 @@
pkgs: with pkgs; [
kitty
steam
steam-run
vesktop
python311
protonup-qt
jellyfin-media-player
spotify
adwaita-icon-theme
fishPlugins.z
fishPlugins.tide
fishPlugins.transient-fish
fishPlugins.done
fishPlugins.colored-man-pages
lutris
telegram-desktop
restic
bitwarden
pre-commit
cargo
inconsolata
google-chrome
yt-dlp
mpv
gnumake
stremio
kubernetes-helm
opentofu
kubeseal
openssl
xclip
resticprofile
gnupg
awscli2
kor
exiftool
jetbrains-toolbox
chiaki-ng
gnome-themes-extra
tela-circle-icon-theme
hmcl
rose-pine-gtk-theme
rose-pine-icon-theme
rose-pine-cursor
vlc
unrar-wrapper
atkinson-hyperlegible
libreoffice-qt
hunspell
hunspellDicts.es_ES
hunspellDicts.en_US
sqlite-interactive
ffmpeg
filezilla
lrcget
picard
gimp
yq
qbittorrent
p7zip
ansible
k3sup
gamemode
lm_sensors
appimage-run
coder
xcolor
signal-desktop
element-desktop
pavucontrol
samrewritten
audacity
mullvad-browser
mullvad-vpn
limo
]

1
nix/packages.nix
View file

@ -117,4 +117,5 @@ pkgs: with pkgs; [
nexusmods-app
cargo
rustc
samrewritten
]