diff --git a/features/base.nix b/features/base.nix index 137f6ae..745be01 100644 --- a/features/base.nix +++ b/features/base.nix @@ -1,6 +1,5 @@ { pkgs, ... }: { users.mutableUsers = false; - nixpkgs.config.allowUnfree = true; networking.wireless.enable = false; # For some reason this is needed all of the time diff --git a/flake.lock b/flake.lock index 1569b3a..a7e03e4 100644 --- a/flake.lock +++ b/flake.lock @@ -2,7 +2,9 @@ "nodes": { "disko": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1736864502, @@ -14,7 +16,7 @@ }, "original": { "owner": "nix-community", - "ref": "v1.11.0", + "ref": "latest", "repo": "disko", "type": "github" } @@ -133,17 +135,17 @@ "mlaga97-home-manager": { "inputs": { "home-manager": "home-manager_2", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable" }, "locked": { "lastModified": 1, - "narHash": "sha256-oKpqiYEEMrno6/Cx7kk3FSIeshwyhmm29jppwTEcbMY=", - "path": "/nix/store/4nfp193ifb272bqfln8bwi788vkqs0p5-source/modules/mlaga97-home-manager", + "narHash": "sha256-pYpD+mKj2FS//91FsFc7YfemYBNLrFwXev9v3Q4JUEo=", + "path": "/nix/store/rm2bwhpxralxzakij7s6mcgbhcn9a5gx-source/modules/mlaga97-home-manager", "type": "path" }, "original": { - "path": "/nix/store/4nfp193ifb272bqfln8bwi788vkqs0p5-source/modules/mlaga97-home-manager", + "path": "/nix/store/rm2bwhpxralxzakij7s6mcgbhcn9a5gx-source/modules/mlaga97-home-manager", "type": "path" } }, @@ -186,16 +188,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736241350, - "narHash": "sha256-CHd7yhaDigUuJyDeX0SADbTM9FXfiWaeNyY34FL1wQU=", + "lastModified": 1741332913, + "narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8c9fd3e564728e90829ee7dbac6edc972971cd0f", + "rev": "20755fa05115c84be00b04690630cb38f0a203ad", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } @@ -233,22 +235,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1741332913, - "narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "20755fa05115c84be00b04690630cb38f0a203ad", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1735531152, "narHash": "sha256-As8I+ebItDKtboWgDXYZSIjGlKeqiLBvjxsQHUmAf1Q=", @@ -264,7 +250,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1, "narHash": "sha256-QJFvxzBCZHVjWApIe4KaxC3gRd5d1QgDT3xJNetMwVE=", @@ -283,7 +269,7 @@ "lix-module": "lix-module", "mlaga97-home-manager": "mlaga97-home-manager", "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable_2", "waveforms": "waveforms" } @@ -305,7 +291,7 @@ }, "waveforms": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1722915115, diff --git a/flake.nix b/flake.nix index cd12ab4..5f61b54 100644 --- a/flake.nix +++ b/flake.nix @@ -27,8 +27,9 @@ lix-module.url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"; lix-module.inputs.nixpkgs.follows = "nixpkgs"; - # Installers - disko.url = "github:nix-community/disko/v1.11.0"; + disko.url = "github:nix-community/disko/latest"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + nixos-generators.url = "github:nix-community/nixos-generators/7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565"; nixos-generators.inputs.nixpkgs.follows = "nixpkgs"; @@ -48,7 +49,10 @@ locale = "en_US.UTF-8"; stateVersion = "24.11"; - pkgs = import nixpkgs {inherit system; }; + pkgs = import nixpkgs { + inherit system; + config.allowUnfree = true; + }; pkgs-unstable = import nixpkgs-unstable { inherit system; config.allowUnfree = true; @@ -73,14 +77,17 @@ }]; # TODO: Surely a better way, no? - inherited_modules = [ + inherited_modules_lite = [ { time.timeZone = timezone; system.stateVersion = stateVersion; } - lix-module.nixosModules.default home-manager.nixosModules.home-manager + ]; + + inherited_modules = inherited_modules_lite ++ [ + lix-module.nixosModules.default waveforms.nixosModule disko.nixosModules.default ]; @@ -130,7 +137,7 @@ modules = iso_modules ++ [ { networking.hostName = "ll-nixos-base"; - home-manager.users."lauren_lagarde" = { config, ... }: { + home-manager.users."lauren_lagarde" = { config, pkgs-unstable, ... }: { imports = inputs.mlaga97-home-manager.homeManagerModules."lauren_lagarde@ll-latitude-e5591"; }; } @@ -204,6 +211,15 @@ ] ++ inherited_modules; specialArgs = { inherit inputs pkgs-unstable; }; }; + + outpost-sdcard = nixos-generators.nixosGenerate { + system = "aarch64-linux"; + format = "sd-aarch64"; + modules = pi_modules ++ [ + ./systems/outpost.nix + ] ++ inherited_modules_lite; + specialArgs = { inherit inputs pkgs-unstable; }; + }; }; packages.x86_64-linux = { @@ -220,7 +236,8 @@ modules = iso_modules ++ [ { networking.hostName = "ll-nixos"; - home-manager.users."lauren_lagarde" = { config, ... }: { + home-manager.users."lauren_lagarde" = { + nixpkgs.config.allowUnfree = true; imports = inputs.mlaga97-home-manager.homeManagerModules."lauren_lagarde@ll-latitude-e5591"; }; } @@ -238,6 +255,7 @@ { networking.hostName = "ll-nixos"; home-manager.users."lauren_lagarde" = { config, ... }: { + nixpkgs.config.allowUnfree = true; imports = inputs.mlaga97-home-manager.homeManagerModules."lauren_lagarde@ll-latitude-e5591"; }; } diff --git a/secrets.tar.zst.gpg b/secrets.tar.zst.gpg index b2801d8..128020f 100644 Binary files a/secrets.tar.zst.gpg and b/secrets.tar.zst.gpg differ diff --git a/systems/outpost.nix b/systems/outpost.nix new file mode 100644 index 0000000..1d0eb3d --- /dev/null +++ b/systems/outpost.nix @@ -0,0 +1,80 @@ +{ pkgs, ... }: { + networking.hostName = "outpost"; + networking.hostId = "373a7023"; + + imports = [ + # Base Config + ../features/base.nix + ../features/headless.nix + + # Features + ../features/tui-apps.nix + ../features/openssh-server.nix + ../features/virtualization/dockge.nix + ../features/virtualization/docker.nix + + # Tweaks + ../tweaks/zfs.nix + ../tweaks/zram.nix + ../tweaks/enable_flakes.nix + ../tweaks/disable_firewall.nix + ../tweaks/systemd-resolved_nonsense.nix + + # Dotspace + ../secrets/dotspace.nix + + # Users + ../users/lauren_lagarde/lauren_lagarde.nix + ]; + + ############################################################################## + ############################################################################## + ############################################################################## + # Networking + + networking.useNetworkd = true; + + systemd.network = { + enable = true; + networks = { + "30-end0" = { + matchConfig.Name = "end0"; + linkConfig = { + RequiredForOnline = "routable"; + }; + networkConfig = { + DHCP = "ipv4"; + IPv6AcceptRA = true; + }; + }; + + "90-tinc" = { + matchConfig.Name = "tinc.dotspace"; + address = [ "10.86.84.106/32" ]; + routes = [ { Destination = "10.86.84.0/24"; } ]; + }; + }; + }; + + services.tinc.networks.dotspace = { + name = "outpost"; + ed25519PrivateKeyFile = "/root/tinc/dotspace_ed25519_key.priv"; + + chroot = false; + settings.ConnectTo = [ "fortress" "stronghold" ]; + }; + + ############################################################################## + ############################################################################## + ############################################################################## + # Services + + # TODO: Put scripts into version control + services.cron = { + enable = true; + mailto = ""; + systemCronJobs = [ + "* * * * * lauren_lagarde /home/lauren_lagarde/bin/PublishStats > /dev/null" + ]; + }; +}