From 0cd4b2ae6d04b78c08389c10999fdb79481377d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20R=C3=B6ger?= Date: Sun, 4 May 2025 01:53:35 +0200 Subject: [PATCH] add monolith draft --- .sops.yaml | 8 ++ home/jonas@monolith.nix | 20 +++-- hosts/monolith/configuration.nix | 141 ++++++++++++++++++------------- 3 files changed, 100 insertions(+), 69 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index b5e858b..4cbeda0 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -2,6 +2,7 @@ keys: - &jonas age1expg8vyduf290pz7l4f3mjzvk9f0azfdn48pyjzs3m6p7v4qjq0qwtn36z - &harbor age1wf0rq27v0n27zfy0es8ns3n25e2fdt063dgn68tt3f89rgrtu9csq4yhsp - &comfy-station age1xkmnvzus6fhundn4c0f6hyuwrj0f0m7x3hxtuhnez6cecr6m032qalw308 + - &monolith age1clh2c489j7mx94aqr44u6k2cx5axqme9rlshqu9l2mcynluwhq6qwn0sv0 creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ key_groups: @@ -9,6 +10,7 @@ creation_rules: - *jonas - *harbor - *comfy-station + - *monolith - path_regex: secrets/jonas/[^/]+\.(yaml|json|env|ini)$ key_groups: @@ -26,3 +28,9 @@ creation_rules: - age: - *harbor - *jonas + + - path_regex: secrets/monolith/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - age: + - *monolith + - *jonas diff --git a/home/jonas@monolith.nix b/home/jonas@monolith.nix index 39dec2c..a2803bb 100644 --- a/home/jonas@monolith.nix +++ b/home/jonas@monolith.nix @@ -1,8 +1,4 @@ {config, ...}: rec { - imports = [ - ../modules/home/borg.nix - ]; - # Home Manager needs a bit of information about you and the paths it should # manage. home.username = "jonas"; @@ -13,15 +9,21 @@ }; # hive moduless - hive.hyprland.enable = true; - hive.kitty.enable = true; - hive.nextcloud.enable = true; - hive.ranger.enable = true; - hive.zsh.enable = true; hive.doom.enable = true; hive.doom.enableCopilot = true; hive.doom.withNixPkgs = true; hive.doom.withShellPkgs = true; + hive.firefox = { + enable = true; + plasmaIntegration = true; + passFF = true; + }; + hive.kdeconnect.enable = true; + hive.nextcloud.enable = true; + hive.ranger.enable = true; + hive.themes.layan.enable = true; + hive.yubikey.enable = true; + hive.zsh.enable = true; # Make session variables available in systemd units # SEE: https://github.com/nix-community/home-manager/pull/5543 diff --git a/hosts/monolith/configuration.nix b/hosts/monolith/configuration.nix index 968f9c9..53c9220 100644 --- a/hosts/monolith/configuration.nix +++ b/hosts/monolith/configuration.nix @@ -5,25 +5,89 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix - ../../modules/bin/nix-scripts.nix - ../../modules/desktop/de - ../../modules/desktop/dm - ../../modules/desktop/fonts - ../../modules/hardware/bluetooth.nix - ../../modules/hardware/printing.nix - ../../modules/hardware/sound.nix - ../../modules/hardware/yubikey.nix - ../../modules/networking/wireguard - ../../modules/programs.nix - ../../modules/services/virt-manager.nix ]; # Secret management - # sops.age.keyFile = "/var/lib/sops-nix/key.txt"; + sops.age.keyFile = "/var/lib/sops-nix/key.txt"; - services.virt-manager.enable = true; - services.virt-manager.forUsers = ["jonas"]; + # Users + users.users.jonas = { + isNormalUser = true; + description = "Jonas"; + extraGroups = ["networkmanager" "wheel" "docker" "dialout"]; + }; + users.defaultUserShell = pkgs.zsh; + programs.zsh.enable = true; + # hive modules + hive.nix-scripts.enable = true; + hive.displayManager.name = "sddm"; + hive.plasma.enable = true; + hive.kwallet.enable = true; + hive.kwallet.forUsers = ["jonas"]; + hive.virt-manager.enable = true; + hive.virt-manager.forUsers = ["jonas"]; + hive.bluetooth.enable = true; + hive.sound.enable = true; + hive.yubikey.enable = true; + + # system packages + environment.systemPackages = with pkgs; [ + age + alejandra + arduino + borgbackup + borgmatic + chromium + discord + docker + docker-compose + drawio + feh + ffmpeg + firefox + gimp + git + insomnia + krita + libreoffice + lutris + mosquitto + mpv + mupdf + nh + nix-index + nix-output-monitor + obsidian + openhantek6022 + qalculate-qt + qtpass + ranger + sops + spotify + vim + vlc + vscode + wget + zoom + zotero + ]; + nixpkgs.config.permittedInsecurePackages = [ + "electron-25.9.0" # required by obsidian + ]; + programs.steam.enable = true; + services.udev.packages = [pkgs.openhantek6022]; + virtualisation.docker.enable = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.11"; # Did you read the comment? + + # gc settings nix = { settings = { experimental-features = ["nix-command" "flakes"]; @@ -36,46 +100,6 @@ }; }; - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.jonas = { - isNormalUser = true; - description = "Jonas"; - extraGroups = ["networkmanager" "wheel" "docker" "dialout"]; - }; - users.defaultUserShell = pkgs.zsh; - - programs.zsh.enable = true; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.11"; # Did you read the comment? - # boot boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; @@ -91,7 +115,6 @@ # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; - i18n.extraLocaleSettings = { LC_ADDRESS = "de_DE.UTF-8"; LC_IDENTIFICATION = "de_DE.UTF-8"; @@ -105,15 +128,13 @@ }; networking.hostName = "monolith"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Enable networking networking.networkmanager.enable = true; + # printing + services.printing.enable = true; + # ld-fix programs.nix-ld.enable = true; programs.nix-ld.libraries = [