helvetica/puter
1
0
Fork 0
Code Activity

stuff

Browse source
This commit is contained in:
Lukas Wurzinger 2025-05-30 22:59:10 +02:00
parent 5a65308798
commit ed3b006970
No known key found for this signature in database
7 changed files with 179 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

3
common/boot.nix
View file

@ -1,4 +1,5 @@
{config, inputs, ...}: {
{ config, inputs, ... }:
{
imports = [
inputs.lanzaboote.nixosModules.lanzaboote
];

3
common/git.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
programs.git = {
enable = true;
lfs.enable = true;

3
common/nini.nix
View file

@ -1,4 +1,5 @@
{inputs, ...}: {
{ inputs, ... }:
{
imports = [
inputs.nini.nixosModules.default
];

28
common/secure-boot.nix
View file

@ -1,12 +1,24 @@
{self, attrName, config, lib, pkgs, ...}: let
{
self,
attrName,
config,
lib,
pkgs,
...
}:
let
inherit (config.age) secrets;
in{
in
{
age.secrets.secure-boot.file = self + /secrets/secure-boot/${attrName}.tar.age;
system.activationScripts.secureboot = let
target = config.boot.lanzaboote.pkiBundle;
in ''
mkdir --parents ${target}
${lib.getExe pkgs.gnutar} --extract --file ${secrets.secure-boot.path} --directory ${target}
'';
system.activationScripts.secureboot =
let
target = config.boot.lanzaboote.pkiBundle;
in
''
rm --recursive --force -- ${lib.escapeShellArg target}
mkdir --parents -- ${lib.escapeShellArg target}
${lib.getExe pkgs.gnutar} --extract --file ${lib.escapeShellArg secrets.secure-boot.path} --directory ${lib.escapeShellArg target}
'';
}

117
flake.lock generated
View file

@ -75,6 +75,22 @@
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1733328505,
@ -90,7 +106,7 @@
"type": "github"
}
},
"flake-compat_3": {
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1746162366,
@ -258,6 +274,27 @@
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"lanzaboote",
@ -281,11 +318,11 @@
},
"hardware": {
"locked": {
"lastModified": 1747900541,
"narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=",
"lastModified": 1748634340,
"narHash": "sha256-pZH4bqbOd8S+si6UcfjHovWDiWKiIGRNRMpmRWaDIms=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06",
"rev": "daa628a725ab4948e0e2b795e8fb6f4c3e289a7a",
"type": "github"
},
"original": {
@ -315,6 +352,28 @@
"type": "github"
}
},
"hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1747372754,
"narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"hxwrap": {
"inputs": {
"flake-parts": "flake-parts_3",
@ -337,7 +396,7 @@
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_4",
"nixpkgs": [
"nixpkgs"
@ -440,17 +499,17 @@
},
"nixos-cosmic": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_4",
"nixpkgs": "nixpkgs_8",
"nixpkgs-stable": "nixpkgs-stable_2",
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1748257750,
"narHash": "sha256-5iRpCgegBUj2W8GsZrfsNLvE4mjktyIsZkBbGpJe2wU=",
"lastModified": 1748529102,
"narHash": "sha256-dAtr4HDDc8/0vGTIZZpMLp8n8nnQoCmdGsfGmKsUHBg=",
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"rev": "c4d2bbbe3675a47c1e24b88f61f54b2eb3cece9d",
"rev": "dc645ec3b4d852f71b3cbcc666aaa44dffbb8315",
"type": "github"
},
"original": {
@ -695,11 +754,11 @@
},
"nixpkgs_8": {
"locked": {
"lastModified": 1748026106,
"narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=",
"lastModified": 1748370509,
"narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "063f43f2dbdef86376cc29ad646c45c46e93234c",
"rev": "4faa5f5321320e49a78ae7848582f684d64783e9",
"type": "github"
},
"original": {
@ -711,7 +770,7 @@
},
"phps": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_3",
"nixpkgs": "nixpkgs_6",
"utils": "utils"
},
@ -735,7 +794,7 @@
"lanzaboote",
"flake-compat"
],
"gitignore": "gitignore",
"gitignore": "gitignore_2",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
@ -812,6 +871,7 @@
"flake-parts": "flake-parts",
"forgesync": "forgesync",
"hardware": "hardware",
"hooks": "hooks",
"hxwrap": "hxwrap",
"lanzaboote": "lanzaboote",
"musicomp": "musicomp",
@ -822,7 +882,8 @@
"nixpkgs": [
"nixos-cosmic",
"nixpkgs"
]
],
"treefmt": "treefmt"
}
},
"rust-overlay": {
@ -854,11 +915,11 @@
]
},
"locked": {
"lastModified": 1748227081,
"narHash": "sha256-RLnN7LBxhEdCJ6+rIL9sbhjBVDaR6jG377M/CLP/fmE=",
"lastModified": 1748486227,
"narHash": "sha256-veMuFa9cq/XgUXp1S57oC8K0TIw3XyZWL2jIyGWlW0c=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "1cbe817fd8c64a9f77ba4d7861a4839b0b15983e",
"rev": "4bf1892eb81113e868efe67982b64f1da15c8c5a",
"type": "github"
},
"original": {
@ -897,6 +958,26 @@
"type": "github"
}
},
"treefmt": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1748243702,
"narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_2"

75
flake.nix
View file

@ -4,10 +4,19 @@
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-parts.url = "github:hercules-ci/flake-parts";
hardware.url = "github:NixOS/nixos-hardware";
hooks = {
url = "github:cachix/git-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
treefmt = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix.url = "github:ryantm/agenix";
nixpkgs.follows = "nixos-cosmic/nixpkgs";
hardware.url = "github:NixOS/nixos-hardware";
nixos-cosmic.url = "github:lilyinstarlight/nixos-cosmic";
nixpkgs.follows = "nixos-cosmic/nixpkgs";
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
@ -28,38 +37,54 @@
self,
nixpkgs,
flake-parts,
hooks,
treefmt,
...
}@inputs:
flake-parts.lib.mkFlake { inherit inputs; } {
systems = [
"x86_64-linux"
"aarch64-linux"
imports = [
hooks.flakeModule
treefmt.flakeModule
];
systems = nixpkgs.lib.systems.flakeExposed;
perSystem =
{
config,
pkgs,
inputs',
...
}:
{
treefmt = {
projectRootFile = "flake.nix";
programs.nixfmt = {
enable = true;
package = pkgs.nixfmt-rfc-style;
};
};
pre-commit.settings.hooks = {
treefmt.enable = true;
};
devShells.default = pkgs.mkShellNoCC {
packages = [
inputs'.agenix.packages.default
];
shellHook = ''
${config.pre-commit.installationScript}
'';
};
};
flake = {
lib = nixpkgs.lib.extend (import ./lib.nix);
nixosConfigurations = self.lib.genNixosConfigurations inputs;
};
perSystem =
{
pkgs,
inputs',
lib,
...
}:
{
devShells.default = pkgs.mkShellNoCC {
packages = [
inputs'.agenix.packages.default
];
};
packages = lib.packagesFromDirectoryRecursive {
inherit (pkgs) callPackage newScope;
directory = ./packages;
};
};
};
}

6
hosts/abacus/filebrowser.nix
View file

@ -1,7 +1,9 @@
{config, ...}: let
{ config, ... }:
let
virtualHostName = "filebrowser.helveticanonstandard.net";
cfg = config.services.filebrowser;
in{
in
{
services.filebrowser = {
enable = true;
settings = {