✏️ "silicon" -> "silicium"

+ add `kamadorueda.alejandra`

.vscode/upgrade.sh

@@ -15,8 +15,8 @@ trap 'handle_error "$BASH_COMMAND"' ERR
 nix flake update
 
 # update systems
-sudo nixos-rebuild switch -L --flake .#neodymium
+sudo nixos-rebuild switch -L --flake .#silicium
-nixos-rebuild switch -L --flake .#hydrogen --target-host hydrogen
+nixos-rebuild switch -L --flake .#cesium --target-host cesium
 
 # commit and push lock file
 git add flake.lock

flake.lock

@@ -510,6 +510,21 @@
         "type": "github"
       }
     },
+    "impermanence": {
+      "locked": {
+        "lastModified": 1703656108,
+        "narHash": "sha256-hCSUqdFJKHHbER8Cenf5JRzjMlBjIdwdftGQsO0xoJs=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "033643a45a4a920660ef91caa391fbffb14da466",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
     "lanzaboote": {
       "inputs": {
         "crane": "crane_2",
@@ -924,6 +939,7 @@
         "flake-parts": "flake-parts",
         "home-manager": "home-manager",
         "hyprland": "hyprland",
+        "impermanence": "impermanence",
         "lanzaboote": "lanzaboote",
         "nixos-anywhere": "nixos-anywhere",
         "nixos-hardware": "nixos-hardware",

flake.nix

@@ -1,10 +1,9 @@
 {
   description = "Laureηt's infrastructure";
 
-  # TODO: rekey les secrets + changer la key de hydrogen
+  # TODO: rekey les secrets + changer la key de cesium
-  # TODO: luks encrypt hydrogen (dropbear ?)
+  # TODO: luks encrypt cesium (dropbear ?)
-  # TODO: dégager btfrs de neodymium, ext4 ftw
+  # TODO: setup disko sur silicium
-  # TODO: setup disko sur neodymium
 
   inputs = {
     # core stuff
@@ -54,6 +53,9 @@
     nixos-hardware = {
       url = "github:nixos/nixos-hardware";
     };
+    impermanence = {
+      url = "github:nix-community/impermanence";
+    };
 
     # home assets
     wallpaper = {
@@ -77,7 +79,7 @@
       flake = false;
     };
 
-    # hydrogen nginx sites
+    # cesium nginx sites
     resume = {
       url = "git+https://git.fainsin.bzh/Laurent/resume";
       inputs.nixpkgs.follows = "nixpkgs";

home/shell/git.nix

@@ -6,7 +6,7 @@
     userEmail = "laurent@fainsin.bzh";
     signing = {
       signByDefault = true;
-      key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvwXCT99s1EwOCeGQ28jyCAH/RBoLZza9k5I7wWdEu laurent@neodymium";
+      key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvwXCT99s1EwOCeGQ28jyCAH/RBoLZza9k5I7wWdEu laurent@silicium";
     };
   };
 }

home/vscode/default.nix

@@ -4,22 +4,20 @@
     package = pkgs.vscode;
 
     extensions = with pkgs.vscode-extensions; [
-      github.copilot
-      github.copilot-chat
-      github.vscode-pull-request-github
-
-      eamodio.gitlens
-      editorconfig.editorconfig
-      ms-vsliveshare.vsliveshare
-
-      yzhang.markdown-all-in-one
-      tamasfe.even-better-toml
-
-      mkhl.direnv
-      jnoortheen.nix-ide
-
       catppuccin.catppuccin-vsc
       catppuccin.catppuccin-vsc-icons
+      eamodio.gitlens
+      editorconfig.editorconfig
+      github.copilot
+      gitHub.copilot-chat
+      github.vscode-pull-request-github
+      jnoortheen.nix-ide
+      kamadorueda.alejandra
+      mkhl.direnv
+      ms-vsliveshare.vsliveshare
+      seatonjiang.gitmoji-vscode
+      tamasfe.even-better-toml
+      yzhang.markdown-all-in-one
     ];
     userSettings = {
       "editor.fontFamily" = "'FiraCode Nerd Font Mono', 'Noto Color Emoji'";

hosts/cesium/system/default.nix

@@ -8,7 +8,9 @@
   system.stateVersion = "23.05"; # Did you read the comment?
 
   imports = [
+    # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/installer/scan/not-detected.nix
     (modulesPath + "/installer/scan/not-detected.nix")
+    # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/qemu-guest.nix
     (modulesPath + "/profiles/qemu-guest.nix")
 
     ./boot

hosts/cesium/system/networking/default.nix

@@ -1,7 +1,7 @@
 {...}: {
   networking = {
     # the name of the machine
-    hostName = "hydrogen";
+    hostName = "cesium";
 
     # the domain used for the machine
     domain = "fainsin.bzh";

hosts/default.nix

@@ -9,14 +9,19 @@
     users.laurent = ../home;
   };
 in {
-  # neodymium laptop
+  # naming convention based on the periodic table
-  neodymium = nixpkgs.lib.nixosSystem {
+  # NAS would be neodymium
+  # desktop would be neon
+  # smartphone would be lithium
+
+  # personal laptop
+  silicium = nixpkgs.lib.nixosSystem {
     system = "x86_64-linux";
     specialArgs = {
       inherit inputs;
     };
     modules = [
-      ./neodymium
+      ./silicium
       inputs.home-manager.nixosModules.home-manager
       inputs.agenix.nixosModules.default
       inputs.lanzaboote.nixosModules.lanzaboote
@@ -28,15 +33,34 @@ in {
     ];
   };
 
-  # hydrogen vps
+  # # work laptop
-  hydrogen = nixpkgs.lib.nixosSystem rec {
+  # aurum = nixpkgs.lib.nixosSystem {
+  #   system = "x86_64-linux";
+  #   specialArgs = {
+  #     inherit inputs;
+  #   };
+  #   modules = [
+  #     ./aurum
+  #     inputs.home-manager.nixosModules.home-manager
+  #     inputs.agenix.nixosModules.default
+  #     # inputs.lanzaboote.nixosModules.lanzaboote
+  #     # inputs.nixos-hardware.nixosModules.common-cpu-amd
+  #     # inputs.nixos-hardware.nixosModules.common-gpu-nvidia-disable
+  #     # inputs.nixos-hardware.nixosModules.common-pc-laptop
+  #     # inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
+  #     {inherit home-manager;}
+  #   ];
+  # };
+
+  # vps
+  cesium = nixpkgs.lib.nixosSystem rec {
     system = "x86_64-linux";
     specialArgs = {
       inherit inputs;
       inherit system;
     };
     modules = [
-      ./hydrogen
+      ./cesium
       inputs.home-manager.nixosModules.home-manager
       inputs.disko.nixosModules.default
       inputs.agenix.nixosModules.default

hosts/silicium/services/borgbackup/default.nix

@@ -41,6 +41,6 @@
       passCommand = "cat ${config.age.secrets.borgbackup.path}";
     };
     compression = "auto,zstd";
-    startAt = "daily";
+    startAt = "12:00";
   };
 }

hosts/silicium/system/networking/default.nix

@@ -1,7 +1,7 @@
 {...}: {
   networking = {
     # the name of the machine
-    hostName = "neodymium";
+    hostName = "silicium";
 
     # domain name servers, use clouflare family
     nameservers = ["1.1.1.2" "1.0.0.2"];

hosts/silicium/system/nix/default.nix

@@ -18,13 +18,13 @@
   nix.settings.auto-optimise-store = true;
   nix.optimise = {
     automatic = true;
-    dates = "daily";
+    dates = "12:00";
   };
 
   # garbage collection
   nix.gc = {
     automatic = true;
-    dates = "daily";
+    dates = "12:00";
     options = "--delete-older-than 30d";
   };
 

secrets/secrets.nix

@@ -1,7 +1,7 @@
 let
-  neodymium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvwXCT99s1EwOCeGQ28jyCAH/RBoLZza9k5I7wWdEu laurent@neodymium";
+  silicium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvwXCT99s1EwOCeGQ28jyCAH/RBoLZza9k5I7wWdEu laurent@silicium";
-  hydrogen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxh42mMYqftTU7WtfktZbkdMI07VuH7mhUv3m2Ca3fV root@hydrogen";
+  cesium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxh42mMYqftTU7WtfktZbkdMI07VuH7mhUv3m2Ca3fV root@cesium";
 in {
-  "borgbackup.age".publicKeys = [neodymium];
+  "borgbackup.age".publicKeys = [silicium];
-  "gitea.age".publicKeys = [neodymium hydrogen];
+  "gitea.age".publicKeys = [silicium cesium];
 }