Compare commits
No commits in common. "bcce101cb6c1f0f209b667b2bf0686859e56d7a0" and "5646ad58a7d8e6402f49c87d1d5e008ab72f0b5f" have entirely different histories.
bcce101cb6
...
5646ad58a7
4
.vscode/upgrade.sh
vendored
4
.vscode/upgrade.sh
vendored
|
@ -15,8 +15,8 @@ trap 'handle_error "$BASH_COMMAND"' ERR
|
|||
nix flake update
|
||||
|
||||
# update systems
|
||||
sudo nixos-rebuild switch -L --flake .#silicium
|
||||
nixos-rebuild switch -L --flake .#cesium --target-host cesium
|
||||
sudo nixos-rebuild switch -L --flake .#neodymium
|
||||
nixos-rebuild switch -L --flake .#hydrogen --target-host hydrogen
|
||||
|
||||
# commit and push lock file
|
||||
git add flake.lock
|
||||
|
|
16
flake.lock
16
flake.lock
|
@ -510,21 +510,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"impermanence": {
|
||||
"locked": {
|
||||
"lastModified": 1703656108,
|
||||
"narHash": "sha256-hCSUqdFJKHHbER8Cenf5JRzjMlBjIdwdftGQsO0xoJs=",
|
||||
"owner": "nix-community",
|
||||
"repo": "impermanence",
|
||||
"rev": "033643a45a4a920660ef91caa391fbffb14da466",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "impermanence",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"lanzaboote": {
|
||||
"inputs": {
|
||||
"crane": "crane_2",
|
||||
|
@ -939,7 +924,6 @@
|
|||
"flake-parts": "flake-parts",
|
||||
"home-manager": "home-manager",
|
||||
"hyprland": "hyprland",
|
||||
"impermanence": "impermanence",
|
||||
"lanzaboote": "lanzaboote",
|
||||
"nixos-anywhere": "nixos-anywhere",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
|
|
12
flake.nix
12
flake.nix
|
@ -1,9 +1,10 @@
|
|||
{
|
||||
description = "Laureηt's infrastructure";
|
||||
|
||||
# TODO: rekey les secrets + changer la key de cesium
|
||||
# TODO: luks encrypt cesium (dropbear ?)
|
||||
# TODO: setup disko sur silicium
|
||||
# TODO: rekey les secrets + changer la key de hydrogen
|
||||
# TODO: luks encrypt hydrogen (dropbear ?)
|
||||
# TODO: dégager btfrs de neodymium, ext4 ftw
|
||||
# TODO: setup disko sur neodymium
|
||||
|
||||
inputs = {
|
||||
# core stuff
|
||||
|
@ -53,9 +54,6 @@
|
|||
nixos-hardware = {
|
||||
url = "github:nixos/nixos-hardware";
|
||||
};
|
||||
impermanence = {
|
||||
url = "github:nix-community/impermanence";
|
||||
};
|
||||
|
||||
# home assets
|
||||
wallpaper = {
|
||||
|
@ -79,7 +77,7 @@
|
|||
flake = false;
|
||||
};
|
||||
|
||||
# cesium nginx sites
|
||||
# hydrogen nginx sites
|
||||
resume = {
|
||||
url = "git+https://git.fainsin.bzh/Laurent/resume";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
userEmail = "laurent@fainsin.bzh";
|
||||
signing = {
|
||||
signByDefault = true;
|
||||
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvwXCT99s1EwOCeGQ28jyCAH/RBoLZza9k5I7wWdEu laurent@silicium";
|
||||
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvwXCT99s1EwOCeGQ28jyCAH/RBoLZza9k5I7wWdEu laurent@neodymium";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -4,20 +4,22 @@
|
|||
package = pkgs.vscode;
|
||||
|
||||
extensions = with pkgs.vscode-extensions; [
|
||||
catppuccin.catppuccin-vsc
|
||||
catppuccin.catppuccin-vsc-icons
|
||||
github.copilot
|
||||
github.copilot-chat
|
||||
github.vscode-pull-request-github
|
||||
|
||||
eamodio.gitlens
|
||||
editorconfig.editorconfig
|
||||
github.copilot
|
||||
gitHub.copilot-chat
|
||||
github.vscode-pull-request-github
|
||||
jnoortheen.nix-ide
|
||||
kamadorueda.alejandra
|
||||
mkhl.direnv
|
||||
ms-vsliveshare.vsliveshare
|
||||
seatonjiang.gitmoji-vscode
|
||||
tamasfe.even-better-toml
|
||||
|
||||
yzhang.markdown-all-in-one
|
||||
tamasfe.even-better-toml
|
||||
|
||||
mkhl.direnv
|
||||
jnoortheen.nix-ide
|
||||
|
||||
catppuccin.catppuccin-vsc
|
||||
catppuccin.catppuccin-vsc-icons
|
||||
];
|
||||
userSettings = {
|
||||
"editor.fontFamily" = "'FiraCode Nerd Font Mono', 'Noto Color Emoji'";
|
||||
|
|
|
@ -9,19 +9,14 @@
|
|||
users.laurent = ../home;
|
||||
};
|
||||
in {
|
||||
# naming convention based on the periodic table
|
||||
# NAS would be neodymium
|
||||
# desktop would be neon
|
||||
# smartphone would be lithium
|
||||
|
||||
# personal laptop
|
||||
silicium = nixpkgs.lib.nixosSystem {
|
||||
# neodymium laptop
|
||||
neodymium = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = {
|
||||
inherit inputs;
|
||||
};
|
||||
modules = [
|
||||
./silicium
|
||||
./neodymium
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
inputs.agenix.nixosModules.default
|
||||
inputs.lanzaboote.nixosModules.lanzaboote
|
||||
|
@ -33,34 +28,15 @@ in {
|
|||
];
|
||||
};
|
||||
|
||||
# # work laptop
|
||||
# aurum = nixpkgs.lib.nixosSystem {
|
||||
# system = "x86_64-linux";
|
||||
# specialArgs = {
|
||||
# inherit inputs;
|
||||
# };
|
||||
# modules = [
|
||||
# ./aurum
|
||||
# inputs.home-manager.nixosModules.home-manager
|
||||
# inputs.agenix.nixosModules.default
|
||||
# # inputs.lanzaboote.nixosModules.lanzaboote
|
||||
# # inputs.nixos-hardware.nixosModules.common-cpu-amd
|
||||
# # inputs.nixos-hardware.nixosModules.common-gpu-nvidia-disable
|
||||
# # inputs.nixos-hardware.nixosModules.common-pc-laptop
|
||||
# # inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
|
||||
# {inherit home-manager;}
|
||||
# ];
|
||||
# };
|
||||
|
||||
# vps
|
||||
cesium = nixpkgs.lib.nixosSystem rec {
|
||||
# hydrogen vps
|
||||
hydrogen = nixpkgs.lib.nixosSystem rec {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = {
|
||||
inherit inputs;
|
||||
inherit system;
|
||||
};
|
||||
modules = [
|
||||
./cesium
|
||||
./hydrogen
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
inputs.disko.nixosModules.default
|
||||
inputs.agenix.nixosModules.default
|
||||
|
|
|
@ -8,9 +8,7 @@
|
|||
system.stateVersion = "23.05"; # Did you read the comment?
|
||||
|
||||
imports = [
|
||||
# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/installer/scan/not-detected.nix
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/qemu-guest.nix
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
|
||||
./boot
|
|
@ -1,7 +1,7 @@
|
|||
{...}: {
|
||||
networking = {
|
||||
# the name of the machine
|
||||
hostName = "cesium";
|
||||
hostName = "hydrogen";
|
||||
|
||||
# the domain used for the machine
|
||||
domain = "fainsin.bzh";
|
|
@ -41,6 +41,6 @@
|
|||
passCommand = "cat ${config.age.secrets.borgbackup.path}";
|
||||
};
|
||||
compression = "auto,zstd";
|
||||
startAt = "12:00";
|
||||
startAt = "daily";
|
||||
};
|
||||
}
|
|
@ -1,7 +1,7 @@
|
|||
{...}: {
|
||||
networking = {
|
||||
# the name of the machine
|
||||
hostName = "silicium";
|
||||
hostName = "neodymium";
|
||||
|
||||
# domain name servers, use clouflare family
|
||||
nameservers = ["1.1.1.2" "1.0.0.2"];
|
|
@ -18,13 +18,13 @@
|
|||
nix.settings.auto-optimise-store = true;
|
||||
nix.optimise = {
|
||||
automatic = true;
|
||||
dates = "12:00";
|
||||
dates = "daily";
|
||||
};
|
||||
|
||||
# garbage collection
|
||||
nix.gc = {
|
||||
automatic = true;
|
||||
dates = "12:00";
|
||||
dates = "daily";
|
||||
options = "--delete-older-than 30d";
|
||||
};
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
let
|
||||
silicium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvwXCT99s1EwOCeGQ28jyCAH/RBoLZza9k5I7wWdEu laurent@silicium";
|
||||
cesium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxh42mMYqftTU7WtfktZbkdMI07VuH7mhUv3m2Ca3fV root@cesium";
|
||||
neodymium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvwXCT99s1EwOCeGQ28jyCAH/RBoLZza9k5I7wWdEu laurent@neodymium";
|
||||
hydrogen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxh42mMYqftTU7WtfktZbkdMI07VuH7mhUv3m2Ca3fV root@hydrogen";
|
||||
in {
|
||||
"borgbackup.age".publicKeys = [silicium];
|
||||
"gitea.age".publicKeys = [silicium cesium];
|
||||
"borgbackup.age".publicKeys = [neodymium];
|
||||
"gitea.age".publicKeys = [neodymium hydrogen];
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue