diff --git a/flake.nix b/flake.nix index fbdbcb2..048a526 100644 --- a/flake.nix +++ b/flake.nix @@ -154,6 +154,26 @@ ] "izanagi"; + ### + # Proxmox CI/CD + ### + amaterasu-minimal = mkComputer + ./machines/amaterasu/minimal + [] + "amaterasu"; + amaterasu = mkComputer + ./machines/amaterasu/main + [ + sops-nix.nixosModules.sops + + # Applications + inputs.copyparty.nixosModules.default + inputs.vscode-server.nixosModules.default + + ./modules + ] + "amaterasu"; + ### # Omen Laptop ### diff --git a/machines/amaterasu/disko-config.nix b/machines/amaterasu/disko-config.nix new file mode 100644 index 0000000..555ad52 --- /dev/null +++ b/machines/amaterasu/disko-config.nix @@ -0,0 +1,57 @@ +{ config, lib, pkgs, username, ... }: + +{ + disko.devices = { + disk = { + main = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; # Override existing partition + # Subvolumes must set a mountpoint in order to be mounted, + # unless their parent is mounted + subvolumes = { + # Subvolume name is different from mountpoint + "/rootfs" = { + mountpoint = "/"; + }; + # Subvolume name is the same as the mountpoint + "/home" = { + mountOptions = [ "compress=zstd" ]; + mountpoint = "/home"; + }; + # Sub(sub)volume doesn't need a mountpoint as its parent is mounted + "/home/${username}" = { }; + "/nix" = { + mountOptions = [ + "compress=zstd" + "noatime" + ]; + mountpoint = "/nix"; + }; + }; + + mountpoint = "/partition-root"; + swap = { + swapfile = { + size = "8G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/machines/amaterasu/hardware-configuration.nix b/machines/amaterasu/hardware-configuration.nix new file mode 100644 index 0000000..c760612 --- /dev/null +++ b/machines/amaterasu/hardware-configuration.nix @@ -0,0 +1,28 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # fileSystems."/" = + # { device = "/dev/disk/by-uuid/301d5990-7186-4a90-94aa-997044007358"; + # fsType = "ext4"; + # }; + + # swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/machines/amaterasu/main/.sops.yaml b/machines/amaterasu/main/.sops.yaml new file mode 100644 index 0000000..9d8d82b --- /dev/null +++ b/machines/amaterasu/main/.sops.yaml @@ -0,0 +1,9 @@ +keys: + - &primary age19wvqtn4ju6k4vs8fxr34unl6xx4cv04jw0lx9ps20xlde927zfssgl4qke + - &amaterasu age13mu9pxlnmmeexwpkyqs4g9kgmyv8dfe5udzlk0dn6j3u8ad7necqm7rsq8 +creation_rules: + - path_regex: secrets/secrets.yaml$ + key_groups: + - age: + - *primary + - *amaterasu diff --git a/machines/amaterasu/main/default.nix b/machines/amaterasu/main/default.nix new file mode 100644 index 0000000..3d835ff --- /dev/null +++ b/machines/amaterasu/main/default.nix @@ -0,0 +1,132 @@ +{ config, pkgs, extraHomeModules, inputs, lib, username, ... }: + +let + flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; +in { + imports = + [ + ../../minimal.nix + + ../hardware-configuration.nix + ../disko-config.nix + ./sops.nix + ]; + + nixpkgs = { + # You can add overlays here + overlays = [ + ]; + # Configure your nixpkgs instance + config = { + # Disable if you don't want unfree packages + allowUnfree = true; + }; + }; + + nix = { + settings = { + # Enable flakes and new 'nix' command + experimental-features = "nix-command flakes"; + # Opinionated: disable global registry + flake-registry = ""; + # Workaround for https://github.com/NixOS/nix/issues/9574 + nix-path = config.nix.nixPath; + + # Allow user to reubild nixos without sudo + trusted-users = [ "root" username ]; + }; + # Opinionated: disable channels + channel.enable = false; + + # Opinionated: make flake registry and nix path match flake inputs + registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs; + nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; + }; + + # Bootloader. + boot.loader.grub.enable = true; + boot.loader.grub.useOSProber = true; + + networking.hostName = username; + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "Europe/Warsaw"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_GB.UTF-8"; + LC_IDENTIFICATION = "en_GB.UTF-8"; + LC_MEASUREMENT = "en_GB.UTF-8"; + LC_MONETARY = "en_GB.UTF-8"; + LC_NAME = "en_GB.UTF-8"; + LC_NUMERIC = "en_GB.UTF-8"; + LC_PAPER = "en_GB.UTF-8"; + LC_TELEPHONE = "en_GB.UTF-8"; + LC_TIME = "en_GB.UTF-8"; + }; + + security.rtkit.enable = true; + + users.users.${username} = { + isNormalUser = true; + description = "NixOS Proxmox Builder"; + hashedPassword = "$6$00vM.zXgahhw6KQO$BpCilKSdUNDlIaOlGrWJAdzh7KCIYoW3uoC1VV9I0eaJyui7J0Yv6BCajGwrn0JwrgWmvOfEMPeyGs4/wWD9q."; + extraGroups = [ "networkmanager" "wheel" ]; + packages = with pkgs; [ + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBcGhVpjmWEw1GEw0y/ysJPa2v3+u/Rt/iES/Se2huH2 alexander0derevianko@gmail.com" + # Nix config builder + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID4PqgSP0tIDsHyVNKAYGsYfDsJA2TqI3V0006uihXmI izanagi@izanagi" + ]; + }; + + environment.systemPackages = with pkgs; [ + vim + wget + ripgrep + ]; + + services.openssh = { + enable = true; + settings = { + # Opinionated: forbid root login through SSH. + PermitRootLogin = "no"; + # Opinionated: use keys only. + # Remove if you want to SSH using passwords + PasswordAuthentication = false; + }; + }; + + programs = { + zsh.enable = true; + }; + + ### + # Home Manger configuration + ### + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + backupFileExtension = "backup"; + extraSpecialArgs = { inherit inputs username; }; + + users."${username}" = { + imports = [ + ./home.nix + ] ++ extraHomeModules; + }; + }; + + ### + # My Services + ### + dov = { + }; + + # DO NOT CHANGE AT ANY POINT! + system.stateVersion = "25.05"; +} diff --git a/machines/amaterasu/main/home.nix b/machines/amaterasu/main/home.nix new file mode 100644 index 0000000..7c8b001 --- /dev/null +++ b/machines/amaterasu/main/home.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, inputs, extraHomeModules, username, ... }: + +{ + imports = [ + ]; + + + home = { + stateVersion = "25.05"; + username = username; + homeDirectory = "/home/${username}"; + }; + + dov = { + shell = { + zsh = { + enable = true; + shellAliases = { + ll = "eza -al"; + sc = "source $HOME/.zshrc"; + psax = "ps ax | grep"; + cp = "rsync -ah --progress"; + }; + }; + }; + }; + + programs.home-manager.enable = true; + + home.packages = with pkgs; [ + eza + ]; +} diff --git a/machines/amaterasu/main/secrets/secrets.yaml b/machines/amaterasu/main/secrets/secrets.yaml new file mode 100644 index 0000000..54c959b --- /dev/null +++ b/machines/amaterasu/main/secrets/secrets.yaml @@ -0,0 +1,35 @@ +hello: ENC[AES256_GCM,data:dTnxbD69/WCZm+OMX7+ISwtU4cc27avKwYZuWx3Eik3yUgsKpCIjYwvaOB1t5A==,iv:jAVX+epN6cdmwq6DDiGiNs7UwM2pUxvHSE7EBcuA3C8=,tag:aqYZOm7JbI6NIPi1e2ImtA==,type:str] +example_key: ENC[AES256_GCM,data:3PzgE1mdiZRbgT8zrA==,iv:koDyUK9GA86oiH4bp0LLXRRTbNWJwdi6kQxvLKTVIH4=,tag:OBQ9HqMmV2NEbCQmNJkbNQ==,type:str] +#ENC[AES256_GCM,data:eL+kKUBvEiK1qZa4uqyaJw==,iv:ZPRuJtZgjZcQwWyyFaIe6MOGIlBg6n3twF5ppWov1uk=,tag:Ha7Evc51RpqriY1NuYLx6Q==,type:comment] +example_array: + - ENC[AES256_GCM,data:Crb/oG3557p6OnZpzsQ=,iv:7vc5Mv25ywn7SoO01iGv7QzTeEWWFUi6d6f1uB65euI=,tag:Fnw7pJsESeD4zKzxGoS2Sw==,type:str] + - ENC[AES256_GCM,data:aq4QEAO+DA+nfrC2Zuc=,iv:0om7NPM1VTAi8mZ7USX/SAHBIAJ2NCQHbKAo99nTv3s=,tag:DmU72MqQK9MjvWymtiX05w==,type:str] +example_number: ENC[AES256_GCM,data:lCjhlB4Al6OsmA==,iv:8XTRC27xGmmGE8JWByr6JXdy1FoVoZyH6xs0uNrtaJw=,tag:kVka0SN2pptbmGnO7FFw3A==,type:float] +example_booleans: + - ENC[AES256_GCM,data:E0UPLg==,iv:lQUlqiV5xNrAzmwbrQ+A74D34jk3OhvxggL1zida3s4=,tag:meFcMzWAWeS8DVePB77Pdg==,type:bool] + - ENC[AES256_GCM,data:BFpplEk=,iv:jDpPOy/3BYcrRYGXevdMzZWwrAd//DSZX8M3oofiLdI=,tag:ttrF4pJkBXuq32WUwrhmAw==,type:bool] +test: ENC[AES256_GCM,data:mS79XA==,iv:LmtcvAN1Cw1uduLIRJYB+WqY1owPtUKsJEkt3JH7m5M=,tag:/sXKDu66enTgVewmfuIG5g==,type:str] +sops: + age: + - recipient: age19wvqtn4ju6k4vs8fxr34unl6xx4cv04jw0lx9ps20xlde927zfssgl4qke + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5dXF5ZlpzMlZvUE81c0pp + RGJQa2VIVEZRU3lyNXhlQ2orbFptTlYzR1VZClBaYURXalJJY05vQVlhZHBzOHMv + RE1sWjY2S0lQZEpYN0dwTm1tMDB3MVUKLS0tIDdncmNKRklkMUFiOEJFSUFHaUJz + R1p0Nm8zWlNUTDNIblRMMUh4VFVVLzAKDZUgAc1GMRIYsXuiuG8DCtEOVzgtvEKM + BnK5YfZ/eL3cGENiY2nWuaBarqUsn9KmVlk/uvbUCNLltZGbmgfFfA== + -----END AGE ENCRYPTED FILE----- + - recipient: age13mu9pxlnmmeexwpkyqs4g9kgmyv8dfe5udzlk0dn6j3u8ad7necqm7rsq8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrVktWalZuQzRtKy95S0NR + RXJqbWpHUXhHL2dUZ1VoTllidnZUU0pvbkUwCk1oeXRqdDV2aHZicEkzTVVyQ01a + b2ZZcjVnTVVuYUxRaU9HWE50MUFJT3MKLS0tIGZLei9sUCtVMHhpNkRVU1Z1c3Vy + V2VTc2FYSExPMWthbFpRa2RLZ0JYbEUK9r6CAN7DfrWor5SReLkFLfRv506F2jRn + TVqBGEGGsfE59e57D/1faw1RD9gxhZlrGk9C0tFS1mnwLROth97m4g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-08-13T10:22:45Z" + mac: ENC[AES256_GCM,data:O6er2UuvKJEf1ZekaquIpRmALveDhObU4PB20ObIydqEVApqplPf+qG0KR9b1kcezbc4VFyEwN3p3yjcDGn3bB2uL/7iiJgYoUp2Y7l4bW6BzXfhbT9yZzA/1xry0oMYRvuxU2ekyPCsOfb2YQkxIcLhJZrfxRIh4IcR6WBrRoo=,iv:MmLrd9IfXQLwuGYPhqMW5OZ7JxtlKzg8Uv+A5EoCiI0=,tag:QyeCEw4J0+E9wEyOI/R4kg==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/machines/amaterasu/main/sops.nix b/machines/amaterasu/main/sops.nix new file mode 100644 index 0000000..5efc3b6 --- /dev/null +++ b/machines/amaterasu/main/sops.nix @@ -0,0 +1,18 @@ +{ config, lib, pkgs, ... }: + +{ + sops = { + defaultSopsFile = ./secrets/secrets.yaml; + age = { + # This will automatically import SSH keys as age keys + sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + # This is using an age key that is expected to already be in the filesystem + keyFile = "/var/lib/sops-nix/key.txt"; + # This will generate a new key if the key specified above does not exist + generateKey = true; + # This is the actual specification of the secrets. + }; + + secrets = { }; + }; +} diff --git a/machines/amaterasu/minimal/default.nix b/machines/amaterasu/minimal/default.nix new file mode 100644 index 0000000..4a561bb --- /dev/null +++ b/machines/amaterasu/minimal/default.nix @@ -0,0 +1,126 @@ + +{ config, pkgs, extraHomeModules, inputs, lib, username, ... }: + +let + flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; +in { + imports = + [ + ../../minimal.nix + + ../hardware-configuration.nix + ../disko-config.nix + ]; + + nixpkgs = { + # You can add overlays here + overlays = [ + ]; + # Configure your nixpkgs instance + config = { + # Disable if you don't want unfree packages + allowUnfree = true; + }; + }; + + nix = { + settings = { + # Enable flakes and new 'nix' command + experimental-features = "nix-command flakes"; + # Opinionated: disable global registry + flake-registry = ""; + # Workaround for https://github.com/NixOS/nix/issues/9574 + nix-path = config.nix.nixPath; + + # Allow user to reubild nixos without sudo + trusted-users = [ "root" username ]; + }; + # Opinionated: disable channels + channel.enable = false; + + # Opinionated: make flake registry and nix path match flake inputs + registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs; + nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; + }; + + # Bootloader. + boot.loader.grub.enable = true; + boot.loader.grub.useOSProber = true; + + networking.hostName = username; + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "Europe/Warsaw"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_GB.UTF-8"; + LC_IDENTIFICATION = "en_GB.UTF-8"; + LC_MEASUREMENT = "en_GB.UTF-8"; + LC_MONETARY = "en_GB.UTF-8"; + LC_NAME = "en_GB.UTF-8"; + LC_NUMERIC = "en_GB.UTF-8"; + LC_PAPER = "en_GB.UTF-8"; + LC_TELEPHONE = "en_GB.UTF-8"; + LC_TIME = "en_GB.UTF-8"; + }; + + security.rtkit.enable = true; + + users.users.${username} = { + isNormalUser = true; + description = "NixOS Proxmox Builder"; + hashedPassword = "$6$00vM.zXgahhw6KQO$BpCilKSdUNDlIaOlGrWJAdzh7KCIYoW3uoC1VV9I0eaJyui7J0Yv6BCajGwrn0JwrgWmvOfEMPeyGs4/wWD9q."; + extraGroups = [ "networkmanager" "wheel" ]; + packages = with pkgs; [ + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBcGhVpjmWEw1GEw0y/ysJPa2v3+u/Rt/iES/Se2huH2 alexander0derevianko@gmail.com" + # Nix config builder + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID4PqgSP0tIDsHyVNKAYGsYfDsJA2TqI3V0006uihXmI izanagi@izanagi" + ]; + }; + + environment.systemPackages = with pkgs; [ + vim + wget + ripgrep + ]; + + services.openssh = { + enable = true; + settings = { + # Opinionated: forbid root login through SSH. + PermitRootLogin = "no"; + # Opinionated: use keys only. + # Remove if you want to SSH using passwords + PasswordAuthentication = false; + }; + }; + + programs = { + zsh.enable = true; + }; + + ### + # Home Manger configuration + ### + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + backupFileExtension = "backup"; + extraSpecialArgs = { inherit inputs; }; + + users."${username}" = { + imports = [ + ./home.nix + ] ++ extraHomeModules; + }; + }; + + # DO NOT CHANGE AT ANY POINT! + system.stateVersion = "25.05"; +} diff --git a/machines/amaterasu/minimal/home.nix b/machines/amaterasu/minimal/home.nix new file mode 100644 index 0000000..9a2c708 --- /dev/null +++ b/machines/amaterasu/minimal/home.nix @@ -0,0 +1,35 @@ +{ config, lib, pkgs, inputs, extraHomeModules, ... }: + +let + username = "susano"; +in { + imports = [ + ]; + + + home = { + stateVersion = "25.05"; + username = username; + homeDirectory = "/home/${username}"; + }; + + dov = { + shell = { + zsh = { + enable = true; + shellAliases = { + ll = "eza -al"; + sc = "source $HOME/.zshrc"; + psax = "ps ax | grep"; + cp = "rsync -ah --progress"; + }; + }; + }; + }; + + programs.home-manager.enable = true; + + home.packages = with pkgs; [ + eza + ]; +} diff --git a/machines/fujin/main/default.nix b/machines/fujin/main/default.nix index 19d07a3..363262a 100644 --- a/machines/fujin/main/default.nix +++ b/machines/fujin/main/default.nix @@ -21,7 +21,7 @@ stow ]; - shell = lib.mkDefault pkgs.nushell; + shell = lib.mkForce pkgs.nushell; }; programs = { diff --git a/machines/fujin/main/dotfiles/.config/Code/User/settings.json b/machines/fujin/main/dotfiles/.config/Code/User/settings.json index 33873b4..54aa896 100644 --- a/machines/fujin/main/dotfiles/.config/Code/User/settings.json +++ b/machines/fujin/main/dotfiles/.config/Code/User/settings.json @@ -14,15 +14,9 @@ "scm.inputFontSize": 14.857142857142858, "screencastMode.fontSize": 64.0, "terminal.integrated.fontSize": 16.0, - "workbench.colorTheme": "Stylix", - "redhat.telemetry.enabled": true, + "redhat.telemetry.enabled": false, "database-client.autoSync": true, "git.confirmSync": false, - "java.configuration.runtimes": [ - { - "name": "JavaSE-21", - "path": "/home/fujin/jdk/openjdk21", - "default": true, - }, - ] + "java.jdt.ls.java.home": "/home/fujin/jdk/openjdk21", + "java.configuration.detectJdksAtStart": false } diff --git a/machines/fujin/main/dotfiles/.config/doom/config.el b/machines/fujin/main/dotfiles/.config/doom/config.el index 458c906..48aa962 100644 --- a/machines/fujin/main/dotfiles/.config/doom/config.el +++ b/machines/fujin/main/dotfiles/.config/doom/config.el @@ -157,7 +157,18 @@ :major-modes '(nix-mode) :priority 0 :server-id 'nixd)) - ) + (defun my/setup-project-lombok () + (when (and (boundp 'lombok-version) lombok-version) + (let ((lombok-jar (expand-file-name + (format "~/.m2/repository/org/projectlombok/lombok/%s/lombok-%s.jar" + lombok-version lombok-version)))) + (when (file-exists-p lombok-jar) + (setq-local lsp-java-vmargs + (append (default-value 'lsp-java-vmargs) + (list (concat "-javaagent:" lombok-jar)))))))) + + (add-hook 'java-mode-hook #'my/setup-project-lombok)) + (add-to-list 'safe-local-variable-values #'stringp) (advice-add 'risky-local-variable-p :override #'ignore)