Basic amaterasu config

flake.nix

@@ -154,6 +154,26 @@
         ]
         "izanagi";
 
+      ###
+      # Proxmox CI/CD
+      ###
+      amaterasu-minimal = mkComputer
+        ./machines/amaterasu/minimal
+        []
+        "amaterasu";
+      amaterasu = mkComputer
+        ./machines/amaterasu/main
+        [
+          sops-nix.nixosModules.sops
+
+          # Applications
+          inputs.copyparty.nixosModules.default
+          inputs.vscode-server.nixosModules.default
+
+          ./modules
+        ]
+        "amaterasu";
+
       ###
       # Omen Laptop
       ###

machines/amaterasu/disko-config.nix

@@ -0,0 +1,57 @@
+{ config, lib, pkgs, username, ... }:
+
+{
+  disko.devices = {
+    disk = {
+      main = {
+        device = "/dev/sda";
+        type = "disk";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02"; # for grub MBR
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "btrfs";
+                extraArgs = [ "-f" ]; # Override existing partition
+                # Subvolumes must set a mountpoint in order to be mounted,
+                # unless their parent is mounted
+                subvolumes = {
+                  # Subvolume name is different from mountpoint
+                  "/rootfs" = {
+                    mountpoint = "/";
+                  };
+                  # Subvolume name is the same as the mountpoint
+                  "/home" = {
+                    mountOptions = [ "compress=zstd" ];
+                    mountpoint = "/home";
+                  };
+                  # Sub(sub)volume doesn't need a mountpoint as its parent is mounted
+                  "/home/${username}" = { };
+                  "/nix" = {
+                    mountOptions = [
+                      "compress=zstd"
+                      "noatime"
+                    ];
+                    mountpoint = "/nix";
+                  };
+                };
+
+                mountpoint = "/partition-root";
+                swap = {
+                  swapfile = {
+                    size = "8G";
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

machines/amaterasu/hardware-configuration.nix

@@ -0,0 +1,28 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  # fileSystems."/" =
+  #   { device = "/dev/disk/by-uuid/301d5990-7186-4a90-94aa-997044007358";
+  #     fsType = "ext4";
+  #   };
+
+  # swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

machines/amaterasu/main/.sops.yaml

@@ -0,0 +1,9 @@
+keys:
+  - &primary age19wvqtn4ju6k4vs8fxr34unl6xx4cv04jw0lx9ps20xlde927zfssgl4qke
+  - &amaterasu age13mu9pxlnmmeexwpkyqs4g9kgmyv8dfe5udzlk0dn6j3u8ad7necqm7rsq8
+creation_rules:
+  - path_regex: secrets/secrets.yaml$
+    key_groups:
+      - age:
+          - *primary
+          - *amaterasu

machines/amaterasu/main/default.nix

@@ -0,0 +1,132 @@
+{ config, pkgs, extraHomeModules, inputs, lib, username, ... }:
+
+let
+  flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
+in {
+  imports =
+    [
+      ../../minimal.nix
+
+      ../hardware-configuration.nix
+      ../disko-config.nix
+      ./sops.nix
+    ];
+
+  nixpkgs = {
+    # You can add overlays here
+    overlays = [
+    ];
+    # Configure your nixpkgs instance
+    config = {
+      # Disable if you don't want unfree packages
+      allowUnfree = true;
+    };
+  };
+
+  nix = {
+    settings = {
+      # Enable flakes and new 'nix' command
+      experimental-features = "nix-command flakes";
+      # Opinionated: disable global registry
+      flake-registry = "";
+      # Workaround for https://github.com/NixOS/nix/issues/9574
+      nix-path = config.nix.nixPath;
+
+      # Allow user to reubild nixos without sudo
+      trusted-users = [ "root" username ];
+    };
+    # Opinionated: disable channels
+    channel.enable = false;
+
+    # Opinionated: make flake registry and nix path match flake inputs
+    registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs;
+    nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
+  };
+
+  # Bootloader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.useOSProber = true;
+
+  networking.hostName = username;
+  networking.networkmanager.enable = true;
+
+  # Set your time zone.
+  time.timeZone = "Europe/Warsaw";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "en_GB.UTF-8";
+    LC_IDENTIFICATION = "en_GB.UTF-8";
+    LC_MEASUREMENT = "en_GB.UTF-8";
+    LC_MONETARY = "en_GB.UTF-8";
+    LC_NAME = "en_GB.UTF-8";
+    LC_NUMERIC = "en_GB.UTF-8";
+    LC_PAPER = "en_GB.UTF-8";
+    LC_TELEPHONE = "en_GB.UTF-8";
+    LC_TIME = "en_GB.UTF-8";
+  };
+
+  security.rtkit.enable = true;
+
+  users.users.${username} = {
+    isNormalUser = true;
+    description = "NixOS Proxmox Builder";
+    hashedPassword = "$6$00vM.zXgahhw6KQO$BpCilKSdUNDlIaOlGrWJAdzh7KCIYoW3uoC1VV9I0eaJyui7J0Yv6BCajGwrn0JwrgWmvOfEMPeyGs4/wWD9q.";
+    extraGroups = [ "networkmanager" "wheel" ];
+    packages = with pkgs; [
+    ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBcGhVpjmWEw1GEw0y/ysJPa2v3+u/Rt/iES/Se2huH2 alexander0derevianko@gmail.com"
+      # Nix config builder
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID4PqgSP0tIDsHyVNKAYGsYfDsJA2TqI3V0006uihXmI izanagi@izanagi"
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    vim
+    wget
+    ripgrep
+  ];
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      # Opinionated: forbid root login through SSH.
+      PermitRootLogin = "no";
+      # Opinionated: use keys only.
+      # Remove if you want to SSH using passwords
+      PasswordAuthentication = false;
+    };
+  };
+
+  programs = {
+    zsh.enable = true;
+  };
+
+  ###
+  # Home Manger configuration
+  ###
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+    backupFileExtension = "backup";
+    extraSpecialArgs = { inherit inputs username; };
+
+    users."${username}" = {
+      imports = [
+        ./home.nix
+      ] ++ extraHomeModules;
+    };
+  };
+
+  ###
+  # My Services
+  ###
+  dov = {
+  };
+
+  # DO NOT CHANGE AT ANY POINT!
+  system.stateVersion = "25.05";
+}

machines/amaterasu/main/home.nix

@@ -0,0 +1,33 @@
+{ config, lib, pkgs, inputs, extraHomeModules, username, ... }:
+
+{
+  imports = [
+  ];
+
+
+  home = {
+    stateVersion = "25.05";
+    username = username;
+    homeDirectory = "/home/${username}";
+  };
+
+  dov = {
+    shell = {
+      zsh = {
+        enable = true;
+        shellAliases = {
+          ll = "eza -al";
+          sc = "source $HOME/.zshrc";
+          psax = "ps ax | grep";
+          cp = "rsync -ah --progress";
+        };
+      };
+    };
+  };
+
+  programs.home-manager.enable = true;
+
+  home.packages = with pkgs; [
+    eza
+  ];
+}

machines/amaterasu/main/secrets/secrets.yaml

@@ -0,0 +1,35 @@
+hello: ENC[AES256_GCM,data:dTnxbD69/WCZm+OMX7+ISwtU4cc27avKwYZuWx3Eik3yUgsKpCIjYwvaOB1t5A==,iv:jAVX+epN6cdmwq6DDiGiNs7UwM2pUxvHSE7EBcuA3C8=,tag:aqYZOm7JbI6NIPi1e2ImtA==,type:str]
+example_key: ENC[AES256_GCM,data:3PzgE1mdiZRbgT8zrA==,iv:koDyUK9GA86oiH4bp0LLXRRTbNWJwdi6kQxvLKTVIH4=,tag:OBQ9HqMmV2NEbCQmNJkbNQ==,type:str]
+#ENC[AES256_GCM,data:eL+kKUBvEiK1qZa4uqyaJw==,iv:ZPRuJtZgjZcQwWyyFaIe6MOGIlBg6n3twF5ppWov1uk=,tag:Ha7Evc51RpqriY1NuYLx6Q==,type:comment]
+example_array:
+    - ENC[AES256_GCM,data:Crb/oG3557p6OnZpzsQ=,iv:7vc5Mv25ywn7SoO01iGv7QzTeEWWFUi6d6f1uB65euI=,tag:Fnw7pJsESeD4zKzxGoS2Sw==,type:str]
+    - ENC[AES256_GCM,data:aq4QEAO+DA+nfrC2Zuc=,iv:0om7NPM1VTAi8mZ7USX/SAHBIAJ2NCQHbKAo99nTv3s=,tag:DmU72MqQK9MjvWymtiX05w==,type:str]
+example_number: ENC[AES256_GCM,data:lCjhlB4Al6OsmA==,iv:8XTRC27xGmmGE8JWByr6JXdy1FoVoZyH6xs0uNrtaJw=,tag:kVka0SN2pptbmGnO7FFw3A==,type:float]
+example_booleans:
+    - ENC[AES256_GCM,data:E0UPLg==,iv:lQUlqiV5xNrAzmwbrQ+A74D34jk3OhvxggL1zida3s4=,tag:meFcMzWAWeS8DVePB77Pdg==,type:bool]
+    - ENC[AES256_GCM,data:BFpplEk=,iv:jDpPOy/3BYcrRYGXevdMzZWwrAd//DSZX8M3oofiLdI=,tag:ttrF4pJkBXuq32WUwrhmAw==,type:bool]
+test: ENC[AES256_GCM,data:mS79XA==,iv:LmtcvAN1Cw1uduLIRJYB+WqY1owPtUKsJEkt3JH7m5M=,tag:/sXKDu66enTgVewmfuIG5g==,type:str]
+sops:
+    age:
+        - recipient: age19wvqtn4ju6k4vs8fxr34unl6xx4cv04jw0lx9ps20xlde927zfssgl4qke
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5dXF5ZlpzMlZvUE81c0pp
+            RGJQa2VIVEZRU3lyNXhlQ2orbFptTlYzR1VZClBaYURXalJJY05vQVlhZHBzOHMv
+            RE1sWjY2S0lQZEpYN0dwTm1tMDB3MVUKLS0tIDdncmNKRklkMUFiOEJFSUFHaUJz
+            R1p0Nm8zWlNUTDNIblRMMUh4VFVVLzAKDZUgAc1GMRIYsXuiuG8DCtEOVzgtvEKM
+            BnK5YfZ/eL3cGENiY2nWuaBarqUsn9KmVlk/uvbUCNLltZGbmgfFfA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age13mu9pxlnmmeexwpkyqs4g9kgmyv8dfe5udzlk0dn6j3u8ad7necqm7rsq8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrVktWalZuQzRtKy95S0NR
+            RXJqbWpHUXhHL2dUZ1VoTllidnZUU0pvbkUwCk1oeXRqdDV2aHZicEkzTVVyQ01a
+            b2ZZcjVnTVVuYUxRaU9HWE50MUFJT3MKLS0tIGZLei9sUCtVMHhpNkRVU1Z1c3Vy
+            V2VTc2FYSExPMWthbFpRa2RLZ0JYbEUK9r6CAN7DfrWor5SReLkFLfRv506F2jRn
+            TVqBGEGGsfE59e57D/1faw1RD9gxhZlrGk9C0tFS1mnwLROth97m4g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-08-13T10:22:45Z"
+    mac: ENC[AES256_GCM,data:O6er2UuvKJEf1ZekaquIpRmALveDhObU4PB20ObIydqEVApqplPf+qG0KR9b1kcezbc4VFyEwN3p3yjcDGn3bB2uL/7iiJgYoUp2Y7l4bW6BzXfhbT9yZzA/1xry0oMYRvuxU2ekyPCsOfb2YQkxIcLhJZrfxRIh4IcR6WBrRoo=,iv:MmLrd9IfXQLwuGYPhqMW5OZ7JxtlKzg8Uv+A5EoCiI0=,tag:QyeCEw4J0+E9wEyOI/R4kg==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2

machines/amaterasu/main/sops.nix

@@ -0,0 +1,18 @@
+{ config, lib, pkgs, ... }:
+
+{
+  sops = {
+    defaultSopsFile = ./secrets/secrets.yaml;
+    age = {
+      # This will automatically import SSH keys as age keys
+      sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+      # This is using an age key that is expected to already be in the filesystem
+      keyFile = "/var/lib/sops-nix/key.txt";
+      # This will generate a new key if the key specified above does not exist
+      generateKey = true;
+      # This is the actual specification of the secrets.
+    };
+
+    secrets = { };
+  };
+}

machines/amaterasu/minimal/default.nix

@@ -0,0 +1,126 @@
+
+{ config, pkgs, extraHomeModules, inputs, lib, username, ... }:
+
+let
+  flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
+in {
+  imports =
+    [
+      ../../minimal.nix
+
+      ../hardware-configuration.nix
+      ../disko-config.nix
+    ];
+
+  nixpkgs = {
+    # You can add overlays here
+    overlays = [
+    ];
+    # Configure your nixpkgs instance
+    config = {
+      # Disable if you don't want unfree packages
+      allowUnfree = true;
+    };
+  };
+
+  nix = {
+    settings = {
+      # Enable flakes and new 'nix' command
+      experimental-features = "nix-command flakes";
+      # Opinionated: disable global registry
+      flake-registry = "";
+      # Workaround for https://github.com/NixOS/nix/issues/9574
+      nix-path = config.nix.nixPath;
+
+      # Allow user to reubild nixos without sudo
+      trusted-users = [ "root" username ];
+    };
+    # Opinionated: disable channels
+    channel.enable = false;
+
+    # Opinionated: make flake registry and nix path match flake inputs
+    registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs;
+    nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
+  };
+
+  # Bootloader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.useOSProber = true;
+
+  networking.hostName = username;
+  networking.networkmanager.enable = true;
+
+  # Set your time zone.
+  time.timeZone = "Europe/Warsaw";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "en_GB.UTF-8";
+    LC_IDENTIFICATION = "en_GB.UTF-8";
+    LC_MEASUREMENT = "en_GB.UTF-8";
+    LC_MONETARY = "en_GB.UTF-8";
+    LC_NAME = "en_GB.UTF-8";
+    LC_NUMERIC = "en_GB.UTF-8";
+    LC_PAPER = "en_GB.UTF-8";
+    LC_TELEPHONE = "en_GB.UTF-8";
+    LC_TIME = "en_GB.UTF-8";
+  };
+
+  security.rtkit.enable = true;
+
+  users.users.${username} = {
+    isNormalUser = true;
+    description = "NixOS Proxmox Builder";
+    hashedPassword = "$6$00vM.zXgahhw6KQO$BpCilKSdUNDlIaOlGrWJAdzh7KCIYoW3uoC1VV9I0eaJyui7J0Yv6BCajGwrn0JwrgWmvOfEMPeyGs4/wWD9q.";
+    extraGroups = [ "networkmanager" "wheel" ];
+    packages = with pkgs; [
+    ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBcGhVpjmWEw1GEw0y/ysJPa2v3+u/Rt/iES/Se2huH2 alexander0derevianko@gmail.com"
+      # Nix config builder
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID4PqgSP0tIDsHyVNKAYGsYfDsJA2TqI3V0006uihXmI izanagi@izanagi"
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    vim
+    wget
+    ripgrep
+  ];
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      # Opinionated: forbid root login through SSH.
+      PermitRootLogin = "no";
+      # Opinionated: use keys only.
+      # Remove if you want to SSH using passwords
+      PasswordAuthentication = false;
+    };
+  };
+
+  programs = {
+    zsh.enable = true;
+  };
+
+  ###
+  # Home Manger configuration
+  ###
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+    backupFileExtension = "backup";
+    extraSpecialArgs = { inherit inputs; };
+
+    users."${username}" = {
+      imports = [
+        ./home.nix
+      ] ++ extraHomeModules;
+    };
+  };
+
+  # DO NOT CHANGE AT ANY POINT!
+  system.stateVersion = "25.05";
+}

machines/amaterasu/minimal/home.nix

@@ -0,0 +1,35 @@
+{ config, lib, pkgs, inputs, extraHomeModules, ... }:
+
+let
+  username = "susano";
+in {
+  imports = [
+  ];
+
+
+  home = {
+    stateVersion = "25.05";
+    username = username;
+    homeDirectory = "/home/${username}";
+  };
+
+  dov = {
+    shell = {
+      zsh = {
+        enable = true;
+        shellAliases = {
+          ll = "eza -al";
+          sc = "source $HOME/.zshrc";
+          psax = "ps ax | grep";
+          cp = "rsync -ah --progress";
+        };
+      };
+    };
+  };
+
+  programs.home-manager.enable = true;
+
+  home.packages = with pkgs; [
+    eza
+  ];
+}

machines/fujin/main/default.nix

@@ -21,7 +21,7 @@
       stow
     ];
 
-    shell = lib.mkDefault pkgs.nushell;
+    shell = lib.mkForce pkgs.nushell;
   };
 
   programs = {

machines/fujin/main/dotfiles/.config/Code/User/settings.json

@@ -14,15 +14,9 @@
   "scm.inputFontSize": 14.857142857142858,
   "screencastMode.fontSize": 64.0,
   "terminal.integrated.fontSize": 16.0,
-  "workbench.colorTheme": "Stylix",
+  "redhat.telemetry.enabled": false,
-  "redhat.telemetry.enabled": true,
   "database-client.autoSync": true,
   "git.confirmSync": false,
-  "java.configuration.runtimes": [
+  "java.jdt.ls.java.home": "/home/fujin/jdk/openjdk21",
-    {
+  "java.configuration.detectJdksAtStart": false
-      "name": "JavaSE-21",
-      "path": "/home/fujin/jdk/openjdk21",
-      "default": true,
-    },
-  ]
 }

machines/fujin/main/dotfiles/.config/doom/config.el

@@ -157,7 +157,18 @@
                      :major-modes '(nix-mode)
                      :priority 0
                      :server-id 'nixd))
-  )
+  (defun my/setup-project-lombok ()
+    (when (and (boundp 'lombok-version) lombok-version)
+      (let ((lombok-jar (expand-file-name
+                         (format "~/.m2/repository/org/projectlombok/lombok/%s/lombok-%s.jar"
+                                 lombok-version lombok-version))))
+        (when (file-exists-p lombok-jar)
+          (setq-local lsp-java-vmargs
+                      (append (default-value 'lsp-java-vmargs)
+                              (list (concat "-javaagent:" lombok-jar))))))))
+
+  (add-hook 'java-mode-hook #'my/setup-project-lombok))
+  
 
 (add-to-list 'safe-local-variable-values #'stringp)
 (advice-add 'risky-local-variable-p :override #'ignore)