-repl-flakes, fix:homeConfiguration module

video9
video8
2024-11-25 09:45:49 +01:00 · 2024-09-23 14:30:14 +02:00 · 2024-09-21 16:59:39 +02:00 · 2024-09-17 14:28:40 +02:00 · 2024-09-10 13:59:56 +02:00 · 2024-09-10 12:31:27 +02:00
31 changed files with 714 additions and 34 deletions
--- a/flake.lock
+++ b/flake.lock
@ -1,6 +1,106 @@
 {
  "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs",
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1723293904,
+        "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1700795494,
+        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1726524467,
+        "narHash": "sha256-xkPPPvfHhHK7BNX5ZrQ9N6AIEixCmFzRZHduDf0zv30=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "22ee467a54a3ab7fa9d637ccad5330c6c087e9dc",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
+    "dotfiles": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1725956275,
+        "narHash": "sha256-4tHKP+PLpJKnFfOT6MY3p/NDBr/3NDyWljB8/iELVZs=",
+        "ref": "refs/heads/master",
+        "rev": "b1393f4b54b8e908b770450ccc49400713d8e457",
+        "revCount": 1,
+        "type": "git",
+        "url": "https://code.m3tam3re.com/m3tam3re/dotfiles-flake-demo.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://code.m3tam3re.com/m3tam3re/dotfiles-flake-demo.git"
+      }
+    },
    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1703113217,
+        "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_2": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
@ -22,15 +122,15 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1711703276,
-        "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
-        "owner": "nixos",
+        "lastModified": 1703013332,
+        "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
+        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
+        "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
        "type": "github"
      },
      "original": {
-        "owner": "nixos",
+        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
@ -52,12 +152,46 @@
        "type": "github"
      }
    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1711703276,
+        "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
    "root": {
      "inputs": {
-        "home-manager": "home-manager",
-        "nixpkgs": "nixpkgs",
+        "agenix": "agenix",
+        "disko": "disko",
+        "dotfiles": "dotfiles",
+        "home-manager": "home-manager_2",
+        "nixpkgs": "nixpkgs_2",
        "nixpkgs-stable": "nixpkgs-stable"
      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -17,10 +17,25 @@
    };
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
+
+    agenix.url = "github:ryantm/agenix";
+
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    dotfiles = {
+      url = "git+https://code.m3tam3re.com/m3tam3re/dotfiles-flake-demo.git";
+      flake = false;
+    };
  };

  outputs = {
    self,
+    agenix,
+    disko,
+    dotfiles,
    home-manager,
    nixpkgs,
    ...
@ -41,14 +56,18 @@
    nixosConfigurations = {
      m3-kratos-vm = nixpkgs.lib.nixosSystem {
        specialArgs = {inherit inputs outputs;};
-        modules = [./hosts/m3-kratos];
+        modules = [
+          ./hosts/m3-kratos
+          inputs.disko.nixosModules.disko
+          agenix.nixosModules.default
+        ];
      };
    };
    homeConfigurations = {
      "m3tam3re@m3-kratos-vm" = home-manager.lib.homeManagerConfiguration {
        pkgs = nixpkgs.legacyPackages."x86_64-linux";
        extraSpecialArgs = {inherit inputs outputs;};
-        modules = [./home/m3tam3re/m3tam3re.nix];
+        modules = [./home/m3tam3re/m3-kratos.nix];
      };
    };
  };
--- a/home/common/default.nix
+++ b/home/common/default.nix
@ -1,4 +1,10 @@
-{ config, lib, outputs, pkgs, ... }: {
+{
+  config,
+  lib,
+  outputs,
+  pkgs,
+  ...
+}: {
  nixpkgs = {
    # You can add overlays here
    overlays = [
@ -29,7 +35,7 @@
  nix = {
    package = lib.mkDefault pkgs.nix;
    settings = {
-      experimental-features = [ "nix-command" "flakes" "repl-flake" ];
+      experimental-features = ["nix-command" "flakes"];
      warn-dirty = false;
    };
  };
--- a/home/features/cli/fish.nix
+++ b/home/features/cli/fish.nix
@ -15,6 +15,7 @@ in {
        set -x NIX_PATH nixpkgs=channel:nixos-unstable
        set -x NIX_LOG info
        set -x TERMINAL kitty
+        source /run/agenix/${config.home.username}-secrets

        if test (tty) = "/dev/tty1"
          exec Hyprland &> /dev/null
--- a/home/features/desktop/default.nix
+++ b/home/features/desktop/default.nix
@ -1,5 +1,7 @@
 {pkgs, ...}: {
  imports = [
+    ./fonts.nix
+    ./hyprland.nix
    ./wayland.nix
  ];

--- a/home/features/desktop/fonts.nix
+++ b/home/features/desktop/fonts.nix
@ -0,0 +1,23 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.features.desktop.fonts;
+in {
+  options.features.desktop.fonts.enable =
+    mkEnableOption "install additional fonts for desktop apps";
+
+  config = mkIf cfg.enable {
+    home.packages = with pkgs; [
+      fira-code
+      fira-code-symbols
+      fira-code-nerdfont
+      font-manager
+      font-awesome_5
+      noto-fonts
+    ];
+  };
+}
--- a/home/features/desktop/hyprland.nix
+++ b/home/features/desktop/hyprland.nix
@ -0,0 +1,188 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.features.desktop.hyprland;
+in {
+  options.features.desktop.hyprland.enable = mkEnableOption "hyprland config";
+
+  config = mkIf cfg.enable {
+    wayland.windowManager.hyprland = {
+      enable = true;
+      settings = {
+        xwayland = {
+          force_zero_scaling = true;
+        };
+
+        exec-once = [
+          "waybar"
+          "hyprpaper"
+          "hypridle"
+          "wl-paste -p -t text --watch clipman store -P --histpath=\"~/.local/share/clipman-primary.json\""
+        ];
+
+        env = [
+          "XCURSOR_SIZE,32"
+          "WLR_NO_HARDWARE_CURSORS,1"
+          "GTK_THEME,Dracula"
+        ];
+
+        input = {
+          kb_layout = "de,us";
+          kb_variant = "";
+          kb_model = "";
+          kb_rules = "";
+          kb_options = "ctrl:nocaps";
+          follow_mouse = 1;
+
+          touchpad = {
+            natural_scroll = true;
+          };
+
+          sensitivity = 0;
+        };
+
+        general = {
+          gaps_in = 5;
+          gaps_out = 5;
+          border_size = 1;
+          "col.active_border" = "rgba(9742b5ee) rgba(9742b5ee) 45deg";
+          "col.inactive_border" = "rgba(595959aa)";
+          layout = "dwindle";
+        };
+
+        decoration = {
+          "col.shadow" = "rgba(1E202966)";
+          drop_shadow = true;
+          shadow_range = 60;
+          shadow_offset = "1 2";
+          shadow_render_power = 3;
+          shadow_scale = 0.97;
+          rounding = 8;
+          blur = {
+            enabled = true;
+            size = 3;
+            passes = 3;
+          };
+          active_opacity = 0.9;
+          inactive_opacity = 0.5;
+        };
+
+        animations = {
+          enabled = true;
+          bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
+          animation = [
+            "windows, 1, 7, myBezier"
+            "windowsOut, 1, 7, default, popin 80%"
+            "border, 1, 10, default"
+            "borderangle, 1, 8, default"
+            "fade, 1, 7, default"
+            "workspaces, 1, 6, default"
+          ];
+        };
+
+        dwindle = {
+          pseudotile = true;
+          preserve_split = true;
+        };
+
+        master = {};
+
+        gestures = {
+          workspace_swipe = false;
+        };
+
+        windowrule = [
+          "float, file_progress"
+          "float, confirm"
+          "float, dialog"
+          "float, download"
+          "float, notification"
+          "float, error"
+          "float, splash"
+          "float, confirmreset"
+          "float, title:Open File"
+          "float, title:branchdialog"
+          "float, Lxappearance"
+          "float, Wofi"
+          "float, dunst"
+          "animation none,Wofi"
+          "float,viewnior"
+          "float,feh"
+          "float, pavucontrol-qt"
+          "float, pavucontrol"
+          "float, file-roller"
+          "fullscreen, wlogout"
+          "float, title:wlogout"
+          "fullscreen, title:wlogout"
+          "idleinhibit focus, mpv"
+          "idleinhibit fullscreen, firefox"
+          "float, title:^(Media viewer)$"
+          "float, title:^(Volume Control)$"
+          "float, title:^(Picture-in-Picture)$"
+          "size 800 600, title:^(Volume Control)$"
+          "move 75 44%, title:^(Volume Control)$"
+        ];
+
+        "$mainMod" = "SUPER";
+
+        bind = [
+          "$mainMod, return, exec, kitty -e zellij-ps"
+          "$mainMod, t, exec, kitty -e fish -c 'neofetch; exec fish'"
+          "$mainMod SHIFT, e, exec, kitty -e zellij_nvim"
+          "$mainMod, o, exec, thunar"
+          "$mainMod, Escape, exec, wlogout -p layer-shell"
+          "$mainMod, Space, togglefloating"
+          "$mainMod, q, killactive"
+          "$mainMod, M, exit"
+          "$mainMod, F, fullscreen"
+          "$mainMod, V, togglefloating"
+          "$mainMod, D, exec, wofi --show drun --allow-images"
+          "$mainMod SHIFT, S, exec, bemoji"
+          "$mainMod, P, exec, wofi-pass"
+          "$mainMod SHIFT, P, pseudo"
+          "$mainMod, J, togglesplit"
+          "$mainMod, left, movefocus, l"
+          "$mainMod, right, movefocus, r"
+          "$mainMod, up, movefocus, u"
+          "$mainMod, down, movefocus, d"
+          "$mainMod, 1, workspace, 1"
+          "$mainMod, 2, workspace, 2"
+          "$mainMod, 3, workspace, 3"
+          "$mainMod, 4, workspace, 4"
+          "$mainMod, 5, workspace, 5"
+          "$mainMod, 6, workspace, 6"
+          "$mainMod, 7, workspace, 7"
+          "$mainMod, 8, workspace, 8"
+          "$mainMod, 9, workspace, 9"
+          "$mainMod, 0, workspace, 10"
+          "$mainMod SHIFT, 1, movetoworkspace, 1"
+          "$mainMod SHIFT, 2, movetoworkspace, 2"
+          "$mainMod SHIFT, 3, movetoworkspace, 3"
+          "$mainMod SHIFT, 4, movetoworkspace, 4"
+          "$mainMod SHIFT, 5, movetoworkspace, 5"
+          "$mainMod SHIFT, 6, movetoworkspace, 6"
+          "$mainMod SHIFT, 7, movetoworkspace, 7"
+          "$mainMod SHIFT, 8, movetoworkspace, 8"
+          "$mainMod SHIFT, 9, movetoworkspace, 9"
+          "$mainMod SHIFT, 0, movetoworkspace, 10"
+          "$mainMod, mouse_down, workspace, e+1"
+          "$mainMod, mouse_up, workspace, e-1"
+        ];
+
+        bindm = [
+          "$mainMod, mouse:272, movewindow"
+          "$mainMod, mouse:273, resizewindow"
+        ];
+
+        windowrulev2 = [
+          "workspace 1,class:(Emacs)"
+          "workspace 3,opacity 1.0, class:(brave-browser)"
+          "workspace 4,class:(com.obsproject.Studio)"
+        ];
+      };
+    };
+  };
+}
--- a/home/m3tam3re/dotfiles/bat.nix
+++ b/home/m3tam3re/dotfiles/bat.nix
@ -0,0 +1,8 @@
+{
+  home.file.".config/bat/config".text = ''
+    --theme="Dracula"
+
+    # Show line numbers, Git modifications and file header (but no grid)
+    --style="numbers,changes,header"
+  '';
+}
--- a/home/m3tam3re/dotfiles/default.nix
+++ b/home/m3tam3re/dotfiles/default.nix
@ -0,0 +1,10 @@
+{inputs, ...}: {
+  imports = [
+    ./bat.nix
+  ];
+
+  home.file.".config/nvim" = {
+    source = "${inputs.dotfiles}/nvim";
+    recursive = true;
+  };
+}
--- a/home/m3tam3re/m3-kratos.nix
+++ b/home/m3tam3re/m3-kratos.nix
@ -1,6 +1,7 @@
 {
  imports = [
    ../common
+    ./dotfiles
    ../features/cli
    ../features/desktop
    ./home.nix
@ -13,7 +14,37 @@
      neofetch.enable = true;
    };
    desktop = {
+      fonts.enable = true;
+      hyprland.enable = true;
      wayland.enable = true;
    };
  };
+
+  wayland.windowManager.hyprland = {
+    settings = {
+      device = [
+        {
+          name = "keyboard";
+          kb_layout = "us";
+        }
+        {
+          name = "mouse";
+          sensitivity = -0.5;
+        }
+      ];
+      monitor = [
+        "DP-1,2560x1440@144,0x0,1"
+        "DP-2,2560x1440@144,2560x0,1"
+      ];
+      workspace = [
+        "1, monitor:DP-1, default:true"
+        "2, monitor:DP-1"
+        "3, monitor:DP-1"
+        "4, monitor:DP-2"
+        "5, monitor:DP-1"
+        "6, monitor:DP-2"
+        "7, monitor:DP-2"
+      ];
+    };
+  };
 }
--- a/hosts/common/default.nix
+++ b/hosts/common/default.nix
@ -7,6 +7,7 @@
  ...
 }: {
  imports = [
+    ./extraServices
    ./users
    inputs.home-manager.nixosModules.home-manager
  ];
--- a/hosts/common/extraServices/default.nix
+++ b/hosts/common/extraServices/default.nix
@ -0,0 +1,5 @@
+{
+  imports = [
+    ./podman.nix
+  ];
+}
--- a/hosts/common/extraServices/extraServices/default.nix
+++ b/hosts/common/extraServices/extraServices/default.nix
@ -0,0 +1,5 @@
+{
+  imports = [
+    ./podman.nix
+  ];
+}
--- a/hosts/common/extraServices/extraServices/extraServices/extraServices/podman.nix
+++ b/hosts/common/extraServices/extraServices/extraServices/extraServices/podman.nix
@ -0,0 +1,32 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.extraServices.podman;
+in {
+  options.extraServices.podman.enable = mkEnableOption "enable podman";
+
+  config = mkIf cfg.enable {
+    virtualisation = {
+      podman = {
+        enable = true;
+        dockerCompat = true;
+        autoPrune = {
+          enable = true;
+          dates = "weekly";
+          flags = [
+            "--filter=until=24h"
+            "--filter=label!=important"
+          ];
+        };
+        defaultNetwork.settings.dns_enabled = true;
+      };
+    };
+    environment.systemPackages = with pkgs; [
+      podman-compose
+    ];
+  };
+}
--- a/hosts/common/extraServices/extraServices/extraServices/podman.nix
+++ b/hosts/common/extraServices/extraServices/extraServices/podman.nix
@ -0,0 +1,32 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.extraServices.podman;
+in {
+  options.extraServices.podman.enable = mkEnableOption "enable podman";
+
+  config = mkIf cfg.enable {
+    virtualisation = {
+      podman = {
+        enable = true;
+        dockerCompat = true;
+        autoPrune = {
+          enable = true;
+          dates = "weekly";
+          flags = [
+            "--filter=until=24h"
+            "--filter=label!=important"
+          ];
+        };
+        defaultNetwork.settings.dns_enabled = true;
+      };
+    };
+    environment.systemPackages = with pkgs; [
+      podman-compose
+    ];
+  };
+}
--- a/hosts/common/extraServices/extraServices/podman.nix
+++ b/hosts/common/extraServices/extraServices/podman.nix
@ -0,0 +1,32 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.extraServices.podman;
+in {
+  options.extraServices.podman.enable = mkEnableOption "enable podman";
+
+  config = mkIf cfg.enable {
+    virtualisation = {
+      podman = {
+        enable = true;
+        dockerCompat = true;
+        autoPrune = {
+          enable = true;
+          dates = "weekly";
+          flags = [
+            "--filter=until=24h"
+            "--filter=label!=important"
+          ];
+        };
+        defaultNetwork.settings.dns_enabled = true;
+      };
+    };
+    environment.systemPackages = with pkgs; [
+      podman-compose
+    ];
+  };
+}
--- a/hosts/common/extraServices/podman.nix
+++ b/hosts/common/extraServices/podman.nix
@ -0,0 +1,32 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.extraServices.podman;
+in {
+  options.extraServices.podman.enable = mkEnableOption "enable podman";
+
+  config = mkIf cfg.enable {
+    virtualisation = {
+      podman = {
+        enable = true;
+        dockerCompat = true;
+        autoPrune = {
+          enable = true;
+          dates = "weekly";
+          flags = [
+            "--filter=until=24h"
+            "--filter=label!=important"
+          ];
+        };
+        defaultNetwork.settings.dns_enabled = true;
+      };
+    };
+    environment.systemPackages = with pkgs; [
+      podman-compose
+    ];
+  };
+}
--- a/hosts/common/users/m3tam3re
+++ b/hosts/common/users/m3tam3re
@ -1 +0,0 @@
-../../../home/m3tam3re
--- a/hosts/common/users/m3tam3re.nix
+++ b/hosts/common/users/m3tam3re.nix
@ -26,5 +26,5 @@
    packages = [inputs.home-manager.packages.${pkgs.system}.default];
  };
  home-manager.users.m3tam3re =
-    import m3tam3re/${config.networking.hostName}.nix;
+    import ../../../home/m3tam3re/${config.networking.hostName}.nix;
 }
--- a/hosts/m3-kratos/configuration.nix
+++ b/hosts/m3-kratos/configuration.nix
@ -4,13 +4,13 @@
 {pkgs, ...}: {
  imports = [
    # Include the results of the hardware scan.
+    ./disko-config.nix
    ./hardware-configuration.nix
  ];

  # Bootloader.
-  boot.loader.grub.enable = true;
-  boot.loader.grub.device = "/dev/vda";
-  boot.loader.grub.useOSProber = true;
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;

  networking.hostName = "m3-kratos"; # Define your hostname.
  # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
--- a/hosts/m3-kratos/default.nix
+++ b/hosts/m3-kratos/default.nix
@ -33,5 +33,12 @@
 #:w
 # networking.hostName = "nixos"; # Define your hostname.
 {
-  imports = [../common ./configuration.nix];
+  imports = [
+    ../common
+    ./configuration.nix
+    ./secrets.nix
+    ./services
+  ];
+
+  extraServices.podman.enable = true;
 }
--- a/hosts/m3-kratos/disko-config.nix
+++ b/hosts/m3-kratos/disko-config.nix
@ -0,0 +1,36 @@
+{
+  disko.devices = {
+    disk = {
+      nixos = {
+        type = "disk";
+        device = "/dev/vda";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02"; # for grub MBR
+            };
+            ESP = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/hosts/m3-kratos/hardware-configuration.nix
+++ b/hosts/m3-kratos/hardware-configuration.nix
@ -1,24 +1,21 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
 {
-  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
  ];

-  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/b3fbba01-1206-44d9-9b15-72e6313b4f72";
-      fsType = "ext4";
-    };
-
-  swapDevices = [ ];
+  boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
@ -29,4 +26,3 @@

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
-
--- a/hosts/m3-kratos/secrets.nix
+++ b/hosts/m3-kratos/secrets.nix
@ -0,0 +1,13 @@
+{
+  age = {
+    secrets = {
+      secret1 = {
+        file = ../../secrets/secret1.age;
+      };
+      m3tam3re-secrets = {
+        file = ../../secrets/m3tam3re-secrets.age;
+        owner = "m3tam3re";
+      };
+    };
+  };
+}
--- a/hosts/m3-kratos/services/containers/default.nix
+++ b/hosts/m3-kratos/services/containers/default.nix
@ -0,0 +1,6 @@
+{
+  imports = [
+    ./echo.nix
+    ./nginx.nix
+  ];
+}
--- a/hosts/m3-kratos/services/containers/echo.nix
+++ b/hosts/m3-kratos/services/containers/echo.nix
@ -0,0 +1,12 @@
+{lib, ...}: {
+  virtualisation.oci-containers.containers."echo-http-service" = {
+    image = "hashicorp/http-echo";
+    extraOptions = ["-text='Hello, World!'" "--network=web"];
+    ports = ["5678:5678"];
+  };
+  system.activationScripts.createPodmanNetworkWeb = lib.mkAfter ''
+    if ! /run/current-system/sw/bin/podman network exists web; then
+      /run/current-system/sw/bin/podman network create web
+    fi
+  '';
+}
--- a/hosts/m3-kratos/services/containers/nginx.nix
+++ b/hosts/m3-kratos/services/containers/nginx.nix
@ -0,0 +1,8 @@
+{config, ...}: {
+  virtualisation.oci-containers.containers."nginx" = {
+    image = "docker.io/nginx:alpine";
+    environmentFiles = [
+      config.age.secrets.secret1.path
+    ];
+  };
+}
--- a/hosts/m3-kratos/services/default.nix
+++ b/hosts/m3-kratos/services/default.nix
@ -0,0 +1,5 @@
+{
+  imports = [
+    ./containers
+  ];
+}
--- a/secrets/m3tam3re-secrets.age
+++ b/secrets/m3tam3re-secrets.age
@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> ssh-ed25519 l/KTwg +8dkEwTxSxpSykhcm+qqMU5c9FxuL0VURTO+Et3Hqjg
+IPzfKtktyMQdv5SceryhZrYhCeB/TVLgXAlu78ihMTw
+-> ssh-rsa DQlE7w
+j4z7/+j+OxQn5pyhuzYdhUYKVhsU7VndBt62wHkt/3akh4a31GbXDmhhFasO/0LX
+vj0MnsoNQSyWxSE16oP3abFL3dnv8u5nUNsTUUKnd7gv58RglfGzUI3vZ5iIQVZx
+ryAiRhmZbzb+oXN4Kzi3Mj1yNExnmDK5JXwKMZpWRPlgmnEAvoRnBGK9povIk+Av
+vACdqLC0jZPsw3B2zw1L35iVSeb2HbbqYdUab3ElClPu6HVQBa7JGSSNfyVJY3c4
+zbz9H9gwDvspu0jexK6D7cZjDalh3UCYly7JvPGoUd6bWHUCNhHOyAhZFIZlNIhj
+pD1BqBis9Mh5xtCElml+PQkfKQKqGJz7KZ6v6bs6EGq/0nXaEiMmn3HRYnPEL98O
+u63SVH5vevAcUewVw6/iENN+0vUTK19C3vkEFDaEwuPTituAMReicx+9vZZvz7ZE
+nTUDblgl+8MngAQBaRjH4HrsXb3mx/4vFhSMO7gBYwYq8xpPXLqlwqgyBS54fBSU
+
+--- T7qcXQKB/ktQb5Epx0/k+EDOdpbJV1x7VaZKEGEfaOE
+<0C><>q<EFBFBD>Q<>?N<>˯:a1)<29>\<5C><>&<26>Ezl[<5B>'<27><>`%<25>QQ<51><51>9<>/{<7B><><EFBFBD>&<w<><0F><><EFBFBD><EFBFBD>Ė<EFBFBD>s
--- a/secrets/secret1.age
+++ b/secrets/secret1.age
@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> ssh-ed25519 l/KTwg rtb9YLrncvwCrLgxUrpsyWQKh5EpORg+M3V2jWFEI0Q
+QaPHNxR+5GcIKt9+0EbP/9UbZPe1ET6OS+NOByeZ90
+-> ssh-rsa DQlE7w
+k2jNaCjCwamanfwOn2U+mxjo1n4445GvfEk2U8OG75AGox4UxlvCBqbzecx9jx+t
+w3CBDstgVvJgEMjZ70g4fhok6gISiyMKc/KQxU9TLRYlTU3ulvX3nf+/4pX05YVv
+Xj+7amLZtEPSMNgNDbRnverPToVTCEgzpG7XELzhrhV+cbLvI702f2ws2puySvkR
+rMkAyyHNA3UfYv42FX4ZitIiOKHALdAVw89oxVFLj4qcYIuo6GdmDoMiRQCLdDvs
+CkRyPm7qtrcc6Kmeyl0xLZnTWi90IOF8tHmwbOhSxbhRpWPn05Gzdw27hbX41gkZ
+qqerT71oFVJhueK8gCJPtePQQXIXLsOc4gjI78WXaRB/BlpwWK4GlKEeaIHP9f35
+HVN8PAjWmgA9MR2/p9azmwYjVduaZoRrINmSVMwtS31h6eZD1m5XAuO3orBZHKqX
+8Z9gkpaeIOvGhdP0ye861l3PSduI01CNe9dT0T+iIWhXbMkJ3woVaQTOl8h/IVb6
+
+--- Q6mzi+/lp1nHSpHoVZqH4RXzNh0Jei8FRhBgU4IjHCQ
+<EFBFBD><EFBFBD><EFBFBD><EFBFBD>a<EFBFBD><EFBFBD><05>Ck		<09><>l<EFBFBD> !<21>\H<>>܃<>HJ{C:<3A>D<EFBFBD>ѣ&<26><><EFBFBD><EFBFBD>ŲPE<50><45><EFBFBD>W
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -0,0 +1,7 @@
+let
+  m3-kratos-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+8dfimMlWKZOlpjEGI6/2hVFDhytJVTi/P92Jf9mTz";
+  m3tam3re = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU=";
+in {
+  "secret1.age".publicKeys = [m3-kratos-vm m3tam3re];
+  "m3tam3re-secrets.age".publicKeys = [m3-kratos-vm m3tam3re];
+}
Author	SHA1	Message	Date
m3tam3re	1b285bef19	-repl-flakes, fix:homeConfiguration module	2024-11-25 09:45:49 +01:00
m3tam3re	78a720e1a3	video9	2024-09-23 14:30:14 +02:00
m3tam3re	b2c3dba781	video8	2024-09-21 16:59:39 +02:00
m3tam3re	6a0334cd38	+disko	2024-09-17 14:28:40 +02:00
m3tam3re	aa7dcee696	video6	2024-09-10 13:59:56 +02:00
m3tam3re	1808004efe	video5	2024-09-10 12:31:27 +02:00