From 551c5e01d1fbf99184ab5e0f7901a82fc1decbe9 Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Tue, 28 Oct 2025 10:39:44 +0100 Subject: [PATCH 1/3] hydra: add hydrajobs to flake-parts --- flake.lock | 42 +++++++++++++-------------- modules/flake-parts/host-machines.nix | 10 +++++++ modules/hosts/loptland/default.nix | 11 +++++++ modules/hosts/nixberry/default.nix | 11 +++++++ modules/hosts/wsl/default.nix | 11 +++++++ 5 files changed, 64 insertions(+), 21 deletions(-) create mode 100644 modules/hosts/loptland/default.nix create mode 100644 modules/hosts/nixberry/default.nix create mode 100644 modules/hosts/wsl/default.nix diff --git a/flake.lock b/flake.lock index df93dd9..45fd507 100644 --- a/flake.lock +++ b/flake.lock @@ -110,11 +110,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1761583935, - "narHash": "sha256-vJ0ylFdPPESUCBYZvEtVmVemSp4G0WH8CbVIkboHIJs=", + "lastModified": 1761596764, + "narHash": "sha256-KTL+8Fw1qAbqubZSHRMjO4HkILJWVdWTylqHXQ4VTBE=", "owner": "cachix", "repo": "devenv", - "rev": "b7e3b2aeb90ce37517fb8da09ceff8ab587a9fcf", + "rev": "17560d064ba5e4fc946c0ea0ee7b31ec291e706f", "type": "github" }, "original": { @@ -131,11 +131,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1761547629, - "narHash": "sha256-4OH1CVm2PdjKRqEJ3RLfkQMDSBdn7VId6iyYCwKOK+U=", + "lastModified": 1761633962, + "narHash": "sha256-QTA706q3zDi9yN7bwsOnj2cQj8FVi9x147A/2lR495U=", "owner": "nix-community", "repo": "fenix", - "rev": "d82a7c64ea441e397914577c9a18f2867e5b364b", + "rev": "abecdc70faee6ef5abf8b250795042a0cbe7070f", "type": "github" }, "original": { @@ -683,11 +683,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1761572054, - "narHash": "sha256-NuDXgcyWa9EfQZXs+7mXKTimzlxEdLV0kJR6gGcFU/8=", + "lastModified": 1761601789, + "narHash": "sha256-F8HDu+xAZ2GhYRZPTMbFgXfA6VI7pN95juP3/llCKx8=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "560c53d87dedf7df8185eb370cfbf3575826e85c", + "rev": "309c3c78485781a28ad9f5bef48b09ecb3b81473", "type": "github" }, "original": { @@ -1072,11 +1072,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1761542689, - "narHash": "sha256-l4TQRcQyp6hoUVQL/R4UBHvYX9whHTntaz5NxHi0PH4=", + "lastModified": 1761623016, + "narHash": "sha256-C2+TErNmeHMCtodwVrMeA/uJg1GRdQbOntRI7DFullA=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "75768e54ca2591bb0be17fa310992628e5efce2d", + "rev": "f0bfe0aaaa51378ace7492850290f8d2db6cc7f3", "type": "github" }, "original": { @@ -1447,11 +1447,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1761500479, - "narHash": "sha256-syeBTCCU96qPJHcVpwHeCwmPCiLTDHHgYQYhpZ0iwLo=", + "lastModified": 1761606039, + "narHash": "sha256-rNsxpCKWzVNJ5FR71mpZFSEPxuvZfAQzcVpgfwgajQU=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "049767e6faa84b2d1a951d8f227e6ebd99d728a2", + "rev": "7c810e9994eff5b2b7a78ab0a656948c1e8dbf18", "type": "github" }, "original": { @@ -1661,11 +1661,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1761422250, - "narHash": "sha256-+pN8VAh8OVUSj8zPoI8QfC93JMIKPaAOABrbeeiO/Hk=", + "lastModified": 1761622056, + "narHash": "sha256-fBrUszJXmB4MY+wf3QsCnqWHcz7u7fLq0QMAWCltIQg=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "2dd40ecfe882c1659e0e46c761974702c7ab5fde", + "rev": "0728d59ff6463a502e001fb090f6eb92dbc04756", "type": "github" }, "original": { @@ -1726,11 +1726,11 @@ ] }, "locked": { - "lastModified": 1761562676, - "narHash": "sha256-yREsDfqZ7JIC2hxQm94DQfNCyhm/KPdxWd3IVJ6zJ2s=", + "lastModified": 1761592723, + "narHash": "sha256-7MMLpYL/EF3wqHIt7Fl3uQJZH1Vvtvgnd24WFpnBzdQ=", "owner": "zigtools", "repo": "zls", - "rev": "67177e3d64b8ab0f358303ee6ed4bac4654e2fdb", + "rev": "8b2754ad49006e70cdbd29c1d57ffb0a2889b836", "type": "github" }, "original": { diff --git a/modules/flake-parts/host-machines.nix b/modules/flake-parts/host-machines.nix index 61e80e4..30fd259 100644 --- a/modules/flake-parts/host-machines.nix +++ b/modules/flake-parts/host-machines.nix @@ -34,4 +34,14 @@ in } )) ]; + + flake.hydraJobs = + let + self = inputs.self; + in + { + # hosts = lib.mapAttrs (_: cfg: cfg.config.system.build.toplevel) self.outputs.nixosConfigurations; + packages = self.packages; + shells = lib.filterAttrs (name: shell: name == "x86_64-linux") self.devShells; + }; } diff --git a/modules/hosts/loptland/default.nix b/modules/hosts/loptland/default.nix new file mode 100644 index 0000000..1ef31a6 --- /dev/null +++ b/modules/hosts/loptland/default.nix @@ -0,0 +1,11 @@ +{ + config, + ... +}: +let +in +{ + flake.modules.nixos."hosts/loptland" = { + + }; +} diff --git a/modules/hosts/nixberry/default.nix b/modules/hosts/nixberry/default.nix new file mode 100644 index 0000000..57dc1a5 --- /dev/null +++ b/modules/hosts/nixberry/default.nix @@ -0,0 +1,11 @@ +{ + config, + ... +}: +let +in +{ + flake.modules.nixos."hosts/nixberry" = { + + }; +} diff --git a/modules/hosts/wsl/default.nix b/modules/hosts/wsl/default.nix new file mode 100644 index 0000000..1a2f54d --- /dev/null +++ b/modules/hosts/wsl/default.nix @@ -0,0 +1,11 @@ +{ + config, + ... +}: +let +in +{ + flake.modules.nixos."hosts/wsl" = { + + }; +} From ef703ecbcfc7ec3fc85ba60c15c9a1fd4f1c6302 Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Tue, 28 Oct 2025 11:02:15 +0100 Subject: [PATCH 2/3] yggdrasil: move out hardware config --- modules/hosts/yggdrasil/default.nix | 69 --------------------------- modules/hosts/yggdrasil/hardware.nix | 71 ++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+), 69 deletions(-) create mode 100644 modules/hosts/yggdrasil/hardware.nix diff --git a/modules/hosts/yggdrasil/default.nix b/modules/hosts/yggdrasil/default.nix index 5d2b45d..0894d92 100644 --- a/modules/hosts/yggdrasil/default.nix +++ b/modules/hosts/yggdrasil/default.nix @@ -24,18 +24,7 @@ in diebahn path-of-building - bottles - - # to be removed - kdePackages.bluez-qt - zed-editor - seahorse - font-manager - vesktop - rofi-unwrapped ]; - # to be removed - virtualisation.waydroid.enable = true; services.teamviewer.enable = true; environment.pathsToLink = [ "/libexec" ]; @@ -111,63 +100,5 @@ in ]; }; - boot = { - kernelPackages = pkgs.linuxPackages_latest; - - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - - initrd.availableKernelModules = [ - "nvme" - "ahci" - "xhci_pci" - "usbhid" - "usb_storage" - "sd_mod" - ]; - kernelModules = [ "kvm-amd" ]; - - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/b1a956f4-91d5-456e-a92b-be505bb719bd"; - fsType = "ext4"; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/B4D4-8BA0"; - fsType = "vfat"; - options = [ - "fmask=0077" - "dmask=0077" - ]; - }; - - "/storage" = { - device = "/dev/disk/by-uuid/c3c1dec1-7716-4c37-a3f2-bb60f9af84fd"; - fsType = "ext4"; - }; - - "/var/lib/bluetooth" = { - device = "/persist/var/lib/bluetooth"; - options = [ - "bind" - "noauto" - "x-systemd.automount" - ]; - noCheck = true; - }; - }; - - swapDevices = [ - { device = "/dev/disk/by-uuid/4bec00ec-e9eb-4034-836a-ecf15e0bb40e"; } - ]; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.enableRedistributableFirmware = true; - hardware.cpu.amd.updateMicrocode = true; }; } diff --git a/modules/hosts/yggdrasil/hardware.nix b/modules/hosts/yggdrasil/hardware.nix new file mode 100644 index 0000000..40864db --- /dev/null +++ b/modules/hosts/yggdrasil/hardware.nix @@ -0,0 +1,71 @@ +{ + config, + ... +}: +let +in +{ + flake.modules.nixos."hosts/yggdrasil" = + { lib, pkgs, ... }: + { + + boot = { + kernelPackages = pkgs.linuxPackages_latest; + + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + initrd.availableKernelModules = [ + "nvme" + "ahci" + "xhci_pci" + "usbhid" + "usb_storage" + "sd_mod" + ]; + kernelModules = [ "kvm-amd" ]; + + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/b1a956f4-91d5-456e-a92b-be505bb719bd"; + fsType = "ext4"; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/B4D4-8BA0"; + fsType = "vfat"; + options = [ + "fmask=0077" + "dmask=0077" + ]; + }; + + "/storage" = { + device = "/dev/disk/by-uuid/c3c1dec1-7716-4c37-a3f2-bb60f9af84fd"; + fsType = "ext4"; + }; + + "/var/lib/bluetooth" = { + device = "/persist/var/lib/bluetooth"; + options = [ + "bind" + "noauto" + "x-systemd.automount" + ]; + noCheck = true; + }; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/4bec00ec-e9eb-4034-836a-ecf15e0bb40e"; } + ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.enableRedistributableFirmware = true; + hardware.cpu.amd.updateMicrocode = true; + }; +} From 592faafe86ae4c780f4c3f1cef9ec5a858aa9bc0 Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Tue, 28 Oct 2025 11:26:01 +0100 Subject: [PATCH 3/3] loptland: babysteps --- modules/desktop/niri.nix | 3 +- modules/hosts/loptland/default.nix | 66 ++++++++++++++++++++++++- modules/hosts/loptland/hardware.nix | 55 +++++++++++++++++++++ modules/hosts/loptland/nginx.nix | 76 +++++++++++++++++++++++++++++ modules/server/acme.nix | 8 +-- modules/users/cholli/default.nix | 1 + 6 files changed, 202 insertions(+), 7 deletions(-) create mode 100644 modules/hosts/loptland/hardware.nix create mode 100644 modules/hosts/loptland/nginx.nix diff --git a/modules/desktop/niri.nix b/modules/desktop/niri.nix index d6efbbe..c7fec4b 100644 --- a/modules/desktop/niri.nix +++ b/modules/desktop/niri.nix @@ -28,7 +28,8 @@ ... }: { - config = lib.mkIf osConfig.programs.niri.enable { + + config = lib.mkIf (osConfig.networking.hostName == "yggdrasil") { programs.niri.settings = { input = { keyboard = { diff --git a/modules/hosts/loptland/default.nix b/modules/hosts/loptland/default.nix index 1ef31a6..48a97e8 100644 --- a/modules/hosts/loptland/default.nix +++ b/modules/hosts/loptland/default.nix @@ -5,7 +5,69 @@ let in { - flake.modules.nixos."hosts/loptland" = { + flake.modules.nixos."hosts/loptland" = + { + inputs, + lib, + pkgs, + modulesPath, + ... + }: + let + sopsFile = ../../../secrets/secrets-loptland.yaml; - }; + in + { + nixpkgs.config.allowUnfree = true; + services.qemuGuest.enable = true; + + imports = + with config.flake.modules.nixos; + [ + (modulesPath + "/profiles/qemu-guest.nix") + inputs.catppuccin.nixosModules.catppuccin + + # System modules + base + server + dev + + # apps + + # Users + cholli + ] + ++ [ + { + home-manager.users.cholli = { + imports = with config.flake.modules.homeManager; [ + inputs.catppuccin.homeModules.catppuccin + + # components + base + dev + + # Activate all user based config + cholli + ]; + }; + } + + ]; + + sops = { + secrets = { + "forgejo/db/password" = { + inherit sopsFile; + }; + "forgejo/mail/password" = { + inherit sopsFile; + }; + "forgejo/mail/passwordHash" = { + inherit sopsFile; + }; + }; + }; + + }; } diff --git a/modules/hosts/loptland/hardware.nix b/modules/hosts/loptland/hardware.nix new file mode 100644 index 0000000..fa5e7d1 --- /dev/null +++ b/modules/hosts/loptland/hardware.nix @@ -0,0 +1,55 @@ +{ + config, + ... +}: +let +in +{ + flake.modules.nixos."hosts/loptland" = + { + inputs, + lib, + pkgs, + ... + }: + { + boot = { + kernelPackages = pkgs.linuxPackages_latest; + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "sr_mod" + "virtio_blk" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/26b098dd-0a15-49c5-9998-75f43d17eb26"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/30AB-7309"; + fsType = "vfat"; + options = [ + "fmask=0077" + "dmask=0077" + ]; + }; + + swapDevices = [ { device = "/dev/disk/by-uuid/b9bcb425-cb1c-40a1-89bb-d7fe6b421834"; } ]; + + networking.useDHCP = lib.mkDefault true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + }; + +} diff --git a/modules/hosts/loptland/nginx.nix b/modules/hosts/loptland/nginx.nix new file mode 100644 index 0000000..9f374ed --- /dev/null +++ b/modules/hosts/loptland/nginx.nix @@ -0,0 +1,76 @@ +{ + flake.modules.nixos."hosts/loptland" = + { + config, + lib, + pkgs, + ... + }: + let + domainName = "christophhollizeck.dev"; + forgejoPort = 3000; + hydraPort = 2000; + in + { + services.nginx = { + enable = true; + recommendedProxySettings = true; + + virtualHosts = { + "git.${domainName}" = { + forceSSL = true; + useACMEHost = domainName; + + locations."/" = { + extraConfig = '' + client_max_body_size 200M; + ''; + proxyPass = "http://localhost:${toString forgejoPort}/"; + }; + }; + + "hydra.${domainName}" = lib.mkIf config.services.hydra.enable { + forceSSL = true; + useACMEHost = domainName; + + locations."/" = { + proxyPass = "http://localhost:${toString hydraPort}/"; + }; + }; + + "ha.${domainName}" = { + forceSSL = true; + useACMEHost = domainName; + + locations."/" = { + # tailscale ip + extraConfig = '' + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + ''; + proxyPass = "http://100.86.23.74:8123"; + }; + }; + + "nixcache.${domainName}" = lib.mkIf config.services.nix-serve.enable { + forceSSL = true; + useACMEHost = domainName; + + locations."/" = { + proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; + }; + }; + + "_" = { + forceSSL = true; + useACMEHost = domainName; + + locations."/" = { + proxyPass = "https://${domainName}"; + }; + }; + }; + }; + + }; +} diff --git a/modules/server/acme.nix b/modules/server/acme.nix index 23b47fa..2c63600 100644 --- a/modules/server/acme.nix +++ b/modules/server/acme.nix @@ -1,4 +1,4 @@ -{ +topLevel: { flake.modules.nixos.server = { config, @@ -41,10 +41,10 @@ security.acme = { acceptTerms = true; defaults = { - inherit (config.flake.meta.users.cholli) email; + inherit (topLevel.config.flake.meta.users.cholli) email; - group = lib.optional config.services.nginx.enable "nginx"; - reloadServices = lib.optional config.services.nginx.enable "nginx.service"; + group = lib.mkIf config.services.nginx.enable "nginx"; + reloadServices = lib.mkIf config.services.nginx.enable "nginx.service"; dnsProvider = "netcup"; environmentFile = config.sops.templates."netcup.env".path; diff --git a/modules/users/cholli/default.nix b/modules/users/cholli/default.nix index 5e3a14d..2299d9e 100644 --- a/modules/users/cholli/default.nix +++ b/modules/users/cholli/default.nix @@ -14,6 +14,7 @@ authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHFrDiO5+vMfD5MimkzN32iw3MnSMLZ0mHvOrHVVmLD0" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII4Pr7p0jizrvIl0UhcvrmL5SHRQQQWIcHLAnRFyUZS6" ]; };