diff --git a/checks/pre-commit-hooks/default.nix b/checks/pre-commit-hooks/default.nix
index 6f56b49..cfd5ea3 100644
--- a/checks/pre-commit-hooks/default.nix
+++ b/checks/pre-commit-hooks/default.nix
@@ -10,5 +10,10 @@ git-hooks-nix.lib.${pkgs.system}.run {
src = ../..;
hooks = {
pre-commit-hook-ensure-sops.enable = true;
+ treefmt = {
+ enable = true;
+ settings.fail-on-change = false;
+ packageOverrides.treefmt = inputs.treefmt-nix.lib.mkWrapper pkgs ../../treefmt.nix;
+ };
};
}
\ No newline at end of file
diff --git a/flake.lock b/flake.lock
index 03f11ac..e24930a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -86,11 +86,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
- "lastModified": 1752511627,
- "narHash": "sha256-b8vYxLdVqIFIVa8GaAI50WAGqs37rl76zRMIsjP8/fU=",
+ "lastModified": 1753035671,
+ "narHash": "sha256-F1EAebqC+De5rog6rK/jVTetEGrCKHR7q8wQHx3VqAM=",
"owner": "chaotic-cx",
"repo": "nyx",
- "rev": "26106678ea5170e9db5907bfd2992bdfc26ecd7b",
+ "rev": "57509273a21933c184eb1985efc06381879c09f1",
"type": "github"
},
"original": {
@@ -504,11 +504,11 @@
]
},
"locked": {
- "lastModified": 1752402455,
- "narHash": "sha256-mCHfZhQKdTj2JhCFcqfOfa3uKZbwUkPQbd0/zPnhOE8=",
+ "lastModified": 1752783339,
+ "narHash": "sha256-RXxejsGIWtJ5rJKLAm8Kh159euZHPMi7CtbOoHLsm2c=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "bf893ad4cbf46610dd1b620c974f824e266cd1df",
+ "rev": "7c78e592a895f2f1921f0024848fe193e2f8518e",
"type": "github"
},
"original": {
@@ -524,11 +524,11 @@
]
},
"locked": {
- "lastModified": 1752603129,
- "narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=",
+ "lastModified": 1753056897,
+ "narHash": "sha256-AVVMBFcuOXqIgmShvRv9TED3fkiZhQ0ZvlhsPoFfkNE=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b",
+ "rev": "13a83d1b6545b7f0e8f7689bad62e7a3b1d63771",
"type": "github"
},
"original": {
@@ -540,11 +540,11 @@
"homebrew-cask": {
"flake": false,
"locked": {
- "lastModified": 1752694079,
- "narHash": "sha256-BR9ESr26ncVQgLOtYmdqD3QeJJGbMEUu6QGZ0D9pJDY=",
+ "lastModified": 1753115487,
+ "narHash": "sha256-3uZaS9DHqZxfE57aAPDAsepLRU140RV6FYDUREXK47c=",
"owner": "homebrew",
"repo": "homebrew-cask",
- "rev": "c9441728d76b4a789e607a04a6a8713fddb4e9ab",
+ "rev": "3b67ce4096f29acf817bf666b5a4dfc98733ed6b",
"type": "github"
},
"original": {
@@ -556,11 +556,11 @@
"homebrew-core": {
"flake": false,
"locked": {
- "lastModified": 1752689765,
- "narHash": "sha256-cLVorIY5xViq+wU3HtYo63ykxYIFNLK/A2ZeI8Ooyis=",
+ "lastModified": 1753113580,
+ "narHash": "sha256-lKbdUt+//YX4bC5OpLTY6dGKb4Z84Gbr2sMB6V6TuRk=",
"owner": "homebrew",
"repo": "homebrew-core",
- "rev": "990381d37dd3c257451a9ca948caa8dfe1e5b45d",
+ "rev": "551941d43131806a6c9332ac1a1d85d28ecc52c9",
"type": "github"
},
"original": {
@@ -593,11 +593,11 @@
]
},
"locked": {
- "lastModified": 1752340638,
- "narHash": "sha256-9+vBdRt/jg8fAll1VD3NXBibkRq9F8Wq/mW45I5jlvc=",
+ "lastModified": 1752755091,
+ "narHash": "sha256-H/k35QJLyQxkFnXR5ckMv/Z+ElNa5f22qNKdyGBMAn4=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
- "rev": "1129c951dcc2a269a12cb74d64bd64e44e724ecb",
+ "rev": "0d09755fe1df1886e5f07dbb16f7ed373080f86a",
"type": "github"
},
"original": {
@@ -612,11 +612,11 @@
"nixpkgs": "nixpkgs_6"
},
"locked": {
- "lastModified": 1752662387,
- "narHash": "sha256-bfZ8F86kLGqwB0h477GZggG0Dc0y/oqvq8zi3d12HJE=",
+ "lastModified": 1752755091,
+ "narHash": "sha256-H/k35QJLyQxkFnXR5ckMv/Z+ElNa5f22qNKdyGBMAn4=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
- "rev": "f008426af6f0276b847305fefd40b6aa9c52dd19",
+ "rev": "0d09755fe1df1886e5f07dbb16f7ed373080f86a",
"type": "github"
},
"original": {
@@ -738,17 +738,37 @@
"type": "github"
}
},
+ "nix-index-database": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1752985182,
+ "narHash": "sha256-sX8Neff8lp3TCHai6QmgLr5AD8MdsQQX3b52C1DVXR8=",
+ "owner": "nix-community",
+ "repo": "nix-index-database",
+ "rev": "fafdcb505ba605157ff7a7eeea452bc6d6cbc23c",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "nix-index-database",
+ "type": "github"
+ }
+ },
"nix-vscode-extensions": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_8"
},
"locked": {
- "lastModified": 1752631969,
- "narHash": "sha256-G32IrtEm/WJnEvhOfSu+fyysZmnhQyun5d9xdB9FZjk=",
+ "lastModified": 1753064291,
+ "narHash": "sha256-SthlGBO9W1NXCAHBxV5DrWOt3daYXlSR8lAtOaKWCPw=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
- "rev": "575022736bf7c2eadea38de48b9b20cd93bbfce8",
+ "rev": "9648256bb966f178586cb96cc397985c82e514b8",
"type": "github"
},
"original": {
@@ -782,11 +802,11 @@
"nixpkgs": "nixpkgs_10"
},
"locked": {
- "lastModified": 1751622568,
- "narHash": "sha256-EE3NBsej517VRa1x+ylAghrvngftxf1KgfHlE9OYyXE=",
+ "lastModified": 1753029310,
+ "narHash": "sha256-GqH4hhdpWnaKR2Zl1rYXXdX2acw6pGQH65VCWF3D6Uc=",
"owner": "nix-community",
"repo": "nixos-apple-silicon",
- "rev": "eba4b40c816e5aff8951ae231ac237e8aab8ec1d",
+ "rev": "fe61e1be8f134efe47b290c26e8496a3a03ae8ec",
"type": "github"
},
"original": {
@@ -922,11 +942,11 @@
},
"nixpkgs-stable_3": {
"locked": {
- "lastModified": 1752620740,
- "narHash": "sha256-f3pO+9lg66mV7IMmmIqG4PL3223TYMlnlw+pnpelbss=",
+ "lastModified": 1752866191,
+ "narHash": "sha256-NV4S2Lf2hYmZQ3Qf4t/YyyBaJNuxLPyjzvDma0zPp/M=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "32a4e87942101f1c9f9865e04dc3ddb175f5f32e",
+ "rev": "f01fe91b0108a7aff99c99f2e9abbc45db0adc2a",
"type": "github"
},
"original": {
@@ -970,11 +990,11 @@
},
"nixpkgs_12": {
"locked": {
- "lastModified": 1752480373,
- "narHash": "sha256-JHQbm+OcGp32wAsXTE/FLYGNpb+4GLi5oTvCxwSoBOA=",
+ "lastModified": 1752950548,
+ "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "62e0f05ede1da0d54515d4ea8ce9c733f12d9f08",
+ "rev": "c87b95e25065c028d31a94f06a62927d18763fdf",
"type": "github"
},
"original": {
@@ -1018,11 +1038,11 @@
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1751984180,
- "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=",
+ "lastModified": 1752950548,
+ "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0",
+ "rev": "c87b95e25065c028d31a94f06a62927d18763fdf",
"type": "github"
},
"original": {
@@ -1255,6 +1275,7 @@
"jovian": "jovian_2",
"lanzaboote": "lanzaboote",
"nix-homebrew": "nix-homebrew",
+ "nix-index-database": "nix-index-database",
"nix-vscode-extensions": "nix-vscode-extensions",
"nixai": "nixai",
"nixos-apple-silicon": "nixos-apple-silicon",
@@ -1265,7 +1286,8 @@
"pre-commit-hooks-nix": "pre-commit-hooks-nix_2",
"snowfall-lib": "snowfall-lib",
"sops-nix": "sops-nix",
- "steam-rom-manager": "steam-rom-manager"
+ "steam-rom-manager": "steam-rom-manager",
+ "treefmt-nix": "treefmt-nix"
}
},
"rust-overlay": {
@@ -1276,11 +1298,11 @@
]
},
"locked": {
- "lastModified": 1752374969,
- "narHash": "sha256-Ky3ynEkJXih7mvWyt9DWoiSiZGqPeHLU1tlBU4b0mcc=",
+ "lastModified": 1752720268,
+ "narHash": "sha256-XCiJdtXIN09Iv0i1gs5ajJ9CVHk537Gy1iG/4nIdpVI=",
"owner": "oxalica",
"repo": "rust-overlay",
- "rev": "75fb000638e6d0f57cb1e8b7a4550cbdd8c76f1d",
+ "rev": "dc221f842e9ddc8c0416beae8d77f2ea356b91ae",
"type": "github"
},
"original": {
@@ -1469,6 +1491,26 @@
"type": "github"
}
},
+ "treefmt-nix": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1753006367,
+ "narHash": "sha256-tzbhc4XttkyEhswByk5R38l+ztN9UDbnj0cTcP6Hp9A=",
+ "owner": "numtide",
+ "repo": "treefmt-nix",
+ "rev": "421b56313c65a0815a52b424777f55acf0b56ddf",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "treefmt-nix",
+ "type": "github"
+ }
+ },
"uv2nix": {
"inputs": {
"nixpkgs": [
diff --git a/flake.nix b/flake.nix
index a7ddb2c..e54eed1 100644
--- a/flake.nix
+++ b/flake.nix
@@ -69,12 +69,24 @@
nixos-apple-silicon.url = "github:nix-community/nixos-apple-silicon";
pre-commit-hooks-nix.url = "github:cachix/pre-commit-hooks.nix";
+
+ treefmt-nix = {
+ url = "github:numtide/treefmt-nix";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
+
+ nix-index-database = {
+ url = "github:nix-community/nix-index-database";
+ inputs = {
+ nixpkgs.follows = "nixpkgs";
+ };
+ };
};
# We will handle this in the next section.
outputs = inputs:
-
- inputs.snowfall-lib.mkFlake {
+ let
+ snowfall = inputs.snowfall-lib.mkFlake {
# You must provide our flake inputs to Snowfall Lib.
inherit inputs;
@@ -92,6 +104,7 @@
impermanence.nixosModules.impermanence
lanzaboote.nixosModules.lanzaboote
sops-nix.nixosModules.sops
+ home-manager.nixosModules.home-manager
];
# common darwin modules
@@ -129,6 +142,7 @@
nixos-hardware.nixosModules.common-cpu-amd-pstate
nixos-hardware.nixosModules.common-cpu-amd-zenpower
nixos-hardware.nixosModules.common-hidpi
+ home-manager.nixosModules.home-manager
];
# overlays = with inputs; [ crowdsec.overlays.default ];
};
@@ -169,6 +183,7 @@
homes = {
modules = with inputs; [
+ nix-index-database.homeModules.nix-index
sops-nix.homeManagerModules.sops
];
@@ -177,11 +192,11 @@
];
users = {
- "matt@desktop" = {
- modules = with inputs; [
- sops-nix.homeManagerModules.sops
- ];
- };
+ # "matt@desktop" = {
+ # modules = with inputs; [
+ # sops-nix.homeManagerModules.sops
+ # ];
+ # };
"deck@deck" = {
modules = with inputs; [
steam-rom-manager.homeManagerModules.default
@@ -206,5 +221,57 @@
title = "mjallen Flake";
};
};
+
+ outputs-builder = channels: {
+ formatter = inputs.treefmt-nix.lib.mkWrapper channels.nixpkgs ./treefmt.nix;
+ };
+ };
+
+ piSystems = {
+ pi4 = inputs.nixos-raspberrypi.lib.nixosSystem {
+ specialArgs = inputs // {
+ # Add any special args you need
+ };
+ system = "aarch64-linux";
+ modules = [
+ # Import your Snowfall modules manually
+ ./systems/aarch64-linux/pi4
+ inputs.disko.nixosModules.disko
+ ./systems/aarch64-linux/pi4/disko.nix
+ inputs.nixos-hardware.nixosModules.raspberry-pi-4
+ {
+ imports = with inputs.nixos-raspberrypi.nixosModules; [
+ raspberry-pi-4.base
+ raspberry-pi-4.display-vc4
+ raspberry-pi-4.bluetooth
+ raspberry-pi-4.case-argonone
+ ];
+ }
+ inputs.impermanence.nixosModules.impermanence
+ inputs.sops-nix.nixosModules.sops
+ inputs.home-manager.nixosModules.home-manager
+ {
+ home-manager.useGlobalPkgs = true;
+ home-manager.useUserPackages = true;
+ home-manager.backupFileExtension = "backup";
+ home-manager.extraSpecialArgs = { inherit inputs; };
+ home-manager.sharedModules = [
+ inputs.sops-nix.homeManagerModules.sops
+ ];
+ home-manager.users.matt = import (./homes/aarch64-linux + "/matt@pi4/default.nix");
+ home-manager.users.root = { ... }: {
+ imports = [
+ # Your root user config
+ inputs.sops-nix.homeManagerModules.sops
+ ];
+ home.stateVersion = "23.11";
+ };
+ }
+ ];
+ };
+ };
+ in
+ snowfall // {
+ nixosConfigurations = snowfall.nixosConfigurations // piSystems;
};
}
\ No newline at end of file
diff --git a/homes/aarch64-linux/matt@pi4/default.nix b/homes/aarch64-linux/matt@pi4/default.nix
index 0b8c610..831a18f 100755
--- a/homes/aarch64-linux/matt@pi4/default.nix
+++ b/homes/aarch64-linux/matt@pi4/default.nix
@@ -12,9 +12,9 @@ let
in
{
imports = [
- ../../share/home/defaults.nix
- ../../share/home/git.nix
- ../../share/home/shell.nix
+ ../../../modules/home/home
+ ../../../modules/home/programs/git
+ ../../../modules/home/programs/zsh
];
home.username = "matt";
diff --git a/homes/x86_64-linux/admin@nas/default.nix b/homes/x86_64-linux/admin@nas/default.nix
index a60f201..fcf5dbb 100755
--- a/homes/x86_64-linux/admin@nas/default.nix
+++ b/homes/x86_64-linux/admin@nas/default.nix
@@ -1,4 +1,4 @@
-{ pkgs,... }:
+{ pkgs, ... }:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10";
@@ -9,40 +9,42 @@ in
{
home.username = "admin";
- sops = {
- age.keyFile = "/home/admin/.config/sops/age/keys.txt";
- defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
- validateSopsFiles = false;
- secrets = {
- "ssh-keys-public/jallen-nas" = {
- path = "/home/admin/.ssh/id_ed25519.pub";
- mode = "0644";
- };
- "ssh-keys-private/jallen-nas" = {
- path = "/home/admin/.ssh/id_ed25519";
- mode = "0600";
- };
- "ssh-keys-public/desktop-nixos" = {
- path = "/home/admin/.ssh/authorized_keys";
- mode = "0600";
- };
+ # mjallen.home.enable = true;
- "ssh-keys-public/desktop-nixos-root" = {
- path = "/home/admin/.ssh/authorized_keys2";
- mode = "0600";
- };
+ # sops = {
+ # age.keyFile = "/home/admin/.config/sops/age/keys.txt";
+ # defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
+ # validateSopsFiles = false;
+ # secrets = {
+ # "ssh-keys-public/jallen-nas" = {
+ # path = "/home/admin/.ssh/id_ed25519.pub";
+ # mode = "0644";
+ # };
+ # "ssh-keys-private/jallen-nas" = {
+ # path = "/home/admin/.ssh/id_ed25519";
+ # mode = "0600";
+ # };
+ # "ssh-keys-public/desktop-nixos" = {
+ # path = "/home/admin/.ssh/authorized_keys";
+ # mode = "0600";
+ # };
- "ssh-keys-public/desktop-windows" = {
- path = "/home/admin/.ssh/authorized_keys3";
- mode = "0600";
- };
+ # "ssh-keys-public/desktop-nixos-root" = {
+ # path = "/home/admin/.ssh/authorized_keys2";
+ # mode = "0600";
+ # };
- "ssh-keys-public/macbook-macos" = {
- path = "/home/admin/.ssh/authorized_keys4";
- mode = "0600";
- };
- };
- };
+ # "ssh-keys-public/desktop-windows" = {
+ # path = "/home/admin/.ssh/authorized_keys3";
+ # mode = "0600";
+ # };
+
+ # "ssh-keys-public/macbook-macos" = {
+ # path = "/home/admin/.ssh/authorized_keys4";
+ # mode = "0600";
+ # };
+ # };
+ # };
programs = {
neovim = {
diff --git a/modules/home/sops/default.nix b/modules/home/sops/default.nix
index f64cef1..583c2cd 100644
--- a/modules/home/sops/default.nix
+++ b/modules/home/sops/default.nix
@@ -1,18 +1,44 @@
-{ config, ... }:
+{ config, lib, ... }:
+let
+ cfg = config.mjallen.sops;
+in
{
- # sops = {
- # age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
- # defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
- # validateSopsFiles = false;
- # secrets = {
- # "ssh-keys-public/desktop-nixos" = {
- # path = "/home/matt/.ssh/id_ed25519.pub";
- # mode = "0644";
- # };
- # "ssh-keys-private/desktop-nixos" = {
- # path = "/home/matt/.ssh/id_ed25519";
- # mode = "0600";
- # };
- # };
- # };
+ imports = [ ./options.nix ];
+
+ config = lib.mkIf cfg.enable {
+ sops = {
+ age.keyFile = "/home/admin/.config/sops/age/keys.txt";
+ defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
+ validateSopsFiles = false;
+ secrets = {
+ "ssh-keys-public/jallen-nas" = {
+ path = "/home/admin/.ssh/id_ed25519.pub";
+ mode = "0644";
+ };
+ "ssh-keys-private/jallen-nas" = {
+ path = "/home/admin/.ssh/id_ed25519";
+ mode = "0600";
+ };
+ "ssh-keys-public/desktop-nixos" = {
+ path = "/home/admin/.ssh/authorized_keys";
+ mode = "0600";
+ };
+
+ "ssh-keys-public/desktop-nixos-root" = {
+ path = "/home/admin/.ssh/authorized_keys2";
+ mode = "0600";
+ };
+
+ "ssh-keys-public/desktop-windows" = {
+ path = "/home/admin/.ssh/authorized_keys3";
+ mode = "0600";
+ };
+
+ "ssh-keys-public/macbook-macos" = {
+ path = "/home/admin/.ssh/authorized_keys4";
+ mode = "0600";
+ };
+ };
+ };
+ };
}
\ No newline at end of file
diff --git a/modules/home/sops/options.nix b/modules/home/sops/options.nix
new file mode 100644
index 0000000..7fda5ea
--- /dev/null
+++ b/modules/home/sops/options.nix
@@ -0,0 +1,12 @@
+{ lib, ... }:
+with lib;
+{
+ options.mjallen.sops = {
+ enable = mkEnableOption "enable sops";
+
+ defaultSopsFile = mkOption {
+ type = types.str;
+ default = null;
+ };
+ };
+}
\ No newline at end of file
diff --git a/modules/nixos/home/default.nix b/modules/nixos/home/default.nix
new file mode 100644
index 0000000..185f5f9
--- /dev/null
+++ b/modules/nixos/home/default.nix
@@ -0,0 +1,62 @@
+{
+ config,
+ lib,
+ options,
+ namespace,
+ inputs,
+ ...
+}:
+{
+
+ options.${namespace}.home = with lib.types; {
+ configFile = lib.mkOption {
+ type = attrs;
+ default = { };
+ description = "A set of files to be managed by home-manager's .";
+ };
+ extraOptions = lib.mkOption {
+ type = attrs;
+ default = { };
+ description = "Options to pass directly to home-manager.";
+ };
+ file = lib.mkOption {
+ type = attrs;
+ default = { };
+ description = "A set of files to be managed by home-manager's .";
+ };
+ };
+
+ config = {
+ # ${namespace}.home.extraOptions = {
+ # home.file = lib.mkAliasDefinitions options.${namespace}.home.file;
+ # home.stateVersion = lib.mkOptionDefault config.system.stateVersion;
+ # xdg.configFile = lib.mkAliasDefinitions options.${namespace}.home.configFile;
+ # xdg.enable = lib.mkOptionDefault true;
+ # };
+
+ home-manager = {
+ # enables backing up existing files instead of erroring if conflicts exist
+ backupFileExtension = "backup";
+
+ useGlobalPkgs = true;
+ useUserPackages = true;
+
+ # Pass inputs so external modules can access them
+ extraSpecialArgs = {
+ inherit inputs;
+ };
+
+ # Make ALL external HM modules available globally
+ sharedModules = with inputs; [
+ sops-nix.homeManagerModules.sops
+ steam-rom-manager.homeManagerModules.default
+ # Add any other external HM modules here
+ ];
+
+ # users.${config.${namespace}.user.name} = lib.types.mkAliasDefinitions options.${namespace}.home.extraOptions;
+ users.admin = lib.mkAliasDefinitions options.${namespace}.home.extraOptions;
+
+ verbose = true;
+ };
+ };
+}
\ No newline at end of file
diff --git a/systems/aarch64-linux/pi4/configuration.nix b/systems/aarch64-linux/pi4/default.nix
similarity index 100%
rename from systems/aarch64-linux/pi4/configuration.nix
rename to systems/aarch64-linux/pi4/default.nix
diff --git a/systems/aarch64-linux/pi4/disko.nix b/systems/aarch64-linux/pi4/disko.nix
new file mode 100644
index 0000000..cb4bd15
--- /dev/null
+++ b/systems/aarch64-linux/pi4/disko.nix
@@ -0,0 +1,102 @@
+{ config, lib, ... }:
+let
+ rootDisk = "/dev/sda1";
+in
+{
+ disko.devices = {
+ nodev."/" = {
+ fsType = "tmpfs";
+ mountOptions = [
+ "mode=755"
+ "defaults"
+ "size=2G"
+ ];
+ };
+ # root disk setup
+ disk.main = {
+ type = "disk";
+ device = rootDisk;
+ imageSize = "15G";
+ content = {
+ type = "gpt";
+ # specify partitions
+ partitions = {
+ # /boot/firmware
+ FIRMWARE = {
+ priority = 1;
+ name = "FIRMWARE";
+ start = "1M";
+ end = "1G";
+ type = "0700";
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot/firmware";
+ mountOptions = [ "umask=0077" ];
+ };
+ };
+ # /boot
+ ESP = {
+ priority = 2;
+ name = "ESP";
+ # start = "1G";
+ # end = "2G";
+ size = "1G";
+ type = "EF00";
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ mountOptions = [ "umask=0077" ];
+ };
+ };
+
+ root = {
+ name = "btrfs-root";
+ size = "100%";
+ content = {
+ type = "btrfs";
+ extraArgs = [ "-f" ]; # Override existing partition
+ # Subvolumes must set a mountpoint in order to be mounted,
+ # unless their parent is mounted
+ subvolumes = {
+ "home" = {
+ mountOptions = [ "compress=zstd" ];
+ mountpoint = "/home";
+ };
+ "root" = {
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
+ mountpoint = "/root";
+ };
+ "nix" = {
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
+ mountpoint = "/nix";
+ };
+ "etc" = {
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
+ mountpoint = "/etc";
+ };
+ "log" = {
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
+ mountpoint = "/var/log";
+ };
+ };
+ };
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/systems/aarch64-linux/pi4/sops.nix b/systems/aarch64-linux/pi4/sops.nix
index 0db24f8..a43e72e 100755
--- a/systems/aarch64-linux/pi4/sops.nix
+++ b/systems/aarch64-linux/pi4/sops.nix
@@ -4,7 +4,7 @@ let
in
{
sops = {
- defaultSopsFile = ../../secrets/pi4-secrets.yaml;
+ defaultSopsFile = ../../../secrets/pi4-secrets.yaml;
# age = {
# generateKey = true;
# sshKeyPaths = [ "/etc/ssd/ssh_host_ed25519_key" ];
@@ -16,7 +16,7 @@ in
# ------------------------------
secrets = {
"wifi" = {
- sopsFile = ../../secrets/secrets.yaml;
+ sopsFile = ../../../secrets/secrets.yaml;
};
"pi4/matt-password" = {
neededForUsers = true;
@@ -30,21 +30,21 @@ in
# ------------------------------
"ssh-keys-public/pi4" = {
- sopsFile = ../../secrets/secrets.yaml;
+ sopsFile = ../../../secrets/secrets.yaml;
mode = "0644";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ];
};
"ssh-keys-private/pi4" = {
- sopsFile = ../../secrets/secrets.yaml;
+ sopsFile = ../../../secrets/secrets.yaml;
mode = "0600";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ];
};
"ssh-keys-public/pi5" = {
- sopsFile = ../../secrets/secrets.yaml;
+ sopsFile = ../../../secrets/secrets.yaml;
neededForUsers = true;
mode = "0600";
owner = config.users.users.root.name;
diff --git a/systems/x86_64-linux/nas/apps/nextcloud/default.nix b/systems/x86_64-linux/nas/apps/nextcloud/default.nix
index 06b6fdc..b27c783 100755
--- a/systems/x86_64-linux/nas/apps/nextcloud/default.nix
+++ b/systems/x86_64-linux/nas/apps/nextcloud/default.nix
@@ -6,12 +6,23 @@ let
jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
nextcloudUserId = config.users.users.nix-apps.uid;
nextcloudGroupId = config.users.groups.jallen-nas.gid;
- nextcloudPackage = pkgs.nextcloud31;
+ nextcloudPackage = pkgs.stable.nextcloud31;
hostAddress = settings.hostAddress;
localAddress = "10.0.2.18";
nextcloudPortExtHttp = 9988;
nextcloudPortExtHttps = 9943;
onlyofficePortExt = 9943;
+
+ systemPackages = with pkgs.stable; [
+ cudaPackages.cudnn
+ cudatoolkit
+ ffmpeg
+ # libtensorflow-bin
+ nextcloud31
+ nodejs
+ onlyoffice-documentserver
+ sqlite
+ ];
in
{
containers.nextcloud = {
@@ -137,16 +148,7 @@ in
};
# System packages
- environment.systemPackages = with pkgs; [
- cudaPackages.cudnn
- cudatoolkit
- ffmpeg
- # libtensorflow-bin
- nextcloud31
- nodejs
- onlyoffice-documentserver
- sqlite
- ];
+ environment.systemPackages = systemPackages;
# Create required users and groups
users.users.nextcloud = {
diff --git a/systems/x86_64-linux/nas/default.nix b/systems/x86_64-linux/nas/default.nix
index 450ef38..3e15fd3 100755
--- a/systems/x86_64-linux/nas/default.nix
+++ b/systems/x86_64-linux/nas/default.nix
@@ -27,6 +27,10 @@
./sops.nix
];
+ snowfallorg.users.admin.home.config = {
+ mjallen.sops.enable = true;
+ };
+
powerManagement.cpuFreqGovernor = "powersave";
${namespace} = {
diff --git a/treefmt.nix b/treefmt.nix
new file mode 100644
index 0000000..3a5e9c4
--- /dev/null
+++ b/treefmt.nix
@@ -0,0 +1,82 @@
+{
+ projectRootFile = "flake.nix";
+
+ programs = {
+ actionlint.enable = true;
+ biome = {
+ enable = true;
+ settings.formatter.formatWithErrors = true;
+ };
+ clang-format.enable = true;
+ deadnix = {
+ enable = true;
+ };
+ deno = {
+ enable = true;
+ # Using biome for these
+ excludes = [
+ "*.ts"
+ "*.js"
+ "*.json"
+ "*.jsonc"
+ ];
+ };
+ fantomas.enable = true;
+ fish_indent.enable = true;
+ gofmt.enable = true;
+ isort.enable = true;
+ nixfmt.enable = true;
+ nufmt.enable = true;
+ ruff-check.enable = true;
+ ruff-format.enable = true;
+ rustfmt.enable = true;
+ shfmt = {
+ enable = true;
+ indent_size = 4;
+ };
+ statix.enable = true;
+ stylua.enable = true;
+ taplo.enable = true;
+ yamlfmt.enable = true;
+ };
+
+ settings = {
+ global.excludes = [
+ "*.editorconfig"
+ "*.envrc"
+ "*.gitconfig"
+ "*.git-blame-ignore-revs"
+ "*.gitignore"
+ "*.gitattributes"
+ "*.luacheckrc"
+ "*CODEOWNERS"
+ "*LICENSE"
+ "*flake.lock"
+ "*.conf"
+ "*.gif"
+ "*.ico"
+ "*.ini"
+ "*.micro"
+ "*.png"
+ "*.svg"
+ "*.tmux"
+ "*/config"
+ # TODO: formatters?
+ "*.ac"
+ "*.css" # Exclude CSS files from formatting since we use Nix template variables
+ "*.csproj"
+ "*.fsproj"
+ "*.in"
+ "*.kdl"
+ "*.kvconfig"
+ "*.rasi"
+ "*.sln"
+ "*.xml"
+ "*.zsh"
+ "*Makefile"
+ "*makefile"
+ ];
+
+ formatter.ruff-format.options = [ "--isolated" ];
+ };
+}
\ No newline at end of file