diff --git a/config/basic/default.nix b/config/basic/default.nix index 4814e0c..21394bd 100644 --- a/config/basic/default.nix +++ b/config/basic/default.nix @@ -32,6 +32,7 @@ inputs.home-manager.nixosModules.default inputs.impermanence.nixosModules.impermanence inputs.lanzaboote.nixosModules.lanzaboote + inputs.nix-topology.nixosModules.default inputs.nixos-extra-modules.nixosModules.default inputs.nixos-nftables-firewall.nixosModules.default inputs.nixvim.nixosModules.nixvim diff --git a/config/services/maddy.nix b/config/services/maddy.nix deleted file mode 100644 index 03f1358..0000000 --- a/config/services/maddy.nix +++ /dev/null @@ -1,320 +0,0 @@ -# TODO -# autoconfig -{ - config, - pkgs, - lib, - ... -}: let - priv_domain = config.secrets.secrets.global.domains.mail_private; - domain = config.secrets.secrets.global.domains.mail_public; - maddyBackupDir = "/var/cache/backups/maddy"; -in { - systemd.tmpfiles.settings = { - "10-maddy".${maddyBackupDir}.d = { - inherit (config.services.maddy) user group; - mode = "0770"; - }; - }; - - age.secrets.resticpasswd = { - generator.script = "alnum"; - }; - age.secrets.maddyHetznerSsh = { - generator.script = "ssh-ed25519"; - }; - services.restic.backups = { - main = { - user = "root"; - timerConfig = { - OnCalendar = "06:00"; - Persistent = true; - RandomizedDelaySec = "3h"; - }; - initialize = true; - passwordFile = config.age.secrets.resticpasswd.path; - hetznerStorageBox = { - enable = true; - inherit (config.secrets.secrets.global.hetzner) mainUser; - inherit (config.secrets.secrets.global.hetzner.users.maddy) subUid path; - sshAgeSecret = "maddyHetznerSsh"; - }; - paths = ["/var/lib/maddy/messages" maddyBackupDir]; - pruneOpts = [ - "--keep-daily 10" - "--keep-weekly 7" - "--keep-monthly 12" - "--keep-yearly 75" - ]; - }; - }; - systemd.services.maddy-backup = let - cfg = config.systemd.services.maddy; - in { - description = "Maddy db backup"; - serviceConfig = - lib.recursiveUpdate - cfg.serviceConfig - { - ExecStart = "${pkgs.sqlite}/bin/sqlite3 /var/lib/maddy/imapsql.db \".backup '${maddyBackupDir}/imapsql.sqlite3'\""; - Restart = "no"; - Type = "oneshot"; - }; - inherit (cfg) environment; - requiredBy = ["restic-backups-main.service"]; - before = ["restic-backups-main.service"]; - }; - - age.secrets.patrickPasswd = { - generator.script = "alnum"; - owner = "maddy"; - group = "maddy"; - }; - # Opening ports for additional TLS listeners. This is not yet - # implemented in the module. - networking.firewall.allowedTCPPorts = [993 465]; - services.maddy = { - enable = true; - hostname = "mx1." + domain; - primaryDomain = domain; - localDomains = [ - "$(primary_domain)" - priv_domain - ]; - tls = { - certificates = [ - { - keyPath = "${config.security.acme.certs.mail_public.directory}/key.pem"; - certPath = "${config.security.acme.certs.mail_public.directory}/fullchain.pem"; - } - ]; - loader = "file"; - }; - ensureCredentials = { - "patrick@${domain}".passwordFile = config.age.secrets.patrickPasswd.path; - }; - ensureAccounts = [ - "patrick@${domain}" - ]; - openFirewall = true; - config = '' - ## Maddy Mail Server - default configuration file (2022-06-18) - # Suitable for small-scale deployments. Uses its own format for local users DB, - # should be managed via maddy subcommands. - # - # See tutorials at https://maddy.email for guidance on typical - # configuration changes. - - # ---------------------------------------------------------------------------- - # Local storage & authentication - - # pass_table provides local hashed passwords storage for authentication of - # users. It can be configured to use any "table" module, in default - # configuration a table in SQLite DB is used. - # Table can be replaced to use e.g. a file for passwords. Or pass_table module - # can be replaced altogether to use some external source of credentials (e.g. - # PAM, /etc/shadow file). - # - # If table module supports it (sql_table does) - credentials can be managed - # using 'maddy creds' command. - - auth.pass_table local_authdb { - table sql_table { - driver sqlite3 - dsn credentials.db - table_name passwords - } - } - - # imapsql module stores all indexes and metadata necessary for IMAP using a - # relational database. It is used by IMAP endpoint for mailbox access and - # also by SMTP & Submission endpoints for delivery of local messages. - # - # IMAP accounts, mailboxes and all message metadata can be inspected using - # imap-* subcommands of maddy. - - storage.imapsql local_mailboxes { - driver sqlite3 - dsn imapsql.db - } - - # ---------------------------------------------------------------------------- - # SMTP endpoints + message routing - - table.chain local_rewrites { - # Reroute everything to me - optional_step regexp ".*" "patrick@${domain}" - optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3" - optional_step static { - entry postmaster patrick@$(primary_domain) - } - optional_step file /etc/maddy/aliases - } - - msgpipeline local_routing { - # Insert handling for special-purpose local domains here. - # e.g. - # destination lists.example.org { - # deliver_to lmtp tcp://127.0.0.1:8024 - # } - - destination postmaster $(local_domains) { - modify { - replace_rcpt &local_rewrites - } - - deliver_to &local_mailboxes - } - - default_destination { - reject 550 5.1.1 "User doesn't exist" - } - } - - smtp tcp://0.0.0.0:25 { - limits { - # Up to 20 msgs/sec across max. 10 SMTP connections. - all rate 20 1s - all concurrency 10 - } - - dmarc yes - max_message_size 256M - check { - require_mx_record - dkim - spf - } - - source $(local_domains) { - reject 501 5.1.8 "Use Submission for outgoing SMTP" - } - default_source { - destination postmaster $(local_domains) { - deliver_to &local_routing - } - default_destination { - reject 550 5.1.1 "User doesn't exist" - } - } - } - - submission tls://0.0.0.0:465 tcp://0.0.0.0:587 { - limits { - # Up to 50 msgs/sec across any amount of SMTP connections. - all rate 50 1s - } - - auth &local_authdb - - source $(local_domains) { - check { - authorize_sender { - user_to_email table.chain { - optional_step static { - entry patrick@${domain} "*" - } - step identity - } - } - } - - destination postmaster $(local_domains) { - deliver_to &local_routing - } - default_destination { - modify { - dkim $(primary_domain) $(local_domains) default - } - deliver_to &remote_queue - } - } - default_source { - reject 501 5.1.8 "Non-local sender domain" - } - } - - target.remote outbound_delivery { - limits { - # Up to 20 msgs/sec across max. 10 SMTP connections - # for each recipient domain. - destination rate 20 1s - destination concurrency 10 - } - mx_auth { - dane - mtasts { - cache fs - fs_dir mtasts_cache/ - } - local_policy { - min_tls_level encrypted - min_mx_level none - } - } - } - - target.queue remote_queue { - target &outbound_delivery - - autogenerated_msg_domain $(primary_domain) - bounce { - destination postmaster $(local_domains) { - deliver_to &local_routing - } - default_destination { - reject 550 5.0.0 "Refusing to send DSNs to non-local addresses" - } - } - } - - # ---------------------------------------------------------------------------- - # IMAP endpoints - - imap tls://0.0.0.0:993 tcp://0.0.0.0:143 { - auth &local_authdb - storage &local_mailboxes - } - ''; - }; - services.nginx = { - enable = true; - virtualHosts."mta-sts.${priv_domain}".extraConfig = '' - file_server - root * ${ - pkgs.runCommand "priv_domain" {} '' - mkdir -p "$out/.well-known" - echo " - version: STSv1 - mode: enforce - max_age: 604800 - mx: mx1.${priv_domain} - " > "$out/.well-known/mta-sts.txt" - '' - } ; - ''; - virtualHosts."mta-sts.${domain}".extraConfig = '' - encode gzip - file_server - root * ${ - pkgs.runCommand "domain" {} '' - mkdir -p "$out/.well-known" - echo " - version: STSv1 - mode: enforce - max_age: 604800 - mx: mx1.${domain} - " > "$out/.well-known/mta-sts.txt" - '' - } ; - ''; - }; - environment.persistence."/persist".directories = [ - { - directory = "/var/lib/maddy"; - user = "maddy"; - group = "maddy"; - mode = "0755"; - } - ]; -} diff --git a/flake.lock b/flake.lock index 3deef48..c0e6b70 100644 --- a/flake.lock +++ b/flake.lock @@ -317,12 +317,34 @@ } }, "devshell_3": { + "inputs": { + "flake-utils": "flake-utils_4", + "nixpkgs": [ + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1711099426, + "narHash": "sha256-HzpgM/wc3aqpnHJJ2oDqPBkNsqWbW0WfWUO8lKu8nGk=", + "owner": "numtide", + "repo": "devshell", + "rev": "2d45b54ca4a183f2fdcf4b19c895b64fbf620ee8", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_4": { "inputs": { "nixpkgs": [ "nixos-extra-modules", "nixpkgs" ], - "systems": "systems_5" + "systems": "systems_7" }, "locked": { "lastModified": 1701787589, @@ -338,9 +360,9 @@ "type": "github" } }, - "devshell_4": { + "devshell_5": { "inputs": { - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_8", "nixpkgs": [ "nixvim", "nixpkgs" @@ -413,6 +435,22 @@ } }, "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1673956053, @@ -428,7 +466,7 @@ "type": "github" } }, - "flake-compat_4": { + "flake-compat_5": { "locked": { "lastModified": 1688025799, "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", @@ -443,7 +481,7 @@ "type": "github" } }, - "flake-compat_5": { + "flake-compat_6": { "locked": { "lastModified": 1696426674, "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", @@ -457,22 +495,6 @@ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" } }, - "flake-compat_6": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-compat_7": { "flake": false, "locked": { @@ -490,6 +512,22 @@ } }, "flake-compat_8": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_9": { "flake": false, "locked": { "lastModified": 1673956053, @@ -587,6 +625,24 @@ "type": "github" } }, + "flake-utils_10": { + "inputs": { + "systems": "systems_12" + }, + "locked": { + "lastModified": 1685518550, + "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "flake-utils_2": { "inputs": { "systems": [ @@ -627,7 +683,7 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_6" + "systems": "systems_5" }, "locked": { "lastModified": 1701680307, @@ -645,7 +701,7 @@ }, "flake-utils_5": { "inputs": { - "systems": "systems_7" + "systems": "systems_6" }, "locked": { "lastModified": 1710146030, @@ -702,11 +758,29 @@ "systems": "systems_10" }, "locked": { - "lastModified": 1685518550, - "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_9": { + "inputs": { + "systems": "systems_11" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -776,6 +850,28 @@ } }, "gitignore_3": { + "inputs": { + "nixpkgs": [ + "nix-topology", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_4": { "inputs": { "nixpkgs": [ "nixos-extra-modules", @@ -797,7 +893,7 @@ "type": "github" } }, - "gitignore_4": { + "gitignore_5": { "inputs": { "nixpkgs": [ "nixvim", @@ -819,7 +915,7 @@ "type": "github" } }, - "gitignore_5": { + "gitignore_6": { "inputs": { "nixpkgs": [ "pre-commit-hooks", @@ -963,7 +1059,7 @@ }, "lib-aggregate": { "inputs": { - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_7", "nixpkgs-lib": "nixpkgs-lib" }, "locked": { @@ -1042,7 +1138,7 @@ "inputs": { "flake-parts": "flake-parts_2", "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -1101,6 +1197,27 @@ "type": "github" } }, + "nix-topology": { + "inputs": { + "devshell": "devshell_3", + "flake-utils": "flake-utils_5", + "nixpkgs": "nixpkgs", + "pre-commit-hooks": "pre-commit-hooks_2" + }, + "locked": { + "lastModified": 1712845388, + "narHash": "sha256-dm0iA0p9rDY4UG8zA9f3+81jcjJsEeXBYbooHlo0KDk=", + "owner": "oddlama", + "repo": "nix-topology", + "rev": "fa88531cf068e7d11d8936705173279b5e1fbc74", + "type": "github" + }, + "original": { + "owner": "oddlama", + "repo": "nix-topology", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1711846064, @@ -1118,13 +1235,13 @@ }, "nixos-extra-modules": { "inputs": { - "devshell": "devshell_3", - "flake-utils": "flake-utils_4", + "devshell": "devshell_4", + "flake-utils": "flake-utils_6", "lib-net": "lib-net", "nixpkgs": [ "nixpkgs" ], - "pre-commit-hooks": "pre-commit-hooks_2" + "pre-commit-hooks": "pre-commit-hooks_3" }, "locked": { "lastModified": 1712851738, @@ -1199,11 +1316,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1712163089, - "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", + "lastModified": 1711703276, + "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5", + "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", "type": "github" }, "original": { @@ -1261,6 +1378,22 @@ } }, "nixpkgs-stable_3": { + "locked": { + "lastModified": 1710695816, + "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "614b4613980a522ba49f0d194531beddbb7220d3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_4": { "locked": { "lastModified": 1685801374, "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", @@ -1276,7 +1409,7 @@ "type": "github" } }, - "nixpkgs-stable_4": { + "nixpkgs-stable_5": { "locked": { "lastModified": 1710695816, "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", @@ -1294,7 +1427,7 @@ }, "nixpkgs-wayland": { "inputs": { - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_5", "lib-aggregate": "lib-aggregate", "nix-eval-jobs": "nix-eval-jobs", "nixpkgs": [ @@ -1316,6 +1449,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1712163089, + "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1703134684, "narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=", @@ -1331,7 +1480,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1686020360, "narHash": "sha256-Wee7lIlZ6DIZHHLiNxU5KdYZQl0iprENXa/czzI6Cj4=", @@ -1347,7 +1496,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1700856099, "narHash": "sha256-RnEA7iJ36Ay9jI0WwP+/y4zjEhmeN6Cjs9VOFBH7eVQ=", @@ -1365,15 +1514,15 @@ }, "nixvim": { "inputs": { - "devshell": "devshell_4", - "flake-compat": "flake-compat_5", + "devshell": "devshell_5", + "flake-compat": "flake-compat_6", "flake-parts": "flake-parts_3", "home-manager": "home-manager_2", "nix-darwin": "nix-darwin", "nixpkgs": [ "nixpkgs" ], - "pre-commit-hooks": "pre-commit-hooks_3" + "pre-commit-hooks": "pre-commit-hooks_4" }, "locked": { "lastModified": 1712299511, @@ -1452,16 +1601,44 @@ "inputs": { "flake-compat": "flake-compat_3", "flake-utils": [ - "nixos-extra-modules", + "nix-topology", "flake-utils" ], "gitignore": "gitignore_3", "nixpkgs": [ - "nixos-extra-modules", + "nix-topology", "nixpkgs" ], "nixpkgs-stable": "nixpkgs-stable_3" }, + "locked": { + "lastModified": 1711981679, + "narHash": "sha256-pnbHEXJOdGkPrHBdkZLv/a2V09On+V3J4aPE/BfAJC8=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "f3bb95498eaaa49a93bacaf196cdb6cf8e872cdf", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_3": { + "inputs": { + "flake-compat": "flake-compat_4", + "flake-utils": [ + "nixos-extra-modules", + "flake-utils" + ], + "gitignore": "gitignore_4", + "nixpkgs": [ + "nixos-extra-modules", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_4" + }, "locked": { "lastModified": 1702456155, "narHash": "sha256-I2XhXGAecdGlqi6hPWYT83AQtMgL+aa3ulA85RAEgOk=", @@ -1476,11 +1653,11 @@ "type": "github" } }, - "pre-commit-hooks_3": { + "pre-commit-hooks_4": { "inputs": { - "flake-compat": "flake-compat_6", - "flake-utils": "flake-utils_7", - "gitignore": "gitignore_4", + "flake-compat": "flake-compat_7", + "flake-utils": "flake-utils_9", + "gitignore": "gitignore_5", "nixpkgs": [ "nixvim", "nixpkgs" @@ -1504,17 +1681,17 @@ "type": "github" } }, - "pre-commit-hooks_4": { + "pre-commit-hooks_5": { "inputs": { - "flake-compat": "flake-compat_7", + "flake-compat": "flake-compat_8", "flake-utils": [ "flake-utils" ], - "gitignore": "gitignore_5", + "gitignore": "gitignore_6", "nixpkgs": [ "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_4" + "nixpkgs-stable": "nixpkgs-stable_5" }, "locked": { "lastModified": 1712055707, @@ -1542,17 +1719,18 @@ "lanzaboote": "lanzaboote", "microvm": "microvm", "nix-index-database": "nix-index-database", + "nix-topology": "nix-topology", "nixos-extra-modules": "nixos-extra-modules", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixos-nftables-firewall": "nixos-nftables-firewall", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "nixpkgs-wayland": "nixpkgs-wayland", "nixvim": "nixvim", - "pre-commit-hooks": "pre-commit-hooks_4", + "pre-commit-hooks": "pre-commit-hooks_5", "spicetify-nix": "spicetify-nix", "stylix": "stylix", - "systems": "systems_11", + "systems": "systems_13", "templates": "templates" } }, @@ -1599,8 +1777,8 @@ }, "spicetify-nix": { "inputs": { - "flake-utils": "flake-utils_8", - "nixpkgs": "nixpkgs_3" + "flake-utils": "flake-utils_10", + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1704167711, @@ -1627,10 +1805,10 @@ "base16-kitty": "base16-kitty", "base16-tmux": "base16-tmux", "base16-vim": "base16-vim", - "flake-compat": "flake-compat_8", + "flake-compat": "flake-compat_9", "gnome-shell": "gnome-shell", "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1712154372, @@ -1691,6 +1869,36 @@ "type": "github" } }, + "systems_12": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_13": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_2": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 069aa99..45bb5af 100644 --- a/flake.nix +++ b/flake.nix @@ -68,6 +68,8 @@ templates.url = "git+https://git.lel.lol/patrick/nix-templates.git"; + nix-topology.url = "github:oddlama/nix-topology"; + impermanence.url = "github:nix-community/impermanence"; nixos-hardware.url = "github:nixos/nixos-hardware"; @@ -107,12 +109,13 @@ devshell, nixvim, nixos-extra-modules, + nix-topology, ... } @ inputs: let inherit (nixpkgs) lib; stateVersion = "23.05"; in - { + rec { secretsConfig = { # This should be a link to one of the age public keys is './keys' masterIdentities = ["/run/decrypt.key.pub"]; @@ -154,6 +157,7 @@ ++ [ # nixpkgs-wayland.overlay nixos-extra-modules.overlays.default + nix-topology.overlays.default devshell.overlays.default agenix-rekey.overlays.default nixvim.overlays.default @@ -162,6 +166,14 @@ config.allowUnfree = true; }; + topology = import nix-topology { + inherit pkgs; + modules = [ + ./nix/topology.nix + {inherit (self) nixosConfigurations;} + ]; + }; + images.live-iso = nixos-generators.nixosGenerate { inherit pkgs; modules = [ @@ -184,6 +196,7 @@ alejandra.enable = true; deadnix.enable = true; statix.enable = true; + hunspell.enable = true; }; }; devShell = import ./nix/devshell.nix inputs system; diff --git a/nix/topology.nix b/nix/topology.nix new file mode 100644 index 0000000..0967ef4 --- /dev/null +++ b/nix/topology.nix @@ -0,0 +1 @@ +{}