patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

feat: add topology

Browse source
This commit is contained in:
Patrick 2024-04-12 12:07:01 +02:00
parent fcd5a27dce
commit a6c1677e57
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
5 changed files with 284 additions and 381 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
config/basic/default.nix
View file

@ -32,6 +32,7 @@
inputs.home-manager.nixosModules.default inputs.home-manager.nixosModules.default
inputs.impermanence.nixosModules.impermanence inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote inputs.lanzaboote.nixosModules.lanzaboote
inputs.nix-topology.nixosModules.default
inputs.nixos-extra-modules.nixosModules.default inputs.nixos-extra-modules.nixosModules.default
inputs.nixos-nftables-firewall.nixosModules.default inputs.nixos-nftables-firewall.nixosModules.default
inputs.nixvim.nixosModules.nixvim inputs.nixvim.nixosModules.nixvim

320
config/services/maddy.nix
View file

@ -1,320 +0,0 @@
# TODO
# autoconfig
{
config,
pkgs,
lib,
...
}: let
priv_domain = config.secrets.secrets.global.domains.mail_private;
domain = config.secrets.secrets.global.domains.mail_public;
maddyBackupDir = "/var/cache/backups/maddy";
in {
systemd.tmpfiles.settings = {
"10-maddy".${maddyBackupDir}.d = {
inherit (config.services.maddy) user group;
mode = "0770";
};
};
age.secrets.resticpasswd = {
generator.script = "alnum";
};
age.secrets.maddyHetznerSsh = {
generator.script = "ssh-ed25519";
};
services.restic.backups = {
main = {
user = "root";
timerConfig = {
OnCalendar = "06:00";
Persistent = true;
RandomizedDelaySec = "3h";
};
initialize = true;
passwordFile = config.age.secrets.resticpasswd.path;
hetznerStorageBox = {
enable = true;
inherit (config.secrets.secrets.global.hetzner) mainUser;
inherit (config.secrets.secrets.global.hetzner.users.maddy) subUid path;
sshAgeSecret = "maddyHetznerSsh";
};
paths = ["/var/lib/maddy/messages" maddyBackupDir];
pruneOpts = [
"--keep-daily 10"
"--keep-weekly 7"
"--keep-monthly 12"
"--keep-yearly 75"
];
};
};
systemd.services.maddy-backup = let
cfg = config.systemd.services.maddy;
in {
description = "Maddy db backup";
serviceConfig =
lib.recursiveUpdate
cfg.serviceConfig
{
ExecStart = "${pkgs.sqlite}/bin/sqlite3 /var/lib/maddy/imapsql.db \".backup '${maddyBackupDir}/imapsql.sqlite3'\"";
Restart = "no";
Type = "oneshot";
};
inherit (cfg) environment;
requiredBy = ["restic-backups-main.service"];
before = ["restic-backups-main.service"];
};
age.secrets.patrickPasswd = {
generator.script = "alnum";
owner = "maddy";
group = "maddy";
};
# Opening ports for additional TLS listeners. This is not yet
# implemented in the module.
networking.firewall.allowedTCPPorts = [993 465];
services.maddy = {
enable = true;
hostname = "mx1." + domain;
primaryDomain = domain;
localDomains = [
"$(primary_domain)"
priv_domain
];
tls = {
certificates = [
{
keyPath = "${config.security.acme.certs.mail_public.directory}/key.pem";
certPath = "${config.security.acme.certs.mail_public.directory}/fullchain.pem";
}
];
loader = "file";
};
ensureCredentials = {
"patrick@${domain}".passwordFile = config.age.secrets.patrickPasswd.path;
};
ensureAccounts = [
"patrick@${domain}"
];
openFirewall = true;
config = ''
## Maddy Mail Server - default configuration file (2022-06-18)
# Suitable for small-scale deployments. Uses its own format for local users DB,
# should be managed via maddy subcommands.
#
# See tutorials at https://maddy.email for guidance on typical
# configuration changes.
# ----------------------------------------------------------------------------
# Local storage & authentication
# pass_table provides local hashed passwords storage for authentication of
# users. It can be configured to use any "table" module, in default
# configuration a table in SQLite DB is used.
# Table can be replaced to use e.g. a file for passwords. Or pass_table module
# can be replaced altogether to use some external source of credentials (e.g.
# PAM, /etc/shadow file).
#
# If table module supports it (sql_table does) - credentials can be managed
# using 'maddy creds' command.
auth.pass_table local_authdb {
table sql_table {
driver sqlite3
dsn credentials.db
table_name passwords
}
}
# imapsql module stores all indexes and metadata necessary for IMAP using a
# relational database. It is used by IMAP endpoint for mailbox access and
# also by SMTP & Submission endpoints for delivery of local messages.
#
# IMAP accounts, mailboxes and all message metadata can be inspected using
# imap-* subcommands of maddy.
storage.imapsql local_mailboxes {
driver sqlite3
dsn imapsql.db
}
# ----------------------------------------------------------------------------
# SMTP endpoints + message routing
table.chain local_rewrites {
# Reroute everything to me
optional_step regexp ".*" "patrick@${domain}"
optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3"
optional_step static {
entry postmaster patrick@$(primary_domain)
}
optional_step file /etc/maddy/aliases
}
msgpipeline local_routing {
# Insert handling for special-purpose local domains here.
# e.g.
# destination lists.example.org {
# deliver_to lmtp tcp://127.0.0.1:8024
# }
destination postmaster $(local_domains) {
modify {
replace_rcpt &local_rewrites
}
deliver_to &local_mailboxes
}
default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}
smtp tcp://0.0.0.0:25 {
limits {
# Up to 20 msgs/sec across max. 10 SMTP connections.
all rate 20 1s
all concurrency 10
}
dmarc yes
max_message_size 256M
check {
require_mx_record
dkim
spf
}
source $(local_domains) {
reject 501 5.1.8 "Use Submission for outgoing SMTP"
}
default_source {
destination postmaster $(local_domains) {
deliver_to &local_routing
}
default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}
}
submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
limits {
# Up to 50 msgs/sec across any amount of SMTP connections.
all rate 50 1s
}
auth &local_authdb
source $(local_domains) {
check {
authorize_sender {
user_to_email table.chain {
optional_step static {
entry patrick@${domain} "*"
}
step identity
}
}
}
destination postmaster $(local_domains) {
deliver_to &local_routing
}
default_destination {
modify {
dkim $(primary_domain) $(local_domains) default
}
deliver_to &remote_queue
}
}
default_source {
reject 501 5.1.8 "Non-local sender domain"
}
}
target.remote outbound_delivery {
limits {
# Up to 20 msgs/sec across max. 10 SMTP connections
# for each recipient domain.
destination rate 20 1s
destination concurrency 10
}
mx_auth {
dane
mtasts {
cache fs
fs_dir mtasts_cache/
}
local_policy {
min_tls_level encrypted
min_mx_level none
}
}
}
target.queue remote_queue {
target &outbound_delivery
autogenerated_msg_domain $(primary_domain)
bounce {
destination postmaster $(local_domains) {
deliver_to &local_routing
}
default_destination {
reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
}
}
}
# ----------------------------------------------------------------------------
# IMAP endpoints
imap tls://0.0.0.0:993 tcp://0.0.0.0:143 {
auth &local_authdb
storage &local_mailboxes
}
'';
};
services.nginx = {
enable = true;
virtualHosts."mta-sts.${priv_domain}".extraConfig = ''
file_server
root * ${
pkgs.runCommand "priv_domain" {} ''
mkdir -p "$out/.well-known"
echo "
version: STSv1
mode: enforce
max_age: 604800
mx: mx1.${priv_domain}
" > "$out/.well-known/mta-sts.txt"
''
} ;
'';
virtualHosts."mta-sts.${domain}".extraConfig = ''
encode gzip
file_server
root * ${
pkgs.runCommand "domain" {} ''
mkdir -p "$out/.well-known"
echo "
version: STSv1
mode: enforce
max_age: 604800
mx: mx1.${domain}
" > "$out/.well-known/mta-sts.txt"
''
} ;
'';
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/maddy";
user = "maddy";
group = "maddy";
mode = "0755";
}
];
}

328
flake.lock
View file

@ -317,12 +317,34 @@
} }
}, },
"devshell_3": { "devshell_3": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": [
"nix-topology",
"nixpkgs"
]
},
"locked": {
"lastModified": 1711099426,
"narHash": "sha256-HzpgM/wc3aqpnHJJ2oDqPBkNsqWbW0WfWUO8lKu8nGk=",
"owner": "numtide",
"repo": "devshell",
"rev": "2d45b54ca4a183f2fdcf4b19c895b64fbf620ee8",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"devshell_4": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixos-extra-modules", "nixos-extra-modules",
"nixpkgs" "nixpkgs"
], ],
"systems": "systems_5" "systems": "systems_7"
}, },
"locked": { "locked": {
"lastModified": 1701787589, "lastModified": 1701787589,
@ -338,9 +360,9 @@
"type": "github" "type": "github"
} }
}, },
"devshell_4": { "devshell_5": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_6", "flake-utils": "flake-utils_8",
"nixpkgs": [ "nixpkgs": [
"nixvim", "nixvim",
"nixpkgs" "nixpkgs"
@ -413,6 +435,22 @@
} }
}, },
"flake-compat_3": { "flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1673956053,
@ -428,7 +466,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_4": { "flake-compat_5": {
"locked": { "locked": {
"lastModified": 1688025799, "lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
@ -443,7 +481,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_5": { "flake-compat_6": {
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
@ -457,22 +495,6 @@
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
} }
}, },
"flake-compat_6": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_7": { "flake-compat_7": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -490,6 +512,22 @@
} }
}, },
"flake-compat_8": { "flake-compat_8": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_9": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1673956053,
@ -587,6 +625,24 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_10": {
"inputs": {
"systems": "systems_12"
},
"locked": {
"lastModified": 1685518550,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": { "flake-utils_2": {
"inputs": { "inputs": {
"systems": [ "systems": [
@ -627,7 +683,7 @@
}, },
"flake-utils_4": { "flake-utils_4": {
"inputs": { "inputs": {
"systems": "systems_6" "systems": "systems_5"
}, },
"locked": { "locked": {
"lastModified": 1701680307, "lastModified": 1701680307,
@ -645,7 +701,7 @@
}, },
"flake-utils_5": { "flake-utils_5": {
"inputs": { "inputs": {
"systems": "systems_7" "systems": "systems_6"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1710146030,
@ -702,11 +758,29 @@
"systems": "systems_10" "systems": "systems_10"
}, },
"locked": { "locked": {
"lastModified": 1685518550, "lastModified": 1701680307,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_9": {
"inputs": {
"systems": "systems_11"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -776,6 +850,28 @@
} }
}, },
"gitignore_3": { "gitignore_3": {
"inputs": {
"nixpkgs": [
"nix-topology",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_4": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixos-extra-modules", "nixos-extra-modules",
@ -797,7 +893,7 @@
"type": "github" "type": "github"
} }
}, },
"gitignore_4": { "gitignore_5": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixvim", "nixvim",
@ -819,7 +915,7 @@
"type": "github" "type": "github"
} }
}, },
"gitignore_5": { "gitignore_6": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"pre-commit-hooks", "pre-commit-hooks",
@ -963,7 +1059,7 @@
}, },
"lib-aggregate": { "lib-aggregate": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_5", "flake-utils": "flake-utils_7",
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
@ -1042,7 +1138,7 @@
"inputs": { "inputs": {
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_2",
"nix-github-actions": "nix-github-actions", "nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_3",
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
@ -1101,6 +1197,27 @@
"type": "github" "type": "github"
} }
}, },
"nix-topology": {
"inputs": {
"devshell": "devshell_3",
"flake-utils": "flake-utils_5",
"nixpkgs": "nixpkgs",
"pre-commit-hooks": "pre-commit-hooks_2"
},
"locked": {
"lastModified": 1712845388,
"narHash": "sha256-dm0iA0p9rDY4UG8zA9f3+81jcjJsEeXBYbooHlo0KDk=",
"owner": "oddlama",
"repo": "nix-topology",
"rev": "fa88531cf068e7d11d8936705173279b5e1fbc74",
"type": "github"
},
"original": {
"owner": "oddlama",
"repo": "nix-topology",
"type": "github"
}
},
"nixlib": { "nixlib": {
"locked": { "locked": {
"lastModified": 1711846064, "lastModified": 1711846064,
@ -1118,13 +1235,13 @@
}, },
"nixos-extra-modules": { "nixos-extra-modules": {
"inputs": { "inputs": {
"devshell": "devshell_3", "devshell": "devshell_4",
"flake-utils": "flake-utils_4", "flake-utils": "flake-utils_6",
"lib-net": "lib-net", "lib-net": "lib-net",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"pre-commit-hooks": "pre-commit-hooks_2" "pre-commit-hooks": "pre-commit-hooks_3"
}, },
"locked": { "locked": {
"lastModified": 1712851738, "lastModified": 1712851738,
@ -1199,11 +1316,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1712163089, "lastModified": 1711703276,
"narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "fd281bd6b7d3e32ddfa399853946f782553163b5", "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1261,6 +1378,22 @@
} }
}, },
"nixpkgs-stable_3": { "nixpkgs-stable_3": {
"locked": {
"lastModified": 1710695816,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "614b4613980a522ba49f0d194531beddbb7220d3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_4": {
"locked": { "locked": {
"lastModified": 1685801374, "lastModified": 1685801374,
"narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
@ -1276,7 +1409,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable_4": { "nixpkgs-stable_5": {
"locked": { "locked": {
"lastModified": 1710695816, "lastModified": 1710695816,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
@ -1294,7 +1427,7 @@
}, },
"nixpkgs-wayland": { "nixpkgs-wayland": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_5",
"lib-aggregate": "lib-aggregate", "lib-aggregate": "lib-aggregate",
"nix-eval-jobs": "nix-eval-jobs", "nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": [ "nixpkgs": [
@ -1316,6 +1449,22 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1712163089,
"narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fd281bd6b7d3e32ddfa399853946f782553163b5",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1703134684, "lastModified": 1703134684,
"narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=", "narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=",
@ -1331,7 +1480,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1686020360, "lastModified": 1686020360,
"narHash": "sha256-Wee7lIlZ6DIZHHLiNxU5KdYZQl0iprENXa/czzI6Cj4=", "narHash": "sha256-Wee7lIlZ6DIZHHLiNxU5KdYZQl0iprENXa/czzI6Cj4=",
@ -1347,7 +1496,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1700856099, "lastModified": 1700856099,
"narHash": "sha256-RnEA7iJ36Ay9jI0WwP+/y4zjEhmeN6Cjs9VOFBH7eVQ=", "narHash": "sha256-RnEA7iJ36Ay9jI0WwP+/y4zjEhmeN6Cjs9VOFBH7eVQ=",
@ -1365,15 +1514,15 @@
}, },
"nixvim": { "nixvim": {
"inputs": { "inputs": {
"devshell": "devshell_4", "devshell": "devshell_5",
"flake-compat": "flake-compat_5", "flake-compat": "flake-compat_6",
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts_3",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"pre-commit-hooks": "pre-commit-hooks_3" "pre-commit-hooks": "pre-commit-hooks_4"
}, },
"locked": { "locked": {
"lastModified": 1712299511, "lastModified": 1712299511,
@ -1452,16 +1601,44 @@
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_3",
"flake-utils": [ "flake-utils": [
"nixos-extra-modules", "nix-topology",
"flake-utils" "flake-utils"
], ],
"gitignore": "gitignore_3", "gitignore": "gitignore_3",
"nixpkgs": [ "nixpkgs": [
"nixos-extra-modules", "nix-topology",
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable_3" "nixpkgs-stable": "nixpkgs-stable_3"
}, },
"locked": {
"lastModified": 1711981679,
"narHash": "sha256-pnbHEXJOdGkPrHBdkZLv/a2V09On+V3J4aPE/BfAJC8=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "f3bb95498eaaa49a93bacaf196cdb6cf8e872cdf",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"pre-commit-hooks_3": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-utils": [
"nixos-extra-modules",
"flake-utils"
],
"gitignore": "gitignore_4",
"nixpkgs": [
"nixos-extra-modules",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_4"
},
"locked": { "locked": {
"lastModified": 1702456155, "lastModified": 1702456155,
"narHash": "sha256-I2XhXGAecdGlqi6hPWYT83AQtMgL+aa3ulA85RAEgOk=", "narHash": "sha256-I2XhXGAecdGlqi6hPWYT83AQtMgL+aa3ulA85RAEgOk=",
@ -1476,11 +1653,11 @@
"type": "github" "type": "github"
} }
}, },
"pre-commit-hooks_3": { "pre-commit-hooks_4": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_6", "flake-compat": "flake-compat_7",
"flake-utils": "flake-utils_7", "flake-utils": "flake-utils_9",
"gitignore": "gitignore_4", "gitignore": "gitignore_5",
"nixpkgs": [ "nixpkgs": [
"nixvim", "nixvim",
"nixpkgs" "nixpkgs"
@ -1504,17 +1681,17 @@
"type": "github" "type": "github"
} }
}, },
"pre-commit-hooks_4": { "pre-commit-hooks_5": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_7", "flake-compat": "flake-compat_8",
"flake-utils": [ "flake-utils": [
"flake-utils" "flake-utils"
], ],
"gitignore": "gitignore_5", "gitignore": "gitignore_6",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable_4" "nixpkgs-stable": "nixpkgs-stable_5"
}, },
"locked": { "locked": {
"lastModified": 1712055707, "lastModified": 1712055707,
@ -1542,17 +1719,18 @@
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"microvm": "microvm", "microvm": "microvm",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nix-topology": "nix-topology",
"nixos-extra-modules": "nixos-extra-modules", "nixos-extra-modules": "nixos-extra-modules",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixos-nftables-firewall": "nixos-nftables-firewall", "nixos-nftables-firewall": "nixos-nftables-firewall",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs_2",
"nixpkgs-wayland": "nixpkgs-wayland", "nixpkgs-wayland": "nixpkgs-wayland",
"nixvim": "nixvim", "nixvim": "nixvim",
"pre-commit-hooks": "pre-commit-hooks_4", "pre-commit-hooks": "pre-commit-hooks_5",
"spicetify-nix": "spicetify-nix", "spicetify-nix": "spicetify-nix",
"stylix": "stylix", "stylix": "stylix",
"systems": "systems_11", "systems": "systems_13",
"templates": "templates" "templates": "templates"
} }
}, },
@ -1599,8 +1777,8 @@
}, },
"spicetify-nix": { "spicetify-nix": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_8", "flake-utils": "flake-utils_10",
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
"lastModified": 1704167711, "lastModified": 1704167711,
@ -1627,10 +1805,10 @@
"base16-kitty": "base16-kitty", "base16-kitty": "base16-kitty",
"base16-tmux": "base16-tmux", "base16-tmux": "base16-tmux",
"base16-vim": "base16-vim", "base16-vim": "base16-vim",
"flake-compat": "flake-compat_8", "flake-compat": "flake-compat_9",
"gnome-shell": "gnome-shell", "gnome-shell": "gnome-shell",
"home-manager": "home-manager_3", "home-manager": "home-manager_3",
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_5"
}, },
"locked": { "locked": {
"lastModified": 1712154372, "lastModified": 1712154372,
@ -1691,6 +1869,36 @@
"type": "github" "type": "github"
} }
}, },
"systems_12": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_13": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": { "systems_2": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,

15
flake.nix
View file

@ -68,6 +68,8 @@
templates.url = "git+https://git.lel.lol/patrick/nix-templates.git"; templates.url = "git+https://git.lel.lol/patrick/nix-templates.git";
nix-topology.url = "github:oddlama/nix-topology";
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
nixos-hardware.url = "github:nixos/nixos-hardware"; nixos-hardware.url = "github:nixos/nixos-hardware";
@ -107,12 +109,13 @@
devshell, devshell,
nixvim, nixvim,
nixos-extra-modules, nixos-extra-modules,
nix-topology,
... ...
} @ inputs: let } @ inputs: let
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
stateVersion = "23.05"; stateVersion = "23.05";
in in
{ rec {
secretsConfig = { secretsConfig = {
# This should be a link to one of the age public keys is './keys' # This should be a link to one of the age public keys is './keys'
masterIdentities = ["/run/decrypt.key.pub"]; masterIdentities = ["/run/decrypt.key.pub"];
@ -154,6 +157,7 @@
++ [ ++ [
# nixpkgs-wayland.overlay # nixpkgs-wayland.overlay
nixos-extra-modules.overlays.default nixos-extra-modules.overlays.default
nix-topology.overlays.default
devshell.overlays.default devshell.overlays.default
agenix-rekey.overlays.default agenix-rekey.overlays.default
nixvim.overlays.default nixvim.overlays.default
@ -162,6 +166,14 @@
config.allowUnfree = true; config.allowUnfree = true;
}; };
topology = import nix-topology {
inherit pkgs;
modules = [
./nix/topology.nix
{inherit (self) nixosConfigurations;}
];
};
images.live-iso = nixos-generators.nixosGenerate { images.live-iso = nixos-generators.nixosGenerate {
inherit pkgs; inherit pkgs;
modules = [ modules = [
@ -184,6 +196,7 @@
alejandra.enable = true; alejandra.enable = true;
deadnix.enable = true; deadnix.enable = true;
statix.enable = true; statix.enable = true;
hunspell.enable = true;
}; };
}; };
devShell = import ./nix/devshell.nix inputs system; devShell = import ./nix/devshell.nix inputs system;

1
nix/topology.nix Normal file
View file

@ -0,0 +1 @@
{}