janezicmatej/matej.nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: run lint & format

Browse Source
This commit is contained in:
Matej Janezic
2026-04-13 23:04:16 +02:00
parent df2ee459a1
commit 2204b12fad
22 changed files with 496 additions and 389 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
features/bootloader.nix
View File

@@ -1,6 +1,11 @@
{ {
nixos = nixos =
{ config, lib, inputs, ... }: {
config,
lib,
inputs,
...
}:
let let
cfg = config.features.bootloader; cfg = config.features.bootloader;
in in
@@ -19,22 +24,24 @@
}; };
}; };
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enable (
{ lib.mkMerge [
boot.loader.efi.canTouchEfiVariables = true; {
} boot.loader.efi.canTouchEfiVariables = true;
}
(lib.mkIf (cfg.mode == "systemd-boot") { (lib.mkIf (cfg.mode == "systemd-boot") {
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
}) })
(lib.mkIf (cfg.mode == "lanzaboote") { (lib.mkIf (cfg.mode == "lanzaboote") {
boot.loader.systemd-boot.enable = lib.mkForce false; boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = { boot.lanzaboote = {
enable = true; enable = true;
pkiBundle = "/var/lib/sbctl"; pkiBundle = "/var/lib/sbctl";
}; };
}) })
]); ]
);
}; };
} }

7
features/claude.nix
View File

@@ -6,7 +6,12 @@
}; };
home = home =
{ pkgs, lib, osConfig, ... }: {
pkgs,
lib,
osConfig,
...
}:
let let
cfg = osConfig.features.claude; cfg = osConfig.features.claude;
in in

173
features/desktop.nix
View File

@@ -1,6 +1,12 @@
{ {
nixos = nixos =
{ config, lib, pkgs, inputs, ... }: {
config,
lib,
pkgs,
inputs,
...
}:
let let
cfg = config.features.desktop; cfg = config.features.desktop;
in in
@@ -49,98 +55,105 @@
}; };
}; };
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enable (
# base desktop lib.mkMerge [
{ # base desktop
security.polkit.enable = true; {
services.dbus.enable = true; security.polkit.enable = true;
services.playerctld.enable = true; services.dbus.enable = true;
services.playerctld.enable = true;
xdg.portal = { xdg.portal = {
enable = true; enable = true;
xdgOpenUsePortal = true; xdgOpenUsePortal = true;
extraPortals = with pkgs; [ extraPortals = with pkgs; [
xdg-desktop-portal-wlr xdg-desktop-portal-wlr
xdg-desktop-portal-gtk xdg-desktop-portal-gtk
];
};
fonts.packages = with pkgs; [
font-awesome
nerd-fonts.jetbrains-mono
]; ];
};
fonts.packages = with pkgs; [ stylix = {
font-awesome enable = true;
nerd-fonts.jetbrains-mono inherit (cfg.theme) polarity;
]; image = cfg.theme.wallpaper;
base16Scheme = "${pkgs.base16-schemes}/share/themes/${cfg.theme.scheme}.yaml";
};
}
stylix = { # audio
enable = true; (lib.mkIf cfg.audio.enable {
polarity = cfg.theme.polarity; services.pipewire = {
image = cfg.theme.wallpaper; enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/${cfg.theme.scheme}.yaml"; pulse.enable = true;
}; };
} environment.systemPackages = with pkgs; [
pavucontrol
easyeffects
];
})
# audio # bluetooth
(lib.mkIf cfg.audio.enable { (lib.mkIf cfg.bluetooth.enable {
services.pipewire = { hardware.bluetooth.enable = true;
enable = true; services.blueman.enable = true;
pulse.enable = true; })
};
environment.systemPackages = with pkgs; [
pavucontrol
easyeffects
];
})
# bluetooth # apps
(lib.mkIf cfg.bluetooth.enable { (lib.mkIf cfg.apps.enable {
hardware.bluetooth.enable = true; programs.thunderbird.enable = true;
services.blueman.enable = true;
})
# apps environment.systemPackages = with pkgs; [
(lib.mkIf cfg.apps.enable { ghostty
programs.thunderbird.enable = true; google-chrome
zathura
calibre
bolt-launcher
libnotify
bibata-cursors
vesktop
rocketchat-desktop
telegram-desktop
slack
jellyfin-media-player
cider-2
mpv
ffmpeg
wf-recorder
wl-mirror
protonmail-bridge
ledger-live-desktop
];
environment.systemPackages = with pkgs; [ xdg.mime.defaultApplications = {
ghostty "application/pdf" = "org.pwmt.zathura.desktop";
google-chrome };
zathura
calibre
bolt-launcher
libnotify
bibata-cursors
vesktop
rocketchat-desktop
telegram-desktop
slack
jellyfin-media-player
cider-2
mpv
ffmpeg
wf-recorder
wl-mirror
protonmail-bridge
ledger-live-desktop
];
xdg.mime.defaultApplications = { # kindle udev rules for calibre
"application/pdf" = "org.pwmt.zathura.desktop"; features.udev.kindle.enable = lib.mkDefault true;
}; })
# kindle udev rules for calibre # internal CA
features.udev.kindle.enable = lib.mkDefault true; (lib.mkIf cfg.internalCA.enable {
}) security.pki.certificateFiles = [
inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system}.ca-matheo-si
# internal CA ];
(lib.mkIf cfg.internalCA.enable { })
security.pki.certificateFiles = [ ]
inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system}.ca-matheo-si );
];
})
]);
}; };
home = home =
{ lib, inputs, osConfig, ... }: {
lib,
inputs,
osConfig,
...
}:
let let
cfg = osConfig.features.desktop; cfg = osConfig.features.desktop;
in in

8
features/dev.nix
View File

@@ -6,7 +6,13 @@
}; };
home = home =
{ pkgs, lib, inputs, osConfig, ... }: {
pkgs,
lib,
inputs,
osConfig,
...
}:
let let
cfg = osConfig.features.dev; cfg = osConfig.features.dev;
packages = inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system}; packages = inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system};

7
features/direnv/default.nix
View File

@@ -1,6 +1,11 @@
{ {
nixos = nixos =
{ config, lib, inputs, ... }: {
config,
lib,
inputs,
...
}:
let let
cfg = config.features.direnv; cfg = config.features.direnv;
in in

7
features/docker.nix
View File

@@ -1,6 +1,11 @@
{ {
nixos = nixos =
{ config, lib, user, ... }: {
config,
lib,
user,
...
}:
let let
cfg = config.features.docker; cfg = config.features.docker;
in in

7
features/filedrop.nix
View File

@@ -1,6 +1,11 @@
{ {
nixos = nixos =
{ config, lib, userKeys, ... }: {
config,
lib,
userKeys,
...
}:
let let
cfg = config.features.filedrop; cfg = config.features.filedrop;
in in

7
features/gaming.nix
View File

@@ -1,6 +1,11 @@
{ {
nixos = nixos =
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.features.gaming; cfg = config.features.gaming;
in in

8
features/git.nix
View File

@@ -6,7 +6,13 @@
}; };
home = home =
{ pkgs, lib, inputs, osConfig, ... }: {
pkgs,
lib,
inputs,
osConfig,
...
}:
let let
cfg = osConfig.features.git; cfg = osConfig.features.git;
packages = inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system}; packages = inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system};

41
features/gnupg.nix
View File

@@ -1,6 +1,11 @@
{ {
nixos = nixos =
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.features.gnupg; cfg = config.features.gnupg;
in in
@@ -14,23 +19,25 @@
}; };
}; };
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enable (
{ lib.mkMerge [
programs.gnupg.agent = { {
enable = true; programs.gnupg.agent = {
enableSSHSupport = true; enable = true;
enableExtraSocket = true; enableSSHSupport = true;
}; enableExtraSocket = true;
} };
}
(lib.mkIf cfg.yubikey.enable { (lib.mkIf cfg.yubikey.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
yubikey-personalization yubikey-personalization
yubikey-manager yubikey-manager
]; ];
services.pcscd.enable = true; services.pcscd.enable = true;
}) })
]); ]
);
}; };
} }

88
features/neovim.nix
View File

@@ -26,54 +26,56 @@
cfg = osConfig.features.neovim; cfg = osConfig.features.neovim;
in in
{ {
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enable (
(lib.optionalAttrs (options ? stylix) { lib.mkMerge [
# disable stylix neovim target when stylix is present (lib.optionalAttrs (options ? stylix) {
stylix.targets.neovim.enable = false; # disable stylix neovim target when stylix is present
}) stylix.targets.neovim.enable = false;
{ })
xdg.configFile."nvim" = lib.mkIf (cfg.dotfiles != null) { {
source = cfg.dotfiles; xdg.configFile."nvim" = lib.mkIf (cfg.dotfiles != null) {
}; source = cfg.dotfiles;
};
programs.neovim = { programs.neovim = {
enable = true; enable = true;
vimAlias = true; vimAlias = true;
defaultEditor = true; defaultEditor = true;
package = inputs.neovim-nightly-overlay.packages.${pkgs.stdenv.hostPlatform.system}.default; package = inputs.neovim-nightly-overlay.packages.${pkgs.stdenv.hostPlatform.system}.default;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
gcc gcc
luajit luajit
nodejs_22 nodejs_22
tree-sitter tree-sitter
gnumake gnumake
osc osc
fd fd
ripgrep ripgrep
bat bat
delta delta
pyright pyright
typescript-language-server typescript-language-server
lua-language-server lua-language-server
gopls gopls
nil nil
nixd nixd
nixpkgs-fmt nixpkgs-fmt
stylua stylua
]; ];
extraWrapperArgs = [ extraWrapperArgs = [
"--suffix" "--suffix"
"LD_LIBRARY_PATH" "LD_LIBRARY_PATH"
":" ":"
"${lib.makeLibraryPath [ pkgs.stdenv.cc.cc.lib ]}" "${lib.makeLibraryPath [ pkgs.stdenv.cc.cc.lib ]}"
]; ];
}; };
} }
]); ]
);
}; };
} }

26
features/nix-settings.nix
View File

@@ -41,29 +41,27 @@
]; ];
download-buffer-size = 2 * 1024 * 1024 * 1024; download-buffer-size = 2 * 1024 * 1024 * 1024;
warn-dirty = false; warn-dirty = false;
substituters = substituters = [
[ "https://cache.nixos.org"
"https://cache.nixos.org" "https://nix-community.cachix.org?priority=45"
"https://nix-community.cachix.org?priority=45" ]
] ++ lib.optional cfg.towerCache.enable "http://tower:5000?priority=50";
++ lib.optional cfg.towerCache.enable "http://tower:5000?priority=50"; trusted-public-keys = [
trusted-public-keys = "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
[ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ++ lib.optional cfg.towerCache.enable "matej.nix-1:TdbemLVYblvAxqJcwb3mVKmmr3cfzXbMcZHE5ILnZDE=";
]
++ lib.optional cfg.towerCache.enable "matej.nix-1:TdbemLVYblvAxqJcwb3mVKmmr3cfzXbMcZHE5ILnZDE=";
}; };
gc = { gc = {
automatic = true; automatic = true;
dates = cfg.gc.dates; inherit (cfg.gc) dates;
options = "--delete-older-than ${cfg.gc.olderThan}"; options = "--delete-older-than ${cfg.gc.olderThan}";
}; };
optimise = { optimise = {
automatic = true; automatic = true;
dates = cfg.optimise.dates; inherit (cfg.optimise) dates;
}; };
}; };
}; };

7
features/onepassword.nix
View File

@@ -1,6 +1,11 @@
{ {
nixos = nixos =
{ config, lib, user, ... }: {
config,
lib,
user,
...
}:
let let
cfg = config.features.onepassword; cfg = config.features.onepassword;
in in

7
features/remote-base.nix
View File

@@ -1,6 +1,11 @@
{ {
nixos = nixos =
{ config, lib, user, ... }: {
config,
lib,
user,
...
}:
let let
cfg = config.features.remote-base; cfg = config.features.remote-base;
in in

7
features/shell.nix
View File

@@ -6,7 +6,12 @@
}; };
home = home =
{ pkgs, lib, osConfig, ... }: {
pkgs,
lib,
osConfig,
...
}:
let let
cfg = osConfig.features.shell; cfg = osConfig.features.shell;
in in

141
features/sway.nix
View File

@@ -1,6 +1,11 @@
{ {
nixos = nixos =
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.features.sway; cfg = config.features.sway;
desktopCfg = config.features.desktop; desktopCfg = config.features.desktop;
@@ -15,77 +20,79 @@
}; };
}; };
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enable (
{ lib.mkMerge [
# soft dependency {
features.desktop.enable = lib.mkDefault true; # soft dependency
features.desktop.enable = lib.mkDefault true;
# hard dependency # hard dependency
assertions = [ assertions = [
{ {
assertion = desktopCfg.enable; assertion = desktopCfg.enable;
message = "features.sway requires features.desktop"; message = "features.sway requires features.desktop";
} }
];
programs.sway = {
enable = true;
package = pkgs.swayfx;
wrapperFeatures.gtk = true;
extraSessionCommands = ''
# fix for java awt apps not rendering
export _JAVA_AWT_WM_NONREPARENTING=1
'';
};
environment.systemPackages = with pkgs; [
waybar
mako
wob
playerctl
brightnessctl
foot
grim
pulseaudio
swayidle
swaylock-effects
jq
slurp
wl-clipboard
pamixer
wlsunset
satty
wayland-pipewire-idle-inhibit
fuzzel
cliphist
zenity
];
}
# greeter
(lib.mkIf cfg.greeter.enable {
programs.regreet = {
enable = true;
cageArgs = [
"-s"
"-m"
"last"
]; ];
font = {
name = lib.mkForce "JetBrainsMono Nerd Font"; programs.sway = {
size = lib.mkForce 14; enable = true;
package = pkgs.swayfx;
wrapperFeatures.gtk = true;
extraSessionCommands = ''
# fix for java awt apps not rendering
export _JAVA_AWT_WM_NONREPARENTING=1
'';
}; };
settings = {
background = { environment.systemPackages = with pkgs; [
path = lib.mkForce (toString desktopCfg.theme.wallpaper); waybar
fit = lib.mkForce "Cover"; mako
wob
playerctl
brightnessctl
foot
grim
pulseaudio
swayidle
swaylock-effects
jq
slurp
wl-clipboard
pamixer
wlsunset
satty
wayland-pipewire-idle-inhibit
fuzzel
cliphist
zenity
];
}
# greeter
(lib.mkIf cfg.greeter.enable {
programs.regreet = {
enable = true;
cageArgs = [
"-s"
"-m"
"last"
];
font = {
name = lib.mkForce "JetBrainsMono Nerd Font";
size = lib.mkForce 14;
}; };
GTK = { settings = {
application_prefer_dark_theme = lib.mkForce true; background = {
path = lib.mkForce (toString desktopCfg.theme.wallpaper);
fit = lib.mkForce "Cover";
};
GTK = {
application_prefer_dark_theme = lib.mkForce true;
};
}; };
}; };
}; })
}) ]
]); );
}; };
} }

53
features/udev.nix
View File

@@ -1,6 +1,11 @@
{ {
nixos = nixos =
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.features.udev; cfg = config.features.udev;
in in
@@ -24,29 +29,31 @@
}; };
}; };
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enable (
(lib.mkIf cfg.kindle.enable { lib.mkMerge [
# NOTE:(@janezicmatej) uses services.udev.packages instead of extraRules (lib.mkIf cfg.kindle.enable {
# because extraRules writes to 99-local.rules which is too late for uaccess # NOTE:(@janezicmatej) uses services.udev.packages instead of extraRules
services.udev.packages = [ # because extraRules writes to 99-local.rules which is too late for uaccess
pkgs.libmtp services.udev.packages = [
(pkgs.writeTextFile { pkgs.libmtp
name = "kindle-udev-rules"; (pkgs.writeTextFile {
text = '' name = "kindle-udev-rules";
ACTION!="remove", SUBSYSTEM=="usb", ATTRS{idVendor}=="1949", TAG+="uaccess" text = ''
''; ACTION!="remove", SUBSYSTEM=="usb", ATTRS{idVendor}=="1949", TAG+="uaccess"
destination = "/etc/udev/rules.d/70-kindle.rules"; '';
}) destination = "/etc/udev/rules.d/70-kindle.rules";
]; })
}) ];
})
(lib.mkIf cfg.ledger.enable { (lib.mkIf cfg.ledger.enable {
hardware.ledger.enable = true; hardware.ledger.enable = true;
}) })
(lib.mkIf cfg.keyboard-zsa.enable { (lib.mkIf cfg.keyboard-zsa.enable {
hardware.keyboard.zsa.enable = true; hardware.keyboard.zsa.enable = true;
}) })
]); ]
);
}; };
} }

28
features/user-matej.nix
View File

@@ -9,23 +9,21 @@ in
sshAuthorizedKeys = sshKeys; sshAuthorizedKeys = sshKeys;
}; };
nixos = nixos = _: {
{ ... }: users.users.matej = {
{ uid = 1000;
users.users.matej = { isNormalUser = true;
uid = 1000; home = "/home/matej";
isNormalUser = true; extraGroups = [ "wheel" ];
home = "/home/matej"; openssh.authorizedKeys.keys = sshKeys;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = sshKeys;
};
users.groups.matej = {
gid = 1000;
members = [ "matej" ];
};
}; };
users.groups.matej = {
gid = 1000;
members = [ "matej" ];
};
};
home = _: { home = _: {
home.stateVersion = "26.05"; home.stateVersion = "26.05";
}; };

134
features/vm-guest.nix
View File

@@ -40,76 +40,78 @@
}; };
}; };
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enable (
{ lib.mkMerge [
services.qemuGuest.enable = true; {
services.spice-vdagentd.enable = lib.mkIf (!cfg.headless) true; services.qemuGuest.enable = true;
services.spice-vdagentd.enable = lib.mkIf (!cfg.headless) true;
boot.kernelParams = lib.mkIf cfg.headless [ "console=ttyS0,115200" ]; boot.kernelParams = lib.mkIf cfg.headless [ "console=ttyS0,115200" ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"9p" "9p"
"9pnet_virtio" "9pnet_virtio"
]; ];
boot.kernelModules = [ boot.kernelModules = [
"9p" "9p"
"9pnet_virtio" "9pnet_virtio"
];
networking = {
useDHCP = true;
firewall.allowedTCPPorts = [ 22 ];
};
security.sudo.wheelNeedsPassword = false;
environment.systemPackages = with pkgs; [
curl
wget
htop
sshfs
];
}
(lib.mkIf cfg.automount.enable {
systemd.services.vm-9p-automount = {
description = "Auto-discover and mount 9p shares";
after = [
"local-fs.target"
"nss-user-lookup.target"
"systemd-modules-load.service"
]; ];
wants = [ "systemd-modules-load.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = pkgs.writeShellScript "vm-9p-automount" ''
BASE="${cfg.automount.basePath}"
PREFIX="${cfg.automount.prefix}"
mkdir -p "$BASE"
chown ${autoUser}:${autoGroup} "$BASE"
for tagfile in $(find /sys/devices -name mount_tag 2>/dev/null); do networking = {
[ -f "$tagfile" ] || continue useDHCP = true;
tag=$(tr -d '\0' < "$tagfile") firewall.allowedTCPPorts = [ 22 ];
case "$tag" in
"$PREFIX"*) ;;
*) continue ;;
esac
name="''${tag#"$PREFIX"}"
target="$BASE/$name"
mkdir -p "$target"
${pkgs.util-linux}/bin/mount -t 9p "$tag" "$target" \
-o trans=virtio,version=9p2000.L || continue
done
'';
}; };
};
}) security.sudo.wheelNeedsPassword = false;
]);
environment.systemPackages = with pkgs; [
curl
wget
htop
sshfs
];
}
(lib.mkIf cfg.automount.enable {
systemd.services.vm-9p-automount = {
description = "Auto-discover and mount 9p shares";
after = [
"local-fs.target"
"nss-user-lookup.target"
"systemd-modules-load.service"
];
wants = [ "systemd-modules-load.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = pkgs.writeShellScript "vm-9p-automount" ''
BASE="${cfg.automount.basePath}"
PREFIX="${cfg.automount.prefix}"
mkdir -p "$BASE"
chown ${autoUser}:${autoGroup} "$BASE"
for tagfile in $(find /sys/devices -name mount_tag 2>/dev/null); do
[ -f "$tagfile" ] || continue
tag=$(tr -d '\0' < "$tagfile")
case "$tag" in
"$PREFIX"*) ;;
*) continue ;;
esac
name="''${tag#"$PREFIX"}"
target="$BASE/$name"
mkdir -p "$target"
${pkgs.util-linux}/bin/mount -t 9p "$tag" "$target" \
-o trans=virtio,version=9p2000.L || continue
done
'';
};
};
})
]
);
}; };
} }

39
features/zsh.nix
View File

@@ -1,6 +1,12 @@
{ {
nixos = nixos =
{ config, lib, pkgs, user, ... }: {
config,
lib,
pkgs,
user,
...
}:
let let
cfg = config.features.zsh; cfg = config.features.zsh;
in in
@@ -15,22 +21,29 @@
}; };
}; };
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enable (
{ lib.mkMerge [
programs.zsh.enable = true; {
environment.etc."zshenv".text = '' programs.zsh.enable = true;
export ZDOTDIR=$HOME/.config/zsh environment.etc."zshenv".text = ''
''; export ZDOTDIR=$HOME/.config/zsh
} '';
}
(lib.mkIf cfg.loginShell.enable { (lib.mkIf cfg.loginShell.enable {
users.users.${user}.shell = pkgs.zsh; users.users.${user}.shell = pkgs.zsh;
}) })
]); ]
);
}; };
home = home =
{ pkgs, lib, osConfig, ... }: {
pkgs,
lib,
osConfig,
...
}:
let let
cfg = osConfig.features.zsh; cfg = osConfig.features.zsh;
in in

8
hosts/ephvm/configuration.nix
View File

@@ -75,9 +75,11 @@
# TODO:(@janezicmatej) replace ssh with virtio-console (hvc0) when qemu 11.0 lands # TODO:(@janezicmatej) replace ssh with virtio-console (hvc0) when qemu 11.0 lands
# https://www.mail-archive.com/qemu-devel@nongnu.org/msg1162844.html # https://www.mail-archive.com/qemu-devel@nongnu.org/msg1162844.html
# accept any ssh key (ephemeral localhost-only vm) # accept any ssh key (ephemeral localhost-only vm)
services.openssh.settings.AuthorizedKeysCommand = let services.openssh.settings.AuthorizedKeysCommand =
acceptKey = pkgs.writeShellScript "ephvm-accept-key" ''echo "$1 $2"''; let
in "${acceptKey} %t %k"; acceptKey = pkgs.writeShellScript "ephvm-accept-key" ''echo "$1 $2"'';
in
"${acceptKey} %t %k";
services.openssh.settings.AuthorizedKeysCommandUser = "nobody"; services.openssh.settings.AuthorizedKeysCommandUser = "nobody";
# writable claude config via 9p # writable claude config via 9p

43
lib/mkHost.nix
View File

@@ -79,30 +79,29 @@ let
in in
nixpkgs.lib.nixosSystem { nixpkgs.lib.nixosSystem {
inherit system; inherit system;
modules = modules = [
[ inputs.sops-nix.nixosModules.sops
inputs.sops-nix.nixosModules.sops inputs.stylix.nixosModules.stylix
inputs.stylix.nixosModules.stylix
{ nixpkgs.overlays = overlays; } { nixpkgs.overlays = overlays; }
{ nixpkgs.config.allowUnfree = true; } { nixpkgs.config.allowUnfree = true; }
{ networking.hostName = name; } { networking.hostName = name; }
featureEnableModule featureEnableModule
hostConfig hostConfig
] ]
++ lib.optional (builtins.pathExists hostHWConfig) hostHWConfig ++ lib.optional (builtins.pathExists hostHWConfig) hostHWConfig
++ nixosMods ++ nixosMods
++ lib.optionals hasUser [ ++ lib.optionals hasUser [
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
{ {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.backupFileExtension = "backup"; home-manager.backupFileExtension = "backup";
home-manager.users.${user}.imports = homeMods; home-manager.users.${user}.imports = homeMods;
home-manager.extraSpecialArgs = { inherit inputs; }; home-manager.extraSpecialArgs = { inherit inputs; };
} }
]; ];
specialArgs = { specialArgs = {
inherit inputs userKeys user; inherit inputs userKeys user;
}; };