janezicmatej/matej.nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: update flake and hosts for new structure

Browse Source
This commit is contained in:
Matej Janezic
2026-03-26 23:23:52 +01:00
parent 8c6fefb95b
commit 404b6431ce
9 changed files with 173 additions and 199 deletions
Download Patch File Download Diff File Expand all files Collapse all files

106
flake.nix
View File

@@ -39,98 +39,34 @@
}; };
outputs = outputs =
inputs@{ flake-parts, nixpkgs, ... }: inputs@{
flake-parts,
nixpkgs,
self,
...
}:
flake-parts.lib.mkFlake { inherit inputs; } { flake-parts.lib.mkFlake { inherit inputs; } {
imports = [
./flake/overlays.nix
./flake/packages.nix
./flake/devshell.nix
./flake/hosts.nix
];
systems = [ "x86_64-linux" ]; systems = [ "x86_64-linux" ];
perSystem = perSystem =
{ system, pkgs, ... }: { system, ... }:
let
my-lib = import ./lib { inherit (nixpkgs) lib; };
in
{ {
packages = _module.args.pkgs = import nixpkgs {
import ./packages inherit system;
{ overlays = [ self.overlays.default ];
inherit my-lib; config.allowUnfree = true;
inherit (nixpkgs) lib;
}
{
inherit pkgs;
pkgs-unstable = inputs.nixpkgs-unstable.legacyPackages.${system};
pkgs-master = inputs.nixpkgs-master.legacyPackages.${system};
};
formatter = pkgs.nixfmt-tree;
devShells.default = pkgs.mkShell {
packages = [
pkgs.pre-commit
pkgs.statix
pkgs.shellcheck
pkgs.shfmt
pkgs.qemu
];
}; };
}; };
flake = flake = {
let lib = import ./lib { inherit (nixpkgs) lib; };
my-lib = import ./lib { inherit (nixpkgs) lib; }; };
overlays = [
(
_: prev:
let
pkgs-unstable = import inputs.nixpkgs-unstable {
inherit (prev.stdenv.hostPlatform) system;
inherit (prev) config;
};
pkgs-master = import inputs.nixpkgs-master {
inherit (prev.stdenv.hostPlatform) system;
inherit (prev) config;
};
in
{
inherit (pkgs-master) claude-code;
# TODO:(@janezicmatej) 2026-03-09 error with stable for telegram-desktop
inherit (pkgs-unstable) telegram-desktop;
}
)
];
mkHost = my-lib.mkHost {
inherit
nixpkgs
overlays
inputs
;
};
in
{
lib = my-lib;
nixosConfigurations = {
fw16 = mkHost "fw16" {
system = "x86_64-linux";
user = "matej";
};
tower = mkHost "tower" {
system = "x86_64-linux";
user = "matej";
};
# nixos-rebuild build-image --image-variant install-iso --flake .#iso
iso = mkHost "iso" {
system = "x86_64-linux";
};
ephvm = mkHost "ephvm" {
system = "x86_64-linux";
user = "matej";
};
};
};
}; };
} }

17
flake/devshell.nix Normal file
View File

@@ -0,0 +1,17 @@
_: {
perSystem =
{ pkgs, ... }:
{
formatter = pkgs.nixfmt-tree;
devShells.default = pkgs.mkShell {
packages = [
pkgs.pre-commit
pkgs.statix
pkgs.shellcheck
pkgs.shfmt
pkgs.qemu
];
};
};
}

86
flake/hosts.nix Normal file
View File

@@ -0,0 +1,86 @@
{ inputs, self, ... }:
let
inherit (inputs) nixpkgs;
my-lib = import ../lib { inherit (nixpkgs) lib; };
mkHost = my-lib.mkHost {
inherit nixpkgs inputs;
overlays = [ self.overlays.default ];
};
in
{
flake.nixosConfigurations = {
fw16 = mkHost "fw16" {
system = "x86_64-linux";
user = "matej";
features = [
"openssh"
"localisation"
"gnupg"
"shell"
"desktop"
"sway"
"greeter"
"printing"
"networkmanager"
"docker"
"tailscale"
"nix-ld"
"yubikey"
"calibre"
"steam"
"neovim"
"dev"
"claude"
];
};
tower = mkHost "tower" {
system = "x86_64-linux";
user = "matej";
features = [
"openssh"
"localisation"
"gnupg"
"shell"
"desktop"
"sway"
"greeter"
"printing"
"networkmanager"
"docker"
"tailscale"
"yubikey"
"calibre"
"initrd-ssh"
"neovim"
"dev"
"claude"
];
};
# nixos-rebuild build-image --image-variant install-iso --flake .#iso
iso = mkHost "iso" {
system = "x86_64-linux";
features = [
"openssh"
];
};
ephvm = mkHost "ephvm" {
system = "x86_64-linux";
user = "matej";
features = [
"openssh"
"localisation"
"gnupg"
"shell"
"vm-guest"
"vm-9p-automount"
"docker"
"neovim"
];
};
};
}

21
flake/overlays.nix Normal file
View File

@@ -0,0 +1,21 @@
{ inputs, ... }:
{
flake.overlays.default =
_: prev:
let
pkgs-unstable = import inputs.nixpkgs-unstable {
inherit (prev.stdenv.hostPlatform) system;
inherit (prev) config;
};
pkgs-master = import inputs.nixpkgs-master {
inherit (prev.stdenv.hostPlatform) system;
inherit (prev) config;
};
in
{
inherit (pkgs-master) claude-code;
# TODO:(@janezicmatej) 2026-03-09 error with stable for telegram-desktop
inherit (pkgs-unstable) telegram-desktop;
};
}

22
flake/packages.nix Normal file
View File

@@ -0,0 +1,22 @@
{ inputs, ... }:
let
my-lib = import ../lib { inherit (inputs.nixpkgs) lib; };
in
{
perSystem =
{ pkgs, system, ... }:
{
packages =
import ../packages
{
inherit my-lib;
inherit (inputs.nixpkgs) lib;
}
{
inherit pkgs;
pkgs-unstable = inputs.nixpkgs-unstable.legacyPackages.${system};
pkgs-master = inputs.nixpkgs-master.legacyPackages.${system};
};
};
}

21
hosts/ephvm/configuration.nix
View File

@@ -2,14 +2,9 @@
pkgs, pkgs,
lib, lib,
inputs, inputs,
config,
... ...
}: }:
{ {
networking.hostName = "ephvm";
profiles.base.enable = true;
# no hardware firmware needed in a VM # no hardware firmware needed in a VM
hardware.enableRedistributableFirmware = lib.mkForce false; hardware.enableRedistributableFirmware = lib.mkForce false;
hardware.wirelessRegulatoryDatabase = lib.mkForce false; hardware.wirelessRegulatoryDatabase = lib.mkForce false;
@@ -33,27 +28,15 @@
); );
}; };
vm-guest = { vm-guest.headless = true;
enable = true;
headless = true;
};
vm-9p-automount = { vm-9p-automount.user = "matej";
enable = true;
user = "matej";
};
localisation = { localisation = {
timeZone = "UTC"; timeZone = "UTC";
defaultLocale = "en_US.UTF-8"; defaultLocale = "en_US.UTF-8";
}; };
virtualisation.docker = {
enable = true;
logDriver = "json-file";
};
# TODO:(@janezicmatej) move neovim dotfiles wiring to a cleaner place
home-manager.users.matej = { home-manager.users.matej = {
neovim.dotfiles = inputs.nvim; neovim.dotfiles = inputs.nvim;
}; };

50
hosts/fw16/configuration.nix
View File

@@ -1,40 +1,21 @@
{ {
config,
lib, lib,
pkgs, pkgs,
inputs, inputs,
options, options,
userKeys,
... ...
}: }:
let
packages = inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system};
in
{ {
imports = [ imports = [
inputs.nixos-hardware.nixosModules.framework-16-amd-ai-300-series inputs.nixos-hardware.nixosModules.framework-16-amd-ai-300-series
inputs.stylix.nixosModules.stylix
]; ];
profiles.desktop.enable = true;
localisation = { localisation = {
timeZone = "Europe/Ljubljana"; timeZone = "Europe/Ljubljana";
defaultLocale = "en_US.UTF-8"; defaultLocale = "en_US.UTF-8";
}; };
stylix = {
enable = true;
polarity = "dark";
image = "${inputs.assets}/wallpaper.png";
base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-material-dark-medium.yaml";
};
# neovim manages its own theme
home-manager.users.matej.stylix.targets.neovim.enable = false;
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
@@ -53,26 +34,11 @@ in
HibernateDelaySec=30min HibernateDelaySec=30min
''; '';
# WARN:(@janezicmatej) nix-ld for running pip-installed binaries outside nix, probably want to drop this
programs.nix-ld.enable = true;
programs.nix-ld.libraries = options.programs.nix-ld.libraries.default; programs.nix-ld.libraries = options.programs.nix-ld.libraries.default;
security.pki.certificateFiles = [ packages.ca-matheo-si ];
services.gnome.gnome-keyring.enable = true; services.gnome.gnome-keyring.enable = true;
services.teamviewer.enable = true; services.teamviewer.enable = true;
programs.thunderbird.enable = true;
programs._1password.enable = true;
programs._1password-gui.enable = true;
programs.firefox.enable = true;
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
};
services.hardware.bolt.enable = true; services.hardware.bolt.enable = true;
hardware.keyboard.zsa.enable = true; hardware.keyboard.zsa.enable = true;
hardware.ledger.enable = true; hardware.ledger.enable = true;
@@ -85,21 +51,7 @@ in
SUBSYSTEM=="usb", DRIVERS=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0014", ATTR{power/wakeup}="disabled" SUBSYSTEM=="usb", DRIVERS=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0014", ATTR{power/wakeup}="disabled"
''; '';
programs.nm-applet.enable = true; networking.firewall.enable = false;
networking = {
hostName = "fw16";
networkmanager.enable = true;
firewall.enable = false;
nameservers = [
"1.1.1.1"
"8.8.8.8"
];
};
xdg.mime.defaultApplications = {
"application/pdf" = "org.pwmt.zathura.desktop";
};
system.stateVersion = "24.11"; system.stateVersion = "24.11";
} }

11
hosts/iso/configuration.nix
View File

@@ -1,23 +1,12 @@
{ {
pkgs,
lib,
inputs,
userKeys, userKeys,
... ...
}: }:
{ {
openssh.enable = true;
image.modules.iso-installer = { image.modules.iso-installer = {
isoImage.squashfsCompression = "zstd -Xcompression-level 6"; isoImage.squashfsCompression = "zstd -Xcompression-level 6";
}; };
fileSystems."/" = lib.mkDefault {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
boot.loader.grub.device = lib.mkDefault "/dev/sda";
networking.firewall.allowedTCPPorts = [ 22 ]; networking.firewall.allowedTCPPorts = [ 22 ];
users = { users = {

38
hosts/tower/configuration.nix
View File

@@ -1,42 +1,25 @@
{ {
config,
lib, lib,
pkgs,
inputs, inputs,
options,
userKeys, userKeys,
... ...
}: }:
{ {
imports = [ imports = [
inputs.stylix.nixosModules.stylix
inputs.lanzaboote.nixosModules.lanzaboote inputs.lanzaboote.nixosModules.lanzaboote
]; ];
profiles.desktop.enable = true;
initrd-ssh = {
enable = true;
networkModule = "r8169";
authorizedKeys = userKeys.sshAuthorizedKeys;
};
localisation = { localisation = {
timeZone = "Europe/Ljubljana"; timeZone = "Europe/Ljubljana";
defaultLocale = "en_US.UTF-8"; defaultLocale = "en_US.UTF-8";
}; };
stylix = { initrd-ssh = {
enable = true; networkModule = "r8169";
polarity = "dark"; authorizedKeys = userKeys.sshAuthorizedKeys;
image = "${inputs.assets}/wallpaper.png";
base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-material-dark-medium.yaml";
}; };
# neovim manages its own theme
home-manager.users.matej.stylix.targets.neovim.enable = false;
# lanzaboote secure boot # lanzaboote secure boot
boot.kernelParams = [ "btusb.reset=1" ]; boot.kernelParams = [ "btusb.reset=1" ];
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
@@ -46,13 +29,8 @@
pkiBundle = "/var/lib/sbctl"; pkiBundle = "/var/lib/sbctl";
}; };
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
services.udisks2.enable = true; services.udisks2.enable = true;
programs._1password.enable = true;
programs._1password-gui.enable = true;
# higher sample rate for audio equipment # higher sample rate for audio equipment
services.pipewire.extraConfig.pipewire.adjust-sample-rate = { services.pipewire.extraConfig.pipewire.adjust-sample-rate = {
"context.properties" = { "context.properties" = {
@@ -61,15 +39,5 @@
}; };
}; };
environment.systemPackages = with pkgs; [
easyeffects
];
networking.hostName = "tower";
xdg.mime.defaultApplications = {
"application/pdf" = "org.pwmt.zathura.desktop";
};
system.stateVersion = "25.05"; system.stateVersion = "25.05";
} }