diff --git a/flake.lock b/flake.lock index b086454..8c4cb70 100644 --- a/flake.lock +++ b/flake.lock @@ -145,7 +145,7 @@ "inputs": { "deploy-rs": "deploy-rs", "nixpkgs": [ - "nixpkgs-unstable" + "nixpkgs" ], "nixpkgs-unstable": [ "nixpkgs-unstable" @@ -1257,6 +1257,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1771043024, + "narHash": "sha256-O1XDr7EWbRp+kHrNNgLWgIrB0/US5wvw9K6RERWAj6I=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3aadb7ca9eac2891d52a9dec199d9580a6e2bf44", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1769461804, "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", @@ -1473,6 +1489,7 @@ "nix-alien": "nix-alien", "nixcats": "nixcats", "nixcord": "nixcord", + "nixpkgs": "nixpkgs_10", "nixpkgs-staging": "nixpkgs-staging", "nixpkgs-unstable": "nixpkgs-unstable", "sddm-silent": "sddm-silent", @@ -1739,7 +1756,7 @@ "zen": { "inputs": { "home-manager": "home-manager_2", - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_11" }, "locked": { "lastModified": 1770910552, diff --git a/flake.nix b/flake.nix index 3c4eacf..3735804 100644 --- a/flake.nix +++ b/flake.nix @@ -4,6 +4,7 @@ inputs = { systems.url = "github:nix-systems/default"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-staging.url = "github:NixOS/nixpkgs/staging-next"; @@ -16,7 +17,7 @@ url = "github:emilelcb/Cerulean"; inputs = { systems.follows = "systems"; - nixpkgs.follows = "nixpkgs-unstable"; + nixpkgs.follows = "nixpkgs"; nixpkgs-unstable.follows = "nixpkgs-unstable"; }; }; diff --git a/groups/all/default.nix b/groups/all/default.nix new file mode 100644 index 0000000..a7c21fd --- /dev/null +++ b/groups/all/default.nix @@ -0,0 +1,6 @@ +{ ... }: { + nix.settings = { + experimental-features = ["nix-command" "flakes"]; + download-buffer-size = 524288000; + }; +} diff --git a/groups/servers/default.nix b/groups/servers/default.nix new file mode 100644 index 0000000..b142ca8 --- /dev/null +++ b/groups/servers/default.nix @@ -0,0 +1,17 @@ +{ ... }: { + nix.settings = { + trusted-users = ["root" "@wheel"]; + }; + + security = { + sudo = { + enable = true; + wheelNeedsPassword = true; + }; + + pam = { + sshAgentAuth.enable = true; + services.sudo.sshAgentAuth = true; # pam_ssh_agent_auth module + }; + }; +} diff --git a/groups/unstable-base/default.nix b/groups/unstable-base/default.nix new file mode 100644 index 0000000..1afa015 --- /dev/null +++ b/groups/unstable-base/default.nix @@ -0,0 +1,5 @@ +{lib, config, ...}: { + nixpkgs.channels.default = { + default = lib.mkForce config.nixpkgs-unstable.channels.default.pkgs; + }; +} diff --git a/hosts/arcturus/default.nix b/hosts/arcturus/default.nix index cdbc104..aa0e179 100644 --- a/hosts/arcturus/default.nix +++ b/hosts/arcturus/default.nix @@ -6,12 +6,6 @@ networking.hostName = "arcturus"; - nix.settings = { - experimental-features = ["nix-command" "flakes"]; - download-buffer-size = 524288000; - trusted-users = ["root" "@wheel"]; - }; - time.timeZone = "Europe/London"; i18n.defaultLocale = "en_US.UTF-8"; console = { @@ -27,18 +21,6 @@ }; }; - security = { - sudo = { - enable = true; - wheelNeedsPassword = true; - }; - - pam = { - sshAgentAuth.enable = true; - services.sudo.sshAgentAuth = true; # pam_ssh_agent_auth module - }; - }; - networking = { useNetworkd = false; useDHCP = false; diff --git a/hosts/lyra/default.nix b/hosts/lyra/default.nix index 6f90f17..499d59e 100644 --- a/hosts/lyra/default.nix +++ b/hosts/lyra/default.nix @@ -6,12 +6,6 @@ networking.hostName = "lyra"; - nix.settings = { - experimental-features = ["nix-command" "flakes"]; - download-buffer-size = 524288000; - trusted-users = ["root" "@wheel"]; - }; - time.timeZone = "Europe/London"; i18n.defaultLocale = "en_US.UTF-8"; console = { @@ -27,18 +21,6 @@ }; }; - security = { - sudo = { - enable = true; - wheelNeedsPassword = true; - }; - - pam = { - sshAgentAuth.enable = true; - services.sudo.sshAgentAuth = true; # pam_ssh_agent_auth module - }; - }; - networking = { networkmanager.enable = true; diff --git a/hosts/nixarawrui/default.nix b/hosts/nixarawrui/default.nix index ba6d75a..010b67a 100644 --- a/hosts/nixarawrui/default.nix +++ b/hosts/nixarawrui/default.nix @@ -10,12 +10,6 @@ ./modules/amdgpu-ignore-ctx-privileges.nix ]; - # Enable the Flakes feature and the accompaying new nix command-line tool - nix.settings = { - experimental-features = ["nix-command" "flakes"]; - download-buffer-size = 524288000; - }; - # Use the systemd-boot EFI boot loader. boot = rec { initrd.kernelModules = ["amdgpu"]; @@ -335,27 +329,5 @@ inputs.nix-alien.packages.${stdenv.hostPlatform.system}.nix-alien ]; - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixupkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how - # to actually do that. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "24.11"; # Did you read the comment? + system.stateVersion = "24.11"; } diff --git a/nixpkgs.nix b/nixpkgs.nix index 2428743..43eb7f7 100644 --- a/nixpkgs.nix +++ b/nixpkgs.nix @@ -5,6 +5,15 @@ } @ args: { nixpkgs.channels.default = rec { default = upkgs; + + # nixpkgs + pkgs = { + inherit system; + source = inputs.nixpkgs; + overlays = []; + config.allowUnfree = true; + }; + # nixpkgs-unstable upkgs = { inherit system; @@ -19,6 +28,7 @@ config.allowUnfree = true; }; + # nixpkgs-staging spkgs = { inherit system; diff --git a/snow.nix b/snow.nix index 932b744..1fea348 100644 --- a/snow.nix +++ b/snow.nix @@ -7,9 +7,25 @@ cerulean.mkNexus ./. (self: { home-manager.nixosModules.home-manager ]; - nodes = { + groups = { + unstable-base = {}; + servers = {}; + }; + + nodes = let + inherit + (self.nexus) + groups + ; + in + { nixarawrui = { system = "x86_64-linux"; + + groups = [ + groups.unstable-base + ]; + extraModules = with inputs; [ sddm-silent.nixosModules.default ]; @@ -17,6 +33,11 @@ cerulean.mkNexus ./. (self: { arcturus = { system = "x86_64-linux"; + + groups = [ + groups.servers + ]; + deploy.ssh = { host = "10.16.1.163"; port = 2222; @@ -26,6 +47,11 @@ cerulean.mkNexus ./. (self: { lyra = { system = "x86_64-linux"; + + groups = [ + groups.servers + ]; + deploy.ssh = { host = "10.16.1.58"; port = 2222;