upRootNutrition/dotfiles
upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-12-06 21:17:14 -06:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions

chore: init

Browse source
This commit is contained in:
Nick 2025-10-01 19:51:55 -05:00
commit 1b2c1ea359
891 changed files with 37053 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

43
systems/ceres/config/boot.nix Executable file
View file

@ -0,0 +1,43 @@
{
pkgs,
config,
...
}:
{
boot = {
extraModulePackages = [
config.boot.kernelPackages.v4l2loopback.out
];
supportedFilesystems = [
"ntfs"
];
initrd = {
availableKernelModules = [
"nvme"
"ahci"
"xhci_pci"
"usb_storage"
"usbhid"
"sd_mod"
];
kernelModules = [
];
};
kernelModules = [
"kvm-amd"
"vfio-pci"
"v4l2loopback"
];
kernelPackages = pkgs.linuxPackages_latest;
loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
systemd-boot.enable = true;
};
};
}

52
systems/ceres/config/filesystem.nix Executable file
View file

@ -0,0 +1,52 @@
{
flake,
config,
...
}:
let
inherit (flake.config.people)
user0
;
inherit (flake.config.machines.devices)
ceres
;
in
{
fileSystems =
let
storageDrives = [
"storage0"
];
storageMounts = storage: {
name = "${ceres.${storage}.mount}";
value = {
device = ceres.${storage}.device;
fsType = "ext4";
options = ceres.${storage}.options;
};
};
in
{
"/" = {
device = "/dev/disk/by-uuid/de4e681b-0667-4bf8-8d6e-c50894aa41cd";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/C68D-B1C0";
fsType = "vfat";
};
}
// (builtins.listToAttrs (map storageMounts storageDrives));
swapDevices = [
{ device = "/dev/disk/by-uuid/259fcc06-912c-4bd3-b781-8f77449e935a"; }
];
systemd.tmpfiles.rules = [
"Z ${config.home-manager.users.${user0}.home.homeDirectory} 0755 ${user0} users -"
"Z ${ceres.storage0.mount} 2775 root root -"
];
services.udisks2.enable = true;
}

61
systems/ceres/config/graphics.nix Executable file
View file

@ -0,0 +1,61 @@
{
pkgs,
config,
lib,
...
}:
{
environment = {
etc."libva.conf".text = ''
LIBVA_MESSAGING_LEVEL=1
'';
systemPackages = builtins.attrValues {
inherit (pkgs) ddcutil;
# Remove CUDA from system packages for now
# inherit (pkgs.cudaPackages) cudatoolkit;
};
sessionVariables = {
MOZ_DISABLE_RDD_SANDBOX = 1;
LIBVA_DRIVER_NAME = "nvidia";
};
variables = {
GBM_BACKEND = "nvidia-drm";
__GLX_VENDOR_LIBRARY_NAME = "nvidia";
NIZOS_OZONE_WL = "1";
KWIN_DRM_ALLOW_NVIDIA_COLORSPACE = "1";
ENABLE_HDR_WSI = "1";
};
};
hardware = {
graphics = {
enable = true;
enable32Bit = true;
extraPackages = builtins.attrValues { inherit (pkgs) nvidia-vaapi-driver vaapiVdpau; };
extraPackages32 = builtins.attrValues {
inherit (pkgs.pkgsi686Linux) nvidia-vaapi-driver vaapiVdpau;
};
};
nvidia = {
modesetting.enable = true;
forceFullCompositionPipeline = false;
nvidiaSettings = true;
open = true;
gsp.enable = true;
package = config.boot.kernelPackages.nvidiaPackages.latest;
powerManagement = {
enable = true;
finegrained = false;
};
};
};
services = {
xserver = {
enable = true;
videoDrivers = [ "nvidia" ];
};
};
hardware.nvidia-container-toolkit.enable = lib.mkIf config.virtualisation.docker.enable true;
}

15
systems/ceres/config/hardware.nix Executable file
View file

@ -0,0 +1,15 @@
{
config,
lib,
pkgs,
...
}:
{
hardware = {
firmware = [
pkgs.rtl8761b-firmware
];
enableAllFirmware = true;
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

42
systems/ceres/config/networking.nix Executable file
View file

@ -0,0 +1,42 @@
{
lib,
flake,
...
}:
let
inherit (flake.config.machines.devices) ceres;
in
{
networking = {
hostName = ceres.name;
networkmanager.enable = true;
nftables.enable = true;
useDHCP = lib.mkDefault true;
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
25 # SMTP
139 # SMTP
587 # SMTP
2525 # SMTP
];
};
};
services = {
avahi = {
enable = true;
openFirewall = true;
nssmdns4 = true;
publish = {
enable = true;
userServices = true;
};
};
sshd.enable = true;
openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
};
}

16
systems/ceres/config/sops.nix Executable file
View file

@ -0,0 +1,16 @@
{ flake, ... }:
let
inherit (flake.config.people)
user0
;
in
{
sops = {
secrets = {
"discord-token" = {
path = "/home/${user0}/projects/zookeeper/.env";
owner = user0;
};
};
};
}

73
systems/ceres/config/wireguard.nix Executable file
View file

@ -0,0 +1,73 @@
{ config, flake, ... }:
let
inherit (flake.config.services) instances;
inherit (flake.config.machines.devices) mars deimos ceres;
service = instances.wireGuard;
in
{
networking = {
firewall = {
allowedTCPPorts = [
service.ports.port0
];
allowedUDPPorts = [
service.ports.port0
service.ports.port1
];
};
nat = {
enable = true;
enableIPv6 = true;
externalInterface = "eth0";
internalInterfaces = [ "wg0" ];
};
wireguard.interfaces = {
wg0 = {
ips = [ "${ceres.wireguard.ip0}/24" ];
listenPort = service.ports.port1;
privateKeyFile = config.sops.secrets."${service.name}-private".path;
peers = [
# if you need to create a new key pair
# wg genkey | save --raw --force privatekey
# open privatekey | wg pubkey | save --raw --force publickey
{
publicKey = "9zfRPxkxTLHM9tABC8lIaDMrzdjcF2l1mtG82uqGKUQ=";
allowedIPs = [ "${mars.wireguard.ip0}/32" ];
}
{
publicKey = "hKbvOlvKdWAlq45rfV3ggwOI8xqiqVWweXV+2GQx/0I=";
allowedIPs = [ "${deimos.wireguard.ip0}/32" ];
}
];
};
};
};
sops =
let
sopsPath = secret: {
path = "${service.sops.path0}/${service.name}-${secret}-pass";
owner = "root";
mode = "600";
};
in
{
secrets = builtins.listToAttrs (
map
(secret: {
name = "${service.name}-${secret}";
value = sopsPath secret;
})
[
"private"
"public"
]
);
};
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
};
}

17
systems/ceres/default.nix Executable file
View file

@ -0,0 +1,17 @@
{ lib, ... }:
let
configPath = ./config;
ceresImports =
let
files = builtins.attrNames (builtins.readDir configPath);
in
map (name: configPath + "/${name}") (
builtins.filter (name: builtins.match ".*\\.nix$" name != null) files
);
in
{
imports = ceresImports;
nixpkgs.hostPlatform = lib.mkForce "x86_64-linux";
system.stateVersion = lib.mkForce "24.05";
}

43
systems/deimos/config/boot.nix Executable file
View file

@ -0,0 +1,43 @@
{
pkgs,
config,
...
}:
{
boot = {
extraModulePackages = [
config.boot.kernelPackages.v4l2loopback.out
];
supportedFilesystems = [
"ntfs"
];
initrd = {
availableKernelModules = [
"nvme"
"ahci"
"xhci_pci"
"usb_storage"
"usbhid"
"sd_mod"
];
kernelModules = [
];
};
kernelModules = [
"kvm-amd"
"vfio-pci"
"v4l2loopback"
];
kernelPackages = pkgs.linuxPackages_latest;
loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
systemd-boot.enable = true;
};
};
}

105
systems/deimos/config/filesystem.nix Executable file
View file

@ -0,0 +1,105 @@
{
flake,
config,
...
}:
let
inherit (flake.config.people)
user0
;
inherit (flake.config.machines.devices)
deimos
synology
ceres
;
inherit (flake.config.services.instances)
jellyfin
audiobookshelf
comfyui
;
synologySecrets = config.sops.secrets."network/synology".path;
ceresSecrets = config.sops.secrets."network/server".path;
in
{
fileSystems =
let
synologyDrives = [
"folder0"
"folder1"
];
sambaDrives = [
"samba0"
];
remoteDrives = [
"remote0"
];
remoteFolders = [
audiobookshelf.name
jellyfin.name
comfyui.name
];
synologyMounts = synologyDrive: {
name = "${synology.${synologyDrive}.mount}";
value = {
device = synology.${synologyDrive}.device;
fsType = "cifs";
options = synology.${synologyDrive}.options ++ [
"credentials=${synologySecrets}"
];
};
};
sambaMounts = sambaDrive: folder: {
name = "${ceres.${sambaDrive}.mount}/${folder}";
value = {
device = "${ceres.${sambaDrive}.device}/${folder}";
fsType = "cifs";
options = ceres.${sambaDrive}.options ++ [
"credentials=${ceresSecrets}"
];
};
};
sshfsMounts = sshfsDrive: folder: {
name = "${ceres.${sshfsDrive}.mount}/${folder}";
value = {
device = "${ceres.${sshfsDrive}.device}/${folder}";
fsType = "sshfs";
options = ceres.${sshfsDrive}.options;
};
};
in
{
"/" = {
device = "/dev/disk/by-uuid/c9a82c93-1da4-4cd1-a1fa-26483271a2bb";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/71CA-765A";
fsType = "vfat";
options = deimos.boot.options;
};
}
// (builtins.listToAttrs (map synologyMounts synologyDrives))
// (builtins.listToAttrs (
builtins.concatMap (drive: map (folder: sambaMounts drive folder) remoteFolders) sambaDrives
))
// (builtins.listToAttrs (
builtins.concatMap (drive: map (folder: sshfsMounts drive folder) remoteFolders) remoteDrives
));
swapDevices = [
{ device = "/dev/disk/by-uuid/74007bf1-6e2f-425e-99fa-d35990f4ea37"; }
];
systemd.tmpfiles.rules = [
"Z ${config.home-manager.users.${user0}.home.homeDirectory} 0755 ${user0} users -"
];
services.udisks2.enable = true;
}

24
systems/deimos/config/graphics.nix Executable file
View file

@ -0,0 +1,24 @@
{ pkgs, ... }:
{
hardware = {
graphics = {
enable = true;
extraPackages = builtins.attrValues {
inherit (pkgs)
amdvlk
;
inherit (pkgs.rocmPackages.clr)
icd
;
};
extraPackages32 = builtins.attrValues {
inherit (pkgs.driversi686Linux)
amdvlk
;
};
};
};
boot.initrd.kernelModules = [
"amdgpu"
];
}

19
systems/deimos/config/hardware.nix Executable file
View file

@ -0,0 +1,19 @@
{
config,
lib,
pkgs,
...
}:
{
hardware = {
amdgpu.overdrive = {
enable = true;
ppfeaturemask = "0xffffffff";
};
firmware = [
pkgs.rtl8761b-firmware
];
enableAllFirmware = true;
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

38
systems/deimos/config/networking.nix Executable file
View file

@ -0,0 +1,38 @@
{
lib,
flake,
...
}:
let
inherit (flake.config.machines.devices)
deimos
;
in
{
networking = {
hostName = deimos.name;
networkmanager.enable = true;
nftables.enable = true;
useDHCP = lib.mkDefault true;
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
1234 # Elm Server
55771
];
};
};
services = {
avahi = {
enable = true;
openFirewall = true;
nssmdns4 = true;
};
sshd.enable = true;
openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
};
}

16
systems/deimos/config/sops.nix Executable file
View file

@ -0,0 +1,16 @@
{
sops = {
secrets = {
"network/synology" = {
path = "/var/lib/secrets/synology";
owner = "root";
mode = "600";
};
"network/server" = {
path = "/var/lib/secrets/server";
owner = "root";
mode = "600";
};
};
};
}

38
systems/deimos/config/wireguard.nix Executable file
View file

@ -0,0 +1,38 @@
{ config, flake, ... }:
let
inherit (flake.config.services.instances) wireGuard;
inherit (flake.config.machines.devices) deimos;
service = wireGuard;
in
{
networking = {
wireguard.interfaces = {
wg0 = {
ips = [ "${deimos.wireguard.ip0}/32" ];
privateKeyFile = config.sops.secrets."${service.name}-deimos-private".path;
};
};
};
sops =
let
sopsPath = secret: {
path = "${service.sops.path0}/${service.name}-${secret}-pass";
owner = "root";
mode = "600";
};
in
{
secrets = builtins.listToAttrs (
map
(secret: {
name = "${service.name}-${secret}";
value = sopsPath secret;
})
[
"deimos-private"
"deimos-public"
]
);
};
}

17
systems/deimos/default.nix Executable file
View file

@ -0,0 +1,17 @@
{ lib, ... }:
let
configPath = ./config;
deimosImports =
let
files = builtins.attrNames (builtins.readDir configPath);
in
map (name: configPath + "/${name}") (
builtins.filter (name: builtins.match ".*\\.nix$" name != null) files
);
in
{
imports = deimosImports;
nixpkgs.hostPlatform = lib.mkForce "x86_64-linux";
system.stateVersion = lib.mkForce "24.05";
}

44
systems/mars/config/boot.nix Executable file
View file

@ -0,0 +1,44 @@
{
pkgs,
config,
...
}:
{
boot = {
extraModulePackages = [
config.boot.kernelPackages.v4l2loopback.out
];
supportedFilesystems = [
"ntfs"
];
initrd = {
network.openvpn.enable = true;
availableKernelModules = [
"nvme"
"ahci"
"xhci_pci"
"usb_storage"
"usbhid"
"sd_mod"
];
kernelModules = [
];
};
kernelModules = [
"kvm-amd"
"vfio-pci"
"v4l2loopback"
];
kernelPackages = pkgs.linuxPackages_latest;
loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
systemd-boot.enable = true;
};
};
}

96
systems/mars/config/filesystem.nix Executable file
View file

@ -0,0 +1,96 @@
{
flake,
config,
...
}:
let
inherit (flake.config.people) user0 user1;
inherit (flake.config.machines.devices) mars ceres synology;
inherit (flake.config.services.instances) jellyfin audiobookshelf comfyui;
synologySecrets = config.sops.secrets."network/synology".path;
ceresSecrets = config.sops.secrets."network/server".path;
in
{
fileSystems =
let
synologyDrives = [
"folder0"
"folder1"
];
storageDrives = [
"storage0"
"storage1"
];
sambaDrives = [
"samba0"
];
sambaFolders = [
audiobookshelf.name
jellyfin.name
comfyui.name
];
synologyMounts = synologyDrive: {
name = "${synology.${synologyDrive}.mount}";
value = {
device = synology.${synologyDrive}.device;
fsType = "cifs";
options = synology.${synologyDrive}.options ++ [
"credentials=${synologySecrets}"
];
};
};
storageMounts = storageDrive: {
name = "${mars.${storageDrive}.mount}";
value = {
device = mars.${storageDrive}.device;
fsType = "ext4";
options = mars.${storageDrive}.options;
};
};
sambaMounts = sambaDrive: folder: {
name = "${ceres.${sambaDrive}.mount}/${folder}";
value = {
device = "${ceres.${sambaDrive}.device}/${folder}";
fsType = "cifs";
options = ceres.${sambaDrive}.options ++ [
"credentials=${ceresSecrets}"
];
};
};
in
{
"/" = {
device = "/dev/disk/by-uuid/cca4aaac-9f98-42a5-8bcc-81c7048aad84";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/7199-F75B";
fsType = "vfat";
options = mars.boot.options;
};
}
// (builtins.listToAttrs (map synologyMounts synologyDrives))
// (builtins.listToAttrs (map storageMounts storageDrives))
// (builtins.listToAttrs (
builtins.concatMap (drive: map (folder: sambaMounts drive folder) sambaFolders) sambaDrives
));
swapDevices = [
{ device = "/dev/disk/by-uuid/d9c787ac-9f10-41a4-8702-242922f44056"; }
];
systemd.tmpfiles.rules = [
"Z ${config.home-manager.users.${user0}.home.homeDirectory} 0755 ${user0} users -"
"Z ${config.home-manager.users.${user1}.home.homeDirectory} 0755 ${user1} users -"
"Z ${mars.storage0.mount} 0755 ${user0} users -"
"Z ${mars.storage1.mount} 0755 ${user0} users -"
];
services.udisks2.enable = true;
}

29
systems/mars/config/graphics.nix Executable file
View file

@ -0,0 +1,29 @@
{ pkgs, ... }:
{
hardware = {
amdgpu.overdrive = {
enable = true;
ppfeaturemask = "0xffffffff";
};
graphics = {
enable = true;
enable32Bit = true;
extraPackages = builtins.attrValues {
inherit (pkgs)
amdvlk
;
inherit (pkgs.rocmPackages.clr)
icd
;
};
extraPackages32 = builtins.attrValues {
inherit (pkgs.driversi686Linux)
amdvlk
;
};
};
};
boot.initrd.kernelModules = [
"amdgpu"
];
}

18
systems/mars/config/hardware.nix Executable file
View file

@ -0,0 +1,18 @@
{
config,
lib,
pkgs,
...
}:
{
hardware = {
firmware = builtins.attrValues {
inherit (pkgs)
rtl8761b-firmware
;
};
enableAllFirmware = true;
ledger.enable = true;
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

42
systems/mars/config/networking.nix Executable file
View file

@ -0,0 +1,42 @@
{
lib,
flake,
...
}:
let
inherit (flake.config.machines.devices)
mars
;
in
{
networking = {
hostName = mars.name;
networkmanager.enable = true;
nftables.enable = true;
useDHCP = lib.mkDefault true;
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
4333 # Feishin
2234 # Soulseek
3131 # Deskreen
1234 # Elm-land server
5037 # ADB Server
37751
];
};
};
services = {
avahi = {
enable = true;
openFirewall = true;
nssmdns4 = true;
};
sshd.enable = true;
openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
};
}

29
systems/mars/config/sops.nix Executable file
View file

@ -0,0 +1,29 @@
{ flake, ... }:
let
inherit (flake.config.people)
user0
;
inherit (flake.config.people.users.${user0})
paths
;
in
{
sops = {
secrets = {
"network/synology" = {
path = "/var/lib/secrets/synology";
owner = "root";
mode = "600";
};
"network/server" = {
path = "/var/lib/secrets/server";
owner = "root";
mode = "600";
};
"discord-token" = {
path = "${paths.path0}/zookeeper/.env";
owner = user0;
};
};
};
}

38
systems/mars/config/wireguard.nix Executable file
View file

@ -0,0 +1,38 @@
{ config, flake, ... }:
let
inherit (flake.config.services.instances) wireGuard;
inherit (flake.config.machines.devices) mars;
service = wireGuard;
in
{
networking = {
wireguard.interfaces = {
wg0 = {
ips = [ "${mars.wireguard.ip0}/32" ];
privateKeyFile = config.sops.secrets."${service.name}-mars-private".path;
};
};
};
sops =
let
sopsPath = secret: {
path = "${service.sops.path0}/${service.name}-${secret}-pass";
owner = "root";
mode = "600";
};
in
{
secrets = builtins.listToAttrs (
map
(secret: {
name = "${service.name}-${secret}";
value = sopsPath secret;
})
[
"mars-private"
"mars-public"
]
);
};
}

17
systems/mars/default.nix Executable file
View file

@ -0,0 +1,17 @@
{ lib, ... }:
let
configPath = ./config;
marsImports =
let
files = builtins.attrNames (builtins.readDir configPath);
in
map (name: configPath + "/${name}") (
builtins.filter (name: builtins.match ".*\\.nix$" name != null) files
);
in
{
imports = marsImports;
nixpkgs.hostPlatform = lib.mkForce "x86_64-linux";
system.stateVersion = lib.mkForce "24.05";
}

43
systems/phobos/config/boot.nix Executable file
View file

@ -0,0 +1,43 @@
{
pkgs,
config,
...
}:
{
boot = {
extraModulePackages = [
config.boot.kernelPackages.v4l2loopback.out
];
supportedFilesystems = [
"ntfs"
];
initrd = {
availableKernelModules = [
"nvme"
"ahci"
"xhci_pci"
"usb_storage"
"usbhid"
"sd_mod"
];
kernelModules = [
];
};
kernelModules = [
"kvm-amd"
"vfio-pci"
"v4l2loopback"
];
kernelPackages = pkgs.linuxPackages_latest;
loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
systemd-boot.enable = true;
};
};
}

36
systems/phobos/config/filesystem.nix Executable file
View file

@ -0,0 +1,36 @@
{
flake,
config,
...
}:
let
inherit (flake.config.people)
user0
;
inherit (flake.config.machines.devices)
phobos
;
in
{
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/c9a82c93-1da4-4cd1-a1fa-26483271a2bb";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/71CA-765A";
fsType = "vfat";
options = phobos.boot.options;
};
};
swapDevices = [
{ device = "/dev/disk/by-uuid/74007bf1-6e2f-425e-99fa-d35990f4ea37"; }
];
systemd.tmpfiles.rules = [
"Z ${config.home-manager.users.${user0}.home.homeDirectory} 0755 ${user0} users -"
];
services.udisks2.enable = true;
}

24
systems/phobos/config/graphics.nix Executable file
View file

@ -0,0 +1,24 @@
{ pkgs, ... }:
{
hardware = {
graphics = {
enable = true;
extraPackages = builtins.attrValues {
inherit (pkgs)
amdvlk
;
inherit (pkgs.rocmPackages.clr)
icd
;
};
extraPackages32 = builtins.attrValues {
inherit (pkgs.driversi686Linux)
amdvlk
;
};
};
};
boot.initrd.kernelModules = [
"amdgpu"
];
}

15
systems/phobos/config/hardware.nix Executable file
View file

@ -0,0 +1,15 @@
{
config,
lib,
pkgs,
...
}:
{
hardware = {
firmware = [
pkgs.rtl8761b-firmware
];
enableAllFirmware = true;
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

37
systems/phobos/config/networking.nix Executable file
View file

@ -0,0 +1,37 @@
{
lib,
flake,
...
}:
let
inherit (flake.config.machines.devices)
phobos
;
in
{
networking = {
hostName = phobos.name;
networkmanager.enable = true;
nftables.enable = true;
useDHCP = lib.mkDefault true;
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
55771
];
};
};
services = {
avahi = {
enable = true;
openFirewall = true;
nssmdns4 = true;
};
sshd.enable = true;
openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
};
}

16
systems/phobos/config/sops.nix Executable file
View file

@ -0,0 +1,16 @@
{
sops = {
secrets = {
"network/synology" = {
path = "/var/lib/secrets/synology";
owner = "root";
mode = "600";
};
"network/server" = {
path = "/var/lib/secrets/server";
owner = "root";
mode = "600";
};
};
};
}

17
systems/phobos/default.nix Executable file
View file

@ -0,0 +1,17 @@
{ lib, ... }:
let
configPath = ./config;
deimosImports =
let
files = builtins.attrNames (builtins.readDir configPath);
in
map (name: configPath + "/${name}") (
builtins.filter (name: builtins.match ".*\\.nix$" name != null) files
);
in
{
imports = deimosImports;
nixpkgs.hostPlatform = lib.mkForce "x86_64-linux";
system.stateVersion = lib.mkForce "24.05";
}