Compare commits
6 commits
b0b1852357
...
e9d9801d20
Author | SHA1 | Date | |
---|---|---|---|
e9d9801d20 | |||
dcac9f2d2f | |||
0768c39f9a | |||
44e1f71de7 | |||
03b7dc29d0 | |||
70b7c4f57e |
6 changed files with 66 additions and 27 deletions
1
.envrc
1
.envrc
|
@ -1 +1,2 @@
|
||||||
export SOPS_AGE_KEY_FILE="$(expand_path ./age.key)"
|
export SOPS_AGE_KEY_FILE="$(expand_path ./age.key)"
|
||||||
|
use nix
|
6
.gitignore
vendored
6
.gitignore
vendored
|
@ -1,3 +1,7 @@
|
||||||
result*
|
result*
|
||||||
/secrets
|
/secrets
|
||||||
age.key
|
age.key
|
||||||
|
**/*.tmp.sops.yaml
|
||||||
|
**/*.sops.tmp.yaml
|
||||||
|
result
|
||||||
|
.direnv
|
||||||
|
|
42
flake.lock
42
flake.lock
|
@ -5,11 +5,11 @@
|
||||||
"nixpkgs": "nixpkgs"
|
"nixpkgs": "nixpkgs"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1715872464,
|
"lastModified": 1716168343,
|
||||||
"narHash": "sha256-mkZ3hrPG7d+qL7B6pQcrNfPh2mnQEJR3FHK93qCp6Uk=",
|
"narHash": "sha256-82oT27w9smpItZ+PyN2C0PjIwZYbIocwXSM4u1igXuc=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "5f6dbcce99d60dd77f96dfc66d06bbea149a40e1",
|
"rev": "6f01b9710bc4d3bf006eb8df928b4b15e0430901",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -20,11 +20,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1715774670,
|
"lastModified": 1716128955,
|
||||||
"narHash": "sha256-iJYnKMtLi5u6hZhJm94cRNSDG5Rz6ZzIkGbhPFtDRm0=",
|
"narHash": "sha256-3DNg/PV+X2V7yn8b/fUR2ppakw7D9N4sjVBGk6nDwII=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "b3fcfcfabd01b947a1e4f36622bbffa3985bdac6",
|
"rev": "f9256de8281f2ccd04985ac5c30d8f69aefadbe8",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -36,11 +36,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1715458492,
|
"lastModified": 1716061101,
|
||||||
"narHash": "sha256-q0OFeZqKQaik2U8wwGDsELEkgoZMK7gvfF6tTXkpsqE=",
|
"narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "8e47858badee5594292921c2668c11004c3b0142",
|
"rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -52,11 +52,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1715787315,
|
"lastModified": 1716137900,
|
||||||
"narHash": "sha256-cYApT0NXJfqBkKcci7D9Kr4CBYZKOQKDYA23q8XNuWg=",
|
"narHash": "sha256-sowPU+tLQv8GlqtVtsXioTKeaQvlMz/pefcdwg8MvfM=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "33d1e753c82ffc557b4a585c77de43d4c922ebb5",
|
"rev": "6c0b7a92c30122196a761b440ac0d46d3d9954f1",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -68,11 +68,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_3": {
|
"nixpkgs_3": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1715777523,
|
"lastModified": 1716127062,
|
||||||
"narHash": "sha256-S6g1OWbKXswOMoTssq3aOm4OhxhlKoIwEAXWmU57vts=",
|
"narHash": "sha256-2rk8FqB/iQV2d0vQLs684/Tj5PUHaS1sFwG7fng5vXE=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "c029b7f004009923bbfc90bbc31263cd4b08759f",
|
"rev": "8a2555763c48e2410054de3f52f7310ce3241ec5",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -98,11 +98,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1715482972,
|
"lastModified": 1716087663,
|
||||||
"narHash": "sha256-y1uMzXNlrVOWYj1YNcsGYLm4TOC2aJrwoUY1NjQs9fM=",
|
"narHash": "sha256-zuSAGlx8Qk0OILGCC2GUyZ58/SJ5R3GZdeUNQ6IS0fQ=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "b6cb5de2ce57acb10ecdaaf9bbd62a5ff24fa02e",
|
"rev": "0bf1808e70ce80046b0cff821c019df2b19aabf5",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -116,11 +116,11 @@
|
||||||
"nixpkgs": "nixpkgs_3"
|
"nixpkgs": "nixpkgs_3"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1715820823,
|
"lastModified": 1716166358,
|
||||||
"narHash": "sha256-KN9uvEjgzUA0trQdnnpeJEPA/UhpMlwXexJyiyqkH78=",
|
"narHash": "sha256-SmCc4nKUXgYb8bBGJ3+N+l/2MBROue2x9+CyJ2of24w=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "srvos",
|
"repo": "srvos",
|
||||||
"rev": "7a140951a5b5db5c05d359ccd53c3f7bd06f317b",
|
"rev": "d368bfdc3a409482b92290a105bcacc108a49d24",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -37,7 +37,7 @@
|
||||||
system = "aarch64-linux";
|
system = "aarch64-linux";
|
||||||
specialArgs = {inherit inputs outputs;};
|
specialArgs = {inherit inputs outputs;};
|
||||||
modules = [
|
modules = [
|
||||||
inputs.sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
srvos.nixosModules.hardware-hetzner-cloud
|
srvos.nixosModules.hardware-hetzner-cloud
|
||||||
srvos.nixosModules.server
|
srvos.nixosModules.server
|
||||||
srvos.nixosModules.mixins-systemd-boot
|
srvos.nixosModules.mixins-systemd-boot
|
||||||
|
|
|
@ -6,11 +6,11 @@
|
||||||
"nix": {
|
"nix": {
|
||||||
"enabled": true
|
"enabled": true
|
||||||
},
|
},
|
||||||
"schedule": [
|
|
||||||
"every weekend"
|
|
||||||
],
|
|
||||||
"lockFileMaintenance": {
|
"lockFileMaintenance": {
|
||||||
"enabled": true
|
"enabled": true,
|
||||||
|
"automerge": true,
|
||||||
|
"ignoreTests": true,
|
||||||
|
"extends": ["schedule:daily"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
34
shell.nix
Normal file
34
shell.nix
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
# Shell for bootstrapping flake-enabled nix and home-manager
|
||||||
|
{ pkgs ? let
|
||||||
|
# If pkgs is not defined, instantiate nixpkgs from locked commit
|
||||||
|
lock = (builtins.fromJSON (builtins.readFile ./flake.lock)).nodes.nixpkgs.locked;
|
||||||
|
nixpkgs = fetchTarball {
|
||||||
|
url = "https://github.com/nixos/nixpkgs/archive/${lock.rev}.tar.gz";
|
||||||
|
sha256 = lock.narHash;
|
||||||
|
};
|
||||||
|
system = builtins.currentSystem;
|
||||||
|
overlays = [ ]; # Explicit blank overlay to avoid interference
|
||||||
|
in
|
||||||
|
import nixpkgs { inherit system overlays; }
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
in
|
||||||
|
pkgs.mkShell {
|
||||||
|
# Enable experimental features without having to specify the argument
|
||||||
|
NIX_CONFIG = "experimental-features = nix-command flakes";
|
||||||
|
|
||||||
|
nativeBuildInputs = with pkgs; [
|
||||||
|
nix
|
||||||
|
home-manager
|
||||||
|
git
|
||||||
|
nil
|
||||||
|
nixpkgs-fmt
|
||||||
|
go-task
|
||||||
|
sops
|
||||||
|
pre-commit
|
||||||
|
gitleaks
|
||||||
|
mkdocs
|
||||||
|
mqttui
|
||||||
|
];
|
||||||
|
}
|
Loading…
Reference in a new issue