feat: add temp vm for nixos dev

This commit is contained in:
Nat Allan 2024-03-14 22:04:40 +11:00
parent bbfe9d4a2a
commit cbebc799bd
15 changed files with 566 additions and 2 deletions

9
.sops.yaml Normal file
View file

@ -0,0 +1,9 @@
---
keys:
- &nixosvm age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
creation_rules:
- path_regex: .*\.sops\.yaml$
key_groups:
- age:
- *nixosvm

3
.vscode/extensions.json vendored Normal file
View file

@ -0,0 +1,3 @@
{
"recommendations": ["jnoortheen.nix-ide"]
}

9
docs/vm/secrets.md Normal file
View file

@ -0,0 +1,9 @@
# Generate age key per machine
On new machine, run below to transfer its shiny new ed25519 to age
```sh
nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
```
Copy this into `./.sops.yaml` in base repo, then re-run taskfile `task sops:re-encrypt` to loop through all sops keys, decrypt then re-encrypt

154
flake.lock Normal file
View file

@ -0,0 +1,154 @@
{
"nodes": {
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nix-vscode-extensions": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1710379006,
"narHash": "sha256-n4C2wIUCi+aDDEejrRBERfhwvXsZbS5BDxfDvVc54Nk=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "dae307e517aba2d464ad09072d5b96c6e20f3a1f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1710283656,
"narHash": "sha256-nI+AOy4uK6jLGBi9nsbHjL1EdSIzoo8oa+9oeVhbyFc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "51063ed4f2343a59fdeebb279bb81d87d453942b",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1710033658,
"narHash": "sha256-yiZiVKP5Ya813iYLho2+CcFuuHpaqKc/CoxOlANKcqM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b17375d3bb7c79ffc52f3538028b2ec06eb79ef8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1710272261,
"narHash": "sha256-g0bDwXFmTE7uGDOs9HcJsfLFhH7fOsASbAuOzDC+fhQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0ad13a6833440b8e238947e47bea7f11071dc2b2",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nix-vscode-extensions": "nix-vscode-extensions",
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1710195194,
"narHash": "sha256-KFxCJp0T6TJOz1IOKlpRdpsCr9xsvlVuWY/VCiAFnTE=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "e52d8117b330f690382f1d16d81ae43daeb4b880",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

View file

@ -20,7 +20,7 @@
};
outputs = { self, nixpkgs, ... }@inputs:
outputs = { self, nixpkgs, sops-nix, ... }@inputs:
with inputs;
{
@ -45,6 +45,7 @@
modules = [
(./nixos/hosts + "/${x}/default.nix")
sops-nix.nixosModules.sops
];
};
})

View file

@ -9,6 +9,9 @@
vim
git
dnsutils
# TODO Move
nixpkgs-fmt
nil
];
programs.mtr.enable = true;

View file

@ -0,0 +1,6 @@
{ inputs, outputs, config, ... }: {
# Cloudflare dynamic dns to keep my DNS records pointed at home
services.cloudflare-dyndns.enable = true;
}

View file

@ -0,0 +1 @@
forward-address: hi

View file

@ -0,0 +1,138 @@
{ config, pkgs, lib, ... }:
{
# Enable vscode & addons
environment.systemPackages = with pkgs; [
(vscode-with-extensions.override {
vscode = vscodium;
vscodeExtensions = with vscode-extensions; [
bbenoist.nix
] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
{
name = "prettier-vscode";
publisher = "esbenp";
version = "10.1.0";
sha256 = "01s0vi2h917mqfpdrhqhp2ijwkibw95yk2js0l587wvajbbry2s9";
}
{
name = "vscode-docker";
publisher = "ms-azuretools";
version = "1.28.0";
sha256 = "0nmc3pdgxpmr6k2ksdczkv9bbwszncfczik0xjympqnd2k0ra9h0";
}
{
name = "gitlens";
publisher = "eamodio";
version = "14.7.0";
sha256 = "07f9fryaci8lsrdahgll5yhlzf5rhscpy1zd258hi211ymvkxlmy";
}
{
name = "remote-containers";
publisher = "ms-vscode-remote";
version = "0.327.0";
sha256 = "0asswm55bx5gpz08cgpmgfvnb0494irj0gsvzx5nwknqfzpj07lz";
}
{
name = "remote-ssh";
publisher = "ms-vscode-remote";
version = "0.107.1";
sha256 = "1q9xp8id9afhjx67zc7a61zb572f296apvdz305xd5v4brqd9xrf";
}
{
name = "vscode-yaml";
publisher = "redhat";
version = "1.14.0";
sha256 = "0pww9qndd2vsizsibjsvscz9fbfx8srrj67x4vhmwr581q674944";
}
{
name = "todo-tree";
publisher = "gruntfuggly";
version = "0.0.226";
sha256 = "0yrc9qbdk7zznd823bqs1g6n2i5xrda0f9a7349kknj9wp1mqgqn";
}
{
name = "path-autocomplete";
publisher = "ionutvmi";
version = "1.25.0";
sha256 = "0jjqh3p456p1aafw1gl6xgxw4cqqzs3hssr74mdsmh77bjizcgcb";
}
{
name = "even-better-toml";
publisher = "tamasfe";
version = "0.19.2";
sha256 = "0q9z98i446cc8bw1h1mvrddn3dnpnm2gwmzwv2s3fxdni2ggma14";
}
{
name = "linter";
publisher = "fnando";
version = "0.0.19";
sha256 = "13bllbxd7sy4qlclh37qvvnjp1v13al11nskcf2a8pmnmj455v4g";
}
{
name = "catppuccin-vsc";
publisher = "catppuccin";
version = "3.11.0";
sha256 = "12bzx1pv9pxbm08dhvl8pskpz1vg2whxmasl0qk2x54swa2rhi4d";
}
{
name = "catppuccin-vsc-icons";
publisher = "catppuccin";
version = "1.8.0";
sha256 = "12sw9f00vnmppmvhwbamyjcap3acjs1f67mdmyv6ka52mav58z8z";
}
{
name = "nix-ide";
publisher = "jnoortheen";
version = "0.2.2";
sha256 = "1264027sjh9a112si0y0p3pk3y36shj5b4qkpsj207z7lbxqq0wg";
}
{
name = "vscode-swissknife";
publisher = "luisfontes19";
version = "1.8.1";
sha256 = "1rpk8zayzkn2kg4jjdd2fy6xl50kib71dqg73v46326cr4dwxa7c";
}
{
name = "pre-commit-helper";
publisher = "elagil";
version = "0.5.0";
sha256 = "05cs1ndnha9dgv1ys23z81ajk300wpixqmks0lfmrj1zwyjg2wlj";
}
{
name = "sops-edit";
publisher = "shipitsmarter";
version = "1.0.0";
sha256 = "0b2z9khiwrpf6gxdb9y315ayqkibvgixmvx82in5rlp8pndb6sq4";
}
{
name = "json5-for-vscode";
publisher = "tudoudou";
version = "0.0.3";
sha256 = "1d1c18mr91ll5fsp0l0aszyi7nx0ad352ssm0fm40z81m4dmzm0w";
}
];
})
];
}

View file

@ -0,0 +1,177 @@
# Warning, this file is autogenerated by nix4vscode. Don't modify this manually.
{ pkgs }:
let
vscode-utils = pkgs.vscode-utils;
in
{
"ms-python"."python" = vscode-utils.extensionFromVscodeMarketplace {
name = "python";
publisher = "ms-python";
version = "2024.0.0";
sha256 = "0sy1z2r6b0m1lkivjyrcf41dbgj9m5zkjy6yncpji1hisjcbgq6n";
};
"ms-python"."vscode-pylance" = vscode-utils.extensionFromVscodeMarketplace {
name = "vscode-pylance";
publisher = "ms-python";
version = "2023.12.1";
sha256 = "03fr9zanhdsf3wirv65vb41swvdnxxaz8lviyjdbmzcw9yihf8dv";
};
"esbenp"."prettier-vscode" = vscode-utils.extensionFromVscodeMarketplace {
name = "prettier-vscode";
publisher = "esbenp";
version = "10.1.0";
sha256 = "01s0vi2h917mqfpdrhqhp2ijwkibw95yk2js0l587wvajbbry2s9";
};
"ms-azuretools"."vscode-docker" = vscode-utils.extensionFromVscodeMarketplace {
name = "vscode-docker";
publisher = "ms-azuretools";
version = "1.28.0";
sha256 = "0nmc3pdgxpmr6k2ksdczkv9bbwszncfczik0xjympqnd2k0ra9h0";
};
"eamodio"."gitlens" = vscode-utils.extensionFromVscodeMarketplace {
name = "gitlens";
publisher = "eamodio";
version = "14.7.0";
sha256 = "07f9fryaci8lsrdahgll5yhlzf5rhscpy1zd258hi211ymvkxlmy";
};
"ms-vscode-remote"."remote-containers" = vscode-utils.extensionFromVscodeMarketplace {
name = "remote-containers";
publisher = "ms-vscode-remote";
version = "0.327.0";
sha256 = "0asswm55bx5gpz08cgpmgfvnb0494irj0gsvzx5nwknqfzpj07lz";
};
"ms-vscode-remote"."remote-ssh" = vscode-utils.extensionFromVscodeMarketplace {
name = "remote-ssh";
publisher = "ms-vscode-remote";
version = "0.107.1";
sha256 = "1q9xp8id9afhjx67zc7a61zb572f296apvdz305xd5v4brqd9xrf";
};
"redhat"."vscode-yaml" = vscode-utils.extensionFromVscodeMarketplace {
name = "vscode-yaml";
publisher = "redhat";
version = "1.14.0";
sha256 = "0pww9qndd2vsizsibjsvscz9fbfx8srrj67x4vhmwr581q674944";
};
"github"."copilot" = vscode-utils.extensionFromVscodeMarketplace {
name = "copilot";
publisher = "github";
version = "1.156.0";
sha256 = "16nzwazfbh895kmc2887b17zzbbcjyk8fhiphk5xmy1nm9qxszk0";
};
"golang"."go" = vscode-utils.extensionFromVscodeMarketplace {
name = "go";
publisher = "golang";
version = "0.40.3";
sha256 = "15kicpv9xpn7l3w9mbmsjdzjmavh88p3skkim0a9prg9p40bsq0m";
};
"gruntfuggly"."todo-tree" = vscode-utils.extensionFromVscodeMarketplace {
name = "todo-tree";
publisher = "gruntfuggly";
version = "0.0.226";
sha256 = "0yrc9qbdk7zznd823bqs1g6n2i5xrda0f9a7349kknj9wp1mqgqn";
};
"ms-kubernetes-tools"."vscode-kubernetes-tools" = vscode-utils.extensionFromVscodeMarketplace {
name = "vscode-kubernetes-tools";
publisher = "ms-kubernetes-tools";
version = "1.3.15";
sha256 = "1x6npc90p6b1wx5sd1hd0x0djahmffr6lw9cxh2zg10rbpq48w8i";
};
"hashicorp"."terraform" = vscode-utils.extensionFromVscodeMarketplace {
name = "terraform";
publisher = "hashicorp";
version = "2.29.3";
sha256 = "sha256-cYYtBZaWgtT6vS6In+tbpLfp/GdyWodBXyHsxn8ZZrU=";
};
"ionutvmi"."path-autocomplete" = vscode-utils.extensionFromVscodeMarketplace {
name = "path-autocomplete";
publisher = "ionutvmi";
version = "1.25.0";
sha256 = "0jjqh3p456p1aafw1gl6xgxw4cqqzs3hssr74mdsmh77bjizcgcb";
};
"tamasfe"."even-better-toml" = vscode-utils.extensionFromVscodeMarketplace {
name = "even-better-toml";
publisher = "tamasfe";
version = "0.19.2";
sha256 = "0q9z98i446cc8bw1h1mvrddn3dnpnm2gwmzwv2s3fxdni2ggma14";
};
"redhat"."ansible" = vscode-utils.extensionFromVscodeMarketplace {
name = "ansible";
publisher = "redhat";
version = "2.9.118";
sha256 = "0yndj2r0w2zxc5firxgfrykkc5ajy9gsmrfmkz80kfhwk33n9y1p";
};
"fnando"."linter" = vscode-utils.extensionFromVscodeMarketplace {
name = "linter";
publisher = "fnando";
version = "0.0.19";
sha256 = "13bllbxd7sy4qlclh37qvvnjp1v13al11nskcf2a8pmnmj455v4g";
};
"catppuccin"."catppuccin-vsc" = vscode-utils.extensionFromVscodeMarketplace {
name = "catppuccin-vsc";
publisher = "catppuccin";
version = "3.11.0";
sha256 = "12bzx1pv9pxbm08dhvl8pskpz1vg2whxmasl0qk2x54swa2rhi4d";
};
"catppuccin"."catppuccin-vsc-icons" = vscode-utils.extensionFromVscodeMarketplace {
name = "catppuccin-vsc-icons";
publisher = "catppuccin";
version = "1.8.0";
sha256 = "12sw9f00vnmppmvhwbamyjcap3acjs1f67mdmyv6ka52mav58z8z";
};
"jnoortheen"."nix-ide" = vscode-utils.extensionFromVscodeMarketplace {
name = "nix-ide";
publisher = "jnoortheen";
version = "0.2.2";
sha256 = "1264027sjh9a112si0y0p3pk3y36shj5b4qkpsj207z7lbxqq0wg";
};
"luisfontes19"."vscode-swissknife" = vscode-utils.extensionFromVscodeMarketplace {
name = "vscode-swissknife";
publisher = "luisfontes19";
version = "1.8.1";
sha256 = "1rpk8zayzkn2kg4jjdd2fy6xl50kib71dqg73v46326cr4dwxa7c";
};
"elagil"."pre-commit-helper" = vscode-utils.extensionFromVscodeMarketplace {
name = "pre-commit-helper";
publisher = "elagil";
version = "0.5.0";
sha256 = "05cs1ndnha9dgv1ys23z81ajk300wpixqmks0lfmrj1zwyjg2wlj";
};
"shipitsmarter"."sops-edit" = vscode-utils.extensionFromVscodeMarketplace {
name = "sops-edit";
publisher = "shipitsmarter";
version = "1.0.0";
sha256 = "0b2z9khiwrpf6gxdb9y315ayqkibvgixmvx82in5rlp8pndb6sq4";
};
"tudoudou"."json5-for-vscode" = vscode-utils.extensionFromVscodeMarketplace {
name = "json5-for-vscode";
publisher = "tudoudou";
version = "0.0.3";
sha256 = "1d1c18mr91ll5fsp0l0aszyi7nx0ad352ssm0fm40z81m4dmzm0w";
};
}

View file

@ -0,0 +1,8 @@
{ config, pkgs, lib, ... }:
{
programs.firefox = {
enable = true;
};
}

View file

@ -0,0 +1,34 @@
{ config, pkgs, lib, ... }:
{
# Ref: https://nixos.wiki/wiki/GNOME
# Enable GNOME with this 3 wierd tricks
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
# And dconf
programs.dconf.enable = true;
# Exclude default GNOME packages that dont interest me.
environment.gnome.excludePackages = (with pkgs; [
gnome-photos
gnome-tour
]) ++ (with pkgs.gnome; [
cheese # webcam tool
gnome-music
gnome-terminal
gedit # text editor
epiphany # web browser
geary # email reader
evince # document viewer
gnome-characters
totem # video player
tali # poker game
iagno # go game
hitori # sudoku game
atomix # puzzle game
]);
}

View file

@ -17,6 +17,9 @@
../common/optional/monitoring.nix
../common/optional/reboot-required.nix
../common/optional/dnscrypt-proxy2.nix
../common/optional/gnome.nix
../common/optional/editors/vscode
../common/optional/firefox.nix
];

View file

@ -0,0 +1,18 @@
---
version: "3"
tasks:
# shamelessly stolen from szinn/nix-config :)
re-encrypt:
desc: Decrypt and re-encrypt all sops secrets
silent: true
dir: "{{.USER_WORKING_DIR}}"
vars:
SECRET_FILES:
sh: find . -type f -name '*.sops.yaml' ! -name ".sops.yaml"
cmds:
- for: { var: SECRET_FILES }
cmd: |
echo "Re-encrypting {{ .ITEM }}"
sops --decrypt --in-place "{{ .ITEM }}"
sops --encrypt --in-place "{{ .ITEM }}"

View file