.taskfiles/nix/Taskfile.yaml

@@ -0,0 +1,121 @@
+---
+# yaml-language-server: $schema=https://taskfile.dev/schema.json
+version: "3"
+
+vars:
+  hostname: $HOSTNAME
+  host: '{{ or .host .hostname }}'
+
+
+tasks:
+  switch:
+    desc: Build and apply nix configuration
+    silent: true
+    requires:
+      vars:
+        - host
+    cmds:
+      - echo "This will switch your config."
+      - task: .prompt_to_continue
+      - git add .
+      - sudo nixos-rebuild switch --flake "{{.ROOT_DIR}}/#{{.hostname}}" --impure
+    preconditions:
+      - sh: which nix
+        msg: "nix not found"
+      - sh: which nixos-rebuild
+        msg: "nixos-rebuild not found"
+  
+  deploy-single:
+    desc: Deploy flake to single node
+    # silent: true
+    requires:
+      vars:
+        - host
+    cmds:
+      - echo "This will deploy the local flake to host {{ .host }}."
+      - task: .prompt_to_continue
+      - .taskfiles/nix/update-single-machine.sh {{.host}}
+    preconditions:
+    - sh: which nix
+      msg: "nix not found"
+    - sh: which nixos-rebuild
+      msg: "nixos-rebuild not found"
+
+  deploy-all:
+    desc: Deploy flake to all nodes
+    # silent: true
+    requires:
+      vars:
+        - host
+    cmds:
+      - echo "This will deploy the local flake to all whitelisted hosts."
+      - task: .prompt_to_continue
+      - .taskfiles/nix/update-all.sh
+    preconditions:
+    - sh: which nix
+      msg: "nix not found"
+    - sh: which nixos-rebuild
+      msg: "nixos-rebuild not found"
+
+
+
+  test:
+    desc: Build and apply nix configuration
+    silent: true
+    requires:
+      vars:
+        - host
+    cmds:
+      - echo "This will test your config."
+      - task: .prompt_to_continue
+      - sudo nixos-rebuild test --flake "{{.ROOT_DIR}}/#{{.host}}" --impure
+    preconditions:
+      - sh: which nix
+        msg: "nix not found"
+      - sh: which nixos-rebuild
+        msg: "nixos-rebuild not found"
+
+  dry-run:
+    desc: Build and apply nix configuration
+    silent: true
+    requires:
+      vars:
+        - host
+    cmds:
+      - echo "This will dry-run your config and add your untracked git files."
+      - git add .
+      - nixos-rebuild dry-run --flake "{{.ROOT_DIR}}/#{{.host}}" --impure
+    preconditions:
+      - sh: which nix
+        msg: "nix not found"
+      - sh: which nixos-rebuild
+        msg: "nixos-rebuild not found"
+
+
+  build:
+    desc: Build nix configuration
+    silent: true
+    requires:
+      vars:
+        - host
+    cmds:
+      - git add .
+      - nixos-rebuild build --flake "{{.ROOT_DIR}}/#{{.host}}" --impure --fast
+      - nvd diff /run/current-system result
+    preconditions:
+      - sh: which nix
+        msg: "nix not found"
+      - sh: which nixos-rebuild
+        msg: "nixos-rebuild not found"
+      - sh: which nvd
+        msg: "nvd not found"
+
+  .prompt_to_continue:
+    internal: true
+    prompt: Do you want to continue applying this configuration?
+
+  build-image-rpi4:
+    desc: Build basic machine build-image
+    silent: true
+    cmds:
+      - nix build .#images.rpi4

.taskfiles/nix/update-all.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+set -e
+
+hosts=($(echo $(nix eval .#nixosConfigurations --apply 'pkgs: builtins.concatStringsSep " " (builtins.attrNames pkgs)') | xargs))
+skip=(
+    "citadel"
+    "rickenbacker"
+)
+
+reboot=0
+
+while getopts ":r" option; do
+    case $option in
+    r)
+        reboot=1
+        ;;
+    esac
+done
+
+for host in "${hosts[@]}"; do
+    # Check if the host is in the skip list
+    if [[ " ${skip[*]} " =~ " ${host} " ]]; then
+        continue
+    fi
+    fqdn="$host.l.voltaicforge.com"
+    if [ $reboot -eq 0 ]; then
+        echo $fqdn
+        nixos-rebuild switch -j auto --use-remote-sudo --target-host $fqdn --flake ".#$host"
+    else
+        echo "$fqdn with reboot"
+        nixos-rebuild boot -j auto --use-remote-sudo --target-host $fqdn --flake ".#$host"
+        ssh -i $rsa_key $fqdn 'sudo reboot'
+    fi
+    echo
+    echo
+done

.taskfiles/nix/update-single-machine.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+set -e
+
+cd /home/truxnell/.local/nix-config
+
+# rsa_key="~/.nixos/secrets/ssh_keys/ansible/ansible.key"
+# export NIX_SSHOPTS="-t -i $rsa_key"
+
+reboot=0
+
+while getopts ":r" option; do
+    case $option in
+    r)
+        reboot=1
+        host=$2
+        fqdn="$host.l.voltaicforge.com"
+        echo "$fqdn with reboot"
+        nixos-rebuild boot -j auto --use-remote-sudo --target-host $fqdn --flake ".#$host"
+        # ssh -i $rsa_key $fqdn 'sudo reboot'
+        ssh $fqdn 'sudo reboot'
+        ;;
+    esac
+done
+
+if [ $reboot -eq 0 ]; then
+    host=$1
+    fqdn="$host.l.voltaicforge.com"
+    echo "$fqdn"
+    nixos-rebuild switch -j auto --use-remote-sudo --target-host $fqdn --flake ".#$host"
+fi
+echo
+echo

.vscode/module.code-snippets

@@ -10,7 +10,7 @@
       "with lib;",
       "let",
       "  cfg = config.mySystem.${1}.${2};",
-      "  app = \"${3}\"",
+      "  app = \"${3}\""
       "  appFolder = \"apps/${app}\";",
       "  persistentFolder = \"${config.mySystem.persistentFolder}/${appFolder}\";",
       "  user = app;",

.vscode/settings.json

@@ -0,0 +1,6 @@
+{
+    "cSpell.words": [
+        "homelab",
+        "Seafile"
+    ]
+}

flake.nix

@@ -79,7 +79,7 @@
       formatter = forAllSystems (system: nixpkgs.legacyPackages."${system}".nixpkgs-fmt);
 
       # setup devshells against shell.nix
-      # devShells = forAllSystems (pkgs: import ./shell.nix { inherit pkgs; });
+      devShells = forAllSystems (pkgs: import ./shell.nix { inherit pkgs; });
 
       # extend lib with my custom functions
       lib = nixpkgs.lib.extend (

nixos/home/jahanson/global.nix

@@ -1,4 +1,4 @@
-{ pkgs, config, ... }:
+{ lib, pkgs, self, config, ... }:
 with config;
 {
 
@@ -79,6 +79,7 @@ with config;
         # dev utils
         direnv # shell environment management
         envsubst
+        lazygit
 
         # nix tools
         nvd

nixos/home/jahanson/server.nix

@@ -1,4 +1,5 @@
-{ ... }:
+{ lib, pkgs, self, config, ... }:
+with config;
 {
   imports = [
     ./global.nix

nixos/home/jahanson/workstation.nix

@@ -1,4 +1,4 @@
-{ pkgs, config, ... }:
+{ lib, pkgs, self, config, inputs, ... }:
 with config;
 {
   imports = [
@@ -13,9 +13,9 @@ with config;
 
     git = {
       enable = true;
-      username = "Joseph Hanson";
+      username = "jahanson";
       email = "joe@veri.dev";
-      signingKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDSAmssproxG+KsVn2DfuteBAemHrmmAFzCtldpKl4J";
+      # signingKey = ""; # TODO setup signing keys n shit
     };
   };
 

nixos/home/modules/security/ssh/default.nix

@@ -1,4 +1,8 @@
-{ config, lib, ... }:
+{ config
+, pkgs
+, lib
+, ...
+}:
 with lib; let
   cfg = config.myHome.security.ssh;
 in

nixos/home/modules/shell/fish/default.nix

@@ -23,15 +23,49 @@ in
           ll = "${pkgs.eza}/bin/eza --long --all --group --header";
           tm = "tmux attach -t (basename $PWD) || tmux new -s (basename $PWD)";
           x = "exit";
-          # lazydocker --> lazypodman
-          lazypodman="sudo DOCKER_HOST=unix:///run/podman/podman.sock lazydocker";
         };
 
         shellAbbrs = {
-          nrs = "sudo nixos-rebuild switch --flake .";
+          dup = "git add . ; darwin-rebuild --flake . switch";
+          dupb = "git add . ; darwin-rebuild --flake . build --show-trace ; nvd diff /run/current-system result";
+          nup = "git add . ; sudo nixos-rebuild --flake . switch";
+          nhup = "nh os switch . --dry";
           nvdiff = "nvd diff /run/current-system result";
+          ap = "ansible-playbook";
+          apb = "ansible-playbook --ask-become";
+          gfp = "git fetch -p && git pull";
+          gitp = "git push";
+          gitpf = "git push -f";
+          tf = "terraform";
         };
 
+        # functions = {
+        #   brewup = {
+        #     description = "Update homebrew applications";
+        #     body = builtins.readFile ./functions/brewup.fish;
+        #   };
+        #   fish_prompt = {
+        #     description = "Set the fish prompt";
+        #     body = builtins.readFile ./functions/fish_prompt.fish;
+        #   };
+        #   fish_right_prompt = {
+        #     description = "Set the right prompt";
+        #     body = builtins.readFile ./functions/fish_right_prompt.fish;
+        #   };
+        #   fish_title = {
+        #     description = "Set the title";
+        #     body = builtins.readFile ./functions/fish_title.fish;
+        #   };
+        #   fwatch = {
+        #     description = "Watch with fish alias support";
+        #     body = builtins.readFile ./functions/fwatch.fish;
+        #   };
+        #   git_current_branch = {
+        #     description = "Display the current branch";
+        #     body = builtins.readFile ./functions/git_current_branch.fish;
+        #   };
+        # };
+
         interactiveShellInit = ''
           # Erase fish_mode_prompt function
           functions -e fish_mode_prompt
@@ -75,6 +109,15 @@ in
       home.sessionVariables.fish_greeting = "";
 
       programs.nix-index.enable = true;
+
+      # programs.fish = {
+      #   functions = {
+      #     agent = {
+      #       description = "Start SSH agent";
+      #       body = builtins.readFile ./functions/agent.fish;
+      #     };
+      #   };
+      # };
     })
   ];
 }

nixos/home/modules/shell/git/default.nix

@@ -45,11 +45,6 @@ in
           rebase = {
             autoStash = true;
           };
-          user = {
-            signingKey = cfg.signingKey;
-          };
-          gpg.format = "ssh";
-          gpg.program = "${pkgs._1password}/bin/op-ssh-sign";
         };
         aliases = {
           co = "checkout";
@@ -67,12 +62,15 @@ in
           # Python virtualenvs
           ".venv"
         ];
+        # signing = lib.mkIf (cfg.signingKey != "") {
+        #   signByDefault = true;
+        #   key = cfg.signingKey;
+        # };
       };
 
       home.packages = [
         pkgs.git-filter-repo
         pkgs.tig
-        pkgs.lazygit
       ];
     })
   ];

nixos/profiles/global/nix.nix

@@ -1,4 +1,4 @@
-{ lib, nixpkgs, ... }:
+{ lib, config, pkgs, nixpkgs, self, ... }:
 {
   ## Below is to align shell/system to flake's nixpkgs
   ## ref: https://nixos-and-flakes.thiscute.world/best-practices/nix-path-and-flake-registry
@@ -14,6 +14,8 @@
     # https://github.com/NixOS/nix/issues/9574
     settings.nix-path = lib.mkForce "nixpkgs=/etc/nix/inputs/nixpkgs";
 
+    ###
+
     settings = {
       # Enable flakes
       experimental-features = [

shell.nix

@@ -12,6 +12,8 @@
   import nixpkgs { inherit system overlays; }
 , ...
 }:
+let
+in
 pkgs.mkShell {
   # Enable experimental features without having to specify the argument
   NIX_CONFIG = "experimental-features = nix-command flakes";