artem/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add config for deimos

Browse Source
This commit is contained in:
Artem Sheremet
2026-03-27 21:47:46 +00:00
parent 921afda0cc
commit 7416a1cedc
2 changed files with 253 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

118
flake.lock generated
View File

@@ -1,8 +1,24 @@
{
"nodes": {
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "NixOS",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
"systems": "systems_2"
},
"locked": {
"lastModified": 1681202837,
@@ -18,6 +34,73 @@
"type": "github"
}
},
"fw_nix": {
"inputs": {
"git-hooks": "git-hooks",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1774644415,
"narHash": "sha256-VqfuCcuJaptN75l7GhDrTAGvD2fJGYFMtj31l1Qv3KE=",
"ref": "refs/heads/main",
"rev": "abc6d28f4ef01a5308ee7b548356db009ca1d297",
"revCount": 8,
"type": "git",
"url": "https://github.com/futureware-tech/nix.git"
},
"original": {
"type": "git",
"url": "https://github.com/futureware-tech/nix.git"
}
},
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"fw_nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1774104215,
"narHash": "sha256-EAtviqz0sEAxdHS4crqu7JGR5oI3BwaqG0mw7CmXkO8=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "f799ae951fde0627157f40aec28dec27b22076d0",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"fw_nix",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@@ -54,10 +137,28 @@
"type": "github"
}
},
"nixpkgs-screen": {
"locked": {
"lastModified": 1737753705,
"narHash": "sha256-fQeXAeNQrsEUH3fd6RTjN/W+8flJiAFHo7Eya2RT87M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e518d4ad2bcad74f98fec028cf21ce5b1e5020dd",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e518d4ad2bcad74f98fec028cf21ce5b1e5020dd",
"type": "github"
}
},
"root": {
"inputs": {
"fw_nix": "fw_nix",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"nixpkgs-screen": "nixpkgs-screen",
"vscode-server": "vscode-server"
}
},
@@ -76,6 +177,21 @@
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"vscode-server": {
"inputs": {
"flake-utils": "flake-utils",

137
flake.nix
View File

@@ -3,6 +3,11 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
# too many issues with screen 5.0
# - load average in status broken
# - background colors in programs (eg less) not showing
# - caption and hardstatus color lacks intensity
nixpkgs-screen.url = "github:NixOS/nixpkgs/e518d4ad2bcad74f98fec028cf21ce5b1e5020dd";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
@@ -11,6 +16,10 @@
url = "github:nix-community/nixos-vscode-server";
inputs.nixpkgs.follows = "nixpkgs";
};
fw_nix = {
url = "git+https://github.com/futureware-tech/nix.git";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
@@ -19,7 +28,15 @@
nixpkgs,
home-manager,
vscode-server,
}:
...
}@inputs:
let
trustedSSHKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBxRBsFGa8OFbviYDGSAKLgfm/K2XUxvCo+31FW37yab artem"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJhQjxeLZUWdEPMqPNS8wTTrg4lbzBAOLKvdsJd0fSBcW5ILuEbKQjgEIwmYuR/iGhnqIp7rQK48xL/4CauQUyg= office-dock-usb-a"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJg7zQ4H0LQeQcILZBwCzQ+MYKtCgKm7HPe9oFeoyprKZXAvpm+HDHtaYdU39JF9f+nvRztzXuMhgETAQMAQCkc= fingerprint@macbook"
];
in
{
homeModules.main = {
imports = [ ./modules/home.nix ];
@@ -56,6 +73,8 @@
{
# TODO: consider
# https://nest.pijul.com/yonkeltron/macOS-nix-config:main/ZLDSMIXK5XFW6.EIAAA
# and
# https://github.com/bgub/nix-macos-starter/tree/main
home.username = "artem";
home.homeDirectory = "/Users/artem";
@@ -102,5 +121,121 @@
)
];
};
nixosConfigurations.deimos = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit trustedSSHKeys;
pkgs-screen = import inputs.nixpkgs-screen {
system = "x86_64-linux";
};
};
modules = [
inputs.fw_nix.nixosModules.nix-gc
inputs.fw_nix.nixosModules.nix-settings
inputs.fw_nix.nixosModules.tools
inputs.fw_nix.nixosModules.sshd
inputs.fw_nix.nixosModules.futureware
(
{ modulesPath, pkgs, pkgs-screen, ... }:
{
imports = [
"${modulesPath}/virtualisation/lxc-container.nix"
];
# Incus config:
# - keep root as-is (requirement from incus; just ignore it)
# - add a disk for /home/artem
# - add a disk for /nix
# "incus config edit deimos" and add under "config:"
# raw.lxc: lxc.init.cmd = /nix/var/nix/profiles/system/init
# TODO: persistence with SSH host keys, then automatically run
# "incus rebuild --empty deimos" periodically
# Needs /sbin to be preset because bootloader installer uses that
# path; consider either creating using systemd.tmpfiles or
# overwriting bootloader installer / activation script.
# https://github.com/NixOS/nixpkgs/blob/c080e09eaca35383aa8dd2be863b37c933ed8812/nixos/modules/virtualisation/lxc-container.nix#L105
users.users.artem = {
uid = 1000;
isNormalUser = true;
extraGroups = [
"wheel"
"docker"
];
openssh.authorizedKeys.keys = trustedSSHKeys;
shell = pkgs.zsh;
};
security.sudo.wheelNeedsPassword = false;
virtualisation.docker.enable = true;
# TODO: manage /home/artem with home-manager
programs.zsh.enable = true;
documentation.man.enable = true;
programs.direnv = {
enable = true;
settings.global = {
warn_timeout = "30s";
hide_env_diff = true;
};
};
environment.systemPackages = with pkgs; [
# TODO: clean this up against linux-headless
git
pkgs-screen.screen
sshfs
silver-searcher
file
nixfmt
nixd
home-assistant-cli
gemini-cli
yt-dlp
# From hosts/common/tools.nix:
# Software debug
iotop
dool # dool --time --disk -D /dev/sde,/dev/sdf --top-bio --top-cpu --zfs-arc
strace
ltrace
smem # smem -tkP nginx
# Hardware info and tunables
parted
hdparm
efivar
efibootmgr
sg3_utils # sg_unmap
lm_sensors # sensors
nvme-cli
dmidecode
ethtool
];
# unprivileged LXCs can't set net.ipv4.ping_group_range
security.wrappers.ping = {
owner = "root";
group = "root";
capabilities = "cap_net_raw+p";
source = "${pkgs.iputils.out}/bin/ping";
};
# For building RPi configs. Extra steps are handled by the host (nas).
# https://discuss.linuxcontainers.org/t/systemd-binfmt-service-is-masked/21566/4
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
networking = {
hostName = "deimos";
domain = "home.arpa";
};
system.stateVersion = "25.11"; # Never change this.
}
)
];
};
};
}