From b0290b45c3ff7bb39e14f1ca06505dd7a2e43d59 Mon Sep 17 00:00:00 2001 From: Katarina Sheremet Date: Mon, 8 Jun 2026 20:35:21 +0200 Subject: [PATCH] Add dia --- flake.lock | 16 ++++++++++ flake.nix | 32 +++++++++++++++++++ hosts/common/home.nix | 22 +++++++++++++ hosts/dia/home.nix | 5 +++ hosts/dia/nixos.nix | 72 ++++++++++++++++++++++++++++++++++++++++++ hosts/jupiter/home.nix | 6 ++++ 6 files changed, 153 insertions(+) create mode 100644 hosts/common/home.nix create mode 100644 hosts/dia/home.nix create mode 100644 hosts/dia/nixos.nix diff --git a/flake.lock b/flake.lock index d145c68..870871b 100644 --- a/flake.lock +++ b/flake.lock @@ -467,6 +467,21 @@ "type": "sourcehut" } }, + "jail-nix_2": { + "locked": { + "lastModified": 1772137954, + "narHash": "sha256-h4MGNbOo7L3RHi4uNFmsg5g17/DHXEfnv/xiG6BrNFQ=", + "owner": "~alexdavid", + "repo": "jail.nix", + "rev": "42b355c38ca63dab4904acc5c0d95f17954a8c9b", + "type": "sourcehut" + }, + "original": { + "owner": "~alexdavid", + "repo": "jail.nix", + "type": "sourcehut" + } + }, "nix-homebrew": { "inputs": { "brew-src": "brew-src" @@ -558,6 +573,7 @@ "fw_nix": "fw_nix_2", "git-hooks": "git-hooks_4", "home-manager": "home-manager_2", + "jail-nix": "jail-nix_2", "nix-homebrew": "nix-homebrew_2", "nixpkgs": "nixpkgs", "nixpkgs-screen": "nixpkgs-screen", diff --git a/flake.nix b/flake.nix index 64e90e0..704c683 100644 --- a/flake.nix +++ b/flake.nix @@ -30,6 +30,7 @@ url = "git+https://github.com/dotdoom/dotfiles.git"; inputs.nixpkgs.follows = "nixpkgs"; }; + jail-nix.url = "sourcehut:~alexdavid/jail.nix"; }; outputs = @@ -54,6 +55,18 @@ ); }); + homeConfigurations."katarina@dia" = home-manager.lib.homeManagerConfiguration { + pkgs = import nixpkgs { + system = "x86_64-linux"; + }; + extraSpecialArgs.primaryUser = "katarina"; + modules = [ + inputs.fw_nix.nixosModules.identities + inputs.artem_dotfiles.homeModules.linux-headless + ./hosts/dia/home.nix + ]; + }; + homeConfigurations."katarina@jupiter" = home-manager.lib.homeManagerConfiguration { pkgs = nixpkgs.legacyPackages.aarch64-darwin; extraSpecialArgs.primaryUser = "katarina"; @@ -64,6 +77,25 @@ ]; }; + nixosConfigurations.dia = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + primaryUser = "katarina"; + inherit (inputs) jail-nix; + }; + modules = [ + inputs.fw_nix.nixosModules.identities + inputs.artem_dotfiles.nixosModules.linux-headless + inputs.artem_dotfiles.nixosModules.linux-lxc + inputs.fw_nix.nixosModules.nix-gc + inputs.fw_nix.nixosModules.nix-settings + inputs.fw_nix.nixosModules.tools + inputs.fw_nix.nixosModules.sshd + inputs.fw_nix.nixosModules.futureware + ./hosts/dia/nixos.nix + ]; + }; + darwinConfigurations.jupiter = darwin.lib.darwinSystem { system = "aarch64-darwin"; specialArgs.primaryUser = "katarina"; diff --git a/hosts/common/home.nix b/hosts/common/home.nix new file mode 100644 index 0000000..59ac233 --- /dev/null +++ b/hosts/common/home.nix @@ -0,0 +1,22 @@ +{ + identities, + primaryUser, + ... +}: +let + user = identities.users.${primaryUser}; +in +{ + programs.git = { + signing = { + # Will be available on remote machines via SSH agent (Secretive). + key = "key::" + user.sign."sign@jupiter".publicKey; + signByDefault = true; + }; + + settings.user = { + name = "Katarina Sheremet"; + inherit (user) email; + }; + }; +} diff --git a/hosts/dia/home.nix b/hosts/dia/home.nix new file mode 100644 index 0000000..0cea8bc --- /dev/null +++ b/hosts/dia/home.nix @@ -0,0 +1,5 @@ +_: { + imports = [ + ../common/home.nix + ]; +} diff --git a/hosts/dia/nixos.nix b/hosts/dia/nixos.nix new file mode 100644 index 0000000..eb0cccf --- /dev/null +++ b/hosts/dia/nixos.nix @@ -0,0 +1,72 @@ +{ + pkgs, + identities, + primaryUser, + jail-nix, + ... +}: +let + jail = jail-nix.lib.init pkgs; +in +{ + users.users.${primaryUser} = { + uid = 1000; + isNormalUser = true; + extraGroups = [ + "wheel" + "docker" + "kvm" + ]; + openssh.authorizedKeys.keys = identities.getAccessKeys { user = primaryUser; }; + shell = pkgs.zsh; + }; + + virtualisation.docker.enable = true; + + environment.systemPackages = with pkgs; [ + (jail "jailed-agy" pkgs.antigravity-cli ( + with jail.combinators; + [ + network + time-zone + no-new-session + mount-cwd + + (readwrite (noescape "~/.gemini")) + # The above is a stow-controlled symlink to the following. + (readwrite (noescape "~/dotfiles/legacy/.gemini")) + + (add-pkg-deps ( + with pkgs; + [ + bashInteractive + curl + wget + jq + git + which + ripgrep + gnugrep + gnused + gawkInteractive + ps + findutils + gzip + unzip + gnutar + diffutils + coreutils + procps + + python3 + ] + )) + ] + )) + ]; + + networking = { + hostName = "dia"; + domain = "home.arpa"; + }; +} diff --git a/hosts/jupiter/home.nix b/hosts/jupiter/home.nix index 60bc0f2..8a1acbe 100644 --- a/hosts/jupiter/home.nix +++ b/hosts/jupiter/home.nix @@ -1,5 +1,9 @@ { pkgs, ... }: { + imports = [ + ../common/home.nix + ]; + home.packages = with pkgs; [ google-chrome @@ -11,6 +15,8 @@ zoom-us chatgpt + + antigravity-cli ]; programs.java = {