Add dia

flake.lock

@@ -467,6 +467,21 @@
         "type": "sourcehut"
       }
     },
+    "jail-nix_2": {
+      "locked": {
+        "lastModified": 1772137954,
+        "narHash": "sha256-h4MGNbOo7L3RHi4uNFmsg5g17/DHXEfnv/xiG6BrNFQ=",
+        "owner": "~alexdavid",
+        "repo": "jail.nix",
+        "rev": "42b355c38ca63dab4904acc5c0d95f17954a8c9b",
+        "type": "sourcehut"
+      },
+      "original": {
+        "owner": "~alexdavid",
+        "repo": "jail.nix",
+        "type": "sourcehut"
+      }
+    },
     "nix-homebrew": {
       "inputs": {
         "brew-src": "brew-src"
@@ -558,6 +573,7 @@
         "fw_nix": "fw_nix_2",
         "git-hooks": "git-hooks_4",
         "home-manager": "home-manager_2",
+        "jail-nix": "jail-nix_2",
         "nix-homebrew": "nix-homebrew_2",
         "nixpkgs": "nixpkgs",
         "nixpkgs-screen": "nixpkgs-screen",

flake.nix

@@ -30,6 +30,7 @@
       url = "git+https://github.com/dotdoom/dotfiles.git";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    jail-nix.url = "sourcehut:~alexdavid/jail.nix";
   };
 
   outputs =
@@ -54,6 +55,18 @@
         );
       });
 
+      homeConfigurations."katarina@dia" = home-manager.lib.homeManagerConfiguration {
+        pkgs = import nixpkgs {
+          system = "x86_64-linux";
+        };
+        extraSpecialArgs.primaryUser = "katarina";
+        modules = [
+          inputs.fw_nix.nixosModules.identities
+          inputs.artem_dotfiles.homeModules.linux-headless
+          ./hosts/dia/home.nix
+        ];
+      };
+
       homeConfigurations."katarina@jupiter" = home-manager.lib.homeManagerConfiguration {
         pkgs = nixpkgs.legacyPackages.aarch64-darwin;
         extraSpecialArgs.primaryUser = "katarina";
@@ -64,6 +77,25 @@
         ];
       };
 
+      nixosConfigurations.dia = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = {
+          primaryUser = "katarina";
+          inherit (inputs) jail-nix;
+        };
+        modules = [
+          inputs.fw_nix.nixosModules.identities
+          inputs.artem_dotfiles.nixosModules.linux-headless
+          inputs.artem_dotfiles.nixosModules.linux-lxc
+          inputs.fw_nix.nixosModules.nix-gc
+          inputs.fw_nix.nixosModules.nix-settings
+          inputs.fw_nix.nixosModules.tools
+          inputs.fw_nix.nixosModules.sshd
+          inputs.fw_nix.nixosModules.futureware
+          ./hosts/dia/nixos.nix
+        ];
+      };
+
       darwinConfigurations.jupiter = darwin.lib.darwinSystem {
         system = "aarch64-darwin";
         specialArgs.primaryUser = "katarina";

hosts/common/home.nix

@@ -0,0 +1,22 @@
+{
+  identities,
+  primaryUser,
+  ...
+}:
+let
+  user = identities.users.${primaryUser};
+in
+{
+  programs.git = {
+    signing = {
+      # Will be available on remote machines via SSH agent (Secretive).
+      key = "key::" + user.sign."sign@jupiter".publicKey;
+      signByDefault = true;
+    };
+
+    settings.user = {
+      name = "Katarina Sheremet";
+      inherit (user) email;
+    };
+  };
+}

hosts/dia/home.nix

@@ -0,0 +1,5 @@
+_: {
+  imports = [
+    ../common/home.nix
+  ];
+}

hosts/dia/nixos.nix

@@ -0,0 +1,72 @@
+{
+  pkgs,
+  identities,
+  primaryUser,
+  jail-nix,
+  ...
+}:
+let
+  jail = jail-nix.lib.init pkgs;
+in
+{
+  users.users.${primaryUser} = {
+    uid = 1000;
+    isNormalUser = true;
+    extraGroups = [
+      "wheel"
+      "docker"
+      "kvm"
+    ];
+    openssh.authorizedKeys.keys = identities.getAccessKeys { user = primaryUser; };
+    shell = pkgs.zsh;
+  };
+
+  virtualisation.docker.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    (jail "jailed-agy" pkgs.antigravity-cli (
+      with jail.combinators;
+      [
+        network
+        time-zone
+        no-new-session
+        mount-cwd
+
+        (readwrite (noescape "~/.gemini"))
+        # The above is a stow-controlled symlink to the following.
+        (readwrite (noescape "~/dotfiles/legacy/.gemini"))
+
+        (add-pkg-deps (
+          with pkgs;
+          [
+            bashInteractive
+            curl
+            wget
+            jq
+            git
+            which
+            ripgrep
+            gnugrep
+            gnused
+            gawkInteractive
+            ps
+            findutils
+            gzip
+            unzip
+            gnutar
+            diffutils
+            coreutils
+            procps
+
+            python3
+          ]
+        ))
+      ]
+    ))
+  ];
+
+  networking = {
+    hostName = "dia";
+    domain = "home.arpa";
+  };
+}

hosts/jupiter/home.nix

@@ -1,5 +1,9 @@
 { pkgs, ... }:
 {
+  imports = [
+    ../common/home.nix
+  ];
+
   home.packages = with pkgs; [
     google-chrome
 
@@ -11,6 +15,8 @@
     zoom-us
 
     chatgpt
+
+    antigravity-cli
   ];
 
   programs.java = {