From 87778bd3fa5c658dfcd2a7f91eabdac7580edfac Mon Sep 17 00:00:00 2001 From: pph Date: Thu, 5 Feb 2026 19:57:56 +0100 Subject: [PATCH] init new host Signed-off-by: pph --- flake.nix | 15 ++++++ hosts/pph/configuration.nix | 25 ++++++++++ hosts/pph/hardware-configuration.nix | 31 ++++++++++++ hosts/pph/home.nix | 75 ++++++++++++++++++++++++++++ hosts/pph/secrets/default.nix | 42 ++++++++++++++++ hosts/pph/secrets/secrets.yaml | 17 +++++++ hosts/pph/variables.nix | 42 ++++++++++++++++ 7 files changed, 247 insertions(+) create mode 100644 hosts/pph/configuration.nix create mode 100644 hosts/pph/hardware-configuration.nix create mode 100644 hosts/pph/home.nix create mode 100644 hosts/pph/secrets/default.nix create mode 100644 hosts/pph/secrets/secrets.yaml create mode 100644 hosts/pph/variables.nix diff --git a/flake.nix b/flake.nix index 64c90c4..ce137bc 100644 --- a/flake.nix +++ b/flake.nix @@ -53,6 +53,21 @@ ./hosts/laptop/configuration.nix # CHANGEME: change the path to match your host folder ]; }; + + pph = + nixpkgs.lib.nixosSystem { + modules = [ + { + nixpkgs.overlays = []; + _module.args = { + inherit inputs; + }; + } + inputs.home-manager.nixosModules.home-manager + inputs.stylix.nixosModules.stylix + ./hosts/pph/configuration.nix + ]; + }; # Jack is my server jack = nixpkgs.lib.nixosSystem { modules = [ diff --git a/hosts/pph/configuration.nix b/hosts/pph/configuration.nix new file mode 100644 index 0000000..99a8315 --- /dev/null +++ b/hosts/pph/configuration.nix @@ -0,0 +1,25 @@ +{config, ...}: { + imports = [ + # Mostly system related configuration + ../../nixos/audio.nix + ../../nixos/bluetooth.nix + ../../nixos/fonts.nix + ../../nixos/home-manager.nix + ../../nixos/nix.nix + ../../nixos/systemd-boot.nix + ../../nixos/sddm.nix + ../../nixos/users.nix + ../../nixos/utils.nix + ../../nixos/hyprland.nix + ../../nixos/docker.nix + + # You should let those lines as is + ./hardware-configuration.nix + ./variables.nix + ]; + + home-manager.users."${config.var.username}" = import ./home.nix; + + # Don't touch this + system.stateVersion = "24.05"; +} diff --git a/hosts/pph/hardware-configuration.nix b/hosts/pph/hardware-configuration.nix new file mode 100644 index 0000000..900e023 --- /dev/null +++ b/hosts/pph/hardware-configuration.nix @@ -0,0 +1,31 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/5dbf85d3-d236-4af8-b489-d6066bfe1eb7"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/043E-1755"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/pph/home.nix b/hosts/pph/home.nix new file mode 100644 index 0000000..dd36183 --- /dev/null +++ b/hosts/pph/home.nix @@ -0,0 +1,75 @@ +{ + pkgs, + config, + ... +}: { + imports = [ + # Programs + ../../home/programs/brave + ../../home/programs/ghostty + ../../home/programs/nvf + ../../home/programs/shell + ../../home/programs/fetch + ../../home/programs/git + ../../home/programs/git/lazygit.nix + ../../home/programs/thunar + ../../home/programs/nixy + ../../home/programs/zathura + ../../home/programs/nightshift + ../../home/programs/group/cybersecurity.nix + + # System (Desktop environment like stuff) + ../../home/system/hyprland + ../../home/system/caelestia-shell + ../../home/system/hyprpaper + ../../home/system/mime + ../../home/system/udiskie + + ./variables.nix # Mostly user-specific configuration + ./secrets + ]; + + home = { + packages = with pkgs; [ + # Apps + vlc # Video player + blanket # White-noise app + obsidian # Note taking app + textpieces # Manipulate texts + resources # Ressource monitor + gnome-clocks # Clocks app + gnome-text-editor # Basic graphic text editor + mpv # Video player + + # Dev + go + bun + docker + nodejs + python3 + jq + just + air + duckdb + + # Just cool + peaclock + cbonsai + pipes + cmatrix + fastfetch + + # Backup + vscode + vivaldi + ]; + + inherit (config.var) username; + homeDirectory = "/home/" + config.var.username; + + # Don't touch this + stateVersion = "24.05"; + }; + + programs.home-manager.enable = true; +} diff --git a/hosts/pph/secrets/default.nix b/hosts/pph/secrets/default.nix new file mode 100644 index 0000000..e2a05ba --- /dev/null +++ b/hosts/pph/secrets/default.nix @@ -0,0 +1,42 @@ +# Those are my secrets, encrypted with sops +# You shouldn't import this file, unless you edit it +{ + pkgs, + inputs, + ... +}: { + imports = [inputs.sops-nix.homeManagerModules.sops]; + + sops = { + age.keyFile = "/home/hadrien/.config/sops/age/keys.txt"; + defaultSopsFile = ./secrets.yaml; + secrets = { + ssh-config = {path = "/home/hadrien/.ssh/config";}; + github-key = {path = "/home/hadrien/.ssh/github";}; + }; + }; + + home.file.".config/nixos/.sops.yaml".text = '' + keys: + - &primary age12yvtj49pfh3fqzqflscm0ek4yzrjhr6cqhn7x89gdxnlykq0xudq5c7334 + - &work age1c8pawdsxptfslgrz2c56s39mrtnjzc5mm3hfzgr2wdwu2v6vfsdsupjsq6 + creation_rules: + - path_regex: hosts/laptop/secrets/secrets.yaml$ + key_groups: + - age: + - *primary + - path_regex: hosts/server/secrets/secrets.yaml$ + key_groups: + - age: + - *primary + - path_regex: hosts/pph/secrets/secrets.yaml$ + key_groups: + - age: + - *work + ''; + + systemd.user.services.mbsync.Unit.After = ["sops-nix.service"]; + home.packages = with pkgs; [sops age]; + + wayland.windowManager.hyprland.settings.exec-once = ["systemctl --user start sops-nix"]; +} diff --git a/hosts/pph/secrets/secrets.yaml b/hosts/pph/secrets/secrets.yaml new file mode 100644 index 0000000..0f1fc68 --- /dev/null +++ b/hosts/pph/secrets/secrets.yaml @@ -0,0 +1,17 @@ +ssh-config: ENC[AES256_GCM,data:Lumo+F66f212HZPAu61nO3Wqf/0uBPL5tL/p1SaAGDrWxq3ELlM/zMdF0q9UTcCdX2l7ech08oo2J94m3Z3IWn2u3Ooeu35L9beaRvOcrXuUz3SZDL311hY59tpENLPk6FmSDfMtoOG52Q2jvEo4+6EQ7+5Vl28fZQwRaixOOA==,iv:YrpcQb14UKndXKudZq93efky3f5K1HOaVutpx0iQ3YE=,tag:2w/UVzwgkYoCpq0aj/+7Iw==,type:str] +github-key: ENC[AES256_GCM,data:GmZfleQssslbVIiqyzhszhsfXHZcuBgkCREna7AHtP95lyG2F/0u8LUmliQePxwMirJLHCMnl5z0QIvAIsOtXsb6oKEk+Zc9BRapE/d+vmaKqWH06ip5TIEkGHOzxPziR1KmaLPw6RpgyC84p00jiNy6uNPq8iEibdsLA/YPSxfiYCon+i3qZ4qEDws2ZBacEvYCt6A/vyXSTpv3mZCpAUP2Ageghy4mYioIxjt/AG/QwJaN3excyoPPITZ7kMrnJ1t/6vSu0rb15i0sWULFIuOLaniTpp3N3mw7A9t5W+z9POBUIoL9L/m3DMRKsl6Fck8s/Fp+5XvpkSCTZIqG+lJVz/eemZcsr/mR9rvsFmCKNjS7Fa54WZ8O/yABWjIV2e4DCdMgUnq/MlOePmPWJROTqjIjRACrgzco2s9KwCvBAfZJIOenc0sMIhgn0VA1gnxTHC1ycJp5T5awTfTVTImxCACnUZK8nChCEpiK1QGSpnxTD3a9RoaHiE3pBiINmYVK7eU3VWqVh1K9wvIODfTK1zASr3ere8Rvx3xmIiK6NKx5GFQ4DazZsyv1zDZYb/kOVu33sSlmGuoMvJ9QadN0+fu8sTj0hi9OBH6qpTIrSw9SWhJnX4fXMN6mbwC2QJB+jJYrh/G10J3xAZwxlrujVz9t7fFzv31Xitk8zSkvFpfJFbJWcGZArvyvTP4xPDh/2+eXqK01nQ002puv7XIIEJaF0kOcASR0w7qjDXG598IGBwypFyj+oljBWluMkjNV+M9Gc+YhbsDYSyI56fqqraC3Vqek8dXK8PmNFfQ62zZtZ3OMBzMjwe+tq0Q6LKdzaJR3N4pF2wqj9df37S/onJFCpU3+XkU5Ur9fk94bs8McvY5Y5k0r6TZNbz6Ye08yHVZa/MzPQG9dXpc38hHdfldDj6gz87XkHQDbABzqQ+j1RL0N7NUMsa9tR3hJZPV2lZYm5TNQYfAa8jDnuO2NwhGrGoD/jFycVElulyHV2F1goMag9MRGK7obpoVUN2RtnSj1eYlH0E6uGuCwBe8GAjhIVCnXQIn5hErJjh7VWeeastdfMlw5z3JzKMaTPXusLY0BoGejDIvRh8NE+R9vv4kO4PDJk/dTYTGfBhgcjdD+nD/uf1mdpzlV/ojaGbH2JxylQ8LkWVd7rwIhS4skLwcE+9NHuBVTkc2eP9i0FnTxsJOlX1RWQn3OewxrcnNuVaGMnZisIk/hXz4Qj1I32+5vD1w5vzRZyXy9QZBGlED6ggbj7SDuSBKze6KYq2saIf4d0n8pScyiziSjGzaKdjW9k7T15XOg6O4kbwuG+fOQSOLGB0lY173gA5P5hy4SRF12Yyk4fK1N/T80SudI/DTy5Zj+e1uvPcBseAw0EGDUoyWeqSTCMSdk4q+B6mdvFPx3002EuhVKE6saNMzTZ/5CweLQlYFSp4fmIVhkih7XKcNSOamjsUFFVjjg5QNY9lDuvJ25DTIhvD9xhr7VHgyVSV6CoyUUkOpOA0GWW4Qx+xvv+NrDjsVVlmKUlGRsX7HNPZIyS4RiR7ikP/jLVNYYig63vXqvuIqXeLLAdyrO6DwfcnM51u0Q6Dpsb9OJbNR1zjxK9MSyVyHMP6RNs1oQgPfypa67eQMJ7Tw9JEHIH/VMVL/Ha7dfThB3mkAM5HRbnUA6eSMkwYdBjRF27ERXLSywCitIVx9xsN//FcR8yg0iDQvmp+HPWQkL4zJo6lPLblIhgNWsp7i23F554G4KpbosKZU6RwG7xNaqMF0ATAxt2l0oIU7DGmO6iH7W1kyiLmBBAqFOR+43ikSZOqgJh/PjlFLE0hdoDzL3jerFPA7CCU4bmcspBO3afS/wLO1AaQ6i9rLlRpjY+8HRpB6PKEPOVUrAoaef88vICQDN39/Z3a4IfUIqJ6bEYZRhoVrMJF0FXGDpO7hk0cfXabj3VKG7n0LtDFD6vzydhfh2E3sIY6sSUNtSWJ9DOWk0MtrVhuZoHB9XPiXPShm25BitaHJsB6tin+8AUMhLz1kfDO1Qo6FUpNKnFXBVuYL05J2nqG7RRYwXZq9mqwhHLmsUtVjhndpwHK929WeQ/PR1A2OOJPuXWARjp2XhhBlrbrYy1RnY528joLc8wWtQGQVx4LmJKA8lxFtdb3Ina57N8R/U1Vvf//vBBb1blfgYY7w6zfwxeAjtbqnGVhWb3pdM2hAou/5M9rMOJxE+CyUtLibahO7sfZ9nnMb4gltQfKmN4LnwXPmaILz0xx0eJvsbN/yV+CLnmBqJ8D+dJg6ANGrTbMSveWvgIifr3NIIy1t2l6hQyYRava8XhoRCW7xmxTNzQzUh3xY17Z4cw5YJ4ac139Le836mzCKl9yscI5R2a97g7tnGOruQP/PCu6DIUaLRoitfpnEorZBLuVwUU00QW1RUb4ooKrvGap5/GjqglsVdiZQJrml+REmZyJRtoBT29zXU/JI6UYZrwRvXhRu4mWaxrLEmrrqQ5ABqpwy4ednuxQbHZPY3Hy1tXEtc3zeloT877cLgmgJ5CaYHnyXindpHzQBtPBMmbE8zHHs1lyZ11Jz1hfGc5h48U5YjyrXQqpbLSf6DC53ysXDl/JE4lD0WElqUmq15VpTZ2Ue43CEfasbXbP4mAZ7ixQXj3qVZZNz1tZ8Y5MZYqvtZC1YDn/tAWtd0SuUwK5qdq7mRo7d/dLASnkTGQfdg7QD2+EsWPtT2wtmVsPVQyatP3isM6wLO8LY+h/1hZyPyyJ6X9LXbac+/SGXECP6nvxbDkhzbcwQBZDHNopAeVbLQ9TyruvIxqDlyOjBgygigJlOiWA2zihf7ujn+bBjQVV/wNROfFS9IrKgITgWgeInGeWs0fXW4KoJNMqI7ftk7VWcKBonoNItanEHin2pwDRZM+v5xxjbjA5K4ZOqSMnwIPMr7WceKy14OMZN0o1MRmFOV9i128KkcppZAKt5++CmndtLsHfJ4sl+AfoYhLJcX9JTPLMD9sKqtZl086I+dI+rS3RAFkKdzgkY2BMXaOCWg33fC3S8olno4y8qFTnI+6UT/M+EZtsIoh1rG2MX3TdVNH1yppPK+1UluYxmPZxNSLJajUmFgAixq7AqFd40ULrHs/nCozoIgs772ttzo55Ri/7BCO+INtnyBp0MeNCHWC8g+UOwH/vGqdsRIQE28udwrmDIdt3Bh+tK9r5+6GvZN8gC89ZaorI+5uaLxFsjwMM3pNpIMfilahN47tbfcqXKRWpOSNbWo75L9bv0I1U2YPQ5JpKTjPveM5gL5l/8dMARrGfQ7qLB54x7kQRG6HCQmAnQr3t6HWU5bTKL1NKbb4HlqUai11k4/yAAPu8JrJjvDkIcNXILKQkN8wNQYZE91ALo/EsvnFO57+ev9jy1bYfkJkwp+qbirh7w/150qGZpADIWU4u8sirPofqj0aTZQI/53iPiuvhV8B50ZATCL8So3dFV8iQjfHp4jJdjoc6HatQMfuAsSi4PUBDv9Deh7NXRdfjXGwjvDZj03EnTty13qUE/caYxKKcUwbxzlmxLU/BxWL4/Zn6/MK9fCjcT4EBvSQQPNvYgmLUZrAEzL46X4sO7dKaZxvEelHzO2SeNbeW9fYUqL2tQ4ChnC46oKvIF+XT5xfGS1er7Mske6Y2JVs7loOMNpDfzIHZEWNA3iSmFGnhGU51itsWP3DmJAE+/dVRA/lkPiQmP/XofZtuLPyY3JKD/CHmKMvkuDrB+Q6ZZjUONfH7KZcTrBPM0RcNze2xJEk8xjUtL6XQm5tUYyy2RDYl7yVPDn5a1olgATkv+4BroxOLBpQ0HkQpnsj549sa+40IEMOZUDNoExjvs6ukEgax4/Fi8slTc++vRCv7kyMGl6DeFV3oAVzvkTK/vQfG0C8yXwuYG9wN9Ihn9GSgPejXBb4uxuZoFpa0/BfJBa5xYM1c+ewf7qIQA5I0Tnm3W9YXqZ6XHK+TaduqJ6xQcD9MrD79sJpeR7GoMIi7vHGEJU8ZN8AGX1/qpM5dwbB4CfgYk0AQauHhdaVzgYym2AueywyUaaRzit2dn9oIvDfksHqXV+QVfXXBuLbt6x5O7KNGZwuQhaRamPHl/SckxW5Tm+tZjsizs3hB2f+JWCO+BuboxDbO0YfolasX2YUDBfrvtqeCZ/WAt+VQYLJ3fzXtmVafeIWDWmNhi6FfkuZ1gCwmubQzSBMYG4Usc2T6OTUN51cbSx/IGSCIBeJ+goOWCc1hpjyqrvaoH+brTgR0gwbczI5h5ukfi1ZrXuL5Bwqj9mwyK1vkLYBcF2uNL2KDrRTgGBVMbHwc2/5KdCnMTmjmghDtRJxzFkaSsHODjapW8or7wJpMYDDaTLQgGWQ+weUDNrilhWau3HWo2T/V8SlyFRcrGvs2WLhF2o5/4a5lpnZZGcnp22iX5GVU4jBaqraSd9W5DuXIxXGRLCkONrxz82Vw3rzB3hop362O1zSS2ygFLxF/QPk3tspWWNyMMKlXByLne6oqmVRK5etxoNbqYeOiO80fWqXNv7FAG8zjIj+gpQfIQEGQsmpeufKAVgQlczPzglzpR0hcA=,iv:7SuHnThyDeOMpDMZ5/LCiyxsFvzkNwEV8xpL56FI/qw=,tag:4CLUrclfHQU+2M1OxLtw7w==,type:str] +sops: + age: + - recipient: age1c8pawdsxptfslgrz2c56s39mrtnjzc5mm3hfzgr2wdwu2v6vfsdsupjsq6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvelBDQ2FYR3dvRHl6dUc4 + UmwyZXhKL3JyS09JSUxZUFEzdmlTQk4xZFJRCm9vQmlzUzlZelZCWlVTVzJEN3N1 + MXV1RGZSTHN2KzBRVDdvQURGTE1PZUUKLS0tIEp6UlZsZlFORUVSb0w0ZERsQ1pB + Szd1TDFqQ016WWd1SFowN0ptcGlyRGcKRH424S/7enLTuACcJyFUdbIgsUl0U/5i + 6WRrU0kHesh0gcxU1QMvLKiUZdYwo+pFoDWZiocNUKlEt49isncMrQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-02-05T18:53:31Z" + mac: ENC[AES256_GCM,data:nZ4y/ftfZylcwIwQ5G/Ek8U4WCn6Y18zriZEFAD996xEN3r0d73+uxcm5BWgmzmI8sL+u+iyKh3vU6E+yfhY1kT7/rZqKDwrjRG1kBRzxEdc1XLwGazo7LWPzAakhugVOAlcYewg3vq/IO3XzaAnmxXMgpwDDe0m+1wDNr0XeOs=,iv:B8sWrKmumSnyf1ycEZJmrN/MZP0hmO5s5CEtGEuJi+4=,tag:dCQWj3R24n9U5+buNq2plg==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/hosts/pph/variables.nix b/hosts/pph/variables.nix new file mode 100644 index 0000000..5da88ab --- /dev/null +++ b/hosts/pph/variables.nix @@ -0,0 +1,42 @@ +{ + config, + lib, + ... +}: { + imports = [ + # Choose your theme here: + ../../themes/rose-pine.nix + ]; + + config.var = { + hostname = "pph"; + username = "hadrien"; + configDirectory = + "/home/" + + config.var.username + + "/.config/nixos"; # The path of the nixos configuration directory + + keyboardLayout = "fr"; + + location = "Paris"; + timeZone = "Europe/Paris"; + defaultLocale = "en_US.UTF-8"; + extraLocale = "fr_FR.UTF-8"; + + git = { + username = "pph"; + email = "pph@pph.pph"; + }; + + autoUpgrade = false; + autoGarbageCollector = true; + }; + + # DON'T TOUCH THIS + options = { + var = lib.mkOption { + type = lib.types.attrs; + default = {}; + }; + }; +}