chore: update Nix configurations for Nixcloud and common hosts

- Add Nixcloud host configurations including networking, hardware, and system settings - Refactor existing configurations for clarity and organization - Remove unused podman configuration from home-manager - Update SSH agent settings and session variables in Nixbook host
2025-10-17 17:18:35 -03:00 · 2025-10-17 17:18:35 -03:00 · e9a77fccb7
commit e9a77fccb7
parent ab832834a8
11 changed files with 240 additions and 39 deletions
--- a/flake.lock
+++ b/flake.lock
@ -183,18 +183,14 @@
    "secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1760062596,
+        "path": "git@git.sr.ht/~sposito/secrets",
-        "narHash": "sha256-nFyr+kOCo9PvdHa9JDTWtMRRqgfOqVUvBSfeyQzqDos=",
+        "type": "path"
        "ref": "refs/heads/main",
        "rev": "621da7663ad8f975b98b1cdd5756f361e4f4cc05",
        "revCount": 2,
        "type": "git",
        "url": "ssh://git@git.sr.ht/~sposito/secrets"
      },
      "original": {
-        "type": "git",
+        "path": "git@git.sr.ht/~sposito/secrets",
-        "url": "ssh://git@git.sr.ht/~sposito/secrets"
+        "type": "path"
-      }
+      },
      "parent": []
    },
    "sops-nix": {
      "inputs": {
--- a/flake.nix
+++ b/flake.nix
@ -21,16 +21,17 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    secrets = {
-      url = "git+ssh://git@git.sr.ht/~sposito/secrets";
+      url = "git@git.sr.ht/~sposito/secrets";
      flake = false;
    };
  };
  outputs =
-    { self
+    {
-    , nixpkgs
+      self,
-    , home-manager
+      nixpkgs,
-    , ...
+      home-manager,
      ...
    }@inputs:
    let
      inherit (self) outputs;
@ -87,10 +88,22 @@
      };
      # nix build .#checks.x86_64-linux
      packages.${system}.all = nixpkgs.legacyPackages.${system}.linkFarm "all-builds" [
-        { name = "nixbook"; path = self.nixosConfigurations.Nixbook.config.system.build.toplevel; }
+        {
-        { name = "nixstation"; path = self.nixosConfigurations.Nixstation.config.system.build.toplevel; }
+          name = "nixbook";
-        { name = "hm-nixbook"; path = self.homeConfigurations."thiago@Nixbook".activationPackage; }
+          path = self.nixosConfigurations.Nixbook.config.system.build.toplevel;
-        { name = "hm-nixstation"; path = self.homeConfigurations."thiago@Nixstation".activationPackage; }
+        }
        {
          name = "nixstation";
          path = self.nixosConfigurations.Nixstation.config.system.build.toplevel;
        }
        {
          name = "hm-nixbook";
          path = self.homeConfigurations."thiago@Nixbook".activationPackage;
        }
        {
          name = "hm-nixstation";
          path = self.homeConfigurations."thiago@Nixstation".activationPackage;
        }
      ];
    };
--- a/home-manager/home.nix
+++ b/home-manager/home.nix
@ -126,15 +126,6 @@
      };
    };
    podman = {
      enable = true;
      dockerCompat = true; # optional: use docker commands
      extraPackages = with pkgs; [
        fuse-overlayfs
        slirp4netns
      ];
    };
    vscode = {
      enable = true;
    };
--- a/home-manager/zsh.nix
+++ b/home-manager/zsh.nix
@ -1,7 +1,8 @@
-{ config
+{
-, lib
+  config,
-, pkgs
+  lib,
-, ...
+  pkgs,
  ...
 }:
 {
  config = {
@ -18,6 +19,8 @@
        eval "$(direnv hook zsh)"
        export GPG_TTY=$(tty)
        export EDITOR="nvim -n -c 'set noswapfile nobackup nowritebackup'"
        export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
      '';
      shellAliases = {
--- a/hosts/Nixbook/default.nix
+++ b/hosts/Nixbook/default.nix
@ -13,7 +13,9 @@
    kernelPackages = pkgs.linuxPackages_latest;
  };
-  environment.sessionVariables = { NIXOS_OZONE_WL = "1"; };
+  environment.sessionVariables = {
    NIXOS_OZONE_WL = "1";
  };
  environment.systemPackages = with pkgs; [
    exfat
    gcsfuse
@ -30,7 +32,7 @@
  networking.hostName = "Nixbook";
  programs.hyprland.enable = false;
  programs.hyprland.withUWSM = false;
-
+  programs.ssh.startAgent = false;
  hardware = {
    sane.enable = true;
    graphics.enable = true;
@ -88,7 +90,7 @@
      gdm.wayland = true;
      defaultSession = "gnome";
    };
-
+    gnome.gnome-keyring.enable = true;
    avahi = {
      enable = true;
      nssmdns4 = true;
@ -154,9 +156,5 @@
    };
  };
  system.stateVersion = "23.11";
 }
--- a/hosts/Nixcloud/default.nix
+++ b/hosts/Nixcloud/default.nix
@ -0,0 +1,95 @@
 {
  config,
  inputs,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ./users/nimbus/default.nix ];
  boot.loader.systemd-boot.enable = true;
  nixpkgs.overlays = [
    (final: prev: {
      libnitrokey = prev.libnitrokey.overrideAttrs (old: {
        cmakeFlags = (old.cmakeFlags or [ ]) ++ [
          "-DCMAKE_POLICY_VERSION_MINIMUM=3.5"
        ];
      });
    })
  ];
  environment = {
    shells = with pkgs; [ bash ];
    etc = lib.mapAttrs' (name: value: {
      name = "nix/path/${name}";
      value.source = value.flake;
    }) config.nix.registry;
    systemPackages = with pkgs; [
      ccid
      exfat
      file
      fuse3
      gcsfuse
      git
      gnupg
      libnitrokey
      libusb1
      nix-ld
      opensc
      pciutils
      pcsc-safenet
      pcsclite
      pcsctools
      pkcs11helper
      rclone
      sops
      wget
    ];
  };
  nix = {
    registry = (lib.mapAttrs (_: flake: { inherit flake; })) (
      (lib.filterAttrs (_: lib.isType "flake")) inputs
    );
    nixPath = [ "/etc/nix/path" ];
    settings = {
      download-buffer-size = "512M";
      experimental-features = "nix-command flakes";
      auto-optimise-store = true;
    };
  };
  nixpkgs.config.allowUnfree = true;
  programs = {
    gnupg = {
      agent = {
        enableSSHSupport = true;
        enable = true;
        pinentryPackage = pkgs.pinentry-tty;
      };
    };
    nix-ld = {
      enable = true;
      libraries = with pkgs; [
        glibc
        zlib
      ];
    };
  };
  services = {
    pcscd.enable = true;
    # xserver.displayManager.sessionCommands =
    #   "${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 64 = Alt_L'";
    udev.packages = [
      pkgs.nitrokey-udev-rules
    ];
  };
  users.groups.scard = { };
  time.timeZone = "America/Sao_Paulo";
 }
--- a/hosts/Nixcloud/nixos/configuration.nix
+++ b/hosts/Nixcloud/nixos/configuration.nix
@ -0,0 +1,15 @@
 { ... }: {
  imports = [
    ./hardware-configuration.nix
    ./networking.nix # generated at runtime by nixos-infect
  ];
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
  networking.hostName = "srv1065175";
  networking.domain = "hstgr.cloud";
  services.openssh.enable = true;
  users.users.root.openssh.authorizedKeys.keys = [''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWstSULudWNwPQxyS2J7Qygw8CozDDy8WsPjsYzKPI9s0B/KLU0g1oX42bBvn4DgNpzGrpb6IGHpRQohStt7vcOxb9XpfhIOcIr45gU3k3lcPjh6vj8/ZoNQlRDIfxs83RDImvveYABuI/Hq42mLV1kI5qnQHaJxuW73AuYKNzE3Z3PUl5Kw6MgzSZ96QlpiQDn/js7ZTBF/YZ18kPh9E9O1y+EDhcJ4gn38rFIMYMG/KbJB22hYyYQHo0WkJlZ2jScnjv1op2yHPM4lfjOnnyL+LhOQLN8VrHayDWXtJcIW0nEKT+1R/7qkSH/5ELA2c/gznfkdTDzfG8+P3WAzNF openpgp:0xC25417F1 n3k0'' '''' ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICRAJaRuXqVeAs/Y5CeTbyc9lSbyvchkVqiML/yl6wbh thiago@Nixbook'' ];
  system.stateVersion = "23.11";
 }
--- a/hosts/Nixcloud/nixos/hardware-configuration.nix
+++ b/hosts/Nixcloud/nixos/hardware-configuration.nix
@ -0,0 +1,9 @@
 { modulesPath, ... }:
 {
  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
  boot.loader.grub.device = "/dev/sda";
  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
  boot.initrd.kernelModules = [ "nvme" ];
  fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
 }
--- a/hosts/Nixcloud/nixos/networking.nix
+++ b/hosts/Nixcloud/nixos/networking.nix
@ -0,0 +1,35 @@
 { lib, ... }: {
  # This file was populated at runtime with the networking
  # details gathered from the active system.
  networking = {
    nameservers = [ "45.143.83.10"
 "1.1.1.1"
 "8.8.4.4"
 ];
    defaultGateway = "72.61.129.254";
    defaultGateway6 = {
      address = "2a02:4780:66::1";
      interface = "eth0";
    };
    dhcpcd.enable = false;
    usePredictableInterfaceNames = lib.mkForce false;
    interfaces = {
      eth0 = {
        ipv4.addresses = [
          { address="72.61.129.56"; prefixLength=24; }
        ];
        ipv6.addresses = [
          { address="2a02:4780:66:9ac0::1"; prefixLength=48; }
 { address="fe80::9ce8:d4ff:feb5:50d7"; prefixLength=64; }
        ];
        ipv4.routes = [ { address = "72.61.129.254"; prefixLength = 32; } ];
        ipv6.routes = [ { address = "2a02:4780:66::1"; prefixLength = 128; } ];
      };
    };
  };
  services.udev.extraRules = ''
    ATTR{address}=="9e:e8:d4:b5:50:d7", NAME="eth0"
  '';
 }
--- a/hosts/common/default.nix
+++ b/hosts/common/default.nix
@ -72,6 +72,7 @@
  programs = {
    gnupg = {
      agent = {
        enableSSHSupport = true;
        enable = true;
        pinentryPackage = pkgs.pinentry-tty;
      };
@ -89,6 +90,7 @@
    pcscd.enable = true;
    # xserver.displayManager.sessionCommands =
    #   "${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 64 = Alt_L'";
    udev.packages = [
      pkgs.libwacom
      pkgs.nitrokey-udev-rules
--- a/hosts/common/users/nimbus/default.nix
+++ b/hosts/common/users/nimbus/default.nix
@ -0,0 +1,44 @@
 { pkgs, config, ... }:
 let
  ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
 in
 {
  users.users.nimbus = {
    isNormalUser = true;
    initialPassword = "changeme";
    extraGroups = [
      "fuse"
      "networkmanager"
      "scard"
      "wheel"
    ]
    ++ ifTheyExist [
      "docker"
      "git"
      "i2c"
      "kvm"
      "libvirt"
      "libvirtd"
      "photos"
      "scanner"
      "video"
      "wireshark"
    ];
    openssh.authorizedKeys.keyFiles = [
      (builtins.fetchurl {
        url = "https://meta.sr.ht/~sposito.keys";
        name = "sposito-srht-keys";
        sha256 = "1mf76x36kd1iaccy6l5f5xnbjqkm1fwf9giws9nb3bvgmj3c25wc";
      })
    ];
    packages = with pkgs; [
      git
      podman
      podman-compose
      nginx
    ];
  };
 }