diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..c14a21a --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,7 @@ +keys: + - &main age150sgqcr35yfxypeyfz0f8yxxkcwy55j076qetjpd5zsxen9xnd9qum72py +creation_rules: + - path_regex: secrets/secrets.yaml + key_groups: + - age: + - *main diff --git a/flake.lock b/flake.lock index 99b8a86..40b827a 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1706798041, - "narHash": "sha256-BbvuF4CsVRBGRP8P+R+JUilojk0M60D7hzqE0bEvJBQ=", + "lastModified": 1707074442, + "narHash": "sha256-+VOe+26+rK6ETNpVvwkFYlfC/skZe2XI2TixbsC6utE=", "owner": "nix-community", "repo": "home-manager", - "rev": "4d53427bce7bf3d17e699252fd84dc7468afc46e", + "rev": "4ab01785b85aac4dd0f0414f7c0ca4c007e64054", "type": "github" }, "original": { @@ -86,6 +86,42 @@ "type": "github" } }, + "nixlib": { + "locked": { + "lastModified": 1693701915, + "narHash": "sha256-waHPLdDYUOHSEtMKKabcKIMhlUOHPOOPQ9UyFeEoovs=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "f5af57d3ef9947a70ac86e42695231ac1ad00c25", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1706085261, + "narHash": "sha256-7PgpHRHyShINcqgevPP1fJ6N8kM5ZSOJnk3QZBrOCQ0=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "896f6589db5b25023b812bbb6c1f5d3a499b1132", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1706834982, @@ -103,11 +139,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1706732774, - "narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=", + "lastModified": 1706913249, + "narHash": "sha256-x3M7iV++CsvRXI1fpyFPduGELUckZEhSv0XWnUopAG8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d", + "rev": "e92b6015881907e698782c77641aa49298330223", "type": "github" }, "original": { @@ -117,15 +153,54 @@ "type": "github" } }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1705957679, + "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9a333eaa80901efe01df07eade2c16d183761fa3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", "home-manager": "home-manager_2", + "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", + "sops-nix": "sops-nix", "utils": "utils" } }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1707015547, + "narHash": "sha256-YZr0OrqWPdbwBhxpBu69D32ngJZw8AMgZtJeaJn0e94=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "23f61b897c00b66855074db471ba016e0cda20dd", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 17a0f9d..afb9aa0 100644 --- a/flake.nix +++ b/flake.nix @@ -1,9 +1,33 @@ +# Universe - The big bang to my universe +# +# Copyright (c) 2023-2024 Sameer Rahmani +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, version 2. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . { description = "lxsameer's universe"; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nixos-hardware.url = "github:nixos/nixos-hardware"; + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -16,7 +40,6 @@ utils.url = "github:numtide/flake-utils"; - # TODO: Checkout hercules # hercules-ci-agent.url = "github:hercules-ci/hercules-ci-agent"; # To build and android image @@ -24,13 +47,12 @@ # impermanence.url = "github:nix-community/impermanence"; }; - outputs = { self, home-manager, nixpkgs, agenix, nixos-hardware, utils } @ inputs: + outputs = { self, nixpkgs, utils, ... } @ inputs: let # I just use linux and currently only x86_64 system = "x86_64-linux"; pkgs = import nixpkgs { inherit system; }; - # Add a command to the shell to create the disk create-disk = pkgs.writeScriptBin "create-disk" '' #!${pkgs.stdenv.shell} @@ -38,6 +60,13 @@ qemu-img create -f qcow2 vdisk1 10G ''; + bootImage = image: (pkgs.writeScriptBin "boot-${image.name}" '' + #!${pkgs.stdenv.shell} + + qemu-system-x86_64 -enable-kvm -m 2048 -boot d \ + -cdrom ${image} -hda vdisk1 -vga std \ + -net user,hostfwd=tcp::2222-:22 -net nic + ''); scripts = pkgs.symlinkJoin { name = "universe_scripts"; @@ -51,9 +80,14 @@ fish zstd scripts + sops ]; + modules = pkgs.callPackage ./modules { inherit (inputs) nixos-generators; }; + in rec{ + inherit pkgs; + images = { majin = (nixosConfigurations.majin.extendModules { modules = [ @@ -65,17 +99,21 @@ }).config.system.build.sdImage; }; - packages.${system}.majin = images.majin; + packages.${system} = { + majin = nixosConfigurations.majin.config.formats.iso; + boot-majin = bootImage packages.${system}.majin; + inherit create-disk; + }; nixosConfigurations = { - majin = pkgs.lib.nixosSystem { + majin = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ - "${pkgs}/nixos/modules/profiles/minimal.nix" + "${nixpkgs}/nixos/modules/profiles/minimal.nix" ./worlds/majin/configuration.nix - home-manager.nixosModules.home-manager - agenix.nixosModules.age + modules.generator + inputs.home-manager.nixosModules.home-manager ./worlds/base.nix #hercules-ci-agent.nixosModules.multi-agent-service ]; @@ -85,7 +123,6 @@ devShells.${system}.default = pkgs.mkShell { inherit nativeBuildInputs; - shellHook = '' fish && exit ''; diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..e6e1999 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,18 @@ +{ nixos-generators }: +{ + # A single nixos config outputting multiple formats. + # Alternatively put this in a configuration.nix. + generator = {config, ...}: { + imports = [ + nixos-generators.nixosModules.all-formats + ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + + # customize an existing format + formatConfigs.iso = {config, ...}: { + services.openssh.enable = true; + }; + + }; +} diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml new file mode 100644 index 0000000..a4b90c7 --- /dev/null +++ b/secrets/secrets.yaml @@ -0,0 +1,23 @@ +default_user: + user: ENC[AES256_GCM,data:tYLQFNvn15A=,iv:NkYD1q1IozC+UBjPG4BWEZ0troWVjGCW9hBCD8n/kk4=,tag:ZDltnGkxOl/VhF89MkR0PA==,type:str] + pass: ENC[AES256_GCM,data:75vsOLMuq8wO,iv:tLUFa+yaa518QE1Thp3IQmDDXAp19A2kkm+uyI2twu0=,tag:nkrjmrxCQnZtkUE24uuLOA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age150sgqcr35yfxypeyfz0f8yxxkcwy55j076qetjpd5zsxen9xnd9qum72py + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1RFpUN1hVTzh3TFhPQXZz + QmU0L203dVdZS0xJMXZJdlJIclpOQXFqZ0hvCmF0Vmc1anFUNENrVWNNK0FXajFn + OG12NTlDdE1QNExsZHBBUXpBc2ZuSWMKLS0tIElKK3lsTjBGVEEySEc1Ym43d0Z4 + WnF5SDJwL2ZXUFBhQUlORGtGMEJ2NE0KMvwSaxIGRTHTP7QFz1ZXTs8IX+07KsUO + aCJOFaFwA1Tpm4Dy1yPs2gg0GPU8MCFBJZNCqkcy6hUHTt5kAivxRg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-02-04T19:10:48Z" + mac: ENC[AES256_GCM,data:xLei4WcDjOijVh+9dN1rab8Bgx6Q/SPwZsiskQvbstHKtIPlXahXyOd/qDRNtLn2Evql/+48qnnqXmetGsP2w/FNyQLkPrAS/fkXrVzRGh7xrda60aH/cemMlx2SdJzNrRM1JiGCzCn5HamrBzz+aj/t58qlbKizAB29LXZhMmQ=,iv:IFYgzybJyAJXzRDRu0PbnTHun/yyfloByLQEw9VeYjw=,tag:QiIhpEK2C+je0jlSC4ECbQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/worlds/base.nix b/worlds/base.nix index 708fbd7..5aaa5c8 100644 --- a/worlds/base.nix +++ b/worlds/base.nix @@ -11,8 +11,32 @@ fsType = "ext4"; }; + users = { + users.lxsameer = { + password = "123123"; + isNormalUser = true; + extraGroups = [ "wheel" ]; + }; + }; + + time.timeZone = lib.mkDefault "Europe/Dublin"; + + # Enter keyboard layout + services.xserver.xkb.layout = "us"; + + environment.systemPackages = with pkgs; [ + emacs + git + zsh + wget + curl + ]; + + environment.variables.EDITOR = "emacs"; + + boot = { - kernelPackages = lib.mkForce pkgs.linuxPackages_latest; + kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; loader = { generic-extlinux-compatible.enable = lib.mkDefault true; grub.enable = lib.mkDefault false; diff --git a/worlds/majin/configuration.nix b/worlds/majin/configuration.nix index 73fded6..dda9048 100644 --- a/worlds/majin/configuration.nix +++ b/worlds/majin/configuration.nix @@ -1,15 +1,19 @@ -{ pkgs, config, lib, ... }: +{ pkgs, config, lib, inputs, ... }: { - environment.systemPackages = with pkgs; [ emacs git ]; + environment.systemPackages = with pkgs; [ emacs git zsh ]; services.openssh.enable = true; networking.hostName = "majin"; - users = { - users.lxsameer = { - password = "123123"; - isNormalUser = true; - extraGroups = [ "wheel" ]; - }; - }; + + imports = [ + inputs.sops-nix.nixosModules.sops + ]; + + sops.defaultSopsFile = ../../secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/lxsameer/.config/sops/age/keys.txt"; + sops.secrets."default_user/user" = {}; + sops.secrets."default_user/pass" = {}; # networking = { # interfaces."wlan0".useDHCP = true; # wireless = {