baduhai/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: baduhai:d482fd06945b6c3422b998552472cff21e6dde0e
Branches Tags
baduhai:master
baduhai:dendritic-light
baduhai:dendritic
baduhai:terranix
baduhai:refactor
baduhai:dms
baduhai:vim
baduhai:ansible
baduhai:niri
baduhai:hyprland
..
compare: baduhai:29f7621d4275f6460629306df176836f90f92d38
Branches Tags
baduhai:master
baduhai:dendritic-light
baduhai:dendritic
baduhai:terranix
baduhai:refactor
baduhai:dms
baduhai:vim
baduhai:ansible
baduhai:niri
baduhai:hyprland

No commits in common. "d482fd06945b6c3422b998552472cff21e6dde0e" and "29f7621d4275f6460629306df176836f90f92d38" have entirely different histories.
d482fd0694 ... 29f7621d42

30 changed files with 836 additions and 860 deletions
Download patch file Download diff file Expand all files Collapse all files

74
aspects/common/programs.nix
View file

@ -1,43 +1,41 @@
{ ... }: { ... }:
{ {
flake.modules.nixos.common-programs = flake.modules.nixos.common-programs = { lib, pkgs, ... }: {
{ lib, pkgs, ... }: environment = {
{ systemPackages = with pkgs; [
environment = { ### Dev Tools ###
systemPackages = with pkgs; [ git
### Dev Tools ### ### System Utilities ###
git btop
### System Utilities ### fastfetch
btop helix
fastfetch nixos-firewall-tool
helix nvd
nixos-firewall-tool sysz
nvd tmux
sysz wget
tmux yazi
wget ];
yazi shellAliases = {
]; cat = "${lib.getExe pkgs.bat} --paging=never --style=plain";
shellAliases = { ls = "${lib.getExe pkgs.eza} --icons --group-directories-first";
cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; tree = "ls --tree";
ls = "${lib.getExe pkgs.eza} --git --icons --group-directories-first";
tree = "ls --tree";
};
};
programs = {
command-not-found.enable = false;
fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
if set -q SSH_CONNECTION
export TERM=xterm-256color
clear
fastfetch
end
'';
};
}; };
}; };
programs = {
command-not-found.enable = false;
fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
if set -q SSH_CONNECTION
export TERM=xterm-256color
clear
fastfetch
end
'';
};
};
};
} }

9
aspects/common/security.nix
View file

@ -1,13 +1,14 @@
{ ... }: { ... }:
{ {
flake.modules.nixos.common-security = flake.modules.nixos.common-security = { ... }: {
{ ... }: security = {
{ unprivilegedUsernsClone = true; # Needed for rootless podman
security.sudo = { sudo = {
wheelNeedsPassword = false; wheelNeedsPassword = false;
extraConfig = '' extraConfig = ''
Defaults lecture = never Defaults lecture = never
''; '';
}; };
}; };
};
} }

25
aspects/common/users.nix Normal file
View file

@ -0,0 +1,25 @@
{ ... }:
{
flake.modules.nixos.common-users = { pkgs, ... }: {
users.users = {
user = {
isNormalUser = true;
shell = pkgs.fish;
extraGroups = [
"networkmanager"
"wheel"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam"
];
hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0";
};
root = {
shell = pkgs.fish;
hashedPassword = "!";
};
};
};
}

12
aspects/hosts/alexandria.nix
View file

@ -6,12 +6,7 @@
modules = [ modules = [
inputs.agenix.nixosModules.default inputs.agenix.nixosModules.default
{ networking.hostName = "alexandria"; } { networking.hostName = "alexandria"; }
{ { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; }
nixpkgs.overlays = [
inputs.agenix.overlays.default
inputs.self.overlays.default
];
}
# Common aspects (always included) # Common aspects (always included)
inputs.self.modules.nixos.common-boot inputs.self.modules.nixos.common-boot
@ -24,10 +19,7 @@
inputs.self.modules.nixos.common-security inputs.self.modules.nixos.common-security
inputs.self.modules.nixos.common-services inputs.self.modules.nixos.common-services
inputs.self.modules.nixos.common-tailscale inputs.self.modules.nixos.common-tailscale
inputs.self.modules.nixos.common-users
# User aspects
inputs.self.modules.nixos.user
inputs.self.modules.nixos.root
# Server aspects # Server aspects
inputs.self.modules.nixos.server-boot inputs.self.modules.nixos.server-boot

12
aspects/hosts/io.nix
View file

@ -6,12 +6,7 @@
modules = [ modules = [
inputs.agenix.nixosModules.default inputs.agenix.nixosModules.default
{ networking.hostName = "io"; } { networking.hostName = "io"; }
{ { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; }
nixpkgs.overlays = [
inputs.agenix.overlays.default
inputs.self.overlays.default
];
}
# Common aspects (always included) # Common aspects (always included)
inputs.self.modules.nixos.common-boot inputs.self.modules.nixos.common-boot
@ -24,10 +19,7 @@
inputs.self.modules.nixos.common-security inputs.self.modules.nixos.common-security
inputs.self.modules.nixos.common-services inputs.self.modules.nixos.common-services
inputs.self.modules.nixos.common-tailscale inputs.self.modules.nixos.common-tailscale
inputs.self.modules.nixos.common-users
# User aspects
inputs.self.modules.nixos.user
inputs.self.modules.nixos.root
# Desktop aspects # Desktop aspects
inputs.self.modules.nixos.desktop-boot inputs.self.modules.nixos.desktop-boot

12
aspects/hosts/rotterdam.nix
View file

@ -6,12 +6,7 @@
modules = [ modules = [
inputs.agenix.nixosModules.default inputs.agenix.nixosModules.default
{ networking.hostName = "rotterdam"; } { networking.hostName = "rotterdam"; }
{ { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; }
nixpkgs.overlays = [
inputs.agenix.overlays.default
inputs.self.overlays.default
];
}
# Common aspects (always included) # Common aspects (always included)
inputs.self.modules.nixos.common-boot inputs.self.modules.nixos.common-boot
@ -24,10 +19,7 @@
inputs.self.modules.nixos.common-security inputs.self.modules.nixos.common-security
inputs.self.modules.nixos.common-services inputs.self.modules.nixos.common-services
inputs.self.modules.nixos.common-tailscale inputs.self.modules.nixos.common-tailscale
inputs.self.modules.nixos.common-users
# User aspects
inputs.self.modules.nixos.user
inputs.self.modules.nixos.root
# Desktop aspects # Desktop aspects
inputs.self.modules.nixos.desktop-boot inputs.self.modules.nixos.desktop-boot

12
aspects/hosts/trantor.nix
View file

@ -6,12 +6,7 @@
modules = [ modules = [
inputs.agenix.nixosModules.default inputs.agenix.nixosModules.default
{ networking.hostName = "trantor"; } { networking.hostName = "trantor"; }
{ { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; }
nixpkgs.overlays = [
inputs.agenix.overlays.default
inputs.self.overlays.default
];
}
# Common aspects (always included) # Common aspects (always included)
inputs.self.modules.nixos.common-boot inputs.self.modules.nixos.common-boot
@ -24,10 +19,7 @@
inputs.self.modules.nixos.common-security inputs.self.modules.nixos.common-security
inputs.self.modules.nixos.common-services inputs.self.modules.nixos.common-services
inputs.self.modules.nixos.common-tailscale inputs.self.modules.nixos.common-tailscale
inputs.self.modules.nixos.common-users
# User aspects
inputs.self.modules.nixos.user
inputs.self.modules.nixos.root
# Server aspects # Server aspects
inputs.self.modules.nixos.server-boot inputs.self.modules.nixos.server-boot

31
aspects/podman.nix
View file

@ -1,24 +1,15 @@
{ ... }: { ... }:
{ {
flake.modules.nixos.podman = flake.modules.nixos.podman = { config, lib, pkgs, ... }: {
{ virtualisation.podman = {
config, enable = true;
lib, autoPrune.enable = true;
pkgs, extraPackages = [ pkgs.podman-compose ];
...
}:
{
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
extraPackages = [ pkgs.podman-compose ];
};
security.unprivilegedUsernsClone = true; # Needed for rootless podman
systemd = {
services.podman-auto-update.enable = true;
timers.podman-auto-update.enable = true;
};
}; };
systemd = {
services.podman-auto-update.enable = true;
timers.podman-auto-update.enable = true;
};
};
} }

42
aspects/programs/graphics.nix
View file

@ -1,25 +1,27 @@
{ ... }: { ... }:
{ {
flake.modules.nixos.programs-graphics = flake.modules.nixos.programs-graphics = { pkgs, ... }: {
{ pkgs, ... }: environment.systemPackages = with pkgs; [
{ # Image Editing
environment.systemPackages = with pkgs; [ gimp
gimp inkscape
inkscape # CAD & 3D Modeling
plasticity plasticity
]; ];
services.flatpak.packages = [ services.flatpak.packages = [
"com.boxy_svg.BoxySVG" # Vector Graphics
rec { "com.boxy_svg.BoxySVG"
appId = "io.github.softfever.OrcaSlicer"; # 3D Printing / Slicing
sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; rec {
bundle = "${pkgs.fetchurl { appId = "io.github.softfever.OrcaSlicer";
url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1";
inherit sha256; bundle = "${pkgs.fetchurl {
}}"; url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak";
} inherit sha256;
]; }}";
}; }
];
};
} }

42
aspects/programs/media.nix
View file

@ -2,28 +2,28 @@
{ {
flake.modules = { flake.modules = {
nixos.programs-media = nixos.programs-media = { pkgs, ... }: {
{ pkgs, ... }: environment.systemPackages = with pkgs; [
{ # Audio
environment.systemPackages = with pkgs; [ decibels
decibels # Video
loupe showtime
obs-studio # Image Viewer
showtime loupe
# Recording & Streaming
obs-studio
];
};
homeManager.programs-media = { pkgs, ... }: {
programs.obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
obs-vkcapture
obs-backgroundremoval
obs-pipewire-audio-capture
]; ];
}; };
};
homeManager.programs-media =
{ pkgs, ... }:
{
programs.obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
obs-vkcapture
obs-backgroundremoval
obs-pipewire-audio-capture
];
};
};
}; };
} }

37
aspects/programs/office.nix
View file

@ -1,22 +1,25 @@
{ ... }: { ... }:
{ {
flake.modules.nixos.programs-office = flake.modules.nixos.programs-office = { pkgs, ... }: {
{ pkgs, ... }: environment.systemPackages = with pkgs; [
{ # Spelling
environment.systemPackages = with pkgs; [ aspell
aspell aspellDicts.de
aspellDicts.de aspellDicts.en
aspellDicts.en aspellDicts.en-computers
aspellDicts.en-computers aspellDicts.pt_BR
aspellDicts.pt_BR # Document Viewing
papers papers
presenterm # Presentations
rnote presenterm
]; # Note Taking & Drawing
rnote
];
services.flatpak.packages = [ services.flatpak.packages = [
"com.collabora.Office" # Office Suite
]; "com.collabora.Office"
}; ];
};
} }

101
aspects/programs/utilities.nix
View file

@ -2,61 +2,64 @@
{ {
flake.modules = { flake.modules = {
nixos.programs-utilities = nixos.programs-utilities = { pkgs, ... }: {
{ pkgs, ... }: environment.systemPackages = with pkgs; [
{ # Terminal
environment.systemPackages = with pkgs; [ ghostty
ghostty # File Management
gnome-disk-utility nautilus
mission-center gnome-disk-utility
nautilus # Archive Tools
p7zip p7zip
rclone unrar
unrar # Cloud & Remote
# Desktop Integration rclone
adwaita-icon-theme # System Monitoring
junction mission-center
libfido2 # Desktop Integration
toggleaudiosink adwaita-icon-theme
# Xwayland Support junction
xwayland-satellite libfido2
]; toggleaudiosink
# Xwayland Support
xwayland-satellite
];
services.flatpak.packages = [ services.flatpak.packages = [
"com.github.tchx84.Flatseal" # Flatpak Management
"com.rustdesk.RustDesk" "com.github.tchx84.Flatseal"
]; # Remote Desktop
}; "com.rustdesk.RustDesk"
];
};
homeManager.programs-utilities = homeManager.programs-utilities = { pkgs, ... }: {
{ pkgs, ... }: programs = {
{ ghostty = {
programs = { enable = true;
ghostty = { settings = {
enable = true; cursor-style = "block";
settings = { shell-integration-features = "no-cursor";
cursor-style = "block"; cursor-style-blink = false;
shell-integration-features = "no-cursor"; custom-shader = "${builtins.fetchurl {
cursor-style-blink = false; url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl";
custom-shader = "${builtins.fetchurl { sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41";
url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; }}";
sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; bell-features = "";
}}"; gtk-titlebar-style = "tabs";
bell-features = ""; keybind = [ "shift+enter=text:\\x1b\\r" ];
gtk-titlebar-style = "tabs";
keybind = [ "shift+enter=text:\\x1b\\r" ];
};
};
password-store = {
enable = true;
package = pkgs.pass-wayland;
}; };
}; };
home.sessionVariables = { password-store = {
TERMINAL = "ghostty"; enable = true;
package = pkgs.pass-wayland;
}; };
}; };
home.sessionVariables = {
TERMINAL = "ghostty";
};
};
}; };
} }

31
aspects/programs/web.nix
View file

@ -1,21 +1,18 @@
{ ... }: { ... }:
{ {
flake.modules.nixos.programs-web = flake.modules.nixos.programs-web = { inputs, pkgs, system, ... }: {
{ environment.systemPackages = with pkgs; [
inputs, # Browsers
pkgs, inputs.zen-browser.packages."${system}".default
system, tor-browser
... # Communication
}: vesktop
{ # Cloud & Sync
environment.systemPackages = with pkgs; [ bitwarden-desktop
inputs.zen-browser.packages."${system}".default nextcloud-client
bitwarden-desktop # Downloads
fragments fragments
nextcloud-client ];
tor-browser };
vesktop
];
};
} }

12
aspects/users/root.nix
View file

@ -1,12 +0,0 @@
{ ... }:
{
flake.modules.nixos.root =
{ pkgs, ... }:
{
users.root = {
shell = pkgs.fish;
hashedPassword = "!";
};
};
}

169
aspects/users/user.nix
View file

@ -1,118 +1,91 @@
# aspects/users/user.nix
{ inputs, ... }: { inputs, ... }:
{ {
flake = { flake.homeConfigurations = {
modules.nixos.user = "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration {
{ pkgs, ... }: pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
{ extraSpecialArgs = { inherit inputs; hostname = "rotterdam"; };
users.users.user = { modules = [
isNormalUser = true; { nixpkgs.overlays = [ inputs.self.overlays.default ]; }
shell = pkgs.fish;
extraGroups = [
"networkmanager"
"wheel"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam"
];
hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0";
};
};
homeConfigurations = { # CLI aspects (common module included)
"user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration { inputs.self.modules.homeManager.cli-base
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; inputs.self.modules.homeManager.cli-btop
extraSpecialArgs = { inputs.self.modules.homeManager.cli-comma
inherit inputs; inputs.self.modules.homeManager.cli-direnv
hostname = "rotterdam"; inputs.self.modules.homeManager.cli-helix
}; inputs.self.modules.homeManager.cli-starship
modules = [ inputs.self.modules.homeManager.cli-tmux
{ nixpkgs.overlays = [ inputs.self.overlays.default ]; }
# CLI aspects (common module included) # Shell
inputs.self.modules.homeManager.cli-base inputs.self.modules.homeManager.shell-fish
inputs.self.modules.homeManager.cli-btop inputs.self.modules.homeManager.shell-bash
inputs.self.modules.homeManager.cli-comma
inputs.self.modules.homeManager.cli-direnv
inputs.self.modules.homeManager.cli-helix
inputs.self.modules.homeManager.cli-starship
inputs.self.modules.homeManager.cli-tmux
# Shell # Desktop
inputs.self.modules.homeManager.shell-fish inputs.self.modules.homeManager.desktop-desktop
inputs.self.modules.homeManager.shell-bash inputs.self.modules.homeManager.desktop-niri
# Desktop # Gaming
inputs.self.modules.homeManager.desktop-desktop inputs.self.modules.homeManager.gaming-mangohud
inputs.self.modules.homeManager.desktop-niri
# Gaming # Programs
inputs.self.modules.homeManager.gaming-mangohud inputs.self.modules.homeManager.programs-media # for obs-studio
# Programs # Stylix
inputs.self.modules.homeManager.programs-media # for obs-studio inputs.self.modules.homeManager.stylix
# Stylix # User-specific (from _user/)
inputs.self.modules.homeManager.stylix ./_user/git.nix
# User-specific (from _user/) # Home configuration
./_user/git.nix {
home = {
username = "user";
homeDirectory = "/home/user";
stateVersion = "22.05";
};
}
];
};
# Home configuration "user@io" = inputs.home-manager.lib.homeManagerConfiguration {
{ pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
home = { extraSpecialArgs = { inherit inputs; hostname = "io"; };
username = "user"; modules = [
homeDirectory = "/home/user"; { nixpkgs.overlays = [ inputs.self.overlays.default ]; }
stateVersion = "22.05";
};
}
];
};
"user@io" = inputs.home-manager.lib.homeManagerConfiguration { # CLI aspects (common module included)
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; inputs.self.modules.homeManager.cli-base
extraSpecialArgs = { inputs.self.modules.homeManager.cli-btop
inherit inputs; inputs.self.modules.homeManager.cli-comma
hostname = "io"; inputs.self.modules.homeManager.cli-direnv
}; inputs.self.modules.homeManager.cli-helix
modules = [ inputs.self.modules.homeManager.cli-starship
{ nixpkgs.overlays = [ inputs.self.overlays.default ]; } inputs.self.modules.homeManager.cli-tmux
# CLI aspects (common module included) # Shell
inputs.self.modules.homeManager.cli-base inputs.self.modules.homeManager.shell-fish
inputs.self.modules.homeManager.cli-btop inputs.self.modules.homeManager.shell-bash
inputs.self.modules.homeManager.cli-comma
inputs.self.modules.homeManager.cli-direnv
inputs.self.modules.homeManager.cli-helix
inputs.self.modules.homeManager.cli-starship
inputs.self.modules.homeManager.cli-tmux
# Shell # Desktop
inputs.self.modules.homeManager.shell-fish inputs.self.modules.homeManager.desktop-desktop
inputs.self.modules.homeManager.shell-bash inputs.self.modules.homeManager.desktop-niri
# Desktop # Stylix
inputs.self.modules.homeManager.desktop-desktop inputs.self.modules.homeManager.stylix
inputs.self.modules.homeManager.desktop-niri
# Stylix # User-specific (from _user/)
inputs.self.modules.homeManager.stylix ./_user/git.nix
# User-specific (from _user/) # Home configuration
./_user/git.nix {
home = {
# Home configuration username = "user";
{ homeDirectory = "/home/user";
home = { stateVersion = "22.05";
username = "user"; };
homeDirectory = "/home/user"; }
stateVersion = "22.05"; ];
};
}
];
};
}; };
}; };
} }

0
shells/default.nix → devShells.nix
View file

62
flake.nix
View file

@ -2,52 +2,58 @@
description = "My nix hosts"; description = "My nix hosts";
inputs = { inputs = {
# nix tools
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
import-tree.url = "github:vic/import-tree"; import-tree.url = "github:vic/import-tree";
# nixos/hm
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11";
home-manager = { home-manager = {
url = "github:nix-community/home-manager/master"; url = "github:nix-community/home-manager/master";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# nixos/hm functionality modules
agenix = { agenix = {
url = "github:ryantm/agenix"; url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs-stable"; inputs.nixpkgs.follows = "nixpkgs-stable";
}; };
disko.url = "github:nix-community/disko";
impermanence.url = "github:nix-community/impermanence";
nixos-cli.url = "github:nix-community/nixos-cli";
nix-flatpak.url = "github:gmodena/nix-flatpak/main";
stylix.url = "github:danth/stylix";
# nixos/hm program modules disko.url = "github:nix-community/disko";
niri-flake.url = "github:sodiboo/niri-flake";
nix-ai-tools.url = "github:numtide/llm-agents.nix";
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
noctalia = { noctalia = {
url = "github:noctalia-dev/noctalia-shell"; url = "github:noctalia-dev/noctalia-shell";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
vicinae.url = "github:vicinaehq/vicinae";
stylix.url = "github:danth/stylix";
nixos-cli.url = "github:nix-community/nixos-cli";
nix-flatpak.url = "github:gmodena/nix-flatpak/main";
zen-browser.url = "github:0xc000022070/zen-browser-flake"; zen-browser.url = "github:0xc000022070/zen-browser-flake";
# stand-alone tools impermanence.url = "github:nix-community/impermanence";
deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.url = "github:serokell/deploy-rs";
niri-flake.url = "github:sodiboo/niri-flake";
niri.url = "github:baduhai/niri/auto-center-when-space-available";
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
terranix = { terranix = {
url = "github:terranix/terranix"; url = "github:terranix/terranix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# others nix-ai-tools.url = "github:numtide/llm-agents.nix";
niri.url = "github:baduhai/niri/auto-center-when-space-available";
vicinae.url = "github:vicinaehq/vicinae";
}; };
outputs = outputs =
@ -55,8 +61,6 @@
let let
aspectsModule = import-tree ./aspects; aspectsModule = import-tree ./aspects;
packagesModule = import-tree ./packages; packagesModule = import-tree ./packages;
shellsModule = import-tree ./shells;
terranixModule = import-tree ./terranix;
in in
flake-parts.lib.mkFlake { inherit inputs; } { flake-parts.lib.mkFlake { inherit inputs; } {
systems = [ systems = [
@ -66,14 +70,12 @@
imports = [ imports = [
flake-parts.flakeModules.modules flake-parts.flakeModules.modules
inputs.terranix.flakeModule ] ++ aspectsModule.imports
] ++ packagesModule.imports
++ aspectsModule.imports ++ [
++ packagesModule.imports ./deploy.nix
++ shellsModule.imports ./devShells.nix
++ terranixModule.imports ./terranixConfigurations.nix
++ [ ];
./deploy.nix
];
}; };
} }

26
packages/overlays.nix
View file

@ -1,22 +1,12 @@
{ inputs, ... }: { inputs, ... }:
let
packageDir = builtins.readDir ./.;
# Filter to .nix files, excluding overlays.nix
isPackageFile = name:
name != "overlays.nix" && builtins.match ".*\\.nix$" name != null;
# Extract package name from filename (e.g., "foo-bar.nix" -> "foo-bar")
toPackageName = filename:
builtins.head (builtins.match "(.+)\\.nix$" filename);
packageNames = map toPackageName (builtins.filter isPackageFile (builtins.attrNames packageDir));
in
{ {
flake.overlays.default = final: prev: flake.overlays.default = final: prev: {
builtins.listToAttrs (map (name: { base16-schemes = inputs.self.packages.${final.system}.base16-schemes;
inherit name; claude-desktop = inputs.self.packages.${final.system}.claude-desktop;
value = inputs.self.packages.${final.system}.${name}; fastfetch = inputs.self.packages.${final.system}.fastfetch;
}) packageNames); hm-cli = inputs.self.packages.${final.system}.hm-cli;
kwrite = inputs.self.packages.${final.system}.kwrite;
toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink;
};
} }

89
plan.md Normal file
View file

@ -0,0 +1,89 @@
# Current structure:
```
 hosts
├──  alexandria
│ ├──  hardware-configuration.nix
│ ├──  jellyfin.nix
│ ├──  kanidm.nix
│ ├──  nextcloud.nix
│ ├──  nginx.nix
│ ├──  unbound.nix
│ └──  vaultwarden.nix
├──  io
│ ├──  boot.nix
│ ├──  disko.nix
│ ├──  hardware-configuration.nix
│ ├──  programs.nix
│ └──  services.nix
├──  modules
│ ├──  common
│ │ ├──  boot.nix
│ │ ├──  console.nix
│ │ ├──  firewall.nix
│ │ ├──  locale.nix
│ │ ├──  nix.nix
│ │ ├──  openssh.nix
│ │ ├──  programs.nix
│ │ ├──  security.nix
│ │ ├──  services.nix
│ │ ├──  tailscale.nix
│ │ └──  users.nix
│ ├──  desktop
│ │ ├──  boot.nix
│ │ ├──  desktop.nix
│ │ ├──  nix.nix
│ │ └──  services.nix
│ ├──  server
│ │ ├──  boot.nix
│ │ ├──  nix.nix
│ │ └──  tailscale.nix
│ ├──  ai.nix
│ ├──  bluetooth.nix
│ ├──  dev.nix
│ ├──  ephemeral.nix
│ ├──  fwupd.nix
│ ├──  gaming.nix
│ ├──  libvirtd.nix
│ ├──  networkmanager.nix
│ └──  podman.nix
├──  rotterdam
│ ├──  boot.nix
│ ├──  hardware-configuration.nix
│ ├──  hardware.nix
│ ├──  programs.nix
│ └──  services.nix
└──  trantor
├──  boot.nix
├──  disko.nix
├──  fail2ban.nix
├──  forgejo.nix
├──  hardware-configuration.nix
├──  networking.nix
├──  nginx.nix
├──  openssh.nix
└──  unbound.nix
 modules
└──  ephemeral.nix
 users
├──  modules
│ ├──  common
│ │ ├──  bash.nix
│ │ ├──  fish.nix
│ │ └──  hm-cli.nix
│ ├──  desktop
│ │ ├──  desktop.nix
│ │ └──  niri.nix
│ ├──  btop.nix
│ ├──  comma.nix
│ ├──  direnv.nix
│ ├──  gaming.nix
│ ├──  helix.nix
│ ├──  obs-studio.nix
│ ├──  starship.nix
│ ├──  stylix.nix
│ └──  tmux.nix
└──  user
└──  git.nix
```

113
terranix/baduhai.dev.nix
View file

@ -1,113 +0,0 @@
# Required environment variables:
# CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions
# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage
# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage
{ ... }:
{
perSystem =
{ pkgs, ... }:
{
terranix.terranixConfigurations.cloudflare-baduhaidev = {
terraformWrapper.package = pkgs.opentofu;
modules = [
(
{ config, lib, ... }:
let
sharedData = import ../data/services.nix;
# Enrich services with host IPs
services = map (
svc:
let
hostInfo = sharedData.hosts.${svc.host} or { };
in
svc
// {
lanIP = hostInfo.lanIP or null;
tailscaleIP = hostInfo.tailscaleIP or null;
}
) sharedData.services;
# Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git")
getSubdomain = domain: lib.head (lib.splitString "." domain);
# Generate DNS records for services
# Public services point to trantor's public IP
# Private services point to their tailscale IP
mkServiceRecords = lib.listToAttrs (
lib.imap0 (
i: svc:
let
subdomain = getSubdomain svc.domain;
targetIP =
if svc.public or false then
config.data.terraform_remote_state.trantor "outputs.instance_public_ip"
else
svc.tailscaleIP;
in
{
name = "service_${toString i}";
value = {
zone_id = config.variable.zone_id.default;
name = subdomain;
type = "A";
content = targetIP;
proxied = false;
ttl = 3600;
};
}
) services
);
in
{
terraform.required_providers.cloudflare = {
source = "cloudflare/cloudflare";
version = "~> 5.0";
};
terraform.backend.s3 = {
bucket = "terraform-state";
key = "cloudflare/baduhai.dev.tfstate";
region = "auto";
endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com";
skip_credentials_validation = true;
skip_metadata_api_check = true;
skip_region_validation = true;
skip_requesting_account_id = true;
use_path_style = true;
};
variable = {
zone_id = {
default = "c63a8332fdddc4a8e5612ddc54557044";
type = "string";
};
};
data = {
terraform_remote_state.trantor = {
backend = "s3";
config = {
bucket = "terraform-state";
key = "oci/trantor.tfstate";
region = "auto";
endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com";
skip_credentials_validation = true;
skip_metadata_api_check = true;
skip_region_validation = true;
skip_requesting_account_id = true;
use_path_style = true;
};
};
};
resource.cloudflare_dns_record = mkServiceRecords;
}
)
];
};
};
}

94
terranix/cloudflare/baduhai.dev.nix Normal file
View file

@ -0,0 +1,94 @@
# Required environment variables:
# CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions
# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage
# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage
{ config, lib, ... }:
let
sharedData = import ../../data/services.nix;
# Enrich services with host IPs
services = map (svc:
let hostInfo = sharedData.hosts.${svc.host} or {};
in svc // {
lanIP = hostInfo.lanIP or null;
tailscaleIP = hostInfo.tailscaleIP or null;
}
) sharedData.services;
# Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git")
getSubdomain = domain: lib.head (lib.splitString "." domain);
# Generate DNS records for services
# Public services point to trantor's public IP
# Private services point to their tailscale IP
mkServiceRecords = lib.listToAttrs (
lib.imap0 (
i: svc:
let
subdomain = getSubdomain svc.domain;
targetIP =
if svc.public or false then
config.data.terraform_remote_state.trantor "outputs.instance_public_ip"
else
svc.tailscaleIP;
in
{
name = "service_${toString i}";
value = {
zone_id = config.variable.zone_id.default;
name = subdomain;
type = "A";
content = targetIP;
proxied = false;
ttl = 3600;
};
}
) services
);
in
{
terraform.required_providers.cloudflare = {
source = "cloudflare/cloudflare";
version = "~> 5.0";
};
terraform.backend.s3 = {
bucket = "terraform-state";
key = "cloudflare/baduhai.dev.tfstate";
region = "auto";
endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com";
skip_credentials_validation = true;
skip_metadata_api_check = true;
skip_region_validation = true;
skip_requesting_account_id = true;
use_path_style = true;
};
variable = {
zone_id = {
default = "c63a8332fdddc4a8e5612ddc54557044";
type = "string";
};
};
data = {
terraform_remote_state.trantor = {
backend = "s3";
config = {
bucket = "terraform-state";
key = "oci/trantor.tfstate";
region = "auto";
endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com";
skip_credentials_validation = true;
skip_metadata_api_check = true;
skip_region_validation = true;
skip_requesting_account_id = true;
use_path_style = true;
};
};
};
resource.cloudflare_dns_record = mkServiceRecords;
}

0
terranix/cloudflare/kernelpanic.space.nix Normal file
View file

17
terranix/kernelpanic.space.nix
View file

@ -1,17 +0,0 @@
# Cloudflare kernelpanic.space configuration placeholder
{ ... }:
{
perSystem =
{ pkgs, ... }:
{
terranix.terranixConfigurations.cloudflare-kernelpanicspace = {
terraformWrapper.package = pkgs.opentofu;
modules = [
({ config, ... }: {
# Terraform config goes here
})
];
};
};
}

0
terranix/oci/terminus.nix Normal file
View file

258
terranix/oci/trantor.nix Normal file
View file

@ -0,0 +1,258 @@
# Required environment variables:
# instead of OCI variables, ~/.oci/config may also be used
# OCI_TENANCY_OCID - Oracle tenancy OCID (or use TF_VAR_* to override variables)
# OCI_USER_OCID - Oracle user OCID
# OCI_FINGERPRINT - API key fingerprint
# OCI_PRIVATE_KEY_PATH - Path to OCI API private key
# AWS variables are required
# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage
# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage
{ config, ... }:
{
terraform.required_providers.oci = {
source = "oracle/oci";
version = "~> 7.0";
};
provider.oci.region = "sa-saopaulo-1";
terraform.backend.s3 = {
bucket = "terraform-state";
key = "oci/trantor.tfstate";
region = "auto";
endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com";
skip_credentials_validation = true;
skip_metadata_api_check = true;
skip_region_validation = true;
skip_requesting_account_id = true;
use_path_style = true;
};
variable = {
tenancy_ocid = {
default = "ocid1.tenancy.oc1..aaaaaaaap3vfdz4piygqza6e6zqunbcuso43ddqfo3ydmpmnomidyghh7rvq";
type = "string";
};
compartment_name = {
default = "trantor";
type = "string";
};
vcn_cidr = {
default = "10.0.0.0/24";
type = "string";
};
instance_name = {
default = "trantor";
type = "string";
};
ssh_public_keys = {
default = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam"
];
type = "list(string)";
};
};
data = {
oci_identity_availability_domains.ads = {
compartment_id = config.variable.tenancy_ocid.default;
};
oci_core_images.ubuntu_arm = {
compartment_id = config.variable.tenancy_ocid.default;
operating_system = "Canonical Ubuntu";
operating_system_version = "24.04";
shape = "VM.Standard.A1.Flex";
sort_by = "TIMECREATED";
sort_order = "DESC";
};
};
resource = {
oci_identity_compartment.trantor = {
compartment_id = config.variable.tenancy_ocid.default;
description = "trantor infrastructure compartment";
name = config.variable.compartment_name.default;
};
oci_core_vcn.vcn = {
compartment_id = config.resource.oci_identity_compartment.trantor "id";
cidr_blocks = [ config.variable.vcn_cidr.default ];
display_name = "trantor-vcn";
dns_label = "trantor";
};
oci_core_internet_gateway.ig = {
compartment_id = config.resource.oci_identity_compartment.trantor "id";
vcn_id = config.resource.oci_core_vcn.vcn "id";
display_name = "trantor-ig";
enabled = true;
};
oci_core_route_table.rt = {
compartment_id = config.resource.oci_identity_compartment.trantor "id";
vcn_id = config.resource.oci_core_vcn.vcn "id";
display_name = "trantor-rt";
route_rules = [
{
network_entity_id = config.resource.oci_core_internet_gateway.ig "id";
destination = "0.0.0.0/0";
destination_type = "CIDR_BLOCK";
}
];
};
oci_core_security_list.sl = {
compartment_id = config.resource.oci_identity_compartment.trantor "id";
vcn_id = config.resource.oci_core_vcn.vcn "id";
display_name = "trantor-sl";
egress_security_rules = [
{
destination = "0.0.0.0/0";
protocol = "all";
stateless = false;
}
];
ingress_security_rules = [
{
protocol = "6"; # TCP
source = "0.0.0.0/0";
stateless = false;
tcp_options = {
min = 22;
max = 22;
};
}
{
protocol = "6"; # TCP
source = "0.0.0.0/0";
stateless = false;
tcp_options = {
min = 80;
max = 80;
};
}
{
protocol = "6"; # TCP
source = "0.0.0.0/0";
stateless = false;
tcp_options = {
min = 443;
max = 443;
};
}
{
protocol = "6"; # TCP
source = "0.0.0.0/0";
stateless = false;
tcp_options = {
min = 25565;
max = 25565;
};
}
{
protocol = "6"; # TCP
source = "0.0.0.0/0";
stateless = false;
tcp_options = {
min = 19132;
max = 19133;
};
}
{
protocol = "17"; # UDP
source = "0.0.0.0/0";
stateless = false;
udp_options = {
min = 19132;
max = 19133;
};
}
];
};
oci_core_subnet.subnet = {
compartment_id = config.resource.oci_identity_compartment.trantor "id";
vcn_id = config.resource.oci_core_vcn.vcn "id";
cidr_block = config.variable.vcn_cidr.default;
display_name = "trantor-subnet";
dns_label = "subnet";
route_table_id = config.resource.oci_core_route_table.rt "id";
security_list_ids = [ (config.resource.oci_core_security_list.sl "id") ];
prohibit_public_ip_on_vnic = false;
};
oci_core_instance.trantor = {
availability_domain = config.data.oci_identity_availability_domains.ads "availability_domains[0].name";
compartment_id = config.resource.oci_identity_compartment.trantor "id";
display_name = config.variable.instance_name.default;
shape = "VM.Standard.A1.Flex";
shape_config = {
ocpus = 2;
memory_in_gbs = 12;
};
source_details = {
source_type = "image";
source_id = config.data.oci_core_images.ubuntu_arm "images[0].id";
boot_volume_size_in_gbs = 100;
};
create_vnic_details = {
subnet_id = config.resource.oci_core_subnet.subnet "id";
display_name = "trantor-vnic";
assign_public_ip = true;
hostname_label = config.variable.instance_name.default;
};
metadata = {
ssh_authorized_keys = builtins.concatStringsSep "\n" config.variable.ssh_public_keys.default;
};
preserve_boot_volume = false;
};
oci_budget_budget.trantor_budget = {
compartment_id = config.variable.tenancy_ocid.default;
targets = [ (config.resource.oci_identity_compartment.trantor "id") ];
amount = 1;
reset_period = "MONTHLY";
display_name = "trantor-budget";
description = "Monthly budget for trantor compartment";
target_type = "COMPARTMENT";
};
oci_budget_alert_rule.daily_spend_alert = {
budget_id = config.resource.oci_budget_budget.trantor_budget "id";
type = "ACTUAL";
threshold = 5;
threshold_type = "PERCENTAGE";
display_name = "daily-spend-alert";
recipients = "baduhai@proton.me";
description = "Alert when daily spending exceeds $0.05";
message = "Daily spending has exceeded $0.05 in the trantor compartment";
};
};
output = {
compartment_id = {
value = config.resource.oci_identity_compartment.trantor "id";
};
instance_public_ip = {
value = config.resource.oci_core_instance.trantor "public_ip";
};
};
}

57
terranix/tailnet.nix
View file

@ -1,57 +0,0 @@
# Required environment variables:
# TAILSCALE_API_KEY - Tailscale API key with appropriate permissions
# TAILSCALE_TAILNET - Your tailnet name (e.g., "user@example.com" or "example.org.github")
# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage
# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage
{ ... }:
{
perSystem =
{ pkgs, ... }:
{
terranix.terranixConfigurations.tailscale-tailnet = {
terraformWrapper.package = pkgs.opentofu;
modules = [
(
{ config, ... }:
{
terraform.required_providers.tailscale = {
source = "tailscale/tailscale";
version = "~> 0.17";
};
terraform.backend.s3 = {
bucket = "terraform-state";
key = "tailscale/tailnet.tfstate";
region = "auto";
endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com";
skip_credentials_validation = true;
skip_metadata_api_check = true;
skip_region_validation = true;
skip_requesting_account_id = true;
use_path_style = true;
};
variable = {
trantor_tailscale_ip = {
default = "100.108.5.90";
type = "string";
};
};
resource = {
tailscale_dns_nameservers.global = {
nameservers = [
config.variable.trantor_tailscale_ip.default
"1.1.1.1"
"1.0.0.1"
];
};
};
}
)
];
};
};
}

43
terranix/tailscale/tailnet.nix Normal file
View file

@ -0,0 +1,43 @@
# Required environment variables:
# TAILSCALE_API_KEY - Tailscale API key with appropriate permissions
# TAILSCALE_TAILNET - Your tailnet name (e.g., "user@example.com" or "example.org.github")
# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage
# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage
{ config, ... }:
{
terraform.required_providers.tailscale = {
source = "tailscale/tailscale";
version = "~> 0.17";
};
terraform.backend.s3 = {
bucket = "terraform-state";
key = "tailscale/tailnet.tfstate";
region = "auto";
endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com";
skip_credentials_validation = true;
skip_metadata_api_check = true;
skip_region_validation = true;
skip_requesting_account_id = true;
use_path_style = true;
};
variable = {
trantor_tailscale_ip = {
default = "100.108.5.90";
type = "string";
};
};
resource = {
tailscale_dns_nameservers.global = {
nameservers = [
config.variable.trantor_tailscale_ip.default
"1.1.1.1"
"1.0.0.1"
];
};
};
}

17
terranix/terminus.nix
View file

@ -1,17 +0,0 @@
# OCI Terminus configuration placeholder
{ ... }:
{
perSystem =
{ pkgs, ... }:
{
terranix.terranixConfigurations.oci-terminus = {
terraformWrapper.package = pkgs.opentofu;
modules = [
({ config, ... }: {
# Terraform config goes here
})
];
};
};
}

272
terranix/trantor.nix
View file

@ -1,272 +0,0 @@
# Required environment variables:
# instead of OCI variables, ~/.oci/config may also be used
# OCI_TENANCY_OCID - Oracle tenancy OCID (or use TF_VAR_* to override variables)
# OCI_USER_OCID - Oracle user OCID
# OCI_FINGERPRINT - API key fingerprint
# OCI_PRIVATE_KEY_PATH - Path to OCI API private key
# AWS variables are required
# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage
# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage
{ ... }:
{
perSystem =
{ pkgs, ... }:
{
terranix.terranixConfigurations.oci-trantor = {
terraformWrapper.package = pkgs.opentofu;
modules = [
(
{ config, ... }:
{
terraform.required_providers.oci = {
source = "oracle/oci";
version = "~> 7.0";
};
provider.oci.region = "sa-saopaulo-1";
terraform.backend.s3 = {
bucket = "terraform-state";
key = "oci/trantor.tfstate";
region = "auto";
endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com";
skip_credentials_validation = true;
skip_metadata_api_check = true;
skip_region_validation = true;
skip_requesting_account_id = true;
use_path_style = true;
};
variable = {
tenancy_ocid = {
default = "ocid1.tenancy.oc1..aaaaaaaap3vfdz4piygqza6e6zqunbcuso43ddqfo3ydmpmnomidyghh7rvq";
type = "string";
};
compartment_name = {
default = "trantor";
type = "string";
};
vcn_cidr = {
default = "10.0.0.0/24";
type = "string";
};
instance_name = {
default = "trantor";
type = "string";
};
ssh_public_keys = {
default = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam"
];
type = "list(string)";
};
};
data = {
oci_identity_availability_domains.ads = {
compartment_id = config.variable.tenancy_ocid.default;
};
oci_core_images.ubuntu_arm = {
compartment_id = config.variable.tenancy_ocid.default;
operating_system = "Canonical Ubuntu";
operating_system_version = "24.04";
shape = "VM.Standard.A1.Flex";
sort_by = "TIMECREATED";
sort_order = "DESC";
};
};
resource = {
oci_identity_compartment.trantor = {
compartment_id = config.variable.tenancy_ocid.default;
description = "trantor infrastructure compartment";
name = config.variable.compartment_name.default;
};
oci_core_vcn.vcn = {
compartment_id = config.resource.oci_identity_compartment.trantor "id";
cidr_blocks = [ config.variable.vcn_cidr.default ];
display_name = "trantor-vcn";
dns_label = "trantor";
};
oci_core_internet_gateway.ig = {
compartment_id = config.resource.oci_identity_compartment.trantor "id";
vcn_id = config.resource.oci_core_vcn.vcn "id";
display_name = "trantor-ig";
enabled = true;
};
oci_core_route_table.rt = {
compartment_id = config.resource.oci_identity_compartment.trantor "id";
vcn_id = config.resource.oci_core_vcn.vcn "id";
display_name = "trantor-rt";
route_rules = [
{
network_entity_id = config.resource.oci_core_internet_gateway.ig "id";
destination = "0.0.0.0/0";
destination_type = "CIDR_BLOCK";
}
];
};
oci_core_security_list.sl = {
compartment_id = config.resource.oci_identity_compartment.trantor "id";
vcn_id = config.resource.oci_core_vcn.vcn "id";
display_name = "trantor-sl";
egress_security_rules = [
{
destination = "0.0.0.0/0";
protocol = "all";
stateless = false;
}
];
ingress_security_rules = [
{
protocol = "6"; # TCP
source = "0.0.0.0/0";
stateless = false;
tcp_options = {
min = 22;
max = 22;
};
}
{
protocol = "6"; # TCP
source = "0.0.0.0/0";
stateless = false;
tcp_options = {
min = 80;
max = 80;
};
}
{
protocol = "6"; # TCP
source = "0.0.0.0/0";
stateless = false;
tcp_options = {
min = 443;
max = 443;
};
}
{
protocol = "6"; # TCP
source = "0.0.0.0/0";
stateless = false;
tcp_options = {
min = 25565;
max = 25565;
};
}
{
protocol = "6"; # TCP
source = "0.0.0.0/0";
stateless = false;
tcp_options = {
min = 19132;
max = 19133;
};
}
{
protocol = "17"; # UDP
source = "0.0.0.0/0";
stateless = false;
udp_options = {
min = 19132;
max = 19133;
};
}
];
};
oci_core_subnet.subnet = {
compartment_id = config.resource.oci_identity_compartment.trantor "id";
vcn_id = config.resource.oci_core_vcn.vcn "id";
cidr_block = config.variable.vcn_cidr.default;
display_name = "trantor-subnet";
dns_label = "subnet";
route_table_id = config.resource.oci_core_route_table.rt "id";
security_list_ids = [ (config.resource.oci_core_security_list.sl "id") ];
prohibit_public_ip_on_vnic = false;
};
oci_core_instance.trantor = {
availability_domain = config.data.oci_identity_availability_domains.ads "availability_domains[0].name";
compartment_id = config.resource.oci_identity_compartment.trantor "id";
display_name = config.variable.instance_name.default;
shape = "VM.Standard.A1.Flex";
shape_config = {
ocpus = 2;
memory_in_gbs = 12;
};
source_details = {
source_type = "image";
source_id = config.data.oci_core_images.ubuntu_arm "images[0].id";
boot_volume_size_in_gbs = 100;
};
create_vnic_details = {
subnet_id = config.resource.oci_core_subnet.subnet "id";
display_name = "trantor-vnic";
assign_public_ip = true;
hostname_label = config.variable.instance_name.default;
};
metadata = {
ssh_authorized_keys = builtins.concatStringsSep "\n" config.variable.ssh_public_keys.default;
};
preserve_boot_volume = false;
};
oci_budget_budget.trantor_budget = {
compartment_id = config.variable.tenancy_ocid.default;
targets = [ (config.resource.oci_identity_compartment.trantor "id") ];
amount = 1;
reset_period = "MONTHLY";
display_name = "trantor-budget";
description = "Monthly budget for trantor compartment";
target_type = "COMPARTMENT";
};
oci_budget_alert_rule.daily_spend_alert = {
budget_id = config.resource.oci_budget_budget.trantor_budget "id";
type = "ACTUAL";
threshold = 5;
threshold_type = "PERCENTAGE";
display_name = "daily-spend-alert";
recipients = "baduhai@proton.me";
description = "Alert when daily spending exceeds $0.05";
message = "Daily spending has exceeded $0.05 in the trantor compartment";
};
};
output = {
compartment_id = {
value = config.resource.oci_identity_compartment.trantor "id";
};
instance_public_ip = {
value = config.resource.oci_core_instance.trantor "public_ip";
};
};
}
)
];
};
};
}

27
terranixConfigurations.nix Normal file
View file

@ -0,0 +1,27 @@
{ inputs, ... }:
{
imports = [
inputs.terranix.flakeModule
];
perSystem =
{ pkgs, ... }:
{
terranix.terranixConfigurations = {
oci-trantor = {
modules = [ ./terranix/oci/trantor.nix ];
terraformWrapper.package = pkgs.opentofu;
};
cloudflare-baduhaidev = {
modules = [ ./terranix/cloudflare/baduhai.dev.nix ];
terraformWrapper.package = pkgs.opentofu;
};
tailscale-tailnet = {
modules = [ ./terranix/tailscale/tailnet.nix ];
terraformWrapper.package = pkgs.opentofu;
};
};
};
}