Add Astral host

flake.lock

@@ -84,11 +84,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1748437600,
-        "narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=",
+        "lastModified": 1756217674,
+        "narHash": "sha256-TH1SfSP523QI7kcPiNtMAEuwZR3Jdz0MCDXPs7TS8uo=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "7282cb574e0607e65224d33be8241eae7cfe0979",
+        "rev": "4e7667a90c167f7a81d906e5a75cba4ad8bee620",
         "type": "github"
       },
       "original": {
@@ -98,22 +98,6 @@
         "type": "github"
       }
     },
-    "nixpkgs-vicuna": {
-      "locked": {
-        "lastModified": 1751274312,
-        "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "nixos-24.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "phps": {
       "inputs": {
         "flake-compat": "flake-compat",
@@ -140,7 +124,6 @@
       "inputs": {
         "agenix": "agenix",
         "nixpkgs": "nixpkgs",
-        "nixpkgs-vicuna": "nixpkgs-vicuna",
         "phps": "phps"
       }
     },

flake.nix

@@ -1,9 +1,8 @@
 {
-  description = "Marauder NixOS Configuration";
+  description = "NixOS Configurations";
 
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
-    nixpkgs-vicuna.url = "github:nixos/nixpkgs/nixos-24.11";
     phps = {
       url = "github:fossar/nix-phps";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -14,30 +13,8 @@
     };
   };
 
-  outputs = { self, nixpkgs, nixpkgs-vicuna, phps, agenix }: {
-    nixosModules.common = ./modules/common.nix;
-    nixosConfigurations = {
-      marauder = nixpkgs.lib.nixosSystem {
-        system = "x86_64-linux";
-        modules = [
-          ./hosts/marauder
-          self.nixosModules.common
-          agenix.nixosModules.default
-          {
-            environment.systemPackages =
-              [ agenix.packages.x86_64-linux.default ];
-          }
-        ];
-        specialArgs = { inherit phps; };
-      };
-      apogee = nixpkgs-vicuna.lib.nixosSystem {
-        system = "x86_64-linux";
-        modules = [
-          ./hosts/apogee
-          self.nixosModules.common
-          agenix.nixosModules.default
-        ];
-      };
-    };
+  outputs = inputs: {
+    nixosModules = import ./modules;
+    nixosConfigurations = import ./hosts inputs;
   };
 }

hosts/astral/default.nix

@@ -0,0 +1,71 @@
+{ nixosModules, modulesPath, lib, config, pkgs, ... }: {
+  imports = with nixosModules; [
+    "${modulesPath}/virtualisation/amazon-image.nix"
+    nettika
+  ];
+
+  boot.loader.grub.device = lib.mkForce "/dev/nvme0n1";
+
+  nix = {
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 30d";
+    };
+    settings.trusted-users = [ "@wheel" ];
+  };
+
+  networking = {
+    hostName = "astral";
+    domain = "recipes.leaf.ninja";
+    firewall.allowedTCPPorts = [ 80 443 ];
+    networkmanager.enable = true;
+  };
+
+  users.defaultUserShell = pkgs.fish;
+
+  security.sudo.wheelNeedsPassword = false;
+
+  environment.variables.EDITOR = "nano";
+
+  services.caddy = {
+    enable = true;
+    virtualHosts = {
+      "${config.networking.domain}".extraConfig = ''
+        reverse_proxy localhost:8008
+        header Strict-Transport-Security "max-age=63072000; includeSubDomains;"
+      '';
+    };
+  };
+
+  programs.fish.enable = true;
+
+  programs.git = {
+    enable = true;
+    lfs.enable = true;
+    config = {
+      init.defaultBranch = "master";
+      user = {
+        email = "git@nettika.cat";
+        name = "Nettika";
+      };
+      credential.helper = "store";
+    };
+  };
+
+  programs.nano = {
+    enable = true;
+    nanorc = ''
+      set autoindent
+      set linenumbers
+    '';
+  };
+
+  documentation.man.generateCaches = false;
+
+  promptEmoji = "✴️";
+
+  time.timeZone = "America/Los_Angeles";
+
+  system.stateVersion = "23.05";
+}

hosts/default.nix

@@ -0,0 +1,16 @@
+{ self, nixpkgs, phps, agenix, ... }:
+let inherit (nixpkgs.lib) nixosSystem;
+in {
+  marauder = nixosSystem {
+    system = "x86_64-linux";
+    modules = [ ./marauder ];
+    specialArgs = {
+      inherit (self) nixosModules;
+      inherit phps agenix;
+    };
+  };
+  astral = nixosSystem {
+    system = "x86_64-linux";
+    modules = [ ./astral ];
+  };
+}

hosts/marauder/default.nix

@@ -1,4 +1,4 @@
-{ pkgs, phps, ... }:
+{ pkgs, nixosModules, phps, agenix, ... }:
 let
   fortune = pkgs.writeShellScript "cgi" ''
     echo "Content-type: text/html"
@@ -9,27 +9,50 @@ let
     ${pkgs.ffmpeg}/bin/ffmpeg -v error -stats -hide_banner -i "$1" -c copy -f null -
   '';
 in {
-  imports = [ ./backup.nix ];
+  imports = [
+    ./backup.nix
+    nixosModules.nettika
+    nixosModules.promptmoji
+    agenix.nixosModules.default
+  ];
+
+  nix = {
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 30d";
+    };
+    settings = {
+      trusted-users = [ "@wheel" ];
+      experimental-features = [ "nix-command" "flakes" ];
+    };
+  };
 
   nixpkgs.config.allowUnfree = true;
 
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  environment.variables.EDITOR = "nano";
 
-  nix.gc = {
-    automatic = true;
-    dates = "weekly";
-    options = "--delete-older-than 30d";
+  documentation.man.generateCaches = false;
+
+  environment.variables = {
+    VISUAL = "code --wait";
+    PKG_CONFIG_PATH = "${pkgs.openssl.dev}/lib/pkgconfig";
   };
 
-  environment.variables.VISUAL = "code --wait";
-
   age.identityPaths = [ "/home/nettika/.ssh/id_ed25519" ];
 
   networking = {
     hostName = "marauder";
     firewall.enable = false;
+    networkmanager.enable = true;
   };
 
+  security.sudo.wheelNeedsPassword = false;
+
+  users.defaultUserShell = pkgs.fish;
+
+  programs.fish.enable = true;
+
   fileSystems = {
     "/" = {
       device = "/dev/disk/by-uuid/648c6539-892c-40d7-8b07-23fe760df02a";
@@ -95,6 +118,7 @@ in {
     krita
     openscad-unstable
     bambu-studio
+    orca-slicer
 
     # Multimedia
     vlc
@@ -134,8 +158,32 @@ in {
     mullvad-vpn
     qbittorrent
     system-config-printer
+    openssl
+    pkg-config
+    agenix.packages.x86_64-linux.default
   ];
 
+  programs.git = {
+    enable = true;
+    lfs.enable = true;
+    config = {
+      init.defaultBranch = "master";
+      user = {
+        email = "git@nettika.cat";
+        name = "Nettika";
+      };
+      credential.helper = "store";
+    };
+  };
+
+  programs.nano = {
+    enable = true;
+    nanorc = ''
+      set autoindent
+      set linenumbers
+    '';
+  };
+
   programs.steam = {
     enable = true;
     remotePlay.openFirewall = true;

modules/common.nix

@@ -1,82 +0,0 @@
-{ pkgs, lib, config, ... }: {
-  options = {
-    promptSymbol = lib.mkOption {
-      type = lib.types.str;
-      description = "Prompt prefix symbol.";
-    };
-  };
-
-  config = {
-    nix.gc = {
-      automatic = true;
-      dates = "weekly";
-      options = "--delete-older-than 30d";
-    };
-
-    users.defaultUserShell = pkgs.fish;
-
-    users.users.nettika = {
-      isNormalUser = true;
-      extraGroups = [ "wheel" "networkmanager" ];
-      openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHopty1QG8P+OfGxQ9CV0BI1IRB/q6yITzMZaZ6Zspid nettika@marauder"
-      ];
-    };
-
-    nix.settings.trusted-users = [ "@wheel" ];
-
-    security.sudo.wheelNeedsPassword = false;
-
-    networking.networkmanager.enable = true;
-
-    environment.variables.EDITOR = "nano";
-
-    programs.git = {
-      enable = true;
-      lfs.enable = true;
-      config = {
-        init.defaultBranch = "master";
-        user = {
-          email = "git@nettika.cat";
-          name = "Nettika";
-        };
-        credential.helper = "store";
-      };
-    };
-
-    programs.nano = {
-      enable = true;
-      nanorc = ''
-        set autoindent
-        set linenumbers
-      '';
-    };
-
-    programs.fish = {
-      enable = true;
-      promptInit = ''
-        function fish_prompt
-          echo -n '${config.promptSymbol} '
-          if fish_is_root_user
-            set_color red
-          else
-            set_color brgreen
-          end
-          echo -n (prompt_pwd)
-          set_color normal
-          echo -n ' > '
-        end
-        function fish_right_prompt
-          set_color bryellow
-          echo -n (${pkgs.git}/bin/git branch --show-current 2>/dev/null)
-        end
-      '';
-      shellInit = ''
-        set -g fish_greeting
-        set -g fish_prompt_pwd_full_dirs 999
-      '';
-    };
-
-    documentation.man.generateCaches = false;
-  };
-}

modules/default.nix

@@ -0,0 +1,4 @@
+{
+  nettika = ./nettika.nix;
+  promptmoji = ./promptmoji.nix;
+}

modules/nettika.nix

@@ -0,0 +1,9 @@
+{
+  users.users.nettika = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" "networkmanager" ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHopty1QG8P+OfGxQ9CV0BI1IRB/q6yITzMZaZ6Zspid nettika@marauder"
+    ];
+  };
+}

modules/promptmoji.nix

@@ -0,0 +1,34 @@
+{ lib, config, pkgs, ... }: {
+  options = {
+    promptSymbol = lib.mkOption {
+      type = lib.types.str;
+      description = "Prompt prefix symbol.";
+    };
+  };
+
+  config = {
+    programs.fish = lib.mkIf config.programs.fish.enable {
+      promptInit = ''
+        function fish_prompt
+          echo -n '${config.promptSymbol} '
+          if fish_is_root_user
+            set_color red
+          else
+            set_color brgreen
+          end
+          echo -n (prompt_pwd)
+          set_color normal
+          echo -n ' > '
+        end
+        function fish_right_prompt
+          set_color bryellow
+          echo -n (${pkgs.git}/bin/git branch --show-current 2>/dev/null)
+        end
+      '';
+      shellInit = ''
+        set -g fish_greeting
+        set -g fish_prompt_pwd_full_dirs 999
+      '';
+    };
+  };
+}