sid/synix
1
0
Fork 0
Code Issues 7 Pull requests 1 Projects Activity Actions

initial commit
All checks were successful
Deploy docs / build-and-deploy (push) Successful in 3s
Details

Browse source
This commit is contained in:
sid 2026-02-23 20:34:35 +01:00
commit 95a533c876
451 changed files with 18255 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

70
templates/container/README.md Normal file
View file

@ -0,0 +1,70 @@
# NixOS Container
Imperative container NixOS configuration.
## References:
- [NixOS Manual](https://nixos.org/manual/nixos/stable/#sec-imperative-containers)
- [NixOS Wiki](https://wiki.nixos.org/wiki/NixOS_Containers#Define_and_create_nixos-container_from_a_Flake_file)
## Setup
In your host configuration, set:
```nix
boot.enableContainers = true;
```
Create a new directory and initialize the template inside of it:
> `nxc` is an arbitrary name
```bash
mkdir -p nxc
cd nxc
nix flake init -t git+https://git.sid.ovh/sid/synix#container
```
## Usage
Create the container:
```bash
sudo nixos-container create nxc --flake .
```
Start the container:
```bash
sudo nixos-container start nxc
```
Rebuild the container:
```bash
sudo nixos-container update nxc --flake .
```
Log in as root:
```bash
sudo nixos-container root-login nxc
```
Stop the container:
```bash
sudo nixos-container stop nxc
```
Destroy the container:
```bash
sudo nixos-container destroy nxc
```
For more, see the help page:
```bash
nixos-container --help
```

32
templates/container/config/base.nix Normal file
View file

@ -0,0 +1,32 @@
# Edit this only if you know what you're doing.
{ outputs, ... }:
{
boot = {
isContainer = true;
isNspawnContainer = true;
};
nix = {
channel.enable = false;
settings = {
experimental-features = "nix-command flakes";
builders-use-substitutes = true;
substituters = [
"https://cache.nixos.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
};
nixpkgs.overlays = [
outputs.overlays.synix-packages
outputs.overlays.local-packages
];
system.stateVersion = "25.11";
}

5
templates/container/config/configuration.nix Normal file
View file

@ -0,0 +1,5 @@
{
networking.hostName = "nxc";
# Add the rest of your configuration here
}

6
templates/container/config/default.nix Normal file
View file

@ -0,0 +1,6 @@
{
imports = [
./base.nix
./configuration.nix
];
}

58
templates/container/flake.nix Normal file
View file

@ -0,0 +1,58 @@
{
description = "Container NixOS configurations";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
synix.url = "git+https://git.sid.ovh/sid/synix.git?ref=release-25.11";
synix.imputs.nixpkgs.follows = "nixpkgs";
};
outputs =
{
self,
nixpkgs,
...
}@inputs:
let
inherit (self) outputs;
system = "x86_64-linux";
lib = nixpkgs.lib.extend (final: prev: inputs.synix.lib or { });
in
{
packages =
let
pkgs = nixpkgs.legacyPackages.${system};
in
import ./pkgs { inherit pkgs; };
overlays = import ./overlays { inherit (self) inputs; };
devShells =
let
pkgs = nixpkgs.legacyPackages.${system};
in
{
default = pkgs.mkShell {
buildInputs = with pkgs; [
nixos-container
tmux
];
};
};
nixosModules = import ./modules;
nixosConfigurations = {
container = nixpkgs.lib.nixosSystem {
inherit system;
modules = [ ./config ];
specialArgs = {
inherit inputs outputs lib;
};
};
};
};
}

3
templates/container/modules/default.nix Normal file
View file

@ -0,0 +1,3 @@
{
# example = import ./example;
}

7
templates/container/overlays/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ inputs, ... }:
{
synix-packages = final: prev: { synix = inputs.synix.overlays.additions final prev; };
local-packages = final: prev: { local = import ../pkgs { pkgs = final; }; };
}

5
templates/container/pkgs/default.nix Normal file
View file

@ -0,0 +1,5 @@
{ pkgs, ... }:
{
# example = pkgs.callPackage ./example { };
}

1
templates/dev/c-hello/.envrc Normal file
View file

@ -0,0 +1 @@
use flake

23
templates/dev/c-hello/.github/workflows/c-nix.yml vendored Normal file
View file

@ -0,0 +1,23 @@
name: C Nix Pipeline
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build-and-test:
name: Build and Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Nix
uses: cachix/install-nix-action@v18
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Run nix flake check
run: nix flake check

7
templates/dev/c-hello/.gitignore vendored Normal file
View file

@ -0,0 +1,7 @@
.cache/
.direnv/
.pre-commit-config.yaml
bin/
build/
compile_commands.json
result/

51
templates/dev/c-hello/Makefile Normal file
View file

@ -0,0 +1,51 @@
PNAME = hello-world
BUILD_DIR = build
INCLUDE_DIR = include
SRC_DIR = src
CC = gcc
CFLAGS = -I$(INCLUDE_DIR) -Wall -Wextra -g
TARGET = $(BUILD_DIR)/$(PNAME)
SRCS = $(wildcard $(SRC_DIR)/*.c)
OBJS = $(patsubst $(SRC_DIR)/%.c, $(BUILD_DIR)/%.o, $(SRCS))
# Default target
all: $(TARGET)
# Build the executable
$(TARGET): $(OBJS)
$(CC) $(OBJS) -o $@
# Compile source files into object files
$(BUILD_DIR)/%.o: $(SRC_DIR)/%.c | $(BUILD_DIR)
$(CC) $(CFLAGS) -c $< -o $@
# Create the build directory
$(BUILD_DIR):
mkdir -p $(BUILD_DIR)
# Run the executable
run: $(TARGET)
@$(TARGET)
# Clean built files
clean:
rm -rf $(BUILD_DIR)
# Clean then build
rebuild: clean all
# Display help information
help:
@echo "Makefile Usage:"
@echo ""
@echo " make - Builds the executable (default)"
@echo " make all - Same as 'make'"
@echo " make run - Builds the executable if needed and then runs it"
@echo " make clean - Removes the build directory and all built files"
@echo " make rebuild - Performs a clean first, then builds the project"
@echo " make help - Displays this help message"
.PHONY: all clean run rebuild help

2
templates/dev/c-hello/build.sh Normal file
View file

@ -0,0 +1,2 @@
make clean
bear --output build/compile_commands.json -- make all

144
templates/dev/c-hello/flake.nix Normal file
View file

@ -0,0 +1,144 @@
{
description = "A hello world template in C";
inputs = {
nixpkgs.url = "nixpkgs/nixos-unstable";
pre-commit-hooks = {
url = "github:cachix/pre-commit-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{
self,
nixpkgs,
pre-commit-hooks,
...
}:
let
pname = "hello-world"; # Also change this in the Makefile
version = "0.1.0";
supportedSystems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
nixpkgsFor = forAllSystems (
system:
import nixpkgs {
inherit system;
overlays = [ self.overlays.default ];
}
);
in
{
overlays.default = final: prev: {
"${pname}" = final.stdenv.mkDerivation rec {
inherit pname version;
src = ./.;
installPhase = ''
mkdir -p $out/bin
cp build/${pname} $out/bin/
'';
};
};
packages = forAllSystems (system: {
default = nixpkgsFor.${system}."${pname}";
"${pname}" = nixpkgsFor.${system}."${pname}";
});
devShells = forAllSystems (
system:
let
pkgs = nixpkgsFor.${system};
in
{
default = pkgs.mkShell {
buildInputs =
self.checks.${system}.pre-commit-check.enabledPackages
++ (with pkgs; [
bear
coreutils
gcc
gdb
gnumake
]);
shellHook = self.checks.${system}.pre-commit-check.shellHook + ''
export LD_LIBRARY_PATH=${pkgs.stdenv.cc.cc.lib}/lib:$LD_LIBRARY_PATH
'';
};
}
);
formatter = forAllSystems (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
config = self.checks.${system}.pre-commit-check.config;
inherit (config) package configFile;
script = ''
${pkgs.lib.getExe package} run --all-files --config ${configFile}
'';
in
pkgs.writeShellScriptBin "pre-commit-run" script
);
checks = forAllSystems (
system:
let
pkgs = nixpkgsFor.${system};
flakePkgs = self.packages.${system};
in
{
build-packages = pkgs.linkFarm "flake-packages-${system}" flakePkgs;
integration-test =
let
exe = "${flakePkgs.${pname}}/bin/${pname}";
in
pkgs.runCommand "${pname}-test"
{
nativeBuildInputs = [
pkgs.synixutils
flakePkgs.${pname}
];
}
''
assert_equal() {
if [[ "$1" != "$2" ]]; then
echo "Test failed: Expected '$1' but got '$2'"
exit 1
fi
}
exp1="Hello, world!"
out1="$(${exe})"
assert_equal "$exp1" "$out1"
echo "Test passed!" > $out
'';
pre-commit-check = pre-commit-hooks.lib.${system}.run {
src = ./.;
hooks = {
nixfmt = {
enable = true;
};
clang-format = {
enable = true;
types_or = nixpkgs.lib.mkForce [ "c" ];
};
};
};
}
);
};
}

8
templates/dev/c-hello/src/main.c Normal file
View file

@ -0,0 +1,8 @@
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char **argv) {
printf("Hello, world!\n");
return EXIT_SUCCESS;
}

1
templates/dev/esp-blink/.envrc Normal file
View file

@ -0,0 +1 @@
use flake

6
templates/dev/esp-blink/.gitignore vendored Normal file
View file

@ -0,0 +1,6 @@
.cache/
.direnv/
build/
managed_components/
sdkconfig
sdkconfig.old

5
templates/dev/esp-blink/CMakeLists.txt Normal file
View file

@ -0,0 +1,5 @@
cmake_minimum_required(VERSION 3.16)
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
idf_build_set_property(MINIMAL_BUILD ON)
project(blink)

33
templates/dev/esp-blink/README.md Normal file
View file

@ -0,0 +1,33 @@
# ESP32 blink template
Set `BLINK_GPIO` to your LED pin in [`main/main.c`](./main/main.c).
## Clean the build directory
```bash
idf.py fullclean
```
## Set the build target
```bash
idf.py set-target esp32s3
```
## Open configuration menu
```bash
idf.py menuconfig
```
## Build the project
```bash
idf.py all
```
## Flash the binary
```bash
idf.py flash
```

103
templates/dev/esp-blink/flake.nix Normal file
View file

@ -0,0 +1,103 @@
{
description = "A blink template for ESP32";
inputs = {
nixpkgs.url = "nixpkgs/nixpkgs-unstable";
esp = {
url = "github:mirrexagon/nixpkgs-esp-dev";
inputs.nixpkgs.follows = "nixpkgs";
};
pre-commit-hooks = {
url = "github:cachix/pre-commit-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{
self,
nixpkgs,
esp,
pre-commit-hooks,
...
}:
let
pname = "blink"; # Also change this in CMakeLists.txt
version = "0.1.0";
supportedSystems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
nixpkgsFor = forAllSystems (
system:
import nixpkgs {
inherit system;
overlays = [
self.overlays.default
esp.overlays.default
];
}
);
in
{
overlays.default = final: prev: { };
packages = forAllSystems (system: { });
devShells = forAllSystems (
system:
let
pkgs = nixpkgsFor.${system};
in
{
default = esp.devShells."${system}".default;
}
);
formatter = forAllSystems (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
config = self.checks.${system}.pre-commit-check.config;
inherit (config) package configFile;
script = ''
${pkgs.lib.getExe package} run --all-files --config ${configFile}
'';
in
pkgs.writeShellScriptBin "pre-commit-run" script
);
checks = forAllSystems (
system:
let
pkgs = nixpkgsFor.${system};
flakePkgs = self.packages.${system};
in
{
build-packages = pkgs.linkFarm "flake-packages-${system}" flakePkgs;
pre-commit-check = pre-commit-hooks.lib.${system}.run {
src = ./.;
hooks = {
nixfmt = {
enable = true;
};
clang-format = {
enable = true;
types_or = nixpkgs.lib.mkForce [
"c"
"cpp"
];
};
};
};
}
);
};
}

4
templates/dev/esp-blink/main/CMakeLists.txt Normal file
View file

@ -0,0 +1,4 @@
idf_component_register(
SRCS "main.c"
INCLUDE_DIRS "."
)

2
templates/dev/esp-blink/main/idf_component.yml Normal file
View file

@ -0,0 +1,2 @@
dependencies:
espressif/led_strip: "^3.0.0"

33
templates/dev/esp-blink/main/main.c Normal file
View file

@ -0,0 +1,33 @@
#include "driver/gpio.h"
#include "esp_log.h"
#include "freertos/FreeRTOS.h"
#include "freertos/task.h"
#include <stdio.h>
static const char *TAG = "BLINK";
#define BLINK_GPIO 38
#define BLINK_PERIOD 1000
static uint8_t s_led_state = 0;
static void blink_led(void) { gpio_set_level(BLINK_GPIO, s_led_state); }
static void configure_led(void) {
ESP_LOGI(TAG, "Example configured to blink GPIO LED!");
gpio_reset_pin(BLINK_GPIO);
gpio_set_direction(BLINK_GPIO, GPIO_MODE_OUTPUT);
}
static void delay_ms(uint32_t ms) { vTaskDelay(pdMS_TO_TICKS(ms)); }
void app_main(void) {
configure_led();
while (1) {
ESP_LOGI(TAG, "Turning the LED %s!", s_led_state == true ? "ON" : "OFF");
blink_led();
s_led_state = !s_led_state;
delay_ms(BLINK_PERIOD);
}
}

1
templates/dev/flask-hello/.envrc Normal file
View file

@ -0,0 +1 @@
use flake

23
templates/dev/flask-hello/.github/workflows/python-nix.yml vendored Normal file
View file

@ -0,0 +1,23 @@
name: Python Nix Pipeline
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build-and-test:
name: Build and Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Nix
uses: cachix/install-nix-action@v18
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Run nix flake check
run: nix flake check

30
templates/dev/flask-hello/.gitignore vendored Normal file
View file

@ -0,0 +1,30 @@
# Byte-compiled Python files
*.py[cod]
__pycache__/
# Distribution / packaging
.Python
*.egg
*.egg-info/
.coverage
.htmlcov/
.pytest_cache/
.tox/
.venv/
.direnv/
ENV/
build/
dist/
env.bak/
env/
venv.bak/
venv/
# IDE/editor files
*.sublime-project
*.sublime-workspace
.idea/
.vscode/
# Nix-related files
result

5
templates/dev/flask-hello/app.py Normal file
View file

@ -0,0 +1,5 @@
#!/usr/bin/env python3
from flask_hello import create_app
app = create_app()

77
templates/dev/flask-hello/flake.nix Normal file
View file

@ -0,0 +1,77 @@
{
description = "A hello world template for Python Flask";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
pre-commit-hooks = {
url = "github:cachix/pre-commit-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{
self,
nixpkgs,
...
}:
let
supportedSystems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
nixpkgsFor = forAllSystems (
system:
import nixpkgs {
inherit system;
overlays = [ self.overlays.default ];
}
);
in
{
overlays.default = final: _prev: {
flask_hello = self.packages.${final.system}.default;
};
packages = forAllSystems (system: {
default = nixpkgsFor.${system}.callPackage ./nix/package.nix { };
});
devShells = forAllSystems (system: {
default = import ./nix/shell.nix { pkgs = nixpkgsFor.${system}; };
});
nixosModules = {
flask_hello = import ./nix/module.nix;
};
formatter = forAllSystems (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
config = self.checks.${system}.pre-commit-check.config;
inherit (config) package configFile;
script = ''
${pkgs.lib.getExe package} run --all-files --config ${configFile}
'';
in
pkgs.writeShellScriptBin "pre-commit-run" script
);
checks = forAllSystems (system: {
build-packages = nixpkgsFor."${system}".linkFarm "flake-packages-${system}" self.packages.${system};
pre-commit-check = self.inputs.pre-commit-hooks.lib.${system}.run {
src = ./.;
hooks = {
nixfmt.enable = true;
black.enable = true;
};
};
});
};
}

17
templates/dev/flask-hello/flask_hello/__init__.py Normal file
View file

@ -0,0 +1,17 @@
from flask import Flask
def create_app():
app = Flask(__name__)
from .blueprints.home import home_bp
app.register_blueprint(home_bp)
from flask import render_template
@app.errorhandler(404)
def not_found_error(error):
return render_template("errors.html", error="Page not found"), 404
return app

0
templates/dev/flask-hello/flask_hello/blueprints/__init__.py Normal file
View file

8
templates/dev/flask-hello/flask_hello/blueprints/home.py Normal file
View file

@ -0,0 +1,8 @@
from flask import Blueprint, render_template
home_bp = Blueprint("home", __name__)
@home_bp.route("/")
def index():
return render_template("index.html")

9
templates/dev/flask-hello/flask_hello/static/css/style.css Normal file
View file

@ -0,0 +1,9 @@
body {
font-family: Arial, sans-serif;
margin: 40px;
background-color: #f5f5f5;
}
h1 {
color: #333;
}

12
templates/dev/flask-hello/flask_hello/templates/base.html Normal file
View file

@ -0,0 +1,12 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>{% block title %}Flask App{% endblock %}</title>
<link rel="stylesheet" href="{{ url_for('static', filename='css/style.css') }}">
</head>
<body>
{% block content %}{% endblock %}
</body>
</html>

7
templates/dev/flask-hello/flask_hello/templates/errors.html Normal file
View file

@ -0,0 +1,7 @@
{% extends "base.html" %}
{% block content %}
<h1>Error</h1>
<p>{{ error }}</p>
<a href="{{ url_for('home.index') }}">Go Home</a>
{% endblock %}

6
templates/dev/flask-hello/flask_hello/templates/index.html Normal file
View file

@ -0,0 +1,6 @@
{% extends "base.html" %}
{% block content %}
<h1>Hello, World!</h1>
<p>Welcome to your Flask application.</p>
{% endblock %}

132
templates/dev/flask-hello/nix/module.nix Normal file
View file

@ -0,0 +1,132 @@
{
inputs,
config,
lib,
pkgs,
...
}:
let
cfg = config.services.flask_hello;
domain = config.networking.domain;
fqdn = if (cfg.nginx.subdomain != "") then "${cfg.nginx.subdomain}.${domain}" else domain;
python-with-packages = pkgs.python3.withPackages (
p: with p; [
flask
]
);
inherit (lib)
concatStringsSep
getExe
mkDefault
mkEnableOption
mkIf
mkOption
mkPackageOption
types
;
in
{
options.services.flask_hello = {
enable = mkEnableOption "Flask Hello World service.";
package = mkPackageOption pkgs "flask_hello" { };
port = mkOption {
type = types.port;
default = 5000;
description = "The port to listen on.";
};
user = mkOption {
type = types.str;
description = "The user the Flask service will run as.";
default = "flaskapp";
};
group = mkOption {
type = types.str;
description = "The group the Flask service will run as.";
default = "flaskapp";
};
nginx = {
enable = mkOption {
type = types.bool;
default = true;
description = "Enable Nginx as a reverse proxy for the Flask application.";
};
subdomain = mkOption {
type = types.str;
default = "flask_hello";
description = "Subdomain for the Nginx virtual host. Leave empty for root domain.";
};
ssl = mkOption {
type = types.bool;
default = true;
description = "Enable SSL for the Nginx virtual host using ACME.";
};
};
gunicorn.extraArgs = mkOption {
type = types.listOf types.str;
default = [ ];
description = "Extra arguments for gunicorn.";
};
};
config = mkIf cfg.enable {
nixpkgs.overlays = [ inputs.flask_hello.overlays.default ];
networking.firewall.allowedTCPPorts = [
80 # ACME challenge
443
];
systemd.services.flask_hello = {
description = "Flask Hello World";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
PYTHONPATH = "${python-with-packages}/${python-with-packages.sitePackages}";
};
serviceConfig = {
ExecStart = ''
${getExe pkgs.python3Packages.gunicorn} \
--bind=127.0.0.1:${toString cfg.port} \
${concatStringsSep " " cfg.gunicorn.extraArgs} \
app:app
'';
WorkingDirectory = "${cfg.package}";
Restart = "on-failure";
User = cfg.user;
Group = cfg.group;
};
};
users.users."${cfg.user}" = {
home = "/var/lib/${cfg.user}";
isSystemUser = true;
group = cfg.group;
};
users.groups."${cfg.group}" = { };
services.nginx = mkIf cfg.nginx.enable {
enable = mkDefault true;
virtualHosts."${fqdn}" = {
enableACME = cfg.nginx.ssl;
forceSSL = cfg.nginx.ssl;
locations."/".proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
security.acme = mkIf (cfg.nginx.enable && cfg.nginx.ssl) {
acceptTerms = true;
defaults.email = mkDefault "postmaster@${domain}";
defaults.webroot = mkDefault "/var/lib/acme/acme-challenge";
certs."${domain}".postRun = "systemctl reload nginx.service";
};
};
}

31
templates/dev/flask-hello/nix/package.nix Normal file
View file

@ -0,0 +1,31 @@
{
python3,
...
}:
python3.pkgs.buildPythonApplication rec {
pname = "flask_hello";
version = "0.1.0";
pyproject = true;
build-system = [ python3.pkgs.setuptools ];
dependencies = with python3.pkgs; [
flask
];
src = ../.;
installPhase = ''
runHook preInstall
mkdir -p $out
cp -r $src/${pname} $out/
cp $src/app.py $out/
chmod +x $out/app.py
runHook postInstall
'';
doCheck = false;
}

17
templates/dev/flask-hello/nix/shell.nix Normal file
View file

@ -0,0 +1,17 @@
{
pkgs ? import <nixpkgs> { },
...
}:
pkgs.mkShell {
buildInputs = [
(pkgs.python3.withPackages (
p: with p; [
flask
gunicorn
]
))
pkgs.nixfmt-tree
pkgs.black
];
}

13
templates/dev/flask-hello/pyproject.toml Normal file
View file

@ -0,0 +1,13 @@
[build-system]
requires = ["setuptools"]
build-backend = "setuptools.build_meta"
[project]
name = "flask_hello"
version = "0.1.0"
dependencies = [
"flask",
]
[tool.setuptools.packages.find]
include = ["flask_hello*"]

23
templates/dev/py-hello/.github/workflows/python-nix.yml vendored Normal file
View file

@ -0,0 +1,23 @@
name: Python Nix Pipeline
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build-and-test:
name: Build and Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Nix
uses: cachix/install-nix-action@v18
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Run nix flake check
run: nix flake check

29
templates/dev/py-hello/.gitignore vendored Normal file
View file

@ -0,0 +1,29 @@
# Byte-compiled Python files
*.py[cod]
__pycache__/
# Distribution / packaging
.Python
*.egg
*.egg-info/
.coverage
.htmlcov/
.pytest_cache/
.tox/
.venv/
ENV/
build/
dist/
env.bak/
env/
venv.bak/
venv/
# IDE/editor files
*.sublime-project
*.sublime-workspace
.idea/
.vscode/
# Nix-related files
result

131
templates/dev/py-hello/flake.nix Normal file
View file

@ -0,0 +1,131 @@
{
description = "A hello world template in Python";
inputs = {
nixpkgs.url = "nixpkgs/nixos-unstable";
pre-commit-hooks = {
url = "github:cachix/pre-commit-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{
self,
nixpkgs,
...
}:
let
pname = "hello-world";
version = "0.1.0";
supportedSystems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
nixpkgsFor = forAllSystems (
system:
import nixpkgs {
inherit system;
overlays = [ self.overlays.default ];
}
);
in
{
overlays.default =
final: prev:
let
python = final.python312;
in
{
"${pname}" = python.pkgs.buildPythonApplication {
inherit pname version;
pyproject = true;
src = ./.;
build-system = [
python.pkgs.setuptools
python.pkgs.wheel
];
dependencies = with python.pkgs; [
];
pythonImportsCheck = [
"hello_world"
];
};
};
packages = forAllSystems (system: {
default = nixpkgsFor.${system}."${pname}";
"${pname}" = nixpkgsFor.${system}."${pname}";
});
devShells = forAllSystems (
system:
let
pkgs = nixpkgsFor.${system};
python = pkgs.python312;
in
{
default = pkgs.mkShell {
inherit (self.checks.${system}.pre-commit-check) shellHook;
buildInputs = self.checks.${system}.pre-commit-check.enabledPackages ++ [
(python.withPackages (
p: with p; [
]
))
];
};
venv = pkgs.mkShell {
buildInputs = [
python
]
++ [
(python.withPackages (
p: with p; [
pip
]
))
];
shellHook = ''
python -m venv .venv
source .venv/bin/activate
pip install .
'';
};
}
);
formatter = forAllSystems (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
config = self.checks.${system}.pre-commit-check.config;
inherit (config) package configFile;
script = ''
${pkgs.lib.getExe package} run --all-files --config ${configFile}
'';
in
pkgs.writeShellScriptBin "pre-commit-run" script
);
checks = forAllSystems (system: {
# TODO: Add integration test
pre-commit-check = self.inputs.pre-commit-hooks.lib.${system}.run {
src = ./.;
hooks = {
nixfmt = {
enable = true;
};
# TODO: Add Python format check
};
};
});
};
}

14
templates/dev/py-hello/pyproject.toml Normal file
View file

@ -0,0 +1,14 @@
[build-system]
requires = ["setuptools>=75", "wheel"]
build-backend = "setuptools.build_meta"
[project]
name = "hello-world"
version = "0.1.0"
requires-python = ">=3.12"
dependencies = [
]
[project.scripts]
hello-world = "hello_world.__main__:main"

1
templates/dev/py-hello/src/hello_world/__init__.py Normal file
View file

@ -0,0 +1 @@
# This file is intentionally empty.

5
templates/dev/py-hello/src/hello_world/__main__.py Normal file
View file

@ -0,0 +1,5 @@
def main():
print("Hello, world!")
if __name__ == "__main__":
main()

26
templates/dev/rs-hello/.github/workflows/rust-nix.yml vendored Normal file
View file

@ -0,0 +1,26 @@
name: Rust Nix Pipeline
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build-and-test:
name: Build and Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Nix
uses: cachix/install-nix-action@v18
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Run cargo tests in dev shell
run: nix develop --command bash -c "cargo test"
- name: Run nix flake check
run: nix flake check

3
templates/dev/rs-hello/.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
.pre-commit-config.yaml
result/
target/

8
templates/dev/rs-hello/Cargo.toml Normal file
View file

@ -0,0 +1,8 @@
[package]
name = "hello-world"
version = "0.1.0"
edition = "2021"
authors = ["Your Name <your.email@example.com>"]
description = "A simple Hello World program"
[dependencies]

127
templates/dev/rs-hello/flake.nix Normal file
View file

@ -0,0 +1,127 @@
{
description = "A hello world template in Rust";
inputs = {
nixpkgs.url = "nixpkgs/nixos-unstable";
pre-commit-hooks = {
url = "github:cachix/pre-commit-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{
self,
nixpkgs,
...
}:
let
pname = "hello-world";
version = "0.1.0";
supportedSystems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
nixpkgsFor = forAllSystems (
system:
import nixpkgs {
inherit system;
overlays = [ self.overlays.default ];
}
);
in
{
overlays.default = final: prev: {
"${pname}" = final.rustPlatform.buildRustPackage {
inherit pname version;
src = ./.;
cargoLock.lockFile = ./Cargo.lock;
nativeBuildInputs = with final; [ pkg-config ];
};
};
packages = forAllSystems (system: {
default = nixpkgsFor.${system}."${pname}";
"${pname}" = nixpkgsFor.${system}."${pname}";
});
devShells = forAllSystems (
system:
let
pkgs = nixpkgsFor.${system};
in
{
default = pkgs.mkShell {
inherit (self.checks.${system}.pre-commit-check) shellHook;
buildInputs =
self.checks.${system}.pre-commit-check.enabledPackages
++ (with pkgs; [
cargo
pkg-config
pre-commit
rust-analyzer
rustc
]);
};
}
);
formatter = forAllSystems (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
config = self.checks.${system}.pre-commit-check.config;
inherit (config) package configFile;
script = ''
${pkgs.lib.getExe package} run --all-files --config ${configFile}
'';
in
pkgs.writeShellScriptBin "pre-commit-run" script
);
checks = forAllSystems (
system:
let
pkgs = nixpkgsFor.${system};
in
{
integration-test =
pkgs.runCommand "hello-world-test"
{
nativeBuildInputs = [
pkgs.synixutils
self.packages.${system}.${pname}
];
}
''
output=$(hello-world)
echo "$output" | grep -q "Hello, World!" || {
echo "Test failed: Expected 'Hello, World!' but got: $output"
exit 1
}
echo "Hello World test passed!" > $out
'';
pre-commit-check = self.inputs.pre-commit-hooks.lib.${system}.run {
src = ./.;
hooks = {
nixfmt = {
enable = true;
};
rustfmt = {
enable = true;
};
};
};
}
);
};
}

11
templates/dev/rs-hello/src/main.rs Normal file
View file

@ -0,0 +1,11 @@
fn main() {
println!("Hello, world!");
}
#[cfg(test)]
mod tests {
#[test]
fn test_hello_world() {
assert!(true);
}
}

1
templates/microvm/.envrc Normal file
View file

@ -0,0 +1 @@
use flake

2
templates/microvm/.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
*.img
.direnv/

67
templates/microvm/README.md Normal file
View file

@ -0,0 +1,67 @@
# microvm
[microvm](https://github.com/microvm-nix/microvm.nix) NixOS configuration.
## Setup
To be able to rebuild remotely and for convenient ssh access, add the uvm host to your Home Manager ssh configuration:
```nix
programs.ssh.matchBlocks = {
uvm = {
host = "uvm";
hostname = "localhost";
port = 2222;
user = "root";
checkHostIP = false;
};
};
```
Create a new directory and initialize the template inside of it:
```bash
mkdir -p microvm
cd microvm
nix flake init -t git+https://git.sid.ovh/sid/synix#microvm
```
Add your public key to the NixOS configuration. See [`config/configuration.nix`](./config/configuration.nix).
## Usage
Run VM:
```bash
nix run .#microvm
```
Or with `tmux`:
```bash
tmux new-session -s microvm 'nix run .#microvm'
```
> `tmux` is available in the Nix development shell.
SSH into VM:
```bash
ssh uvm
```
Remote rebuilding:
```bash
nix run .#rebuild <build-host> uvm
```
> Note: `<build-host>` needs to be a remote host where you login as root via ssh with no password.
If you need to use remote sudo, you can also use [synix's rebuild script](https://git.sid.ovh/sid/synix/blob/master/modules/nixos/common/rebuild.sh) for remote rebuilds. But then, the root user password cannot be empty:
```bash
rebuild -p . -H uvm -T uvm -B <build-host>
```
You might want to set up [PAM's SSH agent Auth](https://search.nixos.org/options?channel=unstable&query=sshAgentAuth) or use an [askpass helper](https://search.nixos.org/options?channel=unstable&query=askpass).

84
templates/microvm/config/base.nix Normal file
View file

@ -0,0 +1,84 @@
# Edit this only if you know what you're doing.
{ inputs, outputs, ... }:
{
imports = [
inputs.microvm.nixosModules.microvm
];
networking.hostName = "uvm";
users.users.root = {
password = "";
};
services.getty.autologinUser = "root";
microvm = {
volumes = [
{
mountPoint = "/var";
image = "var.img";
size = 256;
}
];
shares = [
{
proto = "9p";
tag = "ro-store";
source = "/nix/store";
mountPoint = "/nix/.ro-store";
}
];
interfaces = [
{
type = "user";
id = "qemu";
mac = "02:00:00:00:00:01";
}
];
forwardPorts = [
{
host.port = 2222;
guest.port = 22;
}
];
optimize.enable = true;
hypervisor = "qemu";
socket = "control.socket";
};
nix = {
channel.enable = false;
settings = {
experimental-features = "nix-command flakes";
builders-use-substitutes = true;
substituters = [
"https://cache.nixos.org"
"https://nix-community.cachix.org"
"https://microvm.cachix.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"microvm.cachix.org-1:oXnBc6hRE3eX5rSYdRyMYXnfzcCxC7yKPTbZXALsqys="
];
};
};
nixpkgs.overlays = [
outputs.overlays.synix-packages
outputs.overlays.local-packages
];
services.openssh = {
enable = true;
ports = [ 22 ];
openFirewall = true;
settings = {
PermitRootLogin = "yes";
PasswordAuthentication = false;
};
};
system.stateVersion = "25.11";
}

10
templates/microvm/config/configuration.nix Normal file
View file

@ -0,0 +1,10 @@
{
users.users.root = {
openssh.authorizedKeys.keyFiles = [
# copy your public key here and point to it
# ./id_rsa.pub
];
};
# Add the rest of your configuration here
}

6
templates/microvm/config/default.nix Normal file
View file

@ -0,0 +1,6 @@
{
imports = [
./base.nix
./configuration.nix
];
}

96
templates/microvm/flake.nix Normal file
View file

@ -0,0 +1,96 @@
{
description = "MicroVM NixOS configurations";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
microvm.url = "github:microvm-nix/microvm.nix";
microvm.inputs.nixpkgs.follows = "nixpkgs";
synix.url = "git+https://git.sid.ovh/sid/synix.git?ref=release-25.11";
synix.imputs.nixpkgs.follows = "nixpkgs";
};
outputs =
{
self,
nixpkgs,
...
}@inputs:
let
inherit (self) outputs;
supportedSystems = [
"x86_64-linux"
"aarch64-linux"
];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
lib = nixpkgs.lib.extend (final: prev: inputs.synix.lib or { });
mkApp = program: description: {
type = "app";
inherit program;
meta.description = description;
};
mkNixosConfiguration =
system: modules:
nixpkgs.lib.nixosSystem {
inherit system modules;
specialArgs = {
inherit inputs outputs lib;
};
};
in
{
apps = forAllSystems (
system:
let
microvm = self.nixosConfigurations."microvm-${system}".config.microvm;
inherit (nixpkgs.lib) getExe;
in
{
rebuild = mkApp (getExe microvm.deploy.rebuild) "Rebuild the VM.";
microvm = mkApp (getExe microvm.declaredRunner) "Run the VM.";
}
);
packages = forAllSystems (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
in
import ./pkgs { inherit pkgs; }
);
overlays = import ./overlays { inherit (self) inputs; };
devShells = forAllSystems (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
in
{
default = pkgs.mkShell {
buildInputs = with pkgs; [
tmux
];
};
# FIXME: `microvm.deploy.rebuild` does not seem to care about askpass
# shellHook = ''
# export SSH_ASKPASS="pass <SUDO_BUILD_HOST_PASSWORD>"
# export SSH_ASKPASS_REQUIRE="force"
# '';
}
);
nixosModules = import ./modules;
nixosConfigurations = {
microvm-x86_64-linux = mkNixosConfiguration "x86_64-linux" [ ./config ];
microvm-aarch64-linux = mkNixosConfiguration "aarch64-linux" [ ./config ];
};
};
}

3
templates/microvm/modules/default.nix Normal file
View file

@ -0,0 +1,3 @@
{
# example = import ./example;
}

7
templates/microvm/overlays/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ inputs, ... }:
{
synix-packages = final: prev: { synix = inputs.synix.overlays.additions final prev; };
local-packages = final: prev: { local = import ../pkgs { pkgs = final; }; };
}

5
templates/microvm/pkgs/default.nix Normal file
View file

@ -0,0 +1,5 @@
{ pkgs, ... }:
{
# example = pkgs.callPackage ./example { };
}

89
templates/nix-configs/hetzner-amd/flake.nix Normal file
View file

@ -0,0 +1,89 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-old-stable.url = "github:nixos/nixpkgs/nixos-25.05";
synix.url = "git+https://git.sid.ovh/sid/synix.git?ref=release-25.11";
synix.imputs.nixpkgs.follows = "nixpkgs";
git-hooks.url = "github:cachix/git-hooks.nix";
git-hooks.inputs.nixpkgs.follows = "nixpkgs";
};
outputs =
{
self,
nixpkgs,
...
}@inputs:
let
inherit (self) outputs;
supportedSystems = [
"x86_64-linux"
"aarch64-linux"
];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
lib = nixpkgs.lib.extend (final: prev: inputs.synix.lib or { });
mkNixosConfiguration =
system: modules:
nixpkgs.lib.nixosSystem {
inherit system modules;
specialArgs = {
inherit inputs outputs lib;
};
};
in
{
packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
overlays = import ./overlays { inherit inputs; };
nixosModules = import ./modules/nixos;
nixosConfigurations = {
HOSTNAME = mkNixosConfiguration "x86_64-linux" [ ./hosts/HOSTNAME ];
};
formatter = forAllSystems (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
config = self.checks.${system}.pre-commit-check.config;
inherit (config) package configFile;
script = ''
${pkgs.lib.getExe package} run --all-files --config ${configFile}
'';
in
pkgs.writeShellScriptBin "pre-commit-run" script
);
checks = forAllSystems (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
flakePkgs = self.packages.${system};
overlaidPkgs = import nixpkgs {
inherit system;
overlays = [ self.overlays.modifications ];
};
in
{
pre-commit-check = inputs.git-hooks.lib.${system}.run {
src = ./.;
hooks = {
nixfmt.enable = true;
};
};
build-packages = pkgs.linkFarm "flake-packages-${system}" flakePkgs;
build-overlays = pkgs.linkFarm "flake-overlays-${system}" {
# package = overlaidPkgs.package;
};
}
);
};
}

7
templates/nix-configs/hetzner-amd/hosts/HOSTNAME/boot.nix Normal file
View file

@ -0,0 +1,7 @@
{
boot.loader.systemd-boot = {
enable = true;
configurationLimit = 10;
};
boot.loader.efi.canTouchEfiVariables = true;
}

22
templates/nix-configs/hetzner-amd/hosts/HOSTNAME/default.nix Normal file
View file

@ -0,0 +1,22 @@
{
inputs,
outputs,
...
}:
{
imports = [
./boot.nix
./hardware.nix
./networking.nix
./packages.nix
./services
./users.nix
inputs.synix.nixosModules.common
outputs.nixosModules.common
];
system.stateVersion = "25.11";
}

63
templates/nix-configs/hetzner-amd/hosts/HOSTNAME/disks.sh Normal file
View file

@ -0,0 +1,63 @@
#!/usr/bin/env bash
SSD='/dev/disk/by-id/FIXME'
MNT='/mnt'
SWAP_GB=4
# Helper function to wait for devices
wait_for_device() {
local device=$1
echo "Waiting for device: $device ..."
while [[ ! -e $device ]]; do
sleep 1
done
echo "Device $device is ready."
}
# Function to install a package if it's not already installed
install_if_missing() {
local cmd="$1"
local package="$2"
if ! command -v "$cmd" &> /dev/null; then
echo "$cmd not found, installing $package..."
nix-env -iA "nixos.$package"
fi
}
install_if_missing "sgdisk" "gptfdisk"
install_if_missing "partprobe" "parted"
wait_for_device $SSD
echo "Wiping filesystem on $SSD..."
wipefs -a $SSD
echo "Clearing partition table on $SSD..."
sgdisk --zap-all $SSD
echo "Partitioning $SSD..."
sgdisk -n1:1M:+1G -t1:EF00 -c1:BOOT $SSD
sgdisk -n2:0:+"$SWAP_GB"G -t2:8200 -c2:SWAP $SSD
sgdisk -n3:0:0 -t3:8304 -c3:ROOT $SSD
partprobe -s $SSD
udevadm settle
wait_for_device ${SSD}-part1
wait_for_device ${SSD}-part2
wait_for_device ${SSD}-part3
echo "Formatting partitions..."
mkfs.vfat -F 32 -n BOOT "${SSD}-part1"
mkswap -L SWAP "${SSD}-part2"
mkfs.ext4 -L ROOT "${SSD}-part3"
echo "Mounting partitions..."
mount -o X-mount.mkdir "${SSD}-part3" "$MNT"
mkdir -p "$MNT/boot"
mount -t vfat -o fmask=0077,dmask=0077,iocharset=iso8859-1 "${SSD}-part1" "$MNT/boot"
echo "Enabling swap..."
swapon "${SSD}-part2"
echo "Partitioning and setup complete:"
lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT,LABEL

48
templates/nix-configs/hetzner-amd/hosts/HOSTNAME/hardware.nix Normal file
View file

@ -0,0 +1,48 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"ahci"
"nvme"
"sd_mod"
"sdhci_pci"
"sr_mod"
"usb_storage"
"virtio_pci"
"virtio_scsi"
"xhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-label/ROOT";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

4
templates/nix-configs/hetzner-amd/hosts/HOSTNAME/networking.nix Normal file
View file

@ -0,0 +1,4 @@
{
networking.hostName = "HOSTNAME";
networking.domain = "HOSTNAME.local";
}

5
templates/nix-configs/hetzner-amd/hosts/HOSTNAME/packages.nix Normal file
View file

@ -0,0 +1,5 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ ];
}

6
templates/nix-configs/hetzner-amd/hosts/HOSTNAME/services/default.nix Normal file
View file

@ -0,0 +1,6 @@
{
imports = [
./nginx.nix
./openssh.nix
];
}

14
templates/nix-configs/hetzner-amd/hosts/HOSTNAME/services/nginx.nix Normal file
View file

@ -0,0 +1,14 @@
{
inputs,
...
}:
{
imports = [ inputs.synix.nixosModules.nginx ];
services.nginx = {
enable = true;
forceSSL = true;
openFirewall = true;
};
}

12
templates/nix-configs/hetzner-amd/hosts/HOSTNAME/services/openssh.nix Normal file
View file

@ -0,0 +1,12 @@
{
inputs,
...
}:
{
imports = [
inputs.synix.nixosModules.openssh
];
services.openssh.enable = true;
}

9
templates/nix-configs/hetzner-amd/hosts/HOSTNAME/users.nix Normal file
View file

@ -0,0 +1,9 @@
{ inputs, ... }:
{
imports = [
inputs.synix.nixosModules.normalUsers
../../users/USERNAME
];
}

5
templates/nix-configs/hetzner-amd/modules/nixos/common/default.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
./overlays.nix
];
}

11
templates/nix-configs/hetzner-amd/modules/nixos/common/overlays.nix Normal file
View file

@ -0,0 +1,11 @@
{ outputs, ... }:
{
nixpkgs.overlays = [
outputs.overlays.synix-packages
outputs.overlays.local-packages
outputs.overlays.modifications
outputs.overlays.old-stable-packages
outputs.overlays.unstable-packages
];
}

3
templates/nix-configs/hetzner-amd/modules/nixos/default.nix Normal file
View file

@ -0,0 +1,3 @@
{
common = import ./common;
}

35
templates/nix-configs/hetzner-amd/overlays/default.nix Normal file
View file

@ -0,0 +1,35 @@
{ inputs, ... }:
{
# synix packages accessible through 'pkgs.synix'
synix-packages = final: prev: { synix = inputs.synix.packages."${final.system}"; };
# packages in `pkgs/` accessible through 'pkgs.local'
local-packages = final: prev: { local = import ../pkgs { pkgs = final; }; };
# https://nixos.wiki/wiki/Overlays
modifications =
final: prev:
let
files = [
];
imports = builtins.map (f: import f final prev) files;
in
builtins.foldl' (a: b: a // b) { } imports // inputs.synix.overlays.modifications final prev;
# old-stable nixpkgs accessible through 'pkgs.old-stable'
old-stable-packages = final: prev: {
old-stable = import inputs.nixpkgs-old-stable {
inherit (final) system;
inherit (prev) config;
};
};
# unstable nixpkgs accessible through 'pkgs.unstable'
unstable-packages = final: prev: {
unstable = import inputs.nixpkgs-unstable {
inherit (final) system;
inherit (prev) config;
};
};
}

18
templates/nix-configs/hetzner-amd/pi4/.sops.yaml Normal file
View file

@ -0,0 +1,18 @@
keys:
- &host_portuus age1lghtkhxlz2tc5j9cjm6ancvz4a0mkgevjw4e2mhfar7cr5atl50snr5rs4
- &host_edge age194tp22lgh6uw3lcg2u0j9ylllfvs6anjk4ns7prhy8e08k20q3jq439e6c
- &user_sid age19yeqvv28fgrtk6jsh3xyaf0lch86kna6rcz4dwe962yyyyevu30sx474xy
- &user_steffen age1e8p35795htf7twrejyugpzw0qja2v33awcw76y4gp6acnxnkzq0s935t4t
creation_rules:
- path_regex: hosts/portuus/secrets/secrets.yaml$
key_groups:
- age:
- *user_sid
- *user_steffen
- *host_portuus
- path_regex: hosts/edge/secrets/secrets.yaml$
key_groups:
- age:
- *user_sid
- *user_steffen
- *host_edge

93
templates/nix-configs/hetzner-amd/pi4/flake.nix Normal file
View file

@ -0,0 +1,93 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-old-stable.url = "github:nixos/nixpkgs/nixos-25.05";
synix.url = "git+https://git.sid.ovh/sid/synix.git?ref=release-25.11";
synix.imputs.nixpkgs.follows = "nixpkgs";
git-hooks.url = "github:cachix/git-hooks.nix";
git-hooks.inputs.nixpkgs.follows = "nixpkgs";
};
outputs =
{
self,
nixpkgs,
...
}@inputs:
let
inherit (self) outputs;
supportedSystems = [
"x86_64-linux"
"aarch64-linux"
];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
overlays = [ inputs.synix.overlays.default ];
mkNixosConfiguration =
system: modules:
nixpkgs.lib.nixosSystem {
inherit system modules;
specialArgs = {
inherit inputs outputs;
lib =
(import nixpkgs {
inherit system overlays;
}).lib;
};
};
in
{
packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
overlays = import ./overlays { inherit inputs; };
nixosModules = import ./modules/nixos;
nixosConfigurations = {
HOSTNAME = mkNixosConfiguration "x86_64-linux" [ ./hosts/HOSTNAME ];
};
formatter = forAllSystems (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
config = self.checks.${system}.pre-commit-check.config;
inherit (config) package configFile;
script = ''
${pkgs.lib.getExe package} run --all-files --config ${configFile}
'';
in
pkgs.writeShellScriptBin "pre-commit-run" script
);
checks = forAllSystems (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
flakePkgs = self.packages.${system};
overlaidPkgs = import nixpkgs {
inherit system;
overlays = [ self.overlays.modifications ];
};
in
{
pre-commit-check = inputs.git-hooks.lib.${system}.run {
src = ./.;
hooks = {
nixfmt.enable = true;
};
};
build-packages = pkgs.linkFarm "flake-packages-${system}" flakePkgs;
build-overlays = pkgs.linkFarm "flake-overlays-${system}" {
# package = overlaidPkgs.package;
};
}
);
};
}

7
templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/boot.nix Normal file
View file

@ -0,0 +1,7 @@
{
boot.loader.systemd-boot = {
enable = true;
configurationLimit = 10;
};
boot.loader.efi.canTouchEfiVariables = true;
}

22
templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/default.nix Normal file
View file

@ -0,0 +1,22 @@
{
inputs,
outputs,
...
}:
{
imports = [
./boot.nix
./hardware.nix
./networking.nix
./packages.nix
./services
./users.nix
inputs.synix.nixosModules.common
outputs.nixosModules.common
];
system.stateVersion = "25.11";
}

66
templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/disks.sh Normal file
View file

@ -0,0 +1,66 @@
#!/usr/bin/env bash
SSD='/dev/sda'
MNT='/mnt'
SWAP_GB=4
# Helper function to wait for devices
wait_for_device() {
local device=$1
echo "Waiting for device: $device ..."
while [[ ! -e $device ]]; do
sleep 1
done
echo "Device $device is ready."
}
# Function to install a package if it's not already installed
install_if_missing() {
local cmd="$1"
local package="$2"
if ! command -v "$cmd" &> /dev/null; then
echo "$cmd not found, installing $package..."
nix-env -iA "nixos.$package"
fi
}
install_if_missing "sgdisk" "gptfdisk"
install_if_missing "partprobe" "parted"
wait_for_device $SSD
echo "Wiping filesystem on $SSD..."
wipefs -a $SSD
echo "Clearing partition table on $SSD..."
sgdisk --zap-all $SSD
echo "Partitioning $SSD..."
parted -s "$SSD" \
mklabel gpt \
mkpart ESP fat32 1MiB 513MiB \
set 1 esp on \
mkpart primary linux-swap 513MiB "$((513 + SWAP_GB*1024))"MiB \
mkpart primary ext4 "$((513 + SWAP_GB*1024))"MiB 100%
partprobe -s $SSD
udevadm settle
wait_for_device ${SSD}-part1
wait_for_device ${SSD}-part2
wait_for_device ${SSD}-part3
echo "Formatting partitions..."
mkfs.vfat -n BOOT "${SSD}1"
mkswap -L SWAP "${SSD}2"
mkfs.ext4 -L ROOT "${SSD}3"
echo "Mounting partitions..."
mount "${SSD}3" "$MNT"
mkdir -p "$MNT/boot"
mount "${SSD}1" "$MNT/boot"
echo "Enabling swap..."
swapon "${SSD}2"
echo "Partitioning and setup complete:"
lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT,LABEL

41
templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/hardware.nix Normal file
View file

@ -0,0 +1,41 @@
{
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-label/ROOT";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
};
swapDevices = [
{ device = "/dev/disk/by-label/SWAP"; }
];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

4
templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/networking.nix Normal file
View file

@ -0,0 +1,4 @@
{
networking.hostName = "HOSTNAME";
networking.domain = "HOSTNAME.local";
}

5
templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/packages.nix Normal file
View file

@ -0,0 +1,5 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ ];
}

6
templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/services/default.nix Normal file
View file

@ -0,0 +1,6 @@
{
imports = [
./nginx.nix
./openssh.nix
];
}

14
templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/services/nginx.nix Normal file
View file

@ -0,0 +1,14 @@
{
inputs,
...
}:
{
imports = [ inputs.synix.nixosModules.nginx ];
services.nginx = {
enable = true;
forceSSL = true;
openFirewall = true;
};
}

12
templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/services/openssh.nix Normal file
View file

@ -0,0 +1,12 @@
{
inputs,
...
}:
{
imports = [
inputs.synix.nixosModules.openssh
];
services.openssh.enable = true;
}

9
templates/nix-configs/hetzner-amd/pi4/hosts/HOSTNAME/users.nix Normal file
View file

@ -0,0 +1,9 @@
{ inputs, ... }:
{
imports = [
inputs.synix.nixosModules.normalUsers
../../users/USERNAME
];
}

5
templates/nix-configs/hetzner-amd/pi4/modules/nixos/common/default.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
./overlays.nix
];
}

11
templates/nix-configs/hetzner-amd/pi4/modules/nixos/common/overlays.nix Normal file
View file

@ -0,0 +1,11 @@
{ outputs, ... }:
{
nixpkgs.overlays = [
outputs.overlays.synix-packages
outputs.overlays.local-packages
outputs.overlays.modifications
outputs.overlays.old-stable-packages
outputs.overlays.unstable-packages
];
}

3
templates/nix-configs/hetzner-amd/pi4/modules/nixos/default.nix Normal file
View file

@ -0,0 +1,3 @@
{
common = import ./common;
}

35
templates/nix-configs/hetzner-amd/pi4/overlays/default.nix Normal file
View file

@ -0,0 +1,35 @@
{ inputs, ... }:
{
# synix packages accessible through 'pkgs.synix'
synix-packages = final: prev: { synix = inputs.synix.packages."${final.system}"; };
# packages in `pkgs/` accessible through 'pkgs.local'
local-packages = final: prev: { local = import ../pkgs { pkgs = final; }; };
# https://nixos.wiki/wiki/Overlays
modifications =
final: prev:
let
files = [
];
imports = builtins.map (f: import f final prev) files;
in
builtins.foldl' (a: b: a // b) { } imports // inputs.synix.overlays.modifications final prev;
# old-stable nixpkgs accessible through 'pkgs.old-stable'
old-stable-packages = final: prev: {
old-stable = import inputs.nixpkgs-old-stable {
inherit (final) system;
inherit (prev) config;
};
};
# unstable nixpkgs accessible through 'pkgs.unstable'
unstable-packages = final: prev: {
unstable = import inputs.nixpkgs-unstable {
inherit (final) system;
inherit (prev) config;
};
};
}

8
templates/nix-configs/hetzner-amd/pi4/pkgs/default.nix Normal file
View file

@ -0,0 +1,8 @@
{
pkgs ? import <nixpkgs>,
...
}:
{
# example = pkgs.callPackage ./example { };
}

8
templates/nix-configs/hetzner-amd/pi4/users/USERNAME/default.nix Normal file
View file

@ -0,0 +1,8 @@
{
normalUsers.USERNAME = {
extraGroups = [
"wheel"
];
# sshKeyFiles = [ ./pubkeys/YOUR_PUBKEY.pub ]; # FIXME
};
}

0
templates/nix-configs/hetzner-amd/pi4/users/USERNAME/pubkeys/YOUR_PUBKEY.pub Normal file
View file

8
templates/nix-configs/hetzner-amd/pkgs/default.nix Normal file
View file

@ -0,0 +1,8 @@
{
pkgs ? import <nixpkgs>,
...
}:
{
# example = pkgs.callPackage ./example { };
}

8
templates/nix-configs/hetzner-amd/users/USERNAME/default.nix Normal file
View file

@ -0,0 +1,8 @@
{
normalUsers.USERNAME = {
extraGroups = [
"wheel"
];
# sshKeyFiles = [ ./pubkeys/YOUR_PUBKEY.pub ]; # FIXME
};
}

0
templates/nix-configs/hetzner-amd/users/USERNAME/pubkeys/YOUR_PUBKEY.pub Normal file
View file

125
templates/nix-configs/hyprland/flake.nix Normal file
View file

@ -0,0 +1,125 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-old-stable.url = "github:nixos/nixpkgs/nixos-25.05";
synix.url = "git+https://git.sid.ovh/sid/synix.git?ref=release-25.11";
synix.imputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
nixvim.url = "github:nix-community/nixvim";
nixvim.inputs.nixpkgs.follows = "nixpkgs";
nur.url = "github:nix-community/NUR";
nur.inputs.nixpkgs.follows = "nixpkgs";
stylix.url = "github:danth/stylix";
stylix.inputs.nixpkgs.follows = "nixpkgs";
git-hooks.url = "github:cachix/git-hooks.nix";
git-hooks.inputs.nixpkgs.follows = "nixpkgs";
};
outputs =
{
self,
nixpkgs,
home-manager,
...
}@inputs:
let
inherit (self) outputs;
supportedSystems = [
"x86_64-linux"
"aarch64-linux"
];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
lib = nixpkgs.lib.extend (final: prev: inputs.synix.lib or { });
mkNixosConfiguration =
system: modules:
nixpkgs.lib.nixosSystem {
inherit system modules;
specialArgs = {
inherit inputs outputs lib;
};
};
in
{
devShells = forAllSystems (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
in
{
default = import ./shell.nix { inherit pkgs; };
}
);
packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
overlays = import ./overlays { inherit inputs; };
nixosModules = import ./modules/nixos;
nixosConfigurations = {
HOSTNAME = mkNixosConfiguration "x86_64-linux" [ ./hosts/HOSTNAME ];
};
homeConfigurations = {
"USERNAME@HOSTNAME" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux; # FIXME: Set architecture
extraSpecialArgs = {
inherit inputs outputs;
};
modules = [
./users/USERNAME/home
./users/USERNAME/home/hosts/HOSTNAME
];
};
};
formatter = forAllSystems (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
config = self.checks.${system}.pre-commit-check.config;
inherit (config) package configFile;
script = ''
${pkgs.lib.getExe package} run --all-files --config ${configFile}
'';
in
pkgs.writeShellScriptBin "pre-commit-run" script
);
checks = forAllSystems (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
flakePkgs = self.packages.${system};
overlaidPkgs = import nixpkgs {
inherit system;
overlays = [ self.overlays.modifications ];
};
in
{
pre-commit-check = inputs.git-hooks.lib.${system}.run {
src = ./.;
hooks = {
nixfmt.enable = true;
};
};
build-packages = pkgs.linkFarm "flake-packages-${system}" flakePkgs;
build-overlays = pkgs.linkFarm "flake-overlays-${system}" {
# package = overlaidPkgs.package;
};
}
);
};
}

7
templates/nix-configs/hyprland/hosts/HOSTNAME/boot.nix Normal file
View file

@ -0,0 +1,7 @@
{
boot.loader.systemd-boot = {
enable = true;
configurationLimit = 10;
};
boot.loader.efi.canTouchEfiVariables = true;
}

22
templates/nix-configs/hyprland/hosts/HOSTNAME/default.nix Normal file
View file

@ -0,0 +1,22 @@
{
inputs,
outputs,
...
}:
{
imports = [
./boot.nix
./hardware.nix
./networking.nix
./packages.nix
./services
./users.nix
inputs.synix.nixosModules.common
outputs.nixosModules.common
];
system.stateVersion = "25.11";
}

Some files were not shown because too many files have changed in this diff Show more