commit 3f22d7d6be069b3f395f93bd211c7c1c3630a01b
parent f6e1dad50e6c2ef9248e03ddb5ad67572bcf0247
Author: Leah (ctucx) <leah@ctu.cx>
Date: Tue, 13 Sep 2022 20:29:43 +0200
parent f6e1dad50e6c2ef9248e03ddb5ad67572bcf0247
Author: Leah (ctucx) <leah@ctu.cx>
Date: Tue, 13 Sep 2022 20:29:43 +0200
cleanup
25 files changed, 40 insertions(+), 120 deletions(-)
diff --git a/configuration.nix b/configuration.nix @@ -1 +0,0 @@ -with (import <nixpkgs> {}).lib; import "${toString ./.}/machines/${fileContents /etc/hostname}/configuration.nix"
diff --git a/configurations/common/default.nix b/configurations/common/default.nix @@ -6,7 +6,6 @@ [ ../../pkgs ../../modules - ../../helpers/make-nixpkgs.nix ../programs/cli/bash.nix ../programs/cli/micro.nix @@ -38,7 +37,8 @@ ]; nix = { - package = pkgs.unstable.nix; + nixPath = lib.mkForce [ "nixpkgs=${lib.cleanSource pkgs.path}" ]; + package = pkgs.unstable.nix; extraOptions = '' experimental-features = nix-command flakes '';
diff --git a/configurations/common/linux.nix b/configurations/common/linux.nix @@ -28,6 +28,8 @@ }; }; + systemd.services.nginx.onFailure = [ "email-notify@%i.service" ]; + services = { timesyncd.enable = true; vnstat.enable = true; @@ -74,7 +76,6 @@ extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDb2eZ2ymt+Zsf0eTlmjW2jPdS013lbde1+EGkgu6bz9lVTR8aawshF2HcoaWp5a5dJr3SKyihDM8hbWSYB3qyTHihNGyCArqSvAtZRw301ailRVHGqiwUITTfcg1533TtmWvlJZgOIFM1VvSAfdueDRRRzbygmn749fS9nhUTDzLtjqX5LvhpqhzsD+eOqPrV6Ne8E1e42JxQb5AJPY1gj9mk6eAarvtEHQYEe+/hp9ERjtCdN5DfuOJnqfaKS0ytPj/NbQskbX/TMgeUVio11iC2NbXsnAtzMmtbLX4mxlDQrR6aZmU/rHQ4aeJqI/Tj2rrF46icri7s0tnnit1OjT5PSxXgifcOtn06qoxYZMT1x+Dyrt40vNkGmxmxCnirm8B+6MKXgd/Ys+7tnOm1ht8TmLm96x6KdOiF3Zq/tMxhPAzp8JriTKSo7k7U9XxStFghTbhhBNc7OX89ZbpalLEnvbQiz87gZxhcx8cLvzIjslOHmZOSWC5Pgr4wwuj3Akq63i4ya6/BzM6v4UoBuDAB6fz3NHKL4R5X20la7Pvt7OBysQkGClWfj6ipMR1bFE2mfYtlMioXNgTjC+NCpEl1+81MH7dv2565Hk8CLV8FMxv6GujbAZGjjcM47lpWM1cBQvpBMUA/lLkyiCPK0YxNWAB7Co+jYDl6CR0Ubew== cardno:6445161" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDo0M+Nyx9j/NCanyPgSNn8V1tJ0h9QMM3CWEbAHDhMenLUTQHJPQ2IVLb2WZcvnD57nx6uYhdqr57jAP6ciD1tmgjqGSk5+B13ebB0zjm9yVGs+UHF4o5yRbo7WAJM5CEFUlVuQatmWKpHG/t+BIe2QnDk/pvsA5JtvHKrh4zuGV3ngTjHomzMhP2lAum9V5PC4ygji1t2FdyiVdoyHJYW1skIYgNF19jBzcBCApkJwMk1HB/WdHH6oA3ceT9gYmiMrLHypgebnKgs77jazKPMTqx03mZkU6DqoJ/8qgxnwIio/BfJjTKUgCV1p16U26E2kI3L0Lt4q76YmQp3hEiHef4bvrqBAYF83VcRuoF+QPp0UNracKCctZcNvHr9ezxZt51TAjIpNeTB9eewqlvydu+fWgVBt2k74z9V5V8NpS5UlXGVWAg3LOgrhUgneHEhfAWEW+6/kMeDazI3IYB5dGMQ2T2lijN5R5Kww2RH24B+4Bgi/vqnjY+gqVC+LG8= root@blechkasten" ]; };
diff --git a/configurations/services/dns/default.nix b/configurations/services/dns/default.nix @@ -12,7 +12,7 @@ SOA = { nameServer = "ns1.ctu.cx."; adminEmail = "dns@ctu.cx"; # Email address with a real `@`! - serial = lib.toInt ("2022" + "09" + "12" + "03"); + serial = lib.toInt ("2022" + "09" + "14" + "01"); }; in {
diff --git a/configurations/services/restic-server.nix b/configurations/services/restic-server.nix @@ -9,6 +9,8 @@ dns.zones."${config.networking.domain}".subdomains."restic.${config.networking.hostName}".CNAME = [ "${config.networking.fqdn}." ]; + systemd.services.restic-rest-server.onFailure = [ "email-notify@%i.service" ]; + services = { restic.server = { enable = true;
diff --git a/flake.lock b/flake.lock @@ -158,17 +158,14 @@ }, "local-secrets": { "locked": { - "lastModified": 1662992755, + "lastModified": 0, "narHash": "sha256-mS9ldwcx8jyDKD4H/ebRILR5fn0vfxww/BMWojePZWE=", - "ref": "master", - "rev": "c8bbb558c43e50e0b6ac13d4f5f98452051f8c08", - "revCount": 1, "type": "git", - "url": "file:///Users/leah/proj/nix-secrets" + "url": "file:///tmp/nix-secrets" }, "original": { "type": "git", - "url": "file:///Users/leah/proj/nix-secrets" + "url": "file:///tmp/nix-secrets" } }, "nix-eval-jobs": {
diff --git a/flake.nix b/flake.nix @@ -62,8 +62,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - local-secrets.url = "/Users/leah/proj/nix-secrets"; -# local-secrets.url = "/home/leah/proj/nix-secrets"; + local-secrets.url = "/tmp/nix-secrets"; }; outputs = inputs: {
diff --git a/helpers/make-nixpkgs.nix b/helpers/make-nixpkgs.nix @@ -1,27 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - nixpkgs = lib.cleanSource pkgs.path; - - nixSources = pkgs.runCommand "nixos-${config.system.nixos.version}" - { preferLocalBuild = true; } '' - mkdir -p $out - cd ${nixpkgs.outPath} - tar -cpf $out/nixpkgs.tar.gz . - sha256sum $out/nixpkgs.tar.gz | cut -d " " -f 1 > $out/nixpkgs.sha256 - cp -prd ${nixpkgs.outPath} $out/nixpkgs - chmod -R u+w $out/nixpkgs - ${lib.optionalString (config.system.nixos.revision != null) '' - echo -n ${config.system.nixos.revision} > $out/nixpkgs/.git-revision - ''} - #echo -n ${config.system.nixos.versionSuffix} > $out/nixpkgs/.git-revision - #echo ${config.system.nixos.versionSuffix} | sed -e s/pre// > $out/nixpkgs/svn-revision - date +%s > $out/last_updated - ''; - -in { - - environment.etc."src".source = nixSources; - environment.variables.NIX_PATH = lib.mkOverride 25 "/etc/src:nixos-config=/etc/nixos/configuration.nix"; - -}
diff --git a/hive.nix b/hive.nix @@ -1,6 +1,7 @@ inputs: { + meta = rec { nixpkgs = import inputs.nixpkgs { system = "x86_64-linux";
diff --git a/machines/deprecated/taurus/configuration.nix b/machines/deprecated/taurus/configuration.nix @@ -18,8 +18,6 @@ age.secrets.restic-server-desastro.file = ../../secrets/restic-server/desastro.age; age.secrets.restic-server-hector.file = ../../secrets/restic-server/hector.age; - systemd.services.nginx.onFailure = [ "email-notify@%i.service" ]; - boot = { loader.grub = { enable = true;
diff --git a/machines/hector/configuration.nix b/machines/hector/configuration.nix @@ -44,10 +44,10 @@ firewall.enable = true; }; - services.email-notify.enable = true; - systemd.services.restic.serviceConfig.ReadWritePaths = [ "/data/restic" ]; + services.email-notify.enable = true; + system.stateVersion = "21.11"; home-manager.users.leah.home.stateVersion = "21.11"; }
diff --git a/machines/lollo/configuration.nix b/machines/lollo/configuration.nix @@ -18,8 +18,8 @@ ../../configurations/services/prometheus-node-exporter.nix ../../configurations/services/restic-server.nix + ./backup-vnstat.nix ./syncthing.nix - ./restic-vnstat.nix ./gotosocial.nix ./scanner-sftp.nix ./airsane.nix
diff --git a/machines/lollo/shairport-sync.nix b/machines/lollo/shairport-sync.nix @@ -1,17 +0,0 @@ -{ pkgs, ... }: - -{ - home-manager.users.leah = { - systemd.user.services.shairport-sync = { - Service = { - ExecStart = "${pkgs.shairport-sync}/bin/shairport-sync -o pa -a 'lollo' -p 5001"; - Restart = "always"; - RestartSec = 5; - }; - - Install = { - WantedBy = [ "default.target" ]; - }; - }; - }; -}
diff --git a/machines/osterei/configuration.nix b/machines/osterei/configuration.nix @@ -39,8 +39,6 @@ age.secrets.restic-server-desastro.file = ../../secrets/restic-server/desastro.age; age.secrets.restic-server-hector.file = ../../secrets/restic-server/hector.age; - systemd.services.nginx.onFailure = [ "email-notify@%i.service" ]; - boot = { loader.grub = { enable = true;
diff --git a/machines/osterei/websites/flauschehorn.sexy.nix b/machines/osterei/websites/flauschehorn.sexy.nix @@ -18,6 +18,8 @@ let in { + dns.zones."flauschehorn.sexy" = (pkgs.dns.lib.combinators.host "185.232.70.80" "2a03:4000:4e:af1::1"); + users = { users."flauschehorn" = { home = "/var/lib/flauschehorn"; @@ -85,6 +87,4 @@ in { }; }; - dns.zones."flauschehorn.sexy" = (pkgs.dns.lib.combinators.host "185.232.70.80" "2a03:4000:4e:af1::1"); - }
diff --git a/machines/osterei/websites/oeffisear.ch.nix b/machines/osterei/websites/oeffisear.ch.nix @@ -2,6 +2,8 @@ { + dns.zones."oeffisear.ch" = (pkgs.dns.lib.combinators.host "185.232.70.80" "2a03:4000:4e:af1::1"); + users.groups.oeffisearch = {}; users.users.oeffisearch = { isSystemUser = true; @@ -75,6 +77,4 @@ }; }; - dns.zones."oeffisear.ch" = (pkgs.dns.lib.combinators.host "185.232.70.80" "2a03:4000:4e:af1::1"); - }
diff --git a/machines/osterei/websites/photos.ctu.cx.nix b/machines/osterei/websites/photos.ctu.cx.nix @@ -45,10 +45,10 @@ let in { - environment.systemPackages = [ pkgs.bindfs ]; - dns.zones."ctu.cx".subdomains.photos.CNAME = [ "${config.networking.fqdn}." ]; + environment.systemPackages = [ pkgs.bindfs ]; + fileSystems."/mnt/photos.ctu.cx" = { device = "/home/leah/syncthing/Pictures/photos.ctu.cx"; fsType = "fuse.bindfs";
diff --git a/machines/osterei/websites/wifionic.de.nix b/machines/osterei/websites/wifionic.de.nix @@ -17,6 +17,9 @@ let }; in { + + dns.zones."wifionic.de" = (pkgs.dns.lib.combinators.host "185.232.70.80" "2a03:4000:4e:af1::1"); + systemd = { services.check-o2tiles = { onFailure = [ "email-notify@%i.service" ]; @@ -76,6 +79,4 @@ in { }; }; - dns.zones."wifionic.de" = (pkgs.dns.lib.combinators.host "185.232.70.80" "2a03:4000:4e:af1::1"); - }
diff --git a/modules/darwin/hidutil.nix b/modules/darwin/hidutil.nix @@ -19,8 +19,7 @@ in { options = { hidutil = { - enable = mkEnableOption - "Syncthing, a self-hosted open-source alternative to Dropbox and Bittorrent Sync"; + enable = mkEnableOption "Enable key remapping powered by hidutil"; remapKeys = mkOption { type = types.listOf (types.submodule {
diff --git a/modules/darwin/quirks.nix b/modules/darwin/quirks.nix @@ -11,10 +11,6 @@ services.dbus.packages = lib.mkOption { type = lib.types.listOf lib.types.path; }; services.udev.packages = lib.mkOption { type = lib.types.listOf lib.types.path; }; - - system.nixos.version = lib.mkOption { type = lib.types.str; default = lib.version; }; - system.nixos.revision = lib.mkOption { type = lib.types.str; default = ""; }; - system.nixos.versionSuffix = lib.mkOption { type = lib.types.str; default = ""; }; }; }
diff --git a/modules/vnstati/default.nix b/modules/vnstati/default.nix @@ -50,10 +50,14 @@ in { }; systemd.services.vnstati = { - wantedBy = [ "multi-user.target" ]; - after = [ "var-lib-vnstati.mount" "vnstat.service" ]; - startAt = "*-*-* *:0/10:00"; - path = with pkgs; [ vnstat jq nix ]; + wantedBy = [ "multi-user.target" ]; + after = [ "var-lib-vnstati.mount" "vnstat.service" ]; + startAt = "*-*-* *:0/10:00"; + + path = with pkgs; [ vnstat jq nix ]; + environment = { + NIX_PATH = "nixpkgs=${lib.cleanSource pkgs.path}"; + }; serviceConfig = { User = "vnstatd"; @@ -62,7 +66,6 @@ in { PrivateTmp = true; ProtectHome = true; ProtectSystem = "strict"; - Environment = "NIX_PATH=/etc/src"; }; script = ''
diff --git a/nixos-deploy b/nixos-deploy @@ -1,28 +0,0 @@ - #!/usr/bin/env bash -set -eo pipefail - -cd "$(dirname "$0")" - -machine="${1:-lollo}" -target="${2:-root@$machine.ctu.cx}" -mode="${3:-switch}" - -if ! [ -d "machines/$machine" ] -then - echo "Machine '$machine' does not exist. Choose from:" - ls machines - exit -fi - -echo "deploying $machine to $target" -sleep 1 - -set -x -system_drv=$( - nix-instantiate --system x86_64-linux "<nixpkgs/nixos>" -A config.system.build.toplevel \ - -I "$(nix-build nix/sources-dir.nix --no-out-link)" \ - -I "nixos-config=machines/$machine/configuration.nix" -) -nix-copy-closure --use-substitutes --to $target $system_drv -system=$(ssh $target "nix-store --realise $system_drv") -ssh $target "sudo nix-env -p /nix/var/nix/profiles/system -i $system && sudo /nix/var/nix/profiles/system/bin/switch-to-configuration $mode"
diff --git a/pkgs/gotosocial/default.nix b/pkgs/gotosocial/default.nix @@ -31,7 +31,7 @@ let BUDO_BUILD=1 node ./source ''; - distPhase = "true"; + distPhase = "true"; installPhase = "cp -r assets $out"; };
diff --git a/secrets/secrets b/secrets/secrets @@ -14,20 +14,18 @@ echo "$(pass agenix-privkey)" > $tempfile case $1 in "-e") if [ -f "$HOME/proj/nix-secrets/flake.nix" ]; then - age -i $tempfile --encrypt --armor --output flake.nix.age $HOME/proj/nix-secrets/flake.nix + age -i $tempfile --encrypt --armor --output flake.nix.age /tmp/nix-secrets/flake.nix else - echo "There is no 'default.nix file!'" + echo "There is no 'flake.nix file!'" exit 1 fi ;; "-d") - rm -rf $HOME/proj/nix-secrets - mkdir -p $HOME/proj/nix-secrets - git -C $HOME/proj/nix-secrets init --quiet - age -i $tempfile --decrypt --output $HOME/proj/nix-secrets/flake.nix flake.nix.age - git -C $HOME/proj/nix-secrets add flake.nix - git -C $HOME/proj/nix-secrets commit -m 'add secrets' --quiet + mkdir -p /tmp/nix-secrets + git -C /tmp/nix-secrets init --quiet + age -i $tempfile --decrypt --output /tmp/nix-secrets/flake.nix flake.nix.age + git -C /tmp/nix-secrets add flake.nix ;; "")