1
0
Fork 0

Move config stuff out of secrets

This commit is contained in:
Aires 2024-05-16 20:08:57 -04:00
parent f881be3b0d
commit 6335f5bb3a
9 changed files with 108 additions and 85 deletions

View file

@ -218,11 +218,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1715863402, "lastModified": 1715885250,
"narHash": "sha256-WbNIHMe+NPRtn7AwFhIDYwMWwgTNJ5pVUXfcdhxv8ek=", "narHash": "sha256-IUFYAl3158Ig5vySnRBHoPReb2/S97bjodCo6FhzJv4=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "36dbb9dbfbac2b72c431a3a934258079931d0065", "rev": "53d713eb486f21d653af3ef3528e9a19ecfc45e5",
"revCount": 80, "revCount": 81,
"type": "git", "type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module" "url": "https://git.lix.systems/lix-project/nixos-module"
}, },
@ -247,6 +247,22 @@
"type": "github" "type": "github"
} }
}, },
"nix-secrets": {
"flake": false,
"locked": {
"lastModified": 1715904475,
"narHash": "sha256-5PyOjPdOhzX5qHq3ywwSsYCQT5OmWv870DlSYyuJBh4=",
"ref": "refs/heads/main",
"rev": "0bc545bf36759ca1ab67e2718bc5771eca72d02f",
"revCount": 23,
"type": "git",
"url": "file:///home/aires/Development/nix-configuration/nix-secrets"
},
"original": {
"type": "git",
"url": "file:///home/aires/Development/nix-configuration/nix-secrets"
}
},
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1715529644, "lastModified": 1715529644,
@ -349,6 +365,7 @@
"lix": "lix", "lix": "lix",
"lix-module": "lix-module", "lix-module": "lix-module",
"nix-flatpak": "nix-flatpak", "nix-flatpak": "nix-flatpak",
"nix-secrets": "nix-secrets",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
} }

View file

@ -33,6 +33,12 @@
inputs.nixpkgs.follows = "nixpkgs"; # Use system packages list where available inputs.nixpkgs.follows = "nixpkgs"; # Use system packages list where available
}; };
# "Secrets management"
nix-secrets = {
url = "git+file:///home/aires/Development/nix-configuration/nix-secrets";
flake = false;
};
# TODO: Add Disko - https://github.com/nix-community/disko # TODO: Add Disko - https://github.com/nix-community/disko
}; };
@ -45,6 +51,7 @@
home-manager, home-manager,
nixos-hardware, nixos-hardware,
lix-module, lix-module,
nix-secrets,
... ...
}: }:
let let
@ -57,14 +64,14 @@
config.allowUnfree = true; config.allowUnfree = true;
# Define shared modules and imports # Define shared modules and imports
defaultModules = { defaultModules = [
base = [
{ {
_module.args = { _module.args = {
inherit inputs; inherit inputs;
}; };
} }
./modules/autoimport.nix ./modules/autoimport.nix
(import nix-secrets)
lix-module.nixosModules.default lix-module.nixosModules.default
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
nix-flatpak.nixosModules.nix-flatpak nix-flatpak.nixosModules.nix-flatpak
@ -82,7 +89,6 @@
}; };
} }
]; ];
};
in in
{ {
formatter = forAllSystems (pkgs: pkgs.nixfmt-rfc-style); formatter = forAllSystems (pkgs: pkgs.nixfmt-rfc-style);
@ -90,7 +96,7 @@
Dimaga = nixpkgs.lib.nixosSystem { Dimaga = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = defaultModules.base ++ [ modules = defaultModules ++ [
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
./hosts/Dimaga ./hosts/Dimaga
]; ];
@ -98,7 +104,7 @@
Haven = nixpkgs.lib.nixosSystem { Haven = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = defaultModules.base ++ [ modules = defaultModules ++ [
nixos-hardware.nixosModules.common-cpu-amd-pstate nixos-hardware.nixosModules.common-cpu-amd-pstate
./hosts/Haven ./hosts/Haven
]; ];
@ -106,7 +112,7 @@
Khanda = nixpkgs.lib.nixosSystem { Khanda = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = defaultModules.base ++ [ modules = defaultModules ++ [
nixos-hardware.nixosModules.microsoft-surface-pro-9 nixos-hardware.nixosModules.microsoft-surface-pro-9
./hosts/Khanda ./hosts/Khanda
]; ];
@ -114,7 +120,7 @@
Pihole = nixpkgs.lib.nixosSystem { Pihole = nixpkgs.lib.nixosSystem {
system = "aarch64-linux"; system = "aarch64-linux";
modules = defaultModules.base ++ [ modules = defaultModules ++ [
nixos-hardware.nixosModules.raspberry-pi-4 nixos-hardware.nixosModules.raspberry-pi-4
./hosts/Pihole ./hosts/Pihole
]; ];
@ -122,7 +128,7 @@
Shura = nixpkgs.lib.nixosSystem { Shura = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = defaultModules.base ++ [ modules = defaultModules ++ [
nixos-hardware.nixosModules.lenovo-legion-16arha7 nixos-hardware.nixosModules.lenovo-legion-16arha7
./hosts/Shura ./hosts/Shura
]; ];

View file

@ -10,42 +10,26 @@ fi
# Immediately exit on any errors # Immediately exit on any errors
set -e set -e
echo "Unlocking storage partition:" # Unlock and mount storage directory if we haven't already
# RAID 5
cryptsetup luksOpen /dev/md/Sapana storage
# mount local storage
if [ ! -f /dev/mapper/storage ]; then if [ ! -f /dev/mapper/storage ]; then
echo "Unlocking storage partition:"
cryptsetup luksOpen /dev/md/Sapana storage
mount /dev/mapper/storage /storage mount /dev/mapper/storage /storage
echo "Storage partition mounted."
if [ $? -eq "0" ]; then
echo "Unlocking backup partition:"
# 4 TB HDD, partition #2
cryptsetup luksOpen /dev/disk/by-uuid/8dc60329-d27c-4a4a-b76a-861b1e28400e backups --key-file /storage/backups_partition.key
mount /dev/mapper/backups /backups
echo "Storage and backup partitions mounted."
echo "Starting Duplicacy:"
systemctl start duplicacy-web.service
if [ $? -eq "0" ]; then
echo "Duplicacy started."
else
echo "Failed to start Duplicacy."
fi
echo "Starting SyncThing:"
systemctl --machine aires@.host --user start syncthing.service
if [ $? -eq "0" ]; then
echo "SyncThing started."
else
echo "Failed to start SyncThing."
fi
else
echo "Failed to mount storage partition."
fi
else
echo "Failed to unlock storage and/or backup partition(s)."
fi fi
#echo "Unlocking backup partition:"
# 4 TB HDD, partition #2
#cryptsetup luksOpen /dev/disk/by-uuid/8dc60329-d27c-4a4a-b76a-861b1e28400e backups --key-file /storage/backups_partition.key
#mount /dev/mapper/backups /backups
#echo "Storage and backup partitions mounted."
echo "Starting Duplicacy:"
systemctl start duplicacy-web.service
echo "Duplicacy started."
echo "Starting SyncThing:"
systemctl --machine aires@.host --user start syncthing.service
echo "SyncThing started."
exit 0 exit 0

View file

@ -3,14 +3,6 @@
{ lib, ... }: { lib, ... }:
with lib; with lib;
let let
# Fetch secrets
# IMPORTANT: Make sure this repo exists on the filesystem first!
nix-secrets = builtins.fetchGit {
url = "/home/aires/Development/nix-configuration/nix-secrets";
ref = "main";
rev = "aed06e8c1f0d018fde197ae4e096012ed80cd08b";
};
# Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype # Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype
getDir = getDir =
dir: dir:
@ -33,5 +25,5 @@ let
); );
in in
{ {
imports = [ "${nix-secrets}" ] ++ validFiles ./.; imports = validFiles ./.;
} }

View file

@ -50,7 +50,7 @@
"nixos-test" "nixos-test"
"kvm" "kvm"
"benchmark" "benchmark"
"big-parllel" "big-parallel"
]; ];
} }
]; ];

View file

@ -85,6 +85,12 @@ with lib;
}; };
}; };
# Set up SSH
ssh = {
enable = true;
matchBlocks = config.secrets.users.aires.sshConfig;
};
# Set up Zsh # Set up Zsh
zsh = { zsh = {
oh-my-zsh = { oh-my-zsh = {
@ -100,8 +106,6 @@ with lib;
}; };
}; };
# SSH set up in nix-secrets
# Gnome settings specific to aires on Shura # Gnome settings specific to aires on Shura
dconf.settings = lib.mkIf (config.networking.hostName == "Shura") { dconf.settings = lib.mkIf (config.networking.hostName == "Shura") {
"org/gnome/desktop/interface" = { "org/gnome/desktop/interface" = {

View file

@ -87,6 +87,12 @@ with lib;
}; };
}; };
# Set up SSH
ssh = {
enable = true;
matchBlocks = config.secrets.users.gremlin.sshConfig;
};
# Set up Zsh # Set up Zsh
zsh = { zsh = {
# Install and source the p10k theme # Install and source the p10k theme
@ -107,8 +113,6 @@ with lib;
}; };
}; };
}; };
# SSH entries set in nix-secrets
}; };
}) })

View file

@ -0,0 +1,16 @@
{
config,
home-manager,
lib,
...
}:
{
# Give root user access to run remote builds
home-manager.users.root = {
home.stateVersion = "24.05";
programs.ssh = lib.mkIf config.nix.distributedBuilds {
enable = true;
matchBlocks = config.secrets.users.root.sshConfig;
};
};
}

@ -1 +1 @@
Subproject commit aed06e8c1f0d018fde197ae4e096012ed80cd08b Subproject commit 0bc545bf36759ca1ab67e2718bc5771eca72d02f