1
0
Fork 0

Move config stuff out of secrets

This commit is contained in:
Aires 2024-05-16 20:08:57 -04:00
parent f881be3b0d
commit 6335f5bb3a
9 changed files with 108 additions and 85 deletions

View file

@ -218,11 +218,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1715863402, "lastModified": 1715885250,
"narHash": "sha256-WbNIHMe+NPRtn7AwFhIDYwMWwgTNJ5pVUXfcdhxv8ek=", "narHash": "sha256-IUFYAl3158Ig5vySnRBHoPReb2/S97bjodCo6FhzJv4=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "36dbb9dbfbac2b72c431a3a934258079931d0065", "rev": "53d713eb486f21d653af3ef3528e9a19ecfc45e5",
"revCount": 80, "revCount": 81,
"type": "git", "type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module" "url": "https://git.lix.systems/lix-project/nixos-module"
}, },
@ -247,6 +247,22 @@
"type": "github" "type": "github"
} }
}, },
"nix-secrets": {
"flake": false,
"locked": {
"lastModified": 1715904475,
"narHash": "sha256-5PyOjPdOhzX5qHq3ywwSsYCQT5OmWv870DlSYyuJBh4=",
"ref": "refs/heads/main",
"rev": "0bc545bf36759ca1ab67e2718bc5771eca72d02f",
"revCount": 23,
"type": "git",
"url": "file:///home/aires/Development/nix-configuration/nix-secrets"
},
"original": {
"type": "git",
"url": "file:///home/aires/Development/nix-configuration/nix-secrets"
}
},
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1715529644, "lastModified": 1715529644,
@ -349,6 +365,7 @@
"lix": "lix", "lix": "lix",
"lix-module": "lix-module", "lix-module": "lix-module",
"nix-flatpak": "nix-flatpak", "nix-flatpak": "nix-flatpak",
"nix-secrets": "nix-secrets",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
} }

View file

@ -33,6 +33,12 @@
inputs.nixpkgs.follows = "nixpkgs"; # Use system packages list where available inputs.nixpkgs.follows = "nixpkgs"; # Use system packages list where available
}; };
# "Secrets management"
nix-secrets = {
url = "git+file:///home/aires/Development/nix-configuration/nix-secrets";
flake = false;
};
# TODO: Add Disko - https://github.com/nix-community/disko # TODO: Add Disko - https://github.com/nix-community/disko
}; };
@ -45,6 +51,7 @@
home-manager, home-manager,
nixos-hardware, nixos-hardware,
lix-module, lix-module,
nix-secrets,
... ...
}: }:
let let
@ -57,32 +64,31 @@
config.allowUnfree = true; config.allowUnfree = true;
# Define shared modules and imports # Define shared modules and imports
defaultModules = { defaultModules = [
base = [ {
{ _module.args = {
_module.args = { inherit inputs;
inherit inputs; };
}; }
} ./modules/autoimport.nix
./modules/autoimport.nix (import nix-secrets)
lix-module.nixosModules.default lix-module.nixosModules.default
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
nix-flatpak.nixosModules.nix-flatpak nix-flatpak.nixosModules.nix-flatpak
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ {
home-manager = { home-manager = {
/* /*
When running, Home Manager will use the global package cache. When running, Home Manager will use the global package cache.
It will also back up any files that it would otherwise overwrite. It will also back up any files that it would otherwise overwrite.
The originals will have the extension shown below. The originals will have the extension shown below.
*/ */
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
backupFileExtension = "home-manager-backup"; backupFileExtension = "home-manager-backup";
}; };
} }
]; ];
};
in in
{ {
formatter = forAllSystems (pkgs: pkgs.nixfmt-rfc-style); formatter = forAllSystems (pkgs: pkgs.nixfmt-rfc-style);
@ -90,7 +96,7 @@
Dimaga = nixpkgs.lib.nixosSystem { Dimaga = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = defaultModules.base ++ [ modules = defaultModules ++ [
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
./hosts/Dimaga ./hosts/Dimaga
]; ];
@ -98,7 +104,7 @@
Haven = nixpkgs.lib.nixosSystem { Haven = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = defaultModules.base ++ [ modules = defaultModules ++ [
nixos-hardware.nixosModules.common-cpu-amd-pstate nixos-hardware.nixosModules.common-cpu-amd-pstate
./hosts/Haven ./hosts/Haven
]; ];
@ -106,7 +112,7 @@
Khanda = nixpkgs.lib.nixosSystem { Khanda = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = defaultModules.base ++ [ modules = defaultModules ++ [
nixos-hardware.nixosModules.microsoft-surface-pro-9 nixos-hardware.nixosModules.microsoft-surface-pro-9
./hosts/Khanda ./hosts/Khanda
]; ];
@ -114,7 +120,7 @@
Pihole = nixpkgs.lib.nixosSystem { Pihole = nixpkgs.lib.nixosSystem {
system = "aarch64-linux"; system = "aarch64-linux";
modules = defaultModules.base ++ [ modules = defaultModules ++ [
nixos-hardware.nixosModules.raspberry-pi-4 nixos-hardware.nixosModules.raspberry-pi-4
./hosts/Pihole ./hosts/Pihole
]; ];
@ -122,7 +128,7 @@
Shura = nixpkgs.lib.nixosSystem { Shura = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = defaultModules.base ++ [ modules = defaultModules ++ [
nixos-hardware.nixosModules.lenovo-legion-16arha7 nixos-hardware.nixosModules.lenovo-legion-16arha7
./hosts/Shura ./hosts/Shura
]; ];

View file

@ -10,42 +10,26 @@ fi
# Immediately exit on any errors # Immediately exit on any errors
set -e set -e
echo "Unlocking storage partition:" # Unlock and mount storage directory if we haven't already
# RAID 5
cryptsetup luksOpen /dev/md/Sapana storage
# mount local storage
if [ ! -f /dev/mapper/storage ]; then if [ ! -f /dev/mapper/storage ]; then
mount /dev/mapper/storage /storage echo "Unlocking storage partition:"
cryptsetup luksOpen /dev/md/Sapana storage
if [ $? -eq "0" ]; then mount /dev/mapper/storage /storage
echo "Unlocking backup partition:" echo "Storage partition mounted."
# 4 TB HDD, partition #2
cryptsetup luksOpen /dev/disk/by-uuid/8dc60329-d27c-4a4a-b76a-861b1e28400e backups --key-file /storage/backups_partition.key
mount /dev/mapper/backups /backups
echo "Storage and backup partitions mounted."
echo "Starting Duplicacy:"
systemctl start duplicacy-web.service
if [ $? -eq "0" ]; then
echo "Duplicacy started."
else
echo "Failed to start Duplicacy."
fi
echo "Starting SyncThing:"
systemctl --machine aires@.host --user start syncthing.service
if [ $? -eq "0" ]; then
echo "SyncThing started."
else
echo "Failed to start SyncThing."
fi
else
echo "Failed to mount storage partition."
fi
else
echo "Failed to unlock storage and/or backup partition(s)."
fi fi
#echo "Unlocking backup partition:"
# 4 TB HDD, partition #2
#cryptsetup luksOpen /dev/disk/by-uuid/8dc60329-d27c-4a4a-b76a-861b1e28400e backups --key-file /storage/backups_partition.key
#mount /dev/mapper/backups /backups
#echo "Storage and backup partitions mounted."
echo "Starting Duplicacy:"
systemctl start duplicacy-web.service
echo "Duplicacy started."
echo "Starting SyncThing:"
systemctl --machine aires@.host --user start syncthing.service
echo "SyncThing started."
exit 0 exit 0

View file

@ -3,14 +3,6 @@
{ lib, ... }: { lib, ... }:
with lib; with lib;
let let
# Fetch secrets
# IMPORTANT: Make sure this repo exists on the filesystem first!
nix-secrets = builtins.fetchGit {
url = "/home/aires/Development/nix-configuration/nix-secrets";
ref = "main";
rev = "aed06e8c1f0d018fde197ae4e096012ed80cd08b";
};
# Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype # Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype
getDir = getDir =
dir: dir:
@ -33,5 +25,5 @@ let
); );
in in
{ {
imports = [ "${nix-secrets}" ] ++ validFiles ./.; imports = validFiles ./.;
} }

View file

@ -50,7 +50,7 @@
"nixos-test" "nixos-test"
"kvm" "kvm"
"benchmark" "benchmark"
"big-parllel" "big-parallel"
]; ];
} }
]; ];

View file

@ -85,6 +85,12 @@ with lib;
}; };
}; };
# Set up SSH
ssh = {
enable = true;
matchBlocks = config.secrets.users.aires.sshConfig;
};
# Set up Zsh # Set up Zsh
zsh = { zsh = {
oh-my-zsh = { oh-my-zsh = {
@ -100,8 +106,6 @@ with lib;
}; };
}; };
# SSH set up in nix-secrets
# Gnome settings specific to aires on Shura # Gnome settings specific to aires on Shura
dconf.settings = lib.mkIf (config.networking.hostName == "Shura") { dconf.settings = lib.mkIf (config.networking.hostName == "Shura") {
"org/gnome/desktop/interface" = { "org/gnome/desktop/interface" = {

View file

@ -87,6 +87,12 @@ with lib;
}; };
}; };
# Set up SSH
ssh = {
enable = true;
matchBlocks = config.secrets.users.gremlin.sshConfig;
};
# Set up Zsh # Set up Zsh
zsh = { zsh = {
# Install and source the p10k theme # Install and source the p10k theme
@ -107,8 +113,6 @@ with lib;
}; };
}; };
}; };
# SSH entries set in nix-secrets
}; };
}) })

View file

@ -0,0 +1,16 @@
{
config,
home-manager,
lib,
...
}:
{
# Give root user access to run remote builds
home-manager.users.root = {
home.stateVersion = "24.05";
programs.ssh = lib.mkIf config.nix.distributedBuilds {
enable = true;
matchBlocks = config.secrets.users.root.sshConfig;
};
};
}

@ -1 +1 @@
Subproject commit aed06e8c1f0d018fde197ae4e096012ed80cd08b Subproject commit 0bc545bf36759ca1ab67e2718bc5771eca72d02f