Move config stuff out of secrets

2024-05-16 20:08:57 -04:00 · 2024-05-16 20:08:57 -04:00 · 6335f5bb3a
parent f881be3b0d
commit 6335f5bb3a
9 changed files with 108 additions and 85 deletions
--- a/flake.lock
+++ b/flake.lock
@ -218,11 +218,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1715863402,
+        "lastModified": 1715885250,
-        "narHash": "sha256-WbNIHMe+NPRtn7AwFhIDYwMWwgTNJ5pVUXfcdhxv8ek=",
+        "narHash": "sha256-IUFYAl3158Ig5vySnRBHoPReb2/S97bjodCo6FhzJv4=",
        "ref": "refs/heads/main",
-        "rev": "36dbb9dbfbac2b72c431a3a934258079931d0065",
+        "rev": "53d713eb486f21d653af3ef3528e9a19ecfc45e5",
-        "revCount": 80,
+        "revCount": 81,
        "type": "git",
        "url": "https://git.lix.systems/lix-project/nixos-module"
      },
@ -247,6 +247,22 @@
        "type": "github"
      }
    },
    "nix-secrets": {
      "flake": false,
      "locked": {
        "lastModified": 1715904475,
        "narHash": "sha256-5PyOjPdOhzX5qHq3ywwSsYCQT5OmWv870DlSYyuJBh4=",
        "ref": "refs/heads/main",
        "rev": "0bc545bf36759ca1ab67e2718bc5771eca72d02f",
        "revCount": 23,
        "type": "git",
        "url": "file:///home/aires/Development/nix-configuration/nix-secrets"
      },
      "original": {
        "type": "git",
        "url": "file:///home/aires/Development/nix-configuration/nix-secrets"
      }
    },
    "nixos-hardware": {
      "locked": {
        "lastModified": 1715529644,
@ -349,6 +365,7 @@
        "lix": "lix",
        "lix-module": "lix-module",
        "nix-flatpak": "nix-flatpak",
        "nix-secrets": "nix-secrets",
        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs_2"
      }
--- a/flake.nix
+++ b/flake.nix
@ -33,6 +33,12 @@
      inputs.nixpkgs.follows = "nixpkgs"; # Use system packages list where available
    };
    # "Secrets management"
    nix-secrets = {
      url = "git+file:///home/aires/Development/nix-configuration/nix-secrets";
      flake = false;
    };
    # TODO: Add Disko - https://github.com/nix-community/disko
  };
@ -45,6 +51,7 @@
      home-manager,
      nixos-hardware,
      lix-module,
      nix-secrets,
      ...
    }:
    let
@ -57,32 +64,31 @@
      config.allowUnfree = true;
      # Define shared modules and imports
-      defaultModules = {
+      defaultModules = [
-        base = [
+        {
-          {
+          _module.args = {
-            _module.args = {
+            inherit inputs;
-              inherit inputs;
+          };
-            };
+        }
-          }
+        ./modules/autoimport.nix
-          ./modules/autoimport.nix
+        (import nix-secrets)
-          lix-module.nixosModules.default
+        lix-module.nixosModules.default
-          lanzaboote.nixosModules.lanzaboote
+        lanzaboote.nixosModules.lanzaboote
-          nix-flatpak.nixosModules.nix-flatpak
+        nix-flatpak.nixosModules.nix-flatpak
-          home-manager.nixosModules.home-manager
+        home-manager.nixosModules.home-manager
-          {
+        {
-            home-manager = {
+          home-manager = {
-              /*
+            /*
-                When running, Home Manager will use the global package cache.
+              When running, Home Manager will use the global package cache.
-                It will also back up any files that it would otherwise overwrite.
+              It will also back up any files that it would otherwise overwrite.
-                The originals will have the extension shown below.
+              The originals will have the extension shown below.
-              */
+            */
-              useGlobalPkgs = true;
+            useGlobalPkgs = true;
-              useUserPackages = true;
+            useUserPackages = true;
-              backupFileExtension = "home-manager-backup";
+            backupFileExtension = "home-manager-backup";
-            };
+          };
-          }
+        }
-        ];
+      ];
      };
    in
    {
      formatter = forAllSystems (pkgs: pkgs.nixfmt-rfc-style);
@ -90,7 +96,7 @@
        Dimaga = nixpkgs.lib.nixosSystem {
          system = "x86_64-linux";
-          modules = defaultModules.base ++ [
+          modules = defaultModules ++ [
            nixos-hardware.nixosModules.common-cpu-intel
            ./hosts/Dimaga
          ];
@ -98,7 +104,7 @@
        Haven = nixpkgs.lib.nixosSystem {
          system = "x86_64-linux";
-          modules = defaultModules.base ++ [
+          modules = defaultModules ++ [
            nixos-hardware.nixosModules.common-cpu-amd-pstate
            ./hosts/Haven
          ];
@ -106,7 +112,7 @@
        Khanda = nixpkgs.lib.nixosSystem {
          system = "x86_64-linux";
-          modules = defaultModules.base ++ [
+          modules = defaultModules ++ [
            nixos-hardware.nixosModules.microsoft-surface-pro-9
            ./hosts/Khanda
          ];
@ -114,7 +120,7 @@
        Pihole = nixpkgs.lib.nixosSystem {
          system = "aarch64-linux";
-          modules = defaultModules.base ++ [
+          modules = defaultModules ++ [
            nixos-hardware.nixosModules.raspberry-pi-4
            ./hosts/Pihole
          ];
@ -122,7 +128,7 @@
        Shura = nixpkgs.lib.nixosSystem {
          system = "x86_64-linux";
-          modules = defaultModules.base ++ [
+          modules = defaultModules ++ [
            nixos-hardware.nixosModules.lenovo-legion-16arha7
            ./hosts/Shura
          ];
--- a/hosts/Haven/start-haven.sh
+++ b/hosts/Haven/start-haven.sh
@ -10,42 +10,26 @@ fi
 # Immediately exit on any errors
 set -e
-echo "Unlocking storage partition:"
+# Unlock and mount storage directory if we haven't already
 # RAID 5
 cryptsetup luksOpen /dev/md/Sapana storage
 # mount local storage
 if [ ! -f /dev/mapper/storage ]; then
-    mount /dev/mapper/storage /storage
+	echo "Unlocking storage partition:"
-
+	cryptsetup luksOpen /dev/md/Sapana storage
-    if [ $? -eq "0" ]; then
+	mount /dev/mapper/storage /storage
-		echo "Unlocking backup partition:"
+	echo "Storage partition mounted."
 		# 4 TB HDD, partition #2
 		cryptsetup luksOpen /dev/disk/by-uuid/8dc60329-d27c-4a4a-b76a-861b1e28400e backups --key-file /storage/backups_partition.key
 		mount /dev/mapper/backups /backups
 		echo "Storage and backup partitions mounted."
 		echo "Starting Duplicacy:"
 		systemctl start duplicacy-web.service
 		if [ $? -eq "0" ]; then
 			echo "Duplicacy started."
 		else
 			echo "Failed to start Duplicacy."
 		fi
 		echo "Starting SyncThing:"
 		systemctl --machine aires@.host --user start syncthing.service
 		if [ $? -eq "0" ]; then
 			echo "SyncThing started."
 		else
 			echo "Failed to start SyncThing."
 		fi
 	else
 		echo "Failed to mount storage partition."
 	fi
 else
 	echo "Failed to unlock storage and/or backup partition(s)."
 fi
 #echo "Unlocking backup partition:"
 # 4 TB HDD, partition #2
 #cryptsetup luksOpen /dev/disk/by-uuid/8dc60329-d27c-4a4a-b76a-861b1e28400e backups --key-file /storage/backups_partition.key
 #mount /dev/mapper/backups /backups
 #echo "Storage and backup partitions mounted."
 echo "Starting Duplicacy:"
 systemctl start duplicacy-web.service
 echo "Duplicacy started."
 echo "Starting SyncThing:"
 systemctl --machine aires@.host --user start syncthing.service
 echo "SyncThing started."
 exit 0
--- a/modules/autoimport.nix
+++ b/modules/autoimport.nix
@ -3,14 +3,6 @@
 { lib, ... }:
 with lib;
 let
  # Fetch secrets
  # IMPORTANT: Make sure this repo exists on the filesystem first!
  nix-secrets = builtins.fetchGit {
    url = "/home/aires/Development/nix-configuration/nix-secrets";
    ref = "main";
    rev = "aed06e8c1f0d018fde197ae4e096012ed80cd08b";
  };
  # Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype
  getDir =
    dir:
@ -33,5 +25,5 @@ let
    );
 in
 {
-  imports = [ "${nix-secrets}" ] ++ validFiles ./.;
+  imports = validFiles ./.;
 }
--- a/modules/base/nix.nix
+++ b/modules/base/nix.nix
@ -50,7 +50,7 @@
          "nixos-test"
          "kvm"
          "benchmark"
-          "big-parllel"
+          "big-parallel"
        ];
      }
    ];
--- a/modules/users/aires/default.nix
+++ b/modules/users/aires/default.nix
@ -85,6 +85,12 @@ with lib;
            };
          };
          # Set up SSH
          ssh = {
            enable = true;
            matchBlocks = config.secrets.users.aires.sshConfig;
          };
          # Set up Zsh
          zsh = {
            oh-my-zsh = {
@ -100,8 +106,6 @@ with lib;
          };
        };
        # SSH set up in nix-secrets
        # Gnome settings specific to aires on Shura
        dconf.settings = lib.mkIf (config.networking.hostName == "Shura") {
          "org/gnome/desktop/interface" = {
--- a/modules/users/gremlin/default.nix
+++ b/modules/users/gremlin/default.nix
@ -87,6 +87,12 @@ with lib;
            };
          };
          # Set up SSH
          ssh = {
            enable = true;
            matchBlocks = config.secrets.users.gremlin.sshConfig;
          };
          # Set up Zsh
          zsh = {
            # Install and source the p10k theme
@ -107,8 +113,6 @@ with lib;
            };
          };
        };
        # SSH entries set in nix-secrets
      };
    })
--- a/modules/users/root/default.nix
+++ b/modules/users/root/default.nix
@ -0,0 +1,16 @@
 {
  config,
  home-manager,
  lib,
  ...
 }:
 {
  # Give root user access to run remote builds
  home-manager.users.root = {
    home.stateVersion = "24.05";
    programs.ssh = lib.mkIf config.nix.distributedBuilds {
      enable = true;
      matchBlocks = config.secrets.users.root.sshConfig;
    };
  };
 }
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit aed06e8c1f0d018fde197ae4e096012ed80cd08b
+Subproject commit 0bc545bf36759ca1ab67e2718bc5771eca72d02f
		`@ -1 +1 @@`
			`Subproject commit aed06e8c1f0d018fde197ae4e096012ed80cd08b`				`Subproject commit 0bc545bf36759ca1ab67e2718bc5771eca72d02f`