Move config stuff out of secrets
This commit is contained in:
parent
f881be3b0d
commit
6335f5bb3a
25
flake.lock
25
flake.lock
|
@ -218,11 +218,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1715863402,
|
||||
"narHash": "sha256-WbNIHMe+NPRtn7AwFhIDYwMWwgTNJ5pVUXfcdhxv8ek=",
|
||||
"lastModified": 1715885250,
|
||||
"narHash": "sha256-IUFYAl3158Ig5vySnRBHoPReb2/S97bjodCo6FhzJv4=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "36dbb9dbfbac2b72c431a3a934258079931d0065",
|
||||
"revCount": 80,
|
||||
"rev": "53d713eb486f21d653af3ef3528e9a19ecfc45e5",
|
||||
"revCount": 81,
|
||||
"type": "git",
|
||||
"url": "https://git.lix.systems/lix-project/nixos-module"
|
||||
},
|
||||
|
@ -247,6 +247,22 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-secrets": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1715904475,
|
||||
"narHash": "sha256-5PyOjPdOhzX5qHq3ywwSsYCQT5OmWv870DlSYyuJBh4=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "0bc545bf36759ca1ab67e2718bc5771eca72d02f",
|
||||
"revCount": 23,
|
||||
"type": "git",
|
||||
"url": "file:///home/aires/Development/nix-configuration/nix-secrets"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "file:///home/aires/Development/nix-configuration/nix-secrets"
|
||||
}
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1715529644,
|
||||
|
@ -349,6 +365,7 @@
|
|||
"lix": "lix",
|
||||
"lix-module": "lix-module",
|
||||
"nix-flatpak": "nix-flatpak",
|
||||
"nix-secrets": "nix-secrets",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
}
|
||||
|
|
22
flake.nix
22
flake.nix
|
@ -33,6 +33,12 @@
|
|||
inputs.nixpkgs.follows = "nixpkgs"; # Use system packages list where available
|
||||
};
|
||||
|
||||
# "Secrets management"
|
||||
nix-secrets = {
|
||||
url = "git+file:///home/aires/Development/nix-configuration/nix-secrets";
|
||||
flake = false;
|
||||
};
|
||||
|
||||
# TODO: Add Disko - https://github.com/nix-community/disko
|
||||
};
|
||||
|
||||
|
@ -45,6 +51,7 @@
|
|||
home-manager,
|
||||
nixos-hardware,
|
||||
lix-module,
|
||||
nix-secrets,
|
||||
...
|
||||
}:
|
||||
let
|
||||
|
@ -57,14 +64,14 @@
|
|||
config.allowUnfree = true;
|
||||
|
||||
# Define shared modules and imports
|
||||
defaultModules = {
|
||||
base = [
|
||||
defaultModules = [
|
||||
{
|
||||
_module.args = {
|
||||
inherit inputs;
|
||||
};
|
||||
}
|
||||
./modules/autoimport.nix
|
||||
(import nix-secrets)
|
||||
lix-module.nixosModules.default
|
||||
lanzaboote.nixosModules.lanzaboote
|
||||
nix-flatpak.nixosModules.nix-flatpak
|
||||
|
@ -82,7 +89,6 @@
|
|||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
in
|
||||
{
|
||||
formatter = forAllSystems (pkgs: pkgs.nixfmt-rfc-style);
|
||||
|
@ -90,7 +96,7 @@
|
|||
|
||||
Dimaga = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = defaultModules.base ++ [
|
||||
modules = defaultModules ++ [
|
||||
nixos-hardware.nixosModules.common-cpu-intel
|
||||
./hosts/Dimaga
|
||||
];
|
||||
|
@ -98,7 +104,7 @@
|
|||
|
||||
Haven = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = defaultModules.base ++ [
|
||||
modules = defaultModules ++ [
|
||||
nixos-hardware.nixosModules.common-cpu-amd-pstate
|
||||
./hosts/Haven
|
||||
];
|
||||
|
@ -106,7 +112,7 @@
|
|||
|
||||
Khanda = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = defaultModules.base ++ [
|
||||
modules = defaultModules ++ [
|
||||
nixos-hardware.nixosModules.microsoft-surface-pro-9
|
||||
./hosts/Khanda
|
||||
];
|
||||
|
@ -114,7 +120,7 @@
|
|||
|
||||
Pihole = nixpkgs.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
modules = defaultModules.base ++ [
|
||||
modules = defaultModules ++ [
|
||||
nixos-hardware.nixosModules.raspberry-pi-4
|
||||
./hosts/Pihole
|
||||
];
|
||||
|
@ -122,7 +128,7 @@
|
|||
|
||||
Shura = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = defaultModules.base ++ [
|
||||
modules = defaultModules ++ [
|
||||
nixos-hardware.nixosModules.lenovo-legion-16arha7
|
||||
./hosts/Shura
|
||||
];
|
||||
|
|
|
@ -10,42 +10,26 @@ fi
|
|||
# Immediately exit on any errors
|
||||
set -e
|
||||
|
||||
echo "Unlocking storage partition:"
|
||||
# RAID 5
|
||||
cryptsetup luksOpen /dev/md/Sapana storage
|
||||
|
||||
# mount local storage
|
||||
# Unlock and mount storage directory if we haven't already
|
||||
if [ ! -f /dev/mapper/storage ]; then
|
||||
echo "Unlocking storage partition:"
|
||||
cryptsetup luksOpen /dev/md/Sapana storage
|
||||
mount /dev/mapper/storage /storage
|
||||
|
||||
if [ $? -eq "0" ]; then
|
||||
echo "Unlocking backup partition:"
|
||||
# 4 TB HDD, partition #2
|
||||
cryptsetup luksOpen /dev/disk/by-uuid/8dc60329-d27c-4a4a-b76a-861b1e28400e backups --key-file /storage/backups_partition.key
|
||||
mount /dev/mapper/backups /backups
|
||||
|
||||
echo "Storage and backup partitions mounted."
|
||||
|
||||
echo "Starting Duplicacy:"
|
||||
systemctl start duplicacy-web.service
|
||||
if [ $? -eq "0" ]; then
|
||||
echo "Duplicacy started."
|
||||
else
|
||||
echo "Failed to start Duplicacy."
|
||||
fi
|
||||
|
||||
echo "Starting SyncThing:"
|
||||
systemctl --machine aires@.host --user start syncthing.service
|
||||
if [ $? -eq "0" ]; then
|
||||
echo "SyncThing started."
|
||||
else
|
||||
echo "Failed to start SyncThing."
|
||||
fi
|
||||
else
|
||||
echo "Failed to mount storage partition."
|
||||
fi
|
||||
else
|
||||
echo "Failed to unlock storage and/or backup partition(s)."
|
||||
echo "Storage partition mounted."
|
||||
fi
|
||||
|
||||
#echo "Unlocking backup partition:"
|
||||
# 4 TB HDD, partition #2
|
||||
#cryptsetup luksOpen /dev/disk/by-uuid/8dc60329-d27c-4a4a-b76a-861b1e28400e backups --key-file /storage/backups_partition.key
|
||||
#mount /dev/mapper/backups /backups
|
||||
#echo "Storage and backup partitions mounted."
|
||||
|
||||
echo "Starting Duplicacy:"
|
||||
systemctl start duplicacy-web.service
|
||||
echo "Duplicacy started."
|
||||
|
||||
echo "Starting SyncThing:"
|
||||
systemctl --machine aires@.host --user start syncthing.service
|
||||
echo "SyncThing started."
|
||||
|
||||
exit 0
|
||||
|
|
|
@ -3,14 +3,6 @@
|
|||
{ lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
# Fetch secrets
|
||||
# IMPORTANT: Make sure this repo exists on the filesystem first!
|
||||
nix-secrets = builtins.fetchGit {
|
||||
url = "/home/aires/Development/nix-configuration/nix-secrets";
|
||||
ref = "main";
|
||||
rev = "aed06e8c1f0d018fde197ae4e096012ed80cd08b";
|
||||
};
|
||||
|
||||
# Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype
|
||||
getDir =
|
||||
dir:
|
||||
|
@ -33,5 +25,5 @@ let
|
|||
);
|
||||
in
|
||||
{
|
||||
imports = [ "${nix-secrets}" ] ++ validFiles ./.;
|
||||
imports = validFiles ./.;
|
||||
}
|
||||
|
|
|
@ -50,7 +50,7 @@
|
|||
"nixos-test"
|
||||
"kvm"
|
||||
"benchmark"
|
||||
"big-parllel"
|
||||
"big-parallel"
|
||||
];
|
||||
}
|
||||
];
|
||||
|
|
|
@ -85,6 +85,12 @@ with lib;
|
|||
};
|
||||
};
|
||||
|
||||
# Set up SSH
|
||||
ssh = {
|
||||
enable = true;
|
||||
matchBlocks = config.secrets.users.aires.sshConfig;
|
||||
};
|
||||
|
||||
# Set up Zsh
|
||||
zsh = {
|
||||
oh-my-zsh = {
|
||||
|
@ -100,8 +106,6 @@ with lib;
|
|||
};
|
||||
};
|
||||
|
||||
# SSH set up in nix-secrets
|
||||
|
||||
# Gnome settings specific to aires on Shura
|
||||
dconf.settings = lib.mkIf (config.networking.hostName == "Shura") {
|
||||
"org/gnome/desktop/interface" = {
|
||||
|
|
|
@ -87,6 +87,12 @@ with lib;
|
|||
};
|
||||
};
|
||||
|
||||
# Set up SSH
|
||||
ssh = {
|
||||
enable = true;
|
||||
matchBlocks = config.secrets.users.gremlin.sshConfig;
|
||||
};
|
||||
|
||||
# Set up Zsh
|
||||
zsh = {
|
||||
# Install and source the p10k theme
|
||||
|
@ -107,8 +113,6 @@ with lib;
|
|||
};
|
||||
};
|
||||
};
|
||||
|
||||
# SSH entries set in nix-secrets
|
||||
};
|
||||
})
|
||||
|
||||
|
|
16
modules/users/root/default.nix
Normal file
16
modules/users/root/default.nix
Normal file
|
@ -0,0 +1,16 @@
|
|||
{
|
||||
config,
|
||||
home-manager,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
{
|
||||
# Give root user access to run remote builds
|
||||
home-manager.users.root = {
|
||||
home.stateVersion = "24.05";
|
||||
programs.ssh = lib.mkIf config.nix.distributedBuilds {
|
||||
enable = true;
|
||||
matchBlocks = config.secrets.users.root.sshConfig;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1 +1 @@
|
|||
Subproject commit aed06e8c1f0d018fde197ae4e096012ed80cd08b
|
||||
Subproject commit 0bc545bf36759ca1ab67e2718bc5771eca72d02f
|
Loading…
Reference in a new issue