1
0
Fork 0

Move config stuff out of secrets

This commit is contained in:
Aires 2024-05-16 20:08:57 -04:00
parent f881be3b0d
commit 6335f5bb3a
9 changed files with 108 additions and 85 deletions

View file

@ -218,11 +218,11 @@
]
},
"locked": {
"lastModified": 1715863402,
"narHash": "sha256-WbNIHMe+NPRtn7AwFhIDYwMWwgTNJ5pVUXfcdhxv8ek=",
"lastModified": 1715885250,
"narHash": "sha256-IUFYAl3158Ig5vySnRBHoPReb2/S97bjodCo6FhzJv4=",
"ref": "refs/heads/main",
"rev": "36dbb9dbfbac2b72c431a3a934258079931d0065",
"revCount": 80,
"rev": "53d713eb486f21d653af3ef3528e9a19ecfc45e5",
"revCount": 81,
"type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module"
},
@ -247,6 +247,22 @@
"type": "github"
}
},
"nix-secrets": {
"flake": false,
"locked": {
"lastModified": 1715904475,
"narHash": "sha256-5PyOjPdOhzX5qHq3ywwSsYCQT5OmWv870DlSYyuJBh4=",
"ref": "refs/heads/main",
"rev": "0bc545bf36759ca1ab67e2718bc5771eca72d02f",
"revCount": 23,
"type": "git",
"url": "file:///home/aires/Development/nix-configuration/nix-secrets"
},
"original": {
"type": "git",
"url": "file:///home/aires/Development/nix-configuration/nix-secrets"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1715529644,
@ -349,6 +365,7 @@
"lix": "lix",
"lix-module": "lix-module",
"nix-flatpak": "nix-flatpak",
"nix-secrets": "nix-secrets",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2"
}

View file

@ -33,6 +33,12 @@
inputs.nixpkgs.follows = "nixpkgs"; # Use system packages list where available
};
# "Secrets management"
nix-secrets = {
url = "git+file:///home/aires/Development/nix-configuration/nix-secrets";
flake = false;
};
# TODO: Add Disko - https://github.com/nix-community/disko
};
@ -45,6 +51,7 @@
home-manager,
nixos-hardware,
lix-module,
nix-secrets,
...
}:
let
@ -57,32 +64,31 @@
config.allowUnfree = true;
# Define shared modules and imports
defaultModules = {
base = [
{
_module.args = {
inherit inputs;
};
}
./modules/autoimport.nix
lix-module.nixosModules.default
lanzaboote.nixosModules.lanzaboote
nix-flatpak.nixosModules.nix-flatpak
home-manager.nixosModules.home-manager
{
home-manager = {
/*
When running, Home Manager will use the global package cache.
It will also back up any files that it would otherwise overwrite.
The originals will have the extension shown below.
*/
useGlobalPkgs = true;
useUserPackages = true;
backupFileExtension = "home-manager-backup";
};
}
];
};
defaultModules = [
{
_module.args = {
inherit inputs;
};
}
./modules/autoimport.nix
(import nix-secrets)
lix-module.nixosModules.default
lanzaboote.nixosModules.lanzaboote
nix-flatpak.nixosModules.nix-flatpak
home-manager.nixosModules.home-manager
{
home-manager = {
/*
When running, Home Manager will use the global package cache.
It will also back up any files that it would otherwise overwrite.
The originals will have the extension shown below.
*/
useGlobalPkgs = true;
useUserPackages = true;
backupFileExtension = "home-manager-backup";
};
}
];
in
{
formatter = forAllSystems (pkgs: pkgs.nixfmt-rfc-style);
@ -90,7 +96,7 @@
Dimaga = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = defaultModules.base ++ [
modules = defaultModules ++ [
nixos-hardware.nixosModules.common-cpu-intel
./hosts/Dimaga
];
@ -98,7 +104,7 @@
Haven = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = defaultModules.base ++ [
modules = defaultModules ++ [
nixos-hardware.nixosModules.common-cpu-amd-pstate
./hosts/Haven
];
@ -106,7 +112,7 @@
Khanda = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = defaultModules.base ++ [
modules = defaultModules ++ [
nixos-hardware.nixosModules.microsoft-surface-pro-9
./hosts/Khanda
];
@ -114,7 +120,7 @@
Pihole = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = defaultModules.base ++ [
modules = defaultModules ++ [
nixos-hardware.nixosModules.raspberry-pi-4
./hosts/Pihole
];
@ -122,7 +128,7 @@
Shura = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = defaultModules.base ++ [
modules = defaultModules ++ [
nixos-hardware.nixosModules.lenovo-legion-16arha7
./hosts/Shura
];

View file

@ -10,42 +10,26 @@ fi
# Immediately exit on any errors
set -e
echo "Unlocking storage partition:"
# RAID 5
cryptsetup luksOpen /dev/md/Sapana storage
# mount local storage
# Unlock and mount storage directory if we haven't already
if [ ! -f /dev/mapper/storage ]; then
mount /dev/mapper/storage /storage
if [ $? -eq "0" ]; then
echo "Unlocking backup partition:"
# 4 TB HDD, partition #2
cryptsetup luksOpen /dev/disk/by-uuid/8dc60329-d27c-4a4a-b76a-861b1e28400e backups --key-file /storage/backups_partition.key
mount /dev/mapper/backups /backups
echo "Storage and backup partitions mounted."
echo "Starting Duplicacy:"
systemctl start duplicacy-web.service
if [ $? -eq "0" ]; then
echo "Duplicacy started."
else
echo "Failed to start Duplicacy."
fi
echo "Starting SyncThing:"
systemctl --machine aires@.host --user start syncthing.service
if [ $? -eq "0" ]; then
echo "SyncThing started."
else
echo "Failed to start SyncThing."
fi
else
echo "Failed to mount storage partition."
fi
else
echo "Failed to unlock storage and/or backup partition(s)."
echo "Unlocking storage partition:"
cryptsetup luksOpen /dev/md/Sapana storage
mount /dev/mapper/storage /storage
echo "Storage partition mounted."
fi
#echo "Unlocking backup partition:"
# 4 TB HDD, partition #2
#cryptsetup luksOpen /dev/disk/by-uuid/8dc60329-d27c-4a4a-b76a-861b1e28400e backups --key-file /storage/backups_partition.key
#mount /dev/mapper/backups /backups
#echo "Storage and backup partitions mounted."
echo "Starting Duplicacy:"
systemctl start duplicacy-web.service
echo "Duplicacy started."
echo "Starting SyncThing:"
systemctl --machine aires@.host --user start syncthing.service
echo "SyncThing started."
exit 0

View file

@ -3,14 +3,6 @@
{ lib, ... }:
with lib;
let
# Fetch secrets
# IMPORTANT: Make sure this repo exists on the filesystem first!
nix-secrets = builtins.fetchGit {
url = "/home/aires/Development/nix-configuration/nix-secrets";
ref = "main";
rev = "aed06e8c1f0d018fde197ae4e096012ed80cd08b";
};
# Recursively constructs an attrset of a given folder, recursing on directories, value of attrs is the filetype
getDir =
dir:
@ -33,5 +25,5 @@ let
);
in
{
imports = [ "${nix-secrets}" ] ++ validFiles ./.;
imports = validFiles ./.;
}

View file

@ -50,7 +50,7 @@
"nixos-test"
"kvm"
"benchmark"
"big-parllel"
"big-parallel"
];
}
];

View file

@ -85,6 +85,12 @@ with lib;
};
};
# Set up SSH
ssh = {
enable = true;
matchBlocks = config.secrets.users.aires.sshConfig;
};
# Set up Zsh
zsh = {
oh-my-zsh = {
@ -100,8 +106,6 @@ with lib;
};
};
# SSH set up in nix-secrets
# Gnome settings specific to aires on Shura
dconf.settings = lib.mkIf (config.networking.hostName == "Shura") {
"org/gnome/desktop/interface" = {

View file

@ -87,6 +87,12 @@ with lib;
};
};
# Set up SSH
ssh = {
enable = true;
matchBlocks = config.secrets.users.gremlin.sshConfig;
};
# Set up Zsh
zsh = {
# Install and source the p10k theme
@ -107,8 +113,6 @@ with lib;
};
};
};
# SSH entries set in nix-secrets
};
})

View file

@ -0,0 +1,16 @@
{
config,
home-manager,
lib,
...
}:
{
# Give root user access to run remote builds
home-manager.users.root = {
home.stateVersion = "24.05";
programs.ssh = lib.mkIf config.nix.distributedBuilds {
enable = true;
matchBlocks = config.secrets.users.root.sshConfig;
};
};
}

@ -1 +1 @@
Subproject commit aed06e8c1f0d018fde197ae4e096012ed80cd08b
Subproject commit 0bc545bf36759ca1ab67e2718bc5771eca72d02f