mirror/ github.com-tboerger-nixos-config
1
0
Fork 0
mirror of https://github.com/tboerger/nixos-config synced 2024-05-05 01:56:05 +02:00
Code Issues

feat: apply latest changes for flake refactoring

This commit is contained in:
Thomas Boerger 2024-01-30 15:47:02 +01:00
parent 27fd4a430d
commit 277a9a7471
No known key found for this signature in database
GPG Key ID: F630596501026DB5
14 changed files with 324 additions and 199 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -49,14 +49,12 @@ nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-confi
## Servers
Currently I'm applying the updates manually by cloning the repository into the
machine and executing `make switch`, but on longterm it should also just work to
use the `deploy #name` command, at least if it's executed from a NixOS desktop.
If this is not the case I can always execute the following command to get the
latest changes pulled in:
To apply updates for servers this repository should be updated to the latest
version, after that it is possible to use `deploy-rs` to upgrade the deployment
with a command like this:
```console
nixos-rebuild switch --flake github:tboerger/nixos-config#hostname
nix run github:serokell/deploy-rs github:tboerger/nixos-config#hostname
```
### Asgard

3
disko.nix Normal file
View File

@ -0,0 +1,3 @@
{ inputs, ... }:
{ }

165
flake.lock
View File

@ -120,39 +120,6 @@
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1706569497,
"narHash": "sha256-oixb0IDb5eZYw6BaVr/R/1pSoMh4rfJHkVnlgeRIeZs=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "60c614008eed1d0383d21daac177a3e036192ed8",
"type": "github"
},
"original": {
"id": "flake-parts",
"type": "indirect"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_3"
@ -171,45 +138,6 @@
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703887061,
"narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"hardware": {
"locked": {
"lastModified": 1706182238,
@ -302,40 +230,6 @@
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1703961334,
"narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1704874635,
"narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3dc440faeee9e889fe2d1b4d25ad0f430d449356",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1704161960,
@ -368,56 +262,17 @@
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1704842529,
"narHash": "sha256-OTeQA+F8d/Evad33JMfuXC89VMetQbsU4qcaePchGr4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "eabe8d3eface69f5bb16c18f8662a702f50c20d5",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2",
"gitignore": "gitignore",
"nixpkgs": "nixpkgs_4",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1706424699,
"narHash": "sha256-Q3RBuOpZNH2eFA1e+IHgZLAOqDD9SKhJ/sszrL8bQD4=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "7c54e08a689b53c8a1e5d70169f2ec9e2a68ffaf",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"deploy-rs": "deploy-rs",
"devshell": "devshell",
"disko": "disko",
"flake-parts": "flake-parts",
"hardware": "hardware",
"homeage": "homeage",
"homemanager": "homemanager",
"nixpkgs": "nixpkgs_3",
"pre-commit-hooks": "pre-commit-hooks"
"utils": "utils_2"
}
},
"systems": {
@ -497,6 +352,24 @@
"repo": "flake-utils",
"type": "github"
}
},
"utils_2": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",

67
flake.nix
View File

@ -6,8 +6,8 @@
url = "github:nixos/nixpkgs/nixos-unstable";
};
pre-commit-hooks = {
url = "github:cachix/pre-commit-hooks.nix";
utils = {
url = "github:numtide/flake-utils";
};
devshell = {
@ -43,7 +43,7 @@
};
};
outputs = { self, nixpkgs, flake-parts, deploy-rs, disko, homemanager, homeage, agenix, hardware, ... }@inputs:
outputs = { self, nixpkgs, utils, devshell, deploy-rs, disko, homemanager, homeage, agenix, hardware, ... }@inputs:
let
inherit (self) outputs;
@ -72,6 +72,14 @@
in
{
diskoConfigurations = {
anubis = import ./desktops/anubis/disko.nix;
chnum = import ./desktops/chnum/disko.nix;
asgard = import ./servers/asgard/disko.nix;
utgard = import ./servers/utgard/disko.nix;
vanaheim = import ./servers/vanaheim/disko.nix;
};
nixosConfigurations = {
anubis = mkComputer
./desktops/anubis
@ -266,18 +274,10 @@
# ];
};
diskoConfigurations = {
anubis = import ./desktops/anubis/disko.nix;
chnum = import ./desktops/chnum/disko.nix;
asgard = import ./servers/asgard/disko.nix;
utgard = import ./servers/utgard/disko.nix;
vanaheim = import ./servers/vanaheim/disko.nix;
};
anubis = self.nixosConfigurations.anubis.config.system.build.toplevel;
chnum = self.nixosConfigurations.chnum.config.system.build.toplevel;
asgard = self.nixosConfigurations.asgard.config.system.build.toplevel;
utgard = self.nixosConfigurations.utgard.config.system.build.toplevel;
# anubis = self.nixosConfigurations.anubis.config.system.build.toplevel;
# chnum = self.nixosConfigurations.chnum.config.system.build.toplevel;
# asgard = self.nixosConfigurations.asgard.config.system.build.toplevel;
# utgard = self.nixosConfigurations.utgard.config.system.build.toplevel;
# yggdrasil = self.nixosConfigurations.yggdrasil.config.system.build.toplevel;
deploy = {
@ -334,28 +334,17 @@
};
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
} // flake-parts.lib.mkFlake { inherit inputs; } {
imports = [
inputs.pre-commit-hooks.flakeModule
inputs.devshell.flakeModule
];
systems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
perSystem = { config, self', inputs', pkgs, system, ... }: {
pre-commit = {
check = {
enable = true;
} // utils.lib.eachDefaultSystem
(system:
let
pkgs = import nixpkgs {
inherit system;
overlays = [ devshell.overlays.default ];
};
};
devshells = {
default = {
in
{
devShells.default = pkgs.devshell.mkShell {
commands = [
{
name = "age-encrypt";
@ -383,7 +372,8 @@
];
packages = with pkgs; [
agenix.packages.${system}.default
inputs.agenix.packages.${system}.default
inputs.deploy-rs.packages.${system}.default
git
gnumake
home-manager
@ -392,7 +382,6 @@
rage
];
};
};
};
};
}
);
}

260
nixos.nix Normal file
View File

@ -0,0 +1,260 @@
{ nixpkgs, inputs, ... }:
{
imports = [
inputs.profile-parts.flakeModules.nixos
];
profile-parts = {
default.nixos = {
inherit (inputs) nixpkgs;
enable = true;
system = "x86_64-linux";
exposePackages = true;
};
global.nixos = {
modules =
{ name
, profile
,
}: [
({ pkgs, ... }:
{
nixpkgs = {
overlays = [
(import ./overlays)
];
};
}
)
inputs.homemanager.nixosModules.home-manager
inputs.agenix.nixosModules.default
];
specialArgs = {
inherit inputs;
};
};
nixos = {
anubis = {
hostname = "anubis";
nixpkgs = inputs.nixpkgs;
system = "x86_64-linux";
modules = [
inputs.disko.nixosModules.disko
./desktops/anubis
./home/thomas/user.nix
./home/anna/user.nix
./home/adrian/user.nix
./home/tabea/user.nix
{
home-manager = {
extraSpecialArgs = {
desktopSystem = true;
};
users = {
thomas = {
imports = [
inputs.homeage.homeManagerModules.homeage
./home/thomas
];
};
anna = {
imports = [
inputs.homeage.homeManagerModules.homeage
./home/anna
];
};
adrian = {
imports = [
inputs.homeage.homeManagerModules.homeage
./home/adrian
];
};
tabea = {
imports = [
inputs.homeage.homeManagerModules.homeage
./home/tabea
];
};
};
};
}
];
};
chnum = {
hostname = "chnum";
nixpkgs = inputs.nixpkgs;
system = "x86_64-linux";
modules = [
inputs.disko.nixosModules.disko
./desktops/chnum
./home/thomas/user.nix
./home/anna/user.nix
./home/adrian/user.nix
./home/tabea/user.nix
{
home-manager = {
extraSpecialArgs = {
desktopSystem = true;
};
users = {
thomas = {
imports = [
inputs.homeage.homeManagerModules.homeage
./home/thomas
];
};
anna = {
imports = [
inputs.homeage.homeManagerModules.homeage
./home/anna
];
};
adrian = {
imports = [
inputs.homeage.homeManagerModules.homeage
./home/adrian
];
};
tabea = {
imports = [
inputs.homeage.homeManagerModules.homeage
./home/tabea
];
};
};
};
}
];
};
asgard = {
hostname = "asgard";
nixpkgs = inputs.nixpkgs;
system = "x86_64-linux";
modules = [
inputs.disko.nixosModules.disko
./desktops/asgard
./home/thomas/user.nix
{
home-manager = {
extraSpecialArgs = {
desktopSystem = true;
};
users = {
thomas = {
imports = [
inputs.homeage.homeManagerModules.homeage
./home/thomas
];
};
};
};
}
];
};
utgard = {
hostname = "utgard";
nixpkgs = inputs.nixpkgs;
system = "x86_64-linux";
modules = [
inputs.disko.nixosModules.disko
./desktops/utgard
./home/thomas/user.nix
{
home-manager = {
extraSpecialArgs = {
desktopSystem = true;
};
users = {
thomas = {
imports = [
inputs.homeage.homeManagerModules.homeage
./home/thomas
];
};
};
};
}
];
};
vanaheim = {
hostname = "vanaheim";
nixpkgs = inputs.nixpkgs;
system = "x86_64-linux";
modules = [
inputs.disko.nixosModules.disko
./desktops/vanaheim
./home/thomas/user.nix
{
home-manager = {
extraSpecialArgs = {
desktopSystem = true;
};
users = {
thomas = {
imports = [
inputs.homeage.homeManagerModules.homeage
./home/thomas
];
};
};
};
}
];
};
yggdrasil = {
hostname = "yggdrasil";
nixpkgs = inputs.nixpkgs;
system = "aarch64-linux";
modules = [
inputs.nixos-hardware.nixosModules.raspberry-pi-4
./desktops/yggdrasil
./home/thomas/user.nix
{
home-manager = {
extraSpecialArgs = {
desktopSystem = true;
};
users = {
thomas = {
imports = [
inputs.homeage.homeManagerModules.homeage
./home/thomas
];
};
};
};
}
];
};
};
};
}

BIN
secrets/services/acme/credentials.age
View File

Binary file not shown.

BIN
secrets/services/shares/media.age
View File

Binary file not shown.

BIN
secrets/services/shares/printer.age
View File

Binary file not shown.

BIN
secrets/services/tailscale/authkey.age
View File

Binary file not shown.

BIN
secrets/users/adrian/password.age
View File

Binary file not shown.

BIN
secrets/users/anna/password.age
View File

Binary file not shown.

BIN
secrets/users/root/password.age
View File

Binary file not shown.

18
secrets/users/tabea/password.age
View File

@ -1,9 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 ptT1OQ wjiOesGBEw/8G7TqSJfmNZaD05VrC2xzza60LYdCdnk
SZNaqBfBe210vIi2t7zCOLntllV/mJL1lt3VYQVHNks
-> ssh-ed25519 dHPgHQ CrGpfunJROv7KOGqLOXmnom+I2G9oeOA3CQmfMwQtj4
r6hUN7tbDVG20GuB7YaxYDcwbTbeKchasVSkCeNO8XY
-> ssh-ed25519 RlXbCA fHElLANQAyNh0kZESziH9aVEkxpspc4WpqgBSxPsdh0
LsI+xtsitWlQL/Vw8xuAv857oapbQdoL4YD+m3AvJ+M
--- FzFhWH5s7G0EbRiSC5UV3Qit/0wZNOltOEKmA88sZWI
`´¿vX0é˜x3Þ&ÑXs¢}!êàœÞc8¹/ÔMµ<4D>¯ÁRaÛÔ9qQõÙâïXãç0ªb„cÉŒÿ;T(÷á¦;-³PŽ5.ıä O‚ÀïÝ\¨6¾ÈÎãðÅ5>ÚÖðŽc £Ô2""BË<13>Ü SCzÓDp
-> ssh-ed25519 ptT1OQ TPCSn3poGzLt5uGYHaVhOqzfETM5ebS9VuwquGP3Nnk
GFw4hCfkzJFpK/qF9NgF6X2FWfF7SzNsv+RbdjcoJHE
-> ssh-ed25519 dHPgHQ XNqvb52c7XLzSbW+wT+UT6HSt1HZUUGmk3RuDaxPUCE
rjaWPXh5IInDhkGcwza0I4X9hJxkqI2W2XwkiPpoubU
-> ssh-ed25519 RlXbCA Yk9ypirIbAcNGSnx+3BuWZ5r0c5YMXWupeyjXduTfFI
cm5XLBaKtGcLHf/IPUlgMmS4JjT8lujrmgVnwN0D330
--- aTvu5XWqMmDwp10CSbH25l3V2kO5x3Gm+V0AMIomCfU
¿Û”M/Í}<)”[©ä˜Ë«67#úÊRåu°D¥·¹+hy­‰#{
ÊÙô ÁúEÚ7Fký¯s»nÓævß5
S¾õµzݧžÙ<C5BE>´¼»›Ü:0äWµ«Â1xÄ*øâÆ9œä·Á|âQud˜Ô5ö|4;Ì<>ÌfÖ¸òèÝ

BIN
secrets/users/thomas/password.age
View File

Binary file not shown.