From eab90b1961d113c9e02c2763e7275ac1e3166dcf Mon Sep 17 00:00:00 2001 From: Thomas Boerger Date: Wed, 28 Sep 2022 13:54:01 +0200 Subject: [PATCH] chore: integrate deploy-rs and flake-utils --- .envrc | 1 + .gitignore | 3 + Makefile | 2 +- flake.lock | 89 ++++-- flake.nix | 528 +++++++++++++++++++------------- machines/asgard/boot.nix | 9 +- machines/asgard/default.nix | 4 +- machines/chnum/boot.nix | 9 +- machines/chnum/default.nix | 9 - machines/chnum/filesystems.nix | 14 +- machines/midgard/boot.nix | 1 - machines/midgard/default.nix | 4 +- machines/modules/default.nix | 1 + machines/modules/nixpkgs.nix | 43 +++ machines/modules/tools.nix | 2 - machines/modules/unpackerr.nix | 103 ++++--- machines/modules/users.nix | 18 ++ machines/niflheim/default.nix | 4 +- machines/services/acme.nix | 2 +- machines/services/media.nix | 2 +- machines/services/nixbuild.nix | 4 +- machines/services/openssh.nix | 22 ++ machines/services/webserver.nix | 60 ++-- machines/utgard/boot.nix | 9 +- machines/vanaheim/default.nix | 4 +- overlays/default.nix | 7 +- profiles/thomas/default.nix | 9 +- shell.nix | 9 - 28 files changed, 607 insertions(+), 365 deletions(-) create mode 100644 .envrc create mode 100644 machines/modules/nixpkgs.nix delete mode 100644 shell.nix diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..3550a30 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use flake diff --git a/.gitignore b/.gitignore index c4a847d..7424c8d 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,4 @@ /result + +.direnv +!.envrc diff --git a/Makefile b/Makefile index 3d4cc35..ad59e84 100644 --- a/Makefile +++ b/Makefile @@ -6,4 +6,4 @@ update: .PHONY: switch switch: - sudo NIXPKGS_ALLOW_UNFREE=1 nixos-rebuild switch --impure --flake . + sudo nixos-rebuild switch --flake . diff --git a/flake.lock b/flake.lock index a0f160c..caadf00 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,44 @@ "type": "github" } }, + "deployrs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils" + }, + "locked": { + "lastModified": 1659725433, + "narHash": "sha256-1ZxuK67TL29YLw88vQ18Y2Y6iYg8Jb7I6/HVzmNB6nM=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "41f15759dd8b638e7b4f299730d94d5aa46ab7eb", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1648199409, + "narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "64a525ee38886ab9028e6f61790de0832aa3ef03", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "hardware": { "locked": { "lastModified": 1663229557, @@ -57,22 +95,6 @@ "type": "github" } }, - "master": { - "locked": { - "lastModified": 1664309664, - "narHash": "sha256-IZyGnYhG3vQn+INnaoWnzIhCwatNuu78c42n2epiPlo=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "dcdadc49350ee51d7c18da01db0e59c11a0da431", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "master", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1664178928, @@ -107,12 +129,13 @@ "root": { "inputs": { "agenix": "agenix", + "deployrs": "deployrs", "hardware": "hardware", "homemanager": "homemanager", - "master": "master", "nixpkgs": "nixpkgs", "nur": "nur", - "unstable": "unstable" + "unstable": "unstable", + "utils": "utils_2" } }, "unstable": { @@ -130,6 +153,36 @@ "repo": "nixpkgs", "type": "github" } + }, + "utils": { + "locked": { + "lastModified": 1648297722, + "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_2": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 5c31390..e63bf52 100644 --- a/flake.nix +++ b/flake.nix @@ -6,10 +6,6 @@ url = "github:nixos/nixpkgs/nixos-22.05"; }; - master = { - url = "github:nixos/nixpkgs/master"; - }; - unstable = { url = "github:nixos/nixpkgs/nixos-unstable"; }; @@ -22,6 +18,15 @@ url = "github:nix-community/NUR"; }; + utils = { + url = "github:numtide/flake-utils"; + }; + + deployrs = { + url = "github:serokell/deploy-rs"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -33,71 +38,230 @@ }; }; - outputs = { self, nur, ... }@inputs: + outputs = { self, nixpkgs, unstable, hardware, nur, utils, deployrs, agenix, homemanager, ... }@inputs: let - overlay-master = final: prev: { - master = inputs.master.legacyPackages.${prev.system}; - }; - - overlay-unstable = final: prev: { - unstable = inputs.unstable.legacyPackages.${prev.system}; - }; - - sharedNixosConfiguration = { config, pkgs, ... }: { - nix = { - package = pkgs.nixFlakes; - - extraOptions = '' - experimental-features = nix-command flakes - ''; - - binaryCaches = [ - "https://cache.nixos.org" - "https://nix-community.cachix.org" - "https://nixpkgs.cachix.org" - "https://tboerger.cachix.org" - "https://thefloweringash-armv7.cachix.org" - ]; - - binaryCachePublicKeys = [ - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "nixpkgs.cachix.org-1:q91R6hxbwFvDqTSDKwDAV4T5PxqXGxswD8vhONFMeOE=" - "tboerger.cachix.org-1:3Q1gyqgA9NsOshOgknDvc6fhA8gw0PFAf2qs5vJpeLU=" - "thefloweringash-armv7.cachix.org-1:v+5yzBD2odFKeXbmC+OPWVqx4WVoIVO6UXgnSAWFtso=" - ]; - - gc = { - automatic = true; - persistent = true; - dates = "weekly"; - options = "--delete-older-than 2w"; - }; - }; - - nixpkgs = { - config = { - allowUnfree = true; - }; - - overlays = [ - self.overlay - nur.overlay - overlay-master - overlay-unstable - ]; + unstable-overlay = final: prev: { + unstable = import unstable { + system = prev.system; + config.allowUnfree = true; }; }; + in { - overlay = import ./overlays; - nixosConfigurations = { - rpi1 = inputs.nixpkgs.lib.nixosSystem { - system = "armv7l-linux"; + chnum = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; modules = [ - "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix" + ({ pkgs, ... }: + let + nur-no-pkgs = import nur { + nurpkgs = import nixpkgs { system = "x86_64-linux"; }; + }; + in + { + imports = [ + nur-no-pkgs.repos.tboerger.modules + ]; + + nixpkgs = { + overlays = [ + (import ./overlays) + nur.overlay + unstable-overlay + ]; + }; + }) + homemanager.nixosModules.home-manager + agenix.nixosModules.age + ./machines/chnum + ./profiles/thomas + ]; + + specialArgs = { + inherit inputs; + }; + }; + + midgard = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + + modules = [ + ({ pkgs, ... }: + let + nur-no-pkgs = import nur { + nurpkgs = import nixpkgs { system = "aarch64-linux"; }; + }; + in + { + imports = [ + nur-no-pkgs.repos.tboerger.modules + ]; + + nixpkgs = { + overlays = [ + (import ./overlays) + nur.overlay + unstable-overlay + ]; + }; + }) + hardware.nixosModules.raspberry-pi-4 + homemanager.nixosModules.home-manager + agenix.nixosModules.age + ./machines/midgard + ./profiles/thomas + ]; + + specialArgs = { + inherit inputs; + }; + }; + + vanaheim = nixpkgs.lib.nixosSystem { + system = "armv6l-linux"; + + modules = [ + ({ pkgs, ... }: + let + nur-no-pkgs = import nur { + nurpkgs = import nixpkgs { system = "armv6l-linux"; }; + }; + in + { + imports = [ + nur-no-pkgs.repos.tboerger.modules + ]; + + nixpkgs = { + overlays = [ + (import ./overlays) + nur.overlay + unstable-overlay + ]; + }; + }) + homemanager.nixosModules.home-manager + agenix.nixosModules.age + ./machines/vanaheim + ./profiles/thomas + ]; + + specialArgs = { + inherit inputs; + }; + }; + + niflheim = nixpkgs.lib.nixosSystem { + system = "armv6l-linux"; + + modules = [ + ({ pkgs, ... }: + let + nur-no-pkgs = import nur { + nurpkgs = import nixpkgs { system = "armv6l-linux"; }; + }; + in + { + imports = [ + nur-no-pkgs.repos.tboerger.modules + ]; + + nixpkgs = { + overlays = [ + (import ./overlays) + nur.overlay + unstable-overlay + ]; + }; + }) + homemanager.nixosModules.home-manager + agenix.nixosModules.age + ./machines/niflheim + ./profiles/thomas + ]; + + specialArgs = { + inherit inputs; + }; + }; + + utgard = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + + modules = [ + ({ pkgs, ... }: + let + nur-no-pkgs = import nur { + nurpkgs = import nixpkgs { system = "x86_64-linux"; }; + }; + in + { + imports = [ + nur-no-pkgs.repos.tboerger.modules + ]; + + nixpkgs = { + overlays = [ + (import ./overlays) + nur.overlay + unstable-overlay + ]; + }; + + nixpkgs.config.allowUnfree = true; + }) + homemanager.nixosModules.home-manager + agenix.nixosModules.age + ./machines/utgard + ./profiles/thomas + ]; + + specialArgs = { + inherit inputs; + }; + }; + + asgard = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + + modules = [ + ({ pkgs, ... }: + let + nur-no-pkgs = import nur { + nurpkgs = import nixpkgs { system = "x86_64-linux"; }; + }; + in + { + imports = [ + nur-no-pkgs.repos.tboerger.modules + ]; + + nixpkgs = { + overlays = [ + (import ./overlays) + nur.overlay + unstable-overlay + ]; + }; + }) + homemanager.nixosModules.home-manager + agenix.nixosModules.age + ./machines/asgard + ./profiles/thomas + ]; + + specialArgs = { + inherit inputs; + }; + }; + + rpi1 = nixpkgs.lib.nixosSystem { + system = "armv6l-linux"; + + modules = [ + "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix" { nixpkgs = { config = { @@ -105,12 +269,8 @@ allowUnfree = true; }; - overlays = [ - self.overlay - ]; - crossSystem = { - system = "armv7l-linux"; + system = "armv6l-linux"; }; }; @@ -121,11 +281,11 @@ ]; }; - rpi4 = inputs.nixpkgs.lib.nixosSystem { + rpi4 = nixpkgs.lib.nixosSystem { system = "aarch64-linux"; modules = [ - "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix" + "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix" { nixpkgs = { config = { @@ -133,10 +293,6 @@ allowUnfree = true; }; - overlays = [ - self.overlay - ]; - crossSystem = { system = "aarch64-linux"; }; @@ -148,148 +304,102 @@ } ]; }; - - utgard = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - - modules = [ - ({ pkgs, ... }: - let - nur-no-pkgs = import nur { - nurpkgs = import inputs.nixpkgs { system = "x86_64-linux"; }; - }; - in { - imports = [ - nur-no-pkgs.repos.tboerger.modules - ]; - }) - inputs.homemanager.nixosModules.home-manager - inputs.agenix.nixosModules.age - sharedNixosConfiguration - ./machines/utgard - ./profiles/thomas - ]; - - specialArgs = { - inherit inputs; - }; - }; - - asgard = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - - modules = [ - ({ pkgs, ... }: - let - nur-no-pkgs = import nur { - nurpkgs = import inputs.nixpkgs { system = "x86_64-linux"; }; - }; - in { - imports = [ - nur-no-pkgs.repos.tboerger.modules - ]; - }) - inputs.homemanager.nixosModules.home-manager - inputs.agenix.nixosModules.age - sharedNixosConfiguration - ./machines/asgard - ./profiles/thomas - ]; - - specialArgs = { - inherit inputs; - }; - }; - - midgard = inputs.nixpkgs.lib.nixosSystem { - system = "aarch64-linux"; - - modules = [ - ({ pkgs, ... }: - let - nur-no-pkgs = import nur { - nurpkgs = import inputs.nixpkgs { system = "aarch64-linux"; }; - }; - in { - imports = [ - nur-no-pkgs.repos.tboerger.modules - ]; - }) - inputs.hardware.nixosModules.raspberry-pi-4 - inputs.homemanager.nixosModules.home-manager - inputs.agenix.nixosModules.age - sharedNixosConfiguration - ./machines/midgard - ./profiles/thomas - ]; - - specialArgs = { - inherit inputs; - }; - }; - - vanaheim = inputs.nixpkgs.lib.nixosSystem { - system = "armv7l-linux"; - - modules = [ - ({ pkgs, ... }: - let - nur-no-pkgs = import nur { - nurpkgs = import inputs.nixpkgs { system = "armv7l-linux"; }; - }; - in { - imports = [ - nur-no-pkgs.repos.tboerger.modules - ]; - }) - inputs.homemanager.nixosModules.home-manager - inputs.agenix.nixosModules.age - sharedNixosConfiguration - ./machines/vanaheim - ./profiles/thomas - ]; - - specialArgs = { - inherit inputs; - }; - }; - - niflheim = inputs.nixpkgs.lib.nixosSystem { - system = "armv7l-linux"; - - modules = [ - ({ pkgs, ... }: - let - nur-no-pkgs = import nur { - nurpkgs = import inputs.nixpkgs { system = "armv7l-linux"; }; - }; - in { - imports = [ - nur-no-pkgs.repos.tboerger.modules - ]; - }) - inputs.homemanager.nixosModules.home-manager - inputs.agenix.nixosModules.age - sharedNixosConfiguration - ./machines/niflheim - ./profiles/thomas - ]; - - specialArgs = { - inherit inputs; - }; - }; }; + chnum = self.nixosConfigurations.chnum.config.system.build.toplevel; + midgard = self.nixosConfigurations.midgard.config.system.build.toplevel; + vanaheim = self.nixosConfigurations.vanaheim.config.system.build.toplevel; + niflheim = self.nixosConfigurations.niflheim.config.system.build.toplevel; + utgard = self.nixosConfigurations.utgard.config.system.build.toplevel; + asgard = self.nixosConfigurations.asgard.config.system.build.toplevel; + images = { rpi1 = self.nixosConfigurations.rpi1.config.system.build.sdImage; rpi4 = self.nixosConfigurations.rpi4.config.system.build.sdImage; }; - utgard = self.nixosConfigurations.utgard.config.system.build.toplevel; - asgard = self.nixosConfigurations.asgard.config.system.build.toplevel; - midgard = self.nixosConfigurations.midgard.config.system.build.toplevel; - vanaheim = self.nixosConfigurations.vanaheim.config.system.build.toplevel; - niflheim = self.nixosConfigurations.niflheim.config.system.build.toplevel; - }; + deploy = { + nodes = { + midgard = { + sshOpts = [ "-p" "22" ]; + hostname = "192.168.1.5"; + fastConnection = true; + + profiles.system = { + sshUser = "thomas"; + user = "root"; + path = deployrs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.midgard; + }; + }; + + vanaheim = { + sshOpts = [ "-p" "22" ]; + hostname = "192.168.1.6"; + fastConnection = true; + + profiles.system = { + sshUser = "thomas"; + user = "root"; + path = deployrs.lib.armv6l-linux.activate.nixos self.nixosConfigurations.vanaheim; + }; + }; + + niflheim = { + sshOpts = [ "-p" "22" ]; + hostname = "192.168.1.7"; + fastConnection = true; + + profiles.system = { + sshUser = "thomas"; + user = "root"; + path = deployrs.lib.armv6l-linux.activate.nixos self.nixosConfigurations.niflheim; + }; + }; + + asgard = { + sshOpts = [ "-p" "22" ]; + hostname = "192.168.1.10"; + fastConnection = true; + + profiles.system = { + sshUser = "thomas"; + user = "root"; + path = deployrs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.asgard; + }; + }; + + utgard = { + sshOpts = [ "-p" "22" ]; + hostname = "192.168.1.11"; + fastConnection = true; + + profiles.system = { + sshUser = "thomas"; + user = "root"; + path = deployrs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.utgard; + }; + }; + }; + }; + + checks = builtins.mapAttrs + (system: deployLib: deployLib.deployChecks self.deploy) + deployrs.lib; + } // utils.lib.eachDefaultSystem (system: + let + pkgs = nixpkgs.legacyPackages.${system}; + + in + { + devShell = pkgs.mkShell { + buildInputs = with pkgs; [ + agenix.defaultPackage.${system} + deployrs.defaultPackage.${system} + nixpkgs-fmt + gnumake + nixUnstable + ]; + }; + } + ); } diff --git a/machines/asgard/boot.nix b/machines/asgard/boot.nix index a6178d2..83f803e 100644 --- a/machines/asgard/boot.nix +++ b/machines/asgard/boot.nix @@ -2,7 +2,14 @@ { boot = { - kernelPackages = pkgs.linuxPackages; + binfmt = { + emulatedSystems = [ + "aarch64-linux" + "armv6l-linux" + ]; + }; + + kernelPackages = lib.mkDefault pkgs.linuxPackages; cleanTmpDir = true; loader = { diff --git a/machines/asgard/default.nix b/machines/asgard/default.nix index f6a6ad8..3427eaa 100644 --- a/machines/asgard/default.nix +++ b/machines/asgard/default.nix @@ -12,9 +12,7 @@ ]; personal = { - services = { - - }; + services = { }; }; system = { diff --git a/machines/chnum/boot.nix b/machines/chnum/boot.nix index a031cd1..028095e 100644 --- a/machines/chnum/boot.nix +++ b/machines/chnum/boot.nix @@ -2,7 +2,14 @@ { boot = { - kernelPackages = pkgs.linuxPackages; + binfmt = { + emulatedSystems = [ + "aarch64-linux" + "armv6l-linux" + ]; + }; + + kernelPackages = lib.mkDefault pkgs.linuxPackages; cleanTmpDir = true; loader = { diff --git a/machines/chnum/default.nix b/machines/chnum/default.nix index a7b8a27..4e85378 100644 --- a/machines/chnum/default.nix +++ b/machines/chnum/default.nix @@ -16,21 +16,12 @@ desktop = { enable = true; }; - develop = { - enable = true; - }; docker = { enable = true; }; - kube = { - enable = true; - }; libvirt = { enable = true; }; - minecraft = { - enable = true; - }; }; }; diff --git a/machines/chnum/filesystems.nix b/machines/chnum/filesystems.nix index 79953ce..31f046c 100644 --- a/machines/chnum/filesystems.nix +++ b/machines/chnum/filesystems.nix @@ -4,12 +4,14 @@ boot = { initrd = { luks = { - devices = [{ - name = "luks"; - device = "/dev/disk/by-label/data"; - preLVM = true; - allowDiscards = true; - }]; + devices = { + luks = { + name = "luks"; + device = "/dev/disk/by-label/data"; + preLVM = true; + allowDiscards = true; + }; + }; }; }; }; diff --git a/machines/midgard/boot.nix b/machines/midgard/boot.nix index e521828..36eb4c8 100644 --- a/machines/midgard/boot.nix +++ b/machines/midgard/boot.nix @@ -2,7 +2,6 @@ { boot = { - kernelPackages = lib.mkDefault pkgs.linuxPackages_rpi4; cleanTmpDir = true; }; } diff --git a/machines/midgard/default.nix b/machines/midgard/default.nix index f6a6ad8..3427eaa 100644 --- a/machines/midgard/default.nix +++ b/machines/midgard/default.nix @@ -12,9 +12,7 @@ ]; personal = { - services = { - - }; + services = { }; }; system = { diff --git a/machines/modules/default.nix b/machines/modules/default.nix index e757ddc..dc37f67 100644 --- a/machines/modules/default.nix +++ b/machines/modules/default.nix @@ -5,6 +5,7 @@ with lib; imports = [ ./frpc.nix ./network.nix + ./nixpkgs.nix ./prowlarr.nix ./shells.nix ./sudo.nix diff --git a/machines/modules/nixpkgs.nix b/machines/modules/nixpkgs.nix new file mode 100644 index 0000000..9f707e1 --- /dev/null +++ b/machines/modules/nixpkgs.nix @@ -0,0 +1,43 @@ +{ pkgs, lib, config, options, ... }: +with lib; + +{ + config = { + nix = { + package = pkgs.nixFlakes; + + extraOptions = '' + experimental-features = nix-command flakes + ''; + + binaryCaches = [ + "https://cache.nixos.org" + "https://nix-community.cachix.org" + "https://nixpkgs.cachix.org" + "https://tboerger.cachix.org" + "https://arm.cachix.org" + ]; + + binaryCachePublicKeys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "nixpkgs.cachix.org-1:q91R6hxbwFvDqTSDKwDAV4T5PxqXGxswD8vhONFMeOE=" + "tboerger.cachix.org-1:3Q1gyqgA9NsOshOgknDvc6fhA8gw0PFAf2qs5vJpeLU=" + "arm.cachix.org-1:K3XjAeWPgWkFtSS9ge5LJSLw3xgnNqyOaG7MDecmTQ8=" + ]; + + gc = { + automatic = true; + persistent = true; + dates = "weekly"; + options = "--delete-older-than 2w"; + }; + }; + + nixpkgs = { + config = { + allowUnfree = true; + }; + }; + }; +} diff --git a/machines/modules/tools.nix b/machines/modules/tools.nix index df91841..93beed1 100644 --- a/machines/modules/tools.nix +++ b/machines/modules/tools.nix @@ -23,8 +23,6 @@ with lib; vim wget yq - - inputs.agenix.defaultPackage.${system} ]; }; }; diff --git a/machines/modules/unpackerr.nix b/machines/modules/unpackerr.nix index 0436b5a..5c12103 100644 --- a/machines/modules/unpackerr.nix +++ b/machines/modules/unpackerr.nix @@ -209,7 +209,7 @@ in extraConfig = mkOption { type = types.attrs; - default = {}; + default = { }; description = '' Extra environment variables ''; @@ -242,61 +242,62 @@ in after = [ "network.target" ]; description = "unpackerr system service"; # Filter out all unset variables else unpackerr complains - environment = filterAttrs (n: v: stringLength v > 0) { - # General options - UN_DEBUG = "${toString cfg.debug}"; - UN_INTERVAL = "${cfg.interval}"; - UN_START_DELAY = "${cfg.startDelay}"; - UN_RETRY_DELAY = "${cfg.retryDelay}"; - UN_MAX_RETRIES = "${toString cfg.maxRetries}"; - UN_PARALLEL = "${toString cfg.parallel}"; - UN_FILE_MODE = "${cfg.fileMode}"; - UN_DIR_MODE = "${cfg.dirMode}"; + environment = filterAttrs (n: v: stringLength v > 0) + { + # General options + UN_DEBUG = "${toString cfg.debug}"; + UN_INTERVAL = "${cfg.interval}"; + UN_START_DELAY = "${cfg.startDelay}"; + UN_RETRY_DELAY = "${cfg.retryDelay}"; + UN_MAX_RETRIES = "${toString cfg.maxRetries}"; + UN_PARALLEL = "${toString cfg.parallel}"; + UN_FILE_MODE = "${cfg.fileMode}"; + UN_DIR_MODE = "${cfg.dirMode}"; - # Sonarr - UN_SONARR_0_URL = "${cfg.sonarr.url}"; - UN_SONARR_0_API_KEY = "${cfg.sonarr.apiKey}"; - UN_SONARR_0_PATHS_0 = "${cfg.sonarr.paths}"; - UN_SONARR_0_PROTOCOLS = "${cfg.sonarr.protocols}"; - UN_SONARR_0_TIMEOUT = "${cfg.sonarr.timeout}"; - UN_SONARR_0_DELETE_ORIG = "${toString cfg.sonarr.deleteOrginal}"; - UN_SONARR_0_DELETE_DELAY = "${cfg.sonarr.deleteDelay}"; + # Sonarr + UN_SONARR_0_URL = "${cfg.sonarr.url}"; + UN_SONARR_0_API_KEY = "${cfg.sonarr.apiKey}"; + UN_SONARR_0_PATHS_0 = "${cfg.sonarr.paths}"; + UN_SONARR_0_PROTOCOLS = "${cfg.sonarr.protocols}"; + UN_SONARR_0_TIMEOUT = "${cfg.sonarr.timeout}"; + UN_SONARR_0_DELETE_ORIG = "${toString cfg.sonarr.deleteOrginal}"; + UN_SONARR_0_DELETE_DELAY = "${cfg.sonarr.deleteDelay}"; - # Radarr - UN_RADARR_0_URL = "${cfg.radarr.url}"; - UN_RADARR_0_API_KEY = "${cfg.radarr.apiKey}"; - UN_RADARR_0_PATHS_0 = "${cfg.radarr.paths}"; - UN_RADARR_0_PROTOCOLS = "${cfg.radarr.protocols}"; - UN_RADARR_0_TIMEOUT = "${cfg.radarr.timeout}"; - UN_RADARR_0_DELETE_ORIG = "${toString cfg.radarr.deleteOrginal}"; - UN_RADARR_0_DELETE_DELAY = "${cfg.radarr.deleteDelay}"; + # Radarr + UN_RADARR_0_URL = "${cfg.radarr.url}"; + UN_RADARR_0_API_KEY = "${cfg.radarr.apiKey}"; + UN_RADARR_0_PATHS_0 = "${cfg.radarr.paths}"; + UN_RADARR_0_PROTOCOLS = "${cfg.radarr.protocols}"; + UN_RADARR_0_TIMEOUT = "${cfg.radarr.timeout}"; + UN_RADARR_0_DELETE_ORIG = "${toString cfg.radarr.deleteOrginal}"; + UN_RADARR_0_DELETE_DELAY = "${cfg.radarr.deleteDelay}"; - # Lidarr - UN_LIDARR_0_URL = "${cfg.lidarr.url}"; - UN_LIDARR_0_API_KEY = "${cfg.lidarr.apiKey}"; - UN_LIDARR_0_PATHS_0 = "${cfg.lidarr.paths}"; - UN_LIDARR_0_PROTOCOLS = "${cfg.lidarr.protocols}"; - UN_LIDARR_0_TIMEOUT = "${cfg.lidarr.timeout}"; - UN_LIDARR_0_DELETE_ORIG = "${toString cfg.lidarr.deleteOrginal}"; - UN_LIDARR_0_DELETE_DELAY = "${cfg.lidarr.deleteDelay}"; + # Lidarr + UN_LIDARR_0_URL = "${cfg.lidarr.url}"; + UN_LIDARR_0_API_KEY = "${cfg.lidarr.apiKey}"; + UN_LIDARR_0_PATHS_0 = "${cfg.lidarr.paths}"; + UN_LIDARR_0_PROTOCOLS = "${cfg.lidarr.protocols}"; + UN_LIDARR_0_TIMEOUT = "${cfg.lidarr.timeout}"; + UN_LIDARR_0_DELETE_ORIG = "${toString cfg.lidarr.deleteOrginal}"; + UN_LIDARR_0_DELETE_DELAY = "${cfg.lidarr.deleteDelay}"; - # Readarr - UN_READARR_0_URL = "${cfg.readarr.url}"; - UN_READARR_0_API_KEY = "${cfg.readarr.apiKey}"; - UN_READARR_0_PATHS_0 = "${cfg.readarr.paths}"; - UN_READARR_0_PROTOCOLS = "${cfg.readarr.protocols}"; - UN_READARR_0_TIMEOUT = "${cfg.readarr.timeout}"; - UN_READARR_0_DELETE_ORIG = "${toString cfg.readarr.deleteOrginal}"; - UN_READARR_0_DELETE_DELAY = "${cfg.readarr.deleteDelay}"; + # Readarr + UN_READARR_0_URL = "${cfg.readarr.url}"; + UN_READARR_0_API_KEY = "${cfg.readarr.apiKey}"; + UN_READARR_0_PATHS_0 = "${cfg.readarr.paths}"; + UN_READARR_0_PROTOCOLS = "${cfg.readarr.protocols}"; + UN_READARR_0_TIMEOUT = "${cfg.readarr.timeout}"; + UN_READARR_0_DELETE_ORIG = "${toString cfg.readarr.deleteOrginal}"; + UN_READARR_0_DELETE_DELAY = "${cfg.readarr.deleteDelay}"; - # Folder - UN_FOLDER_0_PATH = "${cfg.folder.path}"; - UN_FOLDER_0_EXTRACT_PATH = "${cfg.folder.extractPath}"; - UN_FOLDER_0_DELETE_AFTER = "${cfg.folder.deleteAfter}"; - UN_FOLDER_0_DELETE_ORIGINAL = "${toString cfg.folder.deleteOrginal}"; - UN_FOLDER_0_DELETE_FILES = "${toString cfg.folder.deleteFiles}"; - UN_FOLDER_0_MOVE_BACK = "${toString cfg.folder.moveBack}"; - } // cfg.extraConfig; + # Folder + UN_FOLDER_0_PATH = "${cfg.folder.path}"; + UN_FOLDER_0_EXTRACT_PATH = "${cfg.folder.extractPath}"; + UN_FOLDER_0_DELETE_AFTER = "${cfg.folder.deleteAfter}"; + UN_FOLDER_0_DELETE_ORIGINAL = "${toString cfg.folder.deleteOrginal}"; + UN_FOLDER_0_DELETE_FILES = "${toString cfg.folder.deleteFiles}"; + UN_FOLDER_0_MOVE_BACK = "${toString cfg.folder.moveBack}"; + } // cfg.extraConfig; serviceConfig = { User = cfg.user; Group = cfg.group; diff --git a/machines/modules/users.nix b/machines/modules/users.nix index 75a31d5..0b229df 100644 --- a/machines/modules/users.nix +++ b/machines/modules/users.nix @@ -19,6 +19,24 @@ with lib; }; }; }; + admin = { + shell = pkgs.zsh; + isNormalUser = true; + uid = 1337; + hashedPassword = "$6$yuwsoikF5utqohar$fdcvq0iXdmiioiRyBGeVZICzQm4nKlv6.pj9AWh13VRCsE07dN9StDnXV0aslIBb0SWRFC4dY5Um2MYiAMfmH0"; + openssh = { + authorizedKeys = { + keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINaQYR0/Oj6k1H03kshz2J7rlGCaDSuaGPhhOs9FcZfn thomas@osiris" + ]; + }; + }; + extraGroups = [ + "wheel" + "docker" + "libvirtd" + ]; + }; }; }; }; diff --git a/machines/niflheim/default.nix b/machines/niflheim/default.nix index f6a6ad8..3427eaa 100644 --- a/machines/niflheim/default.nix +++ b/machines/niflheim/default.nix @@ -12,9 +12,7 @@ ]; personal = { - services = { - - }; + services = { }; }; system = { diff --git a/machines/services/acme.nix b/machines/services/acme.nix index b568b93..12a0d17 100644 --- a/machines/services/acme.nix +++ b/machines/services/acme.nix @@ -27,7 +27,7 @@ in certs = { "boerger.ws" = { - extraDomainNames = ["*.boerger.ws"]; + extraDomainNames = [ "*.boerger.ws" ]; dnsProvider = "cloudflare"; credentialsFile = config.age.secrets."services/acme/credentials".path; }; diff --git a/machines/services/media.nix b/machines/services/media.nix index 1e3e9f0..efae7a9 100644 --- a/machines/services/media.nix +++ b/machines/services/media.nix @@ -24,7 +24,7 @@ in }; }; - config =mkIf cfg.enable { + config = mkIf cfg.enable { users = { users = { media = { diff --git a/machines/services/nixbuild.nix b/machines/services/nixbuild.nix index cdb876b..d68fe73 100644 --- a/machines/services/nixbuild.nix +++ b/machines/services/nixbuild.nix @@ -10,9 +10,7 @@ in personal = { services = { nixbuild = { - enable = mkEnableOption "Nixbuild" // { - default = true; - }; + enable = mkEnableOption "Nixbuild"; }; }; }; diff --git a/machines/services/openssh.nix b/machines/services/openssh.nix index 6846ccd..ce14bd1 100644 --- a/machines/services/openssh.nix +++ b/machines/services/openssh.nix @@ -22,7 +22,29 @@ in services = { openssh = { enable = true; + openFirewall = true; permitRootLogin = "yes"; + + ciphers = [ + "chacha20-poly1305@openssh.com" + "aes256-gcm@openssh.com" + "aes256-ctr" + "aes128-gcm@openssh.com" + ]; + + macs = [ + "umac-128-etm@openssh.com" + "hmac-sha2-256-etm@openssh.com" + "hmac-sha2-512-etm@openssh.com" + "hmac-sha2-512" + ]; + + kexAlgorithms = [ + "curve25519-sha256@libssh.org" + "diffie-hellman-group16-sha512" + "diffie-hellman-group18-sha512" + "curve25519-sha256" + ]; }; }; }; diff --git a/machines/services/webserver.nix b/machines/services/webserver.nix index e8748d1..e6d3048 100644 --- a/machines/services/webserver.nix +++ b/machines/services/webserver.nix @@ -16,28 +16,30 @@ in description = '' List of hosts to configure ''; - type = types.listOf (types.submodule { options = { - domain = mkOption { - type = types.str; - description = "Name of the domain"; + type = types.listOf (types.submodule { + options = { + domain = mkOption { + type = types.str; + description = "Name of the domain"; + }; + domainOptions = mkOption { + type = types.attrs; + default = { }; + description = "Custom options for domain"; + }; + proxy = mkOption { + type = types.nullOr types.str; + default = null; + description = "Optional proxy target"; + }; + proxyOptions = mkOption { + type = types.str; + default = ""; + description = "Custom options for proxy"; + }; }; - domainOptions = mkOption { - type = types.attrs; - default = {}; - description = "Custom options for domain"; - }; - proxy = mkOption { - type = types.nullOr types.str; - default = null; - description = "Optional proxy target"; - }; - proxyOptions = mkOption { - type = types.str; - default = ""; - description = "Custom options for proxy"; - }; - }; }); - default = []; + }); + default = [ ]; example = [{ domain = "dummy.boerger.ws"; proxy = "http://localhost:8080"; @@ -107,14 +109,14 @@ in } // (elem.domainOptions or { }); }) config.personal.services.webserver.hosts) // { - "${cfg.defaultDomain}" = { - useACMEHost = cfg.acmeHost; - addSSL = true; - forceSSL = false; - default = true; - globalRedirect = cfg.redirectDomain; - }; - }; + "${cfg.defaultDomain}" = { + useACMEHost = cfg.acmeHost; + addSSL = true; + forceSSL = false; + default = true; + globalRedirect = cfg.redirectDomain; + }; + }; }; }; diff --git a/machines/utgard/boot.nix b/machines/utgard/boot.nix index b4abf3e..fb1aad5 100644 --- a/machines/utgard/boot.nix +++ b/machines/utgard/boot.nix @@ -2,7 +2,14 @@ { boot = { - kernelPackages = pkgs.linuxPackages; + binfmt = { + emulatedSystems = [ + "aarch64-linux" + "armv6l-linux" + ]; + }; + + kernelPackages = lib.mkDefault pkgs.linuxPackages; cleanTmpDir = true; loader = { diff --git a/machines/vanaheim/default.nix b/machines/vanaheim/default.nix index f6a6ad8..3427eaa 100644 --- a/machines/vanaheim/default.nix +++ b/machines/vanaheim/default.nix @@ -12,9 +12,7 @@ ]; personal = { - services = { - - }; + services = { }; }; system = { diff --git a/overlays/default.nix b/overlays/default.nix index 097e8a2..126e865 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,8 +1,3 @@ self: super: -{ - aws-c-common = super.aws-c-common.overrideAttrs (old: { - doCheck = false; - doInstallCheck = false; - }); -} +{ } diff --git a/profiles/thomas/default.nix b/profiles/thomas/default.nix index f4eb572..7c0a588 100644 --- a/profiles/thomas/default.nix +++ b/profiles/thomas/default.nix @@ -68,8 +68,9 @@ in home = { homeDirectory = "/home/${username}"; - sessionPath = ["$HOME/.local/bin"] - ++ (optional desktop ["$HOME/.krew/bin" "$HOME/Golang/bin"]); + sessionPath = [ "$HOME/.local/bin" ] + ++ (optional desktop "$HOME/.krew/bin") + ++ (optional desktop "$HOME/Golang/bin"); file = { ".local/bin/git-gh-pages" = { @@ -89,7 +90,7 @@ in executable = true; source = ./scripts/each-dir.sh; }; - } // (mkIf desktop { + } // (if desktop then { ".local/bin/sort-requirements" = { executable = true; source = ./scripts/sort-requirements.rb; @@ -104,7 +105,7 @@ in ".wallpapers/tower.jpg" = { source = ./wallpapers/tower.jpg; }; - }); + } else { }); stateVersion = "18.09"; }; diff --git a/shell.nix b/shell.nix deleted file mode 100644 index f61040b..0000000 --- a/shell.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ pkgs ? import { } }: - -pkgs.mkShell { - buildInputs = with pkgs; [ - nixpkgs-fmt - gnumake - nixUnstable - ]; -}