mirror/github.com-tboerger-nixos-config
1
0
Fork 0
mirror of https://github.com/tboerger/nixos-config synced 2024-11-22 18:21:58 +01:00
Code Issues

chore: integrate deploy-rs and flake-utils

Browse Source
This commit is contained in:
Thomas Boerger 2022-09-28 13:54:01 +02:00
parent 4c0eb14f3b
commit eab90b1961
No known key found for this signature in database
GPG Key ID: 09745AFF9D63C79B
28 changed files with 607 additions and 365 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.envrc Normal file
View File

@ -0,0 +1 @@
use flake

3
.gitignore vendored
View File

@ -1 +1,4 @@
/result /result
.direnv
!.envrc

2
Makefile
View File

@ -6,4 +6,4 @@ update:
.PHONY: switch .PHONY: switch
switch: switch:
sudo NIXPKGS_ALLOW_UNFREE=1 nixos-rebuild switch --impure --flake . sudo nixos-rebuild switch --flake .

89
flake.lock
View File

@ -20,6 +20,44 @@
"type": "github" "type": "github"
} }
}, },
"deployrs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1659725433,
"narHash": "sha256-1ZxuK67TL29YLw88vQ18Y2Y6iYg8Jb7I6/HVzmNB6nM=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "41f15759dd8b638e7b4f299730d94d5aa46ab7eb",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1648199409,
"narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "64a525ee38886ab9028e6f61790de0832aa3ef03",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"hardware": { "hardware": {
"locked": { "locked": {
"lastModified": 1663229557, "lastModified": 1663229557,
@ -57,22 +95,6 @@
"type": "github" "type": "github"
} }
}, },
"master": {
"locked": {
"lastModified": 1664309664,
"narHash": "sha256-IZyGnYhG3vQn+INnaoWnzIhCwatNuu78c42n2epiPlo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "dcdadc49350ee51d7c18da01db0e59c11a0da431",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1664178928, "lastModified": 1664178928,
@ -107,12 +129,13 @@
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"deployrs": "deployrs",
"hardware": "hardware", "hardware": "hardware",
"homemanager": "homemanager", "homemanager": "homemanager",
"master": "master",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nur": "nur", "nur": "nur",
"unstable": "unstable" "unstable": "unstable",
"utils": "utils_2"
} }
}, },
"unstable": { "unstable": {
@ -130,6 +153,36 @@
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
},
"utils": {
"locked": {
"lastModified": 1648297722,
"narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_2": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

528
flake.nix
View File

@ -6,10 +6,6 @@
url = "github:nixos/nixpkgs/nixos-22.05"; url = "github:nixos/nixpkgs/nixos-22.05";
}; };
master = {
url = "github:nixos/nixpkgs/master";
};
unstable = { unstable = {
url = "github:nixos/nixpkgs/nixos-unstable"; url = "github:nixos/nixpkgs/nixos-unstable";
}; };
@ -22,6 +18,15 @@
url = "github:nix-community/NUR"; url = "github:nix-community/NUR";
}; };
utils = {
url = "github:numtide/flake-utils";
};
deployrs = {
url = "github:serokell/deploy-rs";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix = { agenix = {
url = "github:ryantm/agenix"; url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -33,71 +38,230 @@
}; };
}; };
outputs = { self, nur, ... }@inputs: outputs = { self, nixpkgs, unstable, hardware, nur, utils, deployrs, agenix, homemanager, ... }@inputs:
let let
overlay-master = final: prev: { unstable-overlay = final: prev: {
master = inputs.master.legacyPackages.${prev.system}; unstable = import unstable {
}; system = prev.system;
config.allowUnfree = true;
overlay-unstable = final: prev: {
unstable = inputs.unstable.legacyPackages.${prev.system};
};
sharedNixosConfiguration = { config, pkgs, ... }: {
nix = {
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
'';
binaryCaches = [
"https://cache.nixos.org"
"https://nix-community.cachix.org"
"https://nixpkgs.cachix.org"
"https://tboerger.cachix.org"
"https://thefloweringash-armv7.cachix.org"
];
binaryCachePublicKeys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixpkgs.cachix.org-1:q91R6hxbwFvDqTSDKwDAV4T5PxqXGxswD8vhONFMeOE="
"tboerger.cachix.org-1:3Q1gyqgA9NsOshOgknDvc6fhA8gw0PFAf2qs5vJpeLU="
"thefloweringash-armv7.cachix.org-1:v+5yzBD2odFKeXbmC+OPWVqx4WVoIVO6UXgnSAWFtso="
];
gc = {
automatic = true;
persistent = true;
dates = "weekly";
options = "--delete-older-than 2w";
};
};
nixpkgs = {
config = {
allowUnfree = true;
};
overlays = [
self.overlay
nur.overlay
overlay-master
overlay-unstable
];
}; };
}; };
in in
{ {
overlay = import ./overlays;
nixosConfigurations = { nixosConfigurations = {
rpi1 = inputs.nixpkgs.lib.nixosSystem { chnum = nixpkgs.lib.nixosSystem {
system = "armv7l-linux"; system = "x86_64-linux";
modules = [ modules = [
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix" ({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import nixpkgs { system = "x86_64-linux"; };
};
in
{
imports = [
nur-no-pkgs.repos.tboerger.modules
];
nixpkgs = {
overlays = [
(import ./overlays)
nur.overlay
unstable-overlay
];
};
})
homemanager.nixosModules.home-manager
agenix.nixosModules.age
./machines/chnum
./profiles/thomas
];
specialArgs = {
inherit inputs;
};
};
midgard = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import nixpkgs { system = "aarch64-linux"; };
};
in
{
imports = [
nur-no-pkgs.repos.tboerger.modules
];
nixpkgs = {
overlays = [
(import ./overlays)
nur.overlay
unstable-overlay
];
};
})
hardware.nixosModules.raspberry-pi-4
homemanager.nixosModules.home-manager
agenix.nixosModules.age
./machines/midgard
./profiles/thomas
];
specialArgs = {
inherit inputs;
};
};
vanaheim = nixpkgs.lib.nixosSystem {
system = "armv6l-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import nixpkgs { system = "armv6l-linux"; };
};
in
{
imports = [
nur-no-pkgs.repos.tboerger.modules
];
nixpkgs = {
overlays = [
(import ./overlays)
nur.overlay
unstable-overlay
];
};
})
homemanager.nixosModules.home-manager
agenix.nixosModules.age
./machines/vanaheim
./profiles/thomas
];
specialArgs = {
inherit inputs;
};
};
niflheim = nixpkgs.lib.nixosSystem {
system = "armv6l-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import nixpkgs { system = "armv6l-linux"; };
};
in
{
imports = [
nur-no-pkgs.repos.tboerger.modules
];
nixpkgs = {
overlays = [
(import ./overlays)
nur.overlay
unstable-overlay
];
};
})
homemanager.nixosModules.home-manager
agenix.nixosModules.age
./machines/niflheim
./profiles/thomas
];
specialArgs = {
inherit inputs;
};
};
utgard = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import nixpkgs { system = "x86_64-linux"; };
};
in
{
imports = [
nur-no-pkgs.repos.tboerger.modules
];
nixpkgs = {
overlays = [
(import ./overlays)
nur.overlay
unstable-overlay
];
};
nixpkgs.config.allowUnfree = true;
})
homemanager.nixosModules.home-manager
agenix.nixosModules.age
./machines/utgard
./profiles/thomas
];
specialArgs = {
inherit inputs;
};
};
asgard = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import nixpkgs { system = "x86_64-linux"; };
};
in
{
imports = [
nur-no-pkgs.repos.tboerger.modules
];
nixpkgs = {
overlays = [
(import ./overlays)
nur.overlay
unstable-overlay
];
};
})
homemanager.nixosModules.home-manager
agenix.nixosModules.age
./machines/asgard
./profiles/thomas
];
specialArgs = {
inherit inputs;
};
};
rpi1 = nixpkgs.lib.nixosSystem {
system = "armv6l-linux";
modules = [
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix"
{ {
nixpkgs = { nixpkgs = {
config = { config = {
@ -105,12 +269,8 @@
allowUnfree = true; allowUnfree = true;
}; };
overlays = [
self.overlay
];
crossSystem = { crossSystem = {
system = "armv7l-linux"; system = "armv6l-linux";
}; };
}; };
@ -121,11 +281,11 @@
]; ];
}; };
rpi4 = inputs.nixpkgs.lib.nixosSystem { rpi4 = nixpkgs.lib.nixosSystem {
system = "aarch64-linux"; system = "aarch64-linux";
modules = [ modules = [
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix" "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix"
{ {
nixpkgs = { nixpkgs = {
config = { config = {
@ -133,10 +293,6 @@
allowUnfree = true; allowUnfree = true;
}; };
overlays = [
self.overlay
];
crossSystem = { crossSystem = {
system = "aarch64-linux"; system = "aarch64-linux";
}; };
@ -148,148 +304,102 @@
} }
]; ];
}; };
utgard = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import inputs.nixpkgs { system = "x86_64-linux"; };
};
in {
imports = [
nur-no-pkgs.repos.tboerger.modules
];
})
inputs.homemanager.nixosModules.home-manager
inputs.agenix.nixosModules.age
sharedNixosConfiguration
./machines/utgard
./profiles/thomas
];
specialArgs = {
inherit inputs;
};
};
asgard = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import inputs.nixpkgs { system = "x86_64-linux"; };
};
in {
imports = [
nur-no-pkgs.repos.tboerger.modules
];
})
inputs.homemanager.nixosModules.home-manager
inputs.agenix.nixosModules.age
sharedNixosConfiguration
./machines/asgard
./profiles/thomas
];
specialArgs = {
inherit inputs;
};
};
midgard = inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import inputs.nixpkgs { system = "aarch64-linux"; };
};
in {
imports = [
nur-no-pkgs.repos.tboerger.modules
];
})
inputs.hardware.nixosModules.raspberry-pi-4
inputs.homemanager.nixosModules.home-manager
inputs.agenix.nixosModules.age
sharedNixosConfiguration
./machines/midgard
./profiles/thomas
];
specialArgs = {
inherit inputs;
};
};
vanaheim = inputs.nixpkgs.lib.nixosSystem {
system = "armv7l-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import inputs.nixpkgs { system = "armv7l-linux"; };
};
in {
imports = [
nur-no-pkgs.repos.tboerger.modules
];
})
inputs.homemanager.nixosModules.home-manager
inputs.agenix.nixosModules.age
sharedNixosConfiguration
./machines/vanaheim
./profiles/thomas
];
specialArgs = {
inherit inputs;
};
};
niflheim = inputs.nixpkgs.lib.nixosSystem {
system = "armv7l-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import inputs.nixpkgs { system = "armv7l-linux"; };
};
in {
imports = [
nur-no-pkgs.repos.tboerger.modules
];
})
inputs.homemanager.nixosModules.home-manager
inputs.agenix.nixosModules.age
sharedNixosConfiguration
./machines/niflheim
./profiles/thomas
];
specialArgs = {
inherit inputs;
};
};
}; };
chnum = self.nixosConfigurations.chnum.config.system.build.toplevel;
midgard = self.nixosConfigurations.midgard.config.system.build.toplevel;
vanaheim = self.nixosConfigurations.vanaheim.config.system.build.toplevel;
niflheim = self.nixosConfigurations.niflheim.config.system.build.toplevel;
utgard = self.nixosConfigurations.utgard.config.system.build.toplevel;
asgard = self.nixosConfigurations.asgard.config.system.build.toplevel;
images = { images = {
rpi1 = self.nixosConfigurations.rpi1.config.system.build.sdImage; rpi1 = self.nixosConfigurations.rpi1.config.system.build.sdImage;
rpi4 = self.nixosConfigurations.rpi4.config.system.build.sdImage; rpi4 = self.nixosConfigurations.rpi4.config.system.build.sdImage;
}; };
utgard = self.nixosConfigurations.utgard.config.system.build.toplevel; deploy = {
asgard = self.nixosConfigurations.asgard.config.system.build.toplevel; nodes = {
midgard = self.nixosConfigurations.midgard.config.system.build.toplevel; midgard = {
vanaheim = self.nixosConfigurations.vanaheim.config.system.build.toplevel; sshOpts = [ "-p" "22" ];
niflheim = self.nixosConfigurations.niflheim.config.system.build.toplevel; hostname = "192.168.1.5";
}; fastConnection = true;
profiles.system = {
sshUser = "thomas";
user = "root";
path = deployrs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.midgard;
};
};
vanaheim = {
sshOpts = [ "-p" "22" ];
hostname = "192.168.1.6";
fastConnection = true;
profiles.system = {
sshUser = "thomas";
user = "root";
path = deployrs.lib.armv6l-linux.activate.nixos self.nixosConfigurations.vanaheim;
};
};
niflheim = {
sshOpts = [ "-p" "22" ];
hostname = "192.168.1.7";
fastConnection = true;
profiles.system = {
sshUser = "thomas";
user = "root";
path = deployrs.lib.armv6l-linux.activate.nixos self.nixosConfigurations.niflheim;
};
};
asgard = {
sshOpts = [ "-p" "22" ];
hostname = "192.168.1.10";
fastConnection = true;
profiles.system = {
sshUser = "thomas";
user = "root";
path = deployrs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.asgard;
};
};
utgard = {
sshOpts = [ "-p" "22" ];
hostname = "192.168.1.11";
fastConnection = true;
profiles.system = {
sshUser = "thomas";
user = "root";
path = deployrs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.utgard;
};
};
};
};
checks = builtins.mapAttrs
(system: deployLib: deployLib.deployChecks self.deploy)
deployrs.lib;
} // utils.lib.eachDefaultSystem (system:
let
pkgs = nixpkgs.legacyPackages.${system};
in
{
devShell = pkgs.mkShell {
buildInputs = with pkgs; [
agenix.defaultPackage.${system}
deployrs.defaultPackage.${system}
nixpkgs-fmt
gnumake
nixUnstable
];
};
}
);
} }

9
machines/asgard/boot.nix
View File

@ -2,7 +2,14 @@
{ {
boot = { boot = {
kernelPackages = pkgs.linuxPackages; binfmt = {
emulatedSystems = [
"aarch64-linux"
"armv6l-linux"
];
};
kernelPackages = lib.mkDefault pkgs.linuxPackages;
cleanTmpDir = true; cleanTmpDir = true;
loader = { loader = {

4
machines/asgard/default.nix
View File

@ -12,9 +12,7 @@
]; ];
personal = { personal = {
services = { services = { };
};
}; };
system = { system = {

9
machines/chnum/boot.nix
View File

@ -2,7 +2,14 @@
{ {
boot = { boot = {
kernelPackages = pkgs.linuxPackages; binfmt = {
emulatedSystems = [
"aarch64-linux"
"armv6l-linux"
];
};
kernelPackages = lib.mkDefault pkgs.linuxPackages;
cleanTmpDir = true; cleanTmpDir = true;
loader = { loader = {

9
machines/chnum/default.nix
View File

@ -16,21 +16,12 @@
desktop = { desktop = {
enable = true; enable = true;
}; };
develop = {
enable = true;
};
docker = { docker = {
enable = true; enable = true;
}; };
kube = {
enable = true;
};
libvirt = { libvirt = {
enable = true; enable = true;
}; };
minecraft = {
enable = true;
};
}; };
}; };

14
machines/chnum/filesystems.nix
View File

@ -4,12 +4,14 @@
boot = { boot = {
initrd = { initrd = {
luks = { luks = {
devices = [{ devices = {
name = "luks"; luks = {
device = "/dev/disk/by-label/data"; name = "luks";
preLVM = true; device = "/dev/disk/by-label/data";
allowDiscards = true; preLVM = true;
}]; allowDiscards = true;
};
};
}; };
}; };
}; };

1
machines/midgard/boot.nix
View File

@ -2,7 +2,6 @@
{ {
boot = { boot = {
kernelPackages = lib.mkDefault pkgs.linuxPackages_rpi4;
cleanTmpDir = true; cleanTmpDir = true;
}; };
} }

4
machines/midgard/default.nix
View File

@ -12,9 +12,7 @@
]; ];
personal = { personal = {
services = { services = { };
};
}; };
system = { system = {

1
machines/modules/default.nix
View File

@ -5,6 +5,7 @@ with lib;
imports = [ imports = [
./frpc.nix ./frpc.nix
./network.nix ./network.nix
./nixpkgs.nix
./prowlarr.nix ./prowlarr.nix
./shells.nix ./shells.nix
./sudo.nix ./sudo.nix

43
machines/modules/nixpkgs.nix Normal file
View File

@ -0,0 +1,43 @@
{ pkgs, lib, config, options, ... }:
with lib;
{
config = {
nix = {
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
'';
binaryCaches = [
"https://cache.nixos.org"
"https://nix-community.cachix.org"
"https://nixpkgs.cachix.org"
"https://tboerger.cachix.org"
"https://arm.cachix.org"
];
binaryCachePublicKeys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixpkgs.cachix.org-1:q91R6hxbwFvDqTSDKwDAV4T5PxqXGxswD8vhONFMeOE="
"tboerger.cachix.org-1:3Q1gyqgA9NsOshOgknDvc6fhA8gw0PFAf2qs5vJpeLU="
"arm.cachix.org-1:K3XjAeWPgWkFtSS9ge5LJSLw3xgnNqyOaG7MDecmTQ8="
];
gc = {
automatic = true;
persistent = true;
dates = "weekly";
options = "--delete-older-than 2w";
};
};
nixpkgs = {
config = {
allowUnfree = true;
};
};
};
}

2
machines/modules/tools.nix
View File

@ -23,8 +23,6 @@ with lib;
vim vim
wget wget
yq yq
inputs.agenix.defaultPackage.${system}
]; ];
}; };
}; };

103
machines/modules/unpackerr.nix
View File

@ -209,7 +209,7 @@ in
extraConfig = mkOption { extraConfig = mkOption {
type = types.attrs; type = types.attrs;
default = {}; default = { };
description = '' description = ''
Extra environment variables Extra environment variables
''; '';
@ -242,61 +242,62 @@ in
after = [ "network.target" ]; after = [ "network.target" ];
description = "unpackerr system service"; description = "unpackerr system service";
# Filter out all unset variables else unpackerr complains # Filter out all unset variables else unpackerr complains
environment = filterAttrs (n: v: stringLength v > 0) { environment = filterAttrs (n: v: stringLength v > 0)
# General options {
UN_DEBUG = "${toString cfg.debug}"; # General options
UN_INTERVAL = "${cfg.interval}"; UN_DEBUG = "${toString cfg.debug}";
UN_START_DELAY = "${cfg.startDelay}"; UN_INTERVAL = "${cfg.interval}";
UN_RETRY_DELAY = "${cfg.retryDelay}"; UN_START_DELAY = "${cfg.startDelay}";
UN_MAX_RETRIES = "${toString cfg.maxRetries}"; UN_RETRY_DELAY = "${cfg.retryDelay}";
UN_PARALLEL = "${toString cfg.parallel}"; UN_MAX_RETRIES = "${toString cfg.maxRetries}";
UN_FILE_MODE = "${cfg.fileMode}"; UN_PARALLEL = "${toString cfg.parallel}";
UN_DIR_MODE = "${cfg.dirMode}"; UN_FILE_MODE = "${cfg.fileMode}";
UN_DIR_MODE = "${cfg.dirMode}";
# Sonarr # Sonarr
UN_SONARR_0_URL = "${cfg.sonarr.url}"; UN_SONARR_0_URL = "${cfg.sonarr.url}";
UN_SONARR_0_API_KEY = "${cfg.sonarr.apiKey}"; UN_SONARR_0_API_KEY = "${cfg.sonarr.apiKey}";
UN_SONARR_0_PATHS_0 = "${cfg.sonarr.paths}"; UN_SONARR_0_PATHS_0 = "${cfg.sonarr.paths}";
UN_SONARR_0_PROTOCOLS = "${cfg.sonarr.protocols}"; UN_SONARR_0_PROTOCOLS = "${cfg.sonarr.protocols}";
UN_SONARR_0_TIMEOUT = "${cfg.sonarr.timeout}"; UN_SONARR_0_TIMEOUT = "${cfg.sonarr.timeout}";
UN_SONARR_0_DELETE_ORIG = "${toString cfg.sonarr.deleteOrginal}"; UN_SONARR_0_DELETE_ORIG = "${toString cfg.sonarr.deleteOrginal}";
UN_SONARR_0_DELETE_DELAY = "${cfg.sonarr.deleteDelay}"; UN_SONARR_0_DELETE_DELAY = "${cfg.sonarr.deleteDelay}";
# Radarr # Radarr
UN_RADARR_0_URL = "${cfg.radarr.url}"; UN_RADARR_0_URL = "${cfg.radarr.url}";
UN_RADARR_0_API_KEY = "${cfg.radarr.apiKey}"; UN_RADARR_0_API_KEY = "${cfg.radarr.apiKey}";
UN_RADARR_0_PATHS_0 = "${cfg.radarr.paths}"; UN_RADARR_0_PATHS_0 = "${cfg.radarr.paths}";
UN_RADARR_0_PROTOCOLS = "${cfg.radarr.protocols}"; UN_RADARR_0_PROTOCOLS = "${cfg.radarr.protocols}";
UN_RADARR_0_TIMEOUT = "${cfg.radarr.timeout}"; UN_RADARR_0_TIMEOUT = "${cfg.radarr.timeout}";
UN_RADARR_0_DELETE_ORIG = "${toString cfg.radarr.deleteOrginal}"; UN_RADARR_0_DELETE_ORIG = "${toString cfg.radarr.deleteOrginal}";
UN_RADARR_0_DELETE_DELAY = "${cfg.radarr.deleteDelay}"; UN_RADARR_0_DELETE_DELAY = "${cfg.radarr.deleteDelay}";
# Lidarr # Lidarr
UN_LIDARR_0_URL = "${cfg.lidarr.url}"; UN_LIDARR_0_URL = "${cfg.lidarr.url}";
UN_LIDARR_0_API_KEY = "${cfg.lidarr.apiKey}"; UN_LIDARR_0_API_KEY = "${cfg.lidarr.apiKey}";
UN_LIDARR_0_PATHS_0 = "${cfg.lidarr.paths}"; UN_LIDARR_0_PATHS_0 = "${cfg.lidarr.paths}";
UN_LIDARR_0_PROTOCOLS = "${cfg.lidarr.protocols}"; UN_LIDARR_0_PROTOCOLS = "${cfg.lidarr.protocols}";
UN_LIDARR_0_TIMEOUT = "${cfg.lidarr.timeout}"; UN_LIDARR_0_TIMEOUT = "${cfg.lidarr.timeout}";
UN_LIDARR_0_DELETE_ORIG = "${toString cfg.lidarr.deleteOrginal}"; UN_LIDARR_0_DELETE_ORIG = "${toString cfg.lidarr.deleteOrginal}";
UN_LIDARR_0_DELETE_DELAY = "${cfg.lidarr.deleteDelay}"; UN_LIDARR_0_DELETE_DELAY = "${cfg.lidarr.deleteDelay}";
# Readarr # Readarr
UN_READARR_0_URL = "${cfg.readarr.url}"; UN_READARR_0_URL = "${cfg.readarr.url}";
UN_READARR_0_API_KEY = "${cfg.readarr.apiKey}"; UN_READARR_0_API_KEY = "${cfg.readarr.apiKey}";
UN_READARR_0_PATHS_0 = "${cfg.readarr.paths}"; UN_READARR_0_PATHS_0 = "${cfg.readarr.paths}";
UN_READARR_0_PROTOCOLS = "${cfg.readarr.protocols}"; UN_READARR_0_PROTOCOLS = "${cfg.readarr.protocols}";
UN_READARR_0_TIMEOUT = "${cfg.readarr.timeout}"; UN_READARR_0_TIMEOUT = "${cfg.readarr.timeout}";
UN_READARR_0_DELETE_ORIG = "${toString cfg.readarr.deleteOrginal}"; UN_READARR_0_DELETE_ORIG = "${toString cfg.readarr.deleteOrginal}";
UN_READARR_0_DELETE_DELAY = "${cfg.readarr.deleteDelay}"; UN_READARR_0_DELETE_DELAY = "${cfg.readarr.deleteDelay}";
# Folder # Folder
UN_FOLDER_0_PATH = "${cfg.folder.path}"; UN_FOLDER_0_PATH = "${cfg.folder.path}";
UN_FOLDER_0_EXTRACT_PATH = "${cfg.folder.extractPath}"; UN_FOLDER_0_EXTRACT_PATH = "${cfg.folder.extractPath}";
UN_FOLDER_0_DELETE_AFTER = "${cfg.folder.deleteAfter}"; UN_FOLDER_0_DELETE_AFTER = "${cfg.folder.deleteAfter}";
UN_FOLDER_0_DELETE_ORIGINAL = "${toString cfg.folder.deleteOrginal}"; UN_FOLDER_0_DELETE_ORIGINAL = "${toString cfg.folder.deleteOrginal}";
UN_FOLDER_0_DELETE_FILES = "${toString cfg.folder.deleteFiles}"; UN_FOLDER_0_DELETE_FILES = "${toString cfg.folder.deleteFiles}";
UN_FOLDER_0_MOVE_BACK = "${toString cfg.folder.moveBack}"; UN_FOLDER_0_MOVE_BACK = "${toString cfg.folder.moveBack}";
} // cfg.extraConfig; } // cfg.extraConfig;
serviceConfig = { serviceConfig = {
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;

18
machines/modules/users.nix
View File

@ -19,6 +19,24 @@ with lib;
}; };
}; };
}; };
admin = {
shell = pkgs.zsh;
isNormalUser = true;
uid = 1337;
hashedPassword = "$6$yuwsoikF5utqohar$fdcvq0iXdmiioiRyBGeVZICzQm4nKlv6.pj9AWh13VRCsE07dN9StDnXV0aslIBb0SWRFC4dY5Um2MYiAMfmH0";
openssh = {
authorizedKeys = {
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINaQYR0/Oj6k1H03kshz2J7rlGCaDSuaGPhhOs9FcZfn thomas@osiris"
];
};
};
extraGroups = [
"wheel"
"docker"
"libvirtd"
];
};
}; };
}; };
}; };

4
machines/niflheim/default.nix
View File

@ -12,9 +12,7 @@
]; ];
personal = { personal = {
services = { services = { };
};
}; };
system = { system = {

2
machines/services/acme.nix
View File

@ -27,7 +27,7 @@ in
certs = { certs = {
"boerger.ws" = { "boerger.ws" = {
extraDomainNames = ["*.boerger.ws"]; extraDomainNames = [ "*.boerger.ws" ];
dnsProvider = "cloudflare"; dnsProvider = "cloudflare";
credentialsFile = config.age.secrets."services/acme/credentials".path; credentialsFile = config.age.secrets."services/acme/credentials".path;
}; };

2
machines/services/media.nix
View File

@ -24,7 +24,7 @@ in
}; };
}; };
config =mkIf cfg.enable { config = mkIf cfg.enable {
users = { users = {
users = { users = {
media = { media = {

4
machines/services/nixbuild.nix
View File

@ -10,9 +10,7 @@ in
personal = { personal = {
services = { services = {
nixbuild = { nixbuild = {
enable = mkEnableOption "Nixbuild" // { enable = mkEnableOption "Nixbuild";
default = true;
};
}; };
}; };
}; };

22
machines/services/openssh.nix
View File

@ -22,7 +22,29 @@ in
services = { services = {
openssh = { openssh = {
enable = true; enable = true;
openFirewall = true;
permitRootLogin = "yes"; permitRootLogin = "yes";
ciphers = [
"chacha20-poly1305@openssh.com"
"aes256-gcm@openssh.com"
"aes256-ctr"
"aes128-gcm@openssh.com"
];
macs = [
"umac-128-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-512"
];
kexAlgorithms = [
"curve25519-sha256@libssh.org"
"diffie-hellman-group16-sha512"
"diffie-hellman-group18-sha512"
"curve25519-sha256"
];
}; };
}; };
}; };

60
machines/services/webserver.nix
View File

@ -16,28 +16,30 @@ in
description = '' description = ''
List of hosts to configure List of hosts to configure
''; '';
type = types.listOf (types.submodule { options = { type = types.listOf (types.submodule {
domain = mkOption { options = {
type = types.str; domain = mkOption {
description = "Name of the domain"; type = types.str;
description = "Name of the domain";
};
domainOptions = mkOption {
type = types.attrs;
default = { };
description = "Custom options for domain";
};
proxy = mkOption {
type = types.nullOr types.str;
default = null;
description = "Optional proxy target";
};
proxyOptions = mkOption {
type = types.str;
default = "";
description = "Custom options for proxy";
};
}; };
domainOptions = mkOption { });
type = types.attrs; default = [ ];
default = {};
description = "Custom options for domain";
};
proxy = mkOption {
type = types.nullOr types.str;
default = null;
description = "Optional proxy target";
};
proxyOptions = mkOption {
type = types.str;
default = "";
description = "Custom options for proxy";
};
}; });
default = [];
example = [{ example = [{
domain = "dummy.boerger.ws"; domain = "dummy.boerger.ws";
proxy = "http://localhost:8080"; proxy = "http://localhost:8080";
@ -107,14 +109,14 @@ in
} // (elem.domainOptions or { }); } // (elem.domainOptions or { });
}) })
config.personal.services.webserver.hosts) // { config.personal.services.webserver.hosts) // {
"${cfg.defaultDomain}" = { "${cfg.defaultDomain}" = {
useACMEHost = cfg.acmeHost; useACMEHost = cfg.acmeHost;
addSSL = true; addSSL = true;
forceSSL = false; forceSSL = false;
default = true; default = true;
globalRedirect = cfg.redirectDomain; globalRedirect = cfg.redirectDomain;
}; };
}; };
}; };
}; };

9
machines/utgard/boot.nix
View File

@ -2,7 +2,14 @@
{ {
boot = { boot = {
kernelPackages = pkgs.linuxPackages; binfmt = {
emulatedSystems = [
"aarch64-linux"
"armv6l-linux"
];
};
kernelPackages = lib.mkDefault pkgs.linuxPackages;
cleanTmpDir = true; cleanTmpDir = true;
loader = { loader = {

4
machines/vanaheim/default.nix
View File

@ -12,9 +12,7 @@
]; ];
personal = { personal = {
services = { services = { };
};
}; };
system = { system = {

7
overlays/default.nix
View File

@ -1,8 +1,3 @@
self: super: self: super:
{ { }
aws-c-common = super.aws-c-common.overrideAttrs (old: {
doCheck = false;
doInstallCheck = false;
});
}

9
profiles/thomas/default.nix
View File

@ -68,8 +68,9 @@ in
home = { home = {
homeDirectory = "/home/${username}"; homeDirectory = "/home/${username}";
sessionPath = ["$HOME/.local/bin"] sessionPath = [ "$HOME/.local/bin" ]
++ (optional desktop ["$HOME/.krew/bin" "$HOME/Golang/bin"]); ++ (optional desktop "$HOME/.krew/bin")
++ (optional desktop "$HOME/Golang/bin");
file = { file = {
".local/bin/git-gh-pages" = { ".local/bin/git-gh-pages" = {
@ -89,7 +90,7 @@ in
executable = true; executable = true;
source = ./scripts/each-dir.sh; source = ./scripts/each-dir.sh;
}; };
} // (mkIf desktop { } // (if desktop then {
".local/bin/sort-requirements" = { ".local/bin/sort-requirements" = {
executable = true; executable = true;
source = ./scripts/sort-requirements.rb; source = ./scripts/sort-requirements.rb;
@ -104,7 +105,7 @@ in
".wallpapers/tower.jpg" = { ".wallpapers/tower.jpg" = {
source = ./wallpapers/tower.jpg; source = ./wallpapers/tower.jpg;
}; };
}); } else { });
stateVersion = "18.09"; stateVersion = "18.09";
}; };

9
shell.nix
View File

@ -1,9 +0,0 @@
{ pkgs ? import <nixpkgs> { } }:
pkgs.mkShell {
buildInputs = with pkgs; [
nixpkgs-fmt
gnumake
nixUnstable
];
}