mirror/github.com-tboerger-nixos-config
1
0
Fork 0
mirror of https://github.com/tboerger/nixos-config synced 2024-11-22 09:11:57 +01:00
Code Issues

chore: integrate deploy-rs and flake-utils

Browse Source
This commit is contained in:
Thomas Boerger 2022-09-28 13:54:01 +02:00
parent 4c0eb14f3b
commit eab90b1961
No known key found for this signature in database
GPG Key ID: 09745AFF9D63C79B
28 changed files with 607 additions and 365 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.envrc Normal file
View File

@ -0,0 +1 @@
use flake

3
.gitignore vendored
View File

@ -1 +1,4 @@
/result
.direnv
!.envrc

2
Makefile
View File

@ -6,4 +6,4 @@ update:
.PHONY: switch
switch:
sudo NIXPKGS_ALLOW_UNFREE=1 nixos-rebuild switch --impure --flake .
sudo nixos-rebuild switch --flake .

89
flake.lock
View File

@ -20,6 +20,44 @@
"type": "github"
}
},
"deployrs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1659725433,
"narHash": "sha256-1ZxuK67TL29YLw88vQ18Y2Y6iYg8Jb7I6/HVzmNB6nM=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "41f15759dd8b638e7b4f299730d94d5aa46ab7eb",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1648199409,
"narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "64a525ee38886ab9028e6f61790de0832aa3ef03",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"hardware": {
"locked": {
"lastModified": 1663229557,
@ -57,22 +95,6 @@
"type": "github"
}
},
"master": {
"locked": {
"lastModified": 1664309664,
"narHash": "sha256-IZyGnYhG3vQn+INnaoWnzIhCwatNuu78c42n2epiPlo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "dcdadc49350ee51d7c18da01db0e59c11a0da431",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1664178928,
@ -107,12 +129,13 @@
"root": {
"inputs": {
"agenix": "agenix",
"deployrs": "deployrs",
"hardware": "hardware",
"homemanager": "homemanager",
"master": "master",
"nixpkgs": "nixpkgs",
"nur": "nur",
"unstable": "unstable"
"unstable": "unstable",
"utils": "utils_2"
}
},
"unstable": {
@ -130,6 +153,36 @@
"repo": "nixpkgs",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1648297722,
"narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_2": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",

528
flake.nix
View File

@ -6,10 +6,6 @@
url = "github:nixos/nixpkgs/nixos-22.05";
};
master = {
url = "github:nixos/nixpkgs/master";
};
unstable = {
url = "github:nixos/nixpkgs/nixos-unstable";
};
@ -22,6 +18,15 @@
url = "github:nix-community/NUR";
};
utils = {
url = "github:numtide/flake-utils";
};
deployrs = {
url = "github:serokell/deploy-rs";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
@ -33,71 +38,230 @@
};
};
outputs = { self, nur, ... }@inputs:
outputs = { self, nixpkgs, unstable, hardware, nur, utils, deployrs, agenix, homemanager, ... }@inputs:
let
overlay-master = final: prev: {
master = inputs.master.legacyPackages.${prev.system};
};
overlay-unstable = final: prev: {
unstable = inputs.unstable.legacyPackages.${prev.system};
};
sharedNixosConfiguration = { config, pkgs, ... }: {
nix = {
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
'';
binaryCaches = [
"https://cache.nixos.org"
"https://nix-community.cachix.org"
"https://nixpkgs.cachix.org"
"https://tboerger.cachix.org"
"https://thefloweringash-armv7.cachix.org"
];
binaryCachePublicKeys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixpkgs.cachix.org-1:q91R6hxbwFvDqTSDKwDAV4T5PxqXGxswD8vhONFMeOE="
"tboerger.cachix.org-1:3Q1gyqgA9NsOshOgknDvc6fhA8gw0PFAf2qs5vJpeLU="
"thefloweringash-armv7.cachix.org-1:v+5yzBD2odFKeXbmC+OPWVqx4WVoIVO6UXgnSAWFtso="
];
gc = {
automatic = true;
persistent = true;
dates = "weekly";
options = "--delete-older-than 2w";
};
};
nixpkgs = {
config = {
allowUnfree = true;
};
overlays = [
self.overlay
nur.overlay
overlay-master
overlay-unstable
];
unstable-overlay = final: prev: {
unstable = import unstable {
system = prev.system;
config.allowUnfree = true;
};
};
in
{
overlay = import ./overlays;
nixosConfigurations = {
rpi1 = inputs.nixpkgs.lib.nixosSystem {
system = "armv7l-linux";
chnum = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix"
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import nixpkgs { system = "x86_64-linux"; };
};
in
{
imports = [
nur-no-pkgs.repos.tboerger.modules
];
nixpkgs = {
overlays = [
(import ./overlays)
nur.overlay
unstable-overlay
];
};
})
homemanager.nixosModules.home-manager
agenix.nixosModules.age
./machines/chnum
./profiles/thomas
];
specialArgs = {
inherit inputs;
};
};
midgard = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import nixpkgs { system = "aarch64-linux"; };
};
in
{
imports = [
nur-no-pkgs.repos.tboerger.modules
];
nixpkgs = {
overlays = [
(import ./overlays)
nur.overlay
unstable-overlay
];
};
})
hardware.nixosModules.raspberry-pi-4
homemanager.nixosModules.home-manager
agenix.nixosModules.age
./machines/midgard
./profiles/thomas
];
specialArgs = {
inherit inputs;
};
};
vanaheim = nixpkgs.lib.nixosSystem {
system = "armv6l-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import nixpkgs { system = "armv6l-linux"; };
};
in
{
imports = [
nur-no-pkgs.repos.tboerger.modules
];
nixpkgs = {
overlays = [
(import ./overlays)
nur.overlay
unstable-overlay
];
};
})
homemanager.nixosModules.home-manager
agenix.nixosModules.age
./machines/vanaheim
./profiles/thomas
];
specialArgs = {
inherit inputs;
};
};
niflheim = nixpkgs.lib.nixosSystem {
system = "armv6l-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import nixpkgs { system = "armv6l-linux"; };
};
in
{
imports = [
nur-no-pkgs.repos.tboerger.modules
];
nixpkgs = {
overlays = [
(import ./overlays)
nur.overlay
unstable-overlay
];
};
})
homemanager.nixosModules.home-manager
agenix.nixosModules.age
./machines/niflheim
./profiles/thomas
];
specialArgs = {
inherit inputs;
};
};
utgard = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import nixpkgs { system = "x86_64-linux"; };
};
in
{
imports = [
nur-no-pkgs.repos.tboerger.modules
];
nixpkgs = {
overlays = [
(import ./overlays)
nur.overlay
unstable-overlay
];
};
nixpkgs.config.allowUnfree = true;
})
homemanager.nixosModules.home-manager
agenix.nixosModules.age
./machines/utgard
./profiles/thomas
];
specialArgs = {
inherit inputs;
};
};
asgard = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import nixpkgs { system = "x86_64-linux"; };
};
in
{
imports = [
nur-no-pkgs.repos.tboerger.modules
];
nixpkgs = {
overlays = [
(import ./overlays)
nur.overlay
unstable-overlay
];
};
})
homemanager.nixosModules.home-manager
agenix.nixosModules.age
./machines/asgard
./profiles/thomas
];
specialArgs = {
inherit inputs;
};
};
rpi1 = nixpkgs.lib.nixosSystem {
system = "armv6l-linux";
modules = [
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix"
{
nixpkgs = {
config = {
@ -105,12 +269,8 @@
allowUnfree = true;
};
overlays = [
self.overlay
];
crossSystem = {
system = "armv7l-linux";
system = "armv6l-linux";
};
};
@ -121,11 +281,11 @@
];
};
rpi4 = inputs.nixpkgs.lib.nixosSystem {
rpi4 = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix"
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix"
{
nixpkgs = {
config = {
@ -133,10 +293,6 @@
allowUnfree = true;
};
overlays = [
self.overlay
];
crossSystem = {
system = "aarch64-linux";
};
@ -148,148 +304,102 @@
}
];
};
utgard = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import inputs.nixpkgs { system = "x86_64-linux"; };
};
in {
imports = [
nur-no-pkgs.repos.tboerger.modules
];
})
inputs.homemanager.nixosModules.home-manager
inputs.agenix.nixosModules.age
sharedNixosConfiguration
./machines/utgard
./profiles/thomas
];
specialArgs = {
inherit inputs;
};
};
asgard = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import inputs.nixpkgs { system = "x86_64-linux"; };
};
in {
imports = [
nur-no-pkgs.repos.tboerger.modules
];
})
inputs.homemanager.nixosModules.home-manager
inputs.agenix.nixosModules.age
sharedNixosConfiguration
./machines/asgard
./profiles/thomas
];
specialArgs = {
inherit inputs;
};
};
midgard = inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import inputs.nixpkgs { system = "aarch64-linux"; };
};
in {
imports = [
nur-no-pkgs.repos.tboerger.modules
];
})
inputs.hardware.nixosModules.raspberry-pi-4
inputs.homemanager.nixosModules.home-manager
inputs.agenix.nixosModules.age
sharedNixosConfiguration
./machines/midgard
./profiles/thomas
];
specialArgs = {
inherit inputs;
};
};
vanaheim = inputs.nixpkgs.lib.nixosSystem {
system = "armv7l-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import inputs.nixpkgs { system = "armv7l-linux"; };
};
in {
imports = [
nur-no-pkgs.repos.tboerger.modules
];
})
inputs.homemanager.nixosModules.home-manager
inputs.agenix.nixosModules.age
sharedNixosConfiguration
./machines/vanaheim
./profiles/thomas
];
specialArgs = {
inherit inputs;
};
};
niflheim = inputs.nixpkgs.lib.nixosSystem {
system = "armv7l-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import inputs.nixpkgs { system = "armv7l-linux"; };
};
in {
imports = [
nur-no-pkgs.repos.tboerger.modules
];
})
inputs.homemanager.nixosModules.home-manager
inputs.agenix.nixosModules.age
sharedNixosConfiguration
./machines/niflheim
./profiles/thomas
];
specialArgs = {
inherit inputs;
};
};
};
chnum = self.nixosConfigurations.chnum.config.system.build.toplevel;
midgard = self.nixosConfigurations.midgard.config.system.build.toplevel;
vanaheim = self.nixosConfigurations.vanaheim.config.system.build.toplevel;
niflheim = self.nixosConfigurations.niflheim.config.system.build.toplevel;
utgard = self.nixosConfigurations.utgard.config.system.build.toplevel;
asgard = self.nixosConfigurations.asgard.config.system.build.toplevel;
images = {
rpi1 = self.nixosConfigurations.rpi1.config.system.build.sdImage;
rpi4 = self.nixosConfigurations.rpi4.config.system.build.sdImage;
};
utgard = self.nixosConfigurations.utgard.config.system.build.toplevel;
asgard = self.nixosConfigurations.asgard.config.system.build.toplevel;
midgard = self.nixosConfigurations.midgard.config.system.build.toplevel;
vanaheim = self.nixosConfigurations.vanaheim.config.system.build.toplevel;
niflheim = self.nixosConfigurations.niflheim.config.system.build.toplevel;
};
deploy = {
nodes = {
midgard = {
sshOpts = [ "-p" "22" ];
hostname = "192.168.1.5";
fastConnection = true;
profiles.system = {
sshUser = "thomas";
user = "root";
path = deployrs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.midgard;
};
};
vanaheim = {
sshOpts = [ "-p" "22" ];
hostname = "192.168.1.6";
fastConnection = true;
profiles.system = {
sshUser = "thomas";
user = "root";
path = deployrs.lib.armv6l-linux.activate.nixos self.nixosConfigurations.vanaheim;
};
};
niflheim = {
sshOpts = [ "-p" "22" ];
hostname = "192.168.1.7";
fastConnection = true;
profiles.system = {
sshUser = "thomas";
user = "root";
path = deployrs.lib.armv6l-linux.activate.nixos self.nixosConfigurations.niflheim;
};
};
asgard = {
sshOpts = [ "-p" "22" ];
hostname = "192.168.1.10";
fastConnection = true;
profiles.system = {
sshUser = "thomas";
user = "root";
path = deployrs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.asgard;
};
};
utgard = {
sshOpts = [ "-p" "22" ];
hostname = "192.168.1.11";
fastConnection = true;
profiles.system = {
sshUser = "thomas";
user = "root";
path = deployrs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.utgard;
};
};
};
};
checks = builtins.mapAttrs
(system: deployLib: deployLib.deployChecks self.deploy)
deployrs.lib;
} // utils.lib.eachDefaultSystem (system:
let
pkgs = nixpkgs.legacyPackages.${system};
in
{
devShell = pkgs.mkShell {
buildInputs = with pkgs; [
agenix.defaultPackage.${system}
deployrs.defaultPackage.${system}
nixpkgs-fmt
gnumake
nixUnstable
];
};
}
);
}

9
machines/asgard/boot.nix
View File

@ -2,7 +2,14 @@
{
boot = {
kernelPackages = pkgs.linuxPackages;
binfmt = {
emulatedSystems = [
"aarch64-linux"
"armv6l-linux"
];
};
kernelPackages = lib.mkDefault pkgs.linuxPackages;
cleanTmpDir = true;
loader = {

4
machines/asgard/default.nix
View File

@ -12,9 +12,7 @@
];
personal = {
services = {
};
services = { };
};
system = {

9
machines/chnum/boot.nix
View File

@ -2,7 +2,14 @@
{
boot = {
kernelPackages = pkgs.linuxPackages;
binfmt = {
emulatedSystems = [
"aarch64-linux"
"armv6l-linux"
];
};
kernelPackages = lib.mkDefault pkgs.linuxPackages;
cleanTmpDir = true;
loader = {

9
machines/chnum/default.nix
View File

@ -16,21 +16,12 @@
desktop = {
enable = true;
};
develop = {
enable = true;
};
docker = {
enable = true;
};
kube = {
enable = true;
};
libvirt = {
enable = true;
};
minecraft = {
enable = true;
};
};
};

14
machines/chnum/filesystems.nix
View File

@ -4,12 +4,14 @@
boot = {
initrd = {
luks = {
devices = [{
name = "luks";
device = "/dev/disk/by-label/data";
preLVM = true;
allowDiscards = true;
}];
devices = {
luks = {
name = "luks";
device = "/dev/disk/by-label/data";
preLVM = true;
allowDiscards = true;
};
};
};
};
};

1
machines/midgard/boot.nix
View File

@ -2,7 +2,6 @@
{
boot = {
kernelPackages = lib.mkDefault pkgs.linuxPackages_rpi4;
cleanTmpDir = true;
};
}

4
machines/midgard/default.nix
View File

@ -12,9 +12,7 @@
];
personal = {
services = {
};
services = { };
};
system = {

1
machines/modules/default.nix
View File

@ -5,6 +5,7 @@ with lib;
imports = [
./frpc.nix
./network.nix
./nixpkgs.nix
./prowlarr.nix
./shells.nix
./sudo.nix

43
machines/modules/nixpkgs.nix Normal file
View File

@ -0,0 +1,43 @@
{ pkgs, lib, config, options, ... }:
with lib;
{
config = {
nix = {
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
'';
binaryCaches = [
"https://cache.nixos.org"
"https://nix-community.cachix.org"
"https://nixpkgs.cachix.org"
"https://tboerger.cachix.org"
"https://arm.cachix.org"
];
binaryCachePublicKeys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixpkgs.cachix.org-1:q91R6hxbwFvDqTSDKwDAV4T5PxqXGxswD8vhONFMeOE="
"tboerger.cachix.org-1:3Q1gyqgA9NsOshOgknDvc6fhA8gw0PFAf2qs5vJpeLU="
"arm.cachix.org-1:K3XjAeWPgWkFtSS9ge5LJSLw3xgnNqyOaG7MDecmTQ8="
];
gc = {
automatic = true;
persistent = true;
dates = "weekly";
options = "--delete-older-than 2w";
};
};
nixpkgs = {
config = {
allowUnfree = true;
};
};
};
}

2
machines/modules/tools.nix
View File

@ -23,8 +23,6 @@ with lib;
vim
wget
yq
inputs.agenix.defaultPackage.${system}
];
};
};

103
machines/modules/unpackerr.nix
View File

@ -209,7 +209,7 @@ in
extraConfig = mkOption {
type = types.attrs;
default = {};
default = { };
description = ''
Extra environment variables
'';
@ -242,61 +242,62 @@ in
after = [ "network.target" ];
description = "unpackerr system service";
# Filter out all unset variables else unpackerr complains
environment = filterAttrs (n: v: stringLength v > 0) {
# General options
UN_DEBUG = "${toString cfg.debug}";
UN_INTERVAL = "${cfg.interval}";
UN_START_DELAY = "${cfg.startDelay}";
UN_RETRY_DELAY = "${cfg.retryDelay}";
UN_MAX_RETRIES = "${toString cfg.maxRetries}";
UN_PARALLEL = "${toString cfg.parallel}";
UN_FILE_MODE = "${cfg.fileMode}";
UN_DIR_MODE = "${cfg.dirMode}";
environment = filterAttrs (n: v: stringLength v > 0)
{
# General options
UN_DEBUG = "${toString cfg.debug}";
UN_INTERVAL = "${cfg.interval}";
UN_START_DELAY = "${cfg.startDelay}";
UN_RETRY_DELAY = "${cfg.retryDelay}";
UN_MAX_RETRIES = "${toString cfg.maxRetries}";
UN_PARALLEL = "${toString cfg.parallel}";
UN_FILE_MODE = "${cfg.fileMode}";
UN_DIR_MODE = "${cfg.dirMode}";
# Sonarr
UN_SONARR_0_URL = "${cfg.sonarr.url}";
UN_SONARR_0_API_KEY = "${cfg.sonarr.apiKey}";
UN_SONARR_0_PATHS_0 = "${cfg.sonarr.paths}";
UN_SONARR_0_PROTOCOLS = "${cfg.sonarr.protocols}";
UN_SONARR_0_TIMEOUT = "${cfg.sonarr.timeout}";
UN_SONARR_0_DELETE_ORIG = "${toString cfg.sonarr.deleteOrginal}";
UN_SONARR_0_DELETE_DELAY = "${cfg.sonarr.deleteDelay}";
# Sonarr
UN_SONARR_0_URL = "${cfg.sonarr.url}";
UN_SONARR_0_API_KEY = "${cfg.sonarr.apiKey}";
UN_SONARR_0_PATHS_0 = "${cfg.sonarr.paths}";
UN_SONARR_0_PROTOCOLS = "${cfg.sonarr.protocols}";
UN_SONARR_0_TIMEOUT = "${cfg.sonarr.timeout}";
UN_SONARR_0_DELETE_ORIG = "${toString cfg.sonarr.deleteOrginal}";
UN_SONARR_0_DELETE_DELAY = "${cfg.sonarr.deleteDelay}";
# Radarr
UN_RADARR_0_URL = "${cfg.radarr.url}";
UN_RADARR_0_API_KEY = "${cfg.radarr.apiKey}";
UN_RADARR_0_PATHS_0 = "${cfg.radarr.paths}";
UN_RADARR_0_PROTOCOLS = "${cfg.radarr.protocols}";
UN_RADARR_0_TIMEOUT = "${cfg.radarr.timeout}";
UN_RADARR_0_DELETE_ORIG = "${toString cfg.radarr.deleteOrginal}";
UN_RADARR_0_DELETE_DELAY = "${cfg.radarr.deleteDelay}";
# Radarr
UN_RADARR_0_URL = "${cfg.radarr.url}";
UN_RADARR_0_API_KEY = "${cfg.radarr.apiKey}";
UN_RADARR_0_PATHS_0 = "${cfg.radarr.paths}";
UN_RADARR_0_PROTOCOLS = "${cfg.radarr.protocols}";
UN_RADARR_0_TIMEOUT = "${cfg.radarr.timeout}";
UN_RADARR_0_DELETE_ORIG = "${toString cfg.radarr.deleteOrginal}";
UN_RADARR_0_DELETE_DELAY = "${cfg.radarr.deleteDelay}";
# Lidarr
UN_LIDARR_0_URL = "${cfg.lidarr.url}";
UN_LIDARR_0_API_KEY = "${cfg.lidarr.apiKey}";
UN_LIDARR_0_PATHS_0 = "${cfg.lidarr.paths}";
UN_LIDARR_0_PROTOCOLS = "${cfg.lidarr.protocols}";
UN_LIDARR_0_TIMEOUT = "${cfg.lidarr.timeout}";
UN_LIDARR_0_DELETE_ORIG = "${toString cfg.lidarr.deleteOrginal}";
UN_LIDARR_0_DELETE_DELAY = "${cfg.lidarr.deleteDelay}";
# Lidarr
UN_LIDARR_0_URL = "${cfg.lidarr.url}";
UN_LIDARR_0_API_KEY = "${cfg.lidarr.apiKey}";
UN_LIDARR_0_PATHS_0 = "${cfg.lidarr.paths}";
UN_LIDARR_0_PROTOCOLS = "${cfg.lidarr.protocols}";
UN_LIDARR_0_TIMEOUT = "${cfg.lidarr.timeout}";
UN_LIDARR_0_DELETE_ORIG = "${toString cfg.lidarr.deleteOrginal}";
UN_LIDARR_0_DELETE_DELAY = "${cfg.lidarr.deleteDelay}";
# Readarr
UN_READARR_0_URL = "${cfg.readarr.url}";
UN_READARR_0_API_KEY = "${cfg.readarr.apiKey}";
UN_READARR_0_PATHS_0 = "${cfg.readarr.paths}";
UN_READARR_0_PROTOCOLS = "${cfg.readarr.protocols}";
UN_READARR_0_TIMEOUT = "${cfg.readarr.timeout}";
UN_READARR_0_DELETE_ORIG = "${toString cfg.readarr.deleteOrginal}";
UN_READARR_0_DELETE_DELAY = "${cfg.readarr.deleteDelay}";
# Readarr
UN_READARR_0_URL = "${cfg.readarr.url}";
UN_READARR_0_API_KEY = "${cfg.readarr.apiKey}";
UN_READARR_0_PATHS_0 = "${cfg.readarr.paths}";
UN_READARR_0_PROTOCOLS = "${cfg.readarr.protocols}";
UN_READARR_0_TIMEOUT = "${cfg.readarr.timeout}";
UN_READARR_0_DELETE_ORIG = "${toString cfg.readarr.deleteOrginal}";
UN_READARR_0_DELETE_DELAY = "${cfg.readarr.deleteDelay}";
# Folder
UN_FOLDER_0_PATH = "${cfg.folder.path}";
UN_FOLDER_0_EXTRACT_PATH = "${cfg.folder.extractPath}";
UN_FOLDER_0_DELETE_AFTER = "${cfg.folder.deleteAfter}";
UN_FOLDER_0_DELETE_ORIGINAL = "${toString cfg.folder.deleteOrginal}";
UN_FOLDER_0_DELETE_FILES = "${toString cfg.folder.deleteFiles}";
UN_FOLDER_0_MOVE_BACK = "${toString cfg.folder.moveBack}";
} // cfg.extraConfig;
# Folder
UN_FOLDER_0_PATH = "${cfg.folder.path}";
UN_FOLDER_0_EXTRACT_PATH = "${cfg.folder.extractPath}";
UN_FOLDER_0_DELETE_AFTER = "${cfg.folder.deleteAfter}";
UN_FOLDER_0_DELETE_ORIGINAL = "${toString cfg.folder.deleteOrginal}";
UN_FOLDER_0_DELETE_FILES = "${toString cfg.folder.deleteFiles}";
UN_FOLDER_0_MOVE_BACK = "${toString cfg.folder.moveBack}";
} // cfg.extraConfig;
serviceConfig = {
User = cfg.user;
Group = cfg.group;

18
machines/modules/users.nix
View File

@ -19,6 +19,24 @@ with lib;
};
};
};
admin = {
shell = pkgs.zsh;
isNormalUser = true;
uid = 1337;
hashedPassword = "$6$yuwsoikF5utqohar$fdcvq0iXdmiioiRyBGeVZICzQm4nKlv6.pj9AWh13VRCsE07dN9StDnXV0aslIBb0SWRFC4dY5Um2MYiAMfmH0";
openssh = {
authorizedKeys = {
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINaQYR0/Oj6k1H03kshz2J7rlGCaDSuaGPhhOs9FcZfn thomas@osiris"
];
};
};
extraGroups = [
"wheel"
"docker"
"libvirtd"
];
};
};
};
};

4
machines/niflheim/default.nix
View File

@ -12,9 +12,7 @@
];
personal = {
services = {
};
services = { };
};
system = {

2
machines/services/acme.nix
View File

@ -27,7 +27,7 @@ in
certs = {
"boerger.ws" = {
extraDomainNames = ["*.boerger.ws"];
extraDomainNames = [ "*.boerger.ws" ];
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets."services/acme/credentials".path;
};

2
machines/services/media.nix
View File

@ -24,7 +24,7 @@ in
};
};
config =mkIf cfg.enable {
config = mkIf cfg.enable {
users = {
users = {
media = {

4
machines/services/nixbuild.nix
View File

@ -10,9 +10,7 @@ in
personal = {
services = {
nixbuild = {
enable = mkEnableOption "Nixbuild" // {
default = true;
};
enable = mkEnableOption "Nixbuild";
};
};
};

22
machines/services/openssh.nix
View File

@ -22,7 +22,29 @@ in
services = {
openssh = {
enable = true;
openFirewall = true;
permitRootLogin = "yes";
ciphers = [
"chacha20-poly1305@openssh.com"
"aes256-gcm@openssh.com"
"aes256-ctr"
"aes128-gcm@openssh.com"
];
macs = [
"umac-128-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-512"
];
kexAlgorithms = [
"curve25519-sha256@libssh.org"
"diffie-hellman-group16-sha512"
"diffie-hellman-group18-sha512"
"curve25519-sha256"
];
};
};
};

60
machines/services/webserver.nix
View File

@ -16,28 +16,30 @@ in
description = ''
List of hosts to configure
'';
type = types.listOf (types.submodule { options = {
domain = mkOption {
type = types.str;
description = "Name of the domain";
type = types.listOf (types.submodule {
options = {
domain = mkOption {
type = types.str;
description = "Name of the domain";
};
domainOptions = mkOption {
type = types.attrs;
default = { };
description = "Custom options for domain";
};
proxy = mkOption {
type = types.nullOr types.str;
default = null;
description = "Optional proxy target";
};
proxyOptions = mkOption {
type = types.str;
default = "";
description = "Custom options for proxy";
};
};
domainOptions = mkOption {
type = types.attrs;
default = {};
description = "Custom options for domain";
};
proxy = mkOption {
type = types.nullOr types.str;
default = null;
description = "Optional proxy target";
};
proxyOptions = mkOption {
type = types.str;
default = "";
description = "Custom options for proxy";
};
}; });
default = [];
});
default = [ ];
example = [{
domain = "dummy.boerger.ws";
proxy = "http://localhost:8080";
@ -107,14 +109,14 @@ in
} // (elem.domainOptions or { });
})
config.personal.services.webserver.hosts) // {
"${cfg.defaultDomain}" = {
useACMEHost = cfg.acmeHost;
addSSL = true;
forceSSL = false;
default = true;
globalRedirect = cfg.redirectDomain;
};
};
"${cfg.defaultDomain}" = {
useACMEHost = cfg.acmeHost;
addSSL = true;
forceSSL = false;
default = true;
globalRedirect = cfg.redirectDomain;
};
};
};
};

9
machines/utgard/boot.nix
View File

@ -2,7 +2,14 @@
{
boot = {
kernelPackages = pkgs.linuxPackages;
binfmt = {
emulatedSystems = [
"aarch64-linux"
"armv6l-linux"
];
};
kernelPackages = lib.mkDefault pkgs.linuxPackages;
cleanTmpDir = true;
loader = {

4
machines/vanaheim/default.nix
View File

@ -12,9 +12,7 @@
];
personal = {
services = {
};
services = { };
};
system = {

7
overlays/default.nix
View File

@ -1,8 +1,3 @@
self: super:
{
aws-c-common = super.aws-c-common.overrideAttrs (old: {
doCheck = false;
doInstallCheck = false;
});
}
{ }

9
profiles/thomas/default.nix
View File

@ -68,8 +68,9 @@ in
home = {
homeDirectory = "/home/${username}";
sessionPath = ["$HOME/.local/bin"]
++ (optional desktop ["$HOME/.krew/bin" "$HOME/Golang/bin"]);
sessionPath = [ "$HOME/.local/bin" ]
++ (optional desktop "$HOME/.krew/bin")
++ (optional desktop "$HOME/Golang/bin");
file = {
".local/bin/git-gh-pages" = {
@ -89,7 +90,7 @@ in
executable = true;
source = ./scripts/each-dir.sh;
};
} // (mkIf desktop {
} // (if desktop then {
".local/bin/sort-requirements" = {
executable = true;
source = ./scripts/sort-requirements.rb;
@ -104,7 +105,7 @@ in
".wallpapers/tower.jpg" = {
source = ./wallpapers/tower.jpg;
};
});
} else { });
stateVersion = "18.09";
};

9
shell.nix
View File

@ -1,9 +0,0 @@
{ pkgs ? import <nixpkgs> { } }:
pkgs.mkShell {
buildInputs = with pkgs; [
nixpkgs-fmt
gnumake
nixUnstable
];
}