mirror of
https://git.oat.zone/dark-firepit/dotfiles
synced 2024-05-08 21:36:10 +02:00
Compare commits
5 Commits
4f97f5d72f
...
dc5b534a36
Author | SHA1 | Date | |
---|---|---|---|
Jill "oatmealine" Monoids | dc5b534a36 | ||
Jill "oatmealine" Monoids | b8bb13f19a | ||
Jill "oatmealine" Monoids | 1cb35a78d2 | ||
Jill "oatmealine" Monoids | 2941b52caf | ||
Jill "oatmealine" Monoids | 898712f412 |
16
README.md
16
README.md
|
@ -1,23 +1,23 @@
|
|||
# Frosted Flakes
|
||||
|
||||
Nix Flake dotfiles shared across a [few hosts](./hosts/). Most development here will go into the [`dark-firepit`](https://dark-firepit.cloud/) host, however.
|
||||
Nix Flake dotfiles shared across a [few hosts](./hosts/). Most development here will go into the [`lucent-firepit`](https://dark-firepit.cloud/) host, however.
|
||||
|
||||
## Development
|
||||
|
||||
_Commands here will use `dark-firepit`-based paths and names as an example_
|
||||
_Commands here will use `lucent-firepit`-based paths and names as an example_
|
||||
|
||||
- To build the system (doesn't apply changes):
|
||||
```sh
|
||||
nixos-rebuild build --upgrade --impure --flake /etc/dotfiles#dark-firepit
|
||||
nixos-rebuild build --upgrade --impure --flake /etc/dotfiles#lucent-firepit
|
||||
```
|
||||
- To build & switch to a new system (applies changes):
|
||||
```sh
|
||||
doas nixos-rebuild switch --impure --upgrade --flake /etc/dotfiles#dark-firepit
|
||||
doas nixos-rebuild switch --impure --upgrade --flake /etc/dotfiles#lucent-firepit
|
||||
```
|
||||
|
||||
### `dark-firepit`
|
||||
### `lucent-firepit`
|
||||
|
||||
Things here mostly only apply to the [`dark-firepit`](https://dark-firepit.cloud/) host.
|
||||
Things here mostly only apply to the [`lucent-firepit`](https://dark-firepit.cloud/) host.
|
||||
|
||||
#### Adding modules
|
||||
|
||||
|
@ -26,7 +26,7 @@ Generally when adding modules (even those pulled from `nixpkgs`) you'd want to:
|
|||
1. Create a new module under `modules/services/`; `gitea.nix` and `nitter.nix` are pretty okay examples of what to do
|
||||
2. **`git add .`** or else Nix will act clueless about everything you've just done
|
||||
3. Set it to enabled, set port, domain, etc. in `hosts/.../default.nix` or wherever else is more appropriate
|
||||
- For webapps, follow what's done in `hosts/dark-firepit/webapps/default.nix`; if you're doing something bigger, it may be worth abstracting into a seperate file
|
||||
- For webapps, follow what's done in `hosts/lucent-firepit/webapps/default.nix`; if you're doing something bigger, it may be worth abstracting into a seperate file
|
||||
4. Rebuild/switch to the new system (as described [above](#development))
|
||||
|
||||
#### `yugoslavia-best.nix`
|
||||
|
@ -43,4 +43,4 @@ This can be done directly on the server (as long as you have the `dotfiles` grou
|
|||
|
||||
If you encounter permission funnies, don't hesitate to `doas` your way into `chmod`dding/`chown`ing files as necessary; directories should be `775` and files should be `664`, however we've yet to figure out how to consistently enforce this across the directory.
|
||||
|
||||
Be sure to commit regularly to prevent [tons of](https://git.oat.zone/dark-firepit/dotfiles/commit/021fab40f7f815708d4cf918ec0ac0bd16c0bc8f) [densely packed](https://git.oat.zone/dark-firepit/dotfiles/commit/07f9ac6a9ee53f6689a5f8ee87b94b96a409c375) [undocumented commits](https://git.oat.zone/dark-firepit/dotfiles/commit/9da0a143ae392ec7f8abc731e8c245f29b55e685) building up after noone bothers to commit anything.
|
||||
Be sure to commit regularly to prevent [tons of](https://git.oat.zone/dark-firepit/dotfiles/commit/021fab40f7f815708d4cf918ec0ac0bd16c0bc8f) [densely packed](https://git.oat.zone/dark-firepit/dotfiles/commit/07f9ac6a9ee53f6689a5f8ee87b94b96a409c375) [undocumented commits](https://git.oat.zone/dark-firepit/dotfiles/commit/9da0a143ae392ec7f8abc731e8c245f29b55e685) building up after noone bothers to commit anything.
|
||||
|
|
|
@ -29,11 +29,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1682879948,
|
||||
"narHash": "sha256-NgBopIk1VmUzanIPSjuxLKE/aypv+c3Un3LXA9Br4R8=",
|
||||
"lastModified": 1684380187,
|
||||
"narHash": "sha256-/nwpAHkr5ZOny15TE8LSJsfRZMO6b6ca/RjKoQ7vLjA=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "f14813c88fcf33258def997d35476be87c89be7f",
|
||||
"revCount": 4,
|
||||
"rev": "9ebfff450e5694eafa3a32a9f1d261b3a878b7bf",
|
||||
"revCount": 15,
|
||||
"type": "git",
|
||||
"url": "https://git.oat.zone/oat/cohost-blogger"
|
||||
},
|
||||
|
|
|
@ -36,4 +36,9 @@
|
|||
{ hostname = "lilith@bms-cab";
|
||||
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFb9uVy1x4XaO1uFOQBuERy6xw8cf7Dh24UT0jJs7g3z lilith@bms-cab";
|
||||
}
|
||||
|
||||
# marco
|
||||
{ hostname = "marco@the-flesh-portal";
|
||||
wg = "mttUSatpYdEOmHqnzo7HdhuvTkMpz1Np8kMtsIz6nTY=";
|
||||
}
|
||||
]
|
||||
|
|
|
@ -4,6 +4,8 @@ let
|
|||
keys = import ./authorizedKeys.nix;
|
||||
fetchSSH = (host: lib._.getSSH host keys);
|
||||
fetchSSHKeys = map fetchSSH;
|
||||
|
||||
agenixPkg = inputs.agenix.packages.${pkgs.system}.default;
|
||||
in {
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
|
@ -56,7 +58,7 @@ in {
|
|||
# oatmealine ?? is that a reference to jill oatmealine monoids from the beloved videogame franchise "oateamelin jill monoids???" .oat. zone??? from va11hall-a??? video game???? woman????? minecraft???????
|
||||
oatmealine = {
|
||||
conf = {
|
||||
packages = with pkgs; [ bat tmux micro direnv nix-direnv ripgrep ];
|
||||
packages = with pkgs; [ bat tmux micro direnv nix-direnv ripgrep agenixPkg ];
|
||||
shell = pkgs.unstable.fish;
|
||||
extraGroups = [ "wheel" "nix-users" "dotfiles" "yugoslavia" ];
|
||||
initialHashedPassword = "!";
|
||||
|
@ -68,6 +70,7 @@ in {
|
|||
|
||||
homeConf.home = {
|
||||
sessionVariables = {
|
||||
#EDITOR = lib.trace (lib.readFile age.secrets.huge-furry-cock.path) "micro";
|
||||
EDITOR = "micro";
|
||||
NIX_REMOTE = "daemon";
|
||||
};
|
||||
|
|
Binary file not shown.
|
@ -1,6 +1,9 @@
|
|||
let
|
||||
keys = import ../authorizedKeys.nix;
|
||||
|
||||
"subsurface.aether" = keys."aether@subsurface".ssh;
|
||||
in
|
||||
{}
|
||||
userKeys = builtins.catAttrs "ssh" (import ../authorizedKeys.nix);
|
||||
systemKeys = [
|
||||
# /etc/ssh/ssh_host_ed25519_key.pub
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHp0gLv1FiavpvnXinySlZsWrNkAzo4c8GWvN2WRhQqn root@lucent-firepit"
|
||||
];
|
||||
in {
|
||||
"huge-furry-cock.age".publicKeys = userKeys ++ systemKeys;
|
||||
}
|
||||
|
|
|
@ -8,17 +8,24 @@ let
|
|||
secretsDir = "${toString ../hosts}/${config.networking.hostName}/secrets";
|
||||
secretsFile = "${secretsDir}/secrets.nix";
|
||||
in {
|
||||
imports = [ agenix.nixosModules.age ];
|
||||
#environment.systemPackages = [ agenix.defaultPackage.x86_64-linux ];
|
||||
imports = [ agenix.nixosModules.default ];
|
||||
|
||||
age = {
|
||||
secrets = mkMerge (map (x: {"x".file = "${secretsDir}/${x}";}) (attrNames (import secretsFile)));
|
||||
identityPaths = options.age.identityPaths.default ++ (foldr (l: r: l ++ r) [] (map (user:
|
||||
age = let
|
||||
# ugly, lazy, but works
|
||||
users = map (user: "/home/${user}/.ssh") (attrNames (readDir "/home/"));
|
||||
|
||||
usersWithKeys = filter (path: pathExists path) users;
|
||||
|
||||
userIdentityPaths = concatLists (map (keysPath:
|
||||
let
|
||||
d = "/home/${user}/.ssh";
|
||||
fs = map (f: d + "/" + f)
|
||||
(filter (f: (f != "known_hosts") && (f != "*.old"))
|
||||
(attrNames (readDir d)));
|
||||
in fs) (attrNames config.defaultUsers)));
|
||||
# find all files that are id_* and not *.pub
|
||||
# todo: maybe make a startsWith / endsWith?
|
||||
files = map (f: keysPath + "/" + f)
|
||||
(filter (f: (substring 0 3 f == "id_") && (substring (stringLength f - 4) 4 f != ".pub"))
|
||||
(attrNames (readDir keysPath)));
|
||||
in files) usersWithKeys);
|
||||
in {
|
||||
secrets = mkMerge (map (x: {"${x}".file = "${secretsDir}/${x}";}) (attrNames (import secretsFile)));
|
||||
identityPaths = options.age.identityPaths.default ++ userIdentityPaths;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -33,7 +33,7 @@ in {
|
|||
services = {
|
||||
nitter = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.nitter;
|
||||
package = pkgs.nitter;
|
||||
server = {
|
||||
address = "127.0.0.1";
|
||||
port = cfg.port;
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
self: super: {
|
||||
nitter = super.nitter.overrideAttrs (old: {
|
||||
# https://github.com/zedeus/nitter/pull/830
|
||||
version = "unstable-2023-04-16";
|
||||
src = super.fetchFromGitHub {
|
||||
owner = "PrivacyDevel";
|
||||
repo = "nitter";
|
||||
rev = "11279e2b4ff612f523380c2ff4678a056eb5c03c";
|
||||
hash = "sha256-GSBtyrrQTYRO9+XNXZsXOtnQ5QrLqmKE81RkuX/btUs=";
|
||||
};
|
||||
});
|
||||
}
|
Loading…
Reference in New Issue