1
0
Fork 0
mirror of https://git.oat.zone/dark-firepit/dotfiles synced 2024-05-08 21:36:10 +02:00

Compare commits

...

5 Commits

Author SHA1 Message Date
Jill "oatmealine" Monoids dc5b534a36 update readme 2023-05-18 06:13:53 +02:00
Jill "oatmealine" Monoids b8bb13f19a attempt to update nitter via overlay (Epic fail!) 2023-05-18 06:11:58 +02:00
Jill "oatmealine" Monoids 1cb35a78d2 attempt to get agenix to work
only missing the access step!
2023-05-18 06:11:39 +02:00
Jill "oatmealine" Monoids 2941b52caf lucent-firepit: update authorizedKeys 2023-05-18 06:10:49 +02:00
Jill "oatmealine" Monoids 898712f412 cohost-blogger: update upstream 2023-05-18 06:10:21 +02:00
9 changed files with 59 additions and 29 deletions

View File

@ -1,23 +1,23 @@
# Frosted Flakes
Nix Flake dotfiles shared across a [few hosts](./hosts/). Most development here will go into the [`dark-firepit`](https://dark-firepit.cloud/) host, however.
Nix Flake dotfiles shared across a [few hosts](./hosts/). Most development here will go into the [`lucent-firepit`](https://dark-firepit.cloud/) host, however.
## Development
_Commands here will use `dark-firepit`-based paths and names as an example_
_Commands here will use `lucent-firepit`-based paths and names as an example_
- To build the system (doesn't apply changes):
```sh
nixos-rebuild build --upgrade --impure --flake /etc/dotfiles#dark-firepit
nixos-rebuild build --upgrade --impure --flake /etc/dotfiles#lucent-firepit
```
- To build & switch to a new system (applies changes):
```sh
doas nixos-rebuild switch --impure --upgrade --flake /etc/dotfiles#dark-firepit
doas nixos-rebuild switch --impure --upgrade --flake /etc/dotfiles#lucent-firepit
```
### `dark-firepit`
### `lucent-firepit`
Things here mostly only apply to the [`dark-firepit`](https://dark-firepit.cloud/) host.
Things here mostly only apply to the [`lucent-firepit`](https://dark-firepit.cloud/) host.
#### Adding modules
@ -26,7 +26,7 @@ Generally when adding modules (even those pulled from `nixpkgs`) you'd want to:
1. Create a new module under `modules/services/`; `gitea.nix` and `nitter.nix` are pretty okay examples of what to do
2. **`git add .`** or else Nix will act clueless about everything you've just done
3. Set it to enabled, set port, domain, etc. in `hosts/.../default.nix` or wherever else is more appropriate
- For webapps, follow what's done in `hosts/dark-firepit/webapps/default.nix`; if you're doing something bigger, it may be worth abstracting into a seperate file
- For webapps, follow what's done in `hosts/lucent-firepit/webapps/default.nix`; if you're doing something bigger, it may be worth abstracting into a seperate file
4. Rebuild/switch to the new system (as described [above](#development))
#### `yugoslavia-best.nix`
@ -43,4 +43,4 @@ This can be done directly on the server (as long as you have the `dotfiles` grou
If you encounter permission funnies, don't hesitate to `doas` your way into `chmod`dding/`chown`ing files as necessary; directories should be `775` and files should be `664`, however we've yet to figure out how to consistently enforce this across the directory.
Be sure to commit regularly to prevent [tons of](https://git.oat.zone/dark-firepit/dotfiles/commit/021fab40f7f815708d4cf918ec0ac0bd16c0bc8f) [densely packed](https://git.oat.zone/dark-firepit/dotfiles/commit/07f9ac6a9ee53f6689a5f8ee87b94b96a409c375) [undocumented commits](https://git.oat.zone/dark-firepit/dotfiles/commit/9da0a143ae392ec7f8abc731e8c245f29b55e685) building up after noone bothers to commit anything.
Be sure to commit regularly to prevent [tons of](https://git.oat.zone/dark-firepit/dotfiles/commit/021fab40f7f815708d4cf918ec0ac0bd16c0bc8f) [densely packed](https://git.oat.zone/dark-firepit/dotfiles/commit/07f9ac6a9ee53f6689a5f8ee87b94b96a409c375) [undocumented commits](https://git.oat.zone/dark-firepit/dotfiles/commit/9da0a143ae392ec7f8abc731e8c245f29b55e685) building up after noone bothers to commit anything.

View File

@ -29,11 +29,11 @@
]
},
"locked": {
"lastModified": 1682879948,
"narHash": "sha256-NgBopIk1VmUzanIPSjuxLKE/aypv+c3Un3LXA9Br4R8=",
"lastModified": 1684380187,
"narHash": "sha256-/nwpAHkr5ZOny15TE8LSJsfRZMO6b6ca/RjKoQ7vLjA=",
"ref": "refs/heads/main",
"rev": "f14813c88fcf33258def997d35476be87c89be7f",
"revCount": 4,
"rev": "9ebfff450e5694eafa3a32a9f1d261b3a878b7bf",
"revCount": 15,
"type": "git",
"url": "https://git.oat.zone/oat/cohost-blogger"
},

View File

@ -36,4 +36,9 @@
{ hostname = "lilith@bms-cab";
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFb9uVy1x4XaO1uFOQBuERy6xw8cf7Dh24UT0jJs7g3z lilith@bms-cab";
}
# marco
{ hostname = "marco@the-flesh-portal";
wg = "mttUSatpYdEOmHqnzo7HdhuvTkMpz1Np8kMtsIz6nTY=";
}
]

View File

@ -4,6 +4,8 @@ let
keys = import ./authorizedKeys.nix;
fetchSSH = (host: lib._.getSSH host keys);
fetchSSHKeys = map fetchSSH;
agenixPkg = inputs.agenix.packages.${pkgs.system}.default;
in {
imports = [
./hardware-configuration.nix
@ -56,7 +58,7 @@ in {
# oatmealine ?? is that a reference to jill oatmealine monoids from the beloved videogame franchise "oateamelin jill monoids???" .oat. zone??? from va11hall-a??? video game???? woman????? minecraft???????
oatmealine = {
conf = {
packages = with pkgs; [ bat tmux micro direnv nix-direnv ripgrep ];
packages = with pkgs; [ bat tmux micro direnv nix-direnv ripgrep agenixPkg ];
shell = pkgs.unstable.fish;
extraGroups = [ "wheel" "nix-users" "dotfiles" "yugoslavia" ];
initialHashedPassword = "!";
@ -68,6 +70,7 @@ in {
homeConf.home = {
sessionVariables = {
#EDITOR = lib.trace (lib.readFile age.secrets.huge-furry-cock.path) "micro";
EDITOR = "micro";
NIX_REMOTE = "daemon";
};

Binary file not shown.

View File

@ -1,6 +1,9 @@
let
keys = import ../authorizedKeys.nix;
"subsurface.aether" = keys."aether@subsurface".ssh;
in
{}
userKeys = builtins.catAttrs "ssh" (import ../authorizedKeys.nix);
systemKeys = [
# /etc/ssh/ssh_host_ed25519_key.pub
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHp0gLv1FiavpvnXinySlZsWrNkAzo4c8GWvN2WRhQqn root@lucent-firepit"
];
in {
"huge-furry-cock.age".publicKeys = userKeys ++ systemKeys;
}

View File

@ -8,17 +8,24 @@ let
secretsDir = "${toString ../hosts}/${config.networking.hostName}/secrets";
secretsFile = "${secretsDir}/secrets.nix";
in {
imports = [ agenix.nixosModules.age ];
#environment.systemPackages = [ agenix.defaultPackage.x86_64-linux ];
imports = [ agenix.nixosModules.default ];
age = {
secrets = mkMerge (map (x: {"x".file = "${secretsDir}/${x}";}) (attrNames (import secretsFile)));
identityPaths = options.age.identityPaths.default ++ (foldr (l: r: l ++ r) [] (map (user:
age = let
# ugly, lazy, but works
users = map (user: "/home/${user}/.ssh") (attrNames (readDir "/home/"));
usersWithKeys = filter (path: pathExists path) users;
userIdentityPaths = concatLists (map (keysPath:
let
d = "/home/${user}/.ssh";
fs = map (f: d + "/" + f)
(filter (f: (f != "known_hosts") && (f != "*.old"))
(attrNames (readDir d)));
in fs) (attrNames config.defaultUsers)));
# find all files that are id_* and not *.pub
# todo: maybe make a startsWith / endsWith?
files = map (f: keysPath + "/" + f)
(filter (f: (substring 0 3 f == "id_") && (substring (stringLength f - 4) 4 f != ".pub"))
(attrNames (readDir keysPath)));
in files) usersWithKeys);
in {
secrets = mkMerge (map (x: {"${x}".file = "${secretsDir}/${x}";}) (attrNames (import secretsFile)));
identityPaths = options.age.identityPaths.default ++ userIdentityPaths;
};
}

View File

@ -33,7 +33,7 @@ in {
services = {
nitter = {
enable = true;
package = pkgs.unstable.nitter;
package = pkgs.nitter;
server = {
address = "127.0.0.1";
port = cfg.port;

12
overlays/nitter.nix Normal file
View File

@ -0,0 +1,12 @@
self: super: {
nitter = super.nitter.overrideAttrs (old: {
# https://github.com/zedeus/nitter/pull/830
version = "unstable-2023-04-16";
src = super.fetchFromGitHub {
owner = "PrivacyDevel";
repo = "nitter";
rev = "11279e2b4ff612f523380c2ff4678a056eb5c03c";
hash = "sha256-GSBtyrrQTYRO9+XNXZsXOtnQ5QrLqmKE81RkuX/btUs=";
};
});
}