feat: migrate all containers and hosts to sops

nix/os/devices/sj-vps-htz0: bump versions nix/os/devices/elias-e525: bump versions nix/os/devices/steveej-t14: bump versions nix/os/devices/justyna-p300: bump versions
2023-07-09 20:15:06 +02:00 · 2023-07-09 20:15:06 +02:00 · ea7caae226
commit ea7caae226
parent 4e0d0c3abd
25 changed files with 241 additions and 180 deletions
--- a/nix/os/devices/elias-e525/default.nix
+++ b/nix/os/devices/elias-e525/default.nix
@ -1,11 +1,13 @@
-{repoFlake, ...}: let
-  nodeName = "elias-e525";
+{
+  nodeName,
+  repoFlake,
+  nodeFlake,
+  ...
+}: let
  system = "x86_64-linux";
-
-  nodeFlake = repoFlake.inputs.get-flake ./.;
 in {
  meta.nodeSpecialArgs.${nodeName} = {
-    inherit nodeName nodeFlake;
+    inherit repoFlake nodeName nodeFlake;
    packages' = repoFlake.packages.${system};
  };

@ -13,17 +15,15 @@ in {
    inherit system;
  };

-  # TODO: build a module with "meta" and "freeformtype" for all the others
-
  ${nodeName} = {
-    deployment.targetHost = nodeName;
+    deployment.targetHost = "192.168.15.198";
    deployment.replaceUnknownProfiles = false;
    # deployment.allowLocalDeployment = true;

    imports = [
-      (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix")
-
      nodeFlake.inputs.home-manager.nixosModules.home-manager
+
+      ./configuration.nix
    ];
  };
 }
--- a/nix/os/devices/elias-e525/flake.lock
+++ b/nix/os/devices/elias-e525/flake.lock
@ -4,36 +4,35 @@
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
-        ],
-        "utils": "utils"
+        ]
      },
      "locked": {
-        "lastModified": 1681092193,
-        "narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=",
+        "lastModified": 1687871164,
+        "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af",
+        "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "release-22.11",
+        "ref": "release-23.05",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1681696129,
-        "narHash": "sha256-Ba2y1lmsWmmAOAoTD5G9UnTS/UqV0ZFyzysgdfu7qag=",
+        "lastModified": 1688868408,
+        "narHash": "sha256-RR9N5XTAxSBhK8MCvLq9uxfdkd7etC//seVXldy0k48=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "de66115c552acc4e0c0f92c5a5efb32e37dfa216",
+        "rev": "510d721ce097150ae3b80f84b04b13b039186571",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-22.11",
+        "ref": "nixos-23.05",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -43,21 +42,6 @@
        "home-manager": "home-manager",
        "nixpkgs": "nixpkgs"
      }
-    },
-    "utils": {
-      "locked": {
-        "lastModified": 1667395993,
-        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
    }
  },
  "root": "root",
--- a/nix/os/devices/elias-e525/flake.nix
+++ b/nix/os/devices/elias-e525/flake.nix
@ -1,8 +1,8 @@
 {
-  inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11";
+  inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";

  inputs.home-manager = {
-    url = "github:nix-community/home-manager/release-22.11";
+    url = "github:nix-community/home-manager/release-23.05";
    inputs.nixpkgs.follows = "nixpkgs";
  };

--- a/nix/os/devices/elias-e525/pkg.nix
+++ b/nix/os/devices/elias-e525/pkg.nix
@ -17,15 +17,9 @@
    home.keyboard = keyboard;

    home.packages = with pkgs; [
-      rhythmbox
-      lollypop
      dia

      rustdesk
-
-      kotatogram-desktop
-      jitsi-meet-electron
-      signal-desktop
    ];
  };
 in {
--- a/nix/os/devices/elias-e525/system.nix
+++ b/nix/os/devices/elias-e525/system.nix
@ -43,4 +43,6 @@ in {
  services.xserver.videoDrivers = ["modesetting"];

  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
+
+  nix.gc = {automatic = true;};
 }
--- a/nix/os/devices/elias-e525/user.nix
+++ b/nix/os/devices/elias-e525/user.nix
@ -4,19 +4,30 @@
  lib,
  ...
 }: let
-  passwords = import ../../../variables/passwords.crypt.nix;
  keys = import ../../../variables/keys.nix;
-  inherit (import ../../lib/default.nix {inherit (pkgs) lib;}) mkUser;
+  inherit (pkgs.callPackage ../../lib/default.nix {}) mkUser;
 in {
+  sops.secrets.sharedUsers-elias = {
+    sopsFile = ../../../../secrets/shared-users.yaml;
+    neededForUsers = true;
+    format = "yaml";
+  };
+
+  sops.secrets.sharedUsers-justyna = {
+    sopsFile = ../../../../secrets/shared-users.yaml;
+    neededForUsers = true;
+    format = "yaml";
+  };
+
  users.extraUsers.elias = mkUser {
    uid = 1001;
    openssh.authorizedKeys.keys = keys.users.steveej.openssh;
-    hashedPassword = passwords.users.elias;
+    passwordFile = config.sops.secrets.sharedUsers-elias.path;
  };

  users.extraUsers.justyna = mkUser {
    uid = 1002;
    openssh.authorizedKeys.keys = keys.users.steveej.openssh;
-    hashedPassword = passwords.users.justyna;
+    passwordFile = config.sops.secrets.sharedUsers-justyna.path;
  };
 }