steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

feat: migrate all containers and hosts to sops

Browse source 
nix/os/devices/sj-vps-htz0: bump versions
nix/os/devices/elias-e525: bump versions
nix/os/devices/steveej-t14: bump versions
nix/os/devices/justyna-p300: bump versions
This commit is contained in:
steveej 2023-07-09 20:15:06 +02:00
parent 4e0d0c3abd
commit ea7caae226
25 changed files with 241 additions and 180 deletions
Download patch file Download diff file Expand all files Collapse all files

19
nix/os/devices/justyna-p300/default.nix
View file

@ -1,12 +1,13 @@
{repoFlake, ...}: let
nodeName = "justyna-p300";
# system = "i686-linux";
{
nodeName,
repoFlake,
nodeFlake,
...
}: let
system = "x86_64-linux";
nodeFlake = repoFlake.inputs.get-flake ./.;
in {
meta.nodeSpecialArgs.${nodeName} = {
inherit nodeName nodeFlake;
inherit repoFlake nodeName nodeFlake;
packages' = repoFlake.packages.${system};
};
@ -14,17 +15,15 @@ in {
inherit system;
};
# TODO: build a module with "meta" and "freeformtype" for all the others
${nodeName} = {
deployment.targetHost = nodeName;
deployment.replaceUnknownProfiles = false;
# deployment.allowLocalDeployment = true;
imports = [
(repoFlake + "/nix/os/devices/${nodeName}/configuration.nix")
nodeFlake.inputs.home-manager.nixosModules.home-manager
./configuration.nix
];
};
}

40
nix/os/devices/justyna-p300/flake.lock generated
View file

@ -7,11 +7,11 @@
]
},
"locked": {
"lastModified": 1682299489,
"narHash": "sha256-bqHo0/82KB+IyBMyjBd6QdyZWJl/YZeGggjBsAgRFlY=",
"lastModified": 1688544596,
"narHash": "sha256-/rbDM71Qpj4gMp54r9mQ2AdD10jEMtnrQ3b2Xf+HYTU=",
"owner": "nix-community",
"repo": "disko",
"rev": "8ab9e5609929379ab15f03fd3bdc1f85419e5a3a",
"rev": "fc3c3817c9f1fcd405463c6a7f0f98baab97c692",
"type": "github"
},
"original": {
@ -24,36 +24,35 @@
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
]
},
"locked": {
"lastModified": 1681092193,
"narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=",
"lastModified": 1687871164,
"narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af",
"rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-22.11",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1682303062,
"narHash": "sha256-x+KAADp27lbxeoPXLUMxKcRsUUHDlg+qVjt5PjgBw9A=",
"lastModified": 1688939073,
"narHash": "sha256-jYhYjeK5s6k8QS3i+ovq9VZqBJaWbxm7awTKNhHL9d0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f5364316e314436f6b9c8fd50592b18920ab18f9",
"rev": "8df7a67abaf8aefc8a2839e0b48f92fdcf69a38b",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.11",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
@ -64,21 +63,6 @@
"home-manager": "home-manager",
"nixpkgs": "nixpkgs"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",

4
nix/os/devices/justyna-p300/flake.nix
View file

@ -1,8 +1,8 @@
{
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11";
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
inputs.home-manager = {
url = "github:nix-community/home-manager/release-22.11";
url = "github:nix-community/home-manager/release-23.05";
inputs.nixpkgs.follows = "nixpkgs";
};

20
nix/os/devices/justyna-p300/pkg.nix
View file

@ -18,15 +18,9 @@
home.keyboard = keyboard;
home.packages = with pkgs; [
rhythmbox
lollypop
dia
rustdesk
kotatogram-desktop
jitsi-meet-electron
signal-desktop
];
};
in {
@ -55,11 +49,15 @@ in {
variant = "";
};
home-manager.users.justyna = homeEnv {
layout = "de";
options = [];
variant = "";
};
home-manager.users.justyna =
lib.attrsets.recursiveUpdate (homeEnv {
layout = "de";
options = [];
variant = "";
}) {
services.syncthing.enable = true;
services.syncthing.tray = true;
};
system.stateVersion = "21.11";
}

2
nix/os/devices/justyna-p300/system.nix
View file

@ -41,4 +41,6 @@ in {
services.xserver.videoDrivers = ["modesetting"];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
nix.gc = {automatic = true;};
}

19
nix/os/devices/justyna-p300/user.nix
View file

@ -3,19 +3,30 @@
pkgs,
...
}: let
passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix {inherit (pkgs) lib;}) mkUser;
inherit (pkgs.callPackage ../../lib/default.nix {}) mkUser;
in {
sops.secrets.sharedUsers-elias = {
sopsFile = ../../../../secrets/shared-users.yaml;
neededForUsers = true;
format = "yaml";
};
sops.secrets.sharedUsers-justyna = {
sopsFile = ../../../../secrets/shared-users.yaml;
neededForUsers = true;
format = "yaml";
};
users.extraUsers.elias = mkUser {
uid = 1001;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
hashedPassword = passwords.users.elias;
passwordFile = config.sops.secrets.sharedUsers-elias.path;
};
users.extraUsers.justyna = mkUser {
uid = 1002;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
hashedPassword = passwords.users.justyna;
passwordFile = config.sops.secrets.sharedUsers-justyna.path;
};
}