pepe is not using flakes

2021-09-27 18:53:45 +02:00 · 2021-09-27 18:53:45 +02:00 · 147d51f694
commit 147d51f694
parent d29a43028b
15 changed files with 42 additions and 30 deletions
--- a/flake.lock
+++ b/flake.lock
@ -38,11 +38,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1632418649,
-        "narHash": "sha256-4rZspkiQU7zbsuciRRMgoEPkAF/+FSv2jx/VIPxPVx4=",
+        "lastModified": 1632639184,
+        "narHash": "sha256-fRLxre+gPxIkjFVj17O68pyAWU1cxT20XFOiulIWzRw=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "056a3c1fae30d06d14b171b9023743c21a23ec1a",
+        "rev": "fd8a7fd07da0f3fc0e27575891f45c2f88e5dd44",
        "type": "github"
      },
      "original": {
@ -62,7 +62,7 @@
    "secrets": {
      "flake": false,
      "locked": {
-        "narHash": "sha256-8e+AsdSyD971rHFL2j2VFxCATO9Oj16Ix8YZIrffd68=",
+        "narHash": "sha256-GsEG/ZN4MRC7j2EkXlDD5bnYTpEW26D3P/Lgz/XWV78=",
        "path": "/home/palo/dev/secrets",
        "type": "path"
      },
--- a/nixos/configs/pepe/configuration.nix
+++ b/nixos/configs/pepe/configuration.nix
@ -2,7 +2,7 @@

  imports = [

-    <system/server>
+    ../../system/server
    ./hardware-configuration.nix

    #./home-assistant.nix
@ -16,7 +16,7 @@

  ];

-  nixpkgs.config.permittedInsecurePackages = [ "homeassistant-0.114.4" ];
+  sops.defaultSopsFile = ../../secrets/pepe.yaml;

  networking.hostName = "pepe";

--- a/nixos/configs/pepe/dms.nix
+++ b/nixos/configs/pepe/dms.nix
@ -39,9 +39,11 @@ in {
    }
  ];

+  sops.secrets.ftp_password = { };
+
  # create user
  users.users.ftp-upload = {
-    passwordFile = toString <secrets/ftp/password>;
+    passwordFile = config.sops.secrets.ftp_password.path;
    isNormalUser = true;
  };

--- a/nixos/configs/pepe/hardware-configuration.nix
+++ b/nixos/configs/pepe/hardware-configuration.nix
@ -1,11 +1,10 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
+{ modulesPath, config, lib, pkgs, ... }:

 {
-  imports = [
-    <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+  imports = [ "${modulesPath}/installer/scan/not-detected.nix"

    (let mediaUUID = "29ebe5ba-7599-4dd3-99a3-37b9bf8e4d61";
    in {
--- a/nixos/configs/pepe/syncthing.nix
+++ b/nixos/configs/pepe/syncthing.nix
@ -17,12 +17,15 @@
    #};
  };

+  sops.secrets.syncthing_cert = { };
+  sops.secrets.syncthing_key = { };
+
  services.syncthing = {
    enable = true;
    openDefaultPorts = true;
    declarative = {
-      cert = toString <secrets/syncthing/cert.pem>;
-      key = toString <secrets/syncthing/key.pem>;
+      cert = toString config.sops.secrets.syncthing_cert.path;
+      key = toString config.sops.secrets.syncthing_key.path;

      overrideFolders = true;
      folders = {
--- a/nixos/configs/sputnik/configuration.nix
+++ b/nixos/configs/sputnik/configuration.nix
@ -1,10 +1,10 @@
 { config, pkgs, lib, ... }: {
  imports = [

-    <system/proxy>
+    ../../system/proxy
    ./hardware-configuration.nix

-    <system/server/packages.nix>
+    ../../system/server/packages.nix
    ./nginx.nix
    ./tinc.nix
    ./codimd.nix
--- a/nixos/configs/sputnik/hardware-configuration.nix
+++ b/nixos/configs/sputnik/hardware-configuration.nix
@ -1,10 +1,11 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
+{ modulesPath, config, lib, pkgs, ... }:

 {
-  imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
+  #imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
+  imports = [ "${modulesPath}/profiles/qemu-guest.nix" ];

  boot.initrd.availableKernelModules =
    [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
--- a/nixos/configs/sternchen/configuration.nix
+++ b/nixos/configs/sternchen/configuration.nix
@ -2,7 +2,7 @@

  imports = [

-    <system/desktop>
+    ../../system/desktop
    ./hardware-configuration.nix

    ./packages.nix
--- a/nixos/configs/sternchen/hardware-configuration.nix
+++ b/nixos/configs/sternchen/hardware-configuration.nix
@ -1,11 +1,11 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
+{ modulesPath, config, lib, pkgs, ... }:

 {

-  imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
+  imports = [ "${modulesPath}/installer/scan/not-detected.nix" ];

  boot.initrd.availableKernelModules =
    [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
--- a/nixos/configs/workhorse/configuration.nix
+++ b/nixos/configs/workhorse/configuration.nix
@ -1,7 +1,7 @@
 { lib, config, pkgs, ... }: {
  imports = [

-    <system/server>
+    ../../system/server
    ./hardware-configuration.nix

    ./gogs.nix
--- a/nixos/flake.lock
+++ b/nixos/flake.lock
@ -461,11 +461,11 @@
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1632485730,
-        "narHash": "sha256-+anQTUUHxdpjLnTWqk9TJhWRYMI+1F2iVZKCq8SH4hg=",
+        "lastModified": 1632602278,
+        "narHash": "sha256-BJNUsxR+YwqCXMojsCK1gOnoxkLdJx5zqSYL1VMxws8=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "64235a958b9ceedf98a3212c13b0dea3a504598f",
+        "rev": "38e9270b774e50263ae1771922d7e4ff7d543aed",
        "type": "github"
      },
      "original": {
--- a/nixos/flake.nix
+++ b/nixos/flake.nix
@ -36,6 +36,15 @@
        sops-nix.nixosModules.sops
        { imports = [ "${krops-lib}" "${cluster-module}" "${backup-module}" ]; }
        ({ pkgs, ... }: {
+          nix = {
+            # no channesl needed this way
+            nixPath = [ "nixpkgs=${pkgs.path}" ];
+            # make flakes available
+            package = pkgs.nixUnstable;
+            extraOptions = ''
+              experimental-features = nix-command flakes
+            '';
+          };
          # defined overlays injected by the nixflake
          nixpkgs.overlays = [
            (_self: _super: {
--- a/nixos/system/all/borg-jobs.nix
+++ b/nixos/system/all/borg-jobs.nix
@ -44,8 +44,6 @@
      repo = "borg@${server}:./${myHostname}";
      encryption = {
        mode = "repokey-blake2";
-        # todo rename
-        # passCommand = "cat ${toString <secrets/backup/repo>}";
        passCommand =
          "cat ${config.sops.secrets.backup_repository_passphrase.path}";
      };
--- a/nixos/system/proxy/default.nix
+++ b/nixos/system/proxy/default.nix
@ -1,10 +1,10 @@
 { config, lib, pkgs, ... }: {

  imports = [
-    <system/all>
-    <system/server/netdata.nix>
-    <system/server/graylog-exporter.nix>
-    <system/server/prometheus-exporters.nix>
+    ../../system/all
+    ../../system/server/netdata.nix
+    ../../system/server/graylog-exporter.nix
+    ../../system/server/prometheus-exporters.nix
  ];

  services.sshguard.enable = true;
--- a/nixos/system/server/default.nix
+++ b/nixos/system/server/default.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }: {

  imports = [
-    <system/all>
+    ../../system/all
    ./netdata.nix
    ./initssh.nix
    ./graylog-exporter.nix