diff --git a/flake.lock b/flake.lock index 59c1706..7e58efd 100644 --- a/flake.lock +++ b/flake.lock @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1632418649, - "narHash": "sha256-4rZspkiQU7zbsuciRRMgoEPkAF/+FSv2jx/VIPxPVx4=", + "lastModified": 1632639184, + "narHash": "sha256-fRLxre+gPxIkjFVj17O68pyAWU1cxT20XFOiulIWzRw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "056a3c1fae30d06d14b171b9023743c21a23ec1a", + "rev": "fd8a7fd07da0f3fc0e27575891f45c2f88e5dd44", "type": "github" }, "original": { @@ -62,7 +62,7 @@ "secrets": { "flake": false, "locked": { - "narHash": "sha256-8e+AsdSyD971rHFL2j2VFxCATO9Oj16Ix8YZIrffd68=", + "narHash": "sha256-GsEG/ZN4MRC7j2EkXlDD5bnYTpEW26D3P/Lgz/XWV78=", "path": "/home/palo/dev/secrets", "type": "path" }, diff --git a/nixos/configs/pepe/configuration.nix b/nixos/configs/pepe/configuration.nix index d9ea390..5b0371b 100644 --- a/nixos/configs/pepe/configuration.nix +++ b/nixos/configs/pepe/configuration.nix @@ -2,7 +2,7 @@ imports = [ - + ../../system/server ./hardware-configuration.nix #./home-assistant.nix @@ -16,7 +16,7 @@ ]; - nixpkgs.config.permittedInsecurePackages = [ "homeassistant-0.114.4" ]; + sops.defaultSopsFile = ../../secrets/pepe.yaml; networking.hostName = "pepe"; diff --git a/nixos/configs/pepe/dms.nix b/nixos/configs/pepe/dms.nix index 5f6bab4..781e47a 100644 --- a/nixos/configs/pepe/dms.nix +++ b/nixos/configs/pepe/dms.nix @@ -39,9 +39,11 @@ in { } ]; + sops.secrets.ftp_password = { }; + # create user users.users.ftp-upload = { - passwordFile = toString ; + passwordFile = config.sops.secrets.ftp_password.path; isNormalUser = true; }; diff --git a/nixos/configs/pepe/hardware-configuration.nix b/nixos/configs/pepe/hardware-configuration.nix index 80f4426..64388ba 100644 --- a/nixos/configs/pepe/hardware-configuration.nix +++ b/nixos/configs/pepe/hardware-configuration.nix @@ -1,11 +1,10 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: +{ modulesPath, config, lib, pkgs, ... }: { - imports = [ - + imports = [ "${modulesPath}/installer/scan/not-detected.nix" (let mediaUUID = "29ebe5ba-7599-4dd3-99a3-37b9bf8e4d61"; in { diff --git a/nixos/configs/pepe/syncthing.nix b/nixos/configs/pepe/syncthing.nix index c6b79bf..e9213d9 100644 --- a/nixos/configs/pepe/syncthing.nix +++ b/nixos/configs/pepe/syncthing.nix @@ -17,12 +17,15 @@ #}; }; + sops.secrets.syncthing_cert = { }; + sops.secrets.syncthing_key = { }; + services.syncthing = { enable = true; openDefaultPorts = true; declarative = { - cert = toString ; - key = toString ; + cert = toString config.sops.secrets.syncthing_cert.path; + key = toString config.sops.secrets.syncthing_key.path; overrideFolders = true; folders = { diff --git a/nixos/configs/sputnik/configuration.nix b/nixos/configs/sputnik/configuration.nix index 8362320..9b757a0 100644 --- a/nixos/configs/sputnik/configuration.nix +++ b/nixos/configs/sputnik/configuration.nix @@ -1,10 +1,10 @@ { config, pkgs, lib, ... }: { imports = [ - + ../../system/proxy ./hardware-configuration.nix - + ../../system/server/packages.nix ./nginx.nix ./tinc.nix ./codimd.nix diff --git a/nixos/configs/sputnik/hardware-configuration.nix b/nixos/configs/sputnik/hardware-configuration.nix index 99cbfb2..acc233c 100644 --- a/nixos/configs/sputnik/hardware-configuration.nix +++ b/nixos/configs/sputnik/hardware-configuration.nix @@ -1,10 +1,11 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: +{ modulesPath, config, lib, pkgs, ... }: { - imports = [ ]; + #imports = [ ]; + imports = [ "${modulesPath}/profiles/qemu-guest.nix" ]; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; diff --git a/nixos/configs/sternchen/configuration.nix b/nixos/configs/sternchen/configuration.nix index 1e591a6..f36a37a 100644 --- a/nixos/configs/sternchen/configuration.nix +++ b/nixos/configs/sternchen/configuration.nix @@ -2,7 +2,7 @@ imports = [ - + ../../system/desktop ./hardware-configuration.nix ./packages.nix diff --git a/nixos/configs/sternchen/hardware-configuration.nix b/nixos/configs/sternchen/hardware-configuration.nix index e0ae399..6aad588 100644 --- a/nixos/configs/sternchen/hardware-configuration.nix +++ b/nixos/configs/sternchen/hardware-configuration.nix @@ -1,11 +1,11 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: +{ modulesPath, config, lib, pkgs, ... }: { - imports = [ ]; + imports = [ "${modulesPath}/installer/scan/not-detected.nix" ]; boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; diff --git a/nixos/configs/workhorse/configuration.nix b/nixos/configs/workhorse/configuration.nix index f56f504..47e6461 100644 --- a/nixos/configs/workhorse/configuration.nix +++ b/nixos/configs/workhorse/configuration.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { imports = [ - + ../../system/server ./hardware-configuration.nix ./gogs.nix diff --git a/nixos/flake.lock b/nixos/flake.lock index 2b75a16..ffddc06 100644 --- a/nixos/flake.lock +++ b/nixos/flake.lock @@ -461,11 +461,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1632485730, - "narHash": "sha256-+anQTUUHxdpjLnTWqk9TJhWRYMI+1F2iVZKCq8SH4hg=", + "lastModified": 1632602278, + "narHash": "sha256-BJNUsxR+YwqCXMojsCK1gOnoxkLdJx5zqSYL1VMxws8=", "owner": "Mic92", "repo": "sops-nix", - "rev": "64235a958b9ceedf98a3212c13b0dea3a504598f", + "rev": "38e9270b774e50263ae1771922d7e4ff7d543aed", "type": "github" }, "original": { diff --git a/nixos/flake.nix b/nixos/flake.nix index 19b07fd..e3eca72 100644 --- a/nixos/flake.nix +++ b/nixos/flake.nix @@ -36,6 +36,15 @@ sops-nix.nixosModules.sops { imports = [ "${krops-lib}" "${cluster-module}" "${backup-module}" ]; } ({ pkgs, ... }: { + nix = { + # no channesl needed this way + nixPath = [ "nixpkgs=${pkgs.path}" ]; + # make flakes available + package = pkgs.nixUnstable; + extraOptions = '' + experimental-features = nix-command flakes + ''; + }; # defined overlays injected by the nixflake nixpkgs.overlays = [ (_self: _super: { diff --git a/nixos/system/all/borg-jobs.nix b/nixos/system/all/borg-jobs.nix index fb7f4af..7f07942 100644 --- a/nixos/system/all/borg-jobs.nix +++ b/nixos/system/all/borg-jobs.nix @@ -44,8 +44,6 @@ repo = "borg@${server}:./${myHostname}"; encryption = { mode = "repokey-blake2"; - # todo rename - # passCommand = "cat ${toString }"; passCommand = "cat ${config.sops.secrets.backup_repository_passphrase.path}"; }; diff --git a/nixos/system/proxy/default.nix b/nixos/system/proxy/default.nix index 041c5fb..c26ccf8 100644 --- a/nixos/system/proxy/default.nix +++ b/nixos/system/proxy/default.nix @@ -1,10 +1,10 @@ { config, lib, pkgs, ... }: { imports = [ - - - - + ../../system/all + ../../system/server/netdata.nix + ../../system/server/graylog-exporter.nix + ../../system/server/prometheus-exporters.nix ]; services.sshguard.enable = true; diff --git a/nixos/system/server/default.nix b/nixos/system/server/default.nix index 6a55975..9c7a8ec 100644 --- a/nixos/system/server/default.nix +++ b/nixos/system/server/default.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: { imports = [ - + ../../system/all ./netdata.nix ./initssh.nix ./graylog-exporter.nix