moved all to subfolder nixos

This commit is contained in:
Ingolf Wagner 2021-09-25 20:28:25 +02:00
parent 78d39395b7
commit 15c6866362
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
263 changed files with 638 additions and 762 deletions

View file

@ -1,10 +0,0 @@
{
"url": "https://github.com/NixOS/nixpkgs.git",
"rev": "6bfe71f2a4e2e425dee26b25d2309f341ff1600d",
"date": "2021-09-02T17:55:10+02:00",
"path": "/nix/store/wmg7a97b7ql8kj413wkvh2pmvl5m4nkd-nixpkgs",
"sha256": "1mpf700fqlzyj6vsy2c329zlgbk9g6giwiyb2g0yhc0a78h72g8l",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
}

View file

@ -1,10 +0,0 @@
{
"url": "https://github.com/NixOS/nixpkgs.git",
"rev": "a51aa6523bd8ee985bc70987909eff235900197a",
"date": "2021-09-04T10:19:48-03:00",
"path": "/nix/store/qylkdn96ah6r3mhh5m0p3yv236nxdbsa-nixpkgs",
"sha256": "1rpikl60v179gsshqfrr4xwz42db5g87scm2v2hk3v3jys9dqrgc",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
}

View file

@ -1,7 +0,0 @@
{
"url": "https://git.ingolf-wagner.de/krebs/krops.git",
"rev": "2e93a93ac264a480b427acc2684993476732539d",
"date": "2018-09-19T19:57:26+02:00",
"sha256": "1s6b2cs60xa270ynhr32qj1rcy3prvf9pidap0qbbvgg008iafxk",
"fetchSubmodules": false
}

View file

@ -1,10 +0,0 @@
{
"url": "https://cgit.krebsco.de/nix-writers/",
"rev": "fc8a3802a0777a5f43a9a2fe0f5848ecaeb555a1",
"date": "2018-10-27T14:45:48+02:00",
"path": "/nix/store/81f2li00frwb29kzk7wjw7b87l65s8bg-nix-writers",
"sha256": "1iy207rcbz9nv9bf64025ypy38x8mwzl6snbmbrq347h6vvs0ksc",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
}

View file

@ -1,10 +0,0 @@
{
"url": "https://github.com/nix-community/nixos-generators.git",
"rev": "ef1e4480cf8af45cfdeac597b2f1b1af33923e93",
"date": "2019-01-18T10:41:01+01:00",
"path": "/nix/store/61wmz4fvlyxnxhw9smkl897rhavj06ry-nixos-generators-ef1e448",
"sha256": "0ymzp4pmpkjjjg5h8d45gv8avy4wh1dj0v238i2cz3jp3j489ik9",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
}

View file

@ -1,135 +0,0 @@
{ pkgs, lib, ... }:
let
hostAddress = "192.168.100.20";
containerAddress = "192.168.100.21";
in {
# backup mattermost
backup.dirs = [ "/home/mattermost" ];
containers.mattermost = {
# mount host folders
bindMounts = {
home = {
# make sure this folder exist on the host
hostPath = toString "/home/mattermost/home";
mountPoint = "/var/lib/mattermost";
isReadOnly = false;
};
db = {
# make sure this folder exist on the host
hostPath = toString "/home/mattermost/db";
mountPoint = "/var/lib/postgresql";
isReadOnly = false;
};
};
# container network setup
# see also nating on host system.
privateNetwork = true;
hostAddress = hostAddress;
localAddress = containerAddress;
autoStart = true;
config = { config, pkgs, lib, ... }: {
imports = [ <modules> <krops-lib> ];
services.nginx = {
# Use recommended settings
recommendedGzipSettings = lib.mkDefault true;
recommendedOptimisation = lib.mkDefault true;
recommendedProxySettings = lib.mkDefault true;
recommendedTlsSettings = lib.mkDefault true;
# for graylog logging
commonHttpConfig = let
access_log_sink = "${hostAddress}:12304";
error_log_sink = "${hostAddress}:12305";
in ''
log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
'"facility": "nginx", '
'"src_addr": "$remote_addr", '
'"body_bytes_sent": $body_bytes_sent, '
'"request_time": $request_time, '
'"response_status": $status, '
'"request": "$request", '
'"request_method": "$request_method", '
'"host": "$host",'
'"upstream_cache_status": "$upstream_cache_status",'
'"upstream_addr": "$upstream_addr",'
'"http_x_forwarded_for": "$http_x_forwarded_for",'
'"http_referrer": "$http_referer", '
'"http_user_agent": "$http_user_agent" }';
access_log syslog:server=${access_log_sink} graylog2_json;
error_log syslog:server=${error_log_sink};
'';
};
networking.firewall.allowedTCPPorts = [ 8065 6667 ];
networking.firewall.allowedUDPPorts = [ 8065 ];
# setup matter most
services.mattermost = {
enable = true;
siteUrl = "https://chat.ingolf-wagner.de";
localDatabaseName = "chat";
localDatabaseUser = "chatty";
listenAddress = ":8065";
matterircd = {
enable = true;
parameters = [
"-mmserver chat.ingolf-wagner.de"
"-restrict chat.ingolf-wagner.de"
"-bind [::]:6667"
];
};
};
# send log to host systems graylog (use tinc or wireguard if host is not graylog)
services.SystemdJournal2Gelf.enable = true;
services.SystemdJournal2Gelf.graylogServer = "${hostAddress}:11201";
services.journald.extraConfig = "SystemMaxUse=1G";
};
};
# give containers internet access
networking.nat.enable = true;
networking.nat.internalInterfaces = [ "ve-mattermost" ];
networking.nat.externalInterface = "enp2s0f1";
# don't let networkmanager manger container network
networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
# open ports for logging
networking.firewall.interfaces."ve-mattermost".allowedTCPPorts =
[ 11201 12304 12305 ];
networking.firewall.interfaces."ve-mattermost".allowedUDPPorts =
[ 11201 12304 12305 ];
# host nginx setup
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"chat.workhorse.private" = {
serverAliases = [ "chat.ingolf-wagner.de" ];
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://${containerAddress}:8065";
};
};
};
};
}

View file

@ -1,36 +0,0 @@
{ nixpkgs, home-manager, nixpkgs-unstable, sops-nix, doom-emacs-nix }:
let nixosSystem = nixpkgs.lib.nixosSystem;
in {
sterni = nixosSystem {
system = "x86_64-linux";
modules = [
./configs/sterni/configuration.nix
home-manager.nixosModules.home-manager
{
home-manager.users.mainUser = {
imports = [ doom-emacs-nix.hmModule ];
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
}
sops-nix.nixosModules.sops
{ sops.defaultSopsFile = ./secrets/sterni.yaml; }
({ pkgs, ... }: {
# defined overlays injected by the nixflake
nixpkgs.overlays = [
(_self: _super: {
# we assign the overlay created before to the overlays of nixpkgs.
unstable = nixpkgs-unstable.legacyPackages.${pkgs.system};
})
];
# overlay included (todo?)
# nixpkgs.overlays = [ (import <mozilla-overlay/rust-overlay.nix>) ];
# imports of modules
# imports = [ <backup-module> <krops-lib> <cluster-module> <modules> ];
})
];
};
}

View file

@ -1,179 +1,12 @@
{ {
"nodes": { "nodes": {
"doom-emacs": {
"flake": false,
"locked": {
"lastModified": 1626604817,
"narHash": "sha256-z+dvjB02cHU+VQ5EMkzqSdX817PZar9AkmmfK27q0vo=",
"owner": "hlissner",
"repo": "doom-emacs",
"rev": "46732c0adaef147144418f9f284ca6b1183ab96f",
"type": "github"
},
"original": {
"owner": "hlissner",
"ref": "develop",
"repo": "doom-emacs",
"type": "github"
}
},
"doom-emacs-nix": {
"inputs": {
"doom-emacs": "doom-emacs",
"doom-snippets": "doom-snippets",
"emacs-overlay": "emacs-overlay",
"emacs-so-long": "emacs-so-long",
"evil-markdown": "evil-markdown",
"evil-org-mode": "evil-org-mode",
"evil-quick-diff": "evil-quick-diff",
"explain-pause-mode": "explain-pause-mode",
"flake-utils": "flake-utils",
"nix-straight": "nix-straight",
"nixpkgs": [
"nixpkgs"
],
"nose": "nose",
"ob-racket": "ob-racket",
"org": "org",
"org-contrib": "org-contrib",
"org-yt": "org-yt",
"php-extras": "php-extras",
"revealjs": "revealjs",
"rotate-text": "rotate-text"
},
"locked": {
"lastModified": 1627398156,
"narHash": "sha256-Ru1aV3NuIFXAsvUE3de8KR7xDZOo1GCBJdsWKJn+Ebw=",
"owner": "vlaci",
"repo": "nix-doom-emacs",
"rev": "fee14d217b7a911aad507679dafbeaa8c1ebf5ff",
"type": "github"
},
"original": {
"owner": "vlaci",
"repo": "nix-doom-emacs",
"type": "github"
}
},
"doom-snippets": {
"flake": false,
"locked": {
"lastModified": 1625547004,
"narHash": "sha256-V+ytAjB4ZZ+5dJJAu1OY7SbnqrokX5PVBWs0AsgQ8Vs=",
"owner": "hlissner",
"repo": "doom-snippets",
"rev": "5c0eb5bd70f035cefb981c2ce64f4367498bdda6",
"type": "github"
},
"original": {
"owner": "hlissner",
"repo": "doom-snippets",
"type": "github"
}
},
"emacs-overlay": {
"flake": false,
"locked": {
"lastModified": 1626972035,
"narHash": "sha256-YhBtnKmLDYiEzP5ZEMEQMg6oMP5EV+ToCkku7ZYfL+A=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "be04b45efb35db58e6ac6aa86b84f850c85b5dfe",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "emacs-overlay",
"type": "github"
}
},
"emacs-so-long": {
"flake": false,
"locked": {
"lastModified": 1575031854,
"narHash": "sha256-xIa5zO0ZaToDrec1OFjBK6l39AbA4l/CE4LInVu2hi0=",
"owner": "hlissner",
"repo": "emacs-so-long",
"rev": "ed666b0716f60e8988c455804de24b55919e71ca",
"type": "github"
},
"original": {
"owner": "hlissner",
"repo": "emacs-so-long",
"type": "github"
}
},
"evil-markdown": {
"flake": false,
"locked": {
"lastModified": 1626852210,
"narHash": "sha256-HBBuZ1VWIn6kwK5CtGIvHM1+9eiNiKPH0GUsyvpUVN8=",
"owner": "Somelauw",
"repo": "evil-markdown",
"rev": "8e6cc68af83914b2fa9fd3a3b8472573dbcef477",
"type": "github"
},
"original": {
"owner": "Somelauw",
"repo": "evil-markdown",
"type": "github"
}
},
"evil-org-mode": {
"flake": false,
"locked": {
"lastModified": 1607203864,
"narHash": "sha256-JxwqVYDN6OIJEH15MVI6XOZAPtUWUhJQWHyzcrUvrFg=",
"owner": "hlissner",
"repo": "evil-org-mode",
"rev": "a9706da260c45b98601bcd72b1d2c0a24a017700",
"type": "github"
},
"original": {
"owner": "hlissner",
"repo": "evil-org-mode",
"type": "github"
}
},
"evil-quick-diff": {
"flake": false,
"locked": {
"lastModified": 1575189609,
"narHash": "sha256-oGzl1ayW9rIuq0haoiFS7RZsS8NFMdEA7K1BSozgnJU=",
"owner": "rgrinberg",
"repo": "evil-quick-diff",
"rev": "69c883720b30a892c63bc89f49d4f0e8b8028908",
"type": "github"
},
"original": {
"owner": "rgrinberg",
"repo": "evil-quick-diff",
"type": "github"
}
},
"explain-pause-mode": {
"flake": false,
"locked": {
"lastModified": 1595842060,
"narHash": "sha256-++znrjiDSx+cy4okFBBXUBkRFdtnE2x+trkmqjB3Njs=",
"owner": "lastquestion",
"repo": "explain-pause-mode",
"rev": "2356c8c3639cbeeb9751744dbe737267849b4b51",
"type": "github"
},
"original": {
"owner": "lastquestion",
"repo": "explain-pause-mode",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1623875721, "lastModified": 1597053966,
"narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", "narHash": "sha256-f9lbPS/GJ1His8fsDqM6gfa8kSqREU4eKiMCS5hrKg4=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", "rev": "ec20f52e2ff61e9c36c2b894b62fc1b4bd04c71b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -182,47 +15,9 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"locked": {
"lastModified": 1631561581,
"narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1631573611,
"narHash": "sha256-u2E/wstadWNcn6vOIoK1xY86QPOzzBZQfT1FbePfdaI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "7d9ba15214004c979d2c8733f8be12ce6502cf8a",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-21.05",
"repo": "home-manager",
"type": "github"
}
},
"krops": { "krops": {
"inputs": { "inputs": {
"flake-utils": [ "flake-utils": "flake-utils",
"flake-utils"
],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
@ -241,23 +36,6 @@
"type": "github" "type": "github"
} }
}, },
"nix-straight": {
"flake": false,
"locked": {
"lastModified": 1621543597,
"narHash": "sha256-E/m2Hrw2og//CfOCOWe2yapYC01Tqhozn4YMPYJsC3o=",
"owner": "vlaci",
"repo": "nix-straight.el",
"rev": "8e84d04f10b2298de856b2b8b9a0d13abc91b5ca",
"type": "github"
},
"original": {
"owner": "vlaci",
"ref": "v2.2.0",
"repo": "nix-straight.el",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1632418649, "lastModified": 1632418649,
@ -274,176 +52,11 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": {
"locked": {
"lastModified": 1632411313,
"narHash": "sha256-lekODc44lVo9/0EwGiX6LoEt2KhiPdcfNopealMJ7n4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "51bcdc4cdaac48535dabf0ad4642a66774c609ed",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1625223284,
"narHash": "sha256-jjLcDSU1rRiJb+n3uez23XAa7kbnPcGZTa6jIKh1GMQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "357d2c8f6087685fe35cb1889a005a4dd4cce7b8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nose": {
"flake": false,
"locked": {
"lastModified": 1400604510,
"narHash": "sha256-daEi8Kta1oGaDEmUUDDQMahTTPOpvNpDKk22rlr7cB0=",
"owner": "emacsattic",
"repo": "nose",
"rev": "f8528297519eba911696c4e68fa88892de9a7b72",
"type": "github"
},
"original": {
"owner": "emacsattic",
"repo": "nose",
"type": "github"
}
},
"ob-racket": {
"flake": false,
"locked": {
"lastModified": 1584656173,
"narHash": "sha256-rBUYDDCXb+3D4xTPQo9UocbTPZ32kWV1Uya/1DmZknU=",
"owner": "xchrishawk",
"repo": "ob-racket",
"rev": "83457ec9e1e96a29fd2086ed19432b9d75787673",
"type": "github"
},
"original": {
"owner": "xchrishawk",
"repo": "ob-racket",
"type": "github"
}
},
"org": {
"flake": false,
"locked": {
"lastModified": 1627155762,
"narHash": "sha256-XS1eA6P0ePabdrnUNe5lN19EA9dfK615gMGObr9wfBQ=",
"owner": "emacs-straight",
"repo": "org-mode",
"rev": "c9dfed48a607c7f6524f1c6480f09cf61a5d6237",
"type": "github"
},
"original": {
"owner": "emacs-straight",
"repo": "org-mode",
"type": "github"
}
},
"org-contrib": {
"flake": false,
"locked": {
"lastModified": 1623339452,
"narHash": "sha256-E3pioqkmAKQm5N7YsgJZil0/ozkdRE7//tE9FGbrluM=",
"ref": "master",
"rev": "fc81309cf6756607a836f93049a9393c2967c4e0",
"revCount": 2599,
"type": "git",
"url": "https://git.sr.ht/~bzg/org-contrib"
},
"original": {
"type": "git",
"url": "https://git.sr.ht/~bzg/org-contrib"
}
},
"org-yt": {
"flake": false,
"locked": {
"lastModified": 1527381913,
"narHash": "sha256-dzQ6B7ryzatHCTLyEnRSbWO0VUiX/FHYnpHTs74aVUs=",
"owner": "TobiasZawada",
"repo": "org-yt",
"rev": "40cc1ac76d741055cbefa13860d9f070a7ade001",
"type": "github"
},
"original": {
"owner": "TobiasZawada",
"repo": "org-yt",
"type": "github"
}
},
"php-extras": {
"flake": false,
"locked": {
"lastModified": 1573312690,
"narHash": "sha256-r4WyVbzvT0ra4Z6JywNBOw5RxOEYd6Qe2IpebHXkj1U=",
"owner": "arnested",
"repo": "php-extras",
"rev": "d410c5af663c30c01d461ac476d1cbfbacb49367",
"type": "github"
},
"original": {
"owner": "arnested",
"repo": "php-extras",
"type": "github"
}
},
"revealjs": {
"flake": false,
"locked": {
"lastModified": 1625811744,
"narHash": "sha256-Y67nVqcovn2PbHXmWOFWMq10Qz2ZIRyyWEO6qsZLbIM=",
"owner": "hakimel",
"repo": "reveal.js",
"rev": "b18f12d964ef80bd9ffb061aae48ff4c15fb43ad",
"type": "github"
},
"original": {
"owner": "hakimel",
"repo": "reveal.js",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"doom-emacs-nix": "doom-emacs-nix",
"flake-utils": "flake-utils_2",
"home-manager": "home-manager",
"krops": "krops", "krops": "krops",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "secrets": "secrets"
"secrets": "secrets",
"sops-nix": "sops-nix"
}
},
"rotate-text": {
"flake": false,
"locked": {
"lastModified": 1322962747,
"narHash": "sha256-SOeOgSlcEIsKhUiYDJv0p+mLUb420s9E2BmvZQvZ0wk=",
"owner": "debug-ito",
"repo": "rotate-text.el",
"rev": "48f193697db996855aee1ad2bc99b38c6646fe76",
"type": "github"
},
"original": {
"owner": "debug-ito",
"repo": "rotate-text.el",
"type": "github"
} }
}, },
"secrets": { "secrets": {
@ -457,24 +70,6 @@
"path": "/home/palo/dev/secrets", "path": "/home/palo/dev/secrets",
"type": "path" "type": "path"
} }
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1632485730,
"narHash": "sha256-+anQTUUHxdpjLnTWqk9TJhWRYMI+1F2iVZKCq8SH4hg=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "64235a958b9ceedf98a3212c13b0dea3a504598f",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

View file

@ -7,47 +7,24 @@
url = "path:/home/palo/dev/secrets"; url = "path:/home/palo/dev/secrets";
flake = false; flake = false;
}; };
sops-nix.url = "github:Mic92/sops-nix";
flake-utils.url = "github:numtide/flake-utils";
nixpkgs.url = "github:nixos/nixpkgs/nixos-21.05"; nixpkgs.url = "github:nixos/nixpkgs/nixos-21.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
doom-emacs-nix = {
url = "github:vlaci/nix-doom-emacs";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager/release-21.05";
inputs.nixpkgs.follows = "nixpkgs";
};
krops = { krops = {
url = "github:Mic92/krops"; url = "github:Mic92/krops";
inputs.flake-utils.follows = "flake-utils";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
outputs = { self, sops-nix, nixpkgs, home-manager, krops, flake-utils outputs = { self, nixpkgs, krops, secrets, ... }:
, doom-emacs-nix, nixpkgs-unstable, secrets, ... }: let
(flake-utils.lib.eachSystem [ "x86_64-linux" ] (system: system = "x86_64-linux";
let pkgs = nixpkgs.legacyPackages.${system};
writeCommand = krops.packages.${system}.writeCommand;
pkgs = nixpkgs.legacyPackages.${system}; in {
writeCommand = krops.packages.${system}.writeCommand; # deploy like this:
# nix run ".#deploy.sterni"
in { apps.${system}.deploy = pkgs.callPackage ./nixos/krops.nix {
inherit writeCommand secrets;
# deploy like this: lib = krops.lib;
# nix run ".#deploy.sterni"
apps.deploy = pkgs.callPackage ./krops.nix {
inherit writeCommand secrets;
lib = krops.lib;
};
})) // {
nixosConfigurations = import ./configurations.nix {
inherit nixpkgs home-manager nixpkgs-unstable sops-nix doom-emacs-nix;
};
}; };
};
} }

View file

@ -1,96 +0,0 @@
{ pkgs, writeCommand, lib, secrets }:
let
# command that ensures we use flake.nix during switch
command = targetPath:
let
commandLine =
"TMPDIR=/tmp nixos-rebuild switch --flake ${targetPath} -L --keep-going";
in ''
echo '${commandLine}'
nix-shell \
-E "with import <nixpkgs> {}; mkShell { buildInputs = [ git (nixos { nix.package = nixFlakes; }).nixos-rebuild ]; }" \
--run '${commandLine}'
'';
#secrets = name: {
# secrets.pass = {
# dir = toString ~/.password-store;
# name = "krops/${name}/secrets";
# };
# common_secrets.pass = {
# dir = toString ~/.password-store;
# name = "krops/common_secrets";
# };
#};
#desktopSecrets = {
# desktop_secrets.pass = {
# dir = toString ~/.password-store;
# name = "krops/desktop_secrets";
# };
#};
source = {
secrets.file = "${secrets}/secrets";
assets.file = toString ./assets;
private_assets.pass = {
dir = toString ~/.password-store;
name = "krops/private_assets";
};
configs.file = toString ./configs;
library.file = toString ./library;
modules.file = toString ./modules;
pkgs.file = toString ./pkgs;
system.file = toString ./system;
"flake.nix".file = toString ./flake.nix;
"flake.lock".file = toString ./flake.lock;
"configurations.nix".file = toString ./configurations.nix;
#mqtt.file = toString ./mqtt;
#backup-module.file = toString ~/dev/backup;
backup-module.git = {
url = "https://git.ingolf-wagner.de/nix-modules/backup.git";
ref = "1.3.3";
};
#kops-lib.file = toString ~/dev/krops-lib;
krops-lib.git = {
url = "https://git.ingolf-wagner.de/nix-modules/krops.git";
ref = "1.0.3";
};
#cluster-module.file = toString ~/dev/cluster-module;
cluster-module.git = {
url = "https://git.ingolf-wagner.de/nix-modules/cluster.git";
ref = "1.2.0";
};
};
in {
sterni = let
system = writeCommand "/bin/system" {
source = lib.evalSource [ source ];
force = true;
target = lib.mkTarget "root@sterni.private/var/krops";
inherit command;
};
network = writeCommand "/bin/secrets" {
source = lib.evalSource [{
system-connections.pass = {
dir = toString ~/.password-store;
name = "krops/desktop_secrets/network-manager/system-connections";
};
}];
force = true;
target = lib.mkTarget "root@sterni.private/etc/NetworkManager";
};
in pkgs.writers.writeBash "/bin/sterni" ''
#echo "deploy network secerts"
#${network}/bin/secrets
echo "deploy system"
${system}/bin/system
'';
}

View file

@ -14,6 +14,7 @@
]; ];
sops.defaultSopsFile = ../../secrets/sterni.yaml;
networking.hostName = "sterni"; networking.hostName = "sterni";
system.custom.wifi.interfaces = [ "wlp3s0" ]; system.custom.wifi.interfaces = [ "wlp3s0" ];

Some files were not shown because too many files have changed in this diff Show more