diff --git a/configs/sterni/configuration.nix b/configs/sterni/configuration.nix index 61249ec..d987d27 100644 --- a/configs/sterni/configuration.nix +++ b/configs/sterni/configuration.nix @@ -2,9 +2,9 @@ imports = [ - - ./hardware-configuration.nix + ../../system/desktop + ./hardware-configuration.nix ./packages.nix ./syncthing.nix ./tinc.nix diff --git a/configs/sterni/hardware-configuration.nix b/configs/sterni/hardware-configuration.nix index 881d299..2232bf1 100644 --- a/configs/sterni/hardware-configuration.nix +++ b/configs/sterni/hardware-configuration.nix @@ -1,11 +1,11 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, modulesPath, ... }: { - imports = [ ]; + imports = [ "${modulesPath}/installer/scan/not-detected.nix" ]; boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; diff --git a/configs/sterni/packages.nix b/configs/sterni/packages.nix index 1c77bd9..e5bc6bc 100644 --- a/configs/sterni/packages.nix +++ b/configs/sterni/packages.nix @@ -1,7 +1,5 @@ { config, lib, pkgs, ... }: let - unstable = import { }; - nextcloudSync = folder: pkgs.writers.writeBashBin "nextcloud-sync-${folder}" '' ${pkgs.nextcloud-client}/bin/nextcloudcmd \ @@ -13,9 +11,6 @@ let in { - # overlay included - nixpkgs.overlays = [ (import ) ]; - environment.systemPackages = with pkgs; [ (nextcloudSync "InstantUpload") @@ -43,7 +38,6 @@ in { bitwig-studio3 sonic-pi jack2 - #unstable.sonic-visualiser sononym-crawler darktable diff --git a/configurations.nix b/configurations.nix index 3227db5..94484f5 100644 --- a/configurations.nix +++ b/configurations.nix @@ -1,4 +1,5 @@ { nixosSystem, home-manager, nixpkgs-unstable, ... }: { + sterni = nixosSystem { system = "x86_64-linux"; modules = [ @@ -17,8 +18,11 @@ }) ]; + # overlay included (todo?) + # nixpkgs.overlays = [ (import ) ]; + # imports of modules - imports = [ ]; + # imports = [ ]; }) ]; }; diff --git a/flake.lock b/flake.lock index 80fc97a..b56e24c 100644 --- a/flake.lock +++ b/flake.lock @@ -290,6 +290,22 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1625223284, + "narHash": "sha256-jjLcDSU1rRiJb+n3uez23XAa7kbnPcGZTa6jIKh1GMQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "357d2c8f6087685fe35cb1889a005a4dd4cce7b8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nose": { "flake": false, "locked": { @@ -409,7 +425,9 @@ "krops": "krops", "nix-doom-emacs": "nix-doom-emacs", "nixpkgs": "nixpkgs", - "nixpkgs-unstable": "nixpkgs-unstable" + "nixpkgs-unstable": "nixpkgs-unstable", + "secrets": "secrets", + "sops-nix": "sops-nix" } }, "rotate-text": { @@ -427,6 +445,36 @@ "repo": "rotate-text.el", "type": "github" } + }, + "secrets": { + "flake": false, + "locked": { + "narHash": "sha256-R8u4x1+HiTKm2j3ytycGiV4UqCKiih+qGd2Pr9icvQY=", + "path": "/home/palo/dev/secrets", + "type": "path" + }, + "original": { + "path": "/home/palo/dev/secrets", + "type": "path" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1632485730, + "narHash": "sha256-+anQTUUHxdpjLnTWqk9TJhWRYMI+1F2iVZKCq8SH4hg=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "64235a958b9ceedf98a3212c13b0dea3a504598f", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 188c751..80dbf4f 100644 --- a/flake.nix +++ b/flake.nix @@ -3,6 +3,11 @@ description = "my krops file"; inputs = { + secrets = { + url = "path:/home/palo/dev/secrets"; + flake = false; + }; + sops-nix.url = "github:Mic92/sops-nix"; flake-utils.url = "github:numtide/flake-utils"; nixpkgs.url = "github:nixos/nixpkgs/nixos-21.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; @@ -16,14 +21,13 @@ }; krops = { url = "github:Mic92/krops"; - #url = "file:/home/palo/dev/krops-mic92-fork"; inputs.flake-utils.follows = "flake-utils"; inputs.nixpkgs.follows = "nixpkgs"; }; }; - outputs = { self, nixpkgs, home-manager, krops, flake-utils, nix-doom-emacs - , nixpkgs-unstable, ... }: + outputs = { self, sops-nix, nixpkgs, home-manager, krops, flake-utils + , nix-doom-emacs, nixpkgs-unstable, secrets, ... }: (flake-utils.lib.eachSystem [ "x86_64-linux" ] (system: let @@ -35,7 +39,7 @@ # deploy like this: # nix run ".#deploy.sterni" apps.deploy = pkgs.callPackage ./krops.nix { - inherit writeCommand; + inherit writeCommand secrets; lib = krops.lib; }; diff --git a/krops.nix b/krops.nix index 6822b5d..72d4580 100644 --- a/krops.nix +++ b/krops.nix @@ -1,4 +1,4 @@ -{ writeCommand, lib, ... }: +{ writeCommand, lib, secrets }: let # command that ensures we use flake.nix during switch @@ -6,41 +6,40 @@ let echo 'nixos-rebuild build --flake ${targetPath} -L --keep-going' nix-shell \ -E "with import {}; mkShell { buildInputs = [ git (nixos { nix.package = nixFlakes; }).nixos-rebuild ]; }" \ - --run 'nixos-rebuild build --flake ${targetPath} --keep-going --impure' - ''; + --run 'nixos-rebuild build --flake ${targetPath} -L --keep-going' + ''; - secrets = name: { - secrets.pass = { - dir = toString ~/.password-store; - name = "krops/${name}/secrets"; - }; - common_secrets.pass = { - dir = toString ~/.password-store; - name = "krops/common_secrets"; - }; - }; + #secrets = name: { + # secrets.pass = { + # dir = toString ~/.password-store; + # name = "krops/${name}/secrets"; + # }; + # common_secrets.pass = { + # dir = toString ~/.password-store; + # name = "krops/common_secrets"; + # }; + #}; - desktopSecrets = { - desktop_secrets.pass = { - dir = toString ~/.password-store; - name = "krops/desktop_secrets"; - }; - }; + #desktopSecrets = { + # desktop_secrets.pass = { + # dir = toString ~/.password-store; + # name = "krops/desktop_secrets"; + # }; + #}; source = { - # only workhorse - # property.file = toString ./submodules/property; - + secrets.file = "${secrets}/secrets"; assets.file = toString ./assets; configs.file = toString ./configs; library.file = toString ./library; modules.file = toString ./modules; - #mqtt.file = toString ./mqtt; pkgs.file = toString ./pkgs; system.file = toString ./system; "flake.nix".file = toString ./flake.nix; + "flake.lock".file = toString ./flake.lock; "configurations.nix".file = toString ./configurations.nix; + #mqtt.file = toString ./mqtt; #backup-module.file = toString ~/dev/backup; backup-module.git = { diff --git a/nixos/flake.nix b/nixos/flake.nix new file mode 100644 index 0000000..865d469 --- /dev/null +++ b/nixos/flake.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs, ... }: + +{ + +} diff --git a/system/all/default.nix b/system/all/default.nix index 5e3be3e..c9e0895 100644 --- a/system/all/default.nix +++ b/system/all/default.nix @@ -1,10 +1,11 @@ { lib, config, pkgs, ... }: { + imports = [ - # - # - # - # + ../../backup-module + ../../krops-lib + ../../cluster-module + ../../modules # needed # @@ -35,7 +36,7 @@ # provide overlays # ----------------- - nixpkgs.overlays = [ (import ) (import ) ]; + #nixpkgs.overlays = [ (import ) (import ) ]; # allow un-free # ------------- diff --git a/system/all/tinc.nix b/system/all/tinc.nix index 9b762ed..5116385 100644 --- a/system/all/tinc.nix +++ b/system/all/tinc.nix @@ -9,7 +9,7 @@ let in { - imports = [ ]; + imports = [ ../../modules ]; networking.firewall.trustedInterfaces = [ "tinc.private" ]; diff --git a/system/desktop/default.nix b/system/desktop/default.nix index 055e175..1c3a517 100644 --- a/system/desktop/default.nix +++ b/system/desktop/default.nix @@ -1,7 +1,8 @@ { config, pkgs, lib, ... }: { imports = [ - + + ../all #./icecast.nix ./audio.nix