cream works

This commit is contained in:
Ingolf Wagner 2023-06-30 00:14:18 +02:00
parent 5e1bf36c3d
commit 63603e872a
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
4 changed files with 258 additions and 279 deletions

View file

@ -2,8 +2,8 @@
"nodes": {
"barcode-reader": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs"
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1636602745,
@ -19,26 +19,23 @@
"type": "github"
}
},
"colmena": {
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"stable": "stable"
"nixpkgs": "nixpkgs",
"utils": "utils"
},
"locked": {
"lastModified": 1685163780,
"narHash": "sha256-tMwseHtEFDpO3WKeZKWqrKRAZI6TiEULidxEbzicuFg=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "c61bebae1dc1d57237577080b1ca1e37a3fbcebf",
"lastModified": 1686747123,
"narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "724463b5a94daa810abfc64a4f87faef4e00f984",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "colmena",
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
@ -92,7 +89,7 @@
"evil-quick-diff": "evil-quick-diff",
"explain-pause-mode": "explain-pause-mode",
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils",
"format-all": "format-all",
"nix-straight": "nix-straight",
"nixpkgs": [
@ -160,11 +157,11 @@
"emacs-overlay_2": {
"flake": false,
"locked": {
"lastModified": 1688019553,
"narHash": "sha256-zoRQUZaBSDRx7CvxI+JlzqcishY0DgMRlzwI6i4IXg8=",
"lastModified": 1688033745,
"narHash": "sha256-5u9ysFHuBahdKFcBBz26VxZYw9GKLiDvQLJHDzjIQX8=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "a296b6e6d151351589f643b656f7c92188cabadb",
"rev": "5fb607b2ee0c37a9aa0570a53c11405b21883313",
"type": "github"
},
"original": {
@ -310,11 +307,11 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
@ -340,21 +337,6 @@
}
},
"flake-utils": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems"
},
@ -372,7 +354,7 @@
"type": "github"
}
},
"flake-utils_3": {
"flake-utils_2": {
"locked": {
"lastModified": 1634851050,
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
@ -387,7 +369,7 @@
"type": "github"
}
},
"flake-utils_4": {
"flake-utils_3": {
"locked": {
"lastModified": 1644229661,
"narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
@ -402,7 +384,7 @@
"type": "github"
}
},
"flake-utils_5": {
"flake-utils_4": {
"locked": {
"lastModified": 1637014545,
"narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=",
@ -417,7 +399,7 @@
"type": "github"
}
},
"flake-utils_6": {
"flake-utils_5": {
"locked": {
"lastModified": 1631561581,
"narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=",
@ -535,8 +517,8 @@
},
"landingpage": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_2"
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1669559123,
@ -568,6 +550,24 @@
"type": "github"
}
},
"nixinate": {
"inputs": {
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1671116920,
"narHash": "sha256-QmDGsUUmAGn77UTR7eQJmebl8f3IIUCtmbbAdJqKA3s=",
"owner": "matthewcroughan",
"repo": "nixinate",
"rev": "b4d17b8e2a4abc47e93e1a1c466e0286a63640d8",
"type": "github"
},
"original": {
"owner": "matthewcroughan",
"repo": "nixinate",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1686838567,
@ -585,15 +585,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1636416043,
"narHash": "sha256-Esz9X97OeAsNoJUVuqlCu2LDWcyLE24huUonhOY3JGw=",
"owner": "nixos",
"lastModified": 1671417167,
"narHash": "sha256-JkHam6WQOwZN1t2C2sbp1TqMv3TVRjzrdoejqfefwrM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "db6044d5debaff0749420c3553d1b89fc6c5c5f8",
"rev": "bb31220cca6d044baa6dc2715b07497a2a7c4bc7",
"type": "github"
},
"original": {
"owner": "nixos",
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
@ -601,7 +602,7 @@
"nixpkgs-fmt": {
"inputs": {
"fenix": "fenix",
"flake-utils": "flake-utils_5",
"flake-utils": "flake-utils_4",
"nixpkgs": [
"nixpkgs"
]
@ -701,6 +702,21 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1636416043,
"narHash": "sha256-Esz9X97OeAsNoJUVuqlCu2LDWcyLE24huUonhOY3JGw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "db6044d5debaff0749420c3553d1b89fc6c5c5f8",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1645527175,
"narHash": "sha256-WeewqaO48sCctiN+iwgZZEJRU29Si7vHHoLCINAvuk8=",
@ -715,7 +731,23 @@
"type": "github"
}
},
"nixpkgs_3": {
"nixpkgs_4": {
"locked": {
"lastModified": 1653060744,
"narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "dfd82985c273aac6eced03625f454b334daae2e8",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1687829761,
"narHash": "sha256-QRe1Y8SS3M4GeC58F/6ajz6V0ZLUVWX3ZAMgov2N3/g=",
@ -731,7 +763,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_6": {
"locked": {
"lastModified": 1632855891,
"narHash": "sha256-crW76mt9/kbUBiKy/KiSnsQ9JEYgD3StDuYAMVkTbM0=",
@ -745,7 +777,7 @@
"type": "indirect"
}
},
"nixpkgs_5": {
"nixpkgs_7": {
"locked": {
"lastModified": 1686979235,
"narHash": "sha256-gBlBtk+KrezFkfMrZw6uwTuA7YWtbFciiS14mEoTCo0=",
@ -879,8 +911,8 @@
},
"polygon-art": {
"inputs": {
"flake-utils": "flake-utils_6",
"nixpkgs": "nixpkgs_4"
"flake-utils": "flake-utils_5",
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1632864714,
@ -945,7 +977,7 @@
},
"root": {
"inputs": {
"colmena": "colmena",
"deploy-rs": "deploy-rs",
"disko": "disko",
"doom-emacs-nix": "doom-emacs-nix",
"emacs-overlay": "emacs-overlay_2",
@ -954,8 +986,9 @@
"home-manager-utils": "home-manager-utils",
"kmonad": "kmonad",
"landingpage": "landingpage",
"nixinate": "nixinate",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_5",
"nixpkgs-fmt": "nixpkgs-fmt",
"nixpkgs-legacy_2105": "nixpkgs-legacy_2105",
"nixpkgs-legacy_2205": "nixpkgs-legacy_2205",
@ -1037,7 +1070,7 @@
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_7",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
@ -1054,22 +1087,6 @@
"type": "github"
}
},
"stable": {
"locked": {
"lastModified": 1669735802,
"narHash": "sha256-qtG/o/i5ZWZLmXw108N2aPiVsxOcidpHJYNkT45ry9Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "731cc710aeebecbf45a258e977e8b68350549522",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@ -1101,6 +1118,21 @@
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"ws-butler": {
"flake": false,
"locked": {

355
flake.nix
View file

@ -1,30 +1,20 @@
{
description = "my krops file";
inputs = {
secrets = {
url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-secrets.git?ref=main";
flake = false;
};
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11";
nixpkgs-legacy_2205.url = "github:nixos/nixpkgs/nixos-22.05";
nixpkgs-legacy_2105.url = "github:nixos/nixpkgs/nixos-21.05";
nixos-hardware = {
url = "github:nixos/nixos-hardware";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = "github:nixos/nixos-hardware";
home-manager = {
url = "github:nix-community/home-manager/release-23.05";
inputs.nixpkgs.follows = "nixpkgs";
};
colmena = {
url = "github:zhaofengli/colmena";
inputs.nixpkgs.follows = "nixpkgs";
};
polygon-art = {
url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
};
@ -80,13 +70,18 @@
# url = "github:kirelagin/dns.nix";
# inputs.nixpkgs.follows = "nixpkgs";
#};
nixinate.url = "github:matthewcroughan/nixinate";
# For accessing `deploy-rs`'s utility Nix functions
deploy-rs.url = "github:serokell/deploy-rs";
};
outputs =
{ self
, colmena
, disko
#, dns
, deploy-rs
, doom-emacs-nix
, emacs-overlay
, grocy-scanner
@ -94,12 +89,13 @@
, home-manager-utils
, kmonad
, landingpage
, nixinate
, nixos-hardware
, nixpkgs
, nixpkgs-fmt
, nixpkgs-legacy_2211
, nixpkgs-legacy_2105
, nixpkgs-legacy_2205
, nixpkgs-legacy_2211
, nixpkgs-unstable
, permown
, polygon-art
@ -110,7 +106,23 @@
}:
let
system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
inherit (nixpkgs) lib;
nixosSystem = args:
(lib.makeOverridable lib.nixosSystem)
(lib.recursiveUpdate args {
modules =
args.modules
++ [
{
config.nixpkgs.pkgs = lib.mkDefault args.pkgs;
config.nixpkgs.localSystem = lib.mkDefault args.pkgs.stdenv.hostPlatform;
}
];
});
pullNetworkPasswords = pkgs.writers.writeBashBin "pull-network-passwords" ''
# collect all network configurations and save them in the store
@ -124,59 +136,46 @@
pushNetworkPasswords = pkgs.writers.writeBashBin "push-network-passwords" ''
echo "push network passwords to $1"
'';
in
{
# colmena
devShell.${system} =
pkgs.mkShell {
buildInputs = [
colmena.packages.${system}.colmena
pushNetworkPasswords
pullNetworkPasswords
nixpkgs-fmt.defaultPackage.${system}
meta = rec {
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
config.permittedInsecurePackages = [ "python-2.7.18.6" ];
overlays = [
(_self: _super: {
unstable = import nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
legacy_2211 = import nixpkgs-legacy_2211 {
inherit system;
};
legacy_2205 = import nixpkgs-legacy_2205 {
inherit system;
};
legacy_2105 = nixpkgs-legacy_2105 {
inherit system;
};
polygon-art = polygon-art.packages.${pkgs.system};
landingpage = landingpage.packages.${pkgs.system}.plain;
trilium-server = nixpkgs-unstable.legacyPackages.${pkgs.system}.trilium-server;
kmonad = kmonad.packages.${pkgs.system}.kmonad;
#deploy-rs = deploy-rs.packages.${system}.deploy-rs;
})
(import ./nixos/pkgs)
];
};
specialArgs = {
inherit private_assets;
assets = ./nixos/assets;
};
};
colmena =
let
sopsModule = name: { lib, ... }: {
sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml";
imports = [
sops-nix.nixosModules.sops
kmonad.nixosModules.default
];
};
in
{
meta = {
nixpkgs = import nixpkgs {
system = "x86_64-linux";
config.allowUnfree = true;
overlays = [
(_self: _super: {
unstable = import nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
legacy_2211 = nixpkgs-legacy_2211.legacyPackages.${pkgs.system};
legacy_2205 = nixpkgs-legacy_2205.legacyPackages.${pkgs.system};
legacy_2105 = nixpkgs-legacy_2105.legacyPackages.${pkgs.system};
polygon-art = polygon-art.packages.${pkgs.system};
landingpage = landingpage.packages.${pkgs.system}.plain;
trilium-server = nixpkgs-unstable.legacyPackages.${pkgs.system}.trilium-server;
kmonad = kmonad.packages.${pkgs.system}.kmonad;
})
];
};
specialArgs = {
inherit private_assets;
assets = ./nixos/assets;
};
};
defaults = { name, pkgs, lib, ... }: {
deployment.buildOnTarget = lib.mkDefault true;
defaultModules = [
({ pkgs, lib, ... }:
{
nix = {
# no channesl needed this way
nixPath = [ "nixpkgs=${pkgs.path}" ];
@ -186,156 +185,106 @@
experimental-features = nix-command flakes
'';
};
environment.systemPackages = [
nixpkgs-fmt.defaultPackage.${system}
colmena.packages.${system}.colmena
];
boot.tmpOnTmpfs = lib.mkDefault true; # make /tmp a tmpfs (performance!)
boot.tmp.useTmpfs = lib.mkDefault true;
environment.systemPackages = [ nixpkgs-fmt.defaultPackage.${system} ];
imports = [
./nixos/machines/${name}/configuration.nix
(sopsModule name)
#./nixos/machines/${name}/configuration.nix
#(sopsModule name)
home-manager.nixosModules.home-manager
permown.nixosModules.permown
disko.nixosModules.disko
kmonad.nixosModules.default
{ nix.settings.substituters = [ "https://cache.nixos.org/" ]; }
{
nix.settings = {
substituters = [ "https://colmena.cachix.org" ];
trusted-public-keys = [ "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg=" ];
};
}
#{
# nix.settings = {
# substituters = [ "http://chungus.private:5000" "http://robi.private:5000" ];
# #trusted-public-keys = [ "to be created" ];
# };
#}
];
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
};
})
];
cream = { name, nodes, pkgs, ... }: {
deployment.allowLocalDeployment = true;
deployment.targetHost = "${name}.private";
#deployment.targetHost = "localhost";
deployment.tags = [ "desktop" "online" "private" ];
imports = [
grocy-scanner.nixosModule
nixos-hardware.nixosModules.framework-12th-gen-intel
private_assets.nixosModules.jobrad
retiolum.nixosModules.retiolum
];
home-manager.users.mainUser = {
imports = [
doom-emacs-nix.hmModule
home-manager-utils.hmModule
];
};
};
sopsModule = name: { lib, ... }: {
sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml";
imports = [
sops-nix.nixosModules.sops
];
};
#sterni = { name, nodes, pkgs, ... }: {
# deployment.allowLocalDeployment = true;
# deployment.targetHost = "${name}.private";
# deployment.tags = [ "desktop" "online" "private" ];
# imports = [
# grocy-scanner.nixosModule
# nixos-hardware.nixosModules.lenovo-thinkpad-x220
# retiolum.nixosModules.retiolum
# ];
# home-manager.users.mainUser = {
# imports = [
# doom-emacs-nix.hmModule
# home-manager-utils.hmModule
# ];
# };
#};
#sternchen = { name, nodes, pkgs, ... }: {
# deployment.targetHost = "${name}.secret";
# deployment.tags = [ "desktop" ];
# imports = [
# grocy-scanner.nixosModule
# ];
# home-manager.users.mainUser = {
# imports = [
# doom-emacs-nix.hmModule
# home-manager-utils.hmModule
# ];
# programs.doom-emacs.enable = false;
# };
#};
pepe = { name, nodes, pkgs, ... }: {
deployment.targetHost = "${name}.private";
deployment.tags = [ "server" "online" "private" ];
imports = [
grocy-scanner.nixosModule
nixos-hardware.nixosModules.lenovo-thinkpad-x220
];
};
chungus = { name, nodes, pkgs, ... }: {
deployment.targetHost = "${name}.private";
deployment.tags = [ "server" "online" "private" ];
deployment.buildOnTarget = false;
imports = [
grocy-scanner.nixosModule
];
};
robi = { name, nodes, pkgs, ... }: {
deployment.targetHost = "${name}.private";
deployment.tags = [ "server" "online" "private" ];
imports = [
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-gpu-intel
];
home-manager.users.root = {
home.stateVersion = "22.11";
imports = [
doom-emacs-nix.hmModule
];
programs.doom-emacs = {
enable = true;
emacsPackage = pkgs.emacs-nox;
doomPrivateDir = ./doom.d;
};
};
};
bobi = { name, nodes, pkgs, ... }: {
#deployment.targetHost = "${name}.private";
deployment.targetHost = "192.168.178.31";
deployment.buildOnTarget = false;
deployment.tags = [ "desktop" "usb" "private" ];
imports = [
grocy-scanner.nixosModule
];
home-manager.users.mainUser = {
imports = [
doom-emacs-nix.hmModule
home-manager-utils.hmModule
];
};
};
mobi = { name, nodes, pkgs, ... }: {
deployment.targetHost = "${name}.private";
deployment.buildOnTarget = false;
deployment.tags = [ "desktop" "usb" "private" ];
imports = [
grocy-scanner.nixosModule
];
home-manager.users.mainUser = {
imports = [
doom-emacs-nix.hmModule
home-manager-utils.hmModule
];
};
};
in
{
devShells.${system}.default =
pkgs.mkShell {
buildInputs = [
pushNetworkPasswords
pullNetworkPasswords
nixpkgs-fmt.defaultPackage.${system}
#deploy-rs.packages.${system}.deploy-rs
];
};
#deploy.nodes.cream.profiles.system = {
# user = "root";
# path = meta.deployPkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.cream;
#};
# This is highly advised, and will prevent many possible mistakes
# checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
apps = nixinate.nixinate.x86_64-linux self;
#packages = with nixpkgs.lib; {
# "x86_64-linux" = (mapAttrs'
# (host: sys: {
# name = "vm-${host}";
# value = sys.config.system.build.vm;
# })
# self.nixosConfigurations) // (mapAttrs'
# (host: sys: {
# name = "sd-${host}";
# value = sys.config.system.build.sdImage;
# })
# (filterAttrs
# (n: hasAttrByPath [ "config" "system" "build" "sdImage" ])
# self.nixosConfigurations));
#};
nixosConfigurations = {
cream = nixosSystem {
inherit (meta) system specialArgs;
pkgs = meta.pkgs;
modules = defaultModules ++ [
{
_module.args.nixinate = {
host = "cream.private";
sshUser = "root";
buildOn = "remote"; # valid args are "local" or "remote"
substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s"
hermetic = false;
};
}
{
# make flake inputs accessiable in NixOS
_module.args.self = self;
_module.args.inputs = self.inputs;
}
{
imports = [
./nixos/machines/cream/configuration.nix
(sopsModule "cream")
grocy-scanner.nixosModule
nixos-hardware.nixosModules.framework-12th-gen-intel
private_assets.nixosModules.jobrad
retiolum.nixosModules.retiolum
];
home-manager.users.mainUser.imports = [
doom-emacs-nix.hmModule
home-manager-utils.hmModule
];
}
];
};
};
};
}

View file

@ -6,8 +6,6 @@
../../system/desktop
../../system/server/netdata.nix
./strange_2305_upgrade.nix
./hardware-configuration.nix
./packages.nix
./syncthing.nix

View file

@ -4,7 +4,7 @@
imports = [ ./packages.nix ];
# provide overlays
# -----------------
nixpkgs.overlays = [ (import ../../pkgs) ];
# nixpkgs.overlays = [ (import ../../pkgs) ];
# allow un-free
# -------------