From 101a6afcd8f9e020c9c06b906438f8f977cc549e Mon Sep 17 00:00:00 2001 From: niten Date: Wed, 5 Jan 2022 12:09:56 -0800 Subject: [PATCH] Updated flake.lock --- config/default.nix | 1 + config/hardware/zbox.nix | 3 + config/host-config/nutboy3.nix | 118 +-------------------- config/host-config/procul.nix | 17 ++- config/host-config/system3.nix | 5 +- config/service/jabber.nix | 8 +- config/site-config/seattle.nix | 12 +-- config/users.nix | 7 +- flake.lock | 183 ++++++++++++++++++++++----------- 9 files changed, 157 insertions(+), 197 deletions(-) diff --git a/config/default.nix b/config/default.nix index aa4939c..9ee1803 100644 --- a/config/default.nix +++ b/config/default.nix @@ -15,6 +15,7 @@ ./user-config.nix ./wireless-networks.nix + ./service/chute.nix ./service/dns.nix ./service/fudo-auth.nix ./service/jabber.nix diff --git a/config/hardware/zbox.nix b/config/hardware/zbox.nix index 8650ec4..c26c48c 100644 --- a/config/hardware/zbox.nix +++ b/config/hardware/zbox.nix @@ -77,6 +77,9 @@ enableRedistributableFirmware = true; enableAllFirmware = true; + + # Required with Wayland? + nvidia.modesetting.enable = true; }; networking = { diff --git a/config/host-config/nutboy3.nix b/config/host-config/nutboy3.nix index 7e99583..ff028a3 100644 --- a/config/host-config/nutboy3.nix +++ b/config/host-config/nutboy3.nix @@ -24,6 +24,7 @@ let in { imports = [ + ./nutboy3/cashew.nix ./nutboy3/forum_selby_ca.nix ]; @@ -96,6 +97,7 @@ in { services = { jabber = { enable = true; + domain = "jabber.fudo.org"; hostname = "jabber.fudo.org"; ldap.servers = [ "nutboy3.fudo.org" ]; state-directory = "/state/ejabberd"; @@ -185,121 +187,5 @@ in { # }; # }; }; - - containers.cashew = let - local-packages = with pkgs; [ - bind - emacs-nox - mtr - vim - ]; - in { - autoStart = true; - - bindMounts = { - "/state" = { - hostPath = "/state/cashew"; - isReadOnly = false; - }; - "/etc/bind" = { - hostPath = "/state/cashew/bind"; - isReadOnly = false; - }; - "/var/log" = { - hostPath = "/state/cashew/logs"; - isReadOnly = false; - }; - "/home" = { - hostPath = "/state/cashew/home"; - isReadOnly = false; - }; - "/etc/dns-root-data" = { - hostPath = "${pkgs.dns-root-data}/"; - isReadOnly = true; - }; - }; - - interfaces = [ "eno2" ]; - - config = { ... }: { - nixpkgs.pkgs = pkgs; - - environment.systemPackages = local-packages; - - users = { - users = { - niten = config.users.users.niten; - reaper = config.users.users.reaper // { - openssh.authorizedKeys.keys = [ - "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBADtR1gMK7JnIOht8yZNPROr+0VHgt5eWrGFPscVPk1crVuEvIv1MF544Qk1IHi+2OA2xUvI1BTgmXp3TLvCjEn4lQF4Uc5hcUGENS6TNMPByHx69rAeXVMtmjW0sL4Tbhqd0iNh85STdtzXNZUY31+A6ugrJSnvnSt5wv9ZpMz0SFIE1Q==" - ]; - }; - root.openssh.authorizedKeys.keys = [ - "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBADtR1gMK7JnIOht8yZNPROr+0VHgt5eWrGFPscVPk1crVuEvIv1MF544Qk1IHi+2OA2xUvI1BTgmXp3TLvCjEn4lQF4Uc5hcUGENS6TNMPByHx69rAeXVMtmjW0sL4Tbhqd0iNh85STdtzXNZUY31+A6ugrJSnvnSt5wv9ZpMz0SFIE1Q==" - ]; - }; - groups = { - wheel.members = [ - "niten" - "reaper" - ]; - dns = { - members = [ - "niten" - "reaper" - "named" - ]; - }; - }; - }; - - networking = { - defaultGateway = { - address = "208.81.4.81"; - interface = "eno2"; - }; - - interfaces.eno2 = { - ipv4.addresses = [ - { - address = "208.81.4.82"; - prefixLength = 29; - } - { - address = "208.81.1.141"; - prefixLength = 32; - } - ]; - }; - - firewall.enable = false; - }; - - services = { - bind = { - enable = true; - configFile = "/etc/bind/named.conf"; - }; - - openssh = { - enable = true; - startWhenNeeded = true; - useDns = true; - permitRootLogin = "prohibit-password"; - hostKeys = [ - { - path = "/state/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - { - path = "/state/ssh/ssh_host_rsa_key"; - type = "rsa"; - bits = 4096; - } - ]; - }; - }; - }; - }; }; } diff --git a/config/host-config/procul.nix b/config/host-config/procul.nix index 125cfbc..7abfc41 100644 --- a/config/host-config/procul.nix +++ b/config/host-config/procul.nix @@ -84,16 +84,15 @@ in { }; }; - chute = { + services.chute = let + secret-files = config.fudo.secrets.files.service-secrets.procul; + in { enable = true; - stages = { - staging = { - package = pkgs.chuteUnstable; - credential-file = host-secrets.chute-staging-credentials.target-file; - currencies = { - btc.stop-percentile = 98; - }; - }; + jabber-user = "niten@jabber.fudo.org"; + staging = { + secret-file = secret-files."chute-staging.secret"; + passphrase-file = secret-files."chute-staging.passphrase"; + key-file = secret-files."chute-staging.key"; }; }; }; diff --git a/config/host-config/system3.nix b/config/host-config/system3.nix index 356ea56..e3a4b55 100644 --- a/config/host-config/system3.nix +++ b/config/host-config/system3.nix @@ -6,7 +6,10 @@ in { environment.systemPackages = with pkgs; [ opencv-java ]; - networking.interfaces.intif0.useDHCP = true; + networking = { + interfaces.intif0.useDHCP = true; + firewall.enable = false; + }; systemd.tmpfiles.rules = [ "L /root/.gnupg - - - - ${state-dir}/user/root/gnupg" diff --git a/config/service/jabber.nix b/config/service/jabber.nix index 329c9fb..63f4fb6 100644 --- a/config/service/jabber.nix +++ b/config/service/jabber.nix @@ -28,6 +28,11 @@ in { default = "jabber.fudo.org"; }; + domain = mkOption { + type = str; + description = "Jabber domain."; + }; + ldap = { user = mkOption { type = str; @@ -70,7 +75,8 @@ in { }; sites = { - ${cfg.hostname} = { + ${cfg.domain} = { + hostname = cfg.hostname; site-config = { auth_method = "ldap"; ldap_servers = cfg.ldap.servers; diff --git a/config/site-config/seattle.nix b/config/site-config/seattle.nix index 9172e21..fc80ab1 100644 --- a/config/site-config/seattle.nix +++ b/config/site-config/seattle.nix @@ -44,17 +44,17 @@ in { "/net/documents" = { device = "nostromo.sea.fudo.org:/export/documents"; fsType = "nfs4"; - options = [ "comment=systemd.automount" "sec=krb5p" ]; + options = [ "comment=systemd.automount" "sec=krb5p" "nfsvers=4" ]; }; "/net/downloads" = { device = "nostromo.sea.fudo.org:/export/downloads"; fsType = "nfs4"; - options = [ "comment=systemd.automount" "sec=krb5i" ]; + options = [ "comment=systemd.automount" "sec=krb5i" "nfsvers=4" ]; }; "/net/projects" = { device = "nostromo.sea.fudo.org:/export/projects"; fsType = "nfs4"; - options = [ "comment=systemd.automount" "sec=krb5p" ]; + options = [ "comment=systemd.automount" "sec=krb5p" "nfsvers=4" ]; }; }; @@ -68,21 +68,21 @@ in { # mounts = [ # { - # what = "sea-store.sea.fudo.org:/export/documents"; + # what = "nostromo.sea.fudo.org:/export/documents"; # where = "/net/documents"; # type = "nfs4"; # options = "sec=krb5p"; # description = "sea-store documents on encrypted filesysem."; # } # { - # what = "sea-store.sea.fudo.org:/export/downloads"; + # what = "nostromo.sea.fudo.org:/export/downloads"; # where = "/net/downloads"; # type = "nfs4"; # options = "sec=krb5i"; # description = "sea-store downloads on encrypted filesysem."; # } # { - # what = "sea-store.sea.fudo.org:/export/projects"; + # what = "nostromo.sea.fudo.org:/export/projects"; # where = "/net/projects"; # type = "nfs4"; # options = "sec=krb5p"; diff --git a/config/users.nix b/config/users.nix index 5dc00ea..cff3787 100644 --- a/config/users.nix +++ b/config/users.nix @@ -107,9 +107,9 @@ uid = 10035; primary-group = "selby"; common-name = "Ken Selby"; - ldap-hashed-passwd = "{SSHA}YvtkEpqsReXcMdrzlui/ZmhIUKN42YO1"; + ldap-hashed-passwd = "{SSHA}ohRfhWED/qq5NIH8pqgHMQlbpPWVkH/m"; login-hashed-passwd = - "$6$EwK9fpbH8$gYVzYY1IYw2/G0wCeUxXrZZqvjWCkCZbBqCOhxowbMuYtC5G0vp.AoYhVKWOJcHJM2c7TdPmAdnhLIe2KYStf."; + "$6$f/0esIm0sxh36VCa$XJ1xFAquJTRW02W1GKqNDT0H.ufjx0yK2tiywhkW.QBi7P0AvShCDPVCFN59pQvYH7C5Q4ixX9VWLnufIU/9B1"; email-aliases = [ "kselby@selby.ca" ]; }; @@ -329,7 +329,8 @@ uid = 10086; primary-group = "selby"; common-name = "Helen Selby"; - ldap-hashed-passwd = "{SSHA}uckUXX09MjYq9++sF3f9b2IY8a9UBIxm"; + ldap-hashed-passwd = "{SSHA}G/qhBqHiCRSi+LdwyUesMH7StM5J6wZI"; + # ldap-hashed-passwd = "{SSHA}uckUXX09MjYq9++sF3f9b2IY8a9UBIxm"; }; vee = { diff --git a/flake.lock b/flake.lock index a9bd695..964d337 100644 --- a/flake.lock +++ b/flake.lock @@ -66,11 +66,11 @@ "utils": "utils_4" }, "locked": { - "lastModified": 1639617108, - "narHash": "sha256-8lwF4kcf/pigrNIrR4JXdTTFTCxgKyVGsYppVEt1rII=", + "lastModified": 1641048770, + "narHash": "sha256-8rzyOw029lbQC/UzzROwr+k9tnYKPgLIBLxMne6abo4=", "ref": "master", - "rev": "0845e2e7eb44aefe38e3ae80ac237fd851733737", - "revCount": 6, + "rev": "88a8dbfe38d164351afeeca32c9e725d825e362d", + "revCount": 17, "type": "git", "url": "https://git.fudo.org/chute/chute.git" }, @@ -142,7 +142,7 @@ "evil-org-mode": "evil-org-mode", "evil-quick-diff": "evil-quick-diff", "explain-pause-mode": "explain-pause-mode", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "nix-straight": "nix-straight", "nixpkgs": "nixpkgs_5", "nose": "nose", @@ -342,21 +342,6 @@ } }, "flake-utils": { - "locked": { - "lastModified": 1638122382, - "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { "locked": { "lastModified": 1623875721, "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", @@ -373,18 +358,17 @@ }, "fudo-entities": { "inputs": { - "flake-utils": "flake-utils", "fudo-lib": "fudo-lib", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1639518935, - "narHash": "sha256-I3+jWNiGo6q3BtQHNgWK5aZ7K22L6YzNjQ5ZOfKgYwQ=", + "lastModified": 1639927391, + "narHash": "sha256-fptxLDQu9dKzOz8XVtw/tGEsua1XHUF7pzYpzZ4igjU=", "ref": "master", - "rev": "ee5bede8e9766bbdf7b9f093d8eb3d1c2eb27caa", - "revCount": 24, + "rev": "e29d67c9ea522672e3fcf2e8d48edc61ba72ff0d", + "revCount": 25, "type": "git", "url": "https://git.fudo.org/fudo-nix/entities.git" }, @@ -396,18 +380,17 @@ "fudo-home": { "inputs": { "doom-emacs": "doom-emacs", + "fudo-pkgs": "fudo-pkgs", "home-manager": "home-manager", "niten-doom-config": "niten-doom-config", - "nixpkgs": [ - "nixpkgs" - ] + "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1639926329, - "narHash": "sha256-GhNfhleCMoZ9+f7rh5YVPQIfoYV6Ehzgvku0DYcqf84=", + "lastModified": 1641413339, + "narHash": "sha256-31N7ovrwD6IagxFRGVDFNKq162h7s7wpBKAt+7bEhV0=", "ref": "master", - "rev": "902966263e785d1b36d55f917ba34680ae854a14", - "revCount": 60, + "rev": "3d18a37c6ef9815428d4a8babafa83cfbdafea57", + "revCount": 75, "type": "git", "url": "https://git.fudo.org/fudo-nix/home.git" }, @@ -433,7 +416,7 @@ }, "fudo-lib_2": { "locked": { - "narHash": "sha256-UAFFqr8Dln9AtMu1mJDHGFhNQgAezZjU8yywX/yaihs=", + "narHash": "sha256-hlQ7nQYuIH7AfRu7O3yr8Xf8Ppqbf7lIU2QNQvnOAbU=", "path": "/state/fudo-lib", "type": "path" }, @@ -443,12 +426,33 @@ } }, "fudo-pkgs": { + "inputs": { + "unstableNixpkgs": "unstableNixpkgs" + }, "locked": { - "lastModified": 1639072539, - "narHash": "sha256-ezF6GF5JaJgQ7C4ZbzK4VWXl8DrDRO1gsvv/SOckmZ8=", + "lastModified": 1641413309, + "narHash": "sha256-FPLBuS9714BxkU6uLJSoRL7VQUj3yvTK4xkl7+RSzaM=", "ref": "master", - "rev": "99319e33c6e17476225c1d939e656c6ae6c8152f", - "revCount": 18, + "rev": "042aa2f4cea9ad8acdf93b4b54196aefd94c0408", + "revCount": 22, + "type": "git", + "url": "https://git.fudo.org/fudo-nix/pkgs.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-nix/pkgs.git" + } + }, + "fudo-pkgs_2": { + "inputs": { + "unstableNixpkgs": "unstableNixpkgs_2" + }, + "locked": { + "lastModified": 1641413309, + "narHash": "sha256-FPLBuS9714BxkU6uLJSoRL7VQUj3yvTK4xkl7+RSzaM=", + "ref": "master", + "rev": "042aa2f4cea9ad8acdf93b4b54196aefd94c0408", + "revCount": 22, "type": "git", "url": "https://git.fudo.org/fudo-nix/pkgs.git" }, @@ -472,7 +476,7 @@ "ssh-keypairs": "ssh-keypairs" }, "locked": { - "narHash": "sha256-22lvxSaUkKdp33P19eXif1PieGty0cJw4P2R6LJFL30=", + "narHash": "sha256-ZiSCZ5783ghtNZ6geFR+avU+qnn0nhisbAB4P2yziGY=", "path": "/state/secrets", "type": "path" }, @@ -525,17 +529,14 @@ }, "home-manager": { "inputs": { - "nixpkgs": [ - "fudo-home", - "nixpkgs" - ] + "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1638553958, - "narHash": "sha256-leETjYMtD9y37CvfRSQhIGibcIl4dNVlFkY/8QgqmAM=", + "lastModified": 1639871969, + "narHash": "sha256-6feWUnMygRzA9tzkrfAzpA5/NBYg75bkFxnqb1DtD7E=", "owner": "nix-community", "repo": "home-manager", - "rev": "6ce1d64073f48b9bc9425218803b1b607454c1e7", + "rev": "697cc8c68ed6a606296efbbe9614c32537078756", "type": "github" }, "original": { @@ -560,11 +561,11 @@ "niten-doom-config": { "flake": false, "locked": { - "lastModified": 1639608722, - "narHash": "sha256-Ao+J7h/zE0X+G3frfxCkoY4hK7T1oNpTpwwv7n7pGaA=", + "lastModified": 1640017877, + "narHash": "sha256-9twZfDxSjX87NHzuEQXkm1Q037YS98jPQv3Hw4Uktiw=", "ref": "master", - "rev": "8be77a42d7669fa71287c58ebaf210159f198b50", - "revCount": 36, + "rev": "3d990cdf82fc7d5a6c8fd033e8bcf460fb27df1b", + "revCount": 37, "type": "git", "url": "https://git.fudo.org/niten/doom-emacs.git" }, @@ -637,11 +638,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1638196344, - "narHash": "sha256-fkOqSkfOkl8tqxDd+zJU4kAgyLXp/ouaP+U9gpjEZZs=", + "lastModified": 1640653651, + "narHash": "sha256-fByFYXYoE/6TqwKGbT7XBCOAlSsFzOXm4ZsRLoO70m8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2553aee74fed8c2205a4aeb3ffd206ca14ede60f", + "rev": "7bca80140fc7732c7357b26002db3d87b3ba4c61", "type": "github" }, "original": { @@ -652,11 +653,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1626852498, - "narHash": "sha256-lOXUJvi0FJUXHTVSiC5qsMRtEUgqM4mGZpMESLuGhmo=", + "lastModified": 1638407071, + "narHash": "sha256-xbveILjgtBVh6B5F6i2k3T0IrE8lZp1vsqfDY+Df/cg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "16105403bdd843540cbef9c63fc0f16c1c6eaa70", + "rev": "971b383a28f4baee8ea3931af4840fa221929fd6", "type": "github" }, "original": { @@ -667,11 +668,41 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1639611175, - "narHash": "sha256-13B6tgKXygEBWxwj9+vIjuWyzwNF1XPLjJiFAvE7A88=", + "lastModified": 1638407071, + "narHash": "sha256-xbveILjgtBVh6B5F6i2k3T0IrE8lZp1vsqfDY+Df/cg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6d684ea3adef590a2174f2723134e1ea377272d2", + "rev": "971b383a28f4baee8ea3931af4840fa221929fd6", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_7": { + "locked": { + "lastModified": 1638407071, + "narHash": "sha256-xbveILjgtBVh6B5F6i2k3T0IrE8lZp1vsqfDY+Df/cg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "971b383a28f4baee8ea3931af4840fa221929fd6", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "971b383a28f4baee8ea3931af4840fa221929fd6", + "type": "github" + } + }, + "nixpkgs_8": { + "locked": { + "lastModified": 1641229786, + "narHash": "sha256-WPPcLNbVu6ryj772GooUpF285LOvRHdOo/UNJgPnFYI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "88579effa7e88c25087faf6de6388d0cd1738dc0", "type": "github" }, "original": { @@ -811,9 +842,9 @@ "fudo-entities": "fudo-entities", "fudo-home": "fudo-home", "fudo-lib": "fudo-lib_2", - "fudo-pkgs": "fudo-pkgs", + "fudo-pkgs": "fudo-pkgs_2", "fudo-secrets": "fudo-secrets", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_8" } }, "rotate-text": { @@ -859,7 +890,7 @@ "service-secrets": { "flake": false, "locked": { - "narHash": "sha256-IfG9fX6qr+EKMfG6l/nzhrNYYXfKBtaNHHhiW6eCcGk=", + "narHash": "sha256-vXL26U+o23E5tTG4Hb/RZrfra3I8Zw/wdZnT9PKwdks=", "path": "/state/secrets/service-secrets", "type": "path" }, @@ -880,6 +911,36 @@ "type": "path" } }, + "unstableNixpkgs": { + "locked": { + "lastModified": 1641230035, + "narHash": "sha256-hFyqihERaTbLxCOlugy/rpp22VLtLh8SPRnA2uu3F/8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "78cd22c1b8604de423546cd49bfe264b786eca13", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "unstableNixpkgs_2": { + "locked": { + "lastModified": 1641230035, + "narHash": "sha256-hFyqihERaTbLxCOlugy/rpp22VLtLh8SPRnA2uu3F/8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "78cd22c1b8604de423546cd49bfe264b786eca13", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, "utils": { "locked": { "lastModified": 1637014545,