nix
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Mostly stuff for selby forum

This commit is contained in:
root 2021-12-18 12:10:42 -08:00
parent 5a0b508ecc
commit 806349c073
11 changed files with 711 additions and 189 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
config/default.nix
View File

@ -6,7 +6,7 @@
./backplane-client.nix
./bash.nix
./common.nix
./dns.nix
# ./dns.nix
./groups.nix
./instance.nix
# ./kerberos.nix
@ -15,7 +15,8 @@
./user-config.nix
./wireless-networks.nix
./service/auth.nix
./service/dns.nix
./service/fudo-auth.nix
./service/jabber.nix
];
}

6
config/hardware/zbox.nix
View File

@ -66,12 +66,6 @@
opengl = {
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
rocm-opencl-icd
rocm-opencl-runtime
amdvlk
driversi686Linux.amdvlk
];
setLdLibraryPath = true;
};

98
config/host-config/legatus.nix
View File

@ -11,7 +11,7 @@ let
local-packages = with pkgs; [ ldns.examples ];
secrets = config.fudo.secrets.host-secrets.${hostname};
host-secrets = config.fudo.secrets.host-secrets.${hostname};
in {
networking = {
@ -61,12 +61,6 @@ in {
hosts.legatus.external-interfaces = [ "extif0" ];
services = {
jabber = {
enable = true;
hostname = "jabber.fudo.org";
ldap.servers = [ "nutboy3.fudo.org" ];
state-directory = "/state/ejabberd";
};
auth = {
ldap.state-directory = "/state/auth/ldap";
kerberos = {
@ -98,7 +92,7 @@ in {
user = config.fudo.auth.kdc.user;
};
hemidal-ipropd-keytab = {
heimdal-ipropd-keytab = {
source-file = files.service-keytabs.legatus.ipropd;
target-file = "/run/heimdal/ipropd.keytab";
user = config.fudo.auth.kdc.user;
@ -136,93 +130,5 @@ in {
};
dns.state-directory = "/state/nsd";
# mail-server = {
# enable = true;
# debug = true;
# domain = domain-name;
# mail-hostname = "${host-fqdn}";
# monitoring = false;
# mail-user = "mailuser";
# mail-user-id = 525;
# mail-group = "mailgroup";
# clamav.enable = true;
# dkim.signing = true;
# dovecot = {
# ssl-certificate = acme-certificate "imap.${domain-name}";
# ssl-private-key = acme-private-key "imap.${domain-name}";
# };
# postfix = {
# ssl-certificate = acme-certificate "smtp.${domain-name}";
# ssl-private-key = acme-private-key "smtp.${domain-name}";
# };
# # This should NOT include the primary domain
# local-domains = [ host-fqdn "smtp.${domain-name}" ];
# mail-directory = "/srv/mailserver/mail";
# state-directory = "/srv/mailserver/state";
# trusted-networks = [ "172.86.179.16/29" "127.0.0.0/16" ];
# alias-users = {
# root = [ "niten" ];
# postmaster = [ "niten" ];
# hostmaster = [ "niten" ];
# webmaster = [ "niten" ];
# system = [ "niten" ];
# admin = [ "niten" ];
# dmarc-report = [ "niten" ];
# };
# };
# postgresql = {
# enable = true;
# ssl-certificate = (acme-certificate host-fqdn);
# ssl-private-key = (acme-private-key host-fqdn);
# keytab = secrets.postgres-keytab.target-file;
# local-networks = local-networks;
# users = {
# gituser = {
# password-file =
# secrets.gitea-database-password.target-file;
# databases = {
# git = {
# access = "CONNECT";
# entity-access = {
# "ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE";
# "ALL SEQUENCES IN SCHEMA public" = "SELECT, UPDATE";
# };
# };
# };
# };
# };
# databases = { git = { users = [ "niten" ]; }; };
# };
# git = {
# enable = true;
# hostname = "git.informis.land";
# site-name = "informis git";
# user = "gituser";
# repository-dir = /srv/git/repo;
# state-dir = /srv/git/state;
# database = {
# user = "gituser";
# password-file =
# secrets.gitea-database-password.target-file;
# hostname = "127.0.0.1";
# name = "git";
# };
# ssh = {
# listen-ip = host-ipv4;
# listen-port = 2222;
# };
# };
};
}

59
config/host-config/nutboy3.nix
View File

@ -12,7 +12,7 @@ let
local-packages = with pkgs; [ ldns.examples ];
secrets = config.fudo.secrets.host-secrets.${hostname};
host-secrets = config.fudo.secrets.host-secrets.${hostname};
postgresql-user =
config.systemd.services.postgresql.serviceConfig.User;
@ -23,6 +23,10 @@ let
in {
imports = [
./nutboy3/forum_selby_ca.nix
];
config = {
networking = {
nameservers = [ "1.1.1.1" ];
@ -37,9 +41,7 @@ in {
}];
};
systemd.tmpfiles.rules = [
"L /etc/adjtime - - - - /state/etc/adjtime"
];
systemd.tmpfiles.rules = [ "L /etc/adjtime - - - - /state/etc/adjtime" ];
environment.systemPackages = local-packages;
@ -68,17 +70,19 @@ in {
};
};
acme.host-domains.${hostname}.${host-fqdn}.local-copies = {
openldap = {
user = config.services.openldap.user;
dependent-services = [ "openldap.service" ];
part-of = [ config.fudo.auth.ldap-server.systemd-target ];
};
acme.host-domains.${hostname} = {
${host-fqdn}.local-copies = {
openldap = {
user = config.services.openldap.user;
dependent-services = [ "openldap.service" ];
part-of = [ config.fudo.auth.ldap-server.systemd-target ];
};
postgresql = {
user = postgresql-user;
dependent-services = [ "postgresql.service" ];
part-of = [ config.fudo.postgresql.systemd-target ];
postgresql = {
user = postgresql-user;
dependent-services = [ "postgresql.service" ];
part-of = [ config.fudo.postgresql.systemd-target ];
};
};
};
@ -89,11 +93,19 @@ in {
external-interface = "extif0";
};
services.auth = {
ldap.state-directory = "/state/auth/ldap";
kerberos = {
state-directory = "/state/auth/kerberos";
master-key-file = host-secrets.heimdal-master-key.target-file;
services = {
jabber = {
enable = true;
hostname = "jabber.fudo.org";
ldap.servers = [ "nutboy3.fudo.org" ];
state-directory = "/state/ejabberd";
};
auth = {
ldap.state-directory = "/state/auth/ldap";
kerberos = {
state-directory = "/state/auth/kerberos";
master-key-file = host-secrets.heimdal-master-key.target-file;
};
};
};
@ -142,16 +154,15 @@ in {
# };
postgresql = let
cert-copy =
config.fudo.acme.host-domains.${hostname}.${host-fqdn}.local-copies.postgresql;
cert-copy = acme-copies.${host-fqdn}.local-copies.postgresql;
in {
enable = true;
ssl-certificate = cert-copy.full-certificate;
ssl-private-key = cert-copy.private-key;
keytab = secrets.postgresql-keytab.target-file;
keytab = host-secrets.postgresql-keytab.target-file;
local-networks = config.instance.local-networks;
state-directory = "/state/postgresql";
required-services = [ cert-copy.service ];
required-services = [ cert-copy.service config.fudo.secrets.secret-target ];
};
# git = {
@ -164,7 +175,7 @@ in {
# database = {
# user = "gituser";
# password-file =
# secrets.gitea-database-password.target-file;
# host-secrets.gitea-database-password.target-file;
# hostname = "127.0.0.1";
# name = "git";
# };

194
config/host-config/nutboy3/forum_selby_ca.nix Normal file
View File

@ -0,0 +1,194 @@
{ config, lib, pkgs, ... }:
with lib;
let
site = "forum.test.selby.ca";
hostname = config.instance.hostname;
host-secrets = config.fudo.secrets.host-secrets.${hostname};
discourse-user = config.systemd.services.discourse.serviceConfig.User;
database-name = "forum_selby_ca";
database-user = "forum_selby_ca";
state-directory = "/state/selby/forum";
password-injector-sql = csv-file: pkgs.stdenv.mkDerivation {
name = "${site}-password-injector-sql";
phases = [ "installPhase" ];
buildInputs = [ pkgs.ruby ];
installPhase = ''
${password-convert-script csv-file}
'';
};
password-convert-script = csv-file: pkgs.writeScript "vanilla-forum-password-convert.rb" ''
#!${pkgs.ruby}/bin/ruby
require 'csv'
data = CSV::readlines("${csv-file}")
File::open(ENV["out"], "w") { |sql|
data.each { |row|
sql.puts("UPDATE users SET import_pass='#{row[2]}' FROM user_emails WHERE users.id = user_emails.user_id AND user_emails.email = '#{row[1]}';")
}
}
'';
in {
config = {
services.discourse = {
enable = true;
hostname = site;
enableACME = true;
plugins = with config.services.discourse.package.plugins; [
discourse-migratepassword
];
admin = {
username = "admin";
fullName = "Admin";
email = "admin@selby.ca";
passwordFile = host-secrets.selby-discourse-admin.target-file;
};
database = {
name = database-name;
host = "localhost";
username = database-user;
passwordFile =
host-secrets.selby-discourse-database-passwd.target-file;
};
};
fudo = {
secrets.host-secrets.${hostname} = let
selby-discourse-db-password =
pkgs.lib.passwd.stablerandom-passwd-file
"selby-discourse-database-password"
"selby-discourse-database-password-${config.instance.build-seed}";
files = config.fudo.secrets.files;
in {
selby-discourse-database-passwd = {
source-file = selby-discourse-db-password;
target-file = "/run/selby/forum/database.passwd";
user = discourse-user;
};
postgresql-selby-discourse-password = {
source-file = selby-discourse-db-password;
target-file = "/run/postgres/selby-discourse.passwd";
user = config.services.postgresql.superUser;
};
selby-discourse-admin = {
source-file = pkgs.lib.passwd.stablerandom-passwd-file
"selby-discourse-admin"
"selby-discourse-admin-${config.instance.build-seed}";
target-file = "/run/selby/forum/admin.passwd";
user = discourse-user;
};
selby-forum-data = {
source-file = files.blobs."selby-forum-2021-12-14.clean";
target-file = "/run/selby/forum/forum-data.txt";
user = discourse-user;
};
selby-forum-passwords-sql = {
source-file = "${password-injector-sql files.blobs."forum_selby_ca-passwd.csv"}";
target-file = "/run/postgres/selby/forum-passwords.sql";
user = config.services.postgresql.superUser;
};
};
postgresql = {
databases.${database-name}.users = [ "niten" ];
users.${database-user} = {
password-file = host-secrets.postgresql-selby-discourse-password.target-file;
databases.${database-name} = {
access = "CONNECT,CREATE";
entity-access = {
"ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE";
"ALL SEQUENCES IN SCHEMA public" = "SELECT,UPDATE";
};
};
};
};
};
security.acme.certs.${site}.email = "admin@selby.ca";
systemd = {
tmpfiles.rules = [
"d ${state-directory} 750 ${discourse-user} - - -"
"L /var/lib/discourse - - - - ${state-directory}"
];
services = {
discourse = {
bindsTo = [ "postgresql.service" ];
after = [
config.fudo.postgresql.systemd-target
"postgresql.service"
];
};
discourse-prepare = {
description = "Do discourse's superuser-requiring database work for it.";
wantedBy = [ "discourse.service" ];
before = [ "discourse.service" ];
requires = [ config.fudo.postgresql.systemd-target ];
after = [ config.fudo.postgresql.systemd-target ];
path = with pkgs; [ postgresql ];
serviceConfig = {
User = config.services.postgresql.superUser;
ExecStart = pkgs.writeShellScript "discourse-prepare.sh" ''
psql -d ${database-name} -c "CREATE EXTENSION IF NOT EXISTS hstore;"
psql -d ${database-name} -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
'';
};
};
discourse-import-vanilla = let
env-without-path =
filterAttrs (attr: _: attr != "PATH")
config.systemd.services.discourse.environment;
selby-forum-data = host-secrets.selby-forum-data.target-file;
in {
description = "One-off job to import Vanilla forum.";
path = config.systemd.services.discourse.path;
environment = env-without-path;
serviceConfig = {
User = config.systemd.services.discourse.serviceConfig.User;
Group = config.systemd.services.discourse.serviceConfig.Group;
Type = "oneshot";
WorkingDirectory = config.systemd.services.discourse.serviceConfig.WorkingDirectory;
ExecStart = pkgs.writeShellScript "import-vanilla-forum.sh" ''
ruby script/import_scripts/vanilla.rb ${selby-forum-data}
'';
};
};
discourse-add-password-hash = let
alter-user-script = pkgs.writeText "create-password-column.sql" ''
ALTER TABLE users ADD COLUMN IF NOT EXISTS import_pass VARCHAR (64);
'';
in {
description = "One-off job to add user password hashes from Vanilla forum.";
path = with pkgs; [ postgresql ];
wantedBy = [ "discourse.service" ];
serviceConfig = {
User = config.services.postgresql.superUser;
Type = "oneshot";
ExecStart = pkgs.writeShellScript "import-vanilla-passwords.sh" ''
psql -d ${database-name} -f ${alter-user-script}
psql -d ${database-name} -f ${host-secrets.selby-forum-passwords-sql.target-file}
'';
};
};
};
};
};
}

62
config/host-config/procul.nix
View File

@ -17,7 +17,7 @@ let
local-packages = with pkgs; [ ldns.examples ];
secrets = config.fudo.secrets.host-secrets.procul;
host-secrets = config.fudo.secrets.host-secrets.procul;
passwd = pkgs.lib.fudo.passwd;
@ -65,20 +65,35 @@ in {
groups = { acme = { members = [ "nginx" ]; }; };
};
informis.cl-gemini = {
enable = true;
informis = {
cl-gemini = {
enable = true;
hostname = "gemini.informis.land";
server-ip = host-ipv4;
document-root = "/srv/gemini/root";
textfiles-archive = "${pkgs.textfiles}";
slynk-port = 4005;
hostname = "gemini.informis.land";
server-ip = host-ipv4;
document-root = "/srv/gemini/root";
textfiles-archive = "${pkgs.textfiles}";
slynk-port = 4005;
feeds = {
viator = {
title = "viator's phlog";
path = "/home/viator/gemini-public/feed/";
url = "gemini://informis.land/user/viator/feed/";
feeds = {
viator = {
title = "viator's phlog";
path = "/home/viator/gemini-public/feed/";
url = "gemini://informis.land/user/viator/feed/";
};
};
};
chute = {
enable = true;
stages = {
staging = {
package = pkgs.chuteUnstable;
credential-file = host-secrets.chute-staging-credentials.target-file;
currencies = {
btc.stop-percentile = 98;
};
};
};
};
};
@ -135,6 +150,12 @@ in {
target-file = "/run/heimdal/master-key";
user = config.fudo.auth.kdc.user;
};
chute-staging-credentials = {
source-file = files.service-secrets.procul."chute-staging.env";
target-file = "/run/chute/staging/credentials.env";
user = "root";
};
};
client.dns = {
@ -144,7 +165,14 @@ in {
external-interface = "extif0";
};
auth.kdc.master-key-file = secrets.heimdal-master-key.target-file;
services = {
auth = {
kerberos = {
state-directory = "/var/lib/kerberos";
master-key-file = host-secrets.heimdal-master-key.target-file;
};
};
};
secure-dns-proxy = {
enable = true;
@ -210,13 +238,13 @@ in {
enable = true;
ssl-certificate = cert-copy.full-certificate;
ssl-private-key = cert-copy.private-key;
keytab = secrets.postgres-keytab.target-file;
keytab = host-secrets.postgres-keytab.target-file;
local-networks = local-networks;
users = {
gituser = {
password-file =
secrets.gitea-database-password.target-file;
host-secrets.gitea-database-password.target-file;
databases = {
git = {
access = "CONNECT";
@ -242,7 +270,7 @@ in {
database = {
user = "gituser";
password-file =
secrets.gitea-database-password.target-file;
host-secrets.gitea-database-password.target-file;
hostname = "127.0.0.1";
name = "git";
};

59
config/service/dns.nix Normal file
View File

@ -0,0 +1,59 @@
{ config, lib, pkgs, ... }:
with lib;
let
hostname = config.instance.hostname;
domain-name = config.instance.local-domain;
domain = config.fudo.domains.${domain-name};
served-domain = domain.primary-nameserver != null;
is-primary-nameserver = hostname == domain.primary-nameserver;
primary-nameserver = domain.primary-nameserver;
primary-nameserver-ip = pkgs.lib.network.host-ipv4 config primary-nameserver;
in {
config = mkIf (served-domain) {
fudo.dns = {
enable = is-primary-nameserver;
identity = "${hostname}.${domain-name}.";
nameservers = {
ns1 = {
ipv4-address = primary-nameserver-ip;
description = "Primary ${domain-name} nameserver";
};
};
listen-ips = optionals is-primary-nameserver
(pkgs.lib.network.host-ips config hostname);
domains = {
${domain-name} = {
dnssec = true;
default-host = primary-nameserver-ip;
gssapi-realm = domain.gssapi-realm;
mx = optional (domain.primary-mailserver != null)
domain.primary-mailserver;
dmarc-report-address = "dmarc-report@${domain-name}";
zone-definition = let
zone = config.fudo.zones.${domain-name};
make-dns-srv-record = hostname: {
port = 53;
host = hostname;
};
in zone // {
srv-records = {
tcp.domain = map make-dns-srv-record [ "ns1.${domain-name}" ];
udp.domain = map make-dns-srv-record [ "ns1.${domain-name}" ];
};
};
};
};
};
};
}

43
config/service/fudo-auth.nix
View File

@ -3,7 +3,7 @@
with lib;
let
hostname = config.instance.hostname;
domain-name = config.instance.local-domain;
domain-name = config.fudo.services.auth.domain;
domain = config.fudo.domains.${domain-name};
ldap-server = elem hostname domain.ldap-servers;
@ -13,8 +13,18 @@ let
kerberized-domain = domain.kerberos-master != null;
optionalOrNull = pred: val: if pred then val else null;
cfg = config.fudo.services.auth;
in {
options.fudo.services.auth = with types; {
domain = mkOption {
type = str;
description = "Domain for which authentication server will operate.";
default = config.fudo.hosts.${hostname}.domain;
};
ldap = {
hostname = mkOption {
type = str;
@ -44,12 +54,17 @@ in {
type = str;
description = "Path (on the build server) to the KDC master key file.";
};
ipropd-keytab = mkOption {
type = nullOr str;
description = "ipropd keytab for kerberos database propagation.";
};
};
};
config.fudo = {
acme.host-domains.${hostname} = mkIf (ldap-server) {
${cfg.hostname}.local-copies.openldap = {
${cfg.ldap.hostname}.local-copies.openldap = {
user = config.services.openldap.user;
part-of = [ config.fudo.auth.ldap-server.systemd-target ];
};
@ -59,7 +74,7 @@ in {
ldap-server = mkIf (ldap-server)
(let
ldap-cert-copy =
config.fudo.acme.host-domains.${hostname}.${cfg.hostname}.local-copies.openldap;
config.fudo.acme.host-domains.${hostname}.${cfg.ldap.hostname}.local-copies.openldap;
in {
enable = ldap-server;
base = "dc=fudo,dc=org";
@ -72,7 +87,7 @@ in {
groups = config.fudo.groups;
system-users = config.fudo.system-users;
state-directory = "${cfg.state-directory}/ldap";
state-directory = "${cfg.ldap.state-directory}";
ssl-chain = ldap-cert-copy.chain;
ssl-certificate = ldap-cert-copy.certificate;
@ -86,9 +101,11 @@ in {
bind-addresses =
(pkgs.lib.network.host-ips config hostname) ++
[ "127.0.0.1" ] ++ (optional config.networking.enableIPv6 "::1");
state-directory = cfg.kerberos.state-directory;
master-key-file = cfg.kerberos.master-key-file;
master-config = mkIf (kerberos-master) {
acl = let
admin-entries = genAttrs cfg.local-admins
admin-entries = genAttrs config.instance.local-admins
(admin: {
perms = [ "add" "change-password" "list" ];
});
@ -98,7 +115,7 @@ in {
};
slave-config = mkIf (kerberos-slave) {
master-host = domain.kerberos-master;
# TODO: Provide the keytab yourself...
ipropd-keytab = cfg.kerberos.ipropd-keytab;
};
};
};
@ -124,16 +141,16 @@ in {
in {
zone-definition.srv-records = {
tcp = {
kerberos = map (create-srv-record 88) kerberos-servers;
kerberos-adm = map (create-srv-record 749) kerberos-masters;
ldap = map (create-srv-record 389) ldap-servers;
ldaps = map (create-srv-record 636) ldap-servers;
kerberos = map (make-srv-record 88) kerberos-servers;
kerberos-adm = map (make-srv-record 749) kerberos-masters;
ldap = map (make-srv-record 389) ldap-servers;
ldaps = map (make-srv-record 636) ldap-servers;
};
udp = {
kerberos = map (create-srv-record 88) kerberos-servers;
kerberos-master = map (create-srv-record 88) kerberos-masters;
kpasswd = map (create-srv-record 464) kerberos-masters;
kerberos = map (make-srv-record 88) kerberos-servers;
kerberos-master = map (make-srv-record 88) kerberos-masters;
kpasswd = map (make-srv-record 464) kerberos-masters;
};
};
};

2
config/service/jabber.nix
View File

@ -74,7 +74,7 @@ in {
site-config = {
auth_method = "ldap";
ldap_servers = cfg.ldap.servers;
ldap_port = 636;
ldap_port = 389;
ldap_rootdn = "cn=${cfg.ldap.user},dc=fudo,dc=org";
ldap_password = "__LDAP_PASSWORD__";
ldap_base = "ou=members,dc=fudo,dc=org";

362
flake.lock
View File

@ -1,5 +1,17 @@
{
"nodes": {
"blobs": {
"flake": false,
"locked": {
"narHash": "sha256-bzJh3skCEKFM7KO9N6icOJsRqXmjbSo1s8uNh3t9mYI=",
"path": "/state/secrets/blobs",
"type": "path"
},
"original": {
"path": "/state/secrets/blobs",
"type": "path"
}
},
"build-keypairs": {
"flake": false,
"locked": {
@ -24,6 +36,90 @@
"type": "path"
}
},
"chute": {
"inputs": {
"clj2nix": "clj2nix",
"gitignore": "gitignore",
"nixpkgs": "nixpkgs_2",
"utils": "utils_2"
},
"locked": {
"lastModified": 1639520373,
"narHash": "sha256-nJJpvdsL/D/gY8iFaacdoS9phz74wPh2Ta1fc/XfBMg=",
"ref": "stable",
"rev": "56438b1ee2856cb98781f4580a1c6cc0cc6e6f1e",
"revCount": 4,
"type": "git",
"url": "https://git.fudo.org/chute/chute.git"
},
"original": {
"ref": "stable",
"type": "git",
"url": "https://git.fudo.org/chute/chute.git"
}
},
"chuteUnstable": {
"inputs": {
"clj2nix": "clj2nix_2",
"gitignore": "gitignore_2",
"nixpkgs": "nixpkgs_4",
"utils": "utils_4"
},
"locked": {
"lastModified": 1639617108,
"narHash": "sha256-8lwF4kcf/pigrNIrR4JXdTTFTCxgKyVGsYppVEt1rII=",
"ref": "master",
"rev": "0845e2e7eb44aefe38e3ae80ac237fd851733737",
"revCount": 6,
"type": "git",
"url": "https://git.fudo.org/chute/chute.git"
},
"original": {
"ref": "master",
"type": "git",
"url": "https://git.fudo.org/chute/chute.git"
}
},
"clj2nix": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs",
"utils": "utils"
},
"locked": {
"lastModified": 1637900288,
"narHash": "sha256-hQdSCIm1WpG5uK9hoe/iagyYc3Fhi8PJzfo1jFBa53g=",
"owner": "hlolli",
"repo": "clj2nix",
"rev": "3d0a38c954c8e0926f57de1d80d357df05fc2f94",
"type": "github"
},
"original": {
"owner": "hlolli",
"repo": "clj2nix",
"type": "github"
}
},
"clj2nix_2": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": "nixpkgs_3",
"utils": "utils_3"
},
"locked": {
"lastModified": 1637900288,
"narHash": "sha256-hQdSCIm1WpG5uK9hoe/iagyYc3Fhi8PJzfo1jFBa53g=",
"owner": "hlolli",
"repo": "clj2nix",
"rev": "3d0a38c954c8e0926f57de1d80d357df05fc2f94",
"type": "github"
},
"original": {
"owner": "hlolli",
"repo": "clj2nix",
"type": "github"
}
},
"dnssec-keys": {
"flake": false,
"locked": {
@ -48,7 +144,7 @@
"explain-pause-mode": "explain-pause-mode",
"flake-utils": "flake-utils_2",
"nix-straight": "nix-straight",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_5",
"nose": "nose",
"ob-racket": "ob-racket",
"org": "org",
@ -213,6 +309,38 @@
"type": "path"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1627913399,
"narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1627913399,
"narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1638122382,
@ -252,11 +380,11 @@
]
},
"locked": {
"lastModified": 1639074482,
"narHash": "sha256-diaAXDKP89pdcmHV7sc/a4FAE7G4xL2qvKKcinI1K7g=",
"lastModified": 1639518935,
"narHash": "sha256-I3+jWNiGo6q3BtQHNgWK5aZ7K22L6YzNjQ5ZOfKgYwQ=",
"ref": "master",
"rev": "7c094f43c4009d9e4d3e2588f50d93ca054eeb9a",
"revCount": 18,
"rev": "ee5bede8e9766bbdf7b9f093d8eb3d1c2eb27caa",
"revCount": 24,
"type": "git",
"url": "https://git.fudo.org/fudo-nix/entities.git"
},
@ -275,11 +403,11 @@
]
},
"locked": {
"lastModified": 1639073015,
"narHash": "sha256-F9KuMZNZjyQx4+JxH8QWhtPQlCJCRscjvWknsxYWus4=",
"lastModified": 1639853480,
"narHash": "sha256-FV9LBcA/hh0DIBb7JzmcDjXDq6wJP46NALsMW0orfbc=",
"ref": "master",
"rev": "8ccd875d048ec7cad944a080a24d59d36b4f8cb8",
"revCount": 54,
"rev": "4954bd4e6c5d784740bee169aa7db7850fcfd5e0",
"revCount": 58,
"type": "git",
"url": "https://git.fudo.org/fudo-nix/home.git"
},
@ -305,17 +433,13 @@
},
"fudo-lib_2": {
"locked": {
"lastModified": 1638990149,
"narHash": "sha256-p1T0GMJXIJvTpVdn5nK7RZJX8izkabADJ/LsaL442zI=",
"ref": "master",
"rev": "c87448ff1365c3d5230690f68d1ba246652581d1",
"revCount": 24,
"type": "git",
"url": "https://git.fudo.org/fudo-nix/lib.git"
"narHash": "sha256-teWuZmwu300Yop8z9AT9Fz+kFb6ZimzDCXhg0iyB3mA=",
"path": "/state/fudo-lib",
"type": "path"
},
"original": {
"type": "git",
"url": "https://git.fudo.org/fudo-nix/lib.git"
"path": "/state/fudo-lib",
"type": "path"
}
},
"fudo-pkgs": {
@ -335,6 +459,7 @@
},
"fudo-secrets": {
"inputs": {
"blobs": "blobs",
"build-keypairs": "build-keypairs",
"build-seed": "build-seed",
"dnssec-keys": "dnssec-keys",
@ -343,10 +468,11 @@
"realm-master-keys": "realm-master-keys",
"service-keytabs": "service-keytabs",
"service-passwords": "service-passwords",
"service-secrets": "service-secrets",
"ssh-keypairs": "ssh-keypairs"
},
"locked": {
"narHash": "sha256-Q89s52d8KAMIbxh7aBoUwUTFAbgUBE5IaAIwd267k20=",
"narHash": "sha256-MHMKtDMz654T70gD5K+kP0CYnGsYlqO1J58fvs+GuNI=",
"path": "/state/secrets",
"type": "path"
},
@ -355,6 +481,48 @@
"type": "path"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"chute",
"nixpkgs"
]
},
"locked": {
"lastModified": 1635165013,
"narHash": "sha256-o/BdVjNwcB6jOmzZjOH703BesSkkS5O7ej3xhyO8hAY=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "5b9e0ff9d3b551234b4f3eb3983744fa354b17f1",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"chuteUnstable",
"nixpkgs"
]
},
"locked": {
"lastModified": 1635165013,
"narHash": "sha256-o/BdVjNwcB6jOmzZjOH703BesSkkS5O7ej3xhyO8hAY=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "5b9e0ff9d3b551234b4f3eb3983744fa354b17f1",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -380,7 +548,7 @@
"host-keytabs": {
"flake": false,
"locked": {
"narHash": "sha256-LzDfB9ubACWyQzjXzsPH6eNoESmSVcMFFb3V025Xgow=",
"narHash": "sha256-LAAZVfwD65yS6H7EcKmfiPXtLcfRQ80u3V4LFRjr7ko=",
"path": "/state/secrets/kerberos/host-keytabs",
"type": "path"
},
@ -392,11 +560,11 @@
"niten-doom-config": {
"flake": false,
"locked": {
"lastModified": 1633712607,
"narHash": "sha256-6PAw7Xvoj4JROeTqK1nhT2zv7bPpiQlm9t7H5HQ0f2k=",
"lastModified": 1639608722,
"narHash": "sha256-Ao+J7h/zE0X+G3frfxCkoY4hK7T1oNpTpwwv7n7pGaA=",
"ref": "master",
"rev": "0a4f8ce4121ba3d64d29b0d52733c08febfb83d8",
"revCount": 35,
"rev": "8be77a42d7669fa71287c58ebaf210159f198b50",
"revCount": 36,
"type": "git",
"url": "https://git.fudo.org/niten/doom-emacs.git"
},
@ -423,6 +591,66 @@
}
},
"nixpkgs": {
"locked": {
"lastModified": 1637881340,
"narHash": "sha256-/meU5CTm8GnaETZrJa0UqBQvk9T/jKp1+MLIQQ7FTTo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d460f48ddb884f7270b7f7bfcbf8a7b91140caa5",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1638196344,
"narHash": "sha256-fkOqSkfOkl8tqxDd+zJU4kAgyLXp/ouaP+U9gpjEZZs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2553aee74fed8c2205a4aeb3ffd206ca14ede60f",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-21.05",
"type": "indirect"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1637881340,
"narHash": "sha256-/meU5CTm8GnaETZrJa0UqBQvk9T/jKp1+MLIQQ7FTTo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d460f48ddb884f7270b7f7bfcbf8a7b91140caa5",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1638196344,
"narHash": "sha256-fkOqSkfOkl8tqxDd+zJU4kAgyLXp/ouaP+U9gpjEZZs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2553aee74fed8c2205a4aeb3ffd206ca14ede60f",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-21.05",
"type": "indirect"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1626852498,
"narHash": "sha256-lOXUJvi0FJUXHTVSiC5qsMRtEUgqM4mGZpMESLuGhmo=",
@ -437,13 +665,13 @@
"type": "indirect"
}
},
"nixpkgs_2": {
"nixpkgs_6": {
"locked": {
"lastModified": 1638922083,
"narHash": "sha256-IlQm69UmCfQBwccn+zZULwun0KRtdWFNYQ4jEA3VwW0=",
"lastModified": 1639611175,
"narHash": "sha256-13B6tgKXygEBWxwj9+vIjuWyzwNF1XPLjJiFAvE7A88=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe56507bd3063a30f3a741a45bf3ba74a91cfac2",
"rev": "6d684ea3adef590a2174f2723134e1ea377272d2",
"type": "github"
},
"original": {
@ -578,12 +806,14 @@
},
"root": {
"inputs": {
"chute": "chute",
"chuteUnstable": "chuteUnstable",
"fudo-entities": "fudo-entities",
"fudo-home": "fudo-home",
"fudo-lib": "fudo-lib_2",
"fudo-pkgs": "fudo-pkgs",
"fudo-secrets": "fudo-secrets",
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs_6"
}
},
"rotate-text": {
@ -605,7 +835,7 @@
"service-keytabs": {
"flake": false,
"locked": {
"narHash": "sha256-9lw22Gh1IDX+MtXMLi+o3XbjvqEhOiZQG9FiG/xz/U0=",
"narHash": "sha256-0gpaf5j/Uxy6HUXDLt0T7vg4Z2aic1IHhuNUO5IcOhY=",
"path": "/state/secrets/kerberos/service-keytabs",
"type": "path"
},
@ -626,6 +856,18 @@
"type": "path"
}
},
"service-secrets": {
"flake": false,
"locked": {
"narHash": "sha256-IfG9fX6qr+EKMfG6l/nzhrNYYXfKBtaNHHhiW6eCcGk=",
"path": "/state/secrets/service-secrets",
"type": "path"
},
"original": {
"path": "/state/secrets/service-secrets",
"type": "path"
}
},
"ssh-keypairs": {
"flake": false,
"locked": {
@ -637,6 +879,66 @@
"path": "/state/secrets/ssh-keypairs",
"type": "path"
}
},
"utils": {
"locked": {
"lastModified": 1637014545,
"narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_2": {
"locked": {
"lastModified": 1638122382,
"narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_3": {
"locked": {
"lastModified": 1637014545,
"narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_4": {
"locked": {
"lastModified": 1638122382,
"narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",

10
flake.nix
View File

@ -24,6 +24,10 @@
fudo-pkgs.url = "git+https://git.fudo.org/fudo-nix/pkgs.git";
fudo-secrets.url = "path:/state/secrets";
chute.url = "git+https://git.fudo.org/chute/chute.git?ref=stable";
chuteUnstable.url = "git+https://git.fudo.org/chute/chute.git?ref=master";
};
outputs = { self,
@ -33,6 +37,8 @@
fudo-entities,
fudo-pkgs,
fudo-secrets,
chute,
chuteUnstable,
... } @ inputs:
with nixpkgs.lib;
let
@ -53,6 +59,10 @@
overlays = [
fudo-lib.overlay
fudo-pkgs.overlay
(final: prev: {
chute = chute.packages.${arch}.chute;
chuteUnstable = chuteUnstable.packages.${arch}.chute;
})
];
};