Merged with unhead changes

2021-10-11 15:04:51 -07:00 · 2021-10-11 15:04:51 -07:00 · 8736fba4ec
parent a323dbdd9c fbede93934
commit 8736fba4ec
8 changed files with 115 additions and 116 deletions
--- a/config/host-config/plato.nix
+++ b/config/host-config/plato.nix
@ -5,56 +5,6 @@ let primary-ip = "10.0.0.21";

 in {
  config = {
-
-    boot.kernelParams = [ "nomodeset" ];
-
-    console.font = "VGA";
-
-    # fudo.secrets = {
-    #   host-secrets.plato = {
-    #     host-keytab = {
-    #       source-file = /state/secrets/kerberos/plato.keytab;
-    #       target-file = "/etc/krb5.keytab";
-    #       user = "root";
-    #     };
-    #   };
-
-    #   secret-group = "fudo-secrets";
-    #   secret-users = [ "niten" ];
-    #   secret-paths = [ "/state/secrets" ];
-    # };
-
-    systemd = let secrets-watcher-name = "secrets-ownership-fixer";
-    in {
-      tmpfiles.rules = [
-        "L /root/.gnupg - - - - /state/root/gnupg"
-        # "L /root/.emacs.d - - - - /state/root/emacs.d"
-        "L /root/.ssh/id_rsa - - - - /state/root/ssh/id_rsa"
-        "L /root/.ssh/id_rsa.pub - - - - /state/root/ssh/id_rsa.pub"
-        "L /root/.ssh/known_hosts - - - - /state/root/ssh/known_hosts"
-        "L /etc/ssh/ssh_host_ed25519_key - - - - /state/ssh/ssh_host_ed25519_key"
-        "L /etc/ssh/ssh_host_rsa_key - - - - /state/ssh/ssh_host_rsa_key"
-      ];
-    };
-
-    environment.etc = {
-      nixos.source = "/state/nixos";
-      adjtime.source = "/state/etc/adjtime";
-      NIXOS.source = "/state/etc/NIXOS";
-      "host-config.nix".source = "/state/etc/host-config.nix";
-    };
-
-    system.stateVersion = "20.09";
-
-    boot.initrd.postDeviceCommands = lib.mkAfter ''
-      ${pkgs.zfs}/bin/zfs rollback -r zroot/transient/root@blank
-    '';
-
-    security.sudo.extraConfig = ''
-      # rollback results in sudo lectures after each reboot
-      Defaults lecture = never
-    '';
-
    networking = {
      defaultGateway = {
        address = "10.0.0.1";
@ -72,6 +22,42 @@ in {
      };
    };

+    # boot.kernelParams = [ "nomodeset" ];
+    # console.font = "VGA";
+
+    systemd.tmpfiles.rules = [
+      "L /root/.gnupg - - - - /state/root/gnupg"
+      # "L /root/.emacs.d - - - - /state/root/emacs.d"
+      "L /root/.ssh/id_rsa - - - - /state/root/ssh/id_rsa"
+      "L /root/.ssh/id_rsa.pub - - - - /state/root/ssh/id_rsa.pub"
+      "L /root/.ssh/known_hosts - - - - /state/root/ssh/known_hosts"
+      "L /etc/ssh/ssh_host_ed25519_key - - - - /state/ssh/ssh_host_ed25519_key"
+      "L /etc/ssh/ssh_host_rsa_key - - - - /state/ssh/ssh_host_rsa_key"
+    ];
+
+    environment = {
+      systemPackages = with pkgs; [
+        nixops
+      ];
+      etc = {
+        nixos.source = "/state/nixos";
+        adjtime.source = "/state/etc/adjtime";
+        NIXOS.source = "/state/etc/NIXOS";
+        "host-config.nix".source = "/state/etc/host-config.nix";
+      };
+    };
+
+    system.stateVersion = "20.09";
+
+    boot.initrd.postDeviceCommands = lib.mkAfter ''
+      ${pkgs.zfs}/bin/zfs rollback -r zroot/transient/root@blank
+    '';
+
+    security.sudo.extraConfig = ''
+      # rollback results in sudo lectures after each reboot
+      Defaults lecture = never
+    '';
+
    services = {
      openssh = {
        hostKeys = [
--- a/config/host-config/socrates.nix
+++ b/config/host-config/socrates.nix
@ -35,11 +35,16 @@ in {
      "L /root/.ssh/known_hosts - - - - /state/root/ssh/known_hosts"
    ];

-    environment.etc = {
-      nixos.source = "/state/nixos";
-      adjtime.source = "/state/etc/adjtime";
-      NIXOS.source = "/state/etc/NIXOS";
-      "host-config.nix".source = "/state/etc/host-config.nix";
+    environment = {
+      systemPackages = with pkgs; [
+        nixopsUnstable
+      ];
+
+      etc = {
+        nixos.source = "/state/nixos";
+        adjtime.source = "/state/etc/adjtime";
+        NIXOS.source = "/state/etc/NIXOS";
+      };
    };

    system.stateVersion = "21.05";
--- a/config/profile-config/common-ui.nix
+++ b/config/profile-config/common-ui.nix
@ -82,59 +82,59 @@ in {
    #fontconfig.subpixel.lcdfilter = "default";

    fonts = with pkgs; [
-      cantarell_fonts
-      dejavu_fonts
-      dina-font
-      dosemu_fonts
-      fira-code
-      fira-code-symbols
-      freefont_ttf
-      liberation_ttf
-      mplus-outline-fonts
-      nerdfonts
-      noto-fonts
-      noto-fonts-cjk
-      noto-fonts-emoji
-      proggyfonts
-      terminus_font
-      ubuntu_font_family
-      ucsFonts
-      ultimate-oldschool-pc-font-pack
-      unifont
-      xorg.fontadobe100dpi
-      xorg.fontadobe75dpi
-      xorg.fontadobeutopia100dpi
-      xorg.fontadobeutopia75dpi
-      xorg.fontadobeutopiatype1
-      xorg.fontarabicmisc
-      xorg.fontbh100dpi
-      xorg.fontbh75dpi
-      xorg.fontbhlucidatypewriter100dpi
-      xorg.fontbhlucidatypewriter75dpi
-      xorg.fontbhttf
-      xorg.fontbhtype1
-      xorg.fontbitstream100dpi
-      xorg.fontbitstream75dpi
-      xorg.fontbitstreamtype1
-      xorg.fontcronyxcyrillic
-      xorg.fontcursormisc
-      xorg.fontdaewoomisc
-      xorg.fontdecmisc
-      xorg.fontibmtype1
-      xorg.fontisasmisc
-      xorg.fontjismisc
-      xorg.fontmicromisc
-      xorg.fontmisccyrillic
-      xorg.fontmiscethiopic
-      xorg.fontmiscmeltho
-      xorg.fontmiscmisc
-      xorg.fontmuttmisc
-      xorg.fontschumachermisc
-      xorg.fontscreencyrillic
-      xorg.fontsonymisc
-      xorg.fontsunmisc
-      xorg.fontwinitzkicyrillic
-      xorg.fontxfree86type1
+      # cantarell_fonts
+      # dejavu_fonts
+      # dina-font
+      # dosemu_fonts
+      # fira-code
+      # fira-code-symbols
+      # freefont_ttf
+      # liberation_ttf
+      # mplus-outline-fonts
+      # nerdfonts
+      # noto-fonts
+      # noto-fonts-cjk
+      # noto-fonts-emoji
+      # proggyfonts
+      # terminus_font
+      # ubuntu_font_family
+      # ucsFonts
+      # ultimate-oldschool-pc-font-pack
+      # unifont
+      # xorg.fontadobe100dpi
+      # xorg.fontadobe75dpi
+      # xorg.fontadobeutopia100dpi
+      # xorg.fontadobeutopia75dpi
+      # xorg.fontadobeutopiatype1
+      # xorg.fontarabicmisc
+      # xorg.fontbh100dpi
+      # xorg.fontbh75dpi
+      # xorg.fontbhlucidatypewriter100dpi
+      # xorg.fontbhlucidatypewriter75dpi
+      # xorg.fontbhttf
+      # xorg.fontbhtype1
+      # xorg.fontbitstream100dpi
+      # xorg.fontbitstream75dpi
+      # xorg.fontbitstreamtype1
+      # xorg.fontcronyxcyrillic
+      # xorg.fontcursormisc
+      # xorg.fontdaewoomisc
+      # xorg.fontdecmisc
+      # xorg.fontibmtype1
+      # xorg.fontisasmisc
+      # xorg.fontjismisc
+      # xorg.fontmicromisc
+      # xorg.fontmisccyrillic
+      # xorg.fontmiscethiopic
+      # xorg.fontmiscmeltho
+      # xorg.fontmiscmisc
+      # xorg.fontmuttmisc
+      # xorg.fontschumachermisc
+      # xorg.fontscreencyrillic
+      # xorg.fontsonymisc
+      # xorg.fontsunmisc
+      # xorg.fontwinitzkicyrillic
+      # xorg.fontxfree86type1
    ];
  };
 }
--- a/initialize.nix
+++ b/initialize.nix
@ -19,9 +19,6 @@ in {
  config = {
    instance = {
      inherit hostname build-timestamp;
-      local-site = site;
-      local-domain = domain;
-      local-profile = profile;
    };
  };
 }
--- a/lib/default.nix
+++ b/lib/default.nix
@ -11,6 +11,7 @@ with lib; {
    ./fudo/backplane
    ./fudo/chat.nix
    ./fudo/client/dns.nix
+    ./fudo/deploy.nix
    ./fudo/distributed-builds.nix
    ./fudo/dns.nix
    ./fudo/domains.nix
--- a/lib/fudo/backplane/dns.nix
+++ b/lib/fudo/backplane/dns.nix
@ -1,3 +1,4 @@
+
 { config, pkgs, lib, ... }:

 with lib;
--- a/lib/fudo/deploy.nix
+++ b/lib/fudo/deploy.nix
@ -6,7 +6,8 @@ let

 in {
  config = {
-    users.usersroot.openssh.authorizedKeys.keys = mkIf (site-cfg.deploy-pubkeys != null)
-      site-cfg.deploy-pubkeys;
+    users.users.root.openssh.authorizedKeys.keys =
+      mkIf (site-cfg.deploy-pubkeys != null)
+        site-cfg.deploy-pubkeys;
  };
 }
--- a/lib/instance.nix
+++ b/lib/instance.nix
@ -22,6 +22,11 @@ in {
      description = "Domain name of the current local host.";
    };

+    local-profile = mkOption {
+      type = str;
+      description = "Profile name of the current local host.";
+    };
+
    local-site = mkOption {
      type = str;
      description = "Site name of the current local host.";
@ -58,18 +63,20 @@ in {
    local-domain = config.fudo.hosts.${local-host}.domain;
    local-site = config.fudo.hosts.${local-host}.site;

-    host-user-list = config.fudo.hosts."${local-host}".local-users;
+    host = config.fudo.hosts.${local-host};
+
+    host-user-list = host.local-users;
    domain-user-list = config.fudo.domains."${local-domain}".local-users;
    site-user-list = config.fudo.sites."${local-site}".local-users;
    local-users =
      getAttrs (host-user-list ++ domain-user-list ++ site-user-list) config.fudo.users;

-    host-admin-list = config.fudo.hosts."${local-host}".local-admins;
+    host-admin-list = host.local-admins;
    domain-admin-list = config.fudo.domains."${local-domain}".local-admins;
    site-admin-list = config.fudo.sites."${local-site}".local-admins;
    local-admins = host-admin-list ++ domain-admin-list ++ site-admin-list;

-    host-group-list = config.fudo.hosts."${local-host}".local-groups;
+    host-group-list = host.local-groups;
    domain-group-list = config.fudo.domains."${local-domain}".local-groups;
    site-group-list = config.fudo.sites."${local-site}".local-groups;
    local-groups =
@ -86,6 +93,7 @@ in {
      local-admins = local-admins;
      local-groups = local-groups;
      local-hosts = local-hosts;
+      local-profile = host.profile;
    };
  };
 }