diff --git a/config/host-config/plato.nix b/config/host-config/plato.nix index d519347..90380a4 100644 --- a/config/host-config/plato.nix +++ b/config/host-config/plato.nix @@ -5,56 +5,6 @@ let primary-ip = "10.0.0.21"; in { config = { - - boot.kernelParams = [ "nomodeset" ]; - - console.font = "VGA"; - - # fudo.secrets = { - # host-secrets.plato = { - # host-keytab = { - # source-file = /state/secrets/kerberos/plato.keytab; - # target-file = "/etc/krb5.keytab"; - # user = "root"; - # }; - # }; - - # secret-group = "fudo-secrets"; - # secret-users = [ "niten" ]; - # secret-paths = [ "/state/secrets" ]; - # }; - - systemd = let secrets-watcher-name = "secrets-ownership-fixer"; - in { - tmpfiles.rules = [ - "L /root/.gnupg - - - - /state/root/gnupg" - # "L /root/.emacs.d - - - - /state/root/emacs.d" - "L /root/.ssh/id_rsa - - - - /state/root/ssh/id_rsa" - "L /root/.ssh/id_rsa.pub - - - - /state/root/ssh/id_rsa.pub" - "L /root/.ssh/known_hosts - - - - /state/root/ssh/known_hosts" - "L /etc/ssh/ssh_host_ed25519_key - - - - /state/ssh/ssh_host_ed25519_key" - "L /etc/ssh/ssh_host_rsa_key - - - - /state/ssh/ssh_host_rsa_key" - ]; - }; - - environment.etc = { - nixos.source = "/state/nixos"; - adjtime.source = "/state/etc/adjtime"; - NIXOS.source = "/state/etc/NIXOS"; - "host-config.nix".source = "/state/etc/host-config.nix"; - }; - - system.stateVersion = "20.09"; - - boot.initrd.postDeviceCommands = lib.mkAfter '' - ${pkgs.zfs}/bin/zfs rollback -r zroot/transient/root@blank - ''; - - security.sudo.extraConfig = '' - # rollback results in sudo lectures after each reboot - Defaults lecture = never - ''; - networking = { defaultGateway = { address = "10.0.0.1"; @@ -72,6 +22,42 @@ in { }; }; + # boot.kernelParams = [ "nomodeset" ]; + # console.font = "VGA"; + + systemd.tmpfiles.rules = [ + "L /root/.gnupg - - - - /state/root/gnupg" + # "L /root/.emacs.d - - - - /state/root/emacs.d" + "L /root/.ssh/id_rsa - - - - /state/root/ssh/id_rsa" + "L /root/.ssh/id_rsa.pub - - - - /state/root/ssh/id_rsa.pub" + "L /root/.ssh/known_hosts - - - - /state/root/ssh/known_hosts" + "L /etc/ssh/ssh_host_ed25519_key - - - - /state/ssh/ssh_host_ed25519_key" + "L /etc/ssh/ssh_host_rsa_key - - - - /state/ssh/ssh_host_rsa_key" + ]; + + environment = { + systemPackages = with pkgs; [ + nixops + ]; + etc = { + nixos.source = "/state/nixos"; + adjtime.source = "/state/etc/adjtime"; + NIXOS.source = "/state/etc/NIXOS"; + "host-config.nix".source = "/state/etc/host-config.nix"; + }; + }; + + system.stateVersion = "20.09"; + + boot.initrd.postDeviceCommands = lib.mkAfter '' + ${pkgs.zfs}/bin/zfs rollback -r zroot/transient/root@blank + ''; + + security.sudo.extraConfig = '' + # rollback results in sudo lectures after each reboot + Defaults lecture = never + ''; + services = { openssh = { hostKeys = [ diff --git a/config/host-config/socrates.nix b/config/host-config/socrates.nix index 928720a..162e20d 100644 --- a/config/host-config/socrates.nix +++ b/config/host-config/socrates.nix @@ -35,11 +35,16 @@ in { "L /root/.ssh/known_hosts - - - - /state/root/ssh/known_hosts" ]; - environment.etc = { - nixos.source = "/state/nixos"; - adjtime.source = "/state/etc/adjtime"; - NIXOS.source = "/state/etc/NIXOS"; - "host-config.nix".source = "/state/etc/host-config.nix"; + environment = { + systemPackages = with pkgs; [ + nixopsUnstable + ]; + + etc = { + nixos.source = "/state/nixos"; + adjtime.source = "/state/etc/adjtime"; + NIXOS.source = "/state/etc/NIXOS"; + }; }; system.stateVersion = "21.05"; diff --git a/config/profile-config/common-ui.nix b/config/profile-config/common-ui.nix index 5a512f5..b33031a 100644 --- a/config/profile-config/common-ui.nix +++ b/config/profile-config/common-ui.nix @@ -82,59 +82,59 @@ in { #fontconfig.subpixel.lcdfilter = "default"; fonts = with pkgs; [ - cantarell_fonts - dejavu_fonts - dina-font - dosemu_fonts - fira-code - fira-code-symbols - freefont_ttf - liberation_ttf - mplus-outline-fonts - nerdfonts - noto-fonts - noto-fonts-cjk - noto-fonts-emoji - proggyfonts - terminus_font - ubuntu_font_family - ucsFonts - ultimate-oldschool-pc-font-pack - unifont - xorg.fontadobe100dpi - xorg.fontadobe75dpi - xorg.fontadobeutopia100dpi - xorg.fontadobeutopia75dpi - xorg.fontadobeutopiatype1 - xorg.fontarabicmisc - xorg.fontbh100dpi - xorg.fontbh75dpi - xorg.fontbhlucidatypewriter100dpi - xorg.fontbhlucidatypewriter75dpi - xorg.fontbhttf - xorg.fontbhtype1 - xorg.fontbitstream100dpi - xorg.fontbitstream75dpi - xorg.fontbitstreamtype1 - xorg.fontcronyxcyrillic - xorg.fontcursormisc - xorg.fontdaewoomisc - xorg.fontdecmisc - xorg.fontibmtype1 - xorg.fontisasmisc - xorg.fontjismisc - xorg.fontmicromisc - xorg.fontmisccyrillic - xorg.fontmiscethiopic - xorg.fontmiscmeltho - xorg.fontmiscmisc - xorg.fontmuttmisc - xorg.fontschumachermisc - xorg.fontscreencyrillic - xorg.fontsonymisc - xorg.fontsunmisc - xorg.fontwinitzkicyrillic - xorg.fontxfree86type1 + # cantarell_fonts + # dejavu_fonts + # dina-font + # dosemu_fonts + # fira-code + # fira-code-symbols + # freefont_ttf + # liberation_ttf + # mplus-outline-fonts + # nerdfonts + # noto-fonts + # noto-fonts-cjk + # noto-fonts-emoji + # proggyfonts + # terminus_font + # ubuntu_font_family + # ucsFonts + # ultimate-oldschool-pc-font-pack + # unifont + # xorg.fontadobe100dpi + # xorg.fontadobe75dpi + # xorg.fontadobeutopia100dpi + # xorg.fontadobeutopia75dpi + # xorg.fontadobeutopiatype1 + # xorg.fontarabicmisc + # xorg.fontbh100dpi + # xorg.fontbh75dpi + # xorg.fontbhlucidatypewriter100dpi + # xorg.fontbhlucidatypewriter75dpi + # xorg.fontbhttf + # xorg.fontbhtype1 + # xorg.fontbitstream100dpi + # xorg.fontbitstream75dpi + # xorg.fontbitstreamtype1 + # xorg.fontcronyxcyrillic + # xorg.fontcursormisc + # xorg.fontdaewoomisc + # xorg.fontdecmisc + # xorg.fontibmtype1 + # xorg.fontisasmisc + # xorg.fontjismisc + # xorg.fontmicromisc + # xorg.fontmisccyrillic + # xorg.fontmiscethiopic + # xorg.fontmiscmeltho + # xorg.fontmiscmisc + # xorg.fontmuttmisc + # xorg.fontschumachermisc + # xorg.fontscreencyrillic + # xorg.fontsonymisc + # xorg.fontsunmisc + # xorg.fontwinitzkicyrillic + # xorg.fontxfree86type1 ]; }; } diff --git a/initialize.nix b/initialize.nix index 91c6a39..076b6e6 100644 --- a/initialize.nix +++ b/initialize.nix @@ -19,9 +19,6 @@ in { config = { instance = { inherit hostname build-timestamp; - local-site = site; - local-domain = domain; - local-profile = profile; }; }; } diff --git a/lib/default.nix b/lib/default.nix index ace0f0b..f48fb3f 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -11,6 +11,7 @@ with lib; { ./fudo/backplane ./fudo/chat.nix ./fudo/client/dns.nix + ./fudo/deploy.nix ./fudo/distributed-builds.nix ./fudo/dns.nix ./fudo/domains.nix diff --git a/lib/fudo/backplane/dns.nix b/lib/fudo/backplane/dns.nix index 9b20319..009f6e8 100644 --- a/lib/fudo/backplane/dns.nix +++ b/lib/fudo/backplane/dns.nix @@ -1,3 +1,4 @@ + { config, pkgs, lib, ... }: with lib; diff --git a/lib/fudo/deploy.nix b/lib/fudo/deploy.nix index 978e21f..522ce4d 100644 --- a/lib/fudo/deploy.nix +++ b/lib/fudo/deploy.nix @@ -6,7 +6,8 @@ let in { config = { - users.usersroot.openssh.authorizedKeys.keys = mkIf (site-cfg.deploy-pubkeys != null) - site-cfg.deploy-pubkeys; + users.users.root.openssh.authorizedKeys.keys = + mkIf (site-cfg.deploy-pubkeys != null) + site-cfg.deploy-pubkeys; }; } diff --git a/lib/instance.nix b/lib/instance.nix index 1ef9048..f306f7c 100644 --- a/lib/instance.nix +++ b/lib/instance.nix @@ -22,6 +22,11 @@ in { description = "Domain name of the current local host."; }; + local-profile = mkOption { + type = str; + description = "Profile name of the current local host."; + }; + local-site = mkOption { type = str; description = "Site name of the current local host."; @@ -58,18 +63,20 @@ in { local-domain = config.fudo.hosts.${local-host}.domain; local-site = config.fudo.hosts.${local-host}.site; - host-user-list = config.fudo.hosts."${local-host}".local-users; + host = config.fudo.hosts.${local-host}; + + host-user-list = host.local-users; domain-user-list = config.fudo.domains."${local-domain}".local-users; site-user-list = config.fudo.sites."${local-site}".local-users; local-users = getAttrs (host-user-list ++ domain-user-list ++ site-user-list) config.fudo.users; - host-admin-list = config.fudo.hosts."${local-host}".local-admins; + host-admin-list = host.local-admins; domain-admin-list = config.fudo.domains."${local-domain}".local-admins; site-admin-list = config.fudo.sites."${local-site}".local-admins; local-admins = host-admin-list ++ domain-admin-list ++ site-admin-list; - host-group-list = config.fudo.hosts."${local-host}".local-groups; + host-group-list = host.local-groups; domain-group-list = config.fudo.domains."${local-domain}".local-groups; site-group-list = config.fudo.sites."${local-site}".local-groups; local-groups = @@ -86,6 +93,7 @@ in { local-admins = local-admins; local-groups = local-groups; local-hosts = local-hosts; + local-profile = host.profile; }; }; }