Upgrade to 22.05 (and much else)
This commit is contained in:
parent
e9e61e24d4
commit
a4ba216d71
|
@ -84,65 +84,65 @@ in {
|
|||
Defaults lecture = never
|
||||
'';
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedGzipSettings = true;
|
||||
# services.nginx = {
|
||||
# enable = true;
|
||||
# recommendedOptimisation = true;
|
||||
# recommendedProxySettings = true;
|
||||
# recommendedGzipSettings = true;
|
||||
|
||||
virtualHosts."home.sea.fudo.org" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString home-assistant-port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
# virtualHosts."home.sea.fudo.org" = {
|
||||
# locations."/" = {
|
||||
# proxyPass = "http://localhost:${toString home-assistant-port}";
|
||||
# proxyWebsockets = true;
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
|
||||
virtualisation = {
|
||||
docker = {
|
||||
enable = true;
|
||||
enableOnBoot = true;
|
||||
autoPrune = { enable = true; };
|
||||
};
|
||||
# virtualisation = {
|
||||
# docker = {
|
||||
# enable = true;
|
||||
# enableOnBoot = true;
|
||||
# autoPrune = { enable = true; };
|
||||
# };
|
||||
|
||||
oci-containers = {
|
||||
backend = "docker";
|
||||
containers = {
|
||||
home-assistant = {
|
||||
image = "homeassistant/home-assistant:stable";
|
||||
autoStart = true;
|
||||
environment.TZ = config.time.timeZone;
|
||||
# ports = [ "${toString home-assistant-port}:8123" ];
|
||||
volumes = [ "/state/services/home-assistant:/config" ];
|
||||
extraOptions = [ "--network=host" "--device=/dev/ttyACM0" ];
|
||||
};
|
||||
# oci-containers = {
|
||||
# backend = "docker";
|
||||
# containers = {
|
||||
# home-assistant = {
|
||||
# image = "homeassistant/home-assistant:stable";
|
||||
# autoStart = true;
|
||||
# environment.TZ = config.time.timeZone;
|
||||
# # ports = [ "${toString home-assistant-port}:8123" ];
|
||||
# volumes = [ "/state/services/home-assistant:/config" ];
|
||||
# extraOptions = [ "--network=host" "--device=/dev/ttyACM0" ];
|
||||
# };
|
||||
|
||||
# shinobi = {
|
||||
# image = "shinobisystems/shinobi:latest";
|
||||
# ports = [ "${shinobi-port}:8080" ];
|
||||
# volumes = [
|
||||
# "/state/shinobi/plugins:/home/Shinobi/plugins"
|
||||
# "/state/shinobi/config:/home/Shinobi/config"
|
||||
# "/state/shinobi/videos:/home/Shinobi/videos"
|
||||
# "/state/shinobi/db-data:/var/lib/mysql"
|
||||
# "/etc/localtime:/etc/localtime:ro"
|
||||
# ];
|
||||
# };
|
||||
# # shinobi = {
|
||||
# # image = "shinobisystems/shinobi:latest";
|
||||
# # ports = [ "${shinobi-port}:8080" ];
|
||||
# # volumes = [
|
||||
# # "/state/shinobi/plugins:/home/Shinobi/plugins"
|
||||
# # "/state/shinobi/config:/home/Shinobi/config"
|
||||
# # "/state/shinobi/videos:/home/Shinobi/videos"
|
||||
# # "/state/shinobi/db-data:/var/lib/mysql"
|
||||
# # "/etc/localtime:/etc/localtime:ro"
|
||||
# # ];
|
||||
# # };
|
||||
|
||||
# shinobi-od = {
|
||||
# image = "shinobisystems/shinobi-tensorflow:latest";
|
||||
# volumes =
|
||||
# [ "/srv/shinobi/od-config:/home/Shinobi/docker-plugins/tensorflow" ];
|
||||
# ports = [ "${shinobi-od-port}:8082" ];
|
||||
# environment = {
|
||||
# PLUGIN_HOST = "panopticon.sea.fudo.org";
|
||||
# PLUGIN_PORT = shinobi-port;
|
||||
# PLUGIN_KEY = "30sWllylOxsDcE4vQXEPaXNfe5DiB3";
|
||||
# };
|
||||
# };
|
||||
# # shinobi-od = {
|
||||
# # image = "shinobisystems/shinobi-tensorflow:latest";
|
||||
# # volumes =
|
||||
# # [ "/srv/shinobi/od-config:/home/Shinobi/docker-plugins/tensorflow" ];
|
||||
# # ports = [ "${shinobi-od-port}:8082" ];
|
||||
# # environment = {
|
||||
# # PLUGIN_HOST = "panopticon.sea.fudo.org";
|
||||
# # PLUGIN_PORT = shinobi-port;
|
||||
# # PLUGIN_KEY = "30sWllylOxsDcE4vQXEPaXNfe5DiB3";
|
||||
# # };
|
||||
# # };
|
||||
|
||||
# photoprism = { image = "photoprism/photoprism"; };
|
||||
};
|
||||
};
|
||||
};
|
||||
# # photoprism = { image = "photoprism/photoprism"; };
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
}
|
||||
|
|
|
@ -31,9 +31,7 @@ in {
|
|||
|
||||
security.acme.email = "admin@legatus.fudo.org";
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"L /etc/adjtime - - - - /state/etc/adjtime"
|
||||
];
|
||||
systemd.tmpfiles.rules = [ "L /etc/adjtime - - - - /state/etc/adjtime" ];
|
||||
|
||||
environment.systemPackages = local-packages;
|
||||
|
||||
|
@ -57,7 +55,7 @@ in {
|
|||
# # };
|
||||
# };
|
||||
|
||||
fudo = {
|
||||
fudo = {
|
||||
hosts.legatus.external-interfaces = [ "extif0" ];
|
||||
|
||||
services = {
|
||||
|
@ -69,10 +67,14 @@ in {
|
|||
ipropd-keytab = host-secrets.heimdal-ipropd-keytab.target-file;
|
||||
};
|
||||
};
|
||||
|
||||
chat = {
|
||||
state-directory = "/state/services/chat";
|
||||
external-interface = "extif0";
|
||||
};
|
||||
};
|
||||
|
||||
secrets.host-secrets.legatus = let
|
||||
files = config.fudo.secrets.files;
|
||||
secrets.host-secrets.legatus = let files = config.fudo.secrets.files;
|
||||
in {
|
||||
# postgres-keytab = {
|
||||
# source-file = files.service-keytabs.procul.postgres;
|
||||
|
|
|
@ -24,20 +24,24 @@ in {
|
|||
# Hopefully this'll help with NFS...
|
||||
boot.kernelModules = [ "rpcsec_gss_krb5" ];
|
||||
|
||||
services.nfs = {
|
||||
# See ../user-config.nix for the user@REALM -> user mapping
|
||||
server = {
|
||||
enable = true;
|
||||
createMountPoints = false;
|
||||
exports = let
|
||||
exportList = [
|
||||
"/export/documents 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=10,sec=krb5p)"
|
||||
"/export/downloads 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=11,sec=krb5i)"
|
||||
"/export/projects 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=12,sec=krb5p)"
|
||||
];
|
||||
in ''
|
||||
${concatStringsSep "\n" exportList}
|
||||
'';
|
||||
services = {
|
||||
murmur.enable = true;
|
||||
|
||||
nfs = {
|
||||
# See ../user-config.nix for the user@REALM -> user mapping
|
||||
server = {
|
||||
enable = true;
|
||||
createMountPoints = false;
|
||||
exports = let
|
||||
exportList = [
|
||||
"/export/documents 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=10,sec=krb5p)"
|
||||
"/export/downloads 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=11,sec=krb5i)"
|
||||
"/export/projects 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=12,sec=krb5p)"
|
||||
];
|
||||
in ''
|
||||
${concatStringsSep "\n" exportList}
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -12,8 +12,7 @@ let
|
|||
site = config.fudo.sites.${site-name};
|
||||
host-fqdn = "${hostname}.${domain-name}";
|
||||
|
||||
local-networks =
|
||||
domain.local-networks ++ site.local-networks;
|
||||
local-networks = domain.local-networks ++ site.local-networks;
|
||||
|
||||
local-packages = with pkgs; [ ldns.examples ];
|
||||
|
||||
|
@ -23,10 +22,9 @@ let
|
|||
|
||||
host-certs = config.fudo.acme.host-domains.${hostname};
|
||||
|
||||
grafana-database-password =
|
||||
pkgs.lib.passwd.stablerandom-passwd-file
|
||||
"grafana-database-password-${hostname}"
|
||||
"grafana-database-password-${hostname}-${config.instance.build-seed}";
|
||||
grafana-database-password = pkgs.lib.passwd.stablerandom-passwd-file
|
||||
"grafana-database-password-${hostname}"
|
||||
"grafana-database-password-${hostname}-${config.instance.build-seed}";
|
||||
|
||||
in {
|
||||
networking = {
|
||||
|
@ -136,8 +134,7 @@ in {
|
|||
# };
|
||||
};
|
||||
|
||||
secrets.host-secrets.procul = let
|
||||
files = config.fudo.secrets.files;
|
||||
secrets.host-secrets.procul = let files = config.fudo.secrets.files;
|
||||
in {
|
||||
# postgres-keytab = {
|
||||
# source-file = files.service-keytabs.procul.postgres;
|
||||
|
@ -199,9 +196,7 @@ in {
|
|||
allowed-networks = [ "1.1.1.1/32" "1.0.0.1/32" "localhost" "link-local" ];
|
||||
};
|
||||
|
||||
services.mail-server = {
|
||||
state-directory = "/srv/mailserver";
|
||||
};
|
||||
services.mail-server = { state-directory = "/srv/mailserver"; };
|
||||
|
||||
# mail-server = {
|
||||
# enable = true;
|
||||
|
@ -257,6 +252,7 @@ in {
|
|||
state-directory = "/var/lib/kerberos";
|
||||
master-key-file = host-secrets.heimdal-master-key.target-file;
|
||||
};
|
||||
ldap.state-directory = "/state/services/ldap";
|
||||
};
|
||||
dns.zones."informis.land" = {
|
||||
enable = true;
|
||||
|
@ -303,8 +299,7 @@ in {
|
|||
};
|
||||
|
||||
gituser = {
|
||||
password-file =
|
||||
host-secrets.postgres-gitea-password.target-file;
|
||||
password-file = host-secrets.postgres-gitea-password.target-file;
|
||||
databases = {
|
||||
git = {
|
||||
access = "CONNECT";
|
||||
|
@ -332,8 +327,7 @@ in {
|
|||
state-dir = "/srv/git/state";
|
||||
database = {
|
||||
user = "gituser";
|
||||
password-file =
|
||||
host-secrets.gitea-database-password.target-file;
|
||||
password-file = host-secrets.gitea-database-password.target-file;
|
||||
hostname = "127.0.0.1";
|
||||
name = "git";
|
||||
};
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
with lib;
|
||||
let
|
||||
hostname = "wormhole0";
|
||||
primary-ip = "10.0.0.3";
|
||||
state-dir = "/state";
|
||||
zigbee2mqtt-statedir = "${state-dir}/services/zigbee2mqtt";
|
||||
|
@ -13,19 +14,17 @@ let
|
|||
mosquitto-user = config.systemd.services.mosquitto.serviceConfig.User;
|
||||
|
||||
zigbee2mqtt-passwd-file =
|
||||
pkgs.lib.passwd.random-passwd-file "zigbee2mqtt-passwd" 20;
|
||||
|
||||
home-assistant-passwd-file =
|
||||
pkgs.lib.passwd.stablerandom-passwd-file "home-assistant-passwd"
|
||||
pkgs.lib.passwd.stablerandom-passwd-file "zigbee2mqtt-passwd"
|
||||
config.instance.build-seed;
|
||||
|
||||
host-secrets = config.fudo.secrets.host-secrets.wormhole0;
|
||||
host-secrets = config.fudo.secrets.host-secrets.${hostname};
|
||||
host-passwds = config.fudo.secrets.files.service-passwords.${hostname};
|
||||
|
||||
in {
|
||||
boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; };
|
||||
|
||||
networking = {
|
||||
hostName = "wormhole0";
|
||||
hostName = hostname;
|
||||
|
||||
firewall.enable = false;
|
||||
|
||||
|
@ -55,17 +54,27 @@ in {
|
|||
dhcpcd.extraConfig = concatStringsSep "\n" [ "nogateway" ];
|
||||
};
|
||||
|
||||
fudo.secrets.host-secrets.wormhole0 = {
|
||||
fudo.secrets.host-secrets.${hostname} = {
|
||||
mosquitto-zigbee2mqtt-passwd = {
|
||||
source-file = zigbee2mqtt-passwd-file;
|
||||
target-file = "/run/mosquitto-secrets/zigbee2mqtt.passwd";
|
||||
user = mosquitto-user;
|
||||
};
|
||||
mosquitto-home-assistant-passwd = {
|
||||
source-file = home-assistant-passwd-file;
|
||||
source-file = host-passwds.mosquitto-home-assistant;
|
||||
target-file = "/run/mosquitto-secrets/home-assistant.passwd";
|
||||
user = mosquitto-user;
|
||||
};
|
||||
mosquitto-niten-passwd = {
|
||||
source-file = host-passwds.mosquitto-niten;
|
||||
target-file = "/run/mosquitto-secrets/niten.passwd";
|
||||
user = mosquitto-user;
|
||||
};
|
||||
mosquitto-xiaoxuan-passwd = {
|
||||
source-file = host-passwds.mosquitto-xiaoxuan;
|
||||
target-file = "/run/mosquitto-secrets/xiaoxuan.passwd";
|
||||
user = mosquitto-user;
|
||||
};
|
||||
};
|
||||
|
||||
systemd = {
|
||||
|
@ -82,9 +91,14 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
zigbee2mqtt.after =
|
||||
[ config.fudo.secrets.secret-target "mosquitto.service" ];
|
||||
mosquitto.after = [ config.fudo.secrets.secret-target ];
|
||||
zigbee2mqtt = {
|
||||
after = [ config.fudo.secrets.secret-target "mosquitto.service" ];
|
||||
restartIfChanged = true;
|
||||
};
|
||||
mosquitto = {
|
||||
after = [ config.fudo.secrets.secret-target ];
|
||||
restartIfChanged = true;
|
||||
};
|
||||
};
|
||||
|
||||
tmpfiles.rules = [
|
||||
|
@ -104,7 +118,6 @@ in {
|
|||
in { dialout.members = [ zigbee2mqtt-user ]; };
|
||||
|
||||
services = {
|
||||
blueman.enable = true;
|
||||
openssh.hostKeys = [
|
||||
{
|
||||
path = "${state-dir}/ssh/ssh_host_rsa_key";
|
||||
|
@ -148,6 +161,14 @@ in {
|
|||
host-secrets.mosquitto-home-assistant-passwd.target-file;
|
||||
acl = [ "readwrite #" ];
|
||||
};
|
||||
niten = {
|
||||
passwordFile = host-secrets.mosquitto-niten-passwd.target-file;
|
||||
acl = [ "readwrite #" ];
|
||||
};
|
||||
xiaoxuan = {
|
||||
passwordFile = host-secrets.mosquitto-xiaoxuan-passwd.target-file;
|
||||
acl = [ "readwrite #" ];
|
||||
};
|
||||
};
|
||||
}];
|
||||
};
|
||||
|
@ -155,6 +176,7 @@ in {
|
|||
zigbee2mqtt = {
|
||||
enable = true;
|
||||
dataDir = zigbee2mqtt-statedir;
|
||||
package = pkgs.pkgsUnstable.zigbee2mqtt;
|
||||
settings = {
|
||||
homeassistant = true;
|
||||
permit_join = true;
|
||||
|
@ -167,8 +189,15 @@ in {
|
|||
# described https://www.zigbee2mqtt.io/guide/configuration/mqtt.html#server-connection
|
||||
# Weird, though.
|
||||
};
|
||||
advanced.log_level = "debug";
|
||||
};
|
||||
};
|
||||
|
||||
avahi = {
|
||||
enable = true;
|
||||
reflector = true;
|
||||
interfaces = [ "intif0" "worm0" ];
|
||||
};
|
||||
};
|
||||
|
||||
virtualisation = {
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
const definition = {
|
||||
zigbeeModel: ['AQSZB-110'],
|
||||
model: 'AQSZB-110',
|
||||
vendor: 'Frient',
|
||||
description: 'Frient Air Quarity Sensor',
|
||||
fromZigbee: [fz.temperature],
|
||||
toZigbee: [],
|
||||
exposes: [e.battery(), e.temperature(), e.humidity()],
|
||||
};
|
||||
|
||||
module.exports = definition;
|
|
@ -51,7 +51,13 @@ in {
|
|||
};
|
||||
pulse.enable = true;
|
||||
jack.enable = true;
|
||||
media-session = {
|
||||
enable = true;
|
||||
config.alsa-monitor = { api.alsa.headroom = 1024; };
|
||||
};
|
||||
};
|
||||
|
||||
udev.packages = with pkgs; [ via ];
|
||||
};
|
||||
|
||||
security = {
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
{
|
||||
with lib; {
|
||||
imports = [ ./common-ui.nix ];
|
||||
|
||||
networking.networkmanager.enable = mkForce false;
|
||||
|
|
|
@ -47,13 +47,20 @@ in {
|
|||
|
||||
config = {
|
||||
environment = {
|
||||
systemPackages = with pkgs;
|
||||
[ emacs-nox reboot-if-necessary test-config ];
|
||||
systemPackages = with pkgs; [ emacs-nox reboot-if-necessary test-config ];
|
||||
};
|
||||
|
||||
networking.networkmanager.enable = mkForce false;
|
||||
|
||||
services.xserver.enable = false;
|
||||
services = {
|
||||
nginx = {
|
||||
recommendedProxySettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
};
|
||||
xserver.enable = false;
|
||||
};
|
||||
|
||||
sound.enable = false;
|
||||
hardware.pulseaudio.enable = false;
|
||||
|
|
|
@ -0,0 +1,149 @@
|
|||
{ config, lib, pkgs, ... }@toplevel:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.fudo.services.chat;
|
||||
|
||||
hostname = config.instance.hostname;
|
||||
domain-name = config.instance.local-domain;
|
||||
domain = config.fudo.domains.${domain-name};
|
||||
chat-server = domain.chat-server;
|
||||
isChatServer = hostname == chat-server;
|
||||
chat-fqdn = "${cfg.host-alias}.${domain-name}";
|
||||
mail-server = "mail.${domain-name}";
|
||||
|
||||
host-ip = "192.168.19.1";
|
||||
container-ip = "192.168.19.2";
|
||||
|
||||
host-secrets = config.fudo.secrets.host-secrets.${hostname};
|
||||
|
||||
seed = config.instance.build-seed;
|
||||
|
||||
mattermost-mail-passwd-file =
|
||||
pkgs.lib.passwd.stablerandom-passwd-file "mattermost-email" seed;
|
||||
|
||||
in {
|
||||
options.fudo.services.chat = with types; {
|
||||
host-alias = mkOption {
|
||||
type = str;
|
||||
description = "CNAME to use for the chat server.";
|
||||
default = "chat";
|
||||
};
|
||||
|
||||
site-name = mkOption {
|
||||
type = str;
|
||||
description = "Name of the chat site.";
|
||||
default = "Fudo Chat";
|
||||
};
|
||||
|
||||
state-directory = mkOption {
|
||||
type = str;
|
||||
description =
|
||||
"Path at which to store chat server state. Must be persistent.";
|
||||
};
|
||||
|
||||
external-interface = mkOption {
|
||||
type = str;
|
||||
description = "Public-facing external interface, for outgoing traffic.";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf (chat-server != null) {
|
||||
networking.nat = mkIf isChatServer {
|
||||
enable = true;
|
||||
internalInterfaces = [ "ve-fudo-chat" ];
|
||||
externalInterface = cfg.external-interface;
|
||||
};
|
||||
|
||||
fudo = {
|
||||
users.chat = {
|
||||
uid = 20001;
|
||||
primary-group = "fudo";
|
||||
common-name = cfg.site-name;
|
||||
ldap-hashed-passwd = pkgs.lib.passwd.hash-ldap-passwd "mattermost-chat"
|
||||
mattermost-mail-passwd-file;
|
||||
};
|
||||
|
||||
zones.${domain.zone}.aliases.chat =
|
||||
pkgs.lib.network.host-fqdn config chat-server;
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = mkIf isChatServer [
|
||||
"d ${cfg.state-directory}/mattermost 0700 - - - -"
|
||||
"d ${cfg.state-directory}/postgresql 0700 - - - -"
|
||||
];
|
||||
|
||||
services.nginx = mkIf isChatServer {
|
||||
enable = true;
|
||||
recommendedProxySettings = true;
|
||||
virtualHosts."${chat-fqdn}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://${container-ip}:1234";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
containers.fudo-chat = mkIf isChatServer {
|
||||
ephemeral = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = host-ip;
|
||||
localAddress = container-ip;
|
||||
autoStart = true;
|
||||
|
||||
bindMounts = {
|
||||
"/var/lib/mattermost" = {
|
||||
hostPath = "${cfg.state-directory}/mattermost";
|
||||
isReadOnly = false;
|
||||
};
|
||||
"/var/lib/postgresql" = {
|
||||
hostPath = "${cfg.state-directory}/postgresql";
|
||||
isReadOnly = false;
|
||||
};
|
||||
};
|
||||
|
||||
config = { config, lib, ... }: {
|
||||
networking = {
|
||||
defaultGateway = host-ip;
|
||||
firewall.enable = false;
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /var/lib/mattermost 700 ${config.services.mattermost.user} - - -"
|
||||
"d /var/lib/postgresql 700 ${config.systemd.services.postgresql.serviceConfig.User} - - -"
|
||||
];
|
||||
|
||||
services = {
|
||||
postgresql.dataDir = "/var/lib/postgresql";
|
||||
|
||||
mattermost = {
|
||||
enable = true;
|
||||
siteUrl = "https://${chat-fqdn}";
|
||||
siteName = cfg.site-name;
|
||||
statePath = "/var/lib/mattermost";
|
||||
listenAddress = "${container-ip}:1234";
|
||||
localDatabaseCreate = true;
|
||||
extraConfig = {
|
||||
EmailSettings = {
|
||||
RequireEmailVerification = true;
|
||||
SMTPServer = mail-server;
|
||||
SMTPPort = "587";
|
||||
ConnectionSecurity = "STARTTLS";
|
||||
EnableSMTPAuth = true;
|
||||
SMTPUsername = "chat";
|
||||
# TODO: Ugh
|
||||
SMTPPassword = readFile mattermost-mail-passwd-file;
|
||||
SendEmailNotifications = true;
|
||||
FeedbackEmail = "chat@${domain-name}";
|
||||
FeedbackName = cfg.site-name;
|
||||
};
|
||||
EnableEmailNotifications = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -3,6 +3,7 @@
|
|||
{
|
||||
imports = [
|
||||
./service/backplane.nix
|
||||
./service/chat.nix
|
||||
./service/chute.nix
|
||||
./service/dns.nix
|
||||
./service/fudo-auth.nix
|
||||
|
|
|
@ -77,110 +77,97 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
systemd = {
|
||||
# paths.host-keytab-modified = {
|
||||
# wantedBy = [ "multi-user.target" ];
|
||||
# pathConfig = {
|
||||
# PathChanged = "/etc/krb5.keytab";
|
||||
# Unit = "host-keytab-modified.service";
|
||||
# };
|
||||
# };
|
||||
|
||||
# services.host-keytab-modified = {
|
||||
# description = "Operations to execute when keytab is changed.";
|
||||
# script = "${pkgs.systemd}/bin/systemctl restart rpc-gssd.service";
|
||||
# };
|
||||
|
||||
services = {
|
||||
# host-keytab-watcher = {
|
||||
# wantedBy = [ "rpc-gssd.service" "rpc-svcgssd.service" ];
|
||||
# before = [ "rpc-gssd.service" "rpc-svcgssd.service" ];
|
||||
# serviceConfig = {
|
||||
# ExecStart = "${pkgs.coreutils}/bin/sleep 500";
|
||||
# TimeoutStartSec = "3600";
|
||||
# RemainAfterExit = true;
|
||||
# };
|
||||
# };
|
||||
|
||||
rpc-gssd = {
|
||||
after = [ config.fudo.secrets.secret-target ];
|
||||
unitConfig = { ConditionPathExists = mkForce [ ]; };
|
||||
systemd.services = {
|
||||
host-keytab-watcher = {
|
||||
wantedBy = [
|
||||
"rpc-gssd-override.service"
|
||||
"rpc-svcgssd-override.service"
|
||||
"auth-rpcgss-module.service"
|
||||
];
|
||||
before = [
|
||||
"rpc-gssd-override.service"
|
||||
"rpc-svcgssd-override.service"
|
||||
"auth-rpcgss-module.service"
|
||||
];
|
||||
after = [ config.fudo.secrets.secret-target ];
|
||||
serviceConfig = {
|
||||
ExecStartPre = "${pkgs.coreutils}/bin/test -f /etc/krb5.keytab";
|
||||
ExecStart = "${pkgs.coreutils}/bin/true";
|
||||
TimeoutStartSec = "360";
|
||||
RemainAfterExit = true;
|
||||
Restart = "on-failure";
|
||||
RestartSec = "2";
|
||||
};
|
||||
rpc-svcgssd = {
|
||||
after = [ config.fudo.secrets.secret-target ];
|
||||
unitConfig = { ConditionPathExists = mkForce [ ]; };
|
||||
};
|
||||
|
||||
auth-rpcgss-module.enable = false;
|
||||
rpc-gssd.enable = false;
|
||||
rpc-svcgssd.enable = false;
|
||||
|
||||
auth-rpcgss-module-override = {
|
||||
description = "Kernel Module supporting RPCSEC_GSS";
|
||||
before = [
|
||||
"gssproxy.service"
|
||||
"rpc-svcgssd-override.service"
|
||||
"rpc-gssd-override.service"
|
||||
];
|
||||
wantedBy = [ "nfs-client.target" "nfs-server.target" ];
|
||||
wants = [
|
||||
"gssproxy.service"
|
||||
"rpc-svcgssd-override.service"
|
||||
"rpc-gssd-override.service"
|
||||
"host-keytab-watcher.service"
|
||||
];
|
||||
after = [ "host-keytab-watcher.service" ];
|
||||
partOf = [ "nfs-utils.service" "nfs-server.service" ];
|
||||
unitConfig = {
|
||||
DefaultDependencies = false;
|
||||
ConditionPathExists =
|
||||
[ "|!/run/gssproxy.pid" "|!/proc/net/rpc/use-gss-proxy" ];
|
||||
};
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${pkgs.kmod}/bin/modprobe -q auth_rpcgss";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
};
|
||||
|
||||
rpc-gssd-override = {
|
||||
description = "RPC security service for NFS client and server";
|
||||
wantedBy = [ "auth-rpcgss-module.service" ];
|
||||
conflicts = [ "umount.target" ];
|
||||
after = [ "host-keytab-watcher.service" "rpc_pipefs.target" ];
|
||||
wants = [ "host-keytab-watcher.service" ];
|
||||
requires = [ "rpc_pipefs.target" ];
|
||||
partOf = [ "nfs-utils.service" ];
|
||||
unitConfig.DefaultDependencies = false;
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
ExecStart = "${pkgs.nfs-utils}/bin/rpc.gssd";
|
||||
};
|
||||
};
|
||||
|
||||
rpc-svcgssd-override = {
|
||||
description = "RPC security service for NFS server";
|
||||
wantedBy = [ "auth-rpcgss-module.service" ];
|
||||
after =
|
||||
[ "host-keytab-watcher.service" "local-fs.target" "gssproxy.service" ];
|
||||
wants = [ "host-keytab-watcher.service" ];
|
||||
partOf = [ "nfs-utils.service" "nfs-server.service" ];
|
||||
unitConfig = {
|
||||
DefaultDependencies = false;
|
||||
ConditionPathExists =
|
||||
[ "|!/run/gssproxy.pid" "|!/proc/net/rpc/use-gss-proxy" ];
|
||||
};
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
ExecStart = "${pkgs.nfs-utils}/bin/rpc.svcgssd";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# systemd = {
|
||||
# ## This fails if the filesystems already exist
|
||||
# # tmpfiles.rules = [
|
||||
# # "d /net/documents - root sea-documents - -"
|
||||
# # "d /net/downloads - root sea-downloads - -"
|
||||
# # "d /net/projects - root sea-projects - -"
|
||||
# # ];
|
||||
|
||||
# mounts = let
|
||||
# mkOpts =
|
||||
# concatStringsSep ",";
|
||||
# in [
|
||||
# {
|
||||
# enable = true;
|
||||
# what = "nostromo.${local-domain}:/export/documents";
|
||||
# where = "/net/documents";
|
||||
# type = "nfs";
|
||||
# options = mkOpts [
|
||||
# "vers=4"
|
||||
# "minorversion=2"
|
||||
# "sec=krb5p"
|
||||
# "x-systemd.automount"
|
||||
# "proto=tcp"
|
||||
# ];
|
||||
# description = "sea-store documents on encrypted filesysem.";
|
||||
# }
|
||||
# {
|
||||
# enable = true;
|
||||
# what = "nostromo.${local-domain}:/export/downloads";
|
||||
# where = "/net/downloads";
|
||||
# type = "nfs";
|
||||
# options = mkOpts [
|
||||
# "vers=4"
|
||||
# "minorversion=2"
|
||||
# "sec=krb5i"
|
||||
# "x-systemd.automount"
|
||||
# "proto=tcp"
|
||||
# ];
|
||||
# description = "sea-store downloads on encrypted filesysem.";
|
||||
# }
|
||||
# {
|
||||
# enable = true;
|
||||
# what = "nostromo.${local-domain}:/export/projects";
|
||||
# where = "/net/projects";
|
||||
# type = "nfs";
|
||||
# options = mkOpts [
|
||||
# "vers=4"
|
||||
# "minorversion=2"
|
||||
# "sec=krb5p"
|
||||
# "x-systemd.automount"
|
||||
# "proto=tcp"
|
||||
# ];
|
||||
# description = "sea-store projects on encrypted filesysem.";
|
||||
# }
|
||||
# ];
|
||||
# };
|
||||
|
||||
services.printing = {
|
||||
enable = true;
|
||||
drivers = [
|
||||
# pkgs.brlaser
|
||||
# pkgs.brgenml1lpr
|
||||
pkgs.brgenml1cupswrapper
|
||||
# pkgs.hll2380dw-cups
|
||||
|
||||
# pkgs.hll2380dw-lpr
|
||||
];
|
||||
drivers = [ pkgs.brgenml1cupswrapper ];
|
||||
};
|
||||
|
||||
# environment.systemPackages = with pkgs; [ hll2380dw-cups ];
|
||||
}
|
||||
|
|
|
@ -470,12 +470,12 @@
|
|||
};
|
||||
|
||||
# Used to send messages from the chat server
|
||||
chat = {
|
||||
uid = 10111;
|
||||
primary-group = "fudo";
|
||||
common-name = "Fudo Chat";
|
||||
ldap-hashed-passwd = "{SSHA}XDYAM2JE4PXssywRzO4tVSbn5lUZOgg7";
|
||||
};
|
||||
# chat = {
|
||||
# uid = 10111;
|
||||
# primary-group = "fudo";
|
||||
# common-name = "Fudo Chat";
|
||||
# ldap-hashed-passwd = "{SSHA}XDYAM2JE4PXssywRzO4tVSbn5lUZOgg7";
|
||||
# };
|
||||
|
||||
kevinyinjunjie = {
|
||||
uid = 10112;
|
||||
|
@ -507,5 +507,15 @@
|
|||
"$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/";
|
||||
email = "viator@informis.land";
|
||||
};
|
||||
|
||||
jasper = {
|
||||
uid = 10116;
|
||||
primary-group = "selby";
|
||||
common-name = "Jasper";
|
||||
login-hashed-passwd =
|
||||
"$6$ggREeoA2HUmXDDbh$zPEyroAAiSPKseTb.qt4ByLaYBhV08x0hqOz4dnt4wEqcaWtOpBt3UoTpHxyDc2/inMzkRggBwfr.Zm0vI7mp1";
|
||||
ldap-hashed-passwd = "{SSHA}5OCmPaKrkEG3Q4DOWibsPweuBShsMAz2";
|
||||
email = "jasper@selby.ca";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -7,9 +7,8 @@ let
|
|||
in {
|
||||
imports = [
|
||||
(initialize {
|
||||
hostname = local.hostname;
|
||||
inherit (local) pkgs hostname;
|
||||
home-manager-package = <home-manager>;
|
||||
pkgs = pkgs;
|
||||
include-secrets = false;
|
||||
})
|
||||
];
|
||||
|
|
82
flake.lock
82
flake.lock
|
@ -162,11 +162,11 @@
|
|||
"rotate-text": "rotate-text"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1645751511,
|
||||
"narHash": "sha256-i3cMaHdaxwfeJEKVgk3Sxx/IRfjwNcThaCMcq4uv9jg=",
|
||||
"lastModified": 1649509049,
|
||||
"narHash": "sha256-gLmRO2gPqjLPmFBhgFkl1nbBzJlNV0lmXMzapbw9qac=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-doom-emacs",
|
||||
"rev": "ef434602f6f2a8b469d1b01f9edff4f5b6d7f555",
|
||||
"rev": "f3f40f333c3214c9614c23b6abd1ae498af3e5b5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -195,11 +195,11 @@
|
|||
"doom-snippets": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1645652740,
|
||||
"narHash": "sha256-ci5QsTkzmfSd7Pfoe+RActuSOmMY2TvJL7f2giCwNEI=",
|
||||
"lastModified": 1646222996,
|
||||
"narHash": "sha256-YhOnoNSpmcKNJg+aS/829zqXStMkKWXWf1pulHEBcpQ=",
|
||||
"owner": "hlissner",
|
||||
"repo": "doom-snippets",
|
||||
"rev": "02aca23fef94fc7a58836fd1812d62e731249fa3",
|
||||
"rev": "f61c23ece1ad47c0522059ac45085fd283ce4452",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -211,11 +211,11 @@
|
|||
"emacs-overlay": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1645953123,
|
||||
"narHash": "sha256-Be06ikbfQTuRwsU6nxNbMSvSUOzmGzDOLBKXFMekrcA=",
|
||||
"lastModified": 1649586061,
|
||||
"narHash": "sha256-gFAHrrY0i71WIP16FGo3pgNKTZ5m5L6FtQsOYpne9gk=",
|
||||
"owner": "nix-community",
|
||||
"repo": "emacs-overlay",
|
||||
"rev": "058e38892484c1ab517c890b0aaee5d53565a494",
|
||||
"rev": "16262a84ef07fb0e8cfc592b65d786b086840065",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -388,11 +388,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1649111994,
|
||||
"narHash": "sha256-KVRN3pahTca8gCcppDgr+hY+6xeCL0nQUpLT/l2uGS8=",
|
||||
"lastModified": 1653253887,
|
||||
"narHash": "sha256-Z88Ck6nCW+zOfsxtHa+7hB2uPPuHotAkpRZqE2KoyF8=",
|
||||
"ref": "master",
|
||||
"rev": "1e478f59eaadd1b3e857045ad812b45c9bad238f",
|
||||
"revCount": 89,
|
||||
"rev": "52b7da1ceccb919787685875a21a1d2356c6cc1f",
|
||||
"revCount": 93,
|
||||
"type": "git",
|
||||
"url": "https://git.fudo.org/fudo-nix/entities.git"
|
||||
},
|
||||
|
@ -413,11 +413,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1649445221,
|
||||
"narHash": "sha256-g2QZSTNDv42oxFI1+zt/rGIvPHM52RZ8olPFru/7Mnc=",
|
||||
"lastModified": 1654020774,
|
||||
"narHash": "sha256-iOdg/2Jl3Mh1UiJF8vLvW5KnJ5osGJIukmL/7F6RQ3k=",
|
||||
"ref": "master",
|
||||
"rev": "8d94134bff85ed39d371b7dd895a9265c5b161b2",
|
||||
"revCount": 138,
|
||||
"rev": "b9db0696c37275021c3fcbf810cd42522ebc405b",
|
||||
"revCount": 160,
|
||||
"type": "git",
|
||||
"url": "https://git.fudo.org/fudo-nix/home.git"
|
||||
},
|
||||
|
@ -443,7 +443,7 @@
|
|||
},
|
||||
"fudo-lib_2": {
|
||||
"locked": {
|
||||
"narHash": "sha256-fBiGlPgqsl5t08IlV1sehtAaOAI2eJqCXKQgdnwMzy0=",
|
||||
"narHash": "sha256-IZsP2NrqUbz0p3KeTnT7U8RjvSkHODmJTePBSGNmlxw=",
|
||||
"path": "/state/fudo-lib",
|
||||
"type": "path"
|
||||
},
|
||||
|
@ -454,11 +454,11 @@
|
|||
},
|
||||
"fudo-pkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1643841844,
|
||||
"narHash": "sha256-rmTIL94RQQaFhMHCopmeFUVAoP71nSA6sB46riDq2Ik=",
|
||||
"lastModified": 1648662131,
|
||||
"narHash": "sha256-wOJyR8xFQQhZ7gjK+sj3rJND8ORIHPuINNfQsdjM0BE=",
|
||||
"ref": "master",
|
||||
"rev": "7e02ad0e7d9ac42605ed318e9d76364ec1d339ec",
|
||||
"revCount": 41,
|
||||
"rev": "c5180cbacd66673a3e8fcd0ce2c4abff119bbe93",
|
||||
"revCount": 54,
|
||||
"type": "git",
|
||||
"url": "https://git.fudo.org/fudo-nix/pkgs.git"
|
||||
},
|
||||
|
@ -497,7 +497,7 @@
|
|||
"ssh-keypairs": "ssh-keypairs"
|
||||
},
|
||||
"locked": {
|
||||
"narHash": "sha256-sDzbS0AnaNCrdiYR3oEsFljzxw128JsVx4exBNAjZo0=",
|
||||
"narHash": "sha256-N3N5RSPFSF/+tA3uqnBkhiiSNzBqsWsUBLXAqG1YS7c=",
|
||||
"path": "/state/secrets",
|
||||
"type": "path"
|
||||
},
|
||||
|
@ -556,11 +556,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1643933536,
|
||||
"narHash": "sha256-yRmsWAG4DnLxLIUtlaZsl0kH7rN5xSoyNRlf0YZrcH4=",
|
||||
"lastModified": 1648834319,
|
||||
"narHash": "sha256-i5Aj4Aw64D/A0X6XW5LxSS4XBnYj7gMz+kN4dpsbdk8=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "2860d7e3bb350f18f7477858f3513f9798896831",
|
||||
"rev": "0bdbdea2e26c984b096f4f7d10e3c88536a980b0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -585,11 +585,11 @@
|
|||
"niten-doom-config": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1640017877,
|
||||
"narHash": "sha256-9twZfDxSjX87NHzuEQXkm1Q037YS98jPQv3Hw4Uktiw=",
|
||||
"lastModified": 1649611838,
|
||||
"narHash": "sha256-O8+LwXi52WZHQrZRfjW+QwI99ppBiBpYQcWYNgqY+iU=",
|
||||
"ref": "master",
|
||||
"rev": "3d990cdf82fc7d5a6c8fd033e8bcf460fb27df1b",
|
||||
"revCount": 37,
|
||||
"rev": "c45feb7fd8acb0730dfc76ddd993773da5411b82",
|
||||
"revCount": 38,
|
||||
"type": "git",
|
||||
"url": "https://git.fudo.org/niten/doom-emacs.git"
|
||||
},
|
||||
|
@ -631,11 +631,11 @@
|
|||
},
|
||||
"nixpkgsUnstable": {
|
||||
"locked": {
|
||||
"lastModified": 1649225869,
|
||||
"narHash": "sha256-u1zLtPmQzhT9mNXyM8Ey9pk7orDrIKdwooeGDEXm5xM=",
|
||||
"lastModified": 1653931853,
|
||||
"narHash": "sha256-O3wncIouj9x7gBPntzHeK/Hkmm9M1SGlYq7JI7saTAE=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "b6966d911da89e5a7301aaef8b4f0a44c77e103c",
|
||||
"rev": "f1c167688a6f81f4a51ab542e5f476c8c595e457",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -739,11 +739,11 @@
|
|||
"org": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1645557265,
|
||||
"narHash": "sha256-vBOWOOfdUbvpTkqs2Lx+OCPfUdZdzAOdGxzHBSAslmo=",
|
||||
"lastModified": 1646280299,
|
||||
"narHash": "sha256-ZNkOfB8o2OHTh2t/ci8uv8aoV3I5IfAgIIOP3azD6eU=",
|
||||
"owner": "emacs-straight",
|
||||
"repo": "org-mode",
|
||||
"rev": "282a01f22159b4855071ffd54a9ae6ce681c3690",
|
||||
"rev": "91681fc03334285dc0879fcb9a27583bd7ab9782",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -815,11 +815,11 @@
|
|||
"revealjs": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1645450091,
|
||||
"narHash": "sha256-3fM1hKCbuIy8HzBv9JjjZW/RwE1CKeq++delBhbSvys=",
|
||||
"lastModified": 1646820626,
|
||||
"narHash": "sha256-J3bcoO/42FcPIqCU7ORiV7dcvJDKtEHG8N7/stEQqDg=",
|
||||
"owner": "hakimel",
|
||||
"repo": "reveal.js",
|
||||
"rev": "5e12c6aeb7a37acca7ca22c0bd29548f9ff282ea",
|
||||
"rev": "37861335a225a3cc9f67e98977aceda3c2a9eca9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -872,7 +872,7 @@
|
|||
"service-passwords": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"narHash": "sha256-4xEJlPU+KeBtQuFqRlB1bzJMXUQ6a+DT2v3OptaHyTg=",
|
||||
"narHash": "sha256-vnxG3as7SVq0yIXKsf3qHM58Sv6Dcm7NPg+kLg4QtNs=",
|
||||
"path": "/state/secrets/service-passwords",
|
||||
"type": "path"
|
||||
},
|
||||
|
@ -896,7 +896,7 @@
|
|||
"ssh-keypairs": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"narHash": "sha256-TlRfaYFuJxLUCarxZ1XYnW8PruKyYO5RErVGo5hTgo4=",
|
||||
"narHash": "sha256-pla2J8HmPHBVDp/2m/22lctwd6VvmJ2cik5n68jf3VY=",
|
||||
"path": "/state/secrets/ssh-keypairs",
|
||||
"type": "path"
|
||||
},
|
||||
|
|
210
flake.nix
210
flake.nix
|
@ -2,7 +2,7 @@
|
|||
description = "Fudo Host Configuration";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "nixpkgs/nixos-21.05";
|
||||
nixpkgs.url = "nixpkgs/nixos-22.05";
|
||||
|
||||
fudo-home = {
|
||||
url = "git+https://git.fudo.org/fudo-nix/home.git";
|
||||
|
@ -30,140 +30,122 @@
|
|||
chuteUnstable.url = "git+https://git.fudo.org/chute/chute.git?ref=master";
|
||||
|
||||
nixpkgsUnstable.url = "nixpkgs/nixos-unstable";
|
||||
|
||||
# zigbee2mqtt-converters.url = "path:/net/projects/niten/zigbee2mqtt-converters";
|
||||
};
|
||||
|
||||
outputs = { self,
|
||||
nixpkgs,
|
||||
fudo-home,
|
||||
fudo-lib,
|
||||
fudo-entities,
|
||||
fudo-pkgs,
|
||||
fudo-secrets,
|
||||
chute,
|
||||
chuteUnstable,
|
||||
nixpkgsUnstable,
|
||||
... } @ inputs:
|
||||
outputs = { self, nixpkgs, fudo-home, fudo-lib, fudo-entities, fudo-pkgs
|
||||
, fudo-secrets, chute, chuteUnstable, nixpkgsUnstable,
|
||||
# zigbee2mqtt-converters,
|
||||
... }@inputs:
|
||||
with nixpkgs.lib;
|
||||
let
|
||||
fudo-nixos-hosts = filterAttrs
|
||||
(hostname: hostOpts: hostOpts.nixos-system)
|
||||
(fudo-entities.entities.hosts);
|
||||
fudo-nixos-hosts = filterAttrs (hostname: hostOpts: hostOpts.nixos-system)
|
||||
fudo-entities.entities.hosts;
|
||||
|
||||
fudo-networks = fudo-entities.entities.networks;
|
||||
|
||||
unstable-for = arch: import nixpkgsUnstable {
|
||||
system = arch;
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
permittedInsecurePackages = [
|
||||
"openssh-with-gssapi-8.4p1"
|
||||
unstable-for = arch:
|
||||
import nixpkgsUnstable {
|
||||
system = arch;
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
permittedInsecurePackages = [ "openssh-with-gssapi-8.4p1" ];
|
||||
};
|
||||
};
|
||||
|
||||
pkgs-for = arch:
|
||||
let unstable = unstable-for arch;
|
||||
in import nixpkgs {
|
||||
system = arch;
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
permittedInsecurePackages = [ "openssh-with-gssapi-8.4p1" ];
|
||||
};
|
||||
overlays = [
|
||||
fudo-lib.overlay
|
||||
fudo-pkgs.overlay
|
||||
(final: prev: {
|
||||
chute = chute.packages.${arch}.chute;
|
||||
chuteUnstable = chuteUnstable.packages.${arch}.chute;
|
||||
})
|
||||
(final: prev: { pkgsUnstable = unstable; })
|
||||
(final: prev: { nyxt = unstable.nyxt; })
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
pkgs-for = arch: let
|
||||
unstable = unstable-for arch;
|
||||
in import nixpkgs {
|
||||
system = arch;
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
permittedInsecurePackages = [
|
||||
"openssh-with-gssapi-8.4p1"
|
||||
latest-modified-timestamp = head (sort (a: b: a > b)
|
||||
(map (input: toInt input.lastModifiedDate)
|
||||
(filter (input: hasAttr "lastModifiedDate" input)
|
||||
(attrValues inputs))));
|
||||
|
||||
concat-timestamp = timestamp: toInt (substring 0 10 (toString timestamp));
|
||||
|
||||
common-host-config = hostname: hostOpts:
|
||||
let
|
||||
config-dir = ./config;
|
||||
build-timestamp = concat-timestamp latest-modified-timestamp;
|
||||
in { config, ... }: {
|
||||
imports = [
|
||||
fudo-home.nixosModule
|
||||
fudo-secrets.nixosModule
|
||||
fudo-lib.nixosModule
|
||||
fudo-entities.nixosModule
|
||||
|
||||
# zigbee2mqtt-converters.nixosModule
|
||||
|
||||
./config
|
||||
(config-dir + "/hardware/${hostname}.nix")
|
||||
(config-dir + "/host-config/${hostname}.nix")
|
||||
(config-dir + "/profile-config/${hostOpts.profile}.nix")
|
||||
(config-dir + "/domain-config/${hostOpts.domain}.nix")
|
||||
(config-dir + "/site-config/${hostOpts.site}.nix")
|
||||
];
|
||||
};
|
||||
overlays = [
|
||||
fudo-lib.overlay
|
||||
fudo-pkgs.overlay
|
||||
(final: prev: {
|
||||
chute = chute.packages.${arch}.chute;
|
||||
chuteUnstable = chuteUnstable.packages.${arch}.chute;
|
||||
})
|
||||
(final: prev: {
|
||||
nyxt = unstable.nyxt;
|
||||
})
|
||||
];
|
||||
};
|
||||
|
||||
latest-modified-timestamp = head
|
||||
(sort (a: b: a > b)
|
||||
(map (input: toInt input.lastModifiedDate)
|
||||
(filter (input: hasAttr "lastModifiedDate" input)
|
||||
(attrValues inputs))));
|
||||
|
||||
concat-timestamp = timestamp:
|
||||
toInt (substring 0 10 (toString timestamp));
|
||||
|
||||
common-host-config = hostname: hostOpts: let
|
||||
config-dir = ./config;
|
||||
build-timestamp =
|
||||
concat-timestamp latest-modified-timestamp;
|
||||
in { config, ... }: {
|
||||
imports = [
|
||||
fudo-home.nixosModule
|
||||
fudo-secrets.nixosModule
|
||||
fudo-lib.nixosModule
|
||||
fudo-entities.nixosModule
|
||||
|
||||
./config
|
||||
(config-dir + /hardware/${hostname}.nix)
|
||||
(config-dir + /host-config/${hostname}.nix)
|
||||
(config-dir + /profile-config/${hostOpts.profile}.nix)
|
||||
(config-dir + /domain-config/${hostOpts.domain}.nix)
|
||||
(config-dir + /site-config/${hostOpts.site}.nix)
|
||||
];
|
||||
|
||||
config = let
|
||||
pkgs = pkgs-for hostOpts.arch;
|
||||
in {
|
||||
instance = let
|
||||
build-seed = builtins.readFile
|
||||
config.fudo.secrets.files.build-seed;
|
||||
config = let pkgs = pkgs-for hostOpts.arch;
|
||||
in {
|
||||
inherit hostname build-timestamp build-seed;
|
||||
};
|
||||
instance = let
|
||||
build-seed =
|
||||
builtins.readFile config.fudo.secrets.files.build-seed;
|
||||
in { inherit hostname build-timestamp build-seed; };
|
||||
|
||||
environment.etc.nixos-live.source = ./.;
|
||||
environment.etc.nixos-live.source = ./.;
|
||||
|
||||
nix = {
|
||||
registry = {
|
||||
nixpkgs.flake = nixpkgs;
|
||||
fudo-nixos.flake = self;
|
||||
fudo-entities.flake = fudo-entities;
|
||||
fudo-lib.flake = fudo-lib;
|
||||
fudo-pkgs.flake = fudo-pkgs;
|
||||
nix = {
|
||||
registry = {
|
||||
nixpkgs.flake = nixpkgs;
|
||||
fudo-nixos.flake = self;
|
||||
fudo-entities.flake = fudo-entities;
|
||||
fudo-lib.flake = fudo-lib;
|
||||
fudo-pkgs.flake = fudo-pkgs;
|
||||
};
|
||||
nixPath = let lib = nixpkgs.lib;
|
||||
in lib.mkDefault (lib.mkBefore [ "nixpkgs=${nixpkgs}" ]);
|
||||
};
|
||||
nixPath = let
|
||||
lib = nixpkgs.lib;
|
||||
in lib.mkDefault (lib.mkBefore [
|
||||
"nixpkgs=${nixpkgs}"
|
||||
]);
|
||||
|
||||
nixpkgs.pkgs = pkgs;
|
||||
};
|
||||
|
||||
nixpkgs.pkgs = pkgs;
|
||||
};
|
||||
};
|
||||
|
||||
nixos-host-config = hostname: hostOpts: let
|
||||
system = hostOpts.arch;
|
||||
in nixosSystem {
|
||||
inherit system;
|
||||
modules = [
|
||||
(common-host-config hostname hostOpts)
|
||||
];
|
||||
};
|
||||
nixos-host-config = hostname: hostOpts:
|
||||
let system = hostOpts.arch;
|
||||
in nixosSystem {
|
||||
inherit system;
|
||||
modules = [ (common-host-config hostname hostOpts) ];
|
||||
};
|
||||
|
||||
nixops-host-config = hostname: hostOpts: let
|
||||
zone-hosts = fudo-entities.entities.zones.${hostOpts.domain}.hosts;
|
||||
in {
|
||||
imports = [
|
||||
(common-host-config hostname hostOpts)
|
||||
nixops-host-config = hostname: hostOpts:
|
||||
let zone-hosts = fudo-entities.entities.zones.${hostOpts.domain}.hosts;
|
||||
in {
|
||||
imports = [
|
||||
(common-host-config hostname hostOpts)
|
||||
|
||||
({ ... }: {
|
||||
config.deployment.targetHost =
|
||||
zone-hosts.${hostname}.ipv4-address;
|
||||
})
|
||||
];
|
||||
};
|
||||
(_: {
|
||||
config.deployment.targetHost =
|
||||
zone-hosts.${hostname}.ipv4-address;
|
||||
})
|
||||
];
|
||||
};
|
||||
|
||||
in {
|
||||
nixosConfigurations = mapAttrs nixos-host-config fudo-nixos-hosts;
|
||||
|
|
Loading…
Reference in New Issue