From e9e61e24d469d4065b8e9549572ad7c2b92067cd Mon Sep 17 00:00:00 2001 From: niten Date: Fri, 8 Apr 2022 14:21:56 -0700 Subject: [PATCH] Many changes over time --- config/hardware/system3.nix | 30 +- config/hardware/wormhole0.nix | 72 ++-- config/hardware/zbox.nix | 10 +- config/host-config/lambda.nix | 10 +- config/host-config/limina.nix | 132 ++---- config/host-config/system3.nix | 37 +- config/host-config/wormhole0.nix | 184 ++++++++- config/profile-config/common-ui.nix | 31 +- config/profile-config/common.nix | 5 + config/profile-config/host/kerberos.nix | 106 ++--- config/site-config/seattle.nix | 50 ++- flake.lock | 36 +- live-disk/flake.lock | 522 ++++++++++++++++++++++++ live-disk/flake.nix | 2 +- 14 files changed, 929 insertions(+), 298 deletions(-) create mode 100644 live-disk/flake.lock diff --git a/config/hardware/system3.nix b/config/hardware/system3.nix index 1432f6a..543cbc6 100644 --- a/config/hardware/system3.nix +++ b/config/hardware/system3.nix @@ -4,7 +4,7 @@ with lib; let in { - system.stateVersion = "21.05"; + system.stateVersion = "21.11"; boot = { loader = { @@ -35,38 +35,38 @@ in { "/boot" = { device = "/dev/disk/by-label/SYS3-BOOT"; fsType = "vfat"; - options = [ "noexec" ]; + options = [ "noexec" "noatime" ]; }; "/" = { device = "system3-root"; fsType = "tmpfs"; - options = [ "mode=755" ]; + options = [ "mode=755" "noexec" ]; }; "/nix" = { - device = "/dev/disk/by-label/system3"; - fsType = "btrfs"; - options = [ "subvol=nix" "compress=zstd" "noatime" ]; + device = "/dev/disk/by-label/system3-data"; + fsType = "btrfs"; + options = [ "subvol=@nix" "compress=zstd" "noatime" ]; }; "/var/log" = { - device = "/dev/disk/by-label/system3"; - fsType = "btrfs"; - options = [ "subvol=log" "compress=zstd" "noatime" "noexec" ]; + device = "/dev/disk/by-label/system3-data"; + fsType = "btrfs"; + options = [ "subvol=@logs" "compress=zstd" "noatime" "noexec" ]; neededForBoot = true; }; "/state" = { - device = "/dev/disk/by-label/system3"; - fsType = "btrfs"; - options = [ "subvol=state" "compress=zstd" "noatime" ]; + device = "/dev/disk/by-label/system3-data"; + fsType = "btrfs"; + options = [ "subvol=@state" "compress=zstd" "noatime" ]; }; "/home" = { - device = "/dev/disk/by-label/system3"; - fsType = "btrfs"; - options = [ "subvol=home" "compress=zstd" "noatime" ]; + device = "/dev/disk/by-label/system3-data"; + fsType = "btrfs"; + options = [ "subvol=@home" "compress=zstd" "noatime" ]; }; }; diff --git a/config/hardware/wormhole0.nix b/config/hardware/wormhole0.nix index 103824a..3f30905 100644 --- a/config/hardware/wormhole0.nix +++ b/config/hardware/wormhole0.nix @@ -1,71 +1,89 @@ { config, lib, pkgs, modulesPath, ... }: with lib; { - system.stateVersion = "22.05"; + system.stateVersion = "21.11"; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot = { initrd = { - availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ]; + availableKernelModules = + [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; kernelModules = [ ]; }; loader = { - grub.enable = false; - # generic-extlinux-compatible.enable = true; - raspberryPi = { - enable = true; - version = 4; - }; + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; }; - tmpOnTmpfs = true; - - kernelModules = [ ]; - kernelPackages = pkgs.linuxPackages_rpi4; - kernelParams = [ - "8250.nr_uarts=1" - "console=ttyAMA0,115200" - "console=tty1" - ]; + tmpOnTmpfs = false; + kernelModules = [ "kvm-intel" ]; extraModulePackages = [ ]; }; hardware = { + bluetooth.enable = false; enableRedistributableFirmware = true; - # raspberry-pi."4".fkms-3d.enable = true; }; fileSystems = { "/" = { - device = "/dev/disk/by-label/NIXOS_SD"; - fsType = "ext4"; - options = [ "noatime" ]; + device = "wormhole0-root"; + fsType = "tmpfs"; + options = [ "mode=755" "noexec" "noatime" "nodiratime" ]; }; "/boot" = { - device = "/dev/disk/by-label/FIRMWARE"; + device = "/dev/disk/by-label/WORMBOOT"; fsType = "vfat"; - options = [ "noatime" ]; + options = [ "noexec" "noatime" "nodiratime" ]; + }; + + "/nix" = { + device = "/dev/disk/by-label/wormhole0-data"; + fsType = "btrfs"; + options = [ "subvol=@nix" "compress=zstd" "noatime" "nodiratime" ]; + }; + + "/var/log" = { + device = "/dev/disk/by-label/wormhole0-data"; + fsType = "btrfs"; + options = + [ "subvol=@logs" "compress=zstd" "noatime" "nodiratime" "noexec" ]; + }; + + "/state" = { + device = "/dev/disk/by-label/wormhole0-data"; + fsType = "btrfs"; + options = + [ "subvol=@state" "compress=zstd" "noatime" "nodiratime" "noexec" ]; }; }; - swapDevices = [ ]; + swapDevices = [{ device = "/dev/disk/by-label/wormhole0-swap"; }]; networking = { useDHCP = mkDefault false; macvlans = { intif0 = { - interface = "eth0"; + interface = "enp1s0"; + mode = "bridge"; + }; + wormif0 = { + interface = "enp3s0"; mode = "bridge"; }; }; interfaces = { - eth0.useDHCP = false; - intif0.macAddress = "02:fa:d4:07:cf:f4"; + enp1s0.useDHCP = false; + enp3s0.useDHCP = false; + intif0.macAddress = + pkgs.lib.network.generate-mac-address "wormhole0" "intif0"; + wormif0.macAddress = + pkgs.lib.network.generate-mac-address "wormhole0" "wormif0"; }; }; diff --git a/config/hardware/zbox.nix b/config/hardware/zbox.nix index 7274882..faa4b03 100644 --- a/config/hardware/zbox.nix +++ b/config/hardware/zbox.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -{ +{ boot = { loader = { systemd-boot.enable = true; @@ -12,7 +12,7 @@ kernelModules = [ ]; }; kernelModules = [ "kvm-intel" ]; - kernelPackages = pkgs.linuxPackages_latest; + # kernelPackages = pkgs.linuxPackages_latest; extraModulePackages = [ ]; }; @@ -34,7 +34,8 @@ "/state" = { device = "/dev/disk/by-label/zbox-data"; fsType = "btrfs"; - options = [ "noatime" "nodiratime" "compress=zstd" "noexec" "subvol=@state" ]; + options = + [ "noatime" "nodiratime" "compress=zstd" "noexec" "subvol=@state" ]; }; "/nix" = { @@ -46,7 +47,8 @@ "/var/log" = { device = "/dev/disk/by-label/zbox-data"; fsType = "btrfs"; - options = [ "noatime" "nodiratime" "compress=zstd" "noexec" "subvol=@logs" ]; + options = + [ "noatime" "nodiratime" "compress=zstd" "noexec" "subvol=@logs" ]; }; "/home" = { diff --git a/config/host-config/lambda.nix b/config/host-config/lambda.nix index ad9b257..b022c7d 100644 --- a/config/host-config/lambda.nix +++ b/config/host-config/lambda.nix @@ -92,8 +92,7 @@ in { virtualHosts."home.sea.fudo.org" = { locations."/" = { - proxyPass = - "http://localhost:${toString home-assistant-port}"; + proxyPass = "http://localhost:${toString home-assistant-port}"; proxyWebsockets = true; }; }; @@ -113,10 +112,9 @@ in { image = "homeassistant/home-assistant:stable"; autoStart = true; environment.TZ = config.time.timeZone; - ports = [ "${toString home-assistant-port}:8123" ]; - volumes = [ - "/state/services/home-assistant:/config" - ]; + # ports = [ "${toString home-assistant-port}:8123" ]; + volumes = [ "/state/services/home-assistant:/config" ]; + extraOptions = [ "--network=host" "--device=/dev/ttyACM0" ]; }; # shinobi = { diff --git a/config/host-config/limina.nix b/config/host-config/limina.nix index bded28d..40768e5 100644 --- a/config/host-config/limina.nix +++ b/config/host-config/limina.nix @@ -20,10 +20,17 @@ in { intif0 = { useDHCP = false; - ipv4.addresses = [{ - address = primary-ip; - prefixLength = 16; - }]; + ipv4 = { + addresses = [{ + address = primary-ip; + prefixLength = 16; + }]; + routes = [{ + address = "192.168.86.0"; + prefixLength = 24; + via = "10.0.0.3"; + }]; + }; }; intif1 = { useDHCP = false; }; intif2 = { useDHCP = false; }; @@ -79,38 +86,8 @@ in { }; }; - # virtualisation = { - # docker = { - # enable = true; - # autoPrune.enable = true; - # enableOnBoot = true; - # }; - - # oci-containers = { - # backend = "docker"; - # containers = { - # pihole = { - # image = "pihole/pihole:2021.10"; - # autoStart = true; - # ports = [ "5353:53/tcp" "5353:53/udp" "3080:80/tcp" ]; - # environment = { - # # ServerIP = primary-ip; - # VIRTUAL_HOST = "dns-hole.sea.fudo.org"; - # DNS1 = "${primary-ip}#${toString dns-proxy-port}"; - # }; - # volumes = [ - # "/state/pihole/etc-pihole/:/etc/pihole/" - # "/state/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/" - # ]; - # }; - # }; - # }; - # }; - # Support for statelessness environment.etc = { - # TODO: replace with current config - # nixos.source = "/state/nixos"; NIXOS.source = "/state/etc/NIXOS"; "host-config.nix".source = "/state/etc/host-config.nix"; }; @@ -123,79 +100,34 @@ in { "L /root/.ssh/known_hosts - - - - /state/root/ssh/known_hosts" ]; - # security.acme.certs."sea-camera.fudo.link".email = "niten@fudo.org"; + security.acme.email = "niten@fudo.org"; networking.firewall.allowedTCPPorts = [ 80 443 ]; systemd.services.nginx.requires = [ "bind.service" ]; services = { - # nginx = { - # enable = true; - # recommendedGzipSettings = true; - # recommendedOptimisation = true; - # recommendedProxySettings = true; + nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; - # virtualHosts = { - # "dns-hole.${domain-name}" = { - # serverAliases = [ - # "pi-hole.${domain-name}" - # "pihole.${domain-name}" - # "hole.${domain-name}" - # "pi-hole" - # "pihole" - # "dns-hole" - # "hole" - # ]; - - # locations."/" = { proxyPass = "http://127.0.0.1:3080"; }; - # }; - - # ## This keeps failing, too many requests...give it a rest for now - # # "sea-camera.fudo.link" = { - # # enableACME = true; - # # forceSSL = true; - - # # locations."/" = { - # # # proxyPass = "http://cargo.sea.fudo.org:5000/webman/3rdparty/SurveillanceStation/"; - # # proxyPass = "http://cargo.sea.fudo.org:5000/"; - - # # extraConfig = '' - # # proxy_http_version 1.1; - # # proxy_set_header Upgrade $http_upgrade; - # # proxy_set_header Connection "Upgrade"; - - # # proxy_set_header Host $host; - # # # proxy_set_header X-Real-IP $remote_addr; - # # # proxy_set_header X-Forwarded-By $server_addr:$server_port; - # # # proxy_set_header X-Forwarded-For $remote_addr; - # # # proxy_set_header X-Forwarded-Proto $scheme; - # # ''; - # # }; - # # }; - - # # "sea-camera-od.fudo.link" = { - # # enableACME = true; - # # forceSSL = true; - - # # locations."/" = { - # # proxyPass = "http://panopticon-od.sea.fudo.org"; - - # # extraConfig = '' - # # proxy_http_version 1.1; - # # proxy_set_header Upgrade $http_upgrade; - # # proxy_set_header Connection "Upgrade"; - - # # proxy_set_header Host $host; - # # proxy_set_header X-Real-IP $remote_addr; - # # proxy_set_header X-Forwarded-By $server_addr:$server_port; - # # proxy_set_header X-Forwarded-For $remote_addr; - # # proxy_set_header X-Forwarded-Proto $scheme; - # # ''; - # # }; - # # }; - # }; - # }; + virtualHosts = { + "sea-home.fudo.link" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://home-assist.sea.fudo.org/"; + extraConfig = '' + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + ''; + }; + }; + }; + }; openssh = { hostKeys = [ diff --git a/config/host-config/system3.nix b/config/host-config/system3.nix index c42a67a..0b036e4 100644 --- a/config/host-config/system3.nix +++ b/config/host-config/system3.nix @@ -1,5 +1,6 @@ { config, lib, pkgs, ... }: +with lib; let state-dir = "/state"; in { fudo.slynk.enable = true; @@ -17,10 +18,12 @@ in { "L /root/.ssh/id_rsa.pub - - - - ${state-dir}/user/root/ssh/id_rsa.pub" "L /root/.ssh/known_hosts - - - - ${state-dir}/user/root/ssh/known_hosts" "L /var/lib/flatpak - - - - ${state-dir}/lib/flatpak" + "L /etc/adjtime - - - - ${state-dir}/etc/adjtime" ]; services = { blueman.enable = true; + openssh.hostKeys = [ { path = "${state-dir}/ssh/ssh_host_rsa_key"; @@ -30,40 +33,13 @@ in { { path = "${state-dir}/ssh/ssh_host_ed25519_key"; type = "ed25519"; - bits = 4096; } ]; }; environment.etc = { - "ssh/ssh_host_rsa_key" = { - source = "${state-dir}/ssh/ssh_host_rsa_key"; - user = "root"; - group = "root"; - mode = "0400"; - }; - "ssh/ssh_host_rsa_key.pub" = { - source = "${state-dir}/ssh/ssh_host_rsa_key.pub"; - user = "root"; - group = "root"; - mode = "0444"; - }; - "ssh/ssh_host_ed25519_key" = { - source = "${state-dir}/ssh/ssh_host_ed25519_key"; - user = "root"; - group = "root"; - mode = "0400"; - }; - "ssh/ssh_host_ed25519_key.pub" = { - source = "${state-dir}/ssh/ssh_host_ed25519_key.pub"; - user = "root"; - group = "root"; - mode = "0444"; - }; nixos.source = "/etc/nixos-live"; - "host-config.nix".source = "${state-dir}/host/host-config.nix"; - adjtime.source = "${state-dir}/host/adjtime"; - NIXOS.source = "${state-dir}/host/NIXOS"; + NIXOS.source = "${state-dir}/etc/NIXOS"; }; hardware = { @@ -73,9 +49,4 @@ in { }; xpadneo.enable = true; }; - - security.sudo.extraConfig = '' - # Due to rollback, sudo will lecture after every reboot - Defaults lecture = never - ''; } diff --git a/config/host-config/wormhole0.nix b/config/host-config/wormhole0.nix index 01a67ea..42924f0 100644 --- a/config/host-config/wormhole0.nix +++ b/config/host-config/wormhole0.nix @@ -3,8 +3,27 @@ with lib; let primary-ip = "10.0.0.3"; + state-dir = "/state"; + zigbee2mqtt-statedir = "${state-dir}/services/zigbee2mqtt"; + mosquitto-statedir = "${state-dir}/services/mosquitto"; + home-assistant-port = 8123; + + zigbee2mqtt-user = config.systemd.services.zigbee2mqtt.serviceConfig.User; + + mosquitto-user = config.systemd.services.mosquitto.serviceConfig.User; + + zigbee2mqtt-passwd-file = + pkgs.lib.passwd.random-passwd-file "zigbee2mqtt-passwd" 20; + + home-assistant-passwd-file = + pkgs.lib.passwd.stablerandom-passwd-file "home-assistant-passwd" + config.instance.build-seed; + + host-secrets = config.fudo.secrets.host-secrets.wormhole0; in { + boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; }; + networking = { hostName = "wormhole0"; @@ -19,24 +38,163 @@ in { interfaces = { intif0 = { - ipv4.addresses = [{ - address = primary-ip; - prefixLength = 24; - }]; + useDHCP = false; + ipv4 = { + addresses = [{ + address = primary-ip; + prefixLength = 24; + }]; + }; }; - wlan0.useDHCP = true; + wormif0.useDHCP = true; + + wlp2s0.useDHCP = false; + }; + + dhcpcd.extraConfig = concatStringsSep "\n" [ "nogateway" ]; + }; + + fudo.secrets.host-secrets.wormhole0 = { + mosquitto-zigbee2mqtt-passwd = { + source-file = zigbee2mqtt-passwd-file; + target-file = "/run/mosquitto-secrets/zigbee2mqtt.passwd"; + user = mosquitto-user; + }; + mosquitto-home-assistant-passwd = { + source-file = home-assistant-passwd-file; + target-file = "/run/mosquitto-secrets/home-assistant.passwd"; + user = mosquitto-user; }; }; - nix = { - # settings = { - # auto-optimise-store = true; - # }; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; + systemd = { + services = { + wormhole-route = { + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + serviceConfig = { + ExecStart = + "${pkgs.iproute2}/bin/ip route add 192.168.86.0/24 dev wormif0"; + ExecStop = + "${pkgs.iproute2}/bin/ip route del 192.168.86.0/24 dev wormif0"; + RemainAfterExit = true; + }; + }; + + zigbee2mqtt.after = + [ config.fudo.secrets.secret-target "mosquitto.service" ]; + mosquitto.after = [ config.fudo.secrets.secret-target ]; + }; + + tmpfiles.rules = [ + "L /root/.gnupg - - - - ${state-dir}/user/root/gnupg" + "L /root/.ssh/id_rsa - - - - ${state-dir}/user/root/ssh/id_rsa" + "L /root/.ssh/id_rsa.pub - - - - ${state-dir}/user/root/ssh/id_rsa.pub" + "L /root/.ssh/known_hosts - - - - ${state-dir}/user/root/ssh/known_hosts" + "L /etc/adjtime - - - - ${state-dir}/etc/adjtime" + "d /state/services 0711 root root - -" + "d ${zigbee2mqtt-statedir} 0700 ${zigbee2mqtt-user} - - -" + "d ${mosquitto-statedir} 0700 ${mosquitto-user} - - -" + ]; + }; + + users.groups = let + zigbee2mqtt-user = config.systemd.services.zigbee2mqtt.serviceConfig.User; + in { dialout.members = [ zigbee2mqtt-user ]; }; + + services = { + blueman.enable = true; + openssh.hostKeys = [ + { + path = "${state-dir}/ssh/ssh_host_rsa_key"; + type = "rsa"; + bits = 4096; + } + { + path = "${state-dir}/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + ]; + + nginx = { + enable = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedGzipSettings = true; + + virtualHosts."home-assist.sea.fudo.org" = { + locations."/" = { + proxyPass = "http://localhost:${toString home-assistant-port}"; + proxyWebsockets = true; + }; + }; + }; + + mosquitto = { + enable = true; + dataDir = mosquitto-statedir; + listeners = [{ + settings.allow_anonymous = false; + port = 1883; + users = { + zigbee2mqtt = { + passwordFile = + host-secrets.mosquitto-zigbee2mqtt-passwd.target-file; + acl = [ "readwrite #" ]; + }; + home-assistant = { + passwordFile = + host-secrets.mosquitto-home-assistant-passwd.target-file; + acl = [ "readwrite #" ]; + }; + }; + }]; + }; + + zigbee2mqtt = { + enable = true; + dataDir = zigbee2mqtt-statedir; + settings = { + homeassistant = true; + permit_join = true; + serial.port = "/dev/ttyUSB0"; + mqtt = { + server = "mqtt://127.0.0.1:1883"; + user = "zigbee2mqtt"; + password = readFile zigbee2mqtt-passwd-file; + # TODO: could make a yaml file containing password + # described https://www.zigbee2mqtt.io/guide/configuration/mqtt.html#server-connection + # Weird, though. + }; + }; }; }; + + virtualisation = { + docker = { + enable = true; + enableOnBoot = true; + autoPrune.enable = true; + }; + + oci-containers = { + backend = "docker"; + containers = { + home-assistant = { + image = "homeassistant/home-assistant:stable"; + autoStart = true; + environment.TZ = config.time.timeZone; + #ports = [ "${toString home-assistant-port}:8123" ]; + volumes = [ "/state/services/home-assistant:/config" ]; + extraOptions = [ "--network=host" ]; + }; + }; + }; + }; + + security.sudo.extraConfig = '' + # Due to rollback, sudo will lecture after every reboot + Defaults lecture = never + ''; } diff --git a/config/profile-config/common-ui.nix b/config/profile-config/common-ui.nix index bf8a511..1656f79 100644 --- a/config/profile-config/common-ui.nix +++ b/config/profile-config/common-ui.nix @@ -37,6 +37,26 @@ in { }; trezord.enable = true; + + gnome = mkIf enable-gui { + evolution-data-server.enable = mkForce false; + gnome-user-share.enable = mkForce false; + }; + + pipewire = { + enable = true; + alsa = { + enable = true; + support32Bit = true; + }; + pulse.enable = true; + jack.enable = true; + }; + }; + + security = { + rtkit.enable = true; + sudo.extraConfig = "Defaults lecture = never"; }; hardware = { @@ -47,22 +67,15 @@ in { driSupport = true; driSupport32Bit = true; }; + + pulseaudio.enable = false; }; sound.enable = true; - hardware.pulseaudio = { - enable = true; - support32Bit = config.hardware.pulseaudio.enable; - }; # console.font = # lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-g18n.psf.gz"; - services.gnome = mkIf enable-gui { - evolution-data-server.enable = mkForce false; - gnome-user-share.enable = mkForce false; - }; - services.flatpak.enable = enable-gui; fonts = mkIf enable-gui { diff --git a/config/profile-config/common.nix b/config/profile-config/common.nix index 97b4417..28fc3ec 100644 --- a/config/profile-config/common.nix +++ b/config/profile-config/common.nix @@ -40,6 +40,11 @@ in { extraOptions = '' experimental-features = nix-command flakes ''; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 7d"; + }; }; nixpkgs.config.allowUnfree = true; diff --git a/config/profile-config/host/kerberos.nix b/config/profile-config/host/kerberos.nix index d948e1e..fde557b 100644 --- a/config/profile-config/host/kerberos.nix +++ b/config/profile-config/host/kerberos.nix @@ -7,64 +7,66 @@ let try-attr = attr: set: if (hasAttr attr set) then set.${attr} else null; in { - config = mkIf has-secret-files (let - keytab-file = try-attr hostname config.fudo.secrets.files.host-keytabs; - in mkIf (keytab-file != null) { - ## This doesn't seem to work...timing? - # environment.etc."krb5.keytab" = mkIf (keytab-file != null) { - # source = - # config.fudo.secrets.host-secrets.${hostname}.host-keytab.target-file; - # user = "root"; - # group = "root"; - # mode = "0400"; - # }; + config = mkIf has-secret-files + (let keytab-file = try-attr hostname config.fudo.secrets.files.host-keytabs; + in mkIf (keytab-file != null) { + ## This doesn't seem to work...timing? + # environment.etc."krb5.keytab" = mkIf (keytab-file != null) { + # source = + # config.fudo.secrets.host-secrets.${hostname}.host-keytab.target-file; + # user = "root"; + # group = "root"; + # mode = "0400"; + # }; - systemd = let - host-keytab = config.fudo.secrets.host-secrets.${hostname}.host-keytab.target-file; - in { - paths."${hostname}-keytab-watcher" = { - wantedBy = [ "default.target" ]; - description = "Watch host keytab for changes."; - pathConfig = { - PathChanged = host-keytab; - Unit = "${hostname}-keytab-watcher.service"; - }; - }; - - services = { - "${hostname}-keytab-watcher" = { - description = "When host keytab is available or changed, activate copy job."; - path = with pkgs; [ systemd ]; - serviceConfig = { - Type = "oneshot"; + systemd = let + host-keytab = + config.fudo.secrets.host-secrets.${hostname}.host-keytab.target-file; + in { + paths."${hostname}-keytab-watcher" = { + wantedBy = [ "default.target" ]; + description = "Watch host keytab for changes."; + pathConfig = { + PathChanged = host-keytab; + Unit = "${hostname}-keytab-watcher.service"; }; - script = "systemctl restart ${hostname}-copy-keytab.service"; }; - "${hostname}-copy-keytab" = { - description = "Copy the host krb5.keytab into place once it's available."; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = pkgs.writeShellScript "${hostname}-copy-keytab.sh" '' - [ -f ${host-keytab} ] || exit 1 - [ -f /etc/krb5.keytab ] && rm /etc/krb5.keytab - cp ${host-keytab} /etc/krb5.keytab - chown root:root /etc/krb5.keytab - chmod 0400 /etc/krb5.keytab - ''; - ExecStop = pkgs.writeShellScript "${hostname}-remove-keytab.sh" '' - rm -f /etc/krb5.keytab - ''; + services = { + "${hostname}-keytab-watcher" = { + description = + "When host keytab is available or changed, activate copy job."; + path = with pkgs; [ systemd ]; + serviceConfig = { Type = "oneshot"; }; + script = "systemctl restart ${hostname}-copy-keytab.service"; + }; + + "${hostname}-copy-keytab" = { + description = + "Copy the host krb5.keytab into place once it's available."; + serviceConfig = { + Type = "simple"; + RemainAfterExit = true; + ExecStart = pkgs.writeShellScript "${hostname}-copy-keytab.sh" '' + [ -f ${host-keytab} ] || exit 1 + [ -f /etc/krb5.keytab ] && rm /etc/krb5.keytab + cp ${host-keytab} /etc/krb5.keytab + chown root:root /etc/krb5.keytab + chmod 0400 /etc/krb5.keytab + ''; + ExecStop = pkgs.writeShellScript "${hostname}-remove-keytab.sh" '' + rm -f /etc/krb5.keytab + ''; + }; }; }; }; - }; - fudo.secrets.host-secrets.${hostname}.host-keytab = mkIf (keytab-file != null) { - source-file = keytab-file; - target-file = "/run/kerberos/krb5.keytab"; - user = "root"; - }; - }); + fudo.secrets.host-secrets.${hostname}.host-keytab = + mkIf (keytab-file != null) { + source-file = keytab-file; + target-file = "/run/kerberos/krb5.keytab"; + user = "root"; + }; + }); } diff --git a/config/site-config/seattle.nix b/config/site-config/seattle.nix index c402f9e..1afa97a 100644 --- a/config/site-config/seattle.nix +++ b/config/site-config/seattle.nix @@ -30,20 +30,20 @@ in { # }; "/mnt/cargo_video" = { device = "cargo.${local-domain}:/volume1/video"; - fsType = "nfs"; - options = [ "comment=systemd.automount" "nfsvers=4.2" ]; + fsType = "nfs4"; + options = [ "sec=krb5i" "x-systemd.automount" ]; }; "/mnt/photo" = { device = "cargo.${local-domain}:/volume1/pictures"; - fsType = "nfs"; - options = [ "comment=systemd.automount" "nfsvers=4.2" ]; + fsType = "nfs4"; + options = [ "sec=krb5i" "x-systemd.automount" ]; }; # "proto=tcp" # # NOTE: these are pointing directly to nostromo so the krb lookup works "/net/documents" = { - device = "nostromo.sea.fudo.org:/export/documents"; + device = "nostromo.${local-domain}:/export/documents"; fsType = "nfs4"; options = [ "sec=krb5p" @@ -54,7 +54,7 @@ in { ]; }; "/net/downloads" = { - device = "nostromo.sea.fudo.org:/export/downloads"; + device = "nostromo.${local-domain}:/export/downloads"; fsType = "nfs4"; options = [ "sec=krb5i" @@ -65,7 +65,7 @@ in { ]; }; "/net/projects" = { - device = "nostromo.sea.fudo.org:/export/projects"; + device = "nostromo.${local-domain}:/export/projects"; fsType = "nfs4"; options = [ "sec=krb5p" @@ -91,14 +91,24 @@ in { # script = "${pkgs.systemd}/bin/systemctl restart rpc-gssd.service"; # }; - services.host-keytab-watcher = { - wantedBy = [ "rpc-gssd.service" "rpc-svcgssd.service" ]; - before = [ "rpc-gssd.service" "rpc-svcgssd.service" ]; - unitConfig = { ConditionPathExists = [ "/etc/krb5.keytab" ]; }; - serviceConfig = { - ExecStart = "${pkgs.coreutils}/bin/sleep 500"; - TimeoutStartSec = "3600"; - RemainAfterExit = true; + services = { + # host-keytab-watcher = { + # wantedBy = [ "rpc-gssd.service" "rpc-svcgssd.service" ]; + # before = [ "rpc-gssd.service" "rpc-svcgssd.service" ]; + # serviceConfig = { + # ExecStart = "${pkgs.coreutils}/bin/sleep 500"; + # TimeoutStartSec = "3600"; + # RemainAfterExit = true; + # }; + # }; + + rpc-gssd = { + after = [ config.fudo.secrets.secret-target ]; + unitConfig = { ConditionPathExists = mkForce [ ]; }; + }; + rpc-svcgssd = { + after = [ config.fudo.secrets.secret-target ]; + unitConfig = { ConditionPathExists = mkForce [ ]; }; }; }; }; @@ -117,7 +127,7 @@ in { # in [ # { # enable = true; - # what = "nostromo.sea.fudo.org:/export/documents"; + # what = "nostromo.${local-domain}:/export/documents"; # where = "/net/documents"; # type = "nfs"; # options = mkOpts [ @@ -131,7 +141,7 @@ in { # } # { # enable = true; - # what = "nostromo.sea.fudo.org:/export/downloads"; + # what = "nostromo.${local-domain}:/export/downloads"; # where = "/net/downloads"; # type = "nfs"; # options = mkOpts [ @@ -145,7 +155,7 @@ in { # } # { # enable = true; - # what = "nostromo.sea.fudo.org:/export/projects"; + # what = "nostromo.${local-domain}:/export/projects"; # where = "/net/projects"; # type = "nfs"; # options = mkOpts [ @@ -165,12 +175,12 @@ in { drivers = [ # pkgs.brlaser # pkgs.brgenml1lpr - # pkgs.brgenml1cupswrapper + pkgs.brgenml1cupswrapper # pkgs.hll2380dw-cups # pkgs.hll2380dw-lpr ]; }; - environment.systemPackages = with pkgs; [ hll2380dw-cups ]; + # environment.systemPackages = with pkgs; [ hll2380dw-cups ]; } diff --git a/flake.lock b/flake.lock index e987211..c592826 100644 --- a/flake.lock +++ b/flake.lock @@ -388,11 +388,11 @@ ] }, "locked": { - "lastModified": 1646155824, - "narHash": "sha256-cVQ4mQNNblY2MjK4kaoW71wUccUOdczVt2Y3umGEkTw=", + "lastModified": 1649111994, + "narHash": "sha256-KVRN3pahTca8gCcppDgr+hY+6xeCL0nQUpLT/l2uGS8=", "ref": "master", - "rev": "4799d7704ae703693065c47e1e454e58f5e767f4", - "revCount": 76, + "rev": "1e478f59eaadd1b3e857045ad812b45c9bad238f", + "revCount": 89, "type": "git", "url": "https://git.fudo.org/fudo-nix/entities.git" }, @@ -413,11 +413,11 @@ ] }, "locked": { - "lastModified": 1646777521, - "narHash": "sha256-0WtNjhJ+66l+3l/s4bhqgIfsuROBtD4GJ0B3yJRipxM=", + "lastModified": 1649445221, + "narHash": "sha256-g2QZSTNDv42oxFI1+zt/rGIvPHM52RZ8olPFru/7Mnc=", "ref": "master", - "rev": "e860b7aee67d8f0dabcf95fdfde138722fca1f32", - "revCount": 124, + "rev": "8d94134bff85ed39d371b7dd895a9265c5b161b2", + "revCount": 138, "type": "git", "url": "https://git.fudo.org/fudo-nix/home.git" }, @@ -443,7 +443,7 @@ }, "fudo-lib_2": { "locked": { - "narHash": "sha256-JWs8GEoZdR9sqf1nQJgIIQCwe4sQDZoK3C7WzQN3hAo=", + "narHash": "sha256-fBiGlPgqsl5t08IlV1sehtAaOAI2eJqCXKQgdnwMzy0=", "path": "/state/fudo-lib", "type": "path" }, @@ -469,11 +469,11 @@ }, "fudo-pkgs_2": { "locked": { - "lastModified": 1646862825, - "narHash": "sha256-Zqtx4cJXuMG0dNKgmcJgfy3twLfRSMRqI/UMfl2hbsA=", + "lastModified": 1648662131, + "narHash": "sha256-wOJyR8xFQQhZ7gjK+sj3rJND8ORIHPuINNfQsdjM0BE=", "ref": "master", - "rev": "4ee3fb603b5b9d55c51213acbf90a52ce4c08cf1", - "revCount": 49, + "rev": "c5180cbacd66673a3e8fcd0ce2c4abff119bbe93", + "revCount": 54, "type": "git", "url": "https://git.fudo.org/fudo-nix/pkgs.git" }, @@ -497,7 +497,7 @@ "ssh-keypairs": "ssh-keypairs" }, "locked": { - "narHash": "sha256-ZiSCZ5783ghtNZ6geFR+avU+qnn0nhisbAB4P2yziGY=", + "narHash": "sha256-sDzbS0AnaNCrdiYR3oEsFljzxw128JsVx4exBNAjZo0=", "path": "/state/secrets", "type": "path" }, @@ -573,7 +573,7 @@ "host-keytabs": { "flake": false, "locked": { - "narHash": "sha256-LAAZVfwD65yS6H7EcKmfiPXtLcfRQ80u3V4LFRjr7ko=", + "narHash": "sha256-SA058alChYye39gm4TwPpCufR1P+X9QnH/EunJYXd5s=", "path": "/state/secrets/kerberos/host-keytabs", "type": "path" }, @@ -631,11 +631,11 @@ }, "nixpkgsUnstable": { "locked": { - "lastModified": 1647297614, - "narHash": "sha256-ulGq3W5XsrBMU/u5k9d4oPy65pQTkunR4HKKtTq0RwY=", + "lastModified": 1649225869, + "narHash": "sha256-u1zLtPmQzhT9mNXyM8Ey9pk7orDrIKdwooeGDEXm5xM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "73ad5f9e147c0d2a2061f1d4bd91e05078dc0b58", + "rev": "b6966d911da89e5a7301aaef8b4f0a44c77e103c", "type": "github" }, "original": { diff --git a/live-disk/flake.lock b/live-disk/flake.lock new file mode 100644 index 0000000..4f575ca --- /dev/null +++ b/live-disk/flake.lock @@ -0,0 +1,522 @@ +{ + "nodes": { + "doom-emacs": { + "inputs": { + "doom-emacs": "doom-emacs_2", + "doom-snippets": "doom-snippets", + "emacs-overlay": [ + "fudo-home", + "emacs-overlay" + ], + "emacs-so-long": "emacs-so-long", + "evil-markdown": "evil-markdown", + "evil-org-mode": "evil-org-mode", + "evil-quick-diff": "evil-quick-diff", + "explain-pause-mode": "explain-pause-mode", + "flake-utils": "flake-utils", + "format-all": "format-all", + "nix-straight": "nix-straight", + "nixpkgs": [ + "fudo-home", + "nixpkgs" + ], + "nose": "nose", + "ob-racket": "ob-racket", + "org": "org", + "org-contrib": "org-contrib", + "org-yt": "org-yt", + "php-extras": "php-extras", + "revealjs": "revealjs", + "rotate-text": "rotate-text" + }, + "locked": { + "lastModified": 1645751511, + "narHash": "sha256-i3cMaHdaxwfeJEKVgk3Sxx/IRfjwNcThaCMcq4uv9jg=", + "owner": "nix-community", + "repo": "nix-doom-emacs", + "rev": "ef434602f6f2a8b469d1b01f9edff4f5b6d7f555", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-doom-emacs", + "type": "github" + } + }, + "doom-emacs_2": { + "flake": false, + "locked": { + "lastModified": 1645634993, + "narHash": "sha256-QeE6aUJxoaqHM28Cpt2rKC817VQvXGuuFUyLzehaC50=", + "owner": "hlissner", + "repo": "doom-emacs", + "rev": "42e5763782fdc1aabb9f2624d468248d6978abe2", + "type": "github" + }, + "original": { + "owner": "hlissner", + "ref": "master", + "repo": "doom-emacs", + "type": "github" + } + }, + "doom-snippets": { + "flake": false, + "locked": { + "lastModified": 1645652740, + "narHash": "sha256-ci5QsTkzmfSd7Pfoe+RActuSOmMY2TvJL7f2giCwNEI=", + "owner": "hlissner", + "repo": "doom-snippets", + "rev": "02aca23fef94fc7a58836fd1812d62e731249fa3", + "type": "github" + }, + "original": { + "owner": "hlissner", + "repo": "doom-snippets", + "type": "github" + } + }, + "emacs-overlay": { + "flake": false, + "locked": { + "lastModified": 1645953123, + "narHash": "sha256-Be06ikbfQTuRwsU6nxNbMSvSUOzmGzDOLBKXFMekrcA=", + "owner": "nix-community", + "repo": "emacs-overlay", + "rev": "058e38892484c1ab517c890b0aaee5d53565a494", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "emacs-overlay", + "type": "github" + } + }, + "emacs-so-long": { + "flake": false, + "locked": { + "lastModified": 1575031854, + "narHash": "sha256-xIa5zO0ZaToDrec1OFjBK6l39AbA4l/CE4LInVu2hi0=", + "owner": "hlissner", + "repo": "emacs-so-long", + "rev": "ed666b0716f60e8988c455804de24b55919e71ca", + "type": "github" + }, + "original": { + "owner": "hlissner", + "repo": "emacs-so-long", + "type": "github" + } + }, + "evil-markdown": { + "flake": false, + "locked": { + "lastModified": 1626852210, + "narHash": "sha256-HBBuZ1VWIn6kwK5CtGIvHM1+9eiNiKPH0GUsyvpUVN8=", + "owner": "Somelauw", + "repo": "evil-markdown", + "rev": "8e6cc68af83914b2fa9fd3a3b8472573dbcef477", + "type": "github" + }, + "original": { + "owner": "Somelauw", + "repo": "evil-markdown", + "type": "github" + } + }, + "evil-org-mode": { + "flake": false, + "locked": { + "lastModified": 1607203864, + "narHash": "sha256-JxwqVYDN6OIJEH15MVI6XOZAPtUWUhJQWHyzcrUvrFg=", + "owner": "hlissner", + "repo": "evil-org-mode", + "rev": "a9706da260c45b98601bcd72b1d2c0a24a017700", + "type": "github" + }, + "original": { + "owner": "hlissner", + "repo": "evil-org-mode", + "type": "github" + } + }, + "evil-quick-diff": { + "flake": false, + "locked": { + "lastModified": 1575189609, + "narHash": "sha256-oGzl1ayW9rIuq0haoiFS7RZsS8NFMdEA7K1BSozgnJU=", + "owner": "rgrinberg", + "repo": "evil-quick-diff", + "rev": "69c883720b30a892c63bc89f49d4f0e8b8028908", + "type": "github" + }, + "original": { + "owner": "rgrinberg", + "repo": "evil-quick-diff", + "type": "github" + } + }, + "explain-pause-mode": { + "flake": false, + "locked": { + "lastModified": 1595842060, + "narHash": "sha256-++znrjiDSx+cy4okFBBXUBkRFdtnE2x+trkmqjB3Njs=", + "owner": "lastquestion", + "repo": "explain-pause-mode", + "rev": "2356c8c3639cbeeb9751744dbe737267849b4b51", + "type": "github" + }, + "original": { + "owner": "lastquestion", + "repo": "explain-pause-mode", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1644229661, + "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "format-all": { + "flake": false, + "locked": { + "lastModified": 1581716637, + "narHash": "sha256-ul7LCe60W8TIvUmUtZtZRo8489TK9iTPDsLHmzxY57M=", + "owner": "lassik", + "repo": "emacs-format-all-the-code", + "rev": "47d862d40a088ca089c92cd393c6dca4628f87d3", + "type": "github" + }, + "original": { + "owner": "lassik", + "repo": "emacs-format-all-the-code", + "rev": "47d862d40a088ca089c92cd393c6dca4628f87d3", + "type": "github" + } + }, + "fudo-entities": { + "inputs": { + "fudo-lib": "fudo-lib", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1646155824, + "narHash": "sha256-cVQ4mQNNblY2MjK4kaoW71wUccUOdczVt2Y3umGEkTw=", + "ref": "master", + "rev": "4799d7704ae703693065c47e1e454e58f5e767f4", + "revCount": 76, + "type": "git", + "url": "https://git.fudo.org/fudo-nix/entities.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-nix/entities.git" + } + }, + "fudo-home": { + "inputs": { + "doom-emacs": "doom-emacs", + "emacs-overlay": "emacs-overlay", + "fudo-pkgs": "fudo-pkgs", + "home-manager": "home-manager", + "niten-doom-config": "niten-doom-config", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1646777521, + "narHash": "sha256-0WtNjhJ+66l+3l/s4bhqgIfsuROBtD4GJ0B3yJRipxM=", + "ref": "master", + "rev": "e860b7aee67d8f0dabcf95fdfde138722fca1f32", + "revCount": 124, + "type": "git", + "url": "https://git.fudo.org/fudo-nix/home.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-nix/home.git" + } + }, + "fudo-lib": { + "locked": { + "lastModified": 1641848738, + "narHash": "sha256-9+xyFqyUIzIkNo2HyXxp6Lm9/f0EZqRqkRz52AQoW6Q=", + "ref": "master", + "rev": "63b80fb5dc1e6ad69252a233b7c6a20f649884c6", + "revCount": 59, + "type": "git", + "url": "https://git.fudo.org/fudo-nix/lib.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-nix/lib.git" + } + }, + "fudo-lib_2": { + "locked": { + "lastModified": 1646004430, + "narHash": "sha256-LqCS4S+glSf9S+1ym+Ac5Ek4foYLxKL/LKRzFYwREI8=", + "ref": "master", + "rev": "c40aba61335451219bc480f7b4ffccbc61d48d2b", + "revCount": 66, + "type": "git", + "url": "https://git.fudo.org/fudo-nix/lib.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-nix/lib.git" + } + }, + "fudo-pkgs": { + "locked": { + "lastModified": 1643841844, + "narHash": "sha256-rmTIL94RQQaFhMHCopmeFUVAoP71nSA6sB46riDq2Ik=", + "ref": "master", + "rev": "7e02ad0e7d9ac42605ed318e9d76364ec1d339ec", + "revCount": 41, + "type": "git", + "url": "https://git.fudo.org/fudo-nix/pkgs.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-nix/pkgs.git" + } + }, + "fudo-pkgs_2": { + "locked": { + "lastModified": 1646862825, + "narHash": "sha256-Zqtx4cJXuMG0dNKgmcJgfy3twLfRSMRqI/UMfl2hbsA=", + "ref": "master", + "rev": "4ee3fb603b5b9d55c51213acbf90a52ce4c08cf1", + "revCount": 49, + "type": "git", + "url": "https://git.fudo.org/fudo-nix/pkgs.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/fudo-nix/pkgs.git" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "fudo-home", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1643933536, + "narHash": "sha256-yRmsWAG4DnLxLIUtlaZsl0kH7rN5xSoyNRlf0YZrcH4=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "2860d7e3bb350f18f7477858f3513f9798896831", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-21.11", + "repo": "home-manager", + "type": "github" + } + }, + "niten-doom-config": { + "flake": false, + "locked": { + "lastModified": 1640017877, + "narHash": "sha256-9twZfDxSjX87NHzuEQXkm1Q037YS98jPQv3Hw4Uktiw=", + "ref": "master", + "rev": "3d990cdf82fc7d5a6c8fd033e8bcf460fb27df1b", + "revCount": 37, + "type": "git", + "url": "https://git.fudo.org/niten/doom-emacs.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/niten/doom-emacs.git" + } + }, + "nix-straight": { + "flake": false, + "locked": { + "lastModified": 1643475817, + "narHash": "sha256-NpExq5nbPbj/ppkBX3SnETEJuOne1MKJxen8vVHsDFg=", + "owner": "nix-community", + "repo": "nix-straight.el", + "rev": "08d75e5651cb52f8a07e03408ed19e04bee07505", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-straight.el", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1645296114, + "narHash": "sha256-y53N7TyIkXsjMpOG7RhvqJFGDacLs9HlyHeSTBioqYU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "530a53dcbc9437363471167a5e4762c5fcfa34a1", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-21.05", + "type": "indirect" + } + }, + "nose": { + "flake": false, + "locked": { + "lastModified": 1400604510, + "narHash": "sha256-daEi8Kta1oGaDEmUUDDQMahTTPOpvNpDKk22rlr7cB0=", + "owner": "emacsattic", + "repo": "nose", + "rev": "f8528297519eba911696c4e68fa88892de9a7b72", + "type": "github" + }, + "original": { + "owner": "emacsattic", + "repo": "nose", + "type": "github" + } + }, + "ob-racket": { + "flake": false, + "locked": { + "lastModified": 1584656173, + "narHash": "sha256-rBUYDDCXb+3D4xTPQo9UocbTPZ32kWV1Uya/1DmZknU=", + "owner": "xchrishawk", + "repo": "ob-racket", + "rev": "83457ec9e1e96a29fd2086ed19432b9d75787673", + "type": "github" + }, + "original": { + "owner": "xchrishawk", + "repo": "ob-racket", + "type": "github" + } + }, + "org": { + "flake": false, + "locked": { + "lastModified": 1645557265, + "narHash": "sha256-vBOWOOfdUbvpTkqs2Lx+OCPfUdZdzAOdGxzHBSAslmo=", + "owner": "emacs-straight", + "repo": "org-mode", + "rev": "282a01f22159b4855071ffd54a9ae6ce681c3690", + "type": "github" + }, + "original": { + "owner": "emacs-straight", + "repo": "org-mode", + "type": "github" + } + }, + "org-contrib": { + "flake": false, + "locked": { + "lastModified": 1639727892, + "narHash": "sha256-+T6Y87aSAx7kMpigm8d1ODDQIyPBM6a+4qGolXjCEXs=", + "ref": "master", + "rev": "5766ff1088191e4df5fecd55007ba4271e609bcc", + "revCount": 2611, + "type": "git", + "url": "https://git.sr.ht/~bzg/org-contrib" + }, + "original": { + "type": "git", + "url": "https://git.sr.ht/~bzg/org-contrib" + } + }, + "org-yt": { + "flake": false, + "locked": { + "lastModified": 1527381913, + "narHash": "sha256-dzQ6B7ryzatHCTLyEnRSbWO0VUiX/FHYnpHTs74aVUs=", + "owner": "TobiasZawada", + "repo": "org-yt", + "rev": "40cc1ac76d741055cbefa13860d9f070a7ade001", + "type": "github" + }, + "original": { + "owner": "TobiasZawada", + "repo": "org-yt", + "type": "github" + } + }, + "php-extras": { + "flake": false, + "locked": { + "lastModified": 1573312690, + "narHash": "sha256-r4WyVbzvT0ra4Z6JywNBOw5RxOEYd6Qe2IpebHXkj1U=", + "owner": "arnested", + "repo": "php-extras", + "rev": "d410c5af663c30c01d461ac476d1cbfbacb49367", + "type": "github" + }, + "original": { + "owner": "arnested", + "repo": "php-extras", + "type": "github" + } + }, + "revealjs": { + "flake": false, + "locked": { + "lastModified": 1645450091, + "narHash": "sha256-3fM1hKCbuIy8HzBv9JjjZW/RwE1CKeq++delBhbSvys=", + "owner": "hakimel", + "repo": "reveal.js", + "rev": "5e12c6aeb7a37acca7ca22c0bd29548f9ff282ea", + "type": "github" + }, + "original": { + "owner": "hakimel", + "repo": "reveal.js", + "type": "github" + } + }, + "root": { + "inputs": { + "fudo-entities": "fudo-entities", + "fudo-home": "fudo-home", + "fudo-lib": "fudo-lib_2", + "fudo-pkgs": "fudo-pkgs_2", + "nixpkgs": "nixpkgs" + } + }, + "rotate-text": { + "flake": false, + "locked": { + "lastModified": 1322962747, + "narHash": "sha256-SOeOgSlcEIsKhUiYDJv0p+mLUb420s9E2BmvZQvZ0wk=", + "owner": "debug-ito", + "repo": "rotate-text.el", + "rev": "48f193697db996855aee1ad2bc99b38c6646fe76", + "type": "github" + }, + "original": { + "owner": "debug-ito", + "repo": "rotate-text.el", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/live-disk/flake.nix b/live-disk/flake.nix index 1d2d8a2..1515a67 100644 --- a/live-disk/flake.nix +++ b/live-disk/flake.nix @@ -25,7 +25,7 @@ outputs = { self, nixpkgs, fudo-home, fudo-entities, fudo-lib, fudo-pkgs, ... }@inputs: { - nixosConfigurations.live-cd-x86_64-linux = let + nixosConfigurations.live-disk-x86_64-linux = let system = "x86_64-linux"; pkgs = import nixpkgs { inherit system;