SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-23 09:58:27 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: SebastianStork:ae5e7e80400d5768c43b1988af90c7478b26fdc4
Branches Tags
SebastianStork:main
SebastianStork:dependabot/github_actions/cachix/cachix-action-17
SebastianStork:deploy
SebastianStork:deployed/srv-core
SebastianStork:deployed/vps-ns
SebastianStork:deployed/vps-www
SebastianStork:testing-srv-core
..
compare: SebastianStork:f93908d1570c2c0c21f50a1b2043e407f5e751f2
Branches Tags
SebastianStork:dependabot/github_actions/cachix/cachix-action-17
SebastianStork:deploy
SebastianStork:deployed/srv-core
SebastianStork:deployed/vps-ns
SebastianStork:deployed/vps-www
SebastianStork:main
SebastianStork:testing-srv-core

No commits in common. "ae5e7e80400d5768c43b1988af90c7478b26fdc4" and "f93908d1570c2c0c21f50a1b2043e407f5e751f2" have entirely different histories.
ae5e7e8040 ... f93908d157

15 changed files with 29 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

29
external-hosts/fairphone/default.nix
View file

@ -1,29 +0,0 @@
{ self, ... }:
{
imports = [ self.nixosModules.default ];
nixpkgs.hostPlatform = "aarch64-linux";
custom = {
networking = {
overlay = {
address = "10.254.250.74";
role = "client";
};
underlay.useDhcp = true;
};
services = {
nebula = {
publicKeyPath = toString ./keys/nebula.pub;
certificatePath = toString ./keys/nebula.crt;
};
syncthing = {
enable = true;
deviceId = "6ROH65D-E65I5F6-URI4OUZ-RCHFC3B-PMBSIHH-5DNLJPS-SYSUWQY-HKYGHQG";
folders = [ "Documents" ];
};
};
};
}

6
external-hosts/fairphone/keys/nebula.crt
View file

@ -1,6 +0,0 @@
-----BEGIN NEBULA CERTIFICATE V2-----
MIG9oFeACWZhaXJwaG9uZaEHBAUK/vpKGKMTDAZjbGllbnQMCXN5bmN0aGluZ4UE
aYZd9oYEayh99IcgFUP+GVuq3tcsxWoMTgOEhDMlEFpe1AjCbmBFMjtzRWiCIElb
0YB49Bb2JcLlgcwZlPGgzNBIxclJSjQWFW00pdEXg0DPZt5bCLCfd1nPUk6ty6R7
UU+YZkx6A0p26wH8TeOVUIoD/9MxpPgEtewH3CPBZQhKFnmpWzDYgF3/WJY/LkQP
-----END NEBULA CERTIFICATE V2-----

3
external-hosts/fairphone/keys/nebula.pub
View file

@ -1,3 +0,0 @@
-----BEGIN NEBULA X25519 PUBLIC KEY-----
SVvRgHj0FvYlwuWBzBmU8aDM0EjFyUlKNBYVbTSl0Rc=
-----END NEBULA X25519 PUBLIC KEY-----

26
flake-parts/hosts.nix
View file

@ -6,33 +6,21 @@
}: }:
let let
mkHost = mkHost =
hostDir: hostName:
inputs.nixpkgs.lib.nixosSystem { inputs.nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs self; }; specialArgs = { inherit inputs self; };
modules = modules =
(lib.singleton { (lib.singleton { networking = { inherit hostName; }; })
networking.hostName = hostDir |> lib.baseNameOf |> lib.unsafeDiscardStringContext;
})
++ ( ++ (
hostDir "${self}/hosts/${hostName}"
|> builtins.readDir |> builtins.readDir
|> lib.attrNames |> lib.attrNames
|> lib.filter (lib.hasSuffix ".nix") |> lib.filter (file: file |> lib.hasSuffix ".nix")
|> lib.map (file: "${hostDir}/${file}") |> lib.map (file: "${self}/hosts/${hostName}/${file}")
); );
}; };
mkHosts =
baseDir:
baseDir
|> builtins.readDir
|> lib.filterAttrs (_: type: type == "directory")
|> lib.mapAttrs (hostName: _: mkHost "${baseDir}/${hostName}");
in in
{ {
flake = { flake.nixosConfigurations =
nixosConfigurations = mkHosts "${self}/hosts"; "${self}/hosts" |> self.lib.listDirectoryNames |> self.lib.genAttrs mkHost;
externalConfigurations = mkHosts "${self}/external-hosts";
allHosts = self.nixosConfigurations // self.externalConfigurations;
};
} }

4
flake-parts/sops-config.nix
View file

@ -18,14 +18,14 @@
}; };
hostCreationRules = hostCreationRules =
self.allHosts self.nixosConfigurations
|> lib.attrValues |> lib.attrValues
|> lib.map (host: host.config.custom.sops) |> lib.map (host: host.config.custom.sops)
|> lib.filter (sops: sops.enable) |> lib.filter (sops: sops.enable)
|> lib.map mkCreationRule; |> lib.map mkCreationRule;
userCreationRules = userCreationRules =
self.allHosts self.nixosConfigurations
|> lib.attrValues |> lib.attrValues
|> lib.filter (host: host.config |> lib.hasAttr "home-manager") |> lib.filter (host: host.config |> lib.hasAttr "home-manager")
|> lib.map (host: host.config.home-manager.users.seb.custom.sops) |> lib.map (host: host.config.home-manager.users.seb.custom.sops)

2
justfile
View file

@ -16,7 +16,7 @@ repair:
nix-store --verify --check-contents --repair nix-store --verify --check-contents --repair
repl host='$(hostname)': repl host='$(hostname)':
nix repl .#allHosts.{{ host }} nix repl .#nixosConfigurations.{{ host }}
[group('rebuild')] [group('rebuild')]
rebuild mode: rebuild mode:

2
modules/system/networking/default.nix
View file

@ -18,7 +18,7 @@ in
nodes = lib.mkOption { nodes = lib.mkOption {
type = lib.types.anything; type = lib.types.anything;
default = default =
self.allHosts self.nixosConfigurations
|> lib.attrValues |> lib.attrValues
|> lib.map (host: host.config.custom.networking) |> lib.map (host: host.config.custom.networking)
|> lib.map ( |> lib.map (

2
modules/system/networking/overlay.nix
View file

@ -57,7 +57,7 @@ in
dnsServers = lib.mkOption { dnsServers = lib.mkOption {
type = lib.types.anything; type = lib.types.anything;
default = default =
self.allHosts self.nixosConfigurations
|> lib.attrValues |> lib.attrValues
|> lib.filter (host: host.config.custom.services.dns.enable) |> lib.filter (host: host.config.custom.services.dns.enable)
|> lib.map (host: host.config.custom.networking.overlay.address); |> lib.map (host: host.config.custom.networking.overlay.address);

2
modules/system/services/dns.nix
View file

@ -27,7 +27,7 @@ in
netCfg.nodes netCfg.nodes
|> lib.map (node: "\"${node.hostName}.${node.overlay.domain}. A ${node.overlay.address}\""); |> lib.map (node: "\"${node.hostName}.${node.overlay.domain}. A ${node.overlay.address}\"");
serviceRecords = serviceRecords =
self.allHosts self.nixosConfigurations
|> lib.attrValues |> lib.attrValues
|> lib.concatMap ( |> lib.concatMap (
host: host:

2
modules/system/services/sshd.nix
View file

@ -41,7 +41,7 @@ in
}; };
users.users.seb.openssh.authorizedKeys.keyFiles = users.users.seb.openssh.authorizedKeys.keyFiles =
self.allHosts self.nixosConfigurations
|> lib.attrValues |> lib.attrValues
|> lib.filter (host: host.config.networking.hostName != netCfg.hostName) |> lib.filter (host: host.config.networking.hostName != netCfg.hostName)
|> lib.filter (host: host.config |> lib.hasAttr "home-manager") |> lib.filter (host: host.config |> lib.hasAttr "home-manager")

2
modules/system/services/syncthing.nix
View file

@ -87,7 +87,7 @@ in
settings = settings =
let let
hosts = hosts =
self.allHosts self.nixosConfigurations
|> lib.filterAttrs (_: host: host.config.networking.hostName != config.networking.hostName) |> lib.filterAttrs (_: host: host.config.networking.hostName != config.networking.hostName)
|> lib.filterAttrs (_: host: host.config.custom.services.syncthing.enable); |> lib.filterAttrs (_: host: host.config.custom.services.syncthing.enable);
in in

2
modules/system/web-services/gatus.nix
View file

@ -173,7 +173,7 @@ in
web-services.gatus.endpoints = web-services.gatus.endpoints =
let let
defaultEndpoints = defaultEndpoints =
self.allHosts self.nixosConfigurations
|> lib.mapAttrs ( |> lib.mapAttrs (
_: host: _: host:
host.config.custom.services.caddy.virtualHosts |> lib.attrValues |> lib.map (vHost: vHost.domain) host.config.custom.services.caddy.virtualHosts |> lib.attrValues |> lib.map (vHost: vHost.domain)

8
profiles/core.nix
View file

@ -112,4 +112,12 @@
sshd.enable = true; sshd.enable = true;
}; };
}; };
services.syncthing.settings = {
devices."fairphone" = {
id = "6ROH65D-E65I5F6-URI4OUZ-RCHFC3B-PMBSIHH-5DNLJPS-SYSUWQY-HKYGHQG";
addresses = "tcp://10.254.250.74:22000";
};
folders."Documents".devices = [ config.services.syncthing.settings.devices."fairphone".name ];
};
} }

2
scripts/nebula/recert-all-hosts.nix
View file

@ -9,7 +9,7 @@ pkgs.writeShellApplication {
]; ];
text = '' text = ''
hosts="$(nix eval .#allHosts --apply 'builtins.attrNames' --json | jq -r '.[]')" hosts="$(nix eval .#nixosConfigurations --apply 'builtins.attrNames' --json | jq -r '.[]')"
if ! declare -px BW_SESSION >/dev/null 2>&1; then if ! declare -px BW_SESSION >/dev/null 2>&1; then
BW_SESSION="$(bw unlock --raw || bw login --raw)" BW_SESSION="$(bw unlock --raw || bw login --raw)"

8
scripts/nebula/recert-host.nix
View file

@ -14,11 +14,11 @@ pkgs.writeShellApplication {
fi fi
host="$1" host="$1"
address="$(nix eval --raw ".#allHosts.$host.config.custom.networking.overlay.cidr")" address="$(nix eval --raw ".#nixosConfigurations.$host.config.custom.networking.overlay.cidr")"
groups="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.groups" --apply 'builtins.concatStringsSep ","')" groups="$(nix eval --raw ".#nixosConfigurations.$host.config.custom.services.nebula.groups" --apply 'builtins.concatStringsSep ","')"
ca_cert='modules/system/services/nebula/ca.crt' ca_cert='modules/system/services/nebula/ca.crt'
host_pub="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.publicKeyPath")" host_pub="$(nix eval --raw ".#nixosConfigurations.$host.config.custom.services.nebula.publicKeyPath")"
host_cert="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.certificatePath")" host_cert="$(nix eval --raw ".#nixosConfigurations.$host.config.custom.services.nebula.certificatePath")"
host_cert="''${host_cert#*-source/}" host_cert="''${host_cert#*-source/}"
if [[ $# -eq 2 ]]; then if [[ $# -eq 2 ]]; then