diff options
| -rw-r--r-- | flake.lock | 193 | ||||
| -rw-r--r-- | flake.nix | 79 | ||||
| -rw-r--r-- | hosts/eostre/default.nix | 2 | ||||
| -rw-r--r-- | hosts/sif/default.nix | 2 | ||||
| -rw-r--r-- | hosts/vidhar/network/dsl.nix | 2 | ||||
| -rw-r--r-- | hosts/vidhar/pgbackrest/default.nix | 2 | ||||
| -rw-r--r-- | installer/default.nix | 2 | ||||
| -rw-r--r-- | modules/envfs.nix | 8 | ||||
| -rw-r--r-- | modules/openssh.nix | 12 | ||||
| -rw-r--r-- | modules/pgbackrest.nix | 2 | ||||
| -rw-r--r-- | modules/tinc-networkmanager.nix | 1 | ||||
| -rw-r--r-- | modules/uucp.nix | 5 | ||||
| -rw-r--r-- | overlays/poetry2nix.nix | 3 | ||||
| -rw-r--r-- | overlays/prometheus-systemd-exporter.nix | 11 | ||||
| -rw-r--r-- | system-profiles/core/default.nix | 80 | ||||
| -rw-r--r-- | system-profiles/initrd-ssh/default.nix | 6 | ||||
| -rw-r--r-- | system-profiles/networkmanager.nix | 1 | ||||
| -rw-r--r-- | system-profiles/openssh/default.nix | 5 | ||||
| -rw-r--r-- | system-profiles/rebuild-machines/default.nix | 1 | 
19 files changed, 320 insertions, 97 deletions
| @@ -6,19 +6,22 @@ | |||
| 6 | "nixpkgs": [ | 6 | "nixpkgs": [ | 
| 7 | "nixpkgs" | 7 | "nixpkgs" | 
| 8 | ], | 8 | ], | 
| 9 | "poetry2nix": [ | ||
| 10 | "poetry2nix" | ||
| 11 | ], | ||
| 9 | "pre-commit-hooks-nix": "pre-commit-hooks-nix" | 12 | "pre-commit-hooks-nix": "pre-commit-hooks-nix" | 
| 10 | }, | 13 | }, | 
| 11 | "locked": { | 14 | "locked": { | 
| 12 | "lastModified": 1678718217, | 15 | "lastModified": 1701974579, | 
| 13 | "narHash": "sha256-b08VXH9lGi8/3lIDQQ87Oy6bKi7A8SRFxLNM0I4xX5M=", | 16 | "narHash": "sha256-Drydx4onJnz5AqjG1clABRHUF4cPmy75zH70AXvs3eQ=", | 
| 14 | "owner": "gkleen", | 17 | "owner": "gkleen", | 
| 15 | "repo": "backup-utils", | 18 | "repo": "backup-utils", | 
| 16 | "rev": "8c174281de2733e275c5c18fe9ecd97c6edab1d7", | 19 | "rev": "d094023745980f90828f0390441ff22b51107f3a", | 
| 17 | "type": "gitlab" | 20 | "type": "gitlab" | 
| 18 | }, | 21 | }, | 
| 19 | "original": { | 22 | "original": { | 
| 20 | "owner": "gkleen", | 23 | "owner": "gkleen", | 
| 21 | "ref": "v0.1.0", | 24 | "ref": "v0.1.2", | 
| 22 | "repo": "backup-utils", | 25 | "repo": "backup-utils", | 
| 23 | "type": "gitlab" | 26 | "type": "gitlab" | 
| 24 | } | 27 | } | 
| @@ -29,19 +32,22 @@ | |||
| 29 | "nixpkgs": [ | 32 | "nixpkgs": [ | 
| 30 | "nixpkgs" | 33 | "nixpkgs" | 
| 31 | ], | 34 | ], | 
| 35 | "poetry2nix": [ | ||
| 36 | "poetry2nix" | ||
| 37 | ], | ||
| 32 | "pre-commit-hooks-nix": "pre-commit-hooks-nix_2" | 38 | "pre-commit-hooks-nix": "pre-commit-hooks-nix_2" | 
| 33 | }, | 39 | }, | 
| 34 | "locked": { | 40 | "locked": { | 
| 35 | "lastModified": 1691340067, | 41 | "lastModified": 1701974982, | 
| 36 | "narHash": "sha256-diC5x6yhZ02LtgjFySpwAbGpjLJi/PXjocCDs/w+XiU=", | 42 | "narHash": "sha256-crVlSEyoox6g8dpndqCgts3i6otVoGfDUmPz2ltG3IY=", | 
| 37 | "owner": "gkleen", | 43 | "owner": "gkleen", | 
| 38 | "repo": "ca", | 44 | "repo": "ca", | 
| 39 | "rev": "080e45af700bbd917a49124becd5fe5f275bfc9f", | 45 | "rev": "8cfabef934ee8219d12b9ba46e2b2f4d6dc61f8d", | 
| 40 | "type": "gitlab" | 46 | "type": "gitlab" | 
| 41 | }, | 47 | }, | 
| 42 | "original": { | 48 | "original": { | 
| 43 | "owner": "gkleen", | 49 | "owner": "gkleen", | 
| 44 | "ref": "v2.1.0", | 50 | "ref": "v2.3.3", | 
| 45 | "repo": "ca", | 51 | "repo": "ca", | 
| 46 | "type": "gitlab" | 52 | "type": "gitlab" | 
| 47 | } | 53 | } | 
| @@ -59,11 +65,11 @@ | |||
| 59 | ] | 65 | ] | 
| 60 | }, | 66 | }, | 
| 61 | "locked": { | 67 | "locked": { | 
| 62 | "lastModified": 1695052866, | 68 | "lastModified": 1698921442, | 
| 63 | "narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=", | 69 | "narHash": "sha256-7KmvhQ7FuXlT/wG4zjTssap6maVqeAMBdtel+VjClSM=", | 
| 64 | "owner": "serokell", | 70 | "owner": "serokell", | 
| 65 | "repo": "deploy-rs", | 71 | "repo": "deploy-rs", | 
| 66 | "rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9", | 72 | "rev": "660180bbbeae7d60dad5a92b30858306945fd427", | 
| 67 | "type": "github" | 73 | "type": "github" | 
| 68 | }, | 74 | }, | 
| 69 | "original": { | 75 | "original": { | 
| @@ -108,11 +114,11 @@ | |||
| 108 | "flake-compat_3": { | 114 | "flake-compat_3": { | 
| 109 | "flake": false, | 115 | "flake": false, | 
| 110 | "locked": { | 116 | "locked": { | 
| 111 | "lastModified": 1673956053, | 117 | "lastModified": 1696426674, | 
| 112 | "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", | 118 | "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", | 
| 113 | "owner": "edolstra", | 119 | "owner": "edolstra", | 
| 114 | "repo": "flake-compat", | 120 | "repo": "flake-compat", | 
| 115 | "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", | 121 | "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", | 
| 116 | "type": "github" | 122 | "type": "github" | 
| 117 | }, | 123 | }, | 
| 118 | "original": { | 124 | "original": { | 
| @@ -246,11 +252,11 @@ | |||
| 246 | "systems": "systems_2" | 252 | "systems": "systems_2" | 
| 247 | }, | 253 | }, | 
| 248 | "locked": { | 254 | "locked": { | 
| 249 | "lastModified": 1694529238, | 255 | "lastModified": 1701680307, | 
| 250 | "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", | 256 | "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", | 
| 251 | "owner": "numtide", | 257 | "owner": "numtide", | 
| 252 | "repo": "flake-utils", | 258 | "repo": "flake-utils", | 
| 253 | "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", | 259 | "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", | 
| 254 | "type": "github" | 260 | "type": "github" | 
| 255 | }, | 261 | }, | 
| 256 | "original": { | 262 | "original": { | 
| @@ -362,6 +368,27 @@ | |||
| 362 | "type": "github" | 368 | "type": "github" | 
| 363 | } | 369 | } | 
| 364 | }, | 370 | }, | 
| 371 | "nix-github-actions": { | ||
| 372 | "inputs": { | ||
| 373 | "nixpkgs": [ | ||
| 374 | "poetry2nix", | ||
| 375 | "nixpkgs" | ||
| 376 | ] | ||
| 377 | }, | ||
| 378 | "locked": { | ||
| 379 | "lastModified": 1698974481, | ||
| 380 | "narHash": "sha256-yPncV9Ohdz1zPZxYHQf47S8S0VrnhV7nNhCawY46hDA=", | ||
| 381 | "owner": "nix-community", | ||
| 382 | "repo": "nix-github-actions", | ||
| 383 | "rev": "4bb5e752616262457bc7ca5882192a564c0472d2", | ||
| 384 | "type": "github" | ||
| 385 | }, | ||
| 386 | "original": { | ||
| 387 | "owner": "nix-community", | ||
| 388 | "repo": "nix-github-actions", | ||
| 389 | "type": "github" | ||
| 390 | } | ||
| 391 | }, | ||
| 365 | "nix-index-database": { | 392 | "nix-index-database": { | 
| 366 | "inputs": { | 393 | "inputs": { | 
| 367 | "nixpkgs": [ | 394 | "nixpkgs": [ | 
| @@ -369,11 +396,11 @@ | |||
| 369 | ] | 396 | ] | 
| 370 | }, | 397 | }, | 
| 371 | "locked": { | 398 | "locked": { | 
| 372 | "lastModified": 1694921880, | 399 | "lastModified": 1701572887, | 
| 373 | "narHash": "sha256-yU36cs5UdzhTwsM9bUWUz43N//ELzQ1ro69C07pU/8E=", | 400 | "narHash": "sha256-oCPwQZT0Inis4zcYhtFHUp7Rym1zglKPLDcRird35q8=", | 
| 374 | "owner": "Mic92", | 401 | "owner": "Mic92", | 
| 375 | "repo": "nix-index-database", | 402 | "repo": "nix-index-database", | 
| 376 | "rev": "9d2bcc47110b3b6217dfebd6761ba20bc78aedf2", | 403 | "rev": "41afa8d1c061beda68502bcc67f2788f3a77042b", | 
| 377 | "type": "github" | 404 | "type": "github" | 
| 378 | }, | 405 | }, | 
| 379 | "original": { | 406 | "original": { | 
| @@ -399,6 +426,22 @@ | |||
| 399 | "type": "github" | 426 | "type": "github" | 
| 400 | } | 427 | } | 
| 401 | }, | 428 | }, | 
| 429 | "nixpkgs-eostre": { | ||
| 430 | "locked": { | ||
| 431 | "lastModified": 1701282334, | ||
| 432 | "narHash": "sha256-MxCVrXY6v4QmfTwIysjjaX0XUhqBbxTWWB4HXtDYsdk=", | ||
| 433 | "owner": "NixOS", | ||
| 434 | "repo": "nixpkgs", | ||
| 435 | "rev": "057f9aecfb71c4437d2b27d3323df7f93c010b7e", | ||
| 436 | "type": "github" | ||
| 437 | }, | ||
| 438 | "original": { | ||
| 439 | "owner": "NixOS", | ||
| 440 | "ref": "23.11", | ||
| 441 | "repo": "nixpkgs", | ||
| 442 | "type": "github" | ||
| 443 | } | ||
| 444 | }, | ||
| 402 | "nixpkgs-lib": { | 445 | "nixpkgs-lib": { | 
| 403 | "locked": { | 446 | "locked": { | 
| 404 | "dir": "lib", | 447 | "dir": "lib", | 
| @@ -453,6 +496,22 @@ | |||
| 453 | "type": "github" | 496 | "type": "github" | 
| 454 | } | 497 | } | 
| 455 | }, | 498 | }, | 
| 499 | "nixpkgs-pgbackrest": { | ||
| 500 | "locked": { | ||
| 501 | "lastModified": 1685566663, | ||
| 502 | "narHash": "sha256-btHN1czJ6rzteeCuE/PNrdssqYD2nIA4w48miQAFloM=", | ||
| 503 | "owner": "NixOS", | ||
| 504 | "repo": "nixpkgs", | ||
| 505 | "rev": "4ecab3273592f27479a583fb6d975d4aba3486fe", | ||
| 506 | "type": "github" | ||
| 507 | }, | ||
| 508 | "original": { | ||
| 509 | "owner": "NixOS", | ||
| 510 | "ref": "23.05", | ||
| 511 | "repo": "nixpkgs", | ||
| 512 | "type": "github" | ||
| 513 | } | ||
| 514 | }, | ||
| 456 | "nixpkgs-stable": { | 515 | "nixpkgs-stable": { | 
| 457 | "locked": { | 516 | "locked": { | 
| 458 | "lastModified": 1678614274, | 517 | "lastModified": 1678614274, | 
| @@ -471,16 +530,16 @@ | |||
| 471 | }, | 530 | }, | 
| 472 | "nixpkgs-stable_2": { | 531 | "nixpkgs-stable_2": { | 
| 473 | "locked": { | 532 | "locked": { | 
| 474 | "lastModified": 1685566663, | 533 | "lastModified": 1701282334, | 
| 475 | "narHash": "sha256-btHN1czJ6rzteeCuE/PNrdssqYD2nIA4w48miQAFloM=", | 534 | "narHash": "sha256-MxCVrXY6v4QmfTwIysjjaX0XUhqBbxTWWB4HXtDYsdk=", | 
| 476 | "owner": "NixOS", | 535 | "owner": "NixOS", | 
| 477 | "repo": "nixpkgs", | 536 | "repo": "nixpkgs", | 
| 478 | "rev": "4ecab3273592f27479a583fb6d975d4aba3486fe", | 537 | "rev": "057f9aecfb71c4437d2b27d3323df7f93c010b7e", | 
| 479 | "type": "github" | 538 | "type": "github" | 
| 480 | }, | 539 | }, | 
| 481 | "original": { | 540 | "original": { | 
| 482 | "owner": "NixOS", | 541 | "owner": "NixOS", | 
| 483 | "ref": "23.05", | 542 | "ref": "23.11", | 
| 484 | "repo": "nixpkgs", | 543 | "repo": "nixpkgs", | 
| 485 | "type": "github" | 544 | "type": "github" | 
| 486 | } | 545 | } | 
| @@ -503,11 +562,11 @@ | |||
| 503 | }, | 562 | }, | 
| 504 | "nixpkgs_2": { | 563 | "nixpkgs_2": { | 
| 505 | "locked": { | 564 | "locked": { | 
| 506 | "lastModified": 1695232867, | 565 | "lastModified": 1701952487, | 
| 507 | "narHash": "sha256-XwNaS3JP2JOJHsgYqeTnMzjywGeFjo/G++otcckJLFw=", | 566 | "narHash": "sha256-QDHd2AUiXnfFegFJuuCIPeAf109cY7jdAtkrDPA7MiM=", | 
| 508 | "owner": "gkleen", | 567 | "owner": "gkleen", | 
| 509 | "repo": "nixpkgs", | 568 | "repo": "nixpkgs", | 
| 510 | "rev": "7c48f2b003d8d6ef98e7b29ccb888a877b806ab8", | 569 | "rev": "3fe71bc59b593b7757e8ecf4f5cbd25fb77cca5b", | 
| 511 | "type": "github" | 570 | "type": "github" | 
| 512 | }, | 571 | }, | 
| 513 | "original": { | 572 | "original": { | 
| @@ -560,6 +619,33 @@ | |||
| 560 | "type": "github" | 619 | "type": "github" | 
| 561 | } | 620 | } | 
| 562 | }, | 621 | }, | 
| 622 | "poetry2nix": { | ||
| 623 | "inputs": { | ||
| 624 | "flake-utils": [ | ||
| 625 | "flake-utils" | ||
| 626 | ], | ||
| 627 | "nix-github-actions": "nix-github-actions", | ||
| 628 | "nixpkgs": [ | ||
| 629 | "nixpkgs" | ||
| 630 | ], | ||
| 631 | "systems": "systems_3", | ||
| 632 | "treefmt-nix": "treefmt-nix" | ||
| 633 | }, | ||
| 634 | "locked": { | ||
| 635 | "lastModified": 1701861752, | ||
| 636 | "narHash": "sha256-QfrE05P66856b1SMan69NPhjc9e82VtLxBKg3yiQGW8=", | ||
| 637 | "owner": "nix-community", | ||
| 638 | "repo": "poetry2nix", | ||
| 639 | "rev": "9fc487b32a68473da4bf9573f85b388043c5ecda", | ||
| 640 | "type": "github" | ||
| 641 | }, | ||
| 642 | "original": { | ||
| 643 | "owner": "nix-community", | ||
| 644 | "ref": "master", | ||
| 645 | "repo": "poetry2nix", | ||
| 646 | "type": "github" | ||
| 647 | } | ||
| 648 | }, | ||
| 563 | "pre-commit-hooks-nix": { | 649 | "pre-commit-hooks-nix": { | 
| 564 | "inputs": { | 650 | "inputs": { | 
| 565 | "flake-compat": "flake-compat", | 651 | "flake-compat": "flake-compat", | 
| @@ -638,14 +724,17 @@ | |||
| 638 | "nixpkgs": [ | 724 | "nixpkgs": [ | 
| 639 | "nixpkgs" | 725 | "nixpkgs" | 
| 640 | ], | 726 | ], | 
| 727 | "poetry2nix": [ | ||
| 728 | "poetry2nix" | ||
| 729 | ], | ||
| 641 | "pre-commit-hooks-nix": "pre-commit-hooks-nix_3" | 730 | "pre-commit-hooks-nix": "pre-commit-hooks-nix_3" | 
| 642 | }, | 731 | }, | 
| 643 | "locked": { | 732 | "locked": { | 
| 644 | "lastModified": 1685389961, | 733 | "lastModified": 1701975574, | 
| 645 | "narHash": "sha256-D01xvx8trgelAM5D/1rZ9/s2Wqm3LDBfH29VWGeYu5o=", | 734 | "narHash": "sha256-gN2I3VdtC4mpep+AmYxR2OpaY7uv14zXCOfEMdzh0q4=", | 
| 646 | "owner": "gkleen", | 735 | "owner": "gkleen", | 
| 647 | "repo": "prometheus-borg-exporter", | 736 | "repo": "prometheus-borg-exporter", | 
| 648 | "rev": "153c3864761d4741dc72e360f96de8c169834b81", | 737 | "rev": "5699a2c38a0d777d0580584136e0a27b33800864", | 
| 649 | "type": "gitlab" | 738 | "type": "gitlab" | 
| 650 | }, | 739 | }, | 
| 651 | "original": { | 740 | "original": { | 
| @@ -666,8 +755,11 @@ | |||
| 666 | "home-manager": "home-manager", | 755 | "home-manager": "home-manager", | 
| 667 | "nix-index-database": "nix-index-database", | 756 | "nix-index-database": "nix-index-database", | 
| 668 | "nixpkgs": "nixpkgs_2", | 757 | "nixpkgs": "nixpkgs_2", | 
| 758 | "nixpkgs-eostre": "nixpkgs-eostre", | ||
| 759 | "nixpkgs-pgbackrest": "nixpkgs-pgbackrest", | ||
| 669 | "nixpkgs-stable": "nixpkgs-stable_2", | 760 | "nixpkgs-stable": "nixpkgs-stable_2", | 
| 670 | "nvfetcher": "nvfetcher", | 761 | "nvfetcher": "nvfetcher", | 
| 762 | "poetry2nix": "poetry2nix", | ||
| 671 | "prometheus-borg-exporter": "prometheus-borg-exporter", | 763 | "prometheus-borg-exporter": "prometheus-borg-exporter", | 
| 672 | "sops-nix": "sops-nix" | 764 | "sops-nix": "sops-nix" | 
| 673 | } | 765 | } | 
| @@ -682,11 +774,11 @@ | |||
| 682 | ] | 774 | ] | 
| 683 | }, | 775 | }, | 
| 684 | "locked": { | 776 | "locked": { | 
| 685 | "lastModified": 1695284550, | 777 | "lastModified": 1701728052, | 
| 686 | "narHash": "sha256-z9fz/wz9qo9XePEvdduf+sBNeoI9QG8NJKl5ssA8Xl4=", | 778 | "narHash": "sha256-7lOMc3PtW5a55vFReBJLLLOnopsoi1W7MkjJ93jPV4E=", | 
| 687 | "owner": "Mic92", | 779 | "owner": "Mic92", | 
| 688 | "repo": "sops-nix", | 780 | "repo": "sops-nix", | 
| 689 | "rev": "2f375ed8702b0d8ee2430885059d5e7975e38f78", | 781 | "rev": "e91ece6d2cf5a0ae729796b8f0dedceab5107c3d", | 
| 690 | "type": "github" | 782 | "type": "github" | 
| 691 | }, | 783 | }, | 
| 692 | "original": { | 784 | "original": { | 
| @@ -725,6 +817,41 @@ | |||
| 725 | "repo": "default", | 817 | "repo": "default", | 
| 726 | "type": "github" | 818 | "type": "github" | 
| 727 | } | 819 | } | 
| 820 | }, | ||
| 821 | "systems_3": { | ||
| 822 | "locked": { | ||
| 823 | "lastModified": 1681028828, | ||
| 824 | "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", | ||
| 825 | "owner": "nix-systems", | ||
| 826 | "repo": "default", | ||
| 827 | "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", | ||
| 828 | "type": "github" | ||
| 829 | }, | ||
| 830 | "original": { | ||
| 831 | "id": "systems", | ||
| 832 | "type": "indirect" | ||
| 833 | } | ||
| 834 | }, | ||
| 835 | "treefmt-nix": { | ||
| 836 | "inputs": { | ||
| 837 | "nixpkgs": [ | ||
| 838 | "poetry2nix", | ||
| 839 | "nixpkgs" | ||
| 840 | ] | ||
| 841 | }, | ||
| 842 | "locked": { | ||
| 843 | "lastModified": 1699786194, | ||
| 844 | "narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=", | ||
| 845 | "owner": "numtide", | ||
| 846 | "repo": "treefmt-nix", | ||
| 847 | "rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1", | ||
| 848 | "type": "github" | ||
| 849 | }, | ||
| 850 | "original": { | ||
| 851 | "owner": "numtide", | ||
| 852 | "repo": "treefmt-nix", | ||
| 853 | "type": "github" | ||
| 854 | } | ||
| 728 | } | 855 | } | 
| 729 | }, | 856 | }, | 
| 730 | "root": "root", | 857 | "root": "root", | 
| @@ -19,12 +19,24 @@ | |||
| 19 | # ref = "nixos-unstable"; | 19 | # ref = "nixos-unstable"; | 
| 20 | ref = "ppp-systemd"; | 20 | ref = "ppp-systemd"; | 
| 21 | }; | 21 | }; | 
| 22 | nixpkgs-stable = { | 22 | nixpkgs-pgbackrest = { | 
| 23 | type = "github"; | 23 | type = "github"; | 
| 24 | owner = "NixOS"; | 24 | owner = "NixOS"; | 
| 25 | repo = "nixpkgs"; | 25 | repo = "nixpkgs"; | 
| 26 | ref = "23.05"; | 26 | ref = "23.05"; | 
| 27 | }; | 27 | }; | 
| 28 | nixpkgs-stable = { | ||
| 29 | type = "github"; | ||
| 30 | owner = "NixOS"; | ||
| 31 | repo = "nixpkgs"; | ||
| 32 | ref = "23.11"; | ||
| 33 | }; | ||
| 34 | nixpkgs-eostre = { | ||
| 35 | type = "github"; | ||
| 36 | owner = "NixOS"; | ||
| 37 | repo = "nixpkgs"; | ||
| 38 | ref = "23.11"; | ||
| 39 | }; | ||
| 28 | home-manager = { | 40 | home-manager = { | 
| 29 | type = "github"; | 41 | type = "github"; | 
| 30 | # owner = "nix-community"; | 42 | # owner = "nix-community"; | 
| @@ -97,23 +109,35 @@ | |||
| 97 | nixpkgs.follows = "nixpkgs"; | 109 | nixpkgs.follows = "nixpkgs"; | 
| 98 | }; | 110 | }; | 
| 99 | }; | 111 | }; | 
| 112 | poetry2nix = { | ||
| 113 | type = "github"; | ||
| 114 | owner = "nix-community"; | ||
| 115 | repo = "poetry2nix"; | ||
| 116 | ref = "master"; | ||
| 117 | inputs = { | ||
| 118 | flake-utils.follows = "flake-utils"; | ||
| 119 | nixpkgs.follows = "nixpkgs"; | ||
| 120 | }; | ||
| 121 | }; | ||
| 100 | 122 | ||
| 101 | ca-util = { | 123 | ca-util = { | 
| 102 | type = "gitlab"; | 124 | type = "gitlab"; | 
| 103 | owner = "gkleen"; | 125 | owner = "gkleen"; | 
| 104 | repo = "ca"; | 126 | repo = "ca"; | 
| 105 | ref = "v2.1.0"; | 127 | ref = "v2.3.3"; | 
| 106 | inputs = { | 128 | inputs = { | 
| 107 | nixpkgs.follows = "nixpkgs"; | 129 | nixpkgs.follows = "nixpkgs"; | 
| 130 | poetry2nix.follows = "poetry2nix"; | ||
| 108 | }; | 131 | }; | 
| 109 | }; | 132 | }; | 
| 110 | backup-utils = { | 133 | backup-utils = { | 
| 111 | type = "gitlab"; | 134 | type = "gitlab"; | 
| 112 | owner = "gkleen"; | 135 | owner = "gkleen"; | 
| 113 | repo = "backup-utils"; | 136 | repo = "backup-utils"; | 
| 114 | ref = "v0.1.0"; | 137 | ref = "v0.1.2"; | 
| 115 | inputs = { | 138 | inputs = { | 
| 116 | nixpkgs.follows = "nixpkgs"; | 139 | nixpkgs.follows = "nixpkgs"; | 
| 140 | poetry2nix.follows = "poetry2nix"; | ||
| 117 | }; | 141 | }; | 
| 118 | }; | 142 | }; | 
| 119 | prometheus-borg-exporter = { | 143 | prometheus-borg-exporter = { | 
| @@ -123,6 +147,7 @@ | |||
| 123 | ref = "main"; | 147 | ref = "main"; | 
| 124 | inputs = { | 148 | inputs = { | 
| 125 | nixpkgs.follows = "nixpkgs"; | 149 | nixpkgs.follows = "nixpkgs"; | 
| 150 | poetry2nix.follows = "poetry2nix"; | ||
| 126 | }; | 151 | }; | 
| 127 | }; | 152 | }; | 
| 128 | }; | 153 | }; | 
| @@ -133,7 +158,7 @@ | |||
| 133 | inherit (nixpkgs) lib; | 158 | inherit (nixpkgs) lib; | 
| 134 | utils = import ./utils { inherit lib; }; | 159 | utils = import ./utils { inherit lib; }; | 
| 135 | inherit (utils) nixImport overrideModule; | 160 | inherit (utils) nixImport overrideModule; | 
| 136 | inherit (lib) nixosSystem mkIf splitString filterAttrs listToAttrs mapAttrsToList nameValuePair concatMap composeManyExtensions mapAttrs mapAttrs' recursiveUpdate genAttrs unique elem optionalAttrs isDerivation concatLists concatStringsSep fix filter makeOverridable foldr; | 161 | inherit (lib) mkIf splitString filterAttrs listToAttrs mapAttrsToList nameValuePair concatMap composeManyExtensions mapAttrs mapAttrs' recursiveUpdate genAttrs unique elem optionalAttrs isDerivation concatLists concatStringsSep fix filter makeOverridable foldr; | 
| 137 | inherit (lib.strings) escapeNixString hasSuffix; | 162 | inherit (lib.strings) escapeNixString hasSuffix; | 
| 138 | 163 | ||
| 139 | accountUserName = accountName: | 164 | accountUserName = accountName: | 
| @@ -149,29 +174,31 @@ | |||
| 149 | 174 | ||
| 150 | mkOverlay = path: final: prev: import path ({ inherit final; inherit prev; flakeInputs = inputs; flake = self; } // mkSources prev); | 175 | mkOverlay = path: final: prev: import path ({ inherit final; inherit prev; flakeInputs = inputs; flake = self; } // mkSources prev); | 
| 151 | 176 | ||
| 152 | mkNixosConfiguration = addProfiles: dir: path: hostName: nixosSystem rec { | 177 | mkNixosConfiguration = addProfiles: dir: path: hostName: | 
| 153 | specialArgs = { | 178 | let inherit ((inputs."nixpkgs-${hostName}" or inputs.nixpkgs).lib) nixosSystem; | 
| 154 | flake = self; | 179 | in nixosSystem rec { | 
| 155 | flakeInputs = inputs; | 180 | specialArgs = { | 
| 156 | path = ./.; | 181 | flake = self; | 
| 182 | flakeInputs = inputs; | ||
| 183 | path = ./.; | ||
| 184 | }; | ||
| 185 | modules = | ||
| 186 | let | ||
| 187 | defaultProfiles = with self.nixosModules.systemProfiles; | ||
| 188 | [ core | ||
| 189 | ]; | ||
| 190 | |||
| 191 | local = dir + "/${path}"; | ||
| 192 | argsModule = { pkgs, ... }: { | ||
| 193 | _module.args = { | ||
| 194 | customUtils = utils; | ||
| 195 | inherit hostName; | ||
| 196 | } // mkSources pkgs; | ||
| 197 | }; | ||
| 198 | accountModules = attrValues (filterAttrs accountMatchesHost self.nixosModules.accounts); | ||
| 199 | accountMatchesHost = n: _v: accountHostName n == hostName; | ||
| 200 | in attrValues (filterAttrs (n: _v: !(elem n ["systemProfiles" "users" "userProfiles" "accounts"])) self.nixosModules) ++ [ argsModule ] ++ defaultProfiles ++ addProfiles ++ [ local ] ++ accountModules; | ||
| 157 | }; | 201 | }; | 
| 158 | modules = | ||
| 159 | let | ||
| 160 | defaultProfiles = with self.nixosModules.systemProfiles; | ||
| 161 | [ core | ||
| 162 | ]; | ||
| 163 | |||
| 164 | local = dir + "/${path}"; | ||
| 165 | argsModule = { pkgs, ... }: { | ||
| 166 | _module.args = { | ||
| 167 | customUtils = utils; | ||
| 168 | inherit hostName; | ||
| 169 | } // mkSources pkgs; | ||
| 170 | }; | ||
| 171 | accountModules = attrValues (filterAttrs accountMatchesHost self.nixosModules.accounts); | ||
| 172 | accountMatchesHost = n: _v: accountHostName n == hostName; | ||
| 173 | in attrValues (filterAttrs (n: _v: !(elem n ["systemProfiles" "users" "userProfiles" "accounts"])) self.nixosModules) ++ [ argsModule ] ++ defaultProfiles ++ addProfiles ++ [ local ] ++ accountModules; | ||
| 174 | }; | ||
| 175 | 202 | ||
| 176 | mkSystemProfile = dir: path: profileName: { | 203 | mkSystemProfile = dir: path: profileName: { | 
| 177 | imports = [ (dir + "/${path}") ]; | 204 | imports = [ (dir + "/${path}") ]; | 
| diff --git a/hosts/eostre/default.nix b/hosts/eostre/default.nix index 40fb5f72..fd4b15f2 100644 --- a/hosts/eostre/default.nix +++ b/hosts/eostre/default.nix | |||
| @@ -10,7 +10,7 @@ with lib; | |||
| 10 | config = { | 10 | config = { | 
| 11 | nixpkgs = { | 11 | nixpkgs = { | 
| 12 | system = "x86_64-linux"; | 12 | system = "x86_64-linux"; | 
| 13 | config = { | 13 | externalConfig = { | 
| 14 | allowUnfree = true; | 14 | allowUnfree = true; | 
| 15 | }; | 15 | }; | 
| 16 | }; | 16 | }; | 
| diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index 66dca378..d1a28920 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix | |||
| @@ -20,7 +20,7 @@ in { | |||
| 20 | config = { | 20 | config = { | 
| 21 | nixpkgs = { | 21 | nixpkgs = { | 
| 22 | system = "x86_64-linux"; | 22 | system = "x86_64-linux"; | 
| 23 | config = { | 23 | externalConfig = { | 
| 24 | allowUnfree = true; | 24 | allowUnfree = true; | 
| 25 | pulseaudio = true; | 25 | pulseaudio = true; | 
| 26 | }; | 26 | }; | 
| diff --git a/hosts/vidhar/network/dsl.nix b/hosts/vidhar/network/dsl.nix index ae874c25..a8a897f2 100644 --- a/hosts/vidhar/network/dsl.nix +++ b/hosts/vidhar/network/dsl.nix | |||
| @@ -36,6 +36,7 @@ in { | |||
| 36 | user 002576900250551137425220#0001@t-online.de | 36 | user 002576900250551137425220#0001@t-online.de | 
| 37 | telekom | 37 | telekom | 
| 38 | debug | 38 | debug | 
| 39 | +ipv6 | ||
| 39 | ''; | 40 | ''; | 
| 40 | }; | 41 | }; | 
| 41 | systemd.services."pppd-telekom" = { | 42 | systemd.services."pppd-telekom" = { | 
| @@ -43,7 +44,6 @@ in { | |||
| 43 | 44 | ||
| 44 | serviceConfig = lib.mkForce { | 45 | serviceConfig = lib.mkForce { | 
| 45 | PIDFile = "/run/pppd/${pppInterface}.pid"; | 46 | PIDFile = "/run/pppd/${pppInterface}.pid"; | 
| 46 | ExecStart = "${lib.getBin pkgs.ppp}/sbin/pppd call telekom up_sdnotify nolog +ipv6"; | ||
| 47 | }; | 47 | }; | 
| 48 | }; | 48 | }; | 
| 49 | sops.secrets."pap-secrets" = { | 49 | sops.secrets."pap-secrets" = { | 
| diff --git a/hosts/vidhar/pgbackrest/default.nix b/hosts/vidhar/pgbackrest/default.nix index 0f86ebe9..fec0c1fb 100644 --- a/hosts/vidhar/pgbackrest/default.nix +++ b/hosts/vidhar/pgbackrest/default.nix | |||
| @@ -12,7 +12,7 @@ in { | |||
| 12 | 12 | ||
| 13 | services.pgbackrest = { | 13 | services.pgbackrest = { | 
| 14 | enable = true; | 14 | enable = true; | 
| 15 | package = flakeInputs.nixpkgs-stable.legacyPackages.${config.nixpkgs.system}.pgbackrest; | 15 | package = flakeInputs.nixpkgs-pgbackrest.legacyPackages.${config.nixpkgs.system}.pgbackrest; | 
| 16 | 16 | ||
| 17 | tlsServer = { | 17 | tlsServer = { | 
| 18 | enable = true; | 18 | enable = true; | 
| diff --git a/installer/default.nix b/installer/default.nix index 912a0ce9..baaf2dc6 100644 --- a/installer/default.nix +++ b/installer/default.nix | |||
| @@ -47,7 +47,7 @@ with lib; | |||
| 47 | wantedBy = [ "multi-user.target" ]; | 47 | wantedBy = [ "multi-user.target" ]; | 
| 48 | serviceConfig.ExecStart = "${pkgs.linuxPackages.nvidia_x11.bin}/bin/nvidia-smi"; | 48 | serviceConfig.ExecStart = "${pkgs.linuxPackages.nvidia_x11.bin}/bin/nvidia-smi"; | 
| 49 | }; | 49 | }; | 
| 50 | nixpkgs.config.allowUnfree = true; | 50 | nixpkgs.externalConfig.allowUnfree = true; | 
| 51 | 51 | ||
| 52 | nix.settings.auto-allocate-uids = mkForce false; | 52 | nix.settings.auto-allocate-uids = mkForce false; | 
| 53 | 53 | ||
| diff --git a/modules/envfs.nix b/modules/envfs.nix index 1463dce8..83cad8d0 100644 --- a/modules/envfs.nix +++ b/modules/envfs.nix | |||
| @@ -50,6 +50,14 @@ in { | |||
| 50 | ln -s ${config.environment.binsh} $out/sh | 50 | ln -s ${config.environment.binsh} $out/sh | 
| 51 | '') | 51 | '') | 
| 52 | ]; | 52 | ]; | 
| 53 | defaultText = lib.literalExpression '' | ||
| 54 | [ (pkgs.runCommand "fallback-path-environment" {} ''' | ||
| 55 | mkdir -p $out | ||
| 56 | ln -s ''${config.environment.usrbinenv} $out/env | ||
| 57 | ln -s ''${config.environment.binsh} $out/sh | ||
| 58 | ''') | ||
| 59 | ] | ||
| 60 | ''; | ||
| 53 | description = lib.mdDoc "Extra packages to join into collection of fallback executables in case not other executable is found"; | 61 | description = lib.mdDoc "Extra packages to join into collection of fallback executables in case not other executable is found"; | 
| 54 | }; | 62 | }; | 
| 55 | }; | 63 | }; | 
| diff --git a/modules/openssh.nix b/modules/openssh.nix index b5950610..78749869 100644 --- a/modules/openssh.nix +++ b/modules/openssh.nix | |||
| @@ -6,8 +6,8 @@ with lib; | |||
| 6 | options = { | 6 | options = { | 
| 7 | services.openssh = { | 7 | services.openssh = { | 
| 8 | settings.HostKeyAlgorithms = mkOption { | 8 | settings.HostKeyAlgorithms = mkOption { | 
| 9 | type = types.listOf types.str; | 9 | type = types.str; | 
| 10 | default = [ | 10 | default = concatStringsSep "," [ | 
| 11 | "ssh-ed25519" | 11 | "ssh-ed25519" | 
| 12 | "ssh-ed25519-cert-v01@openssh.com" | 12 | "ssh-ed25519-cert-v01@openssh.com" | 
| 13 | "sk-ssh-ed25519@openssh.com" | 13 | "sk-ssh-ed25519@openssh.com" | 
| @@ -32,8 +32,8 @@ with lib; | |||
| 32 | ]; | 32 | ]; | 
| 33 | }; | 33 | }; | 
| 34 | settings.CASignatureAlgorithms = mkOption { | 34 | settings.CASignatureAlgorithms = mkOption { | 
| 35 | type = types.listOf types.str; | 35 | type = types.str; | 
| 36 | default = [ | 36 | default = concatStringsSep "," [ | 
| 37 | "ssh-ed25519" | 37 | "ssh-ed25519" | 
| 38 | "ecdsa-sha2-nistp256" | 38 | "ecdsa-sha2-nistp256" | 
| 39 | "ecdsa-sha2-nistp384" | 39 | "ecdsa-sha2-nistp384" | 
| @@ -45,8 +45,8 @@ with lib; | |||
| 45 | ]; | 45 | ]; | 
| 46 | }; | 46 | }; | 
| 47 | settings.PubkeyAcceptedAlgorithms = mkOption { | 47 | settings.PubkeyAcceptedAlgorithms = mkOption { | 
| 48 | type = types.listOf types.str; | 48 | type = types.str; | 
| 49 | default = [ | 49 | default = concatStringsSep "," [ | 
| 50 | "ssh-ed25519" | 50 | "ssh-ed25519" | 
| 51 | "ssh-ed25519-cert-v01@openssh.com" | 51 | "ssh-ed25519-cert-v01@openssh.com" | 
| 52 | "sk-ssh-ed25519@openssh.com" | 52 | "sk-ssh-ed25519@openssh.com" | 
| diff --git a/modules/pgbackrest.nix b/modules/pgbackrest.nix index ca319ccd..ac0f9a35 100644 --- a/modules/pgbackrest.nix +++ b/modules/pgbackrest.nix | |||
| @@ -54,6 +54,7 @@ in { | |||
| 54 | stanza = mkOption { | 54 | stanza = mkOption { | 
| 55 | type = types.str; | 55 | type = types.str; | 
| 56 | default = config.networking.hostName; | 56 | default = config.networking.hostName; | 
| 57 | defaultText = literalExpression "config.networking.hostName"; | ||
| 57 | }; | 58 | }; | 
| 58 | }; | 59 | }; | 
| 59 | 60 | ||
| @@ -115,6 +116,7 @@ in { | |||
| 115 | stanza = mkOption { | 116 | stanza = mkOption { | 
| 116 | type = types.str; | 117 | type = types.str; | 
| 117 | default = cfg.configurePostgresql.stanza; | 118 | default = cfg.configurePostgresql.stanza; | 
| 119 | defaultText = literalExpression "config.services.pgbackrest.configurePostgresql.stanza"; | ||
| 118 | }; | 120 | }; | 
| 119 | repo = mkOption { | 121 | repo = mkOption { | 
| 120 | type = types.nullOr (types.strMatching "^[0-9]+$"); | 122 | type = types.nullOr (types.strMatching "^[0-9]+$"); | 
| diff --git a/modules/tinc-networkmanager.nix b/modules/tinc-networkmanager.nix index ff03abd2..4beba737 100644 --- a/modules/tinc-networkmanager.nix +++ b/modules/tinc-networkmanager.nix | |||
| @@ -8,6 +8,7 @@ in { | |||
| 8 | options.nmDispatch = lib.mkOption { | 8 | options.nmDispatch = lib.mkOption { | 
| 9 | type = lib.types.bool; | 9 | type = lib.types.bool; | 
| 10 | default = config.networking.networkmanager.enable; | 10 | default = config.networking.networkmanager.enable; | 
| 11 | defaultText = lib.literalExpression "config.networking.networkmanager.enable"; | ||
| 11 | description = '' | 12 | description = '' | 
| 12 | Install a network-manager dispatcher script to automatically | 13 | Install a network-manager dispatcher script to automatically | 
| 13 | connect to all remotes when networking is available | 14 | connect to all remotes when networking is available | 
| diff --git a/modules/uucp.nix b/modules/uucp.nix index 95b675a6..abca2acb 100644 --- a/modules/uucp.nix +++ b/modules/uucp.nix | |||
| @@ -48,12 +48,14 @@ let | |||
| 48 | commands = mkOption { | 48 | commands = mkOption { | 
| 49 | type = types.listOf types.str; | 49 | type = types.listOf types.str; | 
| 50 | default = cfg.defaultCommands; | 50 | default = cfg.defaultCommands; | 
| 51 | defaultText = literalExpression "config.services.uucp.defaultCommands"; | ||
| 51 | description = "Commands to allow for this remote"; | 52 | description = "Commands to allow for this remote"; | 
| 52 | }; | 53 | }; | 
| 53 | 54 | ||
| 54 | protocols = mkOption { | 55 | protocols = mkOption { | 
| 55 | type = types.separatedString ""; | 56 | type = types.separatedString ""; | 
| 56 | default = cfg.defaultProtocols; | 57 | default = cfg.defaultProtocols; | 
| 58 | defaultText = literalExpression "config.services.uucp.defaultProtocols"; | ||
| 57 | description = "UUCP protocols to use for this remote"; | 59 | description = "UUCP protocols to use for this remote"; | 
| 58 | }; | 60 | }; | 
| 59 | 61 | ||
| @@ -119,6 +121,7 @@ in { | |||
| 119 | commandPath = mkOption { | 121 | commandPath = mkOption { | 
| 120 | type = types.listOf types.path; | 122 | type = types.listOf types.path; | 
| 121 | default = [ "${pkgs.rmail}/bin" ]; | 123 | default = [ "${pkgs.rmail}/bin" ]; | 
| 124 | defaultText = literalExpression ''[ "''${pkgs.rmail}/bin" ]''; | ||
| 122 | description = '' | 125 | description = '' | 
| 123 | Command search path for all systems | 126 | Command search path for all systems | 
| 124 | ''; | 127 | ''; | 
| @@ -151,6 +154,7 @@ in { | |||
| 151 | sshKeyDir = mkOption { | 154 | sshKeyDir = mkOption { | 
| 152 | type = types.path; | 155 | type = types.path; | 
| 153 | default = "${cfg.homeDir}/.ssh/"; | 156 | default = "${cfg.homeDir}/.ssh/"; | 
| 157 | defaultText = literalExpression ''''${config.services.uucp.homeDir}/.ssh/''; | ||
| 154 | description = "Directory to store ssh keypairs"; | 158 | description = "Directory to store ssh keypairs"; | 
| 155 | }; | 159 | }; | 
| 156 | 160 | ||
| @@ -202,6 +206,7 @@ in { | |||
| 202 | nmDispatch = mkOption { | 206 | nmDispatch = mkOption { | 
| 203 | type = types.bool; | 207 | type = types.bool; | 
| 204 | default = config.networking.networkmanager.enable; | 208 | default = config.networking.networkmanager.enable; | 
| 209 | defaultText = literalExpression "config.networking.networkmanager.enable"; | ||
| 205 | description = '' | 210 | description = '' | 
| 206 | Install a network-manager dispatcher script to automatically | 211 | Install a network-manager dispatcher script to automatically | 
| 207 | call all remotes when networking is available | 212 | call all remotes when networking is available | 
| diff --git a/overlays/poetry2nix.nix b/overlays/poetry2nix.nix new file mode 100644 index 00000000..693022a0 --- /dev/null +++ b/overlays/poetry2nix.nix | |||
| @@ -0,0 +1,3 @@ | |||
| 1 | { final, prev, flakeInputs, ... }: | ||
| 2 | |||
| 3 | flakeInputs.poetry2nix.overlays.default final prev | ||
| diff --git a/overlays/prometheus-systemd-exporter.nix b/overlays/prometheus-systemd-exporter.nix deleted file mode 100644 index 84cddb8e..00000000 --- a/overlays/prometheus-systemd-exporter.nix +++ /dev/null | |||
| @@ -1,11 +0,0 @@ | |||
| 1 | { final, prev, ... }: { | ||
| 2 | prometheus-systemd-exporter = prev.prometheus-systemd-exporter.overrideAttrs (oldAttrs: { | ||
| 3 | patches = (oldAttrs.patches or []) ++ [ | ||
| 4 | (final.fetchpatch { | ||
| 5 | name = "cpu_stat.patch"; | ||
| 6 | url = "https://github.com/prometheus-community/systemd_exporter/pull/74.patch"; | ||
| 7 | hash = "sha256-a4M9SPckwkvetxjWMamm0x2wcg2a+Rkicn1XRUHieuM="; | ||
| 8 | }) | ||
| 9 | ]; | ||
| 10 | }); | ||
| 11 | } | ||
| diff --git a/system-profiles/core/default.nix b/system-profiles/core/default.nix index 46049e26..67d50606 100644 --- a/system-profiles/core/default.nix +++ b/system-profiles/core/default.nix | |||
| @@ -1,7 +1,10 @@ | |||
| 1 | { flake, flakeInputs, path, hostName, config, lib, pkgs, customUtils, ... }: | 1 | { flake, flakeInputs, path, hostName, config, lib, pkgs, customUtils, ... }: | 
| 2 | |||
| 3 | with lib; | ||
| 4 | |||
| 2 | let | 5 | let | 
| 3 | profileSet = customUtils.types.attrNameSet flake.nixosModules.systemProfiles; | 6 | profileSet = customUtils.types.attrNameSet flake.nixosModules.systemProfiles; | 
| 4 | userProfileSet = customUtils.types.attrNameSet (lib.zipAttrs (lib.attrValues flake.nixosModules.userProfiles)); | 7 | userProfileSet = customUtils.types.attrNameSet (zipAttrs (attrValues flake.nixosModules.userProfiles)); | 
| 5 | hasSops = config.sops.secrets != {}; | 8 | hasSops = config.sops.secrets != {}; | 
| 6 | in { | 9 | in { | 
| 7 | imports = with flakeInputs; | 10 | imports = with flakeInputs; | 
| @@ -11,7 +14,7 @@ in { | |||
| 11 | 14 | ||
| 12 | options = { | 15 | options = { | 
| 13 | # See mkSystemProfile in ../flake.nix | 16 | # See mkSystemProfile in ../flake.nix | 
| 14 | system.profiles = lib.mkOption { | 17 | system.profiles = mkOption { | 
| 15 | type = profileSet; | 18 | type = profileSet; | 
| 16 | default = []; | 19 | default = []; | 
| 17 | description = '' | 20 | description = '' | 
| @@ -19,9 +22,9 @@ in { | |||
| 19 | ''; | 22 | ''; | 
| 20 | }; | 23 | }; | 
| 21 | 24 | ||
| 22 | users.users = lib.mkOption { | 25 | users.users = mkOption { | 
| 23 | type = lib.types.attrsOf (lib.types.submodule { | 26 | type = types.attrsOf (types.submodule { | 
| 24 | options.profiles = lib.mkOption { | 27 | options.profiles = mkOption { | 
| 25 | type = userProfileSet; | 28 | type = userProfileSet; | 
| 26 | default = []; | 29 | default = []; | 
| 27 | description = '' | 30 | description = '' | 
| @@ -30,14 +33,71 @@ in { | |||
| 30 | }; | 33 | }; | 
| 31 | }); | 34 | }); | 
| 32 | }; | 35 | }; | 
| 36 | |||
| 37 | nixpkgs.externalConfig = mkOption { | ||
| 38 | default = {}; | ||
| 39 | example = literalExpression | ||
| 40 | '' | ||
| 41 | { allowBroken = true; allowUnfree = true; } | ||
| 42 | ''; | ||
| 43 | type = mkOptionType { | ||
| 44 | name = "nixpkgs-config"; | ||
| 45 | description = "nixpkgs config"; | ||
| 46 | check = x: | ||
| 47 | let traceXIfNot = c: | ||
| 48 | if c x then true | ||
| 49 | else traceSeqN 1 x false; | ||
| 50 | isConfig = x: | ||
| 51 | builtins.isAttrs x || isFunction x; | ||
| 52 | in traceXIfNot isConfig; | ||
| 53 | merge = args: | ||
| 54 | let | ||
| 55 | optCall = f: x: | ||
| 56 | if isFunction f | ||
| 57 | then f x | ||
| 58 | else f; | ||
| 59 | mergeConfig = lhs_: rhs_: | ||
| 60 | let | ||
| 61 | lhs = optCall lhs_ { inherit pkgs; }; | ||
| 62 | rhs = optCall rhs_ { inherit pkgs; }; | ||
| 63 | in | ||
| 64 | recursiveUpdate lhs rhs // | ||
| 65 | optionalAttrs (lhs ? packageOverrides) { | ||
| 66 | packageOverrides = pkgs: | ||
| 67 | optCall lhs.packageOverrides pkgs // | ||
| 68 | optCall (attrByPath [ "packageOverrides" ] { } rhs) pkgs; | ||
| 69 | } // | ||
| 70 | optionalAttrs (lhs ? perlPackageOverrides) { | ||
| 71 | perlPackageOverrides = pkgs: | ||
| 72 | optCall lhs.perlPackageOverrides pkgs // | ||
| 73 | optCall (attrByPath [ "perlPackageOverrides" ] { } rhs) pkgs; | ||
| 74 | }; | ||
| 75 | in foldr (def: mergeConfig def.value) {}; | ||
| 76 | }; | ||
| 77 | description = mdDoc '' | ||
| 78 | The configuration of the Nix Packages collection. (For | ||
| 79 | details, see the Nixpkgs documentation.) It allows you to set | ||
| 80 | package configuration options. | ||
| 81 | |||
| 82 | Used to construct `nixpkgs.pkgs`. | ||
| 83 | ''; | ||
| 84 | }; | ||
| 85 | |||
| 86 | nixpkgs.flakeInput = mkOption { | ||
| 87 | type = types.enum (attrNames flakeInputs); | ||
| 88 | default = if flakeInputs ? "nixpkgs-${hostName}" then "nixpkgs-${hostName}" else "nixpkgs"; | ||
| 89 | defaultText = literalExpression ''if flakeInputs ? "nixpkgs-''${hostName}" then "nixpkgs-''${hostName}" else "nixpkgs"''; | ||
| 90 | internal = true; | ||
| 91 | }; | ||
| 33 | }; | 92 | }; | 
| 34 | 93 | ||
| 35 | config = { | 94 | config = { | 
| 36 | networking.hostName = hostName; | 95 | networking.hostName = hostName; | 
| 37 | system.configurationRevision = lib.mkIf (flake ? rev) flake.rev; | 96 | system.configurationRevision = mkIf (flake ? rev) flake.rev; | 
| 38 | 97 | ||
| 39 | nixpkgs.pkgs = flake.legacyPackages.${config.nixpkgs.system}.override { | 98 | nixpkgs.pkgs = import (flakeInputs.${config.nixpkgs.flakeInput}.outPath + "/pkgs/top-level") { | 
| 40 | inherit (config.nixpkgs) config; | 99 | overlays = attrValues flake.overlays; | 
| 100 | config = config.nixpkgs.externalConfig; | ||
| 41 | localSystem = config.nixpkgs.system; | 101 | localSystem = config.nixpkgs.system; | 
| 42 | }; | 102 | }; | 
| 43 | 103 | ||
| @@ -64,7 +124,7 @@ in { | |||
| 64 | ]; | 124 | ]; | 
| 65 | registry = | 125 | registry = | 
| 66 | let override = { self = "nixos"; }; | 126 | let override = { self = "nixos"; }; | 
| 67 | in lib.mapAttrs' (inpName: inpFlake: lib.nameValuePair | 127 | in mapAttrs' (inpName: inpFlake: nameValuePair | 
| 68 | (override.${inpName} or inpName) | 128 | (override.${inpName} or inpName) | 
| 69 | { flake = inpFlake; } ) flakeInputs; | 129 | { flake = inpFlake; } ) flakeInputs; | 
| 70 | }; | 130 | }; | 
| @@ -97,7 +157,7 @@ in { | |||
| 97 | backupFileExtension = "bak"; | 157 | backupFileExtension = "bak"; | 
| 98 | }; | 158 | }; | 
| 99 | 159 | ||
| 100 | sops = lib.mkIf hasSops { | 160 | sops = mkIf hasSops { | 
| 101 | age = { | 161 | age = { | 
| 102 | keyFile = "/var/lib/sops-nix/key.txt"; | 162 | keyFile = "/var/lib/sops-nix/key.txt"; | 
| 103 | generateKey = false; | 163 | generateKey = false; | 
| diff --git a/system-profiles/initrd-ssh/default.nix b/system-profiles/initrd-ssh/default.nix index 5176234f..ef469343 100644 --- a/system-profiles/initrd-ssh/default.nix +++ b/system-profiles/initrd-ssh/default.nix | |||
| @@ -3,8 +3,6 @@ | |||
| 3 | with lib; | 3 | with lib; | 
| 4 | 4 | ||
| 5 | { | 5 | { | 
| 6 | imports = [ ./module.nix ]; | ||
| 7 | |||
| 8 | config = { | 6 | config = { | 
| 9 | boot.initrd = { | 7 | boot.initrd = { | 
| 10 | network = { | 8 | network = { | 
| @@ -21,8 +19,8 @@ with lib; | |||
| 21 | }; | 19 | }; | 
| 22 | 20 | ||
| 23 | secrets = with config.sops.secrets; { | 21 | secrets = with config.sops.secrets; { | 
| 24 | "/etc/ssh/ssh_host_ed25519_key" = initrd_ssh_host_ed25519_key.path; | 22 | "/etc/ssh/ssh_host_ed25519_key" = mkForce initrd_ssh_host_ed25519_key.path; | 
| 25 | "/etc/ssh/ssh_host_rsa_key" = initrd_ssh_host_rsa_key.path; | 23 | "/etc/ssh/ssh_host_rsa_key" = mkForce initrd_ssh_host_rsa_key.path; | 
| 26 | }; | 24 | }; | 
| 27 | 25 | ||
| 28 | extraFiles = let | 26 | extraFiles = let | 
| diff --git a/system-profiles/networkmanager.nix b/system-profiles/networkmanager.nix index d5c85999..0fc25619 100644 --- a/system-profiles/networkmanager.nix +++ b/system-profiles/networkmanager.nix | |||
| @@ -9,7 +9,6 @@ with lib; | |||
| 9 | enable = true; | 9 | enable = true; | 
| 10 | dhcp = "internal"; | 10 | dhcp = "internal"; | 
| 11 | dns = mkForce "dnsmasq"; | 11 | dns = mkForce "dnsmasq"; | 
| 12 | firewallBackend = mkIf config.networking.nftables.enable "nftables"; | ||
| 13 | logLevel = "INFO"; | 12 | logLevel = "INFO"; | 
| 14 | extraConfig = '' | 13 | extraConfig = '' | 
| 15 | [connectivity] | 14 | [connectivity] | 
| diff --git a/system-profiles/openssh/default.nix b/system-profiles/openssh/default.nix index 3e17e96c..098e2b25 100644 --- a/system-profiles/openssh/default.nix +++ b/system-profiles/openssh/default.nix | |||
| @@ -66,7 +66,10 @@ in { | |||
| 66 | services.openssh = mkIf cfg.enable { | 66 | services.openssh = mkIf cfg.enable { | 
| 67 | hostKeys = mkIf cfg.staticHostKeys (mkForce []); # done manually | 67 | hostKeys = mkIf cfg.staticHostKeys (mkForce []); # done manually | 
| 68 | settings = { | 68 | settings = { | 
| 69 | inherit Ciphers Macs KexAlgorithms HostKeyAlgorithms CASignatureAlgorithms PubkeyAcceptedAlgorithms; | 69 | inherit Ciphers Macs KexAlgorithms; | 
| 70 | HostKeyAlgorithms = concatStringsSep "," HostKeyAlgorithms; | ||
| 71 | PubkeyAcceptedAlgorithms = concatStringsSep "," PubkeyAcceptedAlgorithms; | ||
| 72 | CASignatureAlgorithms = concatStringsSep "," CASignatureAlgorithms; | ||
| 70 | 73 | ||
| 71 | LogLevel = "VERBOSE"; | 74 | LogLevel = "VERBOSE"; | 
| 72 | RevokedKeys = toString ./ca/krl.bin; | 75 | RevokedKeys = toString ./ca/krl.bin; | 
| diff --git a/system-profiles/rebuild-machines/default.nix b/system-profiles/rebuild-machines/default.nix index 09832e73..cc01f66b 100644 --- a/system-profiles/rebuild-machines/default.nix +++ b/system-profiles/rebuild-machines/default.nix | |||
| @@ -69,6 +69,7 @@ in { | |||
| 69 | }; | 69 | }; | 
| 70 | }; | 70 | }; | 
| 71 | default = { flake = { type = "git"; url = "ssh://${cfg.repoHost}/nixos"; ref = "flakes"; }; flakeOutput = hostName; }; | 71 | default = { flake = { type = "git"; url = "ssh://${cfg.repoHost}/nixos"; ref = "flakes"; }; flakeOutput = hostName; }; | 
| 72 | defaultText = literalExpression ''{ flake = { type = "git"; url = "ssh://''${config.system.rebuild-machine.repoHost}/nixos"; ref = "flakes"; }; flakeOutput = hostName; }''; | ||
| 72 | description = '' | 73 | description = '' | 
| 73 | The Flake URI of the NixOS configuration to build. | 74 | The Flake URI of the NixOS configuration to build. | 
| 74 | ''; | 75 | ''; | 
