summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--flake.lock193
-rw-r--r--flake.nix79
-rw-r--r--hosts/eostre/default.nix2
-rw-r--r--hosts/sif/default.nix2
-rw-r--r--hosts/vidhar/network/dsl.nix2
-rw-r--r--hosts/vidhar/pgbackrest/default.nix2
-rw-r--r--installer/default.nix2
-rw-r--r--modules/envfs.nix8
-rw-r--r--modules/openssh.nix12
-rw-r--r--modules/pgbackrest.nix2
-rw-r--r--modules/tinc-networkmanager.nix1
-rw-r--r--modules/uucp.nix5
-rw-r--r--overlays/poetry2nix.nix3
-rw-r--r--overlays/prometheus-systemd-exporter.nix11
-rw-r--r--system-profiles/core/default.nix80
-rw-r--r--system-profiles/initrd-ssh/default.nix6
-rw-r--r--system-profiles/networkmanager.nix1
-rw-r--r--system-profiles/openssh/default.nix5
-rw-r--r--system-profiles/rebuild-machines/default.nix1
19 files changed, 320 insertions, 97 deletions
diff --git a/flake.lock b/flake.lock
index 2cdcbd0f..39ab9c92 100644
--- a/flake.lock
+++ b/flake.lock
@@ -6,19 +6,22 @@
6 "nixpkgs": [ 6 "nixpkgs": [
7 "nixpkgs" 7 "nixpkgs"
8 ], 8 ],
9 "poetry2nix": [
10 "poetry2nix"
11 ],
9 "pre-commit-hooks-nix": "pre-commit-hooks-nix" 12 "pre-commit-hooks-nix": "pre-commit-hooks-nix"
10 }, 13 },
11 "locked": { 14 "locked": {
12 "lastModified": 1678718217, 15 "lastModified": 1701974579,
13 "narHash": "sha256-b08VXH9lGi8/3lIDQQ87Oy6bKi7A8SRFxLNM0I4xX5M=", 16 "narHash": "sha256-Drydx4onJnz5AqjG1clABRHUF4cPmy75zH70AXvs3eQ=",
14 "owner": "gkleen", 17 "owner": "gkleen",
15 "repo": "backup-utils", 18 "repo": "backup-utils",
16 "rev": "8c174281de2733e275c5c18fe9ecd97c6edab1d7", 19 "rev": "d094023745980f90828f0390441ff22b51107f3a",
17 "type": "gitlab" 20 "type": "gitlab"
18 }, 21 },
19 "original": { 22 "original": {
20 "owner": "gkleen", 23 "owner": "gkleen",
21 "ref": "v0.1.0", 24 "ref": "v0.1.2",
22 "repo": "backup-utils", 25 "repo": "backup-utils",
23 "type": "gitlab" 26 "type": "gitlab"
24 } 27 }
@@ -29,19 +32,22 @@
29 "nixpkgs": [ 32 "nixpkgs": [
30 "nixpkgs" 33 "nixpkgs"
31 ], 34 ],
35 "poetry2nix": [
36 "poetry2nix"
37 ],
32 "pre-commit-hooks-nix": "pre-commit-hooks-nix_2" 38 "pre-commit-hooks-nix": "pre-commit-hooks-nix_2"
33 }, 39 },
34 "locked": { 40 "locked": {
35 "lastModified": 1691340067, 41 "lastModified": 1701974982,
36 "narHash": "sha256-diC5x6yhZ02LtgjFySpwAbGpjLJi/PXjocCDs/w+XiU=", 42 "narHash": "sha256-crVlSEyoox6g8dpndqCgts3i6otVoGfDUmPz2ltG3IY=",
37 "owner": "gkleen", 43 "owner": "gkleen",
38 "repo": "ca", 44 "repo": "ca",
39 "rev": "080e45af700bbd917a49124becd5fe5f275bfc9f", 45 "rev": "8cfabef934ee8219d12b9ba46e2b2f4d6dc61f8d",
40 "type": "gitlab" 46 "type": "gitlab"
41 }, 47 },
42 "original": { 48 "original": {
43 "owner": "gkleen", 49 "owner": "gkleen",
44 "ref": "v2.1.0", 50 "ref": "v2.3.3",
45 "repo": "ca", 51 "repo": "ca",
46 "type": "gitlab" 52 "type": "gitlab"
47 } 53 }
@@ -59,11 +65,11 @@
59 ] 65 ]
60 }, 66 },
61 "locked": { 67 "locked": {
62 "lastModified": 1695052866, 68 "lastModified": 1698921442,
63 "narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=", 69 "narHash": "sha256-7KmvhQ7FuXlT/wG4zjTssap6maVqeAMBdtel+VjClSM=",
64 "owner": "serokell", 70 "owner": "serokell",
65 "repo": "deploy-rs", 71 "repo": "deploy-rs",
66 "rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9", 72 "rev": "660180bbbeae7d60dad5a92b30858306945fd427",
67 "type": "github" 73 "type": "github"
68 }, 74 },
69 "original": { 75 "original": {
@@ -108,11 +114,11 @@
108 "flake-compat_3": { 114 "flake-compat_3": {
109 "flake": false, 115 "flake": false,
110 "locked": { 116 "locked": {
111 "lastModified": 1673956053, 117 "lastModified": 1696426674,
112 "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", 118 "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
113 "owner": "edolstra", 119 "owner": "edolstra",
114 "repo": "flake-compat", 120 "repo": "flake-compat",
115 "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", 121 "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
116 "type": "github" 122 "type": "github"
117 }, 123 },
118 "original": { 124 "original": {
@@ -246,11 +252,11 @@
246 "systems": "systems_2" 252 "systems": "systems_2"
247 }, 253 },
248 "locked": { 254 "locked": {
249 "lastModified": 1694529238, 255 "lastModified": 1701680307,
250 "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", 256 "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
251 "owner": "numtide", 257 "owner": "numtide",
252 "repo": "flake-utils", 258 "repo": "flake-utils",
253 "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", 259 "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
254 "type": "github" 260 "type": "github"
255 }, 261 },
256 "original": { 262 "original": {
@@ -362,6 +368,27 @@
362 "type": "github" 368 "type": "github"
363 } 369 }
364 }, 370 },
371 "nix-github-actions": {
372 "inputs": {
373 "nixpkgs": [
374 "poetry2nix",
375 "nixpkgs"
376 ]
377 },
378 "locked": {
379 "lastModified": 1698974481,
380 "narHash": "sha256-yPncV9Ohdz1zPZxYHQf47S8S0VrnhV7nNhCawY46hDA=",
381 "owner": "nix-community",
382 "repo": "nix-github-actions",
383 "rev": "4bb5e752616262457bc7ca5882192a564c0472d2",
384 "type": "github"
385 },
386 "original": {
387 "owner": "nix-community",
388 "repo": "nix-github-actions",
389 "type": "github"
390 }
391 },
365 "nix-index-database": { 392 "nix-index-database": {
366 "inputs": { 393 "inputs": {
367 "nixpkgs": [ 394 "nixpkgs": [
@@ -369,11 +396,11 @@
369 ] 396 ]
370 }, 397 },
371 "locked": { 398 "locked": {
372 "lastModified": 1694921880, 399 "lastModified": 1701572887,
373 "narHash": "sha256-yU36cs5UdzhTwsM9bUWUz43N//ELzQ1ro69C07pU/8E=", 400 "narHash": "sha256-oCPwQZT0Inis4zcYhtFHUp7Rym1zglKPLDcRird35q8=",
374 "owner": "Mic92", 401 "owner": "Mic92",
375 "repo": "nix-index-database", 402 "repo": "nix-index-database",
376 "rev": "9d2bcc47110b3b6217dfebd6761ba20bc78aedf2", 403 "rev": "41afa8d1c061beda68502bcc67f2788f3a77042b",
377 "type": "github" 404 "type": "github"
378 }, 405 },
379 "original": { 406 "original": {
@@ -399,6 +426,22 @@
399 "type": "github" 426 "type": "github"
400 } 427 }
401 }, 428 },
429 "nixpkgs-eostre": {
430 "locked": {
431 "lastModified": 1701282334,
432 "narHash": "sha256-MxCVrXY6v4QmfTwIysjjaX0XUhqBbxTWWB4HXtDYsdk=",
433 "owner": "NixOS",
434 "repo": "nixpkgs",
435 "rev": "057f9aecfb71c4437d2b27d3323df7f93c010b7e",
436 "type": "github"
437 },
438 "original": {
439 "owner": "NixOS",
440 "ref": "23.11",
441 "repo": "nixpkgs",
442 "type": "github"
443 }
444 },
402 "nixpkgs-lib": { 445 "nixpkgs-lib": {
403 "locked": { 446 "locked": {
404 "dir": "lib", 447 "dir": "lib",
@@ -453,6 +496,22 @@
453 "type": "github" 496 "type": "github"
454 } 497 }
455 }, 498 },
499 "nixpkgs-pgbackrest": {
500 "locked": {
501 "lastModified": 1685566663,
502 "narHash": "sha256-btHN1czJ6rzteeCuE/PNrdssqYD2nIA4w48miQAFloM=",
503 "owner": "NixOS",
504 "repo": "nixpkgs",
505 "rev": "4ecab3273592f27479a583fb6d975d4aba3486fe",
506 "type": "github"
507 },
508 "original": {
509 "owner": "NixOS",
510 "ref": "23.05",
511 "repo": "nixpkgs",
512 "type": "github"
513 }
514 },
456 "nixpkgs-stable": { 515 "nixpkgs-stable": {
457 "locked": { 516 "locked": {
458 "lastModified": 1678614274, 517 "lastModified": 1678614274,
@@ -471,16 +530,16 @@
471 }, 530 },
472 "nixpkgs-stable_2": { 531 "nixpkgs-stable_2": {
473 "locked": { 532 "locked": {
474 "lastModified": 1685566663, 533 "lastModified": 1701282334,
475 "narHash": "sha256-btHN1czJ6rzteeCuE/PNrdssqYD2nIA4w48miQAFloM=", 534 "narHash": "sha256-MxCVrXY6v4QmfTwIysjjaX0XUhqBbxTWWB4HXtDYsdk=",
476 "owner": "NixOS", 535 "owner": "NixOS",
477 "repo": "nixpkgs", 536 "repo": "nixpkgs",
478 "rev": "4ecab3273592f27479a583fb6d975d4aba3486fe", 537 "rev": "057f9aecfb71c4437d2b27d3323df7f93c010b7e",
479 "type": "github" 538 "type": "github"
480 }, 539 },
481 "original": { 540 "original": {
482 "owner": "NixOS", 541 "owner": "NixOS",
483 "ref": "23.05", 542 "ref": "23.11",
484 "repo": "nixpkgs", 543 "repo": "nixpkgs",
485 "type": "github" 544 "type": "github"
486 } 545 }
@@ -503,11 +562,11 @@
503 }, 562 },
504 "nixpkgs_2": { 563 "nixpkgs_2": {
505 "locked": { 564 "locked": {
506 "lastModified": 1695232867, 565 "lastModified": 1701952487,
507 "narHash": "sha256-XwNaS3JP2JOJHsgYqeTnMzjywGeFjo/G++otcckJLFw=", 566 "narHash": "sha256-QDHd2AUiXnfFegFJuuCIPeAf109cY7jdAtkrDPA7MiM=",
508 "owner": "gkleen", 567 "owner": "gkleen",
509 "repo": "nixpkgs", 568 "repo": "nixpkgs",
510 "rev": "7c48f2b003d8d6ef98e7b29ccb888a877b806ab8", 569 "rev": "3fe71bc59b593b7757e8ecf4f5cbd25fb77cca5b",
511 "type": "github" 570 "type": "github"
512 }, 571 },
513 "original": { 572 "original": {
@@ -560,6 +619,33 @@
560 "type": "github" 619 "type": "github"
561 } 620 }
562 }, 621 },
622 "poetry2nix": {
623 "inputs": {
624 "flake-utils": [
625 "flake-utils"
626 ],
627 "nix-github-actions": "nix-github-actions",
628 "nixpkgs": [
629 "nixpkgs"
630 ],
631 "systems": "systems_3",
632 "treefmt-nix": "treefmt-nix"
633 },
634 "locked": {
635 "lastModified": 1701861752,
636 "narHash": "sha256-QfrE05P66856b1SMan69NPhjc9e82VtLxBKg3yiQGW8=",
637 "owner": "nix-community",
638 "repo": "poetry2nix",
639 "rev": "9fc487b32a68473da4bf9573f85b388043c5ecda",
640 "type": "github"
641 },
642 "original": {
643 "owner": "nix-community",
644 "ref": "master",
645 "repo": "poetry2nix",
646 "type": "github"
647 }
648 },
563 "pre-commit-hooks-nix": { 649 "pre-commit-hooks-nix": {
564 "inputs": { 650 "inputs": {
565 "flake-compat": "flake-compat", 651 "flake-compat": "flake-compat",
@@ -638,14 +724,17 @@
638 "nixpkgs": [ 724 "nixpkgs": [
639 "nixpkgs" 725 "nixpkgs"
640 ], 726 ],
727 "poetry2nix": [
728 "poetry2nix"
729 ],
641 "pre-commit-hooks-nix": "pre-commit-hooks-nix_3" 730 "pre-commit-hooks-nix": "pre-commit-hooks-nix_3"
642 }, 731 },
643 "locked": { 732 "locked": {
644 "lastModified": 1685389961, 733 "lastModified": 1701975574,
645 "narHash": "sha256-D01xvx8trgelAM5D/1rZ9/s2Wqm3LDBfH29VWGeYu5o=", 734 "narHash": "sha256-gN2I3VdtC4mpep+AmYxR2OpaY7uv14zXCOfEMdzh0q4=",
646 "owner": "gkleen", 735 "owner": "gkleen",
647 "repo": "prometheus-borg-exporter", 736 "repo": "prometheus-borg-exporter",
648 "rev": "153c3864761d4741dc72e360f96de8c169834b81", 737 "rev": "5699a2c38a0d777d0580584136e0a27b33800864",
649 "type": "gitlab" 738 "type": "gitlab"
650 }, 739 },
651 "original": { 740 "original": {
@@ -666,8 +755,11 @@
666 "home-manager": "home-manager", 755 "home-manager": "home-manager",
667 "nix-index-database": "nix-index-database", 756 "nix-index-database": "nix-index-database",
668 "nixpkgs": "nixpkgs_2", 757 "nixpkgs": "nixpkgs_2",
758 "nixpkgs-eostre": "nixpkgs-eostre",
759 "nixpkgs-pgbackrest": "nixpkgs-pgbackrest",
669 "nixpkgs-stable": "nixpkgs-stable_2", 760 "nixpkgs-stable": "nixpkgs-stable_2",
670 "nvfetcher": "nvfetcher", 761 "nvfetcher": "nvfetcher",
762 "poetry2nix": "poetry2nix",
671 "prometheus-borg-exporter": "prometheus-borg-exporter", 763 "prometheus-borg-exporter": "prometheus-borg-exporter",
672 "sops-nix": "sops-nix" 764 "sops-nix": "sops-nix"
673 } 765 }
@@ -682,11 +774,11 @@
682 ] 774 ]
683 }, 775 },
684 "locked": { 776 "locked": {
685 "lastModified": 1695284550, 777 "lastModified": 1701728052,
686 "narHash": "sha256-z9fz/wz9qo9XePEvdduf+sBNeoI9QG8NJKl5ssA8Xl4=", 778 "narHash": "sha256-7lOMc3PtW5a55vFReBJLLLOnopsoi1W7MkjJ93jPV4E=",
687 "owner": "Mic92", 779 "owner": "Mic92",
688 "repo": "sops-nix", 780 "repo": "sops-nix",
689 "rev": "2f375ed8702b0d8ee2430885059d5e7975e38f78", 781 "rev": "e91ece6d2cf5a0ae729796b8f0dedceab5107c3d",
690 "type": "github" 782 "type": "github"
691 }, 783 },
692 "original": { 784 "original": {
@@ -725,6 +817,41 @@
725 "repo": "default", 817 "repo": "default",
726 "type": "github" 818 "type": "github"
727 } 819 }
820 },
821 "systems_3": {
822 "locked": {
823 "lastModified": 1681028828,
824 "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
825 "owner": "nix-systems",
826 "repo": "default",
827 "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
828 "type": "github"
829 },
830 "original": {
831 "id": "systems",
832 "type": "indirect"
833 }
834 },
835 "treefmt-nix": {
836 "inputs": {
837 "nixpkgs": [
838 "poetry2nix",
839 "nixpkgs"
840 ]
841 },
842 "locked": {
843 "lastModified": 1699786194,
844 "narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=",
845 "owner": "numtide",
846 "repo": "treefmt-nix",
847 "rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1",
848 "type": "github"
849 },
850 "original": {
851 "owner": "numtide",
852 "repo": "treefmt-nix",
853 "type": "github"
854 }
728 } 855 }
729 }, 856 },
730 "root": "root", 857 "root": "root",
diff --git a/flake.nix b/flake.nix
index b6de92f2..7ed56d44 100644
--- a/flake.nix
+++ b/flake.nix
@@ -19,12 +19,24 @@
19 # ref = "nixos-unstable"; 19 # ref = "nixos-unstable";
20 ref = "ppp-systemd"; 20 ref = "ppp-systemd";
21 }; 21 };
22 nixpkgs-stable = { 22 nixpkgs-pgbackrest = {
23 type = "github"; 23 type = "github";
24 owner = "NixOS"; 24 owner = "NixOS";
25 repo = "nixpkgs"; 25 repo = "nixpkgs";
26 ref = "23.05"; 26 ref = "23.05";
27 }; 27 };
28 nixpkgs-stable = {
29 type = "github";
30 owner = "NixOS";
31 repo = "nixpkgs";
32 ref = "23.11";
33 };
34 nixpkgs-eostre = {
35 type = "github";
36 owner = "NixOS";
37 repo = "nixpkgs";
38 ref = "23.11";
39 };
28 home-manager = { 40 home-manager = {
29 type = "github"; 41 type = "github";
30 # owner = "nix-community"; 42 # owner = "nix-community";
@@ -97,23 +109,35 @@
97 nixpkgs.follows = "nixpkgs"; 109 nixpkgs.follows = "nixpkgs";
98 }; 110 };
99 }; 111 };
112 poetry2nix = {
113 type = "github";
114 owner = "nix-community";
115 repo = "poetry2nix";
116 ref = "master";
117 inputs = {
118 flake-utils.follows = "flake-utils";
119 nixpkgs.follows = "nixpkgs";
120 };
121 };
100 122
101 ca-util = { 123 ca-util = {
102 type = "gitlab"; 124 type = "gitlab";
103 owner = "gkleen"; 125 owner = "gkleen";
104 repo = "ca"; 126 repo = "ca";
105 ref = "v2.1.0"; 127 ref = "v2.3.3";
106 inputs = { 128 inputs = {
107 nixpkgs.follows = "nixpkgs"; 129 nixpkgs.follows = "nixpkgs";
130 poetry2nix.follows = "poetry2nix";
108 }; 131 };
109 }; 132 };
110 backup-utils = { 133 backup-utils = {
111 type = "gitlab"; 134 type = "gitlab";
112 owner = "gkleen"; 135 owner = "gkleen";
113 repo = "backup-utils"; 136 repo = "backup-utils";
114 ref = "v0.1.0"; 137 ref = "v0.1.2";
115 inputs = { 138 inputs = {
116 nixpkgs.follows = "nixpkgs"; 139 nixpkgs.follows = "nixpkgs";
140 poetry2nix.follows = "poetry2nix";
117 }; 141 };
118 }; 142 };
119 prometheus-borg-exporter = { 143 prometheus-borg-exporter = {
@@ -123,6 +147,7 @@
123 ref = "main"; 147 ref = "main";
124 inputs = { 148 inputs = {
125 nixpkgs.follows = "nixpkgs"; 149 nixpkgs.follows = "nixpkgs";
150 poetry2nix.follows = "poetry2nix";
126 }; 151 };
127 }; 152 };
128 }; 153 };
@@ -133,7 +158,7 @@
133 inherit (nixpkgs) lib; 158 inherit (nixpkgs) lib;
134 utils = import ./utils { inherit lib; }; 159 utils = import ./utils { inherit lib; };
135 inherit (utils) nixImport overrideModule; 160 inherit (utils) nixImport overrideModule;
136 inherit (lib) nixosSystem mkIf splitString filterAttrs listToAttrs mapAttrsToList nameValuePair concatMap composeManyExtensions mapAttrs mapAttrs' recursiveUpdate genAttrs unique elem optionalAttrs isDerivation concatLists concatStringsSep fix filter makeOverridable foldr; 161 inherit (lib) mkIf splitString filterAttrs listToAttrs mapAttrsToList nameValuePair concatMap composeManyExtensions mapAttrs mapAttrs' recursiveUpdate genAttrs unique elem optionalAttrs isDerivation concatLists concatStringsSep fix filter makeOverridable foldr;
137 inherit (lib.strings) escapeNixString hasSuffix; 162 inherit (lib.strings) escapeNixString hasSuffix;
138 163
139 accountUserName = accountName: 164 accountUserName = accountName:
@@ -149,29 +174,31 @@
149 174
150 mkOverlay = path: final: prev: import path ({ inherit final; inherit prev; flakeInputs = inputs; flake = self; } // mkSources prev); 175 mkOverlay = path: final: prev: import path ({ inherit final; inherit prev; flakeInputs = inputs; flake = self; } // mkSources prev);
151 176
152 mkNixosConfiguration = addProfiles: dir: path: hostName: nixosSystem rec { 177 mkNixosConfiguration = addProfiles: dir: path: hostName:
153 specialArgs = { 178 let inherit ((inputs."nixpkgs-${hostName}" or inputs.nixpkgs).lib) nixosSystem;
154 flake = self; 179 in nixosSystem rec {
155 flakeInputs = inputs; 180 specialArgs = {
156 path = ./.; 181 flake = self;
182 flakeInputs = inputs;
183 path = ./.;
184 };
185 modules =
186 let
187 defaultProfiles = with self.nixosModules.systemProfiles;
188 [ core
189 ];
190
191 local = dir + "/${path}";
192 argsModule = { pkgs, ... }: {
193 _module.args = {
194 customUtils = utils;
195 inherit hostName;
196 } // mkSources pkgs;
197 };
198 accountModules = attrValues (filterAttrs accountMatchesHost self.nixosModules.accounts);
199 accountMatchesHost = n: _v: accountHostName n == hostName;
200 in attrValues (filterAttrs (n: _v: !(elem n ["systemProfiles" "users" "userProfiles" "accounts"])) self.nixosModules) ++ [ argsModule ] ++ defaultProfiles ++ addProfiles ++ [ local ] ++ accountModules;
157 }; 201 };
158 modules =
159 let
160 defaultProfiles = with self.nixosModules.systemProfiles;
161 [ core
162 ];
163
164 local = dir + "/${path}";
165 argsModule = { pkgs, ... }: {
166 _module.args = {
167 customUtils = utils;
168 inherit hostName;
169 } // mkSources pkgs;
170 };
171 accountModules = attrValues (filterAttrs accountMatchesHost self.nixosModules.accounts);
172 accountMatchesHost = n: _v: accountHostName n == hostName;
173 in attrValues (filterAttrs (n: _v: !(elem n ["systemProfiles" "users" "userProfiles" "accounts"])) self.nixosModules) ++ [ argsModule ] ++ defaultProfiles ++ addProfiles ++ [ local ] ++ accountModules;
174 };
175 202
176 mkSystemProfile = dir: path: profileName: { 203 mkSystemProfile = dir: path: profileName: {
177 imports = [ (dir + "/${path}") ]; 204 imports = [ (dir + "/${path}") ];
diff --git a/hosts/eostre/default.nix b/hosts/eostre/default.nix
index 40fb5f72..fd4b15f2 100644
--- a/hosts/eostre/default.nix
+++ b/hosts/eostre/default.nix
@@ -10,7 +10,7 @@ with lib;
10 config = { 10 config = {
11 nixpkgs = { 11 nixpkgs = {
12 system = "x86_64-linux"; 12 system = "x86_64-linux";
13 config = { 13 externalConfig = {
14 allowUnfree = true; 14 allowUnfree = true;
15 }; 15 };
16 }; 16 };
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index 66dca378..d1a28920 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -20,7 +20,7 @@ in {
20 config = { 20 config = {
21 nixpkgs = { 21 nixpkgs = {
22 system = "x86_64-linux"; 22 system = "x86_64-linux";
23 config = { 23 externalConfig = {
24 allowUnfree = true; 24 allowUnfree = true;
25 pulseaudio = true; 25 pulseaudio = true;
26 }; 26 };
diff --git a/hosts/vidhar/network/dsl.nix b/hosts/vidhar/network/dsl.nix
index ae874c25..a8a897f2 100644
--- a/hosts/vidhar/network/dsl.nix
+++ b/hosts/vidhar/network/dsl.nix
@@ -36,6 +36,7 @@ in {
36 user 002576900250551137425220#0001@t-online.de 36 user 002576900250551137425220#0001@t-online.de
37 telekom 37 telekom
38 debug 38 debug
39 +ipv6
39 ''; 40 '';
40 }; 41 };
41 systemd.services."pppd-telekom" = { 42 systemd.services."pppd-telekom" = {
@@ -43,7 +44,6 @@ in {
43 44
44 serviceConfig = lib.mkForce { 45 serviceConfig = lib.mkForce {
45 PIDFile = "/run/pppd/${pppInterface}.pid"; 46 PIDFile = "/run/pppd/${pppInterface}.pid";
46 ExecStart = "${lib.getBin pkgs.ppp}/sbin/pppd call telekom up_sdnotify nolog +ipv6";
47 }; 47 };
48 }; 48 };
49 sops.secrets."pap-secrets" = { 49 sops.secrets."pap-secrets" = {
diff --git a/hosts/vidhar/pgbackrest/default.nix b/hosts/vidhar/pgbackrest/default.nix
index 0f86ebe9..fec0c1fb 100644
--- a/hosts/vidhar/pgbackrest/default.nix
+++ b/hosts/vidhar/pgbackrest/default.nix
@@ -12,7 +12,7 @@ in {
12 12
13 services.pgbackrest = { 13 services.pgbackrest = {
14 enable = true; 14 enable = true;
15 package = flakeInputs.nixpkgs-stable.legacyPackages.${config.nixpkgs.system}.pgbackrest; 15 package = flakeInputs.nixpkgs-pgbackrest.legacyPackages.${config.nixpkgs.system}.pgbackrest;
16 16
17 tlsServer = { 17 tlsServer = {
18 enable = true; 18 enable = true;
diff --git a/installer/default.nix b/installer/default.nix
index 912a0ce9..baaf2dc6 100644
--- a/installer/default.nix
+++ b/installer/default.nix
@@ -47,7 +47,7 @@ with lib;
47 wantedBy = [ "multi-user.target" ]; 47 wantedBy = [ "multi-user.target" ];
48 serviceConfig.ExecStart = "${pkgs.linuxPackages.nvidia_x11.bin}/bin/nvidia-smi"; 48 serviceConfig.ExecStart = "${pkgs.linuxPackages.nvidia_x11.bin}/bin/nvidia-smi";
49 }; 49 };
50 nixpkgs.config.allowUnfree = true; 50 nixpkgs.externalConfig.allowUnfree = true;
51 51
52 nix.settings.auto-allocate-uids = mkForce false; 52 nix.settings.auto-allocate-uids = mkForce false;
53 53
diff --git a/modules/envfs.nix b/modules/envfs.nix
index 1463dce8..83cad8d0 100644
--- a/modules/envfs.nix
+++ b/modules/envfs.nix
@@ -50,6 +50,14 @@ in {
50 ln -s ${config.environment.binsh} $out/sh 50 ln -s ${config.environment.binsh} $out/sh
51 '') 51 '')
52 ]; 52 ];
53 defaultText = lib.literalExpression ''
54 [ (pkgs.runCommand "fallback-path-environment" {} '''
55 mkdir -p $out
56 ln -s ''${config.environment.usrbinenv} $out/env
57 ln -s ''${config.environment.binsh} $out/sh
58 ''')
59 ]
60 '';
53 description = lib.mdDoc "Extra packages to join into collection of fallback executables in case not other executable is found"; 61 description = lib.mdDoc "Extra packages to join into collection of fallback executables in case not other executable is found";
54 }; 62 };
55 }; 63 };
diff --git a/modules/openssh.nix b/modules/openssh.nix
index b5950610..78749869 100644
--- a/modules/openssh.nix
+++ b/modules/openssh.nix
@@ -6,8 +6,8 @@ with lib;
6 options = { 6 options = {
7 services.openssh = { 7 services.openssh = {
8 settings.HostKeyAlgorithms = mkOption { 8 settings.HostKeyAlgorithms = mkOption {
9 type = types.listOf types.str; 9 type = types.str;
10 default = [ 10 default = concatStringsSep "," [
11 "ssh-ed25519" 11 "ssh-ed25519"
12 "ssh-ed25519-cert-v01@openssh.com" 12 "ssh-ed25519-cert-v01@openssh.com"
13 "sk-ssh-ed25519@openssh.com" 13 "sk-ssh-ed25519@openssh.com"
@@ -32,8 +32,8 @@ with lib;
32 ]; 32 ];
33 }; 33 };
34 settings.CASignatureAlgorithms = mkOption { 34 settings.CASignatureAlgorithms = mkOption {
35 type = types.listOf types.str; 35 type = types.str;
36 default = [ 36 default = concatStringsSep "," [
37 "ssh-ed25519" 37 "ssh-ed25519"
38 "ecdsa-sha2-nistp256" 38 "ecdsa-sha2-nistp256"
39 "ecdsa-sha2-nistp384" 39 "ecdsa-sha2-nistp384"
@@ -45,8 +45,8 @@ with lib;
45 ]; 45 ];
46 }; 46 };
47 settings.PubkeyAcceptedAlgorithms = mkOption { 47 settings.PubkeyAcceptedAlgorithms = mkOption {
48 type = types.listOf types.str; 48 type = types.str;
49 default = [ 49 default = concatStringsSep "," [
50 "ssh-ed25519" 50 "ssh-ed25519"
51 "ssh-ed25519-cert-v01@openssh.com" 51 "ssh-ed25519-cert-v01@openssh.com"
52 "sk-ssh-ed25519@openssh.com" 52 "sk-ssh-ed25519@openssh.com"
diff --git a/modules/pgbackrest.nix b/modules/pgbackrest.nix
index ca319ccd..ac0f9a35 100644
--- a/modules/pgbackrest.nix
+++ b/modules/pgbackrest.nix
@@ -54,6 +54,7 @@ in {
54 stanza = mkOption { 54 stanza = mkOption {
55 type = types.str; 55 type = types.str;
56 default = config.networking.hostName; 56 default = config.networking.hostName;
57 defaultText = literalExpression "config.networking.hostName";
57 }; 58 };
58 }; 59 };
59 60
@@ -115,6 +116,7 @@ in {
115 stanza = mkOption { 116 stanza = mkOption {
116 type = types.str; 117 type = types.str;
117 default = cfg.configurePostgresql.stanza; 118 default = cfg.configurePostgresql.stanza;
119 defaultText = literalExpression "config.services.pgbackrest.configurePostgresql.stanza";
118 }; 120 };
119 repo = mkOption { 121 repo = mkOption {
120 type = types.nullOr (types.strMatching "^[0-9]+$"); 122 type = types.nullOr (types.strMatching "^[0-9]+$");
diff --git a/modules/tinc-networkmanager.nix b/modules/tinc-networkmanager.nix
index ff03abd2..4beba737 100644
--- a/modules/tinc-networkmanager.nix
+++ b/modules/tinc-networkmanager.nix
@@ -8,6 +8,7 @@ in {
8 options.nmDispatch = lib.mkOption { 8 options.nmDispatch = lib.mkOption {
9 type = lib.types.bool; 9 type = lib.types.bool;
10 default = config.networking.networkmanager.enable; 10 default = config.networking.networkmanager.enable;
11 defaultText = lib.literalExpression "config.networking.networkmanager.enable";
11 description = '' 12 description = ''
12 Install a network-manager dispatcher script to automatically 13 Install a network-manager dispatcher script to automatically
13 connect to all remotes when networking is available 14 connect to all remotes when networking is available
diff --git a/modules/uucp.nix b/modules/uucp.nix
index 95b675a6..abca2acb 100644
--- a/modules/uucp.nix
+++ b/modules/uucp.nix
@@ -48,12 +48,14 @@ let
48 commands = mkOption { 48 commands = mkOption {
49 type = types.listOf types.str; 49 type = types.listOf types.str;
50 default = cfg.defaultCommands; 50 default = cfg.defaultCommands;
51 defaultText = literalExpression "config.services.uucp.defaultCommands";
51 description = "Commands to allow for this remote"; 52 description = "Commands to allow for this remote";
52 }; 53 };
53 54
54 protocols = mkOption { 55 protocols = mkOption {
55 type = types.separatedString ""; 56 type = types.separatedString "";
56 default = cfg.defaultProtocols; 57 default = cfg.defaultProtocols;
58 defaultText = literalExpression "config.services.uucp.defaultProtocols";
57 description = "UUCP protocols to use for this remote"; 59 description = "UUCP protocols to use for this remote";
58 }; 60 };
59 61
@@ -119,6 +121,7 @@ in {
119 commandPath = mkOption { 121 commandPath = mkOption {
120 type = types.listOf types.path; 122 type = types.listOf types.path;
121 default = [ "${pkgs.rmail}/bin" ]; 123 default = [ "${pkgs.rmail}/bin" ];
124 defaultText = literalExpression ''[ "''${pkgs.rmail}/bin" ]'';
122 description = '' 125 description = ''
123 Command search path for all systems 126 Command search path for all systems
124 ''; 127 '';
@@ -151,6 +154,7 @@ in {
151 sshKeyDir = mkOption { 154 sshKeyDir = mkOption {
152 type = types.path; 155 type = types.path;
153 default = "${cfg.homeDir}/.ssh/"; 156 default = "${cfg.homeDir}/.ssh/";
157 defaultText = literalExpression ''''${config.services.uucp.homeDir}/.ssh/'';
154 description = "Directory to store ssh keypairs"; 158 description = "Directory to store ssh keypairs";
155 }; 159 };
156 160
@@ -202,6 +206,7 @@ in {
202 nmDispatch = mkOption { 206 nmDispatch = mkOption {
203 type = types.bool; 207 type = types.bool;
204 default = config.networking.networkmanager.enable; 208 default = config.networking.networkmanager.enable;
209 defaultText = literalExpression "config.networking.networkmanager.enable";
205 description = '' 210 description = ''
206 Install a network-manager dispatcher script to automatically 211 Install a network-manager dispatcher script to automatically
207 call all remotes when networking is available 212 call all remotes when networking is available
diff --git a/overlays/poetry2nix.nix b/overlays/poetry2nix.nix
new file mode 100644
index 00000000..693022a0
--- /dev/null
+++ b/overlays/poetry2nix.nix
@@ -0,0 +1,3 @@
1{ final, prev, flakeInputs, ... }:
2
3flakeInputs.poetry2nix.overlays.default final prev
diff --git a/overlays/prometheus-systemd-exporter.nix b/overlays/prometheus-systemd-exporter.nix
deleted file mode 100644
index 84cddb8e..00000000
--- a/overlays/prometheus-systemd-exporter.nix
+++ /dev/null
@@ -1,11 +0,0 @@
1{ final, prev, ... }: {
2 prometheus-systemd-exporter = prev.prometheus-systemd-exporter.overrideAttrs (oldAttrs: {
3 patches = (oldAttrs.patches or []) ++ [
4 (final.fetchpatch {
5 name = "cpu_stat.patch";
6 url = "https://github.com/prometheus-community/systemd_exporter/pull/74.patch";
7 hash = "sha256-a4M9SPckwkvetxjWMamm0x2wcg2a+Rkicn1XRUHieuM=";
8 })
9 ];
10 });
11}
diff --git a/system-profiles/core/default.nix b/system-profiles/core/default.nix
index 46049e26..67d50606 100644
--- a/system-profiles/core/default.nix
+++ b/system-profiles/core/default.nix
@@ -1,7 +1,10 @@
1{ flake, flakeInputs, path, hostName, config, lib, pkgs, customUtils, ... }: 1{ flake, flakeInputs, path, hostName, config, lib, pkgs, customUtils, ... }:
2
3with lib;
4
2let 5let
3 profileSet = customUtils.types.attrNameSet flake.nixosModules.systemProfiles; 6 profileSet = customUtils.types.attrNameSet flake.nixosModules.systemProfiles;
4 userProfileSet = customUtils.types.attrNameSet (lib.zipAttrs (lib.attrValues flake.nixosModules.userProfiles)); 7 userProfileSet = customUtils.types.attrNameSet (zipAttrs (attrValues flake.nixosModules.userProfiles));
5 hasSops = config.sops.secrets != {}; 8 hasSops = config.sops.secrets != {};
6in { 9in {
7 imports = with flakeInputs; 10 imports = with flakeInputs;
@@ -11,7 +14,7 @@ in {
11 14
12 options = { 15 options = {
13 # See mkSystemProfile in ../flake.nix 16 # See mkSystemProfile in ../flake.nix
14 system.profiles = lib.mkOption { 17 system.profiles = mkOption {
15 type = profileSet; 18 type = profileSet;
16 default = []; 19 default = [];
17 description = '' 20 description = ''
@@ -19,9 +22,9 @@ in {
19 ''; 22 '';
20 }; 23 };
21 24
22 users.users = lib.mkOption { 25 users.users = mkOption {
23 type = lib.types.attrsOf (lib.types.submodule { 26 type = types.attrsOf (types.submodule {
24 options.profiles = lib.mkOption { 27 options.profiles = mkOption {
25 type = userProfileSet; 28 type = userProfileSet;
26 default = []; 29 default = [];
27 description = '' 30 description = ''
@@ -30,14 +33,71 @@ in {
30 }; 33 };
31 }); 34 });
32 }; 35 };
36
37 nixpkgs.externalConfig = mkOption {
38 default = {};
39 example = literalExpression
40 ''
41 { allowBroken = true; allowUnfree = true; }
42 '';
43 type = mkOptionType {
44 name = "nixpkgs-config";
45 description = "nixpkgs config";
46 check = x:
47 let traceXIfNot = c:
48 if c x then true
49 else traceSeqN 1 x false;
50 isConfig = x:
51 builtins.isAttrs x || isFunction x;
52 in traceXIfNot isConfig;
53 merge = args:
54 let
55 optCall = f: x:
56 if isFunction f
57 then f x
58 else f;
59 mergeConfig = lhs_: rhs_:
60 let
61 lhs = optCall lhs_ { inherit pkgs; };
62 rhs = optCall rhs_ { inherit pkgs; };
63 in
64 recursiveUpdate lhs rhs //
65 optionalAttrs (lhs ? packageOverrides) {
66 packageOverrides = pkgs:
67 optCall lhs.packageOverrides pkgs //
68 optCall (attrByPath [ "packageOverrides" ] { } rhs) pkgs;
69 } //
70 optionalAttrs (lhs ? perlPackageOverrides) {
71 perlPackageOverrides = pkgs:
72 optCall lhs.perlPackageOverrides pkgs //
73 optCall (attrByPath [ "perlPackageOverrides" ] { } rhs) pkgs;
74 };
75 in foldr (def: mergeConfig def.value) {};
76 };
77 description = mdDoc ''
78 The configuration of the Nix Packages collection. (For
79 details, see the Nixpkgs documentation.) It allows you to set
80 package configuration options.
81
82 Used to construct `nixpkgs.pkgs`.
83 '';
84 };
85
86 nixpkgs.flakeInput = mkOption {
87 type = types.enum (attrNames flakeInputs);
88 default = if flakeInputs ? "nixpkgs-${hostName}" then "nixpkgs-${hostName}" else "nixpkgs";
89 defaultText = literalExpression ''if flakeInputs ? "nixpkgs-''${hostName}" then "nixpkgs-''${hostName}" else "nixpkgs"'';
90 internal = true;
91 };
33 }; 92 };
34 93
35 config = { 94 config = {
36 networking.hostName = hostName; 95 networking.hostName = hostName;
37 system.configurationRevision = lib.mkIf (flake ? rev) flake.rev; 96 system.configurationRevision = mkIf (flake ? rev) flake.rev;
38 97
39 nixpkgs.pkgs = flake.legacyPackages.${config.nixpkgs.system}.override { 98 nixpkgs.pkgs = import (flakeInputs.${config.nixpkgs.flakeInput}.outPath + "/pkgs/top-level") {
40 inherit (config.nixpkgs) config; 99 overlays = attrValues flake.overlays;
100 config = config.nixpkgs.externalConfig;
41 localSystem = config.nixpkgs.system; 101 localSystem = config.nixpkgs.system;
42 }; 102 };
43 103
@@ -64,7 +124,7 @@ in {
64 ]; 124 ];
65 registry = 125 registry =
66 let override = { self = "nixos"; }; 126 let override = { self = "nixos"; };
67 in lib.mapAttrs' (inpName: inpFlake: lib.nameValuePair 127 in mapAttrs' (inpName: inpFlake: nameValuePair
68 (override.${inpName} or inpName) 128 (override.${inpName} or inpName)
69 { flake = inpFlake; } ) flakeInputs; 129 { flake = inpFlake; } ) flakeInputs;
70 }; 130 };
@@ -97,7 +157,7 @@ in {
97 backupFileExtension = "bak"; 157 backupFileExtension = "bak";
98 }; 158 };
99 159
100 sops = lib.mkIf hasSops { 160 sops = mkIf hasSops {
101 age = { 161 age = {
102 keyFile = "/var/lib/sops-nix/key.txt"; 162 keyFile = "/var/lib/sops-nix/key.txt";
103 generateKey = false; 163 generateKey = false;
diff --git a/system-profiles/initrd-ssh/default.nix b/system-profiles/initrd-ssh/default.nix
index 5176234f..ef469343 100644
--- a/system-profiles/initrd-ssh/default.nix
+++ b/system-profiles/initrd-ssh/default.nix
@@ -3,8 +3,6 @@
3with lib; 3with lib;
4 4
5{ 5{
6 imports = [ ./module.nix ];
7
8 config = { 6 config = {
9 boot.initrd = { 7 boot.initrd = {
10 network = { 8 network = {
@@ -21,8 +19,8 @@ with lib;
21 }; 19 };
22 20
23 secrets = with config.sops.secrets; { 21 secrets = with config.sops.secrets; {
24 "/etc/ssh/ssh_host_ed25519_key" = initrd_ssh_host_ed25519_key.path; 22 "/etc/ssh/ssh_host_ed25519_key" = mkForce initrd_ssh_host_ed25519_key.path;
25 "/etc/ssh/ssh_host_rsa_key" = initrd_ssh_host_rsa_key.path; 23 "/etc/ssh/ssh_host_rsa_key" = mkForce initrd_ssh_host_rsa_key.path;
26 }; 24 };
27 25
28 extraFiles = let 26 extraFiles = let
diff --git a/system-profiles/networkmanager.nix b/system-profiles/networkmanager.nix
index d5c85999..0fc25619 100644
--- a/system-profiles/networkmanager.nix
+++ b/system-profiles/networkmanager.nix
@@ -9,7 +9,6 @@ with lib;
9 enable = true; 9 enable = true;
10 dhcp = "internal"; 10 dhcp = "internal";
11 dns = mkForce "dnsmasq"; 11 dns = mkForce "dnsmasq";
12 firewallBackend = mkIf config.networking.nftables.enable "nftables";
13 logLevel = "INFO"; 12 logLevel = "INFO";
14 extraConfig = '' 13 extraConfig = ''
15 [connectivity] 14 [connectivity]
diff --git a/system-profiles/openssh/default.nix b/system-profiles/openssh/default.nix
index 3e17e96c..098e2b25 100644
--- a/system-profiles/openssh/default.nix
+++ b/system-profiles/openssh/default.nix
@@ -66,7 +66,10 @@ in {
66 services.openssh = mkIf cfg.enable { 66 services.openssh = mkIf cfg.enable {
67 hostKeys = mkIf cfg.staticHostKeys (mkForce []); # done manually 67 hostKeys = mkIf cfg.staticHostKeys (mkForce []); # done manually
68 settings = { 68 settings = {
69 inherit Ciphers Macs KexAlgorithms HostKeyAlgorithms CASignatureAlgorithms PubkeyAcceptedAlgorithms; 69 inherit Ciphers Macs KexAlgorithms;
70 HostKeyAlgorithms = concatStringsSep "," HostKeyAlgorithms;
71 PubkeyAcceptedAlgorithms = concatStringsSep "," PubkeyAcceptedAlgorithms;
72 CASignatureAlgorithms = concatStringsSep "," CASignatureAlgorithms;
70 73
71 LogLevel = "VERBOSE"; 74 LogLevel = "VERBOSE";
72 RevokedKeys = toString ./ca/krl.bin; 75 RevokedKeys = toString ./ca/krl.bin;
diff --git a/system-profiles/rebuild-machines/default.nix b/system-profiles/rebuild-machines/default.nix
index 09832e73..cc01f66b 100644
--- a/system-profiles/rebuild-machines/default.nix
+++ b/system-profiles/rebuild-machines/default.nix
@@ -69,6 +69,7 @@ in {
69 }; 69 };
70 }; 70 };
71 default = { flake = { type = "git"; url = "ssh://${cfg.repoHost}/nixos"; ref = "flakes"; }; flakeOutput = hostName; }; 71 default = { flake = { type = "git"; url = "ssh://${cfg.repoHost}/nixos"; ref = "flakes"; }; flakeOutput = hostName; };
72 defaultText = literalExpression ''{ flake = { type = "git"; url = "ssh://''${config.system.rebuild-machine.repoHost}/nixos"; ref = "flakes"; }; flakeOutput = hostName; }'';
72 description = '' 73 description = ''
73 The Flake URI of the NixOS configuration to build. 74 The Flake URI of the NixOS configuration to build.
74 ''; 75 '';