diff options
-rw-r--r-- | flake.lock | 193 | ||||
-rw-r--r-- | flake.nix | 79 | ||||
-rw-r--r-- | hosts/eostre/default.nix | 2 | ||||
-rw-r--r-- | hosts/sif/default.nix | 2 | ||||
-rw-r--r-- | hosts/vidhar/network/dsl.nix | 2 | ||||
-rw-r--r-- | hosts/vidhar/pgbackrest/default.nix | 2 | ||||
-rw-r--r-- | installer/default.nix | 2 | ||||
-rw-r--r-- | modules/envfs.nix | 8 | ||||
-rw-r--r-- | modules/openssh.nix | 12 | ||||
-rw-r--r-- | modules/pgbackrest.nix | 2 | ||||
-rw-r--r-- | modules/tinc-networkmanager.nix | 1 | ||||
-rw-r--r-- | modules/uucp.nix | 5 | ||||
-rw-r--r-- | overlays/poetry2nix.nix | 3 | ||||
-rw-r--r-- | overlays/prometheus-systemd-exporter.nix | 11 | ||||
-rw-r--r-- | system-profiles/core/default.nix | 80 | ||||
-rw-r--r-- | system-profiles/initrd-ssh/default.nix | 6 | ||||
-rw-r--r-- | system-profiles/networkmanager.nix | 1 | ||||
-rw-r--r-- | system-profiles/openssh/default.nix | 5 | ||||
-rw-r--r-- | system-profiles/rebuild-machines/default.nix | 1 |
19 files changed, 320 insertions, 97 deletions
@@ -6,19 +6,22 @@ | |||
6 | "nixpkgs": [ | 6 | "nixpkgs": [ |
7 | "nixpkgs" | 7 | "nixpkgs" |
8 | ], | 8 | ], |
9 | "poetry2nix": [ | ||
10 | "poetry2nix" | ||
11 | ], | ||
9 | "pre-commit-hooks-nix": "pre-commit-hooks-nix" | 12 | "pre-commit-hooks-nix": "pre-commit-hooks-nix" |
10 | }, | 13 | }, |
11 | "locked": { | 14 | "locked": { |
12 | "lastModified": 1678718217, | 15 | "lastModified": 1701974579, |
13 | "narHash": "sha256-b08VXH9lGi8/3lIDQQ87Oy6bKi7A8SRFxLNM0I4xX5M=", | 16 | "narHash": "sha256-Drydx4onJnz5AqjG1clABRHUF4cPmy75zH70AXvs3eQ=", |
14 | "owner": "gkleen", | 17 | "owner": "gkleen", |
15 | "repo": "backup-utils", | 18 | "repo": "backup-utils", |
16 | "rev": "8c174281de2733e275c5c18fe9ecd97c6edab1d7", | 19 | "rev": "d094023745980f90828f0390441ff22b51107f3a", |
17 | "type": "gitlab" | 20 | "type": "gitlab" |
18 | }, | 21 | }, |
19 | "original": { | 22 | "original": { |
20 | "owner": "gkleen", | 23 | "owner": "gkleen", |
21 | "ref": "v0.1.0", | 24 | "ref": "v0.1.2", |
22 | "repo": "backup-utils", | 25 | "repo": "backup-utils", |
23 | "type": "gitlab" | 26 | "type": "gitlab" |
24 | } | 27 | } |
@@ -29,19 +32,22 @@ | |||
29 | "nixpkgs": [ | 32 | "nixpkgs": [ |
30 | "nixpkgs" | 33 | "nixpkgs" |
31 | ], | 34 | ], |
35 | "poetry2nix": [ | ||
36 | "poetry2nix" | ||
37 | ], | ||
32 | "pre-commit-hooks-nix": "pre-commit-hooks-nix_2" | 38 | "pre-commit-hooks-nix": "pre-commit-hooks-nix_2" |
33 | }, | 39 | }, |
34 | "locked": { | 40 | "locked": { |
35 | "lastModified": 1691340067, | 41 | "lastModified": 1701974982, |
36 | "narHash": "sha256-diC5x6yhZ02LtgjFySpwAbGpjLJi/PXjocCDs/w+XiU=", | 42 | "narHash": "sha256-crVlSEyoox6g8dpndqCgts3i6otVoGfDUmPz2ltG3IY=", |
37 | "owner": "gkleen", | 43 | "owner": "gkleen", |
38 | "repo": "ca", | 44 | "repo": "ca", |
39 | "rev": "080e45af700bbd917a49124becd5fe5f275bfc9f", | 45 | "rev": "8cfabef934ee8219d12b9ba46e2b2f4d6dc61f8d", |
40 | "type": "gitlab" | 46 | "type": "gitlab" |
41 | }, | 47 | }, |
42 | "original": { | 48 | "original": { |
43 | "owner": "gkleen", | 49 | "owner": "gkleen", |
44 | "ref": "v2.1.0", | 50 | "ref": "v2.3.3", |
45 | "repo": "ca", | 51 | "repo": "ca", |
46 | "type": "gitlab" | 52 | "type": "gitlab" |
47 | } | 53 | } |
@@ -59,11 +65,11 @@ | |||
59 | ] | 65 | ] |
60 | }, | 66 | }, |
61 | "locked": { | 67 | "locked": { |
62 | "lastModified": 1695052866, | 68 | "lastModified": 1698921442, |
63 | "narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=", | 69 | "narHash": "sha256-7KmvhQ7FuXlT/wG4zjTssap6maVqeAMBdtel+VjClSM=", |
64 | "owner": "serokell", | 70 | "owner": "serokell", |
65 | "repo": "deploy-rs", | 71 | "repo": "deploy-rs", |
66 | "rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9", | 72 | "rev": "660180bbbeae7d60dad5a92b30858306945fd427", |
67 | "type": "github" | 73 | "type": "github" |
68 | }, | 74 | }, |
69 | "original": { | 75 | "original": { |
@@ -108,11 +114,11 @@ | |||
108 | "flake-compat_3": { | 114 | "flake-compat_3": { |
109 | "flake": false, | 115 | "flake": false, |
110 | "locked": { | 116 | "locked": { |
111 | "lastModified": 1673956053, | 117 | "lastModified": 1696426674, |
112 | "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", | 118 | "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", |
113 | "owner": "edolstra", | 119 | "owner": "edolstra", |
114 | "repo": "flake-compat", | 120 | "repo": "flake-compat", |
115 | "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", | 121 | "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", |
116 | "type": "github" | 122 | "type": "github" |
117 | }, | 123 | }, |
118 | "original": { | 124 | "original": { |
@@ -246,11 +252,11 @@ | |||
246 | "systems": "systems_2" | 252 | "systems": "systems_2" |
247 | }, | 253 | }, |
248 | "locked": { | 254 | "locked": { |
249 | "lastModified": 1694529238, | 255 | "lastModified": 1701680307, |
250 | "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", | 256 | "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", |
251 | "owner": "numtide", | 257 | "owner": "numtide", |
252 | "repo": "flake-utils", | 258 | "repo": "flake-utils", |
253 | "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", | 259 | "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", |
254 | "type": "github" | 260 | "type": "github" |
255 | }, | 261 | }, |
256 | "original": { | 262 | "original": { |
@@ -362,6 +368,27 @@ | |||
362 | "type": "github" | 368 | "type": "github" |
363 | } | 369 | } |
364 | }, | 370 | }, |
371 | "nix-github-actions": { | ||
372 | "inputs": { | ||
373 | "nixpkgs": [ | ||
374 | "poetry2nix", | ||
375 | "nixpkgs" | ||
376 | ] | ||
377 | }, | ||
378 | "locked": { | ||
379 | "lastModified": 1698974481, | ||
380 | "narHash": "sha256-yPncV9Ohdz1zPZxYHQf47S8S0VrnhV7nNhCawY46hDA=", | ||
381 | "owner": "nix-community", | ||
382 | "repo": "nix-github-actions", | ||
383 | "rev": "4bb5e752616262457bc7ca5882192a564c0472d2", | ||
384 | "type": "github" | ||
385 | }, | ||
386 | "original": { | ||
387 | "owner": "nix-community", | ||
388 | "repo": "nix-github-actions", | ||
389 | "type": "github" | ||
390 | } | ||
391 | }, | ||
365 | "nix-index-database": { | 392 | "nix-index-database": { |
366 | "inputs": { | 393 | "inputs": { |
367 | "nixpkgs": [ | 394 | "nixpkgs": [ |
@@ -369,11 +396,11 @@ | |||
369 | ] | 396 | ] |
370 | }, | 397 | }, |
371 | "locked": { | 398 | "locked": { |
372 | "lastModified": 1694921880, | 399 | "lastModified": 1701572887, |
373 | "narHash": "sha256-yU36cs5UdzhTwsM9bUWUz43N//ELzQ1ro69C07pU/8E=", | 400 | "narHash": "sha256-oCPwQZT0Inis4zcYhtFHUp7Rym1zglKPLDcRird35q8=", |
374 | "owner": "Mic92", | 401 | "owner": "Mic92", |
375 | "repo": "nix-index-database", | 402 | "repo": "nix-index-database", |
376 | "rev": "9d2bcc47110b3b6217dfebd6761ba20bc78aedf2", | 403 | "rev": "41afa8d1c061beda68502bcc67f2788f3a77042b", |
377 | "type": "github" | 404 | "type": "github" |
378 | }, | 405 | }, |
379 | "original": { | 406 | "original": { |
@@ -399,6 +426,22 @@ | |||
399 | "type": "github" | 426 | "type": "github" |
400 | } | 427 | } |
401 | }, | 428 | }, |
429 | "nixpkgs-eostre": { | ||
430 | "locked": { | ||
431 | "lastModified": 1701282334, | ||
432 | "narHash": "sha256-MxCVrXY6v4QmfTwIysjjaX0XUhqBbxTWWB4HXtDYsdk=", | ||
433 | "owner": "NixOS", | ||
434 | "repo": "nixpkgs", | ||
435 | "rev": "057f9aecfb71c4437d2b27d3323df7f93c010b7e", | ||
436 | "type": "github" | ||
437 | }, | ||
438 | "original": { | ||
439 | "owner": "NixOS", | ||
440 | "ref": "23.11", | ||
441 | "repo": "nixpkgs", | ||
442 | "type": "github" | ||
443 | } | ||
444 | }, | ||
402 | "nixpkgs-lib": { | 445 | "nixpkgs-lib": { |
403 | "locked": { | 446 | "locked": { |
404 | "dir": "lib", | 447 | "dir": "lib", |
@@ -453,6 +496,22 @@ | |||
453 | "type": "github" | 496 | "type": "github" |
454 | } | 497 | } |
455 | }, | 498 | }, |
499 | "nixpkgs-pgbackrest": { | ||
500 | "locked": { | ||
501 | "lastModified": 1685566663, | ||
502 | "narHash": "sha256-btHN1czJ6rzteeCuE/PNrdssqYD2nIA4w48miQAFloM=", | ||
503 | "owner": "NixOS", | ||
504 | "repo": "nixpkgs", | ||
505 | "rev": "4ecab3273592f27479a583fb6d975d4aba3486fe", | ||
506 | "type": "github" | ||
507 | }, | ||
508 | "original": { | ||
509 | "owner": "NixOS", | ||
510 | "ref": "23.05", | ||
511 | "repo": "nixpkgs", | ||
512 | "type": "github" | ||
513 | } | ||
514 | }, | ||
456 | "nixpkgs-stable": { | 515 | "nixpkgs-stable": { |
457 | "locked": { | 516 | "locked": { |
458 | "lastModified": 1678614274, | 517 | "lastModified": 1678614274, |
@@ -471,16 +530,16 @@ | |||
471 | }, | 530 | }, |
472 | "nixpkgs-stable_2": { | 531 | "nixpkgs-stable_2": { |
473 | "locked": { | 532 | "locked": { |
474 | "lastModified": 1685566663, | 533 | "lastModified": 1701282334, |
475 | "narHash": "sha256-btHN1czJ6rzteeCuE/PNrdssqYD2nIA4w48miQAFloM=", | 534 | "narHash": "sha256-MxCVrXY6v4QmfTwIysjjaX0XUhqBbxTWWB4HXtDYsdk=", |
476 | "owner": "NixOS", | 535 | "owner": "NixOS", |
477 | "repo": "nixpkgs", | 536 | "repo": "nixpkgs", |
478 | "rev": "4ecab3273592f27479a583fb6d975d4aba3486fe", | 537 | "rev": "057f9aecfb71c4437d2b27d3323df7f93c010b7e", |
479 | "type": "github" | 538 | "type": "github" |
480 | }, | 539 | }, |
481 | "original": { | 540 | "original": { |
482 | "owner": "NixOS", | 541 | "owner": "NixOS", |
483 | "ref": "23.05", | 542 | "ref": "23.11", |
484 | "repo": "nixpkgs", | 543 | "repo": "nixpkgs", |
485 | "type": "github" | 544 | "type": "github" |
486 | } | 545 | } |
@@ -503,11 +562,11 @@ | |||
503 | }, | 562 | }, |
504 | "nixpkgs_2": { | 563 | "nixpkgs_2": { |
505 | "locked": { | 564 | "locked": { |
506 | "lastModified": 1695232867, | 565 | "lastModified": 1701952487, |
507 | "narHash": "sha256-XwNaS3JP2JOJHsgYqeTnMzjywGeFjo/G++otcckJLFw=", | 566 | "narHash": "sha256-QDHd2AUiXnfFegFJuuCIPeAf109cY7jdAtkrDPA7MiM=", |
508 | "owner": "gkleen", | 567 | "owner": "gkleen", |
509 | "repo": "nixpkgs", | 568 | "repo": "nixpkgs", |
510 | "rev": "7c48f2b003d8d6ef98e7b29ccb888a877b806ab8", | 569 | "rev": "3fe71bc59b593b7757e8ecf4f5cbd25fb77cca5b", |
511 | "type": "github" | 570 | "type": "github" |
512 | }, | 571 | }, |
513 | "original": { | 572 | "original": { |
@@ -560,6 +619,33 @@ | |||
560 | "type": "github" | 619 | "type": "github" |
561 | } | 620 | } |
562 | }, | 621 | }, |
622 | "poetry2nix": { | ||
623 | "inputs": { | ||
624 | "flake-utils": [ | ||
625 | "flake-utils" | ||
626 | ], | ||
627 | "nix-github-actions": "nix-github-actions", | ||
628 | "nixpkgs": [ | ||
629 | "nixpkgs" | ||
630 | ], | ||
631 | "systems": "systems_3", | ||
632 | "treefmt-nix": "treefmt-nix" | ||
633 | }, | ||
634 | "locked": { | ||
635 | "lastModified": 1701861752, | ||
636 | "narHash": "sha256-QfrE05P66856b1SMan69NPhjc9e82VtLxBKg3yiQGW8=", | ||
637 | "owner": "nix-community", | ||
638 | "repo": "poetry2nix", | ||
639 | "rev": "9fc487b32a68473da4bf9573f85b388043c5ecda", | ||
640 | "type": "github" | ||
641 | }, | ||
642 | "original": { | ||
643 | "owner": "nix-community", | ||
644 | "ref": "master", | ||
645 | "repo": "poetry2nix", | ||
646 | "type": "github" | ||
647 | } | ||
648 | }, | ||
563 | "pre-commit-hooks-nix": { | 649 | "pre-commit-hooks-nix": { |
564 | "inputs": { | 650 | "inputs": { |
565 | "flake-compat": "flake-compat", | 651 | "flake-compat": "flake-compat", |
@@ -638,14 +724,17 @@ | |||
638 | "nixpkgs": [ | 724 | "nixpkgs": [ |
639 | "nixpkgs" | 725 | "nixpkgs" |
640 | ], | 726 | ], |
727 | "poetry2nix": [ | ||
728 | "poetry2nix" | ||
729 | ], | ||
641 | "pre-commit-hooks-nix": "pre-commit-hooks-nix_3" | 730 | "pre-commit-hooks-nix": "pre-commit-hooks-nix_3" |
642 | }, | 731 | }, |
643 | "locked": { | 732 | "locked": { |
644 | "lastModified": 1685389961, | 733 | "lastModified": 1701975574, |
645 | "narHash": "sha256-D01xvx8trgelAM5D/1rZ9/s2Wqm3LDBfH29VWGeYu5o=", | 734 | "narHash": "sha256-gN2I3VdtC4mpep+AmYxR2OpaY7uv14zXCOfEMdzh0q4=", |
646 | "owner": "gkleen", | 735 | "owner": "gkleen", |
647 | "repo": "prometheus-borg-exporter", | 736 | "repo": "prometheus-borg-exporter", |
648 | "rev": "153c3864761d4741dc72e360f96de8c169834b81", | 737 | "rev": "5699a2c38a0d777d0580584136e0a27b33800864", |
649 | "type": "gitlab" | 738 | "type": "gitlab" |
650 | }, | 739 | }, |
651 | "original": { | 740 | "original": { |
@@ -666,8 +755,11 @@ | |||
666 | "home-manager": "home-manager", | 755 | "home-manager": "home-manager", |
667 | "nix-index-database": "nix-index-database", | 756 | "nix-index-database": "nix-index-database", |
668 | "nixpkgs": "nixpkgs_2", | 757 | "nixpkgs": "nixpkgs_2", |
758 | "nixpkgs-eostre": "nixpkgs-eostre", | ||
759 | "nixpkgs-pgbackrest": "nixpkgs-pgbackrest", | ||
669 | "nixpkgs-stable": "nixpkgs-stable_2", | 760 | "nixpkgs-stable": "nixpkgs-stable_2", |
670 | "nvfetcher": "nvfetcher", | 761 | "nvfetcher": "nvfetcher", |
762 | "poetry2nix": "poetry2nix", | ||
671 | "prometheus-borg-exporter": "prometheus-borg-exporter", | 763 | "prometheus-borg-exporter": "prometheus-borg-exporter", |
672 | "sops-nix": "sops-nix" | 764 | "sops-nix": "sops-nix" |
673 | } | 765 | } |
@@ -682,11 +774,11 @@ | |||
682 | ] | 774 | ] |
683 | }, | 775 | }, |
684 | "locked": { | 776 | "locked": { |
685 | "lastModified": 1695284550, | 777 | "lastModified": 1701728052, |
686 | "narHash": "sha256-z9fz/wz9qo9XePEvdduf+sBNeoI9QG8NJKl5ssA8Xl4=", | 778 | "narHash": "sha256-7lOMc3PtW5a55vFReBJLLLOnopsoi1W7MkjJ93jPV4E=", |
687 | "owner": "Mic92", | 779 | "owner": "Mic92", |
688 | "repo": "sops-nix", | 780 | "repo": "sops-nix", |
689 | "rev": "2f375ed8702b0d8ee2430885059d5e7975e38f78", | 781 | "rev": "e91ece6d2cf5a0ae729796b8f0dedceab5107c3d", |
690 | "type": "github" | 782 | "type": "github" |
691 | }, | 783 | }, |
692 | "original": { | 784 | "original": { |
@@ -725,6 +817,41 @@ | |||
725 | "repo": "default", | 817 | "repo": "default", |
726 | "type": "github" | 818 | "type": "github" |
727 | } | 819 | } |
820 | }, | ||
821 | "systems_3": { | ||
822 | "locked": { | ||
823 | "lastModified": 1681028828, | ||
824 | "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", | ||
825 | "owner": "nix-systems", | ||
826 | "repo": "default", | ||
827 | "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", | ||
828 | "type": "github" | ||
829 | }, | ||
830 | "original": { | ||
831 | "id": "systems", | ||
832 | "type": "indirect" | ||
833 | } | ||
834 | }, | ||
835 | "treefmt-nix": { | ||
836 | "inputs": { | ||
837 | "nixpkgs": [ | ||
838 | "poetry2nix", | ||
839 | "nixpkgs" | ||
840 | ] | ||
841 | }, | ||
842 | "locked": { | ||
843 | "lastModified": 1699786194, | ||
844 | "narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=", | ||
845 | "owner": "numtide", | ||
846 | "repo": "treefmt-nix", | ||
847 | "rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1", | ||
848 | "type": "github" | ||
849 | }, | ||
850 | "original": { | ||
851 | "owner": "numtide", | ||
852 | "repo": "treefmt-nix", | ||
853 | "type": "github" | ||
854 | } | ||
728 | } | 855 | } |
729 | }, | 856 | }, |
730 | "root": "root", | 857 | "root": "root", |
@@ -19,12 +19,24 @@ | |||
19 | # ref = "nixos-unstable"; | 19 | # ref = "nixos-unstable"; |
20 | ref = "ppp-systemd"; | 20 | ref = "ppp-systemd"; |
21 | }; | 21 | }; |
22 | nixpkgs-stable = { | 22 | nixpkgs-pgbackrest = { |
23 | type = "github"; | 23 | type = "github"; |
24 | owner = "NixOS"; | 24 | owner = "NixOS"; |
25 | repo = "nixpkgs"; | 25 | repo = "nixpkgs"; |
26 | ref = "23.05"; | 26 | ref = "23.05"; |
27 | }; | 27 | }; |
28 | nixpkgs-stable = { | ||
29 | type = "github"; | ||
30 | owner = "NixOS"; | ||
31 | repo = "nixpkgs"; | ||
32 | ref = "23.11"; | ||
33 | }; | ||
34 | nixpkgs-eostre = { | ||
35 | type = "github"; | ||
36 | owner = "NixOS"; | ||
37 | repo = "nixpkgs"; | ||
38 | ref = "23.11"; | ||
39 | }; | ||
28 | home-manager = { | 40 | home-manager = { |
29 | type = "github"; | 41 | type = "github"; |
30 | # owner = "nix-community"; | 42 | # owner = "nix-community"; |
@@ -97,23 +109,35 @@ | |||
97 | nixpkgs.follows = "nixpkgs"; | 109 | nixpkgs.follows = "nixpkgs"; |
98 | }; | 110 | }; |
99 | }; | 111 | }; |
112 | poetry2nix = { | ||
113 | type = "github"; | ||
114 | owner = "nix-community"; | ||
115 | repo = "poetry2nix"; | ||
116 | ref = "master"; | ||
117 | inputs = { | ||
118 | flake-utils.follows = "flake-utils"; | ||
119 | nixpkgs.follows = "nixpkgs"; | ||
120 | }; | ||
121 | }; | ||
100 | 122 | ||
101 | ca-util = { | 123 | ca-util = { |
102 | type = "gitlab"; | 124 | type = "gitlab"; |
103 | owner = "gkleen"; | 125 | owner = "gkleen"; |
104 | repo = "ca"; | 126 | repo = "ca"; |
105 | ref = "v2.1.0"; | 127 | ref = "v2.3.3"; |
106 | inputs = { | 128 | inputs = { |
107 | nixpkgs.follows = "nixpkgs"; | 129 | nixpkgs.follows = "nixpkgs"; |
130 | poetry2nix.follows = "poetry2nix"; | ||
108 | }; | 131 | }; |
109 | }; | 132 | }; |
110 | backup-utils = { | 133 | backup-utils = { |
111 | type = "gitlab"; | 134 | type = "gitlab"; |
112 | owner = "gkleen"; | 135 | owner = "gkleen"; |
113 | repo = "backup-utils"; | 136 | repo = "backup-utils"; |
114 | ref = "v0.1.0"; | 137 | ref = "v0.1.2"; |
115 | inputs = { | 138 | inputs = { |
116 | nixpkgs.follows = "nixpkgs"; | 139 | nixpkgs.follows = "nixpkgs"; |
140 | poetry2nix.follows = "poetry2nix"; | ||
117 | }; | 141 | }; |
118 | }; | 142 | }; |
119 | prometheus-borg-exporter = { | 143 | prometheus-borg-exporter = { |
@@ -123,6 +147,7 @@ | |||
123 | ref = "main"; | 147 | ref = "main"; |
124 | inputs = { | 148 | inputs = { |
125 | nixpkgs.follows = "nixpkgs"; | 149 | nixpkgs.follows = "nixpkgs"; |
150 | poetry2nix.follows = "poetry2nix"; | ||
126 | }; | 151 | }; |
127 | }; | 152 | }; |
128 | }; | 153 | }; |
@@ -133,7 +158,7 @@ | |||
133 | inherit (nixpkgs) lib; | 158 | inherit (nixpkgs) lib; |
134 | utils = import ./utils { inherit lib; }; | 159 | utils = import ./utils { inherit lib; }; |
135 | inherit (utils) nixImport overrideModule; | 160 | inherit (utils) nixImport overrideModule; |
136 | inherit (lib) nixosSystem mkIf splitString filterAttrs listToAttrs mapAttrsToList nameValuePair concatMap composeManyExtensions mapAttrs mapAttrs' recursiveUpdate genAttrs unique elem optionalAttrs isDerivation concatLists concatStringsSep fix filter makeOverridable foldr; | 161 | inherit (lib) mkIf splitString filterAttrs listToAttrs mapAttrsToList nameValuePair concatMap composeManyExtensions mapAttrs mapAttrs' recursiveUpdate genAttrs unique elem optionalAttrs isDerivation concatLists concatStringsSep fix filter makeOverridable foldr; |
137 | inherit (lib.strings) escapeNixString hasSuffix; | 162 | inherit (lib.strings) escapeNixString hasSuffix; |
138 | 163 | ||
139 | accountUserName = accountName: | 164 | accountUserName = accountName: |
@@ -149,29 +174,31 @@ | |||
149 | 174 | ||
150 | mkOverlay = path: final: prev: import path ({ inherit final; inherit prev; flakeInputs = inputs; flake = self; } // mkSources prev); | 175 | mkOverlay = path: final: prev: import path ({ inherit final; inherit prev; flakeInputs = inputs; flake = self; } // mkSources prev); |
151 | 176 | ||
152 | mkNixosConfiguration = addProfiles: dir: path: hostName: nixosSystem rec { | 177 | mkNixosConfiguration = addProfiles: dir: path: hostName: |
153 | specialArgs = { | 178 | let inherit ((inputs."nixpkgs-${hostName}" or inputs.nixpkgs).lib) nixosSystem; |
154 | flake = self; | 179 | in nixosSystem rec { |
155 | flakeInputs = inputs; | 180 | specialArgs = { |
156 | path = ./.; | 181 | flake = self; |
182 | flakeInputs = inputs; | ||
183 | path = ./.; | ||
184 | }; | ||
185 | modules = | ||
186 | let | ||
187 | defaultProfiles = with self.nixosModules.systemProfiles; | ||
188 | [ core | ||
189 | ]; | ||
190 | |||
191 | local = dir + "/${path}"; | ||
192 | argsModule = { pkgs, ... }: { | ||
193 | _module.args = { | ||
194 | customUtils = utils; | ||
195 | inherit hostName; | ||
196 | } // mkSources pkgs; | ||
197 | }; | ||
198 | accountModules = attrValues (filterAttrs accountMatchesHost self.nixosModules.accounts); | ||
199 | accountMatchesHost = n: _v: accountHostName n == hostName; | ||
200 | in attrValues (filterAttrs (n: _v: !(elem n ["systemProfiles" "users" "userProfiles" "accounts"])) self.nixosModules) ++ [ argsModule ] ++ defaultProfiles ++ addProfiles ++ [ local ] ++ accountModules; | ||
157 | }; | 201 | }; |
158 | modules = | ||
159 | let | ||
160 | defaultProfiles = with self.nixosModules.systemProfiles; | ||
161 | [ core | ||
162 | ]; | ||
163 | |||
164 | local = dir + "/${path}"; | ||
165 | argsModule = { pkgs, ... }: { | ||
166 | _module.args = { | ||
167 | customUtils = utils; | ||
168 | inherit hostName; | ||
169 | } // mkSources pkgs; | ||
170 | }; | ||
171 | accountModules = attrValues (filterAttrs accountMatchesHost self.nixosModules.accounts); | ||
172 | accountMatchesHost = n: _v: accountHostName n == hostName; | ||
173 | in attrValues (filterAttrs (n: _v: !(elem n ["systemProfiles" "users" "userProfiles" "accounts"])) self.nixosModules) ++ [ argsModule ] ++ defaultProfiles ++ addProfiles ++ [ local ] ++ accountModules; | ||
174 | }; | ||
175 | 202 | ||
176 | mkSystemProfile = dir: path: profileName: { | 203 | mkSystemProfile = dir: path: profileName: { |
177 | imports = [ (dir + "/${path}") ]; | 204 | imports = [ (dir + "/${path}") ]; |
diff --git a/hosts/eostre/default.nix b/hosts/eostre/default.nix index 40fb5f72..fd4b15f2 100644 --- a/hosts/eostre/default.nix +++ b/hosts/eostre/default.nix | |||
@@ -10,7 +10,7 @@ with lib; | |||
10 | config = { | 10 | config = { |
11 | nixpkgs = { | 11 | nixpkgs = { |
12 | system = "x86_64-linux"; | 12 | system = "x86_64-linux"; |
13 | config = { | 13 | externalConfig = { |
14 | allowUnfree = true; | 14 | allowUnfree = true; |
15 | }; | 15 | }; |
16 | }; | 16 | }; |
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index 66dca378..d1a28920 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix | |||
@@ -20,7 +20,7 @@ in { | |||
20 | config = { | 20 | config = { |
21 | nixpkgs = { | 21 | nixpkgs = { |
22 | system = "x86_64-linux"; | 22 | system = "x86_64-linux"; |
23 | config = { | 23 | externalConfig = { |
24 | allowUnfree = true; | 24 | allowUnfree = true; |
25 | pulseaudio = true; | 25 | pulseaudio = true; |
26 | }; | 26 | }; |
diff --git a/hosts/vidhar/network/dsl.nix b/hosts/vidhar/network/dsl.nix index ae874c25..a8a897f2 100644 --- a/hosts/vidhar/network/dsl.nix +++ b/hosts/vidhar/network/dsl.nix | |||
@@ -36,6 +36,7 @@ in { | |||
36 | user 002576900250551137425220#0001@t-online.de | 36 | user 002576900250551137425220#0001@t-online.de |
37 | telekom | 37 | telekom |
38 | debug | 38 | debug |
39 | +ipv6 | ||
39 | ''; | 40 | ''; |
40 | }; | 41 | }; |
41 | systemd.services."pppd-telekom" = { | 42 | systemd.services."pppd-telekom" = { |
@@ -43,7 +44,6 @@ in { | |||
43 | 44 | ||
44 | serviceConfig = lib.mkForce { | 45 | serviceConfig = lib.mkForce { |
45 | PIDFile = "/run/pppd/${pppInterface}.pid"; | 46 | PIDFile = "/run/pppd/${pppInterface}.pid"; |
46 | ExecStart = "${lib.getBin pkgs.ppp}/sbin/pppd call telekom up_sdnotify nolog +ipv6"; | ||
47 | }; | 47 | }; |
48 | }; | 48 | }; |
49 | sops.secrets."pap-secrets" = { | 49 | sops.secrets."pap-secrets" = { |
diff --git a/hosts/vidhar/pgbackrest/default.nix b/hosts/vidhar/pgbackrest/default.nix index 0f86ebe9..fec0c1fb 100644 --- a/hosts/vidhar/pgbackrest/default.nix +++ b/hosts/vidhar/pgbackrest/default.nix | |||
@@ -12,7 +12,7 @@ in { | |||
12 | 12 | ||
13 | services.pgbackrest = { | 13 | services.pgbackrest = { |
14 | enable = true; | 14 | enable = true; |
15 | package = flakeInputs.nixpkgs-stable.legacyPackages.${config.nixpkgs.system}.pgbackrest; | 15 | package = flakeInputs.nixpkgs-pgbackrest.legacyPackages.${config.nixpkgs.system}.pgbackrest; |
16 | 16 | ||
17 | tlsServer = { | 17 | tlsServer = { |
18 | enable = true; | 18 | enable = true; |
diff --git a/installer/default.nix b/installer/default.nix index 912a0ce9..baaf2dc6 100644 --- a/installer/default.nix +++ b/installer/default.nix | |||
@@ -47,7 +47,7 @@ with lib; | |||
47 | wantedBy = [ "multi-user.target" ]; | 47 | wantedBy = [ "multi-user.target" ]; |
48 | serviceConfig.ExecStart = "${pkgs.linuxPackages.nvidia_x11.bin}/bin/nvidia-smi"; | 48 | serviceConfig.ExecStart = "${pkgs.linuxPackages.nvidia_x11.bin}/bin/nvidia-smi"; |
49 | }; | 49 | }; |
50 | nixpkgs.config.allowUnfree = true; | 50 | nixpkgs.externalConfig.allowUnfree = true; |
51 | 51 | ||
52 | nix.settings.auto-allocate-uids = mkForce false; | 52 | nix.settings.auto-allocate-uids = mkForce false; |
53 | 53 | ||
diff --git a/modules/envfs.nix b/modules/envfs.nix index 1463dce8..83cad8d0 100644 --- a/modules/envfs.nix +++ b/modules/envfs.nix | |||
@@ -50,6 +50,14 @@ in { | |||
50 | ln -s ${config.environment.binsh} $out/sh | 50 | ln -s ${config.environment.binsh} $out/sh |
51 | '') | 51 | '') |
52 | ]; | 52 | ]; |
53 | defaultText = lib.literalExpression '' | ||
54 | [ (pkgs.runCommand "fallback-path-environment" {} ''' | ||
55 | mkdir -p $out | ||
56 | ln -s ''${config.environment.usrbinenv} $out/env | ||
57 | ln -s ''${config.environment.binsh} $out/sh | ||
58 | ''') | ||
59 | ] | ||
60 | ''; | ||
53 | description = lib.mdDoc "Extra packages to join into collection of fallback executables in case not other executable is found"; | 61 | description = lib.mdDoc "Extra packages to join into collection of fallback executables in case not other executable is found"; |
54 | }; | 62 | }; |
55 | }; | 63 | }; |
diff --git a/modules/openssh.nix b/modules/openssh.nix index b5950610..78749869 100644 --- a/modules/openssh.nix +++ b/modules/openssh.nix | |||
@@ -6,8 +6,8 @@ with lib; | |||
6 | options = { | 6 | options = { |
7 | services.openssh = { | 7 | services.openssh = { |
8 | settings.HostKeyAlgorithms = mkOption { | 8 | settings.HostKeyAlgorithms = mkOption { |
9 | type = types.listOf types.str; | 9 | type = types.str; |
10 | default = [ | 10 | default = concatStringsSep "," [ |
11 | "ssh-ed25519" | 11 | "ssh-ed25519" |
12 | "ssh-ed25519-cert-v01@openssh.com" | 12 | "ssh-ed25519-cert-v01@openssh.com" |
13 | "sk-ssh-ed25519@openssh.com" | 13 | "sk-ssh-ed25519@openssh.com" |
@@ -32,8 +32,8 @@ with lib; | |||
32 | ]; | 32 | ]; |
33 | }; | 33 | }; |
34 | settings.CASignatureAlgorithms = mkOption { | 34 | settings.CASignatureAlgorithms = mkOption { |
35 | type = types.listOf types.str; | 35 | type = types.str; |
36 | default = [ | 36 | default = concatStringsSep "," [ |
37 | "ssh-ed25519" | 37 | "ssh-ed25519" |
38 | "ecdsa-sha2-nistp256" | 38 | "ecdsa-sha2-nistp256" |
39 | "ecdsa-sha2-nistp384" | 39 | "ecdsa-sha2-nistp384" |
@@ -45,8 +45,8 @@ with lib; | |||
45 | ]; | 45 | ]; |
46 | }; | 46 | }; |
47 | settings.PubkeyAcceptedAlgorithms = mkOption { | 47 | settings.PubkeyAcceptedAlgorithms = mkOption { |
48 | type = types.listOf types.str; | 48 | type = types.str; |
49 | default = [ | 49 | default = concatStringsSep "," [ |
50 | "ssh-ed25519" | 50 | "ssh-ed25519" |
51 | "ssh-ed25519-cert-v01@openssh.com" | 51 | "ssh-ed25519-cert-v01@openssh.com" |
52 | "sk-ssh-ed25519@openssh.com" | 52 | "sk-ssh-ed25519@openssh.com" |
diff --git a/modules/pgbackrest.nix b/modules/pgbackrest.nix index ca319ccd..ac0f9a35 100644 --- a/modules/pgbackrest.nix +++ b/modules/pgbackrest.nix | |||
@@ -54,6 +54,7 @@ in { | |||
54 | stanza = mkOption { | 54 | stanza = mkOption { |
55 | type = types.str; | 55 | type = types.str; |
56 | default = config.networking.hostName; | 56 | default = config.networking.hostName; |
57 | defaultText = literalExpression "config.networking.hostName"; | ||
57 | }; | 58 | }; |
58 | }; | 59 | }; |
59 | 60 | ||
@@ -115,6 +116,7 @@ in { | |||
115 | stanza = mkOption { | 116 | stanza = mkOption { |
116 | type = types.str; | 117 | type = types.str; |
117 | default = cfg.configurePostgresql.stanza; | 118 | default = cfg.configurePostgresql.stanza; |
119 | defaultText = literalExpression "config.services.pgbackrest.configurePostgresql.stanza"; | ||
118 | }; | 120 | }; |
119 | repo = mkOption { | 121 | repo = mkOption { |
120 | type = types.nullOr (types.strMatching "^[0-9]+$"); | 122 | type = types.nullOr (types.strMatching "^[0-9]+$"); |
diff --git a/modules/tinc-networkmanager.nix b/modules/tinc-networkmanager.nix index ff03abd2..4beba737 100644 --- a/modules/tinc-networkmanager.nix +++ b/modules/tinc-networkmanager.nix | |||
@@ -8,6 +8,7 @@ in { | |||
8 | options.nmDispatch = lib.mkOption { | 8 | options.nmDispatch = lib.mkOption { |
9 | type = lib.types.bool; | 9 | type = lib.types.bool; |
10 | default = config.networking.networkmanager.enable; | 10 | default = config.networking.networkmanager.enable; |
11 | defaultText = lib.literalExpression "config.networking.networkmanager.enable"; | ||
11 | description = '' | 12 | description = '' |
12 | Install a network-manager dispatcher script to automatically | 13 | Install a network-manager dispatcher script to automatically |
13 | connect to all remotes when networking is available | 14 | connect to all remotes when networking is available |
diff --git a/modules/uucp.nix b/modules/uucp.nix index 95b675a6..abca2acb 100644 --- a/modules/uucp.nix +++ b/modules/uucp.nix | |||
@@ -48,12 +48,14 @@ let | |||
48 | commands = mkOption { | 48 | commands = mkOption { |
49 | type = types.listOf types.str; | 49 | type = types.listOf types.str; |
50 | default = cfg.defaultCommands; | 50 | default = cfg.defaultCommands; |
51 | defaultText = literalExpression "config.services.uucp.defaultCommands"; | ||
51 | description = "Commands to allow for this remote"; | 52 | description = "Commands to allow for this remote"; |
52 | }; | 53 | }; |
53 | 54 | ||
54 | protocols = mkOption { | 55 | protocols = mkOption { |
55 | type = types.separatedString ""; | 56 | type = types.separatedString ""; |
56 | default = cfg.defaultProtocols; | 57 | default = cfg.defaultProtocols; |
58 | defaultText = literalExpression "config.services.uucp.defaultProtocols"; | ||
57 | description = "UUCP protocols to use for this remote"; | 59 | description = "UUCP protocols to use for this remote"; |
58 | }; | 60 | }; |
59 | 61 | ||
@@ -119,6 +121,7 @@ in { | |||
119 | commandPath = mkOption { | 121 | commandPath = mkOption { |
120 | type = types.listOf types.path; | 122 | type = types.listOf types.path; |
121 | default = [ "${pkgs.rmail}/bin" ]; | 123 | default = [ "${pkgs.rmail}/bin" ]; |
124 | defaultText = literalExpression ''[ "''${pkgs.rmail}/bin" ]''; | ||
122 | description = '' | 125 | description = '' |
123 | Command search path for all systems | 126 | Command search path for all systems |
124 | ''; | 127 | ''; |
@@ -151,6 +154,7 @@ in { | |||
151 | sshKeyDir = mkOption { | 154 | sshKeyDir = mkOption { |
152 | type = types.path; | 155 | type = types.path; |
153 | default = "${cfg.homeDir}/.ssh/"; | 156 | default = "${cfg.homeDir}/.ssh/"; |
157 | defaultText = literalExpression ''''${config.services.uucp.homeDir}/.ssh/''; | ||
154 | description = "Directory to store ssh keypairs"; | 158 | description = "Directory to store ssh keypairs"; |
155 | }; | 159 | }; |
156 | 160 | ||
@@ -202,6 +206,7 @@ in { | |||
202 | nmDispatch = mkOption { | 206 | nmDispatch = mkOption { |
203 | type = types.bool; | 207 | type = types.bool; |
204 | default = config.networking.networkmanager.enable; | 208 | default = config.networking.networkmanager.enable; |
209 | defaultText = literalExpression "config.networking.networkmanager.enable"; | ||
205 | description = '' | 210 | description = '' |
206 | Install a network-manager dispatcher script to automatically | 211 | Install a network-manager dispatcher script to automatically |
207 | call all remotes when networking is available | 212 | call all remotes when networking is available |
diff --git a/overlays/poetry2nix.nix b/overlays/poetry2nix.nix new file mode 100644 index 00000000..693022a0 --- /dev/null +++ b/overlays/poetry2nix.nix | |||
@@ -0,0 +1,3 @@ | |||
1 | { final, prev, flakeInputs, ... }: | ||
2 | |||
3 | flakeInputs.poetry2nix.overlays.default final prev | ||
diff --git a/overlays/prometheus-systemd-exporter.nix b/overlays/prometheus-systemd-exporter.nix deleted file mode 100644 index 84cddb8e..00000000 --- a/overlays/prometheus-systemd-exporter.nix +++ /dev/null | |||
@@ -1,11 +0,0 @@ | |||
1 | { final, prev, ... }: { | ||
2 | prometheus-systemd-exporter = prev.prometheus-systemd-exporter.overrideAttrs (oldAttrs: { | ||
3 | patches = (oldAttrs.patches or []) ++ [ | ||
4 | (final.fetchpatch { | ||
5 | name = "cpu_stat.patch"; | ||
6 | url = "https://github.com/prometheus-community/systemd_exporter/pull/74.patch"; | ||
7 | hash = "sha256-a4M9SPckwkvetxjWMamm0x2wcg2a+Rkicn1XRUHieuM="; | ||
8 | }) | ||
9 | ]; | ||
10 | }); | ||
11 | } | ||
diff --git a/system-profiles/core/default.nix b/system-profiles/core/default.nix index 46049e26..67d50606 100644 --- a/system-profiles/core/default.nix +++ b/system-profiles/core/default.nix | |||
@@ -1,7 +1,10 @@ | |||
1 | { flake, flakeInputs, path, hostName, config, lib, pkgs, customUtils, ... }: | 1 | { flake, flakeInputs, path, hostName, config, lib, pkgs, customUtils, ... }: |
2 | |||
3 | with lib; | ||
4 | |||
2 | let | 5 | let |
3 | profileSet = customUtils.types.attrNameSet flake.nixosModules.systemProfiles; | 6 | profileSet = customUtils.types.attrNameSet flake.nixosModules.systemProfiles; |
4 | userProfileSet = customUtils.types.attrNameSet (lib.zipAttrs (lib.attrValues flake.nixosModules.userProfiles)); | 7 | userProfileSet = customUtils.types.attrNameSet (zipAttrs (attrValues flake.nixosModules.userProfiles)); |
5 | hasSops = config.sops.secrets != {}; | 8 | hasSops = config.sops.secrets != {}; |
6 | in { | 9 | in { |
7 | imports = with flakeInputs; | 10 | imports = with flakeInputs; |
@@ -11,7 +14,7 @@ in { | |||
11 | 14 | ||
12 | options = { | 15 | options = { |
13 | # See mkSystemProfile in ../flake.nix | 16 | # See mkSystemProfile in ../flake.nix |
14 | system.profiles = lib.mkOption { | 17 | system.profiles = mkOption { |
15 | type = profileSet; | 18 | type = profileSet; |
16 | default = []; | 19 | default = []; |
17 | description = '' | 20 | description = '' |
@@ -19,9 +22,9 @@ in { | |||
19 | ''; | 22 | ''; |
20 | }; | 23 | }; |
21 | 24 | ||
22 | users.users = lib.mkOption { | 25 | users.users = mkOption { |
23 | type = lib.types.attrsOf (lib.types.submodule { | 26 | type = types.attrsOf (types.submodule { |
24 | options.profiles = lib.mkOption { | 27 | options.profiles = mkOption { |
25 | type = userProfileSet; | 28 | type = userProfileSet; |
26 | default = []; | 29 | default = []; |
27 | description = '' | 30 | description = '' |
@@ -30,14 +33,71 @@ in { | |||
30 | }; | 33 | }; |
31 | }); | 34 | }); |
32 | }; | 35 | }; |
36 | |||
37 | nixpkgs.externalConfig = mkOption { | ||
38 | default = {}; | ||
39 | example = literalExpression | ||
40 | '' | ||
41 | { allowBroken = true; allowUnfree = true; } | ||
42 | ''; | ||
43 | type = mkOptionType { | ||
44 | name = "nixpkgs-config"; | ||
45 | description = "nixpkgs config"; | ||
46 | check = x: | ||
47 | let traceXIfNot = c: | ||
48 | if c x then true | ||
49 | else traceSeqN 1 x false; | ||
50 | isConfig = x: | ||
51 | builtins.isAttrs x || isFunction x; | ||
52 | in traceXIfNot isConfig; | ||
53 | merge = args: | ||
54 | let | ||
55 | optCall = f: x: | ||
56 | if isFunction f | ||
57 | then f x | ||
58 | else f; | ||
59 | mergeConfig = lhs_: rhs_: | ||
60 | let | ||
61 | lhs = optCall lhs_ { inherit pkgs; }; | ||
62 | rhs = optCall rhs_ { inherit pkgs; }; | ||
63 | in | ||
64 | recursiveUpdate lhs rhs // | ||
65 | optionalAttrs (lhs ? packageOverrides) { | ||
66 | packageOverrides = pkgs: | ||
67 | optCall lhs.packageOverrides pkgs // | ||
68 | optCall (attrByPath [ "packageOverrides" ] { } rhs) pkgs; | ||
69 | } // | ||
70 | optionalAttrs (lhs ? perlPackageOverrides) { | ||
71 | perlPackageOverrides = pkgs: | ||
72 | optCall lhs.perlPackageOverrides pkgs // | ||
73 | optCall (attrByPath [ "perlPackageOverrides" ] { } rhs) pkgs; | ||
74 | }; | ||
75 | in foldr (def: mergeConfig def.value) {}; | ||
76 | }; | ||
77 | description = mdDoc '' | ||
78 | The configuration of the Nix Packages collection. (For | ||
79 | details, see the Nixpkgs documentation.) It allows you to set | ||
80 | package configuration options. | ||
81 | |||
82 | Used to construct `nixpkgs.pkgs`. | ||
83 | ''; | ||
84 | }; | ||
85 | |||
86 | nixpkgs.flakeInput = mkOption { | ||
87 | type = types.enum (attrNames flakeInputs); | ||
88 | default = if flakeInputs ? "nixpkgs-${hostName}" then "nixpkgs-${hostName}" else "nixpkgs"; | ||
89 | defaultText = literalExpression ''if flakeInputs ? "nixpkgs-''${hostName}" then "nixpkgs-''${hostName}" else "nixpkgs"''; | ||
90 | internal = true; | ||
91 | }; | ||
33 | }; | 92 | }; |
34 | 93 | ||
35 | config = { | 94 | config = { |
36 | networking.hostName = hostName; | 95 | networking.hostName = hostName; |
37 | system.configurationRevision = lib.mkIf (flake ? rev) flake.rev; | 96 | system.configurationRevision = mkIf (flake ? rev) flake.rev; |
38 | 97 | ||
39 | nixpkgs.pkgs = flake.legacyPackages.${config.nixpkgs.system}.override { | 98 | nixpkgs.pkgs = import (flakeInputs.${config.nixpkgs.flakeInput}.outPath + "/pkgs/top-level") { |
40 | inherit (config.nixpkgs) config; | 99 | overlays = attrValues flake.overlays; |
100 | config = config.nixpkgs.externalConfig; | ||
41 | localSystem = config.nixpkgs.system; | 101 | localSystem = config.nixpkgs.system; |
42 | }; | 102 | }; |
43 | 103 | ||
@@ -64,7 +124,7 @@ in { | |||
64 | ]; | 124 | ]; |
65 | registry = | 125 | registry = |
66 | let override = { self = "nixos"; }; | 126 | let override = { self = "nixos"; }; |
67 | in lib.mapAttrs' (inpName: inpFlake: lib.nameValuePair | 127 | in mapAttrs' (inpName: inpFlake: nameValuePair |
68 | (override.${inpName} or inpName) | 128 | (override.${inpName} or inpName) |
69 | { flake = inpFlake; } ) flakeInputs; | 129 | { flake = inpFlake; } ) flakeInputs; |
70 | }; | 130 | }; |
@@ -97,7 +157,7 @@ in { | |||
97 | backupFileExtension = "bak"; | 157 | backupFileExtension = "bak"; |
98 | }; | 158 | }; |
99 | 159 | ||
100 | sops = lib.mkIf hasSops { | 160 | sops = mkIf hasSops { |
101 | age = { | 161 | age = { |
102 | keyFile = "/var/lib/sops-nix/key.txt"; | 162 | keyFile = "/var/lib/sops-nix/key.txt"; |
103 | generateKey = false; | 163 | generateKey = false; |
diff --git a/system-profiles/initrd-ssh/default.nix b/system-profiles/initrd-ssh/default.nix index 5176234f..ef469343 100644 --- a/system-profiles/initrd-ssh/default.nix +++ b/system-profiles/initrd-ssh/default.nix | |||
@@ -3,8 +3,6 @@ | |||
3 | with lib; | 3 | with lib; |
4 | 4 | ||
5 | { | 5 | { |
6 | imports = [ ./module.nix ]; | ||
7 | |||
8 | config = { | 6 | config = { |
9 | boot.initrd = { | 7 | boot.initrd = { |
10 | network = { | 8 | network = { |
@@ -21,8 +19,8 @@ with lib; | |||
21 | }; | 19 | }; |
22 | 20 | ||
23 | secrets = with config.sops.secrets; { | 21 | secrets = with config.sops.secrets; { |
24 | "/etc/ssh/ssh_host_ed25519_key" = initrd_ssh_host_ed25519_key.path; | 22 | "/etc/ssh/ssh_host_ed25519_key" = mkForce initrd_ssh_host_ed25519_key.path; |
25 | "/etc/ssh/ssh_host_rsa_key" = initrd_ssh_host_rsa_key.path; | 23 | "/etc/ssh/ssh_host_rsa_key" = mkForce initrd_ssh_host_rsa_key.path; |
26 | }; | 24 | }; |
27 | 25 | ||
28 | extraFiles = let | 26 | extraFiles = let |
diff --git a/system-profiles/networkmanager.nix b/system-profiles/networkmanager.nix index d5c85999..0fc25619 100644 --- a/system-profiles/networkmanager.nix +++ b/system-profiles/networkmanager.nix | |||
@@ -9,7 +9,6 @@ with lib; | |||
9 | enable = true; | 9 | enable = true; |
10 | dhcp = "internal"; | 10 | dhcp = "internal"; |
11 | dns = mkForce "dnsmasq"; | 11 | dns = mkForce "dnsmasq"; |
12 | firewallBackend = mkIf config.networking.nftables.enable "nftables"; | ||
13 | logLevel = "INFO"; | 12 | logLevel = "INFO"; |
14 | extraConfig = '' | 13 | extraConfig = '' |
15 | [connectivity] | 14 | [connectivity] |
diff --git a/system-profiles/openssh/default.nix b/system-profiles/openssh/default.nix index 3e17e96c..098e2b25 100644 --- a/system-profiles/openssh/default.nix +++ b/system-profiles/openssh/default.nix | |||
@@ -66,7 +66,10 @@ in { | |||
66 | services.openssh = mkIf cfg.enable { | 66 | services.openssh = mkIf cfg.enable { |
67 | hostKeys = mkIf cfg.staticHostKeys (mkForce []); # done manually | 67 | hostKeys = mkIf cfg.staticHostKeys (mkForce []); # done manually |
68 | settings = { | 68 | settings = { |
69 | inherit Ciphers Macs KexAlgorithms HostKeyAlgorithms CASignatureAlgorithms PubkeyAcceptedAlgorithms; | 69 | inherit Ciphers Macs KexAlgorithms; |
70 | HostKeyAlgorithms = concatStringsSep "," HostKeyAlgorithms; | ||
71 | PubkeyAcceptedAlgorithms = concatStringsSep "," PubkeyAcceptedAlgorithms; | ||
72 | CASignatureAlgorithms = concatStringsSep "," CASignatureAlgorithms; | ||
70 | 73 | ||
71 | LogLevel = "VERBOSE"; | 74 | LogLevel = "VERBOSE"; |
72 | RevokedKeys = toString ./ca/krl.bin; | 75 | RevokedKeys = toString ./ca/krl.bin; |
diff --git a/system-profiles/rebuild-machines/default.nix b/system-profiles/rebuild-machines/default.nix index 09832e73..cc01f66b 100644 --- a/system-profiles/rebuild-machines/default.nix +++ b/system-profiles/rebuild-machines/default.nix | |||
@@ -69,6 +69,7 @@ in { | |||
69 | }; | 69 | }; |
70 | }; | 70 | }; |
71 | default = { flake = { type = "git"; url = "ssh://${cfg.repoHost}/nixos"; ref = "flakes"; }; flakeOutput = hostName; }; | 71 | default = { flake = { type = "git"; url = "ssh://${cfg.repoHost}/nixos"; ref = "flakes"; }; flakeOutput = hostName; }; |
72 | defaultText = literalExpression ''{ flake = { type = "git"; url = "ssh://''${config.system.rebuild-machine.repoHost}/nixos"; ref = "flakes"; }; flakeOutput = hostName; }''; | ||
72 | description = '' | 73 | description = '' |
73 | The Flake URI of the NixOS configuration to build. | 74 | The Flake URI of the NixOS configuration to build. |
74 | ''; | 75 | ''; |