From a5de016eedd1425f6e592bc4595dd82a0494b206 Mon Sep 17 00:00:00 2001 From: DashieTM Date: Sun, 4 Aug 2024 15:50:45 +0200 Subject: [PATCH] Fix server config path --- base/common_hardware.nix | 20 +++++++++++- flake.lock | 49 ++++++++++++++++++++---------- hardware/server/configuration.nix | 14 ++++----- lib/default.nix | 41 +++++++++++++------------ modules/programs/base_packages.nix | 2 -- programs/common.nix | 1 + secrets/secrets.yaml | 5 +-- 7 files changed, 85 insertions(+), 47 deletions(-) diff --git a/base/common_hardware.nix b/base/common_hardware.nix index e8b4f88..16bcf46 100644 --- a/base/common_hardware.nix +++ b/base/common_hardware.nix @@ -27,7 +27,16 @@ in services.xserver.enable = true; nixpkgs.hostPlatform = lib.mkDefault config.conf.system; - nix.settings.auto-optimise-store = true; + nix = { + settings = { + auto-optimise-store = true; + + experimental-features = "nix-command flakes"; + }; + extraOptions = '' + !include ${config.sops.secrets.access.path} + ''; + }; # Enable sound with pipewire. hardware.pulseaudio.enable = false; @@ -103,4 +112,13 @@ in swapDevices = [{ device = "/dev/disk/by-label/SWAP"; }]; + + sops = { + gnupg = { + home = "/home/${config.conf.username}/.gnupg"; + sshKeyPaths = [ ]; + }; + defaultSopsFile = ../secrets/secrets.yaml; + secrets.access = { }; + }; } diff --git a/flake.lock b/flake.lock index 748aea8..33a806d 100644 --- a/flake.lock +++ b/flake.lock @@ -218,11 +218,11 @@ "nixvim": "nixvim" }, "locked": { - "lastModified": 1722560743, - "narHash": "sha256-e2FhudX6P+kwtYALgpmJG7l03ayhkGY9+j9Hrcyl7gQ=", + "lastModified": 1722777725, + "narHash": "sha256-QQ1yP9rag8vslOJRXR8kL+KkrL/iAC6/vSfvorHicNQ=", "owner": "DashieTM", "repo": "DashVim", - "rev": "5a2c4fa3a7cd0718dc8c08d1c41cc6a44de9869f", + "rev": "0169fb3fd02229ab19e23951d9caecf92ea4f265", "type": "github" }, "original": { @@ -884,11 +884,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1722707408, - "narHash": "sha256-hyTuWhcid8UklJBC4Yh3dpf7Xhx4oJDyM/3n10E1wSk=", + "lastModified": 1722773977, + "narHash": "sha256-AqSmHptledo4Tp+hrHWovGR+e//bejR458sRmhq+jT4=", "ref": "refs/heads/main", - "rev": "51ffd7fa6f186419276e5d3d5fe141a3fdb3c55c", - "revCount": 5048, + "rev": "5dd2c27b631f16e49a2c6e6cbbefba9fa50bf543", + "revCount": 5050, "submodules": true, "type": "git", "url": "https://github.com/hyprwm/Hyprland" @@ -1013,11 +1013,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1722698043, - "narHash": "sha256-Hsgi1DJP+oodbsULTrqpO6KPSJYeyswluNLVGxUtwJE=", + "lastModified": 1722775753, + "narHash": "sha256-YFarQSZEIFpA1/9eRK4tm88mZYvWGIaAgCEAjazBO38=", "owner": "JakeStanger", "repo": "ironbar", - "rev": "6e43c7ae0cce4b8c6dfe2f74756574195b944abe", + "rev": "92c690dcd14c21272f89bfde292546a2ee828e23", "type": "github" }, "original": { @@ -1413,11 +1413,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1722421184, - "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", + "lastModified": 1722630782, + "narHash": "sha256-hMyG9/WlUi0Ho9VkRrrez7SeNlDzLxalm9FwY7n/Noo=", "owner": "NixOs", "repo": "nixpkgs", - "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", + "rev": "d04953086551086b44b6f3c6b7eeb26294f207da", "type": "github" }, "original": { @@ -1487,11 +1487,11 @@ }, "nur": { "locked": { - "lastModified": 1722709906, - "narHash": "sha256-I27FkJ3qSsxc5aZSwpYHMqJwLpvQt6eV4MrwGfVjCvM=", + "lastModified": 1722770616, + "narHash": "sha256-A40yRytGkUb40yQYjspVU3Z/QBONgFYZqQiz00V1IJ4=", "owner": "nix-community", "repo": "nur", - "rev": "ac1226f223779364c73f1a450654383768dab1b7", + "rev": "5605ce776b3d21c0ee477fcd028a817bd3524e6f", "type": "github" }, "original": { @@ -1682,6 +1682,7 @@ "reset": "reset", "reset-plugins": "reset-plugins", "sops-nix": "sops-nix", + "stable": "stable", "stylix": "stylix" } }, @@ -1840,6 +1841,22 @@ "type": "github" } }, + "stable": { + "locked": { + "lastModified": 1722651103, + "narHash": "sha256-IRiJA0NVAoyaZeKZluwfb2DoTpBAj+FLI0KfybBeDU0=", + "owner": "NixOs", + "repo": "nixpkgs", + "rev": "a633d89c6dc9a2a8aae11813a62d7c58b2c0cc51", + "type": "github" + }, + "original": { + "owner": "NixOs", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, "stylix": { "inputs": { "base16": "base16_2", diff --git a/hardware/server/configuration.nix b/hardware/server/configuration.nix index 8933764..9faf1f0 100644 --- a/hardware/server/configuration.nix +++ b/hardware/server/configuration.nix @@ -1,11 +1,11 @@ { config, pkgs, ... }: let - nextcloud_pw = (builtins.readFile ./nextcloud); - forgejo_pw = (builtins.readFile ./dbpw/forgejo); - matrix_pw = (builtins.readFile ./dbpw/matrix-synapse); - mautrix_signal_pw = (builtins.readFile ./dbpw/mautrix_signal); - mautrix_whatsapp_pw = (builtins.readFile ./dbpw/mautrix_whatsapp); - mautrix_discord_pw = (builtins.readFile ./dbpw/mautrix_discord); + nextcloud_pw = (builtins.readFile /etc/nixos/nextcloud); + forgejo_pw = (builtins.readFile /etc/nixos/dbpw/forgejo); + matrix_pw = (builtins.readFile /etc/nixos/dbpw/matrix-synapse); + mautrix_signal_pw = (builtins.readFile /etc/nixos/dbpw/mautrix_signal); + mautrix_whatsapp_pw = (builtins.readFile /etc/nixos/dbpw/mautrix_whatsapp); + mautrix_discord_pw = (builtins.readFile /etc/nixos/dbpw/mautrix_discord); fqdn = "matrix.${config.networking.domain}"; baseUrl = "https://${fqdn}"; @@ -219,7 +219,7 @@ in }; services.forgejo = { enable = true; - database.passwordFile = ./dbpw/forgejo; + database.passwordFile = /etc/nixos/dbpw/forgejo; settings = { server.DOMAIN = "git.dashie.org"; server.SSH_PORT = 12008; diff --git a/lib/default.nix b/lib/default.nix index 91b3acc..2d820aa 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,22 +1,25 @@ { inputs, pkgs, ... }: { - build_systems = systems: builtins.listToAttrs (map (name: { - name = name; - value = - let - mod = ../hardware/${name}/configuration.nix; - in - inputs.nixpkgs.lib.nixosSystem { - specialArgs = { - inherit inputs pkgs mod; + build_systems = systems: builtins.listToAttrs (map + (name: { + name = name; + value = + let + mod = ../hardware/${name}/configuration.nix; + in + inputs.nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs pkgs mod; + }; + modules = [ + inputs.sops-nix.nixosModules.sops + inputs.home-manager.nixosModules.home-manager + inputs.stylix.nixosModules.stylix + ../base + ../programs + mod + ] ++ inputs.nixpkgs.lib.optional (builtins.pathExists ../hardware/${name}/${name}.nix) ../hardware/${name}/${name}.nix + ++ inputs.nixpkgs.lib.optional (builtins.pathExists mod) mod; }; - modules = [ - inputs.home-manager.nixosModules.home-manager - inputs.stylix.nixosModules.stylix - ../base - ../programs - mod - ] ++ inputs.nixpkgs.lib.optional (builtins.pathExists ../hardware/${name}/${name}.nix) ../hardware/${name}/${name}.nix - ++ inputs.nixpkgs.lib.optional (builtins.pathExists mod) mod; - }; - } )systems); + }) + systems); } diff --git a/modules/programs/base_packages.nix b/modules/programs/base_packages.nix index 8186448..c518ace 100644 --- a/modules/programs/base_packages.nix +++ b/modules/programs/base_packages.nix @@ -64,8 +64,6 @@ cantarell-fonts ]; - nix.settings.experimental-features = "nix-command flakes"; - virtualisation.docker.enable = true; services.upower.enable = true; diff --git a/programs/common.nix b/programs/common.nix index b6d93b9..a2b4876 100644 --- a/programs/common.nix +++ b/programs/common.nix @@ -48,5 +48,6 @@ in secrets.${username} = { }; secrets.nextcloud = { }; }; + systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; } diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 173df49..7163087 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -13,14 +13,15 @@ matrix_server: ENC[AES256_GCM,data:fH+5kX6VyNUXzAmNkLEGf8KmhIWuTGsG3r0=,iv:B2lto mautrix_signal_server: ENC[AES256_GCM,data:xBHtTtf725wvSltd7EgP3u/GszsaKR1D/ng=,iv:KZorceuZJulvBYyOSKaFv0UxAgMzIuXnBSDmqeqZT80=,tag:k4Dqvq7n39q6rgfB9hB8/g==,type:str] mautrix_whatsapp_server: ENC[AES256_GCM,data:Ap5NZ9+kkusMTJlmiH2vxj2fkp1RZPSOM5s=,iv:/F3sP/7bw0uIualG8E+Mtxp60xW8OlHBBZCui887oaA=,tag:CawIZEpmbmxRYhq2fb1vDw==,type:str] mautrix_discord_server: ENC[AES256_GCM,data:8MU3URa52h0sDabl+6bYZ0z0ib/S8KzYb3k=,iv:uSqT0MsK1qcphyd+5xZZ8aDqxQhZX8mKBP+2tHHG04I=,tag:mdepj3ombSru96es+lFIQQ==,type:str] +access: ENC[AES256_GCM,data:J7lIopyeMZIIoRLMahTXNMOu8dQ+ZO0/AkcJcXdLpUnGugJmFoqHuUE=,iv:J93hLNq+mZe6cqEk32c3gxkTN5hIeZ0kkUxSmoiexeI=,tag:k3qzx0gPafHd4/3BWi8X6w==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2024-08-04T11:57:52Z" - mac: ENC[AES256_GCM,data:pd8VsxocTuCAIOAXi94ltCfhqohmAIBbZBK/3WQSd0suyORcvSKrTYdvi/dZ/6x+bXgz0vEzKNanNR98eLU4Ff3ldvsT6RQA1Hjn85V4ouJqWBB//kj42gYSiIjn/1dib0hvyZyvm2mutKbkpxZkJxRZYAw2DR0yR/oPfNK3xG8=,iv:fnRC7vk/KMgRzJgn9ww9A0amQTEsOVhqUa5NLAvX+kA=,tag:bbfpvpbL2L/ctQPdz6nDRg==,type:str] + lastmodified: "2024-08-04T13:37:08Z" + mac: ENC[AES256_GCM,data:zP8fPzpMKzgEPTR2qRisPaZzYyBnYEw7zU22xwP0ZHdfhq/fwUNuduUe/sg7aoobKTMPLBKJ7ukoiHkBpglnPzPajbH0cikevFcqSP1/NuDGl/cyytVUlOuePI/8Lct2WgCDzYVW71RuObUk7yHzvnMoqvem7UYpjdE5niryiwg=,iv:lNkveEy08C2/qd4CI/jy47JJCGFlYxU1saBLrH6LnaU=,tag:SnUHbRNnl0FIDK2b5wolsw==,type:str] pgp: - created_at: "2024-05-14T14:35:02Z" enc: |-