patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

chore: system update

Browse source 
fix: new rekey interface
fix: nix-plugin build against newer nix version
This commit is contained in:
Patrick Großmann 2023-07-28 23:21:31 +09:00
parent aab860ebd3
commit 45fbf23758
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
9 changed files with 71 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.envrc
View file

@ -1,2 +1,2 @@
nix_direnv_watch_file ./nix/dev-shell.nix nix_direnv_watch_file ./nix/devshell.nix
use flake use flake

75
flake.lock
View file

@ -11,11 +11,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1684153753, "lastModified": 1690228878,
"narHash": "sha256-PVbWt3qrjYAK+T5KplFcO+h7aZWfEj1UtyoKlvcDxh0=", "narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "db5637d10f797bb251b94ef9040b237f4702cde3", "rev": "d8c973fd228949736dedf61b7f8cc1ece3236792",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -31,11 +31,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1684539260, "lastModified": 1687304097,
"narHash": "sha256-lF3+vp2UZwBjzF4pnOKYZrQOCFdnOdtvGmaFIzsaMN4=", "narHash": "sha256-VId0oZxpYm4HSHwbsuGKI84zFkL6Gp4wuoJbbl52oZg=",
"owner": "oddlama", "owner": "oddlama",
"repo": "agenix-rekey", "repo": "agenix-rekey",
"rev": "e9a2bad33b7b1634af65cbc809fc31776df41fe5", "rev": "b1811920562ba287b680f35644ce3ed78d029cdf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -56,11 +56,11 @@
"stable": "stable" "stable": "stable"
}, },
"locked": { "locked": {
"lastModified": 1685163780, "lastModified": 1688224393,
"narHash": "sha256-tMwseHtEFDpO3WKeZKWqrKRAZI6TiEULidxEbzicuFg=", "narHash": "sha256-rsAvFNhRFzTF7qyb6WprLFghJnRxMFjvD2e5/dqMp4I=",
"owner": "zhaofengli", "owner": "zhaofengli",
"repo": "colmena", "repo": "colmena",
"rev": "c61bebae1dc1d57237577080b1ca1e37a3fbcebf", "rev": "19384f3ee2058c56021e4465a3ec57e84a47d8dd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -101,11 +101,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1683635384, "lastModified": 1688380630,
"narHash": "sha256-9goJTd05yOyD/McaMqZ4BUB8JW+mZMnZQJZ7VQ6C/Lw=", "narHash": "sha256-8ilApWVb1mAi4439zS3iFeIT0ODlbrifm/fegWwgHjA=",
"owner": "numtide", "owner": "numtide",
"repo": "devshell", "repo": "devshell",
"rev": "5143ea68647c4cf5227e4ad2100db6671fc4c369", "rev": "f9238ec3d75cefbb2b42a44948c4e8fb1ae9a205",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -153,11 +153,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1685518550, "lastModified": 1689068808,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -194,11 +194,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1685721552, "lastModified": 1690476848,
"narHash": "sha256-ifvq/zlO7lck8q+YkC5uom/h8/MVdMcQEldOL3cDQW0=", "narHash": "sha256-PSmzyuEbMxEn2uwwLYUN2l1psoJXb7jm/kfHD12Sq0k=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "29519461834c08395b35f840811faf8c23e3b61c", "rev": "8d243f7da13d6ee32f722a3f1afeced150b6d4da",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -217,11 +217,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1685790092, "lastModified": 1690453540,
"narHash": "sha256-pnLdV2Q91HjHBupuPtHGqknFDodXqp4hTwZ+NRPJ02g=", "narHash": "sha256-UDM0gIZcXbooKE+pTL6xAJgHhGIQxSE3XrD8bz8vv3k=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "Hyprland", "repo": "Hyprland",
"rev": "c5a7202cd9a49a0ee28e6af07a30d3702d170211", "rev": "2ea7d10d049e26c9829912da1d16f7f35f5b265d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -268,11 +268,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1684899633, "lastModified": 1690200740,
"narHash": "sha256-NtwerXX8UFsoNy6k+DukJMriWtEjQtMU/Urbff2O2Dg=", "narHash": "sha256-aRkEXGmCbAGcvDcdh/HB3YN+EvoPoxmJMOaqRZmf6vM=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "4cc688ee711159b9bcb5a367be44007934e1a49d", "rev": "ba9650b14e83b365fb9e731f7d7c803f22d2aecf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -283,11 +283,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1685655444, "lastModified": 1690367991,
"narHash": "sha256-6EujQNAeaUkWvpEZZcVF8qSfQrNVWFNNGbUJxv/A5a8=", "narHash": "sha256-2VwOn1l8y6+cu7zjNE8MgeGJNNz1eat1HwHrINeogFA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e635192892f5abbc2289eaac3a73cdb249abaefd", "rev": "c9cf0708f00fbe553319258e48ca89ff9a413703",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -299,16 +299,16 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1678872516, "lastModified": 1685801374,
"narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=", "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8", "rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-22.11", "ref": "nixos-23.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -326,11 +326,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1685361114, "lastModified": 1690464206,
"narHash": "sha256-4RjrlSb+OO+e1nzTExKW58o3WRwVGpXwj97iCta8aj4=", "narHash": "sha256-38V4kmOh6ikpfGiAS+Kt2H/TA2DubSqE66veP/jmB4Q=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "ca2fdbf3edda2a38140184da6381d49f8206eaf4", "rev": "9289996dcac62fd45836db7c07b87d2521eb526d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -406,17 +406,18 @@
"flake": false, "flake": false,
"locked": { "locked": {
"host": "gitlab.freedesktop.org", "host": "gitlab.freedesktop.org",
"lastModified": 1685745220, "lastModified": 1690165843,
"narHash": "sha256-6UY4E0naSxRQv4fcFImV4KcmVm1H+w7oTEKzK489hG4=", "narHash": "sha256-gv5kjss6REeQG0BmvK2gTx7jHLRdCnP25po6It6I6N8=",
"owner": "wlroots", "owner": "wlroots",
"repo": "wlroots", "repo": "wlroots",
"rev": "52b93f7eb41bd96870c935013fe6d1e36facba5c", "rev": "e8d545a9770a2473db32e0a0bfa757b05d2af4f3",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
"host": "gitlab.freedesktop.org", "host": "gitlab.freedesktop.org",
"owner": "wlroots", "owner": "wlroots",
"repo": "wlroots", "repo": "wlroots",
"rev": "e8d545a9770a2473db32e0a0bfa757b05d2af4f3",
"type": "gitlab" "type": "gitlab"
} }
}, },

1
flake.nix
View file

@ -73,6 +73,7 @@
{ {
secretsConfig = { secretsConfig = {
masterIdentities = [./secrets/NIXOSc.key.pub]; masterIdentities = [./secrets/NIXOSc.key.pub];
#masterIdentities = [./secrets/NIXOSa.key.pub];
extraEncryptionPubkeys = [./secrets/recipients.txt]; extraEncryptionPubkeys = [./secrets/recipients.txt];
}; };

2
hosts/common/core/system.nix
View file

@ -6,7 +6,7 @@
nodeName, nodeName,
... ...
}: { }: {
rekey = { age.rekey = {
inherit inherit
(inputs.self.secretsConfig) (inputs.self.secretsConfig)
masterIdentities masterIdentities

12
hosts/patricknix/net.nix
View file

@ -33,16 +33,16 @@
dns = ["9.9.9.9"]; dns = ["9.9.9.9"];
}; };
}; };
rekey.secrets.eduroam = { age.secrets.eduroam = {
file = nodePath + "/secrets/iwd/eduroam.8021x.age"; rekeyFile = nodePath + "/secrets/iwd/eduroam.8021x.age";
path = "/var/lib/iwd/eduroam.8021x"; path = "/var/lib/iwd/eduroam.8021x";
}; };
rekey.secrets.devoloog = { age.secrets.devoloog = {
file = nodePath + "/secrets/iwd/devolo-og.psk.age"; rekeyFile = nodePath + "/secrets/iwd/devolo-og.psk.age";
path = "/var/lib/iwd/devolo-og.psk"; path = "/var/lib/iwd/devolo-og.psk";
}; };
rekey.secrets.kaist = { age.secrets.kaist = {
file = nodePath + "/secrets/iwd/kaist.8021x.age"; rekeyFile = nodePath + "/secrets/iwd/kaist.8021x.age";
path = "/var/lib/iwd/Welcome_KAIST.8021x"; path = "/var/lib/iwd/Welcome_KAIST.8021x";
}; };
} }

4
hosts/patricknix/smb-mounts.nix
View file

@ -9,13 +9,13 @@
"x-systemd.idle-timeout=60" "x-systemd.idle-timeout=60"
"x-systemd.device-timeout=5s" "x-systemd.device-timeout=5s"
"x-systemd.mount-timeout=5s" "x-systemd.mount-timeout=5s"
"credentials=${config.rekey.secrets.smb-creds.path}" "credentials=${config.age.secrets.smb-creds.path}"
"uid=${builtins.toString config.users.users.patrick.uid}" "uid=${builtins.toString config.users.users.patrick.uid}"
"gid=${builtins.toString config.users.groups.patrick.gid}" "gid=${builtins.toString config.users.groups.patrick.gid}"
]; ];
in { in {
environment.systemPackages = [pkgs.cifs-utils]; environment.systemPackages = [pkgs.cifs-utils];
rekey.secrets.smb-creds.file = ../../secrets/smb.cred.age; age.secrets.smb-creds.rekeyFile = ../../secrets/smb.cred.age;
fileSystems = { fileSystems = {
"/mnt/smb/patri-data" = { "/mnt/smb/patri-data" = {
device = "//10.0.0.1/patri-data"; device = "//10.0.0.1/patri-data";

10
hosts/patricknix/wireguard.nix
View file

@ -5,13 +5,13 @@
peer = { peer = {
endpoint = "lel.lol:51820"; endpoint = "lel.lol:51820";
publicKey = "t/jR2/0hxBXG0Ytah2w5RQ1gn94k0/Ku9LYcbRR7pXo="; publicKey = "t/jR2/0hxBXG0Ytah2w5RQ1gn94k0/Ku9LYcbRR7pXo=";
presharedKeyFile = config.rekey.secrets.wireguard-pre.path; presharedKeyFile = config.age.secrets.wireguard-pre.path;
}; };
privateKeyFile = config.rekey.secrets.wireguard-priv.path; privateKeyFile = config.age.secrets.wireguard-priv.path;
in { in {
rekey.secrets = { age.secrets = {
wireguard-pre.file = ../../secrets/wireguard/elisabeth-pre.wg.age; wireguard-pre.rekeyFile = ../../secrets/wireguard/elisabeth-pre.wg.age;
wireguard-priv.file = ../../secrets/wireguard/elisabeth-priv.wg.age; wireguard-priv.rekeyFile = ../../secrets/wireguard/elisabeth-priv.wg.age;
}; };
networking.wg-quick.interfaces = { networking.wg-quick.interfaces = {

8
modules/secrets.nix
View file

@ -8,6 +8,8 @@
inherit inherit
(lib) (lib)
mapAttrs mapAttrs
# Not really unused LSP is confuse
assertMsg assertMsg
types types
mkOption mkOption
@ -65,10 +67,4 @@ in {
''; '';
}; };
}; };
config = {
nix.extraOptions = mkIf cfg.defineRageBuiltins ''
plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins
extra-builtins-file = ${../nix}/extra-builtins.nix
'';
};
} }

15
nix/devshell.nix
View file

@ -45,6 +45,21 @@ in
package = update-nix-fetchgit; package = update-nix-fetchgit;
help = "Update fetcher inside nix files"; help = "Update fetcher inside nix files";
} }
{
# nix plugins is currently build against nix version 2.16
# official nix version is 2.15 but if we try to load plugins
# it throws linking errors
package = nixVersions.nix_2_16;
}
];
env = [
{
name = "NIX_CONFIG";
value = ''
plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins
extra-builtins-file = ${../nix}/extra-builtins.nix
'';
}
]; ];
devshell.startup.pre-commit.text = self.checks.${system}.pre-commit-check.shellHook; devshell.startup.pre-commit.text = self.checks.${system}.pre-commit-check.shellHook;