From c9f0f1a0262b756d1c9aa23ebef8e71849b9f1c1 Mon Sep 17 00:00:00 2001 From: oddlama Date: Tue, 26 Sep 2023 15:52:38 +0200 Subject: [PATCH] fix: it's a good idea to also add the generation to the profile... --- README.md | 4 +-- flake.lock | 96 ++++++++++++++++++++++++------------------------- pkgs/deploy.nix | 4 +-- 3 files changed, 52 insertions(+), 52 deletions(-) diff --git a/README.md b/README.md index 6c6a002..e27b499 100644 --- a/README.md +++ b/README.md @@ -3,12 +3,12 @@ This is my personal nix config. It's still in the making, but this is what I got so far: - Secret rekeying, generation and bootstrapping using [agenix-rekey](https://github.com/oddlama/agenix-rekey) - - Remote-unlockable full disk encryption using ZFS on LUKS - Automatic disk partitioning via [disko](https://github.com/nix-community/disko) - Support for repository-wide secrets at evaluation time (hides PII like MACs) - Automatic static wireguard mesh generation - Opt-in persistence with [impermanence](https://github.com/nix-community/impermanence) + -Servers: +Server related stuff: - Log and system monitoring through [grafana](https://github.com/grafana/grafana) using - [influxdb2](https://github.com/influxdata/influxdb) and [telegraf](https://github.com/influxdata/telegraf) for metrics diff --git a/flake.lock b/flake.lock index e613d5c..5ed806e 100644 --- a/flake.lock +++ b/flake.lock @@ -27,11 +27,11 @@ ] }, "locked": { - "lastModified": 1690228878, - "narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=", + "lastModified": 1695384796, + "narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=", "owner": "ryantm", "repo": "agenix", - "rev": "d8c973fd228949736dedf61b7f8cc1ece3236792", + "rev": "1f677b3e161d3bdbfd08a939e8f25de2568e0ef4", "type": "github" }, "original": { @@ -180,11 +180,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1694435990, - "narHash": "sha256-yLQPD2eZGepu3yvdwABXrR3GhAqWRWTj9rn3a4knYuk=", + "lastModified": 1695195896, + "narHash": "sha256-pq9q7YsGXnQzJFkR5284TmxrLNFc0wo4NQ/a5E93CQU=", "owner": "numtide", "repo": "devshell", - "rev": "f6aec2e8b1cdddcab10ce7fc2eac66886e3deaad", + "rev": "05d40d17bf3459606316e3e9ec683b784ff28f16", "type": "github" }, "original": { @@ -200,11 +200,11 @@ ] }, "locked": { - "lastModified": 1694710969, - "narHash": "sha256-5nMY+3JF/ktW8D8URataP6MCbbnID13P4CixARNoq6w=", + "lastModified": 1695660337, + "narHash": "sha256-4ceXFNIUphgqFo4BR0bUEKh65Lud4x5DF/mB/eDdqEI=", "owner": "nix-community", "repo": "disko", - "rev": "91af5b4a53ee8e57f4178ef58036dce49fbda91a", + "rev": "fbfd7567c224134b57ee64a663e95285fe7fe048", "type": "github" }, "original": { @@ -514,11 +514,11 @@ ] }, "locked": { - "lastModified": 1694643239, - "narHash": "sha256-pv2k/5FvyirDE8g4TNehzwZ0T4UOMMmqWSQnM/luRtE=", + "lastModified": 1695708052, + "narHash": "sha256-QiWOrZcCmY+zH2NVM6/opZaMRMgam9u+qVYycKLqL10=", "owner": "nix-community", "repo": "home-manager", - "rev": "d9b88b43524db1591fb3d9410a21428198d75d49", + "rev": "dd88dbc69438384bd94f8282584a86798750028c", "type": "github" }, "original": { @@ -548,11 +548,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1694606970, - "narHash": "sha256-ZFLOqdkQ5mww+hSyi3197iwD+3qKiZyrspumzmyo5GQ=", + "lastModified": 1695557304, + "narHash": "sha256-HYoJE+KE6/zGHgRI496n9E1abDFaqsl9EnEfGIEEqLo=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "d3726e6c98c3110deb9901346a9cfaeac844d292", + "rev": "cb8bfd550aaaf32a330c1c8870a3d9a5bfa00954", "type": "github" }, "original": { @@ -583,11 +583,11 @@ ] }, "locked": { - "lastModified": 1694526290, - "narHash": "sha256-HiWr+tfJE/hcn8atRC0S5KweSUknQLEduPLTEiSr5J8=", + "lastModified": 1695719191, + "narHash": "sha256-/WtvNBHXLHwq7mfmVIFKdaXq0Tf0K0f6cFJ7Dqh3DMA=", "owner": "astro", "repo": "microvm.nix", - "rev": "03e7f11cf915a911277c2cdea5d7da9717597aa2", + "rev": "09ed8c52817afb0acb6badc3905e3a121e80fe06", "type": "github" }, "original": { @@ -603,11 +603,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1694654058, - "narHash": "sha256-Wo0yw5ow7OSJvK94CD708zcSVfm9CCi5WFopP3BDaVc=", + "lastModified": 1695258303, + "narHash": "sha256-5Ibd9qjkAk04y8GyweQF+ciIaPzRaet3xZAmTDOWCng=", "owner": "nix-community", "repo": "nix-eval-jobs", - "rev": "3e635f33fb31b39305ff378ed66149a4b3715985", + "rev": "39657d146828157ef51c4f2d8bebb96a77075fc6", "type": "github" }, "original": { @@ -623,11 +623,11 @@ ] }, "locked": { - "lastModified": 1694921880, - "narHash": "sha256-yU36cs5UdzhTwsM9bUWUz43N//ELzQ1ro69C07pU/8E=", + "lastModified": 1695526222, + "narHash": "sha256-/NwZz3QcVplrfiDKk1thYg1EIHLSNucVHNUi2uwO3RI=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "9d2bcc47110b3b6217dfebd6761ba20bc78aedf2", + "rev": "25d6369c232bbea1ec1f90226fd17982e7a0a647", "type": "github" }, "original": { @@ -674,11 +674,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1694710316, - "narHash": "sha256-uRh46iIC86D8BD1wCDA5gRrt+hslUXiD0kx/UjnjBcs=", + "lastModified": 1695541019, + "narHash": "sha256-rs++zfk41K9ArWkDAlmBDlGlKO8qeRIRzdjo+9SmNFI=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "570256327eb6ca6f7bebe8d93af49459092a0c43", + "rev": "61283b30d11f27d5b76439d43f20d0c0c8ff5296", "type": "github" }, "original": { @@ -695,11 +695,11 @@ ] }, "locked": { - "lastModified": 1677020959, - "narHash": "sha256-r06isoyASAIoYH+zcbb8jescQyYq+AYNccVPUlzivDk=", + "lastModified": 1695065444, + "narHash": "sha256-c39mzyE1Z95bOjNfcCpENdQUn8lgTQFXNDeDguZnKs4=", "owner": "thelegy", "repo": "nixos-nftables-firewall", - "rev": "6cb25335de6f1fe0722f02573d0cfbaea4cd7ecf", + "rev": "f1d43094940379f8aa3b7ef750b48db48b622584", "type": "github" }, "original": { @@ -710,11 +710,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1694422566, - "narHash": "sha256-lHJ+A9esOz9vln/3CJG23FV6Wd2OoOFbDeEs4cMGMqc=", + "lastModified": 1695360818, + "narHash": "sha256-JlkN3R/SSoMTa+CasbxS1gq+GpGxXQlNZRUh9+LIy/0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3a2786eea085f040a66ecde1bc3ddc7099f6dbeb", + "rev": "e35dcc04a3853da485a396bdd332217d0ac9054f", "type": "github" }, "original": { @@ -726,11 +726,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1694306727, - "narHash": "sha256-26fkTOJOI65NOTNKFvtcJF9mzzf/kK9swHzfYt1Dl6Q=", + "lastModified": 1695516402, + "narHash": "sha256-pL7m8iu1OLs/7ywhh+Q8ltPgmtwbMpi7484yr32zgYI=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "c30b6a84c0b84ec7aecbe74466033facc9ed103f", + "rev": "01fc4cd75e577ac00e7c50b7e5f16cd9b6d633e8", "type": "github" }, "original": { @@ -797,11 +797,11 @@ ] }, "locked": { - "lastModified": 1694708370, - "narHash": "sha256-9d+LPbFuxUOVZNEDz5w6mJAbqVMkkedNi5qSvF171Jg=", + "lastModified": 1695705266, + "narHash": "sha256-tbsXor65EMGjwMyAyK+poxlvfxM0/UYsgQ5N8CML8+M=", "owner": "nix-community", "repo": "nixpkgs-wayland", - "rev": "a6cdb64d5a278ff7059a684561fd1d54f6117bcf", + "rev": "06136dbe5a7ab8c4411e25145dfff68c6a2e71f6", "type": "github" }, "original": { @@ -812,11 +812,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1694651847, - "narHash": "sha256-W+2eI96glLiEwLnX/kWn5HDO7WfKKkF0lKW9yyNLEbY=", + "lastModified": 1695256509, + "narHash": "sha256-Je+ZId+dYrx0NOZ8J6le7CwZZdVZAAP5dddxK9kZNfA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "46ea94edba83944a236850bbc0bfd92785736b00", + "rev": "ff7daa56614b083d3a87e2872917b676e9ba62a6", "type": "github" }, "original": { @@ -836,11 +836,11 @@ ] }, "locked": { - "lastModified": 1687629384, - "narHash": "sha256-p0m0AXL2s1RhymW7BXfcR6oYfZhYDNmnSiuTQoyP/2o=", + "lastModified": 1695643200, + "narHash": "sha256-49SPrO9fWeIoSXS5pFFFhcC4kyfQik5B2J+GSuMopjE=", "owner": "symphorien", "repo": "nixseparatedebuginfod", - "rev": "08d4f56a656c38eb414aeedecd9f02cb57ffb2a8", + "rev": "318ada174f6e6510a50abb69b7765a28c8009b1a", "type": "github" }, "original": { @@ -918,11 +918,11 @@ "nixpkgs-stable": "nixpkgs-stable_3" }, "locked": { - "lastModified": 1694364351, - "narHash": "sha256-oadhSCqopYXxURwIA6/Anpe5IAG11q2LhvTJNP5zE6o=", + "lastModified": 1695576016, + "narHash": "sha256-71KxwRhTfVuh7kNrg3/edNjYVg9DCyKZl2QIKbhRggg=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "4f883a76282bc28eb952570afc3d8a1bf6f481d7", + "rev": "cb770e93516a1609652fa8e945a0f310e98f10c0", "type": "github" }, "original": { diff --git a/pkgs/deploy.nix b/pkgs/deploy.nix index 4664d95..bd02eaa 100644 --- a/pkgs/deploy.nix +++ b/pkgs/deploy.nix @@ -93,7 +93,7 @@ for host in "''${HOSTS[@]}"; do store_path="''${TOPLEVEL_STORE_PATHS["$host"]}" echo " Copying ➡️ $host" - nix copy --to "ssh-ng://$host" "$store_path" + nix copy --to "ssh://$host" "$store_path" time_next echo " Copied ✅ $host in ''${T_LAST}s" done @@ -101,8 +101,8 @@ for host in "''${HOSTS[@]}"; do store_path="''${TOPLEVEL_STORE_PATHS["$host"]}" echo " Applying ⚙️ $host" + ssh "$host" -- /run/current-system/sw/bin/nix-env --profile /nix/var/nix/profiles/system --set "$store_path" ssh "$host" -- "$store_path"/bin/switch-to-configuration "$ACTION" - nix copy --to "ssh-ng://$host" "$store_path" time_next echo " Applied ✅ $host in ''${T_LAST}s" done