mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 23:00:39 +02:00
Code Activity

fix: it's a good idea to also add the generation to the profile...

Browse source
This commit is contained in:
oddlama 2023-09-26 15:52:38 +02:00
parent aed03a5c2b
commit c9f0f1a026
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
3 changed files with 52 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -3,12 +3,12 @@
This is my personal nix config. It's still in the making, but this is what I got so far: This is my personal nix config. It's still in the making, but this is what I got so far:
- Secret rekeying, generation and bootstrapping using [agenix-rekey](https://github.com/oddlama/agenix-rekey) - Secret rekeying, generation and bootstrapping using [agenix-rekey](https://github.com/oddlama/agenix-rekey)
<!-- - Secure boot using [lanzaboote](https://github.com/nix-community/lanzaboote) -->
- Remote-unlockable full disk encryption using ZFS on LUKS <!-- with automatic snapshots and backups --> - Remote-unlockable full disk encryption using ZFS on LUKS <!-- with automatic snapshots and backups -->
- Automatic disk partitioning via [disko](https://github.com/nix-community/disko) - Automatic disk partitioning via [disko](https://github.com/nix-community/disko)
- Support for repository-wide secrets at evaluation time (hides PII like MACs) - Support for repository-wide secrets at evaluation time (hides PII like MACs)
- Automatic static wireguard mesh generation <!-- plus netbird for dynamic meshing --> - Automatic static wireguard mesh generation <!-- plus netbird for dynamic meshing -->
- Opt-in persistence with [impermanence](https://github.com/nix-community/impermanence) - Opt-in persistence with [impermanence](https://github.com/nix-community/impermanence)
<!-- - Secure boot using [lanzaboote](https://github.com/nix-community/lanzaboote) -->
<!-- <!--
Desktop machines: Desktop machines:
@ -23,7 +23,7 @@ XXX: todo, use details summary to show gallery of programs
- aa - aa
--> -->
Servers: Server related stuff:
- Log and system monitoring through [grafana](https://github.com/grafana/grafana) using - Log and system monitoring through [grafana](https://github.com/grafana/grafana) using
- [influxdb2](https://github.com/influxdata/influxdb) and [telegraf](https://github.com/influxdata/telegraf) for metrics - [influxdb2](https://github.com/influxdata/influxdb) and [telegraf](https://github.com/influxdata/telegraf) for metrics

96
flake.lock generated
View file

@ -27,11 +27,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1690228878, "lastModified": 1695384796,
"narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=", "narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "d8c973fd228949736dedf61b7f8cc1ece3236792", "rev": "1f677b3e161d3bdbfd08a939e8f25de2568e0ef4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -180,11 +180,11 @@
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1694435990, "lastModified": 1695195896,
"narHash": "sha256-yLQPD2eZGepu3yvdwABXrR3GhAqWRWTj9rn3a4knYuk=", "narHash": "sha256-pq9q7YsGXnQzJFkR5284TmxrLNFc0wo4NQ/a5E93CQU=",
"owner": "numtide", "owner": "numtide",
"repo": "devshell", "repo": "devshell",
"rev": "f6aec2e8b1cdddcab10ce7fc2eac66886e3deaad", "rev": "05d40d17bf3459606316e3e9ec683b784ff28f16",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -200,11 +200,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1694710969, "lastModified": 1695660337,
"narHash": "sha256-5nMY+3JF/ktW8D8URataP6MCbbnID13P4CixARNoq6w=", "narHash": "sha256-4ceXFNIUphgqFo4BR0bUEKh65Lud4x5DF/mB/eDdqEI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "91af5b4a53ee8e57f4178ef58036dce49fbda91a", "rev": "fbfd7567c224134b57ee64a663e95285fe7fe048",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -514,11 +514,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1694643239, "lastModified": 1695708052,
"narHash": "sha256-pv2k/5FvyirDE8g4TNehzwZ0T4UOMMmqWSQnM/luRtE=", "narHash": "sha256-QiWOrZcCmY+zH2NVM6/opZaMRMgam9u+qVYycKLqL10=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "d9b88b43524db1591fb3d9410a21428198d75d49", "rev": "dd88dbc69438384bd94f8282584a86798750028c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -548,11 +548,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1694606970, "lastModified": 1695557304,
"narHash": "sha256-ZFLOqdkQ5mww+hSyi3197iwD+3qKiZyrspumzmyo5GQ=", "narHash": "sha256-HYoJE+KE6/zGHgRI496n9E1abDFaqsl9EnEfGIEEqLo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lib-aggregate", "repo": "lib-aggregate",
"rev": "d3726e6c98c3110deb9901346a9cfaeac844d292", "rev": "cb8bfd550aaaf32a330c1c8870a3d9a5bfa00954",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -583,11 +583,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1694526290, "lastModified": 1695719191,
"narHash": "sha256-HiWr+tfJE/hcn8atRC0S5KweSUknQLEduPLTEiSr5J8=", "narHash": "sha256-/WtvNBHXLHwq7mfmVIFKdaXq0Tf0K0f6cFJ7Dqh3DMA=",
"owner": "astro", "owner": "astro",
"repo": "microvm.nix", "repo": "microvm.nix",
"rev": "03e7f11cf915a911277c2cdea5d7da9717597aa2", "rev": "09ed8c52817afb0acb6badc3905e3a121e80fe06",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -603,11 +603,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1694654058, "lastModified": 1695258303,
"narHash": "sha256-Wo0yw5ow7OSJvK94CD708zcSVfm9CCi5WFopP3BDaVc=", "narHash": "sha256-5Ibd9qjkAk04y8GyweQF+ciIaPzRaet3xZAmTDOWCng=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-eval-jobs", "repo": "nix-eval-jobs",
"rev": "3e635f33fb31b39305ff378ed66149a4b3715985", "rev": "39657d146828157ef51c4f2d8bebb96a77075fc6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -623,11 +623,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1694921880, "lastModified": 1695526222,
"narHash": "sha256-yU36cs5UdzhTwsM9bUWUz43N//ELzQ1ro69C07pU/8E=", "narHash": "sha256-/NwZz3QcVplrfiDKk1thYg1EIHLSNucVHNUi2uwO3RI=",
"owner": "Mic92", "owner": "Mic92",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "9d2bcc47110b3b6217dfebd6761ba20bc78aedf2", "rev": "25d6369c232bbea1ec1f90226fd17982e7a0a647",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -674,11 +674,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1694710316, "lastModified": 1695541019,
"narHash": "sha256-uRh46iIC86D8BD1wCDA5gRrt+hslUXiD0kx/UjnjBcs=", "narHash": "sha256-rs++zfk41K9ArWkDAlmBDlGlKO8qeRIRzdjo+9SmNFI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "570256327eb6ca6f7bebe8d93af49459092a0c43", "rev": "61283b30d11f27d5b76439d43f20d0c0c8ff5296",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -695,11 +695,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1677020959, "lastModified": 1695065444,
"narHash": "sha256-r06isoyASAIoYH+zcbb8jescQyYq+AYNccVPUlzivDk=", "narHash": "sha256-c39mzyE1Z95bOjNfcCpENdQUn8lgTQFXNDeDguZnKs4=",
"owner": "thelegy", "owner": "thelegy",
"repo": "nixos-nftables-firewall", "repo": "nixos-nftables-firewall",
"rev": "6cb25335de6f1fe0722f02573d0cfbaea4cd7ecf", "rev": "f1d43094940379f8aa3b7ef750b48db48b622584",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -710,11 +710,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1694422566, "lastModified": 1695360818,
"narHash": "sha256-lHJ+A9esOz9vln/3CJG23FV6Wd2OoOFbDeEs4cMGMqc=", "narHash": "sha256-JlkN3R/SSoMTa+CasbxS1gq+GpGxXQlNZRUh9+LIy/0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3a2786eea085f040a66ecde1bc3ddc7099f6dbeb", "rev": "e35dcc04a3853da485a396bdd332217d0ac9054f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -726,11 +726,11 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1694306727, "lastModified": 1695516402,
"narHash": "sha256-26fkTOJOI65NOTNKFvtcJF9mzzf/kK9swHzfYt1Dl6Q=", "narHash": "sha256-pL7m8iu1OLs/7ywhh+Q8ltPgmtwbMpi7484yr32zgYI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "c30b6a84c0b84ec7aecbe74466033facc9ed103f", "rev": "01fc4cd75e577ac00e7c50b7e5f16cd9b6d633e8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -797,11 +797,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1694708370, "lastModified": 1695705266,
"narHash": "sha256-9d+LPbFuxUOVZNEDz5w6mJAbqVMkkedNi5qSvF171Jg=", "narHash": "sha256-tbsXor65EMGjwMyAyK+poxlvfxM0/UYsgQ5N8CML8+M=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs-wayland", "repo": "nixpkgs-wayland",
"rev": "a6cdb64d5a278ff7059a684561fd1d54f6117bcf", "rev": "06136dbe5a7ab8c4411e25145dfff68c6a2e71f6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -812,11 +812,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1694651847, "lastModified": 1695256509,
"narHash": "sha256-W+2eI96glLiEwLnX/kWn5HDO7WfKKkF0lKW9yyNLEbY=", "narHash": "sha256-Je+ZId+dYrx0NOZ8J6le7CwZZdVZAAP5dddxK9kZNfA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "46ea94edba83944a236850bbc0bfd92785736b00", "rev": "ff7daa56614b083d3a87e2872917b676e9ba62a6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -836,11 +836,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1687629384, "lastModified": 1695643200,
"narHash": "sha256-p0m0AXL2s1RhymW7BXfcR6oYfZhYDNmnSiuTQoyP/2o=", "narHash": "sha256-49SPrO9fWeIoSXS5pFFFhcC4kyfQik5B2J+GSuMopjE=",
"owner": "symphorien", "owner": "symphorien",
"repo": "nixseparatedebuginfod", "repo": "nixseparatedebuginfod",
"rev": "08d4f56a656c38eb414aeedecd9f02cb57ffb2a8", "rev": "318ada174f6e6510a50abb69b7765a28c8009b1a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -918,11 +918,11 @@
"nixpkgs-stable": "nixpkgs-stable_3" "nixpkgs-stable": "nixpkgs-stable_3"
}, },
"locked": { "locked": {
"lastModified": 1694364351, "lastModified": 1695576016,
"narHash": "sha256-oadhSCqopYXxURwIA6/Anpe5IAG11q2LhvTJNP5zE6o=", "narHash": "sha256-71KxwRhTfVuh7kNrg3/edNjYVg9DCyKZl2QIKbhRggg=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "4f883a76282bc28eb952570afc3d8a1bf6f481d7", "rev": "cb770e93516a1609652fa8e945a0f310e98f10c0",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
pkgs/deploy.nix
View file

@ -93,7 +93,7 @@
for host in "''${HOSTS[@]}"; do for host in "''${HOSTS[@]}"; do
store_path="''${TOPLEVEL_STORE_PATHS["$host"]}" store_path="''${TOPLEVEL_STORE_PATHS["$host"]}"
echo " Copying  $host" echo " Copying  $host"
nix copy --to "ssh-ng://$host" "$store_path" nix copy --to "ssh://$host" "$store_path"
time_next time_next
echo " Copied  $host in ''${T_LAST}s" echo " Copied  $host in ''${T_LAST}s"
done done
@ -101,8 +101,8 @@
for host in "''${HOSTS[@]}"; do for host in "''${HOSTS[@]}"; do
store_path="''${TOPLEVEL_STORE_PATHS["$host"]}" store_path="''${TOPLEVEL_STORE_PATHS["$host"]}"
echo " Applying  $host" echo " Applying  $host"
ssh "$host" -- /run/current-system/sw/bin/nix-env --profile /nix/var/nix/profiles/system --set "$store_path"
ssh "$host" -- "$store_path"/bin/switch-to-configuration "$ACTION" ssh "$host" -- "$store_path"/bin/switch-to-configuration "$ACTION"
nix copy --to "ssh-ng://$host" "$store_path"
time_next time_next
echo " Applied  $host in ''${T_LAST}s" echo " Applied  $host in ''${T_LAST}s"
done done