From 01940d0e19602fa35c9370a990659759f331e1b5 Mon Sep 17 00:00:00 2001 From: oddlama Date: Mon, 27 Mar 2023 17:21:05 +0200 Subject: [PATCH] docs: function of all files documented --- README.md | 54 +++++++++++++++++++++++++++++++----------------------- flake.lock | 24 ++++++++++++------------ 2 files changed, 43 insertions(+), 35 deletions(-) diff --git a/README.md b/README.md index 07293af..e0d5807 100644 --- a/README.md +++ b/README.md @@ -2,25 +2,28 @@ ## Structure -- `hosts/` - - - `common/` shared configuration - - - `core/` configuration that is shared across all machines. (base setup, ssh, ...) - - - `/` - +- `hosts/` contains configuration for all hosts. + - `common/` shared configuration. Hosts will include what they need from here. + - `core/` configuration that is shared across _all_ machines. (base setup, ssh, ...) + - `dev/` configuration for development machines + - `graphical/` configuration for graphical setup + - `hardware/` configuration for various hardware components + - `.nix` commonly required configuration for `` + - `/` configuration for `` - `secrets/` Local secrets for this host. Still theoretically accessible by other hosts, but owned by this one. - - `secrets.nix.age` Repository-wide local secrets. Decrypted on import via `builtins.extraBuiltins.rageImportEncrypted`. - - `host.pub` This host's public key.Repository-wide local secrets. Decrypted on import via `builtins.extraBuiltins.rageImportEncrypted`. - - - `nom/` - + - `host.pub` This host's public key. Used for agenix rekeying. + - `default.nix` The actual system definition. Follow the imports from there to see what it entails. + - `meta.nix` Determines the type and architecture of this system, and some other optional meta information. Used e.g. by `nix/colmena.nix` to know which hosts are NixOS and which are home-manger only. + - `fs.nix` Filesystem setup. + - `net.nix` Networking setup. + - `nom/` - My laptop and main development machine + - `ward/` - ODROID H3, energy efficient SBC. Used as a firewall betwenn my ISP and internal home network. Hosts some lightweight services using full KVM virtual machines. + - `envoy/` - Hetzner Cloud server. Primarily used as my mailserver and VPN provider. + - `zackbiene/` - ODROID N2+. Hosts IoT and Home Automation stuff and fully isolates that from my internal network. + - not yet ready for publicized: my main development machine, powerful home server, some services ... (still in transition from gentoo :/) - `modules/` additional NixOS modules that are not yet upstreamed. - - `nix/` library functions and plumbing - - `apps.nix` Additional runnable actions for this flake (**WIP:** infrastructure graph renderer) - `checks.nix` pre-commit-hooks for this repository - `colmena.nix` Setup for distributed deployment using colmena (actually defines all NixOS hosts) @@ -30,20 +33,25 @@ - `hosts.nix` Wrapper that extracts all defined hosts from `hosts/` - `overlays/**` Local overlay packages. Subject for removal. - `overlay.nix` Overlay defintions - - `overlay.nix` Overlay defintions - `rage-decrypt.sh` Auxiliary script for repository-wide secrets - `secrets.nix` Helper to access repository-wide secrets, used by colmena.nix - - `secrets/` Global secrets and age identities - - `secrets.nix.age` Repository-wide global secrets. Decrypted on import via `builtins.extraBuiltins.rageImportEncrypted`. - - `backup.pub` Backup age identity in case I lose my YubiKey - - `yk1-nix-rage.pub` Master YubiKey split-identity - + - `backup.pub` Backup age-identity in case I ever lose my YubiKey or it breaks. + - `yk1-nix-rage.pub` Master YubiKey split-identity. Used as a key-grab. - `pkgs/` Custom packages and scripts - - `users/` User account configuration via home-manager. Imported by each host separately. +## How-To + +#### Add and deploy new machine + +... + +#### New secret + +... + ## Stuff This is my personal nix config. @@ -59,7 +67,7 @@ all commands using these extra parameters, or permanently add the following the 2. Run all commands with `--option plugin-files "$NIX_PLUGINS"/lib/nix/plugins --option extra-builtins-file ./nix/extra-builtins.nix` or permantently - ```toml + ```ini plugin-files = /lib/nix/plugins extra-builtins-file = /path/to/nix-config/nix/extra-builtins.nix ``` diff --git a/flake.lock b/flake.lock index 816a6d3..35224ef 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1679272657, - "narHash": "sha256-oYS8byOUv43t8IIPoud6ukN1uPGixeCyXy8EKaZgN0E=", + "lastModified": 1679928542, + "narHash": "sha256-6ql2P9ULb4wKI5hBn94ck/zqXswJ/O5XtLS5rmnXe3k=", "owner": "oddlama", "repo": "agenix-rekey", - "rev": "2011e042eb5908e6f37b9b621f14be3210723447", + "rev": "46a38999c4dc009ef2ec759344cbe19ccf4b7b95", "type": "github" }, "original": { @@ -166,11 +166,11 @@ ] }, "locked": { - "lastModified": 1679756596, - "narHash": "sha256-wQp7CoYqREPGssf1F0JKx2A4tScbu3iNgI1kS74ib/8=", + "lastModified": 1679786039, + "narHash": "sha256-VNjswu0Q4bZOkWNuc0+dHvRdjUCj+MnDlRfw/Q0R3vI=", "owner": "nix-community", "repo": "home-manager", - "rev": "225d1fb77e6c9f9be1ffd65c8e5eb9cf583aa698", + "rev": "cf662b6c98a0da81e06066fff0ecf9cbd4627727", "type": "github" }, "original": { @@ -196,11 +196,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1679598117, - "narHash": "sha256-Vs1f/7imI77OkMOQhO3xgx4jalN2Gx3D3C2wmnlpWJM=", + "lastModified": 1679765008, + "narHash": "sha256-VCkg/wC2e882suYDS5PDAemaMLYSOdFm4fsx2gowMR0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "648021dcb2b65498eed3ea3a7339cdfc3bea4d82", + "rev": "f38f9a4c9b2b6f89a5778465e0afd166a8300680", "type": "github" }, "original": { @@ -211,11 +211,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1679705136, - "narHash": "sha256-MDlZUR7wJ3PlPtqwwoGQr3euNOe0vdSSteVVOef7tBY=", + "lastModified": 1679865578, + "narHash": "sha256-sYQmxxqIYL3QFsRYjW0AufhGur8qWfwoOGPGHRJZlGc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8f40f2f90b9c9032d1b824442cfbbe0dbabd0dbd", + "rev": "4361baa782dc3d3b35fd455a1adc370681d9187c", "type": "github" }, "original": {