add sops; bao: builtins.readFile requries git-controlled file
parent
1bee9c3368
commit
1121af6759
|
|
@ -15,9 +15,47 @@
|
||||||
"type": "indirect"
|
"type": "indirect"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs-stable": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1671459584,
|
||||||
|
"narHash": "sha256-6wRK7xmeHfClJ0ICOkax1avLZVGTDqBodQlkl/opccY=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "87b58217c9a05edcf7630b9be32570f889217aef",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "release-22.11",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": "nixpkgs"
|
"nixpkgs": "nixpkgs",
|
||||||
|
"sops-nix": "sops-nix"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"sops-nix": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1671472949,
|
||||||
|
"narHash": "sha256-9iHSGpljCX+RypahQssBXPwkru9onfKfceCTeVrMpH4=",
|
||||||
|
"owner": "Mic92",
|
||||||
|
"repo": "sops-nix",
|
||||||
|
"rev": "32840f16ffa0856cdf9503a8658f2dd42bf70342",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "Mic92",
|
||||||
|
"repo": "sops-nix",
|
||||||
|
"type": "github"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -1,15 +1,24 @@
|
||||||
{
|
{
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "nixpkgs/nixos-unstable";
|
nixpkgs.url = "nixpkgs/nixos-unstable";
|
||||||
|
# TODO: when sops-nix is supported in home-manager, switch to home-manager instead
|
||||||
|
sops-nix = {
|
||||||
|
url = "github:Mic92/sops-nix";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, ... }:
|
outputs = { self, nixpkgs, sops-nix, ... }:
|
||||||
let lib = nixpkgs.lib; in
|
let
|
||||||
{
|
lib = nixpkgs.lib;
|
||||||
|
proj_root = builtins.toString ./../..;
|
||||||
|
# TODO: when sops-nix is supported in home-manager, switch to home-manager instead
|
||||||
|
base_modules = [sops-nix.nixosModules.sops];
|
||||||
|
in {
|
||||||
# Windows with NixOS WSL
|
# Windows with NixOS WSL
|
||||||
nixosConfigurations.Felia = nixpkgs.lib.nixosSystem {
|
nixosConfigurations.Felia = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
modules = [
|
modules = base_modules ++ [
|
||||||
./wsl-configuration.nix
|
./wsl-configuration.nix
|
||||||
{
|
{
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
|
@ -26,7 +35,7 @@
|
||||||
};
|
};
|
||||||
nixosConfigurations.lizzi = nixpkgs.lib.nixosSystem {
|
nixosConfigurations.lizzi = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
modules = [
|
modules = base_modules ++ [
|
||||||
./configuration.nix
|
./configuration.nix
|
||||||
{
|
{
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
|
@ -85,7 +94,7 @@
|
||||||
# Generic machine
|
# Generic machine
|
||||||
nixosConfigurations.pixi = nixpkgs.lib.nixosSystem {
|
nixosConfigurations.pixi = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
modules = [
|
modules = base_modules ++ [
|
||||||
./configuration.nix
|
./configuration.nix
|
||||||
{
|
{
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
|
@ -141,7 +150,7 @@
|
||||||
};
|
};
|
||||||
nixosConfigurations.nyx = nixpkgs.lib.nixosSystem {
|
nixosConfigurations.nyx = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
modules = [
|
modules = base_modules ++ [
|
||||||
./configuration.nix
|
./configuration.nix
|
||||||
{
|
{
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
|
@ -169,7 +178,7 @@
|
||||||
};
|
};
|
||||||
nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
|
nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
modules = [
|
modules = base_modules ++ [
|
||||||
./configuration.nix
|
./configuration.nix
|
||||||
{
|
{
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
|
@ -182,17 +191,49 @@
|
||||||
nixosConfigurations.bao = nixpkgs.lib.nixosSystem {
|
nixosConfigurations.bao = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
specialArgs.hostname = "bao";
|
specialArgs.hostname = "bao";
|
||||||
modules = [
|
modules = base_modules ++ [
|
||||||
./configuration.nix
|
./configuration.nix
|
||||||
# automount using s3fs
|
# automount using s3fs
|
||||||
({config, pkgs, lib, ...}: {
|
({config, pkgs, lib, ...}: {
|
||||||
environment.systemPackages = [pkgs.s3fs]; # s3fs-fuse
|
environment.systemPackages = [pkgs.s3fs]; # s3fs-fuse
|
||||||
# Sadly, this uses systemd, so we can't put it in home-manager yet
|
# Sadly, autofs uses systemd, so we can't put it in home-manager
|
||||||
# HACK: need to store secret somewhere so that root can access this
|
# HACK: need to store secret somewhere so that root can access this
|
||||||
# because autofs runs as root
|
# because autofs may run as root for now, we enforce putting the secret in this monorepo
|
||||||
services.autofs = let
|
services.autofs = let
|
||||||
|
# mount_dest: path ("wow")
|
||||||
|
# backend_args: nix attrs representing the arguments to be passed to s3fs
|
||||||
|
# ({"-fstype" = "fuse"; "use_cache" = "/tmp";})
|
||||||
|
# bucket: bucket name (hungtr-hot)
|
||||||
|
# NOTE: s3 custom provider will be provided inside
|
||||||
|
# backend_args, so just put the bucket name here
|
||||||
|
#
|
||||||
|
#-> "${mount_dest} ${formatted_args} ${s3fs-bin}#${bucket}"
|
||||||
|
autofs-s3fs_entry = {
|
||||||
|
mount_dest,
|
||||||
|
backend_args? {"-fstype" = "fuse";},
|
||||||
|
bucket
|
||||||
|
}@inputs: let
|
||||||
|
s3fs-exec = "${pkgs.s3fs}/bin/s3fs";
|
||||||
|
# confToBackendArg {lol="what"; empty=""; name_only=null;} -> "lol=what,empty=,name_only"
|
||||||
|
confToBackendArg = conf: (lib.concatStringsSep ","
|
||||||
|
(lib.mapAttrsToList (name: value: "${name}${lib.optionalString (value != null) "=${value}"}") conf));
|
||||||
|
in "${mount_dest} ${confToBackendArg backend_args} ${s3fs-exec}#${bucket}";
|
||||||
personalStorage = [
|
personalStorage = [
|
||||||
"hot -fstype=fuse,use_cache=/tmp,del_cache,allow_other,url=f5i0.ph.idrivee2-32.com :s3fs#hungtr-hot"
|
# (autofs-s3fs_entry {
|
||||||
|
# mount_dest = "hot";
|
||||||
|
# backend_args = {
|
||||||
|
# "-fstype" = "fuse";
|
||||||
|
# use_cache = "/tmp";
|
||||||
|
# del_cache = null;
|
||||||
|
# allow_other = null;
|
||||||
|
# url = "https://f5i0.ph.idrivee2-32.com";
|
||||||
|
# # TODO: builtins.readFile requires a Git-controlled file
|
||||||
|
# passwd_file = (pkgs.writeText "env.s3fs.idrive" (builtins.readFile
|
||||||
|
# "${proj_root}//secrets/env.s3fs"
|
||||||
|
# ));
|
||||||
|
# };
|
||||||
|
# bucket = "hungtr-hot";
|
||||||
|
# })
|
||||||
];
|
];
|
||||||
persoConf = pkgs.writeText "personal" (builtins.concatStringsSep "\n" personalStorage);
|
persoConf = pkgs.writeText "personal" (builtins.concatStringsSep "\n" personalStorage);
|
||||||
in {
|
in {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue