pegasust
/
dotfiles
1
0
Fork 0
Code Issues 6 Pull Requests Projects Releases Wiki Activity

rekey

top-level-wip-bao
Pegasust 2022-12-27 03:47:58 -07:00
parent 6501c80e8d
commit c691bae4f3
11 changed files with 280 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

232
flake.lock Normal file
View File

@ -0,0 +1,232 @@
{
"nodes": {
"agenix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1673301561,
"narHash": "sha256-gRUWHbBAtMuPDJQXotoI8u6+3DGBIUZHkyQWpIv7WpM=",
"owner": "ryantm",
"repo": "agenix",
"rev": "42d371d861a227149dc9a7e03350c9ab8b8ddd68",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1673343300,
"narHash": "sha256-5Xdj6kpXYMie0MlnGwqK5FaMdsedxvyuakWtyKB3zaQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "176e455371a8371586e8a3ff0d56ee9f3ca2324e",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"kpcli-py": {
"flake": false,
"locked": {
"lastModified": 1619087457,
"narHash": "sha256-iRNLq5s2WJJHwB4beP5xQDKrBPWS/42s/ozLoSa5gAE=",
"owner": "rebkwok",
"repo": "kpcli",
"rev": "e4d699e3b3d28887f74185f8fa69d0aade111d84",
"type": "github"
},
"original": {
"owner": "rebkwok",
"repo": "kpcli",
"type": "github"
}
},
"nixgl": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1,
"narHash": "sha256-KP+2qdZlhmRkrafuuEofg7YnNdVmGV95ipvpuqmJneI=",
"path": "out-of-tree/nixGL",
"type": "path"
},
"original": {
"path": "out-of-tree/nixGL",
"type": "path"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1660551188,
"narHash": "sha256-a1LARMMYQ8DPx1BgoI/UN4bXe12hhZkCNqdxNi6uS0g=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "441dc5d512153039f19ef198e662e4f3dbb9fd65",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1673450908,
"narHash": "sha256-b8em+kwrNtnB7gR8SyVf6WuTyQ+6tHS6dzt9D9wgKF0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6c8644fc37b6e141cbfa6c7dc8d98846c4ff0c2e",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1665296151,
"narHash": "sha256-uOB0oxqxN9K7XGF1hcnY+PQnlQJ+3bP2vCn/+Ru/bbc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "14ccaaedd95a488dd7ae142757884d8e125b3363",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"kpcli-py": "kpcli-py",
"nixgl": "nixgl",
"nixpkgs": "nixpkgs_2",
"rust-overlay": "rust-overlay"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1673490397,
"narHash": "sha256-VCSmIYJy/ZzTvEGjdfITmTYfybXBgZpMjyjDndbou+8=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "0833f4d063a2bb75aa31680f703ba594a384ffe6",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

8
flake.nix
View File

@ -89,20 +89,20 @@
in { in {
inherit (hosts) nixosConfigurations; inherit (hosts) nixosConfigurations;
# inherit (users) homeConfigurations; inherit (users) homeConfigurations;
inherit lib proj_root; inherit lib proj_root;
devShell."${system}" = import ./dev-shell.nix final_inputs; devShell."${system}" = import ./dev-shell.nix final_inputs;
templates = import ./templates final_inputs; templates = import ./templates final_inputs;
unit_tests = lib.runTests unit_tests;
secrets = { secrets = {
pubKeys = { pubKeys = {
hosts = hosts.pubKeys; hosts = hosts.pubKeys;
users = users.pubKeys; users = users.pubKeys;
}; };
}; };
unit_tests = lib.runTests unit_tests;
debug = { debug = {
inherit final_inputs hosts users modules lib inputs_w_pkgs unit_tests pkgs; inherit final_inputs hosts users modules lib unit_tests pkgs;
}; };
}; };
} }

28
hosts/default.nix
View File

@ -20,8 +20,6 @@ config = {
]; ];
}; };
}; };
# This middle function propagates variables to be used by mkHostFromPropagated
# The purpose is to debug things
propagate = hostConfig@{metadata, nixosConfig}: let propagate = hostConfig@{metadata, nixosConfig}: let
# req # req
inherit (metadata) hostName; inherit (metadata) hostName;
@ -35,24 +33,8 @@ propagate = hostConfig@{metadata, nixosConfig}: let
hardwareConfig = import "${proj_root.hosts.path}/${hostName}/hardware-configuration.nix"; hardwareConfig = import "${proj_root.hosts.path}/${hostName}/hardware-configuration.nix";
# alias to prevent infinite recursion # alias to prevent infinite recursion
_nixosConfig = nixosConfig; _nixosConfig = nixosConfig;
# debug stuffs (removable)
debugModule = ({lib, proj_root, ...}: let debugAttrOpt = debugVar: lib.mkOption {
type = lib.types.attrs;
description = "Debug for info for ${debugVar}";
visible = false;
internal = true;
readOnly = true;
}; in {
options = {
debugLib = debugAttrOpt "lib";
debug_proj_root = debugAttrOpt "proj_root";
};
config.debugLib = lib;
config.debug_proj_root = proj_root;
});
in { in {
inherit hostName ssh_pubkey users nixosVersion system preset hardwareConfig; inherit hostName ssh_pubkey users nixosVersion system preset hardwareConfig;
debugLib = finalInputs.lib;
nixosConfig = _nixosConfig // { nixosConfig = _nixosConfig // {
inherit system; inherit system;
modules = [ modules = [
@ -68,7 +50,6 @@ in {
networking.hostName = hostName; networking.hostName = hostName;
users.users = users; users.users = users;
} }
debugModule
{ {
imports = [agenix.nixosModule]; imports = [agenix.nixosModule];
environment.systemPackages = [agenix.defaultPackage.x86_64-linux]; environment.systemPackages = [agenix.defaultPackage.x86_64-linux];
@ -80,14 +61,15 @@ in {
}; };
# we are blessed by the fact that we engulfed nixpkgs.lib.* at top level # we are blessed by the fact that we engulfed nixpkgs.lib.* at top level
mkHostFromPropagated = propagatedHostConfig@{nixosConfig,...}: nixpkgs.lib.nixosSystem nixosConfig; mkHostFromPropagated = propagatedHostConfig@{nixosConfig,...}: nixpkgs.lib.nixosSystem nixosConfig;
<<<<<<< HEAD
mkHost = hostConfig: (lib.pipe [propagate mkHostFromPropagated] hostConfig); mkHost = hostConfig: (lib.pipe [propagate mkHostFromPropagated] hostConfig);
trimNull = lib.filterAttrsRecursive (name: value: value != null); trimNull = lib.filterAttrsRecursive (name: value: value != null);
flattenPubkey = lib.mapAttrs (hostName: meta_config: meta_config.metadata.ssh_pubkey); flattenPubkey = lib.mapAttrs (hostName: meta_config: meta_config.metadata.ssh_pubkey);
=======
mkHost = hostConfig: (lib.pipe hostConfig [propagate mkHostFromPropagated]);
>>>>>>> 4619ea4 (rekey)
in { in {
nixosConfigurations = lib.mapAttrs (name: hostConfig: mkHost hostConfig) config; nixosConfigurations = lib.mapAttrs (name: hostConfig: mkHost hostConfig) config;
# {bao = "ssh-ed25519 ..."; another_host = "ssh-rsa ...";} # {bao = "ssh-ed25519 ..."; another_host = "ssh-rsa ...";}
pubKeys = trimNull (flattenPubkey config); pubKeys = lib.getPubkey config;
debug = {
propagated = lib.mapAttrs (name: hostConfig: propagate hostConfig) config;
};
} }

20
lib/default.nix
View File

@ -6,17 +6,25 @@
,defaultSystem? "x86_64-linux" ,defaultSystem? "x86_64-linux"
,...}@inputs: let ,...}@inputs: let
lib = pkgs.lib; lib = pkgs.lib;
serde = import ./serde.nix (inputs // {inherit lib;}); inputs_w_lib = (inputs // {inherit lib;});
serde = import ./serde.nix inputs_w_lib;
shellAsDrv = {script, pname}: (pkgs.callPackage (
# just a pattern that we must remember: args to this are children of pkgs.
{writeShellScriptBin}: writeShellScriptBin pname script
) {});
trimNull = lib.filterAttrs (name: value: value != null);
# ssh
flattenPubkey = lib.mapAttrs (_identity: meta_config: lib.attrByPath ["metadata" "ssh_pubkey"] null meta_config);
getPubkey = config: (lib.pipe config [flattenPubkey trimNull]);
# procedure = # procedure =
in { in {
# short-hand to create a shell derivation # short-hand to create a shell derivation
# NOTE: this is pure. This means, env vars from devShells might not # NOTE: this is pure. This means, env vars from devShells might not
# be accessible unless MAYBE they are `export`ed # be accessible unless MAYBE they are `export`ed
shellAsDrv = {script, pname}: (pkgs.callPackage ( inherit shellAsDrv trimNull flattenPubkey getPubkey;
# just a pattern that we must remember: args to this are children of pkgs. ssh = {
{writeShellScriptBin}: writeShellScriptBin pname script inherit flattenPubkey getPubkey;
) {}); };
# Configures hosts as nixosConfiguration # Configures hosts as nixosConfiguration
# mkHost = {hostName # mkHost = {hostName
# , nixosBareConfiguration # , nixosBareConfiguration

6
modules/minimal.sys.nix
View File

@ -1,13 +1,15 @@
{pkgs {pkgs
,lib ,lib
,proj_root ,proj_root
,modulesPath
,... ,...
}:{ }:{
imports = ["${modulesPath}/profiles/minimal.nix"];
# prune old builds after a while # prune old builds after a while
nix.settings.auto-optimize-store = true; nix.settings.auto-optimise-store = true;
nix.package = pkgs.nixFlakes; # nix flakes nix.package = pkgs.nixFlakes; # nix flakes
nix.extraOptions = '' nix.extraOptions = ''
experimental=feature = nix-command flakes experimental-features = nix-command flakes
''; '';
programs.neovim = { programs.neovim = {
enable = true; enable = true;

2
modules/ssh.sys.nix
View File

@ -1,6 +1,6 @@
{ {
services.openssh = { services.openssh = {
enable = true; enable = true;
permitRootLogin = false; permitRootLogin = "no";
}; };
} }

BIN
secrets/_nhitrl.age
View File

Binary file not shown.

18
secrets/s3fs.age
View File

@ -1,10 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 ahbzMg 6pTVLAgOY/JZVWiCFHLo8xQ4/CL6620IMaBRpqI8Wws -> ssh-ed25519 ahbzMg Lx4TLKDZ2yk3DQsM6nOOI1o+FHu0lNtT2p3PBdao+C4
CtJeQuy5VzKZhJnIH+/cjlKsAcg0RY2bhHTWVm+hUOY RsTScUeLmFrO6v1OOxBbyBCMBMVhsGrtu5W9iMOw8B0
-> ssh-ed25519 glsjZQ we7RCgsnODTJ8rKYhU+9tu0DmLH+98mcQKQ3I2slikM -> ssh-ed25519 glsjZQ CdLCkzb1dBoG9gYdMisaZBZT+nnzfOX326CWq6cvN1s
G81lsFLQR9polxme1K/MU2d8Y01PrTqtzJnVq0EMJF0 UKGCxej9lZnLzsuFJnFOMpyrz7YzJrHcrFuDz8l8RQk
-> |-grease B\W,I9z ^Gx;$ Kk7!4,P -> U<J-grease + A6h/F, 'mix
0Jl5Lhx7R8YOs9S+hUtQDDpNIqBhC/MM0N7w1MCtwYtkIIIWKfY9jkJ7+Cew2Ee5 jpEa7b7rRo6bVpTr19c5ALOfaeiP0jldtpQBRWfJnma3VSo3kkDQpfa3RvPjZfD8
Qb04jnE Eg9Zb03MKMUAJnWwfLCXVFQqEVpSaIwI+ujLZ5Cm
--- b7AXWRgK45a/91iwmwt5g+CWOlU/2f4nUDfXlg/bs9A --- /a+J/jeGoWwuNvDEAIGzU0WKx86oH+YRTnSexf+8NP4
¢²%;Þ3RmQÚWhpÌVŠ;º×®¡¥VÍÚñ[zš9al¦±=cLêüva<>ëu7é,†tø±ýUܶh^&å‰Ö¿WåJP6-ÇÒ£ n-ˆ¿=™] !]FµO¬Jv”žó%×-ŻtÚŹŘťuzčB­É˙}ś‡Ő"C\;D (ľ‡ĂFŠÎ®j®ëA7&ąü<C485>˛?é.ć…J•áBa»„ąŽ˛[ŘdXrŢŚO

BIN
secrets/s3fs.digital-garden.age
View File

Binary file not shown.

BIN
secrets/wifi.env.age Normal file
View File

Binary file not shown.

13
users/default.nix
View File

@ -1,3 +1,12 @@
inputs: { {lib,...}@inputs: let
pubKeys = {}; config = {
hungtr.metadata = {
};
"hungtr@bao".metadata = {
ssh_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+1+gps6phbZboIb9fH51VNPUCkhSSOAbkI3tq3Ou0Z";
};
};
in {
homeConfigurations = {};
pubKeys = lib.getPubkey config;
} }