summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <git@lassul.us>2023-06-10 12:50:53 +0200
committerlassulus <git@lassul.us>2023-06-11 16:50:45 +0200
commit9cc3eea82d60dc5ed9f4de7c15d63ee162e639fb (patch)
tree072eac849a03ecb4c95efc575ca1efe326da3a89
parent98584f2db914208bf6db482627cdb7de151d2d89 (diff)
init flake.nix
-rw-r--r--flake.lock44
-rw-r--r--flake.nix30
-rw-r--r--kartei/0x4A6F/default.nix6
-rw-r--r--kartei/dave/default.nix7
-rw-r--r--kartei/dbalan/default.nix8
-rw-r--r--kartei/default.nix6
-rw-r--r--kartei/feliks/default.nix8
-rw-r--r--kartei/jan/default.nix7
-rw-r--r--kartei/jeschli/default.nix8
-rw-r--r--kartei/kmein/default.nix8
-rw-r--r--kartei/krebs/default.nix12
-rw-r--r--kartei/lass/default.nix14
-rw-r--r--kartei/makefu/default.nix13
-rw-r--r--kartei/mic92/default.nix3
-rw-r--r--kartei/others/default.nix3
-rw-r--r--kartei/oxzi/default.nix8
-rw-r--r--kartei/palo/default.nix4
-rw-r--r--kartei/rtunreal/default.nix4
-rw-r--r--kartei/srounce/default.nix6
-rw-r--r--kartei/template/default.nix4
-rw-r--r--kartei/tv/default.nix15
-rw-r--r--kartei/xkey/default.nix4
-rw-r--r--kartei/ynnel/default.nix7
-rw-r--r--krebs/0tests/data/secrets/radicale.id_ed255190
-rw-r--r--krebs/1systems/hotdog/config.nix30
-rw-r--r--krebs/2configs/backup.nix2
-rw-r--r--krebs/2configs/cal.nix4
-rw-r--r--krebs/2configs/reaktor2.nix42
-rw-r--r--krebs/2configs/repo-sync.nix3
-rw-r--r--krebs/2configs/wiki.nix8
-rw-r--r--krebs/3modules/airdcpp.nix6
-rw-r--r--krebs/3modules/announce-activation.nix46
-rw-r--r--krebs/3modules/apt-cacher-ng.nix2
-rw-r--r--krebs/3modules/backup.nix2
-rw-r--r--krebs/3modules/bepasty-server.nix2
-rw-r--r--krebs/3modules/bindfs.nix4
-rw-r--r--krebs/3modules/brockman.nix4
-rw-r--r--krebs/3modules/build.nix4
-rw-r--r--krebs/3modules/ci/default.nix7
-rw-r--r--krebs/3modules/current.nix2
-rw-r--r--krebs/3modules/default.nix3
-rw-r--r--krebs/3modules/dns.nix6
-rw-r--r--krebs/3modules/exim-retiolum.nix4
-rw-r--r--krebs/3modules/exim-smarthost.nix2
-rw-r--r--krebs/3modules/exim.nix2
-rw-r--r--krebs/3modules/fetchWallpaper.nix2
-rw-r--r--krebs/3modules/git.nix8
-rw-r--r--krebs/3modules/github/hosts-sync.nix2
-rw-r--r--krebs/3modules/go.nix2
-rw-r--r--krebs/3modules/hidden-ssh.nix2
-rw-r--r--krebs/3modules/hosts.nix14
-rw-r--r--krebs/3modules/htgen.nix2
-rw-r--r--krebs/3modules/iana-etc.nix4
-rw-r--r--krebs/3modules/iptables.nix2
-rw-r--r--krebs/3modules/kapacitor.nix2
-rw-r--r--krebs/3modules/konsens.nix5
-rw-r--r--krebs/3modules/krebs-pages.nix5
-rw-r--r--krebs/3modules/monit.nix2
-rw-r--r--krebs/3modules/nixpkgs.nix2
-rw-r--r--krebs/3modules/on-failure.nix2
-rw-r--r--krebs/3modules/os-release.nix6
-rw-r--r--krebs/3modules/per-user.nix4
-rw-r--r--krebs/3modules/permown.nix4
-rw-r--r--krebs/3modules/reaktor2.nix4
-rw-r--r--krebs/3modules/realwallpaper.nix2
-rw-r--r--krebs/3modules/repo-sync.nix2
-rw-r--r--krebs/3modules/retiolum-bootstrap.nix4
-rw-r--r--krebs/3modules/secret.nix6
-rw-r--r--krebs/3modules/setuid.nix5
-rw-r--r--krebs/3modules/shadow.nix7
-rw-r--r--krebs/3modules/sitemap.nix5
-rw-r--r--krebs/3modules/sync-containers.nix5
-rw-r--r--krebs/3modules/systemd.nix13
-rw-r--r--krebs/3modules/tinc.nix4
-rw-r--r--krebs/3modules/tinc_graphs.nix2
-rw-r--r--krebs/3modules/upstream/default.nix5
-rw-r--r--krebs/3modules/upstream/desktop-managers/coma.nix5
-rw-r--r--krebs/3modules/upstream/desktop-managers/none.nix6
-rw-r--r--krebs/3modules/upstream/window-managers/default.nix36
-rw-r--r--krebs/3modules/urlwatch.nix2
-rw-r--r--krebs/3modules/users.nix7
-rw-r--r--krebs/3modules/zones.nix4
-rw-r--r--krebs/5pkgs/default.nix9
-rw-r--r--krebs/5pkgs/simple/reaktor2-plugins.nix16
-rw-r--r--krebs/default.nix4
-rw-r--r--lib/default.nix226
-rw-r--r--lib/lib.nix227
87 files changed, 576 insertions, 514 deletions
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 000000000..937db8871
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,44 @@
+{
+ "nodes": {
+ "nix-writers": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1677612737,
+ "narHash": "sha256-UaCKZ4PbMZU6UZH7XNFcjRtd5jheswl66rjZDBfQgp8=",
+ "ref": "refs/heads/master",
+ "rev": "66a1f6833464bbb121b6d94247ad769f277351f8",
+ "revCount": 39,
+ "type": "git",
+ "url": "https://cgit.krebsco.de/nix-writers"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://cgit.krebsco.de/nix-writers"
+ }
+ },
+ "nixpkgs": {
+ "locked": {
+ "lastModified": 1686135559,
+ "narHash": "sha256-pY8waAV8K/sbHBdLn5diPFnQKpNg0YS9w03MrD2lUGE=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "381e92a35e2d196fdd6077680dca0cd0197e75cb",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "root": {
+ "inputs": {
+ "nix-writers": "nix-writers",
+ "nixpkgs": "nixpkgs"
+ }
+ }
+ },
+ "root": "root",
+ "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 000000000..8f3befbc4
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,30 @@
+{
+ inputs = {
+ nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+ nix-writers = {
+ url = "git+https://cgit.krebsco.de/nix-writers";
+ flake = false;
+ };
+ # disko.url = "github:nix-community/disko";
+ # disko.inputs.nixpkgs.follows = "nixpkgs";
+ };
+
+ description = "stockholm";
+
+ outputs = { self, nixpkgs, nix-writers }: {
+ nixosConfigurations.hotdog = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ specialArgs.stockholm = self;
+ specialArgs.nix-writers = nix-writers;
+ specialArgs.secrets = toString ./krebs/0tests/data/secrets;
+ modules = [
+ ./krebs/1systems/hotdog/config.nix
+ ];
+ };
+ kartei = {
+ hosts = self.nixosConfigurations.hotdog.config.krebs.hosts;
+ users = self.nixosConfigurations.hotdog.config.krebs.users;
+ };
+ lib = import (self.outPath + "/lib/lib.nix") { lib = nixpkgs.lib; };
+ };
+}
diff --git a/kartei/0x4A6F/default.nix b/kartei/0x4A6F/default.nix
index 8939f267d..c06bddff1 100644
--- a/kartei/0x4A6F/default.nix
+++ b/kartei/0x4A6F/default.nix
@@ -1,12 +1,12 @@
-with import ../../lib;
-{ config, ... }: let
+{ config, lib, stockholm, ... }:
+with lib; let
hostDefaults = hostName: host: flip recursiveUpdate host ({
ci = false;
external = true;
monitoring = false;
} // optionalAttrs (host.nets?retiolum) {
nets.retiolum.ip6.addr =
- (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
+ (stockholm.lib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
});
in {
users = {
diff --git a/kartei/dave/default.nix b/kartei/dave/default.nix
index 053ec412b..c73582749 100644
--- a/kartei/dave/default.nix
+++ b/kartei/dave/default.nix
@@ -1,6 +1,5 @@
-{ config, ... }: let
- lib = import ../../lib;
-in {
+{ config, lib, stockholm, ... }:
+{
users.dave = {
mail = "hsngrmpf@gmail.com";
};
@@ -8,7 +7,7 @@ in {
owner = config.krebs.users.dave;
nets.retiolum = {
aliases = [ "dave.r" ];
- ip6.addr = (lib.krebs.genipv6 "retiolum" "dave" { hostName = "dave"; }).address;
+ ip6.addr = (stockholm.lib.krebs.genipv6 "retiolum" "dave" { hostName = "dave"; }).address;
ip4.addr = "10.243.0.6";
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
diff --git a/kartei/dbalan/default.nix b/kartei/dbalan/default.nix
index fadf187db..ba63c5b6a 100644
--- a/kartei/dbalan/default.nix
+++ b/kartei/dbalan/default.nix
@@ -1,5 +1,5 @@
-with import ../../lib;
-{ config, ... }:
+{ config, lib, stockholm, ... }:
+with lib;
let
hostDefaults = hostName: host: flip recursiveUpdate host ({
ci = false;
@@ -8,11 +8,11 @@ let
owner = config.krebs.users.dbalan;
} // optionalAttrs (host.nets?retiolum) {
nets.retiolum = {
- ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
+ ip6.addr = (stockholm.lib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
};
} // optionalAttrs (host.nets?wiregrill) {
nets.wiregrill = {
- ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
+ ip6.addr = (stockholm.lib.krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
};
});
in
diff --git a/kartei/default.nix b/kartei/default.nix
index 6024e2351..3686bbb54 100644
--- a/kartei/default.nix
+++ b/kartei/default.nix
@@ -1,7 +1,9 @@
-{ config, lib, ... }: let
+{ config, lib, pkgs, ... }: let
removeTemplate =
# TODO don't remove during CI
lib.flip builtins.removeAttrs ["template"];
+
+ stockholm.lib = import ../lib/lib.nix { inherit lib; };
in {
config =
lib.mkMerge
@@ -9,7 +11,7 @@ in {
(name: _type: let
path = ./. + "/${name}";
in {
- krebs = import path { inherit config; };
+ krebs = import path { inherit config lib stockholm; };
})
(removeTemplate
(lib.filterAttrs
diff --git a/kartei/feliks/default.nix b/kartei/feliks/default.nix
index e98da7bc6..9f7f59164 100644
--- a/kartei/feliks/default.nix
+++ b/kartei/feliks/default.nix
@@ -1,5 +1,5 @@
-with import ../../lib;
-{ config, ... }: let
+{ config, lib, stockholm, ... }:
+with lib; let
hostDefaults = hostName: host: flip recursiveUpdate host ({
owner = config.krebs.users.feliks;
ci = false;
@@ -7,10 +7,10 @@ with import ../../lib;
monitoring = false;
} // optionalAttrs (host.nets?retiolum) {
nets.retiolum.ip6.addr =
- (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
+ (stockholm.lib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
} // optionalAttrs (host.nets?wiregrill) {
nets.wiregrill.ip6.addr =
- (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
+ (stockholm.lib.krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
});
in {
users.feliks = {
diff --git a/kartei/jan/default.nix b/kartei/jan/default.nix
index 72b5cb331..aa3676e7f 100644
--- a/kartei/jan/default.nix
+++ b/kartei/jan/default.nix
@@ -1,6 +1,5 @@
-{ config, ... }: let
- lib = import ../../lib;
-in {
+{ config, lib, stockholm, ... }:
+{
users.jan = {
mail = "jan.heidbrink@posteo.de";
@@ -67,7 +66,7 @@ in {
nets.retiolum = {
aliases = [ "grill.r" ];
ip4.addr = "10.243.217.217";
- ip6.addr = (lib.krebs.genipv6 "retiolum" "jan" { hostName = "grill"; }).address;
+ ip6.addr = (stockholm.lib.krebs.genipv6 "retiolum" "jan" { hostName = "grill"; }).address;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAs4P6CfRcwFGCqkfv1tyTbbk2eHh08kEqxPNQ655sMKWxMhgRnRII
diff --git a/kartei/jeschli/default.nix b/kartei/jeschli/default.nix
index fe12c16a4..618d7f6c1 100644
--- a/kartei/jeschli/default.nix
+++ b/kartei/jeschli/default.nix
@@ -1,12 +1,12 @@
-with import ../../lib;
-{ config, ... }: let
-
+{ config, lib, stockholm, ... }:
+with lib;
+let
hostDefaults = hostName: host: flip recursiveUpdate host ({
ci = true;
owner = config.krebs.users.jeschli;
} // optionalAttrs (host.nets?retiolum) {
nets.retiolum.ip6.addr =
- (krebs.genipv6 "retiolum" "jeschli" { inherit hostName; }).address;
+ (stockholm.lib.krebs.genipv6 "retiolum" "jeschli" { inherit hostName; }).address;
});
in {
diff --git a/kartei/kmein/default.nix b/kartei/kmein/default.nix
index 1a5a57d1a..d0b85ff71 100644
--- a/kartei/kmein/default.nix
+++ b/kartei/kmein/default.nix
@@ -1,5 +1,5 @@
-with import ../../lib;
-{ config, ... }:
+{ config, lib, stockholm, ... }:
+with lib;
let
maybeEmpty = attrset: key: if (attrset?key) then attrset.${key} else [];
hostDefaults = hostName: host: flip recursiveUpdate host ({
@@ -9,11 +9,11 @@ let
owner = config.krebs.users.kmein;
} // optionalAttrs (host.nets?retiolum) {
nets.retiolum = {
- ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
+ ip6.addr = (stockholm.lib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
};
} // optionalAttrs (host.nets?wiregrill) {
nets.wiregrill = {
- ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
+ ip6.addr = (stockholm.lib.krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
};
});
ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
diff --git a/kartei/krebs/default.nix b/kartei/krebs/default.nix
index 414b66e9f..d07057dd5 100644
--- a/kartei/krebs/default.nix
+++ b/kartei/krebs/default.nix
@@ -1,5 +1,5 @@
-with import ../../lib;
-{ config, ... }: let
+{ config, lib, stockholm, ... }: with stockholm.lib;
+let
hostDefaults = hostName: host: flip recursiveUpdate host ({
owner = config.krebs.users.krebs;
@@ -66,7 +66,6 @@ in {
tinc.pubkey_ed25519 = "D5TYSZW9OAkdnvQ/NL98UgheRC2Zg4SMNZ8M4/KwdeL";
};
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKRpjW68lSlTL8jBQcXKOTdGa+olQw5ghaU5df2yAE64";
};
hotdog = {
@@ -100,7 +99,6 @@ in {
tinc.pubkey_ed25519 = "ugy/sGReVro3YzjDuroV/5hdeBdqD18no9dMhTy9DYL";
};
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxFkBln23wUxt4RhIHE3GvdKeBpJbjn++6maupHqUHp";
};
news = {
@@ -133,7 +131,6 @@ in {
'';
};
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHl5cDF9QheXyMlNYIX17ILbgd94K50fZy7w0fDLvZlo ";
};
onebutton = {
@@ -161,7 +158,6 @@ in {
'';
};
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcZg+iLaPZ0SpLM+nANxIjZC/RIsansjyutK0+gPhIe ";
};
ponte = {
@@ -208,7 +204,6 @@ in {
};
};
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEw9fo8Qtb/DTLacdrJP7Ti7c4UXTm6wUUX+iRFweEo ";
};
puyak = {
@@ -234,7 +229,6 @@ in {
'';
};
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY";
syncthing.id = "DK5CEE2-PNUXYCE-Q42H2HP-623GART-B7KS4VK-HU2RBGQ-EK6QPUP-HUL3PAR";
};
@@ -259,7 +253,6 @@ in {
'';
};
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOu6EVN3928qWiWszqBUzOjeQJRvFozTBl4xAhBP/Ymc";
};
wolf = {
@@ -296,7 +289,6 @@ in {
'';
};
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYMXMWZIK0jjnZDM9INiYAKcwjXs2241vew54K8veCR";
};
} // testHosts);
diff --git a/kartei/lass/default.nix b/kartei/lass/default.nix
index de776fca0..99e34083a 100644
--- a/kartei/lass/default.nix
+++ b/kartei/lass/default.nix
@@ -1,8 +1,7 @@
-with import ../../lib;
-{ config, ... }: let
+{ config, lib, stockholm, ... }: let
- r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address;
- w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address;
+ r6 = ip: (stockholm.lib.krebs.genipv6 "retiolum" "lass" ip).address;
+ w6 = ip: (stockholm.lib.krebs.genipv6 "wiregrill" "lass" ip).address;
hostFiles =
builtins.map (lib.removeSuffix ".nix") (
builtins.filter
@@ -14,14 +13,17 @@ in {
dns.providers = {
"lassul.us" = "zones";
};
- hosts = mapAttrs (_: recursiveUpdate {
+ hosts = lib.mapAttrs (_: lib.recursiveUpdate {
owner = config.krebs.users.lass;
consul = true;
ci = true;
monitoring = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
}) (
- lib.genAttrs hostFiles (host: import (./. + "/${host}.nix") { inherit config krebs lib r6 w6; })
+ lib.genAttrs hostFiles (host: import (./. + "/${host}.nix") {
+ inherit config lib r6 w6;
+ krebs = stockholm.lib.krebs;
+ })
);
users = rec {
lass = lass-yubikey;
diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix
index 5e236d574..ff7017dd5 100644
--- a/kartei/makefu/default.nix
+++ b/kartei/makefu/default.nix
@@ -2,8 +2,7 @@
# tinc generate-keys
# ssh-keygen -f ssh.id_ed25519 -t ed25519 -C