flake: Replace nixpkgs overrides with cleaner ones

flake: clean up :)
challenger: disable nvidia drivers and nfs exports
2024-12-22 04:07:28 +01:00 · 2024-10-06 02:58:51 +02:00 · 2024-10-06 01:57:55 +02:00 · 2024-10-05 21:46:13 +02:00 · 2024-10-05 21:44:48 +02:00 · 2024-10-05 21:43:26 +02:00
7 changed files with 94 additions and 132 deletions
--- a/flake.lock
+++ b/flake.lock
@ -96,11 +96,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1725975477,
-        "narHash": "sha256-sBnXxmYBb0S85Vkny97z2TFLd5SJW5o0k6KQNwpSLb0=",
+        "lastModified": 1727999297,
+        "narHash": "sha256-LTJuQPCsSItZ/8TieFeP30iY+uaLoD0mT0tAj1gLeyQ=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "5b2d8e9a47c3e17514650d1ce7d5e907114db82b",
+        "rev": "8c8388ade72e58efdeae71b4cbb79e872c23a56b",
        "type": "github"
      },
      "original": {
@ -173,6 +173,22 @@
        "type": "github"
      }
    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1728018373,
+        "narHash": "sha256-NOiTvBbRLIOe5F6RbHaAh6++BNjsb149fGZd1T4+KBg=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "bc947f541ae55e999ffdb4013441347d83b00feb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1698318101,
@ -214,8 +230,8 @@
        "nix-minecraft": "nix-minecraft",
        "nixpkgs": "nixpkgs_3",
        "nixpkgs-2211": "nixpkgs-2211",
-        "sops-nix": "sops-nix",
-        "unstable": "unstable"
+        "nixpkgs-unstable": "nixpkgs-unstable",
+        "sops-nix": "sops-nix"
      }
    },
    "sops-nix": {
@ -253,22 +269,6 @@
        "repo": "default",
        "type": "github"
      }
-    },
-    "unstable": {
-      "locked": {
-        "lastModified": 1726755586,
-        "narHash": "sha256-PmUr/2GQGvFTIJ6/Tvsins7Q43KTMvMFhvG6oaYK+Wk=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "c04d5652cfa9742b1d519688f65d1bbccea9eb7e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -3,7 +3,7 @@

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
-    unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
+    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
    nixpkgs-2211.url = "https://github.com/NixOS/nixpkgs/archive/34bfa9403e42eece93d1a3740e9d8a02fceafbca.tar.gz"; # old nixpgks for e.g. remmina

    nix-darwin.url = "github:lnl7/nix-darwin/master";
@ -29,132 +29,76 @@
    , nix-darwin
    , nixpkgs
    , nixpkgs-2211
+    , nixpkgs-unstable
    , sops-nix
-    , unstable
    , extra-config
  , ... }@inputs:
    let
      pkgs-overlay = final: prev: {
-        unstable = unstable.legacyPackages.${prev.system};
-        nixpkgs-2211 = nixpkgs-2211.legacyPackages.${prev.system};
-
-        python311 = prev.python311.override {
-          packageOverrides = self: super: {
-            # k5test is broken on darwin, as of 24.05
-            gssapi = super.gssapi.overrideAttrs (old: {
-              doInstallCheck = false;
-            });
-          };
+        unstable = import nixpkgs-unstable {
+          system = prev.system;
+          config.allowUnfree = true;
        };

-        tlclient = final.unstable.tlclient.overrideAttrs (finalAttrs: previousAttrs: {
-          # nixpkgs.config.allowUnfreePredicate doesn't work for the unstable overlay, as it is a different "nixpkgs"
-          meta.license.free = true;
-        });
+        nixpkgs-2211 = import nixpkgs-2211 {
+          system = prev.system;
+          config.allowUnfree = true;
+        };
      };
    in
    {
-      nixosConfigurations = {
+      nixosConfigurations = let
+        normalSys = name: config: nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          specialArgs = {
+            inherit inputs;
+          };
+          modules = [
+            ({ config, pkgs, ... }: {
+              # Make "pkgs.unstable" etc. available
+              nixpkgs.overlays = [ pkgs-overlay ] ++ config.overlays or [ ];
+            })
+
+            ./hosts/${name}/configuration.nix
+            sops-nix.nixosModules.sops
+            home-manager.nixosModules.home-manager {
+              home-manager.useGlobalPkgs = true;
+              home-manager.useUserPackages = true;
+              home-manager.users."felixalb" = import ./hosts/${name}/home.nix;
+            }
+          ] ++ config.modules or [ ];
+        };
+      in {
+
        # Networking / VPN Gateway
-        burnham = nixpkgs.lib.nixosSystem {
-          system = "x86_64-linux";
-          specialArgs = {
-            inherit inputs;
-          };
+        burnham = normalSys "burnham" {
          modules = [
-            # Overlays-module makes "pkgs.unstable" available in configuration.nix
-            ({ config, pkgs, ... }: { nixpkgs.overlays = [ pkgs-overlay ]; })
-
-            ./hosts/burnham/configuration.nix
            ./common/domeneshop-dyndns.nix
-            sops-nix.nixosModules.sops
-            home-manager.nixosModules.home-manager {
-              home-manager.useGlobalPkgs = true;
-              home-manager.useUserPackages = true;
-              home-manager.users."felixalb" = import ./hosts/burnham/home.nix;
-            }
          ];
        };
+
        # Media / storage server
-        challenger = nixpkgs.lib.nixosSystem {
-          system = "x86_64-linux";
-          specialArgs = {
-            inherit inputs;
-          };
+        challenger = normalSys "challenger" {
          modules = [
-            # Overlays-module makes "pkgs.unstable" available in configuration.nix
-            ({ config, pkgs, ... }: { nixpkgs.overlays = [ pkgs-overlay ]; })
-
-            ./hosts/challenger/configuration.nix
            extra-config.nixosModules.default
-            sops-nix.nixosModules.sops
-            home-manager.nixosModules.home-manager {
-              home-manager.useGlobalPkgs = true;
-              home-manager.useUserPackages = true;
-              home-manager.users."felixalb" = import ./hosts/challenger/home.nix;
-            }
          ];
        };
+
        # General application server
-        defiant = nixpkgs.lib.nixosSystem {
-          system = "x86_64-linux";
-          specialArgs = {
-            inherit inputs;
-          };
+        defiant = normalSys "defiant" {
          modules = [
-            # Overlays-module makes "pkgs.unstable" available in configuration.nix
-            ({ config, pkgs, ... }: { nixpkgs.overlays = [ pkgs-overlay ]; })
-
-            ./hosts/defiant/configuration.nix
            ./common/domeneshop-dyndns.nix
-            sops-nix.nixosModules.sops
            matrix-synapse-next.nixosModules.default
-            home-manager.nixosModules.home-manager {
-              home-manager.useGlobalPkgs = true;
-              home-manager.useUserPackages = true;
-              home-manager.users."felixalb" = import ./hosts/defiant/home.nix;
-            }
          ];
        };
+
        # Work desktop
-        felixalbpc = nixpkgs.lib.nixosSystem {
-          system = "x86_64-linux";
-          specialArgs = {
-            inherit inputs;
-          };
-          modules = [
-            # Overlays-module makes "pkgs.unstable" available in configuration.nix
-            ({ config, pkgs, ... }: { nixpkgs.overlays = [ pkgs-overlay ]; })
+        felixalbpc = normalSys "felixalbpc" { };

-            ./hosts/felixalbpc/configuration.nix
-            sops-nix.nixosModules.sops
-            home-manager.nixosModules.home-manager {
-              home-manager.useGlobalPkgs = true;
-              home-manager.useUserPackages = true;
-              home-manager.users."felixalb" = import ./hosts/felixalbpc/home.nix;
-            }
-          ];
-        };
        # Web host
-        malcolm = nixpkgs.lib.nixosSystem {
-          system = "x86_64-linux";
-          specialArgs = {
-            inherit inputs;
-          };
-          modules = [
-            # Overlays-module makes "pkgs.unstable" available in configuration.nix
-            ({ config, pkgs, ... }: { nixpkgs.overlays = [ pkgs-overlay ]; })
-
-            ./hosts/malcolm/configuration.nix
-            sops-nix.nixosModules.sops
-            home-manager.nixosModules.home-manager {
-              home-manager.useGlobalPkgs = true;
-              home-manager.useUserPackages = true;
-              home-manager.users."felixalb" = import ./hosts/malcolm/home.nix;
-            }
-          ];
-        };
+        malcolm = normalSys "malcolm" { };
      };
+
      # Daily driver macbook
      darwinConfigurations.worf = nix-darwin.lib.darwinSystem {
        system = "aarch64-darwin";
@ -162,14 +106,14 @@
          inherit inputs;
        };
        modules = [
-          ./hosts/worf/configuration.nix
          ({ config, pkgs, ... }: { nixpkgs.overlays = [ pkgs-overlay ]; })
+
+          ./hosts/worf/configuration.nix
          home-manager.darwinModules.home-manager {
            home-manager.useGlobalPkgs = true;
            home-manager.useUserPackages = true;
            home-manager.users."felixalb" = import ./hosts/worf/home.nix;
          }
-          # sops-nix.nixosModules.sops
        ];
      };

--- a/hosts/challenger/backup.nix
+++ b/hosts/challenger/backup.nix
@ -18,11 +18,26 @@
      timerConfig.OnCalendar = "05:15"; # 2h after postgresqlBackup
    };

+    # Transmission _metadata_
    transmission = localJob "transmission" [ "/var/lib/transmission" ];

-    # TODO: timemachine, nextcloud, komga, calibre
+    # Calibre metadata and books
+    calibre = localJob "calibre" [
+      "/var/lib/calibre-web"
+      "/var/lib/calibre-server"
+      "/tank/media/books"
+    ] // {
+      pruneOpts = [ "--keep-daily 1" ];
+    };
+
+    # Nextcloud data
+    nextcloud = localJob "nextcloud" [ "/tank/nextcloud" ];
+
+    # TODO: timemachine, komga
  };

+  sops.secrets."restic/calibre" = { };
+  sops.secrets."restic/nextcloud" = { };
  sops.secrets."restic/postgres" = { };
  sops.secrets."restic/transmission" = { };

--- a/hosts/challenger/configuration.nix
+++ b/hosts/challenger/configuration.nix
@ -8,7 +8,7 @@
      ../../base.nix
      ../../common/metrics-exporters.nix
      ./backup.nix
-      ./exports.nix
+      # ./exports.nix
      ./filesystems.nix

      ./services/calibre.nix
@ -39,6 +39,7 @@
  environment.variables = { EDITOR = "vim"; };
  environment.systemPackages = with pkgs; [
    zfs
+    unstable.ncdu
  ];

  virtualisation.docker.enable = true;
@ -49,12 +50,12 @@
       "nvidia-settings"
  ];

-  hardware.nvidia = {
-    modesetting.enable = true;
-  };
+  # hardware.nvidia = {
+  #   modesetting.enable = true;
+  # };

  hardware.opengl.enable = true;
-  services.xserver.videoDrivers = ["nvidia"];
+  # services.xserver.videoDrivers = ["nvidia"];

  system.stateVersion = "24.05";
 }
--- a/hosts/defiant/configuration.nix
+++ b/hosts/defiant/configuration.nix
@ -11,13 +11,13 @@
      # Infrastructure
      ./backup.nix
      ./libvirt.nix
+      ./services/dyndns.nix
      ./services/nginx.nix
      ./services/pihole.nix
      ./services/postgresql.nix
      ./services/wireguard.nix

      # Services
-      ./services/dyndns.nix
      ./services/flame.nix
      ./services/gitea.nix
      ./services/hedgedoc.nix
--- a/hosts/felixalbpc/home.nix
+++ b/hosts/felixalbpc/home.nix
@ -26,7 +26,7 @@ in {
    openstackclient
    pwgen
    rofi-rbw-x11
-    tlclient
+    unstable.tlclient
    traceroute
    w3m

--- a/secrets/challenger/challenger.yaml
+++ b/secrets/challenger/challenger.yaml
@ -4,8 +4,10 @@ nextcloud:
    adminpass: ENC[AES256_GCM,data:DL5SnyPPUxiVjfIHZ/ZYJi2pNu6x,iv:/bThFVYgHsN3Yr2EJf0+YWhAVIei9ENaHfAH1ADC5Ws=,tag:bNp+2trtwFNYOqruvqPRGw==,type:str]
    secretsjson: ENC[AES256_GCM,data:xmdwWBe8LWsSEI64KhSeXbA1B0ahfoGwNmgl33JWteF4AakdI73zfbdIhUBqqlqfbL0uCGlqCiOyRA02h8197mk=,iv:ncKz9ObwoFoVjT0qMzBJ0BqVBNx0ScdMRl82ZNQp4FI=,tag:6S8fqHhvE/gaknxsb+q3Jg==,type:str]
 restic:
-    transmission: ENC[AES256_GCM,data:RrnlOXT6sNoUh8MF8JXFTygN+cBV+CS0xdvE9SMTAVV0,iv:0Irhejn2TQSI7h9e4G8a65EpIKmwco9ue93lgo4jC6I=,tag:RAd2pvtL++C8rdlqch4g6Q==,type:str]
-    postgres: ENC[AES256_GCM,data:MaKQs6f2sp1e42u4DRx/PUsSFnJN0Ks+BtUrMJkUwD28,iv:Wz/MtaC/hg5zVxcdZWKEHeQb5KGio653mgHf4IrE7mk=,tag:7kaYJ1DnxNGbcr31bHb0zA==,type:str]
+    transmission: ENC[AES256_GCM,data:UUf8/WV7Q7vbs05lEeqflcSj0uH9abilFF1daATyrwU=,iv:WQZ7hGRQ3/3t34aO7K5Az1AOZtR6qG4p1CqZTdsEqZA=,tag:2ELh2bYVi1sgW66FbSnVHg==,type:str]
+    postgres: ENC[AES256_GCM,data:AZv28LIbGC2oAKjbU1H4gaCZF28utJJFXlKNO/BkL0U=,iv:xOJCIoFGtnEqV80rmiBBMa3dMZnPjaDIce+MAZkGZdo=,tag:dLTwE004KGfP3z9EoMVCCw==,type:str]
+    nextcloud: ENC[AES256_GCM,data:O7qT07ns9FodnZu63cPwBqHGslfMIafFvyPPrTrYEdk=,iv:fJ7A5gLThuVumnteL1P82Gq1EtiSAPGXoCZgzJKqVQs=,tag:Hp/kI3TeZQCaM+gP1W1i7w==,type:str]
+    calibre: ENC[AES256_GCM,data:wAvhB303cUm0rJKwQ31pd8lYHJSlOzBW8BiCygF3JC8=,iv:kUFEiP8sTcaiAIW4QZ7ZfA4aqjJsIIA5mq+gVzgryaU=,tag:STHLWF+T4XeQIDSt4F63Lw==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -30,8 +32,8 @@ sops:
            bVhLUVBWL3QyMmVjVEswZmtDRXRRUGMKizaESv67KWTOnUkZg1R0c3BkpJrDUxJR
            heau8QcBXtNS6Ct1RsJQD3oTmBPAP1NHJ2BD11kEEtpo8FhCOjcqVQ==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-10-04T19:11:52Z"
-    mac: ENC[AES256_GCM,data:sTsTQOCO6ggoz6hXKU/Nnfuvs2UjYwuYLhMZ/P+jHLV2Jn3gBnUUTsn3lEtG7fi9MOfILuTA93wdRciahAElY9me86j+TVa/9PdbW9Earh5rH7M91LyRRS74C99LedXco05gjxqc2s27ea0n25A8UF7eCgvAlD+4DP0WNUiDUcE=,iv:wn9ahsWE2RYy9pSi30Uy2/vStQCHNiwk6ZJU/OdNDuk=,tag:SZe/b9+2PuoBNZcwuS8Ong==,type:str]
+    lastmodified: "2024-10-04T22:55:35Z"
+    mac: ENC[AES256_GCM,data:KQHfywMQ3WkmIW7UaLjAKkM5v4+1yagJik+63G2pSKCtbsCq1uFWSheeRIPObVfnsu3qUHoxq943jVR17krjnsIZIzXjr6f5SNMyNo0RCcnhvlWy/cKzVU0/7ut0TMd6ZJsCZyOBgJOSxc8i0G/wgRreMEGicwifI5m8KWSpBU0=,iv:1+98COoItw2PAlJtGBA4Qx7TmNRB++FqeKJnsF1/j6w=,tag:iHzWy5AnXBXxtGnqiTfNnA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
Author	SHA1	Message	Date
Felix Albrigtsen	5fed94ef27	flake: Replace nixpkgs overrides with cleaner ones	2024-10-06 02:58:51 +02:00
Felix Albrigtsen	dab63bfbeb	flake: clean up :)	2024-10-06 01:57:55 +02:00
Felix Albrigtsen	97b481de0a	challenger: disable nvidia drivers and nfs exports	2024-10-05 21:46:13 +02:00
Felix Albrigtsen	a3a2ec1b9a	challenger: Add backups for calibre and nextcloud	2024-10-05 21:44:48 +02:00
Felix Albrigtsen	5216c0257f	worf: Update nix-darwin input	2024-10-05 21:43:26 +02:00