This commit is contained in:
Peder Bergebakken Sundt 2024-01-27 03:47:28 +01:00
parent 791758b499
commit 9704c36cb3
8 changed files with 223 additions and 39 deletions

View File

@ -1,21 +1,14 @@
{ config, pkgs, lib, inputs, ... }:
{
imports = [
imports = let ifExists = p: if builtins.pathExists p then p else {}; in [
./cachix.nix # update with `cachix use --mode nixos -d . FOOBAR`
./profiles/locale-no.nix
# results of 'nixos-generate-config'
# nice to have if i just dump this flake into /etc/nixos on a clean install
(if builtins.pathExists ./configuration.nix
then ./configuration.nix
else {}
)
(if builtins.pathExists ./hardware-configuration.nix
then ./hardware-configuration.nix
else {}
)
(ifExists ./configuration.nix )
(ifExists ./hardware-configuration.nix )
];
# TODO: how can i do this in home-manager?
nixpkgs.config.permittedInsecurePackages = [
"pulsar-1.106.0"
"pulsar-1.109.0"

View File

@ -135,6 +135,119 @@
"type": "github"
}
},
"nixpkgs-1909": {
"flake": false,
"locked": {
"lastModified": 1600952148,
"narHash": "sha256-GUKHrnng33luc6mUT3rDnZ3Hm+4MMEJpEchRIAQx7JQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "75f4ba05c63be3f147bcc2f7bd4ba1f029cedcb1",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-19.09",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-2003": {
"locked": {
"lastModified": 1620055814,
"narHash": "sha256-8LEHoYSJiL901bTMVatq+rf8y7QtWuZhwwpKE2fyaRY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1db42b7fe3878f3f5f7a4f2dc210772fd080e205",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-20.03",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-2009": {
"locked": {
"lastModified": 1635350005,
"narHash": "sha256-tAMJnUwfaDEB2aa31jGcu7R7bzGELM9noc91L2PbVjg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1c1f5649bb9c1b0d98637c8c365228f57126f361",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-20.09",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-2105": {
"locked": {
"lastModified": 1659914493,
"narHash": "sha256-lkA5X3VNMKirvA+SUzvEhfA7XquWLci+CGi505YFAIs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "022caabb5f2265ad4006c1fa5b1ebe69fb0c3faf",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-21.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-2111": {
"locked": {
"lastModified": 1659446231,
"narHash": "sha256-hekabNdTdgR/iLsgce5TGWmfIDZ86qjPhxDg/8TlzhE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "eabc38219184cc3e04a974fe31857d8e0eac098d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-21.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-2205": {
"locked": {
"lastModified": 1685573264,
"narHash": "sha256-Zffu01pONhs/pqH07cjlF10NnMDLok8ix5Uk4rhOnZQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "380be19fbd2d9079f677978361792cb25e8a3635",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-2211": {
"locked": {
"lastModified": 1688392541,
"narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-2305": {
"locked": {
"lastModified": 1704290814,
@ -239,6 +352,13 @@
"home-manager-edge": "home-manager-edge",
"nixos-generators-2311": "nixos-generators-2311",
"nixos-hardware": "nixos-hardware",
"nixpkgs-1909": "nixpkgs-1909",
"nixpkgs-2003": "nixpkgs-2003",
"nixpkgs-2009": "nixpkgs-2009",
"nixpkgs-2105": "nixpkgs-2105",
"nixpkgs-2111": "nixpkgs-2111",
"nixpkgs-2205": "nixpkgs-2205",
"nixpkgs-2211": "nixpkgs-2211",
"nixpkgs-2305": "nixpkgs-2305",
"nixpkgs-2311": "nixpkgs-2311",
"nixpkgs-edge": "nixpkgs-edge",

View File

@ -6,6 +6,14 @@
nixpkgs-edge.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-2311.url = "github:NixOS/nixpkgs/nixos-23.11";
nixpkgs-2305.url = "github:NixOS/nixpkgs/nixos-23.05";
nixpkgs-2211.url = "github:NixOS/nixpkgs/nixos-22.11"; # for old docs
nixpkgs-2205.url = "github:NixOS/nixpkgs/nixos-22.05"; # for old docs
nixpkgs-2111.url = "github:NixOS/nixpkgs/nixos-21.11"; # for old docs
nixpkgs-2105.url = "github:NixOS/nixpkgs/nixos-21.05"; # for old docs
nixpkgs-2009.url = "github:NixOS/nixpkgs/nixos-20.09"; # for old docs
nixpkgs-2003.url = "github:NixOS/nixpkgs/nixos-20.03"; # for old docs
nixpkgs-1909.url = "github:NixOS/nixpkgs/nixos-19.09"; # for old docs
nixpkgs-1909.flake = false; # Earlier versions are not flake-pure
# https://github.com/nix-community/home-manager
home-manager-edge.url = "github:nix-community/home-manager/master";
@ -43,13 +51,6 @@
#https://github.com/numtide/nixpkgs-unfree # has a cache
#https://github.com/matthewbauer/nixiosk
inputs.pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
# used to host old docs
nixpkgs-22.url = "github:NixOS/nixpkgs/nixos-22.11";
nixpkgs-21.url = "github:NixOS/nixpkgs/nixos-21.11";
nixpkgs-20.url = "github:NixOS/nixpkgs/nixos-20.09";
nixpkgs-19.url = "github:NixOS/nixpkgs/nixos-19.09";
nixpkgs-19.flake = false; # Earlier versions are not flake-pure
/**/
#pbsds-papers.url = "git+ssh://git@github.com/pbsds/papers.git";
@ -95,6 +96,13 @@
home-manager = inputs'.home-manager-2305;
sops-nix = inputs'.sops-nix-2305;
};
inputs-2211 = inputs-2305 // { nixpkgs = inputs'.nixpkgs-2211; };
inputs-2205 = inputs-2305 // { nixpkgs = inputs'.nixpkgs-2205; };
inputs-2111 = inputs-2305 // { nixpkgs = inputs'.nixpkgs-2111; };
inputs-2105 = inputs-2305 // { nixpkgs = inputs'.nixpkgs-2105; };
inputs-2009 = inputs-2305 // { nixpkgs = inputs'.nixpkgs-2009; };
inputs-2003 = inputs-2305 // { nixpkgs = inputs'.nixpkgs-2003; };
inputs-1909 = inputs-2305 // { nixpkgs = inputs'.nixpkgs-1909; };
mkFlakeView = inputs: system: inputs.nixpkgs.lib.mapAttrs (name: flake: {
# TODO filter non-flake inputs
@ -124,9 +132,9 @@
mkModule = domain: system: inputs: stateVersion: modules: hostname: ({ lib, ... }: {
system.stateVersion = lib.mkDefault stateVersion; # TODO: home-manager
imports = [
imports = let ifExists = p: if builtins.pathExists p then p else {}; in [
./base.nix
"${self}/hosts/${hostname}"
(ifExists "${self}/hosts/${hostname}")
inputs.sops-nix.nixosModules.sops
inputs.home-manager.nixosModule
] ++ modules;
@ -273,7 +281,7 @@
in {
envrc-local = mkShell envrc-pkgs;
envrc-remote = mkShell (envrc-pkgs ++ [
flakes.unstable.pkgs.remote-exec # TODO: stable
(pkgs.remote-exec or flakes.unstable.pkgs.remote-exec)
pkgs.yq
pkgs.rsync
]);

View File

@ -11,6 +11,8 @@
../../profiles/sshd.nix
../../profiles/podman.nix
../../profiles/vpn-pbsds/headscale.nix # opens port 3478
../../users/pbsds
../../users/jornane
@ -25,8 +27,6 @@
../../profiles/services/tmate-server.nix # opens port 42244
../../profiles/vpn-pbsds/headscale.nix
../../profiles/http # enables nginx+acme, defines mkDomain
../../profiles/http/index
../../profiles/http/services/cinny.nix

View File

@ -28,28 +28,52 @@ in
}
# == Old Nixpkgs manuals ==
/** /
{
dirname = "nixpkgs-manual-23.05";
basename= "manual.html";
path = "${mk-nixpkgs-manual inputs.nixpkgs-2213}05share/doc/nixpkgs";
desc = "Official Nixpkgs 23.05 manual";
}
{
dirname = "nixpkgs-manual-22.11";
basename= "manual.html";
path = "${mk-nixpkgs-manual inputs.nixpkgs-22}/share/doc/nixpkgs";
path = "${mk-nixpkgs-manual inputs.nixpkgs-2211}/share/doc/nixpkgs";
desc = "Official Nixpkgs 22.11 manual";
}
{
dirname = "nixpkgs-manual-22.05";
basename= "manual.html";
path = "${mk-nixpkgs-manual inputs.nixpkgs-2205}/share/doc/nixpkgs";
desc = "Official Nixpkgs 22.05 manual";
}
{
dirname = "nixpkgs-manual-21.11";
basename= "manual.html";
path = "${mk-nixpkgs-manual inputs.nixpkgs-21}/share/doc/nixpkgs";
path = "${mk-nixpkgs-manual inputs.nixpkgs-2111}/share/doc/nixpkgs";
desc = "Official Nixpkgs 21.11 manual";
}
{
dirname = "nixpkgs-manual-21.05";
basename= "manual.html";
path = "${mk-nixpkgs-manual inputs.nixpkgs-2105}/share/doc/nixpkgs";
desc = "Official Nixpkgs 21.05 manual";
}
{
dirname = "nixpkgs-manual-20.09";
basename= "manual.html";
path = "${mk-nixpkgs-manual inputs.nixpkgs-20}/share/doc/nixpkgs";
path = "${mk-nixpkgs-manual inputs.nixpkgs-2009}/share/doc/nixpkgs";
desc = "Official Nixpkgs 20.09 manual";
}
{
dirname = "nixpkgs-manual-20.03";
basename= "manual.html";
path = "${mk-nixpkgs-manual inputs.nixpkgs-2003}/share/doc/nixpkgs";
desc = "Official Nixpkgs 20.03 manual";
}
{
dirname = "nixpkgs-manual-19.09";
basename= "manual.html";
path = "${mk-nixpkgs-manual inputs.nixpkgs-19}/share/doc/nixpkgs";
path = "${mk-nixpkgs-manual inputs.nixpkgs-1909}/share/doc/nixpkgs";
desc = "Official Nixpkgs 19.09 manual";
}
/**/
@ -57,19 +81,34 @@ in
/** /
{
dirname = "nixos-manual-22.11";
path = "${mk-nixos-manual inputs.nixpkgs-22}/share/doc/nixos";
path = "${mk-nixos-manual inputs.nixpkgs-2211}/share/doc/nixos";
desc = "Official Nixos 22.11 manual";
}
{
dirname = "nixos-manual-22.05";
path = "${mk-nixos-manual inputs.nixpkgs-2205}/share/doc/nixos";
desc = "Official Nixos 22.05 manual";
}
{
dirname = "nixos-manual-21.11";
path = "${mk-nixos-manual inputs.nixpkgs-21}/share/doc/nixos";
path = "${mk-nixos-manual inputs.nixpkgs-2111}/share/doc/nixos";
desc = "Official Nixos 21.11 manual";
}
{
dirname = "nixos-manual-21.05";
path = "${mk-nixos-manual inputs.nixpkgs-2105}/share/doc/nixos";
desc = "Official Nixos 21.05 manual";
}
{
dirname = "nixos-manual-20.09";
path = "${mk-nixos-manual inputs.nixpkgs-20}/share/doc/nixos";
path = "${mk-nixos-manual inputs.nixpkgs-2009}/share/doc/nixos";
desc = "Official Nixos 20.09 manual";
}
{
dirname = "nixos-manual-20.03";
path = "${mk-nixos-manual inputs.nixpkgs-2003}/share/doc/nixos";
desc = "Official Nixos 20.03 manual";
}
{
dirname = "nixos-manual-19.09";
path = "${mk-nixos-manual inputs.nixpkgs-19}/share/doc/nixos";

View File

@ -3,7 +3,7 @@ let
cfg = config.services.headscale;
server-url = "head.pbsds.net";
derpPort = 3478;
inherit (lib) mkIf;
inherit (lib) mkIf getExe;
in
{
environment.systemPackages = mkIf cfg.enable [ cfg.package ];
@ -50,7 +50,7 @@ in
wantedBy = [ "headscale.service" ];
script = ''
sleep 60 # Wait for headscale to be ready
"${lib.getExe cfg.package}/bin/headscale namespaces create ts || true
${getExe cfg.package} namespaces create ts || true
'';
};

View File

@ -1,12 +1,35 @@
{ config, ...}:
{ config, pkgs, lib, ...}:
let
cfg = config.services.tailscale;
inherit (lib) mkIf getExe;
in
{
services.tailscale.enable = true;
networking.firewall.checkReversePath = "loose";
networking.firewall.trustedInterfaces = [ "tailscale0" ];
networking.firewall.allowedUDPPorts = [ config.services.tailscale.port ];
networking.firewall.trustedInterfaces = [ cfg.interfaceName ];
networking.firewall.allowedUDPPorts = [ cfg.port ];
# remote-set X
# tailscale up --login-server 'https://head.pbsds.net'
# ssh noximilien.pbsds.net headscale --namespace <namespace_name> nodes register --key <machine_key>
/** /
systemd.services."tailscale-autoconnect" = mkIf cfg.enable {
serviceConfig.Type = "oneshot";
after = [ "network-pre.target" "tailscale.service" ];
wants = [ "network-pre.target" "tailscale.service" ];
wantedBy = [ "tailscale.service" ];
script = ''
sleep 60 # Wait for tailscaled to settle
status="$(${getExe cfg.package} status -json | ${getExe pkgs.jq} -r .BackendState)"
if [ $status = "Running" ]; then
exit 0 # already authenticated
fi
#${getExe cfg.package} up -authkey tskey-examplekeyhere
'';
};
/**/
# remote sudo nixos-rebuild switch --flake . -L
# remote-quick sudo tailscale up --login-server 'https://head.pbsds.net'
# ssh noximilien.pbsds.net sudo headscale --namespace 'ts' nodes register --key <machine_key>
}

View File

@ -48,8 +48,9 @@
# TODO: NAS stuff
] ++ lib.optionals config.virtualisation.docker.enable [
"docker"
] ++ lib.optionals config.services.headscale.enable [
config.services.headscale.group
# doesn't work...
#] ++ lib.optionals config.services.headscale.enable [
# config.services.headscale.group
];
initialHashedPassword = "$6$yNgxTHcP1UYkNwuZ$1sBehnKgPjVnDe0tSV8kyfynWpfjDzuohZX6SoTrMnYFa3/aiMOtI6JppYevl.M6qYhBIT0XBvL6TqSSFWn8B/";