From f923e028afef2778b0e68c57721cfde4fc848555 Mon Sep 17 00:00:00 2001 From: Peder Bergebakken Sundt Date: Fri, 3 Mar 2023 21:57:37 +0100 Subject: [PATCH] tmate --- README.md | 8 +++++++- base.nix | 3 ++- hosts/noximilien/default.nix | 2 +- profiles/tmate-server/default.nix | 9 +++++++++ users/pbsds/home/default.nix | 8 ++++++++ 5 files changed, 27 insertions(+), 3 deletions(-) create mode 100644 profiles/tmate-server/default.nix diff --git a/README.md b/README.md index 20ae167..7b48f6a 100644 --- a/README.md +++ b/README.md @@ -42,13 +42,19 @@ ### How to deploy +Build locally, deploy on local, with `nom`: + + sudo true && sudo nixos-rebuild test --flake . --recreate-lock-file --no-write-lock-file |& nom + Via git, build on remote: + ssh -t HOST sudo nixos-rebuild test --flake git+ssh://gitea@gitea.noximilien.pbsds.net/pbsds/nix-config.git --recreate-lock-file --no-write-lock-file + # or ssh -t HOST sudo nixos-rebuild test --flake git+ssh://git@github.com/pbsds/nix-dotfiles.git --recreate-lock-file --no-write-lock-file From local checkout to remote where you're not a trusted user, build on remote: - tar cf - --directory="$(nix eval --raw .#inputs.self.outPath)" . | ssh bolle.pbsds.net -- bash -xc '"cd $(mktemp -d); pwd; tar xf - && nixos-rebuild test . \"\$@\""' -- --recreate-lock-file --no-write-lock-file + tar cf - --directory="$(nix eval --raw .#inputs.self.outPath)" . | ssh -tt HOST -- bash -c '"set -x; cd $(mktemp -d); tar xf - && nixos-rebuild test --flake . \"\$@\""' -- --print-build-logs --recreate-lock-file --no-write-lock-file .. wait doesn't that litter `/tmp` or `/run/user/.../tmp`? diff --git a/base.nix b/base.nix index 5e28462..1e6859e 100644 --- a/base.nix +++ b/base.nix @@ -29,7 +29,8 @@ #]; /**/ # TODO: make /etc/nixos a symlink to the in-store flake? - bad idea, horrible error recovery - # TODO: make /etc/nixos a checkout of repo? + # TODO: make /etc/nixos a checkout of repo? + # TODO: update only nixpkgs and unstable system.autoUpgrade.flake = inputs.self.outPath; # a nix store path #system.autoUpgrade.flake = "github:pbsds/nix-config"; # TODO: use this instead? system.autoUpgrade.flags = [ diff --git a/hosts/noximilien/default.nix b/hosts/noximilien/default.nix index bf709b9..3288659 100644 --- a/hosts/noximilien/default.nix +++ b/hosts/noximilien/default.nix @@ -14,7 +14,7 @@ ../../hardware/opengl-intel.nix - ../../profiles/tmate-server # opens port 442244 + ../../profiles/tmate-server # opens port 42244 ../../profiles/web ../../profiles/web/index diff --git a/profiles/tmate-server/default.nix b/profiles/tmate-server/default.nix new file mode 100644 index 0000000..cbaecc8 --- /dev/null +++ b/profiles/tmate-server/default.nix @@ -0,0 +1,9 @@ +{ config, ... }: +{ + services.tmate-ssh-server = { + enable = true; + host = config.networking.fqdn; + port = 42244; + openFirewall = true; + }; +} diff --git a/users/pbsds/home/default.nix b/users/pbsds/home/default.nix index 070f5c4..d00b238 100644 --- a/users/pbsds/home/default.nix +++ b/users/pbsds/home/default.nix @@ -288,6 +288,14 @@ ]; /**/ + # generated with `tmate-client-config` on noximilien + home.file.".tmate.conf".text = '' + set -g tmate-server-host "noximilien.pbsds.net" + set -g tmate-server-port 42244 + set -g tmate-server-ed25519-fingerprint "SHA256:/e9EGMfvC+8gbaNiCoFbl87Pps7e/V+2pOSjEpMDdfA" + set -g tmate-server-rsa-fingerprint "SHA256:UzoAW9TynFQZDINgDiS+G06SmYcIX/ObI1zL19PpKEE" + ''; + programs.nix-index.enable = true; programs.tealdeer.enable = true;