yorick
/
dotfiles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

polish conf script a bit

auto-flake-update
Yorick van Pelt 2021-11-15 12:59:44 +01:00
parent 14e76af3f0
commit 24db36af0c
Signed by: yorick
GPG Key ID: D8D3CC6D951384DE
4 changed files with 41 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
nixos/conf
View File

@ -1,55 +1,67 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -xeuo pipefail set -euo pipefail
if ! [ -e secrets.nix ] cd "$( dirname "${BASH_SOURCE[0]}" )"
then export NIX_PATH=
git crypt unlock
fi
export NIX_PATH=yori-nix=$PWD
host=$1 host=$1
TARGET_HOST=$(nix eval --raw -f vpn.nix ips.$host)
TARGET_HOST=$(ssh $TARGET_HOST ip --json r get 1.1.1.1 | jq -r '.[0].prefsrc')
COPY_USER=yorick COPY_USER=yorick
decrypt() {
if ! [ -e secrets.nix ]
then
git crypt unlock
fi
}
get_target_host() {
TARGET_HOST=$(nix eval --raw -f vpn.nix ips.$host)
TARGET_HOST=$(ssh $TARGET_HOST ip --json r get 1.1.1.1 | jq -r '.[0].prefsrc')
}
peek() {
echo $ "$@" > /dev/stderr
command "$@"
}
nix() {
decrypt
peek nix "$@"
}
nix-build() {
decrypt
peek nix-build "$@"
}
case $2 in case $2 in
copy-keys) copy-keys)
nix build -f ../. yorick.machine."$host".config.deployment.keys-copy --out-link copy-keys nix build -f ../. yorick.machine."$host".config.deployment.keys-copy --out-link copy-keys
./copy-keys/bin/copy-keys "$TARGET_HOST" get_target_host
peek ./copy-keys/bin/copy-keys "$TARGET_HOST"
# rm ./copy-keys # rm ./copy-keys
;; ;;
exec)
CHANNEL=$(jq -r ".$2.pkgs"<servers.json)
channel_url=$(get_channel "$CHANNEL")
export NIX_PATH="$channel_url:nixos-config=$PWD/logical/$2.nix:$NIX_PATH"
"${@:3}"
;;
ssh) ssh)
ssh root@"$TARGET_HOST" get_target_host
peek ssh root@"$TARGET_HOST"
;; ;;
repl)
exec "$0" exec "$2" nix repl '<nixpkgs>' '<nixpkgs/nixos>'
;;
build) build)
nix build -f servers.nix "$host" --show-trace nix build -f servers.nix "$host" --show-trace
;; ;;
copy) copy)
get_target_host
nix copy -f servers.nix "$host" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST" nix copy -f servers.nix "$host" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST"
;; ;;
test) test)
get_target_host
outPath=$(nix-build servers.nix -A "$host") outPath=$(nix-build servers.nix -A "$host")
nix copy -f servers.nix "$host" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST" nix copy -f servers.nix "$host" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST"
ssh root@"$TARGET_HOST" $outPath/bin/switch-to-configuration test peek ssh root@"$TARGET_HOST" $outPath/bin/switch-to-configuration test
;; ;;
boot) boot)
get_target_host
outPath=$(nix-build servers.nix -A "$host") outPath=$(nix-build servers.nix -A "$host")
nix copy "$outPath" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST" nix copy "$outPath" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST"
ssh root@"$TARGET_HOST" nix-env -p "/nix/var/nix/profiles/system" --set "$outPath" peek ssh root@"$TARGET_HOST" nix-env -p "/nix/var/nix/profiles/system" --set "$outPath"
ssh root@"$TARGET_HOST" $outPath/bin/switch-to-configuration boot peek ssh root@"$TARGET_HOST" $outPath/bin/switch-to-configuration boot
;; ;;
switch) switch)
get_target_host
outPath=$(nix-build servers.nix -A "$host") outPath=$(nix-build servers.nix -A "$host")
nix copy "$outPath" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST" nix copy "$outPath" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST"
ssh root@"$TARGET_HOST" nix-env -p "/nix/var/nix/profiles/system" --set "$outPath" peek ssh root@"$TARGET_HOST" nix-env -p "/nix/var/nix/profiles/system" --set "$outPath"
ssh root@"$TARGET_HOST" $outPath/bin/switch-to-configuration switch peek ssh root@"$TARGET_HOST" $outPath/bin/switch-to-configuration switch
;; ;;
esac esac

2
nixos/logical/pennyworth.nix
View File

@ -89,7 +89,7 @@ in {
}; };
"media.yori.cc" = sslforward "http://${vpn.ips.frumar}:32001"; "media.yori.cc" = sslforward "http://${vpn.ips.frumar}:32001";
}; };
deployment.keyys = [ <yori-nix/keys/http.muflax.key> ]; deployment.keyys = [ ../keys/http.muflax.key ];
networking.firewall.allowedUDPPorts = [ 31790 ]; # wg networking.firewall.allowedUDPPorts = [ 31790 ]; # wg
networking.wireguard.interfaces.wg-y.peers = lib.mkForce (lib.mapAttrsToList networking.wireguard.interfaces.wg-y.peers = lib.mkForce (lib.mapAttrsToList
(machine: publicKey: { (machine: publicKey: {

2
nixos/roles/default.nix
View File

@ -104,7 +104,7 @@ in {
ipv6 = true; ipv6 = true;
hostName = machine; hostName = machine;
}; };
deployment.keyys = [ (<yori-nix/keys> + "/wg.${machine}.key") ]; deployment.keyys = [ (../keys + "/wg.${machine}.key") ];
networking.wireguard.interfaces.wg-y = { networking.wireguard.interfaces.wg-y = {
privateKeyFile = "/root/keys/wg.${machine}.key"; privateKeyFile = "/root/keys/wg.${machine}.key";
ips = [ vpn.ips.${machine} ]; ips = [ vpn.ips.${machine} ];

2
nixos/services/torrent-wg.nix
View File

@ -7,7 +7,7 @@ in {
namespace = mkOption { type = types.str; }; namespace = mkOption { type = types.str; };
}; };
config = { config = {
deployment.keyys = [ (<yori-nix/keys> + "/wg.${cfg.name}.key") ]; deployment.keyys = [ (../keys + "/wg.${cfg.name}.key") ];
networking.wireguard.interfaces.${cfg.name} = { networking.wireguard.interfaces.${cfg.name} = {
# curl -s https://api.mullvad.net/www/relays/all/ | jq '.[] | select(.type == "wireguard" and .country_code == "nl")' # curl -s https://api.mullvad.net/www/relays/all/ | jq '.[] | select(.type == "wireguard" and .country_code == "nl")'
ips = [ "10.66.30.26/32" "fc00:bbbb:bbbb:bb01::3:1e19/128" ]; ips = [ "10.66.30.26/32" "fc00:bbbb:bbbb:bb01::3:1e19/128" ];