reorg
parent
8f3d1a5921
commit
5cc6cea20e
|
@ -1,2 +1 @@
|
|||
result
|
||||
copy-keys
|
53
nixos/conf
53
nixos/conf
|
@ -1,53 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
cd "$( dirname "${BASH_SOURCE[0]}" )"
|
||||
export NIX_PATH=
|
||||
host=$1
|
||||
COPY_USER=yorick
|
||||
get_target_host() {
|
||||
TARGET_HOST=$(nix eval --raw -f vpn.nix ips.$host)
|
||||
TARGET_HOST=$(ssh $TARGET_HOST ip --json r get 1.1.1.1 | jq -r '.[0].prefsrc')
|
||||
}
|
||||
peek() {
|
||||
echo $ "$@" > /dev/stderr
|
||||
command "$@"
|
||||
}
|
||||
nix() {
|
||||
peek nix --extra-experimental-features "nix-command flakes" "$@"
|
||||
}
|
||||
nix-build() {
|
||||
peek nix-build "$@"
|
||||
}
|
||||
case $2 in
|
||||
ssh)
|
||||
get_target_host
|
||||
peek ssh root@"$TARGET_HOST"
|
||||
;;
|
||||
build)
|
||||
nix build -f servers.nix "$host" --show-trace
|
||||
;;
|
||||
copy)
|
||||
get_target_host
|
||||
nix copy -f servers.nix "$host" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST"
|
||||
;;
|
||||
test)
|
||||
get_target_host
|
||||
outPath=$(nix-build servers.nix -A "$host")
|
||||
nix copy -f servers.nix "$host" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST"
|
||||
peek ssh root@"$TARGET_HOST" $outPath/bin/switch-to-configuration test
|
||||
;;
|
||||
boot)
|
||||
get_target_host
|
||||
outPath=$(nix-build servers.nix -A "$host")
|
||||
nix copy "$outPath" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST"
|
||||
peek ssh root@"$TARGET_HOST" nix-env -p "/nix/var/nix/profiles/system" --set "$outPath"
|
||||
peek ssh root@"$TARGET_HOST" $outPath/bin/switch-to-configuration boot
|
||||
;;
|
||||
switch)
|
||||
get_target_host
|
||||
outPath=$(nix-build servers.nix -A "$host")
|
||||
nix copy "$outPath" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST"
|
||||
peek ssh root@"$TARGET_HOST" nix-env -p "/nix/var/nix/profiles/system" --set "$outPath"
|
||||
peek ssh root@"$TARGET_HOST" $outPath/bin/switch-to-configuration switch
|
||||
;;
|
||||
esac
|
|
@ -1,11 +1,12 @@
|
|||
{ config, pkgs, lib, inputs, ... }:
|
||||
{
|
||||
imports = [
|
||||
./.
|
||||
./3950x-hardware-config.nix
|
||||
inputs.nixos-hardware.nixosModules.common-cpu-amd
|
||||
];
|
||||
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.supportedFilesystems = [ "zfs" ];
|
|
@ -1,5 +1,5 @@
|
|||
{ config, pkgs, lib, ... }: {
|
||||
imports = [ ../physical/3950x.nix ../roles/workstation.nix ];
|
||||
imports = [ ./3950x.nix ../../roles/workstation.nix ];
|
||||
|
||||
system.stateVersion = "19.09";
|
||||
|
|
@ -1,9 +1,8 @@
|
|||
{ config, pkgs, lib, ... }: {
|
||||
imports = [
|
||||
../physical/fractal.nix
|
||||
../roles/server.nix
|
||||
../roles/homeserver.nix
|
||||
../services/torrent-wg.nix
|
||||
./fractal.nix
|
||||
../../roles/server.nix
|
||||
../../roles/homeserver.nix
|
||||
];
|
||||
|
||||
system.stateVersion = "15.09";
|
||||
|
@ -169,9 +168,9 @@
|
|||
};
|
||||
};
|
||||
age.secrets = {
|
||||
grafana.file = ../../secrets/grafana.env.age;
|
||||
grafana.file = ../../../secrets/grafana.env.age;
|
||||
transip-key = {
|
||||
file = ../../secrets/transip-key.age;
|
||||
file = ../../../secrets/transip-key.age;
|
||||
mode = "770";
|
||||
owner = "nginx";
|
||||
group = "nginx";
|
|
@ -1,6 +1,7 @@
|
|||
{ config, lib, pkgs, inputs, ... }:
|
||||
{
|
||||
imports = [ ./. inputs.nixos-hardware.nixosModules.common-cpu-intel ];
|
||||
imports = [ inputs.nixos-hardware.nixosModules.common-cpu-intel ];
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ];
|
|
@ -1,5 +1,5 @@
|
|||
{ config, pkgs, lib, ... }: {
|
||||
imports = [ ../physical/xps9360.nix ../roles/workstation.nix ];
|
||||
imports = [ ./xps9360.nix ../../roles/workstation.nix ];
|
||||
|
||||
system.stateVersion = "17.09";
|
||||
|
|
@ -12,14 +12,13 @@ let
|
|||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
vpn = import ../vpn.nix;
|
||||
vpn = import ../../vpn.nix;
|
||||
in {
|
||||
imports = [
|
||||
../physical/hetznercloud.nix
|
||||
../roles/server.nix
|
||||
../modules/muflax-blog.nix
|
||||
../services/backup.nix
|
||||
../services/email.nix
|
||||
./hetznercloud.nix
|
||||
../../roles/server.nix
|
||||
../../services/backup.nix
|
||||
../../services/email.nix
|
||||
];
|
||||
|
||||
system.stateVersion = "19.03";
|
||||
|
@ -44,7 +43,7 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
age.secrets.muflax.file = ../../secrets/http.muflax.age;
|
||||
age.secrets.muflax.file = ../../../secrets/http.muflax.age;
|
||||
services.muflax-blog = {
|
||||
enable = true;
|
||||
web-server = { port = 9001; };
|
||||
|
@ -101,7 +100,6 @@ in {
|
|||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
environment.noXlibs = true;
|
||||
users.users.yorick.packages = with pkgs; [
|
||||
python2
|
||||
sshfs-fuse
|
||||
weechat
|
||||
ripgrep
|
|
@ -1,5 +1,5 @@
|
|||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
let ipconf = (import ../secrets.nix).ipconf.${config.networking.hostName};
|
||||
let ipconf = (import ../../secrets.nix).ipconf.${config.networking.hostName};
|
||||
in {
|
||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports = [ ../physical/x11.nix ../roles/workstation.nix ];
|
||||
imports = [ ./x11.nix ../../roles/workstation.nix ];
|
||||
|
||||
yorick.lumi-vpn.enable = lib.mkForce false;
|
||||
yorick.lumi-cache.enable = lib.mkForce false;
|
|
@ -1,11 +1,12 @@
|
|||
{ config, pkgs, lib, inputs, ... }:
|
||||
{
|
||||
imports = [
|
||||
./.
|
||||
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1
|
||||
./x11-hardware-config.nix
|
||||
];
|
||||
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.zfs.requestEncryptionCredentials = true;
|
|
@ -3,9 +3,9 @@
|
|||
|
||||
{
|
||||
imports = [ # Include the results of the hardware scan.
|
||||
../physical/apu2c4.nix
|
||||
./apu2c4.nix
|
||||
#<yori-nix/roles/homeserver.nix>
|
||||
../roles
|
||||
../../roles
|
||||
inputs.nixos-hardware.nixosModules.pcengines-apu
|
||||
"${modulesPath}/profiles/minimal.nix"
|
||||
];
|
|
@ -18,6 +18,6 @@ in pkgs: super: {
|
|||
};
|
||||
in c.config.system.build // c;
|
||||
machine = pkgs.lib.genAttrs names
|
||||
(name: nixos [ ./roles (./logical + "/${name}.nix") ] { inherit name; });
|
||||
(name: nixos [ ./roles (./machines + "/${name}/default.nix") ] { inherit name; });
|
||||
};
|
||||
}
|
||||
|
|
|
@ -11,6 +11,7 @@ in {
|
|||
../modules/nginx.nix
|
||||
../modules/lumi-cache.nix
|
||||
../modules/lumi-vpn.nix
|
||||
../modules/muflax-blog.nix
|
||||
../services
|
||||
];
|
||||
|
||||
|
|
|
@ -1,9 +1,7 @@
|
|||
{ lib, ... }: {
|
||||
users.users.lars = {
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = with (import ../sshkeys.nix); [
|
||||
lars
|
||||
];
|
||||
openssh.authorizedKeys.keys = with (import ../sshkeys.nix); lars;
|
||||
};
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
builtins.mapAttrs (n: a: a.toplevel) ((import ../.).yorick.machine)
|
|
@ -1 +1,4 @@
|
|||
{ imports = [ ./git.nix ./muflax-church.nix ./pub.nix ./website.nix ]; }
|
||||
{
|
||||
imports =
|
||||
[ ./git.nix ./muflax-church.nix ./pub.nix ./website.nix ./torrent-wg.nix ];
|
||||
}
|
||||
|
|
|
@ -6,7 +6,7 @@ in {
|
|||
name = mkOption { type = types.str; };
|
||||
namespace = mkOption { type = types.str; };
|
||||
};
|
||||
config = {
|
||||
config = lib.mkIf cfg.enable {
|
||||
age.secrets.wg-torrent.file = ../../secrets/wg.${cfg.name}.age;
|
||||
networking.wireguard.interfaces.${cfg.name} = {
|
||||
# curl -s https://api.mullvad.net/www/relays/all/ | jq '.[] | select(.type == "wireguard" and .country_code == "nl")'
|
||||
|
|
Loading…
Reference in New Issue