From 85e38766ce3a27181a80a4a4c9d305cbf7351555 Mon Sep 17 00:00:00 2001 From: chaos Date: Mon, 16 Oct 2023 18:17:28 +0100 Subject: [PATCH] tidying --- flake.nix | 1 - home/base/ssh.nix | 41 ++++++------------- .../hetzner-arm/containers/caldav/default.nix | 3 -- .../containers/forgejo/default.nix | 2 - hosts/hetzner-arm/containers/mail/default.nix | 3 +- .../hetzner-arm/containers/music/default.nix | 7 ++-- .../containers/postgresql/default.nix | 16 ++++---- .../containers/quassel/default.nix | 2 - .../hetzner-arm/containers/social/default.nix | 3 -- .../containers/storage/default.nix | 4 -- hosts/wsl/wsl.nix | 4 +- modules/nixos/wslBuildTarballExt.nix | 12 ++++-- profiles/remoteBuilders.nix | 4 +- 13 files changed, 39 insertions(+), 63 deletions(-) diff --git a/flake.nix b/flake.nix index 265945f..ac4df13 100644 --- a/flake.nix +++ b/flake.nix @@ -21,7 +21,6 @@ nixos-wsl.inputs.flake-utils.follows = "flake-utils"; nixos-wsl.inputs.flake-compat.follows = "flake-compat"; - tree-input.url = "github:kittywitch/tree"; tree-input.inputs.nixpkgs.follows = "nixpkgs-unstable"; diff --git a/home/base/ssh.nix b/home/base/ssh.nix index b6c6fdc..5ff5312 100644 --- a/home/base/ssh.nix +++ b/home/base/ssh.nix @@ -1,36 +1,21 @@ -{ - self, - lib, - ... -}: let +{lib, ...}: let inherit (lib.modules) mkMerge; - inherit (lib.lists) forEach; - inherit (builtins) attrNames; - - containerAddresses = import "${self}/hosts/hetzner-arm/data/containerAddresses.nix"; in { - programs.ssh.enable = true; - programs.ssh.matchBlocks = - mkMerge - ((forEach ["hetzner-arm" "hetzner-arm-decrypt" "vault" "vault-decrypt" "raspberry"] (hostname: { + programs.ssh = { + enable = true; + matchBlocks = mkMerge [ + (mkMerge (map (hostname: { "${hostname}" = { user = "root"; hostname = "${hostname}.servers.genderfucked.monster"; }; - })) - ++ (forEach (attrNames containerAddresses.containers) (name: { - "hetzner-arm-container-${name}" = { - user = "root"; - hostname = "${containerAddresses.containers.${name}}"; - proxyJump = "hetzner-arm"; + }) ["hetzner-arm" "hetzner-arm-decrypt" "vault" "vault-decrypt" "raspberry"])) + { + "blahaj" = { + user = "chaos"; + hostname = "blahaj.sapphicco.de"; }; - })) - ++ [ - { - "blahaj" = { - user = "chaos"; - hostname = "blahaj.sapphicco.de"; - }; - } - ]); + } + ]; + }; } diff --git a/hosts/hetzner-arm/containers/caldav/default.nix b/hosts/hetzner-arm/containers/caldav/default.nix index a4eff24..3317bc8 100644 --- a/hosts/hetzner-arm/containers/caldav/default.nix +++ b/hosts/hetzner-arm/containers/caldav/default.nix @@ -31,9 +31,6 @@ in { [ presets.nixos.containerBase ./secrets.nix - - #./profiles/postgres.nix - #./profiles/restic.nix ] ++ (with hosts.hetzner-arm.containers.caldav.profiles; [ radicale diff --git a/hosts/hetzner-arm/containers/forgejo/default.nix b/hosts/hetzner-arm/containers/forgejo/default.nix index c102600..aaa7b1f 100644 --- a/hosts/hetzner-arm/containers/forgejo/default.nix +++ b/hosts/hetzner-arm/containers/forgejo/default.nix @@ -35,8 +35,6 @@ in { imports = with tree; [ presets.nixos.containerBase - profiles.sshd - profiles.firewallAllow.ssh ./secrets.nix ] diff --git a/hosts/hetzner-arm/containers/mail/default.nix b/hosts/hetzner-arm/containers/mail/default.nix index b251e90..317a3db 100644 --- a/hosts/hetzner-arm/containers/mail/default.nix +++ b/hosts/hetzner-arm/containers/mail/default.nix @@ -54,12 +54,11 @@ in { [ presets.nixos.containerBase - profiles.nginx - ./secrets.nix ] ++ (with hosts.hetzner-arm.containers.mail; [ modules.mailserver + profiles.mailserver profiles.restic ]); diff --git a/hosts/hetzner-arm/containers/music/default.nix b/hosts/hetzner-arm/containers/music/default.nix index 0e646ba..6b7bb32 100644 --- a/hosts/hetzner-arm/containers/music/default.nix +++ b/hosts/hetzner-arm/containers/music/default.nix @@ -43,8 +43,6 @@ in { imports = with tree; [ presets.nixos.containerBase - profiles.sshd - profiles.firewallAllow.ssh profiles.nginx profiles.firewallAllow.httpCommon @@ -89,7 +87,8 @@ in { in { forceSSL = true; enableACME = true; - locations = mkMerge ([ + locations = + mkMerge [ { "/mpd/flac" = { proxyPass = "http://${containerIP}:${toString ports.mpd-flac}"; @@ -97,7 +96,7 @@ in { }; } ] - ++ (forEach ["low" "medium" "high"] (quality: { + ++ (mkMerge (forEach ["low" "medium" "high"] (quality: { "/mpd/opus-${quality}" = { proxyPass = "http://${containerIP}:${toString ports."mpd-opus-${quality}"}"; inherit extraConfig; diff --git a/hosts/hetzner-arm/containers/postgresql/default.nix b/hosts/hetzner-arm/containers/postgresql/default.nix index 6226b7d..0f13382 100644 --- a/hosts/hetzner-arm/containers/postgresql/default.nix +++ b/hosts/hetzner-arm/containers/postgresql/default.nix @@ -27,13 +27,15 @@ in { config = {...}: { nixpkgs.pkgs = pkgs; - imports = with tree; [ - presets.nixos.containerBase - ./secrets.nix - - ./profiles/postgres.nix - ./profiles/restic.nix - ]; + imports = with tree; + [ + presets.nixos.containerBase + ./secrets.nix + ] + ++ (with hosts.hetzner-arm.containers.postgresql.profiles; [ + postgres + restic + ]); networking.firewall.allowedTCPPorts = [5432]; diff --git a/hosts/hetzner-arm/containers/quassel/default.nix b/hosts/hetzner-arm/containers/quassel/default.nix index 5fec4da..984a974 100644 --- a/hosts/hetzner-arm/containers/quassel/default.nix +++ b/hosts/hetzner-arm/containers/quassel/default.nix @@ -30,8 +30,6 @@ in { imports = with tree; [ presets.nixos.containerBase - profiles.sshd - profiles.firewallAllow.ssh ./secrets.nix ] diff --git a/hosts/hetzner-arm/containers/social/default.nix b/hosts/hetzner-arm/containers/social/default.nix index 60d472b..e28bca8 100644 --- a/hosts/hetzner-arm/containers/social/default.nix +++ b/hosts/hetzner-arm/containers/social/default.nix @@ -30,9 +30,6 @@ in { imports = with tree; [ presets.nixos.containerBase - profiles.sshd - profiles.firewallAllow.ssh - ./secrets.nix ] ++ (with hosts.hetzner-arm.containers.social.profiles; [ diff --git a/hosts/hetzner-arm/containers/storage/default.nix b/hosts/hetzner-arm/containers/storage/default.nix index 28db464..cb41dc8 100644 --- a/hosts/hetzner-arm/containers/storage/default.nix +++ b/hosts/hetzner-arm/containers/storage/default.nix @@ -37,10 +37,6 @@ in { imports = with tree; [ presets.nixos.containerBase - - profiles.sshd - profiles.firewallAllow.ssh - ./secrets.nix ] ++ (with hosts.hetzner-arm.containers.storage.profiles; [ diff --git a/hosts/wsl/wsl.nix b/hosts/wsl/wsl.nix index aebd8db..13b0fef 100644 --- a/hosts/wsl/wsl.nix +++ b/hosts/wsl/wsl.nix @@ -1,5 +1,5 @@ -{ tree, ... }: { - imports = with tree;[ +{tree, ...}: { + imports = with tree; [ users.root users.chaos profiles.sshd diff --git a/modules/nixos/wslBuildTarballExt.nix b/modules/nixos/wslBuildTarballExt.nix index c754b7c..d01f605 100644 --- a/modules/nixos/wslBuildTarballExt.nix +++ b/modules/nixos/wslBuildTarballExt.nix @@ -1,8 +1,12 @@ -{ config, pkgs, lib, ... }: let +{ + config, + pkgs, + lib, + ... +}: let inherit (lib.modules) mkIf; cfg = config.wsl; -in -{ +in { config = mkIf cfg.enable { system.build.tarballBuilderExt = pkgs.writeShellApplication { name = "nixos-wsl-tarball-builder-ext"; @@ -49,4 +53,4 @@ in ''; }; }; -} \ No newline at end of file +} diff --git a/profiles/remoteBuilders.nix b/profiles/remoteBuilders.nix index dd4c525..34f823c 100644 --- a/profiles/remoteBuilders.nix +++ b/profiles/remoteBuilders.nix @@ -17,7 +17,9 @@ "tablet" ] then usbSSHKeyFile - else if builtins.elem currentHostname ["wsl"] then normalSSHKeyFile else throw "host isn't configured for remote-builders"; + else if builtins.elem currentHostname ["wsl"] + then normalSSHKeyFile + else throw "host isn't configured for remote-builders"; builderDefaults = { sshUser = "root";