update flake, remove raspberry ext drive for lappy, update gotosocial
This commit is contained in:
parent
c41539f275
commit
e004cb0d5a
62
flake.lock
62
flake.lock
|
|
@ -47,11 +47,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1696081021,
|
"lastModified": 1699701798,
|
||||||
"narHash": "sha256-codMwlx0IbS7DLG23oGb0rFGXcblp08dJ/G0jvCI2mw=",
|
"narHash": "sha256-goytj9Wm1onHgdr8UoUnQ0pLwCDSsyUqonE3sbu2nUw=",
|
||||||
"ref": "refs/heads/hungy",
|
"ref": "refs/heads/hungy",
|
||||||
"rev": "f8ead549a7c55202b40fadfd112bc8328720a6db",
|
"rev": "d6466a95059de3df3d5947a49d73833e9992c28f",
|
||||||
"revCount": 54,
|
"revCount": 55,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://forgejo.owo.monster/chaos/food-site"
|
"url": "https://forgejo.owo.monster/chaos/food-site"
|
||||||
},
|
},
|
||||||
|
|
@ -67,11 +67,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1697410455,
|
"lastModified": 1699663185,
|
||||||
"narHash": "sha256-jCs/ffIP3tUPN7HWWuae4BB8+haAw2NI02z5BQvWMGM=",
|
"narHash": "sha256-hI3CZPINBWstkMN+ptyzWibw5eRtFCiEvO7zR61bGBs=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "78125bc681d12364cb65524eaa887354134053d0",
|
"rev": "691cbcc03af6ad1b5384c0e0e0b5f2298f58c5ce",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -91,11 +91,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1697823178,
|
"lastModified": 1699704512,
|
||||||
"narHash": "sha256-r1yRllaCwq6dGyEJ5tmNfxiYkytmmANXFIEj2XxU/cQ=",
|
"narHash": "sha256-kAyPmOuU3zXH9j3Yl0lPaC/DNJULXh1dlONuB6SivAw=",
|
||||||
"ref": "refs/heads/main",
|
"ref": "refs/heads/main",
|
||||||
"rev": "66a83fbbbbf3088acd19ab245015f215f029be2e",
|
"rev": "9f48d9eab50549f5191ca5c8fc91dd311dcaf364",
|
||||||
"revCount": 97,
|
"revCount": 109,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://forgejo.owo.monster/chaos/musicutil"
|
"url": "https://forgejo.owo.monster/chaos/musicutil"
|
||||||
},
|
},
|
||||||
|
|
@ -117,11 +117,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1697459493,
|
"lastModified": 1699549513,
|
||||||
"narHash": "sha256-HH8ePJIVAsiDHIdS4qnKQ9o4X0KTVGA9cfHBplKqpfs=",
|
"narHash": "sha256-cfsghOs6Cr61wFsxkWonK8AwPwHaRGZ6QkbasUgygh4=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "NixOS-WSL",
|
"repo": "NixOS-WSL",
|
||||||
"rev": "b63b328577f1cb5839f8ecc4fd05040335d4a55a",
|
"rev": "0e4c17efebff955471f169fffbb7e8cd62ada498",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -132,11 +132,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1697456312,
|
"lastModified": 1699099776,
|
||||||
"narHash": "sha256-roiSnrqb5r+ehnKCauPLugoU8S36KgmWraHgRqVYndo=",
|
"narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "ca012a02bf8327be9e488546faecae5e05d7d749",
|
"rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -148,11 +148,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1697059129,
|
"lastModified": 1699099776,
|
||||||
"narHash": "sha256-9NJcFF9CEYPvHJ5ckE8kvINvI84SZZ87PvqMbH6pro0=",
|
"narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "5e4c2ada4fcd54b99d56d7bd62f384511a7e2593",
|
"rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -164,11 +164,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1697456312,
|
"lastModified": 1699099776,
|
||||||
"narHash": "sha256-roiSnrqb5r+ehnKCauPLugoU8S36KgmWraHgRqVYndo=",
|
"narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "ca012a02bf8327be9e488546faecae5e05d7d749",
|
"rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -180,11 +180,11 @@
|
||||||
},
|
},
|
||||||
"nur": {
|
"nur": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1697470606,
|
"lastModified": 1699696572,
|
||||||
"narHash": "sha256-TP3UN5RktQpqDVj5mA6rb1Nu4vGTnctWkbe5sef4LEw=",
|
"narHash": "sha256-hnHyp2T4pkuj5xdkj/ZZme/ppmNJff47BcPRxwcJP00=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "NUR",
|
"repo": "NUR",
|
||||||
"rev": "cc83a858d3dbf50a934a4f74fe5508ac2fa72bc5",
|
"rev": "2999af35ec973a0001ca92bb56b037ae18869f22",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -296,11 +296,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1696074847,
|
"lastModified": 1699703627,
|
||||||
"narHash": "sha256-LuMkz9kvav0nryr8Gjzc+Hno7jACJ27prgdHbyRSYec=",
|
"narHash": "sha256-DEzQZFUFJWmpqHKHDAynd7onl1EwEow7VIUhRInQ80M=",
|
||||||
"ref": "refs/heads/main",
|
"ref": "refs/heads/main",
|
||||||
"rev": "56f40547debce4e5767c0f5de0be9fc57a3231ba",
|
"rev": "e392ef0e0393b282c9250726238c4839d4cdb792",
|
||||||
"revCount": 460,
|
"revCount": 461,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://forgejo.owo.monster/chaos/VaultUI"
|
"url": "https://forgejo.owo.monster/chaos/VaultUI"
|
||||||
},
|
},
|
||||||
|
|
@ -312,4 +312,4 @@
|
||||||
},
|
},
|
||||||
"root": "root",
|
"root": "root",
|
||||||
"version": 7
|
"version": 7
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -14,8 +14,6 @@
|
||||||
|
|
||||||
profiles.gaming.steam
|
profiles.gaming.steam
|
||||||
|
|
||||||
./profiles/raspberryExtDrive.nix
|
|
||||||
|
|
||||||
./secrets.nix
|
./secrets.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,82 +0,0 @@
|
||||||
{
|
|
||||||
self,
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}: let
|
|
||||||
externalDriveData = import "${self}/data/drives/raspberryExternalDrive.nix";
|
|
||||||
|
|
||||||
unlockExternalDrive = let
|
|
||||||
jq = "${pkgs.jq}/bin/jq";
|
|
||||||
vault = "${pkgs.vault-bin}/bin/vault";
|
|
||||||
cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup";
|
|
||||||
in
|
|
||||||
pkgs.writeShellScriptBin "unlock_external_drive" ''
|
|
||||||
${lockExternalDrive}/bin/lock_external_drive
|
|
||||||
|
|
||||||
vault-login || true
|
|
||||||
|
|
||||||
export VAULT_ADDR="https://vault.owo.monster"
|
|
||||||
|
|
||||||
cat /root/.vault-token | ${vault} login -
|
|
||||||
|
|
||||||
${vault} kv get -format json "/private-public-keys/cryptsetup/raspberry-ext-drive" \
|
|
||||||
| ${jq} -r ".data.data.key" \
|
|
||||||
| base64 -d \
|
|
||||||
| ${cryptsetup} open ${externalDriveData.encryptedPath} ${externalDriveData.mapperName} --key-file=/dev/stdin
|
|
||||||
'';
|
|
||||||
|
|
||||||
lockExternalDrive = let
|
|
||||||
cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup";
|
|
||||||
in
|
|
||||||
pkgs.writeShellScriptBin "lock_external_drive" ''
|
|
||||||
${cryptsetup} close ${externalDriveData.mapperName} || true
|
|
||||||
'';
|
|
||||||
|
|
||||||
mountName =
|
|
||||||
(
|
|
||||||
builtins.replaceStrings ["/"] ["-"] (
|
|
||||||
lib.strings.removePrefix "/" externalDriveData.mountpoint
|
|
||||||
)
|
|
||||||
)
|
|
||||||
+ ".mount";
|
|
||||||
in {
|
|
||||||
environment.systemPackages = [
|
|
||||||
unlockExternalDrive
|
|
||||||
lockExternalDrive
|
|
||||||
];
|
|
||||||
|
|
||||||
systemd.tmpfiles.rules = ["d ${externalDriveData.mountpoint} - root root"];
|
|
||||||
|
|
||||||
systemd.services.ext-drive-unlock = {
|
|
||||||
path = with pkgs; [
|
|
||||||
util-linux
|
|
||||||
cryptsetup
|
|
||||||
getent
|
|
||||||
];
|
|
||||||
partOf = [mountName];
|
|
||||||
wantedBy = ["multi-user.target"];
|
|
||||||
serviceConfig = {
|
|
||||||
User = "root";
|
|
||||||
Group = "root";
|
|
||||||
};
|
|
||||||
script = ''
|
|
||||||
${unlockExternalDrive}/bin/unlock_external_drive
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.mounts = [
|
|
||||||
{
|
|
||||||
what = "${externalDriveData.mapperPath}";
|
|
||||||
where = "${externalDriveData.mountpoint}";
|
|
||||||
after = ["ext-drive-unlock.service"];
|
|
||||||
description = "Raspberry's External Encrypted Drive";
|
|
||||||
type = "btrfs";
|
|
||||||
options = "rw,compress=zstd";
|
|
||||||
mountConfig = {
|
|
||||||
LazyUnmount = true;
|
|
||||||
ForceUnmount = true;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}
|
|
||||||
|
|
@ -41,17 +41,17 @@ final: prev: rec {
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
owncast = prev.owncast.override {
|
owncast = (prev.owncast.override {
|
||||||
ffmpeg = final.ffmpeg_6-headless;
|
ffmpeg = final.ffmpeg_6-headless;
|
||||||
};
|
}).overrideAttrs (_old: { doCheck = false; });
|
||||||
|
|
||||||
gotosocial = prev.gotosocial.overrideAttrs (_old: let
|
gotosocial = prev.gotosocial.overrideAttrs (_old: let
|
||||||
owner = "superseriousbusiness";
|
owner = "superseriousbusiness";
|
||||||
repo = "gotosocial";
|
repo = "gotosocial";
|
||||||
|
|
||||||
version = "0.12.1";
|
version = "0.12.2";
|
||||||
source-hash = "sha256-4iNvlNjq8sQr++Z+QSY17bHxFd5bxOH4abMFEAh5W9w=";
|
source-hash = "sha256-ufxedg3SSHqYf5g1GXXSWA0pmb305kpjkjyjwCX126A=";
|
||||||
web-assets-hash = "sha256-f7nBrt9JDVng0tSHIgorKcam4FtFaxiAdrXgo+QM7vw=";
|
web-assets-hash = "sha256-vEjL9pZFBSt32ZqWZGvG112HA5nqkwY6uOQY3hBUWN4=";
|
||||||
|
|
||||||
web-assets = final.fetchurl {
|
web-assets = final.fetchurl {
|
||||||
url = "https://github.com/${owner}/${repo}/releases/download/v${version}/${repo}_${version}_web-assets.tar.gz";
|
url = "https://github.com/${owner}/${repo}/releases/download/v${version}/${repo}_${version}_web-assets.tar.gz";
|
||||||
|
|
|
||||||
|
|
@ -13,8 +13,8 @@
|
||||||
# TODO: Better DNS setup
|
# TODO: Better DNS setup
|
||||||
services.resolved.enable = false;
|
services.resolved.enable = false;
|
||||||
environment.etc."resolv.conf".text = ''
|
environment.etc."resolv.conf".text = ''
|
||||||
nameserver 8.8.8.8
|
nameserver 9.9.9.9
|
||||||
nameserver 8.8.4.4
|
nameserver 208.67.222.222
|
||||||
'';
|
'';
|
||||||
|
|
||||||
services.fstrim.enable = true;
|
services.fstrim.enable = true;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue