chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity

update flake, remove raspberry ext drive for lappy, update gotosocial

Browse source
This commit is contained in:
chaos 2023-11-11 13:32:07 +00:00
parent c41539f275
commit e004cb0d5a
No known key found for this signature in database
5 changed files with 38 additions and 122 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

62
flake.lock
View file

@ -47,11 +47,11 @@
]
},
"locked": {
"lastModified": 1696081021,
"narHash": "sha256-codMwlx0IbS7DLG23oGb0rFGXcblp08dJ/G0jvCI2mw=",
"lastModified": 1699701798,
"narHash": "sha256-goytj9Wm1onHgdr8UoUnQ0pLwCDSsyUqonE3sbu2nUw=",
"ref": "refs/heads/hungy",
"rev": "f8ead549a7c55202b40fadfd112bc8328720a6db",
"revCount": 54,
"rev": "d6466a95059de3df3d5947a49d73833e9992c28f",
"revCount": 55,
"type": "git",
"url": "https://forgejo.owo.monster/chaos/food-site"
},
@ -67,11 +67,11 @@
]
},
"locked": {
"lastModified": 1697410455,
"narHash": "sha256-jCs/ffIP3tUPN7HWWuae4BB8+haAw2NI02z5BQvWMGM=",
"lastModified": 1699663185,
"narHash": "sha256-hI3CZPINBWstkMN+ptyzWibw5eRtFCiEvO7zR61bGBs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "78125bc681d12364cb65524eaa887354134053d0",
"rev": "691cbcc03af6ad1b5384c0e0e0b5f2298f58c5ce",
"type": "github"
},
"original": {
@ -91,11 +91,11 @@
]
},
"locked": {
"lastModified": 1697823178,
"narHash": "sha256-r1yRllaCwq6dGyEJ5tmNfxiYkytmmANXFIEj2XxU/cQ=",
"lastModified": 1699704512,
"narHash": "sha256-kAyPmOuU3zXH9j3Yl0lPaC/DNJULXh1dlONuB6SivAw=",
"ref": "refs/heads/main",
"rev": "66a83fbbbbf3088acd19ab245015f215f029be2e",
"revCount": 97,
"rev": "9f48d9eab50549f5191ca5c8fc91dd311dcaf364",
"revCount": 109,
"type": "git",
"url": "https://forgejo.owo.monster/chaos/musicutil"
},
@ -117,11 +117,11 @@
]
},
"locked": {
"lastModified": 1697459493,
"narHash": "sha256-HH8ePJIVAsiDHIdS4qnKQ9o4X0KTVGA9cfHBplKqpfs=",
"lastModified": 1699549513,
"narHash": "sha256-cfsghOs6Cr61wFsxkWonK8AwPwHaRGZ6QkbasUgygh4=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "b63b328577f1cb5839f8ecc4fd05040335d4a55a",
"rev": "0e4c17efebff955471f169fffbb7e8cd62ada498",
"type": "github"
},
"original": {
@ -132,11 +132,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1697456312,
"narHash": "sha256-roiSnrqb5r+ehnKCauPLugoU8S36KgmWraHgRqVYndo=",
"lastModified": 1699099776,
"narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ca012a02bf8327be9e488546faecae5e05d7d749",
"rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb",
"type": "github"
},
"original": {
@ -148,11 +148,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1697059129,
"narHash": "sha256-9NJcFF9CEYPvHJ5ckE8kvINvI84SZZ87PvqMbH6pro0=",
"lastModified": 1699099776,
"narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "5e4c2ada4fcd54b99d56d7bd62f384511a7e2593",
"rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb",
"type": "github"
},
"original": {
@ -164,11 +164,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1697456312,
"narHash": "sha256-roiSnrqb5r+ehnKCauPLugoU8S36KgmWraHgRqVYndo=",
"lastModified": 1699099776,
"narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ca012a02bf8327be9e488546faecae5e05d7d749",
"rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb",
"type": "github"
},
"original": {
@ -180,11 +180,11 @@
},
"nur": {
"locked": {
"lastModified": 1697470606,
"narHash": "sha256-TP3UN5RktQpqDVj5mA6rb1Nu4vGTnctWkbe5sef4LEw=",
"lastModified": 1699696572,
"narHash": "sha256-hnHyp2T4pkuj5xdkj/ZZme/ppmNJff47BcPRxwcJP00=",
"owner": "nix-community",
"repo": "NUR",
"rev": "cc83a858d3dbf50a934a4f74fe5508ac2fa72bc5",
"rev": "2999af35ec973a0001ca92bb56b037ae18869f22",
"type": "github"
},
"original": {
@ -296,11 +296,11 @@
]
},
"locked": {
"lastModified": 1696074847,
"narHash": "sha256-LuMkz9kvav0nryr8Gjzc+Hno7jACJ27prgdHbyRSYec=",
"lastModified": 1699703627,
"narHash": "sha256-DEzQZFUFJWmpqHKHDAynd7onl1EwEow7VIUhRInQ80M=",
"ref": "refs/heads/main",
"rev": "56f40547debce4e5767c0f5de0be9fc57a3231ba",
"revCount": 460,
"rev": "e392ef0e0393b282c9250726238c4839d4cdb792",
"revCount": 461,
"type": "git",
"url": "https://forgejo.owo.monster/chaos/VaultUI"
},
@ -312,4 +312,4 @@
},
"root": "root",
"version": 7
}
}

2
hosts/lappy-t495/lappy-t495.nix
View file

@ -14,8 +14,6 @@
profiles.gaming.steam
./profiles/raspberryExtDrive.nix
./secrets.nix
];

82
hosts/lappy-t495/profiles/raspberryExtDrive.nix
View file

@ -1,82 +0,0 @@
{
self,
pkgs,
lib,
...
}: let
externalDriveData = import "${self}/data/drives/raspberryExternalDrive.nix";
unlockExternalDrive = let
jq = "${pkgs.jq}/bin/jq";
vault = "${pkgs.vault-bin}/bin/vault";
cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup";
in
pkgs.writeShellScriptBin "unlock_external_drive" ''
${lockExternalDrive}/bin/lock_external_drive
vault-login || true
export VAULT_ADDR="https://vault.owo.monster"
cat /root/.vault-token | ${vault} login -
${vault} kv get -format json "/private-public-keys/cryptsetup/raspberry-ext-drive" \
| ${jq} -r ".data.data.key" \
| base64 -d \
| ${cryptsetup} open ${externalDriveData.encryptedPath} ${externalDriveData.mapperName} --key-file=/dev/stdin
'';
lockExternalDrive = let
cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup";
in
pkgs.writeShellScriptBin "lock_external_drive" ''
${cryptsetup} close ${externalDriveData.mapperName} || true
'';
mountName =
(
builtins.replaceStrings ["/"] ["-"] (
lib.strings.removePrefix "/" externalDriveData.mountpoint
)
)
+ ".mount";
in {
environment.systemPackages = [
unlockExternalDrive
lockExternalDrive
];
systemd.tmpfiles.rules = ["d ${externalDriveData.mountpoint} - root root"];
systemd.services.ext-drive-unlock = {
path = with pkgs; [
util-linux
cryptsetup
getent
];
partOf = [mountName];
wantedBy = ["multi-user.target"];
serviceConfig = {
User = "root";
Group = "root";
};
script = ''
${unlockExternalDrive}/bin/unlock_external_drive
'';
};
systemd.mounts = [
{
what = "${externalDriveData.mapperPath}";
where = "${externalDriveData.mountpoint}";
after = ["ext-drive-unlock.service"];
description = "Raspberry's External Encrypted Drive";
type = "btrfs";
options = "rw,compress=zstd";
mountConfig = {
LazyUnmount = true;
ForceUnmount = true;
};
}
];
}

10
overlay/default.nix
View file

@ -41,17 +41,17 @@ final: prev: rec {
];
};
owncast = prev.owncast.override {
owncast = (prev.owncast.override {
ffmpeg = final.ffmpeg_6-headless;
};
}).overrideAttrs (_old: { doCheck = false; });
gotosocial = prev.gotosocial.overrideAttrs (_old: let
owner = "superseriousbusiness";
repo = "gotosocial";
version = "0.12.1";
source-hash = "sha256-4iNvlNjq8sQr++Z+QSY17bHxFd5bxOH4abMFEAh5W9w=";
web-assets-hash = "sha256-f7nBrt9JDVng0tSHIgorKcam4FtFaxiAdrXgo+QM7vw=";
version = "0.12.2";
source-hash = "sha256-ufxedg3SSHqYf5g1GXXSWA0pmb305kpjkjyjwCX126A=";
web-assets-hash = "sha256-vEjL9pZFBSt32ZqWZGvG112HA5nqkwY6uOQY3hBUWN4=";
web-assets = final.fetchurl {
url = "https://github.com/${owner}/${repo}/releases/download/v${version}/${repo}_${version}_web-assets.tar.gz";

4
presets/nixos/laptop.nix
View file

@ -13,8 +13,8 @@
# TODO: Better DNS setup
services.resolved.enable = false;
environment.etc."resolv.conf".text = ''
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 9.9.9.9
nameserver 208.67.222.222
'';
services.fstrim.enable = true;