shelvacu/nix-stuff
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixfmt

Browse Source
This commit is contained in:
Shelvacu
2024-11-14 00:11:22 -08:00
parent 6ddb5d1627
commit 577c51d592
19 changed files with 523 additions and 442 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
common/assertions.nix
View File

@@ -7,35 +7,42 @@
let
inherit (lib) mkOption types filter;
fatalAssertions = map (x: x.message) (filter (x: !x.assertion && x.fatal) config.vacu.assertions);
triggeredWarnings = map (x: x.message) (filter (x: !x.assertion && !x.fatal) config.vacu.assertions);
withAsserts = x: if fatalAssertions != []
then throw "\nFailed assertions:\n${lib.concatStringsSep "\n" (map (x: "- ${x}") fatalAssertions)}"
else lib.showWarnings triggeredWarnings x;
triggeredWarnings = map (x: x.message) (
filter (x: !x.assertion && !x.fatal) config.vacu.assertions
);
withAsserts =
x:
if fatalAssertions != [ ] then
throw "\nFailed assertions:\n${lib.concatStringsSep "\n" (map (x: "- ${x}") fatalAssertions)}"
else
lib.showWarnings triggeredWarnings x;
adapter = {
config = {
assertions = map (x: { inherit (x) assertion message; }) (filter (x: x.fatal) config.vacu.assertions);
assertions = map (x: { inherit (x) assertion message; }) (
filter (x: x.fatal) config.vacu.assertions
);
warnings = map (x: x.message) (filter (x: !x.assertion && !x.fatal) config.vacu.assertions);
};
};
in
{
options.vacu.assertions = mkOption {
default = [];
type = types.listOf (types.submodule {
options.assertion = mkOption { type = types.bool; };
options.message = mkOption { type = types.str; };
options.fatal = mkOption {
type = types.bool;
default = true;
};
});
default = [ ];
type = types.listOf (
types.submodule {
options.assertion = mkOption { type = types.bool; };
options.message = mkOption { type = types.str; };
options.fatal = mkOption {
type = types.bool;
default = true;
};
}
);
};
options.vacu.withAsserts = mkOption {
readOnly = true;
default = withAsserts;
};
}
// (
if vacuModuleType != "plain" then adapter else {}
)
// (if vacuModuleType != "plain" then adapter else { })

7
common/common-but-not.nix
View File

@@ -1,6 +1,11 @@
# todo: rename this module
# stuff that does actual configuring (so can't be in ./module.nix) but works in nixos module, home-manager modules, and nix-on-droid modules
{ inputs, vacuModuleType, lib, ... }:
{
inputs,
vacuModuleType,
lib,
...
}:
lib.optionalAttrs (vacuModuleType != "plain") {
nix.registry.vacu.to = {
type = "path";

495
common/default.nix
View File

@@ -15,255 +15,260 @@ let
"plain"
];
in
if !builtins.elem vacuModuleType expectedModuleTypes then builtins.throw "error: unrecognized vacuModuleType ${builtins.toString vacuModuleType}" else
{
imports = [
./package-set.nix
./shell
./nixvim.nix
./ssh.nix
./nix.nix
./verify-system
./defaultPackages.nix
./lib
./sops.nix
./dns
./assertions.nix
./common-but-not.nix
./nixos.nix
./nix-on-droid.nix
./nixos-rebuild.nix
./minimal-nixos.nix
./acmeDependencies.nix
./nix-on-droid.nix
./remapCapsLock.nix
./sourceTree.nix
];
options = {
vacu.rootCAs = mkOption { type = types.listOf types.str; };
vacu.versionId = mkOption {
type = types.str;
readOnly = true;
};
vacu.versionInfo = mkOption { readOnly = true; };
vacu.hostName = mkOption { type = types.nullOr types.str; default = null; };
vacu.shortHostName = mkOption {
type = types.nullOr types.str;
default = config.vacu.hostName;
};
vacu.nixvimPkg = mkOption { readOnly = true; };
vacu.systemKind = mkOption {
type = types.enum [
"minimal"
"desktop" # need a better name for this; should include laptops; everything I intend to get computery-stuff done on.
"container"
"server"
];
};
vacu.vnopnCA = mkOption {
readOnly = true;
type = types.str;
};
};
config = {
# vacu.systemKind = lib.mkIf (vacuModuleType == "plain") ("server"); #TODO: should be mkDefault, removed for debugging
vacu.versionId = toString (self.shortRev or self.dirtyShortRev);
vacu.versionInfo = {
id = self.rev or self.dirtyRev;
flakePath = self.outPath;
inherit inputs;
inherit vacuModuleType;
} // (if config.nixpkgs ? flake then { nixpkgs = config.nixpkgs.flake.source; } else { });
vacu.nix.caches.nixcache-shelvacu = {
url = "https://nixcache.shelvacu.com/";
keys = [ "nixcache.shelvacu.com:73u5ZGBpPRoVZfgNJQKYYBt9K9Io/jPwgUfuOLsJbsM=" ];
};
vacu.nix.caches.nix-community = {
url = "https://nix-community.cachix.org/";
keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ];
};
vacu.nix.caches.nix-on-droid = {
url = "https://nix-on-droid.cachix.org/";
keys = [ "nix-on-droid.cachix.org-1:56snoMJTXmDRC1Ei24CmKoUqvHJ9XCp+nidK7qkMQrU=" ];
};
vacu.nix.caches.nixos = {
url = "https://cache.nixos.org/";
keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
};
vacu.vnopnCA = ''
-----BEGIN CERTIFICATE-----
MIIBnjCCAUWgAwIBAgIBBTAKBggqhkjOPQQDAjAgMQswCQYDVQQGEwJVUzERMA8G
A1UEAxMIdm5vcG4gQ0EwHhcNMjQwODEyMjExNTQwWhcNMzQwODEwMjExNTQwWjAg
MQswCQYDVQQGEwJVUzERMA8GA1UEAxMIdm5vcG4gQ0EwWTATBgcqhkjOPQIBBggq
hkjOPQMBBwNCAARqRbSeq00FfYUGeCHVkzwrjrydI56T12xy+iut0c4PemSuhyxC
AgfdKYtDqMNZmSqMaLihzkBenD0bN5i0ndjho3AwbjAPBgNVHRMBAf8EBTADAQH/
MCwGA1UdHgEB/wQiMCCgGDAKhwgKTkwA///8ADAKgggudDJkLmxhbqEEMAKBADAO
BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAjSkbJQCQc1WP6nIP5iLDIKGFrdMAoG
CCqGSM49BAMCA0cAMEQCIFtyawkZqFhvzgmqG/mYNNO6DdsQTPQ46x/08yrEiiF4
AiA+FwAPqX+CBkaSdIhuhv1kIecmvacnDL5kpyB+9nDodw==
-----END CERTIFICATE-----
'';
vacu.rootCAs = [ config.vacu.vnopnCA ];
vacu.ssh.authorizedKeys = {
# pixel6pro-termux = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4LYvUe9dsQb9OaTDFI4QKPtMmOHOGLwWsXsEmcJW86";
# t460s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcYwYy9/0Gu/GsqS72Nkz6OkId+zevqXA/aTIcvqflp";
# pixel6pro-nod = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsErA6M9LSHj2hPlLuHD8Lpei7WjMup1JxI1vxA6B8W";
compute-deck = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKoy1TrmfhBGWtVedgOM1FB1oD2UdodN3LkBnnLx6Tug";
triple-dezert = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICVeSzDkGTueZijB0xUa08e06ovAEwwZK/D+Cc7bo91g";
triple-dezert-root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtwtao/TXbiuQOYJbousRPVesVcb/2nP0PCFUec0Nv8";
compute-deck-root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxAFFxQMXAgi+0cmGaNE/eAkVfEl91wafUqFIuAkI5I";
pro1x-nod = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDcRDekd8ZOYfQS5X95/yNof3wFYIbHqWeq4jY0+ywQX";
fw-root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGHLPOxRd68+DJ/bYmqn0wsgwwIcMSMyuU1Ya16hCb/m";
fw = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQ2c0GzlVMjV06CS7bWbCaAbzG2+7g5FCg/vClJPe0C";
pixel9pro-nod = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINznGot+L8kYoVQqdLV/R17XCd1ILMoDCILOg+I3s5wC";
legtop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOre0FnYDm3arsFj9c/l5H2Q8mdmv7kmvq683pL4heru";
};
vacu.ssh.config = ''
Host deckvacu
User deck
Host rsb
User user
HostName finaltask.xyz
Port 2222
Host awoo
HostName 45.142.157.71
Host trip
HostName trip.shelvacu.com
Port 6922
Host liam
HostName 178.128.79.152
Host pluto
HostName pluto.somevideogam.es
Host sdf
HostName tty.sdf.org
Host *
User shelvacu
GlobalKnownHostsFile ${pkgs.writeText "known_hosts" config.vacu.ssh.knownHostsText}
'';
vacu.ssh.knownHosts = {
#public hosts
"github.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
"gitlab.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf";
"git.sr.ht".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60";
"sdf.org" = {
extraHostNames = [ "tty.sdf.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJJk3a190w/1TZkzVKORvz/kwyKmFY144lVeDFm80p17";
if !builtins.elem vacuModuleType expectedModuleTypes then
builtins.throw "error: unrecognized vacuModuleType ${builtins.toString vacuModuleType}"
else
{
imports = [
./package-set.nix
./shell
./nixvim.nix
./ssh.nix
./nix.nix
./verify-system
./defaultPackages.nix
./lib
./sops.nix
./dns
./assertions.nix
./common-but-not.nix
./nixos.nix
./nix-on-droid.nix
./nixos-rebuild.nix
./minimal-nixos.nix
./acmeDependencies.nix
./nix-on-droid.nix
./remapCapsLock.nix
./sourceTree.nix
];
options = {
vacu.rootCAs = mkOption { type = types.listOf types.str; };
vacu.versionId = mkOption {
type = types.str;
readOnly = true;
};
#colin's stuff
"uninsane.org" = {
extraHostNames = [ "git.uninsane.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfdSmFkrVT6DhpgvFeQKm3Fh9VKZ9DbLYOPOJWYQ0E8";
vacu.versionInfo = mkOption { readOnly = true; };
vacu.hostName = mkOption {
type = types.nullOr types.str;
default = null;
};
"desko" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFw9NoRaYrM6LbDd3aFBc4yyBlxGQn8HjeHd/dZ3CfHk";
vacu.shortHostName = mkOption {
type = types.nullOr types.str;
default = config.vacu.hostName;
};
#daymocker's stuff
"pluto" = {
extraHostNames = [ "74.208.184.137" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICpHY4fLZ1hNuB2oRQM7R3b4eQyIHbFB45ZYp3XCELLg";
};
#powerhouse hosts
"ostiary" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBSYyd1DGPXGaV4mD34tUbXvbtIi/Uv2otoMUsCkxRse";
};
"habitat" = {
# previously known as zigbee-hub
extraHostNames = [ "10.78.79.114" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJxwUYddOxgViJDOiokfaQ6CsCx/Sw+b3IisdJv8zFN";
};
"vnopn" = {
extraHostNames = [
"10.78.79.1"
"vnopn.t2d.lan"
vacu.nixvimPkg = mkOption { readOnly = true; };
vacu.systemKind = mkOption {
type = types.enum [
"minimal"
"desktop" # need a better name for this; should include laptops; everything I intend to get computery-stuff done on.
"container"
"server"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEMgJE8shlTYF3nxKR/aILd1SzwDwhtCrjz9yHL7lgSZ";
};
#work laptop
"tebbs-MBP" = {
extraHostNames = [ "10.244.10.3" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKO/ks07zSByDH/qmDrghtBSFwWnze2s62zEmtXwaMJe";
};
#personal hosts
trip = {
extraHostNames = [
"triple-dezert"
"trip.shelvacu.com"
"[trip.shelvacu.com]:6922"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGUQux9V0mSF5IauoO1z311NXR7ymEbwRMzT+OaaNQr+";
};
servacu = {
extraHostNames = [
"mail.dis8.net"
"servacu.shelvacu.com"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+E6na7np0HnBV2X7owno+Fg+bNNRSHLxO6n1JzdUTV";
};
finaltask = {
extraHostNames = [
"rsb"
"finaltask.xyz"
"[finaltask.xyz]:2222"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTx8WBNNKBVRV98HgDChpd59SHbreJ87SXU+zOKan6y";
};
compute-deck = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGt43GmXCxkl5QjgPQ/QimW11lKfXmV4GFWvlxQSf4TQ";
};
"2esrever" = {
extraHostNames = [
"10.4.5.218"
"10.244.46.71"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0LnPrJxAdffZ//uRe3NBiIfFCBNMLqKVylkyU0llvT";
};
awoo = {
extraHostNames = [ "45.142.157.71" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQaDjjfSK8jnk9aFIiYH9LZO4nLY/oeAc7BKIPUXMh1";
};
deckvacu = {
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEa8qpFkIlLLJkH8rmEAn6/MZ9ilCGmEQWC3CeFae7r1kOqfwRk0nq0oyOGJ50uIh+PpwEh3rbgq6mLfpRfsFmM=";
};
liam = {
extraHostNames = [
"liam.dis8.net"
"178.128.79.152"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHOqJYVHOIFmEA5uRbbirIupWvyBLAFwic/8EZQRdN/c";
};
fw = {
extraHostNames = [ "fw.t2d.lan" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA6lX25mCy35tf1NpcHMAdeRgvT7l0Dw0FWBH3eX4TE2";
};
legtop = {
extraHostNames = [
"lt"
"legtop.t2d.lan"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKvunOGsmHg8igMGo0FpoXaegYI20wZylG8nsMFY4+JL";
};
mmm = {
extraHostNames = [
"mmm.t2d.lan"
"10.78.79.11"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsorkZ3rIZ2lLigwQWfA64xZRlt5lk6QPzypg55eLlD";
vacu.vnopnCA = mkOption {
readOnly = true;
type = types.str;
};
};
};
}
config = {
# vacu.systemKind = lib.mkIf (vacuModuleType == "plain") ("server"); #TODO: should be mkDefault, removed for debugging
vacu.versionId = toString (self.shortRev or self.dirtyShortRev);
vacu.versionInfo = {
id = self.rev or self.dirtyRev;
flakePath = self.outPath;
inherit inputs;
inherit vacuModuleType;
} // (if config.nixpkgs ? flake then { nixpkgs = config.nixpkgs.flake.source; } else { });
vacu.nix.caches.nixcache-shelvacu = {
url = "https://nixcache.shelvacu.com/";
keys = [ "nixcache.shelvacu.com:73u5ZGBpPRoVZfgNJQKYYBt9K9Io/jPwgUfuOLsJbsM=" ];
};
vacu.nix.caches.nix-community = {
url = "https://nix-community.cachix.org/";
keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ];
};
vacu.nix.caches.nix-on-droid = {
url = "https://nix-on-droid.cachix.org/";
keys = [ "nix-on-droid.cachix.org-1:56snoMJTXmDRC1Ei24CmKoUqvHJ9XCp+nidK7qkMQrU=" ];
};
vacu.nix.caches.nixos = {
url = "https://cache.nixos.org/";
keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
};
vacu.vnopnCA = ''
-----BEGIN CERTIFICATE-----
MIIBnjCCAUWgAwIBAgIBBTAKBggqhkjOPQQDAjAgMQswCQYDVQQGEwJVUzERMA8G
A1UEAxMIdm5vcG4gQ0EwHhcNMjQwODEyMjExNTQwWhcNMzQwODEwMjExNTQwWjAg
MQswCQYDVQQGEwJVUzERMA8GA1UEAxMIdm5vcG4gQ0EwWTATBgcqhkjOPQIBBggq
hkjOPQMBBwNCAARqRbSeq00FfYUGeCHVkzwrjrydI56T12xy+iut0c4PemSuhyxC
AgfdKYtDqMNZmSqMaLihzkBenD0bN5i0ndjho3AwbjAPBgNVHRMBAf8EBTADAQH/
MCwGA1UdHgEB/wQiMCCgGDAKhwgKTkwA///8ADAKgggudDJkLmxhbqEEMAKBADAO
BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAjSkbJQCQc1WP6nIP5iLDIKGFrdMAoG
CCqGSM49BAMCA0cAMEQCIFtyawkZqFhvzgmqG/mYNNO6DdsQTPQ46x/08yrEiiF4
AiA+FwAPqX+CBkaSdIhuhv1kIecmvacnDL5kpyB+9nDodw==
-----END CERTIFICATE-----
'';
vacu.rootCAs = [ config.vacu.vnopnCA ];
vacu.ssh.authorizedKeys = {
# pixel6pro-termux = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4LYvUe9dsQb9OaTDFI4QKPtMmOHOGLwWsXsEmcJW86";
# t460s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcYwYy9/0Gu/GsqS72Nkz6OkId+zevqXA/aTIcvqflp";
# pixel6pro-nod = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsErA6M9LSHj2hPlLuHD8Lpei7WjMup1JxI1vxA6B8W";
compute-deck = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKoy1TrmfhBGWtVedgOM1FB1oD2UdodN3LkBnnLx6Tug";
triple-dezert = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICVeSzDkGTueZijB0xUa08e06ovAEwwZK/D+Cc7bo91g";
triple-dezert-root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtwtao/TXbiuQOYJbousRPVesVcb/2nP0PCFUec0Nv8";
compute-deck-root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxAFFxQMXAgi+0cmGaNE/eAkVfEl91wafUqFIuAkI5I";
pro1x-nod = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDcRDekd8ZOYfQS5X95/yNof3wFYIbHqWeq4jY0+ywQX";
fw-root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGHLPOxRd68+DJ/bYmqn0wsgwwIcMSMyuU1Ya16hCb/m";
fw = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQ2c0GzlVMjV06CS7bWbCaAbzG2+7g5FCg/vClJPe0C";
pixel9pro-nod = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINznGot+L8kYoVQqdLV/R17XCd1ILMoDCILOg+I3s5wC";
legtop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOre0FnYDm3arsFj9c/l5H2Q8mdmv7kmvq683pL4heru";
};
vacu.ssh.config = ''
Host deckvacu
User deck
Host rsb
User user
HostName finaltask.xyz
Port 2222
Host awoo
HostName 45.142.157.71
Host trip
HostName trip.shelvacu.com
Port 6922
Host liam
HostName 178.128.79.152
Host pluto
HostName pluto.somevideogam.es
Host sdf
HostName tty.sdf.org
Host *
User shelvacu
GlobalKnownHostsFile ${pkgs.writeText "known_hosts" config.vacu.ssh.knownHostsText}
'';
vacu.ssh.knownHosts = {
#public hosts
"github.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
"gitlab.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf";
"git.sr.ht".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60";
"sdf.org" = {
extraHostNames = [ "tty.sdf.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJJk3a190w/1TZkzVKORvz/kwyKmFY144lVeDFm80p17";
};
#colin's stuff
"uninsane.org" = {
extraHostNames = [ "git.uninsane.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfdSmFkrVT6DhpgvFeQKm3Fh9VKZ9DbLYOPOJWYQ0E8";
};
"desko" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFw9NoRaYrM6LbDd3aFBc4yyBlxGQn8HjeHd/dZ3CfHk";
};
#daymocker's stuff
"pluto" = {
extraHostNames = [ "74.208.184.137" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICpHY4fLZ1hNuB2oRQM7R3b4eQyIHbFB45ZYp3XCELLg";
};
#powerhouse hosts
"ostiary" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBSYyd1DGPXGaV4mD34tUbXvbtIi/Uv2otoMUsCkxRse";
};
"habitat" = {
# previously known as zigbee-hub
extraHostNames = [ "10.78.79.114" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJxwUYddOxgViJDOiokfaQ6CsCx/Sw+b3IisdJv8zFN";
};
"vnopn" = {
extraHostNames = [
"10.78.79.1"
"vnopn.t2d.lan"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEMgJE8shlTYF3nxKR/aILd1SzwDwhtCrjz9yHL7lgSZ";
};
#work laptop
"tebbs-MBP" = {
extraHostNames = [ "10.244.10.3" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKO/ks07zSByDH/qmDrghtBSFwWnze2s62zEmtXwaMJe";
};
#personal hosts
trip = {
extraHostNames = [
"triple-dezert"
"trip.shelvacu.com"
"[trip.shelvacu.com]:6922"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGUQux9V0mSF5IauoO1z311NXR7ymEbwRMzT+OaaNQr+";
};
servacu = {
extraHostNames = [
"mail.dis8.net"
"servacu.shelvacu.com"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+E6na7np0HnBV2X7owno+Fg+bNNRSHLxO6n1JzdUTV";
};
finaltask = {
extraHostNames = [
"rsb"
"finaltask.xyz"
"[finaltask.xyz]:2222"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTx8WBNNKBVRV98HgDChpd59SHbreJ87SXU+zOKan6y";
};
compute-deck = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGt43GmXCxkl5QjgPQ/QimW11lKfXmV4GFWvlxQSf4TQ";
};
"2esrever" = {
extraHostNames = [
"10.4.5.218"
"10.244.46.71"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0LnPrJxAdffZ//uRe3NBiIfFCBNMLqKVylkyU0llvT";
};
awoo = {
extraHostNames = [ "45.142.157.71" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQaDjjfSK8jnk9aFIiYH9LZO4nLY/oeAc7BKIPUXMh1";
};
deckvacu = {
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEa8qpFkIlLLJkH8rmEAn6/MZ9ilCGmEQWC3CeFae7r1kOqfwRk0nq0oyOGJ50uIh+PpwEh3rbgq6mLfpRfsFmM=";
};
liam = {
extraHostNames = [
"liam.dis8.net"
"178.128.79.152"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHOqJYVHOIFmEA5uRbbirIupWvyBLAFwic/8EZQRdN/c";
};
fw = {
extraHostNames = [ "fw.t2d.lan" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA6lX25mCy35tf1NpcHMAdeRgvT7l0Dw0FWBH3eX4TE2";
};
legtop = {
extraHostNames = [
"lt"
"legtop.t2d.lan"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKvunOGsmHg8igMGo0FpoXaegYI20wZylG8nsMFY4+JL";
};
mmm = {
extraHostNames = [
"mmm.t2d.lan"
"10.78.79.11"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsorkZ3rIZ2lLigwQWfA64xZRlt5lk6QPzypg55eLlD";
};
};
};
}

2
common/dns/default.nix
View File

@@ -9,7 +9,7 @@ in
{
imports = [ ./jean-luc.org.nix ];
options.vacu.dns = mkOption {
default = {};
default = { };
type = types.attrsOf dns.lib.types.zone;
};
}

2
common/dns/jean-luc.org.nix
View File

@@ -1,7 +1,7 @@
{
dns,
...
}:
}:
let
inherit (dns.lib.combinators) spf mx;
in

7
common/lib/default.nix
View File

@@ -10,5 +10,10 @@
config._module.args.vaculib = config.vacu.vaculib;
config.vacu.vaculib.mkOutOption = val: lib.mkOption { readOnly = true; default = val; };
config.vacu.vaculib.mkOutOption =
val:
lib.mkOption {
readOnly = true;
default = val;
};
}

185
common/nixos.nix
View File

@@ -10,98 +10,99 @@ lib.optionalAttrs (vacuModuleType == "nixos") {
default = false;
type = lib.types.bool;
};
config =
{
# the security warning might as well have said "its insecure maybe but there's nothing you can do about it"
# presumably needed by nheko
nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];
# nixpkgs.overlays = [ inputs.self.overlays.default ];
config = {
# the security warning might as well have said "its insecure maybe but there's nothing you can do about it"
# presumably needed by nheko
nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];
# nixpkgs.overlays = [ inputs.self.overlays.default ];
console = {
keyMap = lib.mkDefault "us";
};
networking = if config.vacu.hostName == null then {} else { hostName = config.vacu.hostName; };
vacu.packages."xorg-xev" = {
enable = config.services.xserver.enable;
package = pkgs.xorg.xev;
};
environment.systemPackages = config.vacu.packageList;
programs.git = lib.mkDefault {
enable = config.vacu.systemKind == "server" || config.vacu.systemKind == "desktop";
lfs.enable = true;
};
programs.nix-ld.enable = true;
system.nixos.tags = [
"vacu${config.vacu.versionId}"
config.vacu.hostName
];
environment.etc."vacu/info.json".text = builtins.toJSON config.vacu.versionInfo;
environment.etc."chromium" = lib.mkIf (config.vacu.systemKind == "desktop") { source = "/run/current-system/sw/etc/chromium"; };
i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
time.timeZone = "America/Los_Angeles";
users.users.shelvacu = lib.mkIf (config.vacu.systemKind != "container") {
openssh.authorizedKeys.keys = lib.attrValues config.vacu.ssh.authorizedKeys;
isNormalUser = true;
extraGroups = [ "wheel" ];
};
# # safety user: if something is super fucked up with my shell stuff, I can ssh in as shelvac2
# users.users.shelvac2 = {
# openssh.authorizedKeys.keys = config.vacu.ssh.authorizedKeys;
# isNormalUser = true;
# extraGroups = [ "wheel" ];
# shell = pkgs.bash;
# };
services.openssh = {
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "prohibit-password";
};
nix.settings.trusted-users = lib.mkIf (config.vacu.systemKind != "container") [ "shelvacu" ];
security.sudo.wheelNeedsPassword = lib.mkDefault false;
programs.screen = {
enable = true;
screenrc = ''
defscrollback 10000
termcapinfo xterm* ti@:te@
maptimeout 5
'';
};
programs.tmux = lib.mkIf (config.vacu.systemKind != "container") {
enable = true;
extraConfig = "setw mouse";
clock24 = true;
};
nix.settings = {
experimental-features = [
"nix-command"
"flakes"
];
substituters = lib.mkForce config.vacu.nix.substituterUrls;
extra-substituters = lib.mkForce [ ];
trusted-public-keys = lib.mkForce config.vacu.nix.trustedKeys;
extra-trusted-public-keys = lib.mkForce [ ];
};
nixpkgs.config.allowUnfree = lib.mkDefault true;
programs.mosh.enable = lib.mkIf (config.vacu.systemKind != "container") (lib.mkDefault true);
programs.ssh.extraConfig = config.vacu.ssh.config;
security.pki.certificates = config.vacu.rootCAs;
# commands.nix
environment.pathsToLink = [
"/share/vacufuncs"
"/etc/chromium"
];
programs.bash.interactiveShellInit = config.vacu.shell.interactiveLines;
programs.bash.promptInit = lib.mkForce "";
console = {
keyMap = lib.mkDefault "us";
};
networking = if config.vacu.hostName == null then { } else { hostName = config.vacu.hostName; };
vacu.packages."xorg-xev" = {
enable = config.services.xserver.enable;
package = pkgs.xorg.xev;
};
environment.systemPackages = config.vacu.packageList;
programs.git = lib.mkDefault {
enable = config.vacu.systemKind == "server" || config.vacu.systemKind == "desktop";
lfs.enable = true;
};
programs.nix-ld.enable = true;
system.nixos.tags = [
"vacu${config.vacu.versionId}"
config.vacu.hostName
];
environment.etc."vacu/info.json".text = builtins.toJSON config.vacu.versionInfo;
environment.etc."chromium" = lib.mkIf (config.vacu.systemKind == "desktop") {
source = "/run/current-system/sw/etc/chromium";
};
i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
time.timeZone = "America/Los_Angeles";
users.users.shelvacu = lib.mkIf (config.vacu.systemKind != "container") {
openssh.authorizedKeys.keys = lib.attrValues config.vacu.ssh.authorizedKeys;
isNormalUser = true;
extraGroups = [ "wheel" ];
};
# # safety user: if something is super fucked up with my shell stuff, I can ssh in as shelvac2
# users.users.shelvac2 = {
# openssh.authorizedKeys.keys = config.vacu.ssh.authorizedKeys;
# isNormalUser = true;
# extraGroups = [ "wheel" ];
# shell = pkgs.bash;
# };
services.openssh = {
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "prohibit-password";
};
nix.settings.trusted-users = lib.mkIf (config.vacu.systemKind != "container") [ "shelvacu" ];
security.sudo.wheelNeedsPassword = lib.mkDefault false;
programs.screen = {
enable = true;
screenrc = ''
defscrollback 10000
termcapinfo xterm* ti@:te@
maptimeout 5
'';
};
programs.tmux = lib.mkIf (config.vacu.systemKind != "container") {
enable = true;
extraConfig = "setw mouse";
clock24 = true;
};
nix.settings = {
experimental-features = [
"nix-command"
"flakes"
];
substituters = lib.mkForce config.vacu.nix.substituterUrls;
extra-substituters = lib.mkForce [ ];
trusted-public-keys = lib.mkForce config.vacu.nix.trustedKeys;
extra-trusted-public-keys = lib.mkForce [ ];
};
nixpkgs.config.allowUnfree = lib.mkDefault true;
programs.mosh.enable = lib.mkIf (config.vacu.systemKind != "container") (lib.mkDefault true);
programs.ssh.extraConfig = config.vacu.ssh.config;
security.pki.certificates = config.vacu.rootCAs;
# commands.nix
environment.pathsToLink = [
"/share/vacufuncs"
"/etc/chromium"
];
programs.bash.interactiveShellInit = config.vacu.shell.interactiveLines;
programs.bash.promptInit = lib.mkForce "";
};
}

12
common/nixvim.nix
View File

@@ -7,9 +7,11 @@
}:
{
vacu.nixvimPkg = inputs.self.packages.${pkgs.system}.nixvim;
vacu.shell.functions = lib.mkIf (config.vacu.systemKind != "minimal" && config.vacu.systemKind != "container") {
nvim-plain = ''${pkgs.neovim}/bin/nvim "$@"'';
nvim-nixvim = ''${config.vacu.nixvimPkg}/bin/nvim "$@"'';
nvim = ''nvim-nixvim "$@"'';
};
vacu.shell.functions =
lib.mkIf (config.vacu.systemKind != "minimal" && config.vacu.systemKind != "container")
{
nvim-plain = ''${pkgs.neovim}/bin/nvim "$@"'';
nvim-nixvim = ''${config.vacu.nixvimPkg}/bin/nvim "$@"'';
nvim = ''nvim-nixvim "$@"'';
};
}

30
common/remapCapsLock.nix
View File

@@ -16,20 +16,20 @@ lib.optionalAttrs (vacuModuleType == "nixos") {
config = lib.mkIf config.vacu.enableCapsLockRemap {
# https://discourse.nixos.org/t/best-way-to-remap-caps-lock-to-esc-with-wayland/39707/6
services.interception-tools =
let
itools = pkgs.interception-tools;
itools-caps = pkgs.interception-tools-plugins.caps2esc;
in
{
enable = true;
plugins = [ itools-caps ];
# requires explicit paths: https://github.com/NixOS/nixpkgs/issues/126681
udevmonConfig = pkgs.lib.mkDefault ''
- JOB: "${itools}/bin/intercept -g $DEVNODE | ${itools-caps}/bin/caps2esc -m 1 | ${itools}/bin/uinput -d $DEVNODE"
DEVICE:
EVENTS:
EV_KEY: [KEY_CAPSLOCK, KEY_ESC]
'';
};
let
itools = pkgs.interception-tools;
itools-caps = pkgs.interception-tools-plugins.caps2esc;
in
{
enable = true;
plugins = [ itools-caps ];
# requires explicit paths: https://github.com/NixOS/nixpkgs/issues/126681
udevmonConfig = pkgs.lib.mkDefault ''
- JOB: "${itools}/bin/intercept -g $DEVNODE | ${itools-caps}/bin/caps2esc -m 1 | ${itools}/bin/uinput -d $DEVNODE"
DEVICE:
EVENTS:
EV_KEY: [KEY_CAPSLOCK, KEY_ESC]
'';
};
};
}

5
common/sops.nix
View File

@@ -34,7 +34,10 @@ let
wrappedSops = vaculib.makeWrapper {
original = lib.getExe pkgs.sops;
new = "vacu-nix-stuff-sops";
add_flags = [ "--config" sopsConfig ];
add_flags = [
"--config"
sopsConfig
];
run = lib.singleton ''
set -e
age_keys=("${testAgeSecret}" "$(cat $HOME/.ssh/id_ed25519 | ${lib.getExe pkgs.ssh-to-age} -private-key)")

49
common/sourceTree.nix
View File

@@ -9,38 +9,43 @@
let
inherit (builtins) isString isAttrs;
inherit (lib) mkOption types;
traverseInputs = linkDir: unfilteredInputs:
traverseInputs =
linkDir: unfilteredInputs:
assert isString linkDir;
assert isAttrs unfilteredInputs;
let
inputs = removeAttrs unfilteredInputs [ "self" ];
in
lib.concatStringsSep "\n" (
lib.mapAttrsToList (inputName: inputAttrs: let
thisDir = linkDir + "/" + inputName;
in
assert isAttrs inputAttrs;
assert isAttrs (inputAttrs.inputs or {});
''
mkdir -p ${thisDir}
ln -s ${inputAttrs} ${thisDir}/self
${traverseInputs thisDir (inputAttrs.inputs or {})}
'') inputs
)
;
lib.mapAttrsToList (
inputName: inputAttrs:
let
thisDir = linkDir + "/" + inputName;
in
assert isAttrs inputAttrs;
assert isAttrs (inputAttrs.inputs or { });
''
mkdir -p ${thisDir}
ln -s ${inputAttrs} ${thisDir}/self
${traverseInputs thisDir (inputAttrs.inputs or { })}
''
) inputs
);
in
{
options.vacu.sourceTree = mkOption {
readOnly = true;
type = types.package;
};
config = {
vacu.sourceTree = pkgs.runCommand "inputs-tree" {} ''
mkdir -p $out
ln -s ${inputs.self} $out/self
${traverseInputs "$out" inputs}
'';
} // (lib.optionalAttrs (vacuModuleType == "nixos" || vacuModuleType == "nix-on-droid") {
environment.etc."vacu/sources".source = "${config.vacu.sourceTree}";
});
config =
{
vacu.sourceTree = pkgs.runCommand "inputs-tree" { } ''
mkdir -p $out
ln -s ${inputs.self} $out/self
${traverseInputs "$out" inputs}
'';
}
// (lib.optionalAttrs (vacuModuleType == "nixos" || vacuModuleType == "nix-on-droid") {
environment.etc."vacu/sources".source = "${config.vacu.sourceTree}";
});
}

43
flake.nix
View File

@@ -129,9 +129,7 @@
"nix-inspect"
"nixvim"
];
thisInputs = builtins.listToAttrs (map (name:
lib.nameValuePair name inputs.${name + suffix}
) inp');
thisInputs = builtins.listToAttrs (map (name: lib.nameValuePair name inputs.${name + suffix}) inp');
in
nixpkgs.lib.nixosSystem {
specialArgs = {
@@ -197,7 +195,10 @@
};
nixOnDroidConfigurations.default = nix-on-droid.lib.nixOnDroidConfiguration {
modules = [ ./common ./nix-on-droid ];
modules = [
./common
./nix-on-droid
];
extraSpecialArgs = {
inputs = {
inherit (inputs)
@@ -302,7 +303,9 @@
all =
let
linksNoContext = removeAttrs self.qb self.brokenBuilds;
links = builtins.mapAttrs (name: val: builtins.addErrorContext "while evaluating link ${name}" val) linksNoContext;
links = builtins.mapAttrs (
name: val: builtins.addErrorContext "while evaluating link ${name}" val
) linksNoContext;
in
pkgs.runCommand "nix-stuff-all"
{
@@ -354,7 +357,10 @@
overlays = [ inputs.sm64baserom.overlays.default ];
};
plain = lib.evalModules {
modules = [ ./common { vacu.systemKind = "server"; }];
modules = [
./common
{ vacu.systemKind = "server"; }
];
specialArgs = {
inherit pkgs;
inherit (pkgs) lib;
@@ -371,13 +377,15 @@
withAsserts = x: x; # DEBUG
# plain = _plain.config.vacu.withAsserts _plain;
dnsModule = lib.evalModules {
modules = [{
config._module.check = false;
options.vacu.dns = lib.mkOption {
default = {};
type = lib.types.attrsOf inputs.dns.lib.types.zone;
};
}];
modules = [
{
config._module.check = false;
options.vacu.dns = lib.mkOption {
default = { };
type = lib.types.attrsOf inputs.dns.lib.types.zone;
};
}
];
};
in
{
@@ -402,10 +410,15 @@
lib.mapAttrsToList (k: v: "${v} ${k}") (withAsserts plain.config.vacu.ssh.authorizedKeys)
)
);
update-git-keys = withAsserts pkgs.callPackage ./scripts/update-git-keys.nix { inherit (plain) config; };
update-git-keys = withAsserts pkgs.callPackage ./scripts/update-git-keys.nix {
inherit (plain) config;
};
sopsConfig = withAsserts plain.config.vacu.sopsConfig;
wrappedSops = withAsserts plain.config.vacu.wrappedSops;
dns = withAsserts import ./scripts/dns { inherit pkgs lib inputs; inherit (plain) config; };
dns = withAsserts import ./scripts/dns {
inherit pkgs lib inputs;
inherit (plain) config;
};
# dnsOptions = (pkgs.nixosOptionsDoc { options = dnsModule.options; }).optionsCommonMark;
vnopnCA = pkgs.writeText "vnopnCA.cert" plain.config.vacu.vnopnCA;
nixvim = inputs.nixvim.legacyPackages.${system}.makeNixvimWithModule {

4
liam/mail.nix
View File

@@ -20,8 +20,8 @@ let
"upgrade-plans@asuswebstorage.com"
"info@rfidlabel.com"
];
# must be bigger than gmail's 25MB "attachment limit" which after base64 encoding (x 1.33) is ~33MB
mailSizeLimit = 35*1024*1024;
# must be bigger than gmail's 25MB "attachment limit" which after base64 encoding (x 1.33) is ~33MB
mailSizeLimit = 35 * 1024 * 1024;
in
{
networking.firewall.allowedTCPPorts = [

43
scripts/dns/default.nix
View File

@@ -5,18 +5,37 @@
...
}:
let
pythEscape = x: builtins.replaceStrings [ ''"'' "\n" ''\'' ] [ ''\"'' ''\n'' ''\\'' ] x;
pythonScript = builtins.replaceStrings [
"@sops@"
"@dns_secrets_file@"
"@data@"
] (map pythEscape [
(lib.getExe config.vacu.wrappedSops)
(builtins.toString ../../secrets/misc/cloudns.json)
(builtins.toJSON config.vacu.dns)
])
(builtins.readFile ./script.py);
pythEscape =
x:
builtins.replaceStrings
[
''"''
"\n"
''\''
]
[
''\"''
''\n''
''\\''
]
x;
pythonScript =
builtins.replaceStrings
[
"@sops@"
"@dns_secrets_file@"
"@data@"
]
(map pythEscape [
(lib.getExe config.vacu.wrappedSops)
(builtins.toString ../../secrets/misc/cloudns.json)
(builtins.toJSON config.vacu.dns)
])
(builtins.readFile ./script.py);
in
pkgs.writers.writePython3Bin "dns-update" {
libraries = with pkgs.python3Packages; [ httpx dnspython ];
libraries = with pkgs.python3Packages; [
httpx
dnspython
];
} pythonScript

17
scripts/update-git-keys.nix
View File

@@ -41,11 +41,18 @@ writers.writeBashBin "update-git-keys" ''
echo DELETE "$url"
"''${curl_common[@]}" "$url" -X DELETE
done
new_keys=(${lib.escapeShellArgs (lib.mapAttrsToList (label: sshKey: builtins.toJSON {
key = sshKey;
title = label;
}) config.vacu.ssh.authorizedKeys)})
new_keys=(${
lib.escapeShellArgs (
lib.mapAttrsToList (
label: sshKey:
builtins.toJSON {
key = sshKey;
title = label;
}
) config.vacu.ssh.authorizedKeys
)
})
for keydata in "''${new_keys[@]}"; do
echo POST "$api_keys"
"''${curl_common[@]}" "$url_keys" -X POST --data "$keydata"

5
tests/liam.nix
View File

@@ -144,7 +144,10 @@ in
nodes.liam =
{ lib, ... }:
{
imports = [ ../common ../liam ];
imports = [
../common
../liam
];
vacu.underTest = true;
#systemd.tmpfiles.settings."69-whatever"."/run/secretKey".L.argument = "${testAgeSecretFile}";
systemd.services."acme-liam.dis8.net".enable = lib.mkForce false;

5
tests/triple-dezert.nix
View File

@@ -38,7 +38,10 @@
);
in
{
imports = [ ../common ../triple-dezert ];
imports = [
../common
../triple-dezert
];
vacu.underTest = true;
systemd.services = disableAcmes // reEnableSelfsigned;
systemd.units = disableUnits;

11
triple-dezert/gallerygrab.nix
View File

@@ -9,14 +9,16 @@ in
isSystemUser = true;
group = "gallerygrab";
};
users.groups.gallerygrab = { inherit gid; };
users.groups.gallerygrab = {
inherit gid;
};
systemd.tmpfiles.settings.vacu-container-gallerygrab = {
"/trip/ffuts/archive/gallerygrab".d = {
user = "gallerygrab";
group = "gallerygrab";
};
"/var/container-applets/gallerygrab".d = {};
"/var/container-applets/gallerygrab".d = { };
"/nix/var/nix/gcroots/container-applets-gallerygrab"."L+".argument = "/var/container-applets/gallerygrab";
};
containers.gallerygrab = {
@@ -54,14 +56,15 @@ in
networking.useHostResolvConf = lib.mkForce false;
services.resolved.enable = true;
users.users.gallerygrab = {
inherit uid;
isSystemUser = true;
group = "gallerygrab";
home = "/var/gallerygrab";
};
users.groups.gallerygrab = { inherit gid; };
users.groups.gallerygrab = {
inherit gid;
};
};
};
}

2
triple-dezert/yt-archiver.nix
View File

@@ -1,7 +1,7 @@
{ config, ... }:
{
systemd.tmpfiles.settings.vacu-container-yt-archive = {
"/var/container-applets/yt-archive".d = {};
"/var/container-applets/yt-archive".d = { };
"/nix/var/nix/gcroots/container-applets-yt-archive"."L+".argument = "/var/container-applets/yt-archive";
};
containers.yt-archive = {