switched submodule files to non flake input
This commit is contained in:
parent
ac14a781b2
commit
27b58dc288
2
.gitmodules
vendored
2
.gitmodules
vendored
|
|
@ -1,3 +1,3 @@
|
||||||
[submodule "secrets"]
|
[submodule "secrets"]
|
||||||
path = secrets
|
path = secrets
|
||||||
url = git@git.jan-leila.com:jan-leila/nix-config.git
|
url = git@git.jan-leila.com:jan-leila/nix-config-secrets.git
|
||||||
|
|
|
||||||
|
|
@ -43,7 +43,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords.
|
||||||
- join config for systemd.tmpfiles.rules and service directory bindings
|
- join config for systemd.tmpfiles.rules and service directory bindings
|
||||||
- monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml`
|
- monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml`
|
||||||
- move applications in server environment into their own flakes
|
- move applications in server environment into their own flakes
|
||||||
- make subrepo a flake that gets imported (and then remove `path:` from build scripts)
|
|
||||||
## New Features
|
## New Features
|
||||||
- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs)
|
- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs)
|
||||||
- fix pre commit hook
|
- fix pre commit hook
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@
|
||||||
lib,
|
lib,
|
||||||
config,
|
config,
|
||||||
pkgs,
|
pkgs,
|
||||||
|
inputs,
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
imports = [
|
imports = [
|
||||||
|
|
@ -77,7 +78,7 @@
|
||||||
config = {
|
config = {
|
||||||
sops.secrets = {
|
sops.secrets = {
|
||||||
"services/pi-hole" = {
|
"services/pi-hole" = {
|
||||||
sopsFile = ../../secrets/defiant-services.yaml;
|
sopsFile = "${inputs.secrets}/defiant-services.yaml";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
18
flake.lock
18
flake.lock
|
|
@ -167,9 +167,27 @@
|
||||||
"nix-vscode-extensions": "nix-vscode-extensions",
|
"nix-vscode-extensions": "nix-vscode-extensions",
|
||||||
"nixos-hardware": "nixos-hardware",
|
"nixos-hardware": "nixos-hardware",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
|
"secrets": "secrets",
|
||||||
"sops-nix": "sops-nix"
|
"sops-nix": "sops-nix"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"secrets": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1727152771,
|
||||||
|
"narHash": "sha256-GYtrV//xaqamqRynEaHJrbklliHyAN9/4NZRXBZlahs=",
|
||||||
|
"ref": "main",
|
||||||
|
"rev": "46172e93709498e57d188a1bd19349c28fe4e3e3",
|
||||||
|
"revCount": 2,
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://git.jan-leila.com/jan-leila/nix-config-secrets"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"ref": "main",
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://git.jan-leila.com/jan-leila/nix-config-secrets"
|
||||||
|
}
|
||||||
|
},
|
||||||
"sops-nix": {
|
"sops-nix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": "nixpkgs_2",
|
"nixpkgs": "nixpkgs_2",
|
||||||
|
|
|
||||||
|
|
@ -5,9 +5,14 @@
|
||||||
# base packages
|
# base packages
|
||||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
|
|
||||||
# encrypt files that contain secreats that I would like to not encrypt
|
# encrypt files that contain secrets that I would like to not encrypt
|
||||||
sops-nix.url = "github:Mic92/sops-nix";
|
sops-nix.url = "github:Mic92/sops-nix";
|
||||||
|
|
||||||
|
secrets = {
|
||||||
|
url = "git+https://git.jan-leila.com/jan-leila/nix-config-secrets?ref=main";
|
||||||
|
flake = false;
|
||||||
|
};
|
||||||
|
|
||||||
# declairtive disk configuration
|
# declairtive disk configuration
|
||||||
disko = {
|
disko = {
|
||||||
url = "github:nix-community/disko";
|
url = "github:nix-community/disko";
|
||||||
|
|
|
||||||
|
|
@ -51,4 +51,4 @@ mkdir -p $temp$SOPS_AGE_KEY_DIRECTORY
|
||||||
cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY
|
cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY
|
||||||
|
|
||||||
# commit number in this is because the main branch of nixos-anywhere is broken right now
|
# commit number in this is because the main branch of nixos-anywhere is broken right now
|
||||||
nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake "path:.#$flake" ${user:-nixos}@$target
|
nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target
|
||||||
|
|
|
||||||
|
|
@ -58,9 +58,9 @@ user=${user:-$USER}
|
||||||
# access secret files in the submodule this is kinda bad and we should find a way to not need it
|
# access secret files in the submodule this is kinda bad and we should find a way to not need it
|
||||||
if [[ "$target" == "$(hostname)" ]];
|
if [[ "$target" == "$(hostname)" ]];
|
||||||
then
|
then
|
||||||
nixos-rebuild $mode --use-remote-sudo --flake path:.#$flake
|
nixos-rebuild $mode --use-remote-sudo --flake .#$flake
|
||||||
else
|
else
|
||||||
nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake path:.#$flake
|
nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake .#$flake
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -d "result" ];
|
if [ -d "result" ];
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@
|
||||||
lib,
|
lib,
|
||||||
config,
|
config,
|
||||||
pkgs,
|
pkgs,
|
||||||
|
inputs,
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
cfg = config.users.ester;
|
cfg = config.users.ester;
|
||||||
|
|
@ -16,7 +17,7 @@ in {
|
||||||
sops.secrets = lib.mkIf cfg.isFullUser {
|
sops.secrets = lib.mkIf cfg.isFullUser {
|
||||||
"passwords/ester" = {
|
"passwords/ester" = {
|
||||||
neededForUsers = true;
|
neededForUsers = true;
|
||||||
sopsFile = ../../secrets/user-passwords.yaml;
|
sopsFile = "${inputs.secrets}/user-passwords.yaml";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@
|
||||||
lib,
|
lib,
|
||||||
config,
|
config,
|
||||||
pkgs,
|
pkgs,
|
||||||
|
inputs,
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
cfg = config.users.eve;
|
cfg = config.users.eve;
|
||||||
|
|
@ -16,7 +17,7 @@ in {
|
||||||
sops.secrets = lib.mkIf cfg.isFullUser {
|
sops.secrets = lib.mkIf cfg.isFullUser {
|
||||||
"passwords/eve" = {
|
"passwords/eve" = {
|
||||||
neededForUsers = true;
|
neededForUsers = true;
|
||||||
sopsFile = ../../secrets/user-passwords.yaml;
|
sopsFile = "${inputs.secrets}/user-passwords.yaml";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
{
|
{
|
||||||
lib,
|
lib,
|
||||||
config,
|
config,
|
||||||
|
inputs,
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
cfg = config.users.leyla;
|
cfg = config.users.leyla;
|
||||||
|
|
@ -21,7 +22,7 @@ in {
|
||||||
sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) {
|
sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) {
|
||||||
"passwords/leyla" = {
|
"passwords/leyla" = {
|
||||||
neededForUsers = true;
|
neededForUsers = true;
|
||||||
sopsFile = ../../secrets/user-passwords.yaml;
|
sopsFile = "${inputs.secrets}/user-passwords.yaml";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue