switched submodule files to non flake input
This commit is contained in:
parent
ac14a781b2
commit
27b58dc288
2
.gitmodules
vendored
2
.gitmodules
vendored
|
|
@ -1,3 +1,3 @@
|
|||
[submodule "secrets"]
|
||||
path = secrets
|
||||
url = git@git.jan-leila.com:jan-leila/nix-config.git
|
||||
url = git@git.jan-leila.com:jan-leila/nix-config-secrets.git
|
||||
|
|
|
|||
|
|
@ -43,7 +43,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords.
|
|||
- join config for systemd.tmpfiles.rules and service directory bindings
|
||||
- monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml`
|
||||
- move applications in server environment into their own flakes
|
||||
- make subrepo a flake that gets imported (and then remove `path:` from build scripts)
|
||||
## New Features
|
||||
- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs)
|
||||
- fix pre commit hook
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
|
|
@ -77,7 +78,7 @@
|
|||
config = {
|
||||
sops.secrets = {
|
||||
"services/pi-hole" = {
|
||||
sopsFile = ../../secrets/defiant-services.yaml;
|
||||
sopsFile = "${inputs.secrets}/defiant-services.yaml";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
|||
18
flake.lock
18
flake.lock
|
|
@ -167,9 +167,27 @@
|
|||
"nix-vscode-extensions": "nix-vscode-extensions",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"secrets": "secrets",
|
||||
"sops-nix": "sops-nix"
|
||||
}
|
||||
},
|
||||
"secrets": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1727152771,
|
||||
"narHash": "sha256-GYtrV//xaqamqRynEaHJrbklliHyAN9/4NZRXBZlahs=",
|
||||
"ref": "main",
|
||||
"rev": "46172e93709498e57d188a1bd19349c28fe4e3e3",
|
||||
"revCount": 2,
|
||||
"type": "git",
|
||||
"url": "https://git.jan-leila.com/jan-leila/nix-config-secrets"
|
||||
},
|
||||
"original": {
|
||||
"ref": "main",
|
||||
"type": "git",
|
||||
"url": "https://git.jan-leila.com/jan-leila/nix-config-secrets"
|
||||
}
|
||||
},
|
||||
"sops-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
|
|
|
|||
|
|
@ -5,9 +5,14 @@
|
|||
# base packages
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
|
||||
# encrypt files that contain secreats that I would like to not encrypt
|
||||
# encrypt files that contain secrets that I would like to not encrypt
|
||||
sops-nix.url = "github:Mic92/sops-nix";
|
||||
|
||||
secrets = {
|
||||
url = "git+https://git.jan-leila.com/jan-leila/nix-config-secrets?ref=main";
|
||||
flake = false;
|
||||
};
|
||||
|
||||
# declairtive disk configuration
|
||||
disko = {
|
||||
url = "github:nix-community/disko";
|
||||
|
|
|
|||
|
|
@ -51,4 +51,4 @@ mkdir -p $temp$SOPS_AGE_KEY_DIRECTORY
|
|||
cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY
|
||||
|
||||
# commit number in this is because the main branch of nixos-anywhere is broken right now
|
||||
nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake "path:.#$flake" ${user:-nixos}@$target
|
||||
nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target
|
||||
|
|
|
|||
|
|
@ -58,9 +58,9 @@ user=${user:-$USER}
|
|||
# access secret files in the submodule this is kinda bad and we should find a way to not need it
|
||||
if [[ "$target" == "$(hostname)" ]];
|
||||
then
|
||||
nixos-rebuild $mode --use-remote-sudo --flake path:.#$flake
|
||||
nixos-rebuild $mode --use-remote-sudo --flake .#$flake
|
||||
else
|
||||
nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake path:.#$flake
|
||||
nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake .#$flake
|
||||
fi
|
||||
|
||||
if [ -d "result" ];
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}: let
|
||||
cfg = config.users.ester;
|
||||
|
|
@ -16,7 +17,7 @@ in {
|
|||
sops.secrets = lib.mkIf cfg.isFullUser {
|
||||
"passwords/ester" = {
|
||||
neededForUsers = true;
|
||||
sopsFile = ../../secrets/user-passwords.yaml;
|
||||
sopsFile = "${inputs.secrets}/user-passwords.yaml";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}: let
|
||||
cfg = config.users.eve;
|
||||
|
|
@ -16,7 +17,7 @@ in {
|
|||
sops.secrets = lib.mkIf cfg.isFullUser {
|
||||
"passwords/eve" = {
|
||||
neededForUsers = true;
|
||||
sopsFile = ../../secrets/user-passwords.yaml;
|
||||
sopsFile = "${inputs.secrets}/user-passwords.yaml";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
inputs,
|
||||
...
|
||||
}: let
|
||||
cfg = config.users.leyla;
|
||||
|
|
@ -21,7 +22,7 @@ in {
|
|||
sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) {
|
||||
"passwords/leyla" = {
|
||||
neededForUsers = true;
|
||||
sopsFile = ../../secrets/user-passwords.yaml;
|
||||
sopsFile = "${inputs.secrets}/user-passwords.yaml";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue