Merge branch 'main' of ssh://git.0x76.dev:42/v/infrastructure

2023-05-03 22:43:09 +02:00 · 2023-05-03 22:43:09 +02:00 · 9530854c01
commit 9530854c01
parent 6020657cc6 36d39dc8de
7 changed files with 52 additions and 87 deletions
--- a/flake.lock
+++ b/flake.lock
@ -515,24 +515,6 @@
        "type": "github"
      }
    },
    "hyprpaper": {
      "inputs": {
        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
        "lastModified": 1682542538,
        "narHash": "sha256-752hHXEGsvKdw1Hm2LoFfi6sj2zVxu2AuKi4sRA7HN0=",
        "owner": "hyprwm",
        "repo": "hyprpaper",
        "rev": "b4fdc0be52d7c3e48e932698bafc3f69dbd45b3b",
        "type": "github"
      },
      "original": {
        "owner": "hyprwm",
        "repo": "hyprpaper",
        "type": "github"
      }
    },
    "lowdown-src": {
      "flake": false,
      "locked": {
@ -634,7 +616,7 @@
    "nix": {
      "inputs": {
        "lowdown-src": "lowdown-src",
-        "nixpkgs": "nixpkgs_7",
+        "nixpkgs": "nixpkgs_6",
        "nixpkgs-regression": "nixpkgs-regression"
      },
      "locked": {
@ -799,22 +781,6 @@
        "type": "github"
      }
    },
    "nixpkgs_10": {
      "locked": {
        "lastModified": 1670507980,
        "narHash": "sha256-riNZa0xzM1it3pzxciwALeMs+0CsBMWIW2FqulzK8vM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "2787fc7d1e51404678614bf0fe92fc296746eec0",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1680668850,
@ -848,22 +814,6 @@
      }
    },
    "nixpkgs_3": {
      "locked": {
        "lastModified": 1674641431,
        "narHash": "sha256-qfo19qVZBP4qn5M5gXc/h1MDgAtPA5VxJm9s8RUAkVk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "9b97ad7b4330aacda9b2343396eb3df8a853b4fc",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_4": {
      "locked": {
        "lastModified": 1683109436,
        "narHash": "sha256-m66inegZHyF28OHFosKL/7F9YPflspVa9oZpKueMqj8=",
@ -879,7 +829,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_5": {
+    "nixpkgs_4": {
      "locked": {
        "lastModified": 1682526928,
        "narHash": "sha256-2cKh4O6t1rQ8Ok+v16URynmb0rV7oZPEbXkU0owNLQs=",
@ -895,7 +845,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_6": {
+    "nixpkgs_5": {
      "locked": {
        "lastModified": 1672580127,
        "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=",
@ -911,7 +861,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_7": {
+    "nixpkgs_6": {
      "locked": {
        "lastModified": 1645296114,
        "narHash": "sha256-y53N7TyIkXsjMpOG7RhvqJFGDacLs9HlyHeSTBioqYU=",
@ -927,7 +877,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_8": {
+    "nixpkgs_7": {
      "locked": {
        "lastModified": 1674736538,
        "narHash": "sha256-/DszFMkAgYyB9dTWKkoZa9i0zcrA6Z4hYrOr/u/FSxY=",
@ -941,7 +891,7 @@
        "type": "indirect"
      }
    },
-    "nixpkgs_9": {
+    "nixpkgs_8": {
      "locked": {
        "lastModified": 1682526928,
        "narHash": "sha256-2cKh4O6t1rQ8Ok+v16URynmb0rV7oZPEbXkU0owNLQs=",
@ -957,11 +907,27 @@
        "type": "github"
      }
    },
    "nixpkgs_9": {
      "locked": {
        "lastModified": 1670507980,
        "narHash": "sha256-riNZa0xzM1it3pzxciwALeMs+0CsBMWIW2FqulzK8vM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "2787fc7d1e51404678614bf0fe92fc296746eec0",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixvim": {
      "inputs": {
        "beautysh": "beautysh",
        "flake-utils": "flake-utils_2",
-        "nixpkgs": "nixpkgs_5",
+        "nixpkgs": "nixpkgs_4",
        "pre-commit-hooks": "pre-commit-hooks"
      },
      "locked": {
@ -1093,7 +1059,7 @@
      "inputs": {
        "fenix": "fenix",
        "naersk": "naersk_2",
-        "nixpkgs": "nixpkgs_6"
+        "nixpkgs": "nixpkgs_5"
      },
      "locked": {
        "lastModified": 1677774593,
@ -1114,11 +1080,10 @@
        "colmena": "colmena",
        "comma": "comma",
        "home-manager": "home-manager",
        "hyprpaper": "hyprpaper",
        "mailserver": "mailserver",
        "nixos-generators": "nixos-generators",
        "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_4",
+        "nixpkgs": "nixpkgs_3",
        "nixpkgs_22-11": "nixpkgs_22-11",
        "nixvim": "nixvim",
        "nur": "nur",
@ -1258,7 +1223,7 @@
        "flake-compat": "flake-compat_5",
        "flake-utils": "flake-utils_4",
        "nix": "nix",
-        "nixpkgs": "nixpkgs_8"
+        "nixpkgs": "nixpkgs_7"
      },
      "locked": {
        "lastModified": 1679628347,
@ -1277,7 +1242,7 @@
    "vault-unseal": {
      "inputs": {
        "flake-utils": "flake-utils_5",
-        "nixpkgs": "nixpkgs_9"
+        "nixpkgs": "nixpkgs_8"
      },
      "locked": {
        "lastModified": 1683013874,
@ -1296,7 +1261,7 @@
    "webcord": {
      "inputs": {
        "dream2nix": "dream2nix",
-        "nixpkgs": "nixpkgs_10",
+        "nixpkgs": "nixpkgs_9",
        "webcord": "webcord_2"
      },
      "locked": {
--- a/flake.nix
+++ b/flake.nix
@ -21,8 +21,6 @@
    home-manager.url = "github:nix-community/home-manager";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
    hyprpaper.url = "github:hyprwm/hyprpaper";
    riff.url = "github:DeterminateSystems/riff";
    webcord.url = "github:fufexan/webcord-flake";
@ -42,7 +40,7 @@
    vault-unseal.url = "git+https://git.0x76.dev/v/vault-unseal.git";
  };
-  outputs = { self, nixpkgs, nixpkgs_22-11, vault-secrets, colmena, hyprpaper
+  outputs = { self, nixpkgs, nixpkgs_22-11, vault-secrets, colmena
    , nixos-generators, nur, ... }@inputs:
    let
      inherit (nixpkgs) lib;
@ -59,12 +57,7 @@
      pkgs = import nixpkgs {
        inherit system;
-        overlays = [
+        overlays = [ (import ./nixos/pkgs) vault-secrets.overlay nur.overlay ];
          (import ./nixos/pkgs)
          vault-secrets.overlay
          hyprpaper.overlays.default
          nur.overlay
        ];
      };
      pkgs_22-11 = import nixpkgs_22-11 {
--- a/nixos/common/users/default.nix
+++ b/nixos/common/users/default.nix
@ -42,12 +42,9 @@
  # Setup packages available everywhere
  environment.systemPackages = with pkgs; [
    cmatrix
    fzf
    git
    helix
    htop
    lolcat
    ncdu
    psmisc
    ripgrep
--- a/nixos/common/users/laura.nix
+++ b/nixos/common/users/laura.nix
@ -10,4 +10,4 @@
    extraGroups = [ ];
  };
-}
+}
--- a/nixos/hosts/hades/lucy/configuration.nix
+++ b/nixos/hosts/hades/lucy/configuration.nix
@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 {
  imports = [ ./hardware-configuration.nix ];
@ -16,14 +16,21 @@
  system.stateVersion = "23.05"; # Did you read the comment?
  # Additional packages
-  environment.systemPackages = with pkgs; [ ];
+  environment.systemPackages = with pkgs; [
    gcc
    jq
    nuclei
    rustup
  ];
  networking.firewall.allowedTCPPorts = [ ];
-  boot.loader.grub.enable = true;
+  boot.loader.systemd-boot.enable = true;
-  boot.loader.grub.version = 2;
+  boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader.grub.device =  "/dev/sda";
+  boot.loader.efi.efiSysMountPoint = "/boot";
-  # Make laura admin
+  virtualisation.docker.enable = true;
-  users.extraUsers.laura.extraGroups = [ "wheel" ];
+
  users.extraUsers.laura.extraGroups = [ "wheel" "docker" ];
  users.extraUsers.victor.extraGroups = [ "docker" ];
 }
--- a/nixos/hosts/hades/lucy/hardware-configuration.nix
+++ b/nixos/hosts/hades/lucy/hardware-configuration.nix
@ -8,18 +8,18 @@
    [ (modulesPath + "/profiles/qemu-guest.nix")
    ];
-  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/96c00816-b297-41f2-bfc1-b8990fc06a7a";
+    { device = "/dev/disk/by-uuid/749c02fd-209d-4974-917e-38b749d10ec2";
      fsType = "ext4";
    };
  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/CDF3-36C9";
+    { device = "/dev/disk/by-uuid/D021-72EB";
      fsType = "vfat";
    };
@ -30,7 +30,7 @@
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp6s18.useDHCP = lib.mkDefault true
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
--- a/nixos/hosts/hades/nginx/configuration.nix
+++ b/nixos/hosts/hades/nginx/configuration.nix
@ -28,6 +28,7 @@ in {
  security.acme.acceptTerms = true;
  security.acme.preliminarySelfsigned = true;
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
@ -39,6 +40,8 @@ in {
    package = pkgs.nginxMainline;
    virtualHosts."cshub.nl" = proxy "http://192.168.0.113";
    virtualHosts."api.cshub.nl" = proxy "http://192.168.0.113";
    virtualHosts."ha.xirion.net" = proxy "http://192.168.0.129:8123";
    virtualHosts."xirion.net" = {
      enableACME = true;