From 1c4b5c4174093fe84da9040d101c5d7ce77cc828 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 22 Jun 2023 00:07:21 +0200 Subject: treewide: fixup stockholm lib, explicit dependencies and impure quirks --- 2configs/backup/state.nix | 8 +++++--- 2configs/git/brain-retiolum.nix | 5 ++--- 2configs/gui/not-gnome.nix | 2 ++ 2configs/home-manager/desktop.nix | 4 ++-- 2configs/remote-build/aarch64-community.nix | 2 ++ 2configs/secrets/default.nix | 3 ++- 2configs/secrets/user-passwords.nix | 10 ++++++++-- 2configs/share/default.nix | 4 ++-- 2configs/tools/dev.nix | 4 ++-- 2configs/tools/games.nix | 3 ++- 2configs/tools/mobility.nix | 3 ++- 2configs/wireguard/wiregrill.nix | 5 ++++- 12 files changed, 35 insertions(+), 18 deletions(-) (limited to '2configs') diff --git a/2configs/backup/state.nix b/2configs/backup/state.nix index 1143708bf..2dc832420 100644 --- a/2configs/backup/state.nix +++ b/2configs/backup/state.nix @@ -1,11 +1,13 @@ { config, ... }: # back up all state let - sec = toString ; - sshkey = sec + "/borg.priv"; - phrase = sec + "/borg.pw"; + sshkey = config.sops.secrets."borg.priv".path; + phrase = config.sops.secrets."borg.pw".path; in { + sops.secrets."borg.priv" = {}; + sops.secrets."borg.pw" = {}; + services.borgbackup.jobs.state = { repo = "borg-${config.krebs.build.host.name}@backup.makefu.r:."; paths = config.state; diff --git a/2configs/git/brain-retiolum.nix b/2configs/git/brain-retiolum.nix index 3be3fccef..5db6cb0ba 100644 --- a/2configs/git/brain-retiolum.nix +++ b/2configs/git/brain-retiolum.nix @@ -1,6 +1,5 @@ -{ config, lib, pkgs, ... }: -# TODO: remove tv lib :) -with import ; +{ config, lib, pkgs, stockholm, ... }: +with stockholm.lib; let repos = krebs-repos; diff --git a/2configs/gui/not-gnome.nix b/2configs/gui/not-gnome.nix index 2e22c66cd..1aa3e9edc 100644 --- a/2configs/gui/not-gnome.nix +++ b/2configs/gui/not-gnome.nix @@ -20,6 +20,8 @@ drawThickness=0 filenamePattern=%F_%T_shot ''; + + users.users.${config.krebs.build.user.name}.packages = [ pkgs.clipit ]; systemd.user.services.clipit = { Unit = { Description = "clipboard manager"; diff --git a/2configs/home-manager/desktop.nix b/2configs/home-manager/desktop.nix index 7442ab618..cd2101ccf 100644 --- a/2configs/home-manager/desktop.nix +++ b/2configs/home-manager/desktop.nix @@ -2,7 +2,7 @@ { - users.users.makefu.packages = with pkgs;[ bat direnv clipit ]; + users.users.makefu.packages = with pkgs;[ bat direnv ]; home-manager.users.makefu = { programs.beets.enable = true; programs.firefox = { @@ -23,5 +23,5 @@ "kjacjjdnoddnpbbcjilcajfhhbdhkpgk" # forest ]; }; - + }; } diff --git a/2configs/remote-build/aarch64-community.nix b/2configs/remote-build/aarch64-community.nix index 9c2155798..5050be63d 100644 --- a/2configs/remote-build/aarch64-community.nix +++ b/2configs/remote-build/aarch64-community.nix @@ -1,4 +1,6 @@ +{ config, ... }: { + sops.secrets."nixos-community" = {}; nix = { distributedBuilds = true; buildMachines = [ diff --git a/2configs/secrets/default.nix b/2configs/secrets/default.nix index f6596be12..45c7983d8 100644 --- a/2configs/secrets/default.nix +++ b/2configs/secrets/default.nix @@ -1,4 +1,5 @@ +{ config, ... }: { - sops.defaultSopsFile = ../../secrets/common.yaml; + sops.defaultSopsFile = ../.. + "/secrets/${config.krebs.build.host.name}.yaml"; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; } diff --git a/2configs/secrets/user-passwords.nix b/2configs/secrets/user-passwords.nix index 960d99d64..776d08340 100644 --- a/2configs/secrets/user-passwords.nix +++ b/2configs/secrets/user-passwords.nix @@ -3,8 +3,14 @@ imports = [ ./default.nix ]; sops.secrets = { - "passwd/makefu".neededForUsers = true; - "passwd/root".neededForUsers = true; + "passwd/makefu" = { + neededForUsers = true; + sopsFile = ../../secrets/common.yaml; + }; + "passwd/root" = { + neededForUsers = true; + sopsFile = ../../secrets/common.yaml; + }; }; users.users = { diff --git a/2configs/share/default.nix b/2configs/share/default.nix index a1ad349b9..6485fa1d5 100644 --- a/2configs/share/default.nix +++ b/2configs/share/default.nix @@ -1,5 +1,5 @@ -{ config, lib, ... }: -with import ; +{ config, lib, stockholm, ... }: +with stockholm.lib; let base-dir = config.services.rtorrent.downloadDir; in { diff --git a/2configs/tools/dev.nix b/2configs/tools/dev.nix index 0747934b8..89f609d7d 100644 --- a/2configs/tools/dev.nix +++ b/2configs/tools/dev.nix @@ -20,7 +20,7 @@ # nix related nix-index nix-review - brain + # brain whatsupnix nixpkgs-pytools nixpkgs-fmt @@ -28,7 +28,7 @@ # git-related git-preview tig - (pkgs.callPackage ./init-host {}) + # (pkgs.callPackage ./init-host {}) # used more than once imagemagick qrencode diff --git a/2configs/tools/games.nix b/2configs/tools/games.nix index 57a1dba1e..87261e70c 100644 --- a/2configs/tools/games.nix +++ b/2configs/tools/games.nix @@ -5,7 +5,8 @@ # ./steam.nix ]; users.users.makefu.packages = with pkgs; [ - games-user-env + # kaputt: + # games-user-env wine pkg2zip steam diff --git a/2configs/tools/mobility.nix b/2configs/tools/mobility.nix index fd7ce6ab8..9f067d21b 100644 --- a/2configs/tools/mobility.nix +++ b/2configs/tools/mobility.nix @@ -5,7 +5,8 @@ mosh sshfs rclone - (pkgs.callPackage ./secrets.nix {}) + + # (pkgs.callPackage ./secrets.nix {}) opensc pcsctools libu2f-host ]; diff --git a/2configs/wireguard/wiregrill.nix b/2configs/wireguard/wiregrill.nix index 27984d41b..ec7c6f9c5 100644 --- a/2configs/wireguard/wiregrill.nix +++ b/2configs/wireguard/wiregrill.nix @@ -31,6 +31,9 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) { }; }; + # host secret + sops.secrets."wiregrill.key" = {}; + services.dnsmasq = mkIf isRouter { enable = true; resolveLocalQueries = false; @@ -87,7 +90,7 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) { (optional (!isNull self.ip4) self.ip4.addr) ++ (optional (!isNull self.ip6) self.ip6.addr); listenPort = self.wireguard.port; - privateKeyFile = (toString ) + "/wiregrill.key"; + privateKeyFile = config.sops.secrets."wiregrill.key".path; allowedIPsAsRoutes = true; peers = mapAttrsToList (_: host: { -- cgit v1.2.3 [cgit] Unable to lock slot /tmp/cgit/f5300000.lock: No such file or directory (2)