Update from updated-inputs-2025-03-13-02-03
This commit is contained in:
Flake Update Bot
commit
06c34775b4
32
flake.nix
32
flake.nix
@ -131,37 +131,7 @@
|
||||
|
||||
packages = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: let
|
||||
pkgs = localNixpkgs.${system};
|
||||
in {
|
||||
inherit (pkgs)
|
||||
clerie-backup
|
||||
clerie-keys
|
||||
clerie-system-remote-install
|
||||
clerie-system-upgrade
|
||||
clerie-merge-nixfiles-update
|
||||
clerie-update-nixfiles
|
||||
clerie-sops
|
||||
clerie-sops-config
|
||||
clerie-sops-edit
|
||||
chromium-incognito
|
||||
factorio-launcher
|
||||
git-checkout-github-pr
|
||||
git-diff-word
|
||||
git-pp
|
||||
git-show-link
|
||||
harmonia
|
||||
iot-data
|
||||
nix-remove-result-links
|
||||
nixfiles-auto-install
|
||||
nixfiles-generate-config
|
||||
nixfiles-generate-backup-secrets
|
||||
nixfiles-update-ssh-host-keys
|
||||
print-afra
|
||||
run-with-docker-group
|
||||
ssh-gpg
|
||||
update-from-hydra
|
||||
uptimestatus
|
||||
xmppc;
|
||||
});
|
||||
in builtins.mapAttrs (name: value: pkgs."${name}") (import ./pkgs/pkgs.nix));
|
||||
|
||||
inherit lib self;
|
||||
|
||||
|
||||
@ -1,44 +0,0 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
let
|
||||
cb-mount = pkgs.writeScriptBin "cb-mount" ''
|
||||
#!${pkgs.bash}/bin/bash
|
||||
|
||||
DEVICE=/dev/disk/by-path/pci-0000:00:12.0-ata-2-part1
|
||||
|
||||
${pkgs.cryptsetup}/bin/cryptsetup luksOpen ''${DEVICE} external-drive
|
||||
mkdir -p /mnt/external-drive
|
||||
mount /dev/mapper/external-drive /mnt/external-drive
|
||||
|
||||
mkdir -p /mnt/external-drive/clerie-backup
|
||||
chown borg:borg -R /mnt/external-drive/clerie-backup
|
||||
'';
|
||||
|
||||
cb-unmount = pkgs.writeScriptBin "cb-unmount" ''
|
||||
#!${pkgs.bash}/bin/bash
|
||||
|
||||
umount /mnt/external-drive
|
||||
${pkgs.cryptsetup}/bin/cryptsetup luksClose external-drive
|
||||
'';
|
||||
|
||||
cb-prepare = pkgs.writeScriptBin "cb-prepare" ''
|
||||
echo "Formatting disk"
|
||||
sgdisk -Z /dev/disk/by-path/pci-0000:00:12.0-ata-2
|
||||
sgdisk -N 1 /dev/disk/by-path/pci-0000:00:12.0-ata-2
|
||||
partprobe /dev/disk/by-path/pci-0000:00:12.0-ata-2
|
||||
|
||||
echo "Creating encrypted partition"
|
||||
${pkgs.cryptsetup}/bin/cryptsetup luksFormat -c aes-xts-plain64 --hash=sha256 -s 256 /dev/disk/by-path/pci-0000:00:12.0-ata-2-part1
|
||||
|
||||
echo "Opening encrypted partition"
|
||||
${pkgs.cryptsetup}/bin/cryptsetup luksOpen /dev/disk/by-path/pci-0000:00:12.0-ata-2-part1 external-drive
|
||||
|
||||
echo "Creating file system"
|
||||
mkfs.ext4 /dev/mapper/external-drive
|
||||
|
||||
echo "Closing encrypted partition"
|
||||
${pkgs.cryptsetup}/bin/cryptsetup luksClose external-drive
|
||||
'';
|
||||
in {
|
||||
environment.systemPackages = [ cb-mount cb-unmount cb-prepare ];
|
||||
}
|
||||
@ -4,12 +4,31 @@
|
||||
imports =
|
||||
[
|
||||
./hardware-configuration.nix
|
||||
|
||||
./backup-scripts.nix
|
||||
];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.kernelParams = [ "console=ttyS0,115200n8" ];
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.device = "nodev";
|
||||
boot.loader.grub.efiSupport = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.loader.grub.extraConfig = "
|
||||
serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1
|
||||
terminal_input console serial
|
||||
terminal_output gfxterm serial
|
||||
";
|
||||
|
||||
boot.initrd.luks = {
|
||||
devices.lvm = {
|
||||
device = "/dev/disk/by-uuid/f5597381-b59b-4f19-94b7-fd69aac43d6f";
|
||||
bypassWorkqueues = true;
|
||||
};
|
||||
devices.crypt-storage-palladium = {
|
||||
device = "/dev/disk/by-uuid/c54396c0-b5d3-4e61-9ef7-483fa2b4a56d";
|
||||
};
|
||||
};
|
||||
|
||||
boot.swraid.enable = true;
|
||||
|
||||
networking.useDHCP = false;
|
||||
networking.interfaces.enp3s0.ipv6.addresses = [
|
||||
@ -24,33 +43,6 @@
|
||||
KERNEL=="sd?[0-9]", ENV{ID_MODEL}=="ST1000DM003-1SB102", ACTION=="add", RUN+="${pkgs.hdparm}/sbin/hdparm -S 24 /dev/%k"
|
||||
'';
|
||||
|
||||
services.borgbackup.repos = {
|
||||
clerie-backup = {
|
||||
path = "/mnt/palladium/clerie-backup";
|
||||
authorizedKeysAppendOnly = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFyk716RnbenPMkhLolyIkU8ywUSg8x7hjsXFFQoJx4I root@clerie-backup"
|
||||
];
|
||||
};
|
||||
external-drive = {
|
||||
path = "/mnt/external-drive/clerie-backup";
|
||||
authorizedKeysAppendOnly = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPuh74Esdp8JPgIZzM372DaCwtAl2QNtRratnIFG0NRB root@clerie-backup"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# Disable automatic directory creation for external-drive repo
|
||||
# The directory gets created by the disk formatting script
|
||||
# Correct permissons will be set right after mounting
|
||||
# This prevents borg from filling up the root drive when no drive is mounted
|
||||
systemd.services.borgbackup-repo-external-drive.enable = false;
|
||||
|
||||
clerie.monitoring = {
|
||||
enable = true;
|
||||
id = "206";
|
||||
pubkey = "fHOYNZ5I3E2JPrd9dUrNBmu75weX4KbDih5q+GCk8Xk=";
|
||||
};
|
||||
|
||||
system.stateVersion = "21.03";
|
||||
system.stateVersion = "25.05";
|
||||
|
||||
}
|
||||
|
||||
@ -9,26 +9,37 @@
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/b217f1e1-1337-4ef0-bad5-15829ba32c7a";
|
||||
{ device = "/dev/disk/by-uuid/fbd14cd4-e402-4ad6-b801-8826d6cfc0fb";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/7A6B-3444";
|
||||
{ device = "/dev/disk/by-uuid/8B45-EBB4";
|
||||
fsType = "vfat";
|
||||
options = [ "fmask=0022" "dmask=0022" ];
|
||||
};
|
||||
|
||||
fileSystems."/mnt/palladium" =
|
||||
{ device = "/dev/disk/by-uuid/f20d20ca-6be5-4b16-81fe-e66f31ffd108";
|
||||
fileSystems."/data" =
|
||||
{ device = "/dev/disk/by-uuid/e7c41c4d-89d8-4083-ac6e-abbccbebf551";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/6ca5e48f-9b99-4722-b21b-c6f298610157"; }
|
||||
];
|
||||
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
|
||||
@ -1,26 +0,0 @@
|
||||
{
|
||||
"wg-monitoring": "ENC[AES256_GCM,data:ip6L61RXAVxaPqizhNTr6zVvKgd40CAsgeNFoAXMARM1nl146ayHK2q7mhc=,iv:G4WLmcPpJOxTcW0bHuEwWmth6u8fYoH7GmpkMo8Z3TQ=,tag:xJ+wCVEUMdqfXPcwgr9WSw==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1tl2cd730ctn6jcgg0vf8c5gg9722umk30zwvcwxhejh26p3gt3ds92msyx",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNHllOHpoYkNyQXMwL002\nRDR4eFVRemc4bW8vYS9GWHFkcmpRbWFFc2tzCmFjV1ZNTzhOYjM4VWltRGhaQ0RP\naC9vN2hrM3NSTDlSd1ZJTldXamJ4NUUKLS0tIDFuUzRKWWQrUFU1SXNqdEV2R1lM\nWXU1by9rYTBINTVralo0TTJmSEZHMm8KYEggCHnOyMcQSdJ9+Ujf61OANuja0ZIf\n+wa9ugc2OZrOYepkjN5X/bETdKfU33pIAL208N9HcOttfhcZq70yUQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-05-10T13:25:28Z",
|
||||
"mac": "ENC[AES256_GCM,data:fLw0q9h+rlAAiXjtCJeGPi0COEt/UvApRiOpE+ydSrD/jXy+vh2OVW57UZPRBCP1mWtqfUJLiT1BZyOWor7dsPfTvaxCQmYhGcKBLucFEaiUovGgVjxJloD8hDJvSG9SJnlIiDobMsG87MsEWpi70oAbQu3/d4JT1BPSaRpvsjI=,iv:iS7tFqZMa0OzA5ASKPS6CSNTJYYJ0zhjLmBcipjLapg=,tag:Lspazw8Pi5Dxqcrk35A6tA==,type:str]",
|
||||
"pgp": [
|
||||
{
|
||||
"created_at": "2024-05-10T13:25:16Z",
|
||||
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ/+KsEUiNCgfajBMEEFsqHqNG3utLNQSLOd6VX/Rk56CjT9\nUtfiCdZCSzrtyT3Anu72auTJ+PHNAVhhHPcDiUcwY9JYXEXNETzEn0U/byS+kvOD\nNTpcpR1gSxJCj1aDqDDpfQQ02hSpKO4iw0B71gKcekUXcD2AQeeW0Djq60CusWVk\nRgC3odnyTr1CN1+JRtKVZKIa78rfOkyhmFP2G2gvsSHhUBd5RtMhJdfYVUTMIKXO\nQFB2IGCoIzE0zDitCcAZ8q6Dc8lBuAvNSiVkFanJn7e7etU3JwDhYsZKRO7jvNX3\nmjHnQ9vf0idCWAi0oabZQ1OGdwPbtjssxmQkzzR8R/paw+iRB50i1UG3/5ehXTV4\nTp/2rEwrsF8jO1bahTcrJirR7RPLEy2BvJ4ALzmEYrIoEwWuCIexrY+e2C2rXpy5\nK2+9Ch0YCaz8sc700bgO5ZkyvnmnbVJxGCaMGQtT9LXiEWvc36sUXhbEGJ0K782Z\n7uVFRs4xWsrUQHo8lFTfW/vLZDq7FvkGnDf5xnoEJp4BNYvYmMmsFiaygkbbqEdH\n2aHRCam9q5zcuBq+aA40KI1P4adIFgij+fijwQ+019JrfaMEXcmwgtOfkb2OZNOF\nXQ3tRgYLaxSae7BYJA4uTaFq60kpp1c8qgxw3WKPEiHywtl/SaPcx1XD9VJoVTGF\nAgwDvZ9WSAhwutIBD/9O0inQ/HmpwtD1AnE89SuZNuGQty71LVhX2PQQWsUdQOuz\ndKZN1wy6UxIImFGisBodUH+48k1DjbkDjL5cLSAUOt9OhAxW2Ubp6HA6wDJPqWj1\nYQMHKmHlf2zh5G1qTUXV3NNw6hSaWejVDS73WNODv1WfUFXrPN9DVLaPsS/RJo2Q\nAoDG/iedeQhIIBwrLIcQ8ttjv9MTI1GzsNRC/CjxQpDnHabqQzFzenjnVRLDXcmr\nwfw0HeTPeNh+pLYb+sBqzGUP0j1GWui99/6NUeo/TloBWJbIung4wq23gYZbHn+K\nbWJSxSy980mvjCXiRukzXlNJMwLZDVoBlPQSbe/pOApHM9HTScZ+3VcLlYOPjgZk\nhnCvFNm+4/00ZgF+tcvLOugIfqwxvOuqW4gGGhNAycHinJZuSfDHYe6zCfEiqc7t\nnHlbhNvlhC8zDu+fOurC2ju5eGv8LqFiobfsBFVdKpl9Gj7yg00S+QmjBcz0lkE9\n1BftwEQaj+r4EDa4cJHSgP+K76utv4Xzt9hHZZJo7hvii+lGxFI7rBm0xbV5bSuY\ntOhN6d98HH2++AoXufIW5vmnydGk2NXu7O8vi6sQWzoqed84ZHbJDWLQawQ8YQlR\nkbht2PzH4+rq1oOVHbLslxWkYF9WMsQRUef6ALNpys/Dj8N54gEN4RTV+SxIVoUC\nDAM1GWv08EiACgEP/1eiG0aASQogSByxl8ZbRjRg768YVR1fwTa8GG5tE7wfcGiI\njZF2TI+yQWt7gRS4AKNm1gfWEEjCH1tBOj53/Wfwn9ZuGoNqboA2jgsh2rnVVSXR\nOdXK3is/FMh9JREr669be83nnQ8fNP8nIz3snEvKVYVGcdsdkDXBz4GKmJx52NNb\nauL+4w14/0PydCVH/njsFY8FyWqP9lUFgpJU8jHjX28oTB3khwWrDs0THwqilTFn\nhFjgeCy555zeh5rDpBDPdPbLUNd094RB15zaKzn2dC15F8DMCLoA9ASNET7S/+u3\n1SjvI4XnOpxK9hyETcwjzbWJc2gV7U38VqxhQW9Vch3AvXOufMMTm6cobLjiwxjF\nl3XTMJ5GvHDZXCwrGEapy9GbHQjbd9yi0iFgfSGV4nkNmCj1jtAMUngdCqELDVU2\nZe3a8IeJswlTteGlXAM5mwnDaegMsiD/vwsq5Rtl0gs3iI3uIN4RFXuvxP+UeJ/c\ndJWqpF8vcQI4qGN3kxgB30I7mUiz1aggv5uw6nDWRJHTQKLeOkV8ssTq4FLs4XYL\n4z4qmMT5i+8bGu575py/LRDjvXBldeitnQj1jAN2y/uPNVWsZqU3S+OkEosYIgSQ\njAe3N0EyH5k3j7j43x91toYOCAkulAuPkox6GyUKKq4dCPWxg9fqQ8u4PaSN1GYB\nCQIQ3+GP0DNWupTIkTS4Bk1LwbT99lyr2DyExqb2pgXmzn05Qs6CE4+jcIxXnmUQ\nzCl6PLiw+DJ1nq5gKtTrkO96HtHGyfPiUunDZXty1/zNltYjedk7ebkWF3LNXBhE\nK38c6yE=\n=w0Nn\n-----END PGP MESSAGE-----",
|
||||
"fp": "0C982F87B7AFBA0F504F90A2629E741947C87928"
|
||||
}
|
||||
],
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.8.1"
|
||||
}
|
||||
}
|
||||
@ -1 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBc/YTf80MjyVeApOecOlxORIlwCaWtJNWtfggc0B374
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0ZrGvZqxqsGEl2+YNnL5JNpeRc3y0DgqZAkuayfeso
|
||||
|
||||
@ -1,31 +1 @@
|
||||
final: prev: {
|
||||
clerie-backup = final.callPackage ./clerie-backup {};
|
||||
clerie-keys = final.callPackage ./clerie-keys {};
|
||||
clerie-system-remote-install = final.callPackage ./clerie-system-remote-install {};
|
||||
clerie-system-upgrade = final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {};
|
||||
clerie-merge-nixfiles-update = final.callPackage ./clerie-update-nixfiles/clerie-merge-nixfiles-update.nix {};
|
||||
clerie-sops = final.callPackage ./clerie-sops/clerie-sops.nix {};
|
||||
clerie-sops-config = final.callPackage ./clerie-sops/clerie-sops-config.nix {};
|
||||
clerie-sops-edit = final.callPackage ./clerie-sops/clerie-sops-edit.nix {};
|
||||
clerie-update-nixfiles = final.callPackage ./clerie-update-nixfiles/clerie-update-nixfiles.nix {};
|
||||
chromium-incognito = final.callPackage ./chromium-incognito {};
|
||||
factorio-launcher = final.callPackage ./factorio-launcher {};
|
||||
feeds-dir = final.callPackage ./feeds-dir {};
|
||||
git-checkout-github-pr = final.callPackage ./git-checkout-github-pr {};
|
||||
git-diff-word = final.callPackage ./git-diff-word {};
|
||||
git-pp = final.callPackage ./git-pp {};
|
||||
git-show-link = final.callPackage ./git-show-link {};
|
||||
iot-data = final.python3.pkgs.callPackage ./iot-data {};
|
||||
nix-remove-result-links = final.callPackage ./nix-remove-result-links {};
|
||||
nixfiles-auto-install = final.callPackage ./nixfiles/nixfiles-auto-install.nix {};
|
||||
nixfiles-generate-config = final.callPackage ./nixfiles/nixfiles-generate-config.nix {};
|
||||
nixfiles-generate-backup-secrets = final.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {};
|
||||
nixfiles-update-ssh-host-keys = final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
|
||||
print-afra = final.callPackage ./print-afra {};
|
||||
run-with-docker-group = final.callPackage ./run-with-docker-group {};
|
||||
ssh-gpg = final.callPackage ./ssh-gpg {};
|
||||
update-from-hydra = final.callPackage ./update-from-hydra {};
|
||||
uptimestatus = final.python3.pkgs.callPackage ./uptimestatus {};
|
||||
|
||||
xmppc = import ./overrides/xmppc.nix final prev;
|
||||
}
|
||||
final: prev: builtins.mapAttrs (name: value: value final prev) (import ./pkgs.nix)
|
||||
|
||||
31
pkgs/pkgs.nix
Normal file
31
pkgs/pkgs.nix
Normal file
@ -0,0 +1,31 @@
|
||||
{
|
||||
clerie-backup = final: prev: final.callPackage ./clerie-backup {};
|
||||
clerie-keys = final: prev: final.callPackage ./clerie-keys {};
|
||||
clerie-system-remote-install = final: prev: final.callPackage ./clerie-system-remote-install {};
|
||||
clerie-system-upgrade = final: prev: final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {};
|
||||
clerie-merge-nixfiles-update = final: prev: final.callPackage ./clerie-update-nixfiles/clerie-merge-nixfiles-update.nix {};
|
||||
clerie-sops = final: prev: final.callPackage ./clerie-sops/clerie-sops.nix {};
|
||||
clerie-sops-config = final: prev: final.callPackage ./clerie-sops/clerie-sops-config.nix {};
|
||||
clerie-sops-edit = final: prev: final.callPackage ./clerie-sops/clerie-sops-edit.nix {};
|
||||
clerie-update-nixfiles = final: prev: final.callPackage ./clerie-update-nixfiles/clerie-update-nixfiles.nix {};
|
||||
chromium-incognito = final: prev: final.callPackage ./chromium-incognito {};
|
||||
factorio-launcher = final: prev: final.callPackage ./factorio-launcher {};
|
||||
feeds-dir = final: prev: final.callPackage ./feeds-dir {};
|
||||
git-checkout-github-pr = final: prev: final.callPackage ./git-checkout-github-pr {};
|
||||
git-diff-word = final: prev: final.callPackage ./git-diff-word {};
|
||||
git-pp = final: prev: final.callPackage ./git-pp {};
|
||||
git-show-link = final: prev: final.callPackage ./git-show-link {};
|
||||
iot-data = final: prev: final.python3.pkgs.callPackage ./iot-data {};
|
||||
nix-remove-result-links = final: prev: final.callPackage ./nix-remove-result-links {};
|
||||
nixfiles-auto-install = final: prev: final.callPackage ./nixfiles/nixfiles-auto-install.nix {};
|
||||
nixfiles-generate-config = final: prev: final.callPackage ./nixfiles/nixfiles-generate-config.nix {};
|
||||
nixfiles-generate-backup-secrets = final: prev: final.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {};
|
||||
nixfiles-update-ssh-host-keys = final: prev: final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
|
||||
print-afra = final: prev: final.callPackage ./print-afra {};
|
||||
run-with-docker-group = final: prev: final.callPackage ./run-with-docker-group {};
|
||||
ssh-gpg = final: prev: final.callPackage ./ssh-gpg {};
|
||||
update-from-hydra = final: prev: final.callPackage ./update-from-hydra {};
|
||||
uptimestatus = final: prev: final.python3.pkgs.callPackage ./uptimestatus {};
|
||||
|
||||
xmppc = final: prev: import ./overrides/xmppc.nix final prev;
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user