clerie/nixfiles
1
0
Fork 0
Code Activity

Update from updated-inputs-2025-06-29-01-03

Browse Source
This commit is contained in:
Flake Update Bot
2025-06-29 03:04:08 +02:00
parent e41dd5d155 cd3d0bd039
commit e03f4f80eb
17 changed files with 243 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
configuration/desktop/xserver.nix
View File

@@ -2,8 +2,8 @@
{
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
services.displayManager.gdm.enable = true;
services.desktopManager.gnome.enable = true;
services.xserver.excludePackages = with pkgs; [
xterm

110
flake.lock generated
View File

@@ -269,11 +269,11 @@
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1748520450,
"narHash": "sha256-thTwt6c/qdLg65urUWSENbmwf/ofvujpFNNTcF+iZvI=",
"lastModified": 1750779764,
"narHash": "sha256-JTvJf12NfmiJg+k8zPAvvJIHWA8lzL5SBssQxkwZTwE=",
"ref": "lix-2.93",
"rev": "509c94cdb7e11d48e67a5a68c0d5fadfcda7bad5",
"revCount": 4257,
"rev": "175d4c80943403f352ad3ce9ee9a93475a154b91",
"revCount": 4259,
"type": "git",
"url": "https://git.lix.systems/lix-project/hydra.git"
},
@@ -290,6 +290,9 @@
"flake-compat"
],
"nix2container": "nix2container",
"nix_2_18": [
"hydra"
],
"nixpkgs": [
"hydra",
"nixpkgs"
@@ -298,11 +301,11 @@
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1747597901,
"narHash": "sha256-jS+P57tXZEl+zvPfEIHFbd1j3xfuWcrcMrcnbm9wWbE=",
"lastModified": 1750762203,
"narHash": "sha256-LmQhjQ7c+AOkwhvR9GFgJOy8oHW35MoQRELtrwyVnPw=",
"ref": "release-2.93",
"rev": "33eaaf02fd3f380e99032b25e741eeeb10573cad",
"revCount": 17846,
"rev": "38b358ce27203f972faa2973cf44ba80c758f46e",
"revCount": 17866,
"type": "git",
"url": "https://git.lix.systems/lix-project/lix"
},
@@ -324,11 +327,11 @@
]
},
"locked": {
"lastModified": 1748254718,
"narHash": "sha256-Uf6HNA0JctJH4ZdrZ/xb185mT0/XusLxnric9Xhg7Es=",
"lastModified": 1750776670,
"narHash": "sha256-EfA5K5EZAnspmraJrXQlziffVpaT+QDBiE6yKmuaNNQ=",
"ref": "release-2.93",
"rev": "3855614ceafe562393472cca5fb2005297889a75",
"revCount": 143,
"rev": "c3c78a32273e89d28367d8605a4c880f0b6607e3",
"revCount": 146,
"type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module.git"
},
@@ -342,6 +345,7 @@
"inputs": {
"flake-compat": "flake-compat_2",
"nix2container": "nix2container_2",
"nix_2_18": "nix_2_18",
"nixpkgs": [
"nixpkgs"
],
@@ -349,11 +353,11 @@
"pre-commit-hooks": "pre-commit-hooks_2"
},
"locked": {
"lastModified": 1747597901,
"narHash": "sha256-jS+P57tXZEl+zvPfEIHFbd1j3xfuWcrcMrcnbm9wWbE=",
"lastModified": 1750762203,
"narHash": "sha256-LmQhjQ7c+AOkwhvR9GFgJOy8oHW35MoQRELtrwyVnPw=",
"ref": "release-2.93",
"rev": "33eaaf02fd3f380e99032b25e741eeeb10573cad",
"revCount": 17846,
"rev": "38b358ce27203f972faa2973cf44ba80c758f46e",
"revCount": 17866,
"type": "git",
"url": "https://git.lix.systems/lix-project/lix.git"
},
@@ -363,6 +367,22 @@
"url": "https://git.lix.systems/lix-project/lix.git"
}
},
"lowdown-src": {
"flake": false,
"locked": {
"lastModified": 1633514407,
"narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
"owner": "kristapsdz",
"repo": "lowdown",
"rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
"type": "github"
},
"original": {
"owner": "kristapsdz",
"repo": "lowdown",
"type": "github"
}
},
"mitel-ommclient2": {
"inputs": {
"nixpkgs": [
@@ -416,6 +436,34 @@
"type": "github"
}
},
"nix_2_18": {
"inputs": {
"flake-compat": [
"lix",
"flake-compat"
],
"lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs_4",
"nixpkgs-regression": [
"lix",
"nixpkgs-regression"
]
},
"locked": {
"lastModified": 1730375271,
"narHash": "sha256-RrOFlDGmRXcVRV2p2HqHGqvzGNyWoD0Dado/BNlJ1SI=",
"owner": "NixOS",
"repo": "nix",
"rev": "0f665ff6779454f2117dcc32e44380cda7f45523",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "2.18.9",
"repo": "nix",
"type": "github"
}
},
"nixos-exporter": {
"inputs": {
"nixpkgs": [
@@ -550,11 +598,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1748437600,
"narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=",
"lastModified": 1750622754,
"narHash": "sha256-kMhs+YzV4vPGfuTpD3mwzibWUE6jotw5Al2wczI0Pv8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7282cb574e0607e65224d33be8241eae7cfe0979",
"rev": "c7ab75210cb8cb16ddd8f290755d9558edde7ee1",
"type": "github"
},
"original": {
@@ -566,11 +614,27 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1750776420,
"narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=",
"lastModified": 1705033721,
"narHash": "sha256-K5eJHmL1/kev6WuqyqqbS1cdNnSidIZ3jeqJ7GbrYnQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf",
"rev": "a1982c92d8980a0114372973cbdfe0a307f1bdea",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1751011381,
"narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7",
"type": "github"
},
"original": {
@@ -665,7 +729,7 @@
"lix-module": "lix-module",
"nixos-exporter": "nixos-exporter",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_5",
"nixpkgs-0dc1c7": "nixpkgs-0dc1c7",
"nurausstieg": "nurausstieg",
"rainbowrss": "rainbowrss",

18
flake.nix
View File

@@ -70,7 +70,6 @@
};
outputs = { self, nixpkgs, nixos-hardware, chaosevents, fernglas, nixos-exporter, solid-xmpp-alarm, ssh-to-age, ... }@inputs: let
lib = import ./lib inputs;
helper = lib.flake-helper;
localNixpkgs = import ./flake/nixpkgs.nix inputs;
in {
clerie.hosts = {
@@ -135,14 +134,21 @@
};
overlays = {
nixfilesInputs = import ./flake/overlay.nix inputs;
clerie = import ./pkgs/overlay.nix;
default = self.overlays.clerie;
clerie-inputs = import ./flake/inputs-overlay.nix inputs;
clerie-pkgs = import ./pkgs/overlay.nix;
clerie-build-support = import ./pkgs/build-support/overlay.nix;
clerie-overrides = import ./pkgs/overrides/overlay.nix;
};
packages = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: let
packages = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system:
let
pkgs = localNixpkgs.${system};
in builtins.mapAttrs (name: value: pkgs."${name}") (import ./pkgs/pkgs.nix));
in
nixpkgs.lib.genAttrs (
(builtins.attrNames (self.overlays.clerie-pkgs null null))
++ (builtins.attrNames (self.overlays.clerie-overrides null null))
) (name: pkgs."${name}")
);
inherit lib self;

0
flake/overlay.nix → flake/inputs-overlay.nix
View File

23
flake/nixosConfigurations.nix
View File

@@ -10,34 +10,13 @@ let
group ? null,
modules ? [],
}: let
localNixpkgs = nixpkgs.lib.attrByPath [ "nixpkgs-${name}" ] nixpkgs inputs;
in localNixpkgs.lib.nixosSystem {
in self.lib.nixosSystem {
system = system;
modules = modules ++ [
self.nixosModules.nixfilesInputs
self.nixosModules.clerie
self.nixosModules.profiles
({ config, lib, ... }: {
# Set hostname
networking.hostName = lib.mkDefault name;
# Apply overlays
nixpkgs.overlays = [
self.overlays.nixfilesInputs
self.overlays.clerie
];
/*
Make the contents of the flake availiable to modules.
Useful for having the monitoring server scraping the
target config from all other servers automatically.
*/
_module.args = {
inputs = inputs;
_nixfiles = self;
};
# Expose host group to monitoring
clerie.monitoring = nixpkgs.lib.attrsets.optionalAttrs (group != null) { serviceLevel = group; };

6
flake/nixpkgs.nix
View File

@@ -8,8 +8,10 @@ let
import nixpkgs {
inherit system;
overlays = [
self.overlays.nixfilesInputs
self.overlays.clerie
self.overlays.clerie-inputs
self.overlays.clerie-pkgs
self.overlays.clerie-build-support
self.overlays.clerie-overrides
];
};

2
hosts/web-2/clerie.nix
View File

@@ -27,7 +27,7 @@
root = pkgs.clerie-keys;
};
locations."= /ssh/known_hosts" = {
alias = pkgs.writeText "known_hosts" (import ../../lib/ssh-known-hosts.nix);
alias = pkgs.clerie-ssh-known-hosts + "/known_hosts";
extraConfig = ''
types { }
default_type "text/plain; charset=utf-8";

1
lib/default.nix
View File

@@ -8,6 +8,7 @@ let
lib = {
clerie-monitoring-ids = callLibs ./clerie-monitoring-ids.nix;
nixosSystem = callLibs ./nixosSystem.nix;
};
in

22
lib/link-local-wireguard.nix
View File

@@ -1,22 +0,0 @@
{ ... }:
rec {
llIPv6 = localIP: peerIP: interface: {
ips = [
"${localIP}/128"
];
postSetup = ''
ip -6 route flush dev ${interface}
ip addr del dev ${interface} ${localIP}/128 && ip addr add dev ${interface} ${localIP}/128 peer ${peerIP}/128
'';
};
llIPv4 = localIP: peerIP: interface: {
ips = [
"${localIP}/32"
];
postSetup = ''
ip -4 route flush dev ${interface}
ip addr del dev ${interface} ${localIP}/32 && ip addr add dev ${interface} ${localIP}/32 peer ${peerIP}/32
'';
};
}

41
lib/nixosSystem.nix Normal file
View File

@@ -0,0 +1,41 @@
{
inputs,
self,
...
}:
/*
nixfiles.lib.nixosSystem, like nixpkgs.lib.nixosSystem but
with nixfiles overlays and modules already populated
*/
{
system ? null,
pkgs ? null,
modules ? [],
...
}@args:
let
localNixpkgs = import ../flake/nixpkgs.nix inputs;
in inputs.nixpkgs.lib.nixosSystem ({
system = system;
pkgs = if pkgs != null then pkgs else localNixpkgs.${system};
modules = [
self.nixosModules.nixfilesInputs
self.nixosModules.clerie
self.nixosModules.profiles
({ config, lib, ... }: {
/*
Make the contents of the flake availiable to modules.
Useful for having the monitoring server scraping the
target config from all other servers automatically.
*/
_module.args = {
inputs = inputs;
_nixfiles = self;
};
})
] ++ modules;
} // builtins.removeAttrs args [ "system" "pkgs" "modules" ] )

7
pkgs/build-support/overlay.nix Normal file
View File

@@ -0,0 +1,7 @@
final: prev:
{
clerie-build-support = {
writePythonScript = final.callPackage ./writePythonScript.nix {};
};
}

37
pkgs/build-support/writePythonScript.nix Normal file
View File

@@ -0,0 +1,37 @@
{
python3,
writeTextFile,
lib,
}:
{
name,
text,
runtimePackages ? ps: [],
pythonPackage ? python3,
meta ? {},
passthru ? {},
derivationArgs ? {},
}:
let
pythonWithPackages = pythonPackage.withPackages runtimePackages;
in writeTextFile {
inherit
name
meta
passthru
derivationArgs
;
executable = true;
destination = "/bin/${name}";
allowSubstitutes = true;
preferLocalBuild = false;
text = ''
#!${lib.getExe pythonWithPackages}
${text}
'';
}

17
lib/ssh-known-hosts.nix → pkgs/clerie-ssh-known-hosts/default.nix
View File

@@ -1,13 +1,22 @@
{
writeTextFile,
}:
let
stripR = str: if (builtins.substring ((builtins.stringLength str) - 1) (builtins.stringLength str) str) == "\n" then stripR (builtins.substring 0 ((builtins.stringLength str) - 1) str) else str;
hostsWithSshPubkey = builtins.filter (hostname: (builtins.substring 0 1 hostname) != "_" && builtins.pathExists (../hosts + "/${hostname}/ssh.pub")) (builtins.attrNames (builtins.readDir ../hosts));
hostsWithSshPubkey = builtins.filter (hostname: (builtins.substring 0 1 hostname) != "_" && builtins.pathExists (../../hosts + "/${hostname}/ssh.pub")) (builtins.attrNames (builtins.readDir ../../hosts));
sshkeyList = map (hostname: {
name = hostname;
sshPubkey = stripR (builtins.readFile (../hosts + "/${hostname}/ssh.pub"));
sshPubkey = stripR (builtins.readFile (../../hosts + "/${hostname}/ssh.pub"));
}) hostsWithSshPubkey;
knownHosts = builtins.concatStringsSep "" (builtins.map ({name, sshPubkey}: ''
${name} ${sshPubkey}
${name}.net.clerie.de ${sshPubkey}
'') sshkeyList);
in
knownHosts
in writeTextFile {
name = "clerie-ssh-known-hosts";
destination = "/known_hosts";
allowSubstitutes = true;
preferLocalBuild = false;
text = knownHosts;
}

11
pkgs/git-show-link/default.nix
View File

@@ -1,13 +1,6 @@
{ pkgs, ... }:
pkgs.writeTextFile {
pkgs.clerie-build-support.writePythonScript {
name = "git-show-link";
executable = true;
destination = "/bin/git-show-link";
allowSubstitutes = true;
preferLocalBuild = false;
text = ''
#!${pkgs.python3.withPackages (ps: with ps; [])}/bin/python3
${builtins.readFile ./git-show-link.py}
'';
text = builtins.readFile ./git-show-link.py;
}

31
pkgs/overlay.nix
View File

@@ -1 +1,30 @@
final: prev: builtins.mapAttrs (name: value: value final prev) (import ./pkgs.nix)
final: prev: {
clerie-backup = final.callPackage ./clerie-backup {};
clerie-cleanup-branches = final.callPackage ./clerie-update-nixfiles/clerie-cleanup-branches.nix {};
clerie-keys = final.callPackage ./clerie-keys {};
clerie-ssh-known-hosts = final.callPackage ./clerie-ssh-known-hosts {};
clerie-system-remote-install = final.callPackage ./clerie-system-remote-install {};
clerie-system-upgrade = final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {};
clerie-merge-nixfiles-update = final.callPackage ./clerie-update-nixfiles/clerie-merge-nixfiles-update.nix {};
clerie-sops = final.callPackage ./clerie-sops/clerie-sops.nix {};
clerie-sops-config = final.callPackage ./clerie-sops/clerie-sops-config.nix {};
clerie-sops-edit = final.callPackage ./clerie-sops/clerie-sops-edit.nix {};
clerie-update-nixfiles = final.callPackage ./clerie-update-nixfiles/clerie-update-nixfiles.nix {};
chromium-incognito = final.callPackage ./chromium-incognito {};
factorio-launcher = final.callPackage ./factorio-launcher {};
feeds-dir = final.callPackage ./feeds-dir {};
git-checkout-github-pr = final.callPackage ./git-checkout-github-pr {};
git-diff-word = final.callPackage ./git-diff-word {};
git-pp = final.callPackage ./git-pp {};
git-show-link = final.callPackage ./git-show-link {};
nix-remove-result-links = final.callPackage ./nix-remove-result-links {};
nixfiles-auto-install = final.callPackage ./nixfiles/nixfiles-auto-install.nix {};
nixfiles-generate-config = final.callPackage ./nixfiles/nixfiles-generate-config.nix {};
nixfiles-generate-backup-secrets = final.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {};
nixfiles-update-ssh-host-keys = final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
print-afra = final.callPackage ./print-afra {};
run-with-docker-group = final.callPackage ./run-with-docker-group {};
ssh-gpg = final.callPackage ./ssh-gpg {};
update-from-hydra = final.callPackage ./update-from-hydra {};
uptimestatus = final.python3.pkgs.callPackage ./uptimestatus {};
}

4
pkgs/overrides/overlay.nix Normal file
View File

@@ -0,0 +1,4 @@
final: prev: {
dino = import ./dino.nix final prev;
xmppc = import ./xmppc.nix final prev;
}

32
pkgs/pkgs.nix
View File

@@ -1,32 +0,0 @@
{
clerie-backup = final: prev: final.callPackage ./clerie-backup {};
clerie-cleanup-branches = final: prev: final.callPackage ./clerie-update-nixfiles/clerie-cleanup-branches.nix {};
clerie-keys = final: prev: final.callPackage ./clerie-keys {};
clerie-system-remote-install = final: prev: final.callPackage ./clerie-system-remote-install {};
clerie-system-upgrade = final: prev: final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {};
clerie-merge-nixfiles-update = final: prev: final.callPackage ./clerie-update-nixfiles/clerie-merge-nixfiles-update.nix {};
clerie-sops = final: prev: final.callPackage ./clerie-sops/clerie-sops.nix {};
clerie-sops-config = final: prev: final.callPackage ./clerie-sops/clerie-sops-config.nix {};
clerie-sops-edit = final: prev: final.callPackage ./clerie-sops/clerie-sops-edit.nix {};
clerie-update-nixfiles = final: prev: final.callPackage ./clerie-update-nixfiles/clerie-update-nixfiles.nix {};
chromium-incognito = final: prev: final.callPackage ./chromium-incognito {};
factorio-launcher = final: prev: final.callPackage ./factorio-launcher {};
feeds-dir = final: prev: final.callPackage ./feeds-dir {};
git-checkout-github-pr = final: prev: final.callPackage ./git-checkout-github-pr {};
git-diff-word = final: prev: final.callPackage ./git-diff-word {};
git-pp = final: prev: final.callPackage ./git-pp {};
git-show-link = final: prev: final.callPackage ./git-show-link {};
nix-remove-result-links = final: prev: final.callPackage ./nix-remove-result-links {};
nixfiles-auto-install = final: prev: final.callPackage ./nixfiles/nixfiles-auto-install.nix {};
nixfiles-generate-config = final: prev: final.callPackage ./nixfiles/nixfiles-generate-config.nix {};
nixfiles-generate-backup-secrets = final: prev: final.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {};
nixfiles-update-ssh-host-keys = final: prev: final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
print-afra = final: prev: final.callPackage ./print-afra {};
run-with-docker-group = final: prev: final.callPackage ./run-with-docker-group {};
ssh-gpg = final: prev: final.callPackage ./ssh-gpg {};
update-from-hydra = final: prev: final.callPackage ./update-from-hydra {};
uptimestatus = final: prev: final.python3.pkgs.callPackage ./uptimestatus {};
dino = final: prev: import ./overrides/dino.nix final prev;
xmppc = final: prev: import ./overrides/xmppc.nix final prev;
}