helvetica/puter
1
0
Fork 0
Code Activity

cleanup

Browse source
This commit is contained in:
Lukas Wurzinger 2025-07-14 00:12:47 +02:00
parent 56c97b3712
commit 3f6dafe073
No known key found for this signature in database
13 changed files with 65 additions and 90 deletions
Download patch file Download diff file Expand all files Collapse all files

4
common/secure-boot.nix
View file

@ -1,5 +1,5 @@
{ {
self, inputs,
attrName, attrName,
config, config,
lib, lib,
@ -10,7 +10,7 @@ let
inherit (config.age) secrets; inherit (config.age) secrets;
in in
{ {
age.secrets.secure-boot.file = self + /secrets/secure-boot/${attrName}.tar.age; age.secrets.secure-boot.file = inputs.self + /secrets/secure-boot/${attrName}.tar.age;
system.activationScripts.secureboot = system.activationScripts.secureboot =
let let

4
common/users.nix
View file

@ -1,5 +1,5 @@
{ {
self, inputs,
config, config,
... ...
}: }:
@ -7,7 +7,7 @@ let
inherit (config.users) mainUser; inherit (config.users) mainUser;
in in
{ {
age.secrets."user-${mainUser}".file = self + /secrets/users/${mainUser}.age; age.secrets."user-${mainUser}".file = inputs.self + /secrets/users/${mainUser}.age;
users = { users = {
mutableUsers = false; mutableUsers = false;

6
flake.lock generated
View file

@ -852,11 +852,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1752378829, "lastModified": 1752441837,
"narHash": "sha256-LVqpSiYJ+zcxLvA6YUn9udrq8+NFBJ9oSwiEePPa9+g=", "narHash": "sha256-FMH1OSSJp8Cx8MZHXz6KckxJGbCnVMotZNAH3v2WneU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "12201a430ee613bc720cef21a130b416cb1b5108", "rev": "839e02dece5845be3a322e507a79712b73a96ba2",
"type": "github" "type": "github"
}, },
"original": { "original": {

50
flake.nix
View file

@ -98,10 +98,52 @@
}; };
}; };
flake = { flake.nixosConfigurations =
lib = nixpkgs.lib.extend (import ./lib.nix); let
inherit (nixpkgs) lib;
nixosConfigurations = self.lib.genNixosConfigurations inputs; findModules =
}; paths:
builtins.concatMap (
path:
lib.pipe path [
(lib.fileset.fileFilter (file: file.hasExt "nix"))
lib.fileset.toList
]
) paths;
genNixosConfigurations =
inputs:
let
modulesDir = ./modules;
profilesDir = ./profiles;
commonDir = ./common;
hostsDir = ./hosts;
commonNixosSystem =
name:
lib.nixosSystem {
specialArgs = {
inherit inputs lib;
attrName = name;
};
modules = findModules [
modulesDir
profilesDir
commonDir
(hostsDir + /${name})
];
};
hosts = lib.pipe hostsDir [
builtins.readDir
(lib.filterAttrs (_: type: type == "directory"))
builtins.attrNames
];
in
lib.genAttrs hosts commonNixosSystem;
in
genNixosConfigurations inputs;
}; };
} }

6
hosts/abacus/forgejo.nix
View file

@ -1,5 +1,5 @@
{ {
self, inputs,
config, config,
lib, lib,
pkgs, pkgs,
@ -12,13 +12,13 @@ in
{ {
age.secrets = { age.secrets = {
forgejo-mailer = { forgejo-mailer = {
file = self + /secrets/forgejo/mailer.age; file = inputs.self + /secrets/forgejo/mailer.age;
mode = "400"; mode = "400";
owner = cfg.user; owner = cfg.user;
}; };
forgejo-admin = { forgejo-admin = {
file = self + /secrets/forgejo/admin.age; file = inputs.self + /secrets/forgejo/admin.age;
mode = "400"; mode = "400";
owner = cfg.user; owner = cfg.user;
}; };

4
hosts/abacus/restic.nix
View file

@ -1,7 +1,7 @@
{ {
attrName, attrName,
config, config,
lib, inputs,
... ...
}: }:
let let
@ -9,7 +9,7 @@ let
secret = config.age.secrets.${secretName}; secret = config.age.secrets.${secretName};
in in
{ {
age.secrets = lib.mkSecrets { ${secretName} = { }; }; age.secrets.${secretName}.file = inputs.self + /secrets/restic/${attrName}.age;
services.restic.backups.remote = { services.restic.backups.remote = {
repository = "sftp:u459482@u459482.your-storagebox.de:/${attrName}"; repository = "sftp:u459482@u459482.your-storagebox.de:/${attrName}";

4
hosts/abacus/vaultwarden.nix
View file

@ -1,6 +1,6 @@
{ {
config, config,
lib, inputs,
... ...
}: }:
let let
@ -9,7 +9,7 @@ in
{ {
# TODO: tailscale # TODO: tailscale
age.secrets = lib.mkSecrets { vaultwarden = { }; }; age.secrets.vaultwarden.path = inputs.self + /secrets/vaultwarden.age;
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;

3
hosts/vessel/musicomp.nix
View file

@ -1,6 +1,5 @@
{ {
inputs, inputs,
self,
lib, lib,
pkgs, pkgs,
... ...
@ -20,7 +19,7 @@
inhibitsSleep = true; inhibitsSleep = true;
post = post =
let let
abacusConfig = self.nixosConfigurations.abacus.config; abacusConfig = inputs.self.nixosConfigurations.abacus.config;
remoteDir = abacusConfig.services.navidrome.settings.MusicFolder; remoteDir = abacusConfig.services.navidrome.settings.MusicFolder;
remoteDomain = abacusConfig.networking.domain; remoteDomain = abacusConfig.networking.domain;
package = pkgs.writeShellApplication { package = pkgs.writeShellApplication {

4
hosts/vessel/restic.nix
View file

@ -1,7 +1,7 @@
{ {
attrName, attrName,
config, config,
lib, inputs,
... ...
}: }:
let let
@ -9,7 +9,7 @@ let
secret = config.age.secrets.${secretName}; secret = config.age.secrets.${secretName};
in in
{ {
age.secrets = lib.mkSecrets { ${secretName} = { }; }; age.secrets.${secretName}.file = inputs.self + /secrets/restic/${attrName}.age;
services.restic.backups = { services.restic.backups = {
local = { local = {

66
lib.nix
View file

@ -1,66 +0,0 @@
lib: _: {
findModules =
paths:
builtins.concatMap (
path:
lib.pipe path [
(lib.fileset.fileFilter (file: file.hasExt "nix"))
lib.fileset.toList
]
) paths;
mkIfElse =
condition: trueContent: falseContent:
lib.mkMerge [
(lib.mkIf condition trueContent)
(lib.mkIf (!condition) falseContent)
];
mkSecrets =
secrets:
let
mkSecret =
{
name,
secret,
}:
secret
// {
file = ./secrets/${name}.age;
};
in
builtins.mapAttrs (name: secret: mkSecret { inherit name secret; }) secrets;
genNixosConfigurations =
inputs:
let
modulesDir = ./modules;
profilesDir = ./profiles;
commonDir = ./common;
hostsDir = ./hosts;
commonNixosSystem =
name:
lib.nixosSystem {
specialArgs = {
inherit (inputs) self;
inherit inputs lib;
attrName = name;
};
modules = lib.findModules [
modulesDir
profilesDir
commonDir
(hostsDir + /${name})
];
};
hosts = lib.pipe hostsDir [
builtins.readDir
(lib.filterAttrs (_: type: type == "directory"))
builtins.attrNames
];
in
lib.genAttrs hosts commonNixosSystem;
}

4
modules/pubkeys.nix
View file

@ -1,6 +1,6 @@
{ {
lib, lib,
self, inputs,
... ...
}: }:
{ {
@ -16,5 +16,5 @@
readOnly = true; readOnly = true;
}; };
config.pubkeys = lib.mkForce (import (self + /pubkeys.nix)); config.pubkeys = import (inputs.self + /pubkeys.nix);
} }

0
secrets/restic-abacus.age → secrets/restic/abacus.age
View file

0
secrets/restic-vessel.age → secrets/restic/vessel.age
View file