From 698b53459294a0574dc835d91345f63ea7efa085 Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Fri, 20 Oct 2023 16:24:50 -0500 Subject: [PATCH] Beefcake --- nixos/beefcake/default.nix | 28 +++++++--------------------- nixos/foxtrot/default.nix | 2 +- readme.md | 12 ++++++++---- secrets/beefcake/secrets.yml | 7 ++++--- 4 files changed, 20 insertions(+), 29 deletions(-) diff --git a/nixos/beefcake/default.nix b/nixos/beefcake/default.nix index 5cc8a9e..00c5f57 100644 --- a/nixos/beefcake/default.nix +++ b/nixos/beefcake/default.nix @@ -117,6 +117,12 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 owner = config.systemd.services.plausible.serviceConfig.User; group = config.systemd.services.plausible.serviceConfig.Group; }; + nextcloud-admin-password = { + path = "/var/lib/nextcloud/admin-password"; + mode = "0440"; + # owner = config.services.nextcloud.serviceConfig.User; + # group = config.services.nextcloud.serviceConfig.Group; + }; }; }; @@ -157,6 +163,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 users.groups.nixadmin.members = ["daniel"]; users.users.daniel = { + packages = [pkgs.weechat]; extraGroups = [ "nixadmin" # write access to /etc/nixos/ files "wheel" # sudo access @@ -596,27 +603,6 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 }; }; - services.redis = { - servers = { - nextcloud = { - enable = true; - user = config.systemd.services.nextcloud.serviceConfig.User; - # group = config.systemd.services.nextcloud.serviceConfig.Group; - }; - }; - }; - - services.nextcloud = { - enable = true; - package = pkgs.nextcloud27; - - config = { - dbtype = "pgsql"; - }; - - hostName = "nextcloud.lyte.dev"; - }; - # paths: # TODO: move previous backups over and put here # clickhouse and plausible analytics once they're up and running? diff --git a/nixos/foxtrot/default.nix b/nixos/foxtrot/default.nix index a231728..4ed9a17 100644 --- a/nixos/foxtrot/default.nix +++ b/nixos/foxtrot/default.nix @@ -22,7 +22,7 @@ ]) ++ [ inputs.hardware.nixosModules.common-cpu-amd - inputs.hardware.nixosModules.common-cpu-amd-pstate + # inputs.hardware.nixosModules.common-cpu-amd-pstate inputs.hardware.nixosModules.common-pc-laptop-ssd ]; diff --git a/readme.md b/readme.md index 95b1af6..be6933e 100644 --- a/readme.md +++ b/readme.md @@ -9,6 +9,10 @@ here is useful inspiration. # Quick Start +```shell_session +$ nixos-rebuild switch --flake git+https://git.lyte.dev/lytedev/nix#${FLAKE_ATTR} +``` + You don't have even have to clone this crap yourself. How cool is that! But if you're gonna change stuff you had better setup the pre-commit hook: @@ -27,7 +31,7 @@ $ pass age-key >> ${XDG_CONFIG_HOME:-~/.config}/sops/age/keys.txt ## NixOS ```shell_session -$ nixos-rebuild switch --flake git+https://git.lyte.dev/lytedev/nix +$ nixos-rebuild switch --flake . ``` ## Not NixOS @@ -44,7 +48,7 @@ $ home-manager switch --flake git+https://git.lyte.dev/lytedev/nix ```bash host=your_host -nix run nixpkgs#nixos-rebuild -- --flake "git+https://git.lyte.dev/lytedev/nix#$host" \ +nix run nixpkgs#nixos-rebuild -- --flake ".#$host" \ --target-host "root@$host" --build-host "root@$host" \ switch --show-trace ``` @@ -68,7 +72,7 @@ ssh -t "root@$host" "bash -c ' # we will test things and make sure it works first # if it fails, the reboot we started previously will automatically kick in once the timeout is reached # and the machine will boot to the now-previous iteration -nix run nixpkgs#nixos-rebuild -- --flake "git+https://git.lyte.dev/lytedev/nix#$host" \ +nix run nixpkgs#nixos-rebuild -- --flake ".#$host" \ --target-host "root@$host" --build-host "root@$host" \ test --show-trace @@ -113,7 +117,7 @@ nix-shell --packages git --run "sudo nix run \ nix-shell --packages git \ --run "sudo nixos-install \ --flake 'git+https://git.lyte.dev/lytedev/nix#${FLAKE_ATTR}' \ - --option substituters 'https://cache.nixos.org https://nix.h.lyte.dev' \ + --option trusted-substituters 'https://cache.nixos.org https://nix.h.lyte.dev' \ --option trusted-public-keys 'cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= h.lyte.dev:HeVWtne31ZG8iMf+c15VY3/Mky/4ufXlfTpT8+4Xbs0='" ``` diff --git a/secrets/beefcake/secrets.yml b/secrets/beefcake/secrets.yml index 618caee..6f49877 100644 --- a/secrets/beefcake/secrets.yml +++ b/secrets/beefcake/secrets.yml @@ -11,6 +11,7 @@ example_booleans: plausible-admin-password: ENC[AES256_GCM,data:dC9olypZgMLdPOsmjthOaa/fMLtbGBlF9A==,iv:GU2ccj10TKQ0KW9b9X9AgYnvhS/wMVqYTyxr6Xt50Gk=,tag:ypQ0VtutVD8wgdfm40QZkw==,type:str] plausible-erlang-cookie: ENC[AES256_GCM,data:zhmC+D6EjIE8Rw91lIrMqY0QIazTX1e1jBzcZJP/76B9VvHWZ5bCkP1+KdfCY0lk3wIEq5vRfb8=,iv:RNNjlV3OFtXn1N0a5fEb/3FWzcHX19wtCLMdaVlKNJ0=,tag:8iU5oFVbzd0eMe5Mo1PiAw==,type:str] plausible-secret-key-base: ENC[AES256_GCM,data:ylakPGzY4S9640krl0fxYgm0Getf0+I7zthyTqTD/IpVhz5xgYBYx3Y2lSNa9Oi9yQ7+f9OdOBC6nc7n6MuUBg==,iv:YLPax/cRjMdIFti26gJd8COKr+3jXNZ7HCA5VvQVyAo=,tag:LHqYi590oEIp1IihLcFTtw==,type:str] +nextcloud-admin-password: ENC[AES256_GCM,data:QaoSZyommeGED3nWNru92UVO2tjk24HE9fWX7ExYT101o4ZL411TmV1TXHSyfwjmE7yLIm1K/j4xpEbIY3zvFg==,iv:xC5EZVPHumVPOob5jiiXMFAmdFQcFSUPtZgioAgGDDs=,tag:Q/kY38XWkGsqcmCkd2lodg==,type:str] api.lyte.dev: ENC[AES256_GCM,data:14C5GQ41m/g7qHPzxlYoWjKWDOcm7MEDkuSofiuLfRNc/nji61t1eDbKX3d+SQL1UBchJFoBrWrUxnf0mUERhED1196z8vUq2jKEkcqKCAUS3soECInlb8zcxTcxaTFjYSjp1vUBdAn05AqLsF+hh9Bsm4fMQYjnHEZke9EmPZhuTlUdZa4eLv3+L3xAPHk2QIHQhdsjcTjGAZRMZOgTEcCvtGlb5pQuo11XmR2JzwzOXMC51WFDeOIWMAdO80yQBAdILso7rp1Nts/lwF0Bc9t7bNdHyoVTOA==,iv:jWGqUpXOTb/O972qXOqeX0EMFQLDKwaNHBqlpuGrZOk=,tag:uwB/jlAgESkLZ+vJ/OeV0A==,type:str] sops: kms: [] @@ -36,8 +37,8 @@ sops: b0lTRjVCMU9ELzdvbFBJZ0tHbGtsYkEKLEcXCEikC3T3hfVOYKtWcNSGmfg28y+f nGC4dQh9EciEbk1ZBbN3i6YSNULDoMSH172KBmRyt1ogr1ZPyCNqtg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-28T21:11:56Z" - mac: ENC[AES256_GCM,data:V/Gdc3LEwlNlfSqUzQFHFmtJQVaQ5wGXZmzoBpwHzhyHQpEkezHBwhq4XTCuXH5XPpjmWvih/dAbOn9EBA6gvPSX1DB0j/JvHvK9b8+BpjlL4xtnYaBql2eQgCWLKqzZMGCnbwONWi+1sjowK1ac4zPnXhEr52EIES31hV8KHKU=,iv:4NzQxve+iKhRcQVxfXbDsQz1sBU+pnm9x/HQnv2TLgc=,tag:zLYKf+tEUsXApNdc1hLjhw==,type:str] + lastmodified: "2023-10-20T19:05:45Z" + mac: ENC[AES256_GCM,data:0liRgiLMiy/ISeHzL/rHjchgTDzjVjn1bzSyw7B4EmDu2YYsOhmRNmzbUH4f8I9vDwEkMyJx6VLBfrrnulpmPAlBqWxgYsqrS1eAMNWNeYGMAzZMgBChZbvMXj7cWJr0rNgU+Cnt+7/GXEXKUx1IQPSF9faVYKjBUWG8IuJ22XI=,iv:GoPu7xhQrXksUhE1NH32xFd3ykiBYlZp7RMUmXyDDck=,tag:uRLcc+2sg30SZTLXtIOTWQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1