This commit is contained in:
Daniel Flanagan 2023-10-20 16:24:50 -05:00
parent 4a893acaee
commit 698b534592
Signed by: lytedev
GPG key ID: 5B2020A0F9921EF4
4 changed files with 20 additions and 29 deletions

View file

@ -117,6 +117,12 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
owner = config.systemd.services.plausible.serviceConfig.User; owner = config.systemd.services.plausible.serviceConfig.User;
group = config.systemd.services.plausible.serviceConfig.Group; group = config.systemd.services.plausible.serviceConfig.Group;
}; };
nextcloud-admin-password = {
path = "/var/lib/nextcloud/admin-password";
mode = "0440";
# owner = config.services.nextcloud.serviceConfig.User;
# group = config.services.nextcloud.serviceConfig.Group;
};
}; };
}; };
@ -157,6 +163,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
users.groups.nixadmin.members = ["daniel"]; users.groups.nixadmin.members = ["daniel"];
users.users.daniel = { users.users.daniel = {
packages = [pkgs.weechat];
extraGroups = [ extraGroups = [
"nixadmin" # write access to /etc/nixos/ files "nixadmin" # write access to /etc/nixos/ files
"wheel" # sudo access "wheel" # sudo access
@ -596,27 +603,6 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
}; };
}; };
services.redis = {
servers = {
nextcloud = {
enable = true;
user = config.systemd.services.nextcloud.serviceConfig.User;
# group = config.systemd.services.nextcloud.serviceConfig.Group;
};
};
};
services.nextcloud = {
enable = true;
package = pkgs.nextcloud27;
config = {
dbtype = "pgsql";
};
hostName = "nextcloud.lyte.dev";
};
# paths: # paths:
# TODO: move previous backups over and put here # TODO: move previous backups over and put here
# clickhouse and plausible analytics once they're up and running? # clickhouse and plausible analytics once they're up and running?

View file

@ -22,7 +22,7 @@
]) ])
++ [ ++ [
inputs.hardware.nixosModules.common-cpu-amd inputs.hardware.nixosModules.common-cpu-amd
inputs.hardware.nixosModules.common-cpu-amd-pstate # inputs.hardware.nixosModules.common-cpu-amd-pstate
inputs.hardware.nixosModules.common-pc-laptop-ssd inputs.hardware.nixosModules.common-pc-laptop-ssd
]; ];

View file

@ -9,6 +9,10 @@ here is useful inspiration.
# Quick Start # Quick Start
```shell_session
$ nixos-rebuild switch --flake git+https://git.lyte.dev/lytedev/nix#${FLAKE_ATTR}
```
You don't have even have to clone this crap yourself. How cool is that! You don't have even have to clone this crap yourself. How cool is that!
But if you're gonna change stuff you had better setup the pre-commit hook: But if you're gonna change stuff you had better setup the pre-commit hook:
@ -27,7 +31,7 @@ $ pass age-key >> ${XDG_CONFIG_HOME:-~/.config}/sops/age/keys.txt
## NixOS ## NixOS
```shell_session ```shell_session
$ nixos-rebuild switch --flake git+https://git.lyte.dev/lytedev/nix $ nixos-rebuild switch --flake .
``` ```
## Not NixOS ## Not NixOS
@ -44,7 +48,7 @@ $ home-manager switch --flake git+https://git.lyte.dev/lytedev/nix
```bash ```bash
host=your_host host=your_host
nix run nixpkgs#nixos-rebuild -- --flake "git+https://git.lyte.dev/lytedev/nix#$host" \ nix run nixpkgs#nixos-rebuild -- --flake ".#$host" \
--target-host "root@$host" --build-host "root@$host" \ --target-host "root@$host" --build-host "root@$host" \
switch --show-trace switch --show-trace
``` ```
@ -68,7 +72,7 @@ ssh -t "root@$host" "bash -c '
# we will test things and make sure it works first # we will test things and make sure it works first
# if it fails, the reboot we started previously will automatically kick in once the timeout is reached # if it fails, the reboot we started previously will automatically kick in once the timeout is reached
# and the machine will boot to the now-previous iteration # and the machine will boot to the now-previous iteration
nix run nixpkgs#nixos-rebuild -- --flake "git+https://git.lyte.dev/lytedev/nix#$host" \ nix run nixpkgs#nixos-rebuild -- --flake ".#$host" \
--target-host "root@$host" --build-host "root@$host" \ --target-host "root@$host" --build-host "root@$host" \
test --show-trace test --show-trace
@ -113,7 +117,7 @@ nix-shell --packages git --run "sudo nix run \
nix-shell --packages git \ nix-shell --packages git \
--run "sudo nixos-install \ --run "sudo nixos-install \
--flake 'git+https://git.lyte.dev/lytedev/nix#${FLAKE_ATTR}' \ --flake 'git+https://git.lyte.dev/lytedev/nix#${FLAKE_ATTR}' \
--option substituters 'https://cache.nixos.org https://nix.h.lyte.dev' \ --option trusted-substituters 'https://cache.nixos.org https://nix.h.lyte.dev' \
--option trusted-public-keys 'cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= h.lyte.dev:HeVWtne31ZG8iMf+c15VY3/Mky/4ufXlfTpT8+4Xbs0='" --option trusted-public-keys 'cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= h.lyte.dev:HeVWtne31ZG8iMf+c15VY3/Mky/4ufXlfTpT8+4Xbs0='"
``` ```

View file

@ -11,6 +11,7 @@ example_booleans:
plausible-admin-password: ENC[AES256_GCM,data:dC9olypZgMLdPOsmjthOaa/fMLtbGBlF9A==,iv:GU2ccj10TKQ0KW9b9X9AgYnvhS/wMVqYTyxr6Xt50Gk=,tag:ypQ0VtutVD8wgdfm40QZkw==,type:str] plausible-admin-password: ENC[AES256_GCM,data:dC9olypZgMLdPOsmjthOaa/fMLtbGBlF9A==,iv:GU2ccj10TKQ0KW9b9X9AgYnvhS/wMVqYTyxr6Xt50Gk=,tag:ypQ0VtutVD8wgdfm40QZkw==,type:str]
plausible-erlang-cookie: ENC[AES256_GCM,data:zhmC+D6EjIE8Rw91lIrMqY0QIazTX1e1jBzcZJP/76B9VvHWZ5bCkP1+KdfCY0lk3wIEq5vRfb8=,iv:RNNjlV3OFtXn1N0a5fEb/3FWzcHX19wtCLMdaVlKNJ0=,tag:8iU5oFVbzd0eMe5Mo1PiAw==,type:str] plausible-erlang-cookie: ENC[AES256_GCM,data:zhmC+D6EjIE8Rw91lIrMqY0QIazTX1e1jBzcZJP/76B9VvHWZ5bCkP1+KdfCY0lk3wIEq5vRfb8=,iv:RNNjlV3OFtXn1N0a5fEb/3FWzcHX19wtCLMdaVlKNJ0=,tag:8iU5oFVbzd0eMe5Mo1PiAw==,type:str]
plausible-secret-key-base: ENC[AES256_GCM,data:ylakPGzY4S9640krl0fxYgm0Getf0+I7zthyTqTD/IpVhz5xgYBYx3Y2lSNa9Oi9yQ7+f9OdOBC6nc7n6MuUBg==,iv:YLPax/cRjMdIFti26gJd8COKr+3jXNZ7HCA5VvQVyAo=,tag:LHqYi590oEIp1IihLcFTtw==,type:str] plausible-secret-key-base: ENC[AES256_GCM,data:ylakPGzY4S9640krl0fxYgm0Getf0+I7zthyTqTD/IpVhz5xgYBYx3Y2lSNa9Oi9yQ7+f9OdOBC6nc7n6MuUBg==,iv:YLPax/cRjMdIFti26gJd8COKr+3jXNZ7HCA5VvQVyAo=,tag:LHqYi590oEIp1IihLcFTtw==,type:str]
nextcloud-admin-password: ENC[AES256_GCM,data:QaoSZyommeGED3nWNru92UVO2tjk24HE9fWX7ExYT101o4ZL411TmV1TXHSyfwjmE7yLIm1K/j4xpEbIY3zvFg==,iv:xC5EZVPHumVPOob5jiiXMFAmdFQcFSUPtZgioAgGDDs=,tag:Q/kY38XWkGsqcmCkd2lodg==,type:str]
api.lyte.dev: ENC[AES256_GCM,data:14C5GQ41m/g7qHPzxlYoWjKWDOcm7MEDkuSofiuLfRNc/nji61t1eDbKX3d+SQL1UBchJFoBrWrUxnf0mUERhED1196z8vUq2jKEkcqKCAUS3soECInlb8zcxTcxaTFjYSjp1vUBdAn05AqLsF+hh9Bsm4fMQYjnHEZke9EmPZhuTlUdZa4eLv3+L3xAPHk2QIHQhdsjcTjGAZRMZOgTEcCvtGlb5pQuo11XmR2JzwzOXMC51WFDeOIWMAdO80yQBAdILso7rp1Nts/lwF0Bc9t7bNdHyoVTOA==,iv:jWGqUpXOTb/O972qXOqeX0EMFQLDKwaNHBqlpuGrZOk=,tag:uwB/jlAgESkLZ+vJ/OeV0A==,type:str] api.lyte.dev: ENC[AES256_GCM,data:14C5GQ41m/g7qHPzxlYoWjKWDOcm7MEDkuSofiuLfRNc/nji61t1eDbKX3d+SQL1UBchJFoBrWrUxnf0mUERhED1196z8vUq2jKEkcqKCAUS3soECInlb8zcxTcxaTFjYSjp1vUBdAn05AqLsF+hh9Bsm4fMQYjnHEZke9EmPZhuTlUdZa4eLv3+L3xAPHk2QIHQhdsjcTjGAZRMZOgTEcCvtGlb5pQuo11XmR2JzwzOXMC51WFDeOIWMAdO80yQBAdILso7rp1Nts/lwF0Bc9t7bNdHyoVTOA==,iv:jWGqUpXOTb/O972qXOqeX0EMFQLDKwaNHBqlpuGrZOk=,tag:uwB/jlAgESkLZ+vJ/OeV0A==,type:str]
sops: sops:
kms: [] kms: []
@ -36,8 +37,8 @@ sops:
b0lTRjVCMU9ELzdvbFBJZ0tHbGtsYkEKLEcXCEikC3T3hfVOYKtWcNSGmfg28y+f b0lTRjVCMU9ELzdvbFBJZ0tHbGtsYkEKLEcXCEikC3T3hfVOYKtWcNSGmfg28y+f
nGC4dQh9EciEbk1ZBbN3i6YSNULDoMSH172KBmRyt1ogr1ZPyCNqtg== nGC4dQh9EciEbk1ZBbN3i6YSNULDoMSH172KBmRyt1ogr1ZPyCNqtg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-28T21:11:56Z" lastmodified: "2023-10-20T19:05:45Z"
mac: ENC[AES256_GCM,data:V/Gdc3LEwlNlfSqUzQFHFmtJQVaQ5wGXZmzoBpwHzhyHQpEkezHBwhq4XTCuXH5XPpjmWvih/dAbOn9EBA6gvPSX1DB0j/JvHvK9b8+BpjlL4xtnYaBql2eQgCWLKqzZMGCnbwONWi+1sjowK1ac4zPnXhEr52EIES31hV8KHKU=,iv:4NzQxve+iKhRcQVxfXbDsQz1sBU+pnm9x/HQnv2TLgc=,tag:zLYKf+tEUsXApNdc1hLjhw==,type:str] mac: ENC[AES256_GCM,data:0liRgiLMiy/ISeHzL/rHjchgTDzjVjn1bzSyw7B4EmDu2YYsOhmRNmzbUH4f8I9vDwEkMyJx6VLBfrrnulpmPAlBqWxgYsqrS1eAMNWNeYGMAzZMgBChZbvMXj7cWJr0rNgU+Cnt+7/GXEXKUx1IQPSF9faVYKjBUWG8IuJ22XI=,iv:GoPu7xhQrXksUhE1NH32xFd3ykiBYlZp7RMUmXyDDck=,tag:uRLcc+2sg30SZTLXtIOTWQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.8.1