Persist more zeus config
This commit is contained in:
parent
3492f871ee
commit
4bb6fff887
|
@ -237,11 +237,11 @@
|
|||
},
|
||||
"secrets": {
|
||||
"locked": {
|
||||
"lastModified": 1675309422,
|
||||
"narHash": "sha256-Y9v+JaIzUi0dZMjiFobQEbt0Co0eF7Elxf2A+WtagJQ=",
|
||||
"lastModified": 1675311984,
|
||||
"narHash": "sha256-QCTEDcDxycWrKUUN+pjvF1/zA/l3znWMbKWjcfZ0UTw=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "9f9b064b6b8fe2d166bfa6400a94606b0a869726",
|
||||
"revCount": 173,
|
||||
"rev": "027ebd2cadf06f984916534a44414e9d8581965c",
|
||||
"revCount": 174,
|
||||
"type": "git",
|
||||
"url": "ssh://git@hera.m-0.eu/config-secrets"
|
||||
},
|
||||
|
|
|
@ -18,7 +18,7 @@ in {
|
|||
${configGit} submodule update
|
||||
echo "Running update-modes …"
|
||||
${updateModes}/bin/update-modes
|
||||
echo "Running update-system …"
|
||||
echo "Updating system …"
|
||||
/run/wrappers/bin/sudo -A /run/current-system/sw/bin/nixos-rebuild switch
|
||||
echo "Maintenance finished."
|
||||
'';
|
||||
|
|
|
@ -1,24 +0,0 @@
|
|||
{
|
||||
pkgs,
|
||||
nixos-rebuild,
|
||||
}: let
|
||||
configPath = "/etc/nixos";
|
||||
in {
|
||||
update-system =
|
||||
pkgs.writeHaskellScript
|
||||
{
|
||||
name = "update-system";
|
||||
bins = [nixos-rebuild pkgs.nix-output-monitor pkgs.nvd];
|
||||
} ''
|
||||
main = do
|
||||
paths <- myNixPath "${configPath}"
|
||||
args <- getArgs
|
||||
setEnv "WITH_SECRETS" "false"
|
||||
nom_build (paths ++ buildSystemParams ++ ["--no-out-link"] ++ remoteBuildParams ++ fmap toString args)
|
||||
setEnv "WITH_SECRETS" "true"
|
||||
oldSystem <- readlink "-f" "/run/current-system" |> captureTrim
|
||||
nixos_rebuild (paths ++ ["switch", "--no-flake"] ++ fmap toString args) &!> StdOut |> nom
|
||||
newSystem <- readlink "-f" "/run/current-system" |> captureTrim
|
||||
nvd "diff" oldSystem newSystem
|
||||
'';
|
||||
}
|
|
@ -134,7 +134,7 @@ in {
|
|||
m0wire = {
|
||||
allowedIPsAsRoutes = false;
|
||||
ips = ["${hosts.zeus-wg}/112" "${hosts.vpn.zeus}/64"];
|
||||
privateKeyFile = "/disk/persist/wireguard-private-key";
|
||||
privateKeyFile = config.age.secrets."wireguard/zeus-private".path;
|
||||
peers = [
|
||||
{
|
||||
publicKey = wireguard.pub.hera;
|
||||
|
@ -175,6 +175,8 @@ in {
|
|||
user = "maralorn";
|
||||
openDefaultPorts = true;
|
||||
configDir = "/disk/persist/syncthing";
|
||||
cert = config.age.secrets."syncthing/zeus/cert.pem".path;
|
||||
key = config.age.secrets."syncthing/zeus/key.pem".path;
|
||||
}
|
||||
// syncthing.declarativeWith ["hera" "apollo" "pegasus"] "/disk/persist/maralorn/media";
|
||||
#minecraft-server = {
|
||||
|
|
|
@ -21,26 +21,12 @@
|
|||
services.sshd.enable = true;
|
||||
|
||||
nix = {
|
||||
nixPath = ["nixos-config=/etc/nixos/configuration.nix"];
|
||||
gc = {
|
||||
automatic = false;
|
||||
options = "-d";
|
||||
};
|
||||
};
|
||||
|
||||
environment = {
|
||||
# Put these into an extra file so the essential packages can also be included on non selfadminstrated systems from home-manager
|
||||
systemPackages = builtins.attrValues {
|
||||
inherit
|
||||
(import ../../../lib/update-system.nix {
|
||||
inherit pkgs;
|
||||
inherit (config.system.build) nixos-rebuild;
|
||||
})
|
||||
update-system
|
||||
;
|
||||
};
|
||||
};
|
||||
|
||||
programs = {
|
||||
mtr.enable = true;
|
||||
};
|
||||
|
|
2
private
2
private
|
@ -1 +1 @@
|
|||
Subproject commit 9f9b064b6b8fe2d166bfa6400a94606b0a869726
|
||||
Subproject commit 027ebd2cadf06f984916534a44414e9d8581965c
|
Loading…
Reference in a new issue