Persist more zeus config

2023-02-02 05:31:50 +01:00 · 2023-02-02 05:31:50 +01:00 · 4bb6fff887
parent 3492f871ee
commit 4bb6fff887
6 changed files with 9 additions and 45 deletions
--- a/flake.lock
+++ b/flake.lock
@ -237,11 +237,11 @@
    },
    "secrets": {
      "locked": {
-        "lastModified": 1675309422,
-        "narHash": "sha256-Y9v+JaIzUi0dZMjiFobQEbt0Co0eF7Elxf2A+WtagJQ=",
+        "lastModified": 1675311984,
+        "narHash": "sha256-QCTEDcDxycWrKUUN+pjvF1/zA/l3znWMbKWjcfZ0UTw=",
        "ref": "refs/heads/main",
-        "rev": "9f9b064b6b8fe2d166bfa6400a94606b0a869726",
-        "revCount": 173,
+        "rev": "027ebd2cadf06f984916534a44414e9d8581965c",
+        "revCount": 174,
        "type": "git",
        "url": "ssh://git@hera.m-0.eu/config-secrets"
      },
--- a/home-manager/roles/mode-switching.nix
+++ b/home-manager/roles/mode-switching.nix
@ -18,7 +18,7 @@ in {
      ${configGit} submodule update
      echo "Running update-modes …"
      ${updateModes}/bin/update-modes
-      echo "Running update-system …"
+      echo "Updating system …"
      /run/wrappers/bin/sudo -A /run/current-system/sw/bin/nixos-rebuild switch
      echo "Maintenance finished."
    '';
--- a/lib/update-system.nix
+++ b/lib/update-system.nix
@ -1,24 +0,0 @@
-{
-  pkgs,
-  nixos-rebuild,
-}: let
-  configPath = "/etc/nixos";
-in {
-  update-system =
-    pkgs.writeHaskellScript
-    {
-      name = "update-system";
-      bins = [nixos-rebuild pkgs.nix-output-monitor pkgs.nvd];
-    } ''
-      main = do
-          paths <- myNixPath "${configPath}"
-          args <- getArgs
-          setEnv "WITH_SECRETS" "false"
-          nom_build (paths ++ buildSystemParams ++ ["--no-out-link"] ++ remoteBuildParams ++ fmap toString args)
-          setEnv "WITH_SECRETS" "true"
-          oldSystem <- readlink "-f" "/run/current-system" |> captureTrim
-          nixos_rebuild (paths ++ ["switch", "--no-flake"] ++ fmap toString args) &!> StdOut |> nom
-          newSystem <- readlink "-f" "/run/current-system" |> captureTrim
-          nvd "diff" oldSystem newSystem
-    '';
-}
--- a/nixos/machines/zeus/configuration.nix
+++ b/nixos/machines/zeus/configuration.nix
@ -134,7 +134,7 @@ in {
      m0wire = {
        allowedIPsAsRoutes = false;
        ips = ["${hosts.zeus-wg}/112" "${hosts.vpn.zeus}/64"];
-        privateKeyFile = "/disk/persist/wireguard-private-key";
+        privateKeyFile = config.age.secrets."wireguard/zeus-private".path;
        peers = [
          {
            publicKey = wireguard.pub.hera;
@ -175,6 +175,8 @@ in {
        user = "maralorn";
        openDefaultPorts = true;
        configDir = "/disk/persist/syncthing";
+        cert = config.age.secrets."syncthing/zeus/cert.pem".path;
+        key = config.age.secrets."syncthing/zeus/key.pem".path;
      }
      // syncthing.declarativeWith ["hera" "apollo" "pegasus"] "/disk/persist/maralorn/media";
    #minecraft-server = {
--- a/nixos/roles/standalone/default.nix
+++ b/nixos/roles/standalone/default.nix
@ -21,26 +21,12 @@
  services.sshd.enable = true;

  nix = {
-    nixPath = ["nixos-config=/etc/nixos/configuration.nix"];
    gc = {
      automatic = false;
      options = "-d";
    };
  };

-  environment = {
-    # Put these into an extra file so the essential packages can also be included on non selfadminstrated systems from home-manager
-    systemPackages = builtins.attrValues {
-      inherit
-        (import ../../../lib/update-system.nix {
-          inherit pkgs;
-          inherit (config.system.build) nixos-rebuild;
-        })
-        update-system
-        ;
-    };
-  };
-
  programs = {
    mtr.enable = true;
  };
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 9f9b064b6b8fe2d166bfa6400a94606b0a869726
+Subproject commit 027ebd2cadf06f984916534a44414e9d8581965c