agenix support
This commit is contained in:
parent
106f2a204d
commit
55a541d555
44
flake.lock
44
flake.lock
|
@ -1,5 +1,48 @@
|
|||
{
|
||||
"nodes": {
|
||||
"agenix": {
|
||||
"inputs": {
|
||||
"darwin": "darwin",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1675176355,
|
||||
"narHash": "sha256-Qjxh5cmN56siY97mzmBLI1+cdjXSPqmfPVsKxBvHmwI=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "b7ffcfe77f817d9ee992640ba1f270718d197f28",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"darwin": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1673295039,
|
||||
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
|
||||
"owner": "lnl7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "lnl7",
|
||||
"ref": "master",
|
||||
"repo": "nix-darwin",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
|
@ -129,6 +172,7 @@
|
|||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"flake-parts": "flake-parts",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"pre-commit-hooks-nix": "pre-commit-hooks-nix"
|
||||
|
|
30
flake.nix
30
flake.nix
|
@ -5,13 +5,15 @@
|
|||
};
|
||||
|
||||
inputs = {
|
||||
agenix = {
|
||||
url = "github:ryantm/agenix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
|
||||
pre-commit-hooks-nix = {
|
||||
url = "github:cachix/pre-commit-hooks.nix";
|
||||
inputs = {
|
||||
nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -27,18 +29,28 @@
|
|||
systems = ["x86_64-linux"];
|
||||
perSystem = {
|
||||
self',
|
||||
inputs',
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
packages = import ./packages {inherit pkgs;};
|
||||
in {
|
||||
devShells.default = packages.shell {
|
||||
shellHook = config.pre-commit.installationScript;
|
||||
inherit (import ./packages {inherit pkgs;}) haskellPackagesOverlay selectHaskellPackages;
|
||||
hpkgs = pkgs.haskellPackages.override {
|
||||
overrides = haskellPackagesOverlay;
|
||||
};
|
||||
inherit (packages) packages;
|
||||
legacyPackages = {inherit (packages) haskellPackagesOverlay;};
|
||||
in {
|
||||
devShells.default = hpkgs.shellFor {
|
||||
packages = hpkgs: (builtins.attrValues (selectHaskellPackages hpkgs));
|
||||
shellHook = config.pre-commit.installationScript;
|
||||
buildInputs = [
|
||||
hpkgs.haskell-language-server
|
||||
pkgs.cabal-install
|
||||
inputs'.agenix.packages.default
|
||||
];
|
||||
};
|
||||
packages = selectHaskellPackages hpkgs;
|
||||
legacyPackages = {inherit haskellPackagesOverlay;};
|
||||
|
||||
pre-commit = {
|
||||
check.enable = true;
|
||||
|
|
|
@ -41,19 +41,11 @@ in {
|
|||
hostName = "apollo";
|
||||
domain = "m-0.eu";
|
||||
networkmanager.enable = true;
|
||||
firewall = {
|
||||
allowedTCPPorts = [
|
||||
4713 # pulseaudio
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
4713 # pulseaudio
|
||||
];
|
||||
};
|
||||
wireguard.interfaces = {
|
||||
m0wire = {
|
||||
allowedIPsAsRoutes = false;
|
||||
ips = ["${hosts.apollo-wg}/112" "${hosts.vpn.apollo}/64"];
|
||||
privateKeyFile = pkgs.privatePath "wireguard/apollo-private";
|
||||
privateKeyFile = config.age.secrets."wireguard/apollo-private".path;
|
||||
peers = [
|
||||
{
|
||||
publicKey = wireguard.pub.hera;
|
||||
|
@ -61,7 +53,7 @@ in {
|
|||
# endpoint =
|
||||
# "[${hosts.hera-wg-host}]:${builtins.toString wireguard.port}";
|
||||
endpoint = "[${hosts.hera-v4}]:${builtins.toString wireguard.port}";
|
||||
presharedKeyFile = pkgs.privatePath "wireguard/psk";
|
||||
presharedKeyFile = config.age.secrets."wireguard/psk".path;
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
|
@ -96,8 +88,8 @@ in {
|
|||
group = "users";
|
||||
user = "maralorn";
|
||||
openDefaultPorts = true;
|
||||
cert = pkgs.privatePath "syncthing/apollo/cert.pem";
|
||||
key = pkgs.privatePath "syncthing/apollo/key.pem";
|
||||
cert = config.age.secrets."syncthing/apollo/cert.pem".path;
|
||||
key = config.age.secrets."syncthing/apollo/key.pem".path;
|
||||
}
|
||||
// syncthing.declarativeWith ["hera" "zeus" "pegasus"] "/home/maralorn/media";
|
||||
};
|
||||
|
|
|
@ -121,7 +121,7 @@ in {
|
|||
publicKey = wireguard.pub.hera;
|
||||
allowedIPs = ["${hosts.vpn.prefix}::/64"];
|
||||
endpoint = "[${hosts.hera-wg-host}]:${builtins.toString wireguard.port}";
|
||||
presharedKeyFile = pkgs.privatePath "wireguard/psk";
|
||||
presharedKeyFile = config.age.secrets."wireguard/psk".path;
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
|
|
|
@ -62,28 +62,28 @@ in {
|
|||
wireguard.interfaces = {
|
||||
m0wire = {
|
||||
ips = ["${hosts.hera-wg}/112" "${hosts.vpn.hera}/64"];
|
||||
privateKeyFile = pkgs.privatePath "wireguard/hera-private";
|
||||
privateKeyFile = config.age.secrets."wireguard/hera-private".path;
|
||||
listenPort = wireguard.port;
|
||||
peers = [
|
||||
{
|
||||
publicKey = wireguard.pub.zeus;
|
||||
allowedIPs = ["${hosts.zeus-wg}/128" "${hosts.vpn.zeus}/128"];
|
||||
presharedKeyFile = pkgs.privatePath "wireguard/psk";
|
||||
presharedKeyFile = config.age.secrets."wireguard/psk".path;
|
||||
}
|
||||
{
|
||||
publicKey = wireguard.pub.apollo;
|
||||
allowedIPs = ["${hosts.apollo-wg}/128" "${hosts.vpn.apollo}/128"];
|
||||
presharedKeyFile = pkgs.privatePath "wireguard/psk";
|
||||
presharedKeyFile = config.age.secrets."wireguard/psk".path;
|
||||
}
|
||||
{
|
||||
publicKey = wireguard.pub.fluffy;
|
||||
allowedIPs = ["${hosts.vpn.fluffy}/128"];
|
||||
presharedKeyFile = pkgs.privatePath "wireguard/psk";
|
||||
presharedKeyFile = config.age.secrets."wireguard/psk".path;
|
||||
}
|
||||
{
|
||||
publicKey = wireguard.pub.pegasus;
|
||||
allowedIPs = ["${hosts.vpn.pegasus}/128"];
|
||||
presharedKeyFile = pkgs.privatePath "wireguard/psk";
|
||||
presharedKeyFile = config.age.secrets."wireguard/psk".path;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
|
|
@ -137,7 +137,7 @@ in {
|
|||
publicKey = wireguard.pub.hera;
|
||||
allowedIPs = ["::/0"];
|
||||
endpoint = "[${hosts.hera-wg-host}]:${builtins.toString wireguard.port}";
|
||||
presharedKeyFile = pkgs.privatePath "wireguard/psk";
|
||||
presharedKeyFile = config.age.secrets."wireguard/psk".path;
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
|
|
|
@ -4,8 +4,8 @@
|
|||
lib,
|
||||
...
|
||||
}: let
|
||||
passwordFile = pkgs.privatePath "pam-login-password";
|
||||
openssh.authorizedKeys.keys = pkgs.privateValue [] "ssh-keys";
|
||||
passwordFile = config.age.secrets.pam-login-password.path;
|
||||
in {
|
||||
users.users = {
|
||||
maralorn = {
|
||||
|
|
|
@ -19,6 +19,7 @@ in {
|
|||
];
|
||||
|
||||
imports = [
|
||||
(builtins.getFlake "github:ryantm/agenix").nixosModules.default
|
||||
(networkingModule "firewall-iptables")
|
||||
(networkingModule "firewall-nftables")
|
||||
(networkingModule "firewall")
|
||||
|
@ -30,6 +31,11 @@ in {
|
|||
./admin.nix
|
||||
];
|
||||
|
||||
age.secrets = (import ../../private/secret-config.nix).module-config {
|
||||
inherit (config.networking) hostName;
|
||||
inherit lib;
|
||||
};
|
||||
|
||||
i18n = {
|
||||
defaultLocale = "en_DK.UTF-8";
|
||||
supportedLocales = ["en_DK.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8" "en_US.UTF-8/UTF-8"];
|
||||
|
|
|
@ -1 +1,6 @@
|
|||
_: prev: (import ../packages {pkgs = prev.unstable;}).packages
|
||||
_: prev: let
|
||||
inherit (import ../packages {pkgs = prev;}) haskellPackagesOverlay selectHaskellPackages;
|
||||
in
|
||||
selectHaskellPackages (prev.unstable.haskellPackages.override {
|
||||
overrides = haskellPackagesOverlay;
|
||||
})
|
||||
|
|
|
@ -35,9 +35,6 @@
|
|||
prev.matrix-client;
|
||||
aeson-schemas = unmarkBroken (dontCheck prev.aeson-schemas);
|
||||
};
|
||||
hpkgs = pkgs.haskellPackages.override {
|
||||
overrides = haskellPackagesOverlay;
|
||||
};
|
||||
selectHaskellPackages = attrs: lib.mapAttrs (name: _: attrs.${name}) myHaskellPackages;
|
||||
myHaskellPackages = {
|
||||
wizards-dialog = cleanCabalPackage {
|
||||
|
@ -62,15 +59,5 @@
|
|||
};
|
||||
};
|
||||
in {
|
||||
packages = selectHaskellPackages hpkgs;
|
||||
inherit haskellPackagesOverlay;
|
||||
shell = args:
|
||||
hpkgs.shellFor ({
|
||||
packages = hpkgs: (builtins.attrValues (selectHaskellPackages hpkgs));
|
||||
buildInputs = [
|
||||
hpkgs.haskell-language-server
|
||||
pkgs.cabal-install
|
||||
];
|
||||
}
|
||||
// args);
|
||||
inherit selectHaskellPackages haskellPackagesOverlay;
|
||||
}
|
||||
|
|
2
private
2
private
|
@ -1 +1 @@
|
|||
Subproject commit ea5c59c88c6a963fed4a31b6a3c31b424c4ae091
|
||||
Subproject commit 4970e368d9b554df2881b16cdb5d1712fcfbf575
|
Loading…
Reference in a new issue