Migrate to 20.09

2020-09-16 19:32:23 +02:00 · 2020-09-16 19:32:23 +02:00 · 7c5dce9fbd
parent e79e823b9c
commit 7c5dce9fbd
8 changed files with 30 additions and 36 deletions
--- a/nixos/machines/apollo/configuration.nix
+++ b/nixos/machines/apollo/configuration.nix
@ -28,7 +28,8 @@ in {
      m0wire = {
        allowedIPsAsRoutes = false;
        ips = [ "${hosts.apollo-wg}/112" ];
-        privateKeyFile = "/etc/nixos/nixos/machines/apollo/secret/wireguard-private";
+        privateKeyFile =
+          "/etc/nixos/nixos/machines/apollo/secret/wireguard-private";
        peers = [{
          publicKey = wireguard.pub.hera;
          allowedIPs = [ "::/0" ];
@ -90,15 +91,15 @@ in {
  };
  boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };

-  cdark_net = {
-    enable = true;
-    hostName = "${me.user}_${config.networking.hostName}";
-    ed25519PrivateKeyFile = /etc/nixos/nixos/machines + "/${config.networking.hostName}"
-      + /secret/tinc/ed25519_key.priv;
-    hostsDirectory =
-      (builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts");
-    ip6address = "fd23:42:cda:4342::2";
-    ip4address = "172.20.71.2";
-  };
+  #cdark_net = {
+    #enable = true;
+    #hostName = "${me.user}_${config.networking.hostName}";
+    #ed25519PrivateKeyFile = /etc/nixos/nixos/machines
+      #+ "/${config.networking.hostName}" + /secret/tinc/ed25519_key.priv;
+    #hostsDirectory =
+      #pkgs.fetchgit { url = "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts"; };
+    #ip6address = "fd23:42:cda:4342::2";
+    #ip4address = "172.20.71.2";
+  #};
  system.stateVersion = "19.09";
 }
--- a/nixos/machines/hera/boot.nix
+++ b/nixos/machines/hera/boot.nix
@ -1,6 +1,6 @@
 { ... }: {

-  m-0.server.initSSHKey = ./secret/boot_rsa;
+  m-0.server.initSSHKey = ./secret/ssh_boot_rsa;

  boot = {
    loader.grub = {
--- a/nixos/machines/hera/cloud.nix
+++ b/nixos/machines/hera/cloud.nix
@ -54,7 +54,6 @@ let
        nextcloud = {
          enable = true;
          hostName = hostname;
-          nginx.enable = true;
          package = pkgs.nextcloud18;
          maxUploadSize = "10g";
          caching = {
--- a/nixos/machines/hera/secret/ssh_boot_rsa
+++ b/nixos/machines/hera/secret/ssh_boot_rsa
--- a/nixos/roles/boot-key.nix
+++ b/nixos/roles/boot-key.nix
@ -1,19 +1,15 @@
 { lib, config, ... }:
-let
-  secretsFile = "/var/lib/luks-secret/key";
-  secretsInitrd = "/boot/grub/secrets-initrd.gz";
+let secretsFile = "/var/lib/luks-secret/key";
 in {
-  boot.initrd.luks.devices."nixos" = {
-    fallbackToPassword = true;
-    keyFile = secretsFile;
-  };
-  # copy the secret into the additional initramfs. `null` means same path
-  boot.initrd.secrets."${secretsFile}" = null;
-  boot.loader = {
-    supportsInitrdSecrets = lib.mkForce true;
-    grub.extraInitrd = secretsInitrd;
-    grub.extraPrepareConfig = ''
-      ${config.system.build.initialRamdiskSecretAppender}/bin/append-initrd-secrets ${secretsInitrd}
-    '';
+  boot = {
+    initrd = {
+      luks.devices."nixos" = {
+        fallbackToPassword = true;
+        keyFile = secretsFile;
+      };
+      # copy the secret into the additional initramfs. `null` means same path
+      secrets."${secretsFile}" = null;
+    };
+    loader.supportsInitrdSecrets = lib.mkForce true;
  };
 }
--- a/nixos/roles/server/init_ssh.nix
+++ b/nixos/roles/server/init_ssh.nix
@ -9,11 +9,7 @@ with lib; {
        ssh = {
          enable = true;
          authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
-
-          # generate file with
-          # nix-shell -p dropbear
-          # dropbearkey -t rsa -f boot_rsa
-          hostRSAKey = config.m-0.server.initSSHKey;
+          hostKeys = [ config.m-0.server.initSSHKey ];
        };
      };
      postMountCommands = "ip link set eth0 down";
--- a/overlays/email2matrix/package.nix
+++ b/overlays/email2matrix/package.nix
@ -8,5 +8,5 @@ buildGoModule rec {
    rev = version;
    sha256 = "0nx99iab2y10m4jh4jl9c4y7j4iy8zlyfcn42v4y4mlk1507czlj";
  };
-  modSha256 = "0nrl1d1628isd6183a9rj4qmsmzpbsf656cm75vw0lz2x0s4x7dg";
+  vendorSha256 = "0nrl1d1628isd6183a9rj4qmsmzpbsf656cm75vw0lz2x0s4x7dg";
 }
--- a/overlays/neuron-language-server/package.nix
+++ b/overlays/neuron-language-server/package.nix
@ -1,7 +1,7 @@
 { buildGoModule, fetchFromGitHub }:
 buildGoModule {
  pname = "neuron-language-server";
-  version = "0.1";
+  version = "0.1.1";

  src = fetchFromGitHub {
    owner = "aca";
@ -10,5 +10,7 @@ buildGoModule {
    sha256 = "1kbh0bzzfmk7aj3c6k3ifwx4p42lw2pnr68srk3qpy6hjna8nczb";
  };

-  vendorSha256 = "02dajl4l3c8522ik2hmiq8cx4kj4h2ykx8l7qsal5xznx9pqbs7i";
+  doCheck = false;
+
+  vendorSha256 = "0pjjkw0633l8qbvwzy57rx76zjn3w3kf5f7plxnpxih9zj0q258l";
 }