Compare commits
2 Commits
30cff89a50
...
de5ad541b8
| Author | SHA1 | Date | |
|---|---|---|---|
|
de5ad541b8 | ||
|
|
0f7e28abd0 |
@ -68,14 +68,14 @@ in
|
|||||||
"plugdev"
|
"plugdev"
|
||||||
"bluetooth"
|
"bluetooth"
|
||||||
];
|
];
|
||||||
openssh.authorizedKeys.keyFiles = [
|
openssh.authorizedKeys.keyFiles = inputs.self.lib.getSshKeys [
|
||||||
../secrets/ssh/ed25519_deacero.pub
|
"deacero"
|
||||||
../secrets/ssh/ed25519_workstation.pub
|
"workstation"
|
||||||
../secrets/ssh/ed25519_server.pub
|
"server"
|
||||||
../secrets/ssh/ed25519_miniserver.pub
|
"miniserver"
|
||||||
../secrets/ssh/ed25519_galaxy.pub
|
"galaxy"
|
||||||
../secrets/ssh/ed25519_phone.pub
|
"phone"
|
||||||
../secrets/ssh/ed25519_vps.pub
|
"vps"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@ -5,13 +5,13 @@
|
|||||||
../../config/base.nix
|
../../config/base.nix
|
||||||
../../config/stylix.nix
|
../../config/stylix.nix
|
||||||
];
|
];
|
||||||
my = import ./toggles.nix // {
|
my = import ./toggles.nix { inherit inputs; } // {
|
||||||
nix.cores = 3;
|
nix.cores = 3;
|
||||||
nix.maxJobs = 8;
|
nix.maxJobs = 8;
|
||||||
users.nixremote.enable = true;
|
users.nixremote.enable = true;
|
||||||
users.nixremote.authorizedKeys = [
|
users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
|
||||||
../../secrets/ssh/ed25519_nixworkstation.pub
|
"nixworkstation"
|
||||||
../../secrets/ssh/ed25519_nixserver.pub
|
"nixserver"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
nix.buildMachines =
|
nix.buildMachines =
|
||||||
|
|||||||
@ -1,16 +1,6 @@
|
|||||||
|
{ inputs }:
|
||||||
let
|
let
|
||||||
mkEnabled = name: {
|
inherit (inputs.self.lib) mkEnabled mkEnabledWithProxy enableList;
|
||||||
inherit name;
|
|
||||||
value.enable = true;
|
|
||||||
};
|
|
||||||
mkEnabledWithProxy = name: {
|
|
||||||
inherit name;
|
|
||||||
value = {
|
|
||||||
enable = true;
|
|
||||||
enableProxy = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
enableList = func: list: list |> map func |> builtins.listToAttrs;
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
emacs.enable = true;
|
emacs.enable = true;
|
||||||
|
|||||||
@ -10,12 +10,12 @@
|
|||||||
../../config/base.nix
|
../../config/base.nix
|
||||||
../../config/stylix.nix
|
../../config/stylix.nix
|
||||||
];
|
];
|
||||||
my = import ./toggles.nix { inherit config; } // {
|
my = import ./toggles.nix { inherit config inputs; } // {
|
||||||
nix.cores = 6;
|
nix.cores = 6;
|
||||||
users.nixremote.enable = true;
|
users.nixremote.enable = true;
|
||||||
users.nixremote.authorizedKeys = [
|
users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
|
||||||
../../secrets/ssh/ed25519_nixworkstation.pub
|
"nixworkstation"
|
||||||
../../secrets/ssh/ed25519_nixminiserver.pub
|
"nixminiserver"
|
||||||
];
|
];
|
||||||
network.firewall.enabledServicePorts = true;
|
network.firewall.enabledServicePorts = true;
|
||||||
network.firewall.additionalPorts = [
|
network.firewall.additionalPorts = [
|
||||||
|
|||||||
@ -1,17 +1,7 @@
|
|||||||
{ config }:
|
{ config, inputs }:
|
||||||
let
|
let
|
||||||
mkEnabled = name: {
|
inherit (inputs.self.lib) mkEnabled enableList;
|
||||||
inherit name;
|
mkEnabledIp = inputs.self.lib.mkEnabledIp config.my.ips.wg-server;
|
||||||
value.enable = true;
|
|
||||||
};
|
|
||||||
mkEnabledIp = name: {
|
|
||||||
inherit name;
|
|
||||||
value = {
|
|
||||||
enable = true;
|
|
||||||
ip = config.my.ips.wg-server;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
enableList = func: list: list |> map func |> builtins.listToAttrs;
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
mainServer = "server";
|
mainServer = "server";
|
||||||
|
|||||||
@ -22,13 +22,13 @@ in
|
|||||||
../../config/stylix.nix
|
../../config/stylix.nix
|
||||||
../../environments/gnome.nix
|
../../environments/gnome.nix
|
||||||
];
|
];
|
||||||
my = import ./toggles.nix // {
|
my = import ./toggles.nix { inherit inputs; } // {
|
||||||
nix.cores = 8;
|
nix.cores = 8;
|
||||||
nix.maxJobs = 8;
|
nix.maxJobs = 8;
|
||||||
users.nixremote.enable = true;
|
users.nixremote.enable = true;
|
||||||
users.nixremote.authorizedKeys = [
|
users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
|
||||||
../../secrets/ssh/ed25519_nixserver.pub
|
"nixserver"
|
||||||
../../secrets/ssh/ed25519_nixminiserver.pub
|
"nixminiserver"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
home-manager.users.jawz = {
|
home-manager.users.jawz = {
|
||||||
|
|||||||
@ -1,9 +1,6 @@
|
|||||||
|
{ inputs }:
|
||||||
let
|
let
|
||||||
mkEnabled = name: {
|
inherit (inputs.self.lib) mkEnabled enableList;
|
||||||
inherit name;
|
|
||||||
value.enable = true;
|
|
||||||
};
|
|
||||||
enableList = func: list: list |> map func |> builtins.listToAttrs;
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
stylix.enable = true;
|
stylix.enable = true;
|
||||||
|
|||||||
@ -105,65 +105,71 @@ in
|
|||||||
enableProxy = lib.mkEnableOption "nginx reverse proxy for services";
|
enableProxy = lib.mkEnableOption "nginx reverse proxy for services";
|
||||||
};
|
};
|
||||||
config = {
|
config = {
|
||||||
assertions = [
|
assertions =
|
||||||
{
|
# PostgreSQL dependency assertions
|
||||||
assertion = config.my.servers.nextcloud.enable -> config.my.servers.postgres.enable;
|
inputs.self.lib.mkPostgresDependencies config [
|
||||||
message = "Nextcloud requires PostgreSQL to be enabled";
|
{
|
||||||
}
|
service = "nextcloud";
|
||||||
{
|
name = "Nextcloud";
|
||||||
assertion = config.my.servers.vaultwarden.enable -> config.my.servers.postgres.enable;
|
}
|
||||||
message = "Vaultwarden requires PostgreSQL to be enabled";
|
{
|
||||||
}
|
service = "vaultwarden";
|
||||||
{
|
name = "Vaultwarden";
|
||||||
assertion = config.my.servers.firefly-iii.enable -> config.my.servers.postgres.enable;
|
}
|
||||||
message = "Firefly III requires PostgreSQL to be enabled";
|
{
|
||||||
}
|
service = "firefly-iii";
|
||||||
{
|
name = "Firefly III";
|
||||||
assertion = config.my.servers.mealie.enable -> config.my.servers.postgres.enable;
|
}
|
||||||
message = "Mealie requires PostgreSQL to be enabled";
|
{
|
||||||
}
|
service = "mealie";
|
||||||
{
|
name = "Mealie";
|
||||||
assertion = config.my.servers.shiori.enable -> config.my.servers.postgres.enable;
|
}
|
||||||
message = "Shiori requires PostgreSQL to be enabled";
|
{
|
||||||
}
|
service = "shiori";
|
||||||
{
|
name = "Shiori";
|
||||||
assertion = config.my.servers.ryot.enable -> config.my.servers.postgres.enable;
|
}
|
||||||
message = "Ryot requires PostgreSQL to be enabled";
|
{
|
||||||
}
|
service = "ryot";
|
||||||
{
|
name = "Ryot";
|
||||||
assertion = config.my.servers.synapse.enable -> config.my.servers.postgres.enable;
|
}
|
||||||
message = "Matrix Synapse requires PostgreSQL to be enabled";
|
{
|
||||||
}
|
service = "synapse";
|
||||||
{
|
name = "Matrix Synapse";
|
||||||
assertion = config.my.servers.gitea.enable -> config.my.servers.postgres.enable;
|
}
|
||||||
message = "Gitea requires PostgreSQL to be enabled";
|
{
|
||||||
}
|
service = "gitea";
|
||||||
{
|
name = "Gitea";
|
||||||
assertion =
|
}
|
||||||
config.my.enableProxy
|
]
|
||||||
-> (builtins.any (s: s.enableProxy or false) (builtins.attrValues config.my.servers));
|
++
|
||||||
message = "enableProxy is true but no services have enableProxy enabled";
|
# Other assertions
|
||||||
}
|
[
|
||||||
{
|
{
|
||||||
assertion =
|
assertion =
|
||||||
config.my.enableContainers
|
config.my.enableProxy
|
||||||
|| !(builtins.any (opt: opt) [
|
-> (builtins.any (s: s.enableProxy or false) (builtins.attrValues config.my.servers));
|
||||||
config.my.servers.ryot.enable
|
message = "enableProxy is true but no services have enableProxy enabled";
|
||||||
config.my.servers.lidarr.enable
|
}
|
||||||
config.my.servers.prowlarr.enable
|
{
|
||||||
config.my.servers.maloja.enable
|
assertion =
|
||||||
config.my.servers.multi-scrobbler.enable
|
config.my.enableContainers
|
||||||
config.my.servers.flame.enable
|
|| !(builtins.any (opt: opt) [
|
||||||
config.my.servers.flameSecret.enable
|
config.my.servers.ryot.enable
|
||||||
config.my.servers.metube.enable
|
config.my.servers.lidarr.enable
|
||||||
config.my.servers.go-vod.enable
|
config.my.servers.prowlarr.enable
|
||||||
config.my.servers.tranga.enable
|
config.my.servers.maloja.enable
|
||||||
config.my.servers.drpp.enable
|
config.my.servers.multi-scrobbler.enable
|
||||||
config.my.servers.plex-discord-bot.enable
|
config.my.servers.flame.enable
|
||||||
]);
|
config.my.servers.flameSecret.enable
|
||||||
message = "Container services are enabled but enableContainers is false";
|
config.my.servers.metube.enable
|
||||||
}
|
config.my.servers.go-vod.enable
|
||||||
];
|
config.my.servers.tranga.enable
|
||||||
|
config.my.servers.drpp.enable
|
||||||
|
config.my.servers.plex-discord-bot.enable
|
||||||
|
]);
|
||||||
|
message = "Container services are enabled but enableContainers is false";
|
||||||
|
}
|
||||||
|
];
|
||||||
virtualisation = {
|
virtualisation = {
|
||||||
containers.enable = true;
|
containers.enable = true;
|
||||||
oci-containers.backend = "podman";
|
oci-containers.backend = "podman";
|
||||||
|
|||||||
@ -1,13 +1,13 @@
|
|||||||
{ lib, config, ... }:
|
{ lib, config, inputs, ... }:
|
||||||
{
|
{
|
||||||
options.my.users.nixremote = {
|
options.my.users.nixremote = {
|
||||||
enable = lib.mkEnableOption "nixremote user for distributed builds";
|
enable = lib.mkEnableOption "nixremote user for distributed builds";
|
||||||
authorizedKeys = lib.mkOption {
|
authorizedKeys = lib.mkOption {
|
||||||
type = lib.types.listOf lib.types.path;
|
type = lib.types.listOf lib.types.path;
|
||||||
default = [
|
default = inputs.self.lib.getSshKeys [
|
||||||
../../secrets/ssh/ed25519_nixworkstation.pub
|
"nixworkstation"
|
||||||
../../secrets/ssh/ed25519_nixserver.pub
|
"nixserver"
|
||||||
../../secrets/ssh/ed25519_nixminiserver.pub
|
"nixminiserver"
|
||||||
];
|
];
|
||||||
description = "List of SSH public key files to authorize for nixremote user";
|
description = "List of SSH public key files to authorize for nixremote user";
|
||||||
};
|
};
|
||||||
|
|||||||
@ -171,6 +171,47 @@ in
|
|||||||
|> lib.attrValues
|
|> lib.attrValues
|
||||||
|> map (srv: srv.port)
|
|> map (srv: srv.port)
|
||||||
);
|
);
|
||||||
|
mkEnabled = name: {
|
||||||
|
inherit name;
|
||||||
|
value.enable = true;
|
||||||
|
};
|
||||||
|
mkEnabledWithProxy = name: {
|
||||||
|
inherit name;
|
||||||
|
value = {
|
||||||
|
enable = true;
|
||||||
|
enableProxy = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
mkEnabledIp = ip: name: {
|
||||||
|
inherit name;
|
||||||
|
value = {
|
||||||
|
enable = true;
|
||||||
|
inherit ip;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
enableList = func: list: list |> map func |> builtins.listToAttrs;
|
||||||
|
mkPostgresDependency = config: serviceName: displayName: {
|
||||||
|
assertion = config.my.servers.${serviceName}.enable -> config.my.servers.postgres.enable;
|
||||||
|
message = "${displayName} requires PostgreSQL to be enabled";
|
||||||
|
};
|
||||||
|
mkPostgresDependencies =
|
||||||
|
config: serviceMap:
|
||||||
|
serviceMap |> map (entry: inputs.self.lib.mkPostgresDependency config entry.service entry.name);
|
||||||
|
sshKeys = {
|
||||||
|
deacero = ../../secrets/ssh/ed25519_deacero.pub;
|
||||||
|
workstation = ../../secrets/ssh/ed25519_workstation.pub;
|
||||||
|
server = ../../secrets/ssh/ed25519_server.pub;
|
||||||
|
miniserver = ../../secrets/ssh/ed25519_miniserver.pub;
|
||||||
|
galaxy = ../../secrets/ssh/ed25519_galaxy.pub;
|
||||||
|
phone = ../../secrets/ssh/ed25519_phone.pub;
|
||||||
|
vps = ../../secrets/ssh/ed25519_vps.pub;
|
||||||
|
emacs = ../../secrets/ssh/ed25519_emacs.pub;
|
||||||
|
# Build user keys (nixremote)
|
||||||
|
nixworkstation = ../../secrets/ssh/ed25519_nixworkstation.pub;
|
||||||
|
nixserver = ../../secrets/ssh/ed25519_nixserver.pub;
|
||||||
|
nixminiserver = ../../secrets/ssh/ed25519_nixminiserver.pub;
|
||||||
|
};
|
||||||
|
getSshKeys = keyNames: keyNames |> map (name: inputs.self.lib.sshKeys.${name});
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user