From 47a65a151c153fb374bc17511e1d4105566aa085 Mon Sep 17 00:00:00 2001 From: Dennis <52411861+DerDennisOP@users.noreply.github.com> Date: Mon, 5 Feb 2024 18:22:52 +0100 Subject: [PATCH] fix photon ldap config (#74) * fix photon ldap config * secrets update --- flake.lock | 132 ++++-------------- flake.nix | 38 +++-- modules/backup.nix | 15 +- users/alice/systems/configuration.nix | 1 - users/alice/systems/programs.nix | 2 - users/alice/systems/testtop/configuration.nix | 25 ---- users/alice/systems/testtop/default.nix | 5 - users/alice/systems/testtop/hardware.nix | 35 ----- users/alice/systems/testtop/programs.nix | 39 ------ 9 files changed, 67 insertions(+), 225 deletions(-) delete mode 100644 users/alice/systems/configuration.nix delete mode 100644 users/alice/systems/programs.nix delete mode 100644 users/alice/systems/testtop/configuration.nix delete mode 100644 users/alice/systems/testtop/default.nix delete mode 100644 users/alice/systems/testtop/hardware.nix delete mode 100644 users/alice/systems/testtop/programs.nix diff --git a/flake.lock b/flake.lock index b4fdc46..87fb195 100644 --- a/flake.lock +++ b/flake.lock @@ -119,11 +119,11 @@ ] }, "locked": { - "lastModified": 1706985585, - "narHash": "sha256-ptshv4qXiC6V0GCfpABz88UGGPNwqs5tAxaRUKbk1Qo=", + "lastModified": 1707114923, + "narHash": "sha256-LDYPWa+BgxHSNEye93SyIPgz5u3RAfh78P9KyO+rQzI=", "owner": "nix-community", "repo": "home-manager", - "rev": "1ca210648a6ca9b957efde5da957f3de6b1f0c45", + "rev": "afcedcf2c8e424d0465e823cf833eb3adebe1db7", "type": "github" }, "original": { @@ -152,10 +152,18 @@ "inputs": { "blobs": "blobs", "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs", - "nixpkgs-23_05": "nixpkgs-23_05", - "nixpkgs-23_11": "nixpkgs-23_11", - "utils": "utils" + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-23_05": [ + "nixpkgs" + ], + "nixpkgs-23_11": [ + "nixpkgs" + ], + "utils": [ + "flake-utils" + ] }, "locked": { "lastModified": 1706742486, @@ -202,11 +210,11 @@ ] }, "locked": { - "lastModified": 1706411424, - "narHash": "sha256-BzziJYucEZvdCE985vjPoo3ztWcmUiSQ1wJ2CoT6jCc=", + "lastModified": 1707016097, + "narHash": "sha256-V4lHr6hFQ3rK650dh64Xffxsf4kse9vUYWsM+ldjkco=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "c782f2a4f6fc94311ab5ef31df2f1149a1856181", + "rev": "3e3dad2808379c522138e2e8b0eb73500721a237", "type": "github" }, "original": { @@ -248,11 +256,11 @@ ] }, "locked": { - "lastModified": 1706740920, - "narHash": "sha256-uFwu44BZf17WYMAEmYIcdtVyNLDRVselv3rNsm7PYeE=", + "lastModified": 1707090318, + "narHash": "sha256-/0Xq6+wh6ea4+4lnO/yUFTaBYzmQtA52/mOKfw08/J8=", "owner": "SuperSandro2000", "repo": "nixos-modules", - "rev": "453f941ff2cde75a5aac5d99c695d368fa28b7e1", + "rev": "fdb31cd04b592d5fdfca96027b36e28e79e977c2", "type": "github" }, "original": { @@ -263,47 +271,18 @@ }, "nixpkgs": { "locked": { - "lastModified": 1706732774, - "narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=", - "owner": "NixOS", + "lastModified": 1706913249, + "narHash": "sha256-x3M7iV++CsvRXI1fpyFPduGELUckZEhSv0XWnUopAG8=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d", + "rev": "e92b6015881907e698782c77641aa49298330223", "type": "github" }, "original": { - "id": "nixpkgs", + "owner": "nixos", "ref": "nixos-unstable", - "type": "indirect" - } - }, - "nixpkgs-23_05": { - "locked": { - "lastModified": 1704290814, - "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", - "owner": "NixOS", "repo": "nixpkgs", - "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.05", - "type": "indirect" - } - }, - "nixpkgs-23_11": { - "locked": { - "lastModified": 1706826059, - "narHash": "sha256-N69Oab+cbt3flLvYv8fYnEHlBsWwdKciNZHUbynVEOA=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "25e3d4c0d3591c99929b1ec07883177f6ea70c9d", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.11", - "type": "indirect" } }, "nixpkgs-fmt": { @@ -348,22 +327,6 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1706732774, - "narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "root": { "inputs": { "c3d2-user-module": "c3d2-user-module", @@ -375,10 +338,10 @@ "nix-index-database": "nix-index-database", "nix-pre-commit": "nix-pre-commit", "nixos-modules": "nixos-modules", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "nixpkgs-fmt": "nixpkgs-fmt", "sops-nix": "sops-nix", - "systems": "systems_2" + "systems": "systems" } }, "rust-analyzer-src": { @@ -408,11 +371,11 @@ ] }, "locked": { - "lastModified": 1706410821, - "narHash": "sha256-iCfXspqUOPLwRobqQNAQeKzprEyVowLMn17QaRPQc+M=", + "lastModified": 1707015547, + "narHash": "sha256-YZr0OrqWPdbwBhxpBu69D32ngJZw8AMgZtJeaJn0e94=", "owner": "Mic92", "repo": "sops-nix", - "rev": "73bf36912e31a6b21af6e0f39218e067283c67ef", + "rev": "23f61b897c00b66855074db471ba016e0cda20dd", "type": "github" }, "original": { @@ -435,39 +398,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index b996293..2013adf 100644 --- a/flake.nix +++ b/flake.nix @@ -11,7 +11,6 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; systems.url = "github:nix-systems/default"; - mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; nix-index-database = { url = "github:Mic92/nix-index-database"; @@ -50,6 +49,16 @@ }; }; + mailserver = { + url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; + inputs = { + nixpkgs.follows = "nixpkgs"; + nixpkgs-23_05.follows = "nixpkgs"; + nixpkgs-23_11.follows = "nixpkgs"; + utils.follows = "flake-utils"; + }; + }; + home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -188,17 +197,16 @@ value = constructSystem ({ hostname = system; } // builtins.removeAttrs (import ./systems/${system} { inherit inputs; }) [ "hostname" "server" "home" ]); }) (lsdir "systems"))) // (builtins.listToAttrs (builtins.concatMap - (user: - map - (system: { - name = "${user}.${system}"; - value = constructSystem ({ - hostname = system; - server = false; - users = [ user ]; - } // builtins.removeAttrs (import ./users/${user}/systems/${system} { inherit inputs; }) [ "hostname" "server" "users" ]); - }) - (lsdir "users/${user}/systems")) + (user: map + (system: { + name = "${user}.${system}"; + value = constructSystem ({ + hostname = system; + server = false; + users = [ user ]; + } // builtins.removeAttrs (import ./users/${user}/systems/${system} { inherit inputs; }) [ "hostname" "server" "users" ]); + }) + (lsdir "users/${user}/systems")) (lsdir "users"))); devShell = lib.mapAttrs @@ -235,7 +243,7 @@ let mkBuild = type: let - getBuildEntryPoint = name: nixosSystem: + getBuildEntryPoint = (name: nixosSystem: if builtins.hasAttr type nixosSystem.config.system.build then let cfg = nixosSystem.config.system.build.${type}; @@ -244,9 +252,9 @@ lib.recursiveUpdate cfg { meta.timeout = 24 * 60 * 60; } else cfg - else { }; + else { }); in - lib.filterAttrs (n: v: v != { }) (lib.mapAttrs getBuildEntryPoint self.nixosConfigurations); + lib.filterAttrs (n: v: v != { }) (builtins.mapAttrs getBuildEntryPoint self.nixosConfigurations); in builtins.listToAttrs (map (type: { diff --git a/modules/backup.nix b/modules/backup.nix index d62f1d3..3af01ed 100644 --- a/modules/backup.nix +++ b/modules/backup.nix @@ -70,10 +70,21 @@ in { "/etc/subgid" "/etc/subuid" "/var/lib/nixos/" - ] ++ cfg.paths ++ lib.optional config.services.postgresql.enable "/var/backup/postgresql/" ++ lib.optional config.services.mysql.enable "/var/lib/mysql/" - ++ lib.optional (config.security.acme.certs != { }) "/var/lib/acme/" ++ lib.optional config.security.dhparams.enable "/var/lib/dhparams/" + ] ++ cfg.paths + ++ lib.optional config.services.postgresql.enable "/var/backup/postgresql/" + ++ lib.optional config.services.mysql.enable "/var/lib/mysql/" + ++ lib.optional config.services.gitea.enable "/var/lib/gitea/" + ++ lib.optional (config.security.acme.certs != { }) "/var/lib/acme/" + ++ lib.optional config.security.dhparams.enable "/var/lib/dhparams/" ++ lib.optional config.mailserver.enable config.mailserver.mailDirectory; + exclude = lib.mkIf config.services.gitea.enable [ + "/var/lib/gitea/data/indexers/" + "/var/lib/gitea/data/repo-archive" + "/var/lib/gitea/data/queues" + "/var/lib/gitea/data/tmp/" + ]; + pruneOpts = [ "--group-by host" "--keep-daily 7" "--keep-weekly 4" "--keep-monthly 12" ]; timerConfig = { diff --git a/users/alice/systems/configuration.nix b/users/alice/systems/configuration.nix deleted file mode 100644 index c915eb0..0000000 --- a/users/alice/systems/configuration.nix +++ /dev/null @@ -1 +0,0 @@ -{ ... }: { } diff --git a/users/alice/systems/programs.nix b/users/alice/systems/programs.nix deleted file mode 100644 index fb4b367..0000000 --- a/users/alice/systems/programs.nix +++ /dev/null @@ -1,2 +0,0 @@ -{ ... }: -{ } diff --git a/users/alice/systems/testtop/configuration.nix b/users/alice/systems/testtop/configuration.nix deleted file mode 100644 index bcc370c..0000000 --- a/users/alice/systems/testtop/configuration.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ pkgs, ... }: { - imports = [ ../configuration.nix ../programs.nix ./programs.nix ]; - - time.timeZone = "America/New_York"; - console.keyMap = "us"; - networking.hostId = "1beb4026"; - - boot = { - zfs.extraPools = [ "Main" ]; - filesystem = "zfs"; - useSystemdBoot = true; - }; - - i18n = { - defaultLocale = "en_US.utf8"; - supportedLocales = [ "en_US.UTF-8/UTF-8" ]; - }; - - boot = { - default = true; - kernel.sysctl = { "net.ipv6.conf.ens3.accept_ra" = 1; }; - }; - - system.stateVersion = "23.05"; -} diff --git a/users/alice/systems/testtop/default.nix b/users/alice/systems/testtop/default.nix deleted file mode 100644 index 7a9656a..0000000 --- a/users/alice/systems/testtop/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: { - system = "x86_64-linux"; - home = true; - sops = false; -} diff --git a/users/alice/systems/testtop/hardware.nix b/users/alice/systems/testtop/hardware.nix deleted file mode 100644 index d970d5c..0000000 --- a/users/alice/systems/testtop/hardware.nix +++ /dev/null @@ -1,35 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/c59f7261-ebab-4cc9-8f1d-3f4c2e4b1971"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/7295-A442"; - fsType = "vfat"; - }; - - swapDevices = [{ device = "/dev/disk/by-uuid/9d4ef549-d426-489d-8332-0a49589c6aed"; }]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/users/alice/systems/testtop/programs.nix b/users/alice/systems/testtop/programs.nix deleted file mode 100644 index e7d2c36..0000000 --- a/users/alice/systems/testtop/programs.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ pkgs, ... }: { - environment.systemPackages = with pkgs; [ - bat - btop - croc - deadnix - direnv - fd - file - htop - hwloc - iperf3 - jp2a - jq - lsof - lynis - ncdu - neofetch - nix-init - nix-output-monitor - nix-prefetch - nix-tree - nixpkgs-fmt - nmap - pciutils - python3 - qrencode - ripgrep - smartmontools - tig - tokei - tree - unzip - ventoy - wget - zoxide - zsh-nix-shell - ]; -}