genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-27 01:17:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #604 from genebean/private_flake

Browse source 
Move some bits to a private flake
This commit is contained in:
Gene Liverman 2026-03-11 00:43:21 -04:00 committed by GitHub
commit 78c1e18d43
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 38 additions and 244 deletions
Download patch file Download diff file Expand all files Collapse all files

160
flake.lock generated
View file

@ -16,22 +16,6 @@
"type": "gitlab"
}
},
"blobs_2": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"brew-src": {
"flake": false,
"locked": {
@ -175,22 +159,6 @@
"type": "github"
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1761588595,
"narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
@ -266,38 +234,10 @@
"git-hooks": {
"inputs": {
"flake-compat": [
"private-flake",
"simple-nixos-mailserver",
"flake-compat"
],
"gitignore": "gitignore_2",
"nixpkgs": [
"private-flake",
"simple-nixos-mailserver",
"nixpkgs"
]
},
"locked": {
"lastModified": 1763319842,
"narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"git-hooks_2": {
"inputs": {
"flake-compat": [
"simple-nixos-mailserver",
"flake-compat"
],
"gitignore": "gitignore_3",
"nixpkgs": [
"simple-nixos-mailserver",
"nixpkgs"
@ -340,29 +280,6 @@
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"private-flake",
"simple-nixos-mailserver",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_3": {
"inputs": {
"nixpkgs": [
"simple-nixos-mailserver",
@ -626,11 +543,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1772822230,
"narHash": "sha256-yf3iYLGbGVlIthlQIk5/4/EQDZNNEmuqKZkQssMljuw=",
"lastModified": 1773068389,
"narHash": "sha256-vMrm7Pk2hjBRPnCSjhq1pH0bg350Z+pXhqZ9ICiqqCs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "71caefce12ba78d84fe618cf61644dce01cf3a96",
"rev": "44bae273f9f82d480273bab26f5c50de3724f52f",
"type": "github"
},
"original": {
@ -690,20 +607,23 @@
"nixpkgs": [
"nixpkgs"
],
"simple-nixos-mailserver": "simple-nixos-mailserver",
"sops-nix": "sops-nix"
"simple-nixos-mailserver": [
"simple-nixos-mailserver"
],
"sops-nix": [
"sops-nix"
]
},
"locked": {
"lastModified": 1773107095,
"narHash": "sha256-FH96EdivFlkW85eumLrp17EdXLMxlPXk4+6p3eGCzOs=",
"lastModified": 1773203147,
"narHash": "sha256-16q/JVUUM8SqeDY4rmM7wt53dXj2dPeBIfGPVP9/NOo=",
"owner": "genebean",
"repo": "private-flake",
"rev": "1e245e3d7fab1dd1466569ed10f4488abf343e38",
"rev": "510a9214433b56fde82cd572063b99ec9a32eb7f",
"type": "github"
},
"original": {
"owner": "genebean",
"ref": "initial_setup",
"repo": "private-flake",
"type": "github"
}
@ -724,8 +644,8 @@
"nixpkgs": "nixpkgs_3",
"nixpkgs-unstable": "nixpkgs-unstable",
"private-flake": "private-flake",
"simple-nixos-mailserver": "simple-nixos-mailserver_2",
"sops-nix": "sops-nix_2"
"simple-nixos-mailserver": "simple-nixos-mailserver",
"sops-nix": "sops-nix"
}
},
"rust-analyzer-src": {
@ -771,31 +691,6 @@
"blobs": "blobs",
"flake-compat": "flake-compat_3",
"git-hooks": "git-hooks",
"nixpkgs": [
"private-flake",
"nixpkgs"
]
},
"locked": {
"lastModified": 1766537863,
"narHash": "sha256-HEt+wbazRgJYeY+lgj65bxhPyVc4x7NEB2bs5NU6DF8=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "23f0a53ca6e58e61e1ea2b86791c69b79c91656d",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"ref": "nixos-25.11",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"simple-nixos-mailserver_2": {
"inputs": {
"blobs": "blobs_2",
"flake-compat": "flake-compat_4",
"git-hooks": "git-hooks_2",
"nixpkgs": [
"nixpkgs"
]
@ -818,36 +713,15 @@
"sops-nix": {
"inputs": {
"nixpkgs": [
"private-flake",
"nixpkgs"
]
},
"locked": {
"lastModified": 1769469829,
"narHash": "sha256-wFcr32ZqspCxk4+FvIxIL0AZktRs6DuF8oOsLt59YBU=",
"lastModified": 1773096132,
"narHash": "sha256-M3zEnq9OElB7zqc+mjgPlByPm1O5t2fbUrH3t/Hm5Ag=",
"owner": "mic92",
"repo": "sops-nix",
"rev": "c5eebd4eb2e3372fe12a8d70a248a6ee9dd02eff",
"type": "github"
},
"original": {
"owner": "mic92",
"repo": "sops-nix",
"type": "github"
}
},
"sops-nix_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1772944399,
"narHash": "sha256-xTzsSd3r5HBeufSZ3fszAn0ldfKctvsYG7tT2YJg5gY=",
"owner": "mic92",
"repo": "sops-nix",
"rev": "c8e69670b316d6788e435a3aa0bda74eb1b82cc0",
"rev": "d1ff3b1034d5bab5d7d8086a7803c5a5968cd784",
"type": "github"
},
"original": {

8
flake.nix
View file

@ -63,8 +63,12 @@
# Private flake for sensitive configs
private-flake = {
url = "github:genebean/private-flake/initial_setup";
inputs.nixpkgs.follows = "nixpkgs";
url = "github:genebean/private-flake";
inputs = {
nixpkgs.follows = "nixpkgs";
simple-nixos-mailserver.follows = "simple-nixos-mailserver";
sops-nix.follows = "sops-nix";
};
};
simple-nixos-mailserver = {

2
lib/mkNixosHost.nix
View file

@ -27,7 +27,7 @@
}
inputs.nix-flatpak.nixosModules.nix-flatpak
inputs.private-flake.nixosModules.private.ssh-keys
inputs.sops-nix.nixosModules.sops # system wide secrets management
../modules/hosts/nixos # system-wide stuff
../modules/hosts/nixos/${hostname} # host specific stuff

7
modules/hosts/common/linux/nixroutes.nix Normal file
View file

@ -0,0 +1,7 @@
{ config, lib, ... }:
let
hostName = config.networking.hostName;
in {
programs.zsh.shellAliases.nixroutes =
"cd ~/repos/dots && echo '=== Current Routes ===' && ip route show && ip -6 route show && echo '' && echo '=== New Build Routes ===' && nix eval --json '.#nixosConfigurations.${hostName}.config.systemd.network.networks.\"10-wan\".routes'";
}

34
modules/hosts/nixos/hetznix01/default.nix
View file

@ -1,7 +1,8 @@
{ pkgs, username, ... }: {
{ inputs, pkgs, username, ... }: {
imports = [
./hardware-configuration.nix
../../common/linux/nixroutes.nix
./disk-config.nix
./hardware-configuration.nix
./post-install
];
@ -84,39 +85,10 @@
};
};
systemd.network = {
enable = true;
networks."10-wan" = {
matchConfig.Name = "enp1s0";
address = [
"5.161.244.95/32"
"2a01:4ff:f0:977c::1/64"
];
dns = [
"185.12.64.1"
"185.12.64.2"
"2a01:4ff:ff00::add:1"
"2a01:4ff:ff00::add:2"
];
routes = [
{ Destination = "172.31.1.1"; }
{ Gateway = "172.31.1.1"; GatewayOnLink = true; }
{ Gateway = "fe80::1"; }
];
# make the routes on this interface a dependency for network-online.target
linkConfig.RequiredForOnline = "routable";
};
};
users.users.${username} = {
isNormalUser = true;
description = "Gene Liverman";
extraGroups = [ "networkmanager" "wheel" ];
linger = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvLaPTfG3r+bcbI6DV4l69UgJjnwmZNCQk79HXyf1Pt gene@rainbow-planet"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIp42X5DZ713+bgbOO+GXROufUFdxWo7NjJbGQ285x3N gene.liverman@ltnglobal.com"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxSBXdng/+esUXN/uLHQ0l9SgHS5EI9Z8UbqxLMNpK5 gene@newt"
];
};
}

18
modules/hosts/nixos/hetznix01/post-install/default.nix
View file

@ -12,24 +12,6 @@ in {
./nginx.nix
];
mailserver = {
enable = true;
enableImap = false;
enableImapSsl = true;
enableSubmission = false;
enableSubmissionSsl = true;
fqdn = "mail.alt.${domain}";
domains = [
"alt.${domain}"
"indianspringsbsa.org"
"pack1828.org"
];
stateVersion = 3;
# Use Let's Encrypt certificates from Nginx
certificateScheme = "acme";
};
services = {
collabora-online = {
enable = true;

36
modules/hosts/nixos/hetznix02/default.nix
View file

@ -1,8 +1,10 @@
{ pkgs, username, ... }: {
{ inputs, pkgs, username, ... }: {
imports = [
./hardware-configuration.nix
../../common/linux/nixroutes.nix
./disk-config.nix
./hardware-configuration.nix
./post-install
inputs.private-flake.nixosModules.private.hetznix02
];
system.stateVersion = "24.05";
@ -51,41 +53,11 @@
'';
};
systemd.network = {
enable = true;
networks."10-wan" = {
matchConfig.Name = "enp1s0";
address = [
"195.201.224.89/32"
"2a01:4f8:1c1e:aa68::1/64"
"fe80::9400:3ff:feae:45aa/64"
];
dns = [
"185.12.64.1"
"185.12.64.2"
"2a01:4ff:ff00::add:1"
"2a01:4ff:ff00::add:2"
];
routes = [
{ Destination = "172.31.1.1"; }
{ Gateway = "172.31.1.1"; GatewayOnLink = true; }
{ Gateway = "fe80::1"; }
];
# make the routes on this interface a dependency for network-online.target
linkConfig.RequiredForOnline = "routable";
};
};
users.users.${username} = {
isNormalUser = true;
description = "Gene Liverman";
extraGroups = [ "networkmanager" "wheel" ];
linger = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvLaPTfG3r+bcbI6DV4l69UgJjnwmZNCQk79HXyf1Pt gene@rainbow-planet"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIp42X5DZ713+bgbOO+GXROufUFdxWo7NjJbGQ285x3N gene.liverman@ltnglobal.com"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAyYpMcbTCpDtP7wUcXnfFXvekPL/tz/k2Q3kCZwfGwZ gene@kiosk-gene-desk"
];
};
zramSwap.enable = true;

4
modules/hosts/nixos/kiosk-entryway/default.nix
View file

@ -117,10 +117,6 @@
description = "Gene Liverman";
extraGroups = [ "networkmanager" "wheel" ];
linger = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvLaPTfG3r+bcbI6DV4l69UgJjnwmZNCQk79HXyf1Pt gene@rainbow-planet"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIp42X5DZ713+bgbOO+GXROufUFdxWo7NjJbGQ285x3N gene.liverman@ltnglobal.com"
];
};
zramSwap = {

4
modules/hosts/nixos/kiosk-gene-desk/default.nix
View file

@ -110,10 +110,6 @@
description = "Gene Liverman";
extraGroups = [ "networkmanager" "wheel" ];
linger = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvLaPTfG3r+bcbI6DV4l69UgJjnwmZNCQk79HXyf1Pt gene@rainbow-planet"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIp42X5DZ713+bgbOO+GXROufUFdxWo7NjJbGQ285x3N gene.liverman@ltnglobal.com"
];
};
zramSwap = {

4
modules/hosts/nixos/nixnas1/default.nix
View file

@ -118,9 +118,5 @@
isNormalUser = true;
description = "Gene Liverman";
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvLaPTfG3r+bcbI6DV4l69UgJjnwmZNCQk79HXyf1Pt gene@rainbow-planet"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIp42X5DZ713+bgbOO+GXROufUFdxWo7NjJbGQ285x3N gene.liverman@ltnglobal.com"
];
};
}

5
modules/hosts/nixos/nixnuc/default.nix
View file

@ -624,11 +624,6 @@ in {
description = "Gene Liverman";
extraGroups = [ "docker" "podman" "networkmanager" "wheel" ];
linger = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvLaPTfG3r+bcbI6DV4l69UgJjnwmZNCQk79HXyf1Pt gene@rainbow-planet"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6bRxR9wmwO1AcKjO2gRk6oxbIoDLI3KQL7sj92sN0K Gene on BigBoy"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIp42X5DZ713+bgbOO+GXROufUFdxWo7NjJbGQ285x3N gene.liverman@ltnglobal.com"
];
};
# Enable common container config files in /etc/containers