From be43dd8ddf1956335b23c5a4a94fd0e2ed9cd47c Mon Sep 17 00:00:00 2001 From: stupidcomputer Date: Fri, 27 Dec 2024 02:09:45 -0600 Subject: [PATCH] update some things --- boxes/copernicus/nvidia.nix | 5 +- boxes/copernicus/services/wireguard.nix | 2 +- boxes/netbox/agenix.nix | 6 ++ boxes/netbox/nextcloud.nix | 4 +- flake.lock | 100 ++++++++++++++++++------ flake.nix | 23 +++++- secrets/nextcloud-admin-passwd.age | 9 +++ secrets/secrets.nix | 3 + 8 files changed, 120 insertions(+), 32 deletions(-) create mode 100644 secrets/nextcloud-admin-passwd.age diff --git a/boxes/copernicus/nvidia.nix b/boxes/copernicus/nvidia.nix index dbde58e..29a5542 100644 --- a/boxes/copernicus/nvidia.nix +++ b/boxes/copernicus/nvidia.nix @@ -1,10 +1,9 @@ { config, lib, pkgs, ... }: { # Make sure opengl is enabled - hardware.opengl = { + hardware.graphics = { enable = true; - driSupport = true; - driSupport32Bit = true; + enable32Bit = true; }; environment.systemPackages = with pkgs; [ diff --git a/boxes/copernicus/services/wireguard.nix b/boxes/copernicus/services/wireguard.nix index 2b16e55..a9c97cf 100644 --- a/boxes/copernicus/services/wireguard.nix +++ b/boxes/copernicus/services/wireguard.nix @@ -12,7 +12,7 @@ privateKeyFile = "/home/usr/wg-keys/private"; peers = [ { # netbox - publicKey = machines.wg-pubkey; + publicKey = machines.netbox.wg-pubkey; allowedIPs = [ "10.100.0.0/24" ]; # only stuff in the wg-subnet (10.100.0.*) endpoint = "149.28.63.115:50000"; persistentKeepalive = 25; diff --git a/boxes/netbox/agenix.nix b/boxes/netbox/agenix.nix index 73fbfce..aa0491a 100644 --- a/boxes/netbox/agenix.nix +++ b/boxes/netbox/agenix.nix @@ -20,5 +20,11 @@ owner = "radicale"; group = "radicale"; }; + + nextcloud-passwd = { + file = ../../secrets/nextcloud-admin-passwd.age; + owner = "nextcloud"; + group = "nextcloud"; + }; }; } diff --git a/boxes/netbox/nextcloud.nix b/boxes/netbox/nextcloud.nix index 7986cb7..1f17d57 100644 --- a/boxes/netbox/nextcloud.nix +++ b/boxes/netbox/nextcloud.nix @@ -1,11 +1,11 @@ -{ lib, config, pkgs, ... }: +{ config, pkgs, ... }: { services.nextcloud = { enable = true; https = true; package = pkgs.nextcloud30; hostName = "nextcloud.beepboop.systems"; - config.adminpassFile = "/etc/nextcloud-admin"; + config.adminpassFile = config.age.secrets.nextcloud-passwd.path; settings.overwriteprotocol = "https"; extraApps = { phonetrack = pkgs.fetchNextcloudApp { diff --git a/flake.lock b/flake.lock index 5711253..c9ffe1d 100644 --- a/flake.lock +++ b/flake.lock @@ -59,6 +59,26 @@ "type": "github" } }, + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs_2", + "utils": "utils" + }, + "locked": { + "lastModified": 1727447169, + "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -75,6 +95,22 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -112,44 +148,60 @@ "type": "github" } }, - "nixpkgs-24_05": { + "nixpkgs-24_11": { "locked": { - "lastModified": 1717144377, - "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", + "lastModified": 1734083684, + "narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "805a384895c696f802a9bf5bf4720f37385df547", + "rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "type": "indirect" } }, "nixpkgs_2": { "locked": { - "lastModified": 1735066050, - "narHash": "sha256-vCBl6vYGi0QB11TMqdndLa7/UzxvuJUvKazlEnMTEX4=", + "lastModified": 1702272962, + "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "17fcc7929706c2bd08db2b785edbb23a66b2f681", + "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_3": { "locked": { - "lastModified": 1717602782, - "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", + "lastModified": 1735141468, + "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", + "rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1732014248, + "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", "type": "github" }, "original": { @@ -161,29 +213,29 @@ "root": { "inputs": { "agenix": "agenix", - "nixpkgs": "nixpkgs_2", + "deploy-rs": "deploy-rs", + "nixpkgs": "nixpkgs_3", "simple-nixos-mailserver": "simple-nixos-mailserver" } }, "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs_3", - "nixpkgs-24_05": "nixpkgs-24_05", - "utils": "utils" + "flake-compat": "flake-compat_2", + "nixpkgs": "nixpkgs_4", + "nixpkgs-24_11": "nixpkgs-24_11" }, "locked": { - "lastModified": 1734885828, - "narHash": "sha256-G0fB1YBlkalu8lLGRB07K8CpUWNVd+unfrjNomSL7SM=", + "lastModified": 1734884447, + "narHash": "sha256-HA9fAmGNGf0cOYrhgoa+B6BxNVqGAYXfLyx8zIS0ZBY=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "636b82f4175e3f6b1e80d2189bb0469e2ae01a55", + "rev": "63209b1def2c9fc891ad271f474a3464a5833294", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "repo": "nixos-mailserver", "type": "gitlab" } @@ -223,11 +275,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1709126324, - "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "d465f4819400de7c8d874d50b982301f28a84605", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 5778cfd..06f8545 100644 --- a/flake.nix +++ b/flake.nix @@ -2,9 +2,10 @@ description = "stupidcomputer's nixos flake"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; - simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.11"; agenix.url = "github:ryantm/agenix"; + deploy-rs.url = "github:serokell/deploy-rs"; }; outputs = { @@ -12,6 +13,7 @@ nixpkgs, simple-nixos-mailserver, agenix, + deploy-rs, ... }@inputs: let mkSystem = modules: @@ -38,5 +40,22 @@ ); in { nixosConfigurations = generateNixosConfigurations [ "netbox" "copernicus" "aristotle" ]; + deploy = { + sshUser = "ryan"; + user = "ryan"; + sshOpts = [ "-p" "433" ]; + + autoRollback = false; + magicRollback = false; + + nodes = { + "netbox" = { + hostname = "beepboop.systems"; + profiles.system = { + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations."netbox"; + }; + }; + }; + }; }; } diff --git a/secrets/nextcloud-admin-passwd.age b/secrets/nextcloud-admin-passwd.age new file mode 100644 index 0000000..9b2d7f8 --- /dev/null +++ b/secrets/nextcloud-admin-passwd.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 q1rODg vXxOtNHTngVyr2lnmOI0vx3lH4PlG1gBbwY14DEkxzo +wwPWOJFyeepmQ4VT9Jltt9pz24+gmFs4eIpZJv6EYu8 +-> ssh-ed25519 NIIFZw eoD7PfZg2q/taHgoVVaOnkzhbKyM2+57dBrkzg0gRSw +4NH1RL2JKXA7u6bjFnVz8UQ/kYk9uNz7T+E4akPqpPg +-> ssh-ed25519 E0Y+lw R5Zs7zkeEeEEjuLsndGkwZG9A52kgldKwZyeV6fray8 +zLlRHB60eg/PWitvRg9ium314nt7FZFr4EBjOOLfHn8 +--- wY4O8nTB6MMZj0KOD+9xPQuVT+G2mSPcnTBr484W8fs +Dz`Jw+ ysԫYNӎ KViP T/5Np;0p:yxr[s`~p; \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index c98e589..53970f8 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -16,4 +16,7 @@ in { # radicale "radicale-passwd.age".publicKeys = all; + + # nextcloud + "nextcloud-admin-passwd.age".publicKeys = all; }