update some things

2024-12-27 02:09:45 -06:00 · 2024-12-27 02:09:45 -06:00 · be43dd8ddf
commit be43dd8ddf
parent 5d028f5659
8 changed files with 120 additions and 32 deletions
--- a/boxes/copernicus/nvidia.nix
+++ b/boxes/copernicus/nvidia.nix
@ -1,10 +1,9 @@
 { config, lib, pkgs, ... }:
 {
  # Make sure opengl is enabled
-  hardware.opengl = {
+  hardware.graphics = {
    enable = true;
-    driSupport = true;
-    driSupport32Bit = true;
+    enable32Bit = true;
  };

  environment.systemPackages = with pkgs; [
--- a/boxes/copernicus/services/wireguard.nix
+++ b/boxes/copernicus/services/wireguard.nix
@ -12,7 +12,7 @@
        privateKeyFile = "/home/usr/wg-keys/private";
        peers = [
          { # netbox
-            publicKey = machines.wg-pubkey;
+            publicKey = machines.netbox.wg-pubkey;
            allowedIPs = [ "10.100.0.0/24" ]; # only stuff in the wg-subnet (10.100.0.*)
            endpoint = "149.28.63.115:50000";
            persistentKeepalive = 25;
--- a/boxes/netbox/agenix.nix
+++ b/boxes/netbox/agenix.nix
@ -20,5 +20,11 @@
      owner = "radicale";
      group = "radicale";
    };
+
+    nextcloud-passwd = {
+      file = ../../secrets/nextcloud-admin-passwd.age;
+      owner = "nextcloud";
+      group = "nextcloud";
+    };
  };
 }
--- a/boxes/netbox/nextcloud.nix
+++ b/boxes/netbox/nextcloud.nix
@ -1,11 +1,11 @@
-{ lib, config, pkgs, ... }:
+{ config, pkgs, ... }:
 {
  services.nextcloud = {
    enable = true;
    https = true;
    package = pkgs.nextcloud30;
    hostName = "nextcloud.beepboop.systems";
-    config.adminpassFile = "/etc/nextcloud-admin";
+    config.adminpassFile = config.age.secrets.nextcloud-passwd.path;
    settings.overwriteprotocol = "https";
    extraApps = {
      phonetrack = pkgs.fetchNextcloudApp {
--- a/flake.lock
+++ b/flake.lock
@ -59,6 +59,26 @@
        "type": "github"
      }
    },
+    "deploy-rs": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "nixpkgs": "nixpkgs_2",
+        "utils": "utils"
+      },
+      "locked": {
+        "lastModified": 1727447169,
+        "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=",
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76",
+        "type": "github"
+      },
+      "original": {
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "type": "github"
+      }
+    },
    "flake-compat": {
      "flake": false,
      "locked": {
@ -75,6 +95,22 @@
        "type": "github"
      }
    },
+    "flake-compat_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@ -112,44 +148,60 @@
        "type": "github"
      }
    },
-    "nixpkgs-24_05": {
+    "nixpkgs-24_11": {
      "locked": {
-        "lastModified": 1717144377,
-        "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
+        "lastModified": 1734083684,
+        "narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "805a384895c696f802a9bf5bf4720f37385df547",
+        "rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "ref": "nixos-24.05",
+        "ref": "nixos-24.11",
        "type": "indirect"
      }
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1735066050,
-        "narHash": "sha256-vCBl6vYGi0QB11TMqdndLa7/UzxvuJUvKazlEnMTEX4=",
+        "lastModified": 1702272962,
+        "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "17fcc7929706c2bd08db2b785edbb23a66b2f681",
+        "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-24.05",
+        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1717602782,
-        "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=",
+        "lastModified": 1735141468,
+        "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6",
+        "rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-24.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1732014248,
+        "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
        "type": "github"
      },
      "original": {
@ -161,29 +213,29 @@
    "root": {
      "inputs": {
        "agenix": "agenix",
-        "nixpkgs": "nixpkgs_2",
+        "deploy-rs": "deploy-rs",
+        "nixpkgs": "nixpkgs_3",
        "simple-nixos-mailserver": "simple-nixos-mailserver"
      }
    },
    "simple-nixos-mailserver": {
      "inputs": {
        "blobs": "blobs",
-        "flake-compat": "flake-compat",
-        "nixpkgs": "nixpkgs_3",
-        "nixpkgs-24_05": "nixpkgs-24_05",
-        "utils": "utils"
+        "flake-compat": "flake-compat_2",
+        "nixpkgs": "nixpkgs_4",
+        "nixpkgs-24_11": "nixpkgs-24_11"
      },
      "locked": {
-        "lastModified": 1734885828,
-        "narHash": "sha256-G0fB1YBlkalu8lLGRB07K8CpUWNVd+unfrjNomSL7SM=",
+        "lastModified": 1734884447,
+        "narHash": "sha256-HA9fAmGNGf0cOYrhgoa+B6BxNVqGAYXfLyx8zIS0ZBY=",
        "owner": "simple-nixos-mailserver",
        "repo": "nixos-mailserver",
-        "rev": "636b82f4175e3f6b1e80d2189bb0469e2ae01a55",
+        "rev": "63209b1def2c9fc891ad271f474a3464a5833294",
        "type": "gitlab"
      },
      "original": {
        "owner": "simple-nixos-mailserver",
-        "ref": "nixos-24.05",
+        "ref": "nixos-24.11",
        "repo": "nixos-mailserver",
        "type": "gitlab"
      }
@ -223,11 +275,11 @@
        "systems": "systems_2"
      },
      "locked": {
-        "lastModified": 1709126324,
-        "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
+        "lastModified": 1701680307,
+        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "d465f4819400de7c8d874d50b982301f28a84605",
+        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -2,9 +2,10 @@
  description = "stupidcomputer's nixos flake";

  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
-    simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
+    simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.11";
    agenix.url = "github:ryantm/agenix";
+    deploy-rs.url = "github:serokell/deploy-rs";
  };

  outputs = {
@ -12,6 +13,7 @@
      nixpkgs,
      simple-nixos-mailserver,
      agenix,
+      deploy-rs,
      ...
    }@inputs: let
      mkSystem = modules:
@ -38,5 +40,22 @@
        );
    in {
      nixosConfigurations = generateNixosConfigurations [ "netbox" "copernicus" "aristotle" ];
+      deploy = {
+        sshUser = "ryan";
+        user = "ryan";
+        sshOpts = [ "-p" "433" ];
+
+        autoRollback = false;
+        magicRollback = false;
+
+        nodes = {
+          "netbox" = {
+            hostname = "beepboop.systems";
+            profiles.system = {
+              path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations."netbox";
+            };
+          };
+        };
+      };
    };
 }
--- a/secrets/nextcloud-admin-passwd.age
+++ b/secrets/nextcloud-admin-passwd.age
@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 q1rODg vXxOtNHTngVyr2lnmOI0vx3lH4PlG1gBbwY14DEkxzo
+wwPWOJFyeepmQ4VT9Jltt9pz24+gmFs4eIpZJv6EYu8
+-> ssh-ed25519 NIIFZw eoD7PfZg2q/taHgoVVaOnkzhbKyM2+57dBrkzg0gRSw
+4NH1RL2JKXA7u6bjFnVz8UQ/kYk9uNz7T+E4akPqpPg
+-> ssh-ed25519 E0Y+lw R5Zs7zkeEeEEjuLsndGkwZG9A52kgldKwZyeV6fray8
+zLlRHB60eg/PWitvRg9ium314nt7FZFr4EBjOOLfHn8
+--- wY4O8nTB6MMZj0KOD+9xPQuVT+G2mSPcnTBr484W8fs
+€DÜü¿Ëê z`šJw+	úyõsÔ«¯YÈNÓŽŸ¾¿ÄüÙüæKVìñÈi<11>PÍ	T/5ØN¦¹íp;±Œ0pž:«Ñyx™Šrªý[s`~äæÓp›¾ÍÈ;
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -16,4 +16,7 @@ in {

  # radicale
  "radicale-passwd.age".publicKeys = all;
+
+  # nextcloud
+  "nextcloud-admin-passwd.age".publicKeys = all;
 }