Compare commits

...

2 commits

Author SHA1 Message Date
teutat3s 1f2ba895a0
Clean some sessionVariables from global scope
Especially some XDG_* env vars polluted other users environment when set

globally
2022-11-27 21:57:34 +01:00
teutat3s a795bf4429
Rename flora6 -> flora-6 2022-11-27 21:56:40 +01:00
7 changed files with 167 additions and 62 deletions

View file

@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1664140963, "lastModified": 1665870395,
"narHash": "sha256-pFxDtOLduRFlol0Y4ShE+soRQX4kbhaCNBtDOvx7ykw=", "narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "6acb1fe5f8597d5ce63fc82bc7fcac7774b1cdf0", "rev": "a630400067c6d03c9b3e0455347dc8559db14288",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -42,11 +42,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1664210064, "lastModified": 1668784520,
"narHash": "sha256-df6nKVZe/yAhmJ9csirTPahc0dldwm3HBhCVNA6qWr0=", "narHash": "sha256-gGgVAMwYPPmrfnvnoRi6OkEB5KRsNTb9uYzEceLdO/g=",
"owner": "LnL7", "owner": "LnL7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "02d2551c927b7d65ded1b3c7cd13da5cc7ae3fcf", "rev": "6349b99bc2b96ded34d068a88c7c5ced406b7f7f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -85,11 +85,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1659725433, "lastModified": 1668797197,
"narHash": "sha256-1ZxuK67TL29YLw88vQ18Y2Y6iYg8Jb7I6/HVzmNB6nM=", "narHash": "sha256-0w6iD3GSSQbIeSFVDzAAQZB+hDq670ZTms3d9XI+BtM=",
"owner": "serokell", "owner": "serokell",
"repo": "deploy-rs", "repo": "deploy-rs",
"rev": "41f15759dd8b638e7b4f299730d94d5aa46ab7eb", "rev": "2a3c5f70eee04a465aa534d8bd4fcc9bb3c4a8ce",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -120,6 +120,31 @@
"type": "github" "type": "github"
} }
}, },
"devshell_2": {
"inputs": {
"flake-utils": [
"keycloak-theme-pub-solar",
"flake-utils"
],
"nixpkgs": [
"keycloak-theme-pub-solar",
"nixpkgs"
]
},
"locked": {
"lastModified": 1667210711,
"narHash": "sha256-IoErjXZAkzYWHEpQqwu/DeRNJGFdR7X2OGbkhMqMrpw=",
"owner": "numtide",
"repo": "devshell",
"rev": "96a9dd12b8a447840cc246e17a47b81a4268bba7",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"digga": { "digga": {
"inputs": { "inputs": {
"blank": "blank", "blank": "blank",
@ -256,11 +281,11 @@
}, },
"flake-utils_3": { "flake-utils_3": {
"locked": { "locked": {
"lastModified": 1659877975, "lastModified": 1667395993,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -270,6 +295,21 @@
} }
}, },
"flake-utils_4": { "flake-utils_4": {
"locked": {
"lastModified": 1667077288,
"narHash": "sha256-bdC8sFNDpT0HK74u9fUkpbf1MEzVYJ+ka7NXCdgBoaA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": {
"locked": { "locked": {
"lastModified": 1653893745, "lastModified": 1653893745,
"narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
@ -284,6 +324,22 @@
"type": "github" "type": "github"
} }
}, },
"fork": {
"locked": {
"lastModified": 1669519260,
"narHash": "sha256-eXuHtd+D2/gOQ1QcMbb7InKdwYPPp/+CwQxSo0fW3s4=",
"owner": "teutat3s",
"repo": "nixpkgs",
"rev": "9836531dcac8630bbe54b6a4897de7b1ce8a2858",
"type": "github"
},
"original": {
"owner": "teutat3s",
"ref": "fix/gitea-needs-gpg-in-path",
"repo": "nixpkgs",
"type": "github"
}
},
"home": { "home": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -291,11 +347,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1656169755, "lastModified": 1667907331,
"narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=", "narHash": "sha256-bHkAwkYlBjkupPUFcQjimNS8gxWSWjOTevEuwdnp5m0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "4a3d01fb53f52ac83194081272795aa4612c2381", "rev": "6639e3a837fc5deb6f99554072789724997bc8e5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -305,6 +361,29 @@
"type": "github" "type": "github"
} }
}, },
"keycloak-theme-pub-solar": {
"inputs": {
"devshell": "devshell_2",
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixos"
]
},
"locked": {
"lastModified": 1669558652,
"narHash": "sha256-97WIgaqh8LHlerRn83JCOUwejy/p8h44y8Suth22/t4=",
"ref": "main",
"rev": "3c8ef7c3d2c025a4dced88190dec2307641e8b26",
"revCount": 11,
"type": "git",
"url": "https://git.pub.solar/pub-solar/keycloak-theme"
},
"original": {
"ref": "main",
"type": "git",
"url": "https://git.pub.solar/pub-solar/keycloak-theme"
}
},
"latest": { "latest": {
"locked": { "locked": {
"lastModified": 1657265485, "lastModified": 1657265485,
@ -323,11 +402,11 @@
}, },
"latest_2": { "latest_2": {
"locked": { "locked": {
"lastModified": 1664538465, "lastModified": 1669411043,
"narHash": "sha256-EnlC7dDKX7X1wlnXkB1gmn9rBZQ0J9+biVTZHw//8us=", "narHash": "sha256-LfPd3+EY+jaIHTRIEOUtHXuanxm59YKgUacmSzaqMLc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "10ecda252ce1b3b1d6403caeadbcc8f30d5ab796", "rev": "5dc7114b7b256d217fe7752f1614be2514e61bb8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -374,11 +453,11 @@
}, },
"nixos": { "nixos": {
"locked": { "locked": {
"lastModified": 1664594436, "lastModified": 1669418739,
"narHash": "sha256-YHowMADGzdi7fKnGlg47qe0PIljq+11VqLarmXDuKxQ=", "narHash": "sha256-T86oFvcUIRwHWBWUt7WjaP4BP/3lDGbv5AppQSI1FkI=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9cac45850280978a21a3eb67b15a18f34cbffa2d", "rev": "695b3515251873e0a7e2021add4bba643c56cde3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -394,11 +473,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1660727616, "lastModified": 1669065280,
"narHash": "sha256-zYTIvdPMYMx/EYqXODAwIIU30RiEHqNHdgarIHuEYZc=", "narHash": "sha256-3+pq1oJWjGDLfd8G/vR3IIFZ+EQ/aglukA0bTiMlf3o=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "adccd191a0e83039d537e021f19495b7bad546a1", "rev": "50aeec40f2072d2ab267c8ec8a345573704ec110",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -409,11 +488,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1664628729, "lastModified": 1669146234,
"narHash": "sha256-A1J0ZPhBfZZiWI6ipjKJ8+RpMllzOMu/An/8Tk3t4oo=", "narHash": "sha256-HEby7EG1yaq1oT2Ze6Cvok9CFju1XHkSvVHmkptLW9U=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "3024c67a2e9a35450558426c42e7419ab37efd95", "rev": "0099253ad0b5283f06ffe31cf010af3f9ad7837d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -469,17 +548,17 @@
"nvfetcher": { "nvfetcher": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_4",
"nixpkgs": [ "nixpkgs": [
"nixos" "nixos"
] ]
}, },
"locked": { "locked": {
"lastModified": 1664550666, "lastModified": 1667620329,
"narHash": "sha256-eXfMRd9uItEp3PsYI31FSVGPG9dVC6yF++65ZrGwW8A=", "narHash": "sha256-v1Zk7rtEbAGpevBGPZvZBKpwbmw4I+uVwxvd+pBlp3o=",
"owner": "berberman", "owner": "berberman",
"repo": "nvfetcher", "repo": "nvfetcher",
"rev": "9763ad40d59a044e90726653d9253efaeeb053b2", "rev": "294826951113dcd3aa9abbcacfb1aa5b95a19116",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -494,7 +573,9 @@
"darwin": "darwin", "darwin": "darwin",
"deploy": "deploy", "deploy": "deploy",
"digga": "digga", "digga": "digga",
"fork": "fork",
"home": "home", "home": "home",
"keycloak-theme-pub-solar": "keycloak-theme-pub-solar",
"latest": "latest_2", "latest": "latest_2",
"naersk": "naersk", "naersk": "naersk",
"nixos": "nixos", "nixos": "nixos",
@ -507,18 +588,18 @@
}, },
"triton-vmtools": { "triton-vmtools": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_4", "flake-utils": "flake-utils_5",
"nixpkgs": [ "nixpkgs": [
"nixos" "nixos"
] ]
}, },
"locked": { "locked": {
"dir": "vmtools", "dir": "vmtools",
"lastModified": 1664803886, "lastModified": 1668514320,
"narHash": "sha256-M2mk5H0PTSSQqdMqQWg/IGOARWwiPlaM8lSn3ObRPWU=", "narHash": "sha256-P+wzdarT2l+91VPf9hsYtKJad7WHttN5oFFlGQHJ5mQ=",
"ref": "main", "ref": "main",
"rev": "d79cc27c907062540594ea8998f17674ece1ca64", "rev": "8648709ed952423e82d62eb634918de1b1cfdc82",
"revCount": 23, "revCount": 27,
"type": "git", "type": "git",
"url": "https://git.b12f.io/pub-solar/infra?dir=vmtools" "url": "https://git.b12f.io/pub-solar/infra?dir=vmtools"
}, },

View file

@ -10,6 +10,7 @@
# Track channels with commits tested and built by hydra # Track channels with commits tested and built by hydra
nixos.url = "github:nixos/nixpkgs/nixos-22.05"; nixos.url = "github:nixos/nixpkgs/nixos-22.05";
latest.url = "github:nixos/nixpkgs/nixos-unstable"; latest.url = "github:nixos/nixpkgs/nixos-unstable";
fork.url = "github:teutat3s/nixpkgs/fix/gitea-needs-gpg-in-path";
digga.url = "github:pub-solar/digga/fix/bootstrap-iso"; digga.url = "github:pub-solar/digga/fix/bootstrap-iso";
digga.inputs.nixpkgs.follows = "nixos"; digga.inputs.nixpkgs.follows = "nixos";
@ -41,6 +42,9 @@
triton-vmtools.url = "git+https://git.b12f.io/pub-solar/infra?ref=main&dir=vmtools"; triton-vmtools.url = "git+https://git.b12f.io/pub-solar/infra?ref=main&dir=vmtools";
triton-vmtools.inputs.nixpkgs.follows = "nixos"; triton-vmtools.inputs.nixpkgs.follows = "nixos";
keycloak-theme-pub-solar.url = "git+https://git.pub.solar/pub-solar/keycloak-theme?ref=main";
keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixos";
}; };
outputs = outputs =
@ -54,6 +58,7 @@
, nvfetcher , nvfetcher
, deploy , deploy
, triton-vmtools , triton-vmtools
, keycloak-theme-pub-solar
, ... , ...
} @ inputs: } @ inputs:
digga.lib.mkFlake digga.lib.mkFlake
@ -72,6 +77,7 @@
overlays = [ ]; overlays = [ ];
}; };
latest = { }; latest = { };
fork = { };
}; };
lib = import ./lib { lib = digga.lib // nixos.lib; }; lib = import ./lib { lib = digga.lib // nixos.lib; };
@ -153,9 +159,9 @@
homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations; homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
flora6 = { flora-6 = {
sshUser = "barkeeper"; sshUser = "barkeeper";
hostname = "infra-1.pub.solar"; hostname = "flora-6.pub.solar";
}; };
}; };
}; };

View file

@ -1,6 +1,6 @@
{ ... }: { ... }:
{ {
imports = [ imports = [
./flora6.nix ./flora-6.nix
]; ];
} }

View file

@ -1,4 +1,13 @@
{ config, inputs, lib, pkgs, profiles, latestModulesPath, self, ... }: { config
, forkModulesPath
, latestModulesPath
, lib
, inputs
, pkgs
, profiles
, self
, ...
}:
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
in in
@ -13,8 +22,12 @@ in
profiles.users.barkeeper profiles.users.barkeeper
"${latestModulesPath}/services/web-apps/keycloak.nix" "${latestModulesPath}/services/web-apps/keycloak.nix"
"${forkModulesPath}/services/misc/gitea.nix"
];
disabledModules = [
"services/web-apps/keycloak.nix"
"services/misc/gitea.nix"
]; ];
disabledModules = [ "services/web-apps/keycloak.nix" ];
config = { config = {
# # # # # #
@ -82,6 +95,9 @@ in
http-port = 8080; http-port = 8080;
proxy = "edge"; proxy = "edge";
}; };
themes = {
"pub.solar" = inputs.keycloak-theme-pub-solar.legacyPackages.${pkgs.system}.keycloak-theme-pub-solar;
};
}; };
# gitea # gitea

View file

@ -28,16 +28,17 @@ in
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ack
bat
exa
fd
neovim
screen screen
]; ];
home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
home.packages = [ home.packages = [
ack
asciinema asciinema
bat
exa
fd
gh gh
glow glow
nnn nnn

View file

@ -3,7 +3,14 @@ let
psCfg = config.pub-solar; psCfg = config.pub-solar;
wlroots = psCfg.graphical.wayland; wlroots = psCfg.graphical.wayland;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
variables = { globalVariables = {
EDITOR = "/run/current-system/sw/bin/nvim";
VISUAL = "/run/current-system/sw/bin/nvim";
# Make sure virsh runs without root
LIBVIRT_DEFAULT_URI = "qemu:///system";
};
userVariables = {
XDG_CONFIG_HOME = xdg.configHome; XDG_CONFIG_HOME = xdg.configHome;
XDG_CACHE_HOME = xdg.cacheHome; XDG_CACHE_HOME = xdg.cacheHome;
XDG_DATA_HOME = xdg.dataHome; XDG_DATA_HOME = xdg.dataHome;
@ -18,11 +25,8 @@ let
SDL_VIDEODRIVER = "wayland"; SDL_VIDEODRIVER = "wayland";
WLR_RENDERER = if wlroots.software-renderer.enable then "pixman" else "gles2"; WLR_RENDERER = if wlroots.software-renderer.enable then "pixman" else "gles2";
EDITOR = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim";
VISUAL = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim";
# fix "xdg-open fork-bomb" your preferred browser from here # fix "xdg-open fork-bomb" your preferred browser from here
BROWSER = "${pkgs.firefox-wayland}/bin/firefox"; BROWSER = "firefox";
# node # node
NODE_REPL_HISTORY = "${xdg.dataHome}/node_repl_history"; NODE_REPL_HISTORY = "${xdg.dataHome}/node_repl_history";
@ -34,9 +38,6 @@ let
NPM_CONFIG_CACHE = "${xdg.configHome}/npm"; NPM_CONFIG_CACHE = "${xdg.configHome}/npm";
# TODO: used to be XDG_RUNTIME_DIR NPM_CONFIG_TMP = "/tmp/npm"; # TODO: used to be XDG_RUNTIME_DIR NPM_CONFIG_TMP = "/tmp/npm";
# Make sure virsh runs without root
LIBVIRT_DEFAULT_URI = "qemu:///system";
# wine # wine
WINEPREFIX = "${xdg.dataHome}/wineprefixes/default"; WINEPREFIX = "${xdg.dataHome}/wineprefixes/default";
@ -78,21 +79,21 @@ let
VUEDX_TELEMETRY = "off"; VUEDX_TELEMETRY = "off";
}; };
envListNames = lib.attrsets.mapAttrsToList (name: value: name) variables; envListNames = lib.attrsets.mapAttrsToList (name: value: name) userVariables;
# Here we merge an extra variable into the attrset called FULL_ENV_LIST. # Here we merge an extra variable into the attrset called FULL_ENV_LIST.
# It's a list of the variable names defined above. # It's a list of the variable names defined above.
# We can use this to tell `systemctl import-environment` to import the full list above. # We can use this to tell `systemctl import-environment` to import the full list above.
variablesWithMeta = lib.attrsets.zipAttrsWith (name: values: builtins.head values) [ userVariablesWithMeta = lib.attrsets.zipAttrsWith (name: values: builtins.head values) [
variables userVariables
{ IMPORT_ENVIRONMENT_ENV_LIST = lib.lists.foldl (a: b: a + " " + b) "IMPORT_ENVIRONMENT_ENV_LIST" envListNames; } { IMPORT_ENVIRONMENT_ENV_LIST = lib.lists.foldl (a: b: a + " " + b) "IMPORT_ENVIRONMENT_ENV_LIST" envListNames; }
]; ];
in in
{ {
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
home.sessionVariables = variablesWithMeta; home.sessionVariables = userVariablesWithMeta;
systemd.user.sessionVariables = variablesWithMeta; systemd.user.sessionVariables = userVariablesWithMeta;
}; };
environment.variables = variablesWithMeta; environment.variables = globalVariables;
} }

View file

@ -1,9 +1,9 @@
let let
# set ssh public keys here for your system and user # set ssh public keys here for your system and user
teutat3s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms"; teutat3s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";
flora6 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@pub-solar-infra-vm-1"; flora-6 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@pub-solar-infra-vm-1";
allKeys = [ flora6 teutat3s ]; allKeys = [ flora-6 teutat3s ];
deployKeys = [ flora6 teutat3s ]; deployKeys = [ flora-6 teutat3s ];
in in
{ {
"gitea-database-password.age".publicKeys = deployKeys; "gitea-database-password.age".publicKeys = deployKeys;