Compare commits

...

2 commits

Author SHA1 Message Date
teutat3s 1f2ba895a0
Clean some sessionVariables from global scope
Especially some XDG_* env vars polluted other users environment when set

globally
2022-11-27 21:57:34 +01:00
teutat3s a795bf4429
Rename flora6 -> flora-6 2022-11-27 21:56:40 +01:00
7 changed files with 167 additions and 62 deletions

View file

@ -7,11 +7,11 @@
]
},
"locked": {
"lastModified": 1664140963,
"narHash": "sha256-pFxDtOLduRFlol0Y4ShE+soRQX4kbhaCNBtDOvx7ykw=",
"lastModified": 1665870395,
"narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=",
"owner": "ryantm",
"repo": "agenix",
"rev": "6acb1fe5f8597d5ce63fc82bc7fcac7774b1cdf0",
"rev": "a630400067c6d03c9b3e0455347dc8559db14288",
"type": "github"
},
"original": {
@ -42,11 +42,11 @@
]
},
"locked": {
"lastModified": 1664210064,
"narHash": "sha256-df6nKVZe/yAhmJ9csirTPahc0dldwm3HBhCVNA6qWr0=",
"lastModified": 1668784520,
"narHash": "sha256-gGgVAMwYPPmrfnvnoRi6OkEB5KRsNTb9uYzEceLdO/g=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "02d2551c927b7d65ded1b3c7cd13da5cc7ae3fcf",
"rev": "6349b99bc2b96ded34d068a88c7c5ced406b7f7f",
"type": "github"
},
"original": {
@ -85,11 +85,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1659725433,
"narHash": "sha256-1ZxuK67TL29YLw88vQ18Y2Y6iYg8Jb7I6/HVzmNB6nM=",
"lastModified": 1668797197,
"narHash": "sha256-0w6iD3GSSQbIeSFVDzAAQZB+hDq670ZTms3d9XI+BtM=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "41f15759dd8b638e7b4f299730d94d5aa46ab7eb",
"rev": "2a3c5f70eee04a465aa534d8bd4fcc9bb3c4a8ce",
"type": "github"
},
"original": {
@ -120,6 +120,31 @@
"type": "github"
}
},
"devshell_2": {
"inputs": {
"flake-utils": [
"keycloak-theme-pub-solar",
"flake-utils"
],
"nixpkgs": [
"keycloak-theme-pub-solar",
"nixpkgs"
]
},
"locked": {
"lastModified": 1667210711,
"narHash": "sha256-IoErjXZAkzYWHEpQqwu/DeRNJGFdR7X2OGbkhMqMrpw=",
"owner": "numtide",
"repo": "devshell",
"rev": "96a9dd12b8a447840cc246e17a47b81a4268bba7",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"digga": {
"inputs": {
"blank": "blank",
@ -256,11 +281,11 @@
},
"flake-utils_3": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
@ -270,6 +295,21 @@
}
},
"flake-utils_4": {
"locked": {
"lastModified": 1667077288,
"narHash": "sha256-bdC8sFNDpT0HK74u9fUkpbf1MEzVYJ+ka7NXCdgBoaA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": {
"locked": {
"lastModified": 1653893745,
"narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
@ -284,6 +324,22 @@
"type": "github"
}
},
"fork": {
"locked": {
"lastModified": 1669519260,
"narHash": "sha256-eXuHtd+D2/gOQ1QcMbb7InKdwYPPp/+CwQxSo0fW3s4=",
"owner": "teutat3s",
"repo": "nixpkgs",
"rev": "9836531dcac8630bbe54b6a4897de7b1ce8a2858",
"type": "github"
},
"original": {
"owner": "teutat3s",
"ref": "fix/gitea-needs-gpg-in-path",
"repo": "nixpkgs",
"type": "github"
}
},
"home": {
"inputs": {
"nixpkgs": [
@ -291,11 +347,11 @@
]
},
"locked": {
"lastModified": 1656169755,
"narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=",
"lastModified": 1667907331,
"narHash": "sha256-bHkAwkYlBjkupPUFcQjimNS8gxWSWjOTevEuwdnp5m0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "4a3d01fb53f52ac83194081272795aa4612c2381",
"rev": "6639e3a837fc5deb6f99554072789724997bc8e5",
"type": "github"
},
"original": {
@ -305,6 +361,29 @@
"type": "github"
}
},
"keycloak-theme-pub-solar": {
"inputs": {
"devshell": "devshell_2",
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixos"
]
},
"locked": {
"lastModified": 1669558652,
"narHash": "sha256-97WIgaqh8LHlerRn83JCOUwejy/p8h44y8Suth22/t4=",
"ref": "main",
"rev": "3c8ef7c3d2c025a4dced88190dec2307641e8b26",
"revCount": 11,
"type": "git",
"url": "https://git.pub.solar/pub-solar/keycloak-theme"
},
"original": {
"ref": "main",
"type": "git",
"url": "https://git.pub.solar/pub-solar/keycloak-theme"
}
},
"latest": {
"locked": {
"lastModified": 1657265485,
@ -323,11 +402,11 @@
},
"latest_2": {
"locked": {
"lastModified": 1664538465,
"narHash": "sha256-EnlC7dDKX7X1wlnXkB1gmn9rBZQ0J9+biVTZHw//8us=",
"lastModified": 1669411043,
"narHash": "sha256-LfPd3+EY+jaIHTRIEOUtHXuanxm59YKgUacmSzaqMLc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "10ecda252ce1b3b1d6403caeadbcc8f30d5ab796",
"rev": "5dc7114b7b256d217fe7752f1614be2514e61bb8",
"type": "github"
},
"original": {
@ -374,11 +453,11 @@
},
"nixos": {
"locked": {
"lastModified": 1664594436,
"narHash": "sha256-YHowMADGzdi7fKnGlg47qe0PIljq+11VqLarmXDuKxQ=",
"lastModified": 1669418739,
"narHash": "sha256-T86oFvcUIRwHWBWUt7WjaP4BP/3lDGbv5AppQSI1FkI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9cac45850280978a21a3eb67b15a18f34cbffa2d",
"rev": "695b3515251873e0a7e2021add4bba643c56cde3",
"type": "github"
},
"original": {
@ -394,11 +473,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1660727616,
"narHash": "sha256-zYTIvdPMYMx/EYqXODAwIIU30RiEHqNHdgarIHuEYZc=",
"lastModified": 1669065280,
"narHash": "sha256-3+pq1oJWjGDLfd8G/vR3IIFZ+EQ/aglukA0bTiMlf3o=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "adccd191a0e83039d537e021f19495b7bad546a1",
"rev": "50aeec40f2072d2ab267c8ec8a345573704ec110",
"type": "github"
},
"original": {
@ -409,11 +488,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1664628729,
"narHash": "sha256-A1J0ZPhBfZZiWI6ipjKJ8+RpMllzOMu/An/8Tk3t4oo=",
"lastModified": 1669146234,
"narHash": "sha256-HEby7EG1yaq1oT2Ze6Cvok9CFju1XHkSvVHmkptLW9U=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "3024c67a2e9a35450558426c42e7419ab37efd95",
"rev": "0099253ad0b5283f06ffe31cf010af3f9ad7837d",
"type": "github"
},
"original": {
@ -469,17 +548,17 @@
"nvfetcher": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_4",
"nixpkgs": [
"nixos"
]
},
"locked": {
"lastModified": 1664550666,
"narHash": "sha256-eXfMRd9uItEp3PsYI31FSVGPG9dVC6yF++65ZrGwW8A=",
"lastModified": 1667620329,
"narHash": "sha256-v1Zk7rtEbAGpevBGPZvZBKpwbmw4I+uVwxvd+pBlp3o=",
"owner": "berberman",
"repo": "nvfetcher",
"rev": "9763ad40d59a044e90726653d9253efaeeb053b2",
"rev": "294826951113dcd3aa9abbcacfb1aa5b95a19116",
"type": "github"
},
"original": {
@ -494,7 +573,9 @@
"darwin": "darwin",
"deploy": "deploy",
"digga": "digga",
"fork": "fork",
"home": "home",
"keycloak-theme-pub-solar": "keycloak-theme-pub-solar",
"latest": "latest_2",
"naersk": "naersk",
"nixos": "nixos",
@ -507,18 +588,18 @@
},
"triton-vmtools": {
"inputs": {
"flake-utils": "flake-utils_4",
"flake-utils": "flake-utils_5",
"nixpkgs": [
"nixos"
]
},
"locked": {
"dir": "vmtools",
"lastModified": 1664803886,
"narHash": "sha256-M2mk5H0PTSSQqdMqQWg/IGOARWwiPlaM8lSn3ObRPWU=",
"lastModified": 1668514320,
"narHash": "sha256-P+wzdarT2l+91VPf9hsYtKJad7WHttN5oFFlGQHJ5mQ=",
"ref": "main",
"rev": "d79cc27c907062540594ea8998f17674ece1ca64",
"revCount": 23,
"rev": "8648709ed952423e82d62eb634918de1b1cfdc82",
"revCount": 27,
"type": "git",
"url": "https://git.b12f.io/pub-solar/infra?dir=vmtools"
},

View file

@ -10,6 +10,7 @@
# Track channels with commits tested and built by hydra
nixos.url = "github:nixos/nixpkgs/nixos-22.05";
latest.url = "github:nixos/nixpkgs/nixos-unstable";
fork.url = "github:teutat3s/nixpkgs/fix/gitea-needs-gpg-in-path";
digga.url = "github:pub-solar/digga/fix/bootstrap-iso";
digga.inputs.nixpkgs.follows = "nixos";
@ -41,6 +42,9 @@
triton-vmtools.url = "git+https://git.b12f.io/pub-solar/infra?ref=main&dir=vmtools";
triton-vmtools.inputs.nixpkgs.follows = "nixos";
keycloak-theme-pub-solar.url = "git+https://git.pub.solar/pub-solar/keycloak-theme?ref=main";
keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixos";
};
outputs =
@ -54,6 +58,7 @@
, nvfetcher
, deploy
, triton-vmtools
, keycloak-theme-pub-solar
, ...
} @ inputs:
digga.lib.mkFlake
@ -72,6 +77,7 @@
overlays = [ ];
};
latest = { };
fork = { };
};
lib = import ./lib { lib = digga.lib // nixos.lib; };
@ -153,9 +159,9 @@
homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
flora6 = {
flora-6 = {
sshUser = "barkeeper";
hostname = "infra-1.pub.solar";
hostname = "flora-6.pub.solar";
};
};
};

View file

@ -1,6 +1,6 @@
{ ... }:
{
imports = [
./flora6.nix
./flora-6.nix
];
}

View file

@ -1,4 +1,13 @@
{ config, inputs, lib, pkgs, profiles, latestModulesPath, self, ... }:
{ config
, forkModulesPath
, latestModulesPath
, lib
, inputs
, pkgs
, profiles
, self
, ...
}:
let
psCfg = config.pub-solar;
in
@ -13,8 +22,12 @@ in
profiles.users.barkeeper
"${latestModulesPath}/services/web-apps/keycloak.nix"
"${forkModulesPath}/services/misc/gitea.nix"
];
disabledModules = [
"services/web-apps/keycloak.nix"
"services/misc/gitea.nix"
];
disabledModules = [ "services/web-apps/keycloak.nix" ];
config = {
# # #
@ -82,6 +95,9 @@ in
http-port = 8080;
proxy = "edge";
};
themes = {
"pub.solar" = inputs.keycloak-theme-pub-solar.legacyPackages.${pkgs.system}.keycloak-theme-pub-solar;
};
};
# gitea

View file

@ -28,16 +28,17 @@ in
];
environment.systemPackages = with pkgs; [
ack
bat
exa
fd
neovim
screen
];
home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
home.packages = [
ack
asciinema
bat
exa
fd
gh
glow
nnn

View file

@ -3,7 +3,14 @@ let
psCfg = config.pub-solar;
wlroots = psCfg.graphical.wayland;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
variables = {
globalVariables = {
EDITOR = "/run/current-system/sw/bin/nvim";
VISUAL = "/run/current-system/sw/bin/nvim";
# Make sure virsh runs without root
LIBVIRT_DEFAULT_URI = "qemu:///system";
};
userVariables = {
XDG_CONFIG_HOME = xdg.configHome;
XDG_CACHE_HOME = xdg.cacheHome;
XDG_DATA_HOME = xdg.dataHome;
@ -18,11 +25,8 @@ let
SDL_VIDEODRIVER = "wayland";
WLR_RENDERER = if wlroots.software-renderer.enable then "pixman" else "gles2";
EDITOR = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim";
VISUAL = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim";
# fix "xdg-open fork-bomb" your preferred browser from here
BROWSER = "${pkgs.firefox-wayland}/bin/firefox";
BROWSER = "firefox";
# node
NODE_REPL_HISTORY = "${xdg.dataHome}/node_repl_history";
@ -34,9 +38,6 @@ let
NPM_CONFIG_CACHE = "${xdg.configHome}/npm";
# TODO: used to be XDG_RUNTIME_DIR NPM_CONFIG_TMP = "/tmp/npm";
# Make sure virsh runs without root
LIBVIRT_DEFAULT_URI = "qemu:///system";
# wine
WINEPREFIX = "${xdg.dataHome}/wineprefixes/default";
@ -78,21 +79,21 @@ let
VUEDX_TELEMETRY = "off";
};
envListNames = lib.attrsets.mapAttrsToList (name: value: name) variables;
envListNames = lib.attrsets.mapAttrsToList (name: value: name) userVariables;
# Here we merge an extra variable into the attrset called FULL_ENV_LIST.
# It's a list of the variable names defined above.
# We can use this to tell `systemctl import-environment` to import the full list above.
variablesWithMeta = lib.attrsets.zipAttrsWith (name: values: builtins.head values) [
variables
userVariablesWithMeta = lib.attrsets.zipAttrsWith (name: values: builtins.head values) [
userVariables
{ IMPORT_ENVIRONMENT_ENV_LIST = lib.lists.foldl (a: b: a + " " + b) "IMPORT_ENVIRONMENT_ENV_LIST" envListNames; }
];
in
{
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
home.sessionVariables = variablesWithMeta;
systemd.user.sessionVariables = variablesWithMeta;
home.sessionVariables = userVariablesWithMeta;
systemd.user.sessionVariables = userVariablesWithMeta;
};
environment.variables = variablesWithMeta;
environment.variables = globalVariables;
}

View file

@ -1,9 +1,9 @@
let
# set ssh public keys here for your system and user
teutat3s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";
flora6 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@pub-solar-infra-vm-1";
allKeys = [ flora6 teutat3s ];
deployKeys = [ flora6 teutat3s ];
flora-6 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@pub-solar-infra-vm-1";
allKeys = [ flora-6 teutat3s ];
deployKeys = [ flora-6 teutat3s ];
in
{
"gitea-database-password.age".publicKeys = deployKeys;