diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-08-12 13:05:22 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-08-12 13:05:22 -0700 |
| commit | 4450454e702ac18dfe0300fc03f6e6e2d70acd84 (patch) | |
| tree | 7f6d479b54bc1093a3b75d5d9a0736c99561217b | |
| parent | remove unused variable (diff) | |
| download | infra-4450454e702ac18dfe0300fc03f6e6e2d70acd84.tar.gz | |
more simplifications
Diffstat (limited to '')
| -rw-r--r-- | flake/hosts.nix | 8 | ||||
| -rw-r--r-- | home/profiles/work.nix | 3 | ||||
| -rw-r--r-- | machines/darwin/aarch64-darwin/HQ-KWNY2VH41P/default.nix | 36 | ||||
| -rw-r--r-- | machines/darwin/aarch64-darwin/HQ-KWNY2VH41P/home.nix | 7 | ||||
| -rw-r--r-- | machines/darwin/aarch64-darwin/mba-m2/default.nix | 46 | ||||
| -rw-r--r-- | machines/darwin/aarch64-darwin/mba-m2/home.nix | 12 | ||||
| -rw-r--r-- | machines/darwin/aarch64-darwin/mba-m2/secrets.nix | 10 | ||||
| -rw-r--r-- | machines/nixos/x86_64-linux/do-rproxy/default.nix | 54 | ||||
| -rw-r--r-- | machines/nixos/x86_64-linux/do-rproxy/digitalocean.nix | 55 | ||||
| -rw-r--r-- | modules/default-darwin.nix | 7 | ||||
| -rw-r--r-- | modules/default.nix | 9 | ||||
| -rw-r--r-- | profiles/programs/ssh.nix | 7 |
12 files changed, 126 insertions, 128 deletions
diff --git a/flake/hosts.nix b/flake/hosts.nix index 41e983d..f053c88 100644 --- a/flake/hosts.nix +++ b/flake/hosts.nix @@ -58,14 +58,18 @@ let inputs.agenix.nixosModules.age inputs.disko.nixosModules.disko inputs.home-manager.nixosModules.home-manager - "${self}/modules/default.nix" + "${self}/modules/home.nix" + "${self}/modules/host-config.nix" + "${self}/modules/nas-client.nix" + "${self}/modules/backups.nix" ]; darwinDefaultModules = [ nixSettings inputs.agenix.darwinModules.age inputs.home-manager.darwinModules.home-manager - "${self}/modules/default-darwin.nix" + "${self}/modules/home.nix" + "${self}/modules/host-config.nix" ]; darwinConfigurations = mapAttrs' ( diff --git a/home/profiles/work.nix b/home/profiles/work.nix index 3d3e974..c747a90 100644 --- a/home/profiles/work.nix +++ b/home/profiles/work.nix @@ -36,9 +36,10 @@ in home.packages = with pkgs; [ awscli2 boundary # for secure remote access + grpcurl hashi - sapi nomad-prod + sapi tfswitch vault ]; diff --git a/machines/darwin/aarch64-darwin/HQ-KWNY2VH41P/default.nix b/machines/darwin/aarch64-darwin/HQ-KWNY2VH41P/default.nix index 2ffe2cb..e9d78eb 100644 --- a/machines/darwin/aarch64-darwin/HQ-KWNY2VH41P/default.nix +++ b/machines/darwin/aarch64-darwin/HQ-KWNY2VH41P/default.nix @@ -5,30 +5,38 @@ ... }: { - imports = [ + { + home-manager.users.${adminUser.name} = { + home.homeDirectory = "/Users/${adminUser.name}"; + imports = [ + ./home.nix + { home.stateVersion = "23.05"; } + ]; + inherit (adminUser) userinfo; + programs.git.userEmail = "fcuny@roblox.com"; + }; + } "${self}/profiles/programs/home-manager.nix" "${self}/profiles/darwin/desktop.nix" "${self}/profiles/darwin/keyboard.nix" "${self}/profiles/darwin/nix.nix" "${self}/profiles/darwin/security.nix" "${self}/profiles/desktop/fonts.nix" + "${self}/profiles/programs/fish.nix" + "${self}/profiles/programs/ssh.nix" ]; system.primaryUser = adminUser.name; - # The user should already exist, but we need to set this up so Nix knows - # what our home directory is (https://github.com/LnL7/nix-darwin/issues/423). users = { users.${adminUser.name} = { home = "/Users/${adminUser.name}"; - shell = pkgs.fish; }; }; environment.shells = [ pkgs.fish ]; - programs.fish.enable = true; programs.fish.shellInit = '' # Nix if test -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' @@ -36,22 +44,4 @@ end # End Nix ''; - - programs.ssh.knownHosts = { - "github.com".publicKey = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; - }; - - home-manager.users.${adminUser.name} = { - home.stateVersion = "23.05"; - home.username = "${adminUser.name}"; - home.homeDirectory = "/Users/${adminUser.name}"; - home.packages = with pkgs; [ grpcurl ]; - imports = [ - "${self}/home/profiles/mac.nix" - "${self}/home/profiles/work.nix" - ]; - inherit (adminUser) userinfo; - programs.git.userEmail = "fcuny@roblox.com"; - }; } diff --git a/machines/darwin/aarch64-darwin/HQ-KWNY2VH41P/home.nix b/machines/darwin/aarch64-darwin/HQ-KWNY2VH41P/home.nix new file mode 100644 index 0000000..fdc0dcd --- /dev/null +++ b/machines/darwin/aarch64-darwin/HQ-KWNY2VH41P/home.nix @@ -0,0 +1,7 @@ +{ self, ... }: +{ + imports = [ + "${self}/home/profiles/mac.nix" + "${self}/home/profiles/work.nix" + ]; +} diff --git a/machines/darwin/aarch64-darwin/mba-m2/default.nix b/machines/darwin/aarch64-darwin/mba-m2/default.nix index e897cf0..d2f66bf 100644 --- a/machines/darwin/aarch64-darwin/mba-m2/default.nix +++ b/machines/darwin/aarch64-darwin/mba-m2/default.nix @@ -5,16 +5,18 @@ ... }: { - - age = { - secrets = { - ssh-remote-builder = { - file = "${self}/secrets/ssh-remote-builder.age"; - }; - }; - }; - imports = [ + ./secrets.nix + { + home-manager.users.${adminUser.name} = { + home.homeDirectory = "/Users/${adminUser.name}"; + imports = [ + ./home.nix + { home.stateVersion = "23.05"; } + ]; + inherit (adminUser) userinfo; + }; + } "${self}/profiles/programs/home-manager.nix" "${self}/profiles/nix/remote-builder.nix" "${self}/profiles/darwin/desktop.nix" @@ -22,6 +24,8 @@ "${self}/profiles/darwin/nix.nix" "${self}/profiles/darwin/security.nix" "${self}/profiles/desktop/fonts.nix" + "${self}/profiles/programs/fish.nix" + "${self}/profiles/programs/ssh.nix" ]; system.primaryUser = adminUser.name; @@ -31,18 +35,14 @@ networking.hostName = "mba-m2"; - # The user should already exist, but we need to set this up so Nix knows - # what our home directory is (https://github.com/LnL7/nix-darwin/issues/423). users = { users.${adminUser.name} = { home = "/Users/${adminUser.name}"; - shell = pkgs.fish; }; }; environment.shells = [ pkgs.fish ]; - programs.fish.enable = true; programs.fish.shellInit = '' # Nix if test -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' @@ -50,24 +50,4 @@ end # End Nix ''; - - programs.ssh.knownHosts = { - "github.com".publicKey = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; - }; - - home-manager.users.${adminUser.name} = { - home.stateVersion = "23.05"; - home.username = "${adminUser.name}"; - home.homeDirectory = "/Users/${adminUser.name}"; - home.packages = with pkgs; [ - element-desktop - zoom-us - ]; - imports = [ - "${self}/home/profiles/mac.nix" - "${self}/home/profiles/media.nix" - ]; - inherit (adminUser) userinfo; - }; } diff --git a/machines/darwin/aarch64-darwin/mba-m2/home.nix b/machines/darwin/aarch64-darwin/mba-m2/home.nix new file mode 100644 index 0000000..23236bf --- /dev/null +++ b/machines/darwin/aarch64-darwin/mba-m2/home.nix @@ -0,0 +1,12 @@ +{ self, pkgs, ... }: +{ + home.packages = with pkgs; [ + element-desktop + zoom-us + ]; + + imports = [ + "${self}/home/profiles/mac.nix" + "${self}/home/profiles/media.nix" + ]; +} diff --git a/machines/darwin/aarch64-darwin/mba-m2/secrets.nix b/machines/darwin/aarch64-darwin/mba-m2/secrets.nix new file mode 100644 index 0000000..079b38d --- /dev/null +++ b/machines/darwin/aarch64-darwin/mba-m2/secrets.nix @@ -0,0 +1,10 @@ +{ self, ... }: +{ + age = { + secrets = { + ssh-remote-builder = { + file = "${self}/secrets/ssh-remote-builder.age"; + }; + }; + }; +} diff --git a/machines/nixos/x86_64-linux/do-rproxy/default.nix b/machines/nixos/x86_64-linux/do-rproxy/default.nix index a2e0728..eab4a07 100644 --- a/machines/nixos/x86_64-linux/do-rproxy/default.nix +++ b/machines/nixos/x86_64-linux/do-rproxy/default.nix @@ -12,6 +12,7 @@ (modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/virtualisation/digital-ocean-config.nix") ./disks.nix + ./digitalocean.nix ./secrets.nix { home-manager.users.${adminUser.name} = { @@ -50,59 +51,6 @@ efiInstallAsRemovable = true; }; - # this one seems to always be broken - systemd.services.growpart.enable = false; - - # in order to get networking setup we need to enable it in cloud-init - # Disables all modules that do not work with NixOS - # Based on https://github.com/nix-community/nixos-anywhere-examples/blob/7f945ff0ae676c0eb77360b892add91328dd1f17/digitalocean.nix - services.cloud-init = { - enable = true; - network.enable = true; - settings = { - datasource_list = [ - "ConfigDrive" - "Digitalocean" - ]; - datasource.ConfigDrive = { }; - datasource.Digitalocean = { }; - # Based on https://github.com/canonical/cloud-init/blob/main/config/cloud.cfg.tmpl - cloud_init_modules = [ - "seed_random" - "bootcmd" - "write_files" - "growpart" - "resizefs" - "set_hostname" - "update_hostname" - "set_password" - ]; - cloud_config_modules = [ - "ssh-import-id" - "keyboard" - "runcmd" - "disable_ec2_metadata" - ]; - cloud_final_modules = [ - "write_files_deferred" - "puppet" - "chef" - "ansible" - "mcollective" - "salt_minion" - "reset_rmc" - "scripts_per_once" - "scripts_per_boot" - "scripts_user" - "ssh_authkey_fingerprints" - "keys_to_console" - "install_hotplug" - "phone_home" - "final_message" - ]; - }; - }; - networking.wireguard = { enable = true; interfaces.wg0 = { diff --git a/machines/nixos/x86_64-linux/do-rproxy/digitalocean.nix b/machines/nixos/x86_64-linux/do-rproxy/digitalocean.nix new file mode 100644 index 0000000..574fe99 --- /dev/null +++ b/machines/nixos/x86_64-linux/do-rproxy/digitalocean.nix @@ -0,0 +1,55 @@ +{ ... }: +{ + # this one seems to always be broken + systemd.services.growpart.enable = false; + + # in order to get networking setup we need to enable it in cloud-init + # Disables all modules that do not work with NixOS + # Based on https://github.com/nix-community/nixos-anywhere-examples/blob/7f945ff0ae676c0eb77360b892add91328dd1f17/digitalocean.nix + services.cloud-init = { + enable = true; + network.enable = true; + settings = { + datasource_list = [ + "ConfigDrive" + "Digitalocean" + ]; + datasource.ConfigDrive = { }; + datasource.Digitalocean = { }; + # Based on https://github.com/canonical/cloud-init/blob/main/config/cloud.cfg.tmpl + cloud_init_modules = [ + "seed_random" + "bootcmd" + "write_files" + "growpart" + "resizefs" + "set_hostname" + "update_hostname" + "set_password" + ]; + cloud_config_modules = [ + "ssh-import-id" + "keyboard" + "runcmd" + "disable_ec2_metadata" + ]; + cloud_final_modules = [ + "write_files_deferred" + "puppet" + "chef" + "ansible" + "mcollective" + "salt_minion" + "reset_rmc" + "scripts_per_once" + "scripts_per_boot" + "scripts_user" + "ssh_authkey_fingerprints" + "keys_to_console" + "install_hotplug" + "phone_home" + "final_message" + ]; + }; + }; +} diff --git a/modules/default-darwin.nix b/modules/default-darwin.nix deleted file mode 100644 index b42a079..0000000 --- a/modules/default-darwin.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: -{ - imports = [ - ./home.nix - ./host-config.nix - ]; -} diff --git a/modules/default.nix b/modules/default.nix deleted file mode 100644 index b8e8d0b..0000000 --- a/modules/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: -{ - imports = [ - ./home.nix - ./host-config.nix - ./nas-client.nix - ./backups.nix - ]; -} diff --git a/profiles/programs/ssh.nix b/profiles/programs/ssh.nix new file mode 100644 index 0000000..3e975ee --- /dev/null +++ b/profiles/programs/ssh.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + programs.ssh.knownHosts = { + "github.com".publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; + }; +} |