aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--flake.lock374
-rw-r--r--flake.nix8
-rw-r--r--home/profiles/workstation.nix2
-rw-r--r--hosts/tahoe/secrets/secrets.nix2
-rw-r--r--modules/services/default.nix1
-rw-r--r--modules/services/sendsms/default.nix72
-rw-r--r--nix/mkHomeManagerConfiguration.nix1
-rw-r--r--nix/mkSystem.nix1
8 files changed, 2 insertions, 459 deletions
diff --git a/flake.lock b/flake.lock
index f7d8b68..568d419 100644
--- a/flake.lock
+++ b/flake.lock
@@ -22,54 +22,6 @@
"type": "github"
}
},
- "crane": {
- "inputs": {
- "flake-compat": "flake-compat_2",
- "flake-utils": "flake-utils_3",
- "nixpkgs": [
- "sendsms",
- "nixpkgs"
- ],
- "rust-overlay": "rust-overlay"
- },
- "locked": {
- "lastModified": 1668047118,
- "narHash": "sha256-F4xP7dAU6ca+hYa3qF0CtnwfQJT3YH4qEh/IxO+p9t0=",
- "owner": "ipetkov",
- "repo": "crane",
- "rev": "074825a9e8d6446564e2ae6949ac3feb79aa7397",
- "type": "github"
- },
- "original": {
- "owner": "ipetkov",
- "repo": "crane",
- "type": "github"
- }
- },
- "crane_2": {
- "inputs": {
- "flake-compat": "flake-compat_3",
- "flake-utils": "flake-utils_5",
- "nixpkgs": [
- "x509-tools",
- "nixpkgs"
- ],
- "rust-overlay": "rust-overlay_3"
- },
- "locked": {
- "lastModified": 1667522439,
- "narHash": "sha256-1tDYoumL5337T4BkC87iRXbAfeyeeOXa5WAbeP/ENqQ=",
- "owner": "ipetkov",
- "repo": "crane",
- "rev": "b70e77d2e2d480a3a0bce3ecd2d981679588b23f",
- "type": "github"
- },
- "original": {
- "owner": "ipetkov",
- "repo": "crane",
- "type": "github"
- }
- },
"darwin": {
"inputs": {
"nixpkgs": [
@@ -128,38 +80,6 @@
"type": "github"
}
},
- "flake-compat_2": {
- "flake": false,
- "locked": {
- "lastModified": 1650374568,
- "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
- "owner": "edolstra",
- "repo": "flake-compat",
- "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
- "type": "github"
- },
- "original": {
- "owner": "edolstra",
- "repo": "flake-compat",
- "type": "github"
- }
- },
- "flake-compat_3": {
- "flake": false,
- "locked": {
- "lastModified": 1650374568,
- "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
- "owner": "edolstra",
- "repo": "flake-compat",
- "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
- "type": "github"
- },
- "original": {
- "owner": "edolstra",
- "repo": "flake-compat",
- "type": "github"
- }
- },
"flake-utils": {
"inputs": {
"systems": "systems"
@@ -196,66 +116,6 @@
"type": "github"
}
},
- "flake-utils_3": {
- "locked": {
- "lastModified": 1667395993,
- "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_4": {
- "locked": {
- "lastModified": 1667395993,
- "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_5": {
- "locked": {
- "lastModified": 1667395993,
- "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_6": {
- "locked": {
- "lastModified": 1667395993,
- "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
"futils": {
"inputs": {
"systems": "systems_2"
@@ -437,36 +297,6 @@
"type": "github"
}
},
- "nixpkgs_4": {
- "locked": {
- "lastModified": 1668563542,
- "narHash": "sha256-FrMNezX3v4qLkCg+j1e3Ei/FXOSQP4Chq4OOdttIEns=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "ce89321950381ec845e56c6a6d1340abe5cd7a65",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_5": {
- "locked": {
- "lastModified": 1667877958,
- "narHash": "sha256-InhzugdvWBvvR5/6hVDRngkSOeqjcw0SI9brZtY5y+g=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "1d29ae3a66395506fd85655a8d74279ad4f9098f",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
"nur": {
"locked": {
"lastModified": 1690591356,
@@ -511,56 +341,6 @@
"type": "github"
}
},
- "pre-commit-hooks_2": {
- "inputs": {
- "flake-utils": [
- "sendsms",
- "flake-utils"
- ],
- "nixpkgs": [
- "sendsms",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1667992213,
- "narHash": "sha256-8Ens8ozllvlaFMCZBxg6S7oUyynYx2v7yleC5M0jJsE=",
- "owner": "cachix",
- "repo": "pre-commit-hooks.nix",
- "rev": "ebcbfe09d2bd6d15f68de3a0ebb1e4dcb5cd324b",
- "type": "github"
- },
- "original": {
- "owner": "cachix",
- "repo": "pre-commit-hooks.nix",
- "type": "github"
- }
- },
- "pre-commit-hooks_3": {
- "inputs": {
- "flake-utils": [
- "x509-tools",
- "flake-utils"
- ],
- "nixpkgs": [
- "x509-tools",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1667760143,
- "narHash": "sha256-+X5CyeNEKp41bY/I1AJgW/fn69q5cLJ1bgiaMMCKB3M=",
- "owner": "cachix",
- "repo": "pre-commit-hooks.nix",
- "rev": "06f48d63d473516ce5b8abe70d15be96a0147fcd",
- "type": "github"
- },
- "original": {
- "owner": "cachix",
- "repo": "pre-commit-hooks.nix",
- "type": "github"
- }
- },
"root": {
"inputs": {
"agenix": "agenix",
@@ -572,9 +352,7 @@
"nixpkgs": "nixpkgs_3",
"nur": "nur",
"pre-commit-hooks": "pre-commit-hooks",
- "rust": "rust",
- "sendsms": "sendsms",
- "x509-tools": "x509-tools"
+ "rust": "rust"
}
},
"rust": {
@@ -598,133 +376,6 @@
"type": "github"
}
},
- "rust-overlay": {
- "inputs": {
- "flake-utils": [
- "sendsms",
- "crane",
- "flake-utils"
- ],
- "nixpkgs": [
- "sendsms",
- "crane",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1667487142,
- "narHash": "sha256-bVuzLs1ZVggJAbJmEDVO9G6p8BH3HRaolK70KXvnWnU=",
- "owner": "oxalica",
- "repo": "rust-overlay",
- "rev": "cf668f737ac986c0a89e83b6b2e3c5ddbd8cf33b",
- "type": "github"
- },
- "original": {
- "owner": "oxalica",
- "repo": "rust-overlay",
- "type": "github"
- }
- },
- "rust-overlay_2": {
- "inputs": {
- "flake-utils": [
- "sendsms",
- "flake-utils"
- ],
- "nixpkgs": [
- "sendsms",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1668479979,
- "narHash": "sha256-UI+JUCBaMpn+5Y1hSePmndbYX5zu0+bavlfzrhPrGEk=",
- "owner": "oxalica",
- "repo": "rust-overlay",
- "rev": "2342f70f7257046effc031333c4cfdea66c91d82",
- "type": "github"
- },
- "original": {
- "owner": "oxalica",
- "repo": "rust-overlay",
- "type": "github"
- }
- },
- "rust-overlay_3": {
- "inputs": {
- "flake-utils": [
- "x509-tools",
- "crane",
- "flake-utils"
- ],
- "nixpkgs": [
- "x509-tools",
- "crane",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1667487142,
- "narHash": "sha256-bVuzLs1ZVggJAbJmEDVO9G6p8BH3HRaolK70KXvnWnU=",
- "owner": "oxalica",
- "repo": "rust-overlay",
- "rev": "cf668f737ac986c0a89e83b6b2e3c5ddbd8cf33b",
- "type": "github"
- },
- "original": {
- "owner": "oxalica",
- "repo": "rust-overlay",
- "type": "github"
- }
- },
- "rust-overlay_4": {
- "inputs": {
- "flake-utils": [
- "x509-tools",
- "flake-utils"
- ],
- "nixpkgs": [
- "x509-tools",
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1667875464,
- "narHash": "sha256-0rO2Pzn//ANT3AphpEUantCbm86XcmKNEKhM73LFr04=",
- "owner": "oxalica",
- "repo": "rust-overlay",
- "rev": "9235990723630e1a55e1ed6bca5954e4e31cfbd7",
- "type": "github"
- },
- "original": {
- "owner": "oxalica",
- "repo": "rust-overlay",
- "type": "github"
- }
- },
- "sendsms": {
- "inputs": {
- "crane": "crane",
- "flake-utils": "flake-utils_4",
- "nixpkgs": "nixpkgs_4",
- "pre-commit-hooks": "pre-commit-hooks_2",
- "rust-overlay": "rust-overlay_2"
- },
- "locked": {
- "lastModified": 1680229401,
- "narHash": "sha256-/WMoPZRMYHXUDgDLLI14BwyYpZZ/OpElI8swe0kNjy8=",
- "ref": "main",
- "rev": "6ca08e1840d85d504987b38fef57474635dc8db2",
- "revCount": 7,
- "type": "git",
- "url": "https://git.fcuny.net/sendsms"
- },
- "original": {
- "ref": "main",
- "type": "git",
- "url": "https://git.fcuny.net/sendsms"
- }
- },
"systems": {
"locked": {
"lastModified": 1681028828,
@@ -769,29 +420,6 @@
"repo": "default",
"type": "github"
}
- },
- "x509-tools": {
- "inputs": {
- "crane": "crane_2",
- "flake-utils": "flake-utils_6",
- "nixpkgs": "nixpkgs_5",
- "pre-commit-hooks": "pre-commit-hooks_3",
- "rust-overlay": "rust-overlay_4"
- },
- "locked": {
- "lastModified": 1668381652,
- "narHash": "sha256-xdrF/ZOpq3lAxJgVtNapMSkTpDFB63V0ILJGrMQaEWI=",
- "ref": "main",
- "rev": "aed3af92f4e82124aa410feb352ff027b932b93c",
- "revCount": 28,
- "type": "git",
- "url": "https://git.fcuny.net/fcuny/x509-info"
- },
- "original": {
- "ref": "main",
- "type": "git",
- "url": "https://git.fcuny.net/fcuny/x509-info"
- }
}
},
"root": "root",
diff --git a/flake.nix b/flake.nix
index 2ae5d62..9ede1aa 100644
--- a/flake.nix
+++ b/flake.nix
@@ -42,10 +42,6 @@
inputs.nixpkgs.follows = "nixpkgs";
};
- x509-tools = {
- url = "git+https://git.fcuny.net/fcuny/x509-info?ref=main";
- };
-
pre-commit-hooks = {
type = "github";
owner = "cachix";
@@ -57,10 +53,6 @@
nixpkgs-stable.follows = "nixpkgs";
};
};
-
- sendsms = {
- url = "git+https://git.fcuny.net/sendsms?ref=main";
- };
};
# Output config, or config for NixOS system
diff --git a/home/profiles/workstation.nix b/home/profiles/workstation.nix
index f036f31..7fa76aa 100644
--- a/home/profiles/workstation.nix
+++ b/home/profiles/workstation.nix
@@ -66,7 +66,7 @@ in
restic-nas
# tools from external repositories
- x509-info
+ # x509-info
# gh-ssh-keys
# masked-emails
];
diff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix
index 0560a57..d8283fe 100644
--- a/hosts/tahoe/secrets/secrets.nix
+++ b/hosts/tahoe/secrets/secrets.nix
@@ -35,6 +35,4 @@ in
"restic/repo-systems.age".publicKeys = all;
"rsync.net/ssh-key.age".publicKeys = all;
-
- "sendsms/config.age".publicKeys = all;
}
diff --git a/modules/services/default.nix b/modules/services/default.nix
index 77cf853..1aeeff1 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -4,6 +4,5 @@
imports = [
./backup
./monitoring
- ./sendsms
];
}
diff --git a/modules/services/sendsms/default.nix b/modules/services/sendsms/default.nix
deleted file mode 100644
index dde77ca..0000000
--- a/modules/services/sendsms/default.nix
+++ /dev/null
@@ -1,72 +0,0 @@
-# send SMS based on actions
-{ pkgs, config, lib, ... }:
-let
- cfg = config.my.services.sendsms;
- secrets = config.age.secrets;
-in
-{
- options.my.services.sendsms = {
- enable = lib.mkEnableOption "send SMS when the host reboots";
- };
-
- config = lib.mkIf cfg.enable {
- systemd.services.sendsms-reboot = {
- description = "Send an SMS when the host has booted";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
- path = [ pkgs.sendsms ];
- restartIfChanged = false;
-
- unitConfig = {
- # If the gate file exists, it means we've already send the
- # message, nothing to do
- ConditionPathExists = "!/run/sendsms/reboot";
- };
-
- serviceConfig = {
- Type = "oneshot";
- ExecStart = "${pkgs.sendsms}/bin/sendsms --config ${secrets."sendsms/config".path} reboot";
-
- # Write a gate file so we don't send a message multiple times
- ExecStartPost = "${pkgs.coreutils}/bin/touch /run/sendsms/reboot";
-
- Restart = "on-failure";
-
- # Runtime directory and mode
- RuntimeDirectory = "sendsms";
- RuntimeDirectoryMode = "0755";
- RuntimeDirectoryPreserve = "yes";
-
- # Access write directories
- UMask = "0027";
-
- # Capabilities
- CapabilityBoundingSet = "";
-
- # Security
- NoNewPrivileges = true;
-
- # Sandboxing
- ProtectSystem = "strict";
- ProtectHome = true;
- PrivateTmp = true;
- PrivateUsers = true;
- ProtectHostname = true;
- ProtectClock = true;
- ProtectKernelTunables = true;
- ProtectKernelModules = true;
- ProtectKernelLogs = true;
- ProtectControlGroups = true;
- LockPersonality = true;
- MemoryDenyWriteExecute = true;
- RestrictRealtime = true;
- RestrictSUIDSGID = true;
- PrivateMounts = true;
-
- # System Call Filtering
- SystemCallArchitectures = "native";
- SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @setuid @swap";
- };
- };
- };
-}
diff --git a/nix/mkHomeManagerConfiguration.nix b/nix/mkHomeManagerConfiguration.nix
index 61913c3..38bc19f 100644
--- a/nix/mkHomeManagerConfiguration.nix
+++ b/nix/mkHomeManagerConfiguration.nix
@@ -36,7 +36,6 @@ inputs.home-manager.lib.homeManagerConfiguration {
inputs.nur.overlay
inputs.naersk.overlay
inputs.rust.overlays.default
- inputs.x509-tools.overlay
(final: prev:
{
tools = import "${self}/tools" { pkgs = prev; inherit naersk; };
diff --git a/nix/mkSystem.nix b/nix/mkSystem.nix
index d2e7ebf..bf141da 100644
--- a/nix/mkSystem.nix
+++ b/nix/mkSystem.nix
@@ -18,7 +18,6 @@ inputs.nixpkgs.lib.nixosSystem {
overlays = [
inputs.nur.overlay
inputs.rust.overlays.default
- inputs.sendsms.overlay
(final: prev:
{
tools = import "${self}/tools" { pkgs = prev; inherit naersk; };
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 13:29:07 +0000