From 8de41594fa35bf4bb981047b56c9140f0995f635 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sun, 27 Nov 2022 14:30:59 +0700 Subject: [PATCH] hosts/caramel: update to raccoon --- flake.lock | 55 +++++++++++++++++++ flake.nix | 11 ++-- hosts/caramel/default.nix | 7 +-- hosts/caramel/networking.nix | 9 +++ hosts/sugarcane/default.nix | 2 +- modules/default.nix | 2 +- .../{nix-porcupine.nix => nix-stable.nix} | 1 - users/hana/default.nix | 7 ++- 8 files changed, 79 insertions(+), 15 deletions(-) rename modules/system/{nix-porcupine.nix => nix-stable.nix} (94%) diff --git a/flake.lock b/flake.lock index 89558c1..b43cb71 100644 --- a/flake.lock +++ b/flake.lock @@ -156,6 +156,28 @@ "type": "github" } }, + "home-manager-raccoon": { + "inputs": { + "nixpkgs": [ + "nixpkgs-raccoon" + ], + "utils": "utils_2" + }, + "locked": { + "lastModified": 1669071065, + "narHash": "sha256-KBpgj3JkvlPsJ3duOZqFJe6tgr+wc75t8sFmgRbBSbw=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "f7641a3ff398ccce952e19a199d775934e518c1d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-22.11", + "repo": "home-manager", + "type": "github" + } + }, "hosts-blocklists": { "flake": false, "locked": { @@ -335,6 +357,22 @@ "type": "github" } }, + "nixpkgs-raccoon": { + "locked": { + "lastModified": 1669465383, + "narHash": "sha256-fVbG427suESAEb8/P47O/zD/G9BSeFxLh94IUzgOchs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "899e7caf59d1954882a8e2dff45ccc0387c186f6", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-22.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1664945523, @@ -407,6 +445,7 @@ "fast-syntax-highlighting": "fast-syntax-highlighting", "home-manager": "home-manager", "home-manager-porcupine": "home-manager-porcupine", + "home-manager-raccoon": "home-manager-raccoon", "hosts-blocklists": "hosts-blocklists", "linux-tkg": "linux-tkg", "neovim-nightly": "neovim-nightly", @@ -415,6 +454,7 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", "nixpkgs-porcupine": "nixpkgs-porcupine", + "nixpkgs-raccoon": "nixpkgs-raccoon", "nvim-treesitter": "nvim-treesitter", "packwiz": "packwiz", "pure": "pure", @@ -512,6 +552,21 @@ "type": "github" } }, + "utils_2": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "website": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 9b30df4..378346c 100644 --- a/flake.nix +++ b/flake.nix @@ -2,8 +2,10 @@ inputs = { nixpkgs.url = "github:LavaDesu/nixpkgs/laba/remove-mono"; nixpkgs-porcupine.url = "github:NixOS/nixpkgs/nixos-21.11"; + nixpkgs-raccoon.url = "github:NixOS/nixpkgs/nixos-22.11"; home-manager.url = "github:nix-community/home-manager"; home-manager-porcupine.url = "github:LavaDesu/home-manager/backport/gpg-agent"; + home-manager-raccoon.url = "github:nix-community/home-manager/release-22.11"; neovim-nightly.url = "github:nix-community/neovim-nightly-overlay"; nixos-hardware.url = "github:NixOS/nixos-hardware"; agenix.url = "github:ryantm/agenix"; @@ -12,6 +14,7 @@ agenix.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager-porcupine.inputs.nixpkgs.follows = "nixpkgs-porcupine"; + home-manager-raccoon.inputs.nixpkgs.follows = "nixpkgs-raccoon"; neovim-nightly.inputs.nixpkgs.follows = "nixpkgs"; nixos-generators.inputs.nixpkgs.follows = "nixpkgs"; @@ -43,7 +46,7 @@ rust-overlay.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { self, agenix, nixos-generators, nixpkgs, nixpkgs-porcupine, ... } @ inputs: + outputs = { self, agenix, nixos-generators, nixpkgs, nixpkgs-porcupine, nixpkgs-raccoon, ... } @ inputs: let overlays = (import ./overlays) ++ [(final: prev: { @@ -68,7 +71,7 @@ { nixosConfigurations."blossom" = mkSystem nixpkgs "blossom" "x86_64-linux" true []; - nixosConfigurations."caramel" = mkSystem nixpkgs-porcupine "caramel" "aarch64-linux" false [{ + nixosConfigurations."caramel" = mkSystem nixpkgs-raccoon "caramel" "aarch64-linux" false [{ nixpkgs.overlays = [ (self: super: { makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; }); @@ -90,14 +93,12 @@ packages."aarch64-linux" = let - pkgs = import nixpkgs-porcupine { + pkgs = import nixpkgs-raccoon { inherit overlays; system = "aarch64-linux"; }; in { - inherit (pkgs) nixUnstable; - caramel-img = self.nixosConfigurations."caramel".config.system.build.sdImage; }; diff --git a/hosts/caramel/default.nix b/hosts/caramel/default.nix index 098042f..1fc224d 100644 --- a/hosts/caramel/default.nix +++ b/hosts/caramel/default.nix @@ -1,6 +1,6 @@ { config, inputs, modules, modulesPath, overlays, pkgs, ... }: { networking.hostName = "caramel"; - system.stateVersion = "21.11"; + system.stateVersion = "22.11"; time.timeZone = "Asia/Phnom_Penh"; age.secrets = { @@ -13,12 +13,12 @@ imports = (with modules.system; [ "${builtins.toString modulesPath}/installer/sd-card/sd-image-aarch64.nix" - inputs.home-manager-porcupine.nixosModule + inputs.home-manager-raccoon.nixosModule base home-manager input - nix-porcupine + nix-stable security transmission wireguard @@ -39,6 +39,5 @@ sonarr tmptsync unbound - vaultwarden ]); } diff --git a/hosts/caramel/networking.nix b/hosts/caramel/networking.nix index 93059b2..33dd49c 100644 --- a/hosts/caramel/networking.nix +++ b/hosts/caramel/networking.nix @@ -23,4 +23,13 @@ 192.168.100.13 blossom ''; }; + + # wait for ntp before connecting to wireguard + systemd = { + additionalUpstreamSystemUnits = [ "systemd-time-wait-sync.service" ]; + services = { + "systemd-time-wait-sync".wantedBy = [ "multi-user.target" ]; + "wireguard-wg0".after = [ "time-sync.target" ]; + }; + }; } diff --git a/hosts/sugarcane/default.nix b/hosts/sugarcane/default.nix index b0fa44e..0259c18 100644 --- a/hosts/sugarcane/default.nix +++ b/hosts/sugarcane/default.nix @@ -14,7 +14,7 @@ base home-manager input - nix-porcupine + nix-stable security wireguard diff --git a/modules/default.nix b/modules/default.nix index 5287a7e..43aa296 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -33,7 +33,7 @@ in { ./system/input.nix ./system/kernel.nix ./system/nix.nix - ./system/nix-porcupine.nix + ./system/nix-stable.nix ./system/packages.nix ./system/security.nix ./system/snapper.nix diff --git a/modules/system/nix-porcupine.nix b/modules/system/nix-stable.nix similarity index 94% rename from modules/system/nix-porcupine.nix rename to modules/system/nix-stable.nix index cb96b40..032696d 100644 --- a/modules/system/nix-porcupine.nix +++ b/modules/system/nix-stable.nix @@ -1,6 +1,5 @@ { config, lib, pkgs, ... }: { nix = rec { - package = pkgs.nix_2_4; binaryCaches = [ "https://cache.nixos.org?priority=10" "https://lava.cachix.org" diff --git a/users/hana/default.nix b/users/hana/default.nix index 9ccf5e5..a7c683a 100644 --- a/users/hana/default.nix +++ b/users/hana/default.nix @@ -5,6 +5,10 @@ shell = pkgs.zsh; uid = 1002; passwordFile = config.age.secrets.passwd.path; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15 rin@blossom" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ5l9t8dc6mPsKKYqZlPKvhOdyqz+DS5UOcvHuh3uVGt @strawberry" + ]; }; home-manager.users.hana = { config, enableGUI, lib, pkgs, ... }: { @@ -12,7 +16,6 @@ username = "hana"; homeDirectory = "/home/hana"; stateVersion = "21.11"; - keyboard = null; # see https://github.com/nix-community/home-manager/issues/2219 }; imports = with modules.user; [ @@ -25,7 +28,5 @@ programs.git.signing.signByDefault = lib.mkForce false; programs.zsh.history.path = lib.mkForce "/persist/hana/zsh_history"; - - home.file.".ssh/authorized_keys".source = ../../res/authorized_keys; }; }