Compare commits

...

6 commits

7 changed files with 138 additions and 85 deletions

View file

@ -1,17 +1,15 @@
NIX_RUN := nix run .\# NIX_RUN := nix run .\#
NIX_LOCK := nix flake lock NIX_LOCK := nix flake lock
DEPS_MY := \ DEPS_EDITOR := \
nixeovim nixeovim
DEPS_NIXOS := \ DEPS_SYSTEM := \
nixpkgs \ nixpkgs \
nixpkgs-unstable \ nixpkgs-unstable \
hardware \ hardware \
home-manager \ home-manager \
agenix agenix \
DEPS_MISC := \
wired \ wired \
nil nil
@ -56,17 +54,13 @@ rollback:
################################################################################ ################################################################################
.PHONY: deps-my .PHONY: deps-my
deps-my: deps-editor:
$(NIX_LOCK) $(foreach dep,$(DEPS_MY),--update-input $(dep)) $(NIX_LOCK) $(foreach dep,$(DEPS_EDITOR),--update-input $(dep))
.PHONY: deps-nixos .PHONY: deps-nixos
deps-nixos: deps-system:
$(NIX_LOCK) $(foreach dep,$(DEPS_NIXOS),--update-input $(dep)) $(NIX_LOCK) $(foreach dep,$(DEPS_SYSTEM),--update-input $(dep))
.PHONY: deps-misc
deps-misc:
$(NIX_LOCK) $(foreach dep,$(DEPS_MISC),--update-input $(dep))
.PHONY: deps .PHONY: deps
deps: deps-my deps-nixos deps-misc ; deps: deps-editor deps-system ;

View file

@ -10,11 +10,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1707830867, "lastModified": 1715290355,
"narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -23,28 +23,6 @@
"type": "github" "type": "github"
} }
}, },
"alejandra": {
"inputs": {
"flakeCompat": "flakeCompat",
"nixpkgs": [
"wired",
"nixpkgs"
]
},
"locked": {
"lastModified": 1652974241,
"narHash": "sha256-0AolxQtKj3Oek0WSbODDpPVO5Ih8PXHOA3qXEKPB4dQ=",
"owner": "kamadorueda",
"repo": "alejandra",
"rev": "0be1462419fc73270a5dc0f84f8092603890b029",
"type": "github"
},
"original": {
"owner": "kamadorueda",
"repo": "alejandra",
"type": "github"
}
},
"firefox-addons": { "firefox-addons": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
@ -67,6 +45,24 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1714641030,
"narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1629284811, "lastModified": 1629284811,
@ -115,29 +111,31 @@
"type": "github" "type": "github"
} }
}, },
"flakeCompat": { "flake-utils_4": {
"flake": false, "inputs": {
"systems": "systems_3"
},
"locked": { "locked": {
"lastModified": 1648199409, "lastModified": 1705309234,
"narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=", "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "edolstra", "owner": "numtide",
"repo": "flake-compat", "repo": "flake-utils",
"rev": "64a525ee38886ab9028e6f61790de0832aa3ef03", "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "edolstra", "owner": "numtide",
"repo": "flake-compat", "repo": "flake-utils",
"type": "github" "type": "github"
} }
}, },
"hardware": { "hardware": {
"locked": { "locked": {
"lastModified": 1711352745, "lastModified": 1716173274,
"narHash": "sha256-luvqik+i3HTvCbXQZgB6uggvEcxI9uae0nmrgtXJ17U=", "narHash": "sha256-FC21Bn4m6ctajMjiUof30awPBH/7WjD0M5yqrWepZbY=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "9a763a7acc4cfbb8603bb0231fec3eda864f81c0", "rev": "d9e0b26202fd500cf3e79f73653cce7f7d541191",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -196,11 +194,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1712386041, "lastModified": 1715381426,
"narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=", "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff", "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -242,11 +240,11 @@
"rust-overlay": "rust-overlay_2" "rust-overlay": "rust-overlay_2"
}, },
"locked": { "locked": {
"lastModified": 1694177726, "lastModified": 1714571717,
"narHash": "sha256-eaYATUkElEbXGcehShhYfcGhrjfTMQEmJqxvO+/5ciw=", "narHash": "sha256-o4tqlTzi9kcVub167kTGXgCac9jM3kW4+v9MH/ue4Hk=",
"owner": "oxalica", "owner": "oxalica",
"repo": "nil", "repo": "nil",
"rev": "4775e34c30f6101a9bb4364a0c7e4aae4ae43f11", "rev": "2f3ed6348bbf1440fcd1ab0411271497a0fbbfa4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -310,13 +308,25 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib": {
"locked": {
"lastModified": 1714640452,
"narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
}
},
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1713714268, "lastModified": 1716128955,
"narHash": "sha256-ZJGnom7YthvNxUZLdUzy5VePTwYgDYcnnPpyHT4n9lY=", "narHash": "sha256-3DNg/PV+X2V7yn8b/fUR2ppakw7D9N4sjVBGk6nDwII=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "69ee1d82f1fa4c70a3dc9a64111e7eef3b8e4527", "rev": "f9256de8281f2ccd04985ac5c30d8f69aefadbe8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -328,11 +338,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1711460390, "lastModified": 1716061101,
"narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", "narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "44733514b72e732bd49f5511bd0203dea9b9a434", "rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -342,6 +352,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": {
"locked": {
"lastModified": 1706487304,
"narHash": "sha256-LE8lVX28MV2jWJsidW13D2qrHU/RUUONendL2Q/WlJg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "90f456026d284c22b3e3497be980b2e47d0b28ac",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
@ -392,11 +418,30 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1688783586, "lastModified": 1714529851,
"narHash": "sha256-HHaM2hk2azslv1kH8zmQxXo2e7i5cKgzNIuK4yftzB0=", "narHash": "sha256-YMKJW880f7LHXVRzu93xa6Ek+QLECIu0IRQbXbzZe38=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "7a29283cc242c2486fc67f60b431ef708046d176", "rev": "9ca720fdcf7865385ae3b93ecdf65f1a64cb475e",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_3": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1715393623,
"narHash": "sha256-nSUFcUqyTQQ/aYFIB05mpCzytcKvfKMy3ZQAe0fP26A=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "8eb8671512cb0c72c748058506e50c54fb5d8e2b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -435,35 +480,35 @@
"type": "github" "type": "github"
} }
}, },
"utils": { "systems_3": {
"locked": { "locked": {
"lastModified": 1652776076, "lastModified": 1681028828,
"narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "numtide", "owner": "nix-systems",
"repo": "flake-utils", "repo": "default",
"rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8", "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "numtide", "owner": "nix-systems",
"repo": "flake-utils", "repo": "default",
"type": "github" "type": "github"
} }
}, },
"wired": { "wired": {
"inputs": { "inputs": {
"alejandra": "alejandra", "flake-parts": "flake-parts",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"utils": "utils" "rust-overlay": "rust-overlay_3"
}, },
"locked": { "locked": {
"lastModified": 1671338321, "lastModified": 1715552757,
"narHash": "sha256-Nm/DarDGFYP+ocPcoEYh4guKXH+jndREtMl0VKMSYF8=", "narHash": "sha256-ZOgCSIcdvG8+RcZCXSAEmb/LZ2Ap9wU4nvbxNDA+QN0=",
"owner": "Toqozz", "owner": "Toqozz",
"repo": "wired-notify", "repo": "wired-notify",
"rev": "f4300acba8180f8fc6babc1a118f9b3753a2b052", "rev": "18b44306b2636fc7f238a9d946c7b8aac217122d",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -53,14 +53,12 @@
(system: (system:
let let
pkgs = import nixpkgs { inherit system; }; pkgs = import nixpkgs { inherit system; };
inherit (pkgs) lib; inherit (pkgs) lib nixos-rebuild;
nixeovimPackage = config: nixeovim.lib.mkNixeovimPackage { inherit system config; }; nixeovimPackage = config: nixeovim.lib.mkNixeovimPackage { inherit system config; };
nixos-rebuild = pkgs.nixos-rebuild.override { nix = pkgs.nixVersions.stable; };
localMachines = lib.filterAttrs (h: m: m.config.deployment.targetHost == null) self.nixosConfigurations; localMachines = lib.filterAttrs (h: m: m.config.deployment.targetHost == null) self.nixosConfigurations;
vpsMachines = lib.filterAttrs (h: m: m.config.deployment.targetHost != null) self.nixosConfigurations; vpsMachines = lib.filterAttrs (h: m: m.config.deployment.targetHost != null) self.nixosConfigurations;
in in
{ {
packages = { packages = {
@ -81,6 +79,7 @@
switch = lib.recurseIntoAttrs (lib.mapAttrs switch = lib.recurseIntoAttrs (lib.mapAttrs
(hostname: machine: pkgs.writeShellScript "switch/${hostname}" '' (hostname: machine: pkgs.writeShellScript "switch/${hostname}" ''
set -e
${nixos-rebuild}/bin/nixos-rebuild switch --flake .#${hostname} $@ ${nixos-rebuild}/bin/nixos-rebuild switch --flake .#${hostname} $@
${lib.optionalString machine.config.hardware.pulseaudio.systemWide '' ${lib.optionalString machine.config.hardware.pulseaudio.systemWide ''
systemctl restart pulseaudio.service systemctl restart pulseaudio.service

View file

@ -7,6 +7,8 @@
./users ./users
]; ];
local.yubikey.enable = true;
################################################################################ ################################################################################
# Programs # Programs
################################################################################ ################################################################################

View file

@ -72,16 +72,21 @@ in
publicKey = "mzVH0N3q7UE/XjMwgRks+D8KFuIj91VkOK2ytgjsnkw="; publicKey = "mzVH0N3q7UE/XjMwgRks+D8KFuIj91VkOK2ytgjsnkw=";
allowedIPs = [ "10.20.30.4/32" ]; allowedIPs = [ "10.20.30.4/32" ];
} }
# Phone 1 # Phone 1 j
{ {
publicKey = "bwKSB61krDPZV9JVw2ChPCImxqjJHQ2vXvWjbqPy/2o="; publicKey = "bwKSB61krDPZV9JVw2ChPCImxqjJHQ2vXvWjbqPy/2o=";
allowedIPs = [ "10.20.30.5/32" ]; allowedIPs = [ "10.20.30.5/32" ];
} }
# Phone 2 # Phone 2 m
{ {
publicKey = "0+ejwId5JcTeMvoz+I/ACpmpUFjD7rl9wqz8H/OAHEw="; publicKey = "0+ejwId5JcTeMvoz+I/ACpmpUFjD7rl9wqz8H/OAHEw=";
allowedIPs = [ "10.20.30.6/32" ]; allowedIPs = [ "10.20.30.6/32" ];
} }
# Phone 3 n
{
publicKey = "IUw38F1ik2y2XoPh3Nd1VVxHz9nfKDfNKyzBaEi0rjc=";
allowedIPs = [ "10.20.30.7/32" ];
}
]; ];
}; };
}; };

8
notes/yubikey.md Normal file
View file

@ -0,0 +1,8 @@
# Yubikey
configure pam u2f
```bash
mkdir -p ~/.config/Yubico
nix shell nixpkgs#pam_u2f --command pamu2fcfg > ~/.config/Yubico/u2f_keys
```

View file

@ -2,7 +2,7 @@
{ {
nixpkgs.overlays = lib.mkAfter [ nixpkgs.overlays = lib.mkAfter [
inputs.nil.overlays.default inputs.nil.overlays.nil
inputs.wired.overlays.default inputs.wired.overlays.default
]; ];