gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Koishi: move to dualboot, Goliath: deprecate, Flake: clean up 5

Browse source 
flake-utils
This commit is contained in:
kat witch 2022-05-19 08:53:47 +01:00 committed by kat
parent 88e2f45b0b
commit d9c859e261
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
35 changed files with 446 additions and 1119 deletions
Download patch file Download diff file Expand all files Collapse all files

459
config/hosts/goliath.nix
View file

@ -1,459 +0,0 @@
{ meta, tf, config, pkgs, lib, ... }: with lib; {
imports = with meta; [
profiles.hardware.ms-7b86
profiles.hardware.razer
profiles.hardware.bamboo
profiles.hardware.networkmanager
profiles.gui
profiles.x11
profiles.vfio
profiles.network
profiles.cross.aarch64
profiles.cross.armv6l
profiles.cross.armv7l
users.kat.guiX11Full
users.kat.services.weechat
services.nginx
services.restic
services.zfs
];
config = {
deploy.tf = {
resources.goliath = {
provider = "null";
type = "resource";
connection = {
port = head config.services.openssh.ports;
host = config.network.addresses.private.nixos.ipv4.address;
};
};
};
boot.supportedFilesystems = [ "zfs" "xfs" ];
fileSystems = {
"/" = {
device = "rpool/ephemeral/root";
fsType = "zfs";
};
"/nix" = {
device = "rpool/local/nix";
fsType = "zfs";
};
"/home" = {
device = "rpool/ephemeral/home";
fsType = "zfs";
};
"/persist/root" = {
device = "rpool/persist/root";
fsType = "zfs";
neededForBoot = true;
};
"/persist/home" = {
device = "rpool/persist/home";
fsType = "zfs";
neededForBoot = true;
};
"/boot" = {
device = "/dev/disk/by-uuid/AED6-D0D1";
fsType = "vfat";
};
"/mnt/xstore" = {
device = "/dev/disk/by-uuid/64269102-a278-4919-9118-34e37f4afdb0";
fsType = "xfs";
};
};
boot.initrd.postDeviceCommands = mkIf (config.fileSystems."/".fsType == "zfs") (mkAfter ''
zfs rollback -r ${config.fileSystems."/".device}@blank
zfs rollback -r ${config.fileSystems."/home".device}@blank
'');
programs.fuse.userAllowOther = true;
environment.persistence."/persist/root" = {
directories = [
"/var/log"
"/var/lib/systemd/coredump"
"/var/lib/acme"
"/var/lib/yggdrasil"
"/var/lib/kat/secrets"
];
files = [
"/etc/machine-id"
"/etc/nix/id_rsa"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
};
secrets.persistentRoot = mkForce "/persist/root/var/lib/kat/secrets";
home-manager.users.kat = {
secrets.persistentRoot = mkForce "/persist/home/.cache/kat/secrets";
home.persistence."/persist/home" = {
allowOther = true;
directories = [
".cache/kat/secrets"
".cache/rbw"
".cache/nix"
".local/share/z"
".local/share/vim"
".local/share/nvim"
".local/share/task"
".local/share/dino"
".local/share/weechat"
".local/share/TelegramDesktop"
".local/share/Mumble"
".local/share/direnv"
".config/Mumble"
".config/Element"
".config/discord"
".config/obsidian"
".config/hedgedoc"
".config/obs-studio"
".ApacheDirectoryStudio"
".gnupg"
".mozilla"
"neorg"
"docs"
"media"
"mail"
"projects"
"shared"
];
files = [
".ssh/known_hosts"
".zsh_history"
];
};
};
swapDevices = [
{ device = "/dev/disk/by-uuid/89831a0f-93e6-4d30-85e4-09061259f140"; }
{ device = "/dev/disk/by-uuid/8f944315-fe1c-4095-90ce-50af03dd5e3f"; }
];
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
deploy.profile.hardware.acs-override = builtins.getEnv "CI_PLATFORM" == "impure";
users.users.kat.extraGroups = singleton "openrazer";
hardware = {
displays = {
"HDMI-A-1" = {
res = "1920x1080";
pos = "1920 0";
};
"DVI-D-1" = {
res = "1920x1200";
pos = "3840 0";
};
"DP-1" = {
res = "1920x1080";
pos = "0 0";
};
};
bamboo.display = "HDMI-A-1";
openrazer.enable = true;
};
environment.systemPackages = [
pkgs.razergenie
];
boot.modprobe.modules = {
vfio-pci =
let
vfio-pci-ids = [
"1002:67df"
"1002:aaf0" # RX 580
"1912:0014" # Renesas USB 3
"1022:149c" # CPU USB 3
];
in
mkIf (vfio-pci-ids != [ ]) {
options.ids = concatStringsSep "," vfio-pci-ids;
};
kvm_amd.options = {
avic = true;
npt = true;
};
};
deploy.profile.i3 = true;
services.udev.extraRules = ''
SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="1532", ATTRS{idProduct}=="0067", GROUP="vfio"
SUBSYSTEM=="block", ACTION=="add", ATTRS{model}=="HFS256G32TNF-N3A", ATTRS{wwid}=="t10.ATA HFS256G32TNF-N3A0A MJ8BN15091150BM1Z ", OWNER="kat"
'';
services.xserver= {
extraConfig = ''
Section "Monitor"
Identifier "DisplayPort-0"
Option "PreferredMode" "1920x1080"
Option "Position" "0 0"
EndSection
Section "Monitor"
Identifier "HDMI-A-0"
Option "Primary" "true"
Option "PreferredMode" "1920x1080"
Option "Position" "1920 0"
EndSection
Section "Monitor"
Identifier "DVI-D-0"
Option "PreferredMode" "1920x1200"
Option "Position" "3840 0"
EndSection
'';
deviceSection = ''
Option "monitor-HDMI-A-0" "HDMI-A-0"
Option "monitor-DisplayPort-0" "DisplayPort-0"
Option "monitor-DVI-D-0" "DVI-D-0"
BusID "PCI:37:0:0"
'';
};
environment.etc = {
"sensors3.conf".text = ''
chip "nct6797-isa-0a20"
label in0 "Vcore"
label in1 "+5V"
compute in1 5*@, @/5
label in2 "AVCC"
set in2_min 3.3 * 0.90
set in2_max 3.3 * 1.10
label in3 "+3.3V"
set in3_min 3.3 * 0.90
set in3_max 3.3 * 1.10
label in4 "+12V"
compute in4 12*@, @/12
label in5 "DIMM"
compute in5 (8+18/19)*@, @/(8+18/19)
# label in6 "wtf?" # can't find this in hwinfo64?
label in7 "3VSB"
set in7_min 3.3 * 0.90
set in7_max 3.3 * 1.10
label in8 "Vbat"
set in8_min 3.3 * 0.90
set in8_max 3.3 * 1.10
label in9 "VTT"
ignore in10 # always zero
# label in11 "VIN4" # on hwinfo64
label in12 "SoC" # "CPU NB" on hwinfo64
# label in13 "VIN6" # on hwinfo64
# label in13 "VIN7" # on hwinfo64
label fan1 "Rear Fan" # "Pump Fan"
label fan2 "CPU Fan"
label fan3 "Top Exhaust" # "Case Fan 1"
label fan4 "Front Fan" # "Case Fan 2"
label fan5 "Top Intake" # "Case Fan 3"
label fan6 "Front Fan" # "Case Fan 4"
label temp7 "Core"
label temp1 "Motherboard"
label temp2 "CPU"
label temp3 "System" # Auxillary
ignore temp4
ignore temp6
ignore temp8
ignore temp9
ignore temp10
ignore intrusion0
ignore intrusion1
ignore beep_enable
'';
};
networking = {
hostId = "617050fc";
useDHCP = false;
/*useNetworkd = true;*/
/*interfaces = {
enp34s0 = {
/*ipv4.addresses = singleton {
inherit (config.network.addresses.private.nixos.ipv4) address;
prefixLength = 24;
};
};
defaultGateway = config.network.privateGateway;*/
firewall.allowPing = true;
};
/* boot.kernel.sysctl = let
nct = ".//.//.sys.devices.platform.nct6775/2592.hwmon.hwmon1";
in {
# rear exhaust
#"${nct}.pwm1_mode" = 0;
"${nct}.pwm1_temp_sel" = 2;
"${nct}.pwm1_enable" = 5;
"${nct}.pwm1_auto_point1_temp" = 35000;
"${nct}.pwm1_auto_point1_pwm" = 88;
"${nct}.pwm1_auto_point2_temp" = 38000;
"${nct}.pwm1_auto_point2_pwm" = 104;
"${nct}.pwm1_auto_point3_temp" = 47000;
"${nct}.pwm1_auto_point3_pwm" = 144;
"${nct}.pwm1_auto_point4_temp" = 49000;
"${nct}.pwm1_auto_point4_pwm" = 224;
"${nct}.pwm1_auto_point5_temp" = 52000;
"${nct}.pwm1_auto_point5_pwm" = 255;
"${nct}.pwm1_step_up_time" = 150;
"${nct}.pwm1_step_down_time" = 150;
# cpu fan
#${nct}.pwm2_mode=0
"${nct}.pwm2_temp_sel" = 2;
"${nct}.pwm2_enable" = 5;
"${nct}.pwm2_auto_point1_temp" = 34000;
"${nct}.pwm2_auto_point1_pwm" = 0;
"${nct}.pwm2_auto_point2_temp" = 34500;
"${nct}.pwm2_auto_point2_pwm" = 128;
"${nct}.pwm2_auto_point3_temp" = 47000;
"${nct}.pwm2_auto_point3_pwm" = 160;
"${nct}.pwm2_auto_point4_temp" = 49000;
"${nct}.pwm2_auto_point4_pwm" = 224;
"${nct}.pwm2_auto_point5_temp" = 52000;
"${nct}.pwm2_auto_point5_pwm" = 255;
"${nct}.pwm2_step_up_time" = 50;
"${nct}.pwm2_step_down_time" = 50;
# top exhaust
#"${nct}.pwm3_mode" = 0;
"${nct}.pwm3_temp_sel" = 2;
"${nct}.pwm3_enable" = 5;
"${nct}.pwm3_auto_point1_temp" = 36000;
"${nct}.pwm3_auto_point1_pwm" = 0;
"${nct}.pwm3_auto_point2_temp" = 39000;
"${nct}.pwm3_auto_point2_pwm" = 136;
"${nct}.pwm3_auto_point3_temp" = 48000;
"${nct}.pwm3_auto_point3_pwm" = 144;
"${nct}.pwm3_auto_point4_temp" = 50000;
"${nct}.pwm3_auto_point4_pwm" = 176;
"${nct}.pwm3_auto_point5_temp" = 53000;
"${nct}.pwm3_auto_point5_pwm" = 255;
"${nct}.pwm3_step_up_time" = 100;
"${nct}.pwm3_step_down_time" = 100;
# front 1
#"${nct}.pwm4_mode" = 0;
"${nct}.pwm4_temp_sel" = 2;
"${nct}.pwm4_enable" = 5;
"${nct}.pwm4_auto_point1_temp" = 35000;
"${nct}.pwm4_auto_point1_pwm" = 104;
"${nct}.pwm4_auto_point2_temp" = 38000;
"${nct}.pwm4_auto_point2_pwm" = 176;
"${nct}.pwm4_auto_point3_temp" = 47000;
"${nct}.pwm4_auto_point3_pwm" = 192;
"${nct}.pwm4_auto_point4_temp" = 49000;
"${nct}.pwm4_auto_point4_pwm" = 224;
"${nct}.pwm4_auto_point5_temp" = 52000;
"${nct}.pwm4_auto_point5_pwm" = 255;
"${nct}.pwm4_step_up_time" = 100;
"${nct}.pwm4_step_down_time" = 100;
# top intake
#"${nct}.pwm5_mode" = 0;
"${nct}.pwm5_temp_sel" = 2;
"${nct}.pwm5_enable" = 5;
"${nct}.pwm5_auto_point1_temp" = 36000;
"${nct}.pwm5_auto_point1_pwm" = 104;
"${nct}.pwm5_auto_point2_temp" = 39000;
"${nct}.pwm5_auto_point2_pwm" = 144;
"${nct}.pwm5_auto_point3_temp" = 48000;
"${nct}.pwm5_auto_point3_pwm" = 176;
"${nct}.pwm5_auto_point4_temp" = 50000;
"${nct}.pwm5_auto_point4_pwm" = 208;
"${nct}.pwm5_auto_point5_temp" = 53000;
"${nct}.pwm5_auto_point5_pwm" = 255;
"${nct}.pwm5_step_up_time" = 100;
"${nct}.pwm5_step_down_time" = 100;
# front 2
#"${nct}.pwm6_mode" = 0;
"${nct}.pwm6_temp_sel" = 2;
"${nct}.pwm6_enable" = 5;
"${nct}.pwm6_auto_point1_temp" = 35000;
"${nct}.pwm6_auto_point1_pwm" = 104;
"${nct}.pwm6_auto_point2_temp" = 38000;
"${nct}.pwm6_auto_point2_pwm" = 176;
"${nct}.pwm6_auto_point3_temp" = 47000;
"${nct}.pwm6_auto_point3_pwm" = 192;
"${nct}.pwm6_auto_point4_temp" = 49000;
"${nct}.pwm6_auto_point4_pwm" = 224;
"${nct}.pwm6_auto_point5_temp" = 52000;
"${nct}.pwm6_auto_point5_pwm" = 255;
"${nct}.pwm6_step_up_time" = 100;
"${nct}.pwm6_step_down_time" = 100;
}; */
/*systemd.network = {
networks.enp34s0 = {
matchConfig.Name = "enp34s0";
bridge = singleton "br";
};
networks.br = {
matchConfig.Name = "br";
address = singleton "${config.network.addresses.private.nixos.ipv4.address}/24";
gateway = singleton config.network.privateGateway;
};
netdevs.br = {
netdevConfig = {
Name = "br";
Kind = "bridge";
MACAddress = "00:d8:61:c7:f4:9d";
};
};
};*/
services.avahi.enable = true;
network = {
addresses = {
private = {
enable = true;
nixos = {
ipv4.address = "192.168.1.1";
};
};
};
yggdrasil = {
enable = true;
pubkey = "9604cc51760376fa111e931aad1a71ab91f240517a7d60932c6646104b99db47";
address = "200:d3f6:675d:13f9:120b:ddc2:d9ca:a5cb";
listen.enable = false;
listen.endpoints = [ "tcp://0.0.0.0:0" ];
};
firewall = {
public = {
interfaces = [ "br" "enp34s0" ];
};
private = {
interfaces = singleton "yggdrasil";
tcp = {
ports = [
8096
];
ranges = [{
from = 32768;
to = 60999;
}];
};
};
};
};
system.stateVersion = "21.11";
};
}

51
config/hosts/issun-boushi.nix Normal file
View file

@ -0,0 +1,51 @@
{ config, meta, pkgs, lib, modulesPath, ... }: with lib; {
imports = with meta; [
profiles.hardware.raspi
(modulesPath + "/installer/sd-card/sd-image-raspberrypi.nix")
];
home-manager.users.kat.programs.neovim.enable = mkForce false;
programs.mosh.enable = mkForce false;
boot.supportedFilesystems = mkForce (singleton "ext4");
deploy.tf = {
resources.shinmyoumaru = {
provider = "null";
type = "resource";
connection = {
port = head config.services.openssh.ports;
host = config.network.addresses.private.nixos.ipv4.address;
};
};
};
networking = {
useDHCP = true;
interfaces.eth0.useDHCP = true;
};
network = {
addresses = {
private = {
enable = true;
nixos = {
ipv4.address = "192.168.1.34";
};
};
};
yggdrasil = {
enable = false;
pubkey = "70c18030247e98fdffe4fd81f5fa8c7c4ed43fd6a4fb2b5ef7af0a010d08f63c";
address = "200:691b:b4fb:6987:711f:bde:9b5c:8af3";
listen.enable = false;
listen.endpoints = [ "tcp://0.0.0.0:0" ];
};
firewall = {
private.interfaces = singleton "yggdrasil";
public.interfaces = singleton "eth0";
};
};
system.stateVersion = "21.11";
}

38
config/hosts/koishi.nix
View file

@ -7,7 +7,6 @@
profiles.network
(users.kat.guiFlavour "gnome")
services.nginx
services.dnscrypt-proxy
];
config = {
@ -45,26 +44,51 @@ Host daiyousei-build
'';
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/31bfd91b-bdba-47a9-81bf-c96e0adc88e3";
device = "/dev/disk/by-uuid/a664de0f-9883-420e-acc5-b9602a23e816";
fsType = "xfs";
};
"/boot" = {
device = "/dev/disk/by-uuid/89A2-ED28";
device = "/dev/disk/by-uuid/DEBC-8F03";
fsType = "vfat";
};
};
swapDevices =
[ { device = "/dev/disk/by-uuid/96952382-7f56-46b5-8c84-1f0130f68b63"; }
[ { device = "/dev/disk/by-uuid/0d846453-95b4-46e1-8eaf-b910b4321ef0"; }
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
boot = {
supportedFilesystems = [ "xfs" "zfs" ];
initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/8dd300d3-c432-47b6-8466-55682cd1c1a1";
initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/f0ea08b4-6af7-4d90-a2ad-edd5672a2105";
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
efi = {
canTouchEfiVariables = true;
# assuming /boot is the mount point of the EFI partition in NixOS (as the installation section recommends).
efiSysMountPoint = "/boot";
};
grub = {
# despite what the configuration.nix manpage seems to indicate,
# as of release 17.09, setting device to "nodev" will still call
# `grub-install` if efiSupport is true
# (the devices list is not used by the EFI grub install,
# but must be set to some value in order to pass an assert in grub.nix)
devices = [ "nodev" ];
efiSupport = true;
enable = true;
# set $FS_UUID to the UUID of the EFI partition
extraEntries = ''
menuentry "Windows" {
insmod part_gpt
insmod fat
insmod search_fs_uuid
insmod chain
search --fs-uuid --set=root DEBC-8F03
chainloader /EFI/Microsoft/Boot/bootmgfw.efi
}
'';
version = 2;
};
};
};

26
config/hosts/marisa.nix
View file

@ -1,7 +1,6 @@
{ config, lib, pkgs, modulesPath, tf, meta, ... }: with lib; {
imports = with meta; [
(modulesPath + "/profiles/qemu-guest.nix")
services.dnscrypt-proxy
profiles.network
services.nginx
services.access
@ -81,31 +80,6 @@
};
};
# Youko WG
networking.wireguard.interfaces.wg-youko = {
ips = [
"10.42.68.1/24"
];
listenPort = 51819;
peers = [
{
allowedIPs = [
"10.42.68.0/24"
];
publicKey = "nc7mpg2tbawWR9xjFsk/loxAMtRhEZ49PCJXNYk/Qm8=";
}
];
privateKeyFile = config.secrets.files.wg-youko-privkey.path;
};
networking.firewall.allowedUDPPorts = [ 51819 ];
kw.secrets.variables.wg-youko-privkey = {
path = "secrets/wireguard";
field = "youko-privkey";
};
secrets.files.wg-youko-privkey = {
text = "${tf.variables.wg-youko-privkey.ref}";
};
fileSystems."/" ={
device = "/dev/disk/by-uuid/6ed3e886-d390-433f-90ac-2b37aed9f15f";

34
config/hosts/medicine.nix
View file

@ -1,34 +0,0 @@
{ meta, config, pkgs, modulesPath, lib, ... }: with lib; {
options.home-manager.users = let
userNMExtend = { config, nixos, ... }: {
services.network-manager-applet.enable = true;
};
userBase16Extend = { config, nixos, ... }: {
base16.alias.default = "atelier.atelier-cave-light";
};
in mkOption {
type = types.attrsOf (types.submoduleWith {
modules = [ userNMExtend userBase16Extend ];
});
};
imports = with meta; [
profiles.gui
users.kat.guiFull
(modulesPath + "/installer/cd-dvd/installation-cd-base.nix")
];
config = {
installer.cloneConfig = false;
networking = {
networkmanager.enable = true;
wireless.enable = mkForce false;
};
hardware.displays = {};
system.stateVersion = "21.11";
};
}

2
config/hosts/rinnosuke.nix
View file

@ -3,7 +3,7 @@
profiles.hardware.oracle.ubuntu
profiles.network
services.nginx
] ++ optional (builtins.getEnv "CI_PLATFORM" == "TRUSTED" && builtins.pathExists ../trusted/knot) ../trusted/knot;
] ++ optional (builtins.getEnv "CI_PLATFORM" == "impure" && builtins.pathExists ../trusted/knot) ../trusted/knot;
kw.oci = {
specs = {

10
config/hosts/shinmyoumaru.nix
View file

@ -1,7 +1,6 @@
{ config, meta, pkgs, lib, modulesPath, ... }: with lib; {
imports = with meta; [
profiles.hardware.raspi
profiles.network
services.dnscrypt-proxy
services.dht22-exporter
(modulesPath + "/installer/sd-card/sd-image-raspberrypi.nix")
@ -25,11 +24,7 @@
networking = {
useDHCP = true;
interfaces.eth0.ipv4.addresses = singleton {
inherit (config.network.addresses.private.nixos.ipv4) address;
prefixLength = 24;
};
defaultGateway = config.network.privateGateway;
interfaces.eth0.useDHCP = true;
};
network = {
@ -38,12 +33,11 @@
enable = true;
nixos = {
ipv4.address = "192.168.1.33";
# TODO ipv6.address
};
};
};
yggdrasil = {
enable = true;
enable = false;
pubkey = "70c18030247e98fdffe4fd81f5fa8c7c4ed43fd6a4fb2b5ef7af0a010d08f63c";
address = "200:691b:b4fb:6987:711f:bde:9b5c:8af3";
listen.enable = false;

5
config/hosts/yukari.nix
View file

@ -91,11 +91,7 @@
interfaces.eno1 = {
useDHCP = true;
tempAddress = "disabled";
}; /*.ipv4.addresses = singleton {
inherit (config.network.addresses.private.nixos.ipv4) address;
prefixLength = 24;
};
defaultGateway = config.network.privateGateway; */
};
network = {
@ -104,7 +100,6 @@
enable = true;
nixos = {
ipv4.address = "192.168.1.154";
# TODO ipv6.address
};
};
};

4
config/modules/home/network.nix
View file

@ -44,9 +44,6 @@ with lib;
};
}));
};
privateGateway = mkOption {
type = types.str;
};
tf = {
enable = mkEnableOption "Was the system provisioned by terraform?";
ipv4_attr = mkOption {
@ -74,7 +71,6 @@ with lib;
config = {
network.addresses = nixos.network.addresses or {};
network.privateGateway = nixos.network.privateGateway or "";
network.tf = nixos.network.tf or {};
network.dns = nixos.network.dns or {};
};

1
config/modules/meta/deploy.nix
View file

@ -80,6 +80,7 @@ in
name = mkDefault "kw-${config.name}";
user = mkIf (builtins.getEnv "HOME_USER" != "") (mkDefault (builtins.getEnv "HOME_USER"));
};
providers.local = { };
deps = {
select.allProviders = true;
enable = true;

15
config/modules/nixos/network.nix
View file

@ -89,10 +89,6 @@ in
type = types.attrsOf types.str;
default = { };
};
privateGateway = mkOption {
type = types.str;
default = "192.168.1.1";
};
tf = {
enable = mkEnableOption "Was the system provisioned by terraform?";
ipv4_attr = mkOption {
@ -132,13 +128,13 @@ in
domain = builtins.substring 0 ((builtins.stringLength cfg.dns.zone) - 1) cfg.dns.zone;
};
addresses = lib.mkMerge [
(mkIf (!cfg.tf.enable) (genAttrs [ "private" "public" "yggdrasil" "wireguard" ] (network: {
(mkIf (!cfg.tf.enable) (genAttrs [ "private" "public" "yggdrasil" ] (network: {
tf = {
ipv4.address = mkIf (cfg.addresses.${network}.nixos.ipv4.enable) cfg.addresses.${network}.nixos.ipv4.address;
ipv6.address = mkIf (cfg.addresses.${network}.nixos.ipv6.enable) cfg.addresses.${network}.nixos.ipv6.address;
};
})))
(mkIf cfg.tf.enable (genAttrs ["yggdrasil" "wireguard" ] (network: {
(mkIf cfg.tf.enable (genAttrs ["yggdrasil" ] (network: {
tf = {
ipv4.address = mkIf (cfg.addresses.${network}.nixos.ipv4.enable) cfg.addresses.${network}.nixos.ipv4.address;
ipv6.address = mkIf (cfg.addresses.${network}.nixos.ipv6.enable) cfg.addresses.${network}.nixos.ipv6.address;
@ -179,13 +175,8 @@ in
};
networking = mkMerge [{
domain = mkDefault (if cfg.addresses.public.enable then cfg.dns.domain
networking.domain = mkDefault (if cfg.addresses.public.enable then cfg.dns.domain
else if cfg.addresses.private.enable then "${cfg.addresses.private.prefix}.${cfg.dns.domain}" else "");
}
(mkIf cfg.addresses.private.enable {
})
];
deploy.tf.dns.records =
let

26
config/modules/nixos/wireguard-kat.nix
View file

@ -1,26 +0,0 @@
{ config, lib, ... }: with lib; let
cfg = config.network;
wgcfg = config.network.wireguard;
magic = toString wgcfg.magicNumber;
in {
network.addresses.wireguard = {
enable = config.network.wireguard.enable;
nixos = {
ipv4.address = "${wgcfg.prefixV4}.${magic}";
ipv6.address = "${wgcfg.prefixV6}:${magic}";
};
prefix = "wg";
subdomain = "${config.networking.hostName}.${cfg.addresses.wireguard.prefix}";
};
network.wireguard = {
publicAddress4 = mkDefault (if config.network.addresses.public.nixos.ipv4.enable then
config.network.addresses.public.nixos.ipv4.address
else if config.network.addresses.private.nixos.ipv4.enable then
config.network.addresses.private.nixos.ipv4.address else null);
publicAddress6 = mkDefault (if config.network.addresses.public.nixos.ipv6.enable then
config.network.addresses.public.nixos.ipv6.address
else if config.network.addresses.private.nixos.ipv6.enable then
config.network.addresses.private.nixos.ipv6.address else null);
};
}

46
config/modules/nixos/wireguard-tf.nix
View file

@ -1,46 +0,0 @@
{ config, pkgs, lib, tf, ... }: with lib; let
inherit (tf.lib.tf) terraformSelf;
cfg = config.network.wireguard;
dataDir = toString tf.terraform.dataDir;
in {
options.network.wireguard.tf = {
enable = mkEnableOption "using terraform for wireguard module";
};
config = mkIf config.network.wireguard.tf.enable {
deploy.tf = {
resources = {
"${config.networking.hostName}-wgmesh-gen" = {
provider = "null";
type = "resource";
provisioners = singleton {
local-exec.command = let
wg = "${pkgs.buildPackages.wireguard-tools}/bin/wg";
in "${wg} genkey | tee ${dataDir + "/wg-private-${terraformSelf "id"}"} | ${wg} pubkey > ${dataDir + "/wg-public-${terraformSelf "id"}"}";
};
};
"${config.networking.hostName}-wgmesh-public-key" = {
provider = "local";
type = "file";
dataSource = true;
inputs.filename = dataDir + "/wg-public-${tf.resources."${config.networking.hostName}-wgmesh-gen".refAttr "id"}";
};
};
deploy.systems.${config.networking.hostName}.triggers.switch = {
wg = tf.resources."${config.networking.hostName}-wgmesh-public-key".refAttr "content";
};
};
secrets.files."${config.networking.hostName}-wgmesh-private-key" = rec {
source = dataDir + "/wg-private-${tf.resources."${config.networking.hostName}-wgmesh-gen".refAttr "id"}";
text = source;
};
network.wireguard = {
magicNumber = mkDefault (hexToInt (substring 0 2 (builtins.hashString "sha256" config.networking.hostName)));
keyPath = config.secrets.files."${config.networking.hostName}-wgmesh-private-key".path;
pubkey = let
pubKeyRes = tf.resources."${config.networking.hostName}-wgmesh-public-key";
in mkIf (tf.state.resources ? ${pubKeyRes.out.reference}) (removeSuffix "\n" (pubKeyRes.importAttr "content"));
};
};
}

85
config/modules/nixos/wireguard.nix
View file

@ -1,85 +0,0 @@
{ config, lib, pkgs, nodes, name, ... }:
with lib;
let
cfg = config.network.wireguard;
hcfg = _: h: h.network.wireguard;
netHostsSelf = mapAttrs hcfg (filterAttrs (_: x: x.network.wireguard.enable or false) nodes);
netHosts = filterAttrs (n: x: n != name) netHostsSelf;
in
{
options.network.wireguard = {
enable = mkEnableOption "semi-automatic wireguard mesh";
magicNumber = mkOption { type = types.ints.u8; };
prefixV4 = mkOption {
type = types.str;
default = "10.42.69";
};
prefixV6 = mkOption {
type = types.str;
default = "fe80:";
};
keyPath = mkOption {
type = types.str;
default = "/etc/wireguard/mesh";
};
pubkey = mkOption {
type = with types; nullOr str;
default = null;
};
publicAddress4 = mkOption {
type = with types; nullOr str;
default = null;
};
publicAddress6 = mkOption {
type = with types; nullOr str;
default = null;
};
fwmark = mkOption {
type = with types; nullOr ints.u16;
default = null;
};
mtu = mkOption {
type = types.ints.u16;
default = 1500;
};
};
config = mkIf cfg.enable {
networking.wireguard.interfaces = mapAttrs'
(hname: hconf:
let
magicPort = 51820 + hconf.magicNumber + cfg.magicNumber;
iname = "wgmesh-${substring 0 8 hname}";
in
nameValuePair iname {
allowedIPsAsRoutes = false;
privateKeyFile = cfg.keyPath;
ips = [
"${cfg.prefixV4}.${toString cfg.magicNumber}/24"
"${cfg.prefixV6}:${toString cfg.magicNumber}/64"
];
listenPort = magicPort;
peers = optional (hconf.pubkey != null) {
publicKey = hconf.pubkey;
allowedIPs = [ "0.0.0.0/0" "::0/0" ];
endpoint = with hconf; mkIf (publicAddress4 != null || publicAddress6 != null) (
if (publicAddress4 != null)
then "${publicAddress4}:${toString magicPort}"
else "[${publicAddress6}]:${toString magicPort}"
);
persistentKeepalive = with hconf; mkIf (publicAddress4 == null && publicAddress6 == null) 25;
};
postSetup = ''
ip route add ${cfg.prefixV4}.${toString hconf.magicNumber}/32 dev ${iname}
${optionalString (cfg.fwmark != null) "wg set ${iname} fwmark ${toString cfg.fwmark}"}
ip link set ${iname} mtu ${toString cfg.mtu}
'';
}
)
netHosts;
networking.firewall.allowedUDPPorts =
mapAttrsToList (_: hconf: 51820 + hconf.magicNumber + cfg.magicNumber) netHosts;
};
}

4
config/profiles/base/nix.nix
View file

@ -26,9 +26,9 @@
trusted-users = [ "root" "@wheel" ];
};
gc = {
automatic = lib.mkDefault false;
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 1w";
options = lib.mkDefault "--delete-older-than 7d";
};
};
}

4
config/profiles/gnome/gnome.nix
View file

@ -18,8 +18,6 @@
environment.systemPackages = (with pkgs.gnomeExtensions; [
gsconnect
vitals
paperwm
timezone
switcher
espresso
impatience
@ -30,6 +28,8 @@
random-wallpaper
mullvad-indicator
tray-icons-reloaded
noannoyance-2
dash-to-panel
]) ++ (with pkgs; [
mullvad-vpn
ytmdesktop

5
config/profiles/gui/nfs.nix
View file

@ -3,14 +3,13 @@
{
boot.supportedFilesystems = [ "nfs" ];
/*
fileSystems."/mnt/kat-nas" = lib.mkIf (config.networking.hostName != "yukari") {
device = "${meta.network.nodes.yukari.network.addresses.wireguard.domain}:/mnt/zraw/media";
device = "${meta.network.nodes.yukari.network.addresses.w.domain}:/mnt/zraw/media";
fsType = "nfs";
options = [ "x-systemd.automount" "noauto" "nfsvers=4" "soft" "retrans=2" "timeo=60" ];
};
/*
fileSystems."/mnt/hex-corn" = {
device = "storah.net.lilwit.ch:/data/cornbox";
fsType = "nfs";

7
config/profiles/hardware/raspi.nix
View file

@ -48,6 +48,13 @@
services.udisks2.enable = false;
boot.enableContainers = false;
home-manager.users.kat.manual = {
json.enable = false;
manpages.enable = false;
};
services.logrotate.enable = false;
nixpkgs.crossSystem = systems.examples.raspberryPi // {
system = "armv6l-linux";
};

154
config/profiles/network.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, meta, ... }: with lib;
{ config, lib, tf, pkgs, meta, ... }: with lib;
{
options.network = with lib; {
@ -31,59 +31,103 @@
};
};
networking.firewall.extraCommands = ''
ip6tables -A INPUT -p 89 -i wgmesh-+ -j ACCEPT
${if config.networking.hostName != "marisa" then "ip route replace to 10.42.68.0/24 via ${meta.network.nodes.marisa.network.addresses.wireguard.nixos.ipv4.address}" else ""}
'';
networking.nftables.extraInput = ''
meta l4proto 89 iifname wgmesh-* accept
'';
network.firewall.private.interfaces = singleton "wgmesh-*";
networking.policyrouting = {
enable = true;
rules = [
{ rule = "lookup main suppress_prefixlength 0"; prio = 7000; }
{ rule = "lookup 89 suppress_prefixlength 0"; prio = 8000; }
{ rule = "from all fwmark 51820 lookup main"; prio = 9000; }
] ++ (lib.optional config.network.routeDefault { rule = "not from all fwmark 51820 lookup 89"; prio = 9000; });
};
network.wireguard = {
enable = true;
tf.enable = true;
fwmark = 51820;
};
network.bird =
let
mkKernel = version: ''
ipv${toString version} {
import all;
export filter {
if source = RTS_STATIC then reject;
accept;
};
};
kernel table 89;
scan time 15;
'';
mkIgp = version: {
version = 3;
extra = "ipv${toString version} { import all; export all; };";
areas."0".interfaces."wgmesh-*".cost = 100;
};
in
{
routerId = "${config.network.wireguard.prefixV4}.${toString config.network.wireguard.magicNumber}";
kernel4Config = mkKernel 4;
kernel6Config = mkKernel 6;
ospf = {
enable = true;
protocols.igp4 = mkIgp 4;
protocols.igp6 = mkIgp 6;
};
};
kw.secrets.variables.tailscale-authkey = {
path = "secrets/tailscale";
field = "password";
};
deploy.tf.variables.tailscale-authkey.export = true;
networking.firewall = {
trustedInterfaces = [ "tailscale0" ];
# allow the Tailscale UDP port through the firewall
allowedTCPPorts = [ 5200 ];
allowedUDPPorts = [ config.services.tailscale.port ];
};
services.tailscale.enable = true;
systemd.services.tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = [ "network-pre.target" "tailscale.service" ];
wants = [ "network-pre.target" "tailscale.service" ];
wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job
serviceConfig.Type = "oneshot";
# have the job run this shell script
script = with pkgs; ''
# wait for tailscaled to settle
sleep 2
# check if we are already authenticated to tailscale
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
if [ $status = "Running" ]; then # if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
${tailscale}/bin/tailscale up -authkey ${tf.variables.tailscale-authkey.get}
'';
};
};
}
# networking.firewall.extraCommands = ''
# ip6tables -A INPUT -p 89 -i wgmesh-+ -j ACCEPT
# ${if config.networking.hostName != "marisa" then "ip route replace to 10.42.68.0/24 via ${meta.network.nodes.marisa.network.addresses.wireguard.nixos.ipv4.address}" else ""}
# '';
# networking.nftables.extraInput = ''
# meta l4proto 89 iifname wgmesh-* accept
# '';
#
# network.firewall.private.interfaces = singleton "wgmesh-*";
#
# networking.policyrouting = {
# enable = true;
# rules = [
# { rule = "lookup main suppress_prefixlength 0"; prio = 7000; }
# { rule = "lookup 89 suppress_prefixlength 0"; prio = 8000; }
# { rule = "from all fwmark 51820 lookup main"; prio = 9000; }
# ] ++ (lib.optional config.network.routeDefault { rule = "not from all fwmark 51820 lookup 89"; prio = 9000; });
# };
#
# network.wireguard = {
# enable = true;
# tf.enable = true;
# fwmark = 51820;
# };
#
# network.bird =
# let
# mkKernel = version: ''
# ipv${toString version} {
# import all;
# export filter {
# if source = RTS_STATIC then reject;
# accept;
# };
# };
# kernel table 89;
# scan time 15;
# '';
# mkIgp = version: {
# version = 3;
# extra = "ipv${toString version} { import all; export all; };";
# areas."0".interfaces."wgmesh-*".cost = 100;
# };
# in
# {
# routerId = "${config.network.wireguard.prefixV4}.${toString config.network.wireguard.magicNumber}";
# kernel4Config = mkKernel 4;
# kernel6Config = mkKernel 6;
# ospf = {
# enable = true;
# protocols.igp4 = mkIgp 4;
# protocols.igp6 = mkIgp 6;
# };
# };

27
config/services/access.nix
View file

@ -1,15 +1,10 @@
{ config, lib, meta, ... }: with lib; {
{ config, lib, meta, pkgs, ... }: with lib; {
deploy.tf.dns.records.services_plex = {
inherit (config.network.dns) zone;
domain = "plex";
cname = { inherit (config.network.addresses.public) target; };
};
deploy.tf.dns.records.services_owncast = {
inherit (config.network.dns) zone;
domain = "cast";
cname = { inherit (config.network.addresses.public) target; };
};
deploy.tf.dns.records.services_cloud = {
inherit (config.network.dns) zone;
@ -20,17 +15,28 @@
deploy.tf.dns.records.services_home = {
inherit (config.network.dns) zone;
domain = "home";
cname = { inherit (config.network.addresses.public) target; };
};
deploy.tf.dns.records.gensokyo_root_v4 = {
zone = "gensokyo.zone.";
a = { inherit (config.network.addresses.public.tf.ipv4) address; };
};
deploy.tf.dns.records.services_home_v6 = {
inherit (config.network.dns) zone;
domain = "home";
deploy.tf.dns.records.gensokyo_root_v6 = {
zone = "gensokyo.zone.";
aaaa = { inherit (config.network.addresses.public.tf.ipv6) address; };
};
services.nginx.virtualHosts = mkMerge [
{
"gensokyo.zone" = {
forceSSL = true;
enableACME = true;
locations."/" = {
root = pkgs.gensokyoZone;
};
};
"home.${config.network.dns.domain}" = {
forceSSL = true;
enableACME = true;
@ -80,6 +86,5 @@
};
};
}
(mkIf config.deploy.profile.trusted (import config.kw.secrets.repo.access.source { inherit config meta; }))
];
}

34
config/services/keycloak.nix
View file

@ -6,34 +6,20 @@ in {
package = (pkgs.keycloak.override {
jre = pkgs.openjdk11;
});
bindAddress = "127.0.0.1";
httpPort = "8089";
httpsPort = "8445";
initialAdminPassword = "mewpymewlymewlies";
forceBackendUrlToFrontendUrl = true;
frontendUrl = "https://auth.${config.network.dns.domain}/auth";
database.passwordFile = config.secrets.files.keycloak-postgres-file.path;
extraConfig = {
"subsystem=undertow" = {
"server=default-server" = {
"http-listener=default" = {
"proxy-address-forwarding" = true;
};
settings = {
http-enabled = true;
http-host = "127.0.0.1";
http-port = 8089;
https-port = 8445;
hostname = "auth.kittywit.ch";
http-relative-path = "/auth";
hostname-strict-backchannel = true;
https-key-store-file = "/var/lib/acme/domain-auth/trust-store.jks";
https-key-store-password = keystore-pass;
};
};
"subsystem=keycloak-server" = {
"spi=truststore" = {
"provider=file" = {
enabled = true;
properties.password = keystore-pass;
properties.file = "/var/lib/acme/domain-auth/trust-store.jks";
properties.hostname-verification-policy = "WILDCARD";
properties.disabled = false;
};
};
};
};
};
network.extraCerts.domain-auth = "auth.${config.network.dns.domain}";

2
config/services/nfs.nix
View file

@ -9,7 +9,7 @@ with lib;
};
services.nfs.server.enable = true;
services.nfs.server.exports = "/mnt/zraw/media 192.168.1.0/24(rw) ${config.network.wireguard.prefixV4}.0/24(rw) fe80::/10(rw) 200::/7(rw) 2a00:23c7:c597:7400::/56(rw)";
services.nfs.server.exports = "/mnt/zraw/media 192.168.1.0/24(rw) fe80::/10(rw) 200::/7(rw) 2a00:23c7:c597:7400::/56(rw)";
services.nginx.virtualHosts = kw.virtualHostGen {
networkFilter = [ "private" "yggdrasil" ];

10
config/targets/rinnosuke-domains.nix
View file

@ -19,16 +19,6 @@ let rinnosuke = config.network.nodes.rinnosuke; in
domain = rinnosuke.network.addresses.wireguard.subdomain;
a.address = rinnosuke.network.addresses.wireguard.tf.ipv4.address;
};
node_wireguard_rinnosuke_v6 = {
inherit (rinnosuke.network.dns) zone;
domain = rinnosuke.network.addresses.wireguard.subdomain;
aaaa.address = rinnosuke.network.addresses.wireguard.tf.ipv6.address;
};
node_yggdrasil_rinnosuke_v6 = {
inherit (rinnosuke.network.dns) zone;
domain = rinnosuke.network.addresses.yggdrasil.subdomain;
aaaa.address = rinnosuke.network.addresses.yggdrasil.tf.ipv6.address;
};
};
};
}

2
config/tf

@ -1 +1 @@
Subproject commit 84b1742d36714279de336e2bee37848d0b3b6de8
Subproject commit 1a2233676398de7e7b3da2b6c431898dd8cddb3b

2
config/tf.nix
View file

@ -29,7 +29,7 @@
};
};
dns.zones = genAttrs [ "kittywit.ch." "dork.dev." ] (_: {
dns.zones = genAttrs [ "kittywit.ch." "dork.dev." "gensokyo.zone." ] (_: {
provider = "dns.katdns";
});
}

12
config/users/kat/media/packages.nix
View file

@ -15,17 +15,5 @@
v4l-utils
gimp-with-plugins
wf-recorder
dolphinEmuMaster
pcsxr
pcsx2
mgba
nestopia
snes9x-gtk
citra
melonDS
mupen64plus
retroarch
sixpair
xboxdrv
];
}

2
config/users/kat/personal/git.nix
View file

@ -4,9 +4,7 @@
home.packages = with pkgs; [
git-crypt
gitAndTools.gitRemoteGcrypt
gitAndTools.gitAnnex
git-revise
gitAndTools.git-annex-remote-b2
];
programs.git = {
package = pkgs.gitAndTools.gitFull;

108
config/users/kat/personal/taskwarrior.nix
View file

@ -1,108 +0,0 @@
{ config, pkgs, tf, lib, ... }:
with lib;
{
kw.secrets.variables =
let
fieldAdapt = field: if field == "key" then "notes" else field;
in
mapListToAttrs
(field:
nameValuePair "taskwarrior-${field}" {
path = "services/taskwarrior";
field = fieldAdapt field;
}) [ "key" "credentials" ];
secrets.files = {
taskw_key = {
text = "${tf.variables.taskwarrior-key.ref}";
owner = "kat";
group = "users";
};
taskw_config = {
text = ''
taskd.credentials=${tf.variables.taskwarrior-credentials.ref}
'';
owner = "kat";
group = "users";
};
};
programs.taskwarrior = {
enable = true;
config = {
taskd = {
certificate = "${pkgs.writeText "taskd_cert.pem" ''
-----BEGIN CERTIFICATE-----
MIIFRzCCAy+gAwIBAgIULP2UcJYZuZqRI505UwRf+RWdc7gwDQYJKoZIhvcNAQEM
BQAwFjEUMBIGA1UEAxMLa2l0dHl3aXQuY2gwIBcNMjEwMzE0MDA1MjUxWhgPOTk5
OTEyMzEyMzU5NTlaMCsxFDASBgNVBAMTC2tpdHR5d2l0LmNoMRMwEQYDVQQKEwpr
aXR0eXdpdGNoMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvVZZgWRA
XHWzWVkGb/go1ynVYY9U/AItgc0DuKt/9glb/bGA+VkFYknd3djM0NrUqLWwR3Ln
pUBH95SVOzJTkF4Sri6vCG6r9YjyIw22iwQQeYcnR9MRy5BuTRsLhwPJWl1pJVHC
tdqDLUqaP1P6UAlYXYxtZDFN3Y8iW22xe+8+/Ew1GiXGdeFrfRgo3TAp9PbKy0wq
Kqe1V/mcCcDcUEFrujL+6soeSZAs2AffMPfl23kC8MB08DHRv06d97DlDGXd2tql
5OkJHZehwIiTBeJMXHyjRRXyam2DY4/ucVMbXgHi7nUn0FmfYPyljzU1kYiwUxxf
6/rIGXOYQJkq6AKsih8p1h5NmL0PRtd7E074Zh1ABvY79k6a+uawIKk+nhyu4Gil
IIvYbJqpXDHeZ4m/UBIjcxQZEcDgnR3jlqBZshB6hyaPRy0EBgcOJxOefLzOpcD+
tul39AIaK6InM4ftdb1W6GXiuXr+JBH0rNe52s8G7AiZZxjsQhIaRvsNcq+dX9fT
0NLOmCF8lqKCoEha50ELfSyUtfR/jKTvmiuxPT3mUgqP5DeDErgTJ+x1Hr6nqH7g
VL0jrYhf7UcmmVC236H8yjkad7rx70B5JVzA4yMcE1qoUXEAxJfXoVyjbyDPAg8P
VL3pSRYV+RIyQ9XevZiF6dFjlJsyIRUJlUkCAwEAAaN2MHQwDAYDVR0TAQH/BAIw
ADATBgNVHSUEDDAKBggrBgEFBQcDAjAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQW
BBRkudH4JVQy6akuhU0Me++nUknMWzAfBgNVHSMEGDAWgBRmz2varlp5iPH6DGES
WjtTVUs3jjANBgkqhkiG9w0BAQwFAAOCAgEATuASvWkbS0x3NJGRuxhHBF7svBdL
Gd72AbN2oiqPs0pRkRE/oar/osNRqCClv6GqWt/yGbFHCIeE+8UkmqBYYps8N5G0
mqaQU9okafoNqEvQUIxRtJByG9RNlEZD4qB0pw/QUTkCn77a75hyVy5/x9zi75Ya
XS5djO5zA7st1rBzvWVCWdFH4Mk00aZbh66IoWpG+YO6kuTdd8ZKAL+UO5Q5PBjM
/ZgwVyuQBTA5LbLLHPoCRhgWbSv/DRhDZUlWslRU/NkulE5ju4lX2Uuxj4yc2rT2
8b3hrHI6IC0hMYCrDynbws71LNEjG/lejBhOLnbBOHOGq+hl1CMNWaLedlH2xFa0
sJorShW5IarJ/Pthj/FEX7U8LcmnKkbNXL1qwfVU4NVXQSMkqSc+GOxDPYUeFgMt
atpIo3PjucdPpqqSly4yuZZJritVVpm0IvLdE2euDAuLPyQEhqBeMn50zS9seGhw
+heTRZjt0zhDU1MK790cYdWBqfttvOFF4pUTlWiIuBGl6Wn/bzZFatscSrj1r42y
rs819ej8Ey8Us9bRFJC21q712AIPetSM3BnmM4oT6mkQZ8e2Zn1K41GP0r7MLFaB
KpwGEQxfo+rAiUsnF/FS8a9pCmlYIFdfSN3eLh6c9WQdzWm76BFubYyN1g3WTtRh
kuLR6WeghnkGENo=
-----END CERTIFICATE-----
''}";
key = config.secrets.files.taskw_key.path;
ca = "${pkgs.writeText "taskd_ca.pem" ''
-----BEGIN CERTIFICATE-----
MIIE/zCCAuegAwIBAgIUO/FZVcMIwnusVeiMGNOHznpUH7UwDQYJKoZIhvcNAQEM
BQAwFjEUMBIGA1UEAxMLa2l0dHl3aXQuY2gwIBcNMjEwMzE0MDA1MjUwWhgPOTk5
OTEyMzEyMzU5NTlaMBYxFDASBgNVBAMTC2tpdHR5d2l0LmNoMIICIjANBgkqhkiG
9w0BAQEFAAOCAg8AMIICCgKCAgEA1ui/3U5yhyd2J2Z1ahq6uMyS8HHpuX8TSxNV
mbNPTc1D+jGHa3W7sp0GHRDM6Ct9A0BJkkWAjegWJBZRXAeryZg++xoPma4AK908
/8uq1WTgchy74Or6luTFKHhxkNXZcjNCjsVGeaogK1KvBLapP83L8mBVb1n5DjlN
I4XhREe4kTWhMJuoG1yUca3g2iIezKa+b1GYY/jOpEOQiciqxjcwgSZSpRTH2kC9
3d9JFzJBU+kTDVjuaC3SWgu9tqk2WiBRr3ERUdBvEIRq90xax1ChSAEZgrb3k3yS
vE5IsZ3F85piDbS7tBh6PgbaWf9Bxp4rVJ6FeypSNFyBwzgQP3jiKLJcgChjFIDx
imkJmdQJEmSNImgofkO5l3ZYwXal4G1qT1na+ashrQAbYdDdbgg0XDctVKQBY6oP
YSbyp1aJTed7I2Tm9xm/pSFwR5JrWv7qMB8/4XwziraRL13KGoCmWcfqcUWm6hKW
cTnaA6J5gbNQC3R0+yJXZE+lrUL2QBkM7QtLRHB8FIBQcwKxLmEIB702B+X41EAL
2gmzV8PpoQvUDQ8w0jZ3HB0f7R5MTYhv44qF4KM30i6gdUPFeiy6lnaqs17yfu8x
kNm2SD7NwmSrDUpAnmvuq7Iq7xvkdr0+qi2p7N7RolJOHw9jYJnU9YXj6CDS2ofg
ur+eWBsCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQA
MB0GA1UdDgQWBBRmz2varlp5iPH6DGESWjtTVUs3jjANBgkqhkiG9w0BAQwFAAOC
AgEAATViuvVGa1p5CBTghmp51VfMOcQoAOiTe+tIOVJMRc379uPfESMJ5nsVlZCt
rP+XhDA6gGToEjcUBZIwfLzrKSmbmTpmVK+X5EMGldbytBkdbhQkUaLqD3LnxNNr
WnwhHKcMKAJlZ/523AjFURA3cGf7anhghJHJbr3En45jfrYabKX9gpBpmnOVrBNG
cd5ZmwLMJKrASQ14Px+XHX7+S5y6D2dM6qvXG4y6YMwlROqoy3gcG7j+uvdCzWuC
sSpOj0gVOcCdeOZuSD0lFXbh4WnrS2SDG6M2Zj2tLRsn8nq76RqxIKz9dWSV7nXM
xTSSZOs01rvyrwd1Ydez+qYg5db0ZcD4mF2b78QJU8gKevh53UvHv1PK8I1S6+1E
i5qnduRrX8FaKcD0+UkvLG9ZeE855K1cnquy9vAiuHgKp90R+yzyQfj7w1ofigCR
YSADxgw7w/s5OBIeUYw43SmkmL5nLCAETm36mr2l1g6ixtjN3qDJXnGWHvAHUdhY
4vhBNNwEtvLp73skkmj5+5qaxn5e8jR9WoNxr8ajoRFaH6LlpoI4/+fWhmfTCpXj
UkdGJClj76VuB1PAg0xCnuLDT2xCA6leF07bn+P8Xzhh21AR1oq2eTyUGkgA2oqi
kmKyccoP1SQXAZd96EFArlzalVt+h+fOuOxuulmqVskK+w0=
-----END CERTIFICATE-----
''}";
server = "${config.network.dns.domain}:53589";
};
};
extraConfig = ''
include ${config.secrets.files.taskw_config.path}
'';
};
}

103
flake.lock generated
View file

@ -107,15 +107,17 @@
},
"emacs-overlay": {
"inputs": {
"flake-utils": "flake-utils",
"flake-utils": [
"flake-utils"
],
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1652901942,
"narHash": "sha256-3HsYj0/0mHD+63oB3WM4HIfs8fxcURQKstzsQsGRbSA=",
"lastModified": 1652934326,
"narHash": "sha256-YgSgR0V/rsqJX6DWyXlPOwsaXXiOkN+9z5rfE9kn2IU=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "679fcedab06892651d3173c2f504dcf40b4ef939",
"rev": "de5c826149bcfbaa5f0ce985bb184c9bc7f11e46",
"type": "github"
},
"original": {
@ -252,51 +254,6 @@
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1652776076,
"narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"locked": {
"lastModified": 1614513358,
"narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5466c5bbece17adaab2d82fae80b46e807611bf3",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"locked": {
"lastModified": 1629481132,
"narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "997f7efcb746a9c140ce1f13c72263189225f482",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -304,15 +261,15 @@
]
},
"locked": {
"lastModified": 1652913097,
"narHash": "sha256-hOs8Z5WYzCor+qP+JgSgrCJRC+UuN9pfTUnXqyRUBvY=",
"owner": "nix-community",
"lastModified": 1649980189,
"narHash": "sha256-55dgKGs7W8eC3s9GYewll9y4IlP/KAlSinjQwshNpxM=",
"owner": "kittywitch",
"repo": "home-manager",
"rev": "cb9f03d519cf96fcd7dfb990cc0e586a62ca6e69",
"rev": "c591c34311923598fc0092ed06da6e4a515354d7",
"type": "github"
},
"original": {
"owner": "nix-community",
"owner": "kittywitch",
"ref": "master",
"repo": "home-manager",
"type": "github"
@ -356,7 +313,9 @@
},
"nix-dns": {
"inputs": {
"flake-utils": "flake-utils_3",
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
]
@ -386,7 +345,9 @@
"evil-org-mode": "evil-org-mode",
"evil-quick-diff": "evil-quick-diff",
"explain-pause-mode": "explain-pause-mode",
"flake-utils": "flake-utils_4",
"flake-utils": [
"flake-utils"
],
"nix-straight": "nix-straight",
"nixpkgs": [
"nixpkgs"
@ -434,12 +395,10 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1652739558,
"narHash": "sha256-znGkjGugajqF/sFS+H4+ENmGTaVPFE0uu1JjQZJLEaQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ff691ed9ba21528c1b4e034f36a04027e4522c58",
"type": "github"
"lastModified": 0,
"narHash": "sha256-FqNrXC1EE6U2RACwXBlsAvg1lqQGLYpuYb6+W3DL9vA=",
"path": "/nix/store/57zwl7b883kkya60akvg6wssl1qkxwl5-source",
"type": "path"
},
"original": {
"id": "nixpkgs",
@ -448,11 +407,11 @@
},
"nixpkgs-darwin": {
"locked": {
"lastModified": 1652824101,
"narHash": "sha256-R8ldgGP40+6gAOzNSmeeWYGZABr7EKZ1Edv4pUAskEQ=",
"lastModified": 1652881001,
"narHash": "sha256-k9JmPCojaJnqGz4aRXXT1HZqJKHCXijoMfBAb24abXk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2816fee9ce7ff2747db8b060192941c429691e94",
"rev": "2d474d6a4a43a0348b78db68dc00c491032cf5cf",
"type": "github"
},
"original": {
@ -466,13 +425,13 @@
"locked": {
"lastModified": 1652659998,
"narHash": "sha256-FqNrXC1EE6U2RACwXBlsAvg1lqQGLYpuYb6+W3DL9vA=",
"owner": "NixOS",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1d7db1b9e4cf1ee075a9f52e5c36f7b9f4207502",
"type": "github"
},
"original": {
"owner": "NixOS",
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
@ -496,11 +455,11 @@
},
"nur": {
"locked": {
"lastModified": 1652919218,
"narHash": "sha256-Hr0OM2VmA5Qid52GQRk4KX7ci5VUNKWtFYU2AKA+Cec=",
"lastModified": 1652938196,
"narHash": "sha256-kv6EEwTPtvtqVlaSH/sRhWx9ecONrr5bccMdxu1nhwc=",
"owner": "nix-community",
"repo": "nur",
"rev": "4e920d8ea51612dc1557d922d2d3204b28a46447",
"rev": "2d8f65d73133859961b8714918ac8f60d98a76e5",
"type": "github"
},
"original": {
@ -614,7 +573,7 @@
"darwin": "darwin",
"emacs-overlay": "emacs-overlay",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"home-manager-darwin": "home-manager-darwin",
"impermanence": "impermanence",
@ -679,7 +638,7 @@
"trusted": {
"flake": false,
"locked": {
"lastModified": 1,
"lastModified": 1652920457,
"narHash": "sha256-Q3QXOoy+iN4VK2CflvRulYvPZXYgF0dO7FoF7CvWFTA=",
"path": "./empty/.",
"type": "path"

50
flake.nix
View file

@ -1,7 +1,7 @@
{
description = "kat's nixfiles";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
arcexprs = {
url = "github:arcnmx/nixexprs/master";
flake = false;
@ -11,7 +11,7 @@
flake = false;
};
home-manager = {
url = "github:nix-community/home-manager/master";
url = "github:kittywitch/home-manager/master";
inputs.nixpkgs.follows = "nixpkgs";
};
impermanence.url = "github:nix-community/impermanence/master";
@ -27,12 +27,17 @@
nix-dns = {
url = "github:kirelagin/nix-dns/master";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
emacs-overlay = {
url = "github:nix-community/emacs-overlay/master";
inputs.flake-utils.follows = "flake-utils";
};
emacs-overlay.url = "github:nix-community/emacs-overlay/master";
nur.url = "github:nix-community/nur/master";
nix-doom-emacs = {
url = "github:vlaci/nix-doom-emacs/develop";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
tf-nix = {
url = "github:arcnmx/tf-nix/master";
@ -49,25 +54,7 @@
};
};
outputs = { self, nixpkgs, flake-utils, darwin, home-manager-darwin, ... }@inputs: {
darwinConfigurations."sumireko" = let
system = "aarch64-darwin";
meta = self.legacyPackages.${system};
in darwin.lib.darwinSystem {
inherit inputs;
inherit system;
specialArgs = {
inherit inputs meta;
tf = { };
};
pkgs = self.legacyPackages.${system}.darwin-pkgs;
modules = with meta; [
home-manager-darwin.darwinModules.home-manager
meta.hosts.sumireko
];
};
} //
(flake-utils.lib.eachDefaultSystem
outputs = { self, nixpkgs, flake-utils, darwin, home-manager-darwin, ... }@inputs: flake-utils.lib.eachDefaultSystem
(system:
let pkgs = nixpkgs.legacyPackages.${system}; in
rec {
@ -75,5 +62,22 @@
legacyPackages = import ./outputs.nix { inherit inputs system; };
nixosConfigurations = legacyPackages.network.nodes;
}
));
) // {
darwinConfigurations."sumireko" = let
system = "aarch64-darwin";
meta = self.legacyPackages.${system};
in darwin.lib.darwinSystem {
inherit inputs;
inherit system;
specialArgs = {
inherit inputs meta;
tf = { };
};
pkgs = self.legacyPackages.${system}.darwin-pkgs;
modules = with meta; [
home-manager-darwin.darwinModules.home-manager
meta.hosts.sumireko
];
};
};
}

1
overlays/local/default.nix
View file

@ -9,4 +9,5 @@ final: prev: {
waybar-gpg = final.callPackage ./waybar-gpg { };
waybar-konawall = final.callPackage ./waybar-konawall { };
hedgedoc-cli = final.callPackage ./hedgedoc-cli.nix { };
gensokyoZone = final.callPackage ./gensokyoZone { };
}

BIN
overlays/local/gensokyoZone/cute.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1 MiB

22
overlays/local/gensokyoZone/default.nix Normal file
View file

@ -0,0 +1,22 @@
{ writeTextFile, linkFarm }:
let
mewp = writeTextFile {
name = "index.html";
text = ''
<html>
<head>
<title>Gensokyo Zone</title>
</head>
<body>
<img src="cute.png">
</body>
</html>
'';
};
mewy = "${./cute.png}";
in
linkFarm "index" [
{ name = "index.html"; path = mewp; }
{ name = "cute.png"; path = mewy; }
]

60
overlays/local/pigpio.nix Normal file
View file

@ -0,0 +1,60 @@
{ stdenv, glibc, fetchFromGitHub, cmake, writeTextFile
,
}:
let
version = "79";
pname = "pigpio";
pkgConfig = writeTextFile {
name = "${pname}.pc";
text = ''
prefix=@out@
exec_prefix=''${prefix}
includedir=''${prefix}/include
libdir=''${prefix}/lib
Name: pigpio
Description: GPIO library for Raspberry Pi computers
Version: ${version}
Libs: -L''${libdir} -lpigpio -lpthread -lm
Cflags: -I''${includedir}
'';
};
in
stdenv.mkDerivation rec {
inherit pname version;
src = fetchFromGitHub {
owner = "joan2937";
repo = pname;
rev = "v${version}";
sha256 = "0wgcy9jvd659s66khrrp5qlhhy27464d1pildrknpdava19b1r37";
};
patches = [
./Pi4Revision.patch
];
nativeBuildInputs = [
cmake
];
buildInputs = [
glibc
];
meta = with stdenv.lib; {
description = "GPIO library for the Raspberry Pi";
homepage = "http://abyz.me.uk/rpi/pigpio/index.html";
license = licenses.unlicense;
platforms = platforms.unix;
};
installPhase = ''
make install
mkdir -p $out/lib/pkgconfig
substitute ${pkgConfig} $out/lib/pkgconfig/pigpio.pc --subst-var out
'';
}

152
trusted/flake.lock generated
View file

@ -20,11 +20,11 @@
"arcexprs": {
"flake": false,
"locked": {
"lastModified": 1649357469,
"narHash": "sha256-lJFMdc+ZYRZbs4zWzUhTAByiquqOfNx8Z1RQ50zdj+I=",
"lastModified": 1652207446,
"narHash": "sha256-KWMMkKny/5Ukh36rus2nr6X7rDmRBpjOdJeEwlnsJL8=",
"owner": "arcnmx",
"repo": "nixexprs",
"rev": "53f5058ed9b28b040b2640efde3127c19ca8ef65",
"rev": "1d80363ae941952431cf377816c4790e451823f4",
"type": "github"
},
"original": {
@ -59,11 +59,11 @@
]
},
"locked": {
"lastModified": 1648278671,
"narHash": "sha256-1WrR9ex+rKTjZtODNUZQhkWYUprtfOkjOyo9YWL2NMs=",
"lastModified": 1651916036,
"narHash": "sha256-UuD9keUGm4IuVEV6wdSYbuRm7CwfXE63hVkzKDjVsh4=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4fdbb8168f61d31d3f90bb0d07f48de709c4fe79",
"rev": "2f2bdf658d2b79bada78dc914af99c53cad37cba",
"type": "github"
},
"original": {
@ -107,12 +107,19 @@
}
},
"emacs-overlay": {
"inputs": {
"flake-utils": [
"nixfiles",
"flake-utils"
],
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1649732714,
"narHash": "sha256-D8iDZsLJWXB4n/Iy/KCpgdKSLFff2rynCeohO7Xs3R0=",
"lastModified": 1652934326,
"narHash": "sha256-YgSgR0V/rsqJX6DWyXlPOwsaXXiOkN+9z5rfE9kn2IU=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "8b7323d06cc5310f75781ae87dd50840c3b2bfc7",
"rev": "de5c826149bcfbaa5f0ce985bb184c9bc7f11e46",
"type": "github"
},
"original": {
@ -221,11 +228,11 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1648199409,
"narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=",
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "64a525ee38886ab9028e6f61790de0832aa3ef03",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
@ -236,41 +243,11 @@
},
"flake-utils": {
"locked": {
"lastModified": 1649676176,
"narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=",
"lastModified": 1652776076,
"narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1614513358,
"narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5466c5bbece17adaab2d82fae80b46e807611bf3",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"locked": {
"lastModified": 1629481132,
"narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "997f7efcb746a9c140ce1f13c72263189225f482",
"rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8",
"type": "github"
},
"original": {
@ -287,15 +264,15 @@
]
},
"locked": {
"lastModified": 1649642044,
"narHash": "sha256-V9ZjTJcbDPgWG+H3rIC6XuPHZAPK1VupBbSsuDbptkQ=",
"owner": "nix-community",
"lastModified": 1649980189,
"narHash": "sha256-55dgKGs7W8eC3s9GYewll9y4IlP/KAlSinjQwshNpxM=",
"owner": "kittywitch",
"repo": "home-manager",
"rev": "e39a9d0103e3b2e42059c986a8c633824b96c193",
"rev": "c591c34311923598fc0092ed06da6e4a515354d7",
"type": "github"
},
"original": {
"owner": "nix-community",
"owner": "kittywitch",
"ref": "master",
"repo": "home-manager",
"type": "github"
@ -309,11 +286,11 @@
]
},
"locked": {
"lastModified": 1649642044,
"narHash": "sha256-V9ZjTJcbDPgWG+H3rIC6XuPHZAPK1VupBbSsuDbptkQ=",
"lastModified": 1652913097,
"narHash": "sha256-hOs8Z5WYzCor+qP+JgSgrCJRC+UuN9pfTUnXqyRUBvY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e39a9d0103e3b2e42059c986a8c633824b96c193",
"rev": "cb9f03d519cf96fcd7dfb990cc0e586a62ca6e69",
"type": "github"
},
"original": {
@ -340,7 +317,10 @@
},
"nix-dns": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": [
"nixfiles",
"flake-utils"
],
"nixpkgs": [
"nixfiles",
"nixpkgs"
@ -371,7 +351,10 @@
"evil-org-mode": "evil-org-mode",
"evil-quick-diff": "evil-quick-diff",
"explain-pause-mode": "explain-pause-mode",
"flake-utils": "flake-utils_3",
"flake-utils": [
"nixfiles",
"flake-utils"
],
"nix-straight": "nix-straight",
"nixpkgs": [
"nixfiles",
@ -432,7 +415,7 @@
"impermanence": "impermanence",
"nix-dns": "nix-dns",
"nix-doom-emacs": "nix-doom-emacs",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2",
"nixpkgs-darwin": "nixpkgs-darwin",
"nur": "nur",
"tf-nix": "tf-nix",
@ -441,38 +424,35 @@
]
},
"locked": {
"narHash": "sha256-EsjRXQ9TKNS2EL06nHKg7RmSiOxh7Lh213Eg7JDnj1I=",
"path": "/nix/store/dy1mzx66q2x85zzi9lp4vcda62j5k2c8-source",
"lastModified": 0,
"narHash": "sha256-Gi7tG1c/ePjp4GRO+lqyVyBw4D/Q6ArhqQoQAviGBZ8=",
"path": "/nix/store/0d1rpf5pi4lnykkg4lq409d11lh6gga6-source",
"type": "path"
},
"original": {
"path": "/nix/store/dy1mzx66q2x85zzi9lp4vcda62j5k2c8-source",
"path": "/nix/store/0d1rpf5pi4lnykkg4lq409d11lh6gga6-source",
"type": "path"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1649497218,
"narHash": "sha256-groqC9m1P4hpnL6jQvZ3C8NEtduhdkvwGT0+0LUrcYw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fd364d268852561223a5ada15caad669fd72800e",
"type": "github"
"lastModified": 0,
"narHash": "sha256-FqNrXC1EE6U2RACwXBlsAvg1lqQGLYpuYb6+W3DL9vA=",
"path": "/nix/store/57zwl7b883kkya60akvg6wssl1qkxwl5-source",
"type": "path"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs-darwin": {
"locked": {
"lastModified": 1649675302,
"narHash": "sha256-joXkXjdOn73GF/1Y3mhir44aG5doekJyJwiG3DblIlo=",
"lastModified": 1652881001,
"narHash": "sha256-k9JmPCojaJnqGz4aRXXT1HZqJKHCXijoMfBAb24abXk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a31e3437d3b5d8f0b4f3bbc3b097b15b10250dab",
"rev": "2d474d6a4a43a0348b78db68dc00c491032cf5cf",
"type": "github"
},
"original": {
@ -482,6 +462,22 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1652659998,
"narHash": "sha256-FqNrXC1EE6U2RACwXBlsAvg1lqQGLYpuYb6+W3DL9vA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1d7db1b9e4cf1ee075a9f52e5c36f7b9f4207502",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nose": {
"flake": false,
"locked": {
@ -500,11 +496,11 @@
},
"nur": {
"locked": {
"lastModified": 1649749110,
"narHash": "sha256-gN/BkRu93GDHGENao+G0oHrknSJB3l+sfGOZWkqG2RY=",
"lastModified": 1652938196,
"narHash": "sha256-kv6EEwTPtvtqVlaSH/sRhWx9ecONrr5bccMdxu1nhwc=",
"owner": "nix-community",
"repo": "nur",
"rev": "287aa9ab138e00c3a3519e437a56b7627c62c478",
"rev": "2d8f65d73133859961b8714918ac8f60d98a76e5",
"type": "github"
},
"original": {
@ -651,11 +647,11 @@
"tf-nix": {
"flake": false,
"locked": {
"lastModified": 1649261463,
"narHash": "sha256-Sd/lrUeHsDUfIs6xoVsrP9xl98yg7LLxXo+BTJxh/J8=",
"lastModified": 1652202366,
"narHash": "sha256-CFNcYVwth9GdDO6o602UjLGKBy2Zsv/X00G3kofXRi8=",
"owner": "arcnmx",
"repo": "tf-nix",
"rev": "c75325133a321904c02e0535d93d0f49cbe81860",
"rev": "d45eb5ed2311f8d18d0ceaf93e544abbf48167fa",
"type": "github"
},
"original": {