qbit/xin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

flake: switch "beta" input to "stable"

Browse Source
This commit is contained in:
Aaron Bieber 2023-05-26 08:06:02 -06:00
parent 944558ce91
commit a26ebc7d1b
No known key found for this signature in database
5 changed files with 36 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
default.nix
View File

@ -14,32 +14,6 @@ let
command="/run/current-system/sw/bin/xin-status",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9PIhQ+yWfBM2tEG+W8W8HXJXqISXif8BcPZHakKvLM xin-status command="/run/current-system/sw/bin/xin-status",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9PIhQ+yWfBM2tEG+W8W8HXJXqISXif8BcPZHakKvLM xin-status
''; '';
gosignify = pkgs.callPackage ./pkgs/gosignify.nix { inherit isUnstable; }; gosignify = pkgs.callPackage ./pkgs/gosignify.nix { inherit isUnstable; };
inFluxBootOptions = if isUnstable then {
tmp = { cleanOnBoot = true; };
} else {
cleanTmpDir = true;
};
inFluxSSHOptions = if isUnstable then {
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
];
};
} else {
permitRootLogin = "prohibit-password";
passwordAuthentication = false;
kexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
];
};
in { in {
imports = [ imports = [
./configs ./configs
@ -153,7 +127,8 @@ in {
"net.ipv4.tcp_keepalive_time" = 60; "net.ipv4.tcp_keepalive_time" = 60;
"net.ipv6.tcp_keepalive_time" = 60; "net.ipv6.tcp_keepalive_time" = 60;
}; };
} // inFluxBootOptions; tmp.cleanOnBoot = true;
};
nix = { nix = {
settings = if config.networking.hostName != "pwntie" then { settings = if config.networking.hostName != "pwntie" then {
@ -240,7 +215,18 @@ in {
extraConfig = '' extraConfig = ''
#TrustedUserCAKeys = /etc/ssh/ca.pub #TrustedUserCAKeys = /etc/ssh/ca.pub
''; '';
} // inFluxSSHOptions; settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
KexAlgorithms =
[ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
];
};
};
}; };
}; };
} }

25
flake.lock
View File

@ -1,21 +1,5 @@
{ {
"nodes": { "nodes": {
"beta": {
"locked": {
"lastModified": 1685004253,
"narHash": "sha256-AbVL1nN/TDicUQ5wXZ8xdLERxz/eJr7+o8lqkIOVuaE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3e01645c40b92d29f3ae76344a6d654986a91a91",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -313,7 +297,6 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"beta": "beta",
"darwin": "darwin", "darwin": "darwin",
"emacs-overlay": "emacs-overlay", "emacs-overlay": "emacs-overlay",
"gostart": "gostart", "gostart": "gostart",
@ -363,16 +346,16 @@
}, },
"stable": { "stable": {
"locked": { "locked": {
"lastModified": 1685000228, "lastModified": 1685089234,
"narHash": "sha256-mzOWvIPrz5aBJnMftB1F8Oh5+QuhM8KtNRuXKRib2Hc=", "narHash": "sha256-osxsp9HQLDFhpm6CSGWuq2n3P5LQr2lNH/Kb1Ifq8XQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "adaeddeae797a873b23c45d935750daaa8d6dbad", "rev": "7f17766e1f0412f910b20fa45f57eebfbf7bd63e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-22.11-small", "ref": "nixos-23.05-small",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }

24
flake.nix
View File

@ -6,9 +6,9 @@
unstableSmall.url = "github:NixOS/nixpkgs/nixos-unstable-small"; unstableSmall.url = "github:NixOS/nixpkgs/nixos-unstable-small";
oldStable.url = "github:NixOS/nixpkgs/nixos-22.05-small"; oldStable.url = "github:NixOS/nixpkgs/nixos-22.05-small";
stable.url = "github:NixOS/nixpkgs/nixos-22.11-small"; #stable.url = "github:NixOS/nixpkgs/nixos-22.11-small";
beta.url = "github:NixOS/nixpkgs/nixos-23.05"; stable.url = "github:NixOS/nixpkgs/nixos-23.05-small";
sops-nix = { sops-nix = {
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
@ -88,9 +88,9 @@
}; };
}; };
outputs = { self, beta, unstable, unstableSmall, stable, oldStable, nixos-hardware outputs = { self, unstable, unstableSmall, stable, oldStable
, reform, gostart, xintray, tsvnstat, pots, po, pr-status, tsRevProx, darwin , nixos-hardware, reform, gostart, xintray, tsvnstat, pots, po, pr-status
, xin-secrets, talon, peerix, ... }@inputs: , tsRevProx, darwin, xin-secrets, talon, peerix, ... }@inputs:
let let
xinlib = import ./lib { inherit (unstable) lib; }; xinlib = import ./lib { inherit (unstable) lib; };
supportedSystems = [ "x86_64-linux" ]; supportedSystems = [ "x86_64-linux" ];
@ -145,9 +145,7 @@
darwinConfigurations = { darwinConfigurations = {
plq = darwin.lib.darwinSystem { plq = darwin.lib.darwinSystem {
system = "aarch64-darwin"; system = "aarch64-darwin";
specialArgs = { specialArgs = { inherit xinlib; };
inherit xinlib;
};
modules = [ modules = [
xin-secrets.nixosModules.sops xin-secrets.nixosModules.sops
./overlays ./overlays
@ -170,14 +168,14 @@
] "europa"; ] "europa";
pwntie = buildSys "x86_64-linux" unstable [ ] "pwntie"; pwntie = buildSys "x86_64-linux" unstable [ ] "pwntie";
stan = buildSys "x86_64-linux" unstable [ ] "stan"; stan = buildSys "x86_64-linux" unstable [ ] "stan";
#weather = buildSys "aarch64-linux" stable weather = buildSys "aarch64-linux" stable
# [ nixos-hardware.nixosModules.raspberry-pi-4 ] "weather"; [ nixos-hardware.nixosModules.raspberry-pi-4 ] "weather";
faf = buildSys "x86_64-linux" beta [ ./configs/hardened.nix ] "faf"; faf = buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "faf";
box = buildSys "x86_64-linux" beta [ ./configs/hardened.nix ] "box"; box = buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "box";
#luna = buildSys "x86_64-linux" stable #luna = buildSys "x86_64-linux" stable
# [ "${nixos-hardware}/common/cpu/intel" ] "luna"; # [ "${nixos-hardware}/common/cpu/intel" ] "luna";
h = buildSys "x86_64-linux" beta [ h = buildSys "x86_64-linux" stable [
./configs/hardened.nix ./configs/hardened.nix
gostart.nixosModule gostart.nixosModule
pots.nixosModule pots.nixosModule

5
lib/default.nix
View File

@ -8,8 +8,9 @@ let
in if prStatus.status == "open" then in if prStatus.status == "open" then
overlay overlay
else else
lib.warn "PR: ${prstr} (${prStatus.title}) is complete, ignoring overlay..." (_: _: {}); lib.warn
"PR: ${prstr} (${prStatus.title}) is complete, ignoring overlay..."
(_: _: { });
mkCronScript = name: src: '' mkCronScript = name: src: ''
. /etc/profile; . /etc/profile;

5
overlays/obsidian.nix
View File

@ -2,7 +2,10 @@ let
obsidian = _: super: { obsidian = _: super: {
obsidian = super.obsidian.overrideAttrs (_: rec { obsidian = super.obsidian.overrideAttrs (_: rec {
version = "1.3.4"; version = "1.3.4";
filename = if super.stdenv.isDarwin then "Obsidian-${version}-universal.dmg" else "obsidian-${version}.tar.gz"; filename = if super.stdenv.isDarwin then
"Obsidian-${version}-universal.dmg"
else
"obsidian-${version}.tar.gz";
src = super.fetchurl { src = super.fetchurl {
url = url =
"https://github.com/obsidianmd/obsidian-releases/releases/download/v${version}/${filename}"; "https://github.com/obsidianmd/obsidian-releases/releases/download/v${version}/${filename}";