sam
/
nixos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added github access token to nix.conf

This commit is contained in:
Sam 2024-06-17 20:20:33 +01:00
parent fd20921d1e
commit f6304cf25f
4 changed files with 184 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

206
flake.lock
View File

@ -45,11 +45,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1718242063, "lastModified": 1718588625,
"narHash": "sha256-n3AWItJ4a94GT0cray/eUV7tt3mulQ52L+lWJN9d1E8=", "narHash": "sha256-8ZbrJq1jcmyzJ4SDkvd8JOZD4/fNUHpL4cpqVe4w3CU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "832a9f2c81ff3485404bd63952eadc17bf7ccef2", "rev": "8262659fc990cecdf6a8de74c3de7b6ec58c2276",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -147,7 +147,25 @@
}, },
"flake-utils_3": { "flake-utils_3": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_4"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_5"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1710146030,
@ -219,11 +237,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1718243258, "lastModified": 1718526747,
"narHash": "sha256-abBpj2VU8p6qlRzTU8o22q68MmOaZ4v8zZ4UlYl5YRU=", "narHash": "sha256-sKrD/utGvmtQALvuDj4j0CT3AJXP1idOAq2p+27TpeE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "8d5e27b4807d25308dfe369d5a923d87e7dbfda3", "rev": "0a7ffb28e5df5844d0e8039c9833d7075cdee792",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -309,6 +327,27 @@
} }
}, },
"nix-github-actions": { "nix-github-actions": {
"inputs": {
"nixpkgs": [
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703863825,
"narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "5163432afc817cf8bd1f031418d1869e4c9d5547",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix-github-actions_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"sqlfmt", "sqlfmt",
@ -333,11 +372,11 @@
"nix-secrets": { "nix-secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1717864759, "lastModified": 1718651801,
"narHash": "sha256-DUtmDvpNyOZG+UDONTBfRiAdCaI7E1ngVhmUOAjj3wg=", "narHash": "sha256-YoYeg48dhvHzwcwb+TJMv4vlB4tcics9u6N/kXxfUYA=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "81aff439158dc6bb21251dc3be672db671e4a519", "rev": "e02bf3cecdb9a49e9cc9e777b8406f5ab28a2566",
"revCount": 89, "revCount": 94,
"type": "git", "type": "git",
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
}, },
@ -375,11 +414,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1717880976, "lastModified": 1718478900,
"narHash": "sha256-BRvSCsKtDUr83NEtbGfHLUOdDK0Cgbezj2PtcHnz+sQ=", "narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4913a7c3d8b8d00cb9476a6bd730ff57777f740c", "rev": "c884223af91820615a6146af1ae1fea25c107005",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -407,11 +446,27 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1718376599, "lastModified": 1718541509,
"narHash": "sha256-cTFGqLYTrIxORc673fUUCecQVXiXHDj6Z8vFQ5K4SDg=", "narHash": "sha256-TmC5TxW5WPAfmovDzi1hLe1i4qqND79s9SH9UOKcSvo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3bac01780f87646b70326db70920902bc4d49fab", "rev": "ba06293cdba1c94af9710024abf3b94cf8d76349",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1718632497,
"narHash": "sha256-YtlyfqOdYMuu7gumZtK0Kg7jr4OKfHUhJkZfNUryw68=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c58b4a9118498c1055c5908a5bbe666e56abe949",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -435,11 +490,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1718376125, "lastModified": 1718614971,
"narHash": "sha256-NIJZxmY2CWsqJK/9BQCRSHfcCY9K6thjq/1XtJobxmU=", "narHash": "sha256-ID/Fvvd9Bz01gpm36mIfjoqXIknb2WkacSukW75cRNw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "7a2a25af02be25987aa43cd681312f4b5ba12317", "rev": "b822078ec1b2bbf666af767061e29575edc5ec05",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -450,11 +505,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1718398470, "lastModified": 1718649005,
"narHash": "sha256-47JT0Za+js92ci0GhStCY21UiEB3MU4cBYoCVmpfudA=", "narHash": "sha256-1Aw+JgGQK6e9MZdV4cbO1d3GRvYRKbwOvmet5gSFwvE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "c6325c8dee7dd1f58e1b4884672c670d6b541845", "rev": "d4bfad4cd8a5c44bb469f95f20e6eb4799145046",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -465,21 +520,43 @@
}, },
"poetry2nix": { "poetry2nix": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_2",
"nix-github-actions": "nix-github-actions", "nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_2",
"systems": "systems_3",
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1718647444,
"narHash": "sha256-RzTDK86nI7yzSrOCYy+jPW+7LZigJm1WnFULNdOXblU=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "d3e889d71b028f61ff6a587cfe437bde16cf8ac1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "poetry2nix",
"type": "github"
}
},
"poetry2nix_2": {
"inputs": {
"flake-utils": "flake-utils_4",
"nix-github-actions": "nix-github-actions_2",
"nixpkgs": [ "nixpkgs": [
"sqlfmt", "sqlfmt",
"nixpkgs" "nixpkgs"
], ],
"systems": "systems_4", "systems": "systems_6",
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix_3"
}, },
"locked": { "locked": {
"lastModified": 1718285706, "lastModified": 1718647444,
"narHash": "sha256-DScsBM+kZvxOva7QegfdtleebMXh30XPxDQr/1IGKYo=", "narHash": "sha256-RzTDK86nI7yzSrOCYy+jPW+7LZigJm1WnFULNdOXblU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "poetry2nix", "repo": "poetry2nix",
"rev": "a5be1bbbe0af0266147a88e0ec43b18c722f2bb9", "rev": "d3e889d71b028f61ff6a587cfe437bde16cf8ac1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -499,6 +576,7 @@
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nixvim": "nixvim", "nixvim": "nixvim",
"nur": "nur", "nur": "nur",
"poetry2nix": "poetry2nix",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"sqlfmt": "sqlfmt" "sqlfmt": "sqlfmt"
} }
@ -511,11 +589,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1718137936, "lastModified": 1718506969,
"narHash": "sha256-psA+1Q5fPaK6yI3vzlLINNtb6EeXj111zQWnZYyJS9c=", "narHash": "sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg=",
"owner": "mic92", "owner": "mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "c279dec105dd53df13a5e57525da97905cc0f0d6", "rev": "797ce4c1f45a85df6dd3d9abdc53f2691bea9251",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -526,9 +604,9 @@
}, },
"sqlfmt": { "sqlfmt": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_3",
"poetry2nix": "poetry2nix" "poetry2nix": "poetry2nix_2"
}, },
"locked": { "locked": {
"dir": "sqlfmt", "dir": "sqlfmt",
@ -577,6 +655,20 @@
} }
}, },
"systems_3": { "systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
}
},
"systems_4": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -591,7 +683,22 @@
"type": "github" "type": "github"
} }
}, },
"systems_4": { "systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_6": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -627,6 +734,27 @@
} }
}, },
"treefmt-nix_2": { "treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1718522839,
"narHash": "sha256-ULzoKzEaBOiLRtjeY3YoGFJMwWSKRYOic6VNw2UyTls=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "68eb1dc333ce82d0ab0c0357363ea17c31ea1f81",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_3": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"sqlfmt", "sqlfmt",
@ -635,11 +763,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1717850719, "lastModified": 1718522839,
"narHash": "sha256-npYqVg+Wk4oxnWrnVG7416fpfrlRhp/lQ6wQ4DHI8YE=", "narHash": "sha256-ULzoKzEaBOiLRtjeY3YoGFJMwWSKRYOic6VNw2UyTls=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "4fc1c45a5f50169f9f29f6a98a438fb910b834ed", "rev": "68eb1dc333ce82d0ab0c0357363ea17c31ea1f81",
"type": "github" "type": "github"
}, },
"original": { "original": {

3
flake.nix
View File

@ -10,6 +10,7 @@
# Import personal packages repo # Import personal packages repo
sqlfmt.url = "git+https://git.bitlab21.com/sam/flake-packages?dir=sqlfmt"; sqlfmt.url = "git+https://git.bitlab21.com/sam/flake-packages?dir=sqlfmt";
poetry2nix.url = "github:nix-community/poetry2nix";
# Home manager # Home manager
home-manager = { home-manager = {
@ -55,6 +56,7 @@
{ self { self
, nixpkgs , nixpkgs
, home-manager , home-manager
, poetry2nix
, ... , ...
} @ inputs: } @ inputs:
let let
@ -66,6 +68,7 @@
specialArgs = { inherit inputs outputs; }; specialArgs = { inherit inputs outputs; };
in in
{ {
poetry2nix = forAllSystems (system: nixpkgs.legacyPackages.${system}.extend poetry2nix.overlays.default);
packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra); formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
overlays = import ./overlays { inherit inputs; }; overlays = import ./overlays { inherit inputs; };

10
hosts/common/core/sops.nix
View File

@ -19,11 +19,11 @@ in
age = { age = {
sshKeyPaths = [ "${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key" ]; sshKeyPaths = [ "${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key" ];
}; };
secrets = { secrets = {
"passwords/root".neededForUsers = true; "passwords/root".neededForUsers = true;
"ssh_keys/deploy_key/id_ed25519" = { "ssh_keys/deploy_key/id_ed25519" = {
path = "/etc/ssh/deploy_key-ssh-ed25519"; path = "/etc/ssh/deploy_key-ssh-ed25519";
}; };
}; };
}; };
} }

9
hosts/common/users/sam/default.nix
View File

@ -35,6 +35,9 @@ in
mode = "0644"; mode = "0644";
owner = "${username}"; owner = "${username}";
}; };
"github-access-token" = {
mode = "0655";
};
"software/postgres/btc_models/password" = { }; "software/postgres/btc_models/password" = { };
"software/postgres/btc_models/ip" = { }; "software/postgres/btc_models/ip" = { };
"software/postgres/btc_models/username" = { }; "software/postgres/btc_models/username" = { };
@ -95,6 +98,12 @@ in
''; '';
}; };
nix = {
extraOptions = ''
experimental-features = nix-command flakes
!include ${config.sops.secrets.github-access-token.path}
'';
};
# The containing folders are created as root and if this is the first entry when writing files, # The containing folders are created as root and if this is the first entry when writing files,
# the ownership is busted and home-manager can't target because it can't write to these dirs... # the ownership is busted and home-manager can't target because it can't write to these dirs...
# FIXME: We might not need this depending on how https://github.com/Mic92/sops-nix/issues/381 is fixed # FIXME: We might not need this depending on how https://github.com/Mic92/sops-nix/issues/381 is fixed