Compare commits
6 Commits
1743869b07
...
e3a1143ca5
Author | SHA1 | Date |
---|---|---|
Sam | e3a1143ca5 | |
Sam | b991fa4236 | |
Sam | 5f672c2665 | |
Sam | 22ce3e08c2 | |
Sam | 5147d02fa9 | |
Sam | 6fbd5447b8 |
70
flake.lock
70
flake.lock
|
@ -206,11 +206,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1719259945,
|
||||
"narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=",
|
||||
"lastModified": 1721038330,
|
||||
"narHash": "sha256-DyIGJ+DEnKeGd346YJCwjmp9hXwiYq8wqGtikgbDqSc=",
|
||||
"owner": "cachix",
|
||||
"repo": "git-hooks.nix",
|
||||
"rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07",
|
||||
"rev": "622291c026190caf13cb26f5136616b1ff0a07aa",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -286,11 +286,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1718530513,
|
||||
"narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=",
|
||||
"lastModified": 1720042825,
|
||||
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "a1fddf0967c33754271761d91a3d921772b30d0e",
|
||||
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -364,11 +364,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1719845423,
|
||||
"narHash": "sha256-ZLHDmWAsHQQKnmfyhYSHJDlt8Wfjv6SQhl2qek42O7A=",
|
||||
"lastModified": 1720845312,
|
||||
"narHash": "sha256-yPhAsJTpyoIPQZJGC8Fw8W2lAXyhLoTn+HP20bmfkfk=",
|
||||
"owner": "lnl7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "ec12b88104d6c117871fad55e931addac4626756",
|
||||
"rev": "5ce8503cf402cf76b203eba4b7e402bea8e44abc",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -380,11 +380,11 @@
|
|||
"nix-secrets": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1720263046,
|
||||
"narHash": "sha256-6tJLK4EtB4IXBO4i6P/Ulf03Bd7GaEezT7AebN3VPHA=",
|
||||
"lastModified": 1721482736,
|
||||
"narHash": "sha256-jrR4tQeESMJ/vSDSDjw6N8t1137TiRFsXq8CsG05sLE=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "33d677fea187322e503f8a56d9c75ff7e7df057c",
|
||||
"revCount": 151,
|
||||
"rev": "cfdb75ffef8f3e91fe95823086fabf4743e5e65b",
|
||||
"revCount": 155,
|
||||
"type": "git",
|
||||
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
|
||||
},
|
||||
|
@ -426,27 +426,27 @@
|
|||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1719099622,
|
||||
"narHash": "sha256-YzJECAxFt+U5LPYf/pCwW/e1iUd2PF21WITHY9B/BAs=",
|
||||
"lastModified": 1720915306,
|
||||
"narHash": "sha256-6vuViC56+KSr+945bCV8akHK+7J5k6n/epYg/W3I5eQ=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "5e8e3b89adbd0be63192f6e645e0a54080004924",
|
||||
"rev": "74348da2f3a312ee25cea09b98cdba4cb9fa5d5d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "release-23.11",
|
||||
"ref": "release-24.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1719254875,
|
||||
"narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=",
|
||||
"lastModified": 1721379653,
|
||||
"narHash": "sha256-8MUgifkJ7lkZs3u99UDZMB4kbOxvMEXQZ31FO3SopZ0=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60",
|
||||
"rev": "1d9c2c9b3e71b9ee663d11c5d298727dace8d374",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -458,11 +458,11 @@
|
|||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1719426051,
|
||||
"narHash": "sha256-yJL9VYQhaRM7xs0M867ZFxwaONB9T2Q4LnGo1WovuR4=",
|
||||
"lastModified": 1721226092,
|
||||
"narHash": "sha256-UBvzVpo5sXSi2S/Av+t+Q+C2mhMIw/LBEZR+d6NMjws=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "89c49874fb15f4124bf71ca5f42a04f2ee5825fd",
|
||||
"rev": "c716603a63aca44f39bef1986c13402167450e0a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -486,11 +486,11 @@
|
|||
"treefmt-nix": "treefmt-nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1720296628,
|
||||
"narHash": "sha256-v42XPTrP7oJSAFhn9zJVvPc1DbPVW/Id6J8/eKCY9oo=",
|
||||
"lastModified": 1721045803,
|
||||
"narHash": "sha256-dQGvOK+t45unF7DTp5bfO37hY0NkDUw6X3MH5CCTEAs=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixvim",
|
||||
"rev": "a53fa82a0564d3fe94a89c1dd53b703c3c67d1cd",
|
||||
"rev": "eef2f4c6b190d92e296e47e5fe10e7ced65fd959",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -502,11 +502,11 @@
|
|||
},
|
||||
"nur": {
|
||||
"locked": {
|
||||
"lastModified": 1719596768,
|
||||
"narHash": "sha256-quSWztqqMxvSJIKddYp1D0GdR7Kg8JjEVCIzMbtBTQ4=",
|
||||
"lastModified": 1721472350,
|
||||
"narHash": "sha256-XFGmZB6GhnYsTOFouj60lc40OkZxpdk6mL2nTT0fIkU=",
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"rev": "35e48702118124ec52a071e300f55c78a4b7b338",
|
||||
"rev": "b4365ef44d92f9f6bd6ad3e54117d1719ebd2c57",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -538,11 +538,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1719268571,
|
||||
"narHash": "sha256-pcUk2Fg5vPXLUEnFI97qaB8hto/IToRfqskFqsjvjb8=",
|
||||
"lastModified": 1720926522,
|
||||
"narHash": "sha256-eTpnrT6yu1vp8C0B5fxHXhgKxHoYMoYTEikQx///jxY=",
|
||||
"owner": "mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "c2ea1186c0cbfa4d06d406ae50f3e4b085ddc9b3",
|
||||
"rev": "0703ba03fd9c1665f8ab68cc3487302475164617",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -574,11 +574,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1719887753,
|
||||
"narHash": "sha256-p0B2r98UtZzRDM5miGRafL4h7TwGRC4DII+XXHDHqek=",
|
||||
"lastModified": 1720930114,
|
||||
"narHash": "sha256-VZK73b5hG5bSeAn97TTcnPjXUXtV7j/AtS4KN8ggCS0=",
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"rev": "bdb6355009562d8f9313d9460c0d3860f525bc6c",
|
||||
"rev": "b92afa1501ac73f1d745526adc4f89b527595f14",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
10
flake.nix
10
flake.nix
|
@ -130,6 +130,16 @@
|
|||
}
|
||||
];
|
||||
};
|
||||
citadel = nixpkgs.lib.nixosSystem {
|
||||
inherit specialArgs;
|
||||
modules = [
|
||||
./hosts/citadel
|
||||
home-manager.nixosModules.home-manager
|
||||
{
|
||||
home-manager.extraSpecialArgs = specialArgs;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
./scripts/sb-volume.nix
|
||||
./scripts/sb-network-status.nix
|
||||
./scripts/sb-updates.nix
|
||||
./scripts/sb-battery.nix
|
||||
|
||||
# Notification scripts
|
||||
./scripts/dunstify-volume-notification.nix
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
home.packages = with pkgs; [
|
||||
(writeShellScriptBin "sb-cpu-pct" ''
|
||||
BAT=/sys/class/power_supply/BAT0/capacity
|
||||
|
||||
# Exit script if no battery detected
|
||||
[ ! -f "$BAT" ] && exit
|
||||
|
||||
STATUS=$(cat /sys/class/power_supply/BAT0/uevent | grep "POWER_SUPPLY_STATUS" | sed "s/^.*=//")
|
||||
capacity=$(cat "$BAT")
|
||||
|
||||
if [ "$STATUS" == "Charging" ] || [ "$STATUS" == "Not charging" ]; then
|
||||
echo "[ $capacity%] "
|
||||
else
|
||||
case $capacity in
|
||||
100) echo "[ $capacity%] ";;
|
||||
9[0-9]) echo "[ $capacity%] ";;
|
||||
8[0-9]) echo "[ $capacity%] ";;
|
||||
7[0-9]) echo "[ $capacity%] ";;
|
||||
6[0-9]) echo "[ $capacity%] ";;
|
||||
5[0-9]) echo "[ $capacity%] ";;
|
||||
4[0-9]) echo "[ $capacity%] ";;
|
||||
3[0-9]) echo "[ $capacity%] ";;
|
||||
2[0-9]) echo "[ $capacity%] ";;
|
||||
1[0-9]) echo "[ $capacity%] ";;
|
||||
[6-9]) echo "[ $capacity%] ";;
|
||||
[0-5]) echo "[ $capacity%] ";;
|
||||
esac
|
||||
fi
|
||||
|
||||
if [[ $capacity -le 20 && $STATUS != "Charging" ]]; then
|
||||
dunstify-battery-notification
|
||||
fi
|
||||
'')
|
||||
];
|
||||
}
|
4
justfile
4
justfile
|
@ -1,4 +1,4 @@
|
|||
SOPS_FILE := "../nix-secrets/secrets.yaml"
|
||||
SOPS_FILE := "~/.local/share/src/nix-secrets/secrets.yaml"
|
||||
|
||||
# default recipe to display help information
|
||||
default:
|
||||
|
@ -26,7 +26,7 @@ edit-sops:
|
|||
|
||||
# update keys in secrets.yaml and push to remote
|
||||
update-sops-secrets:
|
||||
cd ../nix-secrets && (\
|
||||
cd ~/.local/share/src/nix-secrets && (\
|
||||
nix-shell -p sops --run "sops updatekeys -y secrets.yaml" && \
|
||||
git add -u && (git commit -m "updated secrets" || true) && git push \
|
||||
)
|
||||
|
|
|
@ -45,7 +45,7 @@ echo "Creating '$hostname' ssh keys"
|
|||
ssh-keygen -t ed25519 -f "$temp$persist/etc/ssh/ssh_host_ed25519_key" -C root@"$hostname" -N ""
|
||||
|
||||
# Extract luks key from secrets
|
||||
luks_secret=$(nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops -d --extract '[""\"luks_passphrase""\"][""\"$hostname""\"]' ../nix-secrets/secrets.yaml")
|
||||
luks_secret=$(nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops -d --extract '[""\"luks_passphrase""\"][""\"$hostname""\"]' ~/.local/share/src/nix-secrets/secrets.yaml")
|
||||
echo "$luks_secret" > /tmp/luks_secret.key
|
||||
|
||||
# Generate age key from target host and user public ssh key
|
||||
|
@ -54,7 +54,7 @@ HOST_AGE_KEY=$(nix-shell -p ssh-to-age --run "cat $temp$persist/etc/ssh/ssh_host
|
|||
echo -e "Host age key:\n$HOST_AGE_KEY\n"
|
||||
|
||||
# Update .sops.yaml with new age key:
|
||||
SOPS_FILE="../nix-secrets/.sops.yaml"
|
||||
SOPS_FILE="$HOME/.local/share/src/nix-secrets/.sops.yaml"
|
||||
sed -i "{
|
||||
# Remove any * and & entries for this host
|
||||
/[*&]$hostname/ d;
|
||||
|
@ -63,13 +63,14 @@ sed -i "{
|
|||
/age:/{n; p; s/\(.*- \*\).*/\1$hostname/};
|
||||
# Inject a new hosts: entry
|
||||
/&hosts:/{n; p; s/\(.*- &\).*/\1$hostname $HOST_AGE_KEY/}
|
||||
}" $SOPS_FILE
|
||||
}" "$SOPS_FILE"
|
||||
|
||||
# Commit and push changes to sops file
|
||||
just update-sops-secrets && just update-flake-secrets && just update-flake
|
||||
|
||||
# Copy current nix config over to target
|
||||
cp -prv . "$temp$persist/etc/nixos"
|
||||
echo "copying current nix config to host"
|
||||
cp -pr . "$temp$persist/etc/nixos"
|
||||
|
||||
# Install Nixos to target
|
||||
SHELL=/bin/sh nix run github:nix-community/nixos-anywhere/1.3.0 -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519"
|
||||
|
|
Loading…
Reference in New Issue