forked from colonelpanic/dotfiles
[NixOS] Set up local ssh binary caching
This commit is contained in:
parent
bf132b32b4
commit
a0bccc9992
@ -63,6 +63,26 @@
|
|||||||
self, nixpkgs, nixos-hardware, home-manager, nix, ...
|
self, nixpkgs, nixos-hardware, home-manager, nix, ...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
|
machinesPath = ../machines;
|
||||||
|
machineFilenames = builtins.attrNames (builtins.readDir machinesPath);
|
||||||
|
machineNameFromFilename = filename: builtins.head (builtins.split "\\." filename);
|
||||||
|
machineNames = map machineNameFromFilename machineFilenames;
|
||||||
|
mkConfigurationParams = filename: {
|
||||||
|
name = machineNameFromFilename filename;
|
||||||
|
value = {
|
||||||
|
modules = [ (machinesPath + ("/" + filename)) ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
defaultConfigurationParams =
|
||||||
|
builtins.listToAttrs (map mkConfigurationParams machineFilenames);
|
||||||
|
customParams = {
|
||||||
|
biskcomp = {
|
||||||
|
system = "aarch64-linux";
|
||||||
|
};
|
||||||
|
air-gapped-pi = {
|
||||||
|
system = "aarch64-linux";
|
||||||
|
};
|
||||||
|
};
|
||||||
mkConfig =
|
mkConfig =
|
||||||
args@
|
args@
|
||||||
{ system ? "x86_64-linux"
|
{ system ? "x86_64-linux"
|
||||||
@ -75,32 +95,13 @@
|
|||||||
inherit system;
|
inherit system;
|
||||||
modules = baseModules ++ modules;
|
modules = baseModules ++ modules;
|
||||||
specialArgs = rec {
|
specialArgs = rec {
|
||||||
inherit inputs;
|
inherit inputs machineNames;
|
||||||
makeEnable = (import ../make-enable.nix) nixpkgs.lib;
|
makeEnable = (import ../make-enable.nix) nixpkgs.lib;
|
||||||
mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
|
mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
|
||||||
realUsers = [ "root" "imalison" "kat" "dean" "alex" ];
|
realUsers = [ "root" "imalison" "kat" "dean" "alex" ];
|
||||||
forEachUser = mapValueToKeys realUsers;
|
forEachUser = mapValueToKeys realUsers;
|
||||||
} // specialArgs;
|
} // specialArgs // (import ../keys.nix);
|
||||||
});
|
});
|
||||||
machinesPath = ../machines;
|
|
||||||
machineFilenames = builtins.attrNames (builtins.readDir machinesPath);
|
|
||||||
machineNameFromFilename = filename: builtins.head (builtins.split "\\." filename);
|
|
||||||
mkConfigurationParams = filename: {
|
|
||||||
name = machineNameFromFilename filename;
|
|
||||||
value = {
|
|
||||||
modules = [ (machinesPath + ("/" + filename)) ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
defaultConfigurationParams =
|
|
||||||
builtins.listToAttrs (map mkConfigurationParams machineFilenames);
|
|
||||||
customParams = {
|
|
||||||
biskcomp = {
|
|
||||||
system = "aarch64-linux";
|
|
||||||
};
|
|
||||||
air-gapped-pi = {
|
|
||||||
system = "aarch64-linux";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
nixosConfigurations = builtins.mapAttrs (machineName: params:
|
nixosConfigurations = builtins.mapAttrs (machineName: params:
|
||||||
|
7
nixos/cache.nix
Normal file
7
nixos/cache.nix
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
{ machineNames, ... }:
|
||||||
|
{
|
||||||
|
nix = {
|
||||||
|
binaryCaches = map (machineName: "ssh://${machineName}.local") machineNames;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -3,6 +3,7 @@
|
|||||||
imports = [
|
imports = [
|
||||||
./android.nix
|
./android.nix
|
||||||
./base.nix
|
./base.nix
|
||||||
|
./cache.nix
|
||||||
./code.nix
|
./code.nix
|
||||||
./desktop.nix
|
./desktop.nix
|
||||||
./environment.nix
|
./environment.nix
|
||||||
|
@ -108,42 +108,25 @@
|
|||||||
nixified-ai = { url = "github:nixified-ai/flake"; };
|
nixified-ai = { url = "github:nixified-ai/flake"; };
|
||||||
|
|
||||||
nixos-wsl = { url = "github:nix-community/NixOS-WSL"; };
|
nixos-wsl = { url = "github:nix-community/NixOS-WSL"; };
|
||||||
|
|
||||||
|
agenix.url = "github:ryantm/agenix";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = inputs@{
|
outputs = inputs@{
|
||||||
self, nixpkgs, nixos-hardware, home-manager, taffybar, xmonad,
|
self, nixpkgs, nixos-hardware, home-manager, taffybar, xmonad,
|
||||||
xmonad-contrib, notifications-tray-icon, nix, imalison-taffybar, ...
|
xmonad-contrib, notifications-tray-icon, nix, agenix, imalison-taffybar, ...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
mkConfig =
|
|
||||||
args@
|
|
||||||
{ system ? "x86_64-linux"
|
|
||||||
, baseModules ? []
|
|
||||||
, modules ? []
|
|
||||||
, specialArgs ? {}
|
|
||||||
, ...
|
|
||||||
}:
|
|
||||||
nixpkgs.lib.nixosSystem (args // {
|
|
||||||
inherit system;
|
|
||||||
modules = baseModules ++ modules;
|
|
||||||
specialArgs = rec {
|
|
||||||
inherit inputs;
|
|
||||||
myPackages = {
|
|
||||||
taffybar = inputs.imalison-taffybar.defaultPackage."${system}";
|
|
||||||
};
|
|
||||||
makeEnable = (import ./make-enable.nix) nixpkgs.lib;
|
|
||||||
mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
|
|
||||||
realUsers = [ "root" "imalison" "kat" "dean" "alex" ];
|
|
||||||
forEachUser = mapValueToKeys realUsers;
|
|
||||||
} // specialArgs;
|
|
||||||
});
|
|
||||||
machinesFilepath = ./machines;
|
machinesFilepath = ./machines;
|
||||||
machineFilenames = builtins.attrNames (builtins.readDir machinesFilepath);
|
machineFilenames = builtins.attrNames (builtins.readDir machinesFilepath);
|
||||||
machineNameFromFilename = filename: builtins.head (builtins.split "\\." filename);
|
machineNameFromFilename = filename: builtins.head (builtins.split "\\." filename);
|
||||||
|
machineNames = map machineNameFromFilename machineFilenames;
|
||||||
mkConfigurationParams = filename: {
|
mkConfigurationParams = filename: {
|
||||||
name = machineNameFromFilename filename;
|
name = machineNameFromFilename filename;
|
||||||
value = {
|
value = {
|
||||||
modules = [ (machinesFilepath + ("/" + filename)) ];
|
modules = [
|
||||||
|
(machinesFilepath + ("/" + filename)) agenix.nixosModules.default
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
defaultConfigurationParams =
|
defaultConfigurationParams =
|
||||||
@ -156,6 +139,25 @@
|
|||||||
system = "aarch64-linux";
|
system = "aarch64-linux";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
mkConfig =
|
||||||
|
args@
|
||||||
|
{ system ? "x86_64-linux"
|
||||||
|
, baseModules ? []
|
||||||
|
, modules ? []
|
||||||
|
, specialArgs ? {}
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
nixpkgs.lib.nixosSystem (args // {
|
||||||
|
inherit system;
|
||||||
|
modules = baseModules ++ modules;
|
||||||
|
specialArgs = rec {
|
||||||
|
inherit inputs machineNames;
|
||||||
|
makeEnable = (import ./make-enable.nix) nixpkgs.lib;
|
||||||
|
mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
|
||||||
|
realUsers = [ "root" "imalison" "kat" "dean" "alex" ];
|
||||||
|
forEachUser = mapValueToKeys realUsers;
|
||||||
|
} // specialArgs // (import ./keys.nix);
|
||||||
|
});
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
nixosConfigurations = builtins.mapAttrs (machineName: params:
|
nixosConfigurations = builtins.mapAttrs (machineName: params:
|
||||||
|
23
nixos/keys.nix
Normal file
23
nixos/keys.nix
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
rec {
|
||||||
|
kanivanKeys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUSkj7587e+MAUNyU/KRpw9Vk++53Wv5nB+0V1QgiTO3rMQe6HJt0Tm2wi/o/T8GNjueT2D69YgkqOIF1FQwsj2EFLObcMzeBgs5gTSglqggA2I91BIc1vvgjCDpogOMAzAQGlTxRnqrEXhqG0jJtw8KIzLr9WrvWLdTT4rHtWS8RoOBgkQ8oxbggZ4vtbMBIwoIAYGRr70KBRNCsLTPLa8yEf+DDQxq1entzxSjHXHgyeBSVVpPCrBVmhjandk+lIFInjvAiAE1ZkJHSRccL73ORmgb1crwH7xlD9NwBPmypowMi8UIRMKfL2lNehT0AQIlEAikUBLMDzPIPhnwLZ imalison@ivanm-dfinity-razer.local"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEsLV27EteTsuVl1gLAZRCklpMFBMhakKbQ2+MkN5rm JuiceSSH"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOuO/tc728fKyctlufiehZQuKsD0XDiS/5x7TImk0Ip4 imalison@ivanm-dfinity-razer"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDt/rcYuGGlXBcRUJvzUCgOW8PNVkJJ5TwEOha1/KGM4 imalison@stevie-nixos"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJr9kVlYIZIPXfXom4Fi7S2yvp5sWJ6BSM5m3uLh+8y5 imalison@adele"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIiZd2FiyTJvuvDh5hH0L3BqZV3E/kwwyau57QD7pz7C cardno:000614590850" # Dfinity Admin
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHOEt0T+Hxxat5tbkD9mSu8T271QjRrLr2EA0rIDXUNL cardno:000614590748" # Dfinity Read-Only
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMCJ08qswd3OoApAIHQwojEUJ4sre89vSngbM3x5pBP2 imalison@jay-lenovo.local" # Kat's Lenovo Legion
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOVGIGnpkU7HNQ/zl/Ffi562M+laWY9/yIjB63BCMiTS kat@nixcomp.local"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3tlMePru6ZlSuf8yUii3N1dy3WwJnSQAt3EgETkctK kat@jay-lenovo.local"
|
||||||
|
];
|
||||||
|
deanKeys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDvbEVL+y7eV4+mtxOuHwyomBBQ6uYMesctstua20+e deanwenstrand@deans-mbp-2.lan"
|
||||||
|
];
|
||||||
|
alexKeys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2SQkJenAX67Ze99SKOVpKDD1XvAZnxQ8RLP0dL/Ej2 alexm@MALISONSERVER"
|
||||||
|
];
|
||||||
|
allKeys = kanivanKeys ++ deanKeys ++ alexKeys;
|
||||||
|
}
|
@ -1,7 +1,5 @@
|
|||||||
{ pkgs, inputs, realUsers, forEachUser, ... }:
|
{ pkgs, realUsers, forEachUser, kanivanKeys, deanKeys, alexKeys, allKeys, ... }:
|
||||||
{
|
let
|
||||||
security.sudo.wheelNeedsPassword = false;
|
|
||||||
users.users = let
|
|
||||||
extraGroups = [
|
extraGroups = [
|
||||||
"audio"
|
"audio"
|
||||||
"adbusers"
|
"adbusers"
|
||||||
@ -22,21 +20,10 @@
|
|||||||
createHome = true;
|
createHome = true;
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
};
|
};
|
||||||
allKeys = [
|
in
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEsLV27EteTsuVl1gLAZRCklpMFBMhakKbQ2+MkN5rm JuiceSSH"
|
{
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp"
|
security.sudo.wheelNeedsPassword = false;
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOuO/tc728fKyctlufiehZQuKsD0XDiS/5x7TImk0Ip4 imalison@ivanm-dfinity-razer"
|
users.users = {
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDt/rcYuGGlXBcRUJvzUCgOW8PNVkJJ5TwEOha1/KGM4 imalison@stevie-nixos"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJr9kVlYIZIPXfXom4Fi7S2yvp5sWJ6BSM5m3uLh+8y5 imalison@adele"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIiZd2FiyTJvuvDh5hH0L3BqZV3E/kwwyau57QD7pz7C cardno:000614590850" # Dfinity Admin
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHOEt0T+Hxxat5tbkD9mSu8T271QjRrLr2EA0rIDXUNL cardno:000614590748" # Dfinity Read-Only
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMCJ08qswd3OoApAIHQwojEUJ4sre89vSngbM3x5pBP2 IvanMalison@gmail.com" # Kat's Lenovo Legion
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUSkj7587e+MAUNyU/KRpw9Vk++53Wv5nB+0V1QgiTO3rMQe6HJt0Tm2wi/o/T8GNjueT2D69YgkqOIF1FQwsj2EFLObcMzeBgs5gTSglqggA2I91BIc1vvgjCDpogOMAzAQGlTxRnqrEXhqG0jJtw8KIzLr9WrvWLdTT4rHtWS8RoOBgkQ8oxbggZ4vtbMBIwoIAYGRr70KBRNCsLTPLa8yEf+DDQxq1entzxSjHXHgyeBSVVpPCrBVmhjandk+lIFInjvAiAE1ZkJHSRccL73ORmgb1crwH7xlD9NwBPmypowMi8UIRMKfL2lNehT0AQIlEAikUBLMDzPIPhnwLZ imalison@ivanm-dfinity-razer.local"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOVGIGnpkU7HNQ/zl/Ffi562M+laWY9/yIjB63BCMiTS kat@nixcomp.local"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3tlMePru6ZlSuf8yUii3N1dy3WwJnSQAt3EgETkctK kat@jay-lenovo.local"
|
|
||||||
];
|
|
||||||
in {
|
|
||||||
syncthing = {
|
syncthing = {
|
||||||
extraGroups = [ "syncthing" "wheel" ];
|
extraGroups = [ "syncthing" "wheel" ];
|
||||||
home = "/var/lib/syncthing";
|
home = "/var/lib/syncthing";
|
||||||
@ -45,30 +32,30 @@
|
|||||||
imalison = userDefaults // {
|
imalison = userDefaults // {
|
||||||
name = "imalison";
|
name = "imalison";
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
openssh.authorizedKeys.keys = allKeys;
|
openssh.authorizedKeys.keys = kanivanKeys;
|
||||||
};
|
};
|
||||||
kat = userDefaults // {
|
kat = userDefaults // {
|
||||||
name = "kat";
|
name = "kat";
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
openssh.authorizedKeys.keys = allKeys;
|
openssh.authorizedKeys.keys = kanivanKeys;
|
||||||
};
|
};
|
||||||
dean = userDefaults // {
|
dean = userDefaults // {
|
||||||
name = "dean";
|
name = "dean";
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
openssh.authorizedKeys.keys = allKeys ++ [
|
openssh.authorizedKeys.keys = kanivanKeys ++ deanKeys;
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDvbEVL+y7eV4+mtxOuHwyomBBQ6uYMesctstua20+e deanwenstrand@deans-mbp-2.lan"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
alex = userDefaults // {
|
alex = userDefaults // {
|
||||||
name = "alex";
|
name = "alex";
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
openssh.authorizedKeys.keys = allKeys ++ [
|
openssh.authorizedKeys.keys = kanivanKeys ++ alexKeys;
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2SQkJenAX67Ze99SKOVpKDD1XvAZnxQ8RLP0dL/Ej2 alexm@MALISONSERVER"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
nix.settings.trusted-users = realUsers;
|
nix.settings.trusted-users = realUsers;
|
||||||
|
nix.sshServe = {
|
||||||
|
enable = true;
|
||||||
|
keys = allKeys;
|
||||||
|
};
|
||||||
|
|
||||||
home-manager.users = forEachUser (import ./home-manager.nix);
|
home-manager.users = forEachUser (import ./home-manager.nix);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user