wgester/dotfiles
1
0
Fork 0
forked from colonelpanic/dotfiles
Code Pull Requests Activity

[NixOS] Set up local ssh binary caching

Browse Source
This commit is contained in:
Ivan Malison 2023-08-22 13:08:31 -06:00
parent bf132b32b4
commit a0bccc9992
6 changed files with 93 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
nixos/bootstrap/flake.nix
View File

@ -63,6 +63,26 @@
self, nixpkgs, nixos-hardware, home-manager, nix, ... self, nixpkgs, nixos-hardware, home-manager, nix, ...
}: }:
let let
machinesPath = ../machines;
machineFilenames = builtins.attrNames (builtins.readDir machinesPath);
machineNameFromFilename = filename: builtins.head (builtins.split "\\." filename);
machineNames = map machineNameFromFilename machineFilenames;
mkConfigurationParams = filename: {
name = machineNameFromFilename filename;
value = {
modules = [ (machinesPath + ("/" + filename)) ];
};
};
defaultConfigurationParams =
builtins.listToAttrs (map mkConfigurationParams machineFilenames);
customParams = {
biskcomp = {
system = "aarch64-linux";
};
air-gapped-pi = {
system = "aarch64-linux";
};
};
mkConfig = mkConfig =
args@ args@
{ system ? "x86_64-linux" { system ? "x86_64-linux"
@ -75,32 +95,13 @@
inherit system; inherit system;
modules = baseModules ++ modules; modules = baseModules ++ modules;
specialArgs = rec { specialArgs = rec {
inherit inputs; inherit inputs machineNames;
makeEnable = (import ../make-enable.nix) nixpkgs.lib; makeEnable = (import ../make-enable.nix) nixpkgs.lib;
mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys); mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
realUsers = [ "root" "imalison" "kat" "dean" "alex" ]; realUsers = [ "root" "imalison" "kat" "dean" "alex" ];
forEachUser = mapValueToKeys realUsers; forEachUser = mapValueToKeys realUsers;
} // specialArgs; } // specialArgs // (import ../keys.nix);
}); });
machinesPath = ../machines;
machineFilenames = builtins.attrNames (builtins.readDir machinesPath);
machineNameFromFilename = filename: builtins.head (builtins.split "\\." filename);
mkConfigurationParams = filename: {
name = machineNameFromFilename filename;
value = {
modules = [ (machinesPath + ("/" + filename)) ];
};
};
defaultConfigurationParams =
builtins.listToAttrs (map mkConfigurationParams machineFilenames);
customParams = {
biskcomp = {
system = "aarch64-linux";
};
air-gapped-pi = {
system = "aarch64-linux";
};
};
in in
{ {
nixosConfigurations = builtins.mapAttrs (machineName: params: nixosConfigurations = builtins.mapAttrs (machineName: params:

7
nixos/cache.nix Normal file
View File

@ -0,0 +1,7 @@
{ machineNames, ... }:
{
nix = {
binaryCaches = map (machineName: "ssh://${machineName}.local") machineNames;
};
}

1
nixos/configuration.nix
View File

@ -3,6 +3,7 @@
imports = [ imports = [
./android.nix ./android.nix
./base.nix ./base.nix
./cache.nix
./code.nix ./code.nix
./desktop.nix ./desktop.nix
./environment.nix ./environment.nix

50
nixos/flake.nix
View File

@ -108,42 +108,25 @@
nixified-ai = { url = "github:nixified-ai/flake"; }; nixified-ai = { url = "github:nixified-ai/flake"; };
nixos-wsl = { url = "github:nix-community/NixOS-WSL"; }; nixos-wsl = { url = "github:nix-community/NixOS-WSL"; };
agenix.url = "github:ryantm/agenix";
}; };
outputs = inputs@{ outputs = inputs@{
self, nixpkgs, nixos-hardware, home-manager, taffybar, xmonad, self, nixpkgs, nixos-hardware, home-manager, taffybar, xmonad,
xmonad-contrib, notifications-tray-icon, nix, imalison-taffybar, ... xmonad-contrib, notifications-tray-icon, nix, agenix, imalison-taffybar, ...
}: }:
let let
mkConfig =
args@
{ system ? "x86_64-linux"
, baseModules ? []
, modules ? []
, specialArgs ? {}
, ...
}:
nixpkgs.lib.nixosSystem (args // {
inherit system;
modules = baseModules ++ modules;
specialArgs = rec {
inherit inputs;
myPackages = {
taffybar = inputs.imalison-taffybar.defaultPackage."${system}";
};
makeEnable = (import ./make-enable.nix) nixpkgs.lib;
mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
realUsers = [ "root" "imalison" "kat" "dean" "alex" ];
forEachUser = mapValueToKeys realUsers;
} // specialArgs;
});
machinesFilepath = ./machines; machinesFilepath = ./machines;
machineFilenames = builtins.attrNames (builtins.readDir machinesFilepath); machineFilenames = builtins.attrNames (builtins.readDir machinesFilepath);
machineNameFromFilename = filename: builtins.head (builtins.split "\\." filename); machineNameFromFilename = filename: builtins.head (builtins.split "\\." filename);
machineNames = map machineNameFromFilename machineFilenames;
mkConfigurationParams = filename: { mkConfigurationParams = filename: {
name = machineNameFromFilename filename; name = machineNameFromFilename filename;
value = { value = {
modules = [ (machinesFilepath + ("/" + filename)) ]; modules = [
(machinesFilepath + ("/" + filename)) agenix.nixosModules.default
];
}; };
}; };
defaultConfigurationParams = defaultConfigurationParams =
@ -156,6 +139,25 @@
system = "aarch64-linux"; system = "aarch64-linux";
}; };
}; };
mkConfig =
args@
{ system ? "x86_64-linux"
, baseModules ? []
, modules ? []
, specialArgs ? {}
, ...
}:
nixpkgs.lib.nixosSystem (args // {
inherit system;
modules = baseModules ++ modules;
specialArgs = rec {
inherit inputs machineNames;
makeEnable = (import ./make-enable.nix) nixpkgs.lib;
mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
realUsers = [ "root" "imalison" "kat" "dean" "alex" ];
forEachUser = mapValueToKeys realUsers;
} // specialArgs // (import ./keys.nix);
});
in in
{ {
nixosConfigurations = builtins.mapAttrs (machineName: params: nixosConfigurations = builtins.mapAttrs (machineName: params:

23
nixos/keys.nix Normal file
View File

@ -0,0 +1,23 @@
rec {
kanivanKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUSkj7587e+MAUNyU/KRpw9Vk++53Wv5nB+0V1QgiTO3rMQe6HJt0Tm2wi/o/T8GNjueT2D69YgkqOIF1FQwsj2EFLObcMzeBgs5gTSglqggA2I91BIc1vvgjCDpogOMAzAQGlTxRnqrEXhqG0jJtw8KIzLr9WrvWLdTT4rHtWS8RoOBgkQ8oxbggZ4vtbMBIwoIAYGRr70KBRNCsLTPLa8yEf+DDQxq1entzxSjHXHgyeBSVVpPCrBVmhjandk+lIFInjvAiAE1ZkJHSRccL73ORmgb1crwH7xlD9NwBPmypowMi8UIRMKfL2lNehT0AQIlEAikUBLMDzPIPhnwLZ imalison@ivanm-dfinity-razer.local"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEsLV27EteTsuVl1gLAZRCklpMFBMhakKbQ2+MkN5rm JuiceSSH"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOuO/tc728fKyctlufiehZQuKsD0XDiS/5x7TImk0Ip4 imalison@ivanm-dfinity-razer"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDt/rcYuGGlXBcRUJvzUCgOW8PNVkJJ5TwEOha1/KGM4 imalison@stevie-nixos"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJr9kVlYIZIPXfXom4Fi7S2yvp5sWJ6BSM5m3uLh+8y5 imalison@adele"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIiZd2FiyTJvuvDh5hH0L3BqZV3E/kwwyau57QD7pz7C cardno:000614590850" # Dfinity Admin
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHOEt0T+Hxxat5tbkD9mSu8T271QjRrLr2EA0rIDXUNL cardno:000614590748" # Dfinity Read-Only
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMCJ08qswd3OoApAIHQwojEUJ4sre89vSngbM3x5pBP2 imalison@jay-lenovo.local" # Kat's Lenovo Legion
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOVGIGnpkU7HNQ/zl/Ffi562M+laWY9/yIjB63BCMiTS kat@nixcomp.local"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3tlMePru6ZlSuf8yUii3N1dy3WwJnSQAt3EgETkctK kat@jay-lenovo.local"
];
deanKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDvbEVL+y7eV4+mtxOuHwyomBBQ6uYMesctstua20+e deanwenstrand@deans-mbp-2.lan"
];
alexKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2SQkJenAX67Ze99SKOVpKDD1XvAZnxQ8RLP0dL/Ej2 alexm@MALISONSERVER"
];
allKeys = kanivanKeys ++ deanKeys ++ alexKeys;
}

41
nixos/users.nix
View File

@ -1,7 +1,5 @@
{ pkgs, inputs, realUsers, forEachUser, ... }: { pkgs, realUsers, forEachUser, kanivanKeys, deanKeys, alexKeys, allKeys, ... }:
{ let
security.sudo.wheelNeedsPassword = false;
users.users = let
extraGroups = [ extraGroups = [
"audio" "audio"
"adbusers" "adbusers"
@ -22,21 +20,10 @@
createHome = true; createHome = true;
shell = pkgs.zsh; shell = pkgs.zsh;
}; };
allKeys = [ in
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEsLV27EteTsuVl1gLAZRCklpMFBMhakKbQ2+MkN5rm JuiceSSH" {
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp" security.sudo.wheelNeedsPassword = false;
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOuO/tc728fKyctlufiehZQuKsD0XDiS/5x7TImk0Ip4 imalison@ivanm-dfinity-razer" users.users = {
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDt/rcYuGGlXBcRUJvzUCgOW8PNVkJJ5TwEOha1/KGM4 imalison@stevie-nixos"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJr9kVlYIZIPXfXom4Fi7S2yvp5sWJ6BSM5m3uLh+8y5 imalison@adele"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIiZd2FiyTJvuvDh5hH0L3BqZV3E/kwwyau57QD7pz7C cardno:000614590850" # Dfinity Admin
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHOEt0T+Hxxat5tbkD9mSu8T271QjRrLr2EA0rIDXUNL cardno:000614590748" # Dfinity Read-Only
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMCJ08qswd3OoApAIHQwojEUJ4sre89vSngbM3x5pBP2 IvanMalison@gmail.com" # Kat's Lenovo Legion
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUSkj7587e+MAUNyU/KRpw9Vk++53Wv5nB+0V1QgiTO3rMQe6HJt0Tm2wi/o/T8GNjueT2D69YgkqOIF1FQwsj2EFLObcMzeBgs5gTSglqggA2I91BIc1vvgjCDpogOMAzAQGlTxRnqrEXhqG0jJtw8KIzLr9WrvWLdTT4rHtWS8RoOBgkQ8oxbggZ4vtbMBIwoIAYGRr70KBRNCsLTPLa8yEf+DDQxq1entzxSjHXHgyeBSVVpPCrBVmhjandk+lIFInjvAiAE1ZkJHSRccL73ORmgb1crwH7xlD9NwBPmypowMi8UIRMKfL2lNehT0AQIlEAikUBLMDzPIPhnwLZ imalison@ivanm-dfinity-razer.local"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOVGIGnpkU7HNQ/zl/Ffi562M+laWY9/yIjB63BCMiTS kat@nixcomp.local"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3tlMePru6ZlSuf8yUii3N1dy3WwJnSQAt3EgETkctK kat@jay-lenovo.local"
];
in {
syncthing = { syncthing = {
extraGroups = [ "syncthing" "wheel" ]; extraGroups = [ "syncthing" "wheel" ];
home = "/var/lib/syncthing"; home = "/var/lib/syncthing";
@ -45,30 +32,30 @@
imalison = userDefaults // { imalison = userDefaults // {
name = "imalison"; name = "imalison";
shell = pkgs.zsh; shell = pkgs.zsh;
openssh.authorizedKeys.keys = allKeys; openssh.authorizedKeys.keys = kanivanKeys;
}; };
kat = userDefaults // { kat = userDefaults // {
name = "kat"; name = "kat";
shell = pkgs.zsh; shell = pkgs.zsh;
openssh.authorizedKeys.keys = allKeys; openssh.authorizedKeys.keys = kanivanKeys;
}; };
dean = userDefaults // { dean = userDefaults // {
name = "dean"; name = "dean";
shell = pkgs.zsh; shell = pkgs.zsh;
openssh.authorizedKeys.keys = allKeys ++ [ openssh.authorizedKeys.keys = kanivanKeys ++ deanKeys;
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDvbEVL+y7eV4+mtxOuHwyomBBQ6uYMesctstua20+e deanwenstrand@deans-mbp-2.lan"
];
}; };
alex = userDefaults // { alex = userDefaults // {
name = "alex"; name = "alex";
shell = pkgs.zsh; shell = pkgs.zsh;
openssh.authorizedKeys.keys = allKeys ++ [ openssh.authorizedKeys.keys = kanivanKeys ++ alexKeys;
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2SQkJenAX67Ze99SKOVpKDD1XvAZnxQ8RLP0dL/Ej2 alexm@MALISONSERVER"
];
}; };
}; };
nix.settings.trusted-users = realUsers; nix.settings.trusted-users = realUsers;
nix.sshServe = {
enable = true;
keys = allKeys;
};
home-manager.users = forEachUser (import ./home-manager.nix); home-manager.users = forEachUser (import ./home-manager.nix);
} }