wgester/dotfiles
1
0
Fork 0
forked from colonelpanic/dotfiles
Code Pull Requests Activity

[NixOS] Set up local ssh binary caching

Browse Source
This commit is contained in:
Ivan Malison 2023-08-22 13:08:31 -06:00
parent bf132b32b4
commit a0bccc9992
6 changed files with 93 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
nixos/bootstrap/flake.nix
View File

@ -63,28 +63,10 @@
self, nixpkgs, nixos-hardware, home-manager, nix, ...
}:
let
mkConfig =
args@
{ system ? "x86_64-linux"
, baseModules ? []
, modules ? []
, specialArgs ? {}
, ...
}:
nixpkgs.lib.nixosSystem (args // {
inherit system;
modules = baseModules ++ modules;
specialArgs = rec {
inherit inputs;
makeEnable = (import ../make-enable.nix) nixpkgs.lib;
mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
realUsers = [ "root" "imalison" "kat" "dean" "alex" ];
forEachUser = mapValueToKeys realUsers;
} // specialArgs;
});
machinesPath = ../machines;
machineFilenames = builtins.attrNames (builtins.readDir machinesPath);
machineNameFromFilename = filename: builtins.head (builtins.split "\\." filename);
machineNames = map machineNameFromFilename machineFilenames;
mkConfigurationParams = filename: {
name = machineNameFromFilename filename;
value = {
@ -101,6 +83,25 @@
system = "aarch64-linux";
};
};
mkConfig =
args@
{ system ? "x86_64-linux"
, baseModules ? []
, modules ? []
, specialArgs ? {}
, ...
}:
nixpkgs.lib.nixosSystem (args // {
inherit system;
modules = baseModules ++ modules;
specialArgs = rec {
inherit inputs machineNames;
makeEnable = (import ../make-enable.nix) nixpkgs.lib;
mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
realUsers = [ "root" "imalison" "kat" "dean" "alex" ];
forEachUser = mapValueToKeys realUsers;
} // specialArgs // (import ../keys.nix);
});
in
{
nixosConfigurations = builtins.mapAttrs (machineName: params:

7
nixos/cache.nix Normal file
View File

@ -0,0 +1,7 @@
{ machineNames, ... }:
{
nix = {
binaryCaches = map (machineName: "ssh://${machineName}.local") machineNames;
};
}

1
nixos/configuration.nix
View File

@ -3,6 +3,7 @@
imports = [
./android.nix
./base.nix
./cache.nix
./code.nix
./desktop.nix
./environment.nix

50
nixos/flake.nix
View File

@ -108,42 +108,25 @@
nixified-ai = { url = "github:nixified-ai/flake"; };
nixos-wsl = { url = "github:nix-community/NixOS-WSL"; };
agenix.url = "github:ryantm/agenix";
};
outputs = inputs@{
self, nixpkgs, nixos-hardware, home-manager, taffybar, xmonad,
xmonad-contrib, notifications-tray-icon, nix, imalison-taffybar, ...
xmonad-contrib, notifications-tray-icon, nix, agenix, imalison-taffybar, ...
}:
let
mkConfig =
args@
{ system ? "x86_64-linux"
, baseModules ? []
, modules ? []
, specialArgs ? {}
, ...
}:
nixpkgs.lib.nixosSystem (args // {
inherit system;
modules = baseModules ++ modules;
specialArgs = rec {
inherit inputs;
myPackages = {
taffybar = inputs.imalison-taffybar.defaultPackage."${system}";
};
makeEnable = (import ./make-enable.nix) nixpkgs.lib;
mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
realUsers = [ "root" "imalison" "kat" "dean" "alex" ];
forEachUser = mapValueToKeys realUsers;
} // specialArgs;
});
machinesFilepath = ./machines;
machineFilenames = builtins.attrNames (builtins.readDir machinesFilepath);
machineNameFromFilename = filename: builtins.head (builtins.split "\\." filename);
machineNames = map machineNameFromFilename machineFilenames;
mkConfigurationParams = filename: {
name = machineNameFromFilename filename;
value = {
modules = [ (machinesFilepath + ("/" + filename)) ];
modules = [
(machinesFilepath + ("/" + filename)) agenix.nixosModules.default
];
};
};
defaultConfigurationParams =
@ -156,6 +139,25 @@
system = "aarch64-linux";
};
};
mkConfig =
args@
{ system ? "x86_64-linux"
, baseModules ? []
, modules ? []
, specialArgs ? {}
, ...
}:
nixpkgs.lib.nixosSystem (args // {
inherit system;
modules = baseModules ++ modules;
specialArgs = rec {
inherit inputs machineNames;
makeEnable = (import ./make-enable.nix) nixpkgs.lib;
mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
realUsers = [ "root" "imalison" "kat" "dean" "alex" ];
forEachUser = mapValueToKeys realUsers;
} // specialArgs // (import ./keys.nix);
});
in
{
nixosConfigurations = builtins.mapAttrs (machineName: params:

23
nixos/keys.nix Normal file
View File

@ -0,0 +1,23 @@
rec {
kanivanKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUSkj7587e+MAUNyU/KRpw9Vk++53Wv5nB+0V1QgiTO3rMQe6HJt0Tm2wi/o/T8GNjueT2D69YgkqOIF1FQwsj2EFLObcMzeBgs5gTSglqggA2I91BIc1vvgjCDpogOMAzAQGlTxRnqrEXhqG0jJtw8KIzLr9WrvWLdTT4rHtWS8RoOBgkQ8oxbggZ4vtbMBIwoIAYGRr70KBRNCsLTPLa8yEf+DDQxq1entzxSjHXHgyeBSVVpPCrBVmhjandk+lIFInjvAiAE1ZkJHSRccL73ORmgb1crwH7xlD9NwBPmypowMi8UIRMKfL2lNehT0AQIlEAikUBLMDzPIPhnwLZ imalison@ivanm-dfinity-razer.local"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEsLV27EteTsuVl1gLAZRCklpMFBMhakKbQ2+MkN5rm JuiceSSH"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOuO/tc728fKyctlufiehZQuKsD0XDiS/5x7TImk0Ip4 imalison@ivanm-dfinity-razer"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDt/rcYuGGlXBcRUJvzUCgOW8PNVkJJ5TwEOha1/KGM4 imalison@stevie-nixos"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJr9kVlYIZIPXfXom4Fi7S2yvp5sWJ6BSM5m3uLh+8y5 imalison@adele"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIiZd2FiyTJvuvDh5hH0L3BqZV3E/kwwyau57QD7pz7C cardno:000614590850" # Dfinity Admin
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHOEt0T+Hxxat5tbkD9mSu8T271QjRrLr2EA0rIDXUNL cardno:000614590748" # Dfinity Read-Only
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMCJ08qswd3OoApAIHQwojEUJ4sre89vSngbM3x5pBP2 imalison@jay-lenovo.local" # Kat's Lenovo Legion
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOVGIGnpkU7HNQ/zl/Ffi562M+laWY9/yIjB63BCMiTS kat@nixcomp.local"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3tlMePru6ZlSuf8yUii3N1dy3WwJnSQAt3EgETkctK kat@jay-lenovo.local"
];
deanKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDvbEVL+y7eV4+mtxOuHwyomBBQ6uYMesctstua20+e deanwenstrand@deans-mbp-2.lan"
];
alexKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2SQkJenAX67Ze99SKOVpKDD1XvAZnxQ8RLP0dL/Ej2 alexm@MALISONSERVER"
];
allKeys = kanivanKeys ++ deanKeys ++ alexKeys;
}

41
nixos/users.nix
View File

@ -1,7 +1,5 @@
{ pkgs, inputs, realUsers, forEachUser, ... }:
{
security.sudo.wheelNeedsPassword = false;
users.users = let
{ pkgs, realUsers, forEachUser, kanivanKeys, deanKeys, alexKeys, allKeys, ... }:
let
extraGroups = [
"audio"
"adbusers"
@ -22,21 +20,10 @@
createHome = true;
shell = pkgs.zsh;
};
allKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEsLV27EteTsuVl1gLAZRCklpMFBMhakKbQ2+MkN5rm JuiceSSH"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOuO/tc728fKyctlufiehZQuKsD0XDiS/5x7TImk0Ip4 imalison@ivanm-dfinity-razer"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDt/rcYuGGlXBcRUJvzUCgOW8PNVkJJ5TwEOha1/KGM4 imalison@stevie-nixos"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJr9kVlYIZIPXfXom4Fi7S2yvp5sWJ6BSM5m3uLh+8y5 imalison@adele"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIiZd2FiyTJvuvDh5hH0L3BqZV3E/kwwyau57QD7pz7C cardno:000614590850" # Dfinity Admin
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHOEt0T+Hxxat5tbkD9mSu8T271QjRrLr2EA0rIDXUNL cardno:000614590748" # Dfinity Read-Only
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMCJ08qswd3OoApAIHQwojEUJ4sre89vSngbM3x5pBP2 IvanMalison@gmail.com" # Kat's Lenovo Legion
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUSkj7587e+MAUNyU/KRpw9Vk++53Wv5nB+0V1QgiTO3rMQe6HJt0Tm2wi/o/T8GNjueT2D69YgkqOIF1FQwsj2EFLObcMzeBgs5gTSglqggA2I91BIc1vvgjCDpogOMAzAQGlTxRnqrEXhqG0jJtw8KIzLr9WrvWLdTT4rHtWS8RoOBgkQ8oxbggZ4vtbMBIwoIAYGRr70KBRNCsLTPLa8yEf+DDQxq1entzxSjHXHgyeBSVVpPCrBVmhjandk+lIFInjvAiAE1ZkJHSRccL73ORmgb1crwH7xlD9NwBPmypowMi8UIRMKfL2lNehT0AQIlEAikUBLMDzPIPhnwLZ imalison@ivanm-dfinity-razer.local"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOVGIGnpkU7HNQ/zl/Ffi562M+laWY9/yIjB63BCMiTS kat@nixcomp.local"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3tlMePru6ZlSuf8yUii3N1dy3WwJnSQAt3EgETkctK kat@jay-lenovo.local"
];
in {
in
{
security.sudo.wheelNeedsPassword = false;
users.users = {
syncthing = {
extraGroups = [ "syncthing" "wheel" ];
home = "/var/lib/syncthing";
@ -45,30 +32,30 @@
imalison = userDefaults // {
name = "imalison";
shell = pkgs.zsh;
openssh.authorizedKeys.keys = allKeys;
openssh.authorizedKeys.keys = kanivanKeys;
};
kat = userDefaults // {
name = "kat";
shell = pkgs.zsh;
openssh.authorizedKeys.keys = allKeys;
openssh.authorizedKeys.keys = kanivanKeys;
};
dean = userDefaults // {
name = "dean";
shell = pkgs.zsh;
openssh.authorizedKeys.keys = allKeys ++ [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDvbEVL+y7eV4+mtxOuHwyomBBQ6uYMesctstua20+e deanwenstrand@deans-mbp-2.lan"
];
openssh.authorizedKeys.keys = kanivanKeys ++ deanKeys;
};
alex = userDefaults // {
name = "alex";
shell = pkgs.zsh;
openssh.authorizedKeys.keys = allKeys ++ [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2SQkJenAX67Ze99SKOVpKDD1XvAZnxQ8RLP0dL/Ej2 alexm@MALISONSERVER"
];
openssh.authorizedKeys.keys = kanivanKeys ++ alexKeys;
};
};
nix.settings.trusted-users = realUsers;
nix.sshServe = {
enable = true;
keys = allKeys;
};
home-manager.users = forEachUser (import ./home-manager.nix);
}