forked from colonelpanic/dotfiles
[NixOS] Set up local ssh binary caching
This commit is contained in:
parent
bf132b32b4
commit
a0bccc9992
@ -63,28 +63,10 @@
|
||||
self, nixpkgs, nixos-hardware, home-manager, nix, ...
|
||||
}:
|
||||
let
|
||||
mkConfig =
|
||||
args@
|
||||
{ system ? "x86_64-linux"
|
||||
, baseModules ? []
|
||||
, modules ? []
|
||||
, specialArgs ? {}
|
||||
, ...
|
||||
}:
|
||||
nixpkgs.lib.nixosSystem (args // {
|
||||
inherit system;
|
||||
modules = baseModules ++ modules;
|
||||
specialArgs = rec {
|
||||
inherit inputs;
|
||||
makeEnable = (import ../make-enable.nix) nixpkgs.lib;
|
||||
mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
|
||||
realUsers = [ "root" "imalison" "kat" "dean" "alex" ];
|
||||
forEachUser = mapValueToKeys realUsers;
|
||||
} // specialArgs;
|
||||
});
|
||||
machinesPath = ../machines;
|
||||
machineFilenames = builtins.attrNames (builtins.readDir machinesPath);
|
||||
machineNameFromFilename = filename: builtins.head (builtins.split "\\." filename);
|
||||
machineNames = map machineNameFromFilename machineFilenames;
|
||||
mkConfigurationParams = filename: {
|
||||
name = machineNameFromFilename filename;
|
||||
value = {
|
||||
@ -101,6 +83,25 @@
|
||||
system = "aarch64-linux";
|
||||
};
|
||||
};
|
||||
mkConfig =
|
||||
args@
|
||||
{ system ? "x86_64-linux"
|
||||
, baseModules ? []
|
||||
, modules ? []
|
||||
, specialArgs ? {}
|
||||
, ...
|
||||
}:
|
||||
nixpkgs.lib.nixosSystem (args // {
|
||||
inherit system;
|
||||
modules = baseModules ++ modules;
|
||||
specialArgs = rec {
|
||||
inherit inputs machineNames;
|
||||
makeEnable = (import ../make-enable.nix) nixpkgs.lib;
|
||||
mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
|
||||
realUsers = [ "root" "imalison" "kat" "dean" "alex" ];
|
||||
forEachUser = mapValueToKeys realUsers;
|
||||
} // specialArgs // (import ../keys.nix);
|
||||
});
|
||||
in
|
||||
{
|
||||
nixosConfigurations = builtins.mapAttrs (machineName: params:
|
||||
|
7
nixos/cache.nix
Normal file
7
nixos/cache.nix
Normal file
@ -0,0 +1,7 @@
|
||||
{ machineNames, ... }:
|
||||
{
|
||||
nix = {
|
||||
binaryCaches = map (machineName: "ssh://${machineName}.local") machineNames;
|
||||
};
|
||||
}
|
||||
|
@ -3,6 +3,7 @@
|
||||
imports = [
|
||||
./android.nix
|
||||
./base.nix
|
||||
./cache.nix
|
||||
./code.nix
|
||||
./desktop.nix
|
||||
./environment.nix
|
||||
|
@ -108,42 +108,25 @@
|
||||
nixified-ai = { url = "github:nixified-ai/flake"; };
|
||||
|
||||
nixos-wsl = { url = "github:nix-community/NixOS-WSL"; };
|
||||
|
||||
agenix.url = "github:ryantm/agenix";
|
||||
};
|
||||
|
||||
outputs = inputs@{
|
||||
self, nixpkgs, nixos-hardware, home-manager, taffybar, xmonad,
|
||||
xmonad-contrib, notifications-tray-icon, nix, imalison-taffybar, ...
|
||||
xmonad-contrib, notifications-tray-icon, nix, agenix, imalison-taffybar, ...
|
||||
}:
|
||||
let
|
||||
mkConfig =
|
||||
args@
|
||||
{ system ? "x86_64-linux"
|
||||
, baseModules ? []
|
||||
, modules ? []
|
||||
, specialArgs ? {}
|
||||
, ...
|
||||
}:
|
||||
nixpkgs.lib.nixosSystem (args // {
|
||||
inherit system;
|
||||
modules = baseModules ++ modules;
|
||||
specialArgs = rec {
|
||||
inherit inputs;
|
||||
myPackages = {
|
||||
taffybar = inputs.imalison-taffybar.defaultPackage."${system}";
|
||||
};
|
||||
makeEnable = (import ./make-enable.nix) nixpkgs.lib;
|
||||
mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
|
||||
realUsers = [ "root" "imalison" "kat" "dean" "alex" ];
|
||||
forEachUser = mapValueToKeys realUsers;
|
||||
} // specialArgs;
|
||||
});
|
||||
machinesFilepath = ./machines;
|
||||
machineFilenames = builtins.attrNames (builtins.readDir machinesFilepath);
|
||||
machineNameFromFilename = filename: builtins.head (builtins.split "\\." filename);
|
||||
machineNames = map machineNameFromFilename machineFilenames;
|
||||
mkConfigurationParams = filename: {
|
||||
name = machineNameFromFilename filename;
|
||||
value = {
|
||||
modules = [ (machinesFilepath + ("/" + filename)) ];
|
||||
modules = [
|
||||
(machinesFilepath + ("/" + filename)) agenix.nixosModules.default
|
||||
];
|
||||
};
|
||||
};
|
||||
defaultConfigurationParams =
|
||||
@ -156,6 +139,25 @@
|
||||
system = "aarch64-linux";
|
||||
};
|
||||
};
|
||||
mkConfig =
|
||||
args@
|
||||
{ system ? "x86_64-linux"
|
||||
, baseModules ? []
|
||||
, modules ? []
|
||||
, specialArgs ? {}
|
||||
, ...
|
||||
}:
|
||||
nixpkgs.lib.nixosSystem (args // {
|
||||
inherit system;
|
||||
modules = baseModules ++ modules;
|
||||
specialArgs = rec {
|
||||
inherit inputs machineNames;
|
||||
makeEnable = (import ./make-enable.nix) nixpkgs.lib;
|
||||
mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys);
|
||||
realUsers = [ "root" "imalison" "kat" "dean" "alex" ];
|
||||
forEachUser = mapValueToKeys realUsers;
|
||||
} // specialArgs // (import ./keys.nix);
|
||||
});
|
||||
in
|
||||
{
|
||||
nixosConfigurations = builtins.mapAttrs (machineName: params:
|
||||
|
23
nixos/keys.nix
Normal file
23
nixos/keys.nix
Normal file
@ -0,0 +1,23 @@
|
||||
rec {
|
||||
kanivanKeys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUSkj7587e+MAUNyU/KRpw9Vk++53Wv5nB+0V1QgiTO3rMQe6HJt0Tm2wi/o/T8GNjueT2D69YgkqOIF1FQwsj2EFLObcMzeBgs5gTSglqggA2I91BIc1vvgjCDpogOMAzAQGlTxRnqrEXhqG0jJtw8KIzLr9WrvWLdTT4rHtWS8RoOBgkQ8oxbggZ4vtbMBIwoIAYGRr70KBRNCsLTPLa8yEf+DDQxq1entzxSjHXHgyeBSVVpPCrBVmhjandk+lIFInjvAiAE1ZkJHSRccL73ORmgb1crwH7xlD9NwBPmypowMi8UIRMKfL2lNehT0AQIlEAikUBLMDzPIPhnwLZ imalison@ivanm-dfinity-razer.local"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEsLV27EteTsuVl1gLAZRCklpMFBMhakKbQ2+MkN5rm JuiceSSH"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOuO/tc728fKyctlufiehZQuKsD0XDiS/5x7TImk0Ip4 imalison@ivanm-dfinity-razer"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDt/rcYuGGlXBcRUJvzUCgOW8PNVkJJ5TwEOha1/KGM4 imalison@stevie-nixos"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJr9kVlYIZIPXfXom4Fi7S2yvp5sWJ6BSM5m3uLh+8y5 imalison@adele"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIiZd2FiyTJvuvDh5hH0L3BqZV3E/kwwyau57QD7pz7C cardno:000614590850" # Dfinity Admin
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHOEt0T+Hxxat5tbkD9mSu8T271QjRrLr2EA0rIDXUNL cardno:000614590748" # Dfinity Read-Only
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMCJ08qswd3OoApAIHQwojEUJ4sre89vSngbM3x5pBP2 imalison@jay-lenovo.local" # Kat's Lenovo Legion
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOVGIGnpkU7HNQ/zl/Ffi562M+laWY9/yIjB63BCMiTS kat@nixcomp.local"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3tlMePru6ZlSuf8yUii3N1dy3WwJnSQAt3EgETkctK kat@jay-lenovo.local"
|
||||
];
|
||||
deanKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDvbEVL+y7eV4+mtxOuHwyomBBQ6uYMesctstua20+e deanwenstrand@deans-mbp-2.lan"
|
||||
];
|
||||
alexKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2SQkJenAX67Ze99SKOVpKDD1XvAZnxQ8RLP0dL/Ej2 alexm@MALISONSERVER"
|
||||
];
|
||||
allKeys = kanivanKeys ++ deanKeys ++ alexKeys;
|
||||
}
|
@ -1,7 +1,5 @@
|
||||
{ pkgs, inputs, realUsers, forEachUser, ... }:
|
||||
{
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
users.users = let
|
||||
{ pkgs, realUsers, forEachUser, kanivanKeys, deanKeys, alexKeys, allKeys, ... }:
|
||||
let
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"adbusers"
|
||||
@ -22,21 +20,10 @@
|
||||
createHome = true;
|
||||
shell = pkgs.zsh;
|
||||
};
|
||||
allKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEsLV27EteTsuVl1gLAZRCklpMFBMhakKbQ2+MkN5rm JuiceSSH"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOuO/tc728fKyctlufiehZQuKsD0XDiS/5x7TImk0Ip4 imalison@ivanm-dfinity-razer"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDt/rcYuGGlXBcRUJvzUCgOW8PNVkJJ5TwEOha1/KGM4 imalison@stevie-nixos"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJr9kVlYIZIPXfXom4Fi7S2yvp5sWJ6BSM5m3uLh+8y5 imalison@adele"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIiZd2FiyTJvuvDh5hH0L3BqZV3E/kwwyau57QD7pz7C cardno:000614590850" # Dfinity Admin
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHOEt0T+Hxxat5tbkD9mSu8T271QjRrLr2EA0rIDXUNL cardno:000614590748" # Dfinity Read-Only
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMCJ08qswd3OoApAIHQwojEUJ4sre89vSngbM3x5pBP2 IvanMalison@gmail.com" # Kat's Lenovo Legion
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUSkj7587e+MAUNyU/KRpw9Vk++53Wv5nB+0V1QgiTO3rMQe6HJt0Tm2wi/o/T8GNjueT2D69YgkqOIF1FQwsj2EFLObcMzeBgs5gTSglqggA2I91BIc1vvgjCDpogOMAzAQGlTxRnqrEXhqG0jJtw8KIzLr9WrvWLdTT4rHtWS8RoOBgkQ8oxbggZ4vtbMBIwoIAYGRr70KBRNCsLTPLa8yEf+DDQxq1entzxSjHXHgyeBSVVpPCrBVmhjandk+lIFInjvAiAE1ZkJHSRccL73ORmgb1crwH7xlD9NwBPmypowMi8UIRMKfL2lNehT0AQIlEAikUBLMDzPIPhnwLZ imalison@ivanm-dfinity-razer.local"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOVGIGnpkU7HNQ/zl/Ffi562M+laWY9/yIjB63BCMiTS kat@nixcomp.local"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3tlMePru6ZlSuf8yUii3N1dy3WwJnSQAt3EgETkctK kat@jay-lenovo.local"
|
||||
];
|
||||
in {
|
||||
in
|
||||
{
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
users.users = {
|
||||
syncthing = {
|
||||
extraGroups = [ "syncthing" "wheel" ];
|
||||
home = "/var/lib/syncthing";
|
||||
@ -45,30 +32,30 @@
|
||||
imalison = userDefaults // {
|
||||
name = "imalison";
|
||||
shell = pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = allKeys;
|
||||
openssh.authorizedKeys.keys = kanivanKeys;
|
||||
};
|
||||
kat = userDefaults // {
|
||||
name = "kat";
|
||||
shell = pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = allKeys;
|
||||
openssh.authorizedKeys.keys = kanivanKeys;
|
||||
};
|
||||
dean = userDefaults // {
|
||||
name = "dean";
|
||||
shell = pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = allKeys ++ [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDvbEVL+y7eV4+mtxOuHwyomBBQ6uYMesctstua20+e deanwenstrand@deans-mbp-2.lan"
|
||||
];
|
||||
openssh.authorizedKeys.keys = kanivanKeys ++ deanKeys;
|
||||
};
|
||||
alex = userDefaults // {
|
||||
name = "alex";
|
||||
shell = pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = allKeys ++ [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2SQkJenAX67Ze99SKOVpKDD1XvAZnxQ8RLP0dL/Ej2 alexm@MALISONSERVER"
|
||||
];
|
||||
openssh.authorizedKeys.keys = kanivanKeys ++ alexKeys;
|
||||
};
|
||||
};
|
||||
|
||||
nix.settings.trusted-users = realUsers;
|
||||
nix.sshServe = {
|
||||
enable = true;
|
||||
keys = allKeys;
|
||||
};
|
||||
|
||||
home-manager.users = forEachUser (import ./home-manager.nix);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user